Huawei NE40 Router Config Guide

Quidway NetEngine80 Core Router
V300R005
Configuration Guide - Basic

Configurations
Issue
04
Date
2009-12-20
Part Number
00407347
Huawei Proprietary and Confidential

Copyright Huawei Technologies Co., Ltd.
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For
any assistance, please contact our local office or company headquarters.
Huawei Technologies Co., Ltd.

Address:
Huawei Industrial Base

Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website:
http://www.huawei.com
Email:
support@huawei.com
Copyright Huawei Technologies Co., Ltd. 2009. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.

Quidway NetEngine80
Configuration Guide - Basic Configurations
Contents
Contents
About This Document.....................................................................................................................1
1 NE80 Core Router Overview....................................................................................................1-1
1.1 Introduction .................................................................................................................................................1-2
1.1.1 Overview ...........................................................................................................................................1-2
1.1.2 Hardware Architecture ......................................................................................................................1-2
1.1.3 Software Architecture........................................................................................................................1-3
1.2 Characteristics of the NE80.........................................................................................................................1-5
1.2.1 Support for Flattened Network Architecture .....................................................................................1-5
1.2.2 Line-Speed Forwarding.....................................................................................................................1-6
1.2.3 Multiple Interfaces ............................................................................................................................1-6
1.2.4 Carrier-Class Availability ..................................................................................................................1-6
1.2.5 Rich Services.....................................................................................................................................1-6
1.2.6 Perfect Diff-Serv/QoS .......................................................................................................................1-6
1.2.7 Excellent Security Mechanism ..........................................................................................................1-7
1.2.8 Practical NMS ...................................................................................................................................1-7
1.2.9 Flexible Networking Capabilities......................................................................................................1-8
1.3 Features List of the NE80............................................................................................................................1-8
2 Establishment of the Configuration Environment..............................................................2-1

2.1 Introduction .................................................................................................................................................2-2
2.1.1 Login Through the Console...............................................................................................................2-2
2.1.2 Login Through Telnet........................................................................................................................2-2
2.1.3 Login Through AUX Port..................................................................................................................2-2
2.2 Logging In to the Router Through the Console Port ...................................................................................2-2
2.2.1 Establishing the Configuration Task..................................................................................................2-2
2.2.2 Establishing the Physical Connection ...............................................................................................2-3
2.2.3 Configuring Terminals.......................................................................................................................2-3
2.2.4 Logging In to the Router ...................................................................................................................2-3
2.3 Logging In to Router Through Telnet..........................................................................................................2-4
2.3.3 Configuring Login User Parameters..................................................................................................2-5
Issue 04 (2009-12-20)

Contents
Quidway NetEngine80
2.3.4 Logging In from the Telnet Client.....................................................................................................2-5
2.4 Logging In to the Router Through the AUX Port........................................................................................2-5

2.4.3 Initializing and Configuring the Modem on the Interface .................................................................2-6
2.4.4 Configuring the Connection Between the Remote Terminal and the Router.....................................2-6
2.4.5 Logging In to the Router ...................................................................................................................2-7
2.5 Configuration Examples..............................................................................................................................2-7
2.5.1 Example for Logging In Through the Console Port ..........................................................................2-7
2.5.2 Example for Logging In Through Telnet...........................................................................................2-9
2.5.3 Example for Logging In Through the AUX Port............................................................................. 2-11
3 CLI Overview..............................................................................................................................3-1
3.1 Introduction .................................................................................................................................................3-2
3.1.1 Command Line Interface...................................................................................................................3-2
3.1.2 Command Levels...............................................................................................................................3-2
3.1.3 Command Line Views .......................................................................................................................3-3
3.2 Online Help .................................................................................................................................................3-6
3.2.1 Full Help............................................................................................................................................3-6
3.2.2 Partial help ........................................................................................................................................3-6
3.2.3 Error Messages of the Command Line Interface...............................................................................3-7
3.3 Features of Command Line Interface ..........................................................................................................3-7
3.3.1 Editing ...............................................................................................................................................3-7
3.3.2 Displaying .........................................................................................................................................3-8
3.3.3 Regular Expressions ..........................................................................................................................3-8
3.3.4 History Commands..........................................................................................................................3-10
3.4 Shortcut Keys ............................................................................................................................................ 3-11
3.4.1 Classifying Shortcut Keys ............................................................................................................... 3-11
3.4.2 Defining Shortcut Keys ...................................................................................................................3-12
3.4.3 Use of Shortcut Keys.......................................................................................................................3-13
3.5 Configuration Examples............................................................................................................................3-13
3.5.1 Example for Using Shortcut Keys...................................................................................................3-13
3.5.2 Copying Commands Using Shortcut Keys......................................................................................3-14
3.5.3 Example for Using Tab....................................................................................................................3-14
4 Basic Configuration ...................................................................................................................4-1

4.1 Introduction .................................................................................................................................................4-2
4.2 Configuring the Basic System Environment ...............................................................................................4-2
4.2.2 Switching the Language Mode..........................................................................................................4-3
4.2.3 Configuring the Equipment Name.....................................................................................................4-3
4.2.4 Configuring the System Clock ..........................................................................................................4-3
4.2.5 Configuring the Header Text .............................................................................................................4-4
ii

Issue 04 (2009-12-20)
Quidway NetEngine80
Contents
4.2.6 Configuring Command Levels ..........................................................................................................4-4

4.3 Configuring Basic User Environment .........................................................................................................4-5
4.3.2 Configuring the Password for Switching User Levels ......................................................................4-6
4.3.3 Switching User Levels ......................................................................................................................4-6
4.3.4 Locking User Interfaces ....................................................................................................................4-7
4.4 Displaying System Status Messages............................................................................................................4-7
4.4.1 Displaying System Configuration .....................................................................................................4-8
4.4.2 Displaying System Status ..................................................................................................................4-8
4.4.3 Collecting System Diagostic Information .........................................................................................4-8
5 User Management ......................................................................................................................5-1

5.1 Introduction .................................................................................................................................................5-2
5.1.1 User Interface View...........................................................................................................................5-2
5.1.2 User Management .............................................................................................................................5-3
5.2 Configuring Console User Interface............................................................................................................5-5
5.2.2 Configuring Console Interface Attributes..........................................................................................5-6
5.2.3 Setting Console Terminal Attributes..................................................................................................5-7
5.2.4 Configuring the User Interface Priority.............................................................................................5-7
5.2.5 Configuring User Authentication ......................................................................................................5-8
5.2.6 Checking the Configuration ............................................................................................................5-10
5.3 Configuring AUX User Interface ..............................................................................................................5-10
5.3.1 Establishing the Configuration Task................................................................................................5-10
5.3.2 Configuring AUX Interface Attributes ............................................................................................ 5-11
5.3.3 Configuring AUX Terminal Attributes ............................................................................................5-12
5.3.4 Configuring User Priority................................................................................................................5-13
5.3.5 Configuring Modem Attributes .......................................................................................................5-13
5.3.6 Configuring User Authentication ....................................................................................................5-14
5.4 Configuring VTY User Interface...............................................................................................................5-16
5.4.2 Configuring Maximum VTY User Interfaces..................................................................................5-17
5.4.3 Configuring Limits for Incoming Calls and Outgoing Calls ...........................................................5-17
5.4.4 Configuring Timeout of VTY User Authorization...........................................................................5-18
5.4.5 Configuring VTY Terminal Attributes ............................................................................................5-18
5.4.6 Configuring User Authentication ....................................................................................................5-19
5.5 Managing User Interfaces..........................................................................................................................5-21
5.5.2 Sending Messages to Other User Interfaces ....................................................................................5-22
5.5.3 Clearing Online User.......................................................................................................................5-22
Issue 04 (2009-12-20)

iii
Contents
Quidway NetEngine80
5.6 Configuring User Management .................................................................................................................5-23

5.6.2 Configuring Authentication Mode...................................................................................................5-24
5.6.3 Configuring Authentication Password.............................................................................................5-24
5.6.4 Setting Username and Password for AAA Local Authentication ....................................................5-24
5.6.5 Configuring Non-Authentication.....................................................................................................5-25
5.6.6 Configuring User Priority................................................................................................................5-26
5.7 Configuring Local User Management .......................................................................................................5-26
5.7.2 Creating Local User Account ..........................................................................................................5-27
5.7.3 Configuring the Service Type of the Local User .............................................................................5-27
5.7.4 Configuring Local User Authority for FTP Directory .....................................................................5-28
5.7.5 Configuring Local User Status ........................................................................................................5-28
5.7.6 Configuring Local User Priority......................................................................................................5-29
5.7.7 Configuring Access Restriction of the Local User ..........................................................................5-29
5.8.1 Example for Configuring Logging In to the Router Through Password .........................................5-31
5.8.2 Example for Logging In to the Router Through AAA.....................................................................5-32
6 File System ..................................................................................................................................6-1

6.1 Introduction .................................................................................................................................................6-2
6.1.1 File System........................................................................................................................................6-2
6.1.2 Storage Devices.................................................................................................................................6-2
6.1.3 Files ...................................................................................................................................................6-2
6.1.4 Directories .........................................................................................................................................6-2
6.2 Managing Storage Devices..........................................................................................................................6-2
6.2.2 Restoring Storage Devices with File System Troubles......................................................................6-3
6.2.3 Formatting Storage Devices ..............................................................................................................6-3
6.3 Managing the Directory...............................................................................................................................6-4
6.3.2 Viewing the Current Directory ..........................................................................................................6-5
6.3.3 Switching the Directory.....................................................................................................................6-5
6.3.4 Displaying the Directory of File........................................................................................................6-5
6.3.5 Creating a Directory ..........................................................................................................................6-6
6.3.6 Deleting a Directory ..........................................................................................................................6-6
6.4 Managing Files ............................................................................................................................................6-6
6.4.1 Displaying Contents of Files .............................................................................................................6-7
6.4.2 Copying Files ....................................................................................................................................6-7
iv

Issue 04 (2009-12-20)
Quidway NetEngine80
Contents
6.4.3 Moving Files .....................................................................................................................................6-8

6.4.4 Renaming Files..................................................................................................................................6-8
6.4.5 Deleting Files ....................................................................................................................................6-9
6.4.6 Deleting Files in the Recycle Bin......................................................................................................6-9
6.4.7 Undeleting Files ................................................................................................................................6-9
6.5 Running Files in Batch ..............................................................................................................................6-10
6.6 Configuring Prompt Modes .......................................................................................................................6-10
6.7 Example of Configuration ......................................................................................................................... 6-11
7 Management of Configuration Files ......................................................................................7-1

7.1 Introduction .................................................................................................................................................7-2
7.1.1 Definitions.........................................................................................................................................7-2
7.1.2 Configuration Files and Current Configurations ...............................................................................7-2
7.2 Managing Configuration Files.....................................................................................................................7-2
7.2.2 Configuring System Software for a Router to Load..........................................................................7-3
7.2.3 Configuring the Configuration File for Router to Load ....................................................................7-3
7.2.4 Saving Configuration File .................................................................................................................7-4
7.2.5 Clearing Configuration Files .............................................................................................................7-4
7.2.6 Comparing Configuration Files.........................................................................................................7-5
7.2.7 Checking the Configuration ..............................................................................................................7-5
8 FTP, TFTP and XModem ..........................................................................................................8-1

8.1 Introduction .................................................................................................................................................8-2
8.1.1 FTP....................................................................................................................................................8-2
8.1.2 TFTP .................................................................................................................................................8-2
8.1.3 XModem ...........................................................................................................................................8-2
8.2 Configuring the Router to be the FTP Server ..............................................................................................8-3
8.2.2 Configuring the source address of FTP server...................................................................................8-4
8.2.3 Enabling the FTP Server ...................................................................................................................8-4
8.2.4 Configuring the Timeout Period........................................................................................................8-4
8.2.5 Configuring the Local Username and the Password..........................................................................8-5
8.2.6 Configuring Service Types and Authorization Information...............................................................8-5
8.3 Configuring FTP ACL .................................................................................................................................8-6
8.3.2 Enabling the FTP Server ...................................................................................................................8-7
8.3.3 Configuring the Basic ACL...............................................................................................................8-7
8.3.4 Configuring the Basic FTP ACL .......................................................................................................8-8
8.4 Configuring the Router to Be the FTP Client ..............................................................................................8-9
Issue 04 (2009-12-20)

Contents
Quidway NetEngine80
8.4.2 Configuring the source address of FTP Client.................................................................................8-10
8.4.3 Logging In to the FTP Server ..........................................................................................................8-10
8.4.4 Configuring Data Type and Transmission Mode for the File ..........................................................8-10
8.4.5 Viewing Online Help of the FTP Command ...................................................................................8-11
8.4.6 Uploading or Downloading Files .................................................................................................... 8-11
8.4.7 Managing Directories ...................................................................................................................... 8-11
8.4.8 Managing Files................................................................................................................................8-12
8.4.9 Changing Login Users.....................................................................................................................8-13
8.4.10 Disconnecting from the FTP Server ..............................................................................................8-13
8.4.11 Checking the Configuration...........................................................................................................8-14
8.5 Configuring TFTP .....................................................................................................................................8-14

8.5.2 Configuring the source address of TFTP Client ..............................................................................8-15
8.5.3 Downloading Files Through TFTP..................................................................................................8-15
8.5.4 Uploading Files Through TFTP ......................................................................................................8-15
8.6 Limiting the Access to the TFTP Server....................................................................................................8-16
8.6.2 Configuring the Basic ACL.............................................................................................................8-16
8.6.3 Configuring the Basic TFTP ACL...................................................................................................8-17
8.7 Configuring XModem ...............................................................................................................................8-17
8.7.2 Getting a File Through XModem ....................................................................................................8-18
8.8.1 Example for Configuring the FTP Server........................................................................................8-18
8.8.2 Example for Configuring FTP ACL ................................................................................................8-21
8.8.3 Example for Configuring the FTP Client ........................................................................................8-23
8.8.4 Example for Configuring TFTP ......................................................................................................8-24
8.8.5 Example for Configuring XModem ................................................................................................8-26
9 Telnet and SSH...........................................................................................................................9-1

9.1 Introduction .................................................................................................................................................9-2
9.1.1 Overview of User Login....................................................................................................................9-2
9.1.2 Telnet Terminal Services ...................................................................................................................9-2
9.1.3 SSH Terminal Services......................................................................................................................9-4
9.2 Configuring Telnet Terminal Services .........................................................................................................9-7
9.2.2 Establishing a Telnet Connection ......................................................................................................9-8
9.2.3 Establishing a Telnet Redirection Connection...................................................................................9-8
9.2.4 Scheduled Telnet Disconnection .......................................................................................................9-9
9.3 Configuring SSH Users .............................................................................................................................9-10
vi

Issue 04 (2009-12-20)
Quidway NetEngine80
Contents
9.3.2 Creating an SSH User ..................................................................................................................... 9-11

9.3.3 Configuring SSH for the VTY User Interface ................................................................................. 9-11
9.3.4 Generating a Local RSA Key Pair...................................................................................................9-12
9.3.5 Configuring the Authentication Mode for SSH Users.....................................................................9-12
9.3.6 (Optional)Configuring the Basic Authentication Information for SSH Users.................................9-14
9.3.7 (Optional)Authorizing SSH Users Through the Command Line ....................................................9-14
9.3.8 Configuring the Service Type of SSH Users ...................................................................................9-15
9.3.9 (Optional)Configuring the Authorized Directory of SFTP Service for SSH Users .........................9-15
9.3.10 Checking the Configuration ..........................................................................................................9-15
9.4 Configuring the SSH Server ......................................................................................................................9-16
9.4.2 Enabling the STelnet Service...........................................................................................................9-17
9.4.3 Enabling the SFTP Service..............................................................................................................9-17
9.4.4 (Optional)Enabling the Earlier Version-Compatible Function ........................................................9-17
9.4.5 (Optional)Configuring the Number of the Port Monitored by the SSH Server ...............................9-18
9.4.6 (Optional) Enabling the Trap Function............................................................................................9-18
9.4.7 (Optional)Configuring the Interval for Updating the Key Pair on the SSH Server .........................9-19
9.5 Configuring the STelnet Client Function...................................................................................................9-20
9.5.2 Enabling the First-Time Authentication on the SSH Client.............................................................9-21
9.5.3 (Optional) Configuring the SSH Client to Assign the RSA Public Key to the SSH Server ............9-21
9.5.4 Enabling the STelnet Client.............................................................................................................9-22
9.6 Configuring the SFTP Client Function......................................................................................................9-23
9.6.2 Configuring the First-Time Authentication on the SSH Client .......................................................9-24
9.6.3 Configuring the SSH Client to Assign the RSA Public Key to the SSH Server ..............................9-24
9.6.4 Enabling the SFTP Client................................................................................................................9-25
9.6.5 (Optional) Managing the Directory .................................................................................................9-25
9.6.6 (Optional) Managing the File ..........................................................................................................9-26
9.6.7 (Optional)Displaying the SFTP Client Command Help ..................................................................9-27
9.7 Maintaining Telnet and SSH......................................................................................................................9-28
9.7.1 Debugging Telnet Terminal Services...............................................................................................9-28
9.7.2 Debugging SSH Terminal Services .................................................................................................9-28
9.8.1 Example for Configuring Telnet Terminal Services ........................................................................9-29
9.8.2 Example for Connecting the STelnet Client to the SSH Server.......................................................9-31
9.8.3 Example for Connecting the SFTP Client to the SSH Server..........................................................9-37
9.8.4 Example for Accessing the SSH Server Through Other Port Numbers...........................................9-42
9.8.5 Example for Authenticating SSH Through RADIUS ......................................................................9-49
Issue 04 (2009-12-20)

vii
Contents
Quidway NetEngine80
10 Router Maintenance ..............................................................................................................10-1

10.1 Introduction .............................................................................................................................................10-2
10.1.1 Online Upgrade introduction.........................................................................................................10-2
10.1.2 Device Operation Management.....................................................................................................10-2
10.1.3 Electronic Label ............................................................................................................................10-2
10.2 Upgrading the Board ...............................................................................................................................10-2
10.2.1 Establishing the Configuration Task..............................................................................................10-3
10.2.2 Downloading the Board Software .................................................................................................10-3
10.2.3 Online Loading the Board Software..............................................................................................10-4
10.2.4 Upgrading the Stratum 3 Clock Board ..........................................................................................10-4
10.2.5 Resetting the Board .......................................................................................................................10-4
10.3 Managing the Device Operation..............................................................................................................10-5
10.3.1 Setting the Temperature Warning Threshold Upgrading the Board...............................................10-5
10.3.2 Disabling or Re-enabling the DASL Port of the LPU ...................................................................10-5
10.3.3 Resetting the Device and Switching over the Channel..................................................................10-6
10.3.4 Displaying the Device Information ...............................................................................................10-6
10.4 Configuring the Electronic Labelelectronic.............................................................................................10-7
10.4.2 Querying the Electronic Label.......................................................................................................10-7
10.4.3 Backing Up the Electronic Label ..................................................................................................10-7
10.5 Configuring a Cleaning Cycle for the Air Filter ......................................................................................10-8
10.5.2 Configuring a Checking of the Air Filter based on the Device Temperature.................................10-8
10.5.3 Configuring a Cleaning Cycle for the Air Filter............................................................................10-9
10.5.4 Remonitoring the Cleaning Cycle of the Air Filter .......................................................................10-9
11 System Software Upgrade ....................................................................................................11-1

11.1 Introduction ............................................................................................................................................. 11-2
11.1.1 System Software Upgrade ............................................................................................................. 11-2
11.1.2 License .......................................................................................................................................... 11-2
11.2 Uploading the System Software and License Files.................................................................................. 11-3
11.2.1 Establishing the Configuration Task.............................................................................................. 11-3
11.2.2 Uploading the System Software and License to the Master MPU................................................. 11-3
11.2.3 Copying the System Software and License to the Slave MPU ...................................................... 11-4
11.2.4 Checking the Configuration........................................................................................................... 11-4
11.3 Specifying the System Software for the Next Startup of the Router ....................................................... 11-5
11.3.1 Establishing the Configuration Task.............................................................................................. 11-5
11.3.2 Specifying the System Software for the Next Startup ................................................................... 11-5
11.3.3 (Optional) Configuring PAF Files ................................................................................................. 11-6
11.3.4 (Optional) Configuring Patch Packages ........................................................................................ 11-6
viii

Issue 04 (2009-12-20)
Quidway NetEngine80
Contents
11.3.5 Checking the Configuration........................................................................................................... 11-7
12 Patch Management.................................................................................................................12-1
12.1 Introduction .............................................................................................................................................12-2
12.2 Checking the Running of Patch in the System ........................................................................................12-3
12.2.2 Checking the Running of Patch on the MPU ................................................................................12-4
12.2.3 Checking the Running of Patch on the LPU..................................................................................12-5
12.3 Loading a Patch .......................................................................................................................................12-5
12.3.2 Uploading a Patch to the Root Directory of the Master MPU.......................................................12-6
12.3.3 Copying a Patch to the Root Directory of the Slave MPU ............................................................12-6
12.4 Installing a Patch on the MPU.................................................................................................................12-7
12.4.2 Uploading the MPU Patch.............................................................................................................12-7
12.4.3 Activating the MPU Patch.............................................................................................................12-8
12.4.4 Running the MPU Patch................................................................................................................12-8
12.5 Stop Running the MPU Patch..................................................................................................................12-9
12.5.2 Deactivating the MPU Patch .........................................................................................................12-9
12.6 Unloading the MPU Patch.....................................................................................................................12-10
12.6.1 Establishing the Configuration Task............................................................................................12-10
12.6.2 Deleting the MPU Patch..............................................................................................................12-10
12.7 Installing a Patch on the LPU ................................................................................................................ 12-11
12.7.1 Establishing the Configuration Task............................................................................................ 12-11
12.7.2 Uploading the LPU Patch............................................................................................................ 12-11
12.7.3 Activating the LPU Patch ............................................................................................................12-12
12.7.4 Running the LPU Patch...............................................................................................................12-12
12.8 Stop Running the LPU Patch.................................................................................................................12-13
12.8.2 Deactivating the LPU Patch ........................................................................................................12-13
12.9 Unloading the LPU Patch......................................................................................................................12-13
12.9.2 Deleting the LPU Patch...............................................................................................................12-14
A Glossary .................................................................................................................................... A-1

B Acronyms and Abbreviations ................................................................................................B-1
Index ................................................................................................................................................ i-1
Issue 04 (2009-12-20)

ix
Quidway NetEngine80
Figures
Figures
Figure 1-1 Software architecture of the NE80-8...............................................................................................1-4
Figure 2-1 Networking diagram of logging in through the console port ..........................................................2-7
Figure 2-2 New connection ..............................................................................................................................2-8
Figure 2-3 Setting the port................................................................................................................................2-8
Figure 2-4 Setting the port communication parameters....................................................................................2-9
Figure 2-5 Establishing the configuration environment through Telnet .........................................................2-10
Figure 2-6 Running the Telnet program on the PC......................................................................................... 2-11
Figure 2-7 Establishing the remote configuration environment through AUX............................................... 2-11
Figure 8-1 Networking diagram with FTP server basic functions ..................................................................8-19
Figure 8-2 Networking diagram of configuring FTP ACL .............................................................................8-21
Figure 8-3 Configuring the FTP client............................................................................................................8-23
Figure 8-4 Networking diagram of configuring TFTP ...................................................................................8-24
Figure 8-5 Setting the Base Directory of the TFTP server .............................................................................8-25
Figure 8-6 Specifying the file to be sent.........................................................................................................8-26
Figure 9-1 Telnet client services .......................................................................................................................9-2
Figure 9-2 Telnet redirection services...............................................................................................................9-3
Figure 9-3 Usage of Telnet shortcut keys .........................................................................................................9-3
Figure 9-4 Establishing an SSH channel in a LAN ..........................................................................................9-5
Figure 9-5 Establishing an SSH channel in a WAN..........................................................................................9-5
Figure 9-6 Networking diagram of the Telnet terminal services mode...........................................................9-29
Figure 9-7 Networking diagram of connecting the STelnet client to the SSH server .....................................9-31
Figure 9-8 Networking diagram of connecting the SFTP client to the SSH server ........................................9-37
Figure 9-9 Networking diagram of accessing the SSH server through other port numbers............................9-43
Figure 9-10 Networking diagram of authenticating the SSH through RADIUS ............................................9-49
Figure 12-1 Conversion between the statuses of a patch ................................................................................12-2
Issue 04 (2009-12-20)

xi
Quidway NetEngine80
Tables
Tables
Table 1-1 Features list of the NE80 Series USR ...............................................................................................1-8
Table 3-1 Command line views ........................................................................................................................3-4
Table 3-2 Common error messages of the command line .................................................................................3-7
Table 3-3 Keys for editing ................................................................................................................................3-7
Table 3-4 Keys for displaying...........................................................................................................................3-8
Table 3-5 Describes metacharacters..................................................................................................................3-9
Table 3-6 Access the history commands .........................................................................................................3-10
Table 3-7 System-defined shortcut keys ......................................................................................................... 3-11
Table 5-1 Example for the absolute numbering ................................................................................................5-3
Issue 04 (2009-12-20)

xiii
Quidway NetEngine80
Contents
Contents
About This Document.....................................................................................................................1
Issue 04 (2009-12-20)

Quidway NetEngine80
About This Document
About This Document

Purpose
This part describes the organization of this document, product version, intended audience,
conventions, and update history.
Related Versions
The following table lists the product versions related to this document.
Product Name
Version
Quidway NetEngine80 Core Router
V300R005
Intended Audience
This document is intended for:
z
Network planning engineer
Hardware installation engineer
Commissioning engineer
On-site maintenance engineer
System maintenance engineer
Organization
This document consists of twelve chapters and is organized as follows.
Chapter
Content
1 NE80 Core Router Overview
This chapter describes the architecture, functional

features and main functions of the NE80.
Issue 04 (2009-12-20)

Quidway NetEngine80
About This Document
Chapter
Content
2 Establishment of the Configuration

Environment
This chapter describes the procedures to set up the

configuration environments through CON, Telnet,
and AUX.
3 CLI Overview
This chapter describes the command line interface,

command levels, command views and hot keys.
4 Basic Configurtion
This chapter describes how to configure the basic

system environment on the router
5 User Management
This chapter describes the basic concepts of the

user interface and the user management
6 File System
This chapter describes the file system and its

configuration, uploading and downloading files
through FTP, TFTP and XModem, and the
management of configuration file.
7 Management of Configuration
Files
This chapter describes how to configure the file

management.
8 FTP,TFTP and XModem
This chapter describes how to configure the basic

functions of the FTP server.
9 Telnet and SSH
This chapter describes how to log in to the router

through Telnet and configure the router.
10 Router Maintenance
This chapter describes the principle and concepts of

the router maintenance.
11 System Software Upgrade

the system software upgrade.
12 Patch Management

patch management.
Appendix A Glossary & B

Acronyms and Abbreviations
This chapter collates glossary and frequently used

acronyms and abbreviations in this manual.
Index
This chapter collates important keywords used in

this manual to help the reader to access the required
information quickly.
Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows.

Issue 04 (2009-12-20)
Quidway NetEngine80
Symbol
About This Document
Description
Indicates a hazard with a high level of risk, which if not
avoided, will result in death or serious injury.
Indicates a hazard with a medium or low level of risk, which if
not avoided, could result in minor or moderate injury.
Indicates a potentially hazardous situation, which if not
avoided, could result in equipment damage, data loss,
performance degradation, or unexpected results.
Indicates a tip that may help you solve a problem or save time.
Provides additional information to emphasize or supplement
important points of the main text.
General Conventions
The general conventions that may be found in this document are defined as follows.
Convention
Description
Times New Roman
Normal paragraphs are in Times New Roman.
Boldface
Names of files, directories, folders, and users are in

boldface. For example, log in as user root.
Italic
Book titles are in italics.
Courier New
Examples of information displayed on the screen are in

Courier New.
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention
Description
Boldface
The keywords of a command line are in boldface.
Italic
Command arguments are in italics.
[]
Items (keywords or arguments) in square brackets [ ] are

optional.
{ x | y | ... }
Optional items are grouped in braces and separated by

vertical bars. One item is selected.
[ x | y | ... ]
Optional items are grouped in brackets and separated by

vertical bars. One item is selected or no item is selected.
Issue 04 (2009-12-20)

Quidway NetEngine80
About This Document
Convention
Description
{ x | y | ... } *
Optional items are grouped in braces and separated by

vertical bars. A minimum of one item or a maximum of all
items can be selected.
[ x | y | ... ] *
Optional items are grouped in brackets and separated by

vertical bars. Several items or no item can be selected.
&<1-n>
The parameter before the & sign can be repeated 1 to n

times.
A line starting with the # sign is comments.
GUI Conventions
The GUI conventions that may be found in this document are defined as follows.
Convention
Description
Boldface
Buttons, menus, parameters, tabs, windows, and dialog titles

are in boldface. For example, click OK.
>
Multi-level menus are in boldface and separated by the ">"

signs. For example, choose File > Create > Folder.
Keyboard Operations
The keyboard operations that may be found in this document are defined as follows.
Format
Description
Key
Press the key. For example, press Enter and press Tab.
Key 1+Key 2
Press the keys concurrently. For example, pressing

Ctrl+Alt+A means the three keys should be pressed
concurrently.
Key 1, Key 2
Press the keys in turn. For example, pressing Alt, A means

the two keys should be pressed in turn.
Mouse Operations
The mouse operations that may be found in this document are defined as follows.
Action
Description
Click
Select and release the primary mouse button without

moving the pointer.

Issue 04 (2009-12-20)
Quidway NetEngine80
About This Document
Action
Description
Double-click
Press the primary mouse button twice continuously and

quickly without moving the pointer.
Drag
Press and hold the primary mouse button and move the
pointer to a certain position.
Update History
Updates between document issues are cumulative. Therefore, the latest document issue
contains all updates made in previous issues.
Updates in Issue 04 (2009-12-20)

Fourth commercial release.

Third commercial release.

Second commercial release.

First commercial release.
Issue 04 (2009-12-20)

Quidway NetEngine80
Contents
Contents
1 NE80 Core Router Overview....................................................................................................1-1
1.1 Introduction ...................................................................................................................................................1-2
1.1.1 Overview..............................................................................................................................................1-2
1.1.2 Hardware Architecture .........................................................................................................................1-2
1.1.3 Software Architecture ..........................................................................................................................1-3
1.2 Characteristics of the NE80...........................................................................................................................1-5
1.2.1 Support for Flattened Network Architecture........................................................................................1-5
1.2.2 Line-Speed Forwarding........................................................................................................................1-6
1.2.3 Multiple Interfaces ...............................................................................................................................1-6
1.2.4 Carrier-Class Availability.....................................................................................................................1-6
1.2.5 Rich Services .......................................................................................................................................1-6
1.2.6 Perfect Diff-Serv/QoS..........................................................................................................................1-6
1.2.7 Excellent Security Mechanism.............................................................................................................1-7
1.2.8 Practical NMS......................................................................................................................................1-7
1.2.9 Flexible Networking Capabilities ........................................................................................................1-8
1.3 Features List of the NE80..............................................................................................................................1-8
Issue 04 (2009-12-20)

Quidway NetEngine80
Figures
Figures
Figure 1-1 Software architecture of the NE80-8 ................................................................................................1-4
Issue 04 (2009-12-20)

iii
Quidway NetEngine80
Tables
Tables
Table 1-1 Features list of the NE80 Series USR.................................................................................................1-8
Issue 04 (2009-12-20)

Quidway NetEngine80
NE80 Core Router Overview
About This Chapter

The following table lists the contents of this chapter.
Section
Describes
1.1 Introduction
This section describes the hardware and software

architecture of the NE80
1.2 Characteristics of the
This section describes the characteristics of the NE80
1.3 Features List of the
This section describes the features of the NE80.
Issue 04 (2009-12-20)

1-1
Quidway NetEngine80
1.1 Introduction
This section describes the basic knowledge of the NE80 Series USR, including:
z
Overview
Hardware Architecture
Software Architecture
1.1.1 Overview
Nowadays the IP Metropolitan Area Network (MAN) has developed into a new stage. It is no
longer limited to merely supplying individual broadband internet access services, but covers
all-around services including enterprise interconnection, virtual leased line, IP telephone/
videoconferencing, content service, and security service. All these raise higher requirements
to MAN devices.
According to the development of IP MANs, Huawei launches the NE80 Series USR. The
NE80 has the following features: large capacity, high performance, high reliability, and
abundant service capability required by MANs, such as line-speed forwarding on high-speed
interface, Ethernet switching, Multi-Protocol Label Switching Virtual Private Network
(MPLS VPN), perfect Quality of Service (QoS) mechanism and carrier-class reliability, which
provide abundant service processing capabilities and flexible networking capability.
The NE80 incorporates the powerful IP service processing capability of routers and the
low-cost Ethernet switching capability of Layer 3 Ethernet switches, and serves as a powerful
core router or a Layer 3 Ethernet switch. Therefore, the NE80 is an optimal choice for new
MANs.
The NE80 is the fifth-generation router, oriented to the carrier's backbone edge networks, the
core and the convergence layer of MANs, and networks of various industries and enterprises.
The NE80 enriches and perfects the high-end router series of Huawei, for it provides
cost-effective network solutions, and offers more choices.
1.1.2 Hardware Architecture

The boards of the NE80 are classified into Switch and Routing Unit (MPU) and Line Card
(LC). The LCs include Line Processing Unit (LPU), Flexible Card Line Processing Unit
(LPUF) and service board.
MPU
The MPU completes such functions as system management, route control, data exchange, and
stratum-3 clock.
The NE80 have two MPUs for 1 + 1 redundancy. When one MPU fails, the service will be
automatically switched to the other MPU.
LPU
LPUs implement the interconnection and data forwarding with other devices. The NE80
supports the following LPUs:
z
1-2
Ethernet LPU

Issue 04 (2009-12-20)
Quidway NetEngine80
z
POS LPU
cPOS LPU
ATM LPU
RPR LPU
E1 LPU
POS = Packet Over SONET/SDH

cPOS = channelized POS
ATM = Asynchronous Transfer Mode
RPR = Resilient Packet Ring
LPUF
LPUFs are LPUs whose PIM cards can be replaced. Each LPUF can hold two PIM cards. The
following PIM cards are supported:
z
10/100M auto-sensing Ethernet electrical interface PIM card
Gigabit Ethernet optical interface PIM PIC card
E1/T1 interface PIM card
E3 interface PIM card
T3 interface PIM card
Service Board
The NE80 provides Network Address Translation (NAT) service board. The NAT board
features large capacity and high performance, and can support the translation between private
and public network addresses. The NAT board is used to solve the problems like the shortage
of public network addresses and ensure the network security on the Internet.
For more information about the NE80 hardware system, refer to the Quidway NetEngiNE80
Core Router Installation Manual.
1.1.3 Software Architecture

The software system of the NE80 adopts the architecture of two physically independent
functional units, namely route control and packet forwarding. The architecture can improve
the stability and the processing performance of the system.
The system software consists of the following five parts: Network Management System
(NMS), Routing Process System (RPS), Forwarding Support Unit (FSU), Express Forwarding
Unit (EFU), Driver (DRV), and the switch fabric monitoring module running on the MPU
manages the MPU and monitors its operation.
DRV modules are distributed in the RPS, FSU and EFU for driving the hardware of the MPU
and the LPU. Figure 1-1 takes the NE80-8 for example to illustrate the NE80 software
architecture.
Issue 04 (2009-12-20)

