Commissioning and Configuration Guide(V800R010C00_01)

SmartAX MA5600T Multi-service Access ModuleV800R010C00

Commissioning and ConfigurationGuide

Issue 01Date 2012-01-18

HUAWEI TECHNOLOGIES CO., LTD.

Copyright Huawei Technologies Co., Ltd. 2012. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respective holders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,and recommendations in this document are provided "AS IS" without warranties, guarantees or representationsof any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute the warranty of any kind, express or implied. Huawei Technologies Co., Ltd.Address: Huawei Industrial Base

Bantian, LonggangShenzhen 518129People's Republic of China

Website: http://www.huawei.comEmail: [email protected]

Issue 01 (2012-01-18) Huawei Proprietary and ConfidentialCopyright Huawei Technologies Co., Ltd.

i

About This Document

Intended AudienceThis document describes the commissioning of the basic functions provided by the device interms of hardware, software, interconnection, and maintenance and management to ensure thatthe device runs in a stable and reliable state. This document describes the configurationprocedures of various services supported by the MA5600T in terms of configuration methodand configuration example.This document helps to learn the commissioning flows, commissioning methods, andconfiguration procedures of various services of the MA5600T.This document is intended for:l Installation and commissioning engineersl System maintenance engineersl Data configuration engineers

Symbol ConventionsThe following symbols may be found in this document. They are defined as follows

Symbol DescriptionIndicates a hazard with a high level of risk which, if notavoided, will result in death or serious injury.

Indicates a hazard with a medium or low level of risk which,if not avoided, could result in minor or moderate injury.

Indicates a potentially hazardous situation that, if notavoided, could cause equipment damage, data loss, andperformance degradation, or unexpected results.

Indicates a tip that may help you solve a problem or saveyour time.

SmartAX MA5600T Multi-service Access ModuleCommissioning and Configuration Guide About This Document


ii

Symbol DescriptionProvides additional information to emphasize orsupplement important points of the main text.

Command ConventionsConvention DescriptionBoldface The keywords of a command line are in boldface.Italic Command arguments are in italics.[ ] Items (keywords or arguments) in square brackets [ ] are

optional.{ x | y | ... } Alternative items are grouped in braces and separated by

vertical bars. One is selected.[ x | y | ... ] Optional alternative items are grouped in square brackets

and separated by vertical bars. One or none is selected.{ x | y | ... } * Alternative items are grouped in braces and separated by

vertical bars. A minimum of one or a maximum of all canbe selected.

GUI ConventionsConvention DescriptionBoldface Buttons, menus, parameters, tabs, window, and dialog titles

are in boldface. For example, click OK.> Multi-level menus are in boldface and separated by the ">"

signs. For example, choose File > Create > Folder

Update HistoryUpdates between document issues are cumulative. Therefore, the latest document issue containsall updates made in previous issues.

Updates in Issue 01 (2012-01-18)This document is the first release.

SmartAX MA5600T Multi-service Access ModuleCommissioning and Configuration Guide About This Document


iii

Contents

About This Document.....................................................................................................................ii1 Commissioning..............................................................................................................................1

1.1 Commissioning Introduction..............................................................................................................................21.1.1 Commissioning Definition........................................................................................................................21.1.2 Commissioning Procedure.........................................................................................................................2

1.2 Commissioning Preparations..............................................................................................................................31.2.1 Checking Hardware...................................................................................................................................31.2.2 Preparing Software....................................................................................................................................41.2.3 Preparing Tools..........................................................................................................................................41.2.4 Planning Data............................................................................................................................................6

1.3 Stand-Alone Commissioning..............................................................................................................................61.3.1 Powering On the Indoor Device................................................................................................................61.3.2 Checking the Power Supply of the Power Board......................................................................................71.3.3 Configuring the Maintenance Terminal....................................................................................................81.3.4 Logging In to the System.........................................................................................................................101.3.5 Checking the Software Version...............................................................................................................481.3.6 Loading the Script...................................................................................................................................481.3.7 Configuring a Board................................................................................................................................491.3.8 Modifying the Reserved VLANs.............................................................................................................521.3.9 Configuring Link Aggregation and Switching........................................................................................531.3.10 Checking the Status of the Service Port................................................................................................541.3.11 Checking the Status of the Upstream Port.............................................................................................551.3.12 Changing the System Name..................................................................................................................551.3.13 Configuring a System User....................................................................................................................561.3.14 Configuring the System Time................................................................................................................601.3.15 Commissioning the EMU......................................................................................................................621.3.16 Configuring the RADIUS server...........................................................................................................651.3.17 Configuring the System Energy-Saving Function.................................................................................671.3.18 Checking the Configuration of the Auto-Save Function.......................................................................681.3.19 Saving the Data......................................................................................................................................701.3.20 Backing Up System Files......................................................................................................................71

1.4 Interconnection Commissioning.......................................................................................................................721.4.1 Commissioning the Interconnection with the NMS................................................................................72

SmartAX MA5600T Multi-service Access ModuleCommissioning and Configuration Guide Contents


iv

1.4.2 Commissioning the Interconnection with the Router..............................................................................841.4.3 Commissioning the Management Channel Between the OLT and the GPON MDU.............................851.4.4 Commissioning the Management Channel Between the OLT and the EPON MDU..............................901.4.5 Commissioning the Management Channel Between the OLT and the GPON ONT..............................931.4.6 Commissioning the Management Channel Between the OLT and the EPON ONT...............................97

1.5 Maintenance and Management Commissioning.............................................................................................1001.5.1 Checking the System Switchover..........................................................................................................1001.5.2 Checking Alarms and Events................................................................................................................1011.5.3 Configuring a Log Host.........................................................................................................................105

1.6 Supplementary Information............................................................................................................................1091.6.1 Making a Script.....................................................................................................................................1091.6.2 Configuring the File Transfer Mode .....................................................................................................1101.6.3 Software Package Settings.....................................................................................................................117

2 Basic Configurations.................................................................................................................1262.1 Configuring the License Function..................................................................................................................1282.2 Configuring Alarms........................................................................................................................................1292.3 Configuring the Network Time......................................................................................................................132

2.3.1 (Optional) Configuring NTP Authentication.........................................................................................1342.3.2 Configuring the NTP Broadcast Mode..................................................................................................1352.3.3 Configuring the NTP Multicast Mode...................................................................................................1372.3.4 Configuring the Unicast NTP Client.....................................................................................................1402.3.5 Configuring the NTP Peer.....................................................................................................................141

