Let’s assume that we have a topology like in the picture:

1. IP addresses of ETH 0/1 and ETH 0/2 on Router A are 172.16.1.128/25 and 172.16.1.1/25 respectively.
2. Router B (dhcp client) obtains static IP address, gateway address and DNS server address from DHCP server (router A). A MAC address of interface ETH 0/0 of router B is 0800-6902-01FC.
3. DHCP server assigns IP addresses to clients in subnet 172.16.1.0/24 subnetted to 172.16.1.1/25 and 172.16.1.128/25.
4. DNS server address and WINS server address are 172.16.1.10/25 and 172.16.1.200/25 respectively.
5. For subnet 172.16.1.128/25 configure DNS server address, WINS server address, gateway address and address lease duration for 6 days and 6 hours.
6. For subnet 172.16.1.1/25 configure DNS server address, gateway address and address lease duration for 10 days.

DHCP configuration

Assign IP addresses to interfaces of router A:

[RouterA] interface ethernet 0/1
[RouterA-Ethernet0/1] ip address 172.16.1.128 25
[RouterA-Ethernet0/1]quit
[RouterA] interface ethernet 0/2
[RouterA-Ethernet0/2] ip address 172.16.1.1 25

Configure DHCP server:

[RouterA] dhcp enable

Create DHCP address pool 1 with configured static binding, DNS and gateway addresses:

[RouterA] dhcp server ip-pool 1
[RouterA-dhcp-pool-1] static-bind ip-address 172.16.1.150
[RouterA-dhcp-pool-1] static-bind mac-address 0800-6902-01FC
[RouterA-dhcp-pool-1] dns-list 172.16.1.10
[RouterA-dhcp-pool-1] gateway-list 172.16.1.254

Exclude IP addresses of gateways, DNS and WINS servers from dynamic allocation:

[RouterA] dhcp server forbidden-ip 172.16.1.10
[RouterA] dhcp server forbidden-ip 172.16.1.200
[RouterA] dhcp server forbidden-ip 172.16.1.126
[RouterA] dhcp server forbidden-ip 172.16.1.254

Configure DHCP address pool 2 with address range and DNS server address:

[RouterA] dhcp server ip-pool 2
[RouterA-dhcp-pool-2] network 172.16.1.0 mask 255.255.255.0
[RouterA-dhcp-pool-2] dns-list 172.16.1.10

Configure DHCP address pool 3 with address range, gateway and lease duration (DNS address is inherited from ip-pool 2):

[RouterA] dhcp server ip-pool 3
[RouterA-dhcp-pool-3] network 172.16.1.1 mask 255.255.255.128
[RouterA-dhcp-pool-3] expired day 10
[RouterA-dhcp-pool-3] gateway-list 172.16.1.126

Configure DHCP address pool 4 with address range, WINS server address, gateway and lease duration (DNS address is inherited from ip-pool 2):

[RouterA] dhcp server ip-pool 4
[RouterA-dhcp-pool-4] network 172.16.1.128 mask 255.255.255.128
[RouterA-dhcp-pool-4] expired day 6 hour 6
[RouterA-dhcp-pool-4] gateway-list 172.16.1.254
[RouterA-dhcp-pool-4] nbns-list 172.16.1.200

After the whole configuration is completed Router B gets 172.16.1.150 IP address from DHCP server. All remaining DHCP clients obtain IP addresses and other network parameters from either 172.16.1.1/25 or 172.16.1.128/25 networks (depends on subnet which they reside in). Display dhcp server ip-in-use command shows IP addresses assigned to DHCP clients.

IP address allocation sequence:

• The IP address manually bound to the client’s MAC address or ID
• The IP address that was ever assigned to the client
• The IP address designated by the Option 50 field in a DHCP-DISCOVER message
• The first assignable IP address found in an extended or a common address pool
• The IP address that was a conflict or passed its lease duration

To make it easy to maintain Huawei’s device it is recommended to configure proper time. You can do it manually or configure NTP protocol to force the device to use reference time from external servers. I will also show you how to configure header for login information and how to execute the specified batch file.

