Professional Documents
Culture Documents
Series Switches
Common Operation Guide 1 Common System Operations
NOTICE
Telnet may bring security risks. You are advised to log in to the switch through STelnet V2.
Ensure that you have an STelnet/Telnet account and administrator rights. The following uses
the command lines and outputs of logging in to the device using STelnet as an example. After
logging in to the switch through STelnet, perform the following configuration.
# Take password authentication as an example. Set the password to Huawei@123.
<HUAWEI> system-view
[HUAWEI] user-interface console 0
[HUAWEI-ui-console0] authentication-mode password
[HUAWEI-ui-console0] set authentication password cipher Huawei@123
[HUAWEI-ui-console0] return
<HUAWEI> save
# Take AAA authentication as an example. Set the user name and password to admin123 and
Huawei@123 respectively.
<HUAWEI> system-view
[HUAWEI] user-interface console 0
[HUAWEI-ui-console0] authentication-mode aaa
[HUAWEI-ui-console0] quit
[HUAWEI] aaa
[HUAWEI-aaa] local-user admin123 password irreversible-cipher Huawei@123
[HUAWEI-aaa] local-user admin123 service-type terminal
[HUAWEI-aaa] return
<HUAWEI> save
NOTE
If the switch has two MPUs, remove the standby MPU before performing the following operations.
After performing the following operations, install the standby MPU and run the save command to ensure
the consistent configuration on the active and standby MPUs.
You can use the BootROM/BootLoad menu of the switch to clear the lost password for
console port login. After starting the switch, set a new password and save your configuration.
Perform the following steps.
Use the BootROM as an example, perform the following steps.
1. Connect the terminal to the console port of the switch and restart the switch. When the
following message is displayed, press Ctrl+B immediately and enter the BootROM
password to enter the BootROM menu.
Information displayed on modular switches:
Press Ctrl+B to enter boot menu ... 1
NOTE
l Some models of fixed switches allow you to enter the BootROM menu by pressing Ctrl+E.
Perform operations as prompted on the screen.
l The default BootROM password of fixed switches is huawei in versions earlier than
V100R006C03 and Admin@huawei.com in V100R006C03 and later.
l The default BootROM password of modular switches is 9300 in V100R006 and earlier
versions, and Admin@huawei.com in versions after V100R006.
l The command outputs of different versions on different devices may be different. Therefore,
the command outputs on your device may be different from that provided in this example.
2. Select Clear password for console user on the BootROM menu to clear the password
for console port login.
3. Select Boot with default mode on the BootROM menu to start the switch as prompted.
NOTE
Related Content
Videos
NOTE
The following uses the command lines of the S7700 in V200R008C00 as an example.
1. Connect the DB9 female connector of the console cable to the serial port (COM) on the
PC, and connect the RJ45 connector to the console port on the device.
2. Start the terminal emulation software on the PC. Create a connection, select the
connected port, and set communication parameters.
– Baud rate : 9600
– Data bits : 8
– Stop bits : 1
– Parity : None
– Flow Control : None
3. Click Connect. Enter or configure the login password as prompted to log in to the switch.
# Take password authentication for VTY0 login as an example. Set the password to
Huawei@123.
<HUAWEI> system-view
[HUAWEI] user-interface vty 0
[HUAWEI-ui-vty0] protocol inbound telnet //By default, switches in V200R006 and
earlier versions support Telnet, and switches in V200R007 and later versions
support SSH.
[HUAWEI-ui-vty0] authentication-mode password
[HUAWEI-ui-vty0] set authentication password cipher Huawei@123
[HUAWEI-ui-vty0] user privilege level 15
[HUAWEI-ui-vty0] return
<HUAWEI> save
# Take AAA authentication for VTY0 login as an example. Set the user name and password to
admin123 and Huawei@123 respectively.
<HUAWEI> system-view
[HUAWEI] user-interface vty 0
[HUAWEI-ui-vty0] protocol inbound telnet //By default, switches in V200R006 and
earlier versions support Telnet, and switches in V200R007 and later versions
support SSH.
[HUAWEI-ui-vty0] authentication-mode aaa
[HUAWEI-ui-vty0] quit
[HUAWEI] aaa
[HUAWEI-aaa] local-user admin123 password irreversible-cipher Huawei@123
[HUAWEI-aaa] local-user admin123 service-type telnet
[HUAWEI-aaa] local-user admin123 privilege level 15
[HUAWEI-aaa] return
<HUAWEI> save
NOTICE
Telnet may bring security risks. You are advised to log in to the switch through the console
port or STelnet.
