Professional Documents
Culture Documents
118678527-Configuration-Guide-Basic - ATN910-Configurations-V200R001C01-03 PDF
118678527-Configuration-Guide-Basic - ATN910-Configurations-V200R001C01-03 PDF
V200R001C01
Issue 03
Date 2012-03-19
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Website: http://www.huawei.com
Email: support@huawei.com
Related Version
The following table lists the product version related to this document.
Intended Audience
This document provides the basic concepts, configuration procedures, and configuration
examples in different application scenarios of the VRP Overview, Establishment of the
Configuration Environment, CLI Overview, Basic Configuration, User Management, File
System, Management of Configuration Files, FTP, TFTP, Telnet and SSH, Upgrade and
Maintenance features supported by the ATN 910 device.
l Commissioning Engineer
l Data Configuration Engineer
l Network Monitoring Engineer
l System Maintenance Engineer
Symbol Conventions
Symbol Description
Symbol Description
Command Conventions
Convention Description
GUI Conventions
Convention Description
Change History
Updates between document issues are cumulative. Therefore, the latest document issue contains
all updates made in previous issues.
Contents
2 CLI Overview...............................................................................................................................12
2.1 CLI Introduction...............................................................................................................................................13
2.1.1 Command Line Interface.........................................................................................................................13
2.1.2 Command Levels.....................................................................................................................................13
2.1.3 Command Line Views.............................................................................................................................16
2.2 Online Help.......................................................................................................................................................17
2.2.1 Full Help..................................................................................................................................................17
2.2.2 Partial Help..............................................................................................................................................18
2.2.3 Error Messages of the Command Line Interface.....................................................................................18
2.3 Features of Command Line Interface...............................................................................................................19
2.3.1 Editing.....................................................................................................................................................19
2.3.2 Displaying................................................................................................................................................19
2.3.3 Regular Expressions................................................................................................................................20
2.3.4 History Commands..................................................................................................................................23
3 Basic Configuration.....................................................................................................................31
3.1 Basic Configuration Introduction.....................................................................................................................32
3.2 Configuring the Basic System Environment....................................................................................................32
3.2.1 Establishing the Configuration Task.......................................................................................................32
3.2.2 Switching the Language Mode................................................................................................................33
3.2.3 Configuring the Equipment Name...........................................................................................................33
3.2.4 Setting the System Clock.........................................................................................................................34
3.2.5 Configuring a Header..............................................................................................................................35
3.2.6 Configuring Command Levels................................................................................................................35
3.2.7 Configuring the Undo Command to Match in the Previous View Automatically..................................36
3.3 Configuring Basic User Environment..............................................................................................................37
3.3.1 Establishing the Configuration Task.......................................................................................................37
3.3.2 Configuring the Password for Switching User Levels............................................................................38
3.3.3 Switching User Levels.............................................................................................................................38
3.3.4 Locking User Interfaces...........................................................................................................................39
3.4 Displaying System Status Messages.................................................................................................................39
3.4.1 Displaying System Configuration...........................................................................................................40
3.4.2 Displaying System Status........................................................................................................................40
3.4.3 Collecting System Diagnostic Information.............................................................................................40
4 User Management........................................................................................................................42
4.1 User Management Introduction........................................................................................................................44
4.1.1 User Interface View.................................................................................................................................44
4.1.2 User Management....................................................................................................................................45
4.2 Configuring Console User Interface.................................................................................................................46
4.2.1 Establishing the Configuration Task.......................................................................................................47
4.2.2 Configuring Console Interface Attributes...............................................................................................47
4.2.3 Setting Console Terminal Attributes.......................................................................................................48
4.2.4 Configuring User Priority........................................................................................................................49
4.2.5 Configuring User Authentication............................................................................................................49
4.2.6 Checking the Configuration.....................................................................................................................50
4.3 Configuring VTY User Interface......................................................................................................................51
4.3.1 Establishing the Configuration Task.......................................................................................................51
4.9.3 Example for Configuring an NMS User to Manage Devices in Machine-to-machine Mode.................73
5 File System....................................................................................................................................76
5.1 File System Introduction..................................................................................................................................77
5.1.1 File System..............................................................................................................................................77
5.1.2 File System Supported by the ATN 910..................................................................................................77
5.1.3 File...........................................................................................................................................................77
5.1.4 Directory..................................................................................................................................................78
5.2 Managing Storage Devices...............................................................................................................................78
5.2.1 Establishing the Configuration Task.......................................................................................................78
5.2.2 Restoring Storage Devices with File System Troubles...........................................................................78
5.2.3 Formatting Storage Devices....................................................................................................................79
5.3 Managing the Directory....................................................................................................................................79
5.3.1 Establishing the Configuration Task.......................................................................................................79
5.3.2 Viewing the Current Directory................................................................................................................80
5.3.3 Switching a Directory..............................................................................................................................80
5.3.4 Displaying a Directory or File.................................................................................................................81
5.3.5 Creating a Directory................................................................................................................................81
5.3.6 Deleting a Directory................................................................................................................................81
5.4 Managing Files.................................................................................................................................................82
5.4.1 Establishing the Configuration Task.......................................................................................................82
5.4.2 Displaying Contents of Files...................................................................................................................82
5.4.3 Copying Files...........................................................................................................................................83
5.4.4 Moving Files............................................................................................................................................84
5.4.5 Renaming Files........................................................................................................................................84
5.4.6 Compressing Files...................................................................................................................................85
5.4.7 Deleting Files...........................................................................................................................................85
5.4.8 Deleting Files in the Recycle Bin............................................................................................................85
5.4.9 Undeleting Files.......................................................................................................................................86
5.4.10 Running Files in Batch..........................................................................................................................86
5.4.11 Configuring Prompt Modes...................................................................................................................86
5.5 Example for Managing Files............................................................................................................................87
9 Device Maintenance..................................................................................................................153
9.1 Introduction of Device Maintenance..............................................................................................................154
9.1.1 Overview of Device Maintenance.........................................................................................................154
9.1.2 Maintenance Features Supported by the ATN 910...............................................................................154
9.2 Monitoring the Device Status.........................................................................................................................154
9.2.1 Displaying the System Version Information.........................................................................................154
9.2.2 Displaying Basic Information About the Router...................................................................................155
9.2.3 Displaying the Electronic Label............................................................................................................155
9.2.4 Displaying the Threshold of the Memory Usage...................................................................................156
9.2.5 Displaying the Threshold of CPU Usage..............................................................................................156
9.2.6 Displaying Alarm Information..............................................................................................................156
9.2.7 Displaying the Board Temperature........................................................................................................157
9.2.8 Displaying the Board Voltage...............................................................................................................157
9.2.9 Displaying the Power Supply Status.....................................................................................................158
9.2.10 Displaying the Sequence Number of the MPU...................................................................................158
9.3 Board Maintence ............................................................................................................................................158
9.3.1 Resetting a Board...................................................................................................................................158
10 Patch Management..................................................................................................................160
10.1 Introduction of Patch Management..............................................................................................................161
10.1.1 Overview of Patch Management.........................................................................................................161
10.1.2 Patches Supported by the ATN 910....................................................................................................162
10.2 Checking the Running of Patch in the System.............................................................................................163
10.2.1 Establishing the Configuration Task...................................................................................................163
10.2.2 Checking the Running of Patch in the System....................................................................................164
10.2.3 (Optional) Deleting a Patch.................................................................................................................164
10.3 Loading a Patch............................................................................................................................................165
10.3.1 Establishing the Configuration Task...................................................................................................165
10.3.2 Loading a Patch...................................................................................................................................165
10.3.3 Checking the Configuration.................................................................................................................166
10.4 Installing a Patch..........................................................................................................................................166
10.4.1 Establishing the Configuration Task...................................................................................................166
Before configuring ATN equipments, you need to establish the configuration environment.
In the following cases, a ATN equipment can be configured only through the console port:
YYou need to pre-configure the IP addresses of interfaces, the user account, the authentication
mode, and the incoming and outgoing call restriction through the console interface on the ATN
equipment. Also, ensure that directly-connected or reachable ATN equipment exist between
terminals and the ATN equipment.
The destination ATN equipment authenticates the user based on the configured parameters in
three modes:
l Password authentication: indicates that the login user should enter the correct password.
l AAA local authentication: indicates that the login user should enter the correct username
and password.
l None authentication: indicates that the login user need not enter the username or password.
If the login succeeds, a command line prompt such as <HUAWEI> appears on the Telnet client
interface.
Enter a command to check the running status of the ATN equipment or to configure the ATN
equipment.
NOTE
Do not modify the IP address of the ATN equipment when you configure the ATN equipment through
Telnet because the modification may terminate Telnet connection. Otherwise, set up the connection again
after entering a new IP address.
Applicable Environment
If you log in to the ATN equipment for the first time or perform the local configuration, you
need to log in to the ATN equipment through the console port.
NOTE
If you cannot use Telnet to log in to the ATN equipment, you need to log in to the ATN equipment through
the console port.
Pre-configuration Tasks
Before configuring login to the ATN equipment through the console port, complete the following
tasks:
Data Preparation
To log in to the ATN equipment through the console port, you need the following data.
NOTE
If the AAA authentication mode is configured for users to log in to the ATN equipment through the console
port, the correct username and password must be entered for a successful login.
No. Data
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Connect the COM port on the PC and the console port on the ATN equipment by a cable.
----End
Context
Do as follows on the PC:
Procedure
Step 1 Run the terminal emulation program on the PC, setting the communication parameters as
follows:
l Baud rate: 38400 bps
l Data bit: 8
l Stop bit: 1
l Parity: none
l Flow control: none
----End
Context
Do as follows on the PC:
Procedure
Step 1 Press Enter until a command line prompt such as <HUAWEI> appears. Now the user view is
displayed for you to configure the ATN equipment.
NOTE
If the AAA or Password authentication mode is configured for users to log in to the ATN equipment through
the console interface, the correct user name and password must be entered for a successful login.
----End
Applicable Environment
If you know the IP address of the ATN equipment, you can log in to the ATN equipment through
Telnet for local or remote configuration.
Pre-configuration Tasks
Before configuring the ATN equipment through Telnet, complete the following tasks:
Data Preparation
To log in to the ATN equipment through Telnet, you need the following data.
No. Data
1 IP address of the PC
Prerequisites
Establishing the Physical Connection are complete.
Procedure
Step 1 Connect the ATN equipment and the PC directly or connect the ATN equipment and the PC to
the network through cables.
----End
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Configure the authentication mode of login users.
----End
Follow-up Procedure
For details, refer to Chapter 5 "User Management".
Context
Do as follows on the PC:
Procedure
Step 1 Run the Telnet program on the PC that functions as a client, and enter the IP address of the
interface on the destination ATN equipment that provides the Telnet service.
Step 2 Enter the user name and password in the login window. After authentication, a command line
prompt such as <HUAWEI> appears. Now enter the configuration environment in the user view.
----End
Networking Requirements
Initialize the configuration of the ATN equipment when the ATN equipment is powered on for
the first time.
PC ATN
Configuration Roadmap
The configuration roadmap is as follows:
1. Connect the PC and the ATN equipment through the console port.
2. Configure the login on the PC end.
3. Log in to the ATN equipment.
Data Preparation
To complete the configuration, you need the terminal communication parameters (including
baud rate, data bit, parity, stop bit, and flow control).
Procedure
Step 1 Connect the serial port of the PC (or terminal) to the console port of the ATN equipment through
a standard RS-232 cable. The local configuration environment is established.
Step 2 Run the terminal emulation program on the PC. Set the terminal communication parameters to
be 38400 bps, data bit to be 8, stop bit to be 1. Specify no parity and no flow control as shown
from Figure 1-2 to Figure 1-4.
Step 3 Power on the ATN equipment to perform a self-check and the system performs automatic
configuration. When the self-check ends, you are prompted to press Enter until a command line
prompt such as <HUAWEI> appears.
Enter the command to check the running status of the ATN equipment or configure the ATN
equipment.
Enter "?" for help.
For details, refer to the following chapters.
----End
Networking Requirements
You can log in to the ATN equipment on other network segments through the PC or other
terminals to perform remote maintenance.
WAN
PC ATN Target
ATN
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data
l IP address of the PC
l IP address of the Ethernet interface on the ATN equipment
l User information accessed through Telnet (including the user name, password, and
authentication mode)
Procedure
Step 1 Connect the PC and the ATN equipment to the network.
Click OK.
Enter the user name and password in the login window. After authentication, a command line
prompt such as <HUAWEI> appears. Now enter the configuration environment in the user view.
----End
2 CLI Overview
Users operate devices, that is, configure the device and perform routine maintenance, by entering
command lines.
When a prompt appears, you enter the command line interface (CLI) and interact with ATN
equipment through CLI.
The system provides a series of configuration commands. You can configure and manage the
ATN equipment by entering commands on CLI.
l The system supports the command with up to 512 characters. The command can be incomplete.
l The system saves the incomplete command to the configuration files in the complete form; therefore,
the command may have more than 512 characters. When the system is restarted, however, the
incomplete command cannot be restored. Therefore, pay attention to the length of the incomplete
command.
l Level 0-Visit level: Commands of this level include commands of network diagnosis tool
(such as ping and tracert) and commands that start from the local device and visit external
device (such as Telnet client side).
l Level 1-Monitoring level: Commands of this level, including the display commands, are
used for system maintenance and fault diagnosis.
l Level 2-Configuration level: Commands of this level are service configuration commands
that provide direct network service to the user, including routing and network layer
commands.
l Level 3-Management level: Commands of this level are commands that influence the basic
operation of the system and provide support to the service. They include file system
commands, FTP commands, TFTP commands, configuration file switching commands,
power supply control commands, backup board control commands, user management
commands, level setting commands, system internal parameter setting commands, and
debugging commands that are used for fault diagnosis.
CAUTION
Not all display commands are of the monitoring level. For example, the display current-
configuration and display saved-configuration commands are of the management level. For
the level of a command, see the ATN 910 Command Reference.
To implement efficient management, you can increase the command levels to 0-15. For the
increase in the command levels, refer to Chapter 4 "Basic Configuration" Configuring Command
Levels in the ATN 910 Configuration Guide - Basic Configurations.
NOTE
l The default command level may be higher than the command level defined according to the command
rules in application.
l Login users have the same 16 levels as the command levels. The login users can use only the command
of the levels that are equal to or lower than their own levels. For details of login user levels, refer to
Chapter 5 "User Login."
3. Enter a desired command level in the "Type in the word(s) to search for" textbox and click
"List Topics". All commands of the specified level will be displayed as shown in Figure
2-2.