2.4 Adding Port Description.................................................................................................................................1432.5 Configuring the Attributes of an Upstream Ethernet Port..............................................................................1442.6 Configuring a VLAN......................................................................................................................................1462.7 Configuring a VLAN Service Profile.............................................................................................................1522.8 Configuring the User Security........................................................................................................................154

2.8.1 Configuring Anti-Theft and Roaming of User Account Through PITP................................................1552.8.2 Configuring Anti-Theft and Roaming of User Accounts Through DHCP............................................1592.8.3 Configuring Anti-IP Spoofing...............................................................................................................1612.8.4 Configuring Anti-MAC Spoofing.........................................................................................................162

2.9 Configuring System Security..........................................................................................................................1662.9.1 Configuring Firewall.............................................................................................................................1672.9.2 Configuring Anti-Attack........................................................................................................................1692.9.3 Preventing the Access of Illegal Users..................................................................................................172

2.10 Configuring the ACL....................................................................................................................................1732.10.1 Filtering Packets by a Basic ACL........................................................................................................1752.10.2 Filtering Packets by an Advanced ACL..............................................................................................1762.10.3 Filtering Packets by a Link-layer ACL................................................................................................1772.10.4 Filtering Packets by a User-defined ACL............................................................................................178

2.11 Configuring QoS...........................................................................................................................................1812.11.1 Configuring Traffic Management........................................................................................................182



v

2.11.2 Configuring Early Drop.......................................................................................................................1962.11.3 Configuring the Queue Scheduling.....................................................................................................1982.11.4 Configuring Traffic Management Based on ACL Rules.....................................................................202

2.12 Configuring AAA.........................................................................................................................................2062.12.1 Configuring the Local AAA................................................................................................................2082.12.2 Configuring the Remote AAA (RADIUS Protocol)............................................................................2092.12.3 Configuration Example of the RADIUS Authentication and Accounting..........................................2172.12.4 Configuring the Remote AAA (HWTACACS Protocol)....................................................................2192.12.5 Configuration Example of the HWTACACS Authentication (802.1X access user)...........................2232.12.6 Configuration Example of HWTACACS Authentication (Management User)..................................226

2.13 Configuring ANCP.......................................................................................................................................2293 Configuring L3 Features...........................................................................................................233

3.1 Configuring ARP Proxy for Interworking......................................................................................................2343.2 Configuring DHCP.........................................................................................................................................236

3.2.1 Configuring the Standard DHCP Mode.................................................................................................2383.2.2 Configuring the DHCP Option60 Mode................................................................................................2403.2.3 Configuring the DHCP MAC Address Segment Mode.........................................................................243

3.3 Configuring the Route....................................................................................................................................2453.3.1 Configuration Example of the Routing Policy......................................................................................2463.3.2 Configuration Example of the Static Route...........................................................................................2483.3.3 Configuration Example of RIP..............................................................................................................2493.3.4 Configuration Example of OSPF...........................................................................................................253

4 Configuring the GPON Internet Access Service.................................................................2574.1 Configuring xPON Profiles............................................................................................................................261

4.1.1 Configuring a DBA Profile....................................................................................................................2614.1.2 Configuring a GPON ONT Line Profile................................................................................................2624.1.3 Configuring a GPON ONT Service Profile...........................................................................................2654.1.4 Configuring a GPON ONT Alarm Profile.............................................................................................268

4.2 Configuring a VLAN......................................................................................................................................2694.3 Configuring an Upstream Port........................................................................................................................2754.4 Configuring a GPON ONT.............................................................................................................................2764.5 Configuring a GPON Port..............................................................................................................................2794.6 Creating a GPON Service Port.......................................................................................................................281

5 Configuring the EPON Internet Access Service..................................................................2865.1 Configuring an EPON ONT Profile...............................................................................................................290

5.1.1 Configuring a DBA Profile....................................................................................................................2905.1.2 Configuring an EPON ONT Line Profile..............................................................................................2915.1.3 Configuring an EPON ONT Service Profile.........................................................................................292

5.2 Configuring a VLAN......................................................................................................................................2955.3 Configuring an Upstream Port........................................................................................................................3005.4 Configure the EPON ONT.............................................................................................................................301



vi

5.5 Configuring an EPON User Port....................................................................................................................3035.6 Creating an EPON Service Port......................................................................................................................304

6 Configuring the Multicast Service (PON)............................................................................3086.1 Configuring Multicast Global Parameters......................................................................................................3136.2 Configuring the Multicast VLAN and the Multicast Program.......................................................................3156.3 Configuring the Multicast EPON ONT..........................................................................................................3196.4 Configuring the Multicast GPON ONT..........................................................................................................3216.5 Configuring a Multicast User.........................................................................................................................3226.6 (Optional) Configuring the Multicast Bandwidth..........................................................................................3256.7 (Optional) Configuring Multicast Preview.....................................................................................................3266.8 (Optional) Configuring Program Prejoin........................................................................................................3286.9 (Optional) Configuring the Multicast Logging Function...............................................................................329

7 Configuring MPLS and PWE3................................................................................................3337.1 Configuring the MPLS Service......................................................................................................................335

7.1.1 Configuring the Static LSP....................................................................................................................3357.1.2 Configuring the LDP LSP.....................................................................................................................3387.1.3 Configure an RSVP-TE LSP.................................................................................................................3407.1.4 Configuring the MPLS OAM................................................................................................................344

7.2 Configuring the PWE3 Private Line Service..................................................................................................3547.2.1 Configuring the PWE3 Outer Tunnel....................................................................................................3557.2.2 Configuring the Tunnel Policy..............................................................................................................3577.2.3 Configuring the PWE3 Inner PW..........................................................................................................3587.2.4 Binding the Service to the PW..............................................................................................................3627.2.5 Configuring MPLS Tunnel Protection..................................................................................................363

7.3 Configuring TDM PWE3 Private Line Service (T1 Upstream Transmission)...............................................3668 Configuring Network Protection............................................................................................379

8.1 Configuring the NE Subtending Through the FE or GE Port.........................................................................3818.2 Configuring the Uplink Redundancy Backup................................................................................................3828.3 Configuring the Smart Link Redundancy Backup.........................................................................................3848.4 Configuring the MPLS Service Board Redundancy Backup.........................................................................3888.5 Configuring GPON Type B Protection..........................................................................................................3898.6 Configuring EPON Type B Protection...........................................................................................................3908.7 Configuring the Switchover of the Protect Group..........................................................................................3928.8 Configuring the MSTP...................................................................................................................................3948.9 Configuring RRPP..........................................................................................................................................3978.10 Configuring the BFD....................................................................................................................................400