Setting of time zone:

clock timezone time-zone-name { add | minus } offset

Let’s take Poland time zone as an example.

<NE40E>clock timezone labnario add 1

 Setting of daylight-saving-time:

clock daylight-saving-time time-zone-name repeating start-time { { { first | second | third | fourth | last } weekday month } | start-date } end-time { { { first | second | third | fourth | last } weekday month } | end-date } offset

Using the “clock daylight-saving-time” command, you can configure the name, start time and end time of the daylight saving time. Taking Poland as an exapmple we add 1 hour during summer time:

<NE40E>clock daylight-saving-time labnario repeating 02:00 last Sun Mar 03:00 last Sun Oct 01:00

Setting of actual time:

<NE40E>clock datetime 18:00 2011-11-03

You can display clock information using “display clock” command.

NTP external servers:

If you want to use external NTP servers, for time synchronization, you can configure them in the following way:

[NE40E]ntp-service unicast-server x.x.x.x source-interface interface name
[NE40E]ntp-service unicast-server y.y.y.y source-interface interface name

You can display status of NTP using “display ntp-service status” command.

I only showed you basic NTP configuration. More details you can find in specific product documentation.

Header login configuration:

You can configure header login information in the 2 ways:

As a text:

[NE40E]header login information "
Info:The banner text supports 220 characters max, including the start and the end character.If you want to enter more than this, use banner file instead.
Input banner text, and quit with the character '"':
****************************************

Authorised access only
This system is the property of LABNARIO
Disconnect IMMEDIATELY if you are not an authorised user!

****************************************
"
[NE40E]

Using a file stored in CF card:

[NE40E]header login file labnario.txt

Execute name.bat

Sometimes, instead of putting many commands in CLI, it is easier and faster to use batch file. You can create such batch (suffixed with “.bat”) file with a set of commands inside and then upload it to CF card by FTP. Then you can use “execute name.bat” command to start the file.

In my previous post I wrote about upgrade of Huawei S5300 switch. The question is, what to do if flash memory is too small to fit more than one software. As it was mentioned last time, you can format flash from bootrom menu and download a new software using FTP, from bootrom menu. In this post I will show you how to deal with this problem more smoothly. You can come up against this problem in Huawei S3328TP-SI switch, where flash capacity is 15MB. Let’s take it as an example.

<S3328>display version
Huawei Versatile Routing Platform Software
VRP (R) Software, Version 5.30 (S3328 V100R003C00SPC301)
Copyright (C) 2008-2009 Huawei Technologies Co., Ltd.
Quidway S3328TP-SI uptime is 0 day, 0 hour, 4 minutes

As you can see flash capacity is 15MB:

<S3328>dir
Directory of flash:/

   0   -rw-        61  Jan 01 2008 00:22:13   private-data.txt
   1   -rw-       660  Jan 01 2008 00:16:23   vrpcfg.zip
   2   -rw-       396  Jan 01 2008 00:12:06   hostkey
   3   -rw-   7068108  Jan 01 2008 00:20:12   s3328-v100r003c00spc301.cc
   4   -rw-       540  Jan 01 2008 00:12:11   serverkey
   5   -rw-    343712  Jan 01 2008 00:04:49   bootrom330.bin
   6  -rw-        60  Jan 01 2008 00:00:53   $_patchstate_a
   7  -rw-         4  Jan 01 2008 00:01:37   notilogindex.txt

14632 KB total (6268 KB free)

Now we want to upgrade the switch to S3328-V100R005C00SPC100 software version. Evidently the flash is too small to fit this software. So we are trying to delete the old software:

<S3328>delete /unreserved /s3328-v100r003c00spc301.cc
Error: Invalid operation, this is system startup file.

