Tuesday , November 28 2023

HWTACACS configuration on Huawei device

Let’s look at a typical configuration of HWTACACS server on Huawei device:

hwtacacs-server template labnario
 hwtacacs-server authentication
 hwtacacs-server authorization
 hwtacacs-server accounting
 hwtacacs-server source-ip
 hwtacacs-server shared-key cipher %$%$;XioR#N`7=~][vLDTr2S(2.#%$%$
 undo hwtacacs-server user-name domain-included
 authentication-scheme hwtacacs
  authentication-mode hwtacacs local
 authorization-scheme hwtacacs
  authorization-mode hwtacacs local
 accounting-scheme hwtacacs
  accounting-mode hwtacacs
 domain default_admin  
  authentication-scheme hwtacacs 
  accounting-scheme hwtacacs
  authorization-scheme hwtacacs
  hwtacacs-server labnario
 local-user labnario password cipher %$%$'3N&Y#>c>Ibb;f:!o4mW(7#h%$%$
 local-user labnario privilege level 15
 local-user labnario service-type telnet terminal ssh ftp
user-interface vty 0 4
 authentication-mode aaa

Read More »

Huawei eNSP – news

A new version of Huawei network simulation platform has been released. The new eNSP supports AC6605 POE feature. Besides that a few bugs have been solved, among other firewall crashed (often reported) problem when running on Win8 and Win8.1.

Just click on the picture and download it:


Read More »

how to change the size of the history command buffer

I spent last week skiing in Polish winter capital – Zakopane. You probably noticed that I didn’t post any new article but weather was wonderful and I had no motivation to turn on my notebook ;).

As plenty of things, after my vacation, keeping me busy, today a short post about command buffer size.

By default the size of the history command buffer is 10. This means that last 10 commands entered by the user can be stored on the memory and repeated using the CLI “↑” key. The range of the command buffer can be tuned and its range is 0 to 256.

Read More »

L2TP LAC-auto-initiated tunnel mode

 Layer 2 tunneling protocol (L2TP) connection can be established in the following tree modes:

  • NAS-initializated
  • Client-initializated
  