# Establish connection with the ATN equipment. If the ATN equipment adopts the default
configuration, you can enter the user view with the prompt of <HUAWEI>.
<HUAWEI>
# Type aaa in the system view, and you can enter the AAA view.
[HUAWEI] aaa
[HUAWEI-aaa]
NOTE
The prompt <HUAWEI> indicates the default ATN equipment name. The prompt <> indicates the user
view and the prompt [] indicates other views.
Some commands that are implemented in the system view can also be implemented in the other
views; however, the functions that can be implemented are command view-specific. For
example, the mpls command (for enabling MPLS) can be run in the system view to enable the
MPLS capability globally. Although it can also be run in the interface view, the MPLS capability
is enabled only on the interface.
Context
The command line of ATN 910 provides three types of online help:
l Full help
l Partial help
l Error Messages of the Command Line Interface
Context
You can obtain the full help of the command line in the following ways.
Procedure
l Enter "?" in any command line view to display all the commands and their simple
descriptions.
<HUAWEI> ?
l Enter a command and "?" separated by a space. If the key word is at this position, all key
words and their simple descriptions are displayed. For example:
<HUAWEI> language-mode ?
Chinese Chinese environment
English English environment
Chinese and English are keywords; Chinese environment and English environment
describe the keywords respectively.
l Enter a command and "?" separated by a space, and if a parameter is at this position, the
related parameter names and parameter descriptions are displayed. For example:
[HUAWEI] ftp timeout ?
INTEGER<1-35791> The value of FTP timeout, the default value is 30 minutes
[HUAWEI] ftp timeout 35 ?
<cr>
In the preceding display, INTEGER<1-35791> describes the parameter value; The value
of FTP timeout, the default value is 30 minutes is a simple description of the parameter
usage; <cr> indicates that no parameter is at this position. The command is repeated in the
next command line. You can press Enter to run the command.
----End
Context
You can obtain the partial help of the command line in the following ways.
Procedure
l Enter a character string with a "?" closely following it to display all commands that begin
with this character string.
<HUAWEI> d?
debugging delete
dir display
l Enter a command and a character string with "?" closely following it to display all the key
words that begin with this character string.
<HUAWEI> display b?
bfd bgp
bootrom buffer
bulk-stat
l Enter the first several letters of a key word in the command and then press Tab to display
the complete key word on the condition that the letters uniquely identify the key word.
Otherwise, if you continue to press Tab, different key words are displayed. You can select
the needed key word.
----End
2.3.1 Editing
The editing function of command lines helps you edit command lines or obtain help by using
certain keys.
The command line supports multi-line edition. The maximum length of each command is 512
characters.
Keys for editing that are often used are shown in Table 2-2.
Common key Inserts a character in the current position of the cursor if the editing
buffer is not full and the cursor moves to the right. Otherwise, an
alarm is generated.
Backspace Deletes the character on the left of the cursor that moves to the
left. When the cursor reaches the head of the command, an alarm
is generated.
Left cursor key or Moves the cursor to the left by the space of a character. When the
Ctrl_B cursor reaches the head of the command, an alarm is generated.
Right cursor key or Moves the cursor to the right by the space of a character. When
Ctrl_F the cursor reaches the end of the command, an alarm is generated.
Tab Press Tab after typing the incomplete key word and the system
runs the partial help:
l If the matching key word is unique, the system replaces the
typed one with the complete key word and displays it in a new
line with the cursor a space behind.
l If there are several matches or no match at all, the system
displays the prefix first. Then you can press Tab to view the
matching key word one by one. In this case, the cursor closely
follows the end of the word and you can type a space to enter
the next word.
l If a wrong key word is entered, press Tab and the word is
displayed in a new line.
2.3.2 Displaying
All command lines have the same displaying feature. You can construct the displaying mode as
required.
* Matches the preceding element zero 10* matches "1", "10", "100", and
or more times. "1000".
(10)* matches "null", "10", "1010",
and "101010".
+ Matches the preceding element one 10+ matches "10", "100", and
or more times "1000".
(10)+ matches "10", "1010", and
"101010".
? Matches the preceding element zero 10? matches "1" and "10".
or one time. (10)? matches "null" and "10".
[xyz] Matches any single character in the [123] matches the character 2 in
regular expression. "255".
[^xyz] Matches any character that is not [^123] matches any character except
contained within the brackets. for "1", "2", and "3".
[a-z] Matches any character within the [0-9] matches any character ranging
specified range. from 0 to 9.
[^a-z] Matches any character beyond the [^0-9] matches all non-numeric
specified range. characters.
_ Matches a comma "," left brace "{", _2008_ matches "2008", "space
right brace "}", left parenthesis "(", 2008 space", "space 2008", "2008
and right parenthesis ")". space", ",2008,", "{2008}",
Matches the starting position of the "(2008)", "{2008", and "(2008}".
input string.
Matches the ending position of the
input string.
Matches a space.
NOTE
Unless otherwise specified, all characters in the preceding table are displayed on the screen.
l Degeneration of particular characters
Certain particular characters, when being placed at the following positions in the regular
expression, degenerate to common characters.
The particular characters following "\" is transferred to match particular characters
themselves.
The particular characters "*", "+", and "?" placed at the starting position of the regular
expression. For example, +45 matches "+45" and abc(*def) matches "abc*def".
The particular character "^" placed at any position except for the start of the regular
expression. For example, abc^ matches "abc^".
The particular character "$" placed at any position except for the end of the regular
expression. For example, 12$2 matches "12$2".
The right bracket such as ")" or "]" being not paired with its corresponding left bracket
"(" or "[". For example, abc) matches "abc)" and 0-9] matches "0-9]".
NOTE
Unless otherwise specified, degeneration rules are applicable when preceding regular expressions
serve as subexpressions within parentheses.
l Combination of common and particular characters
In actual application, a regular expression combines multiple common and particular
characters to match certain strings.
CAUTION
The ATN 910 uses a regular expression to implement the filtering function of the pipe character.
A display command supports the pipe character only when there is excessive output information.
When the output information is queried according to the filtering conditions, the first line of the
command output starts with the information containing the regular expression.
The command can carry the parameter | count to display the number of matching entries. The
parameter | count can be used together with other parameters.
For the commands supporting regular expressions, the three filtering methods are as follows:
l | begin regular-expression: displays the information that begins with the line that matches
regular expression.
l | exclude regular-expression: displays the information that excludes the lines that match
regular expression.
l | include regular-expression: displays the information that includes the lines that match
regular expression.
NOTE
l /regular-expression: displays the information that begins with the line that matches regular
expression.
l -regular-expression: displays the information that excludes lines that match regular
expression.
l +regular-expression: displays the information that includes lines that match regular
expression.
By default, the system saves 10 history commands at most for each user. The operations are as
shown in Table 2-5.
Display the display history- Display the history commands entered by users.
history command
commands.
Access the last Up cursor key or Display the last history command if there is an
history Ctrl_P earlier history command. Otherwise, a bell is
command. generated.
Access the next Down cursor key Display the next history command if there is a later
history or Ctrl_N history command. Otherwise, the command is
command. cleared and a bell is generated.
NOTE
On the HyperTerminal of Windows 9X, cursor key is invalid as the HyperTerminals of Windows 9X
define the keys differently. In this case, you can replace the cursor key with Ctrl_P.
Context
Log in to the ATN equipment from the client and do as follows:
Procedure
Step 1 Run the batch-cmd edit to edit commands to be run in batches.
The batch-cmd edit command can be used by only one user at a time.
The maximum length of a command (including the incomplete command) to be entered is 512
characters.
When editing commands, press Enter to complete the editing of each command.
NOTE
After running the batch-cmd edit command to successfully edit the commands to be executed in batches,
the system deletes the original commands to be run in batches.
The commands that are already edited are saved in memory and are deleted for ever when the system is
restarted.
Step 2 After all commands are edited, you can press the shortcut buttons Ctrl+Z to exit the editing state
and return to the user view.
Step 3 Run the batch-cmd execute to execute commands in batches.
The batch-cmd execute command can be used by only one user at a time.
The sequence of running commands is the same as the sequence of editing commands.
----End
The shortcut keys in the system are classified into the following types:
Different terminal software defines these keys differently. Therefore, the shortcut keys on the terminal may
be different from those listed in this section.
Key Function
Key Function
ESC_F The cursor moves to the right to the end of next word.
ESC_SHIFT_< Sets the position of the cursor to the beginning of the content to
be pasted into the clipboard.
ESC_SHIFT_> Sets the position of the cursor to the end of the content to be
pasted into the clipboard.
NOTE
When defining the shortcut keys, use double quotation marks to define the command if this command
contains several commands words, that is, if spaces exist in the command.
Action Command
l If you have typed part of a command and have not pressed Enter, you can press the shortcut
keys to clear the entered command and display the full corresponding command. This
operation has the same effect as that of deleting all commands and then re-entering the
complete command.
l The shortcut keys are run as the commands, the syntax is recorded to the command buffer
and log for fault location and querying.
NOTE
The terminal in use may affect the functions of the shortcut keys. For example, if the customized shortcut
keys of the terminal conflict with those of the ATN equipment, the input shortcut keys are captured by the
terminal program and hence the shortcut keys do not function.
Run the following command in any view to display the use of shortcut keys.
Action Command
Context
During the preventive maintenance inspection (PMI), you can run commands in batches. That
is, enter all PMI commands once and then send all the command output information to the PMI
tool, which can improve the PMI efficiency.
Log in to the ATN equipment and do as follows:
Procedure
Step 1 Edit the display users, display startup, and display clock commands to be run in batches.
<HUAWEI> batch-cmd edit
Info: Begin editing batch commands. Press "Ctrl+Z" to abort this session.
display users
display startup
display clock
<HUAWEI>
MainBoard:
Configured startup system software: NULL
2009-11-23 14:27:20-08:00
Monday
Time Zone(China Standard Time) : UTC-08:00
<HUAWEI>batch-cmd execute finished.
----End
Context
Tab can be used in three ways as shown in the following example.
The matching key word is unique after the incomplete key word is typed.
1. Type the incomplete key word.
[HUAWEI] info-
2. Press Tab.
The system replaces the typed one with the complete key word and displays it in a new line
with the cursor leaving a space behind
[HUAWEI] info-center
There are several matches or no match after the incomplete key word is typed.
info-center can be followed by three key words.
[HUAWEI] info-center log?
logbuffer logfile loghost
2. Press Tab.
[HUAWEI] info-center log
The system displays the prefix first. The prefix in this example is "log".
Continue to press Tab. The cursor is closely following the end of the word.
[HUAWEI] info-center loghost
[HUAWEI] info-center logbuffer
[HUAWEI] info-center logfile
Stop pressing Tab after the key word logfile that you need is displayed.
3. Type a space to enter the next word "channel".
[HUAWEI] info-center logfile channel
2. Press Tab.
[HUAWEI] info-center loglog
Context
Do as follows on the login ATN equipment:
Procedure
Step 1 Correlate Ctrl_U with the display ip routing-table command and run the shortcut keys.
<HUAWEI> system-view
[HUAWEI] hotkey ctrl_u "display ip routing-table"
----End
Context
Do as follows on the login ATN equipment:
Procedure
Step 1 Move the cursor to the beginning of the command and press ESC_Shift_<. Move the cursor to
the end and press ESC_Shift_>.
<HUAWEI> display ip routing-table
Step 2 Run the display clipboard command to view the contents on the clipboard.
<HUAWEI> display clipboard
---------------- CLIPBOARD-----------------
display ip routing-table
Step 3 Enter the command in any view, and press Ctrl_V to paste the contents of clipboard.
<HUAWEI> display ip routing-table
----End
3 Basic Configuration
This chapter describes how to configure the basic system environment and the basic user
environment.
Before configuring services, users often need to perform basic configurations for actual
operation and maintenance.
l Basic system environment: includes the language mode, host name, system name, system
time, header text, and command level for actual environment.
l Basic user environment: includes password for changing levels and the terminal lock.
Applicable Environment
Before configuring the services, you need to configure the basic system environments to meet
the requirements of the actual environments.
By default, the ATN 910 supports commands of Level 0 to Level 3, namely, visit level,
monitoring level, configuration level, and management level.
If the user needs to define more levels, or refine management privileges on the device, the user
can extend the range of command line level from the range of Level 0 to Level 3 to the range of
Level 0 to Level 15.
Pre-configuration Tasks
Before configuring basic system environment, complete the following task:
Data Preparation
To configure basic system environment, you need the following data.
No. Data
1 Language mode
2 System time
No. Data
3 Host name
4 Login information
5 Command level
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
language-mode language-name
The help information on the ATN equipment can be in English and in Chinese. The language
mode is stored in the system software and need not be loaded.
----End
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
system-view
Step 2 Run:
sysname host-name
You can change the name of the ATN equipment that appears in the command prompt.
----End
Context
You need to set the system time properly to ensure the cooperation between the ATN 910 and
other devices. The ATN 910 supports the configurations of the time zone and the daylight saving
time.
NOTE
Procedure
Step 1 Run:
clock datetime [ utc ] HH:MM:SS YYYY-MM-DD
or
clock daylight-saving-time time-zone-name repeating start-time { { first | second
| third | fourth | last } weekday month | start-date } end-time { { first |
second | third | fourth | last } weekday month | end-date } offset [ start-year
[ end-year ] ]
NOTE
When the current time is within the daylight saving time, running the clock timezone time-zone-name
{ add | minus } offset command can successfully set the time zone name. If the display clock command
is run to view the time zone name at the moment, the time zone name, however, is displayed as the name
of the daylight saving time. After the daylight saving time ends, the set time zone name can be displayed.
CAUTION
When the device is upgraded from an earlier version to the V200R001C01 version, the
configured daylight saving time does not take effect and needs to be reconfigured.
----End
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
system-view
Step 2 Run:
header login { information text | file file-name }
Step 3 Run:
header shell { information text | file file-name }
A header is a system prompt displayed when a user logs in to the ATN equipment or starts
interactive configuration with the ATN equipment. The header provides detailed instruction.
NOTE
l If a user logs in to the ATN equipment by using SSH1.X, the login header is not displayed during login,
but the shell header is displayed after login.
l If a user logs in to the ATN equipment by using SSH2.0, both login and shell headers are displayed.
----End
Context
If the user does not adjust a command level separately, after the command level is updated, all
originally-registered command lines adjust automatically according to the following rules:
The updation of command Level 2 to Level 10 and Level 3 to Level 15 is not a two-step process but one-
step by batch.
