You are on page 1of 235

Huawei AR1200-S Series Enterprise Routers

V200R002C00
Configuration Guide - Basic
Configuration
Issue 02
Date 2012-03-30
HUAWEI TECHNOLOGIES CO., LTD.


Copyright © Huawei Technologies Co., Ltd. 2012. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.






Huawei Technologies Co., Ltd.
Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: support@huawei.com
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
i
About This Document
Intended Audience
This document provides the basic concepts, configuration procedures, and configuration
examples in different application scenarios of the Basic configuration supported by the AR1200-
S device.
This document describes how to configure the Basic configuration.
This document is intended for:
l Data configuration engineers
l Commissioning engineers
l Network monitoring engineers
l System maintenance engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
DANGER
Indicates a hazard with a high level of risk, which if not
avoided, will result in death or serious injury.
WARNING
Indicates a hazard with a medium or low level of risk, which
if not avoided, could result in minor or moderate injury.
CAUTION
Indicates a potentially hazardous situation, which if not
avoided, could result in equipment damage, data loss,
performance degradation, or unexpected results.
TIP
Indicates a tip that may help you solve a problem or save
time.
NOTE
Provides additional information to emphasize or supplement
important points of the main text.

Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration About This Document
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
ii
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention Description
Boldface The keywords of a command line are in boldface.
Italic Command arguments are in italics.
[ ] Items (keywords or arguments) in brackets [ ] are optional.
{ x | y | ... } Optional items are grouped in braces and separated by vertical
bars. One item is selected.
[ x | y | ... ] Optional items are grouped in brackets and separated by vertical
bars. One item is selected or no item is selected.
{ x | y | ... }
*
Optional items are grouped in braces and separated by vertical
bars. A minimum of one item or a maximum of all items can be
selected.
[ x | y | ... ]
*
Optional items are grouped in brackets and separated by vertical
bars. Several items or no item can be selected.
&<1-n> The parameter before the & sign can be repeated 1 to n times.
# A line starting with the # sign is comments.

Interface Numbering Conventions
Interface numbers used in this manual are examples. In device configuration, use the existing
interface numbers on devices.
Change History
Changes between document issues are cumulative. Therefore, the latest document version
contains all updates made to previous versions.
Changes in Issue 02 (2012-03-30)
Based on issue 01 (2011-12-30), the document is updated as follows:
The following information is modified:
l 1.2.3 Logging In to the Device
l 1.3.3 Logging In to the router
Changes in Issue 01 (2011-12-30)
Initial commercial release.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration About This Document
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
iii
Contents
About This Document.....................................................................................................................ii
1 Logging In to the System for the First Time............................................................................1
1.1 Introduction........................................................................................................................................................2
1.2 Logging In to the Device Through the Console Port..........................................................................................2
1.2.1 Establishing the Configuration Task.........................................................................................................2
1.2.2 Establishing the Physical Connection........................................................................................................3
1.2.3 Logging In to the Device...........................................................................................................................3
1.3 Logging In to the router Through a Mini USB Port...........................................................................................5
1.3.1 Establishing the Configuration Task.........................................................................................................6
1.3.2 Installing the router Driver........................................................................................................................6
1.3.3 Logging In to the router...........................................................................................................................10
2 CLI Overview...............................................................................................................................13
2.1 CLI Introduction...............................................................................................................................................14
2.1.1 Command Line Interface.........................................................................................................................14
2.1.2 Command Levels.....................................................................................................................................14
2.1.3 Command Line Views.............................................................................................................................17
2.2 Online Help.......................................................................................................................................................18
2.2.1 Full Help..................................................................................................................................................18
2.2.2 Partial Help..............................................................................................................................................19
2.2.3 Error Messages of the Command Line Interface.....................................................................................19
2.3 CLI Features.....................................................................................................................................................20
2.3.1 Editing.....................................................................................................................................................20
2.3.2 Displaying................................................................................................................................................21
2.3.3 Regular Expressions................................................................................................................................21
2.3.4 Previously-Used Commands...................................................................................................................24
2.4 Shortcut Keys...................................................................................................................................................25
2.4.1 Classifying Shortcut Keys.......................................................................................................................25
2.4.2 Defining Shortcut Keys...........................................................................................................................26
2.4.3 Use of Shortcut Keys...............................................................................................................................27
2.5 Configuration Examples...................................................................................................................................27
2.5.1 Example for Using Tab............................................................................................................................27
2.5.2 Example for Using Shortcut Keys...........................................................................................................29
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration Contents
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
iv
3 Basic Configuration.....................................................................................................................30
3.1 Configuring the Basic System Environment....................................................................................................31
3.1.1 Establishing the Configuration Task.......................................................................................................31
3.1.2 Configuring the Equipment Name...........................................................................................................31
3.1.3 Setting the System Clock.........................................................................................................................32
3.1.4 Configuring a Header..............................................................................................................................38
3.1.5 Configuring Command Levels................................................................................................................39
3.1.6 Configuring the undo Command to Automatically Match the Higher-Level View................................39
3.2 Displaying System Status Messages.................................................................................................................40
3.2.1 Displaying System Configuration...........................................................................................................40
3.2.2 Displaying System Status........................................................................................................................41
3.2.3 Collecting System Diagnostic Information.............................................................................................41
4 Configuring User Interfaces......................................................................................................42
4.1 User Interface Overview...................................................................................................................................43
4.2 Configuring the Console User Interface...........................................................................................................45
4.2.1 Establishing the Configuration Task.......................................................................................................45
4.2.2 Setting Physical Attributes of the Console User Interface......................................................................45
4.2.3 Setting Terminal Attributes of the Console User Interface.....................................................................47
4.2.4 Configuring User Privilege of the Console User Interface......................................................................48
4.2.5 Configuring the User Authentication Mode of the Console User Interface............................................48
4.2.6 Checking the Configuration.....................................................................................................................50
4.3 Configuring the VTY User Interface................................................................................................................51
4.3.1 Establishing the Configuration Task.......................................................................................................51
4.3.2 Configuring the Maximum Number of VTY User Interfaces.................................................................52
4.3.3 (Optional) Setting Restrictions for Incoming and Outgoing Calls on VTY User Interfaces...................53
4.3.4 Setting Terminal Attributes of the VTY User Interface..........................................................................54
4.3.5 Setting User Priority of the VTY User Interface.....................................................................................55
4.3.6 Setting the User Authentication Mode of the VTY User Interface.........................................................55
4.3.7 Checking the Configuration.....................................................................................................................57
4.4 Configuring a TTY User Interface...................................................................................................................58
4.4.1 Establishing the Configuration Task.......................................................................................................58
4.4.2 Setting Physical Attributes of a TTY User Interface...............................................................................59
4.4.3 Setting Terminal Attributes of a TTY User Interface..............................................................................60
4.4.4 Configuring User Priority of a TTY User Interface................................................................................61
4.4.5 Checking the Configuration.....................................................................................................................62
4.5 Configuration Examples...................................................................................................................................63
4.5.1 Example for Configuring Console User Interface...................................................................................63
4.5.2 Example for Configuring a VTY User Interface.....................................................................................64
4.5.3 Example for Configuring a TTY User Interface......................................................................................66
5 Configuring User Login.............................................................................................................68
5.1 Overview of User Login...................................................................................................................................69
5.2 Logging in to the Devices Through the Console Port......................................................................................71
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration Contents
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
v
5.2.1 Establishing the Configuration Task.......................................................................................................71
5.2.2 Logging In to the Device Using a Console Port......................................................................................72
5.2.3 (Optional) Configuring the Console User Interface................................................................................74
5.2.4 Checking the Configuration.....................................................................................................................75
5.3 Logging in to Devices Using Telnet.................................................................................................................76
5.3.1 Establishing the Configuration Task.......................................................................................................76
5.3.2 Configuring the User Access Level and User Authentication Mode of the VTY User Interface...........77
5.3.3 Enabling the Telnet Service.....................................................................................................................79
5.3.4 Logging in to the Device Using Telnet...................................................................................................80
5.3.5 Checking the Configuration.....................................................................................................................81
5.4 Logging in to Devices Using STelnet...............................................................................................................82
5.4.1 Establishing the Configuration Task.......................................................................................................82
5.4.2 Configuring the User Access Level and User Authentication Mode of the VTY User Interface...........83
5.4.3 Configuring SSH for the VTY User Interface.........................................................................................86
5.4.4 Configuring an SSH User and Specifying STelnet as One of Service Types.........................................86
5.4.5 Enabling the STelnet Server Function.....................................................................................................89
5.4.6 Logging in to the Device Using STelnet.................................................................................................89
5.4.7 Checking the Configuration.....................................................................................................................90
5.5 Common Operations After Login.....................................................................................................................91
5.5.1 Establishing the Configuration Task.......................................................................................................91
5.5.2 Switching User Levels.............................................................................................................................92
5.5.3 Locking User Interfaces...........................................................................................................................93
5.5.4 Sending Messages to Other User Interfaces............................................................................................93
5.5.5 Displaying Login Users...........................................................................................................................94
5.6 Configuration Examples...................................................................................................................................94
5.6.1 Example for Configuring User Login Using a Console Port...................................................................94
5.6.2 Example for Logging In by Telnet..........................................................................................................97
5.6.3 Example for Configuring User Login by Using STelnet.........................................................................98
6 Managing the File System.......................................................................................................101
6.1 File System Overview....................................................................................................................................102
6.1.1 File System............................................................................................................................................102
6.1.2 Methods of File Management................................................................................................................102
6.2 Managing Files Using the File System...........................................................................................................103
6.2.1 Establishing the Configuration Task.....................................................................................................103
6.2.2 Managing Storage Devices....................................................................................................................104
6.2.3 Managing Directories............................................................................................................................105
6.2.4 Managing Files......................................................................................................................................105
6.3 Managing Files Using FTP.............................................................................................................................108
6.3.1 Establishing the Configuration Task.....................................................................................................108
6.3.2 Configuring a Local FTP User..............................................................................................................108
6.3.3 (Optional) Specifying a Port Number for the FTP Server.....................................................................109
6.3.4 Enabling the FTP Server........................................................................................................................110
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration Contents
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
vi
6.3.5 (Optional) Configuring the FTP Server Parameters..............................................................................110
6.3.6 (Optional) Configuring an FTP ACL....................................................................................................111
6.3.7 Accessing the System by Using FTP.....................................................................................................112
6.3.8 Managing Files Using FTP Commands.................................................................................................113
6.3.9 Checking the Configuration...................................................................................................................115
6.4 Managing Files Using SFTP...........................................................................................................................115
6.4.1 Establishing the Configuration Task.....................................................................................................116
6.4.2 Configuring VTY User Interface...........................................................................................................116
6.4.3 Configuring SSH for the VTY User Interface.......................................................................................117
6.4.4 Configuring an SSH User and Specifying SFTP as One of Service Types...........................................117
6.4.5 Enabling the SFTP Service....................................................................................................................120
6.4.6 Accessing the System Using SFTP.......................................................................................................120
6.4.7 Managing Files Using SFTP..................................................................................................................122
6.4.8 Checking the Configuration...................................................................................................................123
6.5 Configuration Examples.................................................................................................................................124
6.5.1 Example for Managing Files Using the File System.............................................................................124
6.5.2 Example for Performing File Operations by Means of FTP.................................................................125
6.5.3 Example for Performing File Operations by Means of SFTP...............................................................128
7 Configuring System Startup....................................................................................................131
7.1 System Startup Overview...............................................................................................................................132
7.1.1 System Software....................................................................................................................................132
7.1.2 Configuration Files and Current Configurations...................................................................................132
7.2 Managing Configuration Files........................................................................................................................132
7.2.1 Establishing the Configuration Task.....................................................................................................133
7.2.2 Saving Configuration Files....................................................................................................................133
7.2.3 Clearing a Configuration File................................................................................................................134
7.2.4 Comparing Configuration Files.............................................................................................................135
7.2.5 Checking the Configuration...................................................................................................................135
7.3 Specifying a File for System Startup..............................................................................................................136
7.3.1 Establishing the Configuration Task.....................................................................................................136
7.3.2 Configuring System Software for a router to Load for the Next Startup..............................................137
7.3.3 Configuring the Configuration File for Router to Load at the Next Startup.........................................137
7.3.4 Checking the Configuration...................................................................................................................138
7.4 Configuration Examples.................................................................................................................................138
7.4.1 Example for Configuring System Startup.............................................................................................138
8 Accessing Another Device.......................................................................................................141
8.1 Accessing Another Device.............................................................................................................................142
8.1.1 Telnet Method........................................................................................................................................142
8.1.2 FTP Method...........................................................................................................................................144
8.1.3 TFTP Method........................................................................................................................................144
8.1.4 SSH Method..........................................................................................................................................145
8.2 Logging in to Other Devices Using Telnet.....................................................................................................146
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration Contents
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
vii
8.2.1 Establishing the Configuration Task.....................................................................................................146
8.2.2 (Optional) Configuring a Source IP Address for a Telnet Client..........................................................147
8.2.3 Logging in to Another Device by Using Telnet....................................................................................147
8.2.4 Checking the Configuration...................................................................................................................148
8.3 Using the Redirection Function to Connect to a Remote Device...................................................................148
8.3.1 Establishing the Configuration Task.....................................................................................................148
8.3.2 Configuring the Redirection Function...................................................................................................151
8.3.3 Checking the Configuration...................................................................................................................152
8.4 Logging in to Another Device Using STelnet................................................................................................152
8.4.1 Establishing the Configuration Task.....................................................................................................152
8.4.2 Configuring the First Successful Login to Another Device (Enabling the First-Time Authentication on
the SSH Client)...............................................................................................................................................153
8.4.3 Configuring the First Successful Login to Another Device (Allocating an Public Key to the SSH Server)
........................................................................................................................................................................154
8.4.4 Logging in to Another Device by Using STelnet..................................................................................155
8.4.5 Checking the Configuration...................................................................................................................156
8.5 Accessing Files on Another Device Using TFTP...........................................................................................156
8.5.1 Establishing the Configuration Task.....................................................................................................156
8.5.2 (Optional) Configuring a Source IP Address for a TFTP Client...........................................................157
8.5.3 (Optional) Configuring TFTP Access Authority...................................................................................158
8.5.4 Downloading Files Using TFTP............................................................................................................159
8.5.5 Uploading Files Using TFTP.................................................................................................................159
8.5.6 Checking the Configuration...................................................................................................................159
8.6 Accessing Files on Another Device Using FTP.............................................................................................160
8.6.1 Establishing the Configuration Task.....................................................................................................160
8.6.2 (Optional) Configuring the Source IP Address and Interface of the FTP Client...................................161
8.6.3 Connecting to Other Devices by Using FTP Commands......................................................................161
8.6.4 Managing Files Using FTP Commands.................................................................................................162
8.6.5 Changing Login Users...........................................................................................................................164
8.6.6 Disconnecting from the FTP Server......................................................................................................165
8.6.7 Checking the Configuration...................................................................................................................165
8.7 Accessing Files on Another Device Using SFTP...........................................................................................166
8.7.1 Establishing the Configuration Task.....................................................................................................166
8.7.2 (Optional) Configuring a Source IP Address for an SFTP Client.........................................................167
8.7.3 Configuring the First Successful Login to Another Device (Enabling the First-Time Authentication on
the SSH Client)...............................................................................................................................................167
8.7.4 Configuring the First Successful Login to Another Device (Allocating an Public Key to the SSH Server)
........................................................................................................................................................................168
8.7.5 Connecting to Other Devices by Using SFTP.......................................................................................169
8.7.6 Managing Files Using SFTP Commands..............................................................................................170
8.7.7 Checking the Configuration...................................................................................................................171
8.8 Configuration Examples.................................................................................................................................172
8.8.1 Example for Configuring Telnet Services.............................................................................................172
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration Contents
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
viii
8.8.2 Example for Configuring the Device as the STelnet Client to Connect to the SSH Server..................174
8.8.3 Example for Configuring the Redirection Function for Remote Device Management.........................179
8.8.4 Example for Configuring TFTP............................................................................................................181
8.8.5 Example for Connecting the SFTP Client to the SSH Server...............................................................183
8.8.6 Example for Authenticating SSH Through RADIUS............................................................................187
9 Upgrade and Maintenance.......................................................................................................193
9.1 Upgrade and Maintenance Overview.............................................................................................................194
9.1.1 License Authorization............................................................................................................................194
9.1.2 Software Upgrade..................................................................................................................................194
9.1.3 Patch Management................................................................................................................................194
9.1.4 CPU and Memory Usage Thresholds....................................................................................................195
9.1.5 Device Restart........................................................................................................................................195
9.2 Activating a GTL License File.......................................................................................................................195
9.2.1 Establishing the Configuration Task.....................................................................................................195
9.2.2 Uploading a GTL License File..............................................................................................................197
9.2.3 Activating the GTL License File...........................................................................................................197
9.2.4 (Optional) Enabling the Emergency State of the GTL License Module...............................................198
9.2.5 Checking the Configuration...................................................................................................................198
9.3 Upgrading System Software...........................................................................................................................199
9.3.1 Establishing the Configuration Task.....................................................................................................199
9.3.2 Checking the System Before the Upgrade.............................................................................................200
9.3.3 Downloading a System File...................................................................................................................201
9.3.4 Specifying the System Software to Be Used at the Next Startup..........................................................207
9.3.5 Configuring a Backup Startup File........................................................................................................207
9.3.6 (Optional) Upgrading the BootROM of the LPU..................................................................................208
9.3.7 Restarting a Device................................................................................................................................208
9.3.8 Checking the Configuration...................................................................................................................209
9.4 Managing Patches...........................................................................................................................................210
9.4.1 Establishing the Configuration Task.....................................................................................................210
9.4.2 Installing a Patch...................................................................................................................................210
9.4.3 Specifying a Patch File to Be Used at the Next Startup........................................................................211
9.4.4 Uninstalling a Patch...............................................................................................................................212
9.4.5 Checking the Configuration...................................................................................................................212
9.5 Monitoring CPU and Memory Usage.............................................................................................................213
9.5.1 Establishing the Configuration Task.....................................................................................................213
9.5.2 Setting CPU Usage Thresholds.............................................................................................................213
9.5.3 Setting a Memory Usage Threshold......................................................................................................214
9.5.4 Checking the Configuration...................................................................................................................215
9.6 Restarting the Device......................................................................................................................................217
9.6.1 Establishing the Configuration Task.....................................................................................................217
9.6.2 Restarting the Device Immediately.......................................................................................................217
9.6.3 Configuring the Device to Restart as Scheduled...................................................................................218
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration Contents
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
ix
9.6.4 Checking the Configuration...................................................................................................................218
9.7 Configuration Examples.................................................................................................................................219
9.7.1 Example for Upgrading System Software.............................................................................................219
9.7.2 Example for Installing a Patch File.......................................................................................................223
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration Contents
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
x
1 Logging In to the System for the First Time
About This Chapter
You can log in to a new router through the console port, mini USB port to configure the
router.
1.1 Introduction
You can configure a device that is powered on for the first time by logging in through the console
port, mini USB port.
1.2 Logging In to the Device Through the Console Port
This section describes how to establish the configuration environment by using the console port
to connect a terminal to a router.
1.3 Logging In to the router Through a Mini USB Port
This section describes how to connect a terminal to the router through a mini USB port.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 1 Logging In to the System for the First Time
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1
1.1 Introduction
You can configure a device that is powered on for the first time by logging in through the console
port, mini USB port.
A main control board provides a console port , a mini USB port To configure a device, connect
the user terminal serial port to the device console port or connect the user terminal USB port to
the mini USB port of the device.
NOTE
l Before using the mini USB port to log in to a device, install the mini USB port driver on the user
terminal.
l The mini USB port and console port cannot be used together.
1.2 Logging In to the Device Through the Console Port
This section describes how to establish the configuration environment by using the console port
to connect a terminal to a router.
1.2.1 Establishing the Configuration Task
Before logging in to the router through the console port, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain any data required for the
configuration. This will help you complete the configuration task quickly and correctly.
Applicable Environment
When the router is powered on for the first time, you could use the console port to log in to the
router to configure and manage the router.
Pre-configuration Tasks
Before logging in to the router through the console port, complete the following tasks:
l Installing terminal emulation program on the PC (for example, Windows XP
HyperTerminal)
l Preparing the console cable
Data Preparation
To log in to the router through the console port or mini USB port, you need the following data.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 1 Logging In to the System for the First Time
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2
No. Data
1 Terminal communication parameters
l Baud rate
l Data bit
l Parity
l Stop bit
l Flow-control mode

NOTE
The system automatically uses default parameter values for the first login.
1.2.2 Establishing the Physical Connection
You can use a cable to connect the console port of the router to the COM port of a terminal.
Procedure
Step 1 Power on all devices to perform a self-check.
Step 2 Use a cable to connect the console port of the router to the COM port of a PC.
----End
1.2.3 Logging In to the Device
To manage a router that is powered on for the first time, you can log in to it using the console
port.
Context
PC terminal attributes, including the transmission rate, data bit, parity bit, stop bit, and flow
control mode must be configured to match those configured for the console port. Default values
for terminal attributes are used during the first login to the device.
Procedure
Step 1 Start a terminal emulator on the PC and create a connection, as shown in Figure 1-1.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 1 Logging In to the System for the First Time
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3
Figure 1-1 Connection creation

Step 2 Set an interface, as shown in Figure 1-2.
Figure 1-2 Interface settings

Step 3 Set communication parameters to match the router defaults, as shown in Figure 1-3.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 1 Logging In to the System for the First Time
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4
Figure 1-3 Communication parameter settings

Step 4 Press Enter. At the command-line prompt such as <Huawei>, enter a command to configure
the router or enter a question mark (?) if you need help.
NOTE
When you connect to the console port of a AR1200-S that does not have a startup configuration file, the
system displays "Auto-Config is working. Before configuring the device, stop Auto-Config. If you perform
configurations when Auto-Config is running, the DHCP, routing, DNS, and VTY configurations will be
lost. Do you want to stop Auto-Config? [y/n]:"
l To continue Auto-Config, enter n and press Enter.
l To stop Auto-Config, choose y and press Enter.
CAUTION
If you choose n but still perform configurations through the console port, the DHCP, routing, DNS,
and VTY configurations that you have performed will be lost.
----End
1.3 Logging In to the router Through a Mini USB Port
This section describes how to connect a terminal to the router through a mini USB port.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 1 Logging In to the System for the First Time
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5
1.3.1 Establishing the Configuration Task
Before logging in to the router through a mini USB port, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain the data required for the
configuration. This will help you complete the configuration task quickly and accurately.
Applicable Environment
When the router is powered off for the first time, log in to the router through a mini USB port
to configure and manage the router.
Pre-Configuration Tasks
Before logging in to the router through a mini USB port, complete the following tasks:
l Installing the terminal emulation program such as the HyperTerminal in the Windows XP
operating system on the PC
l Preparing mini USB cables
Data Preparation
To log in to the router through a mini USB port, you need the following data.
No. Data
1 Terminal communication parameters including the baud rate, data bit, parity bit, stop
bit, and flow control mode

1.3.2 Installing the router Driver
This section describes how to install the router driver on a PC so that the PC can discover and
identify the AR1200-S.
Context
The router driver supports only the Windows XP, Windows Vista, and Windows 7 operating
systems.
Procedure
Step 1 Double-click the diver installation file on the PC and click Next, as shown in Figure 1-4.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 1 Logging In to the System for the First Time
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6
Figure 1-4 Running a driver on the PC

Step 2 Select I accept the terms in the license agreement and click Next, as shown in Figure 1-5.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 1 Logging In to the System for the First Time
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7
Figure 1-5 Accepting the terms in the license agreement

Step 3 Click Change to change the driver directory, and click Next, as shown in Figure 1-6.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 1 Logging In to the System for the First Time
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8
Figure 1-6 Specifying the driver directory

Step 4 Click Install and decompress the driver. When the system finishes decompressing the driver,
click Finish, as shown in Figure 1-7.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 1 Logging In to the System for the First Time
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9
Figure 1-7 Finishing decompressing the driver

Step 5 Find the DISK1 folder in the specified driver directory, and double-click setup.exe.
Step 6 Click Next. Select I accept the terms in the license agreement and click Next to install the
driver.
Step 7 Click Finish to finish installing the driver.
Step 8 Right-click My Computer, and choose Manage -> Device Manager -> Ports(COM&LPT).
The TUSB3410 Device (COM3) is displayed, indicating an router.
NOTE
If there is no TUSB3410 device (COM3) in the device manager, reinstall the driver or use another mini
USB cable to connect the AR1200-S to the PC.
----End
1.3.3 Logging In to the router
You can log in to the router from a PC through a mini USB port to configure and manage the
router that is powered on for the first time.
Procedure
Step 1 Run the terminal emulation program such as the HyperTerminal of Windows XP on the PC and
establish a connection, as shown in Figure 1-8.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 1 Logging In to the System for the First Time
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
10
Figure 1-8 Establishing a connection

Step 2 Specify a connection port. If the connection port is a mini USB port, select COM3, as shown
in Figure 1-9.
Figure 1-9 Configuring the connection port

Step 3 Set parameters for the connection port. Click RestoreDefaults to restore parameters to default
settings, as shown in Figure 1-10.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 1 Logging In to the System for the First Time
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11
Figure 1-10 Setting communication parameters

Step 4 Press Enter on the subsequent dialog boxes until the command line prompt of the user view,
such as <Huawei>, is displayed.
You can run commands to configure the AR1200-S. Enter a question mark (?) whenever you
need help.
NOTE
When you connect to the console port of a AR1200-S that does not have a startup configuration file, the
system displays "Auto-Config is working. Before configuring the device, stop Auto-Config. If you perform
configurations when Auto-Config is running, the DHCP, routing, DNS, and VTY configurations will be
lost. Do you want to stop Auto-Config? [y/n]:"
l To continue Auto-Config, enter n and press Enter.
l To stop Auto-Config, choose y and press Enter.
CAUTION
If you choose n but still perform configurations through the console port, the DHCP, routing, DNS,
and VTY configurations that you have performed will be lost.
----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 1 Logging In to the System for the First Time
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12
2 CLI Overview
About This Chapter
The command line interface (CLI) is used to configure and maintain devices.
2.1 CLI Introduction
After you log in to the router, a prompt is displayed and you can use the command line interface
(CLI). Users can interact with the router through the CLI.
2.2 Online Help
When inputting command lines or configuring services, you can use the online help to obtain
real-time help.
2.3 CLI Features
The CLI provides several features to help users flexibly use it.
2.4 Shortcut Keys
System or user-defined shortcut keys make it easier to enter commands.
2.5 Configuration Examples
This section provides several examples that illustrate the use of command lines.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 2 CLI Overview
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
13
2.1 CLI Introduction
After you log in to the router, a prompt is displayed and you can use the command line interface
(CLI). Users can interact with the router through the CLI.
2.1.1 Command Line Interface
You can use CLI commands to configure and manage the router.
The CLI provides users access to a number of features and capabilities:
l Local configuration through the console port.
l Local or remote configuration through Telnet or Secure Shell (SSH).
l The telnet command for directly logging in to and managing other routers.
l FTP service for file uploads and downloads.
l A user interface view for specific configuration management.
l Hierarchical command protection structure giving certain levels of users permission to run
certain levels of commands.
l Three authentication modes are supported, namely, none-authentication, password
authentication, and Authentication, Authorization, and Accounting (AAA) authentication.
Password and AAA authentication protect system security by prohibiting unauthorized
users from logging in to the router.
l Entering "?" for online help at any time.
l Entering "?" for online help at any time.
l A command line interpreter provides intelligent text entry methods such as key word fuzzy
match and context conjunction. These methods help users to enter commands easily and
correctly.
l Network test commands such as tracert and ping for fast network diagnostics.
l Abundant debugging information to with network diagnostics.
l Running a command used previously on the device, like DosKey.
NOTE
l The system supports commands that contain a maximum of 512 characters. A command does not have
to be entered in full, as long as the part of the command entered is unique within the system. For
example, to use the display current-configuration command, entering d cu, di cu, or dis cu will run
the command. Entering d c or dis c will not run the command, because these entries are not unique to
the command.
l The system saves the complete form of incomplete commands to configuration files. Saved commands
may have more than 512 characters. When the system is restarted, incomplete commands cannot be
restored. Therefore, pay attention to the full length of incomplete commands before saving them.
2.1.2 Command Levels
The system structures access to command functions hierarchically to protect system security.
The system administrator sets user access levels that grant specific users access to specific
command levels.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 2 CLI Overview
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
14
By default, the command level of a user is a value ranging from 0 to 3, and the user access level
is a value ranging from 0 to 15. Table 2-1 lists the association between user access levels and
command levels.
Table 2-1 Association between user access levels and command levels
User
Level
Com
man
d
Level
Level
Name
Description
0 0 Visit
level
This level gives access to commands that run network diagnostic
tools (such as ping and tracert) and commands that start from a
local device, visit external devices (such as Telnet client side ),
and a part of display commands.
1 0 and
1
Monitor
ing
level
This level gives access to commands, like the display command,
that are used for system maintenance and fault diagnosis.
2 0, 1,
and 2
Configu
ration
level
This level gives access to commands that configure network
services provided directly to users, including routing and
network layer commands.
3-15 0, 1,
2, and
3
Manage
ment
level
This level gives access to commands that control basic system
operations and provide support for services. These commands
include file system commands, FTP commands, TFTP
commands, configuration file switching commands, power
supply control commands, backup board control commands,
user management commands, level setting commands, system
internal parameter setting commands, and debugging commands
for fault diagnosis.

NOTE
l The default command level may be higher than the command level defined according to the command
rules in application.
l The level of the command that a user can run is determined by the level of this user.
l Login users have 16 levels. The login users can use only the command of the levels that are equal to
or lower than their own levels. The user privilege level level command sets the user level.
Searching Commands Based on Command Levels
You can search for all commands at a specific level simultaneously. The procedure is as follows:
1. Open the command reference (.chm.) file.
2. Click the "Search" tab. The search window will be displayed as shown in Figure 2-1.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 2 CLI Overview
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
15
Figure 2-1 Entering the search window
3. Enter the command level you want in the "Type in the word(s) to search for" textbox and
click "List Topics". All commands of the specified level will be displayed as shown in
Figure 2-2.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 2 CLI Overview
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
16
Figure 2-2 Searching commands based on a specific level
2.1.3 Command Line Views
The command line interface has different command views. Each command is registered to run
in one or more command views. You can run a command only after you enter an appropriate
command view.
The following example uses the user, system, and aaa views:
# Establish a connection to the router. If the router is using the default configurations, the
<Huawei> prompt indicates that you have entered the user view.
<Huawei>
# Run the system-view command to enter the system view.
<Huawei> system-view
[Huawei]
# Run the aaa command in the system view to enter the AAA view.
[Huawei] aaa
[Huawei-aaa]
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 2 CLI Overview
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
17
NOTE
l The command prompt "Huawei" is the default host name.
l The prompt indicates a specific view. For example, "Huawei" indicates the user view, and
"[HUAWEI-ui-console0]" indicates the console user interface view.
Some commands can be used in more than one view, but their effects vary from view to view.
2.2 Online Help
When inputting command lines or configuring services, you can use the online help to obtain
real-time help.
2.2.1 Full Help
When inputting a command, you can use the full help function to obtain keywords or parameters
for the command.
Procedure
l Use any of the following methods to obtain full help from a command line.
– Enter a question mark (?) in any command line view to display command names and
their descriptions for all commands of that view.
<Huawei> ?
User view commands:
arp-ping ARP-
ping
autosave <Group> autosave command
group
backup Backup
information
cd Change current
directory
clock Specify the system
clock
cls Clear screen
...
...
– Enter a command and a question mark (?) separated by a space. All keywords associated
with this command, as well as simple descriptions, are displayed. For example:
[Huawei] interface ?
Bridge-if Bridge-if
interface
Cellular Cellular interface
...
...
Bridge-if and Cellular are keywords; Bridge-if interface and Cellular interface
describe the keywords respectively.
– Enter a command and a question mark (?) separated by a space. Parameter names for
this command, as well as parameter descriptions, are displayed. For example:
[Huawei] ftp timeout ?
INTEGER<1-35791> The value of FTP timeout (in minutes)
[Huawei] ftp timeout 35 ?
<cr>
[Huawei] ftp timeout 35
In this command output, INTEGER<1-35791> describes the parameter value and The
value of FTP timeout, the default value is 30 minutes is a simple description of what
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 2 CLI Overview
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
18
the parameter sets. A display of <cr> indicates that no parameters are associated with
this command. The command is repeated in the next command line. You can press
Enter to run the command.
----End
2.2.2 Partial Help
If you enter only the first or first several characters of a command, partial help provides keywords
that begin with this character or character string.
Procedure
l Use any of the following methods to obtain partial help from a command line.
– Enter a character string followed directly by a question mark (?) to display all commands
that begin with this character string.
<Huawei> d?
debugging <Group> debugging command
group
delete Delete a
file
dialer
Dialer
dir List files on a
filesystem
display Display information
– Enter a command and a character string followed directly by a question mark (?) to
display all key words that begin with this character string.
<Huawei> display b?
bfd Specify BFD(Bidirectional Forwarding
Detection
) configuration
information
bgp BGP
information
bootp Bootstrap Protocol
bridge <Group> bridge command group
– Enter the first several letters of a key word in the command and then press Tab to display
a complete key word. A complete keyword is displayed only if the partial string of letters
uniquely identifies a specific key word. If they do not identify a specific key work,
continuing to press Tab will display different key words. You can select the needed key
word.
----End
2.2.3 Error Messages of the Command Line Interface
If a command is entered and passes the syntax check, the system executes it. Otherwise, the
system reports an error message.
Table 2-2 lists common error messages.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 2 CLI Overview
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
19
Table 2-2 Common error messages of the command line
Error messages Cause of the error
Error: Unrecognized command
found at '^' position.
The command cannot be found
The key word cannot be found
Error: Wrong parameter found
at '^' position.
Parameter type error
Parameter value out of range
Error:Incomplete command
found at '^' position.
Incomplete command entered
Error: Too many parameters
found at "^" position.
Too many parameters entered
Error:Ambiguous command
found at '^' position.
Ambiguous parameters entered

2.3 CLI Features
The CLI provides several features to help users flexibly use it.
2.3.1 Editing
The command line editing function allows you to edit command lines or obtain help by using
certain keys.
The command line of AR1200-S supports multi-line edition. The maximum length of each
command is 512 characters.
Keys for editing that are often used are shown in Table 2-3.
Table 2-3 Keys for editing
Key Function
Common key Inserts a character at the current position of the cursor if the editing
buffer is not full. The cursor then moves to the right. If the buffer
is full, an alarm is generated.
Backspace Moves the cursor to the left and deletes the character at that
position. When the cursor reaches the head of the command, an
alarm is generated.
Left cursor key ← or
Ctrl_B
Moves the cursor to the left a single space at a time. When the
cursor reaches the head of the command, an alarm is generated.
Right cursor key → or
Ctrl_F
Moves the cursor to the right a single space at a time. When the
cursor reaches the end of the command, an alarm is generated.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 2 CLI Overview
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
20
Key Function
Tab Press Tab after typing a partial key word and the system runs
partial help:
l If the matching key word is unique, the system replaces the
typed character string with a complete key word and displays
it in a new line with the cursor placed at the end of the word.
l If there are several matches or no match, the system displays
the prefix first. Then you can press Tab to view any matching
key words one at a time. The cursor directly follows the end of
the word. You can press the spacebar to enter the next word.
l If a non-existent or incorrect key word is entered, press Tab
and the word is displayed on a new line.

2.3.2 Displaying
Command lines have a feature to control how they are displayed. You can set the command line
display mode as required.
You can control the display of information on the CLI as follows:
l If output information cannot be displayed on a full screen, you have three viewing options,
as shown in Table 2-4.
Table 2-4 Display keys
Key Function
Ctrl_C Stops the display and the running of a command.
Space Allows information to be displayed on the next screen.
Enter Allows information to be displayed on the next line.

2.3.3 Regular Expressions
A regular expression describes a set of strings. It consists of common characters (such as letters
from "a" to "z") and special characters (called metacharacters). The regular expression is a
template upon which you can base searches for required strings. Users can use regular
expressions to filter output to locate needed information quickly.
A regular expression provides the following functions:
l Search for sub-strings that match a rule in the main string.
l String substitution based on specific matching rules.
Formal Language Theory of the Regular Expression
A regular expression consists of common characters and special characters.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 2 CLI Overview
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
21
l Common characters
Common characters, including all upper-case and lower-case letters, digits, punctuation
marks, and special symbols, match themselves in a string. For example, "a" matches the
letter "a" in "abc", "202" matches the digit "202" in "202.113.25.155", and "@" matches
the symbol "@" in "xxx@xxx.com".
l Special characters
Special characters are used together with common characters to match complex or special
string combination. Table 2-5 describes special characters and their syntax.
Table 2-5 Description of special characters
Special
characte
r
Syntax Example
\ Defines an escape character, which
is used to mark the next character
(common or special) as the common
character.
\* matches "*".
^ Matches the starting position of the
string.
^10 matches "10.10.10.1" instead of
"20.10.10.1".
$ Matches the ending position of the
string.
1$ matches "10.10.10.1" instead of
"10.10.10.2".
* Matches the preceding element zero
or more times.
10* matches "1", "10", "100", and
"1000".
(10)* matches "null", "10", "1010",
and "101010".
+ Matches the preceding element one
or more times
10+ matches "10", "100", and
"1000".
(10)+ matches "10", "1010", and
"101010".
? Matches the preceding element zero
or one time.
10? matches "1" and "10".
(10)? matches "null" and "10".
. Matches any single character. 0.0 matches "0x0" and "020".
.oo matches "book", "look", and
"tool".
() Defines a subexpression, which can
be null. Both the expression and the
subexpression should be matched.
100(200)+ matches "100200" and
"100200200".
x|y Matches x or y. 100|200 matches "100" or "200".
1(2|3)4 matches "124" or "134",
instead of "1234", "14", "1224", and
"1334".
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 2 CLI Overview
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
22
Special
characte
r
Syntax Example
[xyz] Matches any single character in the
regular expression.
[123] matches the character 2 in
"255".
[^xyz] Matches any character that is not
contained within the brackets.
[^123] matches any character except
for "1", "2", and "3".
[a-z] Matches any character within the
specified range.
[0-9] matches any character ranging
from 0 to 9.
[^a-z] Matches any character beyond the
specified range.
[^0-9] matches all non-numeric
characters.
_ Matches a comma "," left brace "{",
right brace "}", left parenthesis "(",
and right parenthesis ")".
Matches the starting position of the
input string.
Matches the ending position of the
input string.
Matches a space.
_2008_ matches "2008", "space
2008 space", "space 2008", "2008
space", ",2008,", "{2008}",
"(2008)", "{2008)", and "(2008}".

