Wednesday , April 25 2018

Huawei basic user environment

As you already know you can assign a different privilege level for each user, configured on a Huawei device. How to configure local user and how to access Huawei device you can read in one of my previous posts.

user privilege level

Today I want to focus on the privilege level of local user. Each year lots of accidents in IP networks are caused by inexperienced employees. We can decrease the number of such accidents setting privilege level for local users, logging into network devices. Setting a lower privilege level for such employees increases networks’ safety. For more experienced engineers  we can either configure higher privilege level or set a super password, to let them to perform advanced operation.

Let’s assume that we have created a local user with the lowest priority:

#
local-user labnario password cipher &EU15O"Q3/;Q=^Q`MAF4<1!!
 local-user labnario service-type telnet
 local-user labnario level 0
#

Read More »

from Huawei CLI – header …

header { login | shell }

login – header text is displayed after you are trying to log into a device

shell – header text is displayed after you are successfully logged into a device

Example of configuring header login by using plain text:
[labnario]header login information %
The banner text supports 220 characters max, including the start and
the end character.If you want to enter more than this, use banner file
instead.Input banner text, and quit with the character '%':
welcome to labnario network lab!!!%

Remember that the initial and end characters must be the same. In this case % has been used. The interaction starts after you put % and then enter and automatically closes when you write your header text and put % again.

Read More »

Huawei certification

Is it worth to pass Huawei certification exams?

Maybe some of you will say “yes, it is”.

Maybe some of you will be sceptical.

For those who want to know more about Huawei certification I am sending a link to official Huawei website.

For those who want to read more news about Huawei certification I can recommend an interview by IT Certification Master.

What is your opinion about Huawei certification? Have you had any experience with Huawei certification track?

Be invited to express your opinion. Any comments are appreciated.

Read More »

mirroring on Huawei AR19/29/49 routers

If you want to look into packets sent or received by a router, and there is no possible to display them by command, the simplest and fastest way is to use mirroring. Unfortunately, in case of AR routers, you have to go on-site to connect packets’ analyser (for example Wireshark). Comparing to NE routers, AR routers do not support remote mirroring.

There are two types of mirroring on AR routers:

  • port mirroring

Port mirroring is to copy all packets from mirroring port to another port, which is called monitor port. Monitor port is that where a monitoring device is connected to. AR routers support local port mirroring for inbound and outbound direction.

  • traffic mirroring

Traffic mirroring is to copy specified packets, by QoS policy, to a specific destination and send them to an interface for analysis. Traffic mirroring is supported on AR29 and AR49 routers.

Read More »

ACL and PBR on Huawei CX600

Access Control List ACL

There are five types of ACLs on Huawei devices. Taking CX600 into consideration there are:

  1. Basic ACL (number ranges from 2000 to 2999) classifies packets based on a source address
  2. Advanced ACL (number ranges from 3000 to 3999) source address, destination address, source port number, destination port number, and protocol type
  3. Interface-based ACL (number ranges from 1000 to 1999) classifies packets based on the interface from which the packets are received
  4. Ethernet Frame Header ACL (number ranges from 4000 to 4099) classifies packets based on source and destination MAC addresses
  5. User ACL (number ranges from 6000 to 9999) classifies packets based on user groups.

The rules order depends on rule ID and rule matching order. There are two matching orders:

  • Configuration order – ACL rules are matched based on their configuration order. Rules IDs can be configured by user or generated by system automatically according to ACL step. By default the system generates 5 as the first rule ID. So the next rule ID will be 10, 15 and so on. Anytime you can configure rule ID manually, for example rule 1 and this rule will be placed before 5. You do not have to delete the whole ACL. Each time you can delete a specific rule without deleting the whole ACL.
  • Automatic order – the most precise rule is taking as the first. This is implemented through the comparison of wildcard masks. The system assigns rule IDs automatically.

Read More »