As we expected this is not possible to delete system startup file:

<S3328>display startup
[Unit 0]:
MainBoard:
  Configed startup system software:          flash:/s3328-v100r003c00spc301.cc
  Startup system software:                       flash:/s3328-v100r003c00spc301.cc
  Next startup system software:                flash:/s3328-v100r003c00spc301.cc
  Startup saved-configuration file:              flash:/vrpcfg.zip
  Next startup saved-configuration file:       flash:/vrpcfg.zip
  Startup license file:                               NULL
  Next startup license file:                        NULL
  Startup patch package:                         NULL
  Next startup patch package:                  NULL

How can we manage with it? Go to hidden mode of S3300 and type the following command:

[S3328]_hide
Password:
Now you enter a hidden command view for developer's testing, some commands may
affect operation by wrong use, please carefully use it with engineer's
direction.
[S3328-hidecmd]undo startup system-software

This command causes that system software file is not set as startup file, what then makes it possible to delete it from flash:

<S3328>display startup
[Unit 0]:
MainBoard:
  Configed startup system software:          NULL
  Startup system software:
  Next startup system software:                NULL
  Startup saved-configuration file:             flash:/vrpcfg.zip
  Next startup saved-configuration file:      flash:/vrpcfg.zip
  Startup license file:                               NULL
  Next startup license file:                        NULL
  Startup patch package:                         NULL
  Next startup patch package:                  NULL

<S3328>delete /unreserved s3328-v100r003c00spc301.cc
The contents cannot be recycled!!! Delete flash:/s3328-v100r003c00spc301.cc?[Y/N]:y
%Deleting file flash:/s3328-v100r003c00spc301.cc...
Jan  1 2008 00:28:14 Quidway %%01VFS/4/DEL_UNRSV(l): When deciding whether to permanently delete file flash:/s3328-v100r003c00spc301.cc, the user chose Y.
Deleting file permanently from flash will take a long time if needed...............................................Done!

Then follow upgrade procedure, described in my previous post to download the new software and upgrade the switch.

Any time you want to upgrade huawei’s device you have 2 methods to do this. The first of them is to use CLI (command line interface), the second is to use bootrom menu. Using CLI is the most popular method. You can configure FTP server on the device and use your PC as FTP client or install FTP server on your PC and treat the device as FTP client. Anyway, you can use TFTP or serial (slow connection) instead of FTP. Sometimes it is not possible to get CLI because there is a problem with software file. It is damaged or does not exist. In this case we can use bootrom menu to download a new software and upgrade the device. Let’s take S5300 as an example.

Upgrade of Huawei S5300 switch from CLI

Huawei S5300 as FTP server:

#
FTP server enable
#
local-user labnario password simple labnario
local-user labnario privilege level 15
local-user labnario ftp-directory flash:
local-user labnario service-type ftp
#
interface MEth0/0/1
 ip address 192.168.0.20 255.255.255.0
#

S5300 as FTP client:

<Quidway>ftp 192.168.0.22
Trying 192.168.0.22 ...
Press CTRL+K to abort
Connected to 192.168.0.22.
220 3Com FTP Server Version 1.1
User(192.168.0.22:(none)):huawei
331 User name ok, need password
Enter password:
230 User logged in

[ftp]dir
200 PORT command successful.
150 File status OK ; about to open data connection
---------- 1 owner group    327968 Sep 21 10:40 bootrom104.bin
---------- 1 owner group  11050836 Sep 21 10:40 S5300EI-V100R005C00SPC100.cc
226 Closing data connection
FTP: 1000 byte(s) received in 1.280 second(s) 781.25byte(s)/sec.

[ftp]binary
200 Type set to I.

[ftp]get S5300EI-V100R005C00SPC100.cc

Display all files stored in S5300 flash:

<Quidway>dir
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time       FileName
    0  -rw-        106,936  Oct 01 2008 00:08:11   matnlog.dat
    1  -rw-      5,169,809  Oct 01 2008 00:05:18   log.log
    2  -rw-            102  Oct 09 2008 16:27:17   $_patchstate_a
    3  -rw-      7,369,844  Oct 01 2008 00:01:06   SV100R002C02B093_for_5300.cc
    4  -rw-     11,050,836  Oct 01 2008 00:02:26   S5300EI-V100R005C00SPC100.cc
    5  -rw-        327,968  Oct 01 2008 00:50:21   bootrom104.bin
    6  -rw-          4,086  Oct 01 2008 00:51:42   vrpcfg.cfg
    7  -rw-             28  Oct 01 2008 00:07:04   private-data.txt