1-3
Quidway NetEngine80
Figure 1-1 Software architecture of the NE80-8
Highway
Highway
FSU
Highway
Highway
FSU
Highway
FSU
Switch Fabric
Monitoring module
Highway
RPS
Highway
Highway
Highway
Switch Fabric
Monitoring module
EFU
EFU
EFU
LPU1
LPU2
LPU8
As the control and management unit of the system, the RPS runs on the active and standby
MPUs and performs the following tasks:
z
Route control
The RPS calculates and maintains the routes. In addition, it generates the Forward
Information Base (FIB) table and delivers it to each LPU for IP forwarding.
z
Label control
The RPS distributes labels, sets up and maintains the Label Switch Paths (LSPs). In addition,
it generates the FIB table and delivers it to each LPU for MPLS forwarding.
z
Traffic control
The RPS defines the traffic classification rules, configures the traffic parameters, configures
the queue resources and flow control parameters for Diff-Serv QoS.
z
Maintenance and management
The RPS maintains the devices, manages the network and devices, monitors the whole system,
diagnoses faults, and collects statistics for services.
Running on the CPU of the LPU, the FSU manages the service interfaces (configuring and
monitoring them), forwards data, controls the links, and negotiates the link parameters. In
addition, the FSU can maintain and manage local devices for LPUs and provide some system
monitoring and diagnosis services.
In addition to fast forwarding of IP packets, the EFU can provide such QoS functions as
traffic classifying, traffic measuring, traffic policing, traffic shaping, traffic scheduling, and
congestion avoiding and controlling. It can implement Diff-Serv, firewall, and Class of
Service (CoS) features according to different configuration requirements.
The Switch Fabric monitoring module monitors the internal switching network in the NE80
Series USR.
Implemented on the Huawei integrated network management platform, the NMS maintains
and controls devices uniformly.
1-4

Issue 04 (2009-12-20)
Quidway NetEngine80
The NE80 applies the Versatile Routing Platform (VRP) software system. As a versatile
operating system platform for Huawei's data communications products, the VRP realizes a
modular architecture with IP services as the core. In addition to abundant functions and
features, the VRP provides some application-based capabilities such as scalability and
flexibility.
With the TCP/IP protocol stack as the core, the VRP integrates multiple crucial technologies
for data communications such as routing, QoS, VPN, and security, thus providing excellent
data forwarding capability for the routing device.
The VRP provides consistent network, user, and management interfaces for various hardware
platforms and flexible solutions for users. The VRP is open to sustainable development, which
can protect carriers' investment to its maximum extent.
1.2 Characteristics of the NE80

This section includes:
z
Support for Flattened Network Architecture
Line-Speed Forwarding
Multiple Interfaces
Carrier-Class Availability
Rich Services
Perfect Diff-Serv/QoS
Excellent Security Mechanism
Practical NMS
Flexible Networking Capabilities
1.2.1 Support for Flattened Network Architecture

Modern telecom network has a hierarchical architecture, within which data services are
typically provided after they are processed by four vertical function layers. This classical
architecture will still exist for a certain period. This architecture reveals its deficiency
increasingly because IP services are becoming leading services in the network. Flattening of
the network architecture is the trend with the development of technologies and the change of
services.
The devices at the core layer of the telecom network are used with high efficiency because a
great amount of user data is processed there. Whereas, the devices out of the core layer are
used less efficiently due to sparse distribution of access users. Therefore, a flattened IP
network architecture should be employed if possible. Fewer network layers help carriers
utilize network devices more efficiently and slash the maintenance and management cost. The
operable and manageable IP network becomes the development trend of MANs and enterprise
networks at present.
The flattened network architecture puts forward higher requirements on the devices at the
convergence layer, that is, they need function as both access devices and core devices. The
NE80 is such a product that implements various services due to its abundant service features,
excellent hardware platform, and high reliability. For example, the NE80 can directly connect
downlink with Gigabit Ethernet switches or dedicated access devices, and uplink with
provincial backbone or national backbone networks. In addition, the NE80 can form a ring
network through Resilient Packet Ring (RPR) or connect to core devices through dual homing.
Issue 04 (2009-12-20)

1-5
Quidway NetEngine80
In this case, the NE80 may reduce the levels of the network construction to achieve the
flattened network, which improves the service quality and optimizes the network architecture.
1.2.2 Line-Speed Forwarding

The NE80 supports the IPv4/MPLS distributed forwarding at the line speed. Thus the NE80
can meet the bandwidth requirements when it is used as the Point of Presence (POP), the
convergence layer, or the switching node on the backbone networks.
1.2.3 Multiple Interfaces

At present, the NE80 provides the Fast Ethernet (FE) interface, Gigabit Ethernet (GE)
interface, E1/cE1 interface, E3 interface, T3 interface, Packet over SDH/SONET (POS)
interface, channelized POS (cPOS) interface, Asynchronous Transfer Mode (ATM) interface,
and RPR interface with high interface density. Users can select the cards flexibly as required
to meet the requirements for different networking solutions and network expansion.
1.2.4 Carrier-Class Availability

The key parts of the NE80 adopt redundant hot backup design, including system control, data
exchange, route processing system, internal management bus and power supply. All the
components are hot swappable. Thus, the router can meet the high reliability requirement
when it is used as the POP, the convergence layer, or the switching node on the backbone
networks
1.2.5 Rich Services

The IP multicast forwarding feature provides the foundation for carriers to carry on various
network voice and video services (Web TV, E-learning, telemedicine and video conference).
With the rich routing features, the router is adaptable to complex environments.
The policy service mechanism enables the system to have powerful performance optimization
capability, satisfactory attack defense capability and QoS guarantee while ensuring the line
rate processing and forwarding capability.
The application of the MPLS VPN service guarantees the delivery of services of carriers
using networks more economically and rationally with no need to increase the bandwidth.
The application of the NAT service supports addressing with public and private network
addresses mixed in the MAN to save IP addresses. In this way, the
shortage of
public IP addresses can be solved.
Through Dynamic Host Configuration Protocol (DHCP) Relay and built-in DHCP Server, IP
addresses can be dynamically assigned to users and be managed.
1.2.6 Perfect Diff-Serv/QoS

The NE80 realizes the QoS feature when carrying the integrated service including the
real-time service. In particular, the NE80 provides various standard-based supports to
Diff-Serv, including:
1-6
Traffic classification
Traffic policing

Issue 04 (2009-12-20)
Quidway NetEngine80
z
Traffic shaping
Queue management
Queue Scheduling
Therefore, the NE80 can implement six groups of Per-Hop Behaviors (PHBs) defined in the
standard such as EF, AF1 to AF4 and BE as well as the other services.
The NE80 enables the network carriers to provide users with different QoS guarantee and
makes the Internet become the integrated network that carries data, voice and video services
simultaneously.
1.2.7 Excellent Security Mechanism

The NE80 provides the packet filtering/Access Control List (ACL) mechanism to prevent
illegal accesses and attacks of malicious packets.
The NE80 supports Unicast Reverse Path Forwarding (URPF) to prevent network attacks
based on the source address spoofing.
The NE80 supports port mirroring to analyze the traffic of a certain interface.
The NE80 provides multiple authentication methods (such as plain text authentication and
MD5) for key routing protocols, such as Open Shortest Path First (OSPF), Intermediate
System-Intermediate System (IS-IS), Routing Information Protocol (RIP) and Border
Gateway Protocol version 4 (BGP4).
The NE80 supports two user authentication modes: local authentication and Remote
Authentication Dial-In User Service (RADIUS) authentication to prevent illegal configuration
of the device.
The NE80 achieves the hardware-implemented NAT.
In addition, the NE80 provides abundant statistics including statistics of various types of
traffic, traffic sampling and NAT information statistics.
1.2.8 Practical NMS

Huawei Quidview NMS can manage Huawei's data communication products, supporting
Simple Network Management Protocol (SNMP) V1/V2c/V3 and the Client/Server model. It
can run on multiple operating systems, such as Windows NT/2000 and Unix (SUN, HP, and
IBM). The Quidview NMS can provide multi-language support and Graphic User Interface
(GUI).
The Quidview NMS can also be seamlessly integrated with the Huawei-developed network
management systems of other fixed network communication devices to achieve centralized
management of multiple devices. The Quidview NMS can also be integrated with the present
popular universal NMSs of the industry, such as HP OpenView, IBM NetView, What's up
Gold and SNMPc, to provide means of centralized management of devices from multiple
manufacturers.
The Quidview NMS provides the functions of managing the network topology (in real time),
faults, the performance, the configuration, device logs, security and users, QoS policy, and
VPN service. The Quidview NMS can also perform such functions as downloading, saving,
modifying and uploading NE80 configuration files and upgrading the NE80 software.
Issue 04 (2009-12-20)

1-7
Quidway NetEngine80
1.2.9 Flexible Networking Capabilities

The NE80 has the capability of forwarding packets at the line speed, provides abundant access
means and rich service features, and offers switching capacities from 16 Gbit/s to 64 Gbit/s
for users.
The NE80 is suitable for multiple applications from the backbone core network to the edge
convergence network. The NE80 can be deployed in an IP backbone network, Intranet and
MAN core. The NE80 can also provide powerful service and flexible networking at the edge
network and the MAN convergence layer.
Diversified entire network solutions from the access network to the core network can be
provided for users when the NE80 is cooperated with Huawei's multi-service switches,
Quidway Series routers, broadband access series, LAN Switch Series, and Metro transmission
Series.
1.3 Features List of the NE80

Table 1-1 Features list of the NE80 Series USR
Attribute
Description
Network
interconnection
LAN protocol
Ethernet_II
VLAN (802.1Q)
Link layer
protocol
PPP and MP
HDLC
FR
IP over ATM
RPR
STP/RSTP/MSTP
Q-in-Q
VLANIF
Layer 2 VLAN
VLAN sub-interface
Network protocol
IP service
ARP
DHCP Relay
DHCP Server
IP Unnumbered
Policy routing
1-8

Issue 04 (2009-12-20)
Quidway NetEngine80
Attribute
Description
IPv4
Static routing management

Dynamic unicast routing protocol
RIP-1/RIP-2
OSPF
BGP
IS-IS
Route policy
MPLS
MPLS
LDP
Basic forwarding
LSPM
VPLS/HVPLS
MPLS TE
RSVP TE
VPN
VPN
MPLS/BGP VPN, serving as PE/P

Hierarchical VPN (HoVPN)
Multi-AS VPN
MPLS L2VPN (Martini and Kompella)
VPLS/HVPLS
PWE3
Network security
AAA service
CHAP authentication
PAP authentication
RADIUS
Other security
features
NAT
Port mirroring
Port traffic sampling
Flow control on the service LC and the
MPU
IP packet filtering
URPF
MAC address learning limit
HWTACAS+
SSH V1.5
Hierarchical protection of the command line, so as to prevent

unauthorized users from accessing the router
Reliability of the
device
Hot standby
for redundancy
MPU 1:1 redundancy (applied to NE80-8 and

NE80-4)
Power supply module 1:1 redundancy
System management bus 1:1 redundancy
System data bus 1:1 redundancy
Issue 04 (2009-12-20)

1-9
Quidway NetEngine80
Attribute
Description
Other features
Route consistency checking (route aging)

IP fast rerouting
VRRP
QoS
Configuration
management
Traffic
classification
Supports simple traffic classification
Traffic
policing and
shaping
CAR
Policy-based
routing
IP route redirection
MPLS QoS
Mapping between EXP and DSCP on the area edge
Command line
interface
Local configuration through Console port
Supports the complex traffic classification of the

integrated packets of Layer 2, Layer 3 and Layer 4
srTCM algorithm and trTCM algorithm

Traffic policing and shaping for such
services as EF and AF that are based on
Diff-Serv
LSP explicit route distribution of MPLS
Local or remote configuration through Aux port

Local or remote configuration through Telnet
Hierarchical protection for the command, so as to
prevent unauthorized users from accessing the router
Detailed debugging information helpful in the
diagnosis of network faults
Network testing tools such as Tracert and Ping
command for quick network diagnosis
Telnet command for direct logon to manage other
routers
FTP Server/Client for downloading and uploading
the configuration file and application program
TFTP Client for downloading and uploading the
configuration file and application program
XModem protocol for local downloading of the
configuration file and application program.
Log function
Virtual file system
User-interface configuration, providing various
authentication and authorization functions for the
logon users
Time service
NTP Server and NTP Client

Timezone
Summer Time
On-line
service
1-10
On-line loading
On-line upgrading

Issue 04 (2009-12-20)
Quidway NetEngine80
Attribute
Description
Information
processing
center
Three types of information: alarm information, log

information and debugging information
Eight grades of information: emergences, alert,
critical, error, warning, notification, informational
and debugging
Information outputted to the log host and user
terminal. Alarm information and log information
can be outputted through SNMP Agent and the
cache
Network
Management
SNMP V1/V2c/V3
others
NQA
RMON
NOTE
HDLC = High-level Data Link Control
RPR = Resilient Packet Ring
URPF = Unicast Reverse Path Forwarding
AAA = Authorization, Authentication and Accounting
VRRP = Virtual Router Redundancy Protocol
CAR = Committed Access Rate
srTCM = Single Rate Three Color Marker
trTCM = Two Rate Three Color Marker
Issue 04 (2009-12-20)

1-11
Quidway NetEngine80
Contents
Contents
2 Establishment of the Configuration Environment..............................................................2-1
2.1 Introduction ...................................................................................................................................................2-2
2.1.1 Login Through the Console .................................................................................................................2-2
2.1.2 Login Through Telnet ..........................................................................................................................2-2
2.1.3 Login Through AUX Port ....................................................................................................................2-2
2.2 Logging In to the Router Through the Console Port .....................................................................................2-2
2.2.1 Establishing the Configuration Task ....................................................................................................2-2
2.2.2 Establishing the Physical Connection ..................................................................................................2-3
2.2.3 Configuring Terminals .........................................................................................................................2-3
2.2.4 Logging In to the Router......................................................................................................................2-3
2.3 Logging In to Router Through Telnet............................................................................................................2-4
2.3.3 Configuring Login User Parameters ....................................................................................................2-5
2.3.4 Logging In from the Telnet Client........................................................................................................2-5
2.4 Logging In to the Router Through the AUX Port..........................................................................................2-5
2.4.3 Initializing and Configuring the Modem on the Interface....................................................................2-6
2.4.4 Configuring the Connection Between the Remote Terminal and the Router .......................................2-6
2.4.5 Logging In to the Router......................................................................................................................2-7
2.5 Configuration Examples................................................................................................................................2-7
2.5.1 Example for Logging In Through the Console Port.............................................................................2-7
2.5.2 Example for Logging In Through Telnet..............................................................................................2-9
2.5.3 Example for Logging In Through the AUX Port ............................................................................... 2-11
Issue 04 (2009-12-20)

Quidway NetEngine80
Figures
Figures
Figure 2-1 Networking diagram of logging in through the console port ............................................................2-7
Figure 2-2 New connection ................................................................................................................................2-8
Figure 2-3 Setting the port..................................................................................................................................2-8
Figure 2-4 Setting the port communication parameters......................................................................................2-9
Figure 2-5 Establishing the configuration environment through Telnet ...........................................................2-10
Figure 2-6 Running the Telnet program on the PC........................................................................................... 2-11
Figure 2-7 Establishing the remote configuration environment through AUX ................................................ 2-11
Issue 04 (2009-12-20)

iii
Quidway NetEngine80
2 Establishment of the Configuration Environment
Establishment of the Configuration

Environment
About This Chapter

The following table shows the contents of this chapter.
Section
Description
2.1 Introduction
This section describes the working modes of establishing

configuration environments.
2.2 Logging In to the Router

Through the Console
This section describes how to establish configuration

environments through the console port.
See Example for Logging In Through the Console Port.
2.3 Logging In to Router

Through Telnet

environments through Telnet.
See Example for Logging In Through Telnet.
2.4 Logging In to the Router

Through the AUX Port

environments through the AUX port.
See Example for Logging In Through the AUX.
2.5 Configuration Examples
Issue 04 (2009-12-20)
This section provides several examples of establishing

configuration environments.

2-1
Quidway NetEngine80
2.1 Introduction
2.1.1 Login Through the Console
In the following cases, use only the console port to configure the router:
z
The router is powered on for the first time.
The configuration environment cannot be established through Telnet or the AUX port.
2.1.2 Login Through Telnet

Pre-configure the IP addresses of interfaces on the router, the user account, the login
authentication and the incoming and outgoing call restriction. Also, ensure that there are
directly-connected or reachable routes between terminals and the router.
The destination router authenticates the user based on the configured parameters in three
modes:
z
Password authentication: indicates the login user should enter the correct password.
AAA local authentication: indicates the login user should enter the correct user name and
password.
Non-authentication: indicates the login user need not enter the user name or password.
If the login succeeds, a command line prompt such as <Quidway> appears on the Telnet client
interface.
Enter the command to check the running status of the router or to configure the router.
Enter "?" for help.
Do not modify the IP address of the router when you configure the router through Telnet because the
modification may disconnect Telnet. If necessary, set up the connection again after entering a new IP
address.
2.1.3 Login Through AUX Port

If you cannot configure the router by local login and there is no reachable route to other
routers, you can connect PC to the router that to be configured through AUX port in PSTN.
Pre-enable the Modem dialup of the AUX port through the console port and configure the
username and password.
2.2 Logging In to the Router Through the Console Port

2.2.1 Establishing the Configuration Task
Applicable Environment
If you log in to the router for the first time or perform the local configuration, you need to log
in to the router through the Console port.
2-2

Issue 04 (2009-12-20)
Quidway NetEngine80
Pre-configuration Tasks
Before configuring the router through the console port, complete the following tasks:
z
Preparing the PC/terminal (including serial port and RS-232 cable)
Installing terminal emulation program on the PC (such as Windows XP hyper terminal)
Data Preparation
To configure the router through the Console port, you need the following data.
No.
Data
Terminal communication parameters (including baud rate, data bit, parity, stop
bit and flow control)
Configuration Procedures
To configure the router through the Console port, complete the following configuration
procedures.
No.
Procedure
Establishing the Physical Connection
Configuring Terminals
Logging In to the Router
2.2.2 Establishing the Physical Connection

Do as follows on the router:
Step 1 Connect the COM port on the PC and the console port on the router by cable.
Step 2 Power on all devices to perform a self-check.
----End
2.2.3 Configuring Terminals

Do as follows on the PC:
Step 1 Run the terminal emulation program on the PC, setting the communication parameter of the
terminal to 9600 bps, data bit to 8, stop bit to 1. Specify no parity and no flow control.
----End
2.2.4 Logging In to the Router

Issue 04 (2009-12-20)

2-3
Quidway NetEngine80
Step 1 Press Enter until a command line prompt such as Quidway appears. Now enter the
configuration environment in the user view.
----End
2.3 Logging In to Router Through Telnet

If you know the IP address of the router, you can log in to the router through Telnet for local
or remote configuration.
Before configuring the router through Telnet, complete the following tasks:
z
Powering on devices and performing a self-check
Preparing the PC (including the serial port and Ethernet crossover/direct network cable
Data Preparation
To log in to the router through Telnet, you need the following data.
No.
Data
IP address of the PC
IP address of the Ethernet interface on the router
User information accessed through Telnet (including user name, password and
authentication mode)
To configure the router through Telnet, complete the following procedures.
2-4
No.
Procedure
Configuring Login User Parameters
Logging In from the Telnet Client

Issue 04 (2009-12-20)
Quidway NetEngine80

Connect the router and the PC directly or connect the router and the PC respectively to the
network through the network cable.
2.3.3 Configuring Login User Parameters

Step 1 Configure the authentication mode of login users.
Step 2 Configure the authority limitation of login user.
For details, refer to Chapter 5 "User Management" in the Quidway NetEngine80 Core Router
- Basic Configurations.
----End
2.3.4 Logging In from the Telnet Client

Step 1 Run the Telnet client program on the PC, and input the IP address of the interface on the
destination router that provides the Telnet service.
Step 2 Enter the user name and password in the login window. After authentication, a command line
prompt such as <Quidway> appears. Now enter the configuration environment in the user
view.
----End
2.4 Logging In to the Router Through the AUX Port

routers, connect the serial port of the PC and the AUX port of the router through the Modem.
Before configuring the router through the AUX port dialup, complete the following tasks:
z
Preparing the PC/terminal (including the serial port and RS-232 cable)
Preparing the PC terminal emulation program (such as Windows XP hyper terminal)
Preparing two Modems
Data Preparation
To configure the router, you need the following data.
Issue 04 (2009-12-20)

2-5
No.
Data
Type of terminals
Terminal communication parameters
Modem communication parameters
Quidway NetEngine80
To configure the router by dialup through the AUX port, complete the following procedures.
No.
Procedure
Initializing and Configuring the Modem on the Interface
Configuring the Connection Between the Remote Terminal and the Router
Logging In to the Router

Do as follows on the login router:
Step 1 Connect the Modem with the PC and the network.
Step 2 Connect the Modem with the router through the AUX port and the network.
----End
2.4.3 Initializing and Configuring the Modem on the Interface

z
Configure the authentication mode of login user
Configure the authority limitation of login user
For details, refer to the Quidway NetEngine80 Core Router Configuration Guide - Security.
2.4.4 Configuring the Connection Between the Remote Terminal

and the Router
Do as follows on the terminal PC:
Step 1 Run the terminal emulation program on the PC (such as Windows XP HyperTerminal) to
enter the Connection Description window.
Step 2 Enter the connection name of the PC and the router, such as Dial.
Step 3 Click OK to enter the Connect To window.
2-6

Issue 04 (2009-12-20)
Quidway NetEngine80
Step 4 Enter the parameters and select options.

Step 5 Click OK to enter the Connect window.
Step 6 Click Dial.
----End
2.4.5 Logging In to the Router

Step 1 Enter the user name and password in the login window.
After configuration, a command line prompt such as <Quidway> appears. Now enter the
configuration environment in the user view.
----End

2.5.1 Example for Logging In Through the Console Port
Networking Requirements
Initialize the configuration of the router when the router is powered on for the first time.
Figure 2-1 Networking diagram of logging in through the console port
Router
PC
Configuration Roadmap
The configuration roadmap is as follows:
1.
Connect the PC and the router through the console port
2.
Configure the login on the PC end
3.
Log in to the router
Data Preparation
To complete the configuration, you need the terminal communication parameters (including
baud bit, data bit, parity, stop bit and flow control).
Issue 04 (2009-12-20)

2-7
Quidway NetEngine80
Configuration Procedure
Step 1 Connect the serial port of the PC (or terminal) to the console port of the router through
standard RS-232 configuration cable. The local configuration environment is established.
Step 2 Run the terminal emulation program on the PC. Set the terminal communication parameters to
be 9600 bps, data bit to be 8, stop bit to be 1. Specify no parity and no flow control as shown
from Figure 2-2 to Figure 2-4.
Figure 2-2 New connection
Figure 2-3 Setting the port
2-8

Issue 04 (2009-12-20)
Quidway NetEngine80
Figure 2-4 Setting the port communication parameters
Power on the router to perform a self-check and the system performs automatic configuration.
When the self-check ends, you are prompted to press Enter until a command line prompt
such as Quidway appears.
Enter the command to check the running status of the router or configure the router.
Enter "?" for help.
For details, refer to the following chapters.
----End
2.5.2 Example for Logging In Through Telnet

You can log in to the router on other network segments through the PC or other terminals to
perform remote maintenance.
Issue 04 (2009-12-20)

2-9
Quidway NetEngine80
Figure 2-5 Establishing the configuration environment through Telnet

GE1/0/0
202.38.160.92/16
WAN
PC
Router
Target
Router
1.
Establish the physical connection
2.
Configure user login parameters
3.
Logging in to the router from the client side
Data Preparation
To complete the configuration, you need the following data
z
IP address of the PC
IP address of the Ethernet interface on the router
User information accessed through Telnet (including the user name, password and
authentication mode)
Step 1 Connect the PC and the router respectively to the network.
Step 2 Configure login user parameters.
# Configure the login address
<Quidway> system-view
[Quidway] interface GigabitEthernet 1/0/0
[Quidway-GigabitEthernet1/0/0] ip address 202.38.160.92 255.255.0.0
[Quidway-GigabitEthernet1/0/0] quit
# Configure login authentication mode

[Quidway] aaa
[Quidway-aaa] local-user huawei password cipher test2
[Quidway-aaa] local-user huawei service-type telnet
[Quidway-aaa] local-user huawei level 3
[Quidway-aaa] quit
[Quidway] user-interface vty 0 4
[Quidway-ui-vty0-14] authentication-mode aaa
Step 3 Configure the client login.

Run the Telnet on the PC, as shown in Figure 2-6.
2-10

Issue 04 (2009-12-20)
Quidway NetEngine80
Figure 2-6 Running the Telnet program on the PC
Click OK.
Enter the user name and password in the login window. After authentication, a command line
prompt such as <Quidway> appears. Now enter the configuration environment in the user
view.
----End
2.5.3 Example for Logging In Through the AUX Port

routers, connect the serial port of the PC and the AUX port of the router through the Modem.
The detailed configuration environment is shown as Figure 2-7.
Figure 2-7 Establishing the remote configuration environment through AUX
Modem
Modem
PSTN
AUX
Router
COM
PC
1.
Establish the physical connection
2.
Configure Modem parameters
3.
Configure the AUX port to support the Modem dialup
Issue 04 (2009-12-20)

2-11
Quidway NetEngine80
Data Preparation
To complete the configuration, you need the following data:
z
Type of terminals
Terminal communication parameters
Modem communication parameters
Step 1 Establish the physical connection as shown in Figure 2-7.
Step 2 Configure the AUX port to support the Modem dialup.
[Quidway] aaa
[Quidway-local-aaa-server] local-user huawei password cipher test1
[Quidway-local-aaa-server] local-user huawei service-type terminal
[Quidway-local-aaa-server] local-user huawei level 3
[Quidway-local-aaa-server] quit
[Quidway] user-interface aux 0
[Quidway-ui-aux0] authentication-mode aaa
[Quidway-ui-aux0] modem both
Step 3 Configure Modem parameters.

# Run the PC emulation terminal, see 2.4.4 Configuring the Connection Between the Remote
Terminal and the Router.
Press Enter on the PC emulation terminal or terminal until a command line prompt of the
Modem such as ">" appears.
Configure the Modem to meet the requirements of AUX communication.
For details, see Modem descriptions.
Step 4 Log in to the router.
Enter the user name and password in the remote terminal emulation program.
After authentication, a command line prompt such as <Quidway> appears.
Enter the command to check the running status of the router or configure the router.
Enter "?" for help.
For detailed operations, refer to the following chapters.
----End
2-12

Issue 04 (2009-12-20)
Quidway NetEngine80
Contents
Contents
3 CLI Overview..............................................................................................................................3-1
3.1 Introduction ...................................................................................................................................................3-2
3.1.1 Command Line Interface .....................................................................................................................3-2
3.1.2 Command Levels .................................................................................................................................3-2
3.1.3 Command Line Views..........................................................................................................................3-3
3.2 Online Help ...................................................................................................................................................3-6
3.2.1 Full Help ..............................................................................................................................................3-6
3.2.2 Partial help ...........................................................................................................................................3-6
3.2.3 Error Messages of the Command Line Interface..................................................................................3-7
3.3 Features of Command Line Interface ............................................................................................................3-7
3.3.1 Editing..................................................................................................................................................3-7
3.3.2 Displaying............................................................................................................................................3-8
3.3.3 Regular Expressions.............................................................................................................................3-8
3.3.4 History Commands ............................................................................................................................3-10
3.4 Shortcut Keys .............................................................................................................................................. 3-11
3.4.1 Classifying Shortcut Keys.................................................................................................................. 3-11
3.4.2 Defining Shortcut Keys......................................................................................................................3-12
3.4.3 Use of Shortcut Keys .........................................................................................................................3-13
3.5.1 Example for Using Shortcut Keys......................................................................................................3-13
3.5.2 Copying Commands Using Shortcut Keys.........................................................................................3-14
3.5.3 Example for Using Tab ......................................................................................................................3-14
Issue 04 (2009-12-20)

Quidway NetEngine80
Tables
Tables
Table 3-1 Command line views ..........................................................................................................................3-4
Table 3-2 Common error messages of the command line...................................................................................3-7
Table 3-3 Keys for editing ..................................................................................................................................3-7
Table 3-4 Keys for displaying.............................................................................................................................3-8
Table 3-5 Describes metacharacters ...................................................................................................................3-9
Table 3-6 Access the history commands...........................................................................................................3-10
Table 3-7 System-defined shortcut keys ........................................................................................................... 3-11
Issue 04 (2009-12-20)

iii
Quidway NetEngine80
3 CLI Overview
CLI Overview
About This Chapter

Section
Description
3.1 Introduction
This section describes the basic concepts of the command

line.
3.2 Online Help
This section describes how to use the online help of the

command line.
3.3 Features of Command

Line Interface
This section describes the error messages of the command

line.
3.4 Shortcut Keys
This section describes how to use shortcut keys.
This section provides examples for using shortcut keys.
Issue 04 (2009-12-20)

3-1
Quidway NetEngine80
3 CLI Overview
3.1 Introduction
3.1.1 Command Line Interface
When a prompt appears, you enter the command line interface (CLI) and interact with routers
through CLI.
The system provides a series of configuration commands. You can configure and manage the
router by entering commands on CLI.
A CLI features as follows:
z
Local or remote configuration through AUX port.
Local configuration through the console port.
Local or remote configuration through Telnet or Secure Shell (SSH).
Remote configuration by logging in to the an asynchronous serial interface on a router

through Modem dialup.
A user interface view for specific configuration management.
Hierarchical command protection for users of different levels, that is running the
commands based on the corresponding level.
Local authentication, password authentication and Authentication, Authorization and

Accounting (AAA) to prevent the unauthorized user from accessing the router.
Entering "?" for online help at any time.
Network testing commands such as tracert and ping for rapidly diagnosing a network.
Abundant debugging information to help in diagnosing the network.
The telnet command for directly logging in to and manage other routers.
FTP service for the file uploading and downloading.
Running a history command, like DosKey.
A command line interpreter provides intelligent command resolution methods such as

key word fuzzy match and context conjunction. These methods make it easy for users to
enter their commands.
z
The system supports the command with 255 characters at most. The command can be in an
incomplete form.
The system saves the incomplete command to the configuration files in the complete form; therefore,
the command may have more than 255 characters. However, when the system is restarted, the
incomplete command cannot be restored. So, pay attention to the length of the incomplete command.
3.1.2 Command Levels

The system adopts a hierarchical protection mode that has 16 command levels.
The default command level are as follows:
z
3-2
Level 0-Visit level: Commands of this level include commands of network diagnosis tool
(such as ping and tracert) and commands that start from the local device and visit
external device (including Telnet client side, SSH client side and Rlogin) and so on.

Issue 04 (2009-12-20)
Quidway NetEngine80
3 CLI Overview
Level 1-Monitoring level: Commands of this level, including the display commands and
the debugging commands, are used for system maintenance, service fault diagnosis, and
so on.
Level 2-Configuration level: Commands of this level are service configuration

commands that provide direct network service to the user, including routing and network
layer commands.
Level 3-Management level: Commands of this level are commands that influence basis
operation of the system and provide support to the service. They include file system
commands, FTP commands, TFTP commands, XModem downloading commands,
configuration file switching commands, power supply control commands, backup board
control commands, user management commands, level setting commands, system
internal parameter setting commands, and so on.
To implement the refined management, you can increase the command levels to 0-15. For the
increase in the command levels, refer to Chapter 4 "Basic Configuration" in the Quidway
NetEngine80 Configuration Guide - Basic Configurations.
The default command level may be higher than the command level defined according to the
command rules in application.
Login users have the same 16 levels as the command levels. The login users can use only the
command of the levels that are equal to or lower than their own levels. For details of login user
levels, refer to section 5.1.2 "User Management" in Chapter 5 "User Login."
3.1.3 Command Line Views

The command line interface has different command views. All the commands must register in
one or more command views. You can run a command only when you enter the corresponding
command view.
# Establish connection with the router. If the router adopts the default configuration, you can
enter the user view with the prompt of <Quidway>.
# Type system-view, and you can enter the system view.
[Quidway]
# Type aaa in the system view, and you can enter the AAA view.
[Quidway] aaa
[Quidway-aaa]
The prompt <Quidway> indicates the default router name. The prompt <> indicates the user view and
the prompt [ ] indicates other views.
Some commands that are implemented in the system view can also be implemented in the
other views. But the function implemented associate with the command view. For example,
the mpls command (for starting MPLS) can be run in the system view to enable the MPLS
capability globally. It can also be run in the interface view to enable the MPLS capability on
this interface.
Different command line views are shown in Table 3-1.
Issue 04 (2009-12-20)

3-3
Quidway NetEngine80
3 CLI Overview
Table 3-1 Command line views
3-4
View
Description
aaa
AAA view
aaa-accounting
AAA accounting view
aaa-authen
AAA authentication view
aaa-author
AAA authorization view
aaa-domain
AAA domain view
aaa-recording
AAA recording view
acl-adv
Advanced ACL view
acl-basic
Basic ACL view
acl-if
ACL view based on interface
Atm-pvc
ATM PVC view
aux
AUX interface view
bgp
BGP view
bgp-af-l2vpn
BGP AF L2VPN view
bgp-af-vpnv4
BGP AF VPNV4 view
bgp-af-vpn-instance
BGP AF VPN instance view
vpls-family
VPLS address family view
cpos
CPOS interface view
dhcp
DHCP address pool view
e1
E1 interface view
e3
E3 interface view
ethernet
Ethernet interface view
explicit-path
Explicit path view
fr-class
Frame relay view
ftp-client
FTP client view
GigabitEthernet
GE interface view
hwtacacs
HWTACACS view
ike-proposal
IKE view
ipsec-policy-isakmp
IPSEC policy Isakmp view
ipsec-policy-manual
IPSEC policy manual view
ipsec-policy-template
IPSEC policy template view

Issue 04 (2009-12-20)
Quidway NetEngine80
3 CLI Overview
View
Description
ipsec-proposal
IPSEC view
isis
IS-IS view
l2tp
L2TP view
loopback
Loopback interface view
mp-group
Mp-group interface view
mpls
MPLS view
mpls-l2vpn
MPLS-L2VPN view
mpls-ldp
MPLS-LDP view
null
Null interface view
ospf
OSPF view
ospf-area
OSPF area view
policy-based-route
Policy-based route view
pos
POS interface view
radius
RADIUS view
rip
RIP view
rip-af-vpn-instance
RIP AF VPN instance view
ripng
RIPng view
route-policy
Route policy view
rsa-key-code
RSA key code view
rsa-public-key
RSA public key view
serial
Serial interface view
shell
Shell view
system
System view
t1
T1 interface view
t3
T3 interface view
tunnel
Tunnel interface view
tunnel-policy
Tunnel policy view
user-interface
User interface view
virtual-ethernet
Virtual Ethernet interface view
virtual-template
Virtual template interface view
vpn-instance
VPN instance view
Issue 04 (2009-12-20)

3-5
Quidway NetEngine80
3 CLI Overview
View
Description
aaa
AAA view
aaa-accounting
AAA accounting view
aaa-authen
AAA authentication view
3.2 Online Help

The command line interface provides the two online helps:
z
Full help
Partial help
3.2.1 Full Help

You can obtain the full help of the command line in the following ways:
z
Enter "?" in any command line view to display all the commands and their simple
descriptions.
<Quidway> ?
z
Enter a command and "?" separated by a space. If the key word is at this position, all
key words and their simple descriptions are displayed. For example:
<Quidway> language-mode ?
Chinese Chinese environment
English English environment
Chinese and English are keywords; Chinese environment and English environment describe
the keywords respectively.
z
Enter a command and "?" separated by a space, and if a parameter is at this position, the
related parameter names and parameter descriptions are displayed. For example:
Quidway] ftp timeout ?