Procedure
Step 1 Run:
system-view
Step 2 Run:
command-privilege level rearrange
When no password is configured for a Level 15 user, the system prompts the user to set a super-
password for the level 15 user. At the same time, the system asks if the user wants to continue
to update the command line level. Then, just select "N" to set a password. If you select "Y", the
command level can be updated in batch directly. This results in the user not logging in through
the Console port and failing to update the level.
Step 3 Run:
command-privilege level level view view-name command-key
The command level is configured. With the command, you can specify the level and view
multiple commands at one time (command-key).
All commands have default command views and levels. You need not reconfigure them.
----End
Context
If the user allows the undo command to automatically match the previous view and the user
runs the undo command that is not registered in the current view, the system searches the
undo command in the previous view.
The undo command has disadvantages due to automatically matching. For example, when the
user runs the undo ospf command in the interface view where the command is not registered,
the system searches in system view automatically. This may lead to global deletion of the OSPF
feature.
NOTE
l By default, the undo command does not automatically match the upper level view.
l The matched upper-view command is valid for current login users who run this command.
l It is not recommended that you configure the undo command to automatically match the upper level
view, unless necessary.
Procedure
Step 1 Run:
system-view
----End
Applicable Environment
The user can log in to a ATN equipment with lower level to perform simple configurations or
view configurations. When the configuration is complicated, the user needs to switch to a high
level. Thus, it requires the user to configure the basic environment for switching levels.
Pre-configuration Tasks
Before configuring the basic environment for the user, complete the following task:
l Powering on the ATN equipment properly
Data Preparation
To configure the basic environment for the user, you need the following data:
No. Data
Context
When users log in to the ATN equipment with a lower user level, they switch to a higher user
level to perform advanced operations by entering the corresponding password. The password
needs to be configured in advance.
CAUTION
When simple is used, the password is saved in the configuration files in simple text. Login users
with lower level can obtain the password by viewing the configuration. This may cause security
problems. Therefore, cipher is used to save the password in encrypted text.
If the pass word is set in cipher mode, the password cannot be resumed from the system. Save
the password to avoid oblivion or miss.
Procedure
Step 1 Run:
system-view
Step 2 Run:
super password [ level user-level ] { simple | cipher } password
----End
Context
An accurate password must be entered when the user is switched from a lower level to a higher
level.
When configuring the switchover of user levels on the ATN equipment, users can perform
HWTACACS Authentication. For detailed configurations, refer to the ATN 910 ATN
equipment Configuration Guide - Security.
Procedure
Step 1 Run:
super [ level ]
If the password entered is correct, the user can switch to a higher level. If the user enters a
password incorrectly for three consecutive times, the user remains at the current login level and
returns to the user view.
NOTE
When the login user of lower level is switched to the user of higher level through the super command, the
system automatically sends trap messages and records the switchover in a log. When the switched level
is lower than that of the current level, the system only records the switchover in a log.
----End
Context
When you leave the operation terminals for a moment, you can lock the user interface to prevent
unauthorized users from operating the interface.
Procedure
Step 1 Run:
lock
Step 2 Follow the system prompt and input an unlock password, and then confirm.
<HUAWEI> lock
Enter Password:
Confirm Password:
If the locking is successful, the system prompts that the user interface is locked.
----End
Context
You can use the display commands to collect information about the system status. The display
commands are classified according to the following functions:
l Displays system configurations.
l Displays the running status of the system.
l Displays the diagnostic information about a system.
l Displays the restart information about the main control board.
See the related sections for display commands for protocols and interfaces. The following only
shows the system display commands.
Run the following commands in any view.
Prerequisites
Basic Configuration are complete.
Procedure
l Run the display version command to display the system version.
l Run the display clock [ utc ] command to display the system time.
l Run the display calendar command to display system calendar.
l Run the display saved-configuration command to display the original configuration.
l Run the display current-configuration command to display the current configuration.
----End
Prerequisites
Basic configuration are complete.
Procedure
l Run the display this command to display the configuration of the current view.
----End
Context
Basic configuration is complete.
Procedure
Step 1 Run:
display diagnostic-information [ file-name ]
----End
4 User Management
This chapter describes user interfaces and the configuration of users' login.
This section provides examples for configuring users to log in to a ATN equipment in different
modes. These configuration examples explain networking requirements, configuration roadmap,
and configuration notes.
The user interface view is a command line view provided by the system. It is used to configure
and manage all the physical and logical interfaces in the asynchronous mode.
l Relative numbering
The relative numbering is in the format of user interface type + number.
The relative numbering is available for interfaces of a specific type. It is used only to specify
one or a group of user interfaces of a specified type. It must comply with the following
rules:
Number of the console port: CON 0
Number of the VTY: VTY 0 for the first line, VTY 1 for the second line and so on.
l Absolute numbering
The absolute numbering is used to uniquely specify a user interface or a group of user
interfaces.
The number starts with 0. The ports are numbered in the sequence of CON VTY. There
is only one console port and 0-15 VTY interfaces. You can use the user-interface
maximum-vty command to set the maximum number of user interfaces. The default
number is five.
By default, the system supports three types of user interfaces: CON, and VTY.
Table 4-1 shows the absolute numbers of the user interfaces in this system.
0 CON0
NOTE
The numbers from 1 to 32 are reserved for the TTY user interfaces.
Run the display user-interface command to view the absolute number of user interfaces.
User Classification
Based on the services obtained, users of a ATN equipment are classified as follows:
l HyperTerminal users: The users access the ATN equipment through the console port.
l Telnet users: The users access the ATN equipment through Telnet.
l File Transfer Protocol (FTP) users: The users establish FTP connections with the ATN
equipment to transfer files.
l Secure Shell (SSH) users: The users establish SSH connections with the ATN
equipment to access the network.
l Network Management System (NMS) users: The users establish connections with ATN
equipments through SNMP or Telnet to manage ATN equipments in machine-to-machine
mode.
One user can obtain multiple services simultaneously and perform multiple functions.
User Level
The system provides hierarchical management to HyperTerminal users and Telnet users.
The login users are classified into 16 levels corresponding to the commands, marked from Level
0 to Level 15. The higher the level, the higher the priority .
A user can access a command depending on the user level.
l In the case of non-authentication or password authentication, the level of the command that
can be accessed by the login user depends on the level of the login user interface.
l In the case of AAA authentication, the level of the command that can be accessed by the
login user depends on the level of the local user in the AAA configuration.
The user can access the commands with the level equal to or lower than the user level. For
example, for a user of Level 2, the user can access the commands of Level 0, Level 1, and Level
2.
NOTE
For details of the command level, refer to "Command Level" in Chapter 3 "Command Line Introduction."
User Authentication
After the user configuration, the system authenticates users when they access the ATN
equipment.
The three types of user authentication are as follows:
l Non-authentication: In this type, a user accesses the ATN equipment without the user name
or password. This is not recommended due to security reasons.
l Password authentication: In this type, a user accesses the ATN equipment only with the
password rather than the user name. This is safer compared to non-authentication.
l Authentication, Authorization and Accounting (AAA) local: This scheme needs both the
user name and the password. This scheme authenticates the Telnet and HyperTerminal
users.
User Planning
The network administrator provides the user plan based on the requirements.
l At least one HyperTerminal user is created on a ATN equipment.
l A Telnet user is created for remote access.
l An FTP user uploads or downloads files on a ATN equipment from the remote.
l A network administrator manages ATN equipments in machine-to-machine mode, and
NMS users need to be added to the ATN equipments.
NOTE
For the configuration of FTP users, refer to Chapter 8 "FTP, TFTP and XModem".
Applicable Environment
A console user interface is required for maintaining the local ATN equipment.
Pre-configuration Tasks
Before configuring a console interface, complete the following tasks:
l Powering on the ATN equipment
l Connecting a PC to the ATN equipment through an asynchronous interface
Data Preparation
To configure a console interface, you need the following data.
No. Data
1 Baud rate, flow-control mode, parity, stop bit, and data bit
2 Idle timeout period, number of lines displayed in a terminal screen, and the size of
history command buffer
3 User priority
NOTE
All the configuration items of the ATN equipment, excluding the user name and password, have default
values and do not need to be configured additionally.
Context
Do as follows on the ATN equipment that the user logs in to:
Procedure
Step 1 Run:
system-view
Step 2 Run:
user-interface console interface-number
----End
Context
Do as follows on the ATN equipment to which a user logs in:
Procedure
Step 1 Run:
system-view
----End
Context
Do as follows on the ATN equipment that the user logs in to:
Procedure
Step 1 Run:
system-view
----End
Procedure
l Configuring AAA Authentication
1. Run:
system-view
5. Run:
aaa
Prerequisites
The configurations of the User Management function are complete.
Procedure
l Run the display users [ all ] command to check information about user interface.
----End
Applicable Environment
If you want to log in to the ATN equipment using Telnet or SSH to perform management or
configuration operations, .a VTY interface is required.
Pre-configuration Tasks
Before configuring a VTY user interface, complete the following tasks:
Data Preparation
To configure a VTY user interface, you need the following data.
No. Data
2 (Optional) Number of the ACL for limiting incoming and outgoing calls of users
logging in using VTY user interfaces
3 Timeout period for idle users, maximum number of lines to be displayed on each
screen and the size of the history command buffer
Context
Do as follows on the ATN equipment that the user logs in to:
Procedure
Step 1 Run:
system-view
The maximum VTY user interfaces that can log in to the ATN equipment is set.
NOTE
When the maximum number of VTY user interfaces is set to zero, any user including the NMS user cannot
log in to a ATN equipment.
If the maximum number of VTY user interfaces to be configured is smaller than the maximum
number of current interfaces, other parameters need not be configured.
If the maximum number of VTY user interfaces to be configured is larger than the maximum
number of current interfaces, the authentication mode and password need to be configured for
newly added user interfaces.
For newly added user interfaces, the system applies password authentication by default.
For example, a maximum of five users are allowed online. To allow 15 VTY users online at the
same time, you need to run the authentication-mode command and the set authentication
password command to configure authentication modes and passwords for user interfaces from
VTY 5 to VTY 14. The command is run as follows:
<HUAWEI> system-view
[HUAWEI] user-interface maximum-vty 15
[HUAWEI] user-interface vty 5 14
[HUAWEI-ui-vty5-14] authentication-mode password
[HUAWEI-ui-vty5-14] set authentication password cipher huawei
----End
Context
Do as follows on the ATN equipment that the user logs in to:
Procedure
Step 1 Run:
system-view
Step 2 Run:
user-interface vty first-ui-number [ last-ui-number ]
----End
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
system-view
By default, the history command buffer on a user interface can cache a maximum of 10
commands.
----End
Context
The ATN equipment supports user authentication of three types:
Procedure
l Configuring AAA Authentication
1. Run:
system-view
2. Run:
user-interface vty number1 [ number2 ]
Prerequisites
The configuration of VTY User Interface are complete.
Procedure
l Run the display users [ all ] command to check the usage information of the user interface.
l Run the display user-interface maximum-vty command to check the number of maximum
VTY user interfaces.
l Run the display user-interface [ [ ui-type ] ui-number1 | ui-number ] [ summary ]
command to check the physical attributes and configurations of the user interface.
----End
Applicable Environment
To ensure that the operator managesATN equipments safely, you need to send messages between
user interfaces and clear designated user.
Pre-configuration Tasks
Before managing the user interface, complete the following tasks:
Data Preparations
To manage the user interface, you need the following data:
No. Data
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
send { all | ui-type ui-number | ui-number1 }
Step 2 Following the prompt, you can enter the message to be sent. You can press Ctrl_Z or Enter to
end, and press Ctrl_C to abort.
----End
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
kill user-interface { ui-number | ui-type ui-number1 }
Step 2 On receiving the prompts, you can confirm whether the designated online users have to be
cleared.
----End
Prerequisites
The configuration of User Interfaces are complete.
Procedure
Step 1 Run the display users [ all ] command to check the usage information of the user interface.
----End
Applicable Environment
After the IP address is assigned to the main control board or the interface board, any remote user
can use Telnet to log in to the ATN equipment, or connect the ATN equipment through PPP to
access networks. This compromises the security. To ensure network security and ease user
management, configure a user name and the user password for the ATN equipment.
Pre-configuration Tasks
Before configuring a user, complete the following tasks:
Data Preparation
To configure a user, you need the following data.
No. Data
1 Authentication mode
3 User priority
Context
Do as follows on the ATN equipment that the user logs in to:
Procedure
Step 1 Run:
system-view
Step 2 Run:
user-interface [ ui-type ] first-ui-number [ last-ui-number ]
Step 3 Run:
authentication-mode { aaa | password | none }
----End
Context
Do as follows on the ATN equipment that the user logs in to:
Procedure
Step 1 Run:
system-view
Step 2 Run:
user-interface [ ui-type ] first-ui-number [ last-ui-number ]
Step 3 Run:
authentication-mode password
Step 4 Run:
set authentication password { cipher | simple } password
NOTE
----End
Context
Do as follows on the ATN equipment that the user logs in to:
Procedure
Step 1 Run:
system-view
Step 2 Run:
user-interface [ ui-type ] first-ui-number [ last-ui-number ]
Step 3 Run:
authentication-mode aaa
Step 4 Run:
quit
Step 5 Run:
aaa
Step 6 Run:
local-user user-name password { simple | cipher } password
----End
Context
CAUTION
Configuring the non-authentication mode may cause security problems of the ATN
equipment.
Procedure
Step 1 Run:
system-view
Step 2 Run:
user-interface [ ui-type ] first-ui-number [ last-ui-number ]
Step 3 Run:
authentication-mode none
NOTE
l If the authentication mode is non-authentication or password authentication, the priority of the user-
interface determines the command level that the users can access.
l If the authentication mode needs the username and the password, the priority of the user determines
the command level that the users can access.
----End
Context
Refer to the ATN 910 Configuration Guide - Security.
Prerequisites
The configuration of User Management are complete.
Procedure
l Run the display users [ all ] command to check the user information.
l Run the display local-user [ domain domain-name | username user-name ] command to
check information about local users.
----End
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
display configuration-occupied user
Information about the user that locks the configuration set is displayed.
----End
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
configuration exclusive
NOTE
If the configuration set is already locked, an error message is displayed after this command is run.
----End
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
configuration-occupied timeout
The timeout period for automatic unlocking the configuration set is set.
NOTE
l When a user without exclusive configuration access runs this command, the system prompts an error
message.
l If the configuration set is locked by another user, this command cannot be configured, and the system
prompts an error message.
l If the configuration set is locked by the current user, the current user can run this command.
----End
Applicable Environment
You can create a single local user database on a Network Access Server (NAS) to manage access
users.