NOTE
Unless otherwise specified, all characters in the preceding table are displayed on the screen.
l Degeneration of special characters
Certain special characters, when placed at certain positions in a regular expression,
degenerate to common characters.
– The special characters following "\" match special characters themselves.
– The special characters "*", "+", and "?" placed at the starting position of the regular
expression. For example, +45 matches "+45" and abc(*def) matches "abc*def".
– The special character "^" placed at any position except for the start of the regular
expression. For example, abc^ matches "abc^".
– The special character "$" placed at any position except for the end of the regular
expression. For example, 12$2 matches "12$2".
– A right parenthesis ")" or right bracket "]" is not paired with a corresponding left
parenthesis "(" or bracket "[". For example, abc) matches "abc)" and 0-9] matches
"0-9]".
NOTE
Unless otherwise specified, degeneration rules also apply when preceding regular expressions are
subexpressions within parentheses.
l Combinations of common and special characters
In actual usage, regular expressions combine multiple common and special characters to
match certain strings.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 2 CLI Overview
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
23
Specifying a Filtering Mode in a Command
CAUTION
The Huawei AR1200-S Series uses a regular expression to implement the pipe character filtering
function. A display command supports the pipe character only when there is excessive output
information.
When filtering conditions are set to query output, the first line of the command output starts with
information containing the regular expression.
Some commands can carry the parameter | count to display the number of matching entries. The
parameter | count can be used together with other parameters.
For commands that support regular expressions, three filtering methods are as follows:
l | begin regular-expression: displays information that begins with the line that matches
regular expression.
l | exclude regular-expression: displays information that excludes the lines that match
regular expression.
l | include regular-expression: displays information that includes the lines that match regular
expression.
NOTE
The value of regular-expression is a string of 1 to 255 characters.regular-expression cannot contain
underlines (_).
2.3.4 Previously-Used Commands
The CLI provides a function similar to DosKey that automatically saves any command used on
the device. If you need to run a command that has been previously executed, you can use this
function to call up the command.
By default, the system saves 10 previously-used commands for each user. You can run the
history-command max-size size-value command in the user view to set the number of
previously-used commands saved by the system. A maximum of 256 previously-used commands
can be saved.
NOTE
Setting the number of saved previously-used commands to a reasonably low value is recommended. If a
large number of previously-used commands are saved, locating a command can be time-consuming and
affect efficiency.
The operations are shown in Table 2-6
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 2 CLI Overview
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
24
Table 2-6 Access the previously-used commands
Action Key or Command Result
Display
previously-
used
commands.
display history-
command
Display previously-used commands entered by
users.
Access the last
previously-
used
command.
Up cursor key (↑) or
Ctrl_P
Display the last previously-used command if there
is an earlier previously-used command. Otherwise,
an alarm is generated.
Access the next
previously-
used
command.
Down cursor key
(↓) or Ctrl_N
Display the next previously-used command if there
is a later previously-used command. Otherwise, the
command is cleared and an alarm is generated.

NOTE
Windows 9X defines keys differently and the cursor key ↑ is cannot be used with Windows 9X
HyperTerminals. You may use Ctrl_P instead.
When you use previously-used commands, note the following points:
l Previously-used commands are saved exactly as they are entered by users. For example, if
a user enters an incomplete command, the saved command is also incomplete.
l A command is saved the first time it is run and subsequent runnings are not saved. If a
command is entered in different forms or with different parameters, each entry is considered
to be a different command.
For example, if the display ip routing-table command is run several times, only one
previously-used command is saved. If the display current-configuration command and
the display ip routing-table command are run, two previously-used commands are saved.
2.4 Shortcut Keys
System or user-defined shortcut keys make it easier to enter commands.
2.4.1 Classifying Shortcut Keys
There are two types of shortcut keys: system shortcut keys and user-defined shortcut keys.
Familiarize yourself with shortcut keys so as to use them correctly.
The shortcut keys in the system are classified into the following types:
l User-defined shortcut keys: CTRL_G, CTRL_L, CTRL_O, and CTRL_U. The user can
assign these shortcut keys to any commands. When a shortcut key is pressed, the system
automatically runs the assigned command. For details about defining the shortcut keys, see
2.4.2 Defining Shortcut Keys.
l System-defined shortcut keys: The system defines a number of shortcut keys with fixed
functions. Table 2-7 lists the system-defined shortcut keys.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 2 CLI Overview
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
25
NOTE
Different terminal software defines these keys differently. The shortcut keys on your terminal may be
different than those listed in this section.
Table 2-7 System-defined shortcut keys
Key Function
CTRL_A The cursor moves to the beginning of the current line.
CTRL_B The cursor moves to the left one space at a time.
CTRL_C Terminates the running function.
CTRL_D Deletes the character where the cursor lies.
CTRL_E The cursor moves to the end of the current line.
CTRL_F The cursor moves to the right one space at a time.
CTRL_H Deletes one character to the left of the cursor.
CTRL_N Displays the next command in the previously-used command
buffer.
CTRL_P Displays the previous command in the previously-used
command buffer.
CTRL_W Deletes a character string or character to the left of the cursor.
CTRL_X Deletes all the characters to the left of the cursor.
CTRL_Y Deletes all the characters to the right of the cursor.
CTRL_Z Returns to the user view.
CTRL_] Terminates the inbound or redirection connections.
ESC_B The cursor moves to the left by one word.
ESC_D Deletes a word to the right of the cursor.
ESC_F The cursor moves to the right to the end of next word.

2.4.2 Defining Shortcut Keys
If you use one or more commands regularly, you can assign shortcut keys to run these commands.
This facilitates user operations and improves efficiency. Only management-level users have the
rights to define shortcut keys.
Configure these shortcut keys in the system view.
Action Command
Define shortcut keys hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_U }
command-text
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 2 CLI Overview
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
26

CTRL_G, CTRL_L and CTRL_O are assigned to run the following commands by default:
l CTRL_G: display current-configuration
l CTRL_L: undo idle-timeout
l CTRL_O: undo debugging all
By default, CTRL_U is not assigned to any command.
When defining shortcut keys, mark the command with double quotation marks if the command
consists of several words or the command includes spaces, and do not mark the command with
double quotation marks if the command consists of only one word or the command includes no
space.
NOTE
To restore the defaults, run the undo hotkey command.
2.4.3 Use of Shortcut Keys
You can use a shortcut key at any position where a command can be entered. The system executes
an entered shortcut key and displays the corresponding command on the screen exactly as if you
had entered in the complete command.
l If you have typed part of a command and have not pressed Enter, you can press the shortcut
keys to clear what you have entered and display the full command. This operation has the
same effect as that of deleting a command and then re-entering the complete command.
l The shortcut keys are run like the commands. The syntax is recorded to the command buffer
and logged for fault location and querying.
NOTE
The terminal in use may affect the functions of shortcut keys. For example, if customized shortcut keys
for the terminal conflict with those for the router, the input shortcut keys are captured by the terminal
program and hence the shortcut keys do not function.
Run the following command in any view to display the use of shortcut keys.
Action Command
Check the usage of shortcut keys. display hotkey

2.5 Configuration Examples
This section provides several examples that illustrate the use of command lines.
2.5.1 Example for Using Tab
This example shows how to use the Tab key. After inputting an incomplete keyword, you can
press Tab and obtain all related keywords or check the accuracy of the input keyword.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 2 CLI Overview
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
27
Context
You do not always need to input complete keywords. Instead, input one or more of the first
characters of a keyword and press Tab to complete the keyword. The Tab key helps search for
and use commands.
Procedure
l Tab can be used in three ways as shown in the following example.
– After the incomplete key word is input and the Tab key is pressed, a unique matching
key word is displayed.
1. Input the incomplete key word.
[Huawei] info-
2. Press Tab.
The system replaces the incomplete input with a single key word and displays it
in a new line with the cursor leaving a space behind.
[Huawei] info-center
– After the incomplete key word is input and the Tab key is pressed, several matches are
displayed or no match is displayed.
# Several prefixes beginning with log can follow the keyword info-center.
[Huawei] info-center log?
logbuffer Setting of log buffer configuration
logfile <Group> logfile command
group
loghost Setting of logging host configuration
1. Input the incomplete key word.
[Huawei] info-center log
2. Press Tab.
The system first displays the prefix log.
[Huawei] info-center logbuffer
Press Tab repeatedly to select the keywords one at a time. The cursor is placed
directly after the end of each keyword.
[Huawei] info-center logfile
[Huawei] info-center loghost
Stop pressing Tab after the keyword logfile that you need is displayed.
3. Input a space to enter the next word path.
[Huawei] info-center logfile path
– Input an incorrect keyword and press Tab to check the correctness of the keyword.
1. Input a wrong keyword loglog.
[Huawei] info-center loglog
2. Press Tab.
[Huawei] info-center loglog
The system displays information in a new line, but the keyword loglog remains
unchanged and there is no space between the cursor and the keyword, indicating
that this keyword is non-existent.
----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 2 CLI Overview
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
28
2.5.2 Example for Using Shortcut Keys
In this example, shortcut keys are assigned to frequently-used commands. You can press the
shortcut keys instead of inputting the commands. This facilitates user operations and improves
efficiency.
Context
If the login router supports shortcut keys, any user regardless of user level can use these shortcut
keys.
Procedure
Step 1 Correlate Ctrl_U with the display local-user command and run the shortcut keys.
<Huawei> system-view
[Huawei] hotkey ctrl_u "display local-user"
NOTE
When defining shortcut keys for a command, use double quotation marks to quote the command if the
command consisting of multiple words, which are separated by spaces. No double quotation marks are
required for single-word commands.
Step 2 Press Ctrl_U when the prompt [Huawei] appears.
[Huawei] display local-user
----------------------------------------------------------------------------
User-name State AuthMask AdminLevel
----------------------------------------------------------------------------
admin A H -
root A A -
----------------------------------------------------------------------------
Total 2 user(s)
----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 2 CLI Overview
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
29
3 Basic Configuration
About This Chapter
This chapter describes how to configure the router to work properly in the network environment
and to suit your needs.
3.1 Configuring the Basic System Environment
This section describes how to configure the basic system environment.
3.2 Displaying System Status Messages
This section describes how to use display commands to check basic system configurations.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 3 Basic Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
30
3.1 Configuring the Basic System Environment
This section describes how to configure the basic system environment.
3.1.1 Establishing the Configuration Task
Before configuring the basic system environment, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain any data required for the
configuration. This will help you complete the configuration task quickly and correctly.
Applicable Environment
Before configuring services, you need to configure the basic system environment (such as time
and device name) to meet the environment requirement.
Pre-configuration Tasks
Before configuring the basic system environment, complete the following task:
l Powering on the router
Data Preparation
To configure the basic system environment, you need the following data.
No. Data
1 System time
2 Host name
3 Login information
4 Command level

3.1.2 Configuring the Equipment Name
If multiple devices on a network need to be managed, set equipment names to identify each
device.
Context
New equipment names take effect immediately.
Procedure
Step 1 Run:
system-view
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 3 Basic Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
31
The system view is displayed.
Step 2 Run:
sysname host-name
The equipment name is set.
By default, the equipment name of the router is Huawei.
You can change the name of the router that appears in the command prompt.
----End
3.1.3 Setting the System Clock
The system clock must be correctly set to ensure synchronization with other devices.
Context
The system clock is the time indicated by the system timestamp. Because the rules governing
local time differ in different regions, the system clock can be configured to comply with the
rules of any given region.
The system clock is calculated using the following formula: System clock = Coordinated
Universal Time (UTC) + Time zone offset + Daylight saving time offset.
Set the system clock to the correct time to ensure that the device operates properly with other
devices.
Perform the following steps in the user view to set the system clock:
Procedure
Step 1 Run:
clock datetime HH:MM:SS YYYY-MM-DD
The current date and time is set.
NOTE
If the time zone has not been configured or is set to 0, the date and time set by this command are considered
to be UTC. Set the time zone and UTC correctly.
Step 2 Run:
clock timezone time-zone-name { add | minus } offset
The time zone is set.
l If add is configured, the current time is the UTC time plus the time offset. That is, the default
UTC time plus offset is equal to the time of time-zone-name.
l If minus is configured, the current time is the UTC time minus the time offset. That is, the
default UTC time minus offset is equal to the time of time-zone-name.
Step 3 Run:
clock daylight-saving-time time-zone-name one-year start-time start-date end-time
end-date offset
or
clock daylight-saving-time time-zone-name repeating start-time { { first | second
| third | fourth | last } weekday month | start-date } end-time { { first |
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 3 Basic Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
32
second | third | fourth | last } weekday month | end-date } offset [ start-year
[ end-year ] ]
Daylight saving time is set.
By default, daylight saving time is not set.
Use one of these modes to configure the starting date and ending date for daylight saving time:
date+date, week+week, date+week, and week+date. For details, see clock daylight-saving-
time.
NOTE
If the daylight saving time is used, the clock timezone time-zone-name { add | minus } offset command
can be executed to set the time zone name. The display clock command displays the daylight saving time
name. After the daylight saving time is complete, the original time zone name is displayed.
----End
System Clock Display
The system clock is determined by the clock datetime, clock timezone, and clock daylight-
saving-time commands.
l If none of the preceding three commands have been run, the original system time will be
displayed after running the display clock command.
l The preceding three commands can also be run in combination with one another to
configure the system clock, as listed in Table 3-1.
In the following examples, the original system time is 08:00:00 January 1, 2010.
l 1: The clock datetime command is run to set the current date and time to date-time.
l 2: The clock timezone command is run to configure the time zone with the time zone offset
zone-offset.
l 3: The clock daylight-saving-time command is run to configure the daylight saving time
with the offset offset.
l [1]: The clock datetime command configuration is optional.
Table 3-1 System clock configuration examples
Operation Configured System
Time
Example
1 date-time Run the clock datetime 8:0:0 2011-11-12
command.
Configured system time:
2011-11-12 08:00:03
Saturday
Time Zone(DefaultZoneName): UTC
2 Original system time +/-
zone-offset
Run the clock timezone BJ add 8 command.
Configured system time:
2010-01-01 16:00:20+08:00
Friday
Time Zone(BJ): UTC+08:00
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 3 Basic Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
33
Operation Configured System
Time
Example
1, 2 date-time +/- zone-offset Run the clock datetime 8:0:0 2011-11-12 and
clock timezone BJ add 8 commands.
Configured system time:
2011-11-12 16:00:13+08:00
Saturday
Time Zone(BJ): UTC+08:00
[1], 2, 1 date-time Run the lock timezone NJ add 8 and clock
datetime 9:0:0 2011-11-12 commands.
Configured system time:
2011-11-12 09:00:02+08:00
Saturday
Time Zone(NJ): UTC+08:00
3 Original system time if
the original system time
is not during the
configured daylight
saving time period
Run the clock daylight-saving-time BJ one-year
6:0 2011-8-1 6:0 2011-10-01 1 command.
Configured system time:
2010-01-01 08:00:51
Friday
Time Zone(DefaultZoneName): UTC
Daylight saving time :
Name : BJ
Repeat mode : one-year
Start year : 2011
End year : 2011
Start time : 08-01 06:00:00
End time : 10-01 06:00:00
Saving time : 01:00:00
Original system time +
offset if the original
system time is during the
configured daylight
saving time period
Run the clock daylight-saving-time BJ one-year
6:0 2011-1-1 6:0 2011-9-1 2 command.
Configured system time:
2010-01-01 10:00:34 DST
Friday
Time Zone(BJ): UTC
Daylight saving time :
Name : BJ
Repeat mode : one-year
Start year : 2011
End year : 2011
Start time : 01-01 06:00:00
End time : 09-01 06:00:00
Saving time : 02:00:00
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 3 Basic Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
34
Operation Configured System
Time
Example
1, 3 date-time if date-time is
not during the configured
daylight saving time
period
Run the clock datetime 9:0:0 2011-11-12 and
clock daylight-saving-time BJ one-year 6:0
2012-8-1 6:0 2012-10-01 1 commands.
Configured system time:
2011-11-12 09:00:26
Saturday
Time Zone(DefaultZoneName): UTC
Daylight saving time :
Name : BJ
Repeat mode : one-year
Start year : 2012
End year : 2012
Start time : 08-01 06:00:00
End time : 10-01 06:00:00
Saving time : 01:00:00
date-time + offset if date-
time is during the
configured daylight
saving time period
Run the clock datetime 9:0:0 2011-11-12 and
clock daylight-saving-time BJ one-year 9:0
2011-11-12 6:0 2011-12-01 2 commands.
Configured system time:
2011-11-12 11:02:21 DST
Saturday
Time Zone(BJ): UTC
Daylight saving time :
Name : BJ
Repeat mode : one-year
Start year : 2011
End year : 2011
Start time : 11-12 09:00:00
End time : 12-01 06:00:00
Saving time : 02:00:00
[1], 3, 1 date-time if date-time is
not during the configured
daylight saving time
period
Run the clock daylight-saving-time BJ one-year
6:0 2012-8-1 6:0 2012-10-01 1 and clock datetime
9:0 2011-11-12 commands.
Configured system time:
2011-11-12 09:00:02
Saturday
Time Zone(DefaultZoneName): UTC
Daylight saving time :
Name : BJ
Repeat mode : one-year
Start year : 2012
End year : 2012
Start time : 08-01 06:00:00
End time : 10-01 06:00:00
Saving time : 01:00:00
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 3 Basic Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
35
Operation Configured System
Time
Example
date-time if date-time is
during the configured
daylight saving time
period
Run the clock daylight-saving-time BJ one-year
1:0 2011-1-1 1:0 2011-9-1 2 and clock datetime
3:0 2011-1-1 commands.
Configured system time:
2011-01-01 03:00:19 DST
Saturday
Time Zone(BJ): UTC
Daylight saving time :
Name : BJ
Repeat mode : one-year
Start year : 2011
End year : 2011
Start time : 01-01 01:00:00
End time : 09-01 01:00:00
Saving time : 02:00:00
2, 3 or 3, 2 Original system time +/-
zone-offset if the value of
Original system time +/-
zone-offset is not during
the configured daylight
saving time period
Run the clock timezone BJ add 8 and clock
daylight-saving-time BJ one-year 6:0 2011-1-1
6:0 2011-9-1 2 commands.
Configured system time:
2010-01-01 16:01:29+08:00
Friday
Time Zone(BJ): UTC+08:00
Daylight saving time :
Name : BJ
Repeat mode : one-year
Start year : 2011
End year : 2011
Start time : 01-01 06:00:00
End time : 09-01 06:00:00
Saving time : 02:00:00
Original system time +/-
zone-offset +/- offset if
the value of Original
system time +/- zone-
offset is during the
configured daylight
saving time period
Run the clock daylight-saving-time BJ one-year
1:0 2010-1-1 1:0 2010-9-1 2 and clock timezone
BJ add 8 commands.
Configured system time:
2010-01-01 18:05:31+08:00 DST
Friday
Time Zone(BJ): UTC+08:00
Daylight saving time :
Name : BJ
Repeat mode : one-year
Start year : 2010
End year : 2010
Start time : 01-01 01:00:00
End time : 09-01 01:00:00
Saving time : 02:00:00
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 3 Basic Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
36
Operation Configured System
Time
Example
1, 2, 3, or 1,
3, 2
date-time +/- zone-offset
if the value of date-time
+/- zone-offset is not
during the configured
daylight saving time
period
Run the clock datetime 8:0:0 2011-11-12, clock
timezone BJ add 8, and clock daylight-saving-
time BJ one-year 6:0 2012-1-1 6:0 2012-9-1 2
commands.
Configured system time:
2011-11-12 16:01:40+08:00
Saturday
Time Zone(BJ): UTC+08:00
Daylight saving time :
Name : BJ
Repeat mode : one-year
Start year : 2012
End year : 2012
Start time : 01-01 06:00:00
End time : 09-01 06:00:00
Saving time : 02:00:00
date-time +/- zone-offset
+ offset if the value of
date-time +/- zone-offset
is during the configured
daylight saving time
period
Run the clock datetime 8:0:0 2011-1-1, clock
daylight-saving-time BJ one-year 6:0 2011-1-1
6:0 2011-9-1 2, and clock timezone BJ add 8
commands.
Configured system time:
2011-01-01 18:00:43+08:00 DST
Saturday
Time Zone(BJ): UTC+08:00
Daylight saving time :
Name : BJ
Repeat mode : one-year
Start year : 2011
End year : 2011
Start time : 01-01 06:00:00
End time : 09-01 06:00:00
Saving time : 02:00:00
[1], 2, 3, 1
or [1], 3, 2,
1
date-time if date-time is
not during the configured
daylight saving time
period
Run the clock daylight-saving-time BJ one-year
6:0 2012-1-1 6:0 2012-9-1 2, clock timezone BJ
add 8, and clock datetime 8:0:0 2011-11-12
commands.
Configured system time:
2011-11-12 08:00:03+08:00
Saturday
Time Zone(BJ): UTC+08:00
Daylight saving time :
Name : BJ
Repeat mode : one-year
Start year : 2012
End year : 2012
Start time : 01-01 06:00:00
End time : 09-01 06:00:00
Saving time : 02:00:00
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 3 Basic Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
37
Operation Configured System
Time
Example
date-time if date-time is
during the configured
daylight saving time
period
Run the clock timezone BJ add 8, clock daylight-
saving-time BJ one-year 1:0 2011-1-1 1:0
2011-9-1 2, and clock datetime 3:0:0 2011-1-1
commands.
Configured system time:
2011-01-01 03:00:03+08:00 DST
Saturday
Time Zone(BJ): UTC+08:00
Daylight saving time :
Name : BJ
Repeat mode : one-year
Start year : 2011
End year : 2011
Start time : 01-01 01:00:00
End time : 09-01 01:00:00
Saving time : 02:00:00

3.1.4 Configuring a Header
If you need to provide information for users logging in, you can configure a header that the
system displays during or after login.
Context
A header is a text message displayed by the system at the time a user logs in to the router.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
header login { information text | file file-name }
A header displayed during login is set.
Step 3 Run:
header shell { information text | file file-name }
A header displayed after login is set.
To display the header when the terminal connection has been activated but the user has not been
authenticated, configure the parameter login.
To display the header after the user has logged in, configure the parameter shell.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 3 Basic Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
38
CAUTION
l The header message starts and ends with the same character. Enter the first character of the
header and press Enter. An interactive interface for setting the header is displayed. Input the
required information and end the header by entering the first character when you are finished.
The system then exits from the interactive interface.
l If file is specified, save the file containing the header in the root directory of the default
storage medium. If the file is saved in another directory, specify the full path in the file name,
or the file will be inaccessible.
l If a user logs in to the router using SSH1.X, the login header is not displayed during login,
but the shell header is displayed after login.
l If a user logs in to the router using SSH2.0, both login and shell headers are displayed.
----End
3.1.5 Configuring Command Levels
This section describes how to configure command levels to ensure device security or allow low-
level users to run high-level commands. By default, commands are registered in the sequence
of Level 0 to Level 3. If refined rights management is required, you can divide commands in to
16 levels, that is, from Level 0 to Level 15.
Context
Changing the default level of a command is not recommended. If the default level of a command
is changed, some users may be unable to use the command any longer.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
command-privilege level level view view-name command-key
The command level is configured. With the command, you can specify the level and view
multiple commands at one time (command-key).
All commands have default command views and levels. You do not need to reconfigure them.
----End
3.1.6 Configuring the undo Command to Automatically Match the
Higher-Level View
After performing this configuration, if a user runs the undo command when the undo command
is not registered in the current view, the system automatically switches to the view one level up
from the current view and searches for this command there. If the command is found, the
undo command takes effect. If the undo command does not exist in this view, the system
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 3 Basic Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
39
progressively searches higher-level views for the command until reaching the system view. If
not found in the higher-level view, the undo command will not be executed.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
matched upper-view
The undo command is configured to automatically search higher-level views if run in a view
where it is not registered.
By default, the undo command does not automatically search higher-level views.
NOTE
l The matched upper-view command is valid for current login users who run this command.
l Configuring the undo command to automatically match the upper level view is recommended only if
necessary.
----End
3.2 Displaying System Status Messages
This section describes how to use display commands to check basic system configurations.
Context
You can use display commands to collect information about system status. The display
commands perform the following functions:
l Display system configurations.
l Display system running status.
l Display diagnostic information about a system.
See related sections concerning display commands for information on protocols and interfaces.
This section only shows system-level display commands.
Run the following commands in any view.
3.2.1 Displaying System Configuration
This section describes how to use command lines to check the system version, system time,
original configuration, and current configuration.
Procedure
l Run the display version command to display the system version.
l Run the display clock command to display the system time.
l Run the display saved-configuration command to display the original configuration.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 3 Basic Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
40
l Run the display current-configuration command to display the current configuration.
NOTE
l The display version command displays the software version of the system, the chassis type, and
information about the main control board and interface board.
When a user runs the display current-configuration command, other users cannot run the same
command until all the command output is displayed.
l The original configuration refers to information about configuration files used by the device when
it is powered on and initialized. The current configuration refers to the configuration files that
take effect when the device is in use. For details, see the chapter "Configuring System Startup"
in the AR1200-S Basic-Configuration.
----End
3.2.2 Displaying System Status
This section describes how to use command lines to check system operating status (the
configuration of the current view).
Procedure
l Run the display this command to display the configuration of the current view.
NOTE
When a user runs the display this command, other users cannot run the same command until all the
command output is displayed.
----End
3.2.3 Collecting System Diagnostic Information
This section describes how to collect information about system modules.
Context
If you cannot perform routine maintenance, you must run the various display commands to
collect information needed to locate faults. The display diagnostic-information command
gathers information about all system modules currently running.
Procedure
l Run:
display diagnostic-information
The system diagnostic information is displayed.
The display diagnostic-information command collects all information collected by
running the following commands, including display clock, display version, and so on.
----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 3 Basic Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
41
4 Configuring User Interfaces
About This Chapter
When a user logs in to the router by using the console port, the TTY port, Telnet, or SSH, the
system manages the session between the user and the router on the corresponding user interface.
4.1 User Interface Overview
The system supports console and VTY user interfaces.
4.2 Configuring the Console User Interface
If you log in to the device through a console port to perform local maintenance, you can configure
attributes for the console user interface as needed.
4.3 Configuring the VTY User Interface
If you need to log in to the router using Telnet or SSH to perform local or remote maintenance,
you can configure the VTY user interface as needed.
4.4 Configuring a TTY User Interface
The True Type Terminal (TTY) user interface view is a command line view and is used to
configure and manage physical interfaces working in asynchronous and interactive mode.
4.5 Configuration Examples
This section provides examples for configuring console, TTY user interfaces, and VTY user
interfaces. These configuration examples explain networking requirements, and provides
configuration roadmaps and configuration notes.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
42
4.1 User Interface Overview
The system supports console and VTY user interfaces.
Each user interface has a user interface view. A user interface view is a command line view
provided by the system. It is used to configure and manage all the physical and logical interfaces
in asynchronous mode.
User Interfaces Supported by the System
l Console port (CON)
The console port is a serial port provided by the main control board of the device.
The main control board provides one EIA/TIA-232 DCE console port. A terminal can use
this port to connect directly to a device in order to perform local configurations.
l Virtual type terminal (VTY)
A VTY is a logical terminal line. A VTY connection is set up when a device uses Telnet
to connect to a terminal by means of Telnet. This kind of connection is used for local or
remote access to a device. A maximum of 15 users can use the VTY user interface to log
in to the device.
l TTY
The TTY is used to manage and monitor login users.
The TTY mode uses the asynchronous serial port for login.
Numbering of a User Interface
After a user logs in to the device, the system assigns the lowest numbered idle user interface to
the user. The type of interface assigned depends on the user's login mode. There are two ways
to number user interfaces:
l Relative numbering
Relative numbering uses a user interface type + number format.
Relative numbering is used to specify user interfaces of a particular type. It can be used to
number single user interfaces or user interface groups and must adhere to the following
rules:
– Number of the console port: CON 0
– Number of the TTY: TTY 0 for the first line, TTY 1 for the second line, and so on
– Number of the VTY: VTY 0 for the first line, VTY 1 for the second line, and so on
l Absolute numbering
Absolute numbering is used to give a single user interface or a group of user interfaces a
unique number.
Absolute numbering starts with 0. Ports are numbered in a sequence beginning with
CON -> TTY -> VTY. There is only one console port and 0-20 VTY interfaces (VTY
interfaces 0 to 14 are reserved for Telnet/SSH users and VTY interfaces 16 to 20 are
reserved for network management users). You can use the user-interface maximum-vty
command to set the maximum number of user interfaces. The default number is five.
By default, the system supports three types of user interfaces: CON, TTY, and VTY.
Table 4-1 shows absolute numbers for user interfaces in this system.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
43
Table 4-1 Example for the absolute numbering
Absolute number User-interface
0 CON0
1 First TTY user interface (TTY0)
2 Second TTY user interface (TTY1)
3 Third TTY user interface (TTY2)
4 Fourth TTY user interface (TTY3)
5 Fifth TTY user interface (TTY4)
129 First virtual interface (VTY0)
130 Second virtual interface (VTY1)
131 Third virtual interface (VTY2)
132 Fourth virtual interface (VTY3)
133 Fifth virtual interface (VTY4)

NOTE
The absolute numbers allocated for TTY and VTY interfaces are device-specific.
The numbers from 1 to 32 are reserved for the TTY user interfaces.
Run the display user-interface command to view the absolute number of user interfaces.
Authentication of a User Interface
After a user is configured, the system authenticates the user during user login.
There are three user authentication modes: non-authentication, password authentication, and
AAA.
l Non-authentication: Users can log in to the router without username or password. This
mode is a security risk and not recommended.
l Password authentication: Users must enter a password, but not a username, during the login
process.
l AAA authentication: Users must enter a password and a username during the login process.
Telnet users are usually authenticated in this mode.
Priority of a User Interface
Users logged in to the router are managed according to their levels.
Users are classified into 16 levels (numbered 0 to 15). The greater the number, the higher the
user level.
A user's level determines the level of commands that the user is authorized to run.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
44
l In the case of non-authentication or password authentication, the level of the command that
the user can run is determined by the level of the user interface.
l In the case of AAA authentication, the command that the user can use is determined by the
level of the local user specified in the AAA configuration.
4.2 Configuring the Console User Interface
If you log in to the device through a console port to perform local maintenance, you can configure
attributes for the console user interface as needed.
4.2.1 Establishing the Configuration Task
Before configuring the console user interface, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain any data required for the
configuration. This will help you complete the configuration task quickly and correctly.
Applicable Environment
If you need to log in to the router through a console port to perform local maintenance, you can
configure the corresponding console user interface, including the physical attributes, terminal
attributes, user priority, and user authentication mode. These parameters have default values that
require no additional configuration, but you may modify these parameters as needed.
Pre-configuration Tasks
Before configuring a console user interface, complete the following tasks:
l Logging in to the router with a terminal
Data Preparation
To configure a console user interface, you need the following data.
No. Data
1 Baud rate, flow-control mode, parity, stop bit, and data bit
2 Idle timeout period, terminal screen length, and the size of history command buffer
3 User priority
4 User authentication method, username, and password

NOTE
All the default values (excluding the password and username) are stored on the router and do not need
additional configuration.
4.2.2 Setting Physical Attributes of the Console User Interface
You can configure the rate, flow control mode, parity mode, stop bit, and data bit for the console
port.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
45
Context
Physical attributes of a console port have default values on the router and no additional
configuration is needed.
NOTE
When a user logs in to a router through a console port, the physical attributes set for the console port on
the HyperTerminal must be consistent with the attributes of the console user interface on the router, or the
user will not be able to log in.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
user-interface console interface-number
The console user interface view is displayed.
Step 3 Run:
speed speed-value
The baud rate is set.
By default, the baud rate is 9600 bit/s.
Step 4 Run:
flow-control { hardware | none }
The flow control mode is set. By default, the flow-control mode is none.
Step 5 Run:
parity { even | none | odd }
The parity mode is set.
By default, the value is none.
Step 6 Run:
stopbits { 1.5 | 1 | 2 }
The stop bit is set.
By default, the value is 1 bit.
Step 7 Run:
databits { 5 | 6 | 7 | 8 }
The data bit is set.
By default, the data bit is 8.
----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
46
4.2.3 Setting Terminal Attributes of the Console User Interface
This section describes how to set terminal attributes of the console user interface, including the
user timeout disconnection function, number of lines displayed in a terminal screen, and size of
the history command buffer.
Context
Terminal attributes of the console user interface have default values on the router that you may
modify as needed.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
user-interface console interface-number
The console user interface view is displayed.
Step 3 Run:
shell
The terminal service is started.
Step 4 Run:
idle-timeout minutes [ seconds ]
The idle timeout period is set.
If a connection remains idle for the timeout period, the system automatically terminates the
connection.
By default, the idle timeout period on the user interface is 10 minutes.
Step 5 Run:
screen-length screen-length [temporary]
The terminal screen length is set.
The parameter temporary is used to display the number of lines to be temporarily displayed on
a terminal screen.
By default, the terminal screen length is 24 lines.
NOTE
The system automatically adjusts the terminal screen length, so you do not need to set it manually.
Step 6 Run:
history-command max-size size-value
The history command buffer is set.
By default, the size of history command buffer is 10 entries.
----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
47
4.2.4 Configuring User Privilege of the Console User Interface
This section describes how to control a user' authority to log in to the router and how to improve
router security by configuring user priority.
Context
l Users are classified into 16 levels (numbered 0 to 15). The greater the number, the higher
the user level.
l This procedure sets the priority of a user who logs in through the console port. A user's
level determines the level of commands the user is authorized to run.
For details about command levels, see "Command Level".
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
user-interface console interface-number
The console user interface view is displayed.
Step 3 Run:
user privilege level level
The user privilege is set.
NOTE
l By default, users logging in through the console user interface can use commands at level 15, and users
logging in through other user interfaces can use commands at level 0.
l If the command level and user level are inconsistent, the user level takes precedence.
----End
4.2.5 Configuring the User Authentication Mode of the Console
User Interface
The system provides threetwo authentication modes: AAA, password, and non-authentication.
Configuring user authentication modes improves router security.
Context
The system provides three authentication modes as shown in Table 4-2.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
48
Table 4-2 Authentication Modes
Authen
tication
Mode
Advantage Disadvantage
AAA AAA provides user authentication with high
security.
The user name and password must be entered
for login.
The configuration is complex.
The user name and password for
AAA authentication must be
created.
Passwor
d
authenti
cation
Password authentication is based on VTY
channels, providing security. The
configuration is simple and only the login
password is needed.
It provides lower security
compared with AAA.
All users can log in to a device
using the login password for the
device.
Non-
authenti
cation
The configuration is simple. It is insecure.

By default, the user authentication mode for the console user interface is non-authentication.
Procedure
l Configuring AAA Authentication
1. Run:
system-view
The system view is displayed.
2. Run:
user-interface console interface-number
The console user interface view is displayed.
3. Run:
authentication-mode aaa
The authentication mode is set to AAA authentication.
4. Run:
aaa
The AAA view is displayed.
5. Run:
local-user user-name password { simple | cipher } password
A username and password for the local user are created.
6. Run:
quit
Exit from the AAA view.
l Configuring Password Authentication
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
49
1. Run:
system-view
The system view is displayed.
2. Run:
user-interface console interface-number
The console user interface view is displayed.
3. Run:
authentication-mode password
The authentication mode is set to password authentication.
4. Run:
set authentication password { cipher | simple } password
A password for password authentication is set.
l Configuring Non-Authentication
1. Run:
system-view
The system view is displayed.
2. Run:
user-interface console interface-number
The console user interface view is displayed.
3. Run:
authentication-mode none
The authentication mode is set to non-authentication.
----End
4.2.6 Checking the Configuration
After configuring the console user interface, you can view information about the user interface,
physical attributes and configurations of the user interface, local user list, and online users.
Prerequisites
The configurations of the user management function are complete.
Procedure
l Run the display users [ all ] command to check information about the user interface.
l Run the display user-interface console ui-number1 [ summary ] command to check
physical attributes and configurations of the user interface.
l Run the display local-user command to check the local user list.
----End
Example
Run the display users command to view information about the current user interface.
<Huawei> display users
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
50
User-Intf Delay Type Network Address AuthenStatus AuthorcmdFlag
0 CON 0 00:00:44
Username : Unspecified
Run the display user-interface console ui-number1 [ summary ] command to view the physical
attributes and configurations of the user interface.
<Huawei> display user-interface console 0
Idx Type Tx/Rx Modem Privi ActualPrivi Auth Int
0 CON 0 9600 - 3 - N -
+ : Current UI is active.
F : Current UI is active and work in async mode.
Idx : Absolute index of UIs.
Type : Type and relative index of UIs.
Privi: The privilege of UIs.
ActualPrivi: The actual privilege of user-interface.
Auth : The authentication mode of UIs.
A: Authenticate use AAA.
N: Current UI need not authentication.
P: Authenticate use current UI's password.
Int : The physical location of UIs.
Run the display local-user command to view the local user list.
<Huawei> display local-user
----------------------------------------------------------------------------
User-name State AuthMask AdminLevel
----------------------------------------------------------------------------
admin A H -
ftp A F -
guest A A 15
----------------------------------------------------------------------------
Total 3 user(s)
4.3 Configuring the VTY User Interface
If you need to log in to the router using Telnet or SSH to perform local or remote maintenance,
you can configure the VTY user interface as needed.
4.3.1 Establishing the Configuration Task
Before configuring a VTY user interface, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain any data required for the configuration. This
will help you complete the configuration task quickly and correctly.
Applicable Environment
If you need to log in to the router using Telnet or SSH to perform local or remote maintenance,
you can configure a VTY user interface. You can configure the maximum number of VTY user
interfaces, restrictions on incoming and outgoing calls, terminal property, user priority, and user
authentication mode.
Pre-configuration Tasks
Before configuring a VTY user interface, complete the following tasks:
l Logging in to the router by using a terminal
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
51
Data Preparation
To configure a VTY user interface, you need the following data.
No. Data
1 Maximum VTY user interfaces
2 (Optional) ACL code to restrict incoming and outgoing calls on VTY user interfaces
3 Idle timeout period, number of characters in each line displayed on a terminal screen
4 User priority
5 User authentication method, username, and password

NOTE
All the preceding parameters (excluding the ACL for limiting incoming and outgoing calls in VTY user
interfaces, user authentication method, username, and password) have default values that require no
additional configuration.
4.3.2 Configuring the Maximum Number of VTY User Interfaces
This section describes how to limit the number of users logging in to the router by configuring
the maximum number of VTY user interfaces.
Context
The maximum number of VTY user interfaces equals the total number of users allowed to log
in to the router using Telnet or SSH.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
user-interface maximum-vty number
The maximum number of VTY user interfaces is set. By default, the maximum number of VTY
user interfaces is 5.
NOTE
When the maximum number of VTY user interfaces is set to zero, no user (including the network
administrator) can use a VTY user interface to log in to the router.
If the set maximum number of VTY user interfaces is smaller than the maximum number of
online users, current online users will not be affected and no additional configuration is required.
If the set maximum number of VTY user interfaces is greater than the maximum number of
current interfaces, the authentication mode and password must be set for newly added user
interfaces.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
52
Password authentication is the default authentication mode for newly added user interfaces.
Consider, for example, a system that allows a maximum of five users to be online. To allow 15
VTY users online at the same time, you must run the authentication-mode and set
authentication password commands to configure authentication modes and passwords for VTY
user interfaces from 5 to 14. The commands are run as follows:
<Huawei> system-view
[Huawei] user-interface maximum-vty 15
[Huawei] user-interface vty 5 14
[Huawei-ui-vty5-14] authentication-mode password
[Huawei-ui-vty5-14] set authentication password cipher huawei
----End
4.3.3 (Optional) Setting Restrictions for Incoming and Outgoing
Calls on VTY User Interfaces
This section describes how to configure an ACL to restrict access of incoming and outgoing
calls on a VTY user interface to specific IP addresses or address segments.
Context
Before setting restrictions for incoming and outgoing calls on a VTY user interface, run the
acl command in the system view to create an ACL. Enter the ACL view and run the rule command
to add rules to the ACL.
NOTE
l The user interface supports the basic ACL ranging from 2000 to 2999 and the advanced ACL ranging
from 3000 to 3999.
l For ACL configuration details, refer to the Configuration Guide - SecurityHuawei AR1200-S Series
Enterprise Routers Configuration Guide - Security.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
user-interface vty first-ui-number [ last-ui-number ]
The VTY user interface view is displayed.
Step 3 Run:
acl acl-number { inbound | outbound }
Restrictions for incoming and outgoing calls on the VTY interface are configured.
l If you want to prevent a user with a specific address or segment address from logging in to
the router, use the inbound command.
l If you want to prevent a user who logs in to a router from accessing other routers, use the
outbound command.
----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
53
4.3.4 Setting Terminal Attributes of the VTY User Interface
This section describes how to configure terminal attributes of a VTY user interface, including
user idle timeout, number of lines displayed in a terminal screen, and size of the history command
buffer.
Context
Terminal attributes of a VTY user interface have default values on the router and you can set
them as needed.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
user-interface vty first-ui-number [ last-ui-number ]
The VTY user interface view is displayed.
Step 3 Run:
shell
VTY terminal service is enabled.
Step 4 Run:
idle-timeout minutes [ seconds ]
User idle timeout is enabled.
If the connection remains idle for the timeout period, the system automatically terminates the
connection.
By default, the timeout period is 10 minutes.
Step 5 Run:
screen-length screen-length [temporary]
The terminal screen length is set.
The parameter temporary is used to display the number of lines to be temporarily displayed on
a terminal screen.
By default, the terminal screen length is 24 lines.
NOTE
The system automatically adjusts the terminal screen length, so you do not need to set it manually.
Step 6 Run:
history-command max-size size-value
Set the size of the history command buffer.
By default, a maximum number of 10 commands can be cached in the history command buffer.
----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
54
4.3.5 Setting User Priority of the VTY User Interface
This section describes how to control a user' authority to log in to the router and how to improve
router security by configuring user priority.
Context
l Users are classified into 16 levels (numbered 0 to 15). The greater the number, the higher
the user level.
l This procedure sets the priority of a user who logs in through the console port. A user's
level determines the level of commands the user is authorized to run.
For details about command levels, see "Command Level".
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
user-interface vty first-ui-number [ last-ui-number ]
The VTY user interface view is displayed.
Step 3 Run:
user privilege level level
The user priority is set.
By default, users logging in through the VTY user interface can use commands at level 0.
NOTE
If the command level configured in the VTY user interface view and user priority are inconsistent, user
priority takes precedence.
----End
4.3.6 Setting the User Authentication Mode of the VTY User
Interface
The system provides threetwo authentication modes: AAA, password, and non-authentication.
Configuring user authentication modes improves router security.
Context
The system provides three authentication modes as shown in Table 4-3.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
55
Table 4-3 Authentication Modes
Authen
tication
Mode
Advantage Disadvantage
AAA AAA provides user authentication with high
security.
The user name and password must be entered
for login.
The configuration is complex.
The user name and password for
AAA authentication must be
created.
Passwor
d
authenti
cation
Password authentication is based on VTY
channels, providing security. The
configuration is simple and only the login
password is needed.
It provides lower security
compared with AAA.
All users can log in to a device
using the login password for the
device.
Non-
authenti
cation
The configuration is simple. It is insecure.