30,008 KB total (6,504 KB free)

Set the new software as startup software:

<Quidway>startup system-software S5300EI-V100R005C00SPC100.cc
Info: Succeeded in setting the software for booting system.
display startup
MainBoard:
  Configured startup system software:        flash:/SV100R002C02B093_for_5300.cc
  Startup system software:                   flash:/SV100R002C02B093_for_5300.cc
  Next startup system software:              flash:/s5300ei-v100r005c00spc100.cc
  Startup saved-configuration file:          flash:/vrpcfg.cfg
  Next startup saved-configuration file:     flash:/vrpcfg.cfg
  Startup paf file:                          NULL
  Next startup paf file:                     NULL
  Startup license file:                      NULL
  Next startup license file:                 NULL
  Startup patch package:                     NULL
  Next startup patch package:                NULL

The last task is to restart the switch:

<Quidway>reboot

Upgrade of S5300 from bootrom menu

Sometimes it is necessary to upgrade bootrom, before of software upgrade. You can do this directly from bootrom menu.

To enter bootrom menu power on or reboot the switch

Enter the bootrom menu by Ctrl+B, default bootrom password for S5300 is huawei.

BIOS LOADING ...
Copyright (c) 2008-2010 HUAWEI TECH CO., LTD.
(Ver104, Aug 17 2010, 16:50:12)

Press Ctrl+B to enter BOOTROM menu... 1
password:
          BOOTROM  MENU

    1. Boot with default mode
    2. Enter serial submenu
    3. Enter startup submenu
    4. Enter ethernet submenu
    5. Enter filesystem submenu
    6. Modify BOOTROM password
    7. Reboot

Enter your choice(1-7): 2

          SERIAL  SUBMENU

    1. Update BOOTROM system
    2. Download file to Flash through serial interface
    3. Modify serial interface parameter
    4. Return to main menu

Enter your choice(1-4): 1

Please select file.
XMODEM downloading ...CC

After bootrom upgrade we can start upgrading software. The first task is to download necessary software from FTPserver. The whole procedure below:

BOOTROM  MENU

    1. Boot with default mode
    2. Enter serial submenu
    3. Enter startup submenu
    4. Enter ethernet submenu
    5. Enter filesystem submenu
    6. Modify BOOTROM password
    7. Reboot

Enter your choice(1-7): 4

          ETHERNET  SUBMENU

    1. Download file to SDRAM through ethernet interface and reboot the system
    2. Download file to Flash through ethernet interface
    3. Modify ethernet interface boot parameter
    4. Return to main menu

Be sure to select 3 to modify boot parameter before downloading!
Enter your choice(1-4): 3

          BOOTLINE  SUBMENU

    1. Set TFTP protocol parameters
    2. Set FTP protocol parameters
    3. Return to ethernet menu

Enter your choice(1-3): 2

'.' = clear field;  '-' = go to previous field;  ^D = quit
Load File name      : S5300EI-V100R005C00SPC100.cc S5300EI-V100R005C00SPC100.cc
Switch IP address   : 192.168.0.20
Server IP address   : 192.168.0.22
FTP User Name       : huawei
FTP User Password   : huawei

Starting to write BOOTLINE into flash ... done

          BOOTLINE  SUBMENU

    1. Set TFTP protocol parameters
    2. Set FTP protocol parameters
    3. Return to ethernet menu

Enter your choice(1-3): 3

          ETHERNET  SUBMENU

    1. Download file to SDRAM through ethernet interface and reboot the system
    2. Download file to Flash through ethernet interface
    3. Modify ethernet interface boot parameter
    4. Return to main menu

Enter your choice(1-4): 2

boot device          : mottsec
unit number          : 0
processor number     : 0
host name            : host
file name            : S5300EI-V100R005C00SPC100.cc
inet on ethernet (e) : 192.168.0.20
host inet (h)        : 192.168.0.22
user (u)             : huawei
ftp password (pw)    : huawei
flags (f)            : 0x0
target name (tn)     : V1R5SPC100.cc