Pre-configuration Task
Before configuring local user management, complete the following tasks:
l Configuring parameters of the link layer protocol and IP addresses for the interfaces and
ensuring that the status of the link layer protocol on the interfaces is Up
l Creating an Access Control List (ACL) and set ACL rules if you need to apply the ACL to
manage local users
Data Preparation
To configure local user management, you need the following data.
No. Data
3 Name of the FTP directory that the local user can access
Context
Do as follows on the NAS:
Procedure
Step 1 Run:
system-view
Step 2 Run:
aaa
Step 3 Run:
local-user user-name password { simple | cipher } password
If the user name contains @, the character before @ is the user name and the character after @
is the domain name. If the user name does not contain @, the whole character string represents
the user name and the domain name is default_admin.
----End
4.7.3 Configuring the Type of the Service That the Local User
Accesses
By setting the service type of local users, you can manage users based on the service type.
Context
Do as follows on the NAS:
Procedure
Step 1 Run:
system-view
Step 2 Run:
aaa
Step 3 Run:
local-user user-name service-type { ftp | ssh | telnet | terminal }*
The type of the service that the local user accesses is configured.
----End
Context
Do as follows on the NAS:
Procedure
Step 1 Run:
system-view
----End
Context
Do as follows on the NAS:
Procedure
Step 1 Run:
system-view
----End
Follow-up Procedure
Do as follows to process the local user in the active or block state:
l If the local user is in the active state, the authentication request from this user is allowed
for further processing.
l If the local user is in the block state, the authentication request from this user is denied.
Context
Do as follows on the NAS:
Procedure
Step 1 Run:
system-view
----End
Follow-up Procedure
The login user has the same 16 levels like the command. They are Visit, Monitoring, Configure
and Management, and are marked from 0 to 15. The higher the mark is, the higher the priority
is.
4.7.7 Setting the Maximum Number of Access Users with the Same
User Name
A user name can be used for several connections. By restricting the access of local users, you
can control the number of connections under one user name.
Context
Do as follows on the NAS:
Procedure
Step 1 Run:
system-view
----End
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
system-view
----End
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
local-user change-password
----End
Prerequisites
The configurations of the local user management are complete.
Procedure
Step 1 Run the display local-user [ domain domain-name | username user-name ] command to check
attributes of the local user.
----End
Applicable Environment
The Network Management System (NMS) user can log in to the device through VTY to set
parameters about the device.
Pre-configuration Tasks
Before configuring an NMS user to log in to a device through the machine-to-machine mode,
complete the following task:
l Configuring reachable ATN equipment to network management end and the device
Data Preparation
To configure an NMS user to log in to a device through the machine-to-machine mode, you need
the following data.
No. Data
Context
Do as follows on the ATN equipment that an NMS user needs to manage.
Procedure
Step 1 Run:
system-view
----End
Context
Do as follows on the ATN equipment that an NMS user needs to manage.
Procedure
Step 1 Run:
system-view
Step 3 Run:
authentication-mode aaa
NOTE
The system reserves five VTYs (VTY 16-VTY 20) for an NMS user. The five VTYs are used as special
channels of the network management. The channels do not support the RSA authentication mode but
support the password authentication.
----End
Context
NOTE
This command is invisible on the terminal of command lines. In addition, the command cannot be obtained
from help information. Human-to-machine users should use this command with caution.
Procedure
Step 1 Run:
system-view
Step 2 Run:
mmi-mode enable
NOTE
l In the VTY machine-to-machine mode, the system reserves five user interfaces to which an NMS user
can log in through VTYs. A common user cannot log in through Telnet but can log in by using the five
reserved user interfaces.
l In the machine-to-machine mode, the system does not output logs, alarms, and debugging information
to the screen.
l In the machine-to-machine mode, the save and reboot commands can be used directly.
l In the machine-to-machine mode, a maximum of 512 lines are displayed by default. The value can be
adjusted by using the screen-length command. In addition, you can run the screen-length
temporary command to adjust the number of lines temporarily displayed on the screen.
----End
Prerequisites
The configuration of an NM User to Log in to a Device in VTY Mode are complete.
Procedure
Step 1 Run the display vty mode command to check the VTY mode.
----End
Context
CAUTION
After the first and second configuration examples are complete, the commands with priorities
higher than 2 cannot be run if the current user is VTY0. Ensure that users can log in to theATN
equipment in other methods to delete configurations.
Networking Requirements
The COM port of the PC is connected with the Console port. Set the priority of VTY0 to 2 and
authenticate the passwords of users. Users need to enter the password Huawei to log in
successfully.
After login, if the operations are not carried out in 30 minutes, it means that the user-interface
is disconnected from the ATN equipment.
Configuration Roadmap
The configuration roadmap is as follows:
1. Enter the user interface, and configure the priority of VTY0 as 2.
2. Configure the simple authentication and the disconnect time.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure the priority of VTY0 to be 2 on the ATN.
<HUAWEI> system-view
[HUAWEI] user-interface vty0
[HUAWEI-ui-vty0] user privilege level 2
----End
Configuration Files
#
sysname HUAWEI
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default_admin
#
user-interface vty 0
user privilege level 2
set authentication password simple huawei
idle-timeout 30
#
return
Networking Requirements
The COM port of the PC and the console port of the ATN equipment are connected.
Configure the priority of VTY0 to be 2, perform AAA authentication on the user that logs in
through VTY0. The login user must enter the username "huawei" and the password "huawei".
After login, if the user does not operate the ATN equipment within 30 minutes, the connection
with the ATN equipment is disabled.
Configuration Roadmap
The configuration roadmap is as follows:
1. Enter the user interface view to configure the priority of VTY0 to be 2 and the disconnection
time.
2. Enter the AAA view to configure the username, the password, and the user level.
3. Switch on the idle timeout for the local user in the AAA view.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure the priority of VTY0 to be 2 and the disconnection time within 30 minutes.
<HUAWEI> system-view
[HUAWEI] user-interface vty0
[HUAWEI-ui-vty0] user privilege level 2
[HUAWEI-ui-vty0] authentication-mode aaa
[HUAWEI-ui-vty0] idle-timeout 30
[HUAWEI-ui-vty0] quit
Step 2 Configuring the local username, the password, and user level.
[HUAWEI] aaa
[HUAWEI-aaa] local-user huawei password cipher huawei
[HUAWEI-aaa] local-user huawei level 2
Step 3 Switch on the idle timeout for the local user in the AAA view.
[HUAWEI-aaa] local-user huawei idle-cut
----End
Configuration Files
#
sysname HUAWEI
#
aaa
local-user huawei password cipher N`C55QK<`=/Q=^Q`MAF4<1!!
local-user huawei level 2
local-user huawei idle-cut
local-user huawei idle-cut
#
authorization-scheme default
#
accounting-scheme default
#
domain default_admin
#
user-interface vty 0
authentication-mode aaa
user privilege level 2
idle-timeout 30
#
return
Networking Requirements
As shown in Figure 4-1, the NM station logs in to ATN through the channel reserved by ATN
for an NMS user, and then manages devices.
Figure 4-1 Networking diagram of configuring an NMS user to manage devices in the machine-
to-machine mode
GE0/0/0 1.1.1.2/24
ATN 1.1.1.1/24 NM Station
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure an NMS user.
2. Configure the authentication mode of the NMS user.
3. Enter the machine-to-machine mode.
Data Preparation
To complete the configuration, you need the following data:
l Name and IP address of an interface
l Name of the local user
Procedure
Step 1 Configure IP addresses. The configuration details are not mentioned here.
Step 2 Configure an NMS user.
# Enter the AAA view.
<HUAWEI> system-view
[HUAWEI] sysname ATN
[ATN] aaa
NOTE
l To log in to a device through reserved channels, an NMS user can log in to the device successfully
only after the user passes the AAA authentication.
l Reserved channels do not support the RSA authentication mode.
----End
Configuration Files
#
sysname ATN
#
interface Ethernet0/0/0
ip address 1.1.1.1 255.255.255.0
#
aaa
local-user hello@163.net password simple hello
local-user hello@163.net user-type netmanager
#
user-interface vty 16 20
authentication-mode aaa
#
return
5 File System
The file system manages files and directories in the storage device.
Definitions
The file system manages the files and directories in the storage devices. It can create, delete,
modify, and rename a file or directory and display the contents of the file.
Functions
The file system has two functions: managing the storage devices and managing the files that are
stored in those storage devices.
Storage Devices
Storage devices are hardware devices for storing messages.
At present, the ATN equipment supports the storage devices such as compact flash (CF) card
and flash card.
Files
The file is a mechanism with which the system stores and manages messages.
Directories
The directory is a mechanism with which the system integrates and organizes the file, serving
as a logical container of the file.
5.1.3 File
A file is a mechanism used for the system to store and manage information.
5.1.4 Directory
A directory is a repository or database of information and a logical container of files. You can
save files to nested directories to implement hierarchical file management.
Applicable Environment
When the ATN equipment cannot access data normally, the storage devices that do not function
normally need to be restored.
Pre-configuration Tasks
Before managing the storage devices, complete the following tasks:
l Installing the ATN equipment and starting it normally
l Enabling the client to log in to the ATN equipment
Data Preparations
Before managing the storage devices, you need the following data.
No. Data
1 Device name
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
fixdisk device-name
NOTE
After this command is run, if the prompt that the system should be repaired is still received, it indicates
that the physical medium may be damaged.
----End
Context
CAUTION
Formatting storage devices may lead to data loss.
Procedure
Step 1 Run:
format device-name
NOTE
If the storage device cannot work after running the format device-name command, a fault may occur in
the hardware.
----End
Applicable Environment
When you need to transfer files between the client and the server, configure the directory by
using the file system.
Pre-configuration Tasks
Before configuring the management directory, complete the following tasks:
Data Preparation
To configure a management directory, you need the following data.
No. Data
Context
Do as follows on the ATN equipment.
Procedure
Step 1 Run:
pwd
----End
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
cd directory
A directory is specified.
Step 2 Run:
pwd
----End
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
cd directory
----End
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
cd directory
----End
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
cd directory
----End
Applicable Environment
To view, delete, or rename files on the ATN equipment, you need to configure files using the
file system.
Pre-configuration Tasks
Before configuring the file system, complete the following tasks:
Data Preparation
To configure a file system, you need the following data.
No. Data
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
cd directory
----End
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
cd directory
Step 2 Run:
copy source-filename destination-filename
NOTE
The file to be copied must be larger than 0 bytes. Otherwise, the operation fails.
----End
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
cd directory
Step 2 Run:
move source-filename destination-filename
----End
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
cd directory
Step 2 Run:
rename source-filename destination-filename
----End
Context
Do as follows on the ATN equipment.
Procedure
Step 1 Run:
zip source-filename destination-filename
----End
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
cd directory
----End
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
reset recycle-bin [ filename ]
----End
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
undelete filename
NOTE
l If the current directory is not the parent directory, you must operate the file by using the absolute path.
l If you use the parameter [ /unreserved ] in the delete command, the file cannot be restored after being
deleted.
----End
Prerequisites
Uploading the batched files on the client end to the ATN equipment.
Context
When the batch file is created, you can run the batch file to implement routine tasks
automatically.
Procedure
Step 1 Run:
system-view
----End
Prerequisites
Before configuring a file system, complete the following tasks:
Context
The data may be lost or damaged during the process, and the prompt is required.
Procedure
Step 1 Run:
system-view
Step 2 Run:
file prompt { alert | quiet }
CAUTION
If the prompt is in the quiet mode, no prompt appears for data lossdue to maloperation.
----End
Networking Requirements
By configuring the file system of the ATN equipment, the user can operate the ATN
equipment through the console port and copy files to the specified directory.
The file path in the storage device must be correct. If the user does not specify a target file name,
the source file name is the name of the target file by default.
Configuration Roadmap
The configuration roadmap is as follows:
Data Preparation
To complete the configuration, you need the following data:
l Source file name and target file name
l Source file path and target file path
Procedure
Step 1 Display the file information in the directory of cfcard:/folder2, cfcard:/ is the flash memory
identifier.
<HUAWEI> pwd
cfcard:/
<HUAWEI> cd cfcard:/folder2
<HUAWEI> dir
Info: File can't be found in the directory.
499,720 KB total (47,776 KB free)
Step 3 Display the file information about the current directory, and you can view that the file is copied
to the specified directory.
<HUAWEI> dir
Directory of cfcard:/folder2/
----End
The configuration file is the add-in configuration item when restarting the ATN equipment this
time or next time.
l The system can run the command with the maximum length of 512 characters, including the command
in an incomplete form.
l If the configuration is in the incomplete form, the command is saved in complete form. Therefore, the
command length in the configuration file may exceed 512 characters. When the system restarts, these
commands cannot be restored.
l Initial configurations: On powering on, the ATN equipment retrieves the configuration files
from a default save path to initiate itself. If configuration files do not exist in the default
save path, the ATN equipment uses the default parameters.
l Current configurations: indicates the effective configurations of the currently running ATN
equipment.
l Users can modify the current configurations of the ATN equipment through the command
line interface. Use the save command to save the current configuration to the configuration
file of the default storage devices, and the current configuration becomes the initial
configuration of the ATN equipment when the ATN equipment is powered on next time.
Applicable Environment
In one of the following situations, you need to manage configuration files:
l To start the ATN equipment normally, you need to select the correct ATN 910 system
software and configuration file for the ATN equipment to load.
l After modifying current configurations, you need to save the modified contents.
l You need to view the configuration of the ATN equipment.
Pre-configuration Tasks
Before managing configuration files, complete the following task:
l Installing the ATN equipment and starting it properly
Data Preparation
To manage configuration files, you need the following data.
No. Data
3 The number of the start line from which the comparison of the configuration files
begins
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
startup system-software system-file [ slave-board ]
The ATN 910 system software for the ATN equipment to load next time when it starts is
configured.
The filename extension of the system software must be .cc and must be stored in the root directory
of a storage device.
You can specify the system-file and use the system software for the next startup that is saved on
the device.
slave-board is valid only on the ATN equipment with dual main control boards.
----End
6.2.3 Configuring the Configuration File for ATN to Load for the
Next Startup
Before restarting a ATN equipment, you can specify the configuration files that are loaded for
the next startup.
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
startup saved-configuration configuration-file
Configuration file is saved for the ATN equipment to load next time on startup.
The filename extension of the configuration file must be .cfg or .zip, and must be stored in the
root directory of a storage device.
The effective configuration when a ATN equipment is working is called current configuration.