INTEGER<1-35791> Specify FTP timeout minutes
[Quidway] ftp timeout 35 ?
<cr>
In the preceding display, INTEGER<1-35791> describes the parameter value; Specify FTP
timeout minutes is a simple description of the parameter usage; <cr> indicates that no
parameter is at this position. The command is repeated in the next command line. You can
press Enter to run the command.
3.2.2 Partial help

You can obtain the partial help of the command line in the following ways:
z
Enter a character string and "?" separated by a space to display all commands that begin
with this character string.
<Quidway> d?
debugging
3-6
delete
dir
display downlpu

Issue 04 (2009-12-20)
Quidway NetEngine80
z
3 CLI Overview
Enter a command with "?" closely following it to display all the key words that begin
with this character string.
<Quidway> display v?
version
virtual-access
version
vlan
vpls
vlan
vpn-group
vlan-group
vrrp
voltage
vpls
vrrp
vsi
vsi
Enter the first several letters of a key word in the command and then press Tab to display
the complete key word on the condition that the letters uniquely identify the key word.
Otherwise, if you continue to press Tab, different key words are displayed. You can
select the needed key word.
3.2.3 Error Messages of the Command Line Interface

All the commands entered by the user are run correctly, if the grammar check has been passed.
Otherwise, error messages are reported to the user. See Table 3-2 for the common error
messages.
Table 3-2 Common error messages of the command line
Error messages
Cause of the error
Unrecognized command
The command cannot be found

The key word cannot be found
Wrong parameter
Parameter type error

The parameter value exceeds the limit
Incomplete command
Incomplete command inputted
Too many parameters
Too many parameters inputted
Ambiguous command
Indefinite parameters inputted
3.3 Features of Command Line Interface

3.3.1 Editing
The command line supports multi-line edition. The maximum length of each command is 255
characters.
Keys for editing often used are shown in Table 3-3.
Table 3-3 Keys for editing
Key
Function
Common key
Inserts a character in the current position of the cursor if the

editing buffer is not full and the cursor moves rightward.
Otherwise an alarm is generated.
Issue 04 (2009-12-20)

3-7
Quidway NetEngine80
3 CLI Overview
Key
Function
Backspace
Deletes the character on the left of the cursor and the cursor
moves leftward.
When the cursor reaches the head of the command, an alarm
is generated.
Left cursor key or

Ctrl+B
Moves the cursor leftward by the space of a character. When

the cursor reaches the head of the command, an alarm is
genarated.
Right cursor key or

Ctrl+F
Moves the cursor rightward by the space of a character.

When the cursor reaches the end of the command, the alarm
bell rings.
Tab
Press Tab after typing the incomplete key word and the
system runs the partial help:
z
If the matching key word is unique, the system replaces the

typed one with the complete key word and displays it in a
new line with the cursor a space behind.
If there are several matches or no match at all, the system

displays the prefix first. Then you can press Tab to view
the matching key word one by one. In this case, the cursor
is closely follows the word end and you can type a space to
enter the next word.
If a wrong key word is input, press Tab and your input is

displayed in a new line.
3.3.2 Displaying
You can control to display on CLI as follows:
z
Display prompt and help information in both Chinese and English.
When the information displayed exceeds a full screen, it provides the pause function. In
this case, the user has three choices as shown in Table 3-4.
Table 3-4 Keys for displaying

Key
Function
Ctrl+C
Stops the display and running of the command.
Space
Continues to display the information on next screen.
Enter
Continues to display the information on next line.
3.3.3 Regular Expressions

When a lot of information is output, you can filter the display through regular expressions.
3-8

Issue 04 (2009-12-20)
Quidway NetEngine80
3 CLI Overview
The regular expression is a tool for matching and replacing modes. Users should construct the
matching mode based on certain rules, and then match the mode with the target object.
To help users construct the matching mode flexibly, regular expressions provide some special
characters that are called metacharacters. Metacharacters are used to define the modes of
other characters in the target object.
Metacharacters are described in Table 3-5.
Table 3-5 Describes metacharacters
Metacharacter
Connotation
Escape character
Matches any single character including space except for \n.
Characters on the left of it appear for 0 or many times continuously

in the target object.
Characters on the left of it appear for 1 or many times continuously

in the target object.
Or relationship exists between characters on the left and right

sides of it.
Characters on the right of it must appear at the beginning of the

target object.
Characters on the left of it must appear at the end of the target

object.
[xyz]
Matches the character listed in the square character.
[^xyz]
Matches any character that is not listed in the square bracket (^ is on

the left of the character).
[a-z]
Matches any character within the specified range.
[^a-z]
Matches any character that is not within the specified range.
{n}
The matches appear for n times (n is a non-negative integer).
{n,}
The matches appear for at least n times (n is a non-negative integer).
{n,m}
The matches appear for n-m times (m and n are non-negative

integer and n is smaller than or equal to m).
Note that there is no space between n and m.
For example:
^ip: matches the target object that begins with the character string "ip".
ip$: matches the target object that ends with the character string "ip".
The simplest regular expressions do not contain any metacharacter. For example, when a
regular expression is defined as "hello", it matches only the character string "hello".
NE80 supports two ways of applying regular expression in filtering.
Issue 04 (2009-12-20)

3-9
Quidway NetEngine80
3 CLI Overview
Specifying a Filtering Mode in Command

For the commands supporting regular expressions, there are three filtering methods:
z
| begin regular-expression: displays the information that begins with the line that
matches regular expression.
| exclude regular-expression: displays the information that excludes the lines that match
regular expression.
| include regular-expression: displays the information that includes the lines that match
regular expression.
Specify a Filtering Mode when Information is Displayed

When a lot of information is output and displayed, you can specify a filtering mode in the
prompt "---- More ----".
z
/regular-expression: displays the information that begins with the line that matches
regular expression.
-regular-expression: displays the information that excludes lines that match regular
expression.
+regular-expression: displays the information that includes lines that match regular
expression.
Regular expressions are used to filter the output, such as the metacharacter {}. If the number
of matching times exceeds the scope specified in {}, the matching times out and the
information cannot be displayed normally. Thus, ensure to avoid repeating regular expressions.
Different products have different scopes.
3.3.4 History Commands

The command line interface automatically saves the history command entered by the user.
This function is similar to the Doskey. The user can invoke and run the saved history
command at any time.
By default, the system saves 10 history commands at most for each user. The operations are as
shown in Table 3-6.
Table 3-6 Access the history commands
3-10
Action
Key or Command
Result
Display the
history
commands.
display
history-command
Display the history commands entered by users.
Access the last

history
command.
Up cursor key
Display the last history command if there is an

earlier history command
or Ctrl+P
Otherwise, an alarm is generated.

Issue 04 (2009-12-20)
Quidway NetEngine80
3 CLI Overview
Action
Key or Command
Result
Access the
next history
command.
Down cursor key

or Ctrl+N
Display the next history command if there is a

later history command.
Otherwise, the command is cleared and the alarm
bell rings.
On the HyperTerminal of Windows 9X, cursor key is invalid. Because the HyperTerminals of
Windows 9X define the keys differently. In this case, you can replace the cursor key with Ctrl+P.
When you use the history command, note the following:

z
The saved history commands are the same as that those input by users. For example, if
the user inputs an incomplete command, the saved command also is incomplete.
If the user runs the same command for several times, the earliest command is saved. If
the command is input in different forms, they are considered as different commands.
For example, if the display ip routing-table command is run for several times, only one
history command is saved. If the disp ip routing command and the display ip
routing-table command are run, two history commands are saved.
3.4 Shortcut Keys

3.4.1 Classifying Shortcut Keys
The shortcut keys in the system are classified into the following types:
z
User-oriented and user-defined shortcut keys: CTRL_G, CTRL_L, and CTRL_O. The
user can correlate these shortcut keys with any commands. When the shortcut keys are
pressed, the system automatically runs the corresponding command. For the details of
defining the shortcut keys, see Defining Shortcut Keys.
System-defined shortcut keys: These shortcut keys with fixed functions are defined by
the system. Table 3-7 lists the system-defined shortcut keys.
Different terminal software defines these keys differently. Therefore, the shortcut keys on the terminal
may be different from those listed in this section.
Table 3-7 System-defined shortcut keys

Key
Function
CTRL_A
The cursor moves to the beginning of the current line.
CTRL_B
The cursor moves leftward by the space of a character.
CTRL_C
Terminates the running function.
CTRL_D
Deletes the character where the cursor lies.
CTRL_E
The cursor moves to the end of the current line.
Issue 04 (2009-12-20)

3-11
Quidway NetEngine80
3 CLI Overview
Key
Function
CTRL_F
The cursor moves rightward by the space of a character.
CTRL_H
Deletes one character on the left of the cursor.
CTRL_K
Terminates the outbound connection.
CTRL_N
Displays the next command in the history command buffer.
CTRL_P
Displays the previous command in history command buffer.
CTRL_R
Redisplays the information of the current line.
CTRL_SHIFT_V
Pastes the contents on the clipboard.
CTRL_T
Kill outgoing connection when connecting.
CTRL_U
Delete all characters up to the cursor.
CTRL_W
Deletes a character string or character on the left of the cursor.
CTRL_X
Deletes all the characters on the left of the cursor.
CTRL_Y
Deletes all the characters on the right of the cursor.
CTRL_Z
Returns to the user view.
CTRL_]
Terminates the inbound or redirection connections.
ESC_B
The cursor moves leftward by the space of a word.
ESC_D
Deletes a word on the right of the cursor.
ESC_F
The cursor moves rightward to the next word end.
ESC_N
The cursor moves downward to the next line.
ESC_P
The cursor moves upward to the previous line.
ESC_SHIFT_<
Sets the position of the cursor to the beginning of the

clipboard.
ESC_SHIFT_>
Sets the position of the cursor to the end of the clipboard.
3.4.2 Defining Shortcut Keys

When defining the shortcut keys, use double quotation marks to define the command if this command
contains several commands words. That is, spaces exist in the command.
Configure as follows in the system view.
3-12
Action
Command
Define shortcut
keys.
hotkey { CTRL_G | CTRL_L | CTRL_O } command-text

Issue 04 (2009-12-20)
Quidway NetEngine80
3 CLI Overview
By default, CTRL_G, CTRL_L and CTRL_O correspond to the following commands

respectively:
z
CTRL_G: display current-configuration
CTRL_L: display ip routing-table
CTRL_O: undo debugging all
3.4.3 Use of Shortcut Keys

z
You can press the shortcut keys wherever you can type a command. Then the system
displays the full corresponding command.
If you have typed part of a command and have not pressed Enter, you can press the
shortcut keys to clear the input and display the full corresponding command. This
operation has the same effect with that deleting all commands and then re-entering the
complete command.
The shortcut keys are run as the commands, the syntax is recorded to the command
buffer and log for fault location and querying.
The terminal in use may affect the functions of the shortcut keys. For example, if the customized
shortcut keys of the terminal conflict with those of the router, the input shortcut keys are captured by the
terminal program and hence the shortcut keys do not function.
Run the following command in any view to display the use of shortcut keys.
Action
Command
View the use of shortcut keys.
display hotkey

3.5.1 Example for Using Shortcut Keys
Defining Shortcut Keys
Step 1 Correlate Ctrl_G with the display ip routing-table command and run the shortcut keys.
[Quidway] hotkey ctrl_u display ip routing-table
Step 2 Press Ctrl+G when the prompt Quidway appears.

[Quidway] display ip routing-table
Route Flags: R - relay, D - download to fib
-----------------------------------------------------------------------------Routing Tables: Public
Destinations : 5
Destination/Mask
Proto Pre Cost Flags
51.51.51.9/32 Direct 0
Issue 04 (2009-12-20)
Routes : 5
NextHop
D 127.0.0.1

Interface
InLoopBack0
3-13
Quidway NetEngine80
3 CLI Overview
100.2.0.0/16 Direct
D 100.2.150.51
100.2.150.51/32 Direct
D 127.0.0.1
100.2.255.255/32 Direct 0
127.0.0.0/8
Direct
GigabitEthernet0/0/0
InLoopBack0
D 127.0.0.1
InLoopBack0
D 127.0.0.1
InLoopBack0
----End
3.5.2 Copying Commands Using Shortcut Keys

Step 1 Enter the command in any view.
# Move the cursor to the beginning of the command and press ESC_SHIFT_<. Move the
cursor to the end and press ESC_SHIFT_>. Then, press CTRL_Cf for copying.
<Quidway> display ip routing-table
Step 2 Run the display clipboard command to view the contents on the clipboard.
<Quidway> display clipboard
---------------- CLIPBOARD----------------display ip routing-table
Step 3 Press Ctrl+Shift+V to paste the contents of clipboard.

<Quidway> display ip routing-table
----End
3.5.3 Example for Using Tab

There are three cases in using Tab as shown in the following example:
z
The matching key word is unique after the incomplete key word is typed in.
Step 1 Type the incomplete key word.

[Quidway] info-
Step 2 Press Tab.

[Quidway] info-center
The system replaces the typed one with the complete key word and displays it in a new line
with the cursor a space behind
----End
z
There are several matches or no match at all after the incomplete key word is typed in.
# info-center can be followed by three key words.
[Quidway] info-center log?

logbuffer
logfile
loghost
Type the incomplete key word.

[Quidway] info-center l
Step 1 Press Tab.
3-14

Issue 04 (2009-12-20)
Quidway NetEngine80
3 CLI Overview
[Quidway] info-center log
The system displays the prefix first. The prefix in this example is "log".
Step 2 Continue to press Tab. The cursor is closely following the word end.
[Quidway] info-center loghost
[Quidway] info-center logbuffer
[Quidway] info-center logfile
Stop pressing Tab after the key word logfile that you need is displayed.
Step 3 Type a space to enter the next word "channel".
[Quidway] info-center logfile channel
----End
z
A wrong key word is typed in.
Step 1 Type a wrong key word "loglog".

[Quidway] info-center loglog
Step 2 Press Tab.

[Quidway] info-center loglog
The wrong input "loglog" is displayed in a new line.

----End
Issue 04 (2009-12-20)

3-15
Quidway NetEngine80
Contents
Contents
4 Basic Configuration ...................................................................................................................4-1
4.1 Introduction ...................................................................................................................................................4-2
4.2 Configuring the Basic System Environment .................................................................................................4-2
4.2.2 Switching the Language Mode.............................................................................................................4-3
4.2.3 Configuring the Equipment Name .......................................................................................................4-3
4.2.4 Configuring the System Clock .............................................................................................................4-3
4.2.5 Configuring the Header Text................................................................................................................4-4
4.2.6 Configuring Command Levels.............................................................................................................4-4
4.3 Configuring Basic User Environment ...........................................................................................................4-5
4.3.2 Configuring the Password for Switching User Levels .........................................................................4-6
4.3.3 Switching User Levels .........................................................................................................................4-6
4.3.4 Locking User Interfaces .......................................................................................................................4-7
4.4 Displaying System Status Messages .............................................................................................................4-7
4.4.1 Displaying System Configuration ........................................................................................................4-8
4.4.2 Displaying System Status.....................................................................................................................4-8
4.4.3 Collecting System Diagostic Information ............................................................................................4-8
Issue 04 (2009-12-20)

Quidway NetEngine80
4 Basic Configuration
Basic Configuration
About This Chapter

Section
Description
4.1 Introduction
This section describes the basic configurations.
4.2 Configuring the Basic

System Environment
This section describes how to configure the basic system

environment on the router.
4.3 Configuring Basic User

Environment
This section describes the configuration of the basic user

configuration environment on the router.
4.4 Displaying System Status

Messages
This section describes the display commands for

displaying basic system configuration.
Issue 04 (2009-12-20)

4-1
Quidway NetEngine80
4.1 Introduction
Before configuring the services, users often need to perform basic configurations for actual
operation and maintenance.
The product provides configurations of two kinds of basic environments:
z
Basic system environment: mainly includes the language mode, host name, system name,
system time, header text, command level for actual environment.
Basic user environment: mainly includes password for changing levels and the terminal
lock.
4.2 Configuring the Basic System Environment

Before configuring the services, you need to configure the basic system environments to meet
the requirements of the practical environments.
By default, the product supports commands of Level 0 to Level 3, namely, visit level,
monitoring level, configuration level, and management level.
If the user needs to define more levels, or refine manage privilege on the device, the user can
extend the range of command line level from the range of Level 0 to Level 3 to the range of
Level 0 to Level 15.
Before configuring basic system environment, power on the router.
Data Preparation
To configure basic system environment, you need the following data.
4-2
No.
Data
Language mode
System time
Host name
Login information
Command level

Issue 04 (2009-12-20)
Quidway NetEngine80
No.
Procedure
Switching the Language Mode
Configuring the Equipment Name
Configuring the System Clock
Configuring the Header Text
Configuring Command Levels
4.2.2 Switching the Language Mode

Step 1 Run:
language-mode { chinese | english }
The language mode is switched.

----End
By default, the English mode is used. The help information on the router can be in English
and in Chinese. When you need the help information in Chinese, run this command to switch
the language mode.
4.2.3 Configuring the Equipment Name

Step 1 Run:
system-view
The system view is displayed.

Step 2 Run:
sysname host-name
The equipment name is set.

----End
You can change the name of the router that appears in the command prompt.
4.2.4 Configuring the System Clock

Step 1 Run:
clock datetime HH:MM:SS YYYY/MM/DD
Issue 04 (2009-12-20)

4-3
Quidway NetEngine80
The UTC standard time is set.

Step 2 Run:
clock timezone time-zone-name { add | minus } offset
The time zone is set.

Step 3 Run:
clock daylight-saving-time time-zone-name one-year start-time start-data end-time
end-data offset
Or:
clock daylight-saving-time time-zone-name repeating start-time { start-year month
{ first | second | third | fourth | fifth | last } weekday | start-date } end-time { end-year
month { first | second | third | fourth | fifth | last } weekday | end-date } offset
The daylight time is set.

To guarantee cooperation with other devices, you need to accurately set the system time. The
product supports setting the time zone and daylight time.
----End
4.2.5 Configuring the Header Text

Step 1 Run:
system-view

Step 2 Run:
header login { information text | file file-name }
The header text is set during login.

Step 3 Run:
header shell { information text | file file-name }
The header text is set after the login.

----End
Header text is the prompt displayed by the system when users connect to the router, log in or
start interactive configuration. Configure the header text to provide detailed indication.
4.2.6 Configuring Command Levels

Step 1 Run:
system-view
4-4

Issue 04 (2009-12-20)
Quidway NetEngine80

Step 2 Run:
command-privilege level rearrange
Update the command level in batch.

When no password for level 15 user is configured, the system prompts the user to set a
super-password for the level 15 user. At the same time, the system asks if the user wants to
continue to update the command line level. Then, just select "N" to set a password. If you
select "Y", the command level can be updated in batch directly. This results in that the user
that does not log in through the Console port fails to update the level.
Step 3 Run:
command-privilege level level view view-name command-key
The command level is configured. With the command, you can specify the level and view for
multiple commands at one time (command-key)..
----End
If the user does not adjust a command level separately, after the command level is updated, all
originally-registered command lines adjust automatically according to following rules:
z
The commands of Level 0 and Level 1 remain still.
The command Level 2 is updated to Level 10 and Level 3 is updated to Level 15.
No command lines exist in Level 2 to Level 9 and Level 11 to Level 14.The user can
adjust the command lines to these levels separately to refine the management of
privilege.
From Level 2 to Level 10 and from Level 3 to Level 15, this is not a two-step process, but one-step by
batch.
4.3 Configuring Basic User Environment

The user can log in to a router with lower level, perform simple configurations or view
configurations. When the configuration is complicated, the user needs to change to a high
identity level. Thus, it requires the user to configure the basic environment for changing
levels.
Before configuring the basic environment for the user, complete the following task:
z
Issue 04 (2009-12-20)
Powering on the router properly

4-5
Quidway NetEngine80
Data Preparation
To configure the basic environment for the user, you need the following data:
No.
Data
Password for the user level switching
No.
Procedure
Configuring the Password for Switching User Levels
Switching User Levels
Locking User Interfaces
4.3.2 Configuring the Password for Switching User Levels
When simple is used, the password is saved in the configuration files in simple text. Login
users with lower level can get the password by viewing the configuration. This may cause
security problems. Therefore, cipher is used to save the password in encrypted text.
Step 1 Run:
system-view

Step 2 Run:
super password [ level user-level ] { simple | cipher } password
The password for switching user levels is configured.

----End
When users log in to the router with a lower user level, they switch to a super user level to
perform advanced operations by entering the corresponding password. The password needs to
be configured beforehand.
4.3.3 Switching User Levels

4-6

Issue 04 (2009-12-20)
Quidway NetEngine80
Step 1 Run:
super [ level ]
User levels are switched.

Step 2 Follow the prompt and enter a password.
If the password input is correct, the user can switch to a higher level. If the user inputs a
password incorrectly for three times successively, the user remains the current login level and
the user view is returned.
----End
An accurate password must be entered when the user is switched from a lower level to a
higher level.
When configuring the switchover of user levels on the router, users can perform HWTACACS
Authentication. For detailed configurations, refer to the Quidway NetEngine80Core
RouterConfiguration Guide - Security.
When the login user of lower levels is switched to the user of higher level through super, the system
automatically sends trap messages records the switchover in the log. When the switched level is lower
than that of the current level, the system only records the switchover in the log.
4.3.4 Locking User Interfaces

Step 1 Run:
lock
The user interface is locked.

Step 2 Follow the system prompt and input an unlock password, and then confirm.
<Quidway> lock
Enter Password:
Confirm Password:
After configuration, the message "locked !" is displayed.

----End
When you leave the operation terminals for the moment, you can lock the user interface in
case unauthorized users operate the interface. You must enter the correct password to unlock
the user interface.
4.4 Displaying System Status Messages

Using the display commands to get the following status messages:
z
System configuration message
System working status message
Issue 04 (2009-12-20)

4-7
Quidway NetEngine80
z
System statistics message
Restart message on the AMB
See the related sections for display commands about protocols and interfaces. The following
only shows the system display commands.
Run the following commands in all views.
4.4.1 Displaying System Configuration

Run one or more of following commands according to your needs:
z
Run the display version command to display the system edition.
Run the display clock command to display the system time.
Run the display users [ all ] command to display the terminal user.
Run the display saved-configuration command to display the original configuration.
Run the display current-configuration command to display the current configuration.
4.4.2 Displaying System Status

Run one or more of following commands according to your needs:
z
Run the display debugging [ interface interface-type interface-number ]

[ module-name ] command to display the debugging status.
Run the display this command to display the configuration of the current view.
4.4.3 Collecting System Diagostic Information

Run the following command according to your needs:
Run the display diagnostic-information [ file-nme ] command to display the system
diagnosis information.
When the system fails or performing the routine maintenance, you need to collect a lot of
information to locate the fault. But you cannot collect enough information, because there are
many display commands. You can use the display diagnostic-information command to
collect the running information about the current modules in the system.
The display diagnostic-information command collects the information for once after
running the following commands, including display clock, display version, display cpu,
display interface, display current-configuration, display saved-configuration, display
history-command and so on.
4-8

Issue 04 (2009-12-20)
Quidway NetEngine80
Contents
Contents
5 User Management ......................................................................................................................5-1
5.1 Introduction ...................................................................................................................................................5-2
5.1.1 User Interface View .............................................................................................................................5-2
5.1.2 User Management ................................................................................................................................5-3
5.2 Configuring Console User Interface..............................................................................................................5-5
5.2.2 Configuring Console Interface Attributes ............................................................................................5-6
5.2.3 Setting Console Terminal Attributes ....................................................................................................5-7
5.2.4 Configuring the User Interface Priority ...............................................................................................5-7
5.2.5 Configuring User Authentication .........................................................................................................5-8
5.2.6 Checking the Configuration ...............................................................................................................5-10
5.3 Configuring AUX User Interface ................................................................................................................5-10
5.3.1 Establishing the Configuration Task ..................................................................................................5-10
5.3.2 Configuring AUX Interface Attributes............................................................................................... 5-11
5.3.3 Configuring AUX Terminal Attributes...............................................................................................5-12
5.3.4 Configuring User Priority ..................................................................................................................5-13
5.3.5 Configuring Modem Attributes ..........................................................................................................5-13
5.3.6 Configuring User Authentication .......................................................................................................5-14
5.4 Configuring VTY User Interface.................................................................................................................5-16
5.4.2 Configuring Maximum VTY User Interfaces ....................................................................................5-17
5.4.3 Configuring Limits for Incoming Calls and Outgoing Calls..............................................................5-17
5.4.4 Configuring Timeout of VTY User Authorization .............................................................................5-18
5.4.5 Configuring VTY Terminal Attributes ...............................................................................................5-18
5.4.6 Configuring User Authentication .......................................................................................................5-19
5.5 Managing User Interfaces ...........................................................................................................................5-21
5.5.2 Sending Messages to Other User Interfaces.......................................................................................5-22
5.5.3 Clearing Online User .........................................................................................................................5-22
Issue 04 (2009-12-20)

Contents
Quidway NetEngine80
5.6 Configuring User Management ...................................................................................................................5-23

5.6.2 Configuring Authentication Mode .....................................................................................................5-24
5.6.3 Configuring Authentication Password ...............................................................................................5-24
5.6.4 Setting Username and Password for AAA Local Authentication .......................................................5-24
5.6.5 Configuring Non-Authentication .......................................................................................................5-25
5.6.6 Configuring User Priority ..................................................................................................................5-26
5.7 Configuring Local User Management .........................................................................................................5-26
5.7.2 Creating Local User Account.............................................................................................................5-27
5.7.3 Configuring the Service Type of the Local User................................................................................5-27
5.7.4 Configuring Local User Authority for FTP Directory........................................................................5-28
5.7.5 Configuring Local User Status...........................................................................................................5-28
5.7.6 Configuring Local User Priority ........................................................................................................5-29
5.7.7 Configuring Access Restriction of the Local User.............................................................................5-29
5.8.1 Example for Configuring Logging In to the Router Through Password ............................................5-31
5.8.2 Example for Logging In to the Router Through AAA .......................................................................5-32
ii

Issue 04 (2009-12-20)
Quidway NetEngine80
Tables
Tables
Table 5-1 Example for the absolute numbering ..................................................................................................5-3
Issue 04 (2009-12-20)

iii
Quidway NetEngine80
5 User Management
User Management
About This Chapter

Section
Description
5.1 Introduction
This section describes the basic concepts of the user

interface and the user management.
5.2 Configuring Console User

Interface
This section describes how to configure the user interface

on console port.
5.3 Configuring AUX User

Interface

on AUX port.
5.4 Configuring VTY User

of VTY.
5.5 Managing User Interfaces
This section describes how to send messages and clear

users between interfaces.
5.6 Configuring User

Management
This section describes how to manage and authenticate

the user that logs in to the router.
5.7 Configuring Local User

Management
This section describes how to configure and authenticate

the local user.
This section provides examples for logging in to the

router in different ways.
Issue 04 (2009-12-20)

5-1
Quidway NetEngine80
5 User Management
5.1 Introduction
5.1.1 User Interface View
The user interface view is a command line view provided by the system. It is used to
configure and manage all the physical and logical interfaces in the asynchronous mode.
User Interfaces Supported by the System

z
Console port (CON)
The console port is a serial port provided by the main control unit of the router provides the
console port.
The main control unit provides one EIA/TIA-232 DCE console port for local configuration by
directly connecting a terminal to a router.
z
Auxiliary port (AUX)
The main control unit of a router provides the auxiliary port that is a line device port. The
main control unit has one EIA/TIA-232 DTE AUX port, and is used by a terminal to access
the router through the Modem.
z
Virtual type line (VTY)
The virtual port is a logical terminal line. A virtual type line (VTY) is the Telnet connection
with the router through a terminal. It is used for local or remote access to the router.
User Interface Numbering

The following are user interface numbering methods:
z
Relative numbering
The format of the relative numbering is user interface type + number.

All type of user interfaces use relative numbering. It is used only in a single or a group of
specified type of user-interfaces. It must comply with the following rules:
Number of the console port: CON 0
Number of the auxiliary port: AUX 0
Number of the VTY: VTY 0 for the first line, VTY 1 for the second line and so on.
Absolute numbering
This specifies a user interface or a group of user interfaces.

The starting number is 0 and the rest is in the sequence of CON -> AUX -> VTY. There is
only a single console port and an AUX port and there are 0-15 VTY interfaces. You can use
the user-interface maximum-vty command to set the maximum number of user interfaces.
The default number is five.
By default, the system supports three types of user interfaces: CON, AUX, and VTY.
Table 5-1 Shows the absolute numbers of the user interfaces in this system.
5-2

Issue 04 (2009-12-20)
Quidway NetEngine80
5 User Management
Table 5-1 Example for the absolute numbering

Absolute number
User-interface
CON0
33
AUX0
34
The first virtual interface (VTY0)
35
The second virtual interface (VTY1)
36
The third virtual interface (VTY2)
37
The fourth virtual interface (VTY3)
38
The fifth virtual interface (VTY4)
For different types of devices, the absolute numbers of the AUX interface and the VTY interface may be
different.
The numbers from 1 to 32 are reserved for the TTY user interfaces.
Run the display user-interface command to view the absolute number of user interfaces.
5.1.2 User Management

The username and the password are not configured when a router is powered on for the first
time.
In such a condition, any user can configure the router by connecting a PC with it through the
console port.
The remote user accesses the router through Telnet if the router is configured with the IP
address of the MCU or that of the interface board. The remote user accesses the network by
establishing a PPP connection with the router.
Configure the usernames and the user password for the router to ensure network security and
to ease user management.
User Classification
Based on the services obtained, users of a router are classified as follows:
z
HyperTerminal users: They access the router through the console port or the AUX port.
Telnet users: They access the router through Telnet.
File Transfer Protocol (FTP) users: They establish FTP connections with the router to
transfer files.
Point-to-Point Protocol (PPP) users: They establish PPP connections (such as dialing
and PPPoA) with the router to access the network.
Secure Shell (SSH) users: They establish SSH connections with the router to access the
network.
Issue 04 (2009-12-20)

5-3
Quidway NetEngine80
5 User Management
User Level
The system provides hierarchical management to HyperTerminal users and Telnet users.
The login user has the same 16 levels like the command. They are Visit, Monitoring,
Configure and Management, and are marked from 0 to15. The higher the mark is, the higher
the priority is.
A user can access a command depending on the user level.
z
In the case of non-authentication or password authentication, the level of the command

that can be accessed by the login user depends on the level of the login user interface.
In the case of AAA authentication, the level of the command that can be accessed by the
login user depends on the level of the local user in the AAA configuration.
The user can access the commands with the level equal to or smaller than the user level. For
example, if the user level is 2, the user can access the commands with level 0, 1, or 2. The
user with the level 3 can access all the commands.
For details of command level, refer to section 3.1.2 "Command Level" in Chapter 3 "Command Line
Introduction."
User Authentication
After the user configuration, the system authenticates users when they access the router.
The four types of user authentication are as follows:
z
Non-authentication: In this type, a user accesses the router without the username and
password. This is not recommended due to security reasons
Password authentication: In this type, a user accesses the router only with the password
rather than the username. This is safer when compared to non-authentication.
Authentication, Authorization and Accounting (AAA) local: This scheme needs both the
username and the password.
AAA authentication scheme: This scheme cooperates with AAA server, which
authenticates PPP users.
AAA local authentication authenticates the Telnet and HyperTerminal users.
User Planning
The network administrator provides the user plan based on the actual requirements.
5-4
At least one HyperTerminal user is created on a router
A Telnet user is created for remote access.
An FTP user uploads or downloads files on a router from the remote.
A PPP user can access networks through PPP connections.

Issue 04 (2009-12-20)
Quidway NetEngine80
5 User Management
For the configuration of FTP user, refer to the Chapter 8 "FTP, TFTP and XModem."
For the configuration of PPP user, refer to Quidway NetEngine80 Core Router Configuration Guide
- Security.
5.2 Configuring Console User Interface

If you need to maintain a router on a local device, the console user interface is required.
Before configuring console user interface, complete the following tasks:
z
Powering on the router
Connecting the PC with the router properly
Data Preparation
To configure console user-interface, you need the following data.
No.
Data
Transmission rate, flow-control mode, checksum mode, stop bit, and data bit
Idle timeout period for user, screen length of terminal, and the size of history
command buffer
User priority
User authentication method, user name, and password
All the default values of the data are stored on the router and does not need additional configuration.
To configure a console interface, complete the following procedures.
No.
Procedure
Configuring Console Interface Attributes
Setting Console Terminal Attributes
Configuring the User Interface Priority
Configuring User Authentication
Issue 04 (2009-12-20)

5-5
Quidway NetEngine80
5 User Management
No.
Procedure
Checking the Configuration
You can configure one or more user interfaces simultaneously in any view.
5.2.2 Configuring Console Interface Attributes

Do as follows on the router that the user logs in to:
Step 1 Run:
system-view

Step 2 Run:
user-interface [ ui-type ] first-ui-number [ last-ui-number ]
The user interface view is displayed.

Step 3 (Optional) Run:
speed speed-value
The transmission rate is set.

By default, the transmission rate is 9600 bit/s. By default, the value is 9600 bit/s.
flow-control { hardware | none | software }
The flow control mode is set. By default, the flow-control mode is none.
parity { even | mark | none | odd | space }
The parity mode is set.

By default, the value is none.
Step 6 (Optional)Run:
stopbits { 1.5 | 1 | 2 }
The stop bit is set.

By default, the value is 1 bit.
Step 7 (Optional)Run:
databits { 5 | 6 | 7 | 8 }
The data bit is set.

By default, the data bit is 8.
----End
5-6

Issue 04 (2009-12-20)
Quidway NetEngine80
5 User Management
When the user logs in to a router through a console interface, the configured attributes for the
console interface on the super terminal should accord with the attributes of the interface on
the router. Otherwise, the user cannot log in to the router.
5.2.3 Setting Console Terminal Attributes

Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
Shell
The terminal service is started.

Step 4 Run:
idle-timeout minutes [ seconds ]
The timeout period is set.

By default, idle timeout period for users on the user interface is 10 minutes.
Step 5 Run:
screen-length screen-length
One-screen length of the terminal screen is set.

Step 6 Run:
history-command max-size size-value
The buffer of the history command is set.

----End
5.2.4 Configuring the User Interface Priority

Step 1 Run:
system-view

Step 2 Run:
Issue 04 (2009-12-20)

5-7
Quidway NetEngine80
5 User Management
Step 3 Run:
user privilege level level
The priority of the user interface is set.

The priority of the user is set.
This process is to set the priority for a user who logs in through the console interface. A user
can only use the command of proper level corresponding to the user level.
----End
For more information about the command priority, see section 3.1.2 "Command Level" in
Chapter 3 "CLI Overview".
5.2.5 Configuring User Authentication

Three user authentication modes are available on the router:
z
AAA authentication: requires the user name and password.
Password authentication: needs no user name but a password. Otherwise, the user cannot
log in to the router through the console interface.
Non-authentication: requires the user name and password. No authentication is needed

when the user logs in to the router.
Configuring AAA Authentication

Step 1 Run:
system-view

Step 2 Run:
user-interface console 0
The console user interface view is displayed.

Step 3 Run:
authentication-mode aaa
The authentication mode is set to AAA.

Step 4 Run:
quit
Exit from the console user interface view.

Step 5 Run:
aaa
The AAA view is displayed.

Step 6 Run:
5-8

Issue 04 (2009-12-20)
Quidway NetEngine80
5 User Management
local-user user-name password { simple | cipher } password
Name and password of the local user are created.

----End
Configuring Password Authentication

Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
authentication-mode password
You can set authentication mode as password authentication.

Step 4 Run:
set authentication password { cipher | simple } password
A password for authentication is set.

----End
Configuring Non-Authentication
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
authentication-mode none
The authentication mode is set to non-authentication.

----End
Issue 04 (2009-12-20)

5-9
Quidway NetEngine80
5 User Management
5.2.6 Checking the Configuration

Run the following commands to check the previous configuration.
Action
Command
View the information about the

user interface use.
display users [ all ]
View physical attributes and

configurations of the user interface
display user-interface console 0 [ summary ]
View the local user list
display local-user
View online users
display access-user
5.3 Configuring AUX User Interface

When the user needs to maintain a remote router, AUX user interface is required.
Before configuring AUX user interface, complete the following tasks:
z
Data Preparation
Before configuring AUX user interface, you need the following data.
5-10
No.
Data
Transmission rate, flow-control mode, checksum mode, stop bit, and data bit
command buffer
User priority
Modem attributes
(Optional) Auto-execute commands

Issue 04 (2009-12-20)
Quidway NetEngine80
5 User Management
All data above have default values on the router, and generally you do not need to specify them.
To configure an AUX user interface, complete the following procedures.
No.
Procedure
Configuring AUX Interface Attributes
Configuring AUX Terminal Attributes
Configuring User Priority
Configuring Modem Attributes
5.3.2 Configuring AUX Interface Attributes

Step 1 Run:
system-view

Step 2 Run:
user-interface aux 0
The AUX user interface view is displayed.

speed speed-value
The transmission rate is set.