Attached TCP/IP interface to mottsec0.
Warning: no netmask specified.
Attaching network interface lo0... done.
Loading...
Read file to sdram .............Done

After the new software is downloaded we can set the new software as startup software:

BOOTROM  MENU

    1. Boot with default mode
    2. Enter serial submenu
    3. Enter startup submenu
    4. Enter ethernet submenu
    5. Enter filesystem submenu
    6. Modify BOOTROM password
    7. Reboot

Enter your choice(1-7): 3

       Startup Configuration Submenu

    1. Display startup configuration
    2. Modify startup configuration
    3. Return to main menu

Enter your choice(1-3): 1
Current startup configuration
  startup type      : Flash
  startup file      : s5300ei-v100r005c00spc100.cc
  configuration file: vrpcfg.cfg
  license file      :
  patch package     :

Last time startup state : Success
Latest successful startup configuration
  startup file      : S5300EI-V100R005C00SPC100.cc
  configuration file: vrpcfg.cfg
  license file      :
  patch package     :

       Startup Configuration Submenu

    1. Display startup configuration
    2. Modify startup configuration
    3. Return to main menu

Enter your choice(1-3): 2

Note: startup file field can not be cleared
'.'=clear field; '^D'=quit; Enter=use current configuration

startup type(1: Flash  2: Server)
  current: 1
  new    : 1

Flash startup file (can not be cleared)
  current: SV100R002C02B093_for_5300.cc
  new    : s5300ei-v100r005c00spc100.cc

saved-configuration file
  current: vrpcfg.cfg
  new    : vrpcfg.cfg

license file
  current:
  new    :

patch package
  current:
  new    :

       Startup Configuration Submenu

    1. Display startup configuration
    2. Modify startup configuration
    3. Return to main menu

Enter your choice(1-3): 3

          BOOTROM  MENU

    1. Boot with default mode
    2. Enter serial submenu
    3. Enter startup submenu
    4. Enter ethernet submenu
    5. Enter filesystem submenu
    6. Modify BOOTROM password
    7. Reboot

Enter your choice(1-7): 7

If you choose 5 you will enter filesystem submenu. From this level you can display files stored in flash and execute some operation on these files. Sometimes it is very usefull if you do not have enough space in flash to download a new software. In this case you can format flash and then follow procedure of software downloading from bootrom menu. I had such case for example on S3300 switch where flash memory has not enough space to store 2 software versions.

 BOOTROM  MENU

    1. Boot with default mode
    2. Enter serial submenu
    3. Enter startup submenu
    4. Enter ethernet submenu
    5. Enter filesystem submenu
    6. Modify BOOTROM password
    7. Reboot

Enter your choice(1-7): 5

         FILESYSTEM SUBMENU

    1. Erase Flash
    2. Format flash
    3. Delete file from Flash
    4. Rename file from Flash
    5. Display Flash files
    6. Update EPLD file
    7. Update FPGA file
    8. Update FansCard File
    9. Return to main menu

Enter your choice(1-9):

It is also possible to enter boot-up diag submenu by using Ctrl+E shortcut 😉

BOOTROM  MENU

    1. Boot with default mode
    2. Enter serial submenu
    3. Enter startup submenu
    4. Enter ethernet submenu
    5. Enter filesystem submenu
    6. Modify BOOTROM password
    7. Reboot

Enter your choice(1-7):

                     BOOT-UP DIAG MENU

   1. Sdram Test                 2. Flash Test
   3. Epld Test                  4. Temperature Test
   5. RTC Test                   6. Show system information
   7. Aging Test                 8. E-Label Barcode and MAC Test
   9. Reserved                  10. Reserved
  11. Reserved                  12. Return MainMenu
Enter your choice(1-12):

Please remember that in older bootrom versions it is necessary to use Ctrl+Z shortcut to make some additional functions visible in bootrom menu. The bootrom menu can be different on different devices but after reading this post you will deal with them.