----End
Context
The system can save the configuration files periodically or in real time to prevent data loss when
the ATN equipment is powered off or accidentally restarted.
Run one of the following commands to save configuration files.
Procedure
l Run:
1. system-view
If the set save-configuration command is not run, the system does not
automatically save configurations.
If the set save-configuration command without specified interval is run, the
system automatically saves configurations at 30-minute intervals.
When you configure the automatic saving function, to prevent that function from
affecting system performance, you can set the upper limit of the CPU usage for the
system during automatic saving. When automatic saving is triggered by the expiry of
the timer, the CPU usage is checked. If the CPU usage is higher than the set upper
limit, automatic saving will be canceled.
After delay delay-interval is specified, if the configuration is changed, the device
automatically saves the configuration after the specified delay.
After automatic saving of configurations is configured, the system automatically saves
the changed configurations to the configuration file for the next startup and
configuration files are changed accordingly with the saved configurations.
Before configuring the automatic configure file saving on the server, you need to run
the set save-configuration backup-to-server server server-ip [ transport-type
{ ftp | sftp } ] user user-name password password [ path folder ] or set save-
configuration backup-to-server server server-ip transport-type tftp [ path
folder ] command to configure the server, including the IP address, username,
password of the server, destination path, and mode of transporting the configuration
file to the server.
NOTE
If configuration files transmitted in TFTP mode are saved, the tftp client-source command
can be run to configure the address of a loopback interface of the ATN equipment as a source
address of a client to ensure security.
WARNING
When the automatic saving function is enabled and the LPU is not properly installed,
corresponding configurations may be lost.
l Run:
save [ all ] [ configuration-file ]
The filename extension of the configuration file must be .cfg or .zip. The system startup
configuration file must be saved in the root directory of a storage device.
The user can modify the current configuration through the command line interface. To set
the current configuration as initial configuration when the ATN equipment starts next time,
you can use the save command to save the current configuration in the cfcard memory.
You can use the save all command to save all the current configurations, including the
configurations of the boards that are not inserted, to the default directory.
NOTE
When saving the configuration file for the first time, if you do not specify the optional parameter
configuration-file, the ATN equipment asks you whether to save the file as "vrpcfg.zip" or not.
----End
Context
The configuration file stored in cfcard memory needs to be cleared in the following cases:
l The system software does not match the configuration file after the ATN equipment has
been upgraded.
l The configuration file is destroyed or an incorrect configuration file has been loaded.
Procedure
l Clear the currently loaded configuration file.
Run the reset saved-configuration command to clear the currently loaded configuration
file.
If the configuration file of the ATN equipment used for the current startup is the same
as that used for the next startup, running the reset saved-configuration command will
clear both the configuration files. The ATN equipment will uses the default
configuration file for the next startup.
If the configuration file of the ATN equipment used for the current startup is different
from that used at the next startup, running the reset saved-configuration command will
clear the configuration file used for the current startup.
If the configuration file of the ATN equipment used for the current startup is empty, the
system will prompt you that the configuration file does not exist after you run the reset
saved-configuration command.
----End
Context
Do as follows on the ATN equipment:
Procedure
Step 1 Run:
compare configuration [ configuration-file ] [ current-line-number save-line-
number ]
The current configuration is compared with the configuration file for next startup.
If no parameter is set, the comparison begins with the first lines of configuration files. current-
line-number and save-line-number are used to continue the comparison by ignoring the
differences between the configuration files.
When comparing differences between the configuration files, the system displays the contents
of the current configuration file and saved configuration file from the first different line. By
default, 150 characters are displayed for each configuration file. If the number of characters from
the first different line to the end is less than 150, the contents after the first different line are all
displayed.
In comparing the current configurations with the configuration file for next startup, if the
configuration file for next startup is unavailable or its contents are null, the system prompts that
reading files fails.
----End
Prerequisites
The configuration of managing configuration files are complete.
Procedure
l Run the display current-configuration [ configuration [ configuration-type
[ configuration-instance ] ] | controller | interface [ interface-type [ interface-number ] ] ]
[ feature feature-name [ filter filter-expression ] | filter filter-expression ] or display
current-configuration [ all | inactive ] command to view the current configuration files.
l Run the display saved-configuration [ last | time | configuration ] command to view
configuration files to be loaded at the next startup.
l Run the display startup command to view files for the device startup.
l Run the dir [ /all ] [ filename ] command to view files saved in the storage device.
l Run the display changed-configuration time command to view the time of the last
configuration change.
----End
7.1.1 FTP
You can transfer files between local and remote hosts through FTP. FTP is commonly used in
version upgrade, log downloading, file transfer, and configuration saving.
File Transfer Protocol (FTP) is an application layer protocol in the TCP/IP protocol suite. It
implements file transfer between local and remote hosts based on related file systems. The FTP
protocol is implemented based on corresponding file system.
The ATN equipment provides the following FTP services:
l FTP server service. Users can run the FTP client program to log in to the ATN
equipment and access the files on the ATN equipment.
l FTP client service. Users can establish a connection with the ATN equipment by running
a terminal emulation program or a Telnet program on a PC. Enter an FTP command to
connect with the remote FTP server and access the files on the remote host.
7.1.2 TFTP
TFTP does not have a complex interactive access interface and authentication control. TFTP is
applicable when there is no complex interaction between the client and server.
The Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol.
Compared with FTP, TFTP does not have a complex interactive access interface and
authentication control. TFTP is applicable in an environment where there is no complex
interaction between the client and the server. For example, TFTP is used to obtain the memory
image of the system when the system starts up.
TFTP is implemented based on the User Datagram Protocol (UDP).
The client initiates the TFTP transfer. To download files, the client sends a read request packet
to the TFTP server, receives packets from the server, and sends acknowledgement to the server.
To upload files, the client sends a write request packet to the TFTP server, sends packets to the
server, and receives acknowledgement from the server.
TFTP transfers the files in two formats:
l The binary format: transfers program files.
l The ASCII format: transfers text files.
At present, the ATN 910 serves only as the TFTP client and transfers files in the binary format.
Applicable Environment
When the ATN equipment serves as the FTP server, after the client logs in to the ATN
equipment through FTP, the user can transfer files between the client and the server.
Pre-configuration Tasks
Before configuring the ATN equipment as the FTP server, complete the following tasks:
Data Preparation
To configure the ATN equipment as the FTP server, you need the following data.
NOTE
For FTP secure server connection, perform step 2.
No. Data
Context
If the FTP is not enabled, change the FTP port as required.
If the FTP service is enabled, run the undo ftp server command to disable the FTP service, and
then change the FTP port.
Procedure
Step 1 Run:
system-view
----End
Procedure
Step 1 Run:
system-view
NOTE
When the file operation between clients and the ATN equipment ends, run the undo ftp server command
to disable the FTP server function. This ensures the security of the ATN equipment.
----End
Context
Do as follows on the ATN equipment that functions as an FTP server:
Procedure
Step 1 Run:
system-view
After the source address is configured, the address specified in the ftp command for login to the
FTP server must be the configured source address. Otherwise, the login fails.
----End
Context
If the client is idle for the configured time, the connection is removed from the FTP server.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ftp timeout minutes
----End
Context
Do as follows on the ATN equipment that serves as the FTP server:
Procedure
Step 1 Run:
system-view
Step 2 Run:
aaa
Step 3 Run:
local-user user-name password { simple | cipher } password
----End
Context
Do as follows on the ATN equipment that serves as the FTP server:
Procedure
Step 1 Run:
system-view
Step 3 Run:
aaa
Step 4 Run:
local-user user-name service-type ftp
Step 5 Run:
local-user user-name ftp-directory directory
----End
Prerequisites
The FTP server must be configured before running the below mentioned commands. Otherwise
the system does not display any data.
Procedure
l Run the display ftp-server command to check the configuration of the FTP server.
l Run the display ftp-server secure-info command to check the configuration of the FTP
secure server.
l Run the display ftp-users command to check how many users are currently logged in FTP
server.
----End
Applicable Environment
When the ATN equipment serves as the FTP server, for security, you can configure the ATN
equipment by the access control list (ACL) to be accessed by only those clients that meet the
matching conditions.
Pre-configuration Tasks
Before configuring the FTP ACL, complete the following tasks:
l Powering on the ATN equipment
l Connecting the FTP client with the server
Data Preparation
To configure the FTP ACL, you need the following data.
No. Data
1 ACL number
Context
Do as follows on the ATN equipment that serves as the FTP server:
Procedure
Step 1 Run:
system-view
----End
Context
Do as follows on the ATN equipment that serves as the FTP server:
Procedure
Step 1 Run:
system-view
NOTE
----End
Context
Do as follows on the ATN equipment that serves as the FTP server:
Procedure
Step 1 Run:
system-view
----End
Prerequisites
The configuration of FTP ACL are complete.
Procedure
l Run the display ftp-server command to check the configuration and status of the FTP
server.
----End
Applicable Environment
When a ATN equipment serves as an FTP client, you can log in to the FTP server through the
ATN equipment and then transmit files or manage server directory.
Pre-configuration Tasks
Before configuring the ATN equipment as an FTP client, complete the following tasks:
l Powering on the ATN equipment
l Connecting the FTP client to the server
Data Preparation
To configure the ATN equipment as an FTP client, you need the following data.
NOTE
For FTP secure server connection, perform step 2, 3 and 4.
No. Data
No. Data
9 Local file name and file name on the remote FTP server
10 Working directory name of the remote FTP server, local working directory of the
FTP client, or directory name of the remote FTP server
Prerequisites
The interface configuration is possible, only if the system has a loopback interface.
Procedure
Step 1 Run:
system-view
NOTE
Then, run the display ftp-client command on the ATN equipment to view the current configuration of the FTP
client.
----End
Context
Do as follows on the ATN equipment that serves as the client:
Procedure
Step 1 Run the following commands according to types of the server IP address.
l If the IP address of the server is an IPv4 address, do as follows:
In the user view, establish a connection to the FTP server.
Run:
ftp [ [ -a source-ip-address | -i interface-type interface-number ] host
[ port-number ]
Before logging in to the FTP server, you can run the set net-manager vpn-instance
command to configure a default VPN instance. After that, the default VPN instance is used
in the FTP operation.
----End
7.4.4 Configuring Data Type and Transmission Mode for the File
This section describes how to configure the data type and transmission mode for the file.
Context
Do as follows on the ATN equipment that serves as the client:
Procedure
Step 1 Run:
ascii | binary
NOTE
FTP server supports ascii mode for data transmission. But in ATN 910, user has to switch to binary mode for
data transfer.
Step 2 Run:
passive
Step 3 Run:
verbose
When verbose is enabled, all FTP responses are displayed. After file transmission, the statistics
about transmission efficiency will be displayed.
----End
Context
This configuration provides help information for protocol commands.
Procedure
Step 1 Run:
remotehelp command
----End
Context
Do as follows on the ATN equipment that serves as the client:
Procedure
Step 1 Upload or download files.
l Run:
put local-filename [ remote-filename ]
The FTP file is downloaded from the FTP server and saved to the local file.
----End
Context
Do as follows on the ATN equipment that serves as the client:
Procedure
Step 1 Run one or more commands in the following order to manage directories.
l Run:
cd pathname
The working path of the FTP server is switched to the upper-level directory.
l Run:
pwd
l The directory to be created can comprise letters and digits, but not special characters such as <,
>, ?, \ and :.
l When running the mkdir /abc command, you create a sub-directory named "abc".
----End
Context
Do as follows on the ATN equipment that serves as the client:
Procedure
Step 1 Run one or more commands in the following to manage directories.
l Run:
ls [ remote-filename ] [ local-filename ]
When local-filename is set, related information about the file can be downloaded locally.
----End
Prerequisites
This configuration must be performed in FTP view.
Context
The username and password are of string data type. The string length for username must be in
the range of 1 to 85 case-insensitive characters and password must be in the range of 1 to 16
case-insensitive characters.
Procedure
Step 1 Run:
user username [ password ]
The current login user is changed and the user logs in again.
----End
Prerequisites
The configurations must be performed in the FTP view.
Procedure
Step 1 Run:
bye
or
quit
or
disconnect
----End
Prerequisites
The FTP client must be configured before running the below mentioned command. Otherwise
the system does not display any data.
Procedure
l Run the display ftp-client command to check the configuration status of FTP client.
l Run the display ftp-client secure-info command to check the configuration status of FTP
secure client.
----End
Applicable Environment
You can transfer files through TFTP between the server and the client in a simple interaction
environment.
Pre-configuration Tasks
Before configuring TFTP, complete the following tasks:
l Powering on the ATN equipment
l Connecting the TFTP client with the server
Data Preparation
To configure TFTP, you need the following data.
No. Data
3 File directory
Context
Do as follows on a ATN equipment that functions as a TFTP client.
Procedure
Step 1 Run:
system-view
----End
Context
Do as follows on the ATN equipment that serves as the TFTP client:
Procedure
Step 1 Run the following commands according to the type of the server IP addresses.
NOTE
----End
Context
Do as follows on the ATN equipment that serves as the TFTP client:
Procedure
Step 1 Run the following commands according to the type of the server IP addresses.
NOTE
----End
Applicable Environment
When the ATN equipment serves as the TFTP client, you can configure the ACL on the ATN
equipment. After the configuration, you can control the TFTP server to which the device can
log in through TFTP.
Pre-configuration Tasks
Before configuring a limit to access the TFTP server, complete the following tasks:
l Powering on the ATN equipment
l Connecting the TFTP client to the server
Data Preparation
To configure a limit to access to the TFTP server, you need the following data.
No. Data
3 ACL number
Context
NOTE
Procedure
Step 1 Run:
system-view
----End
Context
Do as follows on the ATN equipment that serves as the TFTP client:
Procedure
Step 1 Run:
system-view
----End
Networking Requirements
As shown in Figure 7-1, the IP address of the FTP server is 172.16.104.110/24.
Log in to the ATN equipment from the HyperTerminal and then download files from the FTP
server.
GE0/3/0
172.16.104.120/24
1.1.1.2/24
ATN PC
Configuration Roadmap
The configuration roadmap is as follows:
1. Run the HyperTerminal on the PC and log in to the ATN equipment.
2. Use the correct username and password to log in to the FTP server to download the files
on the memory of the ATN equipment.
3. Download files to the memory of the ATN equipment.
Data Preparation
To complete the configuration, you need the following data:
l FTP username as huawei and password as huawei on the server
l The correct path of the original files on the FTP server
l The destination file name and its position in the ATN equipment
Procedure
Step 1 Enable FTP on the FTP server and configure the authentication information about the FTP user.