By default, the transmission rate is 9600 bit/s.
flow-control { hardware | none | software }
The flow control mode is set.

By default, the flow-control mode is none.
Step 5 Run:
parity { even | mark | none | odd | space }
The checksum bit is set.

By default, the checksum bit is none.
Issue 04 (2009-12-20)

5-11
Quidway NetEngine80
5 User Management

stopbits { 1.5 | 1 | 2 }
The stop bit is set.

By default, the stop bit is 1 bit.
databits { 5 | 6 | 7 | 8 }
The data bit is set.

By default, the data bit is 8.
----End
When the user logs in to a router through an AUX port, the configured attributes for the
console port on the super terminal should accord with the attributes of the port on the router.
Otherwise, the user cannot log in to the router.
5.3.3 Configuring AUX Terminal Attributes

Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
shell
AUX terminal service is enabled.

Step 4 Run:
User idle timeout is enabled.

By default, idle timeout period for users is 10 minutes.
Step 5 Run:
The screen length of the terminal screen is set.

By default, the length of the terminal screen is 24 lines.
Step 6 Run:
5-12

Issue 04 (2009-12-20)
Quidway NetEngine80
5 User Management
The size of the history command buffer is configured.

By default, the size of history command buffer on user interface is 10 history commands.
----End
5.3.4 Configuring User Priority

Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
user privilege level level
The user priority is set.

----End
5.3.5 Configuring Modem Attributes

Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
modem timer answer seconds
Set the period since the system receives the ring signal until waits for CD_UP, that is, the time
since the establishment of calling, from picking up to detecting carrier.
Step 4 Run:
modem auto-answer
Enable auto answer.

Step 5 Run:
modem [ both | call-in ]
Issue 04 (2009-12-20)

5-13
Quidway NetEngine80
5 User Management
The switch of incoming call or outgoing call is set.

----End

The router supports user authentication of three types:
z
Password authentication: requires no user name but a password must be set. Otherwise,
the user cannot log in to the router through the console interface.
None: requires neither user name nor password. No authentication is needed when the
user logs in to the router.

Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
Authentication mode is set to AAA.

Step 4 Run:
quit
Exit from the AUX user interface view.

Step 5 Run:
aaa
The aaa view is displayed.

Step 6 Run:
Local user and password are configured.

----End

5-14

Issue 04 (2009-12-20)
Quidway NetEngine80
5 User Management
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
Authentication mode is set to password.

Step 4 Run:
Step 5 Set password for this mode.

----End
Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
Authentication mode is set to none.

----End

Action
Command
View usage information of the user

interface
View physical attributes and

display user-interface console 0 [ summary ]
Issue 04 (2009-12-20)

5-15
Quidway NetEngine80
5 User Management
Action
Command
View the local user list
display local-user
View online users
display access-user
5.4 Configuring VTY User Interface

If you want to configure and manage Telnet or log in to the router through SSH, you need to
configure the VTY user interface.
Before configuring VTY user interface, complete the following tasks:
z
Correctly connecting PC and router
Data Preparation
To configure the VTY user interface, you need the following data.
No.
Data
Maximum VTY user interfaces
(Optional) ACL code to limit VTY user interface to call in and out
(Optional) Timeout of command line authentication
command buffer
To configure a VTY user interface, complete the following procedures.
5-16
No.
Procedure
Configuring Maximum VTY User Interfaces
Configuring Limits for Incoming Calls and Outgoing Calls

Issue 04 (2009-12-20)
Quidway NetEngine80
No.
Procedure
Configuring Timeout of VTY User Authorization
Configuring VTY Terminal Attributes
5 User Management
5.4.2 Configuring Maximum VTY User Interfaces

Step 1 Run:
system-view

Step 2 Run:
user-interface maximum-vty number
Set the maximum VTY user interfaces that can log in to the router at the same time.
----End
If the number of maximum VTY user interfaces to be configured is smaller than the number
of current maximum interfaces, this parameter needs not be configured if.
If the number of maximum VTY user interfaces to be configured is larger than the number of
current maximum interfaces, the authentication mode and password need to be configured for
newly added user interfaces.
For newly added user interfaces, the system applies password authentication by default. The
prompt is shown as follows:
Warning:Login password has not been set!
For example, a maximum of five users are allowed online. To allow 15 VTY users online at
the same time, you need to run the authentication-mode command and the set
authentication password command to configure authentication modes and passwords for
VTY user interface 5 to interface 14, shown as follows:
[Quidway] user-interface maximum-vty 15
[Quidway-ui-vty5-14] authentication-mode password
[Quidway-ui-vty5-14] set authentication password cipher huawei
5.4.3 Configuring Limits for Incoming Calls and Outgoing Calls

Step 1 Run:
system-view

Step 2 Run:
Issue 04 (2009-12-20)

5-17
Quidway NetEngine80
5 User Management

Step 3 Run:
acl acl-number { inbound | outbound }
Configure the limits to calling in/out of VTY user interface.

When you need to prevent a user of certain address or segment address from logging in to the
router, use the inbound command; when you need to prevent a user who logs in to a router
from accessing other routers, and use the outbound command.
----End
5.4.4 Configuring Timeout of VTY User Authorization

Do as follows the router that the user logs in to:
Step 1 Run:
system-view

Step 2 Run:
user-interface vty first-ui-number [ last-ui-number ]
The VTY user interface view is displayed.

Step 3 Run:
authorization-cmd timeout timeout-value
The timeout of command line authorization I set.

----End
The product supports to authorize HWTACACS command line to login users according to
user level or SSH user name.
When the user logs in to the router and needs command line authorization, each command the
user inputs must be authorized by the HWTACACS server. When authorization is passed, the
command can be run.
If the user receives no authorization from the HWTACACS server within the timeout limit
time, the command cannot be run.
5.4.5 Configuring VTY Terminal Attributes

Step 1 Run:
system-view

Step 2 Run:
5-18

Issue 04 (2009-12-20)
Quidway NetEngine80
5 User Management
user-interface vty number1 [ number2 ]

Step 3 Run:
shell
VTY terminal service is enabled.

Step 4 Run:
User disconnection after timeout is enabled.

Step 5 Run:
The screen length of the terminal screen is set.

Step 6 Run:
Step 7 Set the size of the history command buffer.

----End

Three authentication modes are available on a router:
z
Password authentication: requires no user name but a password must be set. Otherwise,
the user cannot log in to the router through console interface.)
None: requires neither user name nor password. No authentication is needed when the
user logs in to the router.

Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
Set the authentication mode as AAA.
Issue 04 (2009-12-20)

5-19
Quidway NetEngine80
5 User Management
Step 4 Run:
quit
Exit from the VTY user interface view.

Step 5 Run:
aaa

Step 6 Run:
Create local user and password.

----End

Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
Set the authentication mode as password.

Step 4 Run:
Set authentication password { simple | cipher } password
Set a password for this authentication mode.

----End
Step 1 Run:
system-view

Step 2 Run:
5-20

Issue 04 (2009-12-20)
Quidway NetEngine80
5 User Management

Step 3 Run:
The authentication mode is set to none.

----End

Action
Command
View the usage information of the user

interface
View the number of maximum VTY user

interfaces
display user-interface maximum-vty
View the physical attributes and

display user-interface
[ ui-typeui-number | number| summary ]
5.5 Managing User Interfaces

To ensure the operator can manage routers safely, you need to send messages between user
interfaces and clear designated user and so on.
Before managing the user interface, complete the following tasks:
z
Data Preparation
To manage the user interface, you need the following data:
No.
Data
Type and number of the user interface
Contents of the message to be sent
Issue 04 (2009-12-20)

5-21
Quidway NetEngine80
5 User Management
To configure a user interface, complete the following procedures.
No.
Procedure
Sending Messages to Other User Interfaces
Clearing Online User
5.5.2 Sending Messages to Other User Interfaces

Step 1 Run:
send { all | interface-type interface-number | number }
You can enable message sending between user interfaces.

Following the prompt, you can enter the message to be sent. You can press Ctrl+Z or Enter
key to end.
----End
5.5.3 Clearing Online User

Step 1 Run:
free user-interface { ui-number | ui-type ui-number1 }
Online users are cleared.

Upon the prompts, you can confirm whether to clear designated online users.
----End

5-22
Action
Command
Display the usage information of the user interface
Check the online user
display access-user

Issue 04 (2009-12-20)
Quidway NetEngine80
5 User Management
5.6 Configuring User Management

This section describes how to configure the user priority and the authentication.
To access the network, remote users can log in to the router to access networks through Telnet
or establish a PPP connection with the router. This can be done if the router is configured with
the IP address of the MCU or that of the interface board. Remote users access the network by
establishing PPP connection with the router. To ensure network security and ease user
management, configure a username and the user password for the router.
Before configuring a user interface, complete the following tasks:
z
Data Preparation
To configure a user, you need the following data.
No.
Data
Authentication mode
Username and password
User priority
To configure user management, complete the following procedures.
No.
Procedure
Configuring Authentication Mode
Configuring Authentication Password
Setting Username and Password for AAA Local Authentication
Configuring User Priority
Issue 04 (2009-12-20)

5-23
Quidway NetEngine80
5 User Management
5.6.2 Configuring Authentication Mode

Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
authentication-mode { aaa | password | none }
The user authentication mode is configured.

----End
5.6.3 Configuring Authentication Password

Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
The authentication password is configured.

----End
The default authentication mode is the password authentication.
5.6.4 Setting Username and Password for AAA Local

Authentication
Step 1 Run:
system-view
5-24

Issue 04 (2009-12-20)
Quidway NetEngine80
5 User Management

Step 2 Run:

Step 3 Run:
set authentication aaa
Step 4 Run:
aaa

Step 5 Run:
The local username and the password are configured.

----End
5.6.5 Configuring Non-Authentication

Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
set authentication none
The non-authentication is configured.

----End
Configuring the non-authentication may cause security problems of the router.
Issue 04 (2009-12-20)

5-25
Quidway NetEngine80
5 User Management
If the authentication mode is non-authentication or password authentication, the priority of the

user-interface determines the command level that the users can access.
If the authentication mode needs the username and the password, the priority of the user determines
the command level that the users can access.
5.6.6 Configuring User Priority

Refer to the Quidway NetEngine80 Configuration Guide - Security.

Action
Command
Check the user information.
Check information about local users.
display local-user
Check information about the access users.
display access-user
5.7 Configuring Local User Management

Create, maintain, and manage local users on local routers.
Before configuring local user management, complete the following tasks:
z
Data Preparation
To configure the local user management, you need the following data.
5-26
No.
Data
Username and password
Service type of the local user
FTP directory of the local user
The status of the local user

Issue 04 (2009-12-20)
Quidway NetEngine80
No.
Data
The maximum number of accessing local users
5 User Management
To configure local user management, complete the following procedures.
No.
Procedure
Creating Local User Account
Configuring the Service Type of the Local User
Configuring Local User Authority
Configuring Local User Status
Configuring Local User Priority
Configuring Access Restriction of the Local User
5.7.2 Creating Local User Account

Step 1 Run:
system-view

Step 2 Run:
aaa

Step 3 Run:
The local user account is created.

----End
5.7.3 Configuring the Service Type of the Local User

Step 1 Run:
system-view
Issue 04 (2009-12-20)

5-27
Quidway NetEngine80
5 User Management

Step 2 Run:
aaa

Step 3 Run:
local-user user-name service-type { bind | ftp | ppp | ssh | telnet | terminal | web
| x25-pad } *
The service type of the local user is configured.

----End
By configuring the service type of the local user, you can manage the user based on service types.
5.7.4 Configuring Local User Authority for FTP Directory

Step 1 Run:
system-view

Step 2 Run:
aaa

Step 3 Run:
local-user user-name ftp-directory directory
The local user authority for the FTP directory is configured.

----End
5.7.5 Configuring Local User Status

Step 1 Run:
system-view

Step 2 Run:
aaa

Step 3 Run:
5-28

Issue 04 (2009-12-20)
Quidway NetEngine80
5 User Management
local-user user-name state { active | block }
The local user status is configured.

----End
5.7.6 Configuring Local User Priority

Step 1 Run:
system-view

Step 2 Run:
aaa

Step 3 Run:
local-user user-name level level
The local user priority is configured.

----End
5.7.7 Configuring Access Restriction of the Local User

Step 1 Run:
system-view

Step 2 Run:
aaa

Step 3 Run:
local-user user-name access-limit access-limit
The access restriction of the local user is configured.

----End

Run the following command to check the previous configuration.
Issue 04 (2009-12-20)

5-29
Quidway NetEngine80
5 User Management
Action
Command
Check the attribute of the local

user.
display local-user [ domain domain-name | user-name

user-name ]
Run the display local-user command. You can view the status and type of the local user.
<Quidway> display local-user
---------------------------------------------------------------User-name
State Type
CAR Access-limit Online
---------------------------------------------------------------aaa@163
Active All
aaa
Active All
Dft
Dft
1
No
0
0
---------------------------------------------------------------Total 2,2 printed
Run the display local-user username user-name command. You can view details of the AAA
local user, such as the user level, FTP authorization directory.
<Quidway> display local-user username aaa
-------------------------------------------------------------User-name
: aaa
Password
:huawei
State
: Active
Service-type
: All
ACL-number
: -
User-CAR
: -
Idle-cut
: No
Access-limit
: No
Online-number
: 0
MAC-address
: -
User-level
: 0
FTP-directory
: -
Call-number
: -
Callback-check
: Yes
Callback-number
: -
------------------------------------------------------------
After the following two configuration examples are completed, the current user VTY0 cannot
run commands at levels higher than two. Ensure that you can log in to the router through other
methods to delete the configuration.
5-30

Issue 04 (2009-12-20)
Quidway NetEngine80
5 User Management
5.8.1 Example for Configuring Logging In to the Router Through

Password
The COM port of the PC is connected with the Console port. Set the priority of VTY0 to 2
and authenticate the passwords of users. Users need to input the password Huawei to log on
successfully.
After login, if the operations are not carried out in 30 minutes, it means that the user-interface
is disconnected from the router.
1.
Enter the user interface.
2.
Configure the priority of VTY0 as 2.
3.
Configure the simple authentication and the disconnect time.
Data Preparation
z
The password of the authentication mode
The connection time
[Quidway] user-interface vty 0
[Quidway-ui-vty0] user privilege level 2
[Quidway-ui-vty0] authentication-mode password
[Quidway-ui-vty0] set authentication password simple huawei
[Quidway-ui-vty0] idle-timeout 30
# Use the display this command to check all configurations.

[Quidway-ui-vty0] display this
#
user-interface con 0
user-interface vty 0
user privilege level 2
set authentication password simple huawei
idle-timeout 30 0
user-interface vty 1 4
#
return
# Use the display current-configuration command to view the system files.

[Quidway] display current-configuration
#
sysname Quidway
Issue 04 (2009-12-20)

5-31
Quidway NetEngine80
5 User Management
#
idle-timeout 30 0
#
return
Configuration Files
#
sysname Quidway
#
interface GigabitEthernet6/0/0
#
interface NULL0
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
idle-timeout 30 0
#
return
5.8.2 Example for Logging In to the Router Through AAA

The COM port of the PC and the console port of the router are connected.
Configure the priority of VTY0 to be 2, perform AAA authentication on the user that logs in
through VTY 0. The login user must enter the username "Huawei" and the password
"Huawei".
After login, if the user does not operate the router within 30 minutes, the connection with the
router is disabled.
5-32

Issue 04 (2009-12-20)
Quidway NetEngine80
5 User Management
1.
Enter the user interface view to configure the priority of VTY0 to be 2 and the
disconnection time.
2.
Enter the AAA view to configure the username, the password and the user level.
3.
Switch on the idle timeout for the local user in the AAA view.
Data Preparation
z
Username and password for authentication
Disconnection time
[Quidway] user-interface vty 0
[Quidway-ui-vty0] user privilege level 2
[Quidway-ui-vty0] authentication-mode aaa
[Quidway-ui-vty0] idle-timeout 30
[Quidway-ui-vty0] quit
[Quidway] aaa
[Quidway -aaa] local-user huawei password cipher huawei
[Quidway -aaa] local-user huawei level 2
[Quidway-aaa] local-user huawei idle-cut
Configuration Files
#
sysname Quidway
#
aaa
local-user huawei password cipher N`C55QK<`=/Q=^Q`MAF4<1!!
local-user huawei level 2
local-user huawei idle-cut
#
#
#
domain default
#
idle-timeout 30 0
#
return
Issue 04 (2009-12-20)

5-33
Quidway NetEngine80
Contents
Contents
6 File System ..................................................................................................................................6-1
6.1 Introduction ...................................................................................................................................................6-2
6.1.1 File System ..........................................................................................................................................6-2
6.1.2 Storage Devices ...................................................................................................................................6-2
6.1.3 Files......................................................................................................................................................6-2
6.1.4 Directories............................................................................................................................................6-2
6.2 Managing Storage Devices............................................................................................................................6-2
6.2.2 Restoring Storage Devices with File System Troubles ........................................................................6-3
6.2.3 Formatting Storage Devices.................................................................................................................6-3
6.3 Managing the Directory ................................................................................................................................6-4
6.3.2 Viewing the Current Directory.............................................................................................................6-5
6.3.3 Switching the Directory .......................................................................................................................6-5
6.3.4 Displaying the Directory of File ..........................................................................................................6-5
6.3.5 Creating a Directory.............................................................................................................................6-6
6.3.6 Deleting a Directory.............................................................................................................................6-6
6.4 Managing Files..............................................................................................................................................6-6
6.4.1 Displaying Contents of Files................................................................................................................6-7
6.4.2 Copying Files .......................................................................................................................................6-7
6.4.3 Moving Files ........................................................................................................................................6-8
6.4.4 Renaming Files ....................................................................................................................................6-8
6.4.5 Deleting Files .......................................................................................................................................6-9
6.4.6 Deleting Files in the Recycle Bin.........................................................................................................6-9
6.4.7 Undeleting Files ...................................................................................................................................6-9
6.5 Running Files in Batch................................................................................................................................6-10
6.6 Configuring Prompt Modes.........................................................................................................................6-10
6.7 Example of Configuration........................................................................................................................... 6-11
Issue 04 (2009-12-20)

Quidway NetEngine80
6 File System
File System
About This Chapter

Section
Description
6.1 Introduction
This section describes the basic concepts of the file

system.
6.2 Managing Storage Devices
This section describes how to configure to display the

management of the storage devices.
6.3 Managing the Directory
This section describes how to configure to realize the

directory management.
6.4 Managing Files
This section describes how to realize file management.
6.5 Running Files in Batch
This section describes how to configure to realize batch

process.
6.6 Configuring Prompt

Modes
This section describes how to realize the prompt for users

to run commands.
6.7 Example of Configuration
This section describes the instance of file system.
Issue 04 (2009-12-20)

6-1
Quidway NetEngine80
6 File System
6.1 Introduction
This section covers the topics that you need to know before you configure a file system.
6.1.1 File System

Definitions
The file system manages the files and directories in the storage devices. It can create, delete,
modify and rename a file or directory and display the contents of the file.
Functions
The file system has two functions: managing the storage devices and managing the files that
are stored in those storage devices.
6.1.2 Storage Devices

Storage devices are hardware devices for storing messages.
The storage device of the NE80 is the Hard Disk, Flash.
6.1.3 Files
The file is a mechanism in which the system stores and manages messages.
6.1.4 Directories
The directory is a mechanism in which the system integrates and organizes the file. It is the
logical container of the file.
6.2 Managing Storage Devices

When the router cannot access data normally, the abnormal storage devices need to be
restored.
Before managing the storage devices, complete the following tasks:
6-2
Installing the router and starting it normally
Enabling the client to log in to the router

Issue 04 (2009-12-20)
Quidway NetEngine80
6 File System
Data Preparation
Before managing the storage devices, you need the following data.
No.
Data
Device name
You can perform Step 1 and Step 2 in a random order.
No.
Procedure
Restoring Storage Devices with File System Troubles
Formatting Storage Devices
6.2.2 Restoring Storage Devices with File System Troubles

When the file system fails on some storage device, the terminal of the router prompts to
restoring.
Step 1 Run:
user-view
The user view is displayed.

Step 2 Run:
fixdisk device-name
Repair the storage devices with file system troubles.

----End
6.2.3 Formatting Storage Devices
Formatting storage devices may lead to data lost.

You can format the storage device when you fail to repair the file system or ensure that you do
not need all the data saved on the device.
Step 1 Run:
Issue 04 (2009-12-20)

6-3
Quidway NetEngine80
6 File System
user-view
The user view is displayed.

Step 2 Run:
format device-name
The storage device is formatted.

----End
If the storage device cannot work after you running the format device-name command, the reason may
lie on the hardware.
6.3 Managing the Directory

When you need to transfer files between the client and the server, configure the directory by
using the file system.
Before configuring the management directory, complete the following tasks:
z
Connecting the client with the server correctly
Data Preparation
To configure a management directory, you need the following data.
No.
Data
Directory name to be created
Directory name to be deleted
To complete the configuration, perform the following procedures.
6-4
No.
Procedure
Viewing the Current Directory
Switching

Issue 04 (2009-12-20)
Quidway NetEngine80
No.
Procedure
Displaying
Creating
Deleting
6 File System
6.3.2 Viewing the Current Directory

Step 1 Enter the user view.
Step 2 Run:
pwd
The current directory is displayed.

----End
6.3.3 Switching the Directory

Step 2 Run:
cd directory
A directory is specified, and the specified directory is displayed.

Step 3 Run:
pwd
The current directory is displayed.

----End
6.3.4 Displaying the Directory of File

Step 2 Run:
cd directory
The directory of the files to be displayed is displayed.

Step 3 Run:
dir [ /all ] [ /h ] [ filename ]
Issue 04 (2009-12-20)

6-5
Quidway NetEngine80
6 File System
The file list in the directory is displayed.

By default, running the dir command displays only the file information of the current directory.
----End
6.3.5 Creating a Directory

Step 2 Run:
cd directory
The parent directory of the directory to be created is displayed.

Step 3 Run:
mkdir directory
The directory is created.

----End
6.3.6 Deleting a Directory

Step 2 Run:
cd directory
The parent directory of the directory to be deleted is displayed.

Step 3 Run:
rmdir directory
The directory is deleted.

----End
6.4 Managing Files

Configure the file system to transfer files between the client and the server.
Before configuring the file system, complete the following tasks:
6-6

Issue 04 (2009-12-20)
Quidway NetEngine80
z
Connecting the client with the server correctly
6 File System
Data Preparation
To configure a file system, you need the following data.
No.
Data
File name to be created
File name to be deleted
No.
Procedure
Displaying Contents of Files
Copying Files
Moving Files
Renaming Files
Deleting Files
Deleting Files in the Recycle Bin
Undeleting Files
6.4.1 Displaying Contents of Files

Step 2 Run:
cd directory
The directory of the file is displayed.

Step 3 Run:
more filename
The content of the file is displayed.

----End
6.4.2 Copying Files

Issue 04 (2009-12-20)

6-7
Quidway NetEngine80
6 File System

Step 2 Run:
cd directory

Step 3 Run:
copy source-filename destination-filename
The file is copied.

----End
The length of the file must exceed zero bytes; otherwise, the file cannot be copied.
6.4.3 Moving Files

Step 2 Run:
cd directory

Step 3 Run:
move source-filename destination-filename
The file is moved.

----End
6.4.4 Renaming Files

Step 2 Run:
cd directory

Step 3 Run:
rename source-filename destination-filename
The file is renamed.

----End
6-8

Issue 04 (2009-12-20)
Quidway NetEngine80
6 File System
6.4.5 Deleting Files

Step 2 Run:
cd directory

Step 3 Run:
delete [ /unreserved ] filename
The file is deleted.

----End
6.4.6 Deleting Files in the Recycle Bin

Step 1 Run:
reset recycle-bin [ filename ]
The file is deleted.

----End
Running this command deletes only the files in the recycle bin of the master MPU.
6.4.7 Undeleting Files

Step 1 Run:
undelete filename
The file is undeleted.

----End
If the current directory is not the parent directory, you must operate the file using the absolute path.
Issue 04 (2009-12-20)

6-9
Quidway NetEngine80
6 File System
6.5 Running Files in Batch

When the batch file is created, you can run the batch file to implement routine tasks
automatically.
Before configuring the batch process, complete the following tasks:
z
Uploading the batched files on the client end to the router
Data Preparation
To configure the batch process, you need the following data.
No.
Data
Name of the batch file
Step 1 Run:
system-view

Step 2 Run:
execute filename
The batched file is executed.

----End
6.6 Configuring Prompt Modes
If quiet is selected as the prompt mode of the file system, no prompt is displayed when
mis-operation such as deleting a file, which results in data loss, is performed.
6-10

Issue 04 (2009-12-20)
Quidway NetEngine80
6 File System
The data may be lost or damaged during process, and the prompt is required.
Before configuring a file system, complete the following tasks:
z
Logging in to the router by the client end
Data Preparation
None
Step 2 Run:
system-view

Step 3 Run:
file prompt { alert | quiet }
The prompt mode of the file system is configured.

By default, the prompt mode is alert.
----End
6.7 Example of Configuration

By configuring the file system of the router, the user can operate the router through the
console port and copy files to the specified directory.
The file path in the storage device must be correct. If the user does not specify a target file
name, the source file name is the name of the target file by default.
1.
Check the files under a certain directory.
2.
Copy a file to this directory.
3.
Check this directory and view that the file is copied successfully to the specified
directory.
Issue 04 (2009-12-20)

6-11
Quidway NetEngine80
6 File System
Data Preparation
z
Source file name and target file name
Source file path and target file path
Step 1 Display the file information in the current directory.
<Quidway> dirflash:
Directory of flash:/
0
-rw-
37 Apr 28 2007 08:56:55
-rw-
4279 Apr 27 2007 18:03:56
private-data.txt
vrpcfg.zip
-rw-
6226 Apr 12 2007 12:20:07
license.txt
-rw-
12079 Apr 12 2007 12:20:21
paf.txt
-rw-
6666 Aug 17 2006 09:32:35
log.txt
15875 KB total (5032 KB free)
Step 2 Copy files from flash:/log.txt to slave#flash:/log.txt.

<Quidway> copy flash:/log.txt slave#flash:/log.txt.
Copy flash:/log.txt to flash:/log.txt ?[Y/N]:y
% Copyed flash:/log.txt slave#flash:/log.txt
Step 3 Display the file information in the current directory, and you can view that the file is copied to
the specified directory.
<Quidway> dir slave#flash
Directory of slave#flash:/
0
-rw-
37 Apr 28 2007 08:56:55
-rw-
4279 Apr 27 2007 18:03:56
vrpcfg.zip
-rw-
6226 Apr 12 2007 12:20:07
license.txt
-rw-
12079 Apr 12 2007 12:20:21
paf.txt
-rw-
6666 Aug 37 2006 09:34:35
log.txt
-rw-
-rw-
7094180 Feb 29 2004 21:43:57
-rw-
94456 Feb 24 2004 19:23:50
-rw-
444 Jul 25 2003 14:45:30
hostkey
-rw-
572 Jul 25 2003 14:45:40
serverkey
-rw-
4 Mar 01 2004 21:19:27
-rw-
80 Mar 09 2004 09:47:36
drw-
- Mar 09 2004 09:50:38
2906 Jan 21 2004 20:36:33
private-data.txt
vrpcfg.cfg
vrp5.cc
matnlog.dat
snmpboots
header-file.txt
log.txt
----End
6-12

Issue 04 (2009-12-20)
Quidway NetEngine80
Contents
Contents
7 Management of Configuration Files ......................................................................................7-1
7.1 Introduction ...................................................................................................................................................7-2
7.1.1 Definitions ...........................................................................................................................................7-2
7.1.2 Configuration Files and Current Configurations..................................................................................7-2
7.2 Managing Configuration Files.......................................................................................................................7-2
7.2.2 Configuring System Software for a Router to Load.............................................................................7-3
7.2.3 Configuring the Configuration File for Router to Load .......................................................................7-3
7.2.4 Saving Configuration File....................................................................................................................7-4
7.2.5 Clearing Configuration Files................................................................................................................7-4
7.2.6 Comparing Configuration Files............................................................................................................7-5
7.2.7 Checking the Configuration .................................................................................................................7-5
Issue 04 (2009-12-20)

Quidway NetEngine80
7 Management of Configuration Files
Management of Configuration Files
About This Chapter

Section
Description
7.1 Introduction
This section describes the basic concepts of the

configuration file.
7.2 Managing Configuration

Files
This section describes the method of managing

configuration file.
Issue 04 (2009-12-20)

7-1
Quidway NetEngine80
7.1 Introduction
7.1.1 Definitions
The configuration file is the add-in configuration item when restarting the router this time or
next time.
The configuration file is a text file in the following formats:
z
It is saved in the command format.
To save space, default parameters are not saved. For the default values of the
configuration parameters, see the following sections.
Commands are organized on the basis of the command view. All commands of the
identical command view are grouped into a section. Every two command sections are
separated by one or several blank lines or comment lines (beginning with "#").
The sequence of command sections is global configuration, physical interface

configuration, logic interface configuration, routing protocol configuration and so on.
z
The system can run the command with the maximum length of 255 characters, including the
command in the incomplete form.
If the configuration is in the incomplete form, the command is saved in complete form. Therefore,
the command length in the configuration file may exceed 255 characters. When the system restarts,
those commands cannot be restored.
7.1.2 Configuration Files and Current Configurations

z
Initial configurations: On powering on, the router retrieves the configuration files from
the default save path to initiate itself. If no configuration file exists in the default save
path, the router uses the default parameters.
Current configurations: indicates the effective configurations of the currently running

router.
Users can modify the current configuration s of the router through the command line
interface. Use the save command to save the current configuration to the configuration
file of the default storage devices, and the current configuration become the initial
configuration of the router when the router is powered on next time.
7.2 Managing Configuration Files

To start the router normally, you need to select correct system software and configuration file
for the router to load.
After modifying current configurations, you need to save the modified contents.
You need to view the configuration of the router.
7-2

Issue 04 (2009-12-20)
Quidway NetEngine80
Before managing the configuration files, install the router and start it properly.
Data Preparation
To manage configuration files, you need the following data.
No.
Data
system software and its file name
Configuration file and its name
The number of start line from which ling the comparison of the configuration
file begins
You can perform Procedure 1 to Procedure 5 in a random order.
No.
Procedure
Configuring System Software for a Router to Load
Configuring the Configuration File for Router to Load
Saving Configuration File
Clearing Configuration Files
Comparing Configuration Files
7.2.2 Configuring System Software for a Router to Load

Step 1 Run:
startup system-software system-filename [ slave-board ]
The system software for the router to load next time when it starts is configured.
The parameter slave-board is valid only on the router with dual main control boards.
----End
7.2.3 Configuring the Configuration File for Router to Load

Step 1 Run:
Issue 04 (2009-12-20)

7-3
Quidway NetEngine80
startup saved-configuration config-filename
Configuration file for the router to load next time when it starts is saved.
----End
When the router turns on, it initiates by reading the configuration file from the flash memory
by default. Thus, the configuration in this configuration file is called initial configuration. If
there is no configuration file in the flash, the router initiates with default parameters.
The effective configuration when a router is working is called current configuration.
7.2.4 Saving Configuration File

Do as follows on the router to save the configuration file:
Step 1 Run:
save [ config-filename ]
The current configurations are saved.

----End
The user can modify the current configuration through the command line interface. To set the
current configuration as initial configuration when the router starts next time, you can use the
save command to save the current configuration in the flash memory.
When saving the configuration file for the first time, if you do not specify the optional parameter
config-filename, the router asks you whether to save the file as "vrpcfg.cfg" or not.
7.2.5 Clearing Configuration Files

The configuration files in flash need to be cleared in follow two situations:
z
After the software of the router is upgraded, the software does not match the
configuration file.
The configuration file is found damaged or the router is load with incorrect configuration
files.
Do as follows on the router to clear the configuration file.

Step 1 Run:
reset saved-configuration
The configuration file loaded currently is cleared.

----End
After the configuration file is cleared, if you neither use the startup saved-configuration
command to specify a configuration file that contains correct configuration, nor use the save
command to save the configuration file, it initiates with default parameters next time when the
router starts.
7-4

Issue 04 (2009-12-20)
Quidway NetEngine80
7.2.6 Comparing Configuration Files

Step 1 Run:
compare configuration [current-line-number save-line-number ]
The current configuration and initial configuration are under comparison.

