Professional Documents
Culture Documents
V100R009C10
Device Anti-theft Guide
Issue 01
Date 2017-01-10
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and feat ures are stipulated by the contract made bet ween Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchas e scope or the usage scope. Unless otherwis e specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. E very effort has been made in th e
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Website: http://www.huawei.com
Email: support@huawei.com
Change History
Contents
3 Precautions ................................................................................................................................... 14
4 Appendix ...................................................................................................................................... 15
4.1 RTN Devices Supporting Anti-theft ........................................................................................................................................... 15
4.2 Boards Supporting Anti-theft....................................................................................................................................................... 15
4.3 ODUs Supporting Anti-theft ........................................................................................................................................................ 16
1.1 Background
In some areas with poor public security, devices may get stolen every month, involving
dozens of sites in the most severe case. This causes huge economic losses. Because no control
method is implemented, stolen devices can be illegally deployed and used again. To prevent
devices from use after being stolen, Huawei introduces device anti-theft.
Policy Description
When a public key and a private key are generated on the NMS for an RTN device, the device
anti-theft function can be directly enabled for the RTN device. When an RTN device is not
connected to the NMS during site deployment, export a public key certificate from the NMS
and use the Web LCT to enable the anti-theft function for the RTN device. During
maintenance on a missing NE (which is also unreachable by the NMS), a temporary
certificate can be exported from the NMS and imported to the Web LCT.
Step 1 On the U2000, choose Administration > NE Security Management > NE Anti-theft from
the main menu.
Step 2 In the dialog box that is displayed, specify User Name and Remarks and then click Apply.
The user name is used to identify a public and private key pair.
Step 3 Confirm the user name. You cannot change the user name after confirming it.
Step 4 In the dialog box that is displayed indicating a key generation success, click OK.
The private key backup is used for 1+1 protection on the NMS. When a private key is missing
on the U2000 due to a system error and all managed devices enter the theft mode, the private
key that was backed up can be imported to the NMS for device recovery. Therefore, the
private key that was backed up must be properly stored for future use.
----End
Step 1 On the NE anti-theft management page, select the desired device and click
(highlighted in the following figure) to add the device to the management list on the right.
Parameter Description
NE NE name.
NE Type NE type.
User Name User name, which is entered to generate the public key
and private key.
Anti-theft State Enable status of the device anti-theft function.
Grace Period Left Time Remaining days within the grace period, or remaining
days for a service control policy takes effect.
Step 2 Right-click the cell under Anti-theft State for the NE, and choose Enable from the shortcut
menu.
The default control policy is Configuration (configuration control policy). In this example,
there is no need to change the control policy. Therefore, click Apply to issue the policy.
Step 3 Click Query to query the current anti-theft status of the NE.
----End
Step 1 Click the Query Board Anti-theft State tab. The page for querying the board anti-theft status
is displayed.
Step 2 Select the desired device and click to add the device to the management list on the
right.
----End
In this example, the control policy is modified to Service (service control policy). Set Grace
Period (the maximum days for an unreachable and missing device to properly function).
Step 2 Click Apply, and complete the confirmation dialog box that is displayed.
----End
Step 2 On the Web LCT, log in to the desired NE. In the NE Explorer, choose Security > NE
Anti-theft Management from the navigation tree.
Step 4 Click Query to query the anti-theft status of the desired device.
The control policy defaults to Configuration when a public key certificate is used at
deployment. To modify the control policy, use a temporary certificate.
----End
Step 1 On the U2000, select the desired NE and click Export temporary certification to export a
temporary certificate. You can set parameters.
Note: You can also click Export certification to export a temporary certificate, but you need
to manually enter the barcode of the system control board.
Step 3 After the maintenance is complete, click Lock Ne on the lower part of the page so that the
temporary certificate is disabled.
----End
3 Precautions
1. When you are generating a public key and a private key on the U2000, the user name
cannot be modified once it is specified.
2. When maintenance is complete but the temporary certificate is not used up, manually
expire it on the Web LCT.
3. The control policy for the anti-theft function can be set to the configuration control
policy or service control policy. If it is set to the configuration control policy, it
immediately takes effect once the NE is unreachable by the NMS. When the period in
which a device is unreachable and missing is longer than the configured grace period, the
service control policy takes effect, and the service rate is restricted to 10 Mbit/s. The
default grace period is set to 7 days and is configurable.
4. When a device for which anti-theft is managed by the NMS, anti-theft data is imported to
boards and ODUs. If any of the boards or ODUs is inserted into a device for which
anti-theft is disabled, the board or ODU will immediately enter the theft mode due to a
public/private key mismatch with the system control board of the device. As a result, the
board rate is restricted, or the ODU is muted periodically.
4 Appendix
ISV3 Yes
ISM6 Yes
Board Anti-theft
EG4 Yes
EG4P Yes
CSHR (RTN910A) Yes
CSHU(RTN950) Yes
CSHUA(RTN950) Yes
F1CSHO(RTN950A) Yes
F2CSHO(RTN950A) Yes
CSHNA (RTN980) Yes
NOTE
The anti-theft function will be available on more ODUs.