Password authentication is the default authentication mode of VTY user interfaces.
Procedure
l Configuring AAA Authentication
1. Run:
system-view
The system view is displayed.
2. Run:
user-interface vty first-ui-number [ last-ui-number ]
The VTY user interface view is displayed.
3. Run:
authentication-mode aaa
The authentication mode is set to AAA authentication.
4. Run:
quit
Exit from the VTY user interface view.
5. Run:
aaa
The AAA view is displayed.
6. Run:
local-user user-name password { simple | cipher } password
A username and password for the local user are created.
l Configuring Password Authentication
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
56
1. Run:
system-view
The system view is displayed.
2. Run:
user-interface vty first-ui-number [ last-ui-number ]
The VTY user interface view is displayed.
3. Run:
authentication-mode password
The authentication mode is set to password authentication.
4. Run:
set authentication password { cipher | simple } password
A password for password authentication is set.
l Configuring Non-Authentication
1. Run:
system-view
The system view is displayed.
2. Run:
user-interface vty first-ui-number [ last-ui-number ]
The VTY user interface view is displayed.
3. Run:
authentication-mode none
The authentication mode is set to non-authentication.
----End
4.3.7 Checking the Configuration
After configuring a VTY user interface, you can view information about user interfaces, the
maximum number of VTY user interfaces, and physical attributes and configurations of user
interfaces.
Prerequisites
The configurations of the VTY user interface are complete.
Procedure
l Run the display users [ all ] command to check information about user interfaces.
l Run the display user-interface maximum-vty command to check the maximum number
of VTY user interfaces.
l Run the display user-interface [ [ ui-type ] ui-number1 | ui-number ] [ summary ]
command to check the physical attributes and configurations of user interfaces.
l Run the display local-user command to check the local user list.
l Run the display vty mode command to check the VTY mode.
----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
57
Example
Run the display users command to view information about current user interfaces.
<Huawei> display users
User-Intf Delay Type Network Address AuthenStatus AuthorcmdFlag
34 VTY 0 00:00:12 TEL 10.138.77.38
Username : Unspecified
+ 35 VTY 1 00:00:00 TEL 10.138.77.57
Username : Unspecified
Run the display user-interface maximum-vty command to view the maximum number of VTY
user interfaces.
<Huawei> display user-interface maximum-vty
Maximum of VTY user:15
Run the display user-interface vty [ ui-number1 | ui-number ] [ summary ] command to check
the physical attributes and configurations of user interfaces.
<Huawei> display user-interface vty 0
Idx Type Tx/Rx Modem Privi ActualPrivi Auth Int
+ 34 VTY 0 - 14 14 N -
+ : Current UI is active.
F : Current UI is active and work in async mode.
Idx : Absolute index of UIs.
Type : Type and relative index of UIs.
Privi: The privilege of UIs.
ActualPrivi: The actual privilege of user-interface.
Auth : The authentication mode of UIs.
A: Authenticate use AAA.
N: Current UI need not authentication.
P: Authenticate use current UI's password.
Int : The physical location of UIs.
Run the display local-user command to view the local user list.
<Huawei> display local-user
----------------------------------------------------------------------------
User-name State AuthMask AdminLevel
----------------------------------------------------------------------------
admin A H -
ftp A F -
guest A A 15
----------------------------------------------------------------------------
Total 3 user(s)
Run the display vty mode command to view the message indicating that the machine-to-machine
interface is enabled. For example:
<Huawei> display vty mode
current VTY mode is Machine-Machine interface
4.4 Configuring a TTY User Interface
The True Type Terminal (TTY) user interface view is a command line view and is used to
configure and manage physical interfaces working in asynchronous and interactive mode.
4.4.1 Establishing the Configuration Task
Before configuring the TTY user interface, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain any data required for the configuration. This
will help you complete the configuration task quickly and correctly.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
58
Applicable Environment
If you need to use an asynchronous serial port to log in to the router to perform local maintenance,
you can configure a TTY user interface. This includes configuring the physical attributes,
terminal attributes, and user priority. These parameters have default values that require no
additional configuration , but you may modify these parameters as needed.
Pre-configuration Tasks
Before configuring a TTY user interface, complete the following tasks:
l Logging in to the router using a terminal
Data Preparation
To configure a TTY user interface, you need the following data.
No. Data
1 Baud rate, flow-control mode, parity, stop bit, and data bit
2 Idle timeout period, terminal screen length, and the size of history command buffer
3 User priority

NOTE
All the default values (excluding the password and username) are stored on the router and do not need
additional configuration.
4.4.2 Setting Physical Attributes of a TTY User Interface
You can configure the rate, flow control mode, parity mode, stop bit, and data bit for an
asynchronous serial port.
Context
Physical attributes of an asynchronous serial port have default values on a router and no
additional configuration is needed.
NOTE
l If you need to log in to a router through an asynchronous serial port, install an SA or SA board on the
router. If an SA board installed, set the interface working mode to asynchronous mode on the SA board.
l The Hyper Terminal and router must have the same physical attributes, including the baud rate, flow
control mode, parity mode, stop bit, and data bit. If values of any attributes are different, you cannot
log in to the router.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
59
Step 2 Run:
user-interface TTY interface-number
The TTY user interface view is displayed.
After a board is registered successfully and a serial port on the board is configured to work in
asynchronous mode, the router generates a random TTY number for the asynchronous serial
port. To view the TTY number, run the display user-interface command.
Step 3 Run:
speed speed-value
The baud rate is set.
By default, the baud rate is 9600 bit/s.
Step 4 Run:
flow-control { hardware | none }
The flow control mode is set. By default, the flow-control mode is none.
Step 5 Run:
parity { even | none | odd }
The parity mode is set.
By default, the value is none.
Step 6 Run:
stopbits { 1.5 | 1 | 2 }
The stop bit is set.
By default, the value is 1 bit.
Step 7 Run:
databits { 5 | 6 | 7 | 8 }
The data bit is set.
By default, the data bit is 8.
----End
4.4.3 Setting Terminal Attributes of a TTY User Interface
This section describes how to set terminal attributes of a TTY user interface, including the user
timeout disconnection function, terminal screen length, and size of the history command buffer.
Context
Terminal attributes of a TTY user interface have default values that you may modify as needed.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
60
Step 2 Run:
user-interface tty interface-number
The TTY user interface view is displayed.
Step 3 Run:
shell
The terminal service is started.
Step 4 Run:
idle-timeout minutes [ seconds ]
The idle timeout period is set.
If the connection remains idle for the timeout period, the system automatically terminates the
connection.
By default, the idle timeout period on the user interface is 10 minutes.
Step 5 Run:
screen-length screen-length [temporary]
The terminal screen length is set.
The parameter temporary is used to display the number of lines to be temporarily displayed on
a terminal screen.
By default, the length of a terminal screen is 24 lines.
NOTE
The device can automatically adjust the width of information output based on terminal screen length.
Step 6 Run:
history-command max-size size-value
The history command buffer is set.
By default, the size of history command buffer on a user interface is 10 entries.
----End
4.4.4 Configuring User Priority of a TTY User Interface
This section describes how to control a user's authority to log in to the router and how to improve
router security by configuring user priority.
Context
l Users are classified into 16 levels (numbered 0 to 15). The greater the number, the higher
the user level.
l This procedure sets the priority for a user who logs in through an asynchronous serial port.
The level of commands a user is authorized to run is determined by that user's level.
For details about command levels, see "Command Level" in the chapter "CLI Overview" of
the Configuration Guide - Basic Configuration.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
61
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
user-interface tty interface-number
The TTY user interface view is displayed.
Step 3 Run:
user privilege level level
The user priority is set.
NOTE
l By default, users logging in through the TTY user interface can use commands at level 3, and users
logging in through other user interfaces can use commands at level 0.
l If the command level and user level are inconsistent, the user level takes precedence.
----End
4.4.5 Checking the Configuration
After configuring a TTY user interface, you can view information about the user interface and
its physical attributes and configurations, a local user list, and online users.
Prerequisites
The configurations of the user management function are complete.
Procedure
l Run the display users [ all ] command to check information about the user interface.
l Run the display user-interface tty ui-number1 [ summary ] command to check physical
attributes and configurations of the user interface.
----End
Example
Run the display users command to view information about the current user interface.
<Huawei> display users
User-Intf Delay Type Network Address AuthenStatus AuthorcmdFlag
0 TTY 0 00:00:44
Username : Unspecified
Run the display user-interface tty ui-number1 [ summary ] command to view the physical
attributes and configurations of the user interface.
<Huawei> display user-interface tty 17
Idx Type Tx/Rx Modem Privi ActualPrivi Auth Int
17 TTY 17 9600 - 0 - N 2/0/0
+ : Current UI is active.
F : Current UI is active and work in async mode.
Idx : Absolute index of UIs.
Type : Type and relative index of UIs.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
62
Privi: The privilege of UIs.
ActualPrivi: The actual privilege of user-interface.
Auth : The authentication mode of UIs.
A: Authenticate use AAA.
N: Current UI need not authentication.
P: Authenticate use current UI's password.
Int : The physical location of UIs.
4.5 Configuration Examples
This section provides examples for configuring console, TTY user interfaces, and VTY user
interfaces. These configuration examples explain networking requirements, and provides
configuration roadmaps and configuration notes.
4.5.1 Example for Configuring Console User Interface
In this example, a console user interface is configured to allow a user in password authentication
mode to log in to the router. The physical attributes, terminal attributes, user priority, user
authentication mode, and password are set for the interface.
Networking Requirements
A user uses the console user interface to log in to the router to initialize router configurations or
perform local router maintenance. You can set console user interface attributes as needed (for
example, security considerations) to allow user logins.
The password authentication mode has been set in the console user interface view (the password
is huawei).
If there is no user activity and a connection is idle for more than 30 minutes after login, the
connection is torn down.
Configuration Roadmap
The configuration roadmap is as follows:
1. Enter the interface view and set physical attributes of the console user interface.
2. Set terminal attributes of the console user interface.
3. Set the user priority of the console user interface.
4. Set the user authentication mode and password of the console user interface.
Data Preparation
To complete the configuration, you need the following data:
l Transmission rate of the console user interface: 4800 bit/s
l Flow control mode of the console user interface: None
l Parity of the console user interface: even
l Stop bit of the console user interface: 2
l Data bit of the console user interface: 8
l Timeout period for disconnecting from the console user interface: 30 minutes
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
63
l Number of lines that a terminal screen displays: 30
l Size of the history command buffer: 20
l User priority: 15
l User authentication mode: password (password: huawei)
Procedure
Step 1 Set physical attributes of the console user interface.
<Huawei> system-view
[Huawei] user-interface console 0
[Huawei-ui-console0] speed 4800
[Huawei-ui-console0] flow-control none
[Huawei-ui-console0] parity even
[Huawei-ui-console0] stopbits 2
[Huawei-ui-console0] databits 8
Step 2 Set terminal attributes of the console user interface.
[Huawei-ui-console0] idle-timeout 30
[Huawei-ui-console0] screen-length 30
[Huawei-ui-console0] history-command max-size 20
Step 3 Set the user priority of the console user interface.
[Huawei-ui-console0] user privilege level 15
Step 4 Set the user authentication mode in the console user interface to password.
[Huawei-ui-console0] authentication-mode password
[Huawei-ui-console0] set authentication password simple huawei
[Huawei-ui-console0] quit
After the console user interface is configured, a user in password authentication mode can use
a console port to log in and perform local maintenance on the router. For details on how a user
logs in to the router, see the 5 Configuring User Login.
----End
Configuration Files
#
sysname Huawei
#
user-interface con 0
authentication-mode password
user privilege level 15
set authentication password simple huawei
history-command max-size 20
idle-timeout 30 0
databits 8
parity even
stopbits 2
speed 9600
#
return
4.5.2 Example for Configuring a VTY User Interface
In this example, a VTY user interface is configured to allow a user in password authentication
mode to use Telnet to log in to the router. The maximum number of VTY user interfaces allowed,
restrictions for incoming and outgoing calls, terminal attributes, authentication mode, and
password are set for the interface.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
64
Networking Requirements
A user uses Telnet or SSH to log in to the router using a VTY channel. You can set VTY user
interface attributes as needed (for example, security considerations) to allow user logins.
In the VTY user interface, the user priority is set to 15, the authentication mode is set to password
authentication, with the password of "huawei", and a user with the IP address of 10.1.1.1 is
prohibited from logging in to the router.
If there is no user activity and a connection is idle for more than 30 minutes after login, the
connection is torn down.
Configuration Roadmap
The configuration roadmap is as follows:
1. Enter the interface view and set the maximum number of VTY user interfaces to 15.
2. Set restrictions for incoming and outgoing calls on the VTY user interface to prevent an IP
address or an IP address segment for accessing the router.
3. Set terminal attributes of the VTY user interface.
4. Set the user priority of the VTY user interface.
5. Set the authentication mode and password of the VTY user interface.
Data Preparation
To complete the configuration, you need the following data:
l Maximum number of VTY user interfaces: 15
l ACL applied to restrict incoming calls on the VTY user interface: 2000
l Timeout period for disconnecting from the VTY user interface: 30 minutes
l Number of lines that a terminal screen displays: 30
l Size of the history command buffer: 20
l User priority: 15
l User authentication mode: password, password: huawei
NOTE
By default, the terminal service is enabled on all user interfaces. If the terminal service is disabled, run the
shell command to enable the terminal service.
Procedure
Step 1 Set the maximum number of VTY user interfaces.
<Huawei> system-view
[Huawei] user-interface maximum-vty 15
Step 2 Set the limit on call-in and call-out in the VTY user interface.
[Huawei] acl 2000
[Huawei-acl-basic-2000] rule deny source 10.1.1.1 0
[Huawei-acl-basic-2000] rule permit source any
[Huawei-acl-basic-2000] quit
[Huawei] user-interface vty 0 14
[Huawei-ui-vty0-14] acl 2000 inbound
Step 3 Set terminal attributes of the VTY user interface.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
65
[Huawei-ui-vty0-14] shell
[Huawei-ui-vty0-14] idle-timeout 30
[Huawei-ui-vty0-14] screen-length 30
[Huawei-ui-vty0-14] history-command max-size 20
Step 4 Set the user priority of the VTY user interface.
[Huawei-ui-vty0-14] user privilege level 15
Step 5 Set the authentication mode and password of the VTY user interface.
[Huawei-ui-vty0-14] authentication-mode password
[Huawei-ui-vty0-14] set authentication password simple huawei
[Huawei-ui-vty0-14] quit
----End
Configuration Files
#
sysname Huawei
#
acl number 2000
rule 5 deny source 10.1.1.1 0
rule permit source any
#
user-interface maximum-vty 15
user-interface vty 0 14
acl 2000 inbound
user privilege level 15
authentication-mode password
set authentication password simple huawei
history-command max-size 20
idle-timeout 30 0
screen-length 30
#
return
4.5.3 Example for Configuring a TTY User Interface
This document describes the configurations of the TTY user interface, including physical
attributes, terminal attributes, and user priorities.
Networking Requirements
A user can log in through a TTY user interface to initialize router configurations or maintain the
router locally. You can set TTY user interface attributes to allow users to log in.
If there is no user activity and the connection between the user and the router remains idle for
more than 30 minutes, the connection is terminated.
Configuration Roadmap
The configuration roadmap is as follows:
1. Enter the interface view and set physical attributes of the TTY user interface.
2. Set terminal attributes of the TTY user interface.
3. Set the user priority of the TTY user interface.
NOTE
By default, the terminal service is enabled on all user interfaces. If the terminal service is disabled, run the
shell command to enable the terminal service.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
66
Data Preparation
To complete the configuration, you need the following data:
l Transmission rate of the TTY user interface: 4800 bit/s
l Flow control mode of the TTY user interface: None
l Parity of the TTY user interface: even
l Stop bit of the TTY user interface: 2
l Data bit of the TTY user interface: 6
l Timeout period for disconnecting from the TTY user interface: 30 minutes
l Number of lines that a terminal screen displays: 30
l Size of the history command buffer: 20
Procedure
Step 1 Set physical attributes of the TTY user interface.
<Huawei> system-view
[Huawei] user-interface tty 0
[Huawei-ui-tty1] speed 4800
[Huawei-ui-tty1] flow-control none
[Huawei-ui-tty1] parity even
[Huawei-ui-tty1] stopbits 2
[Huawei-ui-tty1] databits 6
Step 2 Set terminal attributes of the TTY user interface.
[Huawei-ui-tty1] shell
[Huawei-ui-tty1] idle-timeout 30
[Huawei-ui-tty1] screen-length 30
[Huawei-ui-tty1] history-command max-size 20
Step 3 Set the user priority of the TTY user interface.
[Huawei-ui-tty1] user privilege level 15
----End
Configuration Files
#
sysname Huawei
#
user-interface TTY 1
user privilege level 15
history-command max-size 20
idle-timeout 30 0
screen-length 30
databits 6
parity even
stopbits 2
speed 4800
screen-length 30
#
return
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 4 Configuring User Interfaces
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
67
5 Configuring User Login
About This Chapter
A user can log in to the router through a console port, or by using Telnet or SSH (STelnet). The
user can maintain the router locally or remotely after login.
5.1 Overview of User Login
A user must successfully log in to the device to manage and maintain it. The user can log in to
the device using the console port, Telnet, or STelnet.
5.2 Logging in to the Devices Through the Console Port
When a user needs to configure a router that is powered on for the first time or maintain a
router locally, the user can log in through a console port.
5.3 Logging in to Devices Using Telnet
When multiple routers need to be configured and managed, there is no need to maintain each
router locally. Instead, you can use Telnet to log in to the routers remotely to perform
maintenance. This greatly facilitates device management.
5.4 Logging in to Devices Using STelnet
STelnet provides secure remote access over an insecure network. After the client/server
negotiation is complete and a secure connection is established, STelnet login is similar to Telnet
login.
5.5 Common Operations After Login
After logging in to the router, you can perform user priority switching, terminal window locking,
and other operations as needed.
5.6 Configuration Examples
This section provides several examples describing how to configure users to log in through a
console port, Telnet, or STelnet. The configuration examples provide information and diagrams
for networking requirements, configuration notes, and configuration roadmaps.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
68
5.1 Overview of User Login
A user must successfully log in to the device to manage and maintain it. The user can log in to
the device using the console port, Telnet, or STelnet.
Table 5-1 lists the modes by which a user can log in to the device to configure and manage it.
Table 5-1 User login modes
Login Mode Applicable Scenario Remarks
5.2 Logging in to
the Devices
Through the
Console Port
A user logs in to the device
using the console port on the
user terminal to power on
and configure the device for
the first time.
l If a user cannot access
the device remotely, the
user can log in to the
device locally using the
console port.
l A user can log in using
the console port to
diagnose a fault if the
device fails to start or to
enter the BootROM to
upgrade the system.
By default, a user can directly log in to
the device using the console port. The
authentication mode is None, indicating
that a username and password are not
required during authentication. The user
access level is 3.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
69
Login Mode Applicable Scenario Remarks
5.3 Logging in to
Devices Using
Telnet
A user accesses the network
using a user terminal and
logs in to the device using
Telnet to perform local or
remote configuration. The
target device authenticates
the user using the
configured login
parameters.
The Telnet login mode
facilitates remote device
management and
maintenance.
By default, a user cannot log in to the
device directly using Telnet. To enable
Telnet login, log in to the device locally
using the console port and perform the
following configuration tasks:
l Configure the IP address of the
management network port on the
device and ensure that a reachable
route exists between the user terminal
and the device. By default, an IP
address is not configured on the
device.
l Configure the user authentication
mode of the VTY user interface. By
default, password authentication is
used for the VTY user interface.
l Configure the user access level of the
VTY user interface. By default, the
user access level of the VTY user
interface is 0.
l Enable the Telnet server function. By
default, the Telnet server function is
enabled.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
70
Login Mode Applicable Scenario Remarks
5.4 Logging in to
Devices Using
STelnet
A user accesses the network
using a user terminal. If the
network is insecure, use the
Secure Shell (SSH) protocol
to increase the security of
the transmission and utilize
a powerful authentication
mechanism. SSH protects
the device system against
attacks, such as IP proofing
and plain text password
interception.
The STelnet login mode
better ensures the security of
the exchanged data.
By default, a user cannot log in to the
device directly using STelnet. To enable
STelnet login, log in to the device locally
using the console port and perform the
following configuration tasks:
l Configure the IP address of the
management network port on the
device and ensure that a reachable
route exists between the user terminal
and the device. By default, an IP
address is not configured on the
device.
l Configure the user authentication
mode of the VTY user interface. By
default, password authentication is
used for the VTY user interface.
l Configure the user access level of the
VTY user interface. By default, the
user access level of the VTY user
interface is 0.
l Configure the VTY user interface to
support the SSH protocol. By default,
the VTY user interface supports the
Telnet protocol.
l Enable the STelnet server function.
By default, the STelnet server
function is disabled.

NOTE
Logging in using Telnet is insecure because a secure authentication mechanism is not used and data is
transmitted over TCP in plain text mode. Unlike Telnet, SSH authenticates clients and encrypts data in
both directions to guarantee secure transmissions on a conventional insecure network. SSH supports
security Telnet (STelnet).
For detailed information about SSH, see AR1200-S Feature Description - Basic Configurations.
5.2 Logging in to the Devices Through the Console Port
When a user needs to configure a router that is powered on for the first time or maintain a
router locally, the user can log in through a console port.
5.2.1 Establishing the Configuration Task
Before configuring user login through a console port, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain any data required for the
configuration. This will help you complete the configuration task quickly and correctly.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
71
Applicable Environment
A user can log in to a device locally through a console port. The user must log in through a
console port when a router is powered on for the first time.
l If a user cannot access the device remotely, the user can log in to the device locally using
the console port.
l A user can log in using the console port to diagnose a fault if the device fails to start or to
enter the BootROM to upgrade the system.
Pre-configuration Tasks
Before configuring user login through a console port, complete the following tasks:
l Preparing the console cable
l Installing the terminal emulator (for example, the Windows XP HyperTerminal) to the PC
Data Preparation
To configure user login through a console port, you need the following data.
No. Data
1 l Transmission rate, flow control mode, parity mode, stop bit, data bit
l Number of lines displayed in a terminal screen, size of the history command buffer
l User priority
l User authentication mode, username, and password

5.2.2 Logging In to the Device Using a Console Port
A user can log in by connecting a terminal to the device using a console port.
Context
l Communication parameters of the user terminal must match physical attribute parameters
of the console user interface on the device.
l If a user authentication mode is configured on the console user interface, a user can log in
to the device only after being successfully authenticated. Authentication enhances network
security.
Procedure
Step 1 Start a terminal emulator on the PC and create a connection, as shown in Figure 5-1.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
72
Figure 5-1 Connection creation

Step 2 Set an interface, as shown in Figure 5-2.
Figure 5-2 Interface settings

Step 3 Set communication parameters to match the router defaults, as shown in Figure 5-3.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
73
Figure 5-3 Communication parameter settings

Step 4 Press Enter. At the command-line prompt such as <Huawei>, enter a command to configure
the router or enter a question mark (?) if you need help.
NOTE
When you connect to the console port of a AR1200-S that does not have a startup configuration file, the
system displays "Auto-Config is working. Before configuring the device, stop Auto-Config. If you perform
configurations when Auto-Config is running, the DHCP, routing, DNS, and VTY configurations will be
lost. Do you want to stop Auto-Config? [y/n]:"
l To continue Auto-Config, enter n and press Enter.
l To stop Auto-Config, choose y and press Enter.
CAUTION
If you choose n but still perform configurations through the console port, the DHCP, routing, DNS,
and VTY configurations that you have performed will be lost.
----End
5.2.3 (Optional) Configuring the Console User Interface
If you log in to the device through a console port to perform local maintenance, you can configure
attributes for the console user interface as needed.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
74
Context
Console user interface attributes have default values on the device, and generally need no
modification. To meet specific user requirements or ensure network security, you can modify
console user interface attributes, such as terminal attributes and user authentication mode.
For detailed settings, see Configuring Console User Interface.
NOTE
Changes to console user interface attributes take effect immediately. Therefore, the connection may be
interrupted if console user interface attributes are modified when logged in to the device through the console
port. For this reason, logging into the device using another login mode is recommended when modifying
console user interface attributes. To log in to the device through the console port after changing the default
console user interface attributes, ensure that the configuration of the terminal emulator running on the PC
is consistent with the console user interface attributes configured on the device.
5.2.4 Checking the Configuration
After logging in through a console port, a user can view the usage information, physical attributes
and configurations, local user list, and online users on the console user interface.
Prerequisites
Configurations for user login through a console port are complete.
Procedure
l Run the display users [ all ] command to check information about the user interface.
l Run the display user-interface console ui-number1 [ summary ] command to check
physical attributes and configurations of the user interface.
l Run the display local-user command to check the local user list.
----End
Example
Run the display users command to view information about the current user interface.
<Huawei> display users
User-Intf Delay Type Network Address AuthenStatus AuthorcmdFlag
0 CON 0 00:00:44
Username : Unspecified
Run the display user-interface console ui-number1 [ summary ] command to view the physical
attributes and configurations of the user interface.
<Huawei> display user-interface console 0
Idx Type Tx/Rx Modem Privi ActualPrivi Auth Int
0 CON 0 9600 - 3 - N -
+ : Current UI is active.
F : Current UI is active and work in async mode.
Idx : Absolute index of UIs.
Type : Type and relative index of UIs.
Privi: The privilege of UIs.
ActualPrivi: The actual privilege of user-interface.
Auth : The authentication mode of UIs.
A: Authenticate use AAA.
N: Current UI need not authentication.
P: Authenticate use current UI's password.
Int : The physical location of UIs.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
75
Run the display local-user command to view the local user list.
<Huawei> display local-user
----------------------------------------------------------------------------
User-name State AuthMask AdminLevel
----------------------------------------------------------------------------
admin A H -
ftp A F -
guest A A 15
----------------------------------------------------------------------------
Total 3 user(s)
5.3 Logging in to Devices Using Telnet
When multiple routers need to be configured and managed, there is no need to maintain each
router locally. Instead, you can use Telnet to log in to the routers remotely to perform
maintenance. This greatly facilitates device management.
5.3.1 Establishing the Configuration Task
Before configuring user login using Telnet, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain any data required for configuration. This will
help you complete the configuration task quickly and correctly.
Applicable Environment
If you know the IP address of a remote router, you can use Telnet to log in to the router from a
local terminal. Telnet login allows you to maintain multiple remote routers from one local
terminal, greatly facilitating device management.
Note that router IP addresses must be preset through console ports.
Pre-configuration Tasks
Before configuring users to log in using Telnet, you must log in to the device through the console
port to change the default configurations on the device, so that users can remotely log in to the
device using Telnet to manage and maintain the device. The following default configurations
must be changed:
l Configuring the IP address of the management network port on the device and ensuring
that a reachable route exists between the user terminal and the device
l 5.3.2 Configuring the User Access Level and User Authentication Mode of the VTY
User Interface for remote device management and maintenance
l 5.3.3 Enabling the Telnet Service so that users can remotely log in to the device through
Telnet
Data Preparation
BBefore configuring Telnet user login, you need the following data.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
76
No. Data
1 l User priority
l User authentication mode, username, password
l (Optional) Maximum number of VTY user interfaces allowed
l (Optional) ACL to restrict incoming and outgoing calls on VTY user interfaces
l (Optional) Connection timeout period of terminal users, number of lines displayed
in a terminal screen, size of the history command buffer
2 IPv4/IPv6 address or host name of the router
3 TCP port number used by the remote device to provide Telnet services, VPN instance
name

5.3.2 Configuring the User Access Level and User Authentication
Mode of the VTY User Interface
By default, the user access level of the VTY user interface is 0, and password authentication is
used for the VTY user interface. To enable a user terminal to log in to the device remotely using
Telnet for maintenance and management, log in to the device using the console port, change the
user access level and user authentication mode for the VTY user interface.
Context
In general, the default values of other VTY user interface attributes do not need to be modified.
These attributes can be changed if necessary. For details, see Configuring the VTY User
Interface.
The sequence of the following steps is not fixed but all the configurations are mandatory.
Procedure
l Configure the user access level of the VTY user interface.
1. Run:
system-view
The system view is displayed.
2. Run:
user-interface vty first-ui-number [ last-ui-number ]
The VTY user interface view is displayed.
3. Run:
user privilege level level
The user access level is set.
By default, the user access level of the VTY user interface is 0. Table 5-2 describes
the relationship between the user access levels and command levels.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
77
Table 5-2 Association between user access levels and command levels
User
Lev
el
Co
mm
and
Lev
el
Level
Name
Description
0 0 Visit
level
This level gives access to commands that run network
diagnostic tools (such as ping and tracert) and commands
that start from a local device and visit external devices
(such as Telnet client side).
1 0 and
1
Monit
oring
level
This level gives access to commands, like the display
command, that are used for system maintenance and fault
diagnosis.
2 0, 1,
and 2
Config
uration
level
This level gives access to commands that configure
network services provided directly to users, including
routing and network layer commands.
3-15 0, 1,
2,
and 3
Manag
ement
level
This level gives access to commands that control basic
system operations and provide support for services. These
commands include file system commands, FTP
commands, TFTP commands, configuration file
switching commands, power supply control commands,
backup board control commands, user management
commands, level setting commands, system internal
parameter setting commands, and debugging commands
for fault diagnosis.

NOTE
l Different user access levels are associated with different command levels. A user at a certain
access level can use only commands that have a level lower than or equal to the command
level of the user. This ensures the security of the device to some extent.
l If the configured command level of the user interface conflicts with the operation rights of
the username, the operation rights of the username take precedence.
l Configure the user authentication mode of the VTY user interface.
Three authentication modes are available: non-authentication, password authentication,
and AAA authentication. Select one of them as needed.
– Configuring Non-Authentication
1. Run:
system-view
The system view is displayed.
2. Run:
user-interface vty first-ui-number [ last-ui-number ]
The VTY user interface view is displayed.
3. Run:
authentication-mode none
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
78
The authentication mode is set to non-authentication.
– Configuring Password Authentication
1. Run:
system-view
The system view is displayed.
2. Run:
user-interface vty first-ui-number [ last-ui-number ]
The VTY user interface view is displayed.
3. Run:
authentication-mode password
The authentication mode is set to password authentication.
4. Run:
set authentication password { cipher | simple } password
A password for password authentication is set.
– Configuring AAA Authentication
When the user authentication mode of the VTY user interface is set to AAA
authentication, the access type of the local user must be specified.
1. Run:
system-view
The system view is displayed.
2. Run:
aaa
The AAA view is displayed.
3. Run:
local-user user-name password { simple | cipher } password
A username and password for the local user are created.
4. Run:
local-user user-name service-type telnet
The access type of the local user is set to Telnet.
5. Run:
quit
Exit from the AAA view.
6. Run:
user-interface vty first-ui-number [ last-ui-number ]
The VTY user interface view is displayed.
7. Run:
authentication-mode aaa
The authentication mode is set to AAA authentication.
----End
5.3.3 Enabling the Telnet Service
Before a terminal establishes a Telnet connection with the router, enable the Telnet server
function on the router.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
79
Context
By default, the function of the Telnet server is enabled.
Procedure
Step 1 Run the following command as required.
Step 2 For the IPv4 network
1. Run:
system-view
The system view is displayed.
2. Run:
telnet server enable
The Telnet service is enabled.
Step 3 For the IPv6 network
1. Run:
system-view
The system view is displayed.
2. Run:
telnet ipv6 server enable
The Telnet service is enabled.
NOTE
l If the undo telnet [ipv6] server enable command is run when a user logs in by using Telnet, the
command does not take effect.
l After the Telnet server function is disabled, you can log in to the device only using SSH or an
asynchronous serial port rather than using Telnet.
----End
5.3.4 Logging in to the Device Using Telnet
After a remote device is configured, use Telnet to log in to the device from a terminal and perform
remote maintenance on the device.
Context
Use either the Windows CLI or third-party software in the terminal to log in to the router through
Telnet. This section describes use of the Windows command line prompt.
Do as follows on the user terminal:
Procedure
Step 1 Open the Windows CLI.
Step 2 Run the telnet ip-address command to telnet the device.
1. Input the IP address of the Telnet server.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
80
Figure 5-4 Windows CLI

2. Press Enter to display the command line prompt, such as <HUAWEI>, for the system
view. This indicates that you have accessed the Telnet server.
If the password or AAA authentication mode has been set on the device, you must enter
the login user name and password, and press Enter. The command line prompt of the user
view is displayed, as shown in Figure 5-5.
Figure 5-5 Login

----End
5.3.5 Checking the Configuration
After logging in to the system using Telnet, you can view the connection status of each user
interface including the current user interface, and status of all established TCP connections.
Prerequisites
Configurations for Telnet logins are complete.
Procedure
l Run the display users [ all ] command to check information about users logged in to user
interfaces.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
81
l Run the display tcp status command to check TCP connections.
l Run the display telnet server status command to check the configuration and status of the
Telnet server.
----End
Example
Run the display users command to view information about the currently-used user interface.
<Huawei> display users
User-Intf Delay Type Network Address AuthenStatus AuthorcmdFlag
34 VTY 0 00:00:12 TEL 10.138.77.38
Username : Unspecified
+ 35 VTY 1 00:00:00 TEL 10.138.77.57
Username : Unspecified
Run the display tcp status command to view TCP connections. In the command output,
Established indicates that a TCP connection has been established.
<Huawei> display tcp status
TCPCB Tid/Soid Local Add:port Foreign Add:port VPNID
State
39952df8 36 /1509 0.0.0.0:0 0.0.0.0:0 0
Closed
32af9074 59 /1 0.0.0.0:21 0.0.0.0:0 14849
Listening
34042c80 73 /17 10.164.39.99:23 10.164.6.13:1147 0
Established
Run the display telnet server status command to view the configuration and status of the Telnet
server.
<Huawei> display telnet server status
Telnet IPV4 server :Enable
Telnet server port :23
5.4 Logging in to Devices Using STelnet
STelnet provides secure remote access over an insecure network. After the client/server
negotiation is complete and a secure connection is established, STelnet login is similar to Telnet
login.
5.4.1 Establishing the Configuration Task
Before configuring users to log in using STelnet, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain any data required for the
configuration. This will help you complete the configuration task quickly and correctly.
Applicable Environment
Telnet logins bring security risks because no secure authentication mechanism exists and data
is transmitted over TCP in plain text mode. Unlike Telnet, SSH authenticates clients and encrypts
data in both directions to guarantee secure transmissions on a conventional insecure network.
SSH supports STelnet, and SFTP.
STelnet is a secure Telnet protocol. SSH users can use the STelnet service in the same way they
use the Telnet service.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
82
Pre-configuration Tasks
Before configuring users to log in using STelnet, you must log in to the device through the
console port to change the default configurations on the device, so that users can remotely log
in to the device using Telnet to manage and maintain the device. The following default
configurations must be changed:
l Configuring the IP address of the management network port on the device and ensuring
that a reachable route exists between the user terminal and the device
l Configuring the user access level and authentication mode of the VTY user
interface for remote device management and maintenance.
l Configuring the VTY user interface to support the SSH protocol, configuring the SSH
user and specify STelnet as a service mode for the SSH user, and enabling the STelnet
server function so that the user can remotely log in to the device through STelnet
Data Preparation
To configure users to log in using STelnet, you need the following data:
No. Data
1 user authentication mode, username, and password, (optional)Maximum number of
VTY user interfaces allowed, (optional) ACL for restricting incoming and outgoing
calls on VTY user interfaces, (optional)connection timeout period for terminal users,
number of rows displayed in a terminal screen, size of the history command buffer
2 Username, password, authentication mode, and service type of an SSH user and
remote public RSA key pair allocated to the SSH user
3 (Optional) Name of an SSH server, number of the port monitored by the SSH server,
preferred encryption algorithm from the STelnet client to the SSH server, preferred
encryption algorithm from the SSH server to the STelnet client, preferred HMAC
algorithm from the STelnet client to the SSH server, preferred HMAC algorithm from
the SSH server to the STelnet client, preferred algorithm for key exchange, name of
the outgoing interface, and source address

5.4.2 Configuring the User Access Level and User Authentication
Mode of the VTY User Interface
By default, the user access level is 0, and password authentication is used for the VTY user
interface. Before logging in to the device using STelnet for maintenance and management, you
must log in to the device through the console port to change the user access level and user
authentication mode.
Context
In general, the default values of other VTY user interface attributes do not need to be modified.
These attributes can be changed if necessary. For details, see Configuring the VTY User
Interface.
The sequence of the following steps is not fixed but all the configurations are mandatory.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
83
Procedure
l Configure the user access level of the VTY user interface.
1. Run:
system-view
The system view is displayed.
2. Run:
user-interface vty first-ui-number [ last-ui-number ]
The VTY user interface view is displayed.
3. Run:
user privilege level level
The user access level is set.
By default, the user access level of the VTY user interface is 0. Table 5-3 describes
the relationship between the user access levels and command levels.
Table 5-3 Association between user access levels and command levels
User
Lev
el
Co
mm
and
Lev
el
Level
Name
Description
0 0 Visit
level
This level gives access to commands that run network
diagnostic tools (such as ping and tracert) and commands
that start from a local device and visit external devices
(such as Telnet client side).
1 0 and
1
Monit
oring
level
This level gives access to commands, like the display
command, that are used for system maintenance and fault
diagnosis.
2 0, 1,
and 2
Config
uration
level
This level gives access to commands that configure
network services provided directly to users, including
routing and network layer commands.
3-15 0, 1,
2,
and 3
Manag
ement
level
This level gives access to commands that control basic
system operations and provide support for services. These
commands include file system commands, FTP
commands, TFTP commands, configuration file
switching commands, power supply control commands,
backup board control commands, user management
commands, level setting commands, system internal
parameter setting commands, and debugging commands
for fault diagnosis.

Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
84
NOTE
l Different user access levels are associated with different command levels. A user at a certain
access level can use only commands that have a level lower than or equal to the command
level of the user. This ensures the security of the device to some extent.
l If the configured command level of the user interface conflicts with the operation rights of
the username, the operation rights of the username take precedence.
l Configure the user authentication mode of the VTY user interface.
The system provides non-authentication and AAA authentication for users to select.
– Configuring Non-Authentication
1. Run:
system-view
The system view is displayed.
2. Run:
user-interface vty first-ui-number [ last-ui-number ]
The VTY user interface view is displayed.
3. Run:
authentication-mode none
The authentication mode is set to non-authentication.
– Configuring AAA Authentication
When the authentication mode of the VTY user interface is set to AAA authentication,
the access type of the local user must be specified.
1. Run:
system-view
The system view is displayed.
2. Run:
aaa
The AAA view is displayed.
3. Run:
local-user user-name password { simple | cipher } password
A username and password for the local user are created.
4. Run:
local-user user-name service-type ssh
The access type of the local user is set to SSH.
5. Run:
quit
Exit from the AAA view.
6. Run:
user-interface vty first-ui-number [ last-ui-number ]
The VTY user interface view is displayed.
7. Run:
authentication-mode aaa
The authentication mode is set to AAA authentication.
----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
85
5.4.3 Configuring SSH for the VTY User Interface
For users to log in to the device using STelnet, VTY user interfaces must be configured to support
SSH.
Context
By default, user interfaces support Telnet. A user interface must be configured to support SSH
for users to log in to the device using STelnet.
NOTE
A VTY user interface configured to support SSH must also be configured with AAA authentication.
Otherwise, the protocol inbound ssh command cannot be configured.
Do as follows on the router that serves as an SSH server:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
user-interface [ vty ] first-ui-number [ last-ui-number ]
The VTY user interface is displayed.
Step 3 Run:
authentication-mode aaa
The AAA authentication mode is configured.
Step 4 Run:
protocol inbound ssh
The VTY user interface is configured to support SSH.
----End
5.4.4 Configuring an SSH User and Specifying STelnet as One of
Service Types
To allow a user to log in to the router by using STelnet, you must configure an SSH user,
configure the router to generate a local RSA key pair, configure a user authentication mode, and
specify a service type for the SSH user.
Context
l SSH users can be authenticated in four modes: RSA, password, password-rsa, and all. You
must create a local user with the specified user name in the AAA view.
l Configuring the router to generate a local RSA key pair is a key step for SSH login. If an
SSH user logs in to an SSH server in password authentication mode, configure the server
to generate a local RSA key pair. If an SSH user logs in to an SSH server in RSA
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
86
authentication mode, configure both the server and the client to generate local RSA key
pairs.
NOTE
Password-rsa authentication requires success of both password authentication and RSA authentication. The
all authentication mode requires success of either password authentication or RSA authentication.
Do as follows on the router that functions as an SSH server:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
aaa
The AAA view is displayed.
Step 3 Run:
local-user user-name password { simple | cipher } password
Name and password of the local user are created.
Step 4 Run:
quit
Quit the AAA view.
Step 5 Run:
rsa local-key-pair create
A local RSA key pair is generated.
NOTE
l Before performing the other SSH configurations, you must configure the rsa local-key-pair create
command to generate a local key pair.
l After generating the local key pair,you can perform the display rsa local-key-pair public command
to view the public key in the local key pair.
Step 6 Run:
ssh user user-name authentication-type { password | rsa | password-rsa | all }
The authentication mode for SSH users is configured.
Perform the following as required:
l Authenticate the SSH user through the password.
– Run:
ssh user user-name authentication-type password
The password authentication is configured for the SSH user.
l Authenticate the SSH user through RSA.
1. Run:
ssh user user-name authentication-type rsa
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
87
The RSA authentication is configured for the SSH user.
2. Run:
rsa peer-public-key key-name
The public key view is displayed.
3. Run:
public-key-code begin
The public key editing view is displayed.
4. Run:
hex-data
The public key is edited.
NOTE
l In the public key view, only hexadecimal strings complying with the public key format can be
typed in. Each string is randomly generated on an SSH client. For detailed operations, see manuals
for SSH client software.
l After the public key editing view is displayed, the RSA public key generated on the client can
be sent to the server. Copy the RSA public key to the router that serves as the SSH server.
5. Run:
public-key-code end
Quit the public key editing view.
l If the specified hex-data is invalid, the public key cannot be generated after the peer-
public-key end command is run.
l If the specified key-name is deleted in other views, the system prompts that the key does
not exist after the peer-public-key end command is run and the system view is
displayed.
6. Run:
peer-public-key end
Return to the system view from the public key view.
7. Run:
ssh user user-name assign rsa-key key-name
The public key is assigned to the SSH user.
Step 7 (Optional) Configuring the Basic Authentication Information for SSH Users
1. Run:
ssh server rekey-interval interval
The interval for updating the server key pair is configured.
By default, the interval for updating the key pair of the SSH server is 0 that indicates no
updating.
2. Run:
ssh server auth-timeout timeout_interval
The timeout period of the SSH authentication is set.
By default, the timeout period is 60 seconds.
3. Run:
ssh server authentication-retries auth-times
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
88
The number of retry times of the SSH authentication is set.
By default, the retry times is 3.
----End
5.4.5 Enabling the STelnet Server Function
By default, the STelnet server function is disabled. Before a user terminal logs in to the device
using STelnet, you must log in to the device through the console interface to enable the STelnet
server function on the device.
Context
By default, no device is enabled with the STelnet server function. Users can establish connections
to the device using STelnet only after the device is enabled with the STelnet server function.
Do as follows on the device that serves as an SSH server:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
stelnet server enable
The STelnet server function is enabled.
By default, the STelnet server function is disabled.
----End
5.4.6 Logging in to the Device Using STelnet
After you log in to the device through the console interface to complete relevant configurations,
users can remotely log in to the device using the Secure Shell (SSH) protocol from remote user
terminals to remotely maintain the device.
Context
Third-party software can be used on a terminal for STelnet login. This section describes the use
of third-party software OpenSSH and the Windows CLI.
After installing OpenSSH on the user terminal, do as follows on the user terminal:
NOTE
For details on how to install OpenSSH, refer to the software installation guide.
For details about how to use OpenSSH commands to log in to the system, see the help document of the
software.
Procedure
Step 1 Open the Windows CLI.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
89
Step 2 Run relevant OpenSSH commands to log in to the router in STelnet mode.
Figure 5-6 Logging in to the device in STelnet mode

----End
5.4.7 Checking the Configuration
After configuring users to log in using STelnet, you can view the SSH server configuration.
Prerequisites
Configurations for STelnet login are complete.
Procedure
l Run the display ssh user-information username command on the SSH server to check
information about SSH users.
l Run the display ssh server status command on the SSH server to check its configurations.
l Run the display ssh server session command on the SSH server to check sessions for SSH
users.
----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
90
Example
Run the display ssh user-information username command to view information about a
specified SSH user.
<Huawei> display ssh user-information client001
Sftp-directory : -
Service-type : sftp
-------------------------------------------------------------------------------
Username Auth-type User-public-key-name
-------------------------------------------------------------------------------
guest password null
rsa rsa RsaKey001
password password null
-------------------------------------------------------------------------------
If no SSH user is specified, information about all SSH users logged in to an SSH server will be
displayed.
Run the display ssh server status command to view configurations of an SSH server.
<Huawei> display ssh server status
SSH version :1.99
SSH connection timeout :60 seconds
SSH server key generating interval :0 hours
SSH Authentication retries :3 times
SFTP Server :Enable
Stelnet server :Enable
Run the display ssh server session command. The command output shows that the session
information between SSH server and client.
<Huawei> display ssh server session
--------------------------------------------------------------------
Conn Ver Encry State Auth-type Username
--------------------------------------------------------------------
VTY 0 1.5 BLOWFISH run password john
--------------------------------------------------------------------
5.5 Common Operations After Login
After logging in to the router, you can perform user priority switching, terminal window locking,
and other operations as needed.
5.5.1 Establishing the Configuration Task
Before performing operations after login, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain any data required for the configuration. This
will help you complete the configuration task quickly and correctly.
Applicable Environment
Configure user level switching and enable messaging between user interfaces to ensure that
operators can manage routers safely.
Pre-configuration Tasks
Before performing operations after login, complete the following tasks:
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
91
l Connecting the terminal to the router
Data Preparations
Before performing operations after login, you need the following data:
No. Data
1 Password used for switching user levels
2 Type and number of the user interface
3 Contents of the message to be sent

5.5.2 Switching User Levels
A user who wants to upgrade from a lower to a higher level after logging in to the router must
have a password already configured.
Context
A password is required to increase user level. This prevents unauthorized users from gaining
access to high-level commands.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
super password [ level user-level ] { simple | cipher } password
The password for switching user levels is configured.
By default, the password for the user is set to Level 3.
CAUTION
If simple is selected, the password is saved in plain text. A low-level login user can easily obtain
and change the password by checking the configuration file, compromising network security.
Selecting cipher to save the password in encrypted text is recommended.
If a password set with cipher is lost or forgotten, it cannot be retrieved by querying the system.
Be sure to save a copy of the encrypted password in a secure location.
Step 3 Run:
quit
Return to the user view.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
92
Step 4 Run:
super [ level ]
User levels are switched.
By default, the level is 3.
Step 5 Follow the prompt and enter a password.
If the password entered is correct, the user can switch to a higher level. If an incorrect password
is entered three times in a row, the user is returned to the user view at the original level.
NOTE
When the super command is used to switch a user from a lower to a higher level, the system automatically
sends trap messages and records the switchover in a log. When a user is switched from a higher to a lower
level, the system only records the switchover in a log.
----End
5.5.3 Locking User Interfaces
If you must be away from your work area, you can lock the user interface on a terminal to prevent
unauthorized access.
Context
The user interface can be a console user interface or a VTY user interface.
Procedure
Step 1 Run:
lock
The user interface is locked.
Step 2 Step 2 Follow the system prompts and input a password to unlock the user interface.
<Huawei> lock
Enter Password:
Confirm Password:
If the locking is successful, the system prompts that the user interface is locked.
You must enter the password previously set to unlock the user interface.
----End
5.5.4 Sending Messages to Other User Interfaces
Users logged in to different interfaces can send messages to each other.
Context
Users logged in to the router can send messages from their user interface to users on other user
interfaces.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
93
Procedure
Step 1 Run:
send { all | ui-type ui-number | ui-number1 }
You can enable message sending between user interfaces.
Step 2 Follow the prompt to view the message to be sent. You can press Ctrl_Z or Enter to end the
display, and press Ctrl_C to abort the display.
Step 3 At the system prompt, enter Y to send the message or enter N to cancel message sending.
----End
5.5.5 Displaying Login Users
You can query information about login users.
Context
User name, address, and authentication and authorization information can be queried.
Procedure
l Run the display users [ all ] command to view information about logged-in users.
If all is configured, information about users logged in to all user interfaces is displayed.
----End
5.6 Configuration Examples
This section provides several examples describing how to configure users to log in through a
console port, Telnet, or STelnet. The configuration examples provide information and diagrams
for networking requirements, configuration notes, and configuration roadmaps.
5.6.1 Example for Configuring User Login Using a Console Port
This example describes how to configure user login using a console port. Login settings that
enable access to the router using a console port are configured on a PC.
Networking Requirements
If default values for console user interface parameters are modified, corresponding parameters
on the PC must be reset before another login to the router can be implemented.
Figure 5-7 Networking diagram of user login using a console port
Router PC

Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
94
Configuration Roadmap
1. Connect a PC to the router through a console port.
2. Set login parameters on the PC.
3. Log in to the router.
NOTE
In this example, a terminal emulator is used.
Data Preparation
Communication parameters for the PC (baud rate: 4800 bps, data bit: 7, parity: even, stop bit:
2, flow control mode: none)
Procedure
Step 1 Use a standard RS-232 cable to connect the serial port of the PC to the console port of the
router.
Step 2 Run the terminal emulator on the PC. As shown in Figure 5-8, set communication parameters
for the PC to Figure 5-10. Set the transmission rate to 4800 bit/s, data bit to 7, parity bit to even,
stop bit to 2, and flow control mode to none.
Figure 5-8 Connection creation

Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
95
Figure 5-9 Interface setting

Figure 5-10 Communication parameter settings

Step 3 Power on the router. After the self-check is complete and the router is started, you are prompted
to press Enter.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
96
At the prompt (usually <Huawei>), you can run commands to view the status of the router or
configure the router.
----End
5.6.2 Example for Logging In by Telnet
In this example, you can set user login parameters to log in to the router from the PC or other
terminals using Telnet.
Networking Requirements
You can log in to the router on other network segments through the PC or other terminals to
perform remote maintenance.
Figure 5-11 Establishing the configuration environment over the WAN
WAN
Router
Target
Router
PC
Eth1/0/0
202.38.160.92/16

Configuration Roadmap
1. Establish the physical connection.
2. Set user login parameters.
3. Log in to the router from the client side.
Data Preparation
l IP address of the PC
l IP address of the Ethernet interface on the router
l User information (including the user name, password, and authentication mode)
l Reachable route between the PC and target router
Procedure
Step 1 Connect the PC and the router to the network.
Step 2 Set login user parameters on the target router.
# Configure the login address.
<Huawei> system-view
[Huawei] interface gigabitethernet 1/0/0
[Huawei-GigabitEthernet1/0/0] ip address 202.38.160.92 255.255.0.0
[Huawei-GigabitEthernet1/0/0] quit
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
97
# Configure the login authentication mode
[Huawei] aaa
[Huawei-aaa] local-user huawei password cipher hello
[Huawei-aaa] local-user huawei service-type telnet
[Huawei-aaa] local-user huawei privilege level 3
[Huawei-aaa] quit
[Huawei] user-interface vty 0 4
[Huawei-ui-vty0-14] authentication-mode aaa
Step 3 Configure the client login.
Run the Telnet on the PC (use the Windows XP operating system as an example), as shown in
Figure 5-12.
Figure 5-12 Running the Telnet program on the PC

Click OK.
Enter the user name and password in the login window. After authentication, a command line
prompt such as <Huawei> appears. Enter the configuration environment in the user view.
----End
5.6.3 Example for Configuring User Login by Using STelnet
This part provides an example describing how to configure user login by using STelnet.. In this
example, after generating the local key pair on the SSH server, configuring the name and
password of the SSH user on the SSH server, and enabling the STelnet service on the SSH server,
you can connect the Stelnet client to the SSH server.
Networking Requirements
As shown in Figure 5-13, after the STelnet service is enabled on the SSH server, the STelnet
client can log in to the SSH server with the password, RSA, password-rsa, or all authentication
mode.
In this configuration example, the password authentication mode is used.
Figure 5-13 Networking diagram of configuring user login by using STelnet
PC
Network
SSH Server
GE1/0/0
10.137.217.223/16
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
98

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a local key pair on the SSH server for secure data exchange between the STelnet
client and the SSH server.
2. Configure the VTY user interface on the SSH server.
3. Configure an SSH client, which involves the setting of the user authentication mode, user
name, and password.
4. Enable the STelnet server function on the SSH server and configure a user service type.
Data Preparation
To complete the configuration, you need the following data:
l SSH user authentication mode: password, user name: client001, password: huawei
l User level of client001: 3
l IP address of the SSH server: 10.137.217.223
Procedure
Step 1 Generate a local key pair on the server.
<Huawei> system-view
[Huawei] sysname SSH Server
[SSH Server] rsa local-key-pair create
The key name will be: Huawei_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]: 768
Generating keys...
.......++++++++++++
..........++++++++++++
...................................++++++++
......++++++++
Step 2 Configure the VTY user interface.
[SSH Server] user-interface vty 0 4
[SSH Server-ui-vty0-4] authentication-mode aaa
[SSH Server-ui-vty0-4] protocol inbound ssh
[SSH Server-ui-vty0-4] quit
NOTE
If SSH is configured as the login protocol, the AR1200-S automatically disables Telnet.
Step 3 Configure the password of the SSH user Client001 to huawei.
[SSH Server] aaa
[SSH Server-aaa] local-user client001 password cipher huawei
[SSH Server-aaa] local-user client001 privilege level 3
[SSH Server-aaa] local-user client001 service-type ssh
[SSH Server-aaa] quit
Step 4 Configure the authentication mode of SSH user to password.
[SSH Server] ssh user client001 authentication-type password
Step 5 Enable the STelnet server function on the SSH server.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
99
[SSH Server]stelnet server enable
Step 6 Verify the configuration.
# Log in the SSH server by using OpenSSH.

----End
Configuration Files
l Configuration file of the SSH server
#
sysname SSH Server
#
aaa
local-user client001 password cipher N`C55QK<`=/Q=^Q`MAF4<1!!
local-user client001 privilege level 3
local-user client001 service-type ssh
#
interface GigabitEthernet1/0/0
ip address 10.137.217.223 255.255.0.0
#
ssh user client001 authentication-type password
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
#
return
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 5 Configuring User Login
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
100
6 Managing the File System
About This Chapter
The file system manages the files and directories on the storage devices of the router. It can
move or delete a file or directory, or display the contents of a file.
6.1 File System Overview
The router uses the file system to manage all files.
6.2 Managing Files Using the File System
You can use the file system to manage storage devices, directories, and files.
6.3 Managing Files Using FTP
FTP can transmit files between local and remote hosts. It is widely used for version upgrade,
log downloading, file transmission, and configuration saving.
6.4 Managing Files Using SFTP
SFTP allows you to log in to the router securely from a remote device to manage files. This
makes transmission of data to the remote end more secure.
6.5 Configuration Examples
The examples in this section show how to use FTP, SFTP or FTPS to access the system and
manage files. These configuration examples explain networking requirements and provide
configuration roadmaps and configuration notes.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
101
6.1 File System Overview
The router uses the file system to manage all files.
6.1.1 File System
The file system manages files and directories on the storage devices. It can create, delete, modify,
or rename a file or directory, or display the contents of a file.
The file system has two functions: managing storage devices and managing the files that are
stored on those devices.
Managing Files Using the File System
After logging in to the router by using the console port, Telnet, or STelnet, you can manage
storage devices, directories, and files.
l Storage devices
Storage devices are hardware devices for storing data.
At present, the router supports the storage devices such as flash memory and USB disk.
l Files
A file is resources for storing and managing data.
l Directories
A directory is a logical container that the system uses to organize files.
6.1.2 Methods of File Management
You can use the FTP, SFTP to manage files.
Managing Files Using FTP
FTP is a standard application protocol based on the TCP/IP protocol suite. It is used to transfer
files between local clients and remote servers. FTP uses two TCP connections to copy a file
from one system to another. The TCP connections are usually established in client-server mode,
one for control (the server port number is 21) and the other for data transmission (the sever port
number is 20).
l Control connection: issues commands from the client to the server and transmits replies
from the server to the client, minimizing the transmission delay.
l Data connection: transmits data between the client and server, maximizing the throughput.
FTP has two file transfer modes:
l Binary mode: is used to transfer program files, such as .app, .bin, and .btm files.
l ASCII mode: is used to transfer text files, such as .txt, .bat, and .cfg files.
The device provides the following FTP functions:
l FTP client: Users can use the terminal emulator or the Telnet program to connect PCs to
the device, and run the ftp command to establish a connection between the device and a
remote FTP server to access and operate files on the server.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
102
l FTP server: Users can use the FTP client program to log in to the device and operate files
on the device.
Before users log in, the network administrator must configure an IP address for the FTP
server.
Managing Files Using SFTP
SFTP uses SSH to ensure secure file transfer. On one hand, SFTP allows remote users to securely
log in to the device to manage and transfer files. On the other hand, users can use the device
functioning as a client to log in to a remote server and transfer files securely.
When the SFTP server or the connection between the server and the client fails, the client needs
to detect the fault in time and removes the connection proactively. To help the client detect such
a fault in time, configure an interval at which Keepalive packets are sent if no packet is received
and the maximum number of times that the server does not respond for the client:
l If the client does not receive any packet within the specified period, the client sends a
Keepalive packet to the server.
l If the maximum number of times that the server does not respond exceeds the specified
value, the client proactively releases the connection.
Managing Files Using FTPS
FTPS that adds support for SSL is an extension to the commonly used FTP. Using SSL to
authenticate the identities of the client and server and encrypt data to be transmitted, FTPS
implements security management of devices.
Traditional FTP does not have a security mechanism. It transmits data in plain text. If the FTP
server is configured with login user names and passwords, the FTP server can authenticate
clients, but the clients cannot authenticate the server. Transmitted data is easy to be tampered,
bringing security threats.An SSL policy can be configured on the FTP server to improve security.
SSL allows data encryption, identity authentication, and message integrity verification,
improving data transmission security. In addition, SSL provides secure connections for the FTP
server, greatly improving security of the FTP server.
By default, a user cannot log in to the device using FTPS. To log into the device using FTPS,
perform the following steps:
l Logging in to the device through the console port and loading a digital certificate to the
sub-directory named security of the system directory on the FTPS server
l Installing the FTP client software that supports SSL on the PC
6.2 Managing Files Using the File System
You can use the file system to manage storage devices, directories, and files.
6.2.1 Establishing the Configuration Task
Before using the file system to manage files, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain any data required for the
configuration. This will help you complete the configuration tasks quickly and correctly.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
103
Applicable Environment
Use the file system to manage files or directories on the router. If the router is unable to save or
obtain data, log in to the file system to repair the faulty storage devices.
Pre-configuration Tasks
Before logging in to the file system to manage files, complete the following tasks:
l Connecting the client with the server correctly
Data Preparation
To manage files by logging in to the file system, you need the following data:
No. Data
1 Storage device name
2 Directory name
3 File name

6.2.2 Managing Storage Devices
When a storage device file system on the router does not function properly, you must repair and
format the file system before managing the storage device.
Context
When the file system on a storage device fails, the terminal of the router prompts you to rectify
the fault.
NOTE
The storage devices can be flash memory, or USB flash drives. The router has a built-in flash memory.
The router provides two reserved USB slots (usb0 and usb1).
Only Huawei-certified storage devices can be used.
You can format a storage device if you are unable to repair the file system or do not need any
data saved on the storage device.
CAUTION
Formatting storage devices can lead to data loss. Exercise caution when performing this
operation.
Procedure
l Run:
fixdisk device-name
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
104
A storage device with file system problems is repaired.
NOTE
If, after running this command, the prompt still says the system should be repaired, there may be
damage to the physical storage medium.
l Run:
format device-name
The storage device is formatted.
NOTE
If the storage device does not work after you run this command, there may be a hardware fault.
----End
6.2.3 Managing Directories
You can manage directories to store files in logical hierarchy.
Context
You can manage directories by changing or displaying directories, displaying files in directories
or sub-directories, and creating or deleting directories.
Procedure
l Run:
cd { directory | device-name }
A directory is specified.
l Run:
pwd
The current directory is displayed.
l Run:
dir [ /all ] [ filename ] [ device-name ]
A list of files and sub-directories in the directory is displayed.
l Run:
mkdir { directory | device-name }
The directory is created.
l Run:
rmdir { directory | device-name }
The directory is deleted.
----End
6.2.4 Managing Files
You can log in to the file system to view, delete, or rename files on the router.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
105
Context
l Managing files includes: displaying contents, copying, moving, renaming, compressing,
deleting, undeleting, deleting files in the recycle bin, running files in batch and configuring
prompt modes.
l You can run the cd { directory | device-name } command to enter the required directory
from the current directory.
Procedure
l Run:
more [ /binary ] { filename | device-name } [ offset ] [ all ]
The content of a file is displayed.
Specify parameters in the more command for file viewing options:
– Running the more file-name command to view the file named file-name. Contents of a
text file are displayed screen by screen. Hold and press the spacebar on the current
terminal to display all contents of the current file.
Two preconditions must be set to display the contents of a text file screen by screen:
– The value configured by screen-length screen-length temporary command must
be larger than 0.
– The total number of lines in the file must be greater than the value configured by
screen-length command.
– Running the more file-name offset command to view the file named file-name. Contents
of a text file are displayed screen by screen beginning with the line specified by offset.
Hold and press the spacebar on the current terminal to display all contents of the current
file.
Two preconditions must be met to display the contents of a text file screen by screen:
– The value configured by screen-length screen-length command must be greater than
0.
– The result difference between the number of file characters subtracted and the value
of offset must be greater than the value configured by the screen-length command.
– Running the more file-name all command to view the file named file-name. Contents
of a text file are completely displayed without pausing after each screen of information.
l Run:
copy source-filename destination-filename
The file is copied.
l Run:
move source-filename destination-filename
The file is moved.
l Run:
rename source-filename destination-filename
The file is renamed.
l Run:
zip source-filename destination-filename
The file is compressed.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
106
l Run:
delete [ /unreserved ] [ /force ] { filename | device-name } [ all ]
The file is deleted.
CAUTION
If you use the parameter [ /unreserved ] in the delete command, the file cannot be restored
after being deleted.
l Run:
undelete filename
The deleted file is recovered.
NOTE
If the current directory is not the parent directory, you must use the absolute path to the file to perform
operations.
l Run:
reset recycle-bin [ filename ]
The file is deleted.
You can use this command to permanently delete files in the recycle bin.
l Running Files in Batches
You can process uploaded files in batches. The edited batch files need to be saved to a
storage device on the router.
You can create and run a batch file to implement routine tasks.
1. Run:
system-view
The system view is displayed.
2. Run:
execute filename
The batched file is executed.
l Configuring Prompt Modes
The system displays prompts or warning messages when you operate the device (especially
if these operations lead to data loss). If you need to change the prompt mode for file
operations, you can configure the file system prompt mode.
1. Run:
system-view
The system view is displayed.
2. Run:
file prompt { alert | quiet }
The file system prompt mode is configured.
The default prompt mode is alert.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
107
CAUTION
If the prompt mode is set to quiet, no prompt appears when data is lost due to
inappropriate operating procedures.
----End
6.3 Managing Files Using FTP
FTP can transmit files between local and remote hosts. It is widely used for version upgrade,
log downloading, file transmission, and configuration saving.
6.3.1 Establishing the Configuration Task
Before using FTP to manage files, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain any data required for the configuration. This
will help you complete the configuration task quickly and correctly.
Applicable Environment
When an FTP client logs in to a router serving as an FTP server, the user can transfer files
between the client and the server.
Pre-configuration Tasks
Before using FTP to manage files, complete the following task:
l Connecting the FTP client to the server
Data Preparation
To use FTP to manage files, you need the following data:
No. Data
1 FTP username and password, and authorized FTP file directory name
2 (Optional) Listening port number specified on the FTP server
3 (Optional) Source IP address or source interface of the FTP server
(Optional) Timeout period for disconnection from the FTP server
4 IP address or host name of the FTP server

6.3.2 Configuring a Local FTP User
You can configure a user authorization mode and an authorized directory for FTP users to access.
Unauthorized users cannot access the specified directory, reducing security risks.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
108
Context
To use FTP to manage files, you must configure a local username and a password on the
router and specify a service type and the directories that can be accessed.
Perform the following operations on the router that functions as the FTP server:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
set default ftp-directory directory
The default FTP working directory is configured.
NOTE
The configuration in this step takes effect only with TACACS users.
Step 3 Run:
aaa
The AAA view is displayed.
Step 4 Run:
local-user user-name password { simple | cipher } password
The local user name and password are configured.
Step 5 Run:
local-user user-name service-type ftp
The FTP service type is configured.
Step 6 Run:
local-user user-name ftp-directory directory
The authorized directory for the FTP user is configured.
----End
6.3.3 (Optional) Specifying a Port Number for the FTP Server
You can configure or change the listening port number for an FTP server. After the port number
is changed, only the user knows the current port number and this protects system security.
Context
The default listening port number for an FTP server is 21. Users can log in to the router directly
by using the default listening port number. Attackers can also access the default listening port
to launch attacks that reduce available bandwidth and affect server performance, preventing
valid users from accessing the server. Changing the FTP server listening port number effectively
prevents attackers from accessing the server through the listening port.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
109
NOTE
If FTP is not enabled, change the FTP port as required.
If FTP is enabled, run the undo ftp server command to disable FTP, and then change the FTP port.
Do as follows on the router that serves as the FTP server:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ftp [ ipv6 ] server port port-number
The port number of the FTP server is configured.
Once a new listening port number is configured, the FTP server interrupts all existing FTP
connections and begins to use the new listening port.
----End
6.3.4 Enabling the FTP Server
You must enable an FTP sever on the router before using FTP to manage files.
Context
The FTP server is disabled by default on the router. It must be enabled before FTP can be used.
Do as follows on the router that serves as the FTP server:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ftp [ ipv6 ] server enable
The FTP server is enabled.
NOTE
When file operations between clients and the router are complete, run the undo ftp [ ipv6 ] server command
to disable the FTP server function. This protects router security.
----End
6.3.5 (Optional) Configuring the FTP Server Parameters
FTP server parameters include the FTP server source address and the timeout period for FTP
connections.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
110
Context
l You can configure a source IP address for the FTP server. The FTP client can only access
this address and this protects system security.
l You can configure the timeout period for FTP connections on the FTP server. When the
timeout period for an FTP connection expires, the system terminates the connection to
release resources.
Do as follows on the router that serves as the FTP server:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ftp server-source { -a ip-address | -i
interface-type interface-number }
The source IP address and source interface of an FTP server is configured.
To log in to the FTP server, you must specify the source IP address for the server in the ftp
command, or you cannot log in to the FTP server.
Step 3 Run:
ftp [ ipv6 ] timeout minutes
The timeout period for the FTP server is configured.
If the client is idle for the configured time, the connection to the FTP server is terminated.
By default, the timeout value is 30 minutes.
----End
6.3.6 (Optional) Configuring an FTP ACL
After an FTP ACL is configured, only specified clients can access the devicerouter.
Context
When the routerfunctions as an FTP server, you can configure an ACL to allow the clients that
meet matching rules to access the FTP server.
Do as follows on the router that serves as the FTP server:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl acl-number
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
111
The ACL view is displayed.
Step 3 Run:
rule [ rule-id ] { deny | permit } [ { fragment | none-first-fragment } | source
{ source-address source-wildcard | any } | time-range time-name ]
*
The ACL rule is configured.
NOTE
l By default, the deny action in an ACL rule is taken for all the packets. To allow packets to pass through,
define the permit action in the ACL rule. For example, to discard packets with the source IP address
of 10.1.1.10, define two rules in an ACL:
l rule deny source 10.1.1.10 0
l rule permit source any
If rule permit source any is not defined, packets with other source IP addresses but not 10.1.1.10 0
are also discarded.
l FTP supports only basic ACLs.
Step 4 Run:
quit
The system view is displayed.
Step 5 Run:
ftp [ ipv6 ] acl acl-number
The basic FTP ACL is configured.
----End
6.3.7 Accessing the System by Using FTP
After the FTP server is configured, you can use FTP to access the router from a PC and manage
the files on the router.
Context
You can use either the Windows command line prompt or third-party software to log in to the
router. The example here uses the Windows command line prompt as an example.
Do as follows on the PC:
Procedure
Step 1 Open the Windows CLI.
Step 2 Run the ftp ip-address command to log in to the router using FTP.
Enter a username and password at the prompt, and press Enter. When the Windows command
line prompt are displayed in the FTP client view, such as ftp>, you have entered the working
directory of the FTP server.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
112
Figure 6-1 Using FTP to log in to the device

----End
6.3.8 Managing Files Using FTP Commands
After logging in to the router that functions as an FTP server using FTP, you can upload and
download files to and from the router, or manage the directories on the router.
Context
After logging in to the FTP server, you can perform the following operations:
l Configuring data type for the file
l Uploading or downloading files
l Creating directories or deleting directories on the FTP server
l Displaying information about a specific remote directory or a file of the FTP server, or
deleting a specific file from the FTP server
After logging in to the FTP server and entering the FTP client view, you can perform the
following operations:
Procedure
l Configuring the data type and transmission mode for a file
– Run:
ascii or binary
The data type of the file to be transmitted is ascii or binary.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
113
NOTE
FTP supports ASCII and the binary files. The difference the two is:
l In ASCII transmission mode, ASCII characters are used to separate carriage returned from
line feeds.
l In binary transmission mode, characters can be transferred without format conversion or
formatting.
An FTP transmission mode can be set for each client. The system uses ASCII transmission mode
by default, but a mode switch command can switch a client between ASCII and binary modes.
The ASCII mode is used to transmit .txt files and the binary mode is used to transmit binary files.
l Uploading or downloading files
– Upload or download a file.
– Run:
put local-filename [ remote-filename ]
The local file is uploaded to the remote FTP server.
– Run:
get remote-filename [ local-filename ]
The FTP file is downloaded from the FTP server and saved to the local file.
l Running one or more of the following commands to manage directories
– Run:
cd pathname
The working path of the remote FTP server is specified.
– Run:
pwd
The specified directory of the FTP server is displayed.
– Run:
lcd [ local-directory ]
The directory of the FTP client is displayed or changed.
– Run:
mkdir remote-directory
A directory is created on the FTP server.
– Run:
rmdir remote-directory
A directory is removed from the FTP server.
l Running one or more of the following commands to manage files
– Run:
ls [ remote-filename ] [ local-filename ]
The specified directory or file on the remote FTP server is displayed.
If the directory name is not specified when a specific remote file is selected, the system
searches the working directory for the specific file.
– Run:
dir [ remote-filename ] [ local-filename ]
The specified directory or file on the local FTP server is displayed.
If the directory name is not specified when a specific remote file is selected, the system
searches the working directory for the specific file.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
114
– Run:
delete remote-filename
The specified file on the FTP server is deleted.
If the directory name is not specified when a specific remote file is selected, the system
searches the working directory for the specific file.
When local-filename is set, related information about the file can be downloaded locally.
NOTE
If you need more information about FTP operations, run the help [ command ] command in the
Windows CLI.
----End
6.3.9 Checking the Configuration
After configuring a router to be the FTP server, you can view the configuration and status of the
FTP server as well as information about login FTP users.
Prerequisites
The configuration of the Router to be the FTP Server are complete.
Procedure
l Run the display ftp-server the configuration and running information about the FTP server.
l Run the display ftp-users command to check the login FTP user.
----End
Example
After configuring the FTP server, run the display ftp-server command. You can view that the
FTP server is working.
<Huawei> display ftp-server
FTP server is running
Max user number 5
User count 0
Timeout value(in minute) 30
Listening Port 21
Acl number 0
FTP server's source address 1.1.1.1
Run the display ftp-users command to view the user name, port number, authorization directory
of the FTP user configured presently.
<Huawei> display ftp-users
username host port idle topdir
zll 100.2.150.226 1383 3 flash:
6.4 Managing Files Using SFTP
SFTP allows you to log in to the router securely from a remote device to manage files. This
makes transmission of data to the remote end more secure.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
115
6.4.1 Establishing the Configuration Task
Before using SFTP to manage files, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain any data required for the configuration. This
will help you complete the configuration task quickly and correctly.
Applicable Environment
SSH authenticates clients and encrypts data in both directions to guarantee secure data
transmission on conventional networks. SSH supports SFTP.
SFTP is a secure FTP service that enables users to log in to the FTP server for data transmission.
Pre-configuration Tasks
Before using SFTP to manage files, complete the following task:
l Configuring reachable routes between the terminal and the device
Data Preparation
Before using SFTP to manage files, you need the following data.
No. Data
1 Maximum number of VTY user interfaces, (optional) ACL for restricting incoming
and outgoing calls on VTY user interfaces, connection timeout period of terminal
users, number of rows displayed in a terminal screen, size of the history command
buffer, user authentication mode, username, and password
2 Username, password, authentication mode, and service type of an SSH user, remote
public RSA key pair allocated to the SSH user, and SFTP working directory of the
SSH user
3 (Option) Number of the port monitored by the SSH server
(Option) The interval for updating the key pair on the SSH server
4 Name of the SSH server, number of the port monitored by the SSH server, preferred
encryption algorithm from the SFTP client to the SSH server, preferred encryption
algorithm from the SSH server to the SFTP client, preferred HMAC algorithm from
the SFTP client to the SSH server, preferred HMAC algorithm from the SSH server
to the SFTP client, preferred algorithm of key exchange, name of the outgoing
interface, source address
5 Directory name and File name