----End

Action
Command
Check current configuration files
display current-configuration
Check the configuration file that the router

loads the next time when it starts
display saved-configuration
Check the configuration file that the router

loads this time when it starts
display saved-configuration last
Check the file information used by the device

upon start
display startup
View the file information in storage device
dir [ /all ] [ filename ]
After the configurations succeed, run the preceding commands, and you can find the
following results:
z
The current configuration of the router is correct without any redundant configuration.
The current configuration of the router is saved in the storage device.
The system software and configuration file that are to be loaded on the router next time
are correct and they are saved in the root directory of the storage device.
Issue 04 (2009-12-20)

7-5
Quidway NetEngine80
Contents
Contents
8 FTP, TFTP and XModem ..........................................................................................................8-1
8.1 Introduction ...................................................................................................................................................8-2
8.1.1 FTP ......................................................................................................................................................8-2
8.1.2 TFTP ....................................................................................................................................................8-2
8.1.3 XModem ..............................................................................................................................................8-2
8.2 Configuring the Router to be the FTP Server................................................................................................8-3
8.2.2 Configuring the source address of FTP server .....................................................................................8-4
8.2.3 Enabling the FTP Server ......................................................................................................................8-4
8.2.4 Configuring the Timeout Period...........................................................................................................8-4
8.2.5 Configuring the Local Username and the Password ............................................................................8-5
8.2.6 Configuring Service Types and Authorization Information .................................................................8-5
8.3 Configuring FTP ACL...................................................................................................................................8-6
8.3.2 Enabling the FTP Server ......................................................................................................................8-7
8.3.3 Configuring the Basic ACL..................................................................................................................8-7
8.3.4 Configuring the Basic FTP ACL..........................................................................................................8-8
8.4 Configuring the Router to Be the FTP Client................................................................................................8-9
8.4.2 Configuring the source address of FTP Client ...................................................................................8-10
8.4.3 Logging In to the FTP Server.............................................................................................................8-10
8.4.4 Configuring Data Type and Transmission Mode for the File.............................................................8-10
8.4.5 Viewing Online Help of the FTP Command ...................................................................................... 8-11
8.4.6 Uploading or Downloading Files ....................................................................................................... 8-11
8.4.7 Managing Directories......................................................................................................................... 8-11
8.4.8 Managing Files...................................................................................................................................8-12
8.4.9 Changing Login Users .......................................................................................................................8-13
8.4.10 Disconnecting from the FTP Server.................................................................................................8-13
8.4.11 Checking the Configuration .............................................................................................................8-14
8.5 Configuring TFTP .......................................................................................................................................8-14
Issue 04 (2009-12-20)

Contents
Quidway NetEngine80
8.5.2 Configuring the source address of TFTP Client.................................................................................8-15
8.5.3 Downloading Files Through TFTP ....................................................................................................8-15
8.5.4 Uploading Files Through TFTP .........................................................................................................8-15
8.6 Limiting the Access to the TFTP Server......................................................................................................8-16

8.6.2 Configuring the Basic ACL................................................................................................................8-16
8.6.3 Configuring the Basic TFTP ACL......................................................................................................8-17
8.7 Configuring XModem .................................................................................................................................8-17
8.7.2 Getting a File Through XModem.......................................................................................................8-18
8.8.1 Example for Configuring the FTP Server ..........................................................................................8-18
8.8.2 Example for Configuring FTP ACL...................................................................................................8-21
8.8.3 Example for Configuring the FTP Client ...........................................................................................8-23
8.8.4 Example for Configuring TFTP .........................................................................................................8-24
8.8.5 Example for Configuring XModem ...................................................................................................8-26
ii

Issue 04 (2009-12-20)
Quidway NetEngine80
Figures
Figures
Figure 8-1 Networking diagram with FTP server basic functions....................................................................8-19
Figure 8-2 Networking diagram of configuring FTP ACL...............................................................................8-21
Figure 8-3 Configuring the FTP client .............................................................................................................8-23
Figure 8-4 Networking diagram of configuring TFTP .....................................................................................8-24
Figure 8-5 Setting the Base Directory of the TFTP server ...............................................................................8-25
Figure 8-6 Specifying the file to be sent...........................................................................................................8-26
Issue 04 (2009-12-20)

iii
Quidway NetEngine80
8 FTP, TFTP and XModem
FTP, TFTP and XModem
About This Chapter

Section
Description
8.1 Introduction
This section describes basic concepts of FTP, TFTP and

XModem.
8.2 Configuring the Router to

be the FTP Server
This section describes how to configure the basic

functions of the FTP server.
See Example for Configuring the FTP Server
8.3 Configuring FTP ACL
This section describes how to configure the specified

client to log in to the router.
8.4 Configuring the Router to

Be the FTP Client
This section describes how to configure a router to be a

FTP client and log in to the FTP server.
8.5 Configuring TFTP
This section describes how to configure TFTP to log in to

the server.
8.6 Limiting the Access to the

TFTP Server
This section describes how to limit the client to log in to

the TFTP router.
8.7 Configuring XModem
This section describes how to transfer files through

XModem.
This section provides examples for configuring FTP,

TFTP, and XModem.
Issue 04 (2009-12-20)

8-1
Quidway NetEngine80
8.1 Introduction
8.1.1 FTP
File Transfer Protocol (FTP) is an application layer protocol in the TCP/IP protocol suite. It
implements file transfer between remote hosts based on related file systems. The FTP protocol
is implemented based on corresponding file system.
The router provides the following FTP services:
z
FTP server service. Users can run the FTP client program to log in to the router and
access the files on the router.
FTP client service. Users can establish a connection with the router by running a terminal
emulation program or a Telnet program on a PC. Enter an FTP command to connect with
the remote FTP server and access the files on the remote host.
8.1.2 TFTP
The Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol.
Compared with FTP, TFTP does not have a complex interactive access interface and
authentication control. TFTP is applicable in an environment where there is no complex
interaction between the client and the server. For example, TFTP is used to obtain the memory
image of the system when the system starts up.
TFTP is implemented based on UDP.
The client initiates the TFTP transfer. To download files, the client sends a read request packet
to the TFTP server, receives packets from the server, and sends acknowledgement to the
server. To upload files, the client sends a write request packet to the TFTP server, sends
packets to the server, and receives acknowledgement from the server.
TFTP transfers the files in two formats:
z
The binary format: transfers program files.
The ASCII format: transfers text files.
The NE80 can serve as the TFTP client only and thus can be used only to transfer files in the
binary format.
8.1.3 XModem
XModem is a file transfer protocol and is widely used due to its simplicity and performance.
XModem transfers files through serial interfaces. It supports packets of 128 bytes and 1K
bytes, common checksum and CRC, and retransmission for several times (usually 10 times)
when packet error occurs.
8-2
XModem file transfer consists of the receiving program and the sending program. The
receiving program first sends the negotiation character to negotiate the check mode.
After the negotiation succeeds, the sending program begins to send packets.
When the receiving program receives a complete packet, it checks the packet according
to the negotiated mode:

Issue 04 (2009-12-20)
Quidway NetEngine80
The receiving program sends the acknowledgement character after the check passes. The
sending program then sends the next packet.
If the check fails, the receiving program sends the deny character and the sending
program retransmits the packet.
NE80 provides the function of XModem receiving program, which can be applied to the AUX
port and supports 128-byte packets and CRC. The function of XModem sending program is
automatically included in the HyperTerminal.
The XModem function is supported only by the AUX port.
XModem does not support simultaneous operations of multiple users.
8.2 Configuring the Router to be the FTP Server

When the router serves as the FTP server, after the client logs in to the router through FTP, the
user can transport files between the client and the server.
Before configuring the FTP server, complete the following tasks:
z
Connecting the FTP client with the server
Data Preparation
To configure FTP, you need the following data.
No.
Data
The timeout time of the FTP server
FTP username and password
The file directory authorized to the FTP user
To configure an FTP server, you need to take following steps.
No.
Procedure
Configuring the source address of FTP server
Enabling the FTP Server
Issue 04 (2009-12-20)

8-3
Quidway NetEngine80
No.
Procedure
Configuring the Timeout Period
Configuring the Local Username and the Password
Configuring Service Types and Authorization Information
8.2.2 Configuring the source address of FTP server

Do as follows on the router that serves as the FTP server:
Step 1 Run:
system-view

Step 2 Run:
ftp server-source {-a source-ip-address | -i { interface-name | interface-type
interface-num } }
The source address of FTP server is started.

----End
8.2.3 Enabling the FTP Server

Step 1 Run:
system-view

Step 2 Run:
ftp server enable
The FTP server is started.

----End
8.2.4 Configuring the Timeout Period

Step 1 Run:
system-view

Step 2 Run:
8-4

Issue 04 (2009-12-20)
Quidway NetEngine80
ftp timeout minutes
The timeout time of the FTP server is configured.

----End
8.2.5 Configuring the Local Username and the Password

Step 1 Run:
system-view

Step 2 Run:
aaa

Step 3 Run:
The local username and the password are configured.

----End
8.2.6 Configuring Service Types and Authorization Information

Step 1 Run:
system-view

Step 2 Run:
aaa

Step 3 Run:
local-user user-name service-type ftp
The FTP service type is configured.

Step 4 Run:
local-user user-name ftp-directory directory
The authorized directory of the FTP user is configured.

----End
Issue 04 (2009-12-20)

8-5
Quidway NetEngine80

Run the following commands to check the preceding configuration.
Action
Command
Check the configuration and running information

of the FTP server.
display ftp-server
Check the login FTP user.
display ftp-users
After configuring the FTP server, run the display ftp-server command. You can view that the
FTP server is working.
<Quidway> display ftp-server
FTP server is running
Max user number
User count
Timeout value(in minute)
30
Acl number
The source address of the FTP server is 1.1.1.1
Run the display ftp-users command to view the user name, port number, authorization
directory of the FTP user configured currently.
<Quidway> display ftp-users
Username
host
port
idle
topdir
huawei
100.2.150.211
4641
flash:
8.3 Configuring FTP ACL

When the router serves as the FTP server, for security, you can configure the router by ACL to
be accessed by only those clients that satisfy the matching conditions.
Before configuring the FTP ACL, complete the following tasks:
z
Data Preparation
To configure the FTP ACL, you need the following data.
8-6

Issue 04 (2009-12-20)
Quidway NetEngine80
No.
Data
FTP username and password
The file directory authorized to the FTP user
The timeout time of the FTP server
To configure an FTP ACL, you need to take following steps.
No.
Procedure
Enabling the FTP Server
Configuring the Basic ACL
Configuring the Basic FTP ACL
8.3.2 Enabling the FTP Server

Step 1 Run:
system-view

Step 2 Run:
ftp server enable
The FTP server is started.

----End
8.3.3 Configuring the Basic ACL

Step 1 Run:
system-view

Step 2 Run:
acl acl-number
The ACL view is displayed.

Step 3 Run:
Issue 04 (2009-12-20)

8-7
Quidway NetEngine80
rule [ rule-id ] { deny | permit } [ source { host-name { source-wildcard | 0 } |

source-ip-address { source-wildcard | 0 } | any } | time-range time-name | logging |
fragment ]*
The ACL rule is configured.

----End
FTP supports only the basic ACL.
8.3.4 Configuring the Basic FTP ACL

Step 1 Run:
system-view

Step 2 Run:
ftp acl acl-number
The basic FTP ACL is configured.

----End

Action
Command
Check the configuration and running

information about the FTP server.
display ftp-server
After configuring the FTP server, run the display ftp-server command. You can view that the
FTP ACL is 2345.
<Quidway> display ftp-server
FTP server is running
8-8
Max user number
User count
Timeout value(in minute)
30
Acl Number
2345

Issue 04 (2009-12-20)
Quidway NetEngine80
8.4 Configuring the Router to Be the FTP Client

When a router serves as the FTP client, you can log in to the FTP server through the router
and then transmit files or manage server directory.
Before configuring a router as an FTP client, complete the following tasks:
z
Data Preparation
To configure the router as an FTP client, you need the following data.
No.
Data
Host name or IP address of the FTP server
Port number of connecting FTP
Login username and password
To configure a router as an FTP client, you need to take following steps.
No.
Procedure
Configuring the source address of FTP Client
Logging In to the FTP Server
Configuring
Viewing Online Help of the FTP Command
Uploading or Downloading Files
Managing Directories
Managing Files
Changing Login Users
Disconnecting from the FTP
Issue 04 (2009-12-20)

8-9
Quidway NetEngine80
8.4.2 Configuring the source address of FTP Client

Step 1 Run:
system-view

Step 2 Run:
ftp client-source {-a source-ip-address | -i { interface-name | interface-type
interface-num }}
The source address of FTP client is started.

----End
8.4.3 Logging In to the FTP Server

Do as follows on the router that serves as the client:
Step 1 In different views,
different ways.
z
the router that serves as the client can be connected to the FTP server in
In the user view, run:
ftp [-a source-ip-address | -i { interface-name | interface-type interface-num } ] [ host

[ port-number ] ] [ vpn-instance vpn-instance-name ]
The router is connected to the FTP server.

z
In the FTP view, run:
open host [ port-number ] [ vpn-instance vpn-instance-name ]

----End
8.4.4 Configuring Data Type and Transmission Mode for the File
Step 1 Run:
The router is connected to the FTP server, and the FTP client view is displayed.
Step 2 Run:
ascii | binary
The data type of the file to be transmitted is ASCII code or binary.

Step 3 Run:
passive
8-10

Issue 04 (2009-12-20)
Quidway NetEngine80
The passive file transfer mode is configured.

----End
8.4.5 Viewing Online Help of the FTP Command

Step 1 Run:
Step 2 Run:
remotehelp [ command ]
The online help of the FTP command is displayed.

----End
8.4.6 Uploading or Downloading Files

Step 1 Run:
Step 2 Upload or download files.
z
Run:
put local-filename [ remote-filename ]
The local file is uploaded to the remote FTP server.

z
Run:
get remote-filename [ local-filename ]
The FTP file is downloaded from the FTP server and saved to the local file.
----End
8.4.7 Managing Directories

Step 1 Run:
Issue 04 (2009-12-20)

8-11
Quidway NetEngine80
Step 2 Run one or more commands in the following to manage directories.

z
Run:
cd pathname
The working path of the remote FTP server is specified.

z
Run:
cdup
The working path of the FTP server is switched to the upper-level directory.
z
Run:
pwd
The specified directory of the FTP server is displayed.

z
Run:
lcd
The specified directory of the FTP client is displayed.

z
Run:
mkdir remote-directory
A directory is created on the FTP server.

z
Run:
rmdir remote-directory
A directory is deleted on the FTP server.

z
The directory to be created can comprise letters and digits, rather than such special characters as <,
>, ?, \ and :.
When running the mkdir /abc command, you create a sub-directory named "abc".
----End
8.4.8 Managing Files

Step 1 Run:

Step 2 Run one or more commands in the following to manage directories.
z
Run:
ls [ remote-filename ] [ local-filename ]
The specified directory or file on the remote FTP server is displayed.

z
Run:
dir [ remote-filename ] [ local-filename ]
8-12

Issue 04 (2009-12-20)
Quidway NetEngine80
The specified directory or file on the local FTP server is displayed.

z
Run:
delete remote-filename
The specified file on the FTP server is deleted.

----End
8.4.9 Changing Login Users

Step 1 Run:

Step 2 Run:
user user-name [ password ]
The current login user is changed and the user logs in again.
----End
8.4.10 Disconnecting from the FTP Server

Step 1 Run the following commands according to different configurations.
z
Run:
bye
Or
quit
The client router is disconnected from the FTP server.

Return to the user view.
z
Run:
close
Or
quit
The client router is disconnected from the FTP server.

Return to the FTP view.
----End
Issue 04 (2009-12-20)

8-13
Quidway NetEngine80
The previous configurations can be executed only in the FTP client view.

Action
Command
Check the login FTP user.
display ftp-users
Run the display ftp-users command to view the user name, port number, authorization
directory of the FTP user configured currently.
<Quidway> display ftp-users
username
zll
host
100.2.150.226
port
2320
idle
0
topdir
cfcard:
8.5 Configuring TFTP

You can transfer files through TFTP between the server and the client in a simple interaction
environment.
Before configuring TFTP, complete the following tasks:
z
Connecting the TFTP client with the server
Data Preparation
To configure TFTP, you need the following data.
8-14
No.
Data
IP address of the TFTP server
Name of the specific file in the TFTP server
File directory
ACL number

Issue 04 (2009-12-20)
Quidway NetEngine80
No.
Procedure
Configuring the source address of TFTP Client
Downloading Files Through TFTP
Uploading Files Through TFTP
8.5.2 Configuring the source address of TFTP Client

Do as follows on the router that serves as the TFTP server:
Step 1 Run:
system-view

Step 2 Run:
tftp client-source {-a source-ip-address | -i { interface-name | interface-type
interface-num }}
The source address of TFTP client is started.

----End
8.5.3 Downloading Files Through TFTP

Do as follows on the router that serves as the TFTP client:
Step 1 Run:
tftp [-a source-ip-address | -i { interface-name | interface-type interface-num } ]
tftp-server get source-filename [ destination-filename ]
The router is configured to download files through TFTP.

----End
8.5.4 Uploading Files Through TFTP

Step 1 Run :
tftp [-a source-ip-address | -i { interface-name | interface-type interface-num } ]
tftp-server put source-filename [ destination-filename ]
The router is configured to upload files through TFTP.

----End
Issue 04 (2009-12-20)

8-15
Quidway NetEngine80
8.6 Limiting the Access to the TFTP Server

When the router serves as the TFTP client, you can configure the ACL on the router. After the
configuration, you can control to which TFTP server that this device can log in by TFTP.
Before configuring a limit to access the TFTP server, complete the following tasks:
z
Connecting the TFTP client with the server
Data Preparation
To configure a limit to accesss to TFTP server, you need the following data.
No.
Data
IP address of the TFTP server
ACL number
To configure a limit to access to TFTP server, you need to take following steps.
No.
Procedure
Configuring the Basic ACL
Configuring the Basic TFTP ACL
8.6.2 Configuring the Basic ACL

Step 1 Run:
system-view

Step 2 Run:
acl acl-number
The ACL view is displayed.
8-16

Issue 04 (2009-12-20)
Quidway NetEngine80
Step 3 Run:
rule [ rule-id ] { deny | permit } [ source { host-name { source-wildcard | 0 } |
source-ip-address { source-wildcard | 0 } | any } | time-range time-name | logging |
fragment ]
The ACL rule is configured.

----End
TFTP supports only the basic ACL rules.
8.6.3 Configuring the Basic TFTP ACL

Step 1 Run:
system-view

Step 2 Run:
tftp-server acl acl-number
ACL is used to limit the access to the TFTP server.

----End
8.7 Configuring XModem

Configure XModem to transfer files through serial interfaces.
Before configuring XModem, complete the following tasks:
z
Connecting the router and the PC through an AUX port or a console port
Logging in to the router through the terminal emulation program and specifying the file
path in the terminal emulation program
Data Preparation
To configure XModem, you need the following data.
Issue 04 (2009-12-20)

8-17
Quidway NetEngine80
No.
Data
Name of a specific file
Absolute path of the file
No.
Procedure
Getting a File Through XModem
8.7.2 Getting a File Through XModem

Do as follows on the router that performed:
Step 1 Run:
xmodem get filename
XModem is used to get the file.

----End
Before getting the file, confirm the path and the name of the file that are to be sent.
For the filename, an absolute path name is required.
If the filename is similar to an existing one, the system sends a prompt asking you whether to
overwrite or not.

8.8.1 Example for Configuring the FTP Server
As shown in Figure 8-1, the IP address of the FTP server is 172.16.104.110/24.
Log in to the router from the HyperTerminal and then download files from the FTP server.
8-18

Issue 04 (2009-12-20)
Quidway NetEngine80
Figure 8-1 Networking diagram with FTP server basic functions

Server
172.16.104.110/24
console cable
1.
Run the HyperTerminal on the PC and log in to the router.
2.
Use the correct username and password to log in to the FTP server to download the files
on the memory of the router.
Data Preparation
z
FTP username as quidway and password as huawei on the server
The correct path of the original files on the FTP server
The destination file name and its position in the router
Step 1 Enable FTP on the FTP server and configure the authentication information about the FTP
user.
[Quidway] sysname server
[server] ftp server enable
[server] ftp timeout 30
[server] aaa
[server -aaa] local-user quidway password simple huawei
Step 2 Configure the authorization mode and directory of the FTP user on the FTP server
[server -aaa] local-user quidway service-type ftp
[server -aaa] local-user quidway ftp-directory flash:
[server -aaa] quit
Step 3 Configure the IP address of the FTP server.

[server] interface Ethernet2/0/0
[server-Ethernet2/0/0] undo shutdown
[server-Ethernet2/0/0] ip address 172.16.104.110 255.255.255.0
[server-Ethernet2/0/0] quit
Step 4 Log in to the router from the PC through the HyperTerminal, and connect to the FTP server
using the correct username and password to obtain system host software.
Issue 04 (2009-12-20)

8-19
Quidway NetEngine80
# Log in to the FTP server to obtain system host software and save it in the root directory of
the Flash Memory of the router.
<Router> cd flash:
<Router> pwd
flash:<Router> ftp 172.16.104.110
Trying 100.1.1.201 ...
Press CTRL+K to abort
Connected to 100.1.1.201.
220 FTP service ready.
User(100.1.1.201:(none)): quidway
331 Password required for quidway.
Password:
230 User logged in.
[ftp] binary
200 Type set to I.
[ftp] get vrp.bin
The file vrp.cc is already existing, overwrite it? [Y/N]:y
200 PORT command okay
150 Opening BINARY mode data connection for vrp.bin
226 Transfer complete.
FTP: 5805100 byte(s) received in 19.898 second(s) 291.74Kbyte(s)/sec.
[ftp] dir
200 Port command okay.
150 Opening ASCII mode data connection for *.
0
-rw-
5805100 May 25 2007 18:02:30
-rw-
354 Apr 30 2007 14:35:15
drw-
- Apr 30 2007 14:35:36
-rw-
852 May 25 2007 16:55:08
vrp.bin
vrpcfg.cfg
lam
vrpcfg.zip
226 Transfer complete.

FTP: 402 byte(s) received in 0.140 second(s) 2.87Kbyte(s)/sec.
[ftp] bye
----End
Configuration Files
Configuration file of the FTP server.
#
sysname Server
#
FTP server enable
#
interface Ethernet2/0/0
undo shutdown
ip address 172.16.104.110 255.255.255.0
#
aaa
local-user quidway password simple Huawei
local-user quidway service-type ftp
local-user quidway ftp-directory flash:/ftp/system
#
#
8-20

Issue 04 (2009-12-20)
Quidway NetEngine80
#
domain default
#
Return
8.8.2 Example for Configuring FTP ACL

As shown in Figure 8-2, the IP address of the FTP server is 172.16.104.110/24.
At the client side, PC1, PC2 and the FTP server are reachable. After configuring ACL, the
router that serves as the FTP server allows only PC1 with the host address of 172.16.104.111
to download and upload files in the FTP mode. PC2 cannot be connected to the FTP server.
Figure 8-2 Networking diagram of configuring FTP ACL
GE2/0/0
PC2
172.16.105.111/24
IP Network
Server
172.16.104.110
GE1/0/0
PC1
172.16.104.111/24
1.
Configure the basic FTP functions.
2.
Configure ACL on the FTP server.
Data Preparation
z
ACL number
Step 1 Configure the basic FTP functions.
See "Configuring the Router to be the FTP Server".
Step 2 Configure the basic ACL.
[Quidway] acl number 2001
[Quidway-acl-basic-2001]rule permit source 172.16.104.111 0.0.0.255
[Quidway-acl-basic-2001]quit
Issue 04 (2009-12-20)

8-21
Quidway NetEngine80
Step 3 Configure the basic FTP ACL.

[Quidway]ftp acl 2001
Step 4 Connect to the FTP server from PC1.

c:\ ftp 172.16.104.110
Connected to 172.16.104.110
User (100.2.150.40:(none)):quidway
331 Password required for quidway
Password:
230 User logged in.
ftp>
Step 5 Connect to the FTP server from PC2.

c:\ ftp 172.16.104.110
Connected to ftp 172.16.104.110.
Info:Connection was denied by remote host according to ACL!
Connection closed by remote host.
----End
Configuration Files
Configuration file of the FTP server.
#
sysname Server
#
Ftp server enable
FTP acl 2001
acl number 2001
rule 5 permit source 172.16.104.111 0.0.0.255
#
interface Ethernet2/0/0
undo shutdown
ip address 172.16.104.110 255.255.255.0
#
aaa
local-user quidway password simple Huawei
local-user quidway service-type ftp
local-user quidway ftp-directory flash:/ftp/system
#
#
#
domain default
#
Return
8-22

Issue 04 (2009-12-20)
Quidway NetEngine80
8.8.3 Example for Configuring the FTP Client

As shown in Figure 8-3, the router that serves as the FTP client are connected to the FTP
server, and download system software and configuration software from the FTP server to the
client side.
Figure 8-3 Configuring the FTP client
GE2/0/0
IP Network
Router
Server
172.16.104.110
172.16.105.111/24
Log in to the FTP server to the FTP client and download system files form the server to the
storage devices on the client side.
Data Preparation
z
IP address of the FTP server
The destination file name and its position in the router
Step 1 Log in to the FTP server from the router.
<Quidway> ftp 172.16.104.110
Trying ftp 172.16.104.110
Connected to ftp 172.16.104.110
User(ftp 172.16.104.110:(none)):huawei
331 Password required for huawei
Password:
230 User logged in.
Step 2 Configure the transmission mode to the binary format and configure the directory of the
Flash memory on the router.
[ftp] binary
200 Type set to I.
[ftp] lcd flash:/
% Local directory now flash:
Step 3 Download the newest system software from the remote FTP server on the router.
Issue 04 (2009-12-20)

8-23
Quidway NetEngine80

[ftp] get vrpv5r3d031.cc
[ftp] quit
----End
8.8.4 Example for Configuring TFTP

As shown in Figure 8-4, the IP address of the TFTP server is 10.111.16.160/24.
Log in to the router from the HyperTerminal and then download the file vrp.cc from the TFTP
server.
Figure 8-4 Networking diagram of configuring TFTP
TFTP Server
10.111.16.160/24
Quidw ay
PC
1.
Run the TFTP software on the TFTP server
2.
Set the position of the source file on the server
3.
Use the TFTP command on the Quidway router to download the files
Data Preparation
z
The TFTP software installed on the TFTP server.
The path of the source file on the TFTP server.
The destination file name and its path on the Quidway router.
Step 1 Start the TFTP server, set its Base Directory as the directory where the vrp.cc file resides.
Figure 8-5 shows the interface.
8-24

Issue 04 (2009-12-20)
Quidway NetEngine80
Figure 8-5 Setting the Base Directory of the TFTP server
The display may be different depending on different TFTP server software used by the computer.
Step 2 Log in to the router through the computer HyperTerminal and enter the following command
to download files.
<Quidway> tftp 10.111.16.160 get vrp.cc flash:/vrp.cc
Transfer file in binary mode.
Now begin to download file from remote tftp server, please wait for a while...
\
TFTP:
86235884 bytes received in 42734 second.
File downloaded successfully.
Step 3 Check the configuration. Run the dir command to view whether the downloaded target file
resides in the specified directory of the router.
<Quidway> dir flash:
0
-rw- 10014764 Jun 20 2005 15:00:28
-rw-
40 Jun 24 2006 09:30:40
vrp.bin
-rw-
396 May 19 2006 15:00:10
rsahostkey.dat
-rw-
540 May 19 2006 15:00:10
rsaserverkey.dat
-rw-
2718 Jun 21 2006 17:46:46
-rw-
14343 May 19 2006 15:00:10
paf.txt
-rw-
1004 Feb 05 2001 09:51:22
vrp1.zip
-rw-
6247 May 19 2006 15:00:10
license.txt
-rw-
14343 May 16 2006 14:13:42
paf.txt.bak
private-data.txt
1.cfg
----End
Issue 04 (2009-12-20)

8-25
Quidway NetEngine80
8.8.5 Example for Configuring XModem

The router is connected with PC through the AUX port. Log in to the router through the AUX
port, to receive files from the AUX port and save the received packets to the Flash Memory.
1.
Run the HyperTerminal on the PC and log in to the router.
2.
Use the xmodem command to download the files on the router.
3.
Specify the file path on the HyperTerminal.
Data Preparation
z
Files that are copied to the PC
The path of the file in PC
Step 1 Log in to the router through the AUX port.
Refer to "02 Establishment of Configuration Environments."
Step 2 Specify the file to be sent on the HyperTerminal.
Figure 8-6 Specifying the file to be sent
After the configuration, click Send to send the file.

Step 3 Use the XModem protocol to receive the file form the AUX port.
The received file is saved on theFlash memory of the router and the file name is test.txt.
<Quidway> xmodem get flash:/test.txt
**** WARNING ****
xmodem is a slow transfer protocol limited to the current speed
8-26

Issue 04 (2009-12-20)
Quidway NetEngine80
settings of the auxiliary ports.

During the course of the download no exec input/output will be
available!
---- ******* ---Proceed?[Y/N]y
Destination filename [flash:/ test.txt]?
Before press ENTER you must choose 'YES' or 'NO'[Y/N]:y
Download with XMODEM protocol....
CCCCC
After the system prompts that the file transmission succeeds, you can view the directory of the
Flash Memory.
<Quidway>
Download successful!
<Quidway>
Download successful!
<Quidway> dir flash:/
0
-rw- 10014764 Jun 20 2005 15:00:28
-rw-
-rw-
28 Jul 27 2005 09:34:39
-rw-
480 May 10 2003 11:25:18
-rw- 10103172 Jul 22 2005 16:40:37
-rw-
-rw-
7
8
-rw-rw-
98776 Jul 27 2005 09:36:12
vrp.bin
matnlog.dat
private-data.txt
vrpcfg.zip
date.txt
1515 Jul 19 2005 17:39:55
vrpcfg.cfg
3844 Jul 14 2004 11:51:45
exception.dat
8628372 Jun 01 2005 10:14:34

45 Jul 27 2005 10:51:26
vrp330-0521.01.bin
test.txt
----End
Issue 04 (2009-12-20)

8-27
Quidway NetEngine80
Contents
Contents
9 Telnet and SSH...........................................................................................................................9-1
9.1 Introduction ...................................................................................................................................................9-2
9.1.1 Overview of User Login ......................................................................................................................9-2
9.1.2 Telnet Terminal Services ......................................................................................................................9-2
9.1.3 SSH Terminal Services ........................................................................................................................9-4
9.2 Configuring Telnet Terminal Services...........................................................................................................9-7
9.2.2 Establishing a Telnet Connection.........................................................................................................9-8
9.2.3 Establishing a Telnet Redirection Connection .....................................................................................9-8
9.2.4 Scheduled Telnet Disconnection ..........................................................................................................9-9
9.3 Configuring SSH Users...............................................................................................................................9-10
9.3.2 Creating an SSH User ........................................................................................................................ 9-11
9.3.3 Configuring SSH for the VTY User Interface.................................................................................... 9-11
9.3.4 Generating a Local RSA Key Pair .....................................................................................................9-12
9.3.5 Configuring the Authentication Mode for SSH Users........................................................................9-12
9.3.6 (Optional)Configuring the Basic Authentication Information for SSH Users....................................9-14
9.3.7 (Optional)Authorizing SSH Users Through the Command Line .......................................................9-14
9.3.8 Configuring the Service Type of SSH Users......................................................................................9-15
9.3.9 (Optional)Configuring the Authorized Directory of SFTP Service for SSH Users............................9-15
9.4 Configuring the SSH Server........................................................................................................................9-16
9.4.2 Enabling the STelnet Service .............................................................................................................9-17
9.4.3 Enabling the SFTP Service ................................................................................................................9-17
9.4.4 (Optional)Enabling the Earlier Version-Compatible Function...........................................................9-17
9.4.5 (Optional)Configuring the Number of the Port Monitored by the SSH Server..................................9-18
9.4.6 (Optional) Enabling the Trap Function ..............................................................................................9-18
9.4.7 (Optional)Configuring the Interval for Updating the Key Pair on the SSH Server............................9-19
9.5 Configuring the STelnet Client Function ....................................................................................................9-20
Issue 04 (2009-12-20)

Contents
Quidway NetEngine80
9.5.2 Enabling the First-Time Authentication on the SSH Client ...............................................................9-21
9.5.3 (Optional) Configuring the SSH Client to Assign the RSA Public Key to the SSH Server ...............9-21
9.5.4 Enabling the STelnet Client ...............................................................................................................9-22
9.6 Configuring the SFTP Client Function........................................................................................................9-23

9.6.2 Configuring the First-Time Authentication on the SSH Client ..........................................................9-24
9.6.3 Configuring the SSH Client to Assign the RSA Public Key to the SSH Server.................................9-24
9.6.4 Enabling the SFTP Client...................................................................................................................9-25
9.6.5 (Optional) Managing the Directory....................................................................................................9-25
9.6.6 (Optional) Managing the File.............................................................................................................9-26
9.6.7 (Optional)Displaying the SFTP Client Command Help.....................................................................9-27
9.7 Maintaining Telnet and SSH .......................................................................................................................9-28
9.7.1 Debugging Telnet Terminal Services .................................................................................................9-28
9.7.2 Debugging SSH Terminal Services....................................................................................................9-28
9.8.1 Example for Configuring Telnet Terminal Services...........................................................................9-29
9.8.2 Example for Connecting the STelnet Client to the SSH Server .........................................................9-31
9.8.3 Example for Connecting the SFTP Client to the SSH Server ............................................................9-37
9.8.4 Example for Accessing the SSH Server Through Other Port Numbers .............................................9-42
9.8.5 Example for Authenticating SSH Through RADIUS.........................................................................9-49
ii

Issue 04 (2009-12-20)
Quidway NetEngine80
Figures
Figures
Figure 9-1 Telnet client services.........................................................................................................................9-2
Figure 9-2 Telnet redirection services ................................................................................................................9-3
Figure 9-3 Usage of Telnet shortcut keys ...........................................................................................................9-3
Figure 9-4 Establishing an SSH channel in a LAN ............................................................................................9-5
Figure 9-5 Establishing an SSH channel in a WAN ...........................................................................................9-5
Figure 9-6 Networking diagram of the Telnet terminal services mode ............................................................9-29
Figure 9-7 Networking diagram of connecting the STelnet client to the SSH server.......................................9-31
Figure 9-8 Networking diagram of connecting the SFTP client to the SSH server ..........................................9-37
Figure 9-9 Networking diagram of accessing the SSH server through other port numbers .............................9-43
Figure 9-10 Networking diagram of authenticating the SSH through RADIUS ..............................................9-49
Issue 04 (2009-12-20)

iii
Quidway NetEngine80
9 Telnet and SSH
Telnet and SSH
About This Chapter

Section
Description
9.1 Introduction
This section describes the basic concepts of user login:

Telnet and SSH.
9.2 Configuring Telnet

Terminal Services
This section describes how to log in to a router through

Telnet and configure the router.
9.3 Configuring SSH Users
This section describes how to configure SSH users.
9.4 Configuring the SSH

Server
This section describes how to configure the SSH server.
9.5 Configuring the STelnet

Client Function
This section describes how to configure the STelnet

client.
9.6 Configuring the SFTP

Client Function
This section describes how to configure the SFTP client.
9.7 Maintaining Telnet and

SSH
This section describes how to debug the Telnet and SSH

terminal services.
This section provides examples for configuring Telnet

and SSH.
Issue 04 (2009-12-20)

9-1
Quidway NetEngine80
9 Telnet and SSH
9.1 Introduction
9.1.1 Overview of User Login
To configure, monitor and maintain the local or remote devices, configure the user interface,
the user management and the terminal service.
The user interface provides the login plane. The user management guarantees the login
security and the terminal service provides the login protocol.
The product supports the following login methods:
z
Login through the console port
Local or remote login through the AUX port
Local or remote login through Telnet or SSH
9.1.2 Telnet Terminal Services

Telnet Services
Telnet is an application layer protocol in the TCP/IP protocol suite. It provides remote login
and a virtual terminal service through the network.
The router provides the following Telnet services:
z
Telnet server: You can run the Telnet client program on a PC to log in to the router,
configure and manage it. The router acts as a Telnet server.
Telnet client: You can run the terminal emulation program or the Telnet client program
on a PC to connect with the router. With the telnet command, you can log in to other
routers to configure and mange them. As shown in Figure 9-1, Router A serves as both
the Telnet server and the Telnet client.
Figure 9-1 Telnet client services

Telnet Session 1
Telnet Session 2
Telnet Server
PC
9-2
RouterA
RouterB
Redirection terminal services: You can run the Telnet client program on a PC to log in to
the router through a specified interface. Then connect with the serial interface devices
that are connected to the asynchronous interface of the router, as shown in Figure 9-2.
The typical application is to connect the 8/16-port asynchronous interface of the router
with multiple devices for their remote configuration and maintenance.

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH
Figure 9-2 Telnet redirection services

PC
Ethernet
Router
Async0
Router1
Async1
Lan Switch
Async2
Modem
Async8/16
Router2
Only the devices that provide the asynchronous interface support the Telnet redirection service.
z
Interruption of Telnet services

In Telnet connection, you can use two types of shortcut keys to interrupt the connection.
As shown in Figure 9-2, Router A logs in to Router B through Telnet, and Router B logs
in to Router C through Telnet. Thus, a cascade network is formed. In this case, Router A
is the client of Router B and Router B is the client of Router C. Figure 9-3 illustrates the
usage of the two types of shortcut keys.
Figure 9-3 Usage of Telnet shortcut keys

Telnet Session 1
Telnet Session 2
Telnet Client
RouterA
Telnet Server
RouterB
RouterC
Ctrl_]: The server interrupts the connection.

If the network connection is normal, when you press Ctrl+], the Telnet server interrupts the
current Telnet connection actively. For example:
<RouterC> (Press <Ctrl_]> to return to the prompt of RouterB.
Note: The max number of VTY users is 5, and the current number
of VTY users on line is 0.
The connection was closed by the remote host!
<RouterB> (Press <Ctrl_]> to return to the prompt of RouterA.)
The connection was closed by the remote host!
<RouterA>
Issue 04 (2009-12-20)

9-3
Quidway NetEngine80
9 Telnet and SSH
If the network disconnects, the shortcut keys become invalid. The instruction cannot be sent to the
server.
Ctrl_K: The client interrupts the connection.