8.10.1 Configuration Example of the BFD Link Detection (Static Route)....................................................4008.10.2 Configuration Example of the BFD Link Detection (Dynamic Route)...............................................403

8.11 Configuring ETH OAM................................................................................................................................4058.11.1 Configuring Ethernet CFM OAM.......................................................................................................4058.11.2 Configuring Ethernet EFM OAM........................................................................................................409



vii

9 Configuration Example of the FTTH Service.......................................................................4129.1 FTTH Network...............................................................................................................................................4139.2 FTTH Data Plan (GPON Access)...................................................................................................................4139.3 Configuring the FTTH Internet Access Service.............................................................................................4179.4 Configuring the FTTH VoIP Service (SIP-based).........................................................................................4229.5 Configuring the FTTH IPTV Service.............................................................................................................428

10 FAQ............................................................................................................................................43510.1 How to Query the MAC Addresses of the Online Users and the Ports That Provide the Access for the Usersin the MA5600T...................................................................................................................................................43610.2 How to Resolve the Issue of Unsuccessful Traffic Stream Configuration...................................................43610.3 How to Calculate the Remaining Bandwidth of a PON Port on the MA5600T...........................................43810.4 How to Change the Management IP Address and VLAN Remotely...........................................................43910.5 How to Change the Rate of the User Port in a PON System........................................................................44010.6 How to Realize the Communication Between Users on the Same Board....................................................44010.7 How to Select the Matched Hardware for Expanding the Bandwidth of the Upstream Port.......................44110.8 How to Confirm an Upgraded Board...........................................................................................................442



viii

1 CommissioningAbout This Chapter

This document describes the commissioning of the basic functions provided by the device interms of hardware, software, interconnection, and maintenance and management to ensure thatthe device runs in a stable and reliable state.1.1 Commissioning IntroductionThe topic describes the commissioning definition and procedure.1.2 Commissioning PreparationsThis topic describes the hardware, software, and tool preparations for the commissioning.1.3 Stand-Alone CommissioningAfter the hardware installation, a stand-alone MA5600T should be commissioned to ensure thatthe stand-alone MA5600T works in the normal state.1.4 Interconnection CommissioningThe MA5600T provides multiple interfaces for interconnection. This topic describes theinterconnection commissioning of the MA5600T.1.5 Maintenance and Management CommissioningTo ensure the stability of the MA5600T, you need to verify the maintainability and reliabilityof the device after completing the stand-alone commissioning and interconnectioncommissioning.1.6 Supplementary InformationThis topic provides the commissioning supplementary information, including script making,transmission mode setting, and default software settings.

SmartAX MA5600T Multi-service Access ModuleCommissioning and Configuration Guide 1 Commissioning


1

1.1 Commissioning IntroductionThe topic describes the commissioning definition and procedure.

1.1.1 Commissioning DefinitionCommissioning refers to the stand-alone commissioning, the interconnection commissioning,and the maintenance and management commissioning after the hardware installation. Thisensures that the device works in the normal state according to the design specifications.

1.1.2 Commissioning ProcedureThis topic describes the procedure for commissioning the device.

FlowchartPerform the commissioning according to the flowchart.Figure 1-1 shows the commissioning procedure.

Figure 1-1 Commissioning procedure

Commissioning ItemThe commissioning items in the commissioning procedure are described as follows:Commissioning PreparationsThis topic describes the hardware, software, and tool preparations for the commissioning.Stand-Alone Commissioning



2

After the hardware installation, a stand-alone MA5600T should be commissioned to ensure thatthe stand-alone MA5600T works in the normal state.Interconnection CommissioningThe MA5600T provides multiple interfaces for interconnection. This topic describes theinterconnection commissioning of the MA5600T.Maintenance and Management CommissioningTo ensure the stability of the MA5600T, you need to verify the maintainability and reliabilityof the device after completing the stand-alone commissioning and interconnectioncommissioning.

1.2 Commissioning PreparationsThis topic describes the hardware, software, and tool preparations for the commissioning.

1.2.1 Checking HardwareThis topic describes how to prepare the hardware required before the commissioning. Thisfacilitates the subsequent commissioning.

ContextTable 1-1 lists the hardware to be checked before the commissioning.

Table 1-1 Hardware checklistSN Item Description1 Power supply

and groundingEnsure that the power cable and the grounding meet the followingrequirements:l The power cable and the ground cable are connected properly

and are in good contact.l The labels of the power cable, ground cable, and power

distribution switch are correct, legible and complete.l The connectors of the external ground cables and protection

ground cables of the cabinet are connected properly, withoutany damage.

l The power supply for the device is in the normal state.2 Cables and

connectorsCheck the local maintenance serial port cable, network cable,optical fiber, subscriber cable, and connectors, and ensure thatthey meet the following requirements:l The connectors are tight and firm.l The cable jacket is intact.l Cable labels are legible.l Cables are bundled properly.



3

SN Item Description3 Upper-layer

deviceEnsure that the upper-layer device meets the followingrequirements:l The position of the interconnection port of the upper-layer

device is correct.l The upper-layer device works in the normal state and can be

used for the commissioning.4 Board

(daughterboard)

The board (daughter board) selected should meet therequirements for the external ports.NOTE

Different boards (daughter boards) provide different external ports. Fordetails about the boards and their external ports on the MA5600T, seeBoard Overview of the MA5600T Hardware Description.

1.2.2 Preparing SoftwareThis topic describes how to prepare the software required before the commissioning. Thisfacilitates the subsequent commissioning.Table 1-2 shows the software checklist before the commissioning.

Table 1-2 Software checklistSN Item Description1 Software

packageEnsure that files in the software package for the commissioningare complete and the software version is correct.

2 Softwarecommissioningtools

Ensure that all the commissioning tools are available. Thecommon commissioning tools are as follows:l HyperTerminal (provided by the Windows OS): used for

logging in to the MA5600T using the CLI.l TFTP, SFTP, and FTP tools: used for loading software.

They can be downloaded from http://support.huawei.com.

l Client software key generator Puttygen.exe, client softwarekey convertor sshkey.exe and SSH client softwareputty.exe: used for logging in to the MA5600T through theSSH.

1.2.3 Preparing ToolsThis topic describes how to prepare the tools required before the commissioning. This facilitatesthe subsequent commissioning.Table 1-3 lists the tools to be prepared for the commissioning.



