Huawei S3300 switch – access methods

How to log into Huawei S3300 switch? It is very simple. Which method you will chose depends on what you want to do on this device. If you want to upload file to or download it from the switch, use FTP or SFTP. If you want to configure the switch, use telnet, SSH or HTTP methods. Each time you can access the switch using console port,  locally or remotely, in case a console server is configured.

telnet S3300

#
telnet server enable
#
aaa
local-user labnario password cipher &EU15O"Q3/;Q=^Q`MAF4
local-user labnario privilege level 15
local-user labnario service-type telnet
#
user-interface vty 0 4
 authentication-mode aaa
 protocol inbound all
#

By default telnet server is enabled on S3300 switch. As this is default setting, it is not displayed in switch’s configuration. VTY lines use local user configured, to let you access the switch. Protocol inbound all command informs you that you can use both protocols, telnet and SSH.

The second method of using telnet is to configure authentication-mode for VTY as none or password. None means access without login and password, authentication-mode as password means you have to know password to access the switch. Additionally you should configure privilege level and password for VTY lines. By default user privilege level is set to 0.

#
user-interface vty 0 4
 authentication-mode none
 user privilege level 15
 protocol inbound all
#
user-interface vty 0 4
 authentication-mode password
 user privilege level 15
 set authentication password cipher &EU15O"Q3/;Q=^Q`MAF4
 protocol inbound all
#

 ssh S3300

#
aaa
local-user labnario password cipher &EU15O"Q3/;Q=^Q`MAF4
local-user labnario privilege level 15
local-user labnario service-type ssh
#
stelnet server enable
ssh user labnario
ssh user labnario authentication-type password
ssh user labnario service-type all
#
user-interface vty 0 4
 authentication-mode aaa
 protocol inbound all
#

In this case, SSH uses aaa settings, to access the device. For proper SSH configuration it is required to create RSA key. You can do this using the following command:

[labnario] rsa local-key-pair create
The key name will be: labnario_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
       It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
.............++++++++++++
..........++++++++++++
................++++++++
....................................++++++++

You can display RSA key by display rsa local-key-pair public command. Besides password, it is also possible to use RSA key or both RSA key and password, for SSH connection.

S3300 as FTP server

#
FTP server enable
#
aaa
 local-user labnario password cipher &EU15O"Q3/;Q=^Q`MAF4
 local-user labnario privilege level 15
 local-user labnario ftp-directory flash:
 local-user labnario service-type ftp
#

You can also configure secure FTP (sFTP) adding the following command:

#
sftp server enable
#

Access S3300 by HTTP

For Huawei S3300 switch there is also possible to use HTTP to access it. To do this, you have to load necessary file, delivered together with software. You can display all files, stored in flash, using dir command:

<labnario> dir
Directory of flash:/

Idx  Attr   Size(Byte)  Date        Time      FileName
0  -rw-    8,124,916  Jan 01 2008 02:14:24  S3328-V100R005C00SPC100.cc
1  -rw-          869  Jan 01 2008 00:01:21  private-data.txt
2  -rw-          396  Jan 01 2008 00:12:06  hostkey
3  -rw-          120  Aug 04 2011 08:49:23  vrpcfg.zip
4  -rw-          540  Jan 01 2008 00:12:11  serverkey
5  -rw-    1,087,883  Jan 01 2008 00:36:13  s3328-v100r005.001.web.zip

14,632 KB total (5,580 KB free)

HTTP access configuration:

[labnario] http server load s3328-v100r005.001.web.zip
Info: Load web file successfully.
[labnario] http server enable
Info: Starting the HTTP server successfully.

[labnario] aaa
[labnario-aaa] local-user labnario password cipher &EU15O"Q3/;Q=^Q`MAF4
[labnario-aaa] local-user labnario privilege level 15
[labnario-aaa] local-user labnario service-type http

Finally use IP address configured on the switch for HTTP access:

#
vlan 100
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 100
#
interface Vlanif100
 ip address 172.16.1.2 255.255.0.0
#