When the server fails and the client is unaware of the failure, the server does not respond to
the input of the client. In this case, if you press Ctrl+K, the Telnet client interrupts the
connection actively and quits the Telnet connection.
For example:
<RouterC> (Press <Ctrl_K> to directly interrupt the connection and quit Telnet
connection.
<RouterA>
When the number of remote login users reaches to the maximum number of VTY user
interfaces, the system prompts that all user interfaces are in use and you cannot use Telnet to
log in.
9.1.3 SSH Terminal Services

Overview of SSH
When users on an insecure network log in to the router through Telnet, the Secure Shell (SSH)
feature offers security guarantee and powerful authentication. It protects the router from
attacks such as IP address spoofing and interception of plain text password.
The router can be connected with multiple SSH users.
The SSH client function allow users to establish SSH connections with a router that supports
SSH server or a UNIX host. As shown in Figure 9-4 and Figure 9-5, an SSH channel is set up
for the local connection and the Wide Area Network (WAN) connection.
9-4

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH
Figure 9-4 Establishing an SSH channel in a LAN

WorkStation
Router
Ethernet
Server
100BASE-TX
LapTop
PC
PC running SSH client
Figure 9-5 Establishing an SSH channel in a WAN

Local LAN
Remote LAN
WAN
Router
SSH router
PC run SSH client
PC
Advantages of SSH
The product provides the functions of SFTP and STelnet client.
z
STelnet client
The Telnet protocol does not provide secure authentication. The contents that are
transmitted through the TCP are in plain text. This leads to security problems. The
system also faces serious threats from DOS attacks, the host IP address spoofing and
routing spoofing. Telnet services are prone to network attacks.
SSH implements secure remote access on insecure networks and it has the following
advantages compared to Telnet:
Issue 04 (2009-12-20)
SSH supports RSA authentication mode. In RSA authentication, SSH implements

secure key exchange by generating public and private keys. These keys are generated
according to the encryption principle of the asymmetric encryption system. This
implements the secure process of sessions.
SSH supports Data Encryption Standard (DES), 3DES and AES.
The username and the password are both encrypted in the communication between
the client and the server of SSH. This is to prevent the password from being
intercepted.
SSH provides encryption to the transmitted data to guarantee security and reliability.
SFTP client

9-5
Quidway NetEngine80
9 Telnet and SSH
SFTP is short for Secure FTP. You can log in to the device from the secure remote end to
manage the files. This improves the security of data transmission for the remote end to
update its system. Meanwhile, the client function enables you to log in to the remote
device through SFTP for the secure file transmission.
Process to Set Up SSH Connections

The following are procedures to set up SSH connections.
z
Negotiating versions
The SSK client sends a request packet to the server for setting up a TCP connection.
After the TCP connection is set up, the server and the client begin to negotiate the SSH
version number. If the version numbers are matched, continue to negotiate the shared key.
If the version numbers are not matched, the server interrupts the TCP connection.
Negotiating key algorithm

This procedure covers two actions: negotiating the key and accounting the session key.
The detailed procedures are as follows:
The server generates the RAS key randomly and sends the public key to the client.
The client calculates the key based on the received RSA public key and the local key
generated randomly
The client then encrypts the randomly local-generated key with the RAS public key,
and sends it to the server.
The server decrypts the received packets with its private key and gets the random key
generated on the client. It then calculates the session key.
In this way, the server and the client have the same session keys to guarantee the
session security.
Negotiating authentication mode

After the session key is calculated, the server needs to authenticate the client.
The client sends the identity information to the server.
If the non-authentication mode is configured on the server, a session request is
performed.
If the authentication mode is configured on the server, the client is authenticated sends
the authentication request to the server. The result can be that the authentication succeeds
or the connection is interrupted because of timeout.
The SSH server provides the following authentication modes:
Password authentication: The server compares the configured password and that from
the client; if they match, authentication succeeds.
RSA authentication: Configure the RSA public key of the client on the server and the
client sends all the member modules to the server. The server then authenticates the
modulo, generates a number randomly, encrypts the number with the RSA public key
of the client and sends the encrypted number to the client. The server and the client
both calculate the key based on the number randomly generated. The client calculates
the number used by the server to authenticate the client and sends the result to the
server. The server then compares the received result with that locally calculated. If
they are the same, the authentication succeeds.
Sending session request

After the authentication succeeds, the client sends the session request to the server. The
server then processes this request and the interactive session is performed.
9-6
Performing the interactive session

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH
In the interactive session, the server and the client encrypt and decrypt the data with the
session key.
9.2 Configuring Telnet Terminal Services

When you log in to a router through Telnet to manage or maintain the router, configure the
Telnet terminal services.
Before configuring Telnet terminal services, complete the following tasks:
z
Configuring the IP addresses for interfaces of the router correctly
Configuring users, authentication modes and call-in or call-out restrictions
Configuring a reachable route between the terminal and the router
Data Preparation
To configure Telnet terminal services, you need the following data.
No.
Data
IP address of the router
VPN instance name
IP address or host name of the remote router
Number of the TCP port that provides Telnet services on the remote router
Timeout period of the user interface
No.
Procedure
Establishing a Telnet Connection
Establishing a Telnet Redirection Connection
Scheduled Telnet Disconnection
Issue 04 (2009-12-20)

9-7
Quidway NetEngine80
9 Telnet and SSH
9.2.2 Establishing a Telnet Connection

Do as follows on the login router logged in to from the client:
Step 1 Run:
telnet [ vpn-instance vpn-instance-name ] [-a source-ip-address] host-name
[ port-number ]
Log in to the router and manage other routers.

----End
9.2.3 Establishing a Telnet Redirection Connection

Perform the Telnet operation on the client to set up a connection with the router.
Do as follows the router logged in to from the client:
Step 1 Run:
system-view

Step 2 Run:
interface aux interface-number
The interface view is displayed.

Step 3 Run:
async mode flow
The asynchronous interface of the router connected with external devices is configured to the
interactive mode.
Step 4 Run:
redirect
The Telnet redirection function of the user interface is enabled.

Step 5 Run:
return
Return to the user view.

Step 6 Run:
telnet [ vpn-instance vpn-instance-name ] [-a source-ip-address ] host-name
[ port-number ]
Log in to the router through the specified interface and connect with the asynchronous
interface of the specified interface.
----End
9-8

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH
9.2.4 Scheduled Telnet Disconnection

Step 1 Run:
system-view

Step 2 Run:

Step 3 Run:
The scheduled Telnet disconnection is enabled.

----End

Action
Command
Check the connection status of the current

user-interface.
display users
Check the connection status of all user-interfaces.
display users all
Check the status of all the established TCP

connections.
display tcp status
Run the display tcp status command to view TCP connection status. When ESTAB indicates
that the TCP connection is established.
<Quidway> display tcp status
TCPCB
Foreign Add:port
VPNID
State
39952df8 36 /1509
0.0.0.0:0
0.0.0.0:0
Closed
32af9074 59 /1
34042c80 73 /17
0.0.0.0:21
10.164.39.99:23
0.0.0.0:0
10.164.6.13:1147
14849 Listening
0
Established
Issue 04 (2009-12-20)
Tid/Soid
Local Add:port

9-9
Quidway NetEngine80
9 Telnet and SSH
9.3 Configuring SSH Users

The STelnet or SFTP client can log in to the SSH server to perform operations only after SSH
users are correctly configured on the SSH server.
Before configuring SSH users, complete the following tasks:
z
Creating the local user
Configuring the RSA key of the client on the SSH server
Data Preparation
To configure SSH users, you need the following data.
No.
Data
Name and password of SSH users
Authentication mode of SSH users
Service type of SSH users
Name of the peer RSA public key assigned to SSH users
Operating directory of the SFTP service for SSH users
To configure the SSH user, you need to take the following steps.
9-10
No.
Procedure
Creating an SSH User
Configuring SSH for the VTY User Interface
Generating a Local RSA Key Pair
Configuring the Authentication Mode for SSH Users
(Optional)Configuring the Basic Authentication Information for SSH Users
(Optional)Authorizing SSH Users Through the Command Line
Configuring the Service Type of SSH Users
(Optional)Configuring the Authorized Directory of SFTP Service for SSH Users

Issue 04 (2009-12-20)
Quidway NetEngine80
No.
Procedure
9 Telnet and SSH
9.3.2 Creating an SSH User

Step 1 Run:
system-view

Step 2 Run:
ssh user user-name
The SSH user is created.

If the SSH user that has the authentication mode of password or password-rsa is created, you
need to create a local user that has the same name in the AAA view.
1.
Run:
aaa

2.
Run:
local-user username password {cipher| simple } password
The local user is created.

----End
If the SSH user is not created separately, you can create the SSH user when performing the following
configurations:
z
Configuring the Authentication Mode for SSH Users
Configuring the Service Type of SSH Users
9.3.3 Configuring SSH for the VTY User Interface

Step 1 Run:
system-view

Step 2 Run:
user-interface [ vty ] first-ui-number [ last-ui-number ]
The VTY user interface is displayed.

Step 3 Run:
Issue 04 (2009-12-20)

9-11
Quidway NetEngine80
9 Telnet and SSH

The AAA authentication mode is configured.

Step 4 Run:
protocol inbound ssh
The VTY is configured to support SSH.

----End
The authentication mode of the VTY user interface must be configured to AAA. Otherwise, the protocol
inbound ssh command cannot be configured successfully.
9.3.4 Generating a Local RSA Key Pair

Do as follows on the router that serves as the client and the server separately:
Step 1 Run:
system-view

Step 2 Run:
rsa local-key-pair create
A local RSA key pair is generated.

----End
To log in to the SSH server, the local RSA key pair must be configured and generated first. Before the
other configurations of SSH, you must configure the rsa local-key-pair create command to generate a
local key pair.
9.3.5 Configuring the Authentication Mode for SSH Users

Step 1 Run:
system-view

Step 2 Run:
ssh user username authentication-type { password | rsa | password-rsa | all }
The authentication mode for SSH users is configured.

Perform the following as required:
z
Authenticate the SSH user through the password.
1.
Run:
ssh user user-name authentication-type password
9-12

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH
The password authentication is configured for the SSH client.

2.
Run:
ssh authentication-type default password
The default password authentication is configured for the SSH client.

When the local authentication or HWTACACS authentication is adopted, if the number of
SSH users is small, configure the password authentication. If the number of SSH users is great,
configure the default password authentication for the SSH client.
z
Authenticate the SSH client through RSA.
1.
Run:
ssh user user-name authentication-type rsa
The RSA authentication is configured for the SSH client.

2.
Run:
rsa peer-public-key key-name
The public key view is displayed.

3.
Run:
public-key-code begin
The public key editing view is displayed.

4.
Run:
hex-data
The public key is edited.

5.
Run:
public-key-code end
Quit the public key editing view.

6.
Run:
peer-public-key end
Quit the public key view and return to the system view.
7.
Run:
ssh user user-name assign rsa-key key-name
The public key is assigned to the SSH users.

----End
Issue 04 (2009-12-20)
After the public key editing view is displayed, the RSA public key generated on the client software
can be sent to the server. Copy the RSA public key to the router that serves as the SSH server.
Before the peer RSA public key is assigned to the SSH client, the SSH server must be configured
and the peer RSA public key must be the RSA public key of the SSH client.

9-13
Quidway NetEngine80
9 Telnet and SSH
9.3.6 (Optional)Configuring the Basic Authentication Information

for SSH Users
Step 1 Run:
system-view

Step 2 Run:
ssh server rekey-interval hours
The interval for updating the server key pair is configured.

Step 3 Run:
ssh server timeout seconds
The timeout period of the SSH authentication is set.

Step 4 Run:
ssh server authentication-retries times
The number of retry times of the SSH authentication is set.

----End
9.3.7 (Optional)Authorizing SSH Users Through the Command

Line
There are four authentication modes for an SSH user, namely, password, rsa, password-rsa, and all. For
the configuration of the command line authorization in password mode, refer to the chapter "AAA and
User Management" in the Quidway NetEngine80 Core Router Configuration Guide - Security. This
section describes how to configure the command line authorization in RSA mode.

Step 1 Run:
system-view

Step 2 Run:
ssh user user-name authorization-cmd aaa
The command line authorization is configured for the specified SSH client.
After the command line authorization is configured for the SSH client through the RSA
authentication, you must perform the AAA configuration; otherwise, the command line
authorization does not become valid for the SSH client.
----End
9-14

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH
9.3.8 Configuring the Service Type of SSH Users

Step 1 Run:
system-view

Step 2 Run:
ssh user username service-type { sftp | stelnet | all }
The service type for the SSH client is configured.

----End
9.3.9 (Optional)Configuring the Authorized Directory of SFTP

Service for SSH Users
Step 1 Run:
system-view

Step 2 Run:
ssh user username sftp-directory directoryname
The authorized directory of SFTP service for SSH users is configured.

----End

Action
Command
Check the information of the SSH client

on the SSH server.
display ssh user-information
Check the information of the specified

SSH client on the SSH server.
display ssh user-information username
Run the display ssh user-information username command. It shows that the SSH user
named clinet001 is authenticated by password, and its serve mode is sftp.
[Quidway] display ssh user-information client001
User Name
: client001
Authentication-type : password
User-public-key-name : -
Issue 04 (2009-12-20)

9-15
Quidway NetEngine80
9 Telnet and SSH

Sftp-directory
: -
Service-type
: sftp
Authorization-cmd
: No
9.4 Configuring the SSH Server

You must enable STelnet or SFTP on the SSH server to perform the operation. The SSH
server also supports setting the number of the monitored port. You can set the number of the
port monitored by the SSH server to other port numbers so that the attacker does not know the
change of the monitored port number. This can prevent the consumption of the bandwidth and
system resources caused by the attacker's access to the standard port of the SSH server.
Before configuring SSH servers, complete the following tasks:
z
Connecting the SSH client and the SSH server correctly
Configuring reachable routes between the SSH client and the SSH server
Configuring the VTY user interface on the SSH server to support SSH
Configuring the SSH client on the SSH server
Creating the local RSA key pair on the SSH server
Data Preparation
To configure SSH servers, you need the following data.
No.
Data
Number of the port monitored by the SSH server
To configure an SSH server, you need to take following steps.
9-16
No.
Procedure
Enabling the STelnet Service
Enabling the SFTP Service
(Optional)Enabling the Earlier Version-Compatible Function
(Optional)Configuring the Number of the Port Monitored by the SSH Server
(Optional) Enabling the Trap Function

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH
No.
Procedure
(Optional)Configuring the Interval for Updating the Key Pair on the SSH Server
9.4.2 Enabling the STelnet Service

Do as follows on the router that serves as an SSH server:
Step 1 Run:
system-view

Step 2 Run:
stelnet server enable
The STelnet service is enabled.

----End
9.4.3 Enabling the SFTP Service

Step 1 Run:
system-view

Step 2 Run:
sftp server enable
The SFTP service is enabled.

----End
9.4.4 (Optional)Enabling the Earlier Version-Compatible Function

Do as follows on the router that serves as the SSH server:
Step 1 Run:
system-view

Step 2 Run:
ssh server compatible-ssh1x enable
The earlier version-compatible function is enabled.
Issue 04 (2009-12-20)

9-17
Quidway NetEngine80
9 Telnet and SSH
----End
By default, the SSH2.0 server is compatible with the SSH1.X server. If the client of SSH1.3
to SSH 1.99 should not be allowed to log in, you must run the undo ssh server
compatible-ssh1x enable command to disable the earlier version-compatible function. After
that, the SSH client that has the version number greater than 1.3 and smaller than 1.99,
including 1.3 and 1.99 cannot log in to the router.
z
Compared with SSH1.X, SSH2.0 extends the structure to support more authentication methods and
key exchange methods. In addition, the service capability of SSH2.0 is improved to support
functions such as SFTP.
This product supports the SSH versions that range from 1.3 to 2.0, including 1.3 and 2.0.
9.4.5 (Optional)Configuring the Number of the Port Monitored by

the SSH Server
Step 1 Run:
system-view

Step 2 Run:
ssh server port port-number
The number of the port monitored by the SSH server is configured.

----End
If a new number of the monitored port is configured, the SSH server interrupts all the STelnet and SFTP
connections and monitors the port of the new number. By default, the number of the port monitored by
the SSH server is 22.
9.4.6 (Optional) Enabling the Trap Function

Step 1 Run:
system-view

Step 2 Run:
snmp-agent trap enable ssh
The trap function is enabled.

----End
9-18

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH
9.4.7 (Optional)Configuring the Interval for Updating the Key

Pair on the SSH Server
Step 1 Run:
system-view

Step 2 Run:
ssh server rekey-interval interval
The interval for updating the key pair is set.

----End

Run the following command to check the previous configuration.
Action
Command
Check the global configuration

of the SSH server.
display ssh server status
When running the display ssh server status command, you can view that the version of the
protocol that the SSH session connects to is 1.99, and the times for the SSH session to retry
connecting is 5.
<Quidway> display ssh server status
SSH version :
1.99
SSH connection timeout :
60 seconds
SSH server key generating interval : 2 hours

SSH Authentication retries :
5 times
SFTP server:
Enable
STelnet server:
Enable
SSH server port:
55535
If the default number of the monitored port is adopted, information about the currently monitored port is
not displayed.
Issue 04 (2009-12-20)

9-19
Quidway NetEngine80
9 Telnet and SSH
9.5 Configuring the STelnet Client Function

The SSH2 feature offers security guarantee and powerful authentication. It protects the router
form attacks such as IP address spoofing and interception of plain text password. The SSH
user can use the STelnet service as the Telnet service.
Before connecting the STelnet client to the SSH2 server, complete the following tasks:
z
Generating the local RSA key pair on the SSH server
Configuring the SSH user on the SSH server
Enabling the STelnet service on the SSH server
Data Preparation
To connect the STelnet client to the SSH2 server, you need the following data:
No.
Data
Name of the SSH server
Preferred encrypted algorithm from the STelnet client to the SSH server
Preferred encrypted algorithm from the STelnet server to the SSH client
Preferred HMAC algorithm from the STelnet client to the SSH server
Preferred HMAC algorithm from the STelnet server to the SSH client
Preferred algorithm of key exchange
Name of the egress
Source address
To configure the functions for STelnet client server, you need to take the following steps.
9-20
No.
Procedure
Enabling the First-Time Authentication on the SSH Client
(Optional) Configuring the SSH Client to Assign the RSA Public Key to the SSH
Server

Issue 04 (2009-12-20)
Quidway NetEngine80
No.
Procedure
Enabling the STelnet Client
9 Telnet and SSH
9.5.2 Enabling the First-Time Authentication on the SSH Client

Do as follows on the router that serves as an SSH client:
Step 1 Run:
system-view

Step 2 Run:
ssh client first-time enable
The first-time authentication on the SSH client is enabled.

----End
The purpose of enabling the first-time authentication on the SSH client is to skip checking whether
the RSA public key of the SSH server is valid when the STelnet or SFTP client logs in to the SSH
server for the first time. The check is skipped because the STelnet or SFTP server has not saved the
RSA public key of the SSH server at this time.
If the first-time authentication is not enabled on the SSH client, when the STelnet or SFTP client
logs in to the SSH server for the first time, the STelnet or SFTP client fails to pass the check on the
RSA public key validity and cannot log in to the server.
Except for enabling the first-time authentication on the SSH client, the STelnet or SFTP client can assign
the RSA public key in advance to the SSH server on the SSH client to log in to the server successfully
for the first time.
9.5.3 (Optional) Configuring the SSH Client to Assign the RSA

Public Key to the SSH Server
Do as follows on the router that serves as the SSH client:
Step 1 Run:
system-view

Step 2 Run:
ssh client servername assign rsa-key keyname
The RSA public key is assigned to the SSH server.

----End
Issue 04 (2009-12-20)

9-21
Quidway NetEngine80
9 Telnet and SSH
Before the peer RSA public key is assigned to the SSH server, the SSH client must be configured and the
assigned RSA public key must be the RSA public key of the SSH server. Thus, the STelnet or SFTP
client can pass the validity check on the RSA public key of the SSH server.
9.5.4 Enabling the STelnet Client

Step 1 Run:
system-view

Step 2 Run:
stelnet [ -a source-address ] host-ipv4 [ port ] [ [ prefer_kex { dh_group1 |
dh_exchange_group } ] | [ prefer_ctos_cipher { des | 3des | aes128 } ] |
[ prefer_stoc_cipher { des | 3des | aes128 } ] | [ prefer_ctos_hmac { sha1 | sha1_96 | md5 |
md5_96 } ] | [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ] | [ -vpn-instance
vpn-instance-name ] ] command. You can log in to the SSH server through STELNET.
----End
When accessing the SSH server, the STelnet client can carry the source address and the name of the
VPN instance and choose the key exchange algorithm, encrypted algorithm, and HMAC algorithm.

Action
Command
Check the mapping between the RSA

public key and the SSH client on the SSH
client.
display ssh server-info
Check the session of the SSH client on

the SSH server.
display ssh server session
When running the display ssh server session command, you can view that the client logs in
from VTY3, with stelent service by password authentication.
<Quidway> display ssh server session
Session 1:
Conn
: VTY 3
Version
: 2.0
State
: started
Username
: client001
Retry
: 1
CTOS Cipher
9-22
: aes128-cbc
STOC Cipher
: aes128-cbc
CTOS Hmac
: hmac-sha1-96
STOC Hmac
: hmac-sha1-96

Issue 04 (2009-12-20)
Quidway NetEngine80
Kex
Service Type
9 Telnet and SSH

: diffie-hellman-group1-sha1
: stelnet
Authentication Type : password
9.6 Configuring the SFTP Client Function

SFTP enables users to log in to the device from the secure remote end to manage the file. This
improves the security of data transmission for the remote end to update its system. Meanwhile,
the client function enables you to log in to the remote device through SFTP for the secure file
transmission.
Before connecting the SFTP client to the SSH2 server, complete the following tasks:
z
Creating the local RSA key pair on the SSH server
Configuring the SSH client on the SSH server
Enabling the SFTP service on the SSH server
Data Preparation
To connect the SFTP client to the SSH2 server, you need the following data.
No.
Data
Preferred encrypted algorithm from the SFTP client to the SSH server
Preferred encrypted algorithm from the SFTP server to the SSH client
Preferred HMAC algorithm from the SFTP client to the SSH server
Preferred HMAC algorithm from the SFTP server to the SSH client
Preferred algorithm of key exchange
Name of the egress
Source address
10
Directory name
11
File name
Issue 04 (2009-12-20)

9-23
Quidway NetEngine80
9 Telnet and SSH
To configure the function of SFTP client, you need to take the following steps.
No.
Procedure
Configuring the First-Time Authentication on the SSH Client
Configuring the SSH Client to Assign the RSA Public Key to the SSH Server
Enabling the SFTP Client
(Optional) Managing the Directory
(Optional) Managing the File
(Optional)Displaying the SFTP Client Command Help
9.6.2 Configuring the First-Time Authentication on the SSH

Client
Step 1 Run:
system-view

Enable the first authentication of the SSH client.

----End
9.6.3 Configuring the SSH Client to Assign the RSA Public Key to
the SSH Server
Step 1 Run:
system-view

Step 2 Run:
ssh client servername assign rsa-key keyname
Assign a public key to the SSH server.

----End
9-24

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH
9.6.4 Enabling the SFTP Client

Step 1 Run:
system-view

Step 2 Run:
sftp [ -a source-address ] host-ipv4 [ port ] [ [ prefer_kex { dh_group1 |
dh_exchange_group } ] | [ prefer_ctos_cipher { des | 3des | aes128 } ] |
[ prefer_stoc_cipher { des | 3des | aes128 } ] | [ prefer_ctos_hmac { sha1 | sha1_96 | md5 |
md5_96 } ] | [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ] | [ -vpn-instance
vpn-instance-name ] ]
You can log in to the SSH server through SFTP.
----End
The command of enabling the SFTP client is similar to that of the STelnet. When accessing the SSH
server, the SFTP can carry the source address and the name of the VPN instance and choose the key
exchange algorithm, encrypted algorithm and HMAC algorithm.
9.6.5 (Optional) Managing the Directory

Step 1 Run:
system-view

Step 2 Run:
sftp { [ -a source-address ] host-ipv4 [ port ] [ prefer_kex { dh_group1 |
dh_exchange_group } ] [ prefer_ctos_cipher { des | 3des | aes128 } ] [ prefer_stoc_cipher
{ des | 3des | aes128 } ] [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ]
[ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [-vpn-instance
vpn-instance-name ]
Step 3 According to the requirement, select and perform one or more configurations below.
z
Run:
cd remote-directory
The current operating directory of users is changed.

z
Run:
cdup
The operating directory of users is switched to the upper-level directory.

z
Run:
pwd
Issue 04 (2009-12-20)

9-25
Quidway NetEngine80
9 Telnet and SSH
The current operating directory of users is displayed.

Run:
dir/ls [ remote-directory ]
The file list in the specified directory is displayed.

Run:
rmdir remote-directory
The directory on the server is deleted.

Run:
mkdir remote-directory
A directory is created on the server.

----End
After the SFTP client logs in to the SSH server, you can create and delete the directory on the SSH
server, display the current operating directory and the file or information of the specified directory on
the SFTP client side.
9.6.6 (Optional) Managing the File

Step 1 Run:
system-view

Step 2 Run:
vpn-instance-name ]
Step 3 According to the requirement, select and perform one or more configurations below.
z
Run:
rename old-name new-name
The name of the specified file on the server is changed.

z
Run:
get remote-file [local-file]
The file on the remote server is downloaded.

z
Run:
put local-file [remote-file]
The local file is uploaded to the remote server.

z
Run:
remove remote-file
9-26

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH
The file on the server is removed.

----End
After the SFTP client logs in to the SSH server, you can change the file name, delete the file, display the
file list, upload and download the file on the SFTP client side.
9.6.7 (Optional)Displaying the SFTP Client Command Help

Step 1 Run:
system-view

Step 2 Run:
vpn-instance-name ]
Step 3 Run:
help [all | command-name]
The SFTP client command help is displayed.

----End

Action
Command
Check the mapping between the SSH server and the

RSA public key on the SSH client side.
display ssh server-info
Check the session of the SSH client on the SSH server.
display ssh server session
Run the display ssh server session command. The information is displayed that the client
logs in from VTY4 through sftp service in rsa authentication mode.
[Quidway] display ssh server session
Session 2:
Conn
: 2.0
State
: started
Username
Issue 04 (2009-12-20)
: VTY 4
Version
: client002

9-27
Quidway NetEngine80
9 Telnet and SSH

Retry
: 1
CTOS Cipher
: aes128-cbc
STOC Cipher
: aes128-cbc
CTOS Hmac
: hmac-sha1-96
STOC Hmac
Kex
Service Type
: hmac-sha1-96
: sftp
Authentication Type : rsa
9.7 Maintaining Telnet and SSH

This section covers the following topics:
z
Debugging Telnet Terminal Services
Debugging SSH Terminal Services
9.7.1 Debugging Telnet Terminal Services

When a Telnet fault occurs, run the following debugging command in the user view to locate
the fault.
Debugging affects the performance of the system. So, after debugging, run the undo
debugging all command to disable it immediately.
Action
Command
Enable Telnet debugging.
debugging telnet
9.7.2 Debugging SSH Terminal Services

This section coves the following topics:
z
Deleting the SSH User
Debugging SSH
Deleting the SSH User

Delete the SSH user using the following commands in the system view.
9-28
Action
Command
Delete the specified SSH user.
undo ssh user user-name
Delete all the SSH users.
undo ssh user

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH
Debugging SSH
Debugging affects the performance of the system. So, after debugging, run the undo
debugging all command to disable it immediately.
When a fault occurs, run the debugging command in the user view to locate the fault. For the
procedure of displaying the debugging information, refer to the Configuration Guide - System
Management.
Action
Command
Enable the debugging of the

SSH function.
debugging ssh server { vty index | all }{ message | event |

packet | all }

9.8.1 Example for Configuring Telnet Terminal Services
As shown in Figure 9-6, Router A and Router B can ping through each other. Users can log in
to Router B from Router A through Telnet.
Figure 9-6 Networking diagram of the Telnet terminal services mode
GE1/0/0
1.1.1.1/24
RouterA
GE1/0/0
1.1.1.2/24
RouterB
1.
Configure the authentication mode and the password of the user interface VTY0 to
VTY4 on Router B.
2.
Users need to input the password when they log in to Router B from Router A through
Telnet.
Data Preparation
Issue 04 (2009-12-20)

9-29
Quidway NetEngine80
9 Telnet and SSH

z
The host address of Router B
The authentication mode and the password
Step 1 Configure the IP address.
# Configure Router A.
<RouterA> system-view
[RouterA] interface gigabitethernet1/0/0
[RouterA-GigabitEthernet1/0/0] undo shutdown
[RouterA-GigabitEthernet1/0/0] ip address 1.1.1.1 24
# Configure Router B.
<RouterB> system-view
[RouterB] interface gigabitethernet1/0/0
[RouterB-GigabitEthernet1/0/0] undo shutdown
[RouterB-GigabitEthernet1/0/0] ip address 1.1.1.2 24
Step 2 Configure the authentication mode and the password of Telnet on Router B.
<RouterB> system-view
[RouterB] user-interface vty 0 4
[RouterB-ui-vty0-4] authentication-mode password
[RouterB-ui-vty0-4] set authentication password simple 123456
[RouterB-ui-vty0-4] quit
Step 3 Log in to Router B from Router A through Telnet.

<RouterA> telnet 1.1.1.2
Trying 1.1.1.2 ...
Connected to 1.1.1.2 ...
***********************************************************
*
All rights reserved (2000-2005)
Without the owner's prior written consent,
*
*
* no decompiling or reverse-engineering shall be allowed. *

* Notice:
This is a private communication system.

Unauthorized access or use may lead to prosecution.
***********************************************************
Login authentication
Password:
<RouterB>
----End
Configuration Files
z
Configuration file of Router A (It is not mentioned here.)
Configuration file of Router B
9-30

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH
sysname RouterB
#
set authentication password simple 123456
#
return
undo shutdown
9.8.2 Example for Connecting the STelnet Client to the SSH

Server
As shown in Figure 9-7, after the STelnet service is enabled on the SSH server, the STelnet
client can log in to the SSH server through the password or RSA authentication.
Configure two login clients:
z
Configure Client001 with the password as huawei and adopt the password
authentication.
Configure Client002, adopt the RSA authentication and assign the public key RsaKey001
to Client002.
The user interface supports only SSH.

Figure 9-7 Networking diagram of connecting the STelnet client to the SSH server
SSH Server
STelnet Client
1.
Configure both Client001 and Client002 on the SSH server.
2.
Generate the local key pairs on the STelnet client and the SSH server respectively.
3.
Generate the RSA public key on SSH server and bind the RSA public key of SSH client
to Client002.
4.
Enable STelnet service on the SSH server.
5.
Users Client001 and Client002 log in to the SSH server through STelnet.
Data Preparation
z
Name and the authentication mode of the SSH user
Password or the RSA public key of the SSH user
Issue 04 (2009-12-20)

9-31
Quidway NetEngine80
9 Telnet and SSH
Step 1 Generate a local key pair on the server.
[Quidway] rsa local-key-pair create
The key name will be: Quidway_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
.......++++++++++++
..........++++++++++++
...................................++++++++
......++++++++
If the local key pair is generated before, this step can be ignored.
Step 2 Create an SSH user on the server.

The SSH client can be authenticated in four modes: password, RSA, password-RSA, and all.
z
If the password and password-RSA authentication is used, configure a local user of the same user
name.
If the RSA, password-RSA, and all authentication is used, the server must save the RSA public key
of the SSH client.
# Configure the VTY user interface.

[Quidway-ui-vty0-4] protocol inbound ssh
[Quidway-ui-vty0-4] quit
z
Create an SSH user Client001.
# Set the password authentication for the SSH user Client001.

[Quidway] ssh user client001
[Quidway] ssh user client001 authentication-type password
# Set the password of the SSH user Client001 to huawei.

[Quidway] aaa
[Quidway-aaa]local-user client001 password simple huawei
[Quidway-aaa]local-user client001 service-type ssh
[Quidway-aaa] quit
z
Create an SSH user Client002.
# Configure the RSA authentication for the SSH user Client002.

[Quidway] ssh user client002 authentication-type rsa
Step 3 Configure the RSA public key on the server.

# Generate the RSA public key on the client software.
9-32

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH
For the detailed configuration procedures, refer to the related operations of the client software. This is
not mentioned here.
# Generate the local key pair on the client.

[Quidway] sysname client
[client002] rsa local-key-pair create
# Generate the RSA public key on the client.

[client002] display rsa local-key-pair public
=====================================================
Time of Key pair created: 16:38:51 2007/5/25
Key name: Quidway_Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB
203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8
EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43
1D7E3E1B
0203
010001
Host public key for PEM format code:
---- BEGIN SSH2 PUBLIC KEY ---AAAAB3NzaC1yc2EAAAADAQABAAAAQQC/815LxhvXhvkHtd59Z3DD5f0XqyA8j8u7
yP3y98tnTlGehBkPa5eo6pH8S7nhiDZedL/VTGh3Z6ica0Mdfj4b
---- END SSH2 PUBLIC KEY ---Public key code for pasting into OpenSSH authorized_keys file :
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAQQC/815LxhvXhvkHtd59Z3DD5f0XqyA8j8u7yP3y98tn
TlGehBkPa5eo6pH8S7nhiDZedL/VTGh3Z6ica0Mdfj4b rsa-key
=====================================================
Key name: Quidway_Server
=====================================================
Key code:
3067
0260
BCFAC085 49A2E70E 1284F901 937D7B63 D7A077AB
D2797280 4BCA86C0 4CD18B70 5DFAC9D3 9A3F3E74
9B2AF4CB 69FA6483 E87DA590 7B47721A 16391E27
1C76ABAB 743C568B 1B35EC7A 8572A096 BCA9DF0E
BC89D3DB 5A83698C 9063DB39 A279DD89
0203
010001
[client002]
# Send the RSA public key generated on the client software to the server.
[Quidway]rsa peer-public-key RsaKey001
Enter "RSA public key" view, return system view with "peer-public-key end".
[Quidway-rsa-public-key]public-key-code begin
Issue 04 (2009-12-20)

9-33
Quidway NetEngine80
9 Telnet and SSH
Enter "RSA key code" view, return last view with "public-key-code end".
[Quidway-rsa-key-code] 3047
[Quidway-rsa-key-code] BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB
[Quidway-rsa-key-code] 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8
[Quidway-rsa-key-code] EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43
[Quidway-rsa-key-code] 1D7E3E1B
[Quidway-rsa-key-code] public-key-code end
[Quidway-rsa-public-key] peer-public-key end
Step 4 Bind the SSH user Client002 to the RSA public key of the SSH client.
[Quidway] ssh user client002 assign rsa-key RsaKey001
Step 5 Enable the STelnet service on the SSH server.

# Enable the STelnet service.
[Quidway] stelnet server enable
Step 6 Configure the STelnet service for the SSH users Client001 and Client002.
[Quidway] ssh user client001 service-type stelnet
Step 7 Connect the STelnet client to the SSH server.

# For the first login, you need to enable the first authentication on SSH client.
[client001] ssh client first-time enable
# Client001 of the STelnet connects to SSH server through the password authentication mode.
Enter the user name and password..
<client001> system-view
[client001] stelnet 10.164.39.222

Please input the username:client001
Trying 10.164.39.222 ...
Connected to 10.164.39.222 ...
The server is not authenticated. Do you continue to access it?(Y/N):y
Do you want to save the server's public key?(Y/N):y
he server's public key will be saved with the name: 10.164.39.222. Please wait...s
Enter password:
Enter the password "huawei", and the following output is displayed after successful login:
***********************************************************
*
*

* Notice:
*
*

*
*
***********************************************************
9-34

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH
<Quidway>
# Connect the STelnet client002 to the SSH server in the RSA authentication.
[client002] stelnet 10.164.39.222

Please input the username: client002
Trying 10.164.39.222 ...
Connected to 10.164.39.222 ...
***********************************************************
*
*

* Notice:
*
*

*
*
***********************************************************
<Quidway>
Step 8 Verify the configuration.

After the configuration, run the display ssh server status and display ssh server session
commands. You can view that the STelnet service is enabled and the STelnet client is
connected to the SSH server successfully.
# Display the SSH status.
[Quidway] display ssh server status
STelnet server:
Enable
SSH version :
1.99
60 seconds

3 times
SFTP server:
STELNET server:
Disable
Enable
# Display the connection of the SSH server.

Session 1:
Conn
: VTY 3
Version
: 2.0
State
: started
Username
: client001
Retry
: 1
CTOS Cipher
: aes128-cbc
CTOS Hmac
: hmac-sha1-96
STOC Hmac
Kex
: hmac-sha1-96
Service Type
Issue 04 (2009-12-20)
: aes128-cbc
STOC Cipher
: stelnet

9-35
Quidway NetEngine80
9 Telnet and SSH

Session 2:
Conn
: VTY 4
Version
: 2.0
State
: started
Username
: client002
Retry
: 1
CTOS Cipher
: aes128-cbc
STOC Cipher
: aes128-cbc
CTOS Hmac
: hmac-sha1-96
STOC Hmac
Kex
: hmac-sha1-96
Service Type
: stelnet
# Display the information of the SSH user.