# Set the user name and password to admin123 and Huawei@123 respectively.
<HUAWEI> system-view
[HUAWEI] aaa
[HUAWEI-aaa] local-user admin123 password irreversible-cipher Huawei@123
[HUAWEI-aaa] local-user admin123 service-type http
[HUAWEI-aaa] local-user admin123 privilege level 15
[HUAWEI-aaa] return
<HUAWEI> save
l The default BootROM password of fixed switches is huawei in versions earlier than
V100R006C03 and Admin@huawei.com in V100R006C03 and later.
l The default BootROM password of modular switches is 9300 in V100R006 and earlier
versions, and Admin@huawei.com in versions after V100R006.
NOTICE
Exercise caution and follow the instructions of the technical support personnel when you run
this command.
The command outputs on your device may be different from that provided in this example.
Related Content
Videos
Restore the Factory Settings.
NOTE
The following uses the command lines of the S7700 in V200R008C00 as an example.
<HUAWEI> system-view
[HUAWEI] user-interface vty 0
[HUAWEI-ui-vty0] protocol inbound telnet //By default, switches in V200R006 and
earlier versions support Telnet, and switches in V200R007 and later versions
support SSH.
[HUAWEI-ui-vty0] authentication-mode aaa
[HUAWEI-ui-vty0] quit
[HUAWEI] aaa
[HUAWEI-aaa] local-user admin123 password irreversible-cipher Huawei@123
[HUAWEI-aaa] local-user admin123 service-type telnet
[HUAWEI-aaa] local-user admin123 privilege level 15
[HUAWEI-aaa] return
<HUAWEI> save
When AAA authentication is used, use the following methods (in descending order of
priorities) to set a user level. Take the VTY user interface as an example.
l Set a user level for a single user.
<HUAWEI> system-view
[HUAWEI] aaa
[HUAWEI-aaa] local-user user1 privilege level 15 //Set the user level of
user1 to 15.
l Set a user level for all users who log in through a specified user interface.
<HUAWEI> system-view
[HUAWEI] user-interface maximum-vty 15 //Set the maximum number of VTY user
interfaces to 15.
[HUAWEI] user-interface vty 0 14 //Enter the VTY user interfaces VTY 0 to
VTY 14.
[HUAWEI-ui-vty0-14] user privilege level 15 //Set the user level to 15 for
the VTY user interfaces VTY 0 to VTY 14.
In V200R005 and earlier versions, run the screen-width screen-length command in any view
to set the number of columns to be displayed on the screen. The default number of columns is
80. Each character is a column. In versions after V200R005, the number of columns displayed
on a terminal screen cannot be set using this command. The device automatically adjusts the
number of columns displayed on a terminal screen.
NOTE
The Telnet protocol will bring risks to network security. The STelnet V2 mode is recommended.
The following operation assumes that the user logs in to the device using Telnet or STelnet.
# Configure rules in ACL 2005 to allow only the user at 192.168.1.5 and users on network
segment 10.10.5.0/24 to log in to the VTY interfaces 0 to 4.
<HUAWEI> system-view
[HUAWEI] acl 2005
[HUAWEI-acl-basic-2005] rule permit source 192.168.1.5 0 //Allow only the user
at 192.168.1.5 to log in to the device.
[HUAWEI-acl-basic-2005] rule permit source 10.10.5.0 0.0.0.255 ////Allow only
users on the network segment 10.10.5.0/24 to log in to the device.
[HUAWEI-acl-basic-2005] quit
[HUAWEI] user-interface vty 0 4
[HUAWEI-ui-vty0-4] acl 2005 inbound
[HUAWEI-ui-vty0-4] quit
# Connect the PC to the device using FTP. Enter the user name admin1234 and
password Helloworld@6789 and set the file transfer mode to binary.
The following example assumes that the PC runs the Windows XP operating system.
C:\Documents and Settings\Administrator> ftp 10.136.23.5
Connected to 10.136.23.5.
220 FTP service ready.
User (10.136.23.5:(none)): admin1234
331 Password required for admin1234.
Password:
230 User logged in.
ftp> binary
200 Type set to I.
ftp>
l When the PC serves as an FTP server and the device serves as an FTP client:
# Start the FTP server program.
Start the FTP server program on the PC. Specify the FTP working directory where the
configuration file is to be saved, and the IP address, port number, user name, and
password of the FTP server.
# Save the current configuration on the device.
<HUAWEI> save
[ftp]
NOTE
l After the configuration file is transferred to the PC, check whether the size of the configuration
file on the PC is the same as that on the device. If not, an exception may occur during file
backup. Back up the configuration file again.
l To transfer the configuration file in a simpler way, configure the PC as the TFTP server and
the device as the TFTP client. The configuration procedure is similar to the procedure when
the PC serves as an FTP server and the device serves as an FTP client, except that the user
name and password are not required for configuring the TFTP server. You only need to run the
tftp 10.110.24.254 put config.cfg command on the device.
l TFTP has no authentication or authorization mechanism, whereas FTP has authentication and
authorization mechanisms. TFTP and FTP both transfer data in plaintext mode, which brings
security risks. Therefore, TFTP and FTP apply to good-performance networks. If you have a
high requirement for network security, SFTP V2, SCP, or FTPS is recommended.