<HUAWEI> system-view
[HUAWEI] sysname server
[server] ftp server enable
[server] ftp timeout 30
[server] aaa
[server-aaa] local-user huawei password simple huawei
Step 2 Configure the authorization mode and directory of the FTP user on the FTP server
[server-aaa] local-user huawei service-type ftp
[server-aaa] local-user huawei ftp-directory cfcard:
[server-aaa] quit
Step 4 Log in to the ATN equipment from the PC through the HyperTerminal, and connect to the FTP
server using the correct username and password to obtain system host software
# Log in to the FTP server to obtain the system host software and save it in the root directory of
the cf of the ATN equipment.
<HUAWEI> cd cfcard:
<HUAWEI> pwd
cfcard:
<HUAWEI> ftp 172.16.104.110
Trying 172.16.104.110 ...
Press CTRL+K to abort
Connected to 172.16.104.110.
220 FTP service ready.
User(172.16.104.110:(none)):huawei
331 Password required for huawei.
Password:
230 User logged in.
[ftp] binary
200 Type set to I.
[ftp] get V200R001C01.cc
The file V200R001C01.cc is already existing, overwrite it? [Y/N]:y
200 PORT command okay
----End
Configuration Files
Configuration file of the FTP server.
#
sysname Server
#
FTP server enable
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 172.16.104.110 255.255.255.0
#
aaa
local-user huawei password simple Huawei
local-user huawei service-type ftp
local-user huawei ftp-directory cfcard:
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
return
Networking Requirements
As shown in Figure 7-2, the ATN equipment that serves as the FTP client are connected to the
FTP server, and download system software and configuration software from the FTP server to
the client side.
GE0/3/0
IP Network
Server ATN
172.16.104.110/24 172.16.105.110/24
Configuration Roadmap
1. Log in to the FTP server from the FTP client.
2. Download the system files form the server to the storage devices on the client side.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Log in to the FTP server from the ATN equipment.
<HUAWEI> ftp 172.16.104.110
Trying 72.16.104.110
Press CTRL+K to abort
Connected to 172.16.104.110
220 FTP service ready.
User(ftp 172.16.104.110:(none)):huawei
331 Password required for huawei
Password:
230 User logged in.
Step 2 Configure the transmission mode to the binary format and configure the directory of the Flash
memory on the ATN equipment.
[ftp] binary
200 Type set to I.
[ftp] lcd cfcard:/
Info: Local directory now cfcard:.
Step 3 Download the newest system software from the remote FTP server on the ATN equipment.
[ftp] get V200R001C01.cc
200 Port command okay.
150 Opening ASCII mode data connection for V200R001C01.cc.
226 Transfer complete.
FTP: 1127 byte(s) received in 0.156 second(s) 7.22Kbyte(s)/sec.
[ftp] quit
----End
Networking Requirements
As shown in Figure 7-3, the IP address of the TFTP server is 10.111.16.160/24.
Log in to the ATN equipment from the HyperTerminal and then download the file
V200R001C01.cc from the TFTP server.
Configuration Roadmap
The configuration roadmap is as follows:
1. Run the TFTP application on the TFTP server, and set the location of the file on the server.
2. Use the TFTP command on the ATN equipment to download the file.
3. Use the TFTP command on the ATN equipment to upload the file.
Data Preparation
To complete the configuration, you need the following data:
l The TFTP application installed on the TFTP server
l The path of the file on the TFTP server
l The destination file name and its path on the ATN equipment
Procedure
Step 1 Start the TFTP server, and set its Current Directory as the directory where the
V200R001C01.cc file resides. Figure 7-4 shows the interface.
NOTE
The display may be different depending on different TFTP server applications run in the computer.
Step 2 Log in to the ATN equipment from the computer HyperTerminal and enter the following
command to download the file.
<HUAWEI>tftp 10.111.16.160 get V200R001C01.cc cfcard:/V200R001C01.cc
Info: Transfer file in binary mode.
Downloading the file from the remote TFTP server. Please wait...|
TFTP: Downloading the file successfully. 15805100 bytes received in 42734
second.
Step 3 Run the dir command to check whether the downloaded file is saved in the specified directory
on the ATN equipment.
<HUAWEI> dir cfcard:
Directory of cfcard:/
Idx Attr Size(Byte) Date Time FileName
1 -rw- 40 Jun 24 2011 09:30:40 private-data.txt
2 -rw- 396 May 19 2011 15:00:10 rsahostkey.dat
3 -rw- 540 May 19 2011 15:00:10 rsaserverkey.dat
4 -rw- 2718 Jun 21 2011 17:46:46 1.cfg
5 -rw- 14343 May 19 2011 15:00:10 paf.txt
6 -rw- 1004 Feb 05 2010 09:51:22 vrp1.zip
7 -rw- 6247 May 19 2011 15:00:10 license.txt
8 -rw- 14343 May 16 2011 14:13:42 paf.txt.bak
9 -rw- 86235884 Feb 05 2010 10:23:46 V200R001C01.cc
Step 4 Log in to the ATN equipment from the computer HyperTerminal and enter the following
command to upload the file.
<HUAWEI> tftp 10.111.16.160 put cfcard:/vrpcfg.zip
Info: Transfer file in binary mode.
Uploading the file to the remote TFTP server. Please wait.../
TFTP: Uploading the file successfully. 1217 bytes send in 1 second.
----End
Telnet and SSH can provide a terminal which enables users to remotely log in to and access a
server.
To configure, monitor, and maintain the local or remote network devices running ATN 910, you
need to configure the user interface, the user management, and the terminal service.
The user interface provides a login plane. The user management guarantees the login security
and the terminal service provides related processes of login protocol.
Telnet Services
Telnet is an application layer protocol in the TCP/IP protocol suite. It provides remote login and
a virtual terminal service through the network.
l Telnet server: You can run the Telnet client program on a PC to log in to the ATN
equipment, configure and manage it. The ATN equipment acts as a Telnet server.
l Telnet client: You can run the terminal emulation program or the Telnet client program on
a PC to connect with the ATN equipment. With the telnet command, you can log in to other
ATN equipments to configure and manage them. As shown in Figure 8-1, ATN A serves
as both the Telnet server and the Telnet client.
Telnet
Server
PC ATN A ATN B
l Redirection terminal services: You can run the Telnet client program on a PC to log in to
the ATN equipment through a specified port number. Then connect with the serial interface
devices that are connected with the asynchronous interface of the ATN equipment, as shown
in Figure 8-2. The typical application is to connect the asynchronous interface of the ATN
equipment with multiple devices for their remote configuration and maintenance.
Ethernet
ATN
NOTE
Only the devices that provide the asynchronous interface support the Telnet redirection service.
l Interruption of Telnet services
In Telnet connection, you can use two types of shortcut keys to interrupt the connection.
As shown in Figure 8-3, ATN A logs in to ATN B through Telnet, and ATN B logs in
to ATN C through Telnet. Thus, a cascade network is formed. In this case, ATN A is the
client of ATN B and ATN B is the client of ATN C. Figure 8-3 illustrates the usage of
the two types of shortcut keys.
Telnet Telnet
Client Server
If the network connection is normal, when you press Ctrl_], the Telnet server interrupts
the current Telnet connection actively. For example:
<ATNC>
NOTE
If the network disconnects, the shortcut keys become invalid. The instruction cannot be sent to the
server.
<Ctrl_T>: The client interrupts the connection.
When the server fails and the client is unaware of the failure, the server does not respond
to the input of the client. In this case, if you press Ctrl_T, the Telnet client interrupts the
connection actively and quits the Telnet connection.
For example:
<ATNC>
Press <Ctrl_T> to directly interrupt the connection and quit Telnet connection.
<ATNA>
CAUTION
When the number of remote login users reaches to the maximum number of VTY user
interfaces, the system prompts that all user interfaces are in use and you cannot use Telnet
to log in.
SSH Overview
When users on an insecure network log in to the ATN equipment through Telnet, the Secure
Shell (SSH) feature ensures information security and authentication to protect the ATN
equipment from attacks such as IP address spoofing and interception of plain text password.
The ATN equipment can be connected to multiple SSH users.
The SSH client function allows users to establish SSH connections with the ATN equipment
serving as SSH server or with UNIX hosts.
l SSH connection in a LAN
As shown in Figure 8-4, the client can set up an SSH connection with the server in a Local
Area Network (LAN).
Server
Ethernet 100BASE-TX
Server LapTop PC
PC running SSH Client
WAN
Advantages of SSH
SSH supports the STelnet client n, Secure FTP (SFTP) client.
l STelnet client
Telnet services do not provide secure authentication and use TCP to transmit data in plain
text. This leads to security problems. In addition, Telnet services are prone to network
attacks, such as DOS (Denial of Service) attacks, the host IP address spoofing, and routing
spoofing..
Unlike Telnet, SSH provides the secure remote access on insecure networks and has the
following advantages:
Supports Remote Subscriber Access (RSA) authentication. In RSA authentication, SSH
generates and exchanges public and private keys compliant with asymmetric
encipherment system to ensure the session security.
Supports Data Encryption Standard (DES), 3DES, and AES authentications.
Prevents password interception by encrypting the username and password in the
communication between the SSH client and the SSH server..
Encrypts the data to be transferred.
When the STelnet server or the connection to the client is faulty, the client must detect the
fault in time and release the connection voluntarily. This requires that the client be
configured with the interval at which keepalive packets are sent and the maximum number
of times that the server does not respond when it logs in to the server through Stelnet. If
the client does not receive any response within specified period, the client sends a keepalive
packet to the server. If the number of times that the server does not respond exceeds the
specified limit, the client releases the connection voluntarily.
l SFTP client
SFTP allows you to log in to a device from the remote end to manage files. This improves
the security of data transfer when the remote system is updated. Meanwhile, the client
function enables you to log in to the remote device using SFTP for secure file transfer.
When the SFTP server or the connection between it and the client is faulty, the client must
detect the fault in time and releases the connection voluntarily. This requires that the client
be configured with the interval at which keepalive packets are sent and the maximum
number of times that the server does not respond when it logs in to the server through
Stelnet. If the client does not receive any response within specified period, the client sends
a keepalive packet to the server. If the number of times that the server does not respond
exceeds the specified limit, the client releases the connection voluntarily.
Applicable Environment
To remotely log in to the ATN equipment through the Telnet protocol for maintenance and
management, you need to configure Telnet terminal services.
Pre-configuration Tasks
Before configuring Telnet terminal services, complete the following tasks:
l Ensuring that the ATN equipment runs normally
l Ensuring that the IP addresses of interfaces on the ATN equipment are configured correctly
l Configuring the user account, correct login authentication mode, and call-in and call-out
restriction
l Ensuring that reachable routes exist between the terminal and the ATN equipment
Data Preparation
To configure Telnet terminal services, you need the following data.
No. Data
No. Data
4 Number of the TCP port that is used by the remote ATN equipment to provide Telnet
services
5 (Optional) Timeout period after which the server terminates the connection with the
user interface
Context
Do as follows on the ATN equipment that serves as an Telnet server.
Select and perform one of the following two steps for IPv4.
NOTE
Procedure
l For the IPv4 network
1. Run:
system-view
NOTE
----End
Context
Do as follows on a ATN equipment that functions as an Telnet client.
Procedure
Step 1 Run:
system-view
Step 2 Run:
telnet client-source { -a source-ip-address | -i interface-type interface-number }
After the configuration, the source IP address of the Telnet client displayed on the Telnet server
must be the same as the configured one.
----End
Context
Do as follows on the ATN equipment that serves as a Telnet client:
NOTE
Procedure
l Run:
telnet [ vpn-instance vpn-instance-name ] [-a source-ip-address ] host-name
[ port-number ]
----End
Context
Do as follows on the ATN equipment that functions as a Telnet server:
Procedure
Step 1 Run:
system-view
Step 2 Run:
telnet server port port-number
If a new port number is set, the Telnet server terminates all established Telnet connections, and
then uses the new port number to listen to new requests for Telnet connections. By default, the
Telnet server port number is 23.
----End
Context
Do as follows on the ATN equipment that serves as a Telnet client:
Procedure
Step 1 Run:
system-view
Step 2 Run:
user-interface [ ui-type ] first-ui-number [ last-ui-number ]
Step 3 Run:
idle-timeout minutes [ seconds ]
----End
Prerequisites
The configuration of Telnet Terminal Services are complete.
Procedure
l Run the display users command to check information about connected users.
l Run the display users all command to check information about all users, including
connected and disconnected users.
l Run the display tcp status command to check TCP connections.
l Run the display telnet server status command to check the configuration and status of the
Telnet server.
----End
Applicable Environment
The STelnet or SFTP client can log in to the SSH server to perform operations only after SSH
users are correctly configured on the SSH server.
Pre-configuration Tasks
Before configuring SSH users, complete the following tasks:
Data Preparation
To configure SSH users, you need the following data.
No. Data
No. Data
Context
NOTE
Besides creating an SSH user separately, you can also create an SSH user when you configure the following.
l Configuring the Authentication Mode for SSH Users
l Configuring the Service Type of SSH Users
Procedure
Step 1 Run:
system-view
Step 2 Run:
ssh user user-name
If you want to create an SSH user in the password authentication mode, you need to create a
local user with the same name in the AAA view.
1. Run:
aaa
----End
Context
Do as follows on the ATN equipment that serves as an SSH server:
Procedure
Step 1 Run:
system-view
NOTE
The authentication mode of the VTY user interface must be set to AAA. Otherwise, the protocol
inbound ssh command cannot be configured successfully.
----End
Context
Do as follows on the ATN equipments that serve as a client or a server:
Procedure
Step 1 Run:
system-view
NOTE
To log in to an SSH server, the local RSA key pair must be configured and generated first. Before performing
the other SSH configurations, you must configure the rsa local-key-pair create command to generate a
local key pair.
----End
Context
Do as follows on the ATN equipment that serves as an SSH server:
Procedure
Step 1 Run:
system-view
If the specified hex-data is invalid, the public key cannot be generated after the peer-public-
key end command is run; If the specified key-name is deleted in other views, the system
prompts that the key does not exist after the peer-public-key end command is run and the
system view is displayed.
6. Run:
peer-public-key end
l After the public key editing view is displayed, the RSA public key generated on the client can be sent
to the server. Copy the RSA public key to the ATN equipment that serves as the SSH server.
l Before the peer RSA public key is assigned to the SSH users, the SSH server must be configured and
the peer RSA public key must be the RSA public key of the SSH client.