4

Table 1-3 Tool checklistSN Item Description Remarks1 Cables One RS-232 serial port cable (One end

with an RJ-45 connector used toconnect to the board and the other endwith a DB-9 or DB-25 femaleconnector used to connect to themaintenance terminal)

Used to connect themaintenance terminal to theMA5600T for maintenanceusing the serial port.

One crossover cable Used to connect themaintenance terminal to theMA5600T for maintenancethrough telnet.

Some optical fibers and patch cordswith different connectors

Used for the upstreamtransmission and opticalpower test.

2 Maintenanceterminal

One maintenance terminal configuredwith a HyperTerminal application,such as a laptop

Used to log in to theMA5600T to commission theMA5600T.

3 Auxiliarydeviceand meter

One optical power meter Used to test the meanlaunched power and the inputoptical power of an opticalport.

One optical attenuator Used to attenuate the inputoptical signal. It is used toprotect the optical port frombeing damaged by intenseoptical signals during thedevice commissioning.

One multimeter Used to measure the voltage,resistance and currentintensity during the powercommissioning.

One optical multiplexer/demultiplexer Used to test the input opticalpower of a single-fiber bi-directional optical port. It is ameter with the multiplexingand demultiplexing functions.

One data network performanceanalyzer

Used to test the input opticalpower. It is used to transmitdata to simulate thenetworking environment.



5

1.2.4 Planning DataThis topic describes the information to be collected about the hardware configuration,networking, and data plan before the commissioning based on the engineering document. Thisfacilitates the data configuration.Table 1-4 lists the data collected for the commissioning.

Table 1-4 Data checklistSN Item Description1 Hardware

configurationThis includes but is not limited to the following:l Types and slot distribution of the control board and

service boardsl Types and physical positions of the upstream ports

and the service ports2 Networking and data

planThis includes but is not limited to the following:l Networking model IP address assignmentl VLAN planning

NOTE

l A commissioning script can be made based on the actual networking and the data plan. For how tomake a script, see 1.6.1 Making a Script.

l For details about the default settings of the main software on the MA5600T, see 1.6.3 SoftwarePackage Settings.

1.3 Stand-Alone CommissioningAfter the hardware installation, a stand-alone MA5600T should be commissioned to ensure thatthe stand-alone MA5600T works in the normal state.

1.3.1 Powering On the Indoor DeviceThis topic describes how to power on the indoor device to ensure that all the boards can benormally powered on.

PrerequisitesThe after-installation check and the power-on check must be performed on the device.



6

Context

CAUTIONInserting or removing boards is prohibited during startup.

ProcedureStep 1 Connect the input power supply of the DC PDU.Step 2 Turn on the output control switch of the DC PDU.

----End

ResultThe device can be normally powered on, and the RUN LED on the boards are on for 1s and offfor 1s repeatedly.

1.3.2 Checking the Power Supply of the Power BoardThis topic describes how to check the redundancy backup function of the power boards.

PrerequisitesThe two power boards configured must work in the normal state.

ContextIn the normal state, the two power boards work in the load balancing mode and provide powerfor all the service boards in the shelf. When one power board is faulty, the other power boardprovides power for all the service boards in the shelf.When checking the power supply of the power board, pay attention to the following points:l Wear an ESD wrist strap during the operation.l Turn off the -48 V input switch on the PDU that corresponds to the power board before

replacing the board. In addition, when the board is powered on, do not remove or insert thepower connector.

l If one power board is faulty, replace the board in time to prevent the shelf from workingfor a long time when only one power board supplies power.

ProcedureStep 1 Turn off the switch on the PDU that corresponds to one power board, and check the power supply

for the service board.Step 2 Turn on the switch again.Step 3 Repeat steps 1 and 2 to check the other power board.

----End



7

ResultThe boards in the shelf work in the normal state after the switch on the PDU that correspondsto either power board is turned off, that is, the RUN LED on the board is on for 1s and off for1s repeatedly.

1.3.3 Configuring the Maintenance TerminalDuring the commissioning, you need to maintain the device using the maintenance terminal.This topic describes how to start the maintenance terminal and configure the IP address of themaintenance terminal to meet the commissioning requirements.

Starting the Maintenance TerminalThis topic describes how to start the maintenance terminal to prepare for the subsequentcommissioning.

ContextA maintenance terminal is usually a laptop embedded with a HyperTerminal application.

ProcedureStep 1 Power on the maintenance terminal. The Windows OS starts automatically, and the Log In dialog

box is displayed.Step 2 (Optional) If the user name and the password are required, input the user name and the password

of the administrator in the Log In dialog box.Step 3 Click OK to enter the Windows OS.

----End

ResultThe maintenance terminal runs in the normal state.

Configuring the IP Address of the Maintenance TerminalThis topic describes how to configure the IP address of the maintenance terminal to ensure thatyou can log in to the MA5600T in the telnet or SSH mode using the maintenance terminal.

PrerequisitesThe maintenance terminal must be started.

ProcedureStep 1 Right-click My Network Places and choose Properties. The Network Connections window

is displayed.Step 2 In the Network Connections window, right-click Local Area Connection, and choose

Properties. The Local Area Connection Properties dialog box is displayed.Step 3 Click the General tab, and then select Internet Protocol (TCP/IP) in Components checked

are used by this connection, as shown in the following figure.



8

Figure 1-2 Configure the local area connection properties

Step 4 Click Properties to display the Internet Protocol (TCP/IP) Properties dialog box.Step 5 Click General, and then select Use the following IP address: to configure the IP address and

the subnet mask, as shown in the following figure.



9

Figure 1-3 Configure the IP address and the subnet mask

NOTE

The IP address of the maintenance terminal and the IP address of the maintenance Ethernet port of thedevice must be in the same network segment.

Step 6 Click OK to return to the Local Area Connection Properties dialog box.Step 7 Click OK.

----End

ResultThe IP address of the maintenance terminal and the IP address of the maintenance Ethernet portof the device are in the same network segment.

NOTEBy default, the IP address of the maintenance Ethernet port (ETH port on the control board) is 10.11.104.2,and the subnet mask is 255.255.255.0.

1.3.4 Logging In to the SystemYou must log in to the MA5600T before commissioning the MA5600T using the maintenanceterminal. The following describes three login modes, namely, local serial port mode, telnet mode,and SSH mode.