6.4.2 Configuring VTY User Interface
To allow a user to log in to the device by using SFTP, you need to configure attributes of the
VTY user interface.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
116
Context
By default, the user authentication mode in the VTY user interface is password. Therefore, before
a user logs in to the device by using SFTP, the user authentication mode in the VTY user interface
must be set. Otherwise, the user cannot log in to the device.
In general, the default values of other VTY user interface attributes do not need to be modified.
These attributes can be changed if necessary. For details, see Configuring the VTY User
Interface.
6.4.3 Configuring SSH for the VTY User Interface
Before users can log in to the router using SFTP, you must configure VTY user interfaces to
support SSH.
Context
By default, user interfaces support Telnet. If no user interface is configured to support SSH, you
cannot log in to the router using SFTP.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
user-interface [ vty ] first-ui-number [ last-ui-number ]
The VTY user interface is displayed.
Step 3 Run:
authentication-mode aaa
The AAA authentication mode is configured.
Step 4 Run:
protocol inbound ssh
The VTY user interface is configured to support SSH.
----End
6.4.4 Configuring an SSH User and Specifying SFTP as One of
Service Types
To allow a user to log in to the router by using SFTP, you must configure an SSH user, configure
the router to generate a local RSA key pair, configure a user authentication mode, and specify
a service type and authorized directory for the SSH user.
Context
l SSH users can be authenticated in four modes: RSA, password, password-RSA, and All.
You must create a local user with the specified user name in the AAA view.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
117
l Configuring the router to generate a local RSA key pair is a key step for SSH login. If an
SSH user logs in to an SSH server in password authentication mode, configure the server
to generate a local RSA key pair. If an SSH user logs in to an SSH server in RSA
authentication mode, configure both the server and the client to generate local RSA key
pairs.
NOTE
Password-RSA authentication integrates password authentication and RSA authentication. All
authentication is equivalent to password authentication or RSA authentication.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
aaa
The AAA view is displayed.
Step 3 Run:
local-user user-name password { simple | cipher } password
Name and password of the local user are created.
Step 4 Run:
quit
Return to the system view.
Step 5 Run:
rsa local-key-pair create
A local RSA key pair is generated.
NOTE
l Before performing other SSH configurations, run the rsa local-key-pair create command to generate
a local key pair.
l After generating the local key pair, you can perform the display rsa local-key-pair public command
to view the public key in the local key pair.
Step 6 Configure an authentication mode for SSH users.
Perform either of the following operations as needed.
l Authenticate SSH users using passwords.
– Run:
ssh user user-name authentication-type password
Password authentication is configured for SSH users.
In local authentication or HWTACACS authentication, if there are a large number of
users, authenticate SSH users using passwords. This reduces the configuration.
l Authenticate SSH users through RSA.
1. Run:
ssh user user-name authentication-type rsa
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
118
RSA authentication is configured for SSH users.
2. Run:
rsa peer-public-key key-name
The public key view is displayed.
3. Run:
public-key-code begin
The public key editing view is displayed.
4. Run:
hex-data
The public key is edited.
NOTE
l In the public key view, only hexadecimal strings complying with the public key format can be
typed in. Each string is randomly generated on an SSH client. For detailed operations, see manuals
for SSH client software.
l After the public key editing view is displayed, the RSA public key generated on the client can
be sent to the server. Copy the RSA public key to the router that serves as the SSH server.
5. Run:
public-key-code end
Quit the public key editing view.
l If the specified hex-data is invalid, the public key cannot be generated after the peer-
public-key end command is run.
l If the specified key-name is deleted in other views, the system prompts that the key does
not exist after the peer-public-key end command is run and the system view is
displayed.
6. Run:
peer-public-key end
Return to the system view from the public key view.
7. Run:
ssh user user-name assign rsa-key key-name
The public key is assigned to the SSH user.
l Authenticate SSH users through Password-RSA authentication.
– Run:
ssh user user-name authentication-type password-rsa
Password-RSA authentication is configured for SSH users.
In Password-RSA authentication mode, the SSH server authenticates a client by checking
both the public key and the password. The client can be authenticated only when both the
public key and the password meet the requirement.
l Authenticate SSH users through All authentication.
– Run:
ssh user user-name authentication-type all
All authentication is configured for SSH users.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
119
In All authentication mode, the SSH server authenticates a client by checking the public key
or password. The client can be authenticated only when either the public key or the password
meet the requirement.
Step 7 (Optional) Configure basic authentication information for SSH users.
1. Run:
ssh server rekey-interval interval
The interval for updating the server key pair is configured.
By default, the interval for updating the key pair of the SSH server is 0, indicating that the
key pair is not updated.
2. Run:
ssh server auth-timeout timeout_interval
The timeout interval of SSH authentication is set.
By default, the timeout interval is 60 seconds.
3. Run:
ssh server authentication-retries auth-times
The number of retry times of SSH authentication is set.
By default, the retry times is 3.
----End
6.4.5 Enabling the SFTP Service
The STelnet service must be enabled before it can be used.
Context
By default, the SFTP server function is not enabled on the router. You can use SFTP to establish
connections with the router only after the SFTP server function is enabled on the router.
Do as follows on the router that serves as an SSH server:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
sftp server enable
The SFTP service is enabled.
By default, the SFTP service is disabled.
----End
6.4.6 Accessing the System Using SFTP
After the configuration is complete, you can use SFTP to log in to the router from a user terminal
and manage files on the router.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
120
Context
Third-party software can be used to access the router from the user terminal using SFTP. The
example here uses third-party software OpenSSH and the Windows CLI.
Install OpenSSH on the user terminal and then do as follows:
NOTE
For details on how to install OpenSSH, see the software installation guide.
For details on how to use OpenSSH commands to log in to the router, see help documentation for the
software.
Procedure
Step 1 Open the Windows CLI.
Step 2 Run relevant OpenSSH commands to log in to the router in SFTP mode.
When a command line prompt, such as sftp>, is displayed in the SFTP client view, you have
entered the working directory of the SFTP server.
Figure 6-2 Using SFTP to log in to the device

----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
121
6.4.7 Managing Files Using SFTP
You can log in to the SSH server from an SFTP client to create or delete directories on the SSH
server.
Context
After logging in to the SFTP server, you can perform the following operations:
l Displaying the SFTP client command help
l Managing directories on the SFTP server
l Managing files on the SFTP server
After logging in to the SFTP server and entering the SFTP client view, you can perform one or
more of the following operations.
Procedure
l Run:
help [ all | command-name ]
The SFTP client command help is displayed.
l Perform one or multiple of the following operations as required.
– Run:
cd [ remote-directory ]
The current operating directory of users is changed.
– Run:
pwd
The current operating directory of users is displayed.
– Run:
dir [ -l -a ] [ path ]
A list of files in the specified directory is displayed.
– Run:
rmdir remote-directory &<1-10>
The directory on the server is deleted.
– Run:
mkdir remote-directory
A directory is created on the server.
l Perform one or multiple of the following operations as required.
– Run:
rename old-name new-name
The name of the specified file on the server is changed.
– Run:
get remote-filename [ local-filename ]
The file on the remote server is downloaded.
– Run:
put local-filename [ remote-filename ]
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
122
The local file is uploaded to the remote server.
– Run:
rmdir remote-directory &<1-10>
The file on the server is removed.
----End
6.4.8 Checking the Configuration
After using SFTP to manage files, you can view SSH user information and global configurations
for the SSH server.
Prerequisites
The configurations of SSH users are complete.
Procedure
l Run the display ssh user-information username command on the SSH server to check
information about the SSH client.
l Run the display ssh server status command on the SSH server to check its global
configurations.
l Run the display ssh server session command on the SSH server to check information about
connection sessions with SSH clients.
----End
Example
Run the display ssh user-information username command. It shows that the SSH user named
clinet001 is authenticated by password, and its service type is sftp.
[Huawei] display ssh user-information client001
Sftp-directory : -
Service-type : sftp
-------------------------------------------------------------------------------
Username Auth-type User-public-key-name
-------------------------------------------------------------------------------
client001 password null
-------------------------------------------------------------------------------
If no SSH user is specified, information about all SSH users logged in to an SSH server will be
displayed.
Run the display ssh server status command to view configurations of an SSH server.
<Huawei> display ssh server status
<Huawei> display ssh server status
SSH version : 1.99
SSH connection timeout : 60 seconds
SSH server key generating interval : 2 hours
SSH Authentication retries : 5 times
SFTP Server : Enable
Stelnet server : Enable
NOTE
If the default interception port is in use, information about the current interception port is not displayed.
<Huawei> display ssh server session
--------------------------------------------------------------------
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
123
Conn Ver Encry State Auth-type Username
--------------------------------------------------------------------
VTY 0 1.5 BLOWFISH run password john
--------------------------------------------------------------------
6.5 Configuration Examples
The examples in this section show how to use FTP, SFTP or FTPS to access the system and
manage files. These configuration examples explain networking requirements and provide
configuration roadmaps and configuration notes.
6.5.1 Example for Managing Files Using the File System
This example shows how to use the file system to manage files. In the example, you log in to
the router to view and copy directories.
Networking Requirements
You can log in to the router through the console port, Telnet, or STelnet to manage files on the
router.
The path to the file on the storage device must be entered correctly. If the user does not specify
a target file name, the source file name is the name of the target file by default.
Configuration Roadmap
The configuration roadmap is as follows:
1. Check the files in a certain directory.
2. Copy a file to this directory.
3. Check that the file has been copied to the directory.
Data Preparation
To complete the configuration, you need the following data:
l Source file name and target file name
l Source file path and target file path
Procedure
Step 1 Display the file information in the current directory. flash:/ is the flash memory identifier.
<Huawei> dir
Directory of flash:/

Idx Attr Size(Byte) Date Time(LMT) FileName
0 -rw- 47,584,256 Sep 17 2107 14:54:23 ar1201_23316_1220.cc
1 -rw- 4 Jun 30 2010 01:01:16 voip_feature.efs
2 -rw- 4 Jul 27 2005 11:02:05 voip_protocol.efs
3 -rw- 45,794,304 Sep 03 2107 12:38:38 ar1117_20921_1220.cc
4 -rw- 1,751,678 Jan 26 2008 16:24:13 web.zip
5 -rw- 3,856 Jan 28 2008 00:00:09 iascfg.zip
6 -rw- 396 Jan 11 2008 18:09:53 rsa_host_key.efs
7 -rw- 6 Dec 01 2007 15:35:31 1.txt
8 -rw- 3,315 Dec 07 2007 12:54:45 ma5600_license.dat
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
124
9 -rw- 6,656 Dec 07 2007 12:55:14 patch_lic.pat
10 -rw- 7,533 Dec 07 2007 12:55:50 pdt_keyfile.txt
11 -rw- 6,656 Dec 07 2007 13:13:39 patch_lic2.pat
12 -rw- 526,003 Jan 27 2008 00:00:36 private-data.txt
13 -rw- 540 Jan 11 2008 18:10:07 rsa_server_key.efs
14 -rw- 16 Jan 12 2008 14:53:53 dulei.tbl
15 -rw- 0 Dec 27 2007 15:27:49 dictionary.xml
16 -rw- 2,016,467 Dec 28 2007 17:58:26 arweb.zip
17 -rw- 477 Jan 10 2008 14:46:12 elabel.fls
18 -rw- 2,810 Jan 15 2008 13:57:02 aa.txt
19 -rw- 68,750,848 Jan 26 2008 15:40:15 ar0312_34479_1220.cc
20 -rw- 0 Jan 28 2008 14:47:29 ar.txt

217,168 KB total (4,320 KB free)
Step 2 Copy files from usb0:/sample.txt to flash:/sample.txt
<Huawei> copy usb0:/sample.txt flash:/sample1.txt
Copy usb0:/sample.txt to flash:/sample1.txt?[Y/N]:y
100% complete
Info:Copied file usb0:/sample.txt to flash:/sample1.txt...Done
Step 3 Display the file information about the current directory to check that the file has been copied to
the specified directory.
<Huawei> dir
Directory of flash:/

Idx Attr Size(Byte) Date Time(LMT) FileName
0 -rw- 47,584,256 Sep 17 2107 14:54:23 ar1201_23316_1220.cc
1 -rw- 4 Jun 30 2010 01:01:16 voip_feature.efs
2 -rw- 4 Jul 27 2005 11:02:05 voip_protocol.efs
3 -rw- 45,794,304 Sep 03 2107 12:38:38 ar1117_20921_1220.cc
4 -rw- 1,751,678 Jan 26 2008 16:24:13 web.zip
5 -rw- 3,856 Jan 28 2008 00:00:09 iascfg.zip
6 -rw- 396 Jan 11 2008 18:09:53 rsa_host_key.efs
7 -rw- 6 Dec 01 2007 15:35:31 1.txt
8 -rw- 3,315 Dec 07 2007 12:54:45 ma5600_license.dat
9 -rw- 6,656 Dec 07 2007 12:55:14 patch_lic.pat
10 -rw- 7,533 Dec 07 2007 12:55:50 pdt_keyfile.txt
11 -rw- 6,656 Dec 07 2007 13:13:39 patch_lic2.pat
12 -rw- 526,003 Jan 27 2008 00:00:36 private-data.txt
13 -rw- 540 Jan 11 2008 18:10:07 rsa_server_key.efs
14 -rw- 16 Jan 12 2008 14:53:53 dulei.tbl
15 -rw- 0 Dec 27 2007 15:27:49 dictionary.xml
16 -rw- 2,016,467 Dec 28 2007 17:58:26 arweb.zip
17 -rw- 477 Jan 10 2008 14:46:12 elabel.fls
18 -rw- 2,810 Jan 15 2008 13:57:02 aa.txt
19 -rw- 68,750,848 Jan 26 2008 15:40:15 ar0312_34479_1220.cc
20 -rw- 0 Jan 28 2008 14:47:29 ar.txt
21 -rw- 1,605 Oct 24 2009 11:14:39
sample1.txt
217,169 KB total (4,319 KB free)
----End
6.5.2 Example for Performing File Operations by Means of FTP
This section provides an example for operating files by means of FTP. In this example, a PC
connected to the router logs in to the FTP server by entering the correct user name and password
using FTP, and then downloads files to the memory of the FTP client.
Networking Requirements
As shown in Figure 6-3, after the FTP server is enabled on the router, you can log in to the FTP
server from the HyperTerminal to upload or download files.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
125
Figure 6-3 Networking for performing file operations by using FTP
PC
Network
FTP Server
GE1/0/0
10.137.217.221/16

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the IP address of the FTP server.
2. Enable the FTP server.
3. Configure the authentication information, authorization mode, and directories to be
accessed for an FTP user.
4. Log in to the FTP server by using the correct user name and password.
5. Upload files to or download files from the FTP server.
Data Preparation
To complete the configuration, you need the following data:
l IP address of the FTP server, that is, 10.137.217.221
l Timeout period for the FTP connection, that is, 20 minutes
l FTP username as huawei and password as huawei on the server
l Destination file name and its position in the FTP client
l Ensure that the PC can communicate with the FTP server.
Procedure
Step 1 Configure the IP address of the FTP server.
<Huawei> system-view
[Huawei] sysname server
[server] interface gigabitethernet1/0/0
[server-GigabitEthernet1/0/0] ip address 10.137.217.221 255.255.0.0
[server-GigabitEthernet1/0/0] quit
Step 2 Enable the FTP server.
[server] ftp server enable
[server] ftp timeout 20
Step 3 Configure the authentication information, authorization mode, and authorized directories for an
FTP user on the FTP server.
[server] aaa
[server-aaa] local-user huawei password simple huawei
[server-aaa] local-user huawei service-type ftp
[server-aaa] local-user huawei ftp-directory flash:
[server-aaa] quit
Step 4 Run the FTP commands at the windows command line prompt, and enter the correct user name
and password to set up an FTP connection with the FTP server.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
126
Figure 6-4 Logging in to the FTP Server

Step 5 Upload and download files, as shown in the following figure.
Figure 6-5 Performing file operations by means of FTP
NOTE
You can run the dir command before downloading a file or after uploading a file to view the detailed
information of the file.

----End
Configuration Files
l Configuration file of the FTP server.
#
sysname Server
#
ftp server enable
ftp timeout 20
#
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
127
interface GigabitEthernet1/0/0
ip address 10.137.217.221 255.255.0.0
#
aaa
local-user huawei password simple Huawei
local-user huawei service-type ftp
local-user huawei ftp-directory flash:
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
return
6.5.3 Example for Performing File Operations by Means of SFTP
This section provides an example for operating files by using SFTP. In this example, a local key
pair is configured on the SSH server, and a user name and a password are configured on the
server for an SSH user. After SFTP services are enabled on the server and the SFTP client is
connected to the server, you can operate files between the client and the server.
Networking Requirements
As shown in Figure 6-6, after SFTP services are enabled on the router functioning as an SSH
server, you can log in to the server in password, RSA, password-rsa, or all authentication mode
from a PC on the SFTP client.
Configure a user to log in to the SSH server in password authentication mode.
Figure 6-6 Networking diagram for operating files by using SFTP
PC
Network
SSH Server
GE1/0/0
10.137.217.225/16

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a local key pair on the SSH server to securely exchange data between the SFTP
client and the SSH server.
2. Configure VTY user interfaces on the SSH server.
3. Configure an SSH user, including user name and password.
4. Enable SFTP services on the SSH server and configure a user service type.
Data Preparation
To complete the configuration, you need the following data:
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
128
l SSH user authentication mode: password, user name: client001, password: huawei
l User level of client001: 3
l IP address of the SSH server: 10.137.217.225
Procedure
Step 1 Configure a local key pair on the SSH server.
<Huawei> system-view
[Huawei] sysname SSH Server
[SSH Server] rsa local-key-pair create
The key name will be: Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]: 768
Generating keys...
.......++++++++++++
..........++++++++++++
...................................++++++++
......++++++++
Step 2 Configure VTY user interfaces on the SSH server.
[SSH Server] user-interface vty 0 4
[SSH Server-ui-vty0-4] authentication-mode aaa
[SSH Server-ui-vty0-4] protocol inbound ssh
[SSH Server-ui-vty0-4] quit
Step 3 Configure the SSH user name and password on the SSH server.
[SSH Server] aaa
[SSH Server-aaa] local-user client001 password cipher huawei
[SSH Server-aaa] local-user client001 privilege level 3
[SSH Server-aaa] local-user client001 service-type ssh
[SSH Server-aaa] local-user client001 ftp-directory flash:
[SSH Server-aaa] quit
Step 4 Enable SFTP.
[SSH Server] sftp server enable
Step 5 Verify the configurations.
# Access the SFTP server by using the OpenSSH software.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
129
Figure 6-7 Accessing Interface

----End
Configuration Files
l Configuration file of the SSH server
#
sysname SSH Server
#
aaa
local-user client001 password cipher huawei
local-user client001 privilege level 3
local-user client001 service-type ssh
local-user client001 ftp-directory flash:
#
interface GigabitEthernet1/0/0
ip address 10.137.217.225 255.255.0.0
#
sftp server enable
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
#
return
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 6 Managing the File System
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
130
7 Configuring System Startup
About This Chapter
When the router is powered on, system software starts and configuration files are loaded. To
ensure smooth running of the router, you need to manage system software and configuration
files efficiently.
7.1 System Startup Overview
When the router is powered on, system software starts and configuration files are loaded.
7.2 Managing Configuration Files
You can manage the configuration files for the current and next startup operations on the
router.
7.3 Specifying a File for System Startup
You can specify a file to be used for system startup by specifying the system software and
configuration file for the next startup of the router.
7.4 Configuration Examples
The example in this section shows how to configure system startup. The example explains
networking requirements, and provides a configuration roadmap and configuration notes.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 7 Configuring System Startup
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
131
7.1 System Startup Overview
When the router is powered on, system software starts and configuration files are loaded.
7.1.1 System Software
System software provides an operating system for the router. System software must be set up
correctly for the router to run properly and provide services.
The extension for the system software file is .cc. The file must be saved in the root directory of
the storage device.
7.1.2 Configuration Files and Current Configurations
When the router is running, current configurations differ from configuration files.
The concepts of configuration files and current configurations are as follows.
Concept Identifying Method
Configuration files Initial configurations: When
powered on, the router
retrieves configuration files
from a default save path to
initialize itself. If
configuration files do not
exist in the default save path,
the router uses default
initialization parameters.
l Run the display startup
command to view the
configuration files for the
current startup and next
startup on the router.
l Run the display saved-
configuration command
to view the configuration
file for the next startup on
the router.
Current configurations Current configurations:
indicates the configurations
in effect on the router when it
is actually running.
Run the display current-
configuration command to
view current configurations
on the router.

You can use the command line interface to modify current router configurations. Use the save
command to save modified configurations to the configuration file on the default storage devices.
This configuration file will be used to initialize the router when the router is powered on next
time.
7.2 Managing Configuration Files
You can manage the configuration files for the current and next startup operations on the
router.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 7 Configuring System Startup
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
132
7.2.1 Establishing the Configuration Task
Before managing configuration files, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain any data required for the configuration. This
will help you complete the configuration task quickly and correctly.
Applicable Environment
Configuration files can be saved, cleared, and compared. Configuration file management is
required to upgrade the router, take preventive measures, repair configuration files, and view
configurations after the router starts.
Pre-configuration Tasks
Before managing configuration files, complete the following task:
l Installing and powering on the router
Data Preparation
To manage configuration files, you need the following data.
No. Data
1 Configuration file and its name
2 Configuration file saving interval and delay interval
3 Number of the start line from which the comparison of the configuration files
begins

7.2.2 Saving Configuration Files
The system can save configuration files periodically or immediately to prevent data loss when
the router is powered off or accidentally restarted.
Procedure
l Configure the system to periodically save configuration files.
WARNING
If an LPU is not running on the router, related configurations may be lost when the system
automatically saves the configuration file.
1. Run:
autosave interval { time } | { value } | { configuration time }
The system is configured to save the configuration file periodically.
If interval time is specified, the system saves the configuration file at the specified
interval regardless of whether the configuration is changed.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 7 Configuring System Startup
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
133
– By default, the interval at which the system saves the configuration file is 0
seconds, indicating that the system does not save the configuration file
automatically.
– After automatic configuration saving is enabled, the default interval is 30 minutes
if time is not specified.
l Save the current configuration immediately.
– Run:
save [ all ] [ configuration-file ]
The current configuration is saved.
The configuration file name extension must be .cfg or .zip, and the system startup
configuration file must be saved in the root directory of the storage device.
If you modify the current configuration and want to use the modified configuration as
the next startup configuration, run the save command to save the new configuration to
the storage device.
The save all command saves all the current configurations to the default directory,
including the configurations of the boards that are not running on the router.
----End
7.2.3 Clearing a Configuration File
You can clear the configuration file that has been loaded to a device.
Context
The configuration file needs to be cleared in the following cases:
l The system software does not match the configuration file after the router has been
upgraded.
l The configuration file is destroyed or an incorrect configuration file has been loaded.
Procedure
l Run the reset saved-configuration command to clear the currently loaded configuration
file.
– If the configuration file of the router used for the current startup is the same as that used
for the next startup, running the reset saved-configuration command will clear both
the configuration files. The router will uses the default configuration file for the next
startup.
– If the configuration file of the router used for the current startup is different from that
used at the next startup, running the reset saved-configuration command will clear the
configuration file used for the current startup.
– If the configuration file of the router used for the current startup is empty, the system
will prompt you that the configuration file does not exist after you run the reset saved-
configuration command.
If you do not run the startup saved-configuration configuration-file command to specify
a new correct configuration file, or do not run the save command to save the configuration
file after the configuration file is cleared, the router will use the default configuration file
at the next startup.
----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 7 Configuring System Startup
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
134
7.2.4 Comparing Configuration Files
You can compare the current configuration with the initial configuration.
Context
Do as follows on the router:
Procedure
Step 1 Run:
compare configuration [ configuration-file [ current-line-number save-line-
number ] ]
The current configuration is compared with the configuration file for next startup.
If no parameter is set, the comparison begins with the first lines of configuration files. current-
line-number and save-line-number are used to continue the comparison by ignoring the
differences between the configuration files.
When comparing differences between the configuration files, the system displays the contents
of the current configuration file and saved configuration file from the first different line. By
default, 120 characters are displayed for each configuration file. If the number of characters from
the first different line to the end is less than 120, the contents after the first different line are all
displayed.
In comparing the current configurations with the configuration file for next startup, if the
configuration file for next startup is unavailable or its contents are null, the system prompts that
reading files fails.
----End
7.2.5 Checking the Configuration
After managing configuration files has been configured, you can view the current configuration
files, configuration files to be loaded at the next startup, files for the device startup, and files
saved in the storage device.
Prerequisites
The configuration of managing configuration files are complete.
Procedure
l Run the display current-configuration [ configuration [ configuration-type
[ configuration-instance ] ] | controller | interface [ interface-type [ interface-number ] ] ]
[ feature feature-name [ filter filter-expression ] | filter filter-expression ] or display
current-configuration [ all | inactive ] command to view the current configuration files.
l Run the display startup command to check files for startup.
l Run the dir [ /all ] [ filename ] [ device-name ] command to check files saved in the storage
device.
l Run the display saved-configuration [ last | time | configuration ] command to view
configuration files to be loaded at the next startup.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 7 Configuring System Startup
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
135
l Run the display autosave configuration command to view configurations of the autosave
function, including the status of the autosave function and time for autosave check.
l Run the display this command to view configurations in the current view.
----End
Example
Run the display startup command to check files for startup.
<Huawei> display startup
MainBoard:
Startup system software: usb0:/ar0210_30735_1220.cc
Next startup system software: usb0:/ar0210_30735_1220.cc
Backup system software for next startup: null
Startup saved-configuration file: flash:/arcfg.cfg
Next startup saved-configuration file: flash:/arcfg.cfg
Startup license file: null
Next startup license file: null
Startup patch package: null
Next startup patch package: null
Startup voice-files: null
Next startup voice-files: null
7.3 Specifying a File for System Startup
You can specify a file to be used for system startup by specifying the system software and
configuration file for the next startup of the router.
7.3.1 Establishing the Configuration Task
Before specifying a file for system startup, familiarize yourself with the applicable environment,
complete the pre-configuration tasks, and obtain any data required for the configuration. This
will help you complete the configuration task quickly and correctly.
Applicable Environment
To enable the router to provide user-defined configurations during the next startup, you need to
correctly specify the system software and configuration file for the next startup.
Pre-configuration Tasks
Before specifying a file for system startup, complete the following task:
l Installing the router and powering it on properly
Data Preparation
To specify a file for system startup, you need the following data.
No. Data
1 System software and its file name on the AR1200-S
2 Configuration file and its file name on the device

Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 7 Configuring System Startup
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
136
7.3.2 Configuring System Software for a router to Load for the Next
Startup
If you need to upgrade system software of a router, you can specify the router system software
to be loaded at the next startup.
Context
The system will continue to load the current system software at each startup until different system
software is specified for the next system startup. To change system software for the next startup,
you need to specify the system software you require.
The filename extension of the system software must be .cc and the file must be stored in the root
directory of a storage device.
Procedure
Step 1 Run:
startup system-software filename
The AR1200-S system software to be loaded at the next startup of the router is configured.
----End
7.3.3 Configuring the Configuration File for Router to Load at the
Next Startup
Before restarting a router, you can specify which configuration files will be loaded at the next
startup.
Context
Run the display startup command on the router to check whether a specific configuration file
is set to be loaded at the next startup. If a specific configuration file is not specified, the default
configuration file will be loaded at the next startup.
The filename extension of the configuration file must be .cfg or .zip, and the file must be stored
in the root directory of a storage device.
When the router is powered on, it reads the configuration file from the flash memory by default
to initialize. The data in this configuration file is the initial configuration. If no configuration
file is saved in the flash memory, the router uses default parameters to initiate.
Procedure
l Run:
startup saved-configuration configuration-file
A configuration file is saved for the router to load at next startup.
----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 7 Configuring System Startup
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
137
7.3.4 Checking the Configuration
After specifying a configuration file for system startup, you can check the content of the
configuration file and information about the files to be used at the next startup on the router.
Prerequisites
A configuration file has been specified for system startup.
Procedure
l Run the display current-configuration [ configuration [ configuration-type
[ configuration-instance ] ] | controller | interface [ interface-type [ interface-number ] ] ]
[ feature feature-name [ filter filter-expression ] | filter filter-expression ] command to
check current configurations.
l Run the display saved-configuration [ last | time ] command to check the contents of the
configuration file to be loaded at next startup.
l Run the display startup command to check information about the files to be used at next
startup.
----End
Example
Run the display startup command to check information about the files to be used at next startup.
<Huawei> display startup
MainBoard:
Startup system software: usb0:/ar0210_30735_1220.cc
Next startup system software: usb0:/ar0210_30735_1220.cc
Backup system software for next startup: null
Startup saved-configuration file: flash:/arcfg.zip
Next startup saved-configuration file: flash:/arcfg.zip
Startup license file: null
Next startup license file: null
Startup patch package: null
Next startup patch package: null
Startup voice-files: null
Next startup voice-files: null
7.4 Configuration Examples
The example in this section shows how to configure system startup. The example explains
networking requirements, and provides a configuration roadmap and configuration notes.
7.4.1 Example for Configuring System Startup
This example shows how to configure system startup. In the example, a configuration file is
saved and the system software and configuration file to be loaded at the next startup are specified
so that the router can start in a required manner.
Networking Requirements
After the router is configured, new configurations take effect at next system startup.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 7 Configuring System Startup
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
138
Configuration Roadmap
The configuration roadmap is as follows:
1. Save the current configuration.
2. Specify the configuration file to be loaded at the next startup of the router.
3. Specify the system software to be loaded at the next startup of the router.
Data Preparation
To complete the configuration, you need the following data:
l Name of the configuration file
l File name of the system software
Procedure
Step 1 Check the configuration file and system software that were used during the current startup.
<Huawei> display startup
MainBoard:
Startup system software: usb0:/ar0312.cc
Next startup system software: usb0:/ar0312.cc
Backup system software for next startup: null
Startup saved-configuration file: flash:/iascfg.zip
Next startup saved-configuration file: flash:/iascfg.zip
Startup license file: null
Next startup license file: null
Startup patch package: null
Next startup patch package: null
Startup voice-files: null
Next startup voice-files: null
Step 2 Save the current configuration to the specified file.
<Huawei> save vrpcfg.cfg
The system asks you whether you want to save the current configuration to the file named
arcfg.cfg on the main control board. Enter y to save the configuration.
Step 3 Specify the configuration file to be loaded at the next startup of the router.
<Huawei> startup saved-configuration usb0:/arcfg.cfg
Step 4 Specify the system software to be loaded at the next startup of the router.
Specify the system software to be loaded at the next startup of the main control board.
<Huawei> startup system-software usb0:/arsoft.cc
NOTE
The software package arsoft.cc has been loaded to the AR1200-S. For details on how to upload the software
package, see 6.3 Managing Files Using FTP.
Step 5 Verify the configuration.
After the configuration is complete, run the following command to check which configuration
file and system software will be loaded at the next startup of the router.
<Huawei> display startup
MainBoard:
Startup system software: usb0:/ar0312.cc
Next startup system software: usb0:/arsoft.cc
Backup system software for next startup: null
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 7 Configuring System Startup
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
139
Startup saved-configuration file: flash:/iascfg.zip
Next startup saved-configuration file: usb0:/arcfg.cfg
Startup license file: null
Next startup license file: null
Startup patch package: null
Next startup patch package: null
Startup voice-files: null
Next startup voice-files: null
----End
Configuration Files
None.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 7 Configuring System Startup
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
140
8 Accessing Another Device
About This Chapter
To manage configurations or operate files of another device, you can access the device by using
Telnet, STelnet, TFTP, FTP, or SFTP from the device that you have logged in to.
8.1 Accessing Another Device
To manage configurations or use files on a device other than the device you are logged in to,
you can use Telnet, FTP, TFTP, or SSH to access that device.
8.2 Logging in to Other Devices Using Telnet
On most networks, multiple routers need to be managed and maintained, but it may be impossible
to connect some of these routers to a PC terminal. In other cases, there may be no reachable
route between a router and a PC terminal. You can log in to a local router and then use Telnet
to log in to remote routers to complete management and maintenance tasks.
8.3 Using the Redirection Function to Connect to a Remote Device
Configure the redirection function on the AR1200-S to manage a remote device that can transmit
data only through a serial interface.
8.4 Logging in to Another Device Using STelnet
STelnet provides secure Telnet services. You can use STelnet to log in to another router from
the router that you have logged in to and manage the device remotely.
8.5 Accessing Files on Another Device Using TFTP
You can configure the router as a TFTP client, and log in to the TFTP server to upload and
download files.
8.6 Accessing Files on Another Device Using FTP
This section describes how to configure a router as an FTP client to log in to a FTP server, and
to upload files to or download files from the server.
8.7 Accessing Files on Another Device Using SFTP
SFTP is a secure FTP service. After the router is configured as an SFTP client, the SFTP server
authenticates the client and encrypts data in both directions to provide secure data transmission.
8.8 Configuration Examples
This section describes examples for access another device. The examples explain networking
requirements, configuration notes, and configuration roadmap.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
141
8.1 Accessing Another Device
To manage configurations or use files on a device other than the device you are logged in to,
you can use Telnet, FTP, TFTP, or SSH to access that device.
Figure 8-1 Networking diagram for accessing another device from the router
Network Network
PC Client
Server
As shown in Figure 8-1, when you run a terminal emulation or Telnet program on a PC to
connect to the router, the router can still function as a client to access another device on the
network. There are several ways to accomplish this.

8.1.1 Telnet Method
To configure and manage a remote device on the network, you can use the router that you have
logged in to as a client to log in to that device, or use a redirection terminal service on
therouter to log in to that device.
Telnet is an application layer protocol in the TCP/IP protocol suite. It provides remote login and
a virtual terminal service.
The AR1200-S provides the following Telnet services:
l Telnet server: You can run the Telnet client program on a PC to log in to a router to complete
configuration and management tasks. The router acts as a Telnet server.
l Telnet client: You can run the terminal emulation program or the Telnet client program on
a PC to connect with the router. You can then run the telnet command to log in to other
routers to configure and manage them. As shown in Figure 8-2,Router A serves as both a
Telnet server and a Telnet client.
Figure 8-2 Telnet client services
RouterA PC RouterB
Telnet Session 1 Telnet Session2
Telnet Server

l Redirection terminal services: You can run the Telnet client program on a PC to log in to
the router through a specified port number. Then connect with the serial interface devices
that are connected with the asynchronous interface of the router, as shown in Figure 8-3.
The typical application is to connect the asynchronous interface of the router with multiple
devices for their remote configuration and maintenance.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
142
Figure 8-3 Telnet redirection services
Ethernet
PC
Router
Router2 Modem Switch Router1
Async0
Async1
Async2
Async3

NOTE
Only devices that provide asynchronous interfaces support the Telnet redirection service.
l Interruption of Telnet services
In Telnet connection, two shortcut key combinations can terminate the connection.
As shown in Figure 8-4, Router A logs in to Router B through Telnet, and Router B logs
in to Router C through Telnet. Thus, a cascade network is formed. In this case, Router A
is the client of Router B and Router B is the client of Router C. Figure 8-4 illustrates the
usage of shortcut keys.
Figure 8-4 Usage of Telnet shortcut keys
RouterB RouterC
Telnet Session 1 Telnet Session2
Telnet
Server
RouterA
Telnet
Client

Ctrl_]: The server interrupts the connection.
If the network connection is normal and you press Ctrl_], the Telnet server terminates the
current Telnet connection. For example:
<RouterC>
Press Ctrl_] to return to the prompt of Router B.
Configuration console exit, please retry to log on
The connection was closed by the remote host
<RouterB>
Press Ctrl_] to return to the prompt of Router A.
Configuration console exit, please retry to log on
The connection was closed by the remote host
<RouterA>
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
143
NOTE
If a router becomes disconnected from the network, these shortcut keys are invalid. Instructions
cannot be sent to the server.
Ctrl_]: The client interrupts the connection.
If the server fails and the client is unaware of the failure, the client continues to transmit
data but the server does not respond. In this case, press Ctrl_T to terminate the Telnet
connection.
For example:
<RouterC>
Press Ctrl_T to terminate and quit a Telnet connection.
<RouterA>
CAUTION
If remote login users are using all of the maximum number of VTY user interfaces allowed,
the system prompts that all user interfaces are in use and does not allow additional Telnet
logins.
8.1.2 FTP Method
To access files on a remote FTP server, you can use FTP to establish a connection between the
router that you have logged in to and the remote FTP server.
FTP can transmit files between hosts and it provides users with common FTP commands for file
system management. That is, using an FTP client program not residing on the router, you can
upload or download the files and access the directories on the router; using an FTP client program
residing on the router, you can transfer files to the FTP servers of other devices.
FTP can transmit files between local and remote hosts, and is widely used for version upgrade,
log downloading, file transmission, and configuration saving.
8.1.3 TFTP Method
If network client/server interaction requirements are relatively simple, you can enable the TFTP
service on the router that functions as a TFTP client to access files on a TFTP server.
Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol.
Unlike FTP, TFTP does not have a complex interactive access interface and authentication
control. TFTP is for use in environments where there is no complex interaction between the
client and the server. For example, TFTP is used to obtain a memory image of the system when
the system starts up.
Implementation of TFTP is based on the User Datagram Protocol (UDP).
The client initiates a TFTP transfer. To download files, the client sends a read request packet to
the TFTP server, receives packets from the server, and returns an acknowledgement to the server.
To upload files, the client sends a write request packet to the TFTP server, sends packets to the
server, and receives acknowledgement from the server.
TFTP uses two formats for file transfer:
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
144
l Binary format: transfers program files.
l ASCII format: transfers text files.
At present, the AR1200-S can only serve as a TFTP client and can only transfer files in binary
format.
8.1.4 SSH Method
Logging in to a remote device using SSH (including STelnet,SFTP) provides secure
communications between the remote device and the router you are logged in to.
SSH Overview
When users on an insecure network use Telnet to log in to the router, the Secure Shell (SSH)
feature provides authentication and keeps data secure. SSH defends the router from IP address
spoofing and other such attacks, and protects the router against the interception of plain text
passwords.
The SSH client function allows users to establish SSH connections with routers serving as SSH
servers or with UNIX hosts.
SSH Client Function
The AR1200-S supports the STelnet client function and SFTP client function.
l STelnet client
STelnet is short for Secure Telnet.
Telnet does not provide secure authentication and TCP transmits data in plain text. This
creates security vulnerabilities. Denial of service (DOS) attacks, host IP address spoofing,
and route spoofing also threaten system security. Telnet services are vulnerable to network
attacks.
SSH implements secure remote access on insecure networks and has the following
advantages compared with Telnet:
– SSH supports Remote Subscriber Access (RSA) authentication. SSH uses RSA
authentication to generate and exchange public and private keys compliant with an
asymmetric encryption system that protects session security.
– SSH supports Data Encryption Standard (DES), 3DES, and AES authentications.
– SSH usernames and the passwords are encrypted in communication between an SSH
client and server. This prevents password interception.
– SSH encrypts transmitted data.
If the STelnet server or the connection between the server and a client is faulty, the client
must detect the fault and release the connection. A fault detection function must be
configured on the client to accomplish this. The client sends keepalive packets to the server
at a configured time interval. If there is no reply from the server to a configured number of
keepalive packets, the client determines that there is a fault and releases the connection.
l SFTP client
SFTP is short for Secure FTP. You can log in to a device from a secure remote end to
manage files. This improves data transmission security when the remote system is updated.
The client function allows you to use SFTP to log in to the remote device for secure file
transmission.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
145
If the SFTP server or the connection between the server and a client is faulty, the client
must detect the fault and release the connection. A fault detection function must be
configured on the client to accomplish this. The client sends keepalive packets to the server
at a configured time interval. If there is no reply from the server to a configured number of
keepalive packets, the client determines that there is a fault and releases the connection.
8.2 Logging in to Other Devices Using Telnet
On most networks, multiple routers need to be managed and maintained, but it may be impossible
to connect some of these routers to a PC terminal. In other cases, there may be no reachable
route between a router and a PC terminal. You can log in to a local router and then use Telnet
to log in to remote routers to complete management and maintenance tasks.
8.2.1 Establishing the Configuration Task
Before configuring login to another device from the device that you have logged in to, familiarize
yourself with the applicable environment, complete the pre-configuration tasks, and obtain any
data required for the configuration. This will help you complete the configuration task quickly
and correctly.
Applicable Environment
Figure 8-5 Networking diagram for accessing another device from the device that you have
logged in to
Network Network
PC RouterA RouterB

As shown in Figure 8-5, you can use Telnet to log in to Router A from a PC. You cannot,
however, manage Router B remotely, because there is no reachable route between the PC and
Router B. To manage Router B remotely, you must use Telnet to log in to it from Router A.
In this situation, Router A functions as a Telnet client and Router B functions as a server.
Pre-configuration Tasks
Before using Telnet to log in to another device on the network, complete the following tasks:
l 5.3 Logging in to Devices Using Telnet
l Configuring a reachable route between the client and Telnet server
Data Preparation
To log in to another device by using Telnet, you need the following data:
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
146
No. Data
1 IP address or host name of RouterB
2 Number of the TCP port used by the RouterB to provide Telnet services

8.2.2 (Optional) Configuring a Source IP Address for a Telnet Client
You can configure a source IP address for a Telnet client and then use this address to set up a
Telnet connection from the client to server along a specific route.
Context
An IP address is configured for an interface on the router and functions as the source IP address
of a Telnet connection. This allows for implementation of security checks.
The source of a client can be a source interface or a source IP address.
Do as follows on a router that functions as a Telnet client.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
telnet client-source { -a source-ip-address | -i interface-type interface-number }
A source IP address of a Telnet client is configured.
After the configuration, the source IP address of the Telnet client displayed on the Telnet server
must be the same as the configured one.
----End
8.2.3 Logging in to Another Device by Using Telnet
You can use Telnet to log in to and manage another router.
Context
Telnet provides an interactive CLI for users to log in to a remote server. Users can first use Telnet
to log in to a host, and then remotely use Telnet again to log in to a remote host. This host can
then be remotely configured and managed. Not all hosts need to be connected directly to a
hardware terminal.
Do as follows on the router that serves as a Telnet client:
Procedure
l Select and perform one of the following two steps for IPv4 or IPv6.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
147
– Run:
telnet [-a source-ip-address ] host-name [ port-number ]
Log in to the router and manage other routers.
– Run:
telnet ipv6 host-name [ port-number ]
Log in to the router and manage other routers.
----End
8.2.4 Checking the Configuration
When you log in to another router successfully from the router that you have logged in to, you
can check information about the established TCP connection.After you have logged in to another
router from the router that you have logged in to, you can check information about the established
TCP connection.
Prerequisites
All configurations for logging in to another device are complete.
Procedure
l Run the display tcp status command to check the status of all TCP connections.
----End
Example
Run the display tcp status command to view the status of TCP connections. The Established
status indicates that a TCP connection has been established.
<Huawei> display tcp status
TCPCB Tid/Soid Local Add:port Foreign Add:port VPNID State
39952df8 36 /1509 0.0.0.0:0 0.0.0.0:0 0
Closed
32af9074 59 /1 0.0.0.0:21 0.0.0.0:0 14849
Listening
34042c80 73 /17 10.164.39.99:23 10.164.6.13:1147 0
Established
8.3 Using the Redirection Function to Connect to a Remote
Device
Configure the redirection function on the AR1200-S to manage a remote device that can transmit
data only through a serial interface.
8.3.1 Establishing the Configuration Task
Before configuring the redirection function, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain any data required for the
configuration. This will help you complete the configuration task quickly and correctly.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
148
Applicable Environment
Configure the redirection function on the AR1200-S to manage a remote device that can transmit
data only through a serial interface.
The remote device can be a router, a switch, an electricity terminal, or other terminals that use
serial interfaces to transmit data.
l Managing remote routers and switches
Figure 8-6 Using redirection to connect to remote routers and switches
Ethernet
PC
Router
Router2 Switch2 Switch1 Router1
Async0
Async1
Async2
Async3

As shown in Figure 8-6, there are two routers and two switches connected to the Router
(an AR1200-S). To manage these devices through their serial interfaces, connect
asynchronous serial interfaces of the Router to serial interfaces of the devices, and configure
the redirection function on the Router. After the configuration is complete, you can use an
operation terminal to manage and maintain these devices remotely.
l Managing terminals such intelligent electricity meters, intelligent water meters, and
automatic teller machines
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
149
Figure 8-7 Using redirection to connect to remote intelligent terminals
Router
Async0
Async1
Async2
Async3

Nework

Intelligent Electricity
Meters 1

Monitor
Device
Intelligent Electricity
Meters 2
Intelligent Electricity
Meters 3
Intelligent Electricity
Meters 4
As shown in Figure 8-7, the redirection function is enabled on the Router. The Router
listens to specified TCP port numbers and receives data flows from the terminals through
asynchronous serial interfaces. After receiving data packets, the Router encapsulates the
packets into Ethernet frames so that they can be transmitted over an Ethernet network. This
allows intelligent terminals to be managed by a remote operation terminal.