----End
Context
Do as follows on the ATN equipment that serves as an SSH server:
Procedure
Step 1 Run:
system-view
----End
Context
NOTE
There are four authentication modes for an SSH user, namely, password, rsa, password-rsa, and all. For
details of the configuration of the command line authorization for password authentication, refer to the
chapter "AAA and User Management" in the ATN 910 Configuration Guide - Security. This section
describes how to configure the command line authorization for RSA authentication.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ssh user user-name authorization-cmd aaa
The command line authorization is configured for the specified SSH user.
----End
Follow-up Procedure
After configuring the authorization through command lines for the SSH user to perform RSA
authentication, you have to configure the AAA authorization. Otherwise, the command line
authorization for the SSH user does not take effect.
Context
Do as follows on the ATN equipment that functions as an SSH server:
Procedure
Step 1 Run:
system-view
Step 2 Run:
ssh user username service-type { sftp | stelnet | all }
----End
Context
Do as follows on the ATN equipment that serves as an SSH server:
Procedure
Step 1 Run:
system-view
The authorized directory of the SFTP service for SSH users is configured.
By default, the authorized directory of the SFTP service for SSH users is cfcard:.
----End
Prerequisites
The configuration of SSH Users are complete.
Procedure
l Run the display ssh user-information command to check the information about the SSH
client on the SSH server.
l Run the display ssh user-information username command to check the information about
the specified SSH client on the SSH server.
----End
Applicable Environment
Before configuring the SSH server, you must enable STelnet or SFTP on the SSH server. You
can change the number of the port monitored by the SSH server to other port numbers. This can
prevent attackers from accessing standard ports of the SSH server and thus save bandwidth and
system resources.
Pre-configuration Tasks
Before configuring the SSH server, complete the following tasks:
l Connecting the SSH client to the SSH server correctly
l Ensuring that the SSH client and the SSH server are routable
l Configuring the VTY interface on the SSH server to support SSH
l Configuring the SSH client on the SSH server
l Creating the local RSA key pair on the SSH server
Data Preparation
To configure the SSH server, you need the following data.
No. Data
Context
Do as follows on the ATN equipment that serves as an SSH server:
Procedure
Step 1 Run:
system-view
----End
Context
Do as follows on the ATN equipment that serves as an SSH server:
Procedure
Step 1 Run:
system-view
Step 2 Run:
sftp server enable
----End
Context
Do as follows on the ATN equipment that serves as an SSH server:
Procedure
Step 1 Run:
system-view
Step 2 Run:
ssh server compatible-ssh1x enable
By default, the server configured with the SSH2.0 protocol is compatible with the server
configured with SSH1.X. If the client of SSH1.3 to SSH1.99 (protocol version ranges from 1.3
to 1.99) is denied access to log in, you can run the undo ssh server compatible-ssh1x enable
command to disable the ATN equipment to be compatible with the earlier protocol version.
NOTE
l Compared with SSH1.X, SSH2.0 is extended in structure to more authentication modes and key
exchange modes with higher service capability, such as SFTP.
l The ATN 910 supports the SSH protocol of version 1.3 to version 2.0.
----End
Context
Do as follows on the ATN equipment that serves as an SSH server:
Procedure
Step 1 Run:
system-view
----End
8.4.6 (Optional) Configuring the Interval for Updating the Key Pair
on the SSH Server
You can configure the interval for updating the key pair of the SSH server, which can guarantee
the security.
Context
Do as follows on the ATN equipment that serves as an SSH server:
Procedure
Step 1 Run:
system-view
By default, the interval for updating the key pair of the SSH server is 0, which means that the
key pair is never updated.
----End
Prerequisites
The configurations of the SSH server are complete.
Procedure
Step 1 Run the display ssh server status command to view the global configuration of the SSH server.
----End
Applicable Environment
STelnet is a secure Telnet protocol. The SSH user can use the STelnet service in the same manner
as using the Telnet service.
Pre-configuration Tasks
Before connecting the STelnet client to the SSH server, complete the following tasks:
Data Preparation
To connect the STelnet client to the SSH server, you need the following data:
No. Data
3 Preferred encrypted algorithm from the STelnet client to the SSH server
4 Preferred encrypted algorithm from the SSH server to the STelnet client
5 Preferred HMAC algorithm from the STelnet client to the SSH server
6 Preferred HMAC algorithm from the SSH server to the STelnet client
9 Source address
Context
If the first-time authentication on the SSH client is enabled, the STelnet client does not check
the validity of the RSA public key when logging in to the SSH server for the first time. After
the login, the system automatically allocates the RSA public key and saves it for authentication
in next login.
To simplify user operations, you are recommended to enable the first-time authentication on the
SSH client.
Do as follows on the ATN equipment that serves as an SSH client:
Procedure
Step 1 Run:
system-view
NOTE
l The purpose of enabling the first-time authentication on the SSH client is to skip checking the validity
of the RSA public key of the SSH server when the STelnet client logs in to the SSH server for the first
time. The check is skipped because the STelnet server has not saved the RSA public key of the SSH
server.
l If the first-time authentication is not enabled on the SSH client, when the STelnet client logs in to the
SSH server for the first time, the STelnet client fails to pass the check on the RSA public key validity
and cannot log in to the server.
TIP
To ensure that the STelnet client can log in to the SSH server at the first attempt, you can assign the RSA
public key in advance to the SSH server on the SSH client in addition to enabling the first-time
authentication on the SSH client.
----End
Context
If the first-time authentication on the SSH client is disabled, you need to allocate an RSA public
key to the SSH server before the STelnet client logs in to the SSH server.
Do as follows on the ATN equipment that serves as an SSH client:
Procedure
Step 1 Run:
system-view
that the key does not exist after the peer-public-key end command is run and the system view
is displayed.
Step 6 Run:
peer-public-key end
Step 7 Run:
ssh client servername assign rsa-key keyname
NOTE
l Before being assigned to the SSH server, the assigned peer RSA public key must be obtained from the
SSH server and must be configured on the SSH client. Then, the STelnet client client can successfully
undergo the validity check on the RSA public key of the SSH server.
l If the RSA public key stored on the SSH client becomes invalid, run the undo ssh client servername
assign rsa-key command to cancel the association between the SSH client and the SSH server. Then,
run the ssh client servername assign rsa-key keyname command to allocate a new RSA public key to
the SSH server.
----End
Context
NOTE
When accessing an SSH server, the STelnet client can carry the source address and the VPN instance name
and choose the key exchange algorithm, encryption algorithm, or HMAC algorithm, and configure the
keepalive function..
Procedure
Step 1 Run:
system-view
Step 2 According to the address type of the SSH server, run the following commands.
l For IPv4 addresses,
Run the stelnet [ -a source-address ] host-ipv4 [ port ] [ [ -vpn-instance vpn-instance-
name ] | [ prefer_kex { dh_group1 | dh_exchange_group } ] | [ prefer_ctos_cipher
{ des | 3des | aes128 } ] | [ prefer_stoc_cipher { des | 3des | aes128 } ] |
[ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] | [ prefer_stoc_hmac { sha1 |
sha1_96 | md5 | md5_96 } ] ] * [ -ki aliveinterval [ -kc alivecountmax ] ] command. You
can log in to the SSH server through STelnet.
----End
Prerequisites
The configuration of the STelnet Client Function are complete.
Procedure
l Run the display ssh server-info command to check the mapping between the RSA public
key and the SSH client on the SSH client.
l Run the display ssh server session command to check the session of the SSH client on the
SSH server.
----End
Applicable Environment
SFTP enables users to log in to the device from a secure remote end to manage files. This
improves the security of data transmission for the remote end to update its system. The SFTP
client function also enables you to log in to the remote device through SFTP for the secure file
transmission.
Pre-configuration Tasks
Before connecting the SFTP client to the SSH server, complete the following tasks:
Data Preparation
To connect an SFTP client to an SSH server, you need the following data.
No. Data
No. Data
3 Preferred encrypted algorithm from the SFTP client to the SSH server
4 Preferred encrypted algorithm from the SFTP server to the SSH client
5 Preferred HMAC algorithm from the SFTP client to the SSH server
6 Preferred HMAC algorithm from the SFTP server to the SSH client
9 Source address
10 Directory name
11 File name
Context
Do as follows on a ATN equipment that functions as an SFTP client.
Procedure
Step 1 Run:
system-view
----End
Context
If the first-time authentication on the SSH client is enabled, the STelnet client does not check
the validity of the RSA public key when logging in to the SSH server for the first time. After
the login, the system automatically allocates the RSA public key and saves it for authentication
in next login.
To simplify user operations, you are recommended to enable the first-time authentication on the
SSH client.
Do as follows on the ATN equipment that serves as an SSH client:
Procedure
Step 1 Run:
system-view
NOTE
l The purpose of enabling the first-time authentication on the SSH client is to skip checking the validity
of the RSA public key of the SSH server when the SFTP client logs in to the SSH server for the first
time. The check is skipped because the SFTP server has not saved the RSA public key of the SSH
server.
l If the first-time authentication is not enabled on the SSH client, when the SFTP client logs in to the
SSH server for the first time, the SFTP client fails to pass the check on the RSA public key validity
and cannot log in to the server.
TIP
Except for enabling the first-time authentication on the SSH client, the SFTP client can assign the RSA
public key in advance to the SSH server on the SSH client to log in to the server successfully for the first
time.
----End
Context
If the first-time authentication on the SSH client is disabled, you need to assign an RSA public
key to the SSH server before the STelnet client logs in to the SSH server.
Do as follows on the ATN equipment that serves as an SSH client:
Procedure
Step 1 Run:
system-view
NOTE
l Before being assigned to the SSH server, the assigned peer RSA public key must be obtained from the
SSH server and must be configured on the SSH client. Then, the SFTP client can successfully undergo
the validity check on the RSA public key of the SSH server.
l If the RSA public key stored on the SSH client becomes invalid, run the undo ssh client servername
assign rsa-key command to cancel the association between the SSH client and the SSH server. Then,
run the ssh client servername assign rsa-key keyname command to allocate a new RSA public key to
the SSH server.
----End
Context
NOTE
The command of enabling the SFTP client is similar to that of the STelnet. When accessing the SSH server,
the SFTP can carry the source address and the name of the VPN instance and choose the key exchange
algorithm, encrypted algorithm and HMAC algorithm, and configure the keepalive function.
Procedure
Step 1 Run:
system-view
Step 2 According to the address type of the SSH server, run the following commands.
l For IPv4 addresses, Run:
sftp [ -a source-address | -i interface-type interface-number ] host-ipv4
[ port ] [ [ public-net | -vpn-instance vpn-instance-name ] | [ prefer_kex
{ dh_group1 | dh_exchange_group } ] | [ prefer_ctos_cipher { des | 3des |
aes128 } ] | [ prefer_stoc_cipher { des | 3des | aes128 } ] |
[ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] | [ prefer_stoc_hmac
{ sha1 | sha1_96 | md5 | md5_96 } ] ] * [ -ki aliveinterval [ -kc
alivecountmax ] ]
----End
Context
NOTE
After the SFTP client logs in to the SSH server, the SFTP client can create or delete the directory on the
SSH server, display the current operating directory and information about a specified directory and its files.
Procedure
Step 1 Run:
system-view
Step 2 According to the address type of the SSH server, run the following commands.
l For IPv4 addresses, Run:
sftp [ -a source-address | -i interface-type interface-number ] host-ipv4
[ port ] [ [ public-net | -vpn-instance vpn-instance-name ] | [ prefer_kex
{ dh_group1 | dh_exchange_group } ] | [ prefer_ctos_cipher { des | 3des |
aes128 } ] | [ prefer_stoc_cipher { des | 3des | aes128 } ] |
[ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] | [ prefer_stoc_hmac
{ sha1 | sha1_96 | md5 | md5_96 } ] ] * [ -ki aliveinterval [ -kc
alivecountmax ] ]
l Run:
cdup
----End
Context
NOTE
After the SFTP client logs in to the SSH server, SFTP client can change file names, delete files, display
the file list, upload and download files on the SFTP server.
Procedure
Step 1 Run:
system-view
----End
Context
Do as follows on the login ATN equipment:
Procedure
Step 1 Run:
system-view
Step 2 According to the address type of the SSH server, run the following commands.
l For IPv4 addresses, Run:
sftp [ -a source-address | -i interface-type interface-number ] host-ipv4
[ port ] [ [ public-net | -vpn-instance vpn-instance-name ] | [ prefer_kex
{ dh_group1 | dh_exchange_group } ] | [ prefer_ctos_cipher { des | 3des |
aes128 } ] | [ prefer_stoc_cipher { des | 3des | aes128 } ] |
[ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] | [ prefer_stoc_hmac
{ sha1 | sha1_96 | md5 | md5_96 } ] ] * [ -ki aliveinterval [ -kc
alivecountmax ] ]
Step 3 Run:
help [all | command-name ]
----End
Prerequisites
The configuration of the SFTP Client Function are complete.
Procedure
l Run the display sftp-client command to check the source IP address of the SFTP client on
the SSH client.
l Run the display ssh server-info command to check the mapping between the SSH server
and the RSA public key on the SSH client.
l Run the display ssh server session command to check the session of the SSH client on the
SSH server.
----End
Networking Requirements
On the network shown in Figure 8-6, CX deviceand ATN can ping each other successfully. A
user logs in to ATN from CX device through Telnet.
CX600 ATN
Configuration Roadmap
The configuration roadmap is as follows:
1. On ATN, configure the authentication mode and password for VTY0 to VTY4.
2. Configure users to use passwords to log in to ATNfrom CX devicethrough Telnet.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure IP addresses.
# Configure CX600.
<CX600> system-view
[CX600] interface gigabitethernet 1/0/0
[CX600-GigabitEthernet1/0/0] undo shutdown
[CX600-GigabitEthernet1/0/0] ip address 1.1.1.1 24
[CX600-GigabitEthernet1/0/0] quit
[CX600] quit
# Configure ATN.
<HUAWEI> system-view
[HUAWEI] sysname ATN
[ATN] interface gigabitethernet 0/3/0
[ATN-GigabitEthernet0/3/0] undo shutdown
[ATN-GigabitEthernet0/3/0] ip address 1.1.1.2 24
[ATN-GigabitEthernet0/3/0] quit
Step 2 Configure the authentication mode and password for Telnet services on ATN .
[ATN] user-interface vty 0 4
[ATN-ui-vty0-4] authentication-mode password
[ATN-ui-vty0-4] set authentication password simple hello
[ATN-ui-vty0-4] quit
To configure an ACL for Telnet services, run the following commands on ATN .