[Quidway]display ssh user-information
User 1:
User Name
: client001
Authentication-type : password
User-public-key-name : Sftp-directory
: -
Service-type
: stelnet
Authorization-cmd
: No
User 2:
User Name
: client002
Authentication-type : rsa
User-public-key-name : RsaKey001
Sftp-directory
: -
Service-type
: stelnet
Authorization-cmd
: No
----End
Configuration Files
#
sysname Quidway
#
rsa peer-public-key rsakey001
3047
0240
BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB 203C8FCB BBC8FDF2 F7CB674E
519E8419 0F6B97A8 EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43 1D7E3E1B
0203
010001
public-key-code end
peer-public-key end
#
aaa
local-user client001 password simple huawei
local-user client001 service-type ssh
#
ssh user client002 assign rsa-key rsakey001
ssh user client001 authentication-type password
9-36

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH
ssh user client002 authentication-type RSA

ssh user client001 service-type stelnet
ssh user client001
ssh user clietn002
ssh user client002
#
#
return
9.8.3 Example for Connecting the SFTP Client to the SSH Server
As shown in Figure 9-8, after the SFTP service is enabled on the SSH server, the SFTP client
can log in to the SSH server in the authentication mode: password, RSA, Password-RSA, and
all.
Figure 9-8 Networking diagram of connecting the SFTP client to the SSH server
SSH Server
SFTP Client
1.
Configure Clinet001 and Client002 on the router.
2.
Generate the local key pair on the STelnet client and the SSH server respectively.
3.
Generate the RSA public key on the SSH server and bind the RSA public key of SSH
client to Client002.
4.
Enable the STelnet service on the SSH server.
5.
Configure the service type and authorized directory of the SSH user.
6.
Users Client001 and Client002 log in to the SSH server through SFTP.
Data Preparation
z
Name and the authentication mode of the SSH user
Issue 04 (2009-12-20)

9-37
Quidway NetEngine80
9 Telnet and SSH
Generating keys...
.......++++++++++++
..........++++++++++++
...................................++++++++

The SSH user has four authentication modes, namely, password, RSA, password-rsa, and all.
z
When the SSH adopts the password or password-rsa authentication, configure a local user at the
same name.
When the SSH user adopts the RSA, password-rsa, or all authentication, the server should save the
RSA public key for the SSH client.
# Configure the VTY user Interface.

z
Create Client001 for the SSH user.
# Create an SSH user with the name Client001. The authentication mode is password.
# Set huawei as the password for the Client001 of the SSH user.
[Quidway] aaa
[Quidway-aaa] local-user client001 password simple huawei

[Quidway-aaa] local-user client001 service-type ssh
z
Create an SSH user with user name Client002 and RSA authentication.

Step 3 Configure the RSA public key of the server.

# Generate a local key pair on the client.
[Quidway] sysname client002
# View the RSA public key generated on the client.

=====================================================
9-38

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH

Key name: client002_Host
=====================================================
Key code:
3047
0240
1D7E3E1B
0203
010001
=====================================================
Key name: client002_Server
=====================================================
Key code:
3067
0260
9B2AF4CB 69FA6483 E87DA590 7B47721A 16391E27
BC89D3DB 5A83698C 9063DB39 A279DD89
0203
010001
[client002]
# Send the RSA public key generated on the client to the server.
[Quidway] rsa peer-public-key RsaKey001
[Quidway-rsa-public-key] public-key-code begin
Issue 04 (2009-12-20)

9-39
Quidway NetEngine80
9 Telnet and SSH
Step 4 Bind the RSA public key of the SSH client to Client002.
Step 5 Enable the STelnet service on the SSH server.

# Enable the STelnet service.
[Quidway] sftp server enable
Step 6 Configure the service type and authorized directory of the SSH user.
Two SSH users are configured on the SSH server: Client001 and Client002. The password
authentication is configured for Client001 and the RSA authentication is configured for
Client002.
[Quidway] ssh user client001 service-type sftp
[Quidway] ssh user client001 sftp-directory cfcard:
[Quidway] ssh user client002 sftp-directory cfcard:

# When you log in for the first time, enable the first-time authentication for the SSH client.
[client] ssh client first-time enable
# Connect the STelnet client001 to the SSH server in the password authentication.
[client001] sftp 10.164.39.222

Trying 10.164.39.222 ...
Connected to 10.164.39.222 ...
Enter password:
sftp-client>s
# Connect the STelnet client002 to the SSH server in the RSA authentication.
[client002] sftp 10.164.39.222

Please input the username: client002
Trying 10.164.39.222 ...
Connected to 10.164.39.222 ...
sftp-client>

commands. You can view that the STelnet service is enabled and the SFTP client is connected
to the SSH server successfully.
SSH version :
1.99
60 seconds
9-40

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH
SSH Authentication retries:

SFTP server:
3 times
Enable
STELNET server:
Disable

Session 1:
Conn
:VTY 3
Version
:2.0
State
:started
Username
:client001
Retry
:1
CTOS Cipher
:aes128-cbc
STOC Cipher
:aes128-cbc
CTOS Hmac
:hmac-sha1-96
STOC Hmac
:hmac-sha1-96
Kex
:diffie-hellman-group1-sha1
Service Type
:sftp
Authentication Type :password

Session 2:
Conn
:VTY 4
Version
:2.0
State
:started
Username
:client002
Retry
:1
CTOS Cipher
:aes128-cbc
STOC Cipher
:aes128-cbc
CTOS Hmac
:hmac-sha1-96
STOC Hmac
:hmac-sha1-96
Kex
:diffie-hellman-group1-sha1
Service Type
:sftp
# Display the information of the SSH user.

[Quidway]display ssh user-information
User 1:
User Name
:client001
Authentication-type :password
User-public-key-name :Sftp-directory
:flash :
Service-type
:sftp
Authorization-cmd
:No
User 2:
User Name
:client002
Authentication-type :rsa
User-public-key-name :RsaKey001
Sftp-directory
:Service-type
:sftp
Authorization-cmd
:No
----End
Issue 04 (2009-12-20)

9-41
Quidway NetEngine80
9 Telnet and SSH
Configuration Files
#
sysname Quidway
#
3047
0240
C4989BF0 416DA8F2 2675910D 7F2997E8 5573A35D 0163FD4A FAC39A6E 0F45F325
A4E3AA1D 54692B04 C6A28D3D C58DE2E8 E0D58D65 7A25CF92 A74D21F9 E917182B
0203
010001
public-key-code end
peer-public-key end
#
aaa
#
ssh user client002 assign rsa-key rsakey001
ssh user client001 service-type sftp
sftp server enable
ssh user client001 sftp-directory flash :.
ssh user client001
ssh user client002
#
#
return
9.8.4 Example for Accessing the SSH Server Through Other Port
Numbers
The standard monitored port number of the SSH protocol is 22. If the attacker accesses the
standard port continuously, the bandwidth is consumed and the performance of the server is
affected, and other users cannot access the standard port.
After the number of the port monitored by the SSH server is set to the other port numbers, the
attacker does not know the change of the number of the monitored port and keeps sending the
socket connection with the standard port number as 22. After detecting that the number of the
port that requests the connection is not the number of the monitored port, the SSH does not set
up the socket connection.
Thus, only the valid user can set up the socket connection through the non-standard monitored
port set by the SSH server, and follow the procedure of negotiating the SSH version number,
9-42

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH
negotiating the algorithm, generating the session key, authenticating, sending session request
and performing the interactive session.
The networking diagram is shown in Figure 9-9.
Figure 9-9 Networking diagram of accessing the SSH server through other port numbers
SSH Client
legal user
SSH Client
setting port
Netw ork
SSH Server
SSH Client
attacher
1.
Configure both Client001 and Client002 on the SSH server.
2.
Generate the local key pair on STelnet client and SSH server respectively. The SSH
server monitors the port number.
3.
Generate the local key pair on client and SSH server respectively.
4.
Generate the RSA public key on SSH server and bind the RSA public key of SSH client
to Client002.
5.
Enable STelnet and SFTP service on the SSH server.
6.
Configure service mode and authorization directory of the SSH user.
7.
Client001 and Client002 log in to the SSH server through STelnet and SFTP
respectively.
Data Preparation
z
Name and the authentication mode of SSH users
Issue 04 (2009-12-20)

9-43
Quidway NetEngine80
9 Telnet and SSH


Generating keys...
.......++++++++++++
..........++++++++++++
...................................++++++++

# Generate a local key pair of client on the client.
[Quidway] sysname client002
# View the RSA public key generated on the client.

=====================================================
Key name: client002_Host
=====================================================
Key code:
3047
0240
1D7E3E1B
0203
010001
=====================================================
Key name: client002_Server
=====================================================
Key code:
3067
0260
9B2AF4CB 69FA6483 E87DA590 7B47721A 16391E27
9-44

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH
BC89D3DB 5A83698C 9063DB39 A279DD89

0203
010001
[client]
# Send the RSA public key generated on the client to the server.

The SSH user has four authentication modes, namely, password, RSA, password-rsa, and all.
z
When the SSH adopts the password or password-rsa authentication, it requires you to configure a
local user with the same name.
When the SSH user adopts the RSA, password-rsa, or all authentication, the server should save the
RSA public key for the SSH client.
# Configure the VTY user Interface.

z
Create Client001 for the SSH user.
# Create an SSH user with the name Client001. The authentication mode is password.
# Set huawei as the password for the Client001 of the SSH user.
[Quidway] aaa
[Quidway-aaa] local-user client001 password simple huawei

[Quidway-aaa] local-user client001 service-type ssh
[Quidway-aaa] quit
# Configure service type of Client001 as STelnet.

z
Create an SSH user with the name of Client002 and RSA authentication, bound to RSA
public key of the SSH client.

Issue 04 (2009-12-20)

9-45
Quidway NetEngine80
9 Telnet and SSH
# Configure the service type of Client002 as SFTP and the authorization directory.
[Quidway] ssh user client002 sftp-directory hda1:
Step 4 Enable the STelnet service and the SFTP service on the SSH server.
# Enable the STelnet service and the SFTP service.
Step 5 Configure a new number of the port monitored by the SSH server.
[Quidway] ssh server port 1025

# Connect the STelnet client to the SSH server through the new port number.
[client001] stelnet 10.164.39.222 1025
Trying 100.2.150.13 ...
Connected to 100.2.150.13 ...
he server is not authenticated. Do you continue to access it?(Y/N):y
he server's public key will be saved with the name: 10.164.39.222. Please wait...
Enter password:
Enter the password Huawei and view as follows:

***********************************************************
*
*

* Notice:
*
*

*
*
***********************************************************
<Quidway>
# Connect the SFTP client to the SSH server through the new port number.
[client002]sftp 10.164.39.222 1025
Input Username:client002
Trying 100.2.150.13 ...
The server's public key does not match the one we cached.
Do you want to update the server's public key we cached?(Y/N):y
9-46

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH
sftp-client>

The attacker fails to access the SSH server through port 22.
[client002] sftp 10.164.39.222
Input Username:client002
Trying 10.164.39.222 ...
Can't establish tcp connection to server
commands. You can view the number of the port monitored by the SSH server and that the
STelnet client or SFTP client is connected to the SSH server successfully.
SSH version :
1.99
60 seconds
SSH server key generating interval :
0 hours
3 times
SFTP server:
Enable
STELNET server:
Enable
SSH server port:
1025

Session 1:
Conn
: VTY 3
Version
: 2.0
State
: started
Username
: client001
Retry
: 1
CTOS Cipher
: aes128-cbc
STOC Cipher
: aes128-cbc
CTOS Hmac
: hmac-sha1-96
STOC Hmac
Kex
: hmac-sha1-96
Service Type
: stelnet

Session 2:
Conn
: VTY 4
Version
: 2.0
State
: started
Username
: client002
Retry
: 1
CTOS Cipher
: aes128-cbc
STOC Cipher
: aes128-cbc
CTOS Hmac
: hmac-sha1-96
STOC Hmac
Kex
: hmac-sha1-96
Service Type
: sftp
----End
Issue 04 (2009-12-20)

9-47
Quidway NetEngine80
9 Telnet and SSH
Configuration Files
Configuration file of the SSH server Quidway.
z
#
sysname Quidway
#
3047
0240
0203
010001
public-key-code end
peer-public-key end
#
aaa
#
sftp server enable
ssh server port 1025
ssh user client001
ssh user client002
ssh user client002 assign rsa-key RsaKey001
#
#
return
z
Configuration file of Client001 on the SSH client
#
sysname client001
#
ip address 10.164.39.220 255.255.255.0
#
#
return
z
Configuration file of Client002 on the SSH client
#
sysname client002
#
ip address 10.164.39.221 255.255.255.0
9-48

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH
#
#
9.8.5 Example for Authenticating SSH Through RADIUS

When the RADIUS user is connected to the server, the SSH server sends the authentication
information about the SSH client, including the user name and password to the RADIUS
server that is compatible with the TACACS server for authentication.
The RADIUS server authenticates the user and sends the result (passed or failed) back to the
SSH server. If the authentication is passed, the user level is included in the result. The SSH
server determines whether the SSH client is allowed to set up a connection according to the
authentication result.
The networking diagram is shown in Figure 9-10.
Figure 9-10 Networking diagram of authenticating the SSH through RADIUS
SSH Client
SSH Server
RADIUS Server
1.
Configure the RADIUS template on the SSH server.
2.
Configure a domain on the SSH server.
3.
Create a user on the RADIUS server.
4.
Generate the local key pair on STelnet client and SSH server respectively. The SSH
server monitors the port number.
5.
Generate the local key pair on the client and SSH server respectively.
6.
Generate the RSA public key on SSH server and bind the RSA public key of the SSH
client to ssh2@ssh.com.
7.
Enable STelnet and SFTP services on the SSH server.
8.
Configure service mode and authorization directory of the SSH user.
9.
Users ssh1@ssh.com and ssh2@ssh.com log in to the SSH server through STelnet and
SFTP respectively.
Data Preparation
z
Configure the password authentications for the two SSH users respectively.
RADIUS authentication
Name of the RADIUS template
Issue 04 (2009-12-20)

9-49
Quidway NetEngine80
9 Telnet and SSH

z
Name of the RADIUS domain
Name and password of the RADIUS user
Step 1 Generate a local key pair on the SSH server.
Generating keys...
.......++++++++++++
..........++++++++++++
...................................++++++++s
Step 2 Generate the RSA public key on the server.

# Generate the local key pair on the client.
[Quidway] sysname client
[client] rsa local-key-pair create
# Generate the RSA public key on the client.

[client] display rsa local-key-pair public
=====================================================
Key name: Quidway_Host
=====================================================
Key code:
3047
0240
1D7E3E1B
0203
010001
=====================================================
Key name: Quidway_Server
9-50

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH
=====================================================
Key code:
3067
0260
9B2AF4CB 69FA6483 E87DA590 7B47721A 16391E27
BC89D3DB 5A83698C 9063DB39 A279DD89
0203
010001
[client]
# Send the RSA public key generated on the client software to the server.
Step 3 Create the SSH user.

On the RADIUS server, add two users named ssh1@ssh.com and ssh2@ssh.com respectively;
in addition, designate the NAS address 10.164.39.222 and the key huawei. The NAS address
refers to the address of SSH server that connects to the RADIUS server.
# Configure the VTY user Interface on SSH server.
# Create SSH users with their name ssh1@ssh.com and ssh2@ssh.com on the SSH server.
[Quidway] ssh user ssh1@ssh.com
[Quidway] ssh user ssh1@ssh.com authentication-type password
[Quidway] ssh user ssh1@ssh.com service-type stelnet
[Quidway] ssh user ssh2@ssh.com
[Quidway] ssh user ssh2@ssh.com authentication-type password
[Quidway] ssh user ssh2@ssh.com service-type sftp
[Quidway] ssh user ssh2@ssh.com sftp-directory cfcard:
# Bind the client public key to ssh2@ssh.com.

[Quidway] ssh user ssh2@ssh.com assign rsa-key RsaKey001
Step 4 Configure the RADIUS template.
Issue 04 (2009-12-20)

9-51
Quidway NetEngine80
9 Telnet and SSH
# Configure the authentication scheme Test and authentication mode RADIUS.

[Quidway] aaa
[Quidway-aaa] authentication-scheme test
[Quidway-aaa-authen-test] authentication-mode radius
[Quidway-aaa-authen-test] quit
# Configure the RADIUS template of SSH server as ssh.

[Quidway] radius-server template ssh
# Configure the IP address and port of the RADIUS authentication server.

[Quidway-radius-ssh] radius-server authentication 10.164.16.49 1812
# Configure the key of RADIUS server as huawei.

[Quidway-radius-ssh] radius-server shared-key huawei
[Quidway-radius-ssh] quit
Step 5 Configure RADIUS domain name.

# Configure the RADIUS domain of SSH server as ssh.com, applying authentication scheme
Test and RADIUS template ssh.
[Quidway] aaa
[Quidway-aaa] domain ssh.com
[Quidway-aaa-domain-ssh.com] authentication-scheme test
[Quidway-aaa-domain-ssh.com] radius-server ssh

[Quidway-aaa-domain-ssh.com] quit
[Quidway-aaa] quit
Step 6 Connect the SSH client and the SSH server.

# Enable STelnet and SFTP services on the SSH server.
[client] ssh client first-time enable
[client] quit
# Connect the STelnet client to the SSH server in the RADIUS authentication.
<client> system-view
[client] stelnet 10.164.39.222
Please input the username: ssh@ssh.com
Trying 10.164.39.222 ...
Connected to 10.164.39.222 ...
The server's public key will be saved with the name: 10.164.39.222. Please wait...
Enter password:
Enter the password Huawei and view as follows:

***********************************************************
*
9-52

Issue 04 (2009-12-20)
Quidway NetEngine80
*
9 Telnet and SSH

* Notice:
*
***********************************************************
<Quidway>
# Connect the SFTP client to the SSH server in the RADIUS authentication.
<client> system-view
[client] sftp 10.164.39.222
Please input the username: ssh@ssh.com
Trying 10.164.39.222 ...
Connected to 10.164.39.222 ...
Enter password:
sftp-client>

After the configuration, run the display radius-server configuration and display ssh server
session commands on the SSH server. You can view the configuration of the RADIUS server
on the SSH server. You can also view that the STelnet or SFTP client is connected to the SSH
server successfully in the RADIUS authentication.
# Display the configuration of the RADIUS server.
[Quidway-aaa] display radius-server configuration
------------------------------------------------------------------Server-template-name
: ssh
Protocol-version
: standard
Traffic-unit
: B
Shared-secret-key
: huawei
Timeout-interval(in second)
: 5
Primary-authentication-server
: 10.164.16.49:1812:LoopBack-1
Primary-accounting-server
: 0.0.0.0:0:LoopBack0
Secondary-authentication-server : 0.0.0.0:0:LoopBack0
Secondary-accounting-server
: 0.0.0.0:0:LoopBack0
Retransmission
: 3
Domain-included
: YES
-------------------------------------------------------------------

Session 1:
Conn
: VTY 0
Version
: 2.0
State
: started
Username
: ssh1@ssh.com
Retry
: 1
CTOS Cipher
Issue 04 (2009-12-20)
: aes128-cbc

9-53
Quidway NetEngine80
9 Telnet and SSH

STOC Cipher
: aes128-cbc
CTOS Hmac
: hmac-sha1-96
STOC Hmac
Kex
: hmac-sha1-96
Service Type
: stelnet

Session 2:
Conn
: VTY 1
Version
: 2.0
State
: started
Username
: ssh2@ssh.com
Retry
: 1
CTOS Cipher
: aes128-cbc
STOC Cipher
: aes128-cbc
CTOS Hmac
: hmac-sha1-96
STOC Hmac
Kex
: hmac-sha1-96
Service Type
: sftp
----End
Configuration Files
#
sysname Quidway
#
radius-server template ssh
radius-server authentication 10.164.16.49 1812
#
3047
0240
0203
010001
public-key-code end
peer-public-key end
#
aaa
authentication-scheme test
authentication-mode radius
#
domain ssh.com
authentication-scheme test
radius-server ssh
#
#
sftp server enable
ssh user ssh1@ssh.com
ssh user ssh2@ssh.com
ssh user ssh1@ssh.com authentication-type password
9-54

Issue 04 (2009-12-20)
Quidway NetEngine80
9 Telnet and SSH
ssh user ssh2@ssh.com authentication-type password

ssh user ssh1@ssh.com assign rsa-key RsaKey001
ssh user ssh1@ssh.com service-type stelnet
ssh user ssh2@ssh.com service-type sftp
ssh user ssh2@ssh.com sftp-directory flash :
#
#
Return
Issue 04 (2009-12-20)

9-55
Quidway NetEngine80
Contents
Contents
10 Router Maintenance ..............................................................................................................10-1
10.1 Introduction ...............................................................................................................................................10-2
10.1.1 Online Upgrade introduction ...........................................................................................................10-2
10.1.2 Device Operation Management........................................................................................................10-2
10.1.3 Electronic Label ...............................................................................................................................10-2
10.2 Upgrading the Board .................................................................................................................................10-2
10.2.1 Establishing the Configuration Task ................................................................................................10-3
10.2.2 Downloading the Board Software....................................................................................................10-3
10.2.3 Online Loading the Board Software ................................................................................................10-4
10.2.4 Upgrading the Stratum 3 Clock Board.............................................................................................10-4
10.2.5 Resetting the Board..........................................................................................................................10-4
10.3 Managing the Device Operation................................................................................................................10-5
10.3.1 Setting the Temperature Warning Threshold Upgrading the Board .................................................10-5
10.3.2 Disabling or Re-enabling the DASL Port of the LPU ......................................................................10-5
10.3.3 Resetting the Device and Switching over the Channel ....................................................................10-6
10.3.4 Displaying the Device Information..................................................................................................10-6
10.4 Configuring the Electronic Labelelectronic ..............................................................................................10-7
10.4.2 Querying the Electronic Label .........................................................................................................10-7
10.4.3 Backing Up the Electronic Label .....................................................................................................10-7
10.5 Configuring a Cleaning Cycle for the Air Filter........................................................................................10-8
10.5.2 Configuring a Checking of the Air Filter based on the Device Temperature ...................................10-8
10.5.3 Configuring a Cleaning Cycle for the Air Filter...............................................................................10-9
10.5.4 Remonitoring the Cleaning Cycle of the Air Filter..........................................................................10-9
Issue 04 (2009-12-20)

Quidway NetEngine80
10
Router Maintenance
About This Chapter

The following table lists the contents of this chapter.
Section
Describes
10.1 Introduction
This section describes the principle and concepts of the

router maintenance.
10.2 Upgrading the Board
This section describes how to upgrade the board software
10.3 Managing the Device

Operation
This section describes how to manage the device

operation.
10.4 Configuring the

Electronic Label
This section describes how to configure the electronic

label.
Issue 04 (2009-12-20)

10-1
Quidway NetEngine80
10.1 Introduction
This section describes what you need to learn before maintaining the system, including:
z
Online Upgrade
Device Operation Management
Electronic Label
10.1.1 Online Upgrade introduction

The routerNE80 provides online upgrade for the system software. If the system fails after the
software upgrade, the router is restarted and the system switches back to the previous software
version for operation. At the same time, the router provides online patching for the system
software. You can upgrade only the features that need to be improved.
The route provides online software download and upgrade for the MPU and the LPU. When
upgrading the MPU or LPU board, reset the upgraded board only. Other boards do not need to
be reset. When upgrading the software of the LPU board, you can upgrade multiple LPU
boards at the same time. After the software upgrade, the previous software version is backed
up in the router. The online download of software has no impact on the operation of the
system.
The router series USR can upgrade each board respectively.
10.1.2 Device Operation Management

The device operation management is responsible for monitoring the running status of the
device and the setting of the parameters of the device. The functions fall into the following
types:
z
Displaying device information
Setting the device parameters and threshold
Disabling or re-enabling the DASL port on the LPU
Resetting the device and switching over the channel
10.1.3 Electronic Label

Electronic label is used to query about or back up the manufacturing information of the device.
Through the electronic label, you can query or back up the manufacturing information of the
board and the optical module of the router.The electronic label supports hierarchical query
and backup of manufacturing information. The information is of the boards and optical
modules on the whole chassis or on a specified slot number.
The manufacturing information of the boards and optical modules can be backed up at the
FTP server or the Flash card of the router.
10.2 Upgrading the Board
10-2

Issue 04 (2009-12-20)
Quidway NetEngine80
To ensure the normal running of the router, upgrade the board software with caution. Upgrade
the software under the guidance of the technical support personnel from Huawei. For detailed
upgrade procedure, refer to the router release notes.

Applicable Environments
When only one board needs software upgrade, you can perform online software upgrade for
this board only to save the software download time.
Preconfigured Tasks
Before upgrading the board software, complete the following tasks:
z
Powering on the router normally
Connecting the router with PC correctly through the console port
Data Preparations
To upgrade the board software, you need the following data.
No.
Data
Board software of the new version
Directory to store the software
No.
Procedure
Downloading the Board Software
Online Loading the Board Software
Upgrading the Stratum 3 Clock Board
Resetting the Board
10.2.2 Downloading the Board Software

For detailed procedures of downloading files, refer to the description of FTP, TFTP, and
XModem in Chapter "FTP, TFTP and XModem."
Issue 04 (2009-12-20)

10-3
Quidway NetEngine80
10.2.3 Online Loading the Board Software

Do as follows on the router to be upgraded.
Perform the following as required.
z
To load the MPU BootROM online, run:
upgrade { mpu | slavempu } bootrom filename

z
To load the slave MPU BootROM online, run:
upgrade lpu bootrom slot-id filename

z
To load the LPU program online, run:
upgrade lpu software { all | slot-id } filename
The preceding operation is performed for the upgrade of extended BootROM program. To upgrade the
small system or basic BootROM program, the BootROM chip need be changed.
10.2.4 Upgrading the Stratum 3 Clock Board

Step 1 Run:
upgrade clock slot-id { file-name | startup } { bootrom | software }
The BootROM of the stratum 3 clock board is upgraded.

----End
When the system software packet is being upgraded or the stratum 3 clock board runs
abnormally, you need to upload the software for the BootROM and the BootLoad again. If the
stratum 3 clock board runs normally, this step is not required.
10.2.5 Resetting the Board

Perform the following on the router where the board needs to be reset.
z
To reset the board, run:
reset slot slot-id

z
To reset the hub of the MPU, run:
reset slot { hub_a | hub_b }
You can use this command to reset boards including the LPU and the MPU by specifying the
slot number.

10-4
Action
Command
View the system version.
display version
View the status of the device.
display device

Issue 04 (2009-12-20)
Quidway NetEngine80
10.3 Managing the Device Operation

This section covers the following topics:
z
Setting the Temperature Warning Threshold
Disabling or Re-enabling the DASL Port of the LPU
Resetting the Device and Switching over the Channel
Displaying the Device Information
10.3.1 Setting the Temperature Warning Threshold Upgrading the

Board
Do as follows on the router to be configured.
Step 1 Run:
system-view

Step 2 Run:
lpu temperature-limit slot-id temperature
The temperature threshold for the LPU is set.

----End
The temperature threshold can be set for the LPU of the router. The system will send the
alarm information if the temperature exceeds the threshold.
10.3.2 Disabling or Re-enabling the DASL Port of the LPU

If an LPU is directly plugged out for resetting, this may cause reboot of other LPUs with a
probability less than 1%. Therefore, you can shut down the DASL port that connects the LPU
with the Switching Fabric Unit (SFU) by using the downlpu command before plugging out
the LPU. After inserting the LPU, you can re-enable the DASL port by using the undo
downlpu command.
Do as follows on the router to be configured in the user view.
Step 1 Run:
downlpu slot-id system-view
The DASL port on the LPU is disabled.

Step 2 Plug out the LPU.
Step 3 Run:
undo downlpu slot-id
The DASL port of the LPU is re-enabled

----End
Issue 04 (2009-12-20)

10-5
Quidway NetEngine80
10.3.3 Resetting the Device and Switching over the Channel

Run one of the following commands to enter a view as you need:
z
To reset the device at the specified slot, run:
reset slot slot-id

z
To reset the router, run:
reboot whole router

z
To switch over the communication channel, run:
switch communication-channel { ipc [ slot-id ] } { a | b }
10.3.4 Displaying the Device Information

After the configuration, run the following display commands in any view to view the
operation status of the device.
Action
Command
Display the basic information of the

device.
display device [ pic-status | slot-id ]
Display the self-test information of

the device.
display selftest [ slot-id ]
Display the version of the device.
display version [ slot-id ]
Display the environment

information.
display environment
Display the alarm or status

information.
display alarm record { slot-id | all }
Display the information on the CPU

usage.
display cpu-usage [ slave | slot slot-id ]

display cpu-usage { entry-number [ offset ]
[ verbose ] | slave | slot slot-id }
display cpu-usage configuration [ slave ]
10-6
Display the communication-channel

information.
display communication-channel [ { ipc { state |

statistic } | dem { link-status | state | statistic }}
[ slot-id ] ]
Display the startup type and time of

the LPU.
display lpu { slot-id | all } startup

Issue 04 (2009-12-20)
Quidway NetEngine80
10.4 Configuring the Electronic Labelelectronic

When querying for the electronic label information of all boards including the optical module
and individual entity on the chassis, or backing up the electronic label information to a
specified FTP server, you need to configure the electronic label function.
None.
Data Preparation
None.
No.
Procedure
Querying the Electronic Label
Backing Up the Electronic Label
10.4.2 Querying the Electronic Label

Step 1 Run:
display elabel [ slot-id ]
The electronic label is queried.

----End
10.4.3 Backing Up the Electronic Label

Do as follows on the router whose electronic label to be backed up.
Step 1 Run:
system-view

Step 2 Run:
backup elabel filename [ slot-id ]
The electronic label is backed up to the default FLash Memory.

----End
Issue 04 (2009-12-20)

10-7
Quidway NetEngine80
If the electronic label should be backed up to a specified FTP server, run the backup elabel ftp host
filename username password [ slot-id ] command.
10.5 Configuring a Cleaning Cycle for the Air Filter

Applicable Environments
You need to clean the air filter after the air filter has been running for a period of time.
Preconfigured Tasks
None.
Data Preparations
To configure a cleaning cycle for the air filter, you need the following data.
No.
Data
Cleaning cycle of the air filter
No.
Procedure
Configuring a Checking of the Air Filter based on the Device Temperature
Configuring a Cleaning Cycle for the Air Filter
Remonitoring the Cleaning Cycle of the Air Filter
10.5.2 Configuring a Checking of the Air Filter based on the

Device Temperature
Step 1 Run:
system-view

Step 2 Run:
dustproof check-auto
10-8

Issue 04 (2009-12-20)
Quidway NetEngine80
The checking of the air filter based on the device temperature is configured.
By default, the checking of the air filter based on the device temperature is enabled.
----End
10.5.3 Configuring a Cleaning Cycle for the Air Filter

Step 1 Run:
system-view

Step 2 Run:
dustproof check-timer day INTEGER
The cleaning cycle for the air filtered is configured.

The air filter is a component without memory. All the monitored information is saved on the MPU,
which may be inserted, removed, switched, or replaced during usage. Therefore, the monitoring cycle
may differ from the set cycle, but this does not affect the monitoring function.
----End
10.5.4 Remonitoring the Cleaning Cycle of the Air Filter

The system generates an alarm about cleaning the air filter. After ensuring that the air filter is
cleaned or does not need to be cleaned, you need to clear the alarm and remonitor the cleaning
cycle of the air filter.
Step 1 Run:
reset dustproof run-time
The alarm is cleared. The cleaning cycle of the air filter is monitored.
----End

Action
Command
View the information about the

air filter.
display dustproof
<Quidway> display dustproof

Clean Dustproof-Net cycle : 365(days)
Last clean date
Issue 04 (2009-12-20)
: 2009/02/07

10-9
Quidway NetEngine80
Up to last clean days
: 1(day)
Clean alarm existence days: 0(day)
10-10

Issue 04 (2009-12-20)
Quidway NetEngine80
Contents
Contents
11 System Software Upgrade ....................................................................................................11-1
11.1 Introduction ............................................................................................................................................... 11-2
11.1.1 System Software Upgrade................................................................................................................ 11-2
11.1.2 License ............................................................................................................................................. 11-2
11.2 Uploading the System Software and License Files ................................................................................... 11-3
11.2.1 Establishing the Configuration Task ................................................................................................ 11-3
11.2.2 Uploading the System Software and License to the Master MPU ................................................... 11-3
11.2.3 Copying the System Software and License to the Slave MPU......................................................... 11-4
11.2.4 Checking the Configuration ............................................................................................................. 11-4
11.3 Specifying the System Software for the Next Startup of the Router ......................................................... 11-5
11.3.1 Establishing the Configuration Task ................................................................................................ 11-5
11.3.2 Specifying the System Software for the Next Startup...................................................................... 11-5
11.3.3 (Optional) Configuring PAF Files .................................................................................................... 11-6
11.3.4 (Optional) Configuring Patch Packages ........................................................................................... 11-6
11.3.5 Checking the Configuration ............................................................................................................. 11-7
Issue 04 (2009-12-20)

Quidway NetEngine80
11
System Software Upgrade
About This Chapter

Section
Description
11.1 Introduction
This section describes the principle and concepts of the

system software upgrade.
11.2 Uploading the System

Software and License Files
This section describes how to upload the system software

and license files.
11.3 Specifying the System

Software for the Next Startup
of the Router
This section describes how to specify the system software

for the next startup of the router.
Issue 04 (2009-12-20)

11-1
Quidway NetEngine80
11.1 Introduction
This section covers the following topics that you need to know before upgrading the system
software:
z
System Software Upgrade
License
11.1.1 System Software Upgrade
When upgrading the system software, you must upgrade the license that is integrated with
the system software.
Upgrade the system software and license under the guidance of technical support
engineers.
Check the existing system software version before the upgrade.
When certain features are required on the current router, you can realize the addition through
upgrading the system software.
Before upgrading the system software, you need to obtain the system software and license
from Huawei.
The license contains two files: paf.txt and license.txt. The license file should be placed at
the root directory of the Flash, and the system file should be placed at the hardware disk.
After the upgrade is complete, do not delete the previous system software. When the upgrade
fails, the system software can restore to the previous version.
11.1.2 License
The license can be used to control the availability of some product features on a dynamic
basis. For example if the license file indicates that a particular feature is available, you can see
all related commands and functions after the system is started. If a feature is specified as
unavailable in the license file, related commands and interfaces are not displayed.
At the same time, the license mechanism controls the maximum resources that users can use,
such as the number of routes, LSPs, CR-LSPs and VPN instances.
In general, the price of a product is in direct proportion to its features and functions. The
license mechanism can flexibly add or reduce features as required to protect and save the
investment of users.
Suppose a user does not want certain features or functions at the beginning. These features
can be disabled through the license file. When the features are required later, the user can buy
the license of these features to enable them. This does not affect the current features or
functions. Therefore, users can flexibly decide the required features according to the service
demands without making great investment at the time of purchase.
11-2

Issue 04 (2009-12-20)
Quidway NetEngine80
11.2 Uploading the System Software and License Files

The license files should be placed at the root directory of the Flash Memory of the master and
slave MPUs.
When the existing system software of a router does not meet the existing requirements, you
need to upgrade the system software.
Before uploading the system software and license, complete the following tasks:
z
Ensuring that the router works normally
Ensuring that the router can be logged in to
Data Preparation
To upload the system software and license, you need the following data:
z
System software of the new version
License files of the new version
No.
Procedure
Uploading the System Software and License to the Master
Copying the System Software and License to the Slave
11.2.2 Uploading the System Software and License to the Master

MPU
Upload the system software and license files to the Flash Memory of the master MPU.
The router supports the uploading of files through FTP, TFTP and Xmodem. Choose an
uploading method based on the requirements.
Issue 04 (2009-12-20)

11-3
Quidway NetEngine80
11.2.3 Copying the System Software and License to the Slave

MPU
Step 1 Run:
copy source-filename slave#flash:/destination-filename
The system license is copied to the Flash Memory of the slave MPU.
Step 2 Run:
copy source-filename slave#hd:/destination-filename
The system software is copied to the hardware of the slave MPU.