– When the device serves as an FTP server and the PC serves as an FTP client:
# Configure the FTP function for the device and information about an FTP user.
<HUAWEI> system-view
[HUAWEI] ftp server enable
[HUAWEI] aaa
[HUAWEI-aaa] local-user admin1234 password irreversible-cipher
Helloworld@6789
[HUAWEI-aaa] local-user admin1234 privilege level 15
[HUAWEI-aaa] local-user admin1234 service-type ftp
[HUAWEI-aaa] local-user admin1234 ftp-directory cfcard:/
[HUAWEI-aaa] quit
[HUAWEI] quit
# Connect the PC to the device using FTP. Enter the user name admin1234 and
password Helloworld@6789 and set the file transfer mode to binary.
The following example assumes that the PC runs the Windows XP operating
system.
C:\Documents and Settings\Administrator> ftp 10.136.23.5
Connected to 10.136.23.5.
220 FTP service ready.
User (10.136.23.5:(none)): admin1234
331 Password required for admin1234.
Password:
230 User logged in.
ftp> binary
200 Type set to I.
ftp>
– When the PC serves as an FTP server and the device serves as an FTP client:
# Start the FTP server program.
Start the FTP server program on the PC. Specify the FTP working directory where
the configuration file is saved, and the IP address, port number, user name, and
password of the FTP server.
# Log in to the FTP server.
<HUAWEI> ftp 10.110.24.254
Trying 10.110.24.254 ...
Press CTRL+K to abort
Connected to 10.110.24.254.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new
user //WFTPD is the local FTP server program.
User(10.135.86.164:(none)):admin123 //Enter the user name.
331 Give me your password, please
Enter password: //Enter the password.
230 Logged in successfully
[ftp]
NOTE
l After the configuration file is transferred to the device, check whether the size of the
configuration file on the PC is the same as that on the device. If not, an exception may
occur during file transfer. Transfer the file again.
l To transfer the configuration file in a simpler way, configure the PC as the TFTP server
and the device as the TFTP client. The configuration procedure is similar to the
procedure when the PC serves as an FTP server and the device serves as an FTP client.
The only difference is that the user name and password are not required for configuring
the TFTP server. You only need to run the tftp 10.110.24.254 get config.cfg command
on the device.
l TFTP has no authentication or authorization mechanism, whereas FTP has
authentication and authorization mechanisms. TFTP and FTP both transfer data in
plaintext mode, which brings security risks. Therefore, TFTP and FTP apply to good-
performance networks. If you have a high requirement for network security, SFTP V2,
SCP, or FTPS is recommended.
2. Specify the backup configuration file for the next startup.
<HUAWEI> startup saved-configuration config.cfg
<HUAWEI> display startup
MainBoard:
Configured startup system software: cfcard:/device_software.cc
Startup system software: cfcard:/device_software.cc
Next startup system software: cfcard:/device_software.cc
Startup saved-configuration file: cfcard:/config_old.cfg //
Current configuration file name.
Next startup saved-configuration file: cfcard:/config.cfg //Name of
the configuration file for the next startup.
Startup paf file: default
Next startup paf file: default
Startup license file: default
Next startup license file: default
Startup patch package: NULL
Next startup patch package: NULL
NOTICE
If the protocol supported by VTY user interfaces 0 to 4 is changed from Telnet to SSH, users
cannot log in to the device using Telnet after logout. In this case, configure VTY user
interfaces 0 to 4 to support all protocols first. Configure STelnet and then run the protocol
inbound ssh command to configure VTY user interfaces 0 to 4 to support SSH.
# Create an SSH user named admin123 and configure the password authentication mode
for the user.
[HUAWEI] aaa
[HUAWEI-aaa] local-user admin123 password irreversible-cipher Huawei@123
[HUAWEI-aaa] local-user admin123 service-type ssh
[HUAWEI-aaa] local-user admin123 privilege level 15
[HUAWEI-aaa] quit
[HUAWEI] ssh user admin123 authentication-type password
# Log in to the device using the third-party software (such as PuTTY). Enter the device IP
address, select SSH, and enter the user name and password to log in to the device through
STelnet.
To verify the STelnet login, run the ssh client first-time enable and stelnet 127.0.0.1
commands in system view to log in to the device. If the login page is displayed, the
configuration succeeds. If the login page is not displayed, the configuration fails.