Pre-configuration Tasks
Before configuring the redirection function, complete the following tasks:
l Starting the remote devices
l Directly using asynchronous serial cables to connect the remote devices to the 8AS board
of the router and ensuring that the 8AS board has been registered and that the asynchronous
serial interfaces are Up
Data Preparation
To configure the redirection function, you need the following data.
No. Data
1 IP address of the router
2 (Optional) Port number of the redirection function

Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
150
8.3.2 Configuring the Redirection Function
After configuring the redirection function on a router, you can use an operation terminal to
manage remote serial interface devices.
Prerequisites
The 8AS board on the router has registered successfully and the asynchronous serial interfaces
are in Up state.
Context
Do as follows on the router.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
interface async interface-number
The asynchronous serial interface view is displayed.
Step 3 Run:
async mode flow
The asynchronous serial interface is configured to work in flow mode.
By default, an asynchronous serial interface works in protocol mode.
Step 4 Run:
quit
Exit from the asynchronous serial interface view.
Step 5 Run:
user-interface tty tty-number
The TTY user interface view is displayed.
After the 8AS board registers successfully, the router generates random numbers for TTY user
interfaces. Run the display user-interface command to view how TTY numbers map to
asynchronous serial interfaces.
Step 6 Run:
redirect enable
The redirection function is enabled.
Step 7 Run:
undo shell
The terminal service is disabled.
Step 8 (Optional) Run:
redirect listen-port port-num
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
151
The port number is set for the redirection function.
The default port number is 2000 plus tty-number. If the default port number is being used by
another service, perform this step to set a new port number.
NOTE
l The terminal attributes of a TTY user interface must be the same as the physical attributes of the terminal
connected to the corresponding asynchronous serial interface. For details on how to configure terminal
attributes of a TTY user interface, see 4.4.3 Setting Terminal Attributes of a TTY User Interface.
l If the modem function is enabled on a TTY user interface, the redirection function does not take effect.
----End
Follow-up Procedure
Run the telnet host-name port-number command to log in to a remote device. In this command,
host-name is the IP address or host name of the router on which the redirection function has been
enabled, and port-number is the default port number or the port number that was configured by
running the redirect listen-port command.
8.3.3 Checking the Configuration
After completing the configuration of the redirection function, check the TCP connection status
to verify the configuration.
Prerequisites
All configurations of the redirection function are complete.
Context
l Run the display tcp status command to check the status of the current TCP connection.
Example
Run the display tcp status command to check the TCP connection status.
<Huawei> display tcp status
TCPCB Tid/Soid Local Add:port Foreign Add:port VPNID State
1973f250 9 /2 0.0.0.0:22 0.0.0.0:0 23553 Listening
1973f0ec 9 /1 0.0.0.0:23 0.0.0.0:0 23553 Listening
1973ef88 109/1 0.0.0.0:80 0.0.0.0:0 23553 Listening
1a16a204 9 /14 0.0.0.0:2046 0.0.0.0:0 23553 Listening
1973e9f8 7 /1 0.0.0.0:7547 0.0.0.0:0 0 Listening
1a169c74 9 /15 10.137.217.211:23 10.138.77.61:2120 0 Established
8.4 Logging in to Another Device Using STelnet
STelnet provides secure Telnet services. You can use STelnet to log in to another router from
the router that you have logged in to and manage the device remotely.
8.4.1 Establishing the Configuration Task
Before configuring login to another device using Stelnet, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain any date required for the
configuration. This will help you complete the configuration task quickly and correctly.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
152
Applicable Environment
Telnet logins are insecure because no secure authentication mechanism is available and data is
transmitted over TCP connections in plain text mode.
STelnet is a secure Telnet protocol. STelnet is based on SSH. SSH users can use STelnet services
in place of ordinary Telnet services.
In this configuration, the device that you have logged in to functions as a Telnet client, and the
device that you want to log in to functions as an SSH server.
Pre-configuration Tasks
Before logging in to another device by using STelnet, complete the following tasks:
l 5.4 Logging in to Devices Using STelnet
l Configuring a reachable route between the client and SSH server
Data Preparation
To log in to another device using STelnet, you need the following data.
No. Data
1 Name of the SSH server, and public key that is assigned by the client to the SSH server
2 IPv4 address or host name of the SSH server, number of the port monitored by the
SSH server, preferred encryption algorithm for data from the SFTP client to the SSH
server, preferred encryption algorithm for data from the SSH server to the SFTP client,
preferred HMAC algorithm for data from the SFTP client to the SSH server, preferred
HMAC algorithm for data from the SSH server to the SFTP client, preferred algorithm
of key exchange
The user information for logging in to the SSH server

8.4.2 Configuring the First Successful Login to Another Device
(Enabling the First-Time Authentication on the SSH Client)
After first-time authentication on the SSH client is enabled, the STelnet client does not check
the validity of the RSA public key when logging in to the SSH server for the first time.
Context
If first-time authentication on the SSH client is enabled, the STelnet client does not check the
validity of the RSA public key when logging in to the SSH server for the first time. After the
login, the system automatically allocates the RSA public key and saves it for authentication at
next login.
Do as follows on the router that serves as an SSH client:
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
153
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ssh client first-time enable
First-time authentication on the SSH client is enabled.
By default, first-time authentication on the SSH client is disabled.
NOTE
l The purpose of enabling first-time authentication on the SSH client is to skip checking the validity of
the RSA public key on the SSH server when an STelnet client logs in to the SSH server for the first
time. The check is skipped because the STelnet server has not saved the RSA public key of the SSH
server.
l If an STelnet client logs in to the SSH server for the first time and first-time authentication is not enabled
on the SSH client, the STelnet client fails to pass the check of the RSA public key validity and cannot
log in to the server.
TIP
To ensure that an STelnet client can log in to an SSH server at the first attempt, you can assign an RSA
public key in advance to the SSH server on the SSH client in addition to enabling first-time authentication
on the SSH client.
----End
8.4.3 Configuring the First Successful Login to Another Device
(Allocating an Public Key to the SSH Server)
To configure the first successful login to another device on an SSH client, you must allocate an
RSA public key to the SSH server before the login.
Context
If first-time authentication is not enabled on the SSH client, when the STelnet client logs in to
the SSH server for the first time, the STelnet client fails to pass the RSA public key validity
check and cannot log in to the server. You must allocate an RSA public key to the SSH server
before the STelnet client logs in to the SSH server.
Do as follows on the router that serves as an SSH client:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
rsa peer-public-key key-name
The public key view is displayed.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
154
Step 3 Run:
public-key-code begin
The public key editing view is displayed.
Step 4 Run:
hex-data
The public key is edited.
The public key is a string of hexadecimal alphanumeric characters automatically generated by
an SSH client.
NOTE
l The RSA public key assigned to the SSH server must be generated on the server. Otherwise, the validity
check for the RSA public key on the STelnet client will fail.
l After entering the public key edit view, paste the RSA public key generated on the server to the
router that functions as the client.
Step 5 Run:
public-key-code end
Quit the public key editing view.
l If the specified hex-data is invalid, the public key cannot be generated after the peer-public-
key end command is run.
l If the specified key-name is deleted in other views, the system prompts that the key does not
exist after the peer-public-key end command is run and the system view is displayed.
Step 6 Run:
peer-public-key end
Return to the system view from the public key view.
Step 7 Run:
ssh client servername assign rsa-key keyname
The RSA public key is assigned to the SSH server
NOTE
If the RSA public key stored on the SSH client becomes invalid, run the undo ssh client servername
assign rsa-key command to cancel the association between the SSH client and the SSH server. Then, run
the ssh client servername assign rsa-key keyname command to allocate a new RSA public key to the SSH
server.
----End
8.4.4 Logging in to Another Device by Using STelnet
You can log in to the SSH server from the SSH client by using STelnet.
Context
When accessing an SSH server, the STelnet client can carry the source address and choose the
key exchange algorithm, encryption algorithm, or HMAC algorithm, and configure the keepalive
function.
Do as follows on the router that serves as an SSH client:
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
155
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run the stelnet [ -a source-address ] host-ipv4 [ port ] [ [ -vpn-instance vpn-instance-name ] |
[ prefer_kex { dh_group1 | dh_exchange_group } ] | [ prefer_ctos_cipher { des | 3des |
aes128 } ] | [ prefer_stoc_cipher { des | 3des | aes128 } ] | [ prefer_ctos_hmac { sha1 |
sha1_96 | md5 | md5_96 } ] | [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ] ]
*
[ -
ki aliveinterval [ -kc alivecountmax ] ] command. You can log in to the SSH server through
STelnet.
----End
8.4.5 Checking the Configuration
After configuring login to another device using STelnet, you can check the global configurations
of the SSH servers and information about sessions between the SSH servers and the STelnet
client.
Prerequisites
The configurations for logging in to another device by using STelnet are complete.
Procedure
l Run the display ssh server status command to view the status of the SSH server.
----End
Example
Run the display ssh server status to view the status of the SSH server.
<Huawei> display ssh server status
SSH version :1.99
SSH connection timeout :60 seconds
SSH server key generating interval :0 hours
SSH Authentication retries :3 times
SFTP Server :Enable
8.5 Accessing Files on Another Device Using TFTP
You can configure the router as a TFTP client, and log in to the TFTP server to upload and
download files.
8.5.1 Establishing the Configuration Task
Before configuring access to another device using TFTP, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain any data required for the
configuration. This will help you complete the configuration task quickly and correctly.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
156
Applicable Environment
You can use TFTP to in a simple interaction environment to transfer files between a server and
a client.
The current Router functions as a TFTP client, and theRouter to be accessed functions as a TFTP
server.
Pre-configuration Tasks
Before configuring access to another device using TFTP, complete the following tasks:
l Configuring a reachable route between the client and TFTP server
Data Preparation
To access another device using TFTP, you need the following data.
No. Data
1 (Optional) Source address or source interface of the router that functions as a TFTP
client
2 IP address or host name of the TFTP server
3 Name of the specific file in the TFTP server and the file directory

8.5.2 (Optional) Configuring a Source IP Address for a TFTP Client
You can configure a source IP address for a TFTP client and then use the source IP address to
set up a TFTP connection from the TFTP client to the server along a specific route.
Context
An IP address is configured for an interface on the router and functions as the source IP address
of a TFTP connection. This allows implementation of security checks.
The source address of a client can be configured as a source interface or a source IP address.
Do as follows on a router that functions as a TFTP client.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
tftp client-source { -a source-ip-address | -i interface-type interface-number }
A source IP address of a TFTP client is configured.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
157
After the configuration, the source IP address of the TFTP client displayed on the TFTP server
must be the same as the configured one.
----End
8.5.3 (Optional) Configuring TFTP Access Authority
This section describes how to use an ACL rule to authorize the users to specify the TFTP servers
that can be accessed by using TFTP from the router that you have logged in to.
Context
An Access Control List (ACL) is a set of sequential rules. These rules are described based on
the source address, destination address, and port number of a packet. Routers use the ACL rules
to filter packets. With the rule applied to the interface on a router, the router permits or denies
the packets.
Each ACL can define multiple rules. ACL rules are classified into the interface ACL, basic ACL,
and advanced ACL based on the functions of ACL rules.
NOTE
TFTP supports only the basic ACL (whose number ranges from 2000 to 2999).
Do as follows on the router that serves as the TFTP client:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl acl-number
The ACL view is displayed.
Step 3 Run:
rule [ rule-id ] { deny | permit } [ { fragment | none-first-fragment } | source
{ source-address source-wildcard | any } | time-range time-name ]
*
The ACL rule is configured.
NOTE
By default, the deny action in an ACL rule is taken for all the packets. To allow packets to pass through,
define the permit action in the ACL rule. For example, to discard packets with the source IP address of
10.1.1.10, define two rules in an ACL:
l rule deny source 10.1.1.10 0
l rule permit source any
If rule permit source any is not defined, packets with other source IP addresses but not 10.1.1.10 0 are
also discarded.
Step 4 Run:
quit
The system view is displayed.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
158
Step 5 Run the tftp-server acl acl-number command. You can use the ACL to limit the access to the
TFTP server.
----End
8.5.4 Downloading Files Using TFTP
You can download files from a TFTP server to a TFTP client.
Do as follows on the router that serves as the TFTP client:
Procedure
l Run the following commands according to the type of the server IP addresses.
– The IP address of the server is IPv4 address, run:
tftp [ -a source-ip-address | -i interface-type interface-number ] tftp-
server [ public-net get source-filename [ destination-filename ]
The router is configured to download files using TFTP.
– The IP address of the server is IPv6 address, run:
tftp ipv6 [ -a source-ip-address ] tftp-server-ipv6 [ -i interface-type
interface-number ] get source-filename [ destination-filename ]
The router is configured to download files using TFTP.
----End
8.5.5 Uploading Files Using TFTP
You can upload files from a TFTP client to a TFTP server.
Do as follows on the router that serves as the TFTP client:
Procedure
l Run the following commands according to the type of the server IP addresses.
– The IP address of the server is IPv4 address, run:
tftp [ -a source-ip-address | -i interface-type interface-number ] tftp-
server [ public-net put source-filename [ destination-filename ]
The router is configured to upload files using TFTP.
– The IP address of the server is IPv6 address, run:
tftp ipv6 [ -a source-ip-address ] tftp-server-ipv6 [ -i interface-type
interface-number ] put source-filename [ destination-filename ]
The router is configured to upload files using TFTP.
----End
8.5.6 Checking the Configuration
When a device is configured as a TFTP client, you can check the source address of the client
and the configured ACL rule.
Prerequisites
Configurations for using the device as a TFTP client are complete.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
159
Procedure
l Run the display tftp-client command to check the device address that is set to the source
address of the TFTP client.
l Run the display acl { name acl-name | acl-number | all } command to check the ACL rule
that is configured on the TFTP client.
----End
Example
Run the display tftp-client command to view the source address of the TFTP client.
<Huawei> display tftp-client
Info: The source address of TFTP client is 1.1.1.1.
Run the display acl{ name acl-name | acl-number | all } to view the ACL rule that is configured
on the TFTP client.
<Huawei> display acl 2001
Basic acl 2001, 2 rules,
Acl's step is 5
rule 5 deny source 10.1.1.10 0
rule 10 permit
8.6 Accessing Files on Another Device Using FTP
This section describes how to configure a router as an FTP client to log in to a FTP server, and
to upload files to or download files from the server.
8.6.1 Establishing the Configuration Task
Before configuring the use of FTP to access files on another device, familiarize yourself with
the applicable environment, complete the pre-configuration tasks, and obtain any data required
for the configuration. This will help you complete the configuration task quickly and correctly.
Applicable Environment
Before transmitting files between a client and a remote FTP server or managing directories on
the server, you can configure the router that you have logged in to as an FTP client. You can
then use FTP to access the FTP server for file transmission or directory management.
Pre-configuration Tasks
Before configuring the use of FTP to access files on another device, complete the following
tasks:
l Configuring a reachable route between the router and the FTP server
Data Preparation
To configure the use of FTP to access files on another device, you need the following data:
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
160
No. Data
1 (Optional) Source IP address or source interface of the router functioning as an FTP
client
2 Host name or IP address of the FTP server, port number of connecting FTP, login
username and password
3 Local file names and file names on the remote FTP server, name of the working
directory on the remote FTP server, name of the working directory on the local FTP
client, or directory name of the remote FTP server

8.6.2 (Optional) Configuring the Source IP Address and Interface
of the FTP Client
This section describes how to configure the source IP address and interface of an FTP client to
connect to an FTP server.
Prerequisites
An IP address is configured for an interface on the router and functions as the source IP address
for an FTP connection. This allows implementation of security checks.
The source of a client can be a source interface or a source IP address.
Configuring a source interface as the source for a client is possible only if the system has a
loopback interface.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ftp client-source { -a source-ip-address | -i interface-type interface-number }
The source address of the FTP client is configured.
After the source address of the FTP client is configured, you can run the display ftp-users
command on the FTP server to check that the displayed source address of the FTP client is the
same as the configured one.
----End
8.6.3 Connecting to Other Devices by Using FTP Commands
You can run FTP commands to log in to other devices from the router that functions as the FTP
client.
Context
You can log in to the FTP server in the user view or the FTP view.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
161
Do as follows on the router that serves as the client:
Procedure
l In the user view, establish a connection to the FTP server.
– If the IP address of the server is an IPv4 address, do as follows:
Run:
ftp [ -a source-ip-address | -i interface-type interface-number ] host
[ port-number ] [ public-net | vpn-instance vpn-instace-name ]
The router is connected to the FTP server.
– If the IP address of the server is an IPv6 address, do as follows:
Run:
ftp ipv6 host [ port-number ]
The router is connected to the FTP server.
l In the FTP view, establish a connection to the FTP server.
– If the IP address of the server is an IPv4 address, do as follows:
1. In the user view, Run:
ftp
The FTP view is displayed.
2. Run:
open [ -a source-ip-address | -i interface-type interface-number ]
host [ port-number ] [ vpn-instance vpn-instance-name ]
The router is connected to the FTP server.
– If the IP address of the server is an IPv6 address, do as follows:
1. In the user view, Run:
ftp
The FTP view is displayed.
2. Run:
open ipv6 host-ipv6-address [ port-number ]
The router is connected to the FTP server.
----End
8.6.4 Managing Files Using FTP Commands
After logging in to an FTP server, you can use FTP commands to manage files. File operations
include configuring a file transmission method, checking online help about FTP commands,
uploading or downloading files, and managing directories and files.
Context
After logging in to an FTP server, you can perform the following operations:
l Configure a data type for transmission files and a file transmission method.
l Check the online help about FTP commands in the FTP client view.
l Upload local files to the remote FTP server, or download files from the FTP server and
save them locally.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
162
l Create directories on or delete directories from the FTP server.
l Display information about a specified remote directory or a file of the FTP server, or delete
a specified file from the FTP server.
After logging in to the router that functions as a client and entering the FTP client view, you can
perform the following steps:
Procedure
l Configuring data type and transmission mode for the file.
– Run:
ascii | binary
The data type of the file to be transmitted is ascii or binary mode.
NOTE
FTP supports both ASCII and binary files. Their differences are as follows:
l In ASCII transmission mode, ASCII characters are used to separate carriage returned from
line feeds.
l In binary transmission mode, characters can be transferred without format conversion or
formatting.
Clients can select an FTP transmission mode ad required. The system defaults to the ASCII
transmission mode. The client can use a mode switch command to switch between the ASCII
mode and the binary mode. The ASCII mode is used to transmit .txt files and the binary mode is
used to transmit binary files.
– Run:
passive
The passive file transfer mode is configured.
– Run:
verbose
The verbose mode for FTP is enabled.
When verbose is enabled, all FTP responses are displayed. After file transmission
efficiency statistics will be displayed.
l View online help for FTP commands.
remotehelp [ command ]
The online help of the FTP command is displayed.
l Upload or download files.
– Upload or download a file.
– Run:
put local-filename [ remote-filename ]
The local file is uploaded to the remote FTP server.
– Run:
get remote-filename [ local-filename ]
The FTP file is downloaded from the FTP server and saved to the local file.
l Run one or more of the the following commands order to manage directories.
– Run:
cd pathname
The working path of the remote FTP server is specified.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
163
– Run:
cdup
The working path of the FTP server is switched to the upper-level directory.
– Run:
pwd
The specified directory of the FTP server is displayed.
– Run:
lcd [ local-directory ]
The directory of the FTP client is displayed or changed.
– Run:
mkdir remote-directory
A directory is created on the FTP server.
– Run:
rmdir remote-directory
A directory is removed from the FTP server.
NOTE
l A directory name can use letters and digits, but not special characters such as <, >, ?, \ and :.
l When running the mkdir /abc command, you create a sub-directory named "abc".
l Run one or more of the the following commands to manage files.
– Run:
ls [ remote-filename ] [ local-filename ]
The specified directory or file on the remote FTP server is displayed.
If the directory name is not specified when a specific remote file is selected, the system
searches the working directory for the specific file.
If local-filename is configured, the remote file can be saved in another local file.
– Run:
dir [ remote-filename ] [ local-filename ]
The specified directory or file on the local FTP server is displayed.
If the directory name is not specified when a specific remote file is selected, the system
searches the working directory for the specific file.
If local-filename is configured, the remote file can be saved in another local file.
– Run:
delete remote-filename
The specified file on the FTP server is deleted.
If the directory name is not specified when a specific remote file is selected, the system
searches the working directory for the specific file.
----End
8.6.5 Changing Login Users
After logging in to an FTP server, you can change the username on the client and re-log in to
the server with the new username.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
164
Context
If you are logged in to the AR1200-S functioning as an FTP client, you can switch to a different
username and log in to the FTP server without logging out of the FTP client view. The FTP
connection established in this way is identical to that established by running the ftp command.
Perform the following steps on the router that functions as a client:
Procedure
l Run:
user user-name [ password ]
The user that logged in to the FTP server earlier is changed and the new user logs in to the
server.
When the username that is used to log in to the FTP server is changed, the original
connection between the user and the FTP server is interrupted.
----End
8.6.6 Disconnecting from the FTP Server
You can terminate the connection with an FTP server and return to the user view or FTP view.
Context
Various commands can be used from the FTP client view to terminate a connection with an FTP
server.
Do as follows on the router that serves as the client.
Procedure
l Run one of the following commands depending on your system configurations.
– Run:
bye
Or,
quit
The client router is disconnected from the FTP server.
Return to the user view.
– Run:
close
Or,
disconnect
The client router is disconnected from the FTP server.
Return to the FTP view.
----End
8.6.7 Checking the Configuration
After the configurations for accessing other devices using FTP are complete, you can view the
source parameters configured on the FTP client.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
165
Prerequisites
The configurations for accessing other devices using FTP are complete.
Procedure
l Run the display ftp-client command to view the source parameters of the FTP client.
----End
Example
Run the display ftp-client command to view the source parameters of the FTP client.
<Huawei> display ftp-client
Info: The source address of FTP client is 1.1.1.1.
8.7 Accessing Files on Another Device Using SFTP
SFTP is a secure FTP service. After the router is configured as an SFTP client, the SFTP server
authenticates the client and encrypts data in both directions to provide secure data transmission.
8.7.1 Establishing the Configuration Task
Before configuring the use of SFTP to access files on another device, familiarize yourself with
the applicable environment, complete the pre-configuration tasks, and obtain any data required
for the configuration. This will help you complete the configuration task quickly and correctly.
Applicable Environment
SFTP is a secure FTP protocol. SFTP is based on SSH. It allows users to log in to a remote
device and transmit or manage files securely. You can log in to a remote SSH server from the
router that functions as an SFTP client.
Pre-configuration Tasks
Before configuring the use of SFTP to access files on another device, complete the following
tasks:
l Configuring a reachable route between the client and SSH server
Data Preparation
To use SFTP to access files on another device, you need the following data:
No. Data
1 (Optional) Source address of the device that functions as the SFTP client
2 (Optional) Name of the SSH server
3 (Optional) Public key that is assigned by the client to the SSH server
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
166
No. Data
4 IPv4 or IPv6 address or host name of the SSH server
5 Number of the port monitored by the SSH server, preferred encryption algorithm for
data from the SFTP client to the SSH server, preferred encryption algorithm for data
from the SSH server to the SFTP client, preferred HMAC algorithm for data from the
SFTP client to the SSH server, preferred HMAC algorithm for data from the SSH
server to the SFTP client, preferred algorithm of key exchange, name of the outgoing
interface, source address
User information for logging in to the SSH server
6 Name and directory of a specified file on the SSH server

8.7.2 (Optional) Configuring a Source IP Address for an SFTP Client
You can configure a source IP address for an SFTP client and then use this source address to set
up an SFTP connection from the client to server along a specific route.
Context
An IP address is configured for an interface on the router and functions as the source IP address
of an FTP connection. This allows implementation of security checks.
The source address of a client can be configured as a source interface or a source IP address.
Do as follows on a router that functions as an SFTP client.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
sftp client-source { -a source-ip-address | -i interface-type interface-number }
A source IP address is configured for an SFTP client.
----End
8.7.3 Configuring the First Successful Login to Another Device
(Enabling the First-Time Authentication on the SSH Client)
After first-time authentication on the SSH client is enabled, the SFTP client does not check the
validity of the RSA public key when logging in to the SSH server for the first time.
Context
If first-time authentication on the SSH client is enabled, the SFTP client does not check the
validity of the RSA public key when logging in to the SSH server for the first time. After the
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
167
login, the system automatically allocates the RSA public key and saves it for authentication at
next login.
Do as follows on the router that serves as an SSH client:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ssh client first-time enable
First-time authentication on the SSH client is enabled.
By default, first-time authentication on the SSH client is disabled.
NOTE
l The purpose of enabling first-time authentication on the SSH client is to skip checking the validity of
the RSA public key on the SSH server when an STelnet client logs in to the SSH server for the first
time. The check is skipped because the STelnet server has not saved the RSA public key of the SSH
server.
l If an STelnet client logs in to the SSH server for the first time and first-time authentication is not enabled
on the SSH client, the STelnet client fails to pass the check of the RSA public key validity and cannot
log in to the server.
TIP
To ensure that an STelnet client can log in to an SSH server at the first attempt, you can assign an RSA
public key in advance to the SSH server on the SSH client in addition to enabling first-time authentication
on the SSH client.
----End
8.7.4 Configuring the First Successful Login to Another Device
(Allocating an Public Key to the SSH Server)
To configure the first successful login to another device on an SSH client, you must allocate an
RSA public key to the SSH server before the login.
Context
If first-time authentication is not enabled on an SSH client, when the SFTP client logs in to an
SSH server for the first time, the SFTP client fails to pass the RSA public key validity check
and cannot log in to the server.
Do as follows on the router functioning as an SSH client:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
168
rsa peer-public-key key-name
The public key view is displayed.
Step 3 Run:
public-key-code begin
The public key editing view is displayed.
Step 4 Run:
hex-data
The public key is edited.
The public key is a string of hexadecimal alphanumeric characters automatically generated by
an SSH client.
NOTE
l The RSA public key assigned to the SSH server must be generated on the server. Otherwise, the validity
check for the RSA public key on the STelnet client will fail.
l After entering the public key edit view, paste the RSA public key generated on the server to the
router that functions as the client.
Step 5 Run:
public-key-code end
Quit the public key editing view.
l If the specified hex-data is invalid, the public key cannot be generated after the peer-public-
key end command is run.
l If the specified key-name is deleted in other views, the system prompts that the key does not
exist after the peer-public-key end command is run and the system view is displayed.
Step 6 Run:
peer-public-key end
Return to the system view from the public key view.
Step 7 Run:
ssh client servername assign rsa-key keyname
The RSA public key is assigned to the SSH server
NOTE
If the RSA public key stored on the SSH client becomes invalid, run the undo ssh client servername
assign rsa-key command to cancel the association between the SSH client and the SSH server. Then, run
the ssh client servername assign rsa-key keyname command to allocate a new RSA public key to the SSH
server.
----End
8.7.5 Connecting to Other Devices by Using SFTP
You can log in to the SSH server from the SSH client through SFTP.
Context
The command of enabling the SFTP client is similar to that of the STelnet. When accessing the
SSH server, the SFTP can carry the source address and the name of the VPN instance and choose
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
169
the key exchange algorithm, encrypted algorithm and HMAC algorithm, and configure the
keepalive function.
Do as follows on the router that serves as an SSH client.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
sftp [ -a source-address | -i interface-type interface-number ] host-ipv4 [ port ]
[ [ public-net | -vpn-instance vpn-instance-name ] | [ prefer_kex { dh_group1 |
dh_exchange_group } ] | [ prefer_ctos_cipher { des | 3des | aes128 } ] |
[ prefer_stoc_cipher { des | 3des | aes128 } ] | [ prefer_ctos_hmac { sha1 |
sha1_96 | md5 | md5_96 } ] | [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ] ]
*
[ -ki aliveinterval [ -kc alivecountmax ] ]
You can log in to the SSH server through SFTP.
----End
8.7.6 Managing Files Using SFTP Commands
You can use an SFTP client to manage directories and files on the SSH server, and check the
command help on the SFTP client.
Context
After logging in to an SSH server from an SFTP client, you can use the SFTP client to perform
the following operations:
l Create or delete directories on the SSH server, display the current working directory, or
display the specified directory and information about the file in the specified directory.
l Change file names, delete files, display a file list, and upload or download files.
l Display the SFTP client command help.
After logging in to the router that functions as an SSH client and entering the SFTP client view,
you can perform the following steps:
Procedure
l Manage directories.
Perform the following steps as required:
– Run:
cd [ remote-directory ]
The current operating directory of users is changed.
– Run:
cdup
The view is switched to a directory one level up.
– Run:
pwd
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
170
The current operating directory of users is displayed.
– Run:
dir [ -l -a ] [ path ]
A list of files in the specified directory is displayed.
– Run:
rmdir remote-directory & <1-10>
– The directory on the server is deleted.
– Run:
mkdir remote-directory
A directory is created on the server.
l Manage files.
Perform the following steps as required:
– Run:
rename old-name new-name
The name of the specified file on the server is changed.
– Run:
get remote-filename [local-filename]
The file on the remote server is downloaded.
– Run:
put local-filename [remote-filename]
The local file is uploaded to the remote server.
– Run:
remove remote-filename
The file on the server is removed.
l Display the SFTP client command help.
help [all | command-name ]
The SFTP client command help is displayed.
----End
8.7.7 Checking the Configuration
After using SFTP to log in to another device, you can view the source address of the SSH client,
mappings between all SSH servers and the RSA public keys on the client, global configurations
of the SSH servers, and sessions between the SSH servers and the client.
Prerequisites
The configuration for using SFTP to access files on another device is complete.
Procedure
l Run the display sftp-client command to check the source IP address of the SFTP client on
the SSH client.
----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
171
Example
Run the display sftp-client command on the client to view the source parameters of the device
functioning as an SFTP client.
<Huawei> display sftp-client
Info: The source address of SFTP client is 1.1.1.1
8.8 Configuration Examples
This section describes examples for access another device. The examples explain networking
requirements, configuration notes, and configuration roadmap.
8.8.1 Example for Configuring Telnet Services
This example shows how to configure authentication modes and passwords for users to log in
using Telnet.
Networking Requirements
As shown in Figure 8-8, Router A and Router B can ping each other. A user logs in to Router
B from Router A using Telnet.
Figure 8-8 Networking diagram for configuring user login with Telnet services
RouterA RouterB
GE1/0/0
1.1.1.1/24
GE1/0/0
1.1.1.2/24

Configuration Roadmap
The configuration roadmap is as follows:
1. On Router B, configure authentication modes and passwords for VTY0 to VTY4.
2. Configure passwords for users to log in to Router B from Router A using Telnet.
3. Configure a Telnet server port number on Router B so that users log in through a single
specific port only.
Data Preparation
To complete the configuration, you need the following data:
l Host address of Router B
l Authentication mode and password
l Telnet server port number
l User level 15
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
172
Procedure
Step 1 Configure IP addresses.
# Configure Router A.
<Huawei> system-view
[Huawei] sysname RouterA
[RouterA] interface gigabitethernet1/0/0
[RouterA-GigabitEthernet1/0/0] ip address 1.1.1.1 24
[RouterA-GigabitEthernet1/0/0] quit
[RouterA] quit
# Configure Router B.
<Huawei> system-view
[Huawei] sysname RouterB
[RouterB] interface gigabitethernet1/0/0
[RouterB-GigabitEthernet1/0/0] ip address 1.1.1.2 24
[RouterB-GigabitEthernet1/0/0] quit
[RouterB] quit
Step 2 Configure the authentication mode and password for Telnet services on Router B.
[RouterB] user-interface vty 0 4
[RouterB-ui-vty0-4] authentication-mode password
[RouterB-ui-vty0-4] set authentication password simple hello
[RouterB-ui-vty0-4] quit
To configure an ACL for Telnet services, run the following commands on Router B.
[RouterB] acl 2000
[RouterB-acl-basic-2000] rule permit source 1.1.1.1 0
[RouterB-acl-basic-2000] quit
[RouterB] user-interface vty 0 4
[RouterB-ui-vty0-4] acl 2000 inbound
NOTE
Configuring an ACL for Telnet services is optional.
Step 3 Verify the configuration.
Log in to Router B from Router A using Telnet.
<RouterA> telnet 1.1.1.2
Press CTRL_] to quit telnet mode
Trying 1.1.1.2 ...
Connected to 1.1.1.2 ...