10

Login Through the Local Serial PortWhen you need to maintain and manage the MA5600T locally, you can log in to the systemusing the local serial port.

Prerequisitesl A maintenance terminal (generally a laptop configured with a HyperTerminal application)

must be available.l An RS-232 serial port cable (one end with an RJ-45 connector and the other end with a

DB-9 or DB-25 female connector) must be available.

Network TopologyFigure 1-4 shows the networking for logging in to the MA5600T using the local serial port.

Figure 1-4 Logging in to the MA5600T using the local serial port

FlowchartFigure 1-5 shows the flowchart for logging in to the system using the local serial port.



11

Figure 1-5 Flowchart for logging in to the system using the local serial port

ProcedureStep 1 Connect the serial port cable.

Use an RS-232 serial port cable to connect a serial port of the PC to the CON port of the SCUcontrol board, as shown in Figure 1-4.

Step 2 Set the HyperTerminal communication parameters.1. Set up a connection.

Click Start. Choose All Programs > Accessories > Communications > HyperTerminal to display the Connection Description dialog box. Input the connection name,and click OK, as shown in the following figure.



12

2. Set the serial port.Select the serial port that is connected to the MA5600T. You can select COM1 orCOM2 (here, use COM2 as an example), and click OK, as shown in the following figure.

3. Set the HyperTerminal communication parameters. For details, see the following figure.



13

NOTE

l The baud rate of the HyperTerminal must be the same as the baud rate of the serial port on theMA5600T. By default, the baud rate of the serial port is 9600 bit/s.

l If illegible characters are displayed on the HyperTerminal interface after you log in to the system,it is generally because the baud rate of the HyperTerminal is different from the baud rate of theMA5600T. In this case, set the consistent baud rate for the HyperTerminal to log in to the system.The system supports the baud rates of 9600 bit/s, 19200 bit/s, 38400 bit/s, 57600 bit/s, and 115200bit/s.

4. Click OK to display the HyperTerminal interface.Step 3 (Optional) Set the properties of the HyperTerminal.

1. Set the emulation type of the HyperTerminal.Choose File > Properties on the HyperTerminal interface. In the dialog box that isdisplayed, click the Settings tab, and set Emulation to VT100 or Auto Detect, as shownin the following figure. It is Auto Detect by default.



14

2. Set the line delay and the character delay of the ASCII code.Click ASCII Setup. In the dialog box that is displayed, set line delay to 200 and Characterdelay to 300, and then click OK, as shown in the following figure. By default, Linedelay is 0, and Character delay is 0.



15

NOTEWhen you paste a text to the HyperTerminal, the character delay controls the character transmit speed,and the line delay controls the interval of transmitting every line. If a delay is very short, loss ofcharacters occurs. When the pasted text is displayed abnormally, modify the delay.

----End

ResultOn the Hyper Terminal interface, press Enter, and the system prompts you to input the username. Input the user name and the password for user registration (by default, the super user nameis root and the password is admin), and wait until the CLI prompt character is displayed.

If the login fails, click and then click on the operation interface. If the login still fails,return to step 1 to check the parameter settings and the physical connections, and then try again.

Login Through Telnet (Outband Management)This topic describes how to log in to the MA5600T using the local maintenance Ethernet port(outband management port) in the telnet mode to maintain and manage the MA5600T.

PrerequisitesEngineers are logged in to the MA5600T by using the local serial port or the ETH port.

NOTEThe default IP address of the maintenance Ethernet port (ETH port on the control board) is 10.11.104.2,and the subnet mask is 255.255.255.0.

l For details about how to log in to the MA5600T by using the local serial port, see LoginThrough the Local Serial Port.

l For details about how to log in to the MA5600T by using the ETH port, see the following: Configure the IP address of the PC that is used for logging in to the MA5600T. This IP

address is on the same subnet as the IP address of the maintenance Ethernet port but isnot the IP address of the maintenance Ethernet port. For example, configure the IPaddress to 10.11.104.6. After logging in to the MA5600T, in the MEth mode, run the ip address command to

change the IP address of the device to 10.50.1.10/24. Change the IP address of the PC to be on the same subnet as the IP address of the

maintenance Ethernet port but is not the IP address of the maintenance Ethernet port.For example, change the IP address of the device to 10.50.1.11/24.

Network TopologyFigure 1-6 shows an example network for outband management through telnet in a LAN, andFigure 1-7 shows an example network for outband management through telnet in a WAN.



16

Figure 1-6 Example network for outband management through telnet in a LAN

NOTEThe MA5600T is connected to the LAN using the straight using cable, and the IP address of the maintenanceEthernet port of the MA5600T is in the same network segment as the IP address of the maintenance terminal.Alternatively, the Ethernet port of the maintenance terminal can be directly connected to the maintenanceEthernet port of the MA5600T to manage the MA5600T in the outband management mode. In such acondition, a crossover cable must be used.

Figure 1-7 Network example for outband management through telnet in a WAN

Data PlanTable 1-5 and Table 1-6 provide the data plan for the outband management through telnet in aLAN and in a WAN respectively.

Table 1-5 Data plan for the outband management through telnet in a LANItem DataMaintenance Ethernet port of the MA5600T IP address: 10.50.1.10/24

NOTEBy default, the IP address of the maintenanceEthernet port (ETH port on the control board) is10.11.104.2, and the subnet mask is255.255.255.0.



17

Item DataMaintenance terminal IP address: 10.50.1.20/24 (in the same subnet

as the IP address of the maintenance Ethernetport)

Table 1-6 Data plan for the outband management through telnet in a WANItem DataMaintenance Ethernet port of the MA5600T IP address: 10.50.1.10/24

NOTEBy default, the IP address of the maintenanceEthernet port (ETH port on the control board) is10.11.104.2, and the subnet mask is255.255.255.0.

Maintenance terminal IP address: 10.10.1.10/24Router port connecting to the MA5600T IP address: 10.50.1.1/24

FlowchartFigure 1-8 shows the flowchart for logging in to the MA5600T through telnet (outbandmanagement).

Figure 1-8 Flowchart for logging in to the MA5600T through telnet (outband management)



18

ProcedureStep 1 Set up the network environment.

l If you log in to the MA5600T in the LAN outband management mode through telnet, setup a network environment according to Figure 1-6.

l If you log in to the MA5600T in the MAN outband management mode through telnet, setup a network environment according to Figure 1-7.