[ATN] acl 2000
[ATN-acl-basic-2000] rule permit source 1.1.1.1 0
[ATN-acl-basic-2000] quit
[ATN] user-interface vty 0 4
[ATN-ui-vty0-4] acl 2000 inbound
NOTE
----End
Configuration Files
l Configuration file of CX600
The configuration file of CX600 is not provided.
l Configuration file of ATN
#
sysname ATN
#
acl number 2000
rule 5 permit source 1.1.1.1 0
#
interface GigabitEthernet 0/3/0
undo shutdown
ip address 1.1.1.2 255.255.255.0
#
user-interface con 0
user-interface vty 0 4
acl 2000 inbound
set authentication password simple hello
#
return
9 Device Maintenance
With routine device maintenance, you can detect potential operation threats on devices and then
eradicate the potential threats in time to ensure that the system runs securely, stably, and reliably.
Concept
The stable running of a ATN equipmentdepends on the mature network planning and the routine
maintenance. In addition, fast location of the hidden hazards is necessary.
The maintenance personnel must check the alarm information in time and deal with the fault
properly to keep the device in normal operation and reduce the failure rate. Thus, the system
runs in a safe, stable, and reliable environment.
Maintenance Operation
Maintenance such as board replacement and internal environment check ensures the normal
operation of the ATN equipment.
Monitoring
In routine maintenance of the device, you can run the display commands to view the working
status of the ATN equipment. This can help the maintenance personnel fast locate the fault during
the troubleshooting procedure.
Procedure
Step 1 Run:
display version
In practice, using this command in any view, you can view the system version information. The
main information is as follows:
----End
Procedure
Step 1 Run:
display device [ pic-status | slot-id]
In practice, using this command in any view, you can view the basic device information. Enter
slot-id to view information about the board in the specified slot.
l Choose a board in a certain slot. You can view basic information about this board.
l Run:
display device pic-status
Basic information about the PIC card is displayed.
----End
Procedure
l Run:
display elabel [ backplane | slot-id ]
In practice, using this command in the user view, you can view information about the
electronic label of the boards. Enter slot-id to view information about the electronic label
of the board in the specified slot.
NOTE
For the range of numbers of the slots on the ATN equipment, refer to the ATN 910Multi-service
Access Equipment Hardware Description.
Information displayed includes the type of the board and PIC card, bar code, BOM, English
description, production date, supplier name, issuing number, CLEI (Common Language
Equipment Identification) code, and sales BOM.
NOTE
You can back up the electronic label of the specified board in the following methods:
l Run the backup elabel filename [ backplane | slot-id ] command to back up the electronic label
to the CF card on the ATN equipment.
l Run the backup elabel ftp host filename username password [ backplane | slot-id ] command
to back up the electronic label to the specified FTP server.
----End
Procedure
Step 1 Run:
display memory-usage
The threshold of the memory usage of the main system control board is displayed.
NOTE
To set the threshold of the memory usage in the main system control board , you can run the set memory-
usage threshold thresholdcommand.
----End
Procedure
Step 1 Run:
display cpu-usage [ task-name ] [ congfiguration ]
NOTE
To set the threshold of the CPU usage on the main MPU, you can run the set cpu-usage threshold threshold-
value command, and run thedisplay cpu-usage configuration command can display the current
configuration of the CPU usage.
----End
Procedure
Step 1 Run:
display alarm { slot-id | all }
In the operation, using this command in any view, you can view current information about the
alarm of the ATN equipment. Alarm information includes the following:
l Alarm level
l Alarm date and time
l Alarm description
NOTE
After displaying the alarm of the ATN equipment, you can run the clear alarm index index-id { send-
trap | no-trap } command to clear the alarm at the specified index-id.
----End
Procedure
Step 1 Run:
display temperature slot slot-id
----End
Procedure
Step 1 Run:
display voltage slot slot-id
----End
Procedure
Step 1 Run:
display power
In practice, using this command in any view, you can view the power supply status. The displayed
information includes the following:
----End
Procedure
Step 1 Run:
display esn
The sequence number of the MPU is displayed. In the operation, using this command in any
view, you can view the sequence number of the MPU on the ATN equipment.
----End
Context
In the case that a board is faulty, you can use the reset slot command to reset the board.
WARNING
Back up important data before resetting the board.
Procedure
Step 1 Run:
reset slot slot-id
NOTE
l If this command is run to reset a master MPU and no slave MPU exists, the master MPU is reset with
the CPU being powered on. If a slave MPU exists, this command performs master/slave MPU
switchover.
l If the board is still abnormal after being reset, contact the Huawei technical support personnel.
----End
10 Patch Management
Patch management includes checking the running patch, loading patch files, and installing
patches.
10.1 Introduction of Patch Management
This section describes the basics of the patch.
10.2 Checking the Running of Patch in the System
The system allows only one patch to run. Therefore, confirm that no patch is running before
loading a new patch.
10.3 Loading a Patch
Patches can be loaded through FTP or TFTP.
10.4 Installing a Patch
To repair the system that has vulnerabilities or defects, you can install a patch on the system.
By installing a patch, you can upgrade the system without upgrading the system software.
10.5 (Optional) Unactivating the activating of Patch
If an installed patch does not take effect, you need to deactivate the patch.
10.6 Configuration Examples of the Patch Management
This section describes some Configuration Examples.
Patch Overview
During the operation of the device, you need to revise the system software sometimes such as
remove the system defects or add new functions for service requirements. We used to upgrade
the software after shutting down the system. This static upgrade affects the service on the device
and does not improve the communication. If we load a patch to the system software, we can
upgrade it online without interrupting the operation of the device. This dynamic upgrade does
not affect the service and can improve the communication.
Patch Area
In the memory of the Main Processing Unit (MPU), a certain space is reserved to save the patch.
This space is called patch area.
To install the patch, save the patch to the patch area in advance in the memory of the board.
The patch saved in the patch area is numbered uniquely. Up to 2000 patches can be saved to the
patch area in the memory of the MPU .
Patch States
Patch status can be idle, deactive, active, and running. For details, seeTable 10-1,
No patch The patch file is saved to the CF When the patch is loaded to the patch
(idle) card but not loaded to the patch area, the patch status is set to deactive.
area in the memory.
deactive The patch is loaded to the patch The patch in the deactive state can be as
area but disabled. follows:
l Uninstalled, that is, deleted from the
patch area.
l Enabled temporarily and turns to the
active state.
active The patch is loaded to the patch The patch in the active state can be as
area and enabled temporarily. follows:
If the board is reset, the active l Uninstalled, that is, deleted from the
patch on that board turns to the patch area.
deactive state. l Enabled temporarily and turned into
the active state.
l Enabled permanently, and turns to
the running state.
running The patch is loaded to the patch The patch in the running state can be
area and enabled permanently. uninstalled and deleted from the patch
If the board is reset, the patch on area.
the board keeps in the running
state.
Load patch
No patch Deactivated
Delete patch
Delete patch
Run patch
Running Activated
Patch Functions
Installing patches can improve system functions or fix bugs. By installing a patch, you can
upgrade the system without upgrading the system software.
No Enable patch No
Normally run Bug removed Disable patch
temporarily
Yes Yes
Applicable Environment
At a certain time, the system allows the running of only one patch. Therefore, you need to confirm
no patch is running in the current system before installing a patch. If a patch runs, delete the
patch before installing the new patch.
Pre-configuration Tasks
Before checking the running of patch in the system, complete the following tasks:
Data Preparation
None
Context
Do as follows on the ATN equipment to be upgraded:
Procedure
Step 1 Run:
display patch-information
All the information about the current patch is displayed, including information about the patch
units that are running, the patch units that are activated, and the patch units that are deactivated.
----End
Example
<PE> display patch-information
Info: No patch exists.
NOTE
If there are patches running, you must delete them before loading new patches.
Context
Before installing a patch, you need to delete the running patch.
Procedure
Step 1 Run:patch delete all
The running patch is deleted.
----End
Applicable Environment
Before a patch is installed, it should be uploaded to the root directory of the CF card of the master
MPUs.
The three methods to upload a patch are FTP,.
Pre-configuration Tasks
Before loading a patch, complete the following tasks:
l Ensuring that the ATN equipment is started normally after power-on
l Ensuring that the ATN equipment can be logged in to
Data Preparation
Before running a patch, you need to obtain a patch that is consistent with the board.
No. Data
1 Uploading a Patch to the Root Directory of the CF Card of the Master MPU
2 Copying a Patch to the Root Directory of the CF Card of the Slave MPU
Context
Do as follows on the ATN equipment to be upgraded:
Procedure
Step 1 Upload a patch to the root directory of the CF card of the MPU.
The ATN equipment supports the uploading of files through FTP, TFTP, for more
infirmation ,please see: "FTP, TFTP". Choose an uploading method based on the requirements.
Step 2 Run:
startup patch file-name
The patch package is specified for the MPU on the next startup.
----End
Context
Run the following commands to check the previous configuration.
Procedure
l Run:
dir cfcard:/
----End
Applicable Environment
Installing patches can fix system vulnerabilities or correct system defects. By installing a patch,
you can upgrade the system without upgrading the system software.
When a patch is uploaded, the system checks that the patch version is the same as the system
version. If the two versions are not the same, the system prompts that the patch uploading fails.
Pre-configuration Tasks
Before installing a patch, upload the patch to the root directory of the CF card of the master.
Data Preparation
None
Context
Do as follows on the ATN equipment to be upgraded:
Procedure
Step 1 Run:
patch load file-name all
----End
Follow-up Procedure
When a patch is loaded, the system checks that the patch version is the same as the system
version. If the two versions are not the same, the system prompts that the patch loading fails.
When the patch is loaded successfully, it's status is Deactive and keeps Deactive after the board
is reset.
Context
Do as follows on the ATN equipment to be upgraded:
Procedure
Step 1 Run:
patch active all
----End
Follow-up Procedure
A patch can be activated only when it is correctly loaded and is in the deactivated state. When
a patch is activated, it becomes valid immediately. After the board is reset, however, the status
of the patch becomes Deactive , and the patch does not remain valid.
Context
Do as follows on the ATN equipment be upgraded:
Procedure
Step 1 Run:
patch run all
----End
Follow-up Procedure
A patch can be run only after it is activated. Running a patch means that the patch is activated
permanently and the patch remains valid after the board is reset. The status of the patch keeps
Running.
Procedure
l Run:
display patch-information
----End
Applicable Environment
After a patch is activated, you need to judge that the patch has achieved the expected effect. If
the patch does not become valid, you need to activate the patch.
Pre-configuration Tasks
None
Data Preparation
None
Procedure
Step 1 Run:
patch deactive all
Procedure
l Run:
display patch-information
Networking Requirements
Figure 10-3shows that some urgent bug occurs in the system software at the Provider Edge (PE)
connected to the Internet. Huawei provides the patch file to remove the bug. The patch in this
patch file must be installed to remove the bug.
GE0/3/0 10.1.1.2/24
10.1.1.1/24
MPLS Core
PE
PC
10.1.1.3/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Save the patch file to the root directory of the CF card on the master.
2. Load the patch.
3. Activate the patch.
4. Run the patch.
Data Preparation
To complete the configuration, you need the following data:
l File name of the patch: patch.pat
l Path the patch saved to on the MPU: cfcard:/
Procedure
Step 1 Upload the patch file for the system software.
# Log in to the FTP server.
<PE> ftp 10.1.1.2
Trying 10.1.1.2 ...
Press CTRL+K to abort
Connected to 192.168.1.2.
220 FTP service ready.
User(10.1.1.2:(none)):huawei
331 Password required for huawei.
Password:
230 User logged in.
[ftp]
# Configure the binary transmission format and the working directory of the CF card on PE.
[ftp] binary
200 Type set to I.
[ftp] lcd cfcard:/
% Local directory now cfcard:.
# Load the patch file for the current system software from the remote FTP server.
[ftp] get patch.pat
200 Port command okay.
150 Opening ASCII mode data connection for license.txt.
226 Transfer complete.
FTP: 6309 byte(s) received in 0.188 second(s) 33.55Kbyte(s)/sec.
[ftp] bye
221 Server closing.
<PE>
************************************************************************
* The hot patch information, as follows: *
************************************************************************
----End
Configuration Files
None
This appendix collates frequently used acronyms and abbreviations in this document.
Numerics
3DES Triple Data Encryption Standard
A
AAA Authentication, Authorization and Accounting
ACL Access Control List
ARP Address Resolution Protocol
AES Advanced Encryption Standard
ASPF Application Specific Packet Filter
AUX Auxiliary port
B
BGP Border Gateway Protocol
C
CBQ Class-based Queue
CHAP Challenge Handshake Authentication Protocol
CQ Custom Queuing
CR-LDP Constraint-based Routing LDP
D
DES Data Encryption Standard
E
ESP Encapsulating Security Payload
F
FR Frame Relay
G
GRE Generic Routing Encapsulation
H
HDLC High Level Data Link Control
I
IETF Internet Engineering Task Force
IKE Internet Key Exchange
IPSec IP Security
IS-IS Intermediate System-to-Intermediate System intra-domain
routing information exchange protocol
ITU-T International Telecommunication Union Telecommunications
Standardization Sector
L
L2TP Layer Two Tunneling Protocol
LAPB Link Access Procedure Balanced
LDP Label Distribution Protocol
M
MAC Medium Access Control
MBGP Multiprotocol Extensions for BGP-4
MFR Multiple Frame Relay
MP MultiLink PPP
MPLS Multiprotocol Label Switching
MSDP Multicast Source Discovery Protocol
MTU Maximum Transmission Unit
N
NAT Network Address Translation
NAT-PT Network Address Translation - Protocol Translation
O
OAM Operation, Administration and Maintenance
OSPF Open Shortest Path First
P
PAP Password Authentication Protocol
PE Provider Edge
Ping Ping (Packet Internet Groper)
PPP Point-to-Point Protocol
PPPoA PPP over AAL5
PPPoE Point-to-Point Protocol over Ethernet
PPPoEoA PPPoE on AAL5
PQ Priority Queuing
Q
QoS Quality of Service
R
RADIUS Remote Authentication Dial In User Service
RIP Routing Information Protocol
RPR Resilient Packet Ring
RSVP Resource Reservation Protocol
S
SFTP SSH File Transfer Protocol
T
TE Traffic Engineering
TCP Transmission Control Protocol
TFTP Trivial File Transfer Protocol
V
VPN Virtual Private Network
VRP Versatile Routing Platform
VRRP Virtual Router Redundancy Protocol
W
WAN Wide Area Network
WFQ Weighted Fair Queuing
WRED Weighted Random Early Detection
X
XOT X.25 Over TCP