Login authentication


Password:
<RouterB>
Step 4 Configure a Telnet server port number on Router B.
<RouterB> system-view
[RouterB] telnet server port 1028
After the command is executed, logging in to the port through telnet fails, al
l the telnet users exit, and a new port is created. If you need to set the port
through telnet again, wait for at least two minutes and then set the port again.
Are you sure to continue?(y/n)[n]: y
Step 5 Use the port number 1028 to log in to Router B from Router A using Telnet.
<RouterA> telnet 1.1.1.2 1028
Press CTRL_] to quit telnet mode
Trying 1.1.1.2 ...
Connected to 1.1.1.2 ...
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
173

Login authentication


Password:
<RouterB>
----End
Configuration Files
l Configuration file of Router A
#
sysname RouterA
#
interface GigabitEthernet1/0/0
ip address 1.1.1.1 255.255.255.0
#
return
l Configuration file of Router B
#
sysname RouterB
#
acl number 2000
rule 5 permit source 1.1.1.1 0
#
interface GigabitEthernet1/0/0
ip address 1.1.1.2 255.255.255.0
#
user-interface con 0
user-interface vty 0 4
acl 2000 inbound
set authentication password simple hello
#
return
8.8.2 Example for Configuring the Device as the STelnet Client to
Connect to the SSH Server
This example shows how to configure an STelnet client to connect to an SSH server. Local key
pairs are generated on the STelnet client and the SSH server, and the public RSA key is generated
on the SSH server and then bound to the STelnet client.
Networking Requirements
As shown in Figure 8-9, after the STelnet service is enabled on the SSH server, the STelnet
client can use the password, RSA, password-rsa, or all authentication mode to log in to the SSH
server.
Configure two login clients:
l Configure Client001 with the password huawei and use the password authentication mode.
l Configure Client002, use the RSA authentication mode, and assign the public key
RsaKey001 to this client.
The user interface supports only SSH.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
174
Figure 8-9 Networking diagram for configuring the STelnet client to connect to the SSH server
Client002
GE1/0/0
10.164.39.221/24
SSH Server
GE1/0/0
10.164.39.222/24
Client001
GE1/0/0
10.164.39.220/24

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure Client001 and Client002 on the SSH server.
2. Generate the local key pairs on the STelnet client and the SSH server.
3. Generate the RSA public key on the SSH server and bind the RSA public key of SSH client
to Client002.
4. Enable STelnet service on the SSH server.
5. Users Client001 and Client002 log in to the SSH server using STelnet.
Data Preparation
To complete the configuration, you need the following data:
l Name and the authentication mode of the SSH user
l Password or the RSA public key of the SSH user
l Name of the SSH server
Procedure
Step 1 Generate a local key pair on the SSH server.
<Huawei> system-view
[Huawei] sysname SSH Server
[SSH Server] rsa local-key-pair create
The key name will be: Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]: 768
Generating keys...
.......++++++++++++
..........++++++++++++
...................................++++++++
......++++++++
Step 2 Create SSH users on the server.
# Configure a VTY user interface.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
175
[SSH Server] user-interface vty 0 4
[SSH Server-ui-vty0-4] authentication-mode aaa
[SSH Server-ui-vty0-4] protocol inbound ssh
[SSH Server-ui-vty0-4] quit
l Create an SSH user named Client001.
# Create an SSH user named Client001, configure password authentication for the user, and
set the password to huawei.
[SSH Server] aaa
[SSH Server-aaa] local-user client001 password cipher huawei
[SSH Server-aaa] local-user client001 service-type ssh
[SSH Server-aaa] quit
[SSH Server] ssh user client001 authentication-type password
l Create an SSH user named Client002.
# Create an SSH user named Client002, set the password to huawei, and configure RSA
authentication for the user.
[SSH Server] aaa
[SSH Server-aaa] local-user client002 password cipher huawei
[SSH Server-aaa] local-user client002 service-type ssh
[SSH Server-aaa] quit
[SSH Server] ssh user client002 authentication-type rsa
Step 3 Configure the RSA public key on the server.
# Generate a local key pair for Client002.
<Huawei> system-view
[Huawei] sysname client002
[client002] rsa local-key-pair create
# Check the RSA public key of the client.
[client002] display rsa local-key-pair public
=====================================================
Time of Key pair created: 2007-12-29 16:19:59+08:00
Key name: Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB
203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8
EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43
1D7E3E1B
0203
010001
=====================================================
Time of Key pair created: 2007-12-29 16:20:05+08:00
Key name: Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
0260
BCFAC085 49A2E70E 1284F901 937D7B63 D7A077AB
D2797280 4BCA86C0 4CD18B70 5DFAC9D3 9A3F3E74
9B2AF4CB 69FA6483 E87DA590 7B47721A 16391E27
1C76ABAB 743C568B 1B35EC7A 8572A096 BCA9DF0E
BC89D3DB 5A83698C 9063DB39 A279DD89
0203
010001
[client002]
# Send the RSA public key of the client to the server.
[SSH Server] rsa peer-public-key RsaKey001
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
176
Enter "RSA public key" view, return system view with "peer-public-key end".
NOTE: The number of the bits of public key must be between 769 and 2048.
[SSH Server-rsa-public-key] public-key-code begin
Enter "RSA key code" view, return last view with "public-key-code end".
[SSH Server-rsa-key-code] 3047
[SSH Server-rsa-key-code] 0240
[SSH Server-rsa-key-code] BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB
[SSH Server-rsa-key-code] 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8
[SSH Server-rsa-key-code] EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43
[SSH Server-rsa-key-code] 1D7E3E1B
[SSH Server-rsa-key-code] 0203
[SSH Server-rsa-key-code] 010001
[SSH Server-rsa-key-code] public-key-code end
[SSH Server-rsa-public-key] peer-public-key end
Step 4 Bind the RSA public key of the SSH client to Client002.
[SSH Server] ssh user client002 assign rsa-key RsaKey001
Step 5 Connect to the SSH server.
# Enable initial authentication for use by SSH clients at first time logins.
<Huawei> system-view
[Huawei] sysname client001
[client001] ssh client first-time enable
<Huawei> system-view
[Huawei] sysname client002
[client002] ssh client first-time enable
# Log in to the SSH server from Client001 in password authentication mode by entering the user
name and password.
<client001> system-view
[client001] stelnet 10.164.39.222
Please input the username:client001
Trying 10.164.39.222 ...
Press CTRL+K to abort
Connected to 10.164.39.222 ...
Enter password:
Enter the password huawei. The following information indicates that the login succeeded.
Info: The max number of VTY users is 20, and the number
of current VTY users on line is 6.
The current login time is 2010-09-06 11:42:42.
<SSH Server>
# Log in to the SSH server from Client002 in RSA authentication mode.
<client002> system-view
[client002] stelnet 10.164.39.222
Please input the username: client002
Trying 10.164.39.222 ...
Press CTRL+K to abort
Connected to 10.164.39.222 ...
The server is not authenticated. Do you continue to access it?(Y/N):y
Save the server's public key? [Y/N] :y
The server's public key will be saved with the name: 10.164.39.222. Please wait...
Info: The max number of VTY users is 20, and the number
of current VTY users on line is 6.
The current login time is 2010-09-06 11:42:42.
<SSH Server>
Step 6 Verify the configuration.
After the configuration is complete, run the display ssh server status and display ssh server
session commands. You can see that the STelnet clients have logged in to the server.
# Check the status of the SSH server.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
177
[SSH Server] display ssh server status
SSH version : 1.99
SSH connection timeout : 60 seconds
SSH server key generating interval : 0 hours
SSH Authentication retries : 3 times
SFTP Server : Enable
# Check the SSH session status.
[SSH Server] display ssh server session
--------------------------------------------------------------------
Conn Ver Encry State Auth-type Username
--------------------------------------------------------------------
VTY 3 2.0 AES run password
client001
VTY 4 2.0 AES run rsa client002
--------------------------------------------------------------------
# Check information about the SSH users.
[SSH Server] display ssh user-information
-------------------------------------------------------------------------------
Username Auth-type User-public-key-name
-------------------------------------------------------------------------------
client001 password null
client002 rsa RsaKey001
-------------------------------------------------------------------------------
----End
Configuration Files
l Configuration file of the SSH server
#
sysname SSH Server
#
rsa peer-public-key rsakey001
public-key-code begin
3047
0240
BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB 203C8FCB BBC8FDF2 F7CB674E
519E8419 0F6B97A8 EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43
1D7E3E1B 0203
010001
public-key-code end
peer-public-key end
#
aaa
local-user client001 password cipher huawei
local-user client002 password cipher huawei
local-user client001 service-type ssh
local-user client002 service-type ssh
#
ssh user client002 authentication-type rsa
ssh user client002 assign rsa-key RsaKey001
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
#
return
l Configuration file of Client001 on SSH client
#
sysname client001
#
interface GigabitEthernet1/0/0
ip address 10.164.39.220 255.255.255.0
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
178
#
ssh client first-time enable
#
return
l Configuration file of Client002 on SSH client
#
sysname client002
#
interface GigabitEthernet1/0/0
ip address 10.164.39.221 255.255.255.0
#
ssh client first-time enable
#
return
8.8.3 Example for Configuring the Redirection Function for Remote
Device Management
This example shows how to configure the redirection function. This function allows you to
manage remote devices through asynchronous serial interfaces.
Networking Requirements
As shown in Figure 8-10, RouterB has failed and users must use the console port to log in to it.
Only users in VPN instance vpna are allowed to log in to RouterB. There is a reachable route
between vpna and RouterA.
Connect the console port of RouterB to an asynchronous serial interface of RouterA, enable the
redirection function on RouterA, and associate the redirection function with vpna. When these
configurations are complete, vpna users can use a specified port number to log in to RouterB.
Figure 8-10 Networking diagram for redirection configuration
Network
Console
PC
RouterA RouterB
Async2/0/1
Session
GE0/0/1
10.1.1.1/24
vpna

Configuration Roadmap
The configuration roadmap is as follows:
1. Connect the console port of RouterB to an asynchronous serial interface of RouterA.
2. Enable the redirection function on RouterA.
Data Preparation
To complete the configuration, you need the following data:
l IP address of the network-side interface on RouterA: 10.1.1.1/24
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
179
Procedure
Step 1 Configure the asynchronous serial interface to work in flow mode.
<Huawei> system-view
[Huawei] sysname RouterA
[RouterA] interface async 2/0/1
[RouterA-Async2/0/1] async mode flow
Step 2 Obtain the TTY user interface number corresponding to the asynchronous serial interface.
[RouterA] display user-interface
Idx Type Tx/Rx Modem Privi ActualPrivi Auth Int
0 CON 0 9600 - 15 - N -
41 TTY 41 9600 input 0 - N 2/0/0
F 42 TTY 42 9600 - 0 - N 2/0/1
43 TTY 43 9600 - 0 - N 2/0/2
44 TTY 44 9600 - 0 - N 2/0/3
45 TTY 45 9600 - 0 - N 2/0/4
46 TTY 46 9600 - 0 - N 2/0/5
47 TTY 47 9600 - 0 - N 2/0/6
48 TTY 48 9600 - 0 - N 2/0/7
+ 129 VTY 0 - 15 4 N -
130 VTY 1 - 15 - N -
131 VTY 2 - 15 - N -
132 VTY 3 - 15 - N -
133 VTY 4 - 15 - N -
145 VTY 16 - 0 - P -
146 VTY 17 - 0 - P -
147 VTY 18 - 0 - P -
148 VTY 19 - 0 - P -
149 VTY 20 - 0 - P -
Step 3 Enable the redirection function on RouterA and associate it with the VPN instance vpna.
[RouterA] user-interface tty 42
[RouterA-ui-tty42] undo shell
[RouterA-ui-tty42] redirect enable
[RouterA-ui-tty42] redirect binding vpn-instance vpna
[RouterA-ui-tty42] quit
[RouterA] quit
NOTE
If the redirection function is not associated with the VPN instance for private users, any user on either
public or private networks can log in to RouterB.
Step 4 Check the port number allocated to the TTY user interface.
<RouterA> display tcp status
TCPCB Tid/Soid Local Add:port Foreign Add:port VPNID State
19fde824 9 /2 0.0.0.0:22 0.0.0.0:0 23553 Listening
19fde6c0 9 /1 0.0.0.0:23 0.0.0.0:0 23553 Listening
19fde130 109/1 0.0.0.0:80 0.0.0.0:0 23553 Listening
19fdef18 9 /4 0.0.0.0:2042 0.0.0.0:0 23553 Listening
19fde55c 7 /1 0.0.0.0:7547 0.0.0.0:0 0 Listening
19fdf07c 9 /9 10.137.217.211:23 10.138.77.61:2567 0 Established
19fdf344 9 /10 10.137.217.211:23 10.138.77.69:2824 0 Time_Wait
Step 5 Verify the configuration.
Run the telnet 10.1.1.1 2042 command on the PC to log in to RouterB. In the command, 2042
is the default port number.
C:\Documents and Settings\Administrator> telnet 10.1.1.1 2042
Press CTRL_] to quit telnet mode
Trying 10.1.1.1...
Connected to 10.1.1.1...
[RouterB]
----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
180
Configuration Files
l Configuration file of RouterA
#
sysname RouterA
#
ip vpn-instance
vpna
ipv4-
family
route-distinguisher 1:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-
extcommunity
#
interface Async2/0/1
async mode flow
#
interface GigabitEthernet 0/0/1
ip binding vpn-instance vpna
ip address 10.1.1.1 255.255.255.0
#
user-interface tty 42
undo shell
redirect enable
redirect binding vpn-instance vpna
#
return
8.8.4 Example for Configuring TFTP
This example shows how to configure TFTP to upload and download files. The TFTP application
is run on a TFTP server and the location of a source file on the server is set.
Networking Requirements
As shown in Figure 8-11, the IP address of the TFTP server is 10.111.16.160/24.
Log in to the router from the HyperTerminal and then download the file ar.cc from the TFTP
server.
Figure 8-11 Networking diagram of configuring TFTP
TFTP Client
TFTP Server
PC
10.111.16.160/24

Configuration Roadmap
The configuration roadmap is as follows:
1. Run the TFTP application on the TFTP server, and set the location of the file on the server.
2. Use the TFTP command on the router to download the file.
3. Use the TFTP command on the router to upload the file.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
181
Data Preparation
To complete the configuration, you need the following data:
l The TFTP application installed on the TFTP server
l The path to the file on the TFTP server
l The destination file name and its path on the router
Procedure
Step 1 Start the TFTP server and set its Current Directory to the directory where the ar.cc file resides.
Figure 8-12 shows the interface.
Figure 8-12 Setting the Base Directory of the TFTP server

NOTE
The display on your computer may be different, depending on the TFTP server application you are running.
Step 2 Log in to the router from the computer HyperTerminal and enter the following command to
download a file.
<Huawei> tftp 10.111.16.160 get ar.cc flash:/
Info: Transfer file in binary mode.
Downloading the file from the remote TFTP server. Please wait...
69143936 bytes received in 42734
second.
TFTP: Downloading the file successfully.
Step 3 Run the dir command to check whether the downloaded file is saved in the directory specified
on the router.
<Huawei> dir flash:/
Directory of flash:/

Idx Attr Size(Byte) Date Time(LMT) FileName
0 -rw- 1,738,816 Mar 28 2011 17:00:24 web.zip
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
182
1 -rw- 396 Feb 11 2008 14:34:17 rsa_host_key.efs
2 -rw- 540 Feb 11 2008 14:35:10 rsa_server_key.efs
3 -rw- 1,498 Apr 01 2011 09:49:37 iascfg.zip
4 -rw- 525,337 Apr 01 2011 09:50:00 private-data.txt
5 -rw- 1,215 Mar 26 2011 11:32:27 iascfg_autobackup.zip
6 -rw- 1,703,936 Feb 27 2008 10:00:10 ar_smk2.cc
7 drw- - Mar 07 2008 15:44:46 dd
8 -rw- 69,143,936 Mar 28 2008 07:34:54 ar.cc
9 -rw- 8,996 Apr 07 2008 14:56:24 1.cap
10 -rw- 5,602 May 27 2011 13:59:31 ab.cap
11 -rw- 220 Mar 28 2011 16:51:16 elab.txt
12 -rw- 1,686 Mar 28 2011 17:04:53 lic_ar.dat

217,168 KB total (145,536 KB free)
Step 4 Log in to the router from the computer HyperTerminal and enter the following command to
upload a file.
<Huawei> tftp 10.111.16.160 put flash:/iascfg.zip
Info: Transfer file in binary mode.
Uploading the file to the remote TFTP server. Please wait...
TFTP: Uploading the file successfully.
3856 bytes send in 1 second.
----End
8.8.5 Example for Connecting the SFTP Client to the SSH Server
This example shows how to configure an SFTP client to connect to an SSH server. Local key
pairs are generated on the SFTP client and the SSH server, and a public RSA key is generated
on the SSH server and bound to the SFTP client.
Networking Requirements
As shown in Figure 8-13, after the SFTP service is enabled on the SSH server, the SFTP Client
can use the password, RSA, password-rsa, or all authentication mode to log in to the SSH server.
Figure 8-13 Networking diagram for connecting the SFTP client to the SSH server
Client002
GE1/0/0
10.164.39.221/24
SSH Server
GE1/0/0
10.164.39.222/24
Client001
GE1/0/0
10.164.39.220/24

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure Client001 and Client002 on the SSH server.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
183
2. Generate the local key pairs on the SFTP client and the SSH server .
3. Generate the RSA public key on the SSH server and bind the RSA public key of SSH client
to Client002.
4. Enable the SFTP service on the SSH server.
5. Configure the service mode and authorization directory for the SSH user.
6. Client001 and Client002 log in to the SSH server through SFTP.
Data Preparation
To complete the configuration, you need the following data:
l Name and the authentication mode of the SSH user
l Password or the RSA public key of the SSH user
l Name of the SSH server
Procedure
Step 1 Generate a local key pair on the SSH server.
<Huawei> system-view
[Huawei] sysname SSH Server
[SSH Server] rsa local-key-pair create
The key name will be: Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]: 768
Generating keys...
.........++++++++
......................++++++++
......................+++++++++
.....+++++++++
Step 2 Create SSH users on the server.
# Configure a VTY user interface.
[SSH Server] user-interface vty 0 4
[SSH Server-ui-vty0-4] authentication-mode aaa
[SSH Server-ui-vty0-4] protocol inbound ssh
[SSH Server-ui-vty0-4] quit
l Create an SSH user named Client001.
# Create an SSH user named Client001, configure password authentication for the user, and
set the password to huawei.
[SSH Server] aaa
[SSH Server-aaa] local-user client001 password cipher huawei
[SSH Server-aaa] local-user client001 service-type ssh
[SSH Server-aaa] local-user client001 ftp-directory flash:
[SSH Server-aaa] quit
l Create an SSH user named Client002.
# Create an SSH user named Client002, set the password to huawei, and configure RSA
authentication for the user.
[SSH Server] aaa
[SSH Server-aaa] local-user client002 password cipher huawei
[SSH Server-aaa] local-user client002 service-type ssh
[SSH Server-aaa] local-user client002 ftp-directory flash:
[SSH Server-aaa] quit
[SSH Server] ssh user client002 authentication-type rsa
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
184
Step 3 Configure the RSA public key on the server.
# Generate a local key pair for Client002.
<Huawei> system-view
[Huawei] sysname client002
[client002] rsa local-key-pair create
# Check the RSA public key of the client.
[client002] display rsa local-key-pair public
=====================================================
Time of Key pair created: 2007-12-29 16:19:59+08:00
Key name: Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB
203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8
EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43
1D7E3E1B
0203
010001
=====================================================
Time of Key pair created: 2007-12-29 16:20:05+08:00
Key name: Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
0260
BCFAC085 49A2E70E 1284F901 937D7B63 D7A077AB
D2797280 4BCA86C0 4CD18B70 5DFAC9D3 9A3F3E74
9B2AF4CB 69FA6483 E87DA590 7B47721A 16391E27
1C76ABAB 743C568B 1B35EC7A 8572A096 BCA9DF0E
BC89D3DB 5A83698C 9063DB39 A279DD89
0203
010001
[client002]
# Send the RSA public key of the client to the server.
[SSH Server] rsa peer-public-key RsaKey001
Enter "RSA public key" view, return system view with "peer-public-key end".
NOTE: The number of the bits of public key must be between 769 and 2048.
[SSH Server-rsa-public-key] public-key-code begin
Enter "RSA key code" view, return last view with "public-key-code end".
[SSH Server-rsa-key-code] 3047
[SSH Server-rsa-key-code] 0240
[SSH Server-rsa-key-code] BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB
[SSH Server-rsa-key-code] 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8
[SSH Server-rsa-key-code] EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43
[SSH Server-rsa-key-code] 1D7E3E1B
[SSH Server-rsa-key-code] 0203
[SSH Server-rsa-key-code] 010001
[SSH Server-rsa-key-code] public-key-code end
[SSH Server-rsa-public-key] peer-public-key end
Step 4 Bind the RSA public key of the SSH client to Client002.
[SSH Server] ssh user client002 assign rsa-key RsaKey001
Step 5 Enable the SFTP service on the SSH server
# Enable the SFTP service.
[SSH Server] sftp server enable
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
185
Step 6 Connect to the SSH server.
# Enable initial authentication for use by the SSH client at first time logins.
<Huawei> system-view
[Huawei] sysname client001
[client001] ssh client first-time enable
<Huawei> system-view
[Huawei] sysname client002
[client002] ssh client first-time enable
# Log in to the SSH server from Client001 in password authentication mode.
<client001> system-view
[client001] sftp 10.164.39.222
Please input the username:client001
Trying 10.164.39.222 ...
Press CTRL+K to abort
Connected to 10.164.39.222 ...
Enter password:
sftp-client>
# Log in to the SSH server from Client002 in RSA authentication mode.
<client002> system-view
[client002] sftp 10.164.39.222
Please input the username: client002
Trying 10.164.39.222 ...
Press CTRL+K to abort
Connected to 10.164.39.222 ...
sftp-client>
Step 7 Verify the configuration.
After the configuration is complete, run the display ssh server status and display ssh server
session commands. You can see that the SFTP service has been enabled, and that the SFTP
clients have logged in to the server.
# Check the status of the SSH server.
[SSH Server] display ssh server status
SSH version :1.99
SSH connection timeout :60 seconds
SSH server key generating interval :0 hours
SSH Authentication retries :3 times
SFTP Server :Enable
# Check the SSH session status.
[SSH Server] display ssh server session
--------------------------------------------------------------------
Conn Ver Encry State Auth-type Username
--------------------------------------------------------------------
VTY 3 2.0 AES run password
client001
VTY 4 2.0 AES run rsa client002
--------------------------------------------------------------------
# Check information about the SSH users.
[SSH Server] display ssh user-information
-------------------------------------------------------------------------------
Username Auth-type User-public-key-name
-------------------------------------------------------------------------------
client001 password null
client002 rsa RsaKey001
-------------------------------------------------------------------------------
----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
186
Configuration Files
l Configuration file of the SSH server.
#
sysname SSH Server
#
rsa peer-public-key rsakey001
public-key-code begin
3047
0240
C4989BF0 416DA8F2 2675910D 7F2997E8 5573A35D 0163FD4A FAC39A6E 0F45F325
A4E3AA1D 54692B04 C6A28D3D C58DE2E8 E0D58D65 7A25CF92 A74D21F9 E917182B
0203
010001
public-key-code end
peer-public-key end
#
aaa
local-user client001 password simple huawei
local-user client001 service-type ssh
local-user client001 ftp-directory flash:
local-user client002 ftp-directory flash:
#
sftp server enable
ssh user client002 authentication-type rsa
ssh user client002 assign rsa-key RsaKey001
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
#
Return
l Configuration file of Client001 on the SSH client
#
sysname client001
#
interface GigabitEthernet1/0/0
ip address 10.164.39.220 255.255.255.0
#
ssh client first-time enable
#
return
l Configuration file of Client002 on the SSH client
#
sysname client002
#
interface GigabitEthernet1/0/0
ip address 10.164.39.221 255.255.255.0
#
ssh client first-time enable
#
return
8.8.6 Example for Authenticating SSH Through RADIUS
This example shows how to configure a RADIUS server to authenticate a user who attempts to
access the SSH server. The SSH server determines whether to grant the user access and set up
a connection based on the authentication result.
Networking Requirements
When a RADIUS user is connected to an SSH server, the SSH server sends the username and
password of the SSH client to the RADIUS server (compatible with the TACACS server) for
authentication.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
187
The RADIUS server authenticates the user and sends the result (pass or fail) back to the SSH
server. If authentication succeeded, the user level is sent along with the result. The SSH server
determines whether the SSH client is allowed to set up a connection based on the authentication
result.
Figure 8-14 shows the networking diagram.
Figure 8-14 Networking diagram for authenticating SSH through RADIUS
SSH Client SSH Server Radius Server
GE1/0/0
10.164.39.222/24
GE1/0/0
10.164.39.221/24 10.164.6.49/24

Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the RADIUS template on the SSH server.
2. Configure a domain on the SSH server.
3. Create a user on the RADIUS server.
4. Generate the local key pair on SSH client and the SSH server.
5. Generate the RSA public key on SSH server and bind the RSA public key of the SSH client
to ssh2@ssh.com.
6. Enable the STelnet and SFTP services on the SSH server.
7. Configure the service mode and authorization directory of the SSH user.
8. Users ssh1@ssh.com and ssh2@ssh.com log in to the SSH server through STelnet and
SFTP respectively.
Data Preparation
To complete the configuration, you need the following data:
l Configure the password authentication for the STelnet user
l Configure the RSA authentication for the SFTP user
l RADIUS authentication
l Name of the RADIUS template
l Name of the RADIUS domain
l Name and password of the RADIUS user
Procedure
Step 1 Generate a local key pair on the SSH server.
<Huawei> system-view
[Huawei] rsa local-key-pair create
The key name will be: Host
The range of public key size is (512 ~ 2048).
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
188
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]: 768
Generating keys...
.......++++++++++++
..........++++++++++++
...................................++++++++
......++++++++
Step 2 Configure the RSA public key on the server.
# Generate a local key pair on the client.
<Huawei> system-view
[Huawei] sysname client
[client] rsa local-key-pair create
# Check the RSA public key of the client.
[client] display rsa local-key-pair public
=====================================================
Time of Key pair created: 16:38:51 2007/5/25
Key name: Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB
203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8
EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43
1D7E3E1B
0203
010001
=====================================================
Time of Key pair created: 16:38:51 2007/5/25
Key name: Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
0260
BCFAC085 49A2E70E 1284F901 937D7B63 D7A077AB
D2797280 4BCA86C0 4CD18B70 5DFAC9D3 9A3F3E74
9B2AF4CB 69FA6483 E87DA590 7B47721A 16391E27
1C76ABAB 743C568B 1B35EC7A 8572A096 BCA9DF0E
BC89D3DB 5A83698C 9063DB39 A279DD89
0203
010001
[client]
# Send the RSA public key of the client to the server.
[Huawei] rsa peer-public-key RsaKey001
Enter "RSA public key" view, return system view with "peer-public-key end".
[Huawei-rsa-public-key] public-key-code begin
Enter "RSA key code" view, return last view with "public-key-code end".
[Huawei-rsa-key-code] 3047
[Huawei-rsa-key-code] 0240
[Huawei-rsa-key-code] BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB
[Huawei-rsa-key-code] 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8
[Huawei-rsa-key-code] EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43
[Huawei-rsa-key-code] 1D7E3E1B
[Huawei-rsa-key-code] 0203
[Huawei-rsa-key-code] 010001
[Huawei-rsa-key-code] public-key-code end
[Huawei-rsa-public-key] peer-public-key end
Step 3 Create SSH users.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
189
Create users ssh1@ssh.com and ssh2@ssh.com on the RADIUS server. Specify the NAS's IP
address 10.164.39.222 and set the password to huawei. The NAS's IP address is the IP address
of the SSH server connected to the RADIUS server.
# Configure VTY user interfaces on the SSH server.
[Huawei] user-interface vty 0 4
[Huawei-ui-vty0-4] authentication-mode aaa
[Huawei-ui-vty0-4] protocol inbound ssh
[Huawei-ui-vty0-4] quit
# Create users ssh1@ssh.com and ssh2@ssh.com on the SSH server and set the authentication
mode.
[Huawei] aaa
[Huawei-aaa] local-user ssh1@ssh.com password cipher huawei
[Huawei-aaa] local-user ssh2@ssh.com password cipher huawei
[Huawei-aaa] quit
[Huawei] ssh user ssh1@ssh.com authentication-type password
[Huawei] ssh user ssh2@ssh.com authentication-type rsa
[Huawei] ssh user ssh2@ssh.com assign rsa-key RsaKey001
Step 4 Configure a RADIUS server template.
# Configure an authentication scheme newscheme and set the authentication mode to RADIUS
authentication.
[Huawei] aaa
[Huawei-aaa] authentication-scheme newscheme
[Huawei-aaa-authen-newscheme] authentication-mode radius
[Huawei-aaa-authen-newscheme] quit
# Configure a RADIUS server template ssh on the SSH server.
[Huawei] radius-server template ssh
# Specify the RADIUS server at 10.164.6.49 as the RADIUS authentication and set the
authentication port number to 1812.
[Huawei-radius-ssh] radius-server authentication 10.164.6.49 1812
# Set the shared key of the RADIUS server to huawei.
[Huawei-radius-ssh] radius-server shared-key cipher huawei
[Huawei-radius-ssh] quit
Step 5 Configure the RADIUS domain name on the SSH server.
# Set the RADIUS domain name to ssh.com and apply the authentication scheme newscheme
and RADIUS server template ssh to the RADIUS domain.
[Huawei] aaa
[Huawei-aaa] domain ssh.com
[Huawei-aaa-domain-ssh.com] authentication-scheme newscheme
[Huawei-aaa-domain-ssh.com] radius-server ssh
[Huawei-aaa-domain-ssh.com] quit
[Huawei-aaa] quit
Step 6 Connect the SSH client to the SSH server.
# Enable the SFTP service on the SSH server.
[Huawei] sftp server enable
# Enable initial authentication for use by SSH clients at first-time logins.
[client] ssh client first-time enable
[client] quit
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
190
# Log in to the SSH server from the STelnet client in RADIUS authentication mode.
<client> system-view
[client] stelnet 10.164.39.222
Please input the username: ssh1@ssh.com
Trying 10.164.39.222 ...
Press CTRL+K to abort
Connected to 10.164.39.222 ...
The server is not authenticated. Do you continue to access it?(Y/N):y
Save the server's public key? [Y/N] :y
The server's public key will be saved with the name: 10.164.39.222. Please wait...
Enter password:
Enter the password huawei. The following information indicates that the login succeeds.
Info: The max number of VTY users is 10, and the current number
of VTY users on line is 2.
<Huawei>
# Log in to the SSH server from the SFTP client in RADIUS authentication mode.
<client> system-view
[client] sftp 10.164.39.222
Please input the username: ssh2@ssh.com
Trying 10.164.39.222 ...
Press CTRL+K to abort
Connected to 10.164.39.222 ...
Enter password:
sftp-client>
Step 7 Verify the configuration.
After the preceding configuration is complete, run the display radius-server configuration and
display ssh server session commands on the SSH server to view the RADIUS server
configuration and the SSH session status. You can see that the STelnet and SFTP clients have
logged in to the SSH server.
# View the configuration of the RADIUS server.
[Huawei-aaa] display radius-server configuration
-------------------------------------------------------------------
Server-template-name : ssh
Protocol-version : standard
Traffic-unit : B
Shared-secret-key : N`C55QK<`=/Q=^Q`MAF4<1!!
Timeout-interval(in second) : 5
Primary-authentication-server : 10.164.6.49 :1812 LoopBack:NULL
Primary-accounting-server : 0.0.0.0 :0 LoopBack:NULL
Secondary-authentication-server : 0.0.0.0 :0 LoopBack:NULL
Secondary-accounting-server : 0.0.0.0 :0 LoopBack:NULL
Retransmission : 3
Domain-included : YES
-------------------------------------------------------------------
# Check the SSH session status.
[Huawei] display ssh server session
--------------------------------------------------------------------
Conn Ver Encry State Auth-type Username
--------------------------------------------------------------------
VTY 0 2.0 AES run password ssh1@ssh.com
VTY 1 2.0 AES run rsa ssh2@ssh.com
--------------------------------------------------------------------
----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
191
Configuration Files
Configuration file of the SSH server
#
radius-server template ssh
radius-server authentication 10.164.6.49 1812
#
rsa peer-public-key rsakey001
public-key-code begin
3047
0240
C4989BF0 416DA8F2 2675910D 7F2997E8 5573A35D 0163FD4A FAC39A6E 0F45F325
A4E3AA1D 54692B04 C6A28D3D C58DE2E8 E0D58D65 7A25CF92 A74D21F9 E917182B
0203
010001
public-key-code end
peer-public-key end
#
aaa
authentication-scheme newscheme
authentication-mode radius
#
domain ssh.com
authentication-scheme newscheme
radius-server ssh
#
sftp server enable
ssh user ssh1@ssh.com
ssh user ssh2@ssh.com
ssh user ssh2@ssh.com assign rsa-key RsaKey001
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
#
return
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 8 Accessing Another Device
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
192
9 Upgrade and Maintenance
About This Chapter
router upgrade and maintenance can optimize device performance, monitor device operation
status, simplify operations, and reduce operating expenditure (OPEX).
9.1 Upgrade and Maintenance Overview
Devices can be upgraded and maintained by activating GTL license files, upgrading system
software, managing patches, monitoring CPU and memory usage, or restarting devices.
9.2 Activating a GTL License File
A GTL(Global Trotter License) license file is an authorization file that controls the capacity and
functions of a device.
9.3 Upgrading System Software
Software upgrade can optimize device performance, add new features, and update the current
software version.
9.4 Managing Patches
This section describes several operations related to patches. You can install patches to upgrade
the system without interrupting services, specify a patch file to be used after the next startup,
uninstall patches that do not meet system requirements, or delete the unwanted patches to release
the memory of the patch area on the MPU.
9.5 Monitoring CPU and Memory Usage
Configure CPU and memory usage thresholds to monitor system performance.
9.6 Restarting the Device
After the system software of the router is upgraded, the router must be restarted for configurations
to take effect. Restarting the router also prevents the system failure due to an excessive number
of temporary files.
9.7 Configuration Examples
The examples explain networking requirements and precautions, and provide configuration
roadmaps.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
193
9.1 Upgrade and Maintenance Overview
Devices can be upgraded and maintained by activating GTL license files, upgrading system
software, managing patches, monitoring CPU and memory usage, or restarting devices.
9.1.1 License Authorization
The AR1200-S provides a platform to manage license authorizations. You can apply for,
upgrade, and activate license files to obtain corresponding rights.
When new devices are deployed, purchase new licenses to enable the license-controlled features
and functions you need. If the capacities of the existing devices are expanded, you can update
the licenses used on the devices to enable more license-controlled features and functions.
To use the SSL VPN function, apply for a license.
9.1.2 Software Upgrade
Software upgrade satisfy user needs for new functions by upgrading the patch file, system
software, configuration file, PAF file, and license file.
Software upgrade involves software downloading and software loading.
9.1.3 Patch Management
Loading a patch onto the system software allows the system software to be upgraded in service
without interrupting services on the device. This also improves Quality of Service (QoS).
During device operation, the system software may need to be modified due to system bugs or
new function requirements. The traditional way is to upgrade the system software after powering
off the device. This, however, interrupts services and affects QoS.
By means of patch management, the system software can be upgraded in service without
interrupting services.
Table 9-1 provides details on patch status.
Table 9-1 Description of patch status
Patch Status Description Patch Status Transition
None A patch file is saved to the storage
medium but has not been loaded to
the patch area in memory.
The patch file will be in the running
state after being loaded from the
storage medium to the patch area in
memory.
Running A patch file is in the running state
when it is stored in the patch area
and run permanently. If a board is
reset, the patch files in the running
state on the board remain in the
running state.
A patch file in the running state can
be deleted from the patch area in
memory.

Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
194
Figure 9-1 shows patch status transition.
Figure 9-1 Patch status transition
Upload and
Run patch
Delete patch
Patch Status: Patch Status:
none running

9.1.4 CPU and Memory Usage Thresholds
Configuring CPU and memory usage thresholds allows system performance to be monitored.
l A log entry is recorded when CPU usage exceeds the configured threshold.
If CPU usage exceeds the threshold, an alarm is generated and logged. You can query the
log to view CPU usage.
l A log entry is recorded when memory usage exceeds the configured threshold.
If memory usage exceeds the threshold, an alarm will be generated and logged. You can
query the log to view memory usage.
9.1.5 Device Restart
A device can be restarted immediately or as scheduled.
In certain situations, for example, during system upgrade, the router must be restarted for
configurations to take effect.
In addition to powering off the device, the AR1200-S supports the following methods of
restarting the router:
l Immediate restart
l Scheduled restart
9.2 Activating a GTL License File
A GTL(Global Trotter License) license file is an authorization file that controls the capacity and
functions of a device.
9.2.1 Establishing the Configuration Task
If you have purchased a new device, you need to apply for and purchase a GTL license file to
obtain the authorization of related service modules. If a GTL license file has already been
activated on the device but the license file expires, you need to apply for a new license file, and
then upgrade and activate the license file.
Applicable Environment
l Activating a new GTL license
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
195
If you purchase a new device, you must also purchase a GTL license file to obtain
authorization to use the service modules you require. After the GTL license file has been
activated, the license-controlled service modules can be used.
l Activating an updated GTL license file
If a device has a previously activated GTL license file that has expired, you must apply for
a new GTL license file, update the old file, and then activate the new file. If a GTL license
file is not updated and expires, functions are disabled and services are interrupted.
Before updating a GTL license file, check whether you must apply for a new GTL license.
If the authorization value of the new GTL license file is smaller than that of the current
GTL license file, an interactive message is displayed to prompt you whether to activate the
new GTL license file.
– If you enter Y, the system informs you of a GTL license file update success.
– If you enter N, the system informs you of a GTL license update failure, and displays
the status of the current GTL license file.
Before activating a GTL license file, check that the extension of the GTL license file name is .dat.
After obtaining a GTL license file, use a notepad program like Windows Notepad to check
whether the ESN on the MPU is the same as that in the GTL license file.
NOTE
The extension of the GTL license file name is .dat.
A GTL license file must be one of the two versions, COMM or DEMO.
Version Period of Validity Reservation Period
COMM As defined in a contract Usually 90 days and at most
180 days
DEMO Usually 60 days; actual time
varies according to product
Usually 60 days; actual time
varies according to products
You can run the display
license state command to
view how long a license in the
Demo version will expire.