Step 2 Configure the IP address of the maintenance Ethernet port.In the MEth mode, run the ip address command to configure the IP address of the maintenanceEthernet port.huawei(config)#interface meth 0huawei(config-if-meth0)#ip address 10.50.1.10 24

Step 3 Add a route for the outband management.l If the network environment is set up as shown in Figure 1-6, you need not add a route.l If the network environment is set up as shown in Figure 1-7, run the ip route-static

command to add a route from the maintenance Ethernet port of the MA5600T to themaintenance terminal.huawei(config-if-meth0)#quithuawei(config)#ip route-static 10.10.1.0 24 10.50.1.1

Step 4 Run the telnet application.On the maintenance terminal, choose Start > Run. On the Run window, input "telnet10.50.1.10" in the Open field as shown in Figure 1-9 (considering the Windows OS as anexample), and click OK. Then, the telnet dialog box is displayed.

Figure 1-9 Running the telnet application

Step 5 Log in to the system.

In the telnet dialog box, input the user name and the password. By default, the user name isroot, and the password is admin. When the login is successful, the system displays the followinginformation:

>>:root >>:admin



19

Huawei Integrated Access SoftwareMA5600T. Copyright(C) Huawei Technologies Co., Ltd. 2002-2011. All rights reserved. ----------------------------------------------------------------------------- User last login information: ----------------------------------------------------------------------------- Access Type : Telnet IP-Address : 10.10.10.122 Login Time : 2011-03-29 16:03:20+08:00 Logout Time : 2011-03-29 16:08:40+08:00 ----------------------------------------------------------------------------- ----------------------------------------------------------------------------- User fail login information: ----------------------------------------------------------------------------- Last Access Type : Telnet Last IP-Address : 10.10.10.74 Last Login Time : 2011-03-29 16:11:10+08:00 Login Failure Times : 2 ----------------------------------------------------------------------------- ----------------------------------------------------------------------------- All user fail login information: ----------------------------------------------------------------------------- Access Type IP-Address Time Login Times ----------------------------------------------------------------------------- Telnet 10.10.10.74 2011-03-29 16:11:10+08:00 1 Telnet 10.10.10.122 2011-03-29 15:37:05+08:00 3 Telnet 10.10.10.193 2011-03-25 18:19:04+08:00 1 -----------------------------------------------------------------------------

The following table describes the parameters in response to this login.

Parameter DescriptionUser name Indicates the user name.User password Indicates the user password that is not displayed on the

maintenance terminal.User last login information Indicates the information about the latest successful login.Access Type Indicates the access type of the latest successful login.IP-Address Indicates the IP address of the latest successful login.Login Time Indicates the time of the latest successful login.Logout Time Indicates the time of the latest successful logout. If the user

does not log out, it displays as "--".User fail login information Indicates the information about the failed login.Last Access Type Indicates the access type of the latest failed login.Last IP-Address Indicates the IP address of the latest failed login.Last Login Time Indicates the time of the latest failed login.Login Failure Times Indicates the failed login times. It is the times of login failures

between two login successes, but not the accumulative loginfailures.

All user fail logininformation

Indicates the information about failed login of all users, whichcan be viewed only by user root or security administrator.



20

Parameter DescriptionAccess Type Indicates the access type of the login.IP-Address Indicates the IP address of the login.Time Indicates the time of the login.Login Times Indicates the login times.

----End

ResultAfter logging in to the system, you can maintain and manage the MA5600T.

Login Through Telnet (Inband Management)This topic describes how to log in to the MA5600T using the upstream port (inband managementport) in the telnet mode to maintain and manage the MA5600T.








Network TopologyFigure 1-10 shows an example network for inband management through telnet in a LAN, andFigure 1-11 shows an example network for inband management through telnet in a WAN.



21

Figure 1-10 Example network for inband management through telnet in a LAN

Figure 1-11 Example network for inband management through telnet in a WAN

Data PlanTable 1-7 and Table 1-8 provide the data plan for the inband management through telnet in aLAN and in a WAN respectively.

Table 1-7 Data plan for the inband management through telnet in a LANItem DataUpstream port of the MA5600T l VLAN ID: 30

l Port: 0/17/0l IP address: 10.50.1.10/24

Maintenance terminal IP address: 10.50.1.20/24 (in the same subnetas the IP address of the maintenance Ethernetport)

Table 1-8 Data plan for the inband management through telnet in a WANItem DataUpstream port of the MA5600T l VLAN ID: 30

l Port: 0/17/0l IP address: 10.50.1.10/24

Maintenance terminal IP address: 10.10.1.10/24



22

Item DataRouter port connecting to the MA5600T IP address: 10.50.1.1/24

FlowchartFigure 1-12 shows the flowchart for logging in to the MA5600T through telnet (inbandmanagement).

Figure 1-12 Flowchart for logging in to the MA5600T through telnet (inband management)


l If you log in to the MA5600T in the LAN inband management mode through telnet, set upa network environment according to Figure 1-10.

l If you log in to the MA5600T in the WAN inband management mode through telnet, setup a network environment according to Figure 1-11.

Step 2 Configure the IP address of the VLAN Layer 3 interface.1. Run the vlan command to create a management VLAN.

huawei(config)#vlan 30 standard

2. Run the port vlan command to add an upstream port to the VLAN.



23

huawei(config)#port vlan 30 0/17 03. In the VLANIF mode, run the ip address command to configure the IP address of the

VLAN Layer 3 interface.huawei(config)#interface vlanif 30huawei(config-if-vlanif30)#ip address 10.50.1.10 24

NOTEIf the packet transmitted from the upstream port is untagged, run the native-vlan command to configurethe native VLAN of the upstream port to be the same as the VLAN of the upstream port.

Step 3 Add a route for the inband management.l If the network environment is set up as shown in Figure 1-10, you need not add a route.l If the network environment is set up as shown in Figure 1-11, run the ip route-static


Step 4 Run the telnet application.On the maintenance terminal, choose Start > Run. On the Run window, input "telnet10.50.1.10" in the Open field as shown in Figure 1-13 (considering the Windows OS as anexample), and click OK. Then, the telnet dialog box is displayed.

Figure 1-13 Running the telnet application

Step 5 Log in to the system.