----End
If you need to copy multiple files to the Flash Memory of the slave MPU, repeat the preceding steps.

Action
Command
Check the file information on the of the master MPU.
dir flash:
dir :
Check the file information on the
dir flash:
of the slave MPU.
dir slave#:
After uploading the files, run the preceding commands and you can view the information of the
uploaded files. For example, check the file information on the Flash Memory of the master MPU.
<Quidway> dir flash
0
drw-
-rw-
4333 Aug 31 2006 09:35:12
- Dec 13 2005 14:09:50
-rw-
972 Dec 24 2005 16:34:58
-rw-
14490 Aug 30 2006 03:36:02
-rw-
6165 Aug 30 2006 03:36:24
-rw-
817148 Aug 30 2006 11:04:12
log
private-data.txt
vrpcfg.zip
paf.txt
license.txt
NE.bin
The vrpcfg.zip is the default configuration file of the system.
11-4

Issue 04 (2009-12-20)
Quidway NetEngine80
11.3 Specifying the System Software for the Next Startup

of the Router
Specify the same system software to the master and slave MPUs. Otherwise, the system is
broken down.
After the files are uploaded, you need to specify the system to use the newly loaded system
software when the router is restarted next time. It is recommended to use the absolute paths to
specify system software of the same version to the master and slave MPUs.
After the system software is specified, the system uploads the software at the specified path
when the router is restarted next time.
None.
Data Preparation
Before specifying the system software for the next startup of the router, you need to prepare
the absolute path of the system software.
No.
Procedure
Specifying the System Software for the Next Startup
(Optional) Configuring PAF Files
(Optional) Configuring Patch Packages
11.3.2 Specifying the System Software for the Next Startup

Do as follows on the router to be upgraded:
Step 1 Run:
startup system-software file-name
The system software is specified for starting the master MPU the next time.
Issue 04 (2009-12-20)

11-5
Quidway NetEngine80
Step 2 Run:
startup system-software file-name slave-board
The system software is specified for starting the slave MPU the next time.
----End
11.3.3 (Optional) Configuring PAF Files

Step 1 Run:
startup paf file-name
The PAF file is specified for the main MPU after the next startup.
Step 2 Run:
startup paf file-name slave-board
The PAF file is specified for the slave MPU after the next startup.
Step 3 Run:
startup license file-name
The License file is specified for the main MPU after the next startup.
Step 4 Run:
startup license file-name slave-board
The License file is specified for the slave MPU after the next startup.
----End
11.3.4 (Optional) Configuring Patch Packages

To upgrade the version of the system software, you need to perform the following steps to specify the
patch files.

Step 1 Run:
startup patch file-name
Specify the patch files for the main MPU after next startup.
Step 2 Run:
startup patch file-name slave-board
Specify the patch files for the slave MPU after next startup.
Step 3 Run:
patch-state run { all | slot slot-id }
11-6

Issue 04 (2009-12-20)
Quidway NetEngine80
The patch status of the board after the next startup is specified as Run.
----End

Action
Command
Display the information of startup system software.
display startup
Running the display startup command, you can learn that the system software in the next
startup of the router is the system software specified in the upgrading operation. The system
software is the same for the master and slave MPU s.
<Quidway> display startup
MainBoard:
Configed startup system software:
hd:/V300R005C01B323SPC001.bin
Startup system software:
Next startup system software:
Startup saved-configuration file:
flash:/vrpcfg.zip
Next startup saved-configuration file:
flash:/vrpcfg.zip
Startup paf file:
flash:/paf_v300r005c01.txt
Next startup paf file:
Startup license file:
flash:/license_v300r005c01.txt
Next startup license file:
Startup patch package:
NULL
Next startup patch package:
NULL
SlaveBoard:
Configed startup system software:
Startup system software:
Next startup system software:
Startup saved-configuration file:
flash:/vrpcfg.zip
Next startup saved-configuration file:
flash:/vrpcfg.zip
Startup paf file:
Next startup paf file:
Startup license file:
Next startup license file:
Startup patch package:
NULL
Next startup patch package:
NULL
Issue 04 (2009-12-20)

11-7
Quidway NetEngine80
Contents
Contents
12 Patch Management.................................................................................................................12-1
12.1 Introduction ...............................................................................................................................................12-2
12.2 Checking the Running of Patch in the System ..........................................................................................12-3
12.2.2 Checking the Running of Patch on the MPU ...................................................................................12-4
12.2.3 Checking the Running of Patch on the LPU ....................................................................................12-5
12.3 Loading a Patch.........................................................................................................................................12-5
12.3.2 Uploading a Patch to the Root Directory of the Master MPU .........................................................12-6
12.3.3 Copying a Patch to the Root Directory of the Slave MPU...............................................................12-6
12.4 Installing a Patch on the MPU...................................................................................................................12-7
12.4.2 Uploading the MPU Patch ...............................................................................................................12-7
12.4.3 Activating the MPU Patch................................................................................................................12-8
12.4.4 Running the MPU Patch ..................................................................................................................12-8
12.5 Stop Running the MPU Patch ...................................................................................................................12-9
12.5.2 Deactivating the MPU Patch............................................................................................................12-9
12.6 Unloading the MPU Patch.......................................................................................................................12-10
12.6.1 Establishing the Configuration Task ..............................................................................................12-10
12.6.2 Deleting the MPU Patch ................................................................................................................12-10
12.7 Installing a Patch on the LPU.................................................................................................................. 12-11
12.7.1 Establishing the Configuration Task .............................................................................................. 12-11
12.7.2 Uploading the LPU Patch .............................................................................................................. 12-11
12.7.3 Activating the LPU Patch...............................................................................................................12-12
12.7.4 Running the LPU Patch..................................................................................................................12-12
12.8 Stop Running the LPU Patch...................................................................................................................12-13
12.8.2 Deactivating the LPU Patch...........................................................................................................12-13
12.9 Unloading the LPU Patch........................................................................................................................12-13
12.9.2 Deleting the LPU Patch..................................................................................................................12-14
Issue 04 (2009-12-20)

Quidway NetEngine80
Figures
Figures
Figure 12-1 Conversion between the statuses of a patch..................................................................................12-2
Issue 04 (2009-12-20)

iii
Quidway NetEngine80
12 Patch Management
12
Patch Management
About This Chapter

Section
Description
12.1 Introduction
This section describes the principle and concepts of patch

management.
12.2 Checking the Running of

Patch in the System
This section describes how to check the running of patch

in the system.
12.3 Loading a Patch
This section describes how to load a patch.
12.4 Installing a Patch on the
This section describes how to install a patch on the MPU.
12.5 Stop Running the MPU

Patch
This section describes how to stop running the MPU

patch.
12.6 Unloading the MPU

Patch
This section describes how to unload the MPU patch.
12.7 Installing a Patch on the

LPU
This section describes how to install a patch on the LPU.
12.8 Stop Running the LPU

Patch
This section describes how to stop running the LPU

patch.
12.9 Unloading the LPU Patch
This section describes how to unload the LPU patch.
Issue 04 (2009-12-20)

12-1
Quidway NetEngine80
12 Patch Management
12.1 Introduction
After the patch runs successfully, a "patchstate.dat" file is created at the root directory of the
Flash Memory. Do not delete the file; otherwise, the patch remains invalid after restart.
The service of carriers features long-term operation and non-interruption. The upgrade and
maintenance of the router can be realized through installing patches. This does not break the
operation of the router.
Based on the type of boards, the patch is classified as:
z
The MPU patch
The LPU patch
Before running a patch, obtain the correct patch files based on the type of boards.
At the same time, the system allows the running of only one MPU patch and one LPU patch.
As a result, you need to confirm no patch is running in the current system before installing a
patch. If a patch runs in the system, delete the patch before installing the new patch.
The NE80 provides the patch function, and you can use the patch program released by
Huawei to upgrade the system software.
Patch Status
A patch program has three statuses: activated, deactivated and running. Figure 12-1 shows the
conversion between the three statuses.
Figure 12-1 Conversion between the statuses of a patch
Load patch
No patch
Deactivated
Delete patch
Deactive patch
Delete patch
Active patch
Delete patch
Running
Run patch
Activated
You can operate a patch program as follows:
12-2

Issue 04 (2009-12-20)
Quidway NetEngine80
z
Loading a patch
Activating or deactivating a patch
Running a patch
12 Patch Management
Deleting a patch Patch Status File

The current patch status and the patch status after the next startup are saved in the patch status
files respectively.
z
If the current patch status changes, the system saves the changed patch status in the
current patch status file and. next startup patch status file. If the patch status after the
next startup is not set, the patch status is the same with current patch status.
If the patch status after the next startup is set, the system saves the patch status after the
next startup in the patch status file.
You can run the display patch-information configure-file command to view information
about the patch in the patch status file.
The patch status file is used only to restore the patch status on the board after the next startup. Viewing
the current patch status file does not mean viewing the current patch status. For example, in the patch
status file, the patch status of a board is Active. After the next startup, the patch status of the board turns
to Deactive; however, the patch status on this board in the patch status file is still Active.
12.2 Checking the Running of Patch in the System

Based on the type of boards, a patch is classified as the MPU patch and the LPU patch. At the
same time, the system allows the running of only one MPU patch and one LPU patch. As a
result, you need to confirm no patch is running in the current system before installing a patch.
If a patch runs in the system, delete the patch before installing the new patch.
If you need to install an MPU patch, check whether a patch runs on the master and slave
MPUs first. If you need to install an LPU patch, check whether a patch runs on all the LPUs.
Before checking the running of patch in the system, complete the following tasks:
z
Ensuring that the router is started normally after power-on
Data Preparation
None.
Issue 04 (2009-12-20)

12-3
Quidway NetEngine80
12 Patch Management
No.
Procedure
Checking the Running of Patch on the MPU
Checking the Running of Patch on the LPU
12.2.2 Checking the Running of Patch on the MPU

Do as follows on the to be upgraded:
Step 1 Run:
display patch-information
The running of patch on the master MPU is checked.

Step 2 Run:
display patch-information history slave
The running of patch on the slave MPU is checked.

----End
Before installing a patch on the MPU, you need to check the running of patch on the master
and slave MPU s. For example:
<Quidway> display patch-information
Service pack Version: V300R005C01SPH007
Pack file name
: hd:/v300r005c01sph007.pat
----------The patch information of slot 5---------Total Patch Unit
: 1
Running Patch Unit
: 1 - 1
Active Patch Unit
: no patch
Deactive Patch Unit
: no patch
: 1
Running Patch Unit
: 1 - 1
Active Patch Unit
: no patch
Deactive Patch Unit
: no patch
: 1
Running Patch Unit
: 1 - 1
Active Patch Unit
: no patch
Deactive Patch Unit
: no patch
The value of the bolded part in the preceding output is 0. This indicates that no patch runs in
the current system.
12-4

Issue 04 (2009-12-20)
Quidway NetEngine80
12 Patch Management
If there are patches running, you must unload them before loading new patches. For details on the
operation, see:Uploading the MPU Patch.
12.2.3 Checking the Running of Patch on the LPU

Do as follows on the to be upgraded:
Step 1 Run:
display patch-information history slot slot-id
The running of patch on the LPU is checked.

----End
Before installing a patch on the LPU, check that no patch runs on all LPUs. Repeat the preceding
command to check all LPUs.
Before installing a patch on the LPU, you need to check the running of patch on all LPUs. For
example:
<Quidway> display patch-information history slot 3
Current patch state:
--------------------------------------------------------------------------Type Slot
ID
State
From
To
--------------------------------------------------------------------------C
1-200
NP
idle
idle
--------------------------------------------------------------------------Patch history:
--------------------------------------------------------------------------Type Slot
ID
State
From
To
----------------------------------------------------------------------------------------------------------------------------------------------------Info: No patch operation history information.
This indicates that no patch runs in the current system.

If there are patches running, you must unload them before loading new patches. For details on the
operation, see:Uploading the LPU Patch.
12.3 Loading a Patch

Before a patch is installed, it should be uploaded to the root directory of the Flash Memory or
cfcard of the master and slave MPUs. Upload the patch to the root directory of the Flash
Memory or cfcard of the master MPU. Then, copy the patch to the root directory of the Flash
Memory or cfcard of the MPU.
Issue 04 (2009-12-20)

12-5
Quidway NetEngine80
12 Patch Management
The three methods to upload a patch are FTP, TFTP and XModem.
Before loading a patch, complete the following tasks:
z
Ensuring that the router is started normally after power-on
Data Preparation
Before running a patch, you need to obtain a patch that is consistent with the board.
No.
Procedure
Uploading a Patch to the Root Directory of the Master
Copying a Patch to the Root Directory of the Slave
12.3.2 Uploading a Patch to the Root Directory of the Master MPU

Upload a patch to the root directory of the Flash Memory of the master MPU.
The NE80 supports the uploading of files through FTP, TFTP and Xmodem. Choose an
uploading method based on the requirements.
12.3.3 Copying a Patch to the Root Directory of the Slave MPU

Step 1 Run:
copy source-filename slave#flash:/destination-filename
The patch is copied to the root directory of the Flash Memory of the slave MPU.
----End
If you need to copy multiple files to the Flash Memory of the slave MPU, repeat the preceding step.
12-6

Issue 04 (2009-12-20)
Quidway NetEngine80
12 Patch Management
12.4 Installing a Patch on the MPU

When required to make up the defects of the MPU, you can install a patch on the MPU.
Through installing a patch, you can upgrade the system without upgrading the system
software.
When a patch is uploaded, the system checks that the patch version is the same as the system
version. If the two versions are not the same, the system prompts that the patch uploading
fails.
Before installing a patch on the MPU, you need to check the running of patch on the master
and slave MPU s. Otherwise, the patch becomes invalid after the master/slave switchover.
Before installing a patch on the MPU, upload the patch to the root directory of the Flash
Memory of the master and slave MPUs.
Data Preparation
None.
No.
Procedure
Uploading the MPU Patch
Activating the MPU Patch
Running the MPU Patch
12.4.2 Uploading the MPU Patch

Step 1 Run:
system-view

Step 2 Run:
patch load file-name
The MPU patch is uploaded.

Step 3 Run:
patch load file-name slave
Issue 04 (2009-12-20)

12-7
Quidway NetEngine80
12 Patch Management
The slave MPU patch is uploaded.

----End
When a patch is uploaded, the system checks that the patch version is the same as the system version.
If the two versions are not the same, the system prompts that the patch uploading fails.
The patch load file-name all run command allows you to load and run all the patches in the patch
package on the corresponding boards, including the main control board, the slave control board, and
all the interface boards. The patch turns to the Run state after being loaded. This operation takes
effect on all the boards.
12.4.3 Activating the MPU Patch

Step 1 Run:
system-view

Step 2 Run:
patch active
The MPU patch is activated.

Step 3 Run:
patch active slave
The slave MPU patch is activated.

----End
A patch can be activated only when it is correctly uploaded and is in the deactivated state. When a patch
is activated, it becomes valid immediately. After the board is reset, however, the patch does not remain
valid.
After a patch is activated, you need to judge that the patch has achieved the expected effect. If
the patch does not become valid, you need to stop running the patch. If the patch becomes
valid, you need to run the patch.
12.4.4 Running the MPU Patch

Step 1 Run:
system-view

Step 2 Run:
patch run
The MPU patch is run.
12-8

Issue 04 (2009-12-20)
Quidway NetEngine80
12 Patch Management
Step 3 Run:
patch run slave
The slave MPU patch is run.

----End
A patch can be run only after it is activated. Running a patch means that the patch is activated
permanently and the patch remains valid after the board is reset.
12.5 Stop Running the MPU Patch

the patch does not become valid, you need to activate the patch.
A patch can be deactivated only after it is activated.
None.
Data Preparation
None.
No.
Procedure
Deactivating the MPU Patch
12.5.2 Deactivating the MPU Patch

Step 1 Run:
system-view

Step 2 Run:
patch deactive
The MPU patch is deactivated.

Step 3 Run:
Issue 04 (2009-12-20)

12-9
Quidway NetEngine80
12 Patch Management
patch deactive
The MPU patch is deactivated.

----End
12.6 Unloading the MPU Patch

When upgrading the system software or installing a new patch, you need to delete the running
patch.
You can delete a patch of any status.
None.
Data Preparation
None.
No.
Procedure
Deleting the MPU Patch
12.6.2 Deleting the MPU Patch

Step 1 Run:
system-view

Step 2 Do as follows on the router to be upgraded.
Run:
patch delete
The MPU patch is deleted.

Step 3 Run:
patch delete slave
The slave MPU patch is deleted.

----End
12-10

Issue 04 (2009-12-20)
Quidway NetEngine80
12 Patch Management
12.7 Installing a Patch on the LPU

When required to make up the defects of the LPU, you can install a patch on the LPU.
Through installing a patch, you can upgrade the system without upgrading the system
software.
When a patch is uploaded, the system checks that the patch version is the same as the system
version. If the two versions are not the same, the system prompts that the patch uploading
fails.
When installing a patch on the LPU, you need to delete the running patch.
Before installing a patch on the LPU, upload the patch to the root directory of the of the
master and slave MPU s.
Data Preparation
None.
No.
Procedure
Uploading the LPU Patch
Activating the LPU Patch
Running the LPU Patch
12.7.2 Uploading the LPU Patch

Step 1 Run:
system-view

Step 2 Run:
patch load file-name slot slot-id
The LPU patch is uploaded.

----End
Issue 04 (2009-12-20)

12-11
Quidway NetEngine80
12 Patch Management
When a patch is uploaded, the system checks that the patch version is the same as the system version. If
the two versions are not the same, the system prompts that the patch uploading fails.
12.7.3 Activating the LPU Patch

Step 1 Run:
system-view

Step 2 Run:
patch active slot slot-id
The LPU patch is activated.

----End
A patch can be activated only when it is correctly uploaded and is in the deactivated state. When a patch
is activated, it becomes valid immediately. After the board is reset, however, the patch does not remain
valid.
the patch does not become valid, you need to stop running the patch. If the patch becomes
valid, you need to run the patch.
12.7.4 Running the LPU Patch

Step 1 Run:
system-view

Step 2 Run:
patch run slot slot-id
The LPU patch is run.

----End
A patch can be run only after it is activated. Running a patch means that the patch is activated
permanently and the patch remains valid after the board is reset.
12-12

Issue 04 (2009-12-20)
Quidway NetEngine80
12 Patch Management
12.8 Stop Running the LPU Patch

the patch does not become valid, you need to activate the patch.
A patch can be deactivated only after it is activated.
None.
Data Preparation
None.
No.
Procedure
Deactivating the LPU Patch
12.8.2 Deactivating the LPU Patch

Step 1 Run:
system-view

Step 2 Run:
patch deactive slot slot-id
The LPU patch is deactivated.

----End
12.9 Unloading the LPU Patch

When upgrading the system software or installing a new patch, you need to delete the running
patch.
Issue 04 (2009-12-20)

12-13
Quidway NetEngine80
12 Patch Management
You can delete a patch that is in any status.
None.
Data Preparation
None.
No.
Procedure
Deleting the LPU Patch
12.9.2 Deleting the LPU Patch

Step 1 Run:
system-view

Step 2 Run:
patch delete slot slot-id
The LPU patch is deleted.

----End
12-14

Issue 04 (2009-12-20)
Quidway NetEngine80
Contents
Contents
A Glossary .................................................................................................................................... A-1
B Acronyms and Abbreviations ................................................................................................B-1
Issue 04 (2009-12-20)

Quidway NetEngine80
A Glossary
Glossary
A
Accounting
A network security service that records the user's access to the network.
Agent
A process that resides in all managed devices. It receives request packets from
the NM Station and performs the Read or Write operation on managed
variables according to packet types and generates response packets and sends
them to the NM Station.
AH
Authentication Header. A security protocol that provides data authentication

and integrity for IP packets. AH is used in the transmission mode and in the
tunneling mode.
ASSP
Analogue Sensor Signal Processes. An error tolerance protocol that provides

the interface backup in the multiple access, multicast and broadcast in LAN
(such as Ethernet).
ATM
Asynchronous transfer mode. A connection oriented network technology that

uses the fixed cell (53 bytes) to transfer services of multiple types such as text,
audio or video data. The fixed length of the ATM cells enables the hardware
processing of the cells and thus shortens the forwarding delay. ATM takes full
advantage of high-speed media such as E3, SONET and T3.
Authentication
A method used to prove user identity.
Authorization
A method used to prove identity of users to use the service.
B
Backup center
A mechanism in which the interface on a device backs up each other and traces
the status of the interface. If an interface is Down, the backup center provides a
backup interface to undertake the service.
BFD
Bidirectional Forwarding Detection. A unified detection mechanism that is

used to detect and monitor the link or IP routes forwarding at a fast pace,
Black list
A filtering mode that is used to filter the packet according to the source IP
address. Compared with the ACL, the black list can filter the packet at a high
speed because its matching region is simple. It can shield the packet from the
specified IP address.
Issue 04 (2009-12-20)

A-1
A Glossary
Quidway NetEngine80
C
CLI
Command Line Interface. An interface that allows the user to interact with the
operating system. Users can configure and manage the NE80 by entering
commands through the CLI.
Congestion avoidance
A flow control mechanism by which the network overload is relieved by

adjusting the network traffic. When the congestion occurs and becomes worse,
the packet is discarded by monitoring the network resource.
Congestion management
A flow control measure to solve the problem of network resource competition.

When the network congestion occurs, it puts the packet into the queue for
buffer and determines the order of forwarding the packet.
Command line level
The priority of the system command that is divided into 4 levels. Users of a
level can run the command only of the same or lower level.
E
Ethernet
A baseband LAN specification created by Xerox and developed by Xerox,

Intel, and Digital Equipment Corporation (DEC). This specification is similar
to IEEE802.3.
Ethernet_II
An encapsulation format of the Ethernet frame. Ethernet_II that contains a

16-bit protocol type field is the standard ARPA Ethernet Version 2.0
encapsulation.
Ethernet_SNAP
An encapsulation format of the Ethernet frame. The frame format complies

with RFC 1042 and enables the transmission of the Ethernet frame on the IEEE
802.2 media.
F
FIFO
First In First Out. A queuing scheme in which the first data into the network is
also the fist data out of the network.
File system
A way in which files and directories in the storage devices are managed, such
as creating a file system, creating, deleting, modifying and renaming a file or
directory or displaying the contents of the file.
FTP
File Transfer Protocol. An application protocol in the TCP/IP stack, used for
transferring files between remote hosts. FTP is implemented based on the file
system.
H
HGMPv2
Huawei Group Management Protocol Version 2. A protocol in which the

discovery, topology collection, centralized management and remote
maintenance are implemented on Layer 2 devices of a cluster that are
connected with the router.
A-2

Issue 04 (2009-12-20)
Quidway NetEngine80
A Glossary
Information center
The information hinge in the MA5200G that can classify and filter the output
information.
Interface mirroring
A method of copying the packet of the mirrored interface to the other mirroring
interfaces to forward the packet.
IP negotiated
An attribute of the interface. When the user accesses the Internet through the
ISP, the IP address is usually allocated by the peer server. The PPP packet must
be encapsulated and the IP address negotiated attribute must be configured on
the interface so that the local interface accepts the IP address allocated by the
peer end through the PPP negotiation.
IP unnumbered
A mechanism in which the interface that is not configured with an IP address

can borrow the IP address of the interface that is configured with an IP address
to save the IP address resource.
ISIS-TE
Traffic engineering of IS-IS. (For the information of IS-IS, refer to B

Acronyms and Abbreviations)
L
LAN interface
Local Area Network interface. Often an Ethernet interface through which the
router can exchange data with the network device in a LAN.
License
Permission of some features that dynamically control the product.
Logical interface
A configured interface that can exchange data but does not exist physically. A
logical interface can be a sub-interface, virtual-template interface, virtual
Ethernet interface, Loopback interface, Null interface and Tunnel interface.
M
MIB
Management Information Base. A database of variables of the monitored

network device. It can uniquely define a managed object.
Modem
Modulator-demodulator. Device that converts digital and analog signals.
Multicast
A process of transmitting packets of data from one source to many destinations.

The destination address of the multicast packet uses Class D address, that is,
the IP address ranges from 224.0.0.0 to 239.255.255.255. Each multicast
address represents a multicast group rather than a host.
N
NDP
Neighbor Discovery Protocol. A protocol that is used to discover the

information of the neighboring Huawei device that is connected with the local
device.
NMS
Network Management System. A system that sends various query packets and
receives the response packet and trap packet form the managed devices and
displays all the information.
NTDP
A protocol that is used to collect the information of the adjacency and the
backup switch of each device in the network.
Issue 04 (2009-12-20)

A-3
A Glossary
NTP
Quidway NetEngine80
Network Time Protocol. An application protocol that is used to synchronize the

distributed server and the client side.
O
OSPF-TE
Traffic engineering of OSPF. (For the information of OSPF, refer to B

P
Policy-based routing
A routing scheme that forwards packets to specific interfaces based on

user-configured policies.
R
Regular expression
When a lot of information is output, you can filter the unnecessary contents out
with regular expressions and display the necessary contents.
RMON
Remote monitoring. A MIB agent specification defined by the IETF that

defines functions for the remote monitoring of the data flow of a network
segment or the whole network.
Router
A device on the network layer that selects routes in the network. The router
selects the optimal route according to the destination address of the received
packet through a network and forwards the packet to the next router. The last
router is responsible for sending the packet to the destination host.
RRPP
Rapid Ring Protection Protocol. A protocol that is applied on the data link
layer. When the Ethernet ring is complete, it can prevent the broadcast storm
caused by the data loop. When a link is disconnected on an Ethernet ring, it can
rapidly restore the communication link between the nodes on the ring network.
RSVP-TE
Traffic engineering of RSVP. (For the information of RSVP, refer to B

S
Service tracing
A method of service debugging, diagnosis and error detection that is mainly

used for service personnel to locate the fault in user access. The service tracing
can output the status change and the result of the protocol processing of the
specified user during the access to the terminal or the server for the reference
and analysis of the service personnel.
SSH
Secure Shell. A protocol that provides a secure connection to a router through a

TCP application.
Static ARP
A protocol that binds some IP addresses to a specified gateway. The packet of

these IP addresses must be forwarded through this gateway.
System environment
Basic parameters for running the MA5200G such as host name, language mode
and system time. After configuration, the system environment can meet the
requirements of the actual environment.
A-4

Issue 04 (2009-12-20)
Quidway NetEngine80
A Glossary
T
Telnet
An application protocol of the TCP/IP stack that provides virtual terminal

services for a wide variety of remote systems.
Terminal
A device that is connected with other devices through the serial port. The
keyboard and the display have no disk drives.
Traffic policing
A process used to measure the actual traffic flow across a given connection and
compare it to the total admissible traffic flow for that connection. When the
traffic exceeds the agreed upon flow, some restrictions or penalties are taken to
protect the benefit and the network resource of the operator.
Traffic shaping
A flow control measure to shape the flow rate. It is often used to control the
flow in regular amounts to ensure that the traffic fits within the traffic for the
downstream router and avoids unnecessary discard and congestion.
Tunnel
Secure communication path between two peers in the VPN that protect the
internal information of the VPN from the interruption.
V
VPLS
Virtual Private LAN Segment.
VPN
Virtual Private Network. A new technology developed with the Internet to

provide an apparent single private network over a public network. "Virtual"
means that the network is a logical network.
VRP
Versatile Routing Platform. A versatile routing operating system platform

developed for all data communication products of Huawei. With the IP service
as its core, the VRP adopts the componentized architecture. The VRP realizes
rich functions and provides tailorability and scalability based on applications.
VRRP
Virtual Router Redundancy Protocol. An error tolerant protocol defined in RFC

2338. It forms a backup group for a group of routers in a LAN that functions as
a virtual router.
VTY
Virtual type terminal. A terminal line that is used to access a router through
Telnet.
W
WAN interface
Wide Area Network interface. An interface that can be a serial interface,

E1/CE1 interface, T1/CT1 interface, E2/CE3 interface, E3 interface, T3/CT3
interface, T3 interface, CPOS interface, POS interface or ATM interface. The
router can exchange data with the network device in the external network
through the WAN interface.
X
X.25
A protocol applied on the data link layer that defines how connections between
DTE and DCE are maintained for remote terminal access and computer
communications in PDNs.
XModem
A transmission protocol in the format of the binary code.
Issue 04 (2009-12-20)

A-5
A Glossary
XOT
A-6
Quidway NetEngine80
X.25 over TCP. A protocol that implements the interconnection between two
X.25 networks through the TCP packet bearing X.25 frames.

Issue 04 (2009-12-20)
Quidway NetEngine80
B Acronyms and Abbreviations
Acronyms and Abbreviations
Numerics
A
AAA
Authentication, Authorization and Accounting
ACL
Access Control List
ARP
Address Resolution Protocol
ASPF
Application Specific Packet Filter
ATM
Asynchronous Transfer Mode
AUX
Auxiliary port
B
BGP
Border Gateway Protocol
C
CBQ
Class-based Queue
CHAP
Challenge Handshake Authentication Protocol
CQ
Custom Queuing
CR-LDP
Constrain-based Routing LDP
D
DHCP
Dynamic Host Configuration Protocol
DNS
Domain Name System
Issue 04 (2009-12-20)

B-1
Quidway NetEngine80
E
ESP
Encapsulating Security Payload
F
FR
Frame Relay
G
GRE
Generic Routing Encapsulation
H
HDLC
High Level Data Link Control
I
IETF
Internet Engineering Task Force
IKE
Internet Key Exchange
IPSec
IP Security
IS-IS
Intermediate System-to-Intermediate System intra-domain routing information

exchange protocol
ITU-T
International Telecommunication Union Telecommunications Standardization

Sector
L
L2TP
Layer Two Tunneling Protocol
LAPB
Link Access Procedure Balanced
LDP
Label Distribution Protocol
M
MAC
Medium Access Control
MBGP
Multiprotocol Extensions for BGP-4
MFR
Multiple Frame Relay
MP
MultiLink PPP
MPLS
Multiprotocol Label Switching
MSDP
Multicast Source Discovery Protocol
B-2

Issue 04 (2009-12-20)
Quidway NetEngine80
MTU
Maximum Transmission Unit
N
NAT
Network Address Translation
NAT-PT
Network Address Translation - Protocol Translation
O
OAM
Operation, Administration and Maintenance
OSPF
Open Shortest Path First
P
PAP
Password Authentication Protocol
PE
Provider Edge
Ping
Ping (Packet Internet Groper)
PPP
Point-to-Point Protocol
PPPoA
PPP over AAL5
PPPoE
Point-to-Point Protocol over Ethernet
PPPoEoA
PPPoE on AAL5
PQ
Priority Queuing
Q
QoS
Quality of Service
R
RADIUS
Remote Authentication Dial In User Service
RIP
Routing Information Protocol
RPR
Resilient Packet Ring
RSVP
Resource Reservation Protocol
T
TE
Traffic Engineering
TCP
Transmission Control Protocol
TFTP
Trivial File Transfer Protocol
Issue 04 (2009-12-20)

B-3
Quidway NetEngine80
V
VLAN
Virtual Local Area Network
VPLS
Virtual Private LAN Service
VPN
Virtual Private Network
VRP
Versatile Routing Platform
VRRP
Virtual Router Redundancy Protocol
W
WAN
Wide Area Network
WFQ
Weighted Fair Queuing
WRED
Weighted Random Early Detection
X
XOT
B-4
X.25 Over TCP

Issue 04 (2009-12-20)
Quidway NetEngine80
Contents
Contents
Index ................................................................................................................................................ i-1
Issue 04 (2009-12-20)

Quidway NetEngine80
Index
Index
B
basic configuration
command privilege level, 4-4
super password, 4-6
system status, 4-7
user level, 4-7
hot keys
classification, 3-11
use, 3-13
C
command line
characteristics, 3-2
command level, 3-2
displaying, 3-8
editing, 3-7
error message, 3-7
history command, 3-10
on-line help, 3-6
views, 3-3
configuration file
overview, 7-2
configuring authentication mode, 5-24
configuring command privilege level, 4-4
configuring FTP, 8-3
configuring telnet terminal services, 9-7
configuring TFTP, 8-14
configuring Xmodem, 8-17
D
device management
setting the temperature threshold, 10-5
displaying system status, 4-7
F
File System
overview, 6-2
FTP
configuration, 8-3
example, 8-18
overview, 8-2
Issue 04 (2009-12-20)
maintenance
electronic label, 10-2
introduction, 10-2
online device management, 10-2
online upgrade, 10-2
maintenance
configure electronic elabel, 10-7
mantainence
electronic label backup, 10-7
P
patch management
checking, 12-3
install, 12-7
introduction, 12-2
stop running, 12-9
unloading, 12-10
product overview
characteristics, 1-5
features list, 1-8
hardware architecture, 1-2
software architecture, 1-3
R
regular expression
begin, 3-10
exclude, 3-10
include, 3-10
S
setting terminal attributes, 5-7
SSH
overview, 9-4

i-1
Quidway NetEngine80
Index
system software
license, 11-2
upgrade, 11-3
system software upgrade, 11-2
T
Telnet
configuration, 9-7
overview, 9-2
TFTP
configuration, 8-14
example, 8-24
overview, 8-2
U
upgrading
the board, 10-3
user-interface
configuration, 5-5
numbering, 5-2
terminal attribute, 5-7
user-management
configuration, 5-16, 5-23
X
XModem
configuration, 8-17
example, 8-26
overview, 8-2
i.
i-2

Issue 04 (2009-12-20)

Huawei NE40 Router Config Guide

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Huawei NE40 Router Config Guide

Încărcat de

Drepturi de autor:

Formate disponibile

Quidway NetEngine80 Core Router

Configuration Guide - Basic

Huawei Proprietary and Confidential

Huawei Technologies Co., Ltd.

Huawei Industrial Base

Copyright Huawei Technologies Co., Ltd. 2009. All rights reserved.

Trademarks and Permissions

Huawei Proprietary and Confidential

2 Establishment of the Configuration Environment..............................................................2-1

Huawei Proprietary and Confidential

2.4 Logging In to the Router Through the AUX Port........................................................................................2-5

4 Basic Configuration ...................................................................................................................4-1

Huawei Proprietary and Confidential

4.2.6 Configuring Command Levels ..........................................................................................................4-4

5 User Management ......................................................................................................................5-1

Huawei Proprietary and Confidential

5.6 Configuring User Management .................................................................................................................5-23

6 File System ..................................................................................................................................6-1

Huawei Proprietary and Confidential

6.4.3 Moving Files .....................................................................................................................................6-8

7 Management of Configuration Files ......................................................................................7-1

8 FTP, TFTP and XModem ..........................................................................................................8-1

Huawei Proprietary and Confidential

8.5 Configuring TFTP .....................................................................................................................................8-14

9 Telnet and SSH...........................................................................................................................9-1

Huawei Proprietary and Confidential

9.3.2 Creating an SSH User ..................................................................................................................... 9-11

Huawei Proprietary and Confidential

10 Router Maintenance ..............................................................................................................10-1

11 System Software Upgrade ....................................................................................................11-1

Huawei Proprietary and Confidential

11.3.5 Checking the Configuration........................................................................................................... 11-7

A Glossary .................................................................................................................................... A-1

Huawei Proprietary and Confidential

Huawei Proprietary and Confidential

Huawei Proprietary and Confidential

Huawei Proprietary and Confidential

About This Document

About This Document

Quidway NetEngine80 Core Router

Network planning engineer

Hardware installation engineer

On-site maintenance engineer

System maintenance engineer

1 NE80 Core Router Overview

This chapter describes the architecture, functional

Huawei Proprietary and Confidential

About This Document

2 Establishment of the Configuration

This chapter describes the procedures to set up the

This chapter describes the command line interface,

This chapter describes how to configure the basic

This chapter describes the basic concepts of the

This chapter describes the file system and its

This chapter describes how to configure the file

8 FTP,TFTP and XModem

This chapter describes how to configure the basic

9 Telnet and SSH

This chapter describes how to log in to the router

This chapter describes the principle and concepts of

11 System Software Upgrade

This chapter describes the principle and concepts of

This chapter describes the principle and concepts of