The system prompts you with a message each day in the reservation period. If you intend to
continue using the service modules, you need to apply for a new GTL license.
NOTE
The reservation period refers to the number of days for which you can continue to use service modules
after the GTL license expires.
Pre-configuration Tasks
Before activating a GTL license file, complete the following tasks:
l Applying for a GTL license file
Data Preparation
To activate a GTL license file, you need the following data.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
196
No. Data
1 GTL license file name

9.2.2 Uploading a GTL License File
The GTL license file that has been applied for can be activated only after the file has been
uploaded to the storage medium on a device.
Context
Before uploading a GTL license file, run the dir command to check that the storage media has
adequate free space to store the GTL license file.
Procedure
Step 1 Run:
dir device-name
Check whether the GTL license file is existed.
The license file is in the *.dat format and can be stored in the flash memory or USB flash drive.
NOTE
A user who wants to upgrade a GTL license must run the license revoke command to obtain an invalidation
code, and then use this code to apply to Huawei for a new GTL license. This user also needs to load the
new GTL license file to the main control board.
----End
9.2.3 Activating the GTL License File
After activating the GTL license, you are allowed to operate the corresponding service modules.
Procedure
l Activate the GTL license for the first time.
1. Run:
license active file-name
The GTL license is activated and you obtained permission.
NOTE
If you use the GTL license for the first time, buy the GTL license file from Huawei.
l Upgrade the GTL license.
1. Run:
license revoke
The GTL license invalidation code is returned.
NOTE
Apply to Huawei for a new GTL license by using the invalidation code.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
197
2. Run:
license active file-name
The GTL license is activated and you obtained permission.
----End
9.2.4 (Optional) Enabling the Emergency State of the GTL License
Module
When the Emergency state of the GTL license module is enabled, a device can use the maximum
specification for each feature or function.
Context
The Emergency state of a GTL license module can be enabled on the router in any of the
following situations:
l A Comm version of the GTL license file has been activated and is in the Normal state.
l A Demo version of the GTL license file has been activated and is in the Demo state.
l When the time period for enabling the Emergency state comes to an end, the state can be
enabled again on the final day of the first period.
Procedure
Step 1 Run:
license emergency
The Emergency state of the GTL license module is enabled.
NOTE
Note the following concerning the Emergency state:
l The Emergency state cannot be cancelled manually.
l The Emergency state can only be enabled three times, each time for seven days.
l The Emergency state can be re-enabled only on the last day of the previous enabling period.
----End
9.2.5 Checking the Configuration
After the GTL license file has been activated, you can view information about the file on the
master and slave MPUs.
Prerequisites
The configurations for activating the GTL license file are complete.
Procedure
l Run the display license command to check information about the GTL license file on the
master and slave MPUs.
l Run the display license state command to check the license type.
----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
198
Example
<Huawei> display license
Active License on master board: flash:/LIC_ON77076_A6D2CE1AEC3_AR.dat

Active license : flash:/LIC_ON77076_A6D2CE1AEC3_AR.dat
License state : Demo
Revoke ticket : No ticket

Product name : AR
Product version : V200R002
License file ESN : AR00050123456789,AR00060123456789,AR00070123456789,AR000801
23456789
License Serial No : LIC20110309010210
Creator : Huawei Technologies Co., Ltd.
Created Time : 2011-03-09 19:36:14
Country : China
Custom : R&D of Huawei Technologies Co., Ltd.
Office : Shenzhen

Feature name : ACCESS
Authorize type : DEMO
Expired date : 2011-06-07
Trial days : 60

Item name : LLE0IPPBX01
Item type : Function
Control value : 1
Used value : 1
Item state : Normal
Item expired date : 2011-06-07
Item trial days : 60
Description : LLE0IPPBX01
9.3 Upgrading System Software
Software upgrade can optimize device performance, add new features, and update the current
software version.
9.3.1 Establishing the Configuration Task
To add new features or optimize device performance based on customer requirements, you can
upgrade the current system software.
Applicable Environment
Before upgrading system software, you can select resource files as needed.
NOTE
Note the following points before upgrading system software:
l Obtain the new system software and relevant upgrade documents from Huawei.
l Different products use different system software versions. For information about particular products,
refer to the official Huawei upgrade guide when upgrading a device.
l Enable the logging function to record all operations during the upgrade. This facilitates fault analysis
and location in case of an upgrade failure.
l If the device restarts due to incorrect resource file configurations, the device will automatically roll
the resource file back to the source version after the device has been restarted.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
199
Pre-configuration Tasks
Before upgrading system software, complete the following task:
l Making sure that the router to be upgraded is working properly, and logging in to the router
Data Preparation
To upgrade system software, you need the following data.
No. Data
1 Baud rate of a serial interface
2 IP address of an FTP server or the router
3 Username and password used for FTP login
4 (Optional) New system software, configuration files, license file, and patch file

9.3.2 Checking the System Before the Upgrade
Carefully check a device to be upgraded against an upgrade checklist to ensure that the upgrade
can proceed smoothly.
Procedure
Step 1 Prepare hardware as needed, for example, free up memory space to store new system software
and related upgrade files.
Step 2 Check whether a new GTL license file is required and, If so, obtain it from Huawei.
NOTE
l A new GTL License must be obtained when a device is upgraded to a new R version or V version.
l The new GTL license file must be consistent with the system software.
To view GTL license-controlled features, use a text editor like Windows Notepad to open the
GTL license file. The contents of the Resource and Function fields are the resource and function
items controlled by the GTL license file.
Step 3 Obtain software required for the upgrade. The new system software (.cc file) and relevant
upgrade documents must be obtained from Huawei.
Step 4 In the user view, run the display version command to view the current system software. If the
current system software is the same as or later than new system software, an upgrade is
unnecessary.
Step 5 Run the following commands to check the device operation status:
Run the display memory-usage command in the user view to check the memory usage of MPUs
to ensure that the MPUs are working properly.
Run the display health command in the user view and record the command output. If you cannot
locate faults that have occurred during the upgrade, provide this information to Huawei technical
personnel for troubleshooting.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
200
Step 6 Set up an environment where TFTP or FTP can be used to perform software upgrade. This helps
to back up the original resource files before the upgrade and upload the new resource files
required for the upgrade.
When the system software is upgraded with FTP:
l If the device to be upgraded functions as a client and a PC functions as a server, you must
install FTP server software on the PC. You need to purchase and install FTP server software
yourself, because the device does not have such software installed by default.
l If the device to be upgraded functions as a server and a PC functions as a client, you do not
need to install FTP server software on the PC. By default, the FTP server function on the
device to be upgraded is disabled. To enable the function, run the ftp server enable
command.
When the system software is upgraded with TFTP, the device to be upgraded can only function
as a client and does not provide the TFTP server function. In this case, you must install TFTP
server software on the PC.
Step 7 Back up important data stored in the storage media on the device to be upgraded.
Step 8 Check that the device storage media has adequate free space to store the new system software
and related upgrade files.
----End
9.3.3 Downloading a System File
Context
This section describes how to download a system file to the AR1200-S.
Procedure
l Uploading a system file to the AR1200-S using the AR1200-S as the FTP server and
the PC as the FTP client
1. Run the system-view command to enter the system view.
2. Run the ftp server enable command to enable the FTP server.
3. Run the aaa command to enter the AAA view.
4. Run the local-user user-name password { simple | cipher } password command to
configure a local user name and password.
5. Run the local-user user-name service-type ftp command to set the service type of
the local user to FTP.
6. Run the local-user user-name ftp-directory directory command to specify an FTP
working directory for the FTP user.
7. On the PC (running a Windows operating system for example), choose Start >
Run. Enter cmd and press Enter to enter the command line window.
8. Place the system file to a specified directory, for example, D:\ftp.
9. Run the ftp ip-address command to log in to the router.
Enter the configured user name and password as prompted, and press Enter. When
the command line prompt of the FTP client view, such as ftp>, is displayed, you are
in the working directory of the FTP server, as shown in Figure 9-2.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
201
Figure 9-2 Logging in to the FTP server from the PC

10. Run the binary command on the router to set the file transfer mode to binary.
NOTE
FTP supports two file transfer modes: ASCII and binary. Their differences are as follows:
l The ASCII transfer mode uses ASCII characters and separates carriage returns from line
feed characters.
l The binary transfer mode transfers characters without format conversion or formatting.
The client specifies which file transfer mode to use. The default file transfer mode is ASCII
transfer. You can use use a command to change the file transfer mode. Transfer text files in
ASCII mode and binary files in binary mode. When transfer the system file, use the binary
mode.
11. Run the put remote-filename [ local-filename ] command to upload the system file
from the PC to the router.
12. Run the dir command on the router to check whether the system file exists in the
current directory.
NOTE
If the size of the system file in the current directory on the router is different from that on the
PC, an error may occur during file transfer. Upload the system file again.
l Uploading a system file to the AR1200-S using the AR1200-S as the FTP client and
the PC as the FTP server
1. Run an FTP server program on the PC. This procedure uses WFTPD32 as an example,
as shown in Figure 9-3.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
202
Figure 9-3 Running an FTP server program on the PC

2. Choose Security > Users/rights to configure a user name, password, and FTP
working directory on the PC, as shown in Figure 9-4.
Click New User to set the user name and password. Here, the user name is AR and
the password is 123456. Specify the FTP working directory on the PC in the Home
Directory text box, for example, D:\ftp. Place the system file to this directory and
click Done to close the dialog box.
Figure 9-4 Configuring an FTP user

3. Run the ftp host [ port-number ] command on the router to log in to the PC.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
203
NOTE
Before downloading the system file from the PC, ensure that there is enough space on the
router to store the system file. Enter the configured user name and password to log in to the
PC.
4. Run the binary command to set the file transfer mode to binary.
5. Run the get remote-filename [ local-filename ] command to download the system file
from the PC.
6. After the system file is downloaded, run the bye or quit command to terminate the
connection with the PC and return to the user view.
7. Run the dir command on the router to check whether the system file exists in the
current directory.
NOTE
If the size of the system file in the current directory on the router is different from the PC, an
error may occur in file transfer. Upload the system file again.
l Uploading a system file to the AR1200-S using the AR1200-S as the TFTP client and
the PC as the TFTP server
NOTE
The AR1200-S can function only as a TFTP client but not a TFTP server.
1. Run a TFTP server program on the PC. This procedure uses TFTP32 as an example,
as shown in Figure 9-5.
Figure 9-5 Running a TFTP server program on the PC

2. Set Current Directory to the directory of the backup system file by clicking
Browse, and place the system file to the specified directory. Set Server Interface to
the IP address of the TFTP server. The IP address is usually displayed automatically.
3. Run the tftp tftp-server get source-filename [ destination-filename ] command on the
router to download the system file from the PC.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
204
NOTE
Before downloading the system file from the PC, ensure that there is enough space on the
router to store the system file.
4. Run the dir command on the router to check whether the system file exists in the
current directory.
NOTE
If the size of the system file in the current directory on the router is different from that on the
PC, an error may occur during file transfer. Upload the system file again.
l Downloading a system file to the AR1200-S using the BootROM menurouter
NOTE
This method is not recommended because the upgrade procedure is complicated. Use this method
only when the router system software cannot start.
Connect the router's management interface to the PC.
The management interface varies according to the device model:
l AR150: Ethernet0/0/3
l AR200: Ethernet0/0/6
l AR1200: GigabitEthernet0/0/0
l AR2200: GigabitEthernet0/0/0
l AR2240: GigabitEthernet0/0/2
l AR3200: GigabitEthernet0/0/2
1. Run an FTP server program (for example, WFTPD32) on a terminal or PC, specify
the directory of the system file, and configure an FTP user name and password
according to Step 2.
2. Log in to the router from the console port. For details, see 1.2 Logging In to the
Device Through the Console Port.
3. Restart the router. Press Ctrl+B to enter the BootROM menu when the following
information is displayed.
Sep 16 2011,17:14:28
Copying Data : Done
Uncompressing : Done
Initializing SMI Bus:OK
Init flash, please wait......
Base Address: 0xfffffffffc000000
Size is: 0x20000000OK
flash drv init.
Initializing FlashPiece Module:
FlashPiece start offset at: 0x300000
FlashPiece size is: 0x100000
Initializing FlashDynamic Module:
FlashDynamic start offset at: 0x400000
FlashDynamic size is: 0x200000
Initializing I2C Bus:OK
USB2 Host Stack Initialized.
USB Hub Driver Initialized
USBD Wind River Systems, Inc
EHCI Controller found.
Waiting to attach to USBD...0xbfffdf0 (tRootTask): usb1_base =
0xbff22000Done.
0xbfffdf0 (tRootTask): usbBulkDevInit() returned OK
Press Ctrl+B to break auto startup ... Attached TCP/IP interface to teth1.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
205
NOTE
l To access the BootROM menu, you must enter the initial password huawei after pressing
Ctrl+B.
4. Select choice 3 to enter the network menu.
Enter Password:
Main Menu
1. Default Startup
2. Serial Menu
3. Network Menu
4. Startup Select
5. File Manager
6. Reboot
Enter your choice(1-6):3
5. Select choice 2 to modify parameters.
NetWork Menu
1. Display parameter
2. Modify parameter
3. Save parameter
4. Download file
0. Return
Enter your choice(1-10): 2
Configure the FTP service type, system file name, network management interface
address, FTP server address, FTP user name, and FTP password.
NOTE:
Ftp type define: 0(ftp), 1(tftp),
ENTER = no change; '.' = clear;
Ftp type : 0
File name : ar.cc
Ethernet ip address : 192.168.200.174
Ethernet ip mask : ffffff00
Gateway ip address :
Ftp host ip address : 192.168.200.1
Ftp user : ar
Ftp password : ar
6. After the system returns to the network menu, select choice 4 to download the specified
system file from the PC.
NetWork Menu
1. Display parameter
2. Modify parameter
3. Save parameter
4. Download file
0. Return
Enter your choice(1-10): 4
7. Specify the location to save the system file.
Download file to: [ 1:flash 2:usb0 ]:
Enter the corresponding number to select the storage media. For example, 1 indicates
the flash memory.
NOTE
The device uses the flash as default settings. The other storage media such as USB flash drive
will be displayed only after they are installed.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
206
8. After the system file is downloaded to the router, restart the router.
----End
9.3.4 Specifying the System Software to Be Used at the Next Startup
After the system software to be used by the router at the next startup is specified, the patch status
file to be used at the next startup must be reset.
Context
Before specifying the system software to be used at the next startup, perform the following
operations:
Upload the system software to the master and slave MPUs. For details, see information about
uploading and downloading files in Managing Files Using FTP Commands.
Make sure that the storage media on the MPUs have sufficient space to store the system software.
NOTE
Check the size and release date of the system software to be uploaded.
Do as follows on the router to be upgraded:
Procedure
Step 1 In the user view, run:
startup system-software system-file
The system software to be used at the next startup is specified for the MPU.
Step 2 (Optional) If the upgraded system software needs a corresponding patch file, perform the
following operations:
l Run:
startup patch file-name
A patch file to be used at the next startup is specified for the MPU.
Step 3 (Optional) Run:
startup saved-configuration configuration-file
The configuration file to be used at the next startup is specified for the MPUs.
----End
9.3.5 Configuring a Backup Startup File
After a backup startup software package is configured, the system can restart properly if a fault
occurs.
Context
If the storage device where the startup software package is stored is damaged, you can use the
backup software package to make the system start.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
207
NOTE
l The file name extension of the system software package must be .cc and the package must be stored
in the root directory.
l The backup startup software package can be identical with or different than the current startup software
package. Either can be used to start the system.
Procedure
Step 1 Run:startup system-software filename backup. A backup startup software package is
specified.
----End
9.3.6 (Optional) Upgrading the BootROM of the LPU
After the system software is upgraded, you need to manually upgrade the BootROM of the 2FE
and 1GEC.
Context
NOTE
Run the display device command to check whether the device is configured with a registered 2FE or
1GEC.
Procedure
Step 1 Run:
upgrade slot slot-id startup bootrom
The BootROM is upgraded.
Step 2 Run:
reset slot slot-id
The LPU is reset.
After the LPU is reset, run the display version slot slot-id command to check whether the
BootROM has been upgraded.
----End
9.3.7 Restarting a Device
The system software to be used at the next startup will take effect only after the device is restarted.
Context
During the upgrade, the device must be restarted in the following situations:
l The system software and configuration file to be used at the next startup have been specified.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
208
CAUTION
Before restarting the router, run the save command to save the current configuration file.
The router restarts with the specified startup files. If the specified startup files are damaged, the
router restarts with the backup startup files. If the router fails to restart with the backup startup
files, it searches valid startup files on the storage devices in the sequence "Flash memory-> USB
flash drive." If a storage device has multiple startup files, it uses the startup file that is found
first for startup. When the router finds valid system software packages and configuration files
on the storage device, it selects a rollback version within 24 minutes and restarts with the selected
version. If the router does not find valid system software and configuration file, it stops at the
BootROM menu.
Procedure
l In the user view, run:
reboot [ fast ]
The router is restarted.
----End
9.3.8 Checking the Configuration
After the system software is upgraded, you can check information about interface parameters
and version consistency between resource files.
Prerequisites
The configurations for upgrading system software are complete.
Procedure
l Run the display patch-information command to check information about all patches.
l Run the display startup command to check that the values of the "Startup system software"
and "Startup saved-configuration file" fields in the command output are the values you
require.
----End
Example
After the patch is installed, run the display patch-information command. You can view the
patch status on each board.
<Huawei> display patch-information
Patch version : ARV200R001C00SPH100
Patch packet name: flash:/patch_lic2.pat
Run the display startup command. You can view the names of the system software and the
configuration file used at the startup. For example:
<Huawei> display startup
MainBoard:
Startup system software: flash:/ar0215_31345_.cc
Next startup system software: flash:/ar0215_31345_.cc
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
209
Backup system software for next startup: null
Startup saved-configuration file: flash:/iascfg.zip
Next startup saved-configuration file: flash:/iascfg.zip
Startup license file: null
Next startup license file: null
Startup patch package: null
Next startup patch package: null
Startup voice-files: null
Next startup voice-files: null
9.4 Managing Patches
This section describes several operations related to patches. You can install patches to upgrade
the system without interrupting services, specify a patch file to be used after the next startup,
uninstall patches that do not meet system requirements, or delete the unwanted patches to release
the memory of the patch area on the MPU.
9.4.1 Establishing the Configuration Task
To rectify system vulnerabilities or defects, you can install patches. Installing patches allows
the system to be upgraded without interrupting services.
Applicable Environment
The installation process installs a patch to the MPU and all LPUs.
You can use either of the following methods to install patches:
l Installing a patch file immediately: The patch file takes effect after a command is used to
run the patch file, without having to restart the device. For details, see Installing a
Patch.
l Specifying a patch file to be used at the next startup: The patch file takes effect after the
device is restarted.
Pre-configuration Tasks
Before managing patches, complete the following tasks:
l Making sure that the router is working properly
l Storing patches in the storage medium on the router
Data Preparation
To manage patches, you need the following data.
No. Data
1 Patch file

9.4.2 Installing a Patch
You can load and run a patch in the user view. This allows the device performance to be
optimized.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
210
Context
Only one patch file can be run in the system at a time. Therefore, display patch-information
run the command before patch installation to check information about all patches, including the
running patches. If the command output shows that there is a running patch file in the system,
delete the running patch file.
In addition, perform the following operations before patch installation:
l Upload a patch file to the master MPU. For details, see the contents of uploading and
downloading files in Performing File Operations by Using FTP Commands.
Procedure
Step 1 Enter the user view.
Step 2 Run:
patch load patchname all run
The patch is activated.
NOTE
l The patch load patchname all run command can activate only one patch file each time.
l Each patch is developed incrementally based on the earlier version. If the incremental patch
patchB.pat is activated when the system is running the earlier version patchA.pat, patchB.pat takes
effect. To run patchA.pat again, run the patch delete all command to delete patches in the system,
and load and activate patchA.pat. Alternatively, run the startup patch command to specify
patchA.pat as the next startup patch, and then restart the device to make patchA.pat effective.
----End
9.4.3 Specifying a Patch File to Be Used at the Next Startup
If you do not want the patch file that has been uploaded to the storage media to take effect, you
can specify a different patch file to be used at the next startup. This patch file will take effect
after the device is restarted.
Context
Before specifying a patch file to be used at the next startup, the following tasks must be
completed:
l Upload the specified patch file to the storage medium on the master MPU. For details, see
the contents of uploading and downloading files in Managing Files Using FTP
Commands.
Procedure
Step 1 In the user view, run:
startup patch file-name
The patch file (*.pat) to be used at the next startup is specified for the master and slave MPUs.
----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
211
Follow-up Procedure
After the patch file to be used at the next startup has been specified, run the display startup
command to view the value of the "Next startup patch package" field on the MPUs.
9.4.4 Uninstalling a Patch
If an installed patch does not meet system requirements, or more storage space of the patch area
is needed, you can uninstall the patch by running a command in the user view.
Context
Only one patch file can be run in the system during patch installation. Therefore, delete the
running patch file from the patch area before loading and running a new patch file.
Procedure
Step 1 Run:
patch delete all
All patches in the system are deleted.
----End
Follow-up Procedure
After patch files have been deleted, run the following command to verify the configuration.
l Run the display patch-information command to check the patch status.
<Huawei> display patch-information
Info: No patch in the system
9.4.5 Checking the Configuration
After patch installation is complete, you can view patch information, such as the patch status.
Prerequisites
The configurations for patch installation are complete.
Procedure
l Run the display patch-information command to check information about all patches.
----End
Example
After a patch has been installed, run the display patch-information command to view the patch
status on each board.
<Huawei> display patch-information
Patch version : ARV200R002C00SPH100
Patch packet name: flash:/patch_lic2.pat
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
212
9.5 Monitoring CPU and Memory Usage
Configure CPU and memory usage thresholds to monitor system performance.
9.5.1 Establishing the Configuration Task
Before setting CPU and memory usage thresholds, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain any data required for the
configuration. This will help you complete the configuration task quickly and correctly.
Applicable Environment
The CPU and memory are key parts of a device. Routing information and fast route algorithms
can consume a large amount of CPU resources, affecting system performance. If resource usage
is too great, the device is unable to process data in a timely manner, packets may be lost, or the
system may break down. Customers must bear the losses from such occurrences.
If alarms warn of high CPU or memory usage during data processing on the router, CPU and
memory usage can be effectively monitored, and the system performance can be optimized. This
facilitates normal system operations.
Pre-configuration Tasks
Before setting CPU and memory usage thresholds, complete the following task:
l Making sure that the router is working properly
Data Preparation
To set CPU and memory usage thresholds, you need the following data.
No. Data
1 CPU usage thresholds, including an alarm threshold and a clear alarm threshold
2 Memory usage threshold

9.5.2 Setting CPU Usage Thresholds
Setting CPU usage thresholds allows CPU usage to be monitored.
Context
Two CPU usage thresholds are set:
l Alarm threshold: indicates that the system generates an alarm when CPU usage reaches
this alarm threshold.
l Clear alarm threshold: indicates that the alarm is cleared when CPU usage falls below this
clear alarm threshold.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
213
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
set cpu-usage threshold threshold-value [ restore restore-threshold-value ] [ slot
slot-id ]
An alarm threshold and a clear alarm threshold are set for CPU usage on an MPU or an LPU in
a specified slot.
NOTE
By default, the alarm threshold for CPU usage is 80%, and the clear alarm threshold for CPU usage is 75%.
----End
9.5.3 Setting a Memory Usage Threshold
Setting a memory usage threshold allows memory usage to be monitored.
Context
Two memory usage thresholds are set:
l Alarm threshold of memory usage: indicates that the system generates an alarm when the
memory usage reaches the alarm threshold.
l Clear alarm threshold of memory usage: indicates that the alarm is cleared when the CPU
usage falls below the clear alarm threshold.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
set memory-usage threshold threshold-value
An alarm threshold is set for memory usage.
Default settings are as follows:
l If the memory of an LPU is equal to or smaller than 128 MB, the alarm threshold for memory
usage is 90%.
l If the memory of an LPU ranges from 128 MB to 256 MB, the alarm threshold for memory
usage is 95%.
l If the memory of an LPU ranges from 256 MB to 512 MB, the alarm threshold for memory
usage is 95%.
l If the memory of an LPU is larger than 512 MB, the alarm threshold for memory usage is
95%.
----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
214
9.5.4 Checking the Configuration
After CPU and memory usage thresholds are set, you can view information about the CPU usage
and memory usage.
Prerequisites
The configurations of for CPU and memory usage thresholds are complete.
Procedure
l Run the display cpu-usage configuration [ slot slot-id ] command to check CPU usage.
l Run the display memory-usage thresholdcommand to check memory usage.
----End
Example
# Display the CPU usage of the MPU. The CPU usage is displayed in the CPU column.
<Huawei> display cpu-usage
CPU Usage Stat. Cycle: 60 (Second)
CPU Usage : 0% Max: 100%
CPU Usage Stat. Time : 2011-01-30 15:41:37
CPU utilization for five seconds: 0%: one minute: 0%: five minutes: 0%.
TaskName CPU Runtime(CPU Tick High/Tick Low) Task Explanation
BOX 0% 0/ 7097de BOX Output
_TIL 0% 0/ 0 Infinite loop event task
VCLK 0% 0/ d90e00
TICK 0% 0/ 38b72ad
co0 0% 0/ 1e677b co0 Line user's task
TAD 0% 0/ 0 TAD Transmission Alarm Damping
RTMR 0% 0/ 18a307e RTMR
IPCQ 0% 0/ 1c181c4 IPCQIPC task for single queue
IPCK 0% 0/ 0 IPCKIPC task for ack message
VP 0% 0/ 38700 VP Virtual path task
IPCW 0% 0/ 1a167 IPCWIPC task of WVRP
VPWV 0% 0/ 19540d VPWVP task of WVRP
RPCQ 0% 0/ 1540dc RPCQRemote procedure call
VFS 0% 0/ 0 VFS Virtual file system
VMON 0% 0/ 59002 VMONSystem monitor
HACK 0% 0/ 0 HACKtask for HA ACK
MTP 0% 0/ 0 MTP
STND 0% 0/ 5de440 STNDStandby task
CFA 0% 0/ 28c9fa CFA Configuration agent
INFO 0% 0/ e7e7 INFOInformation center
SAPP 0% 0/ 39569 SAPP
NQAC 0% 0/ 0 NQAC
NQAS 0% 0/ 0 NQAS
VOAM 0% 0/ 0 VOAM
MINM 0% 0/ 532c94 MINMMac in Mac
APS 0% 0/ 570eda APS Automatic Protection Switch
ISC6 0% 0/ 0 ISC6
FIB6 0% 0/ 0 FIB6IPv6 FIB
BFD 0% 0/ 8557f7 BFD Bidirection Forwarding Detect
TNLM 0% 0/ 16dc594 TNLM
OAM 0% 0/ 7e0fb2 OAM OAM
LSPA 0% 0/ 0 LSPA
L2V 0% 0/ 12eb43 L2V
SNPG 0% 0/ 552703 SNPG
CCTL 0% 0/ 0 CCTLBulk stat connect control
TCTL 0% 0/ 0 TCTLBulk stat transmit control
NAP 0% 0/ 0 NAP
PM 0% 0/ e509c PM
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
215
PMF 0% 0/ 0 PMF
EOAM 0% 0/ 6c0c8 EOAMEthernet OAM 802.1ag
1731 0% 0/ bbbaf 1731Ethernet OAM Y1731
TRAF 0% 0/ 0 TRAFTraffic Statistics
SLAG 0% 0/ 0 SLAG
ITSK 0% 0/ 176169 ITSKIPOS common task
CDM 0% 0/ 9d3ca CDM
CSBR 0% 0/ 0 CSBRCompare slave buildrun-info
NFPT 0% 0/ aab1f NFPTNFP timer task
SOCK 0% 0/ 61e702 SOCKPacket schedule and process
VTRU 0% 0/ 0 VTRUNK
FIB 0% 0/ 0 FIB Forward Information Base
MFIB 0% 0/ 22b68 MFIBMulticast forward info
IFNT 0% 0/ 0 IFNTIfnet task
U 0 0% 0/ 0 U 0 user command process task
PDTT 0% 0/ 0 PDTTPDT timer task
VTYD 0% 0/ 180a11 VTYDVirtual terminal
RSA 0% 0/ 0 RSA RSA public-key algorithms
GRSA 0% 0/ 0 GRSA
AGNT 0% 0/ 0 AGNTSNMP agent task
TRAP 0% 0/ ec52e5 TRAPSNMP trap task
AGT6 0% 0/ 0 AGT6SNMP AGT6 task
FMAT 0% 0/ 262b90 FMATFault Manage task
MDMT 0% 0/ e825a5 MDMTModem task
NTPT 0% 0/ 1b3d998 NTPTNetwork time protocol task
CFM 0% 0/ 0 CFM Configuration file management
HS2M 0% 0/ 0 HS2MHigh available task
ISSU 0% 0/ 0 ISSU
WEBS 0% 0/ add886 WEBSERVER
CMDA 0% 0/ 0 CMDA
MACR 0% 0/ 10c76 MACRO
SNP 0% 0/ 0 SNP DHCP snooping function
AAA 0% 0/ 0 AAA AAA
RDS 0% 0/ 0 RDS RADIUS
TACH 0% 0/ 5d0a21 TACHWTACACS
WEB 0% 0/ 0 WEB WEB Authentication
UCM 0% 0/ bd69 UCM User Connection Management
LAM 0% 0/ 0 LAM Local Accounting Management
GTL 0% 0/ 0 GTL
CPPS 0% 0/ 0 CPPS
ROUT 0% 0/ 1dbd703 ROUTRoute task
LSPM 0% 0/ 1c0a41 LSPMLsp management
RSVP 0% 0/ 0 RSVP task
LDP 0% 0/ cffb6c LDP task
CSPF 0% 0/ cd083 CSPF task
GRES 0% 0/ 0 GRESM task
GEM 0% 0/ 0 GEM
GEM 0% 0/ 0 GEM RUN
UTSK 0% 0/ 0 UTSK
APP 0% 0/ 16649 APP
IP 0% 0/ 9ff0c IP
LINK 0% 0/ 1f0b816 LINK
VRPT 0% 0/ 8da6a VRPT
HOTT 0% 0/ 0 HOTT
TNQA 0% 0/ d9e0e TNQAC
TTNQ 0% 0/ 0 TTNQAS
TARP 0% 0/ 0 TARPING
TTVP 0% 0/ 0 TTVPLS
L2 0% 0/ 67387b L2
VRRP 0% 0/ 25d5a0c VRRP
L2_P 0% 0/ b18764 L2_PR
ARP 0% 0/ 0 ARP
PBBL 0% 0/ 0 PBBL
RMON 0% 0/ ab97a RMONRemote monitoring
OS 100% 20/98434960 Operation System
# Display the CPU usage of the MPU.
<Huawei> display cpu-usage configuration
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
216
The CPU usage monitor is turned on.
The current monitor cycle is 60 seconds.
The current monitor warning threshold is 80%.
The current monitor restore threshold is 75%.
# Check the memory usage of the MPU.
<Huawei> display memory-usage threshold
Current memory threshold of the main board is 90%.
9.6 Restarting the Device
After the system software of the router is upgraded, the router must be restarted for configurations
to take effect. Restarting the router also prevents the system failure due to an excessive number
of temporary files.
9.6.1 Establishing the Configuration Task
Before restarting the router, familiarize yourself with the applicable environment, complete the
pre-configuration tasks, and obtain any data required for the configuration. This will help you
complete the configuration task quickly and correctly.
Applicable Environment
After the system software of the router is upgraded, the router must be restarted for configurations
to take effect. Restarting the router also prevents the system failure due a an excessive number
of temporary files.
The AR1200-S provides two methods of restarting the router:
l Immediate restart
l Scheduled restart
Pre-configuration Tasks
Before restarting the router, complete the following tasks:
l Making sure that the router is working properly
Data Preparation
To restart the router, you need the following data.
No. Data
1 Time to restart the router
2 Wait time before restarting the router

9.6.2 Restarting the Device Immediately
Before restarting the router, you must choose whether to save the current configuration file of
the router.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
217
Context
CAUTION
Using the reboot command is not recommended. It can cause transient service interruption.
Procedure
l Run:
reboot [ fast ]
The router is restarted immediately.
----End
9.6.3 Configuring the Device to Restart as Scheduled
You can configure the router to restart at a scheduled time by setting a restart time or a wait time
before the restart.
Context
Do as follows on the router that needs to restart at a scheduled time:
Procedure
Step 1 Run:
schedule reboot at exact-time
The router is configured to restart at a scheduled time, and the restart time is set.
Step 2 Run:
schedule reboot delay interval
The router is configured to restart at a scheduled time, and the wait time before the restart is set.
You can choose either Step 1 or Step 2 to configure the router to restart at a scheduled time.
By default, the function for configuring a device to restart at a scheduled time is disabled.
NOTE
You can run the undo schedule reboot command to disable the function of restarting the router at a fixed
time.
----End
9.6.4 Checking the Configuration
After the router has been configured to restart at a scheduled time, you can view parameters set
for the scheduled restart.
Prerequisites
The configurations for restarting the router at a scheduled time are complete.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
218
Procedure
l Run the display schedule reboot command to check the parameters set for the scheduled
restart of the router.
----End
Example
# View the configuration of the router restart, with the restart time at 00:00.
<Huawei> display schedule reboot
Info:System will reboot at 00:00:00 2009/07/01 (in 12 hours and 33 minutes).
# View the configuration of the router restart with a wait time set to 12 hours before the restart.
<Huawei> display schedule reboot
Info:System will reboot at 23:27:14 2009/06/30 (in 11 hours and 59 minutes).
9.7 Configuration Examples
The examples explain networking requirements and precautions, and provide configuration
roadmaps.
9.7.1 Example for Upgrading System Software
This section provides detailed procedures for upgrading system software. This will help you to
complete the upgrade task quickly and accurately.
Networking Requirements
The current system software needs to be upgraded if it cannot provide additional features or
larger specifications required by customers.
As shown in Figure 9-6, the system software of the cannot meet customer's requirements and
needs to be upgraded. Huawei has provided related upgrade files for the customer to perform
software upgrade on the.
Figure 9-6 Networking diagram for upgrading system software
MPLS Core
PE
FTP Server
PC
10.1.1.2/24
GE2/0/0
10.1.1.1/24

Precautions
l The key data in the storage medium on the device must be backed up to the PC.
l The remaining space of the storage media must be checked to make sure that there is enough
space to store new system software.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
219
Configuration Roadmap
The configuration roadmap is as follows:
1. Specify FTP as the mode of uploading the system software, the device as the FTP server,
user 1 as the user name, and huawei as the user password.
2. Specify the system software and configuration file to be used at the next startup.
3. Save the configuration file and restart the device.
4. Verify the configuration.
Data Preparation
To complete the configuration, you need the following data:
l System software version before the upgrade, which is V200R001C00.cc in this example
l New system software version, which is V200R002C00.cc in this example
l Backup startup software version, which is V200R001C00_backup.cc
l Size of the remaining space of the storage media, which can store the system software
package
Procedure
Step 1 Upload the new system software.
# Configure the device as an FTP server.
<Huawei> system-view
[Huawei] ftp server enable
Info: Succeeded in starting the FTP server.
[Huawei] aaa
[Huawei-aaa] local-user user1 password simple huawei
info: A new user added
[Huawei-aaa] local-user user1 service-type ftp
[HuaWei-aaa] local-user user1 ftp-directory flash:/
[Huawei-aaa] quit
[Huawei] quit
After the preceding configurations are complete, run the display local-user command to check
information about the user.
<Huawei> display local-user
----------------------------------------------------------------------------
User-name State AuthMask AdminLevel
----------------------------------------------------------------------------
user1 A H -
user2 A A -
----------------------------------------------------------------------------
Total 2 user(s)
# On the PC, specify the binary format as the file transfer mode, and c:\temp as the working
directory.
NOTE
The Windows XP operating system is used as an example.
Store the uploaded file in the specified directory (C:\temp in this example). Choose Start >
Run and enter cmd. Then, press Enter. Enter FTP 10.1.1.1. At the prompt of "user", enter the
user name. At the prompt of "password", enter the password. The following configurations are
displayed:
C:\Documents and Settings\Administrator> ftp 10.1.1.1
Connect to 10.1.1.1.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
220
220 FTP server ready.
User <10.1.1.1:<none>>:user1
331 Please specify the password.
Password:
230 User logged in.
Specify a directory and a file transfer mode on the FTP client to store the uploaded file.
ftp> binary
200 Type set to I.
ftp> lcd c:\temp
Local directory now c:\temp.
# On the PC, upload the new system software (*.cc) to the device.
ftp> put V200R002C00.cc
200 Port command okay.
226 Transfer complete.
Step 2 Specify the system software and configuration file to be used at the next startup.
# Specify the system software to be used at the next startup.
<Huawei> startup system-software flash:/V200R002C00.cc
This operation will take several minutes, please wait..........
Info: Succeeded in setting the file for booting system
# Specify the configuration file to be used at the next startup.
<Huawei> startup saved-configuration aa.cfg
This operation will take several minutes, please wait...
Info: Succeeded in setting the file for booting system
# View the system software and configuration file to be used at the next startup, and check that
the system software is the specified one.
<Huawei> display startup
MainBoard:
Startup system software : flash:/V200R001C00.cc
Next startup system software : flash:/V200R002C00.cc
Backup system software for next startup: null
Startup saved-configuration file: flash:/iascfg.zip
Next startup saved-configuration file : flash:/aa.cfg
Startup license file: null
Next startup license file: null
Startup patch package: null
Next startup patch package: null
Startup voice-files: null
Next startup voice-files: null
Step 3 Specify the backup startup software.
# After a backup startup software package is configured, the system can restart properly if a fault
occurs.
<Huawei> startup system-software V200R001C00_backup.cc backup
This operation will take several minutes, please wait...
Info: Succeeded in setting the backup file for booting system
Step 4 Save the configuration file and restart the device.
# Save the configuration file.
<Huawei> save
The current configuration will be written to the device.
Are you sure to continue? [Y/N]:y
It will take several minutes to save configuration file, please wait...
Configuration file had been saved successfully
Note: The configuration file will take effect after being activated
# Restart the device.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
221
<Huawei> reboot
Info: The system is comparing the configuration, please wait.
Warning: All the configuration will be saved to the next startup configuration.
Continue ? [y/n]:y
It will take several minutes to save configuration file, please wait........
Configuration file had been saved successfully
Note: The configuration file will take effect after being activated
System will reboot! Continue ? [y/n]:y
Info: system is rebooting ,please wait...
Step 5 Verify the configuration.
After the device has been restarted, run the display version command. You can view that the
current system software is a new version. It means that the system software upgrade is successful.
<Huawei> system-view
[Huawei] display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.10 (AR1220-S V200R002C00)
Copyright (C) 2000-2010 Huawei Technologies Co., LTD
Huawei AR1220-S Router uptime is 0 week, 0 day, 3 hours, 59 minutes
BKP 0 version information:
1. PCB Version : AR01BAK1A VER.C
2. If Supporting PoE : Yes
3. Board Type : AR1220-S
4. MPU Slot Quantity : 1
5. LPU Slot Quantity : 2

MPU 0(Master) : uptime is 0 week, 0 day, 3 hours, 59 minutes
SDRAM Memory Size : 512 M bytes
Flash Memory Size : 256 M bytes
NVRAM Memory Size : 512 K bytes
MPU version information :
1. PCB Version : AR01SRU1A VER.A
2. MAB Version : 0
3. Board Type : AR1220-S
4. CPLD1 Version : 100
5. BootROM Version : -

LPU 1 : uptime is 0 week, 0 day, 3 hours, 53 minutes
SDRAM Memory Size : 256 M bytes
Flash Memory Size : 64 M bytes
LPU version information :
1. PCB Version : AR01SDCE2A VER.A
2. MAB Version : 0
3. Board Type : 2T1/T1-
M
4. CPLD1 Version : 0
5. CPLD2 Version : 0
6. BootROM Version : 906

LPU 2 : uptime is 0 week, 0 day, 3 hours, 53 minutes
SDRAM Memory Size : 256 M bytes
Flash Memory Size : 64 M bytes
LPU version information :
1. PCB Version : AR01SDSA2A VER.A
2. MAB Version : 0
3. Board Type : 1SA
4. CPLD1 Version : 0
5. CPLD2 Version : 0
6. BootROM Version : 906
----End
Configuration Files
#
ftp server enable
#
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
222
local-user user1 password simple huawei
local-user user1 ftp-directory flash::
local-user user1 service-type ftp
#
Startup system software: flash::/V200R001C00.cc
Next startup system software: flash::/V200R002C00.cc
#
return
9.7.2 Example for Installing a Patch File
This section provides an example for installing a patch without interrupting services.
Networking Requirements
As shown in Figure 9-7, the performance of the device needs to be optimized. Huawei has
provided a patch file for the customer to install.
Figure 9-7 Networking diagram for installing a patch file
MPLS Core
PE
FTP Server
PC
10.1.1.2/24
GE2/0/0
10.1.1.1/24

Configuration Roadmap
The configuration roadmap is as follows:
1. Upload the patch file to the storage medium on the MPU.
2. Load and run the patch file.
3. Verify the configuration.
Data Preparation
To complete the configuration, you need the following data:
l Patch file name, which is SPH-1.1.952.pat in this example
l Patch file storage path on the master MPU, which is flash in this example
Procedure
Step 1 Upload the patch file mapping the current system software.
# Upload the patch file mapping the current system software to the device from the PC.
ftp> put SPH-1.1.952.pat
200 Port command okay.
226 Transfer complete.
Step 2 Load and run the patch.
<Huawei> patch load SPH-1.1.952.pat all run
Patch operation succeeded
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
223
Step 3 Verify the configuration.
After the configuration is complete, run the display patch-information command to view
information about the running patch.
<Huawei> display patch-information
Patch version : ARV200R001C00SPH100
Patch packet name: flash:/SPH-1.1.952.pat
----End
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Basic Configuration 9 Upgrade and Maintenance
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
224