In the telnet dialog box, input the user name and the password. By default, the user name isroot, and the password is admin. When the login is successful, the system displays the followinginformation:

>>:root >>:admin Huawei Integrated Access SoftwareMA5600T. Copyright(C) Huawei Technologies Co., Ltd. 2002-2011. All rights reserved. ----------------------------------------------------------------------------- User last login information: ----------------------------------------------------------------------------- Access Type : Telnet IP-Address : 10.10.10.122 Login Time : 2011-03-29 16:03:20+08:00 Logout Time : 2011-03-29 16:08:40+08:00



24

----------------------------------------------------------------------------- ----------------------------------------------------------------------------- User fail login information: ----------------------------------------------------------------------------- Last Access Type : Telnet Last IP-Address : 10.10.10.74 Last Login Time : 2011-03-29 16:11:10+08:00 Login Failure Times : 2 ----------------------------------------------------------------------------- ----------------------------------------------------------------------------- All user fail login information: ----------------------------------------------------------------------------- Access Type IP-Address Time Login Times ----------------------------------------------------------------------------- Telnet 10.10.10.74 2011-03-29 16:11:10+08:00 1 Telnet 10.10.10.122 2011-03-29 15:37:05+08:00 3 Telnet 10.10.10.193 2011-03-25 18:19:04+08:00 1 -----------------------------------------------------------------------------

The following table describes the parameters in response to this login.

Parameter DescriptionUser name Indicates the user name.User password Indicates the user password that is not displayed on the

maintenance terminal.User last login information Indicates the information about the latest successful login.Access Type Indicates the access type of the latest successful login.IP-Address Indicates the IP address of the latest successful login.Login Time Indicates the time of the latest successful login.Logout Time Indicates the time of the latest successful logout. If the user

does not log out, it displays as "--".User fail login information Indicates the information about the failed login.Last Access Type Indicates the access type of the latest failed login.Last IP-Address Indicates the IP address of the latest failed login.Last Login Time Indicates the time of the latest failed login.Login Failure Times Indicates the failed login times. It is the times of login failures

between two login successes, but not the accumulative loginfailures.

All user fail logininformation

Indicates the information about failed login of all users, whichcan be viewed only by user root or security administrator.

Access Type Indicates the access type of the login.IP-Address Indicates the IP address of the login.Time Indicates the time of the login.Login Times Indicates the login times.



25

----End


Login Through SSH (Outband Management)This topic describes how to log in to the MA5600T using the local maintenance Ethernet port(outband management port) in the SSH mode to maintain and manage the MA5600T. The SSHprovides authentication, encryption, and authorization to ensure the network communicationsecurity. When a user logs in to the MA5600T remotely over an insecure network, SSH providessecurity guarantee and powerful authentication to protect the MA5600T against attacks such asIP address spoofing and interception of plain text password.








Network TopologyFigure 1-14 shows an example network for outband management through SSH in a LAN, andFigure 1-15 shows an example network for outband management through SSH in a WAN.



26

Figure 1-14 Example network for outband management through SSH in a LAN

NOTEThe MA5600T is connected to the LAN using the straight using cable, and the IP address of the maintenanceEthernet port of the MA5600T is in the same network segment as the IP address of the maintenance terminal.Alternatively, the Ethernet port of the maintenance terminal can be directly connected to the maintenanceEthernet port of the MA5600T to manage the MA5600T in the outband management mode. In such acondition, a crossover cable must be used.

Figure 1-15 Example network for outband management through SSH in a WAN

Data PlanTable 1-9 and Table 1-10 provide the data plan for the outband management through SSH in aLAN and in a WAN respectively.



27

Table 1-9 Data plan for the outband management through SSH in a LANItem DataMaintenance Ethernet port of the MA5600T l IP address: 10.50.1.10/24

l User authentication mode: RSA publickey authentication

l RSA key name: keyNOTE

By default, the IP address of the maintenanceEthernet port (ETH port on the control board) is10.11.104.2, and the subnet mask is255.255.255.0.

New user l User name/Password: huawei/test01l Authority: Operatorl Permitted reenter number: 4


Table 1-10 Data plan for the outband management through SSH in a WANItem DataMaintenance Ethernet port of the MA5600T l IP address: 10.50.1.10/24

l User authentication mode: RSA publickey authentication

l RSA key name: keyNOTE

By default, the IP address of the maintenanceEthernet port (ETH port on the control board) is10.11.104.2, and the subnet mask is255.255.255.0.



FlowchartFigure 1-16 shows the flowchart for logging in to the MA5600T through SSH.



28

Figure 1-16 Flowchart for logging in to the MA5600T through SSH (Outband Management)



29


l If you log in to the MA5600T in the LAN outband management mode through SSH, set upa network environment according to Figure 1-14.

l If you log in to the MA5600T in the WAN outband management mode through SSH, setup a network environment according to Figure 1-15.

Step 2 Configure the IP address of the maintenance Ethernet port.In the MEth mode, run the ip address command to configure the IP address of the maintenanceEthernet port.huawei(config)#interface meth 0huawei(config-if-meth0)#ip address 10.50.1.10 24

Step 3 Add a route for the outband management.l If the network environment is set up as shown in Figure 1-14, you need not add a route.l If the network environment is set up as shown in Figure 1-15, run the ip route-static


Step 4 Create a user.Run the terminal user name command to create a user.huawei(config)#terminal user name User Name(length):huawei User Password(length):test01 //The password is not displayed on the maintenance terminal. Confirm Password(length):test01 //The password is not displayed on the maintenance terminal. User profile name(

...............................++++++++

...........++++++++

Step 6 Set the SSH user authentication mode.Run the ssh user huawei authentication-type rsa command to choose the authentication modeof the SSH user.There are four authentication modes for SSH users, as shown in the following. In this topic,authentication mode rsa is considered as an example.l password: authentication based on a password.l rsa: authentication based on an RSA public key.l all: authentication based on a password or an RSA public key. The user can log in to the

device either by the password or the RSA public key.l password-publickey: authentication based on a password and a public key. The user can log

in to the device only after both the password and the RSA public key authentication.huawei(config)#ssh user huawei authentication-type{ all|password-publickey|password|rsa }:rsa

Command: ssh user huawei authentication-type rsa%Authentication type setted, and will be in effect next time.

Step 7 Generate the RSA public key.1. Run the key generator.

Run the client software key generator Puttygen.exe. Figure 1-17 shows the interface of thekey generator.

Figure 1-17 Interface of the key generator



31

2. Generate the client key.

Select SSH-2 RSA as the key type under Parameters, click Generate, and move the cursoraccording to the prompt on the interface to generate the client key, as shown in Figure1-18.

Figure 1-18 Interface of the key generator

Click Save public key and Save private key to save the public key and the private keyrespectively after they are generated, as shown in Figure 1-19.