Any questions, anything is not clear for you, do not hesitate to ask me. Please be invited to write your comments.

How to log into Huawei S3300 switch? It is very simple. Which method you will chose depends on what you want to do on this device. If you want to upload file to or download it from the switch, use FTP or SFTP. If you want to configure the switch, use telnet, SSH or HTTP methods. Each time you can access the switch using console port,  locally or remotely, in case a console server is configured.

telnet S3300

#
telnet server enable
#
aaa
local-user labnario password cipher &EU15O"Q3/;Q=^Q`MAF4
local-user labnario privilege level 15
local-user labnario service-type telnet
#
user-interface vty 0 4
 authentication-mode aaa
 protocol inbound all
#

By default telnet server is enabled on S3300 switch. As this is default setting, it is not displayed in switch’s configuration. VTY lines use local user configured, to let you access the switch. Protocol inbound all command informs you that you can use both protocols, telnet and SSH.

The second method of using telnet is to configure authentication-mode for VTY as none or password. None means access without login and password, authentication-mode as password means you have to know password to access the switch. Additionally you should configure privilege level and password for VTY lines. By default user privilege level is set to 0.

#
user-interface vty 0 4
 authentication-mode none
 user privilege level 15
 protocol inbound all
#
user-interface vty 0 4
 authentication-mode password
 user privilege level 15
 set authentication password cipher &EU15O"Q3/;Q=^Q`MAF4
 protocol inbound all
#

 ssh S3300

#
aaa
local-user labnario password cipher &EU15O"Q3/;Q=^Q`MAF4
local-user labnario privilege level 15
local-user labnario service-type ssh
#
stelnet server enable
ssh user labnario
ssh user labnario authentication-type password
ssh user labnario service-type all
#
user-interface vty 0 4
 authentication-mode aaa
 protocol inbound all
#

In this case, SSH uses aaa settings, to access the device. For proper SSH configuration it is required to create RSA key. You can do this using the following command:

[labnario] rsa local-key-pair create
The key name will be: labnario_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
       It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
.............++++++++++++
..........++++++++++++
................++++++++
....................................++++++++

You can display RSA key by display rsa local-key-pair public command. Besides password, it is also possible to use RSA key or both RSA key and password, for SSH connection.

S3300 as FTP server

#
FTP server enable
#
aaa
 local-user labnario password cipher &EU15O"Q3/;Q=^Q`MAF4
 local-user labnario privilege level 15
 local-user labnario ftp-directory flash:
 local-user labnario service-type ftp
#

You can also configure secure FTP (sFTP) adding the following command:

#
sftp server enable
#

Access S3300 by HTTP

For Huawei S3300 switch there is also possible to use HTTP to access it. To do this, you have to load necessary file, delivered together with software. You can display all files, stored in flash, using dir command:

<labnario> dir
Directory of flash:/

Idx  Attr   Size(Byte)  Date        Time      FileName
0  -rw-    8,124,916  Jan 01 2008 02:14:24  S3328-V100R005C00SPC100.cc
1  -rw-          869  Jan 01 2008 00:01:21  private-data.txt
2  -rw-          396  Jan 01 2008 00:12:06  hostkey
3  -rw-          120  Aug 04 2011 08:49:23  vrpcfg.zip
4  -rw-          540  Jan 01 2008 00:12:11  serverkey
5  -rw-    1,087,883  Jan 01 2008 00:36:13  s3328-v100r005.001.web.zip

14,632 KB total (5,580 KB free)

HTTP access configuration:

[labnario] http server load s3328-v100r005.001.web.zip
Info: Load web file successfully.
[labnario] http server enable
Info: Starting the HTTP server successfully.

[labnario] aaa
[labnario-aaa] local-user labnario password cipher &EU15O"Q3/;Q=^Q`MAF4
[labnario-aaa] local-user labnario privilege level 15
[labnario-aaa] local-user labnario service-type http

Finally use IP address configured on the switch for HTTP access:

#
vlan 100
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 100
#
interface Vlanif100
 ip address 172.16.1.2 255.255.0.0
#