32

Figure 1-19 Save the public key and the private key

3. Generate the RSA public key.

Open sshkey.exe, click Browse, and choose the public key file saved in the preceding step.Then, click Convert to change the client public key to the RSA public key, as shown inFigure 1-20.



33

Figure 1-20 Interface of converting the client public key to the RSA public key

Step 8 Generate the public key for the SSH user.

Create RSA public key. Copy the RSA public key to the server in the config-rsa-key-codecommand line mode.huawei(config)#rsa peer-public-key keyEnter "RSA public key" view, return system view with "peer-public-key end".NOTE: The number of the bits of public key must be between 769 and 2048.

huawei(config-rsa-public-key)#public-key-code beginEnter "RSA key code" view, return last view with "public-key-code end".

huawei(config-rsa-key-code)#30818702 81810098 933744B6 7C864EC7 A86A84CC 198BAC15

huawei(config-rsa-key-code)#D32834F7 365CFD17 E7FE4041 3266E416 710D13ED 22BD4D59

huawei(config-rsa-key-code)#DF0C3E46 A995CC61 DC4CB179 F6888B8C 3F8A3085 51EDB5C7

huawei(config-rsa-key-code)#5DEBDBE1 3AB4A256 0D0B9AA8 9A419D85 35C0E562 AE0BBFAB

huawei(config-rsa-key-code)#515299F9 D2803E84 3AE36C20 949367EA 0697EB20 2594A774

huawei(config-rsa-key-code)#9A0EFF04 26928874 FF9124C4 D28F0702 0125

huawei(config-rsa-key-code)#public-key-code end



34

huawei(config-rsa-public-key)#peer-public-key end

Step 9 Assign the public key to the SSH user.Run the ssh user assign rsa-key command to assign the RSA public key to the SSH user.huawei(config)#ssh user huawei assign rsa-key key

Step 10 Log in to the system.1. Run the client software.

Run the SSH client software putty.exe, choose SSH > Auth from the navigation tree, andassign a file for the RSA private key, as shown in Figure 1-21. Click Browse to displaythe window for selecting the file. In the window, select the file for the private key, and clickOK.

Figure 1-21 Interface of the SSH client software

2. Log in to the system.

Choose Session from the navigation tree, and then input the IP address of the MA5600Tin the Host Name (or IP address) field, as shown in Figure 1-22. Then, click Open to login to the system.



35

Figure 1-22 Interface for logging in to the system using the SSH client software

The user authentication mode is set to the RSA authentication mode, and the systemtherefore displays the prompt, as shown in Figure 1-23. Input the user name to log in tothe system (here, the user name is huawei).

Figure 1-23 Interface for logging in to the system using the SSH client software



36

----End


Login Through SSH (Inband Management)This topic describes how to log in to the MA5600T using the upstream port (inband managementport) in the SSH mode to maintain and manage the MA5600T. The secure shell (SSH) providesauthentication, encryption, and authorization to ensure the network communication security.When a user logs in to the MA5600T remotely over an insecure network, SSH provides securityguarantee and powerful authentication to protect the MA5600T against attacks such as IP addressspoofing and interception of plain text password.








Network TopologyFigure 1-24 shows an example network for inband management through SSH in a LAN, andFigure 1-25 shows an example network for inband management through SSH in a WAN.

Figure 1-24 Example network for inband management through SSH in a LAN



37

Figure 1-25 Example network for inband management through SSH in a WAN

Data PlanTable 1-11 and Table 1-12 provide the data plan for the inband management through SSH in aLAN and in a WAN respectively.

Table 1-11 Data plan for the inband management through SSH in a LANItem DataUpstream port of the MA5600T l VLAN ID: 30

l Port: 0/7/0l IP address: 10.50.1.10/24l User authentication mode: RSA public

key authenticationl RSA key name: key



Table 1-12 Data plan for the inband management through SSH in a WANItem DataUpstream port of the MA5600T l VLAN ID: 30

l Port: 0/7/0l IP address: 10.50.1.10/24l User authentication mode: RSA public

key authenticationl RSA key name: key



38

Item DataNew user l User name/Password: huawei/test01

l Authority: Operatorl Permitted reenter number: 4


FlowchartFigure 1-26 shows the flowchart for logging in to the MA5600T through SSH.



39

Figure 1-26 Flowchart for logging in to the MA5600T through SSH (Inband Management)



40


l If you log in to the MA5600T in the LAN inband management mode through SSH, set upa network environment according to Figure 1-24.

l If you log in to the MA5600T in the WAN inband management mode through SSH, set upa network environment according to Figure 1-25.

Step 2 Configure the IP address of the VLAN Layer 3 interface.1. Run the vlan command to create a management VLAN.

huawei(config)#vlan 30 standard2. Run the port vlan command to add an upstream port to the VLAN.

huawei(config)#port vlan 30 0/7 03. In the VLANIF mode, run the ip address command to configure the IP address of the

VLAN Layer 3 interface.huawei(config)#interface vlanif 30huawei(config-if-vlanif30)#ip address 10.50.1.10 24

NOTEIf the packet transmitted from the upstream port is untagged, run the native-vlan command to configurethe native VLAN of the upstream port to be the same as the VLAN of the upstream port.

Step 3 Add a route for the inband management.l If the network environment is set up as shown in Figure 1-24, you need not add a route.l If the network environment is set up as shown in Figure 1-25, run the ip route-static


Step 4 Create a user.Run the terminal user name command to create a user.huawei(config)#terminal user name User Name(length):huawei User Password(length):test01 //The password is not displayed on the maintenance terminal. Confirm Password(length):test01 //The password is not displayed on the maintenance terminal. User profile name(

huawei(config)#rsa local-key-pair createThe key name will be: HostThe range of public key size is (512 ~ 2048).NOTES: If the key modulus is greater than 512, It will take a few minutes.Input the bits in the modulus[default = 512]:Generating keys.....++++++++++++....................++++++++++++...............................++++++++...........++++++++

Step 6 Set the SSH user authentication mode.Run the ssh user huawei authentication-type rsa command to choose the authentication modeof the SSH user.There are four authentication modes for SSH users, as shown in the following. In this topic,authentication mode rsa is considered as an example.l password: authentication based on a password.l rsa: authentication based on an RSA public key.l all: authentication based on a password or an RSA public key. The user can log in to the

device either by the pas

Commissioning and Configuration Guide(V800R010C00_01)

Documents

Transcript of Commissioning and Configuration Guide(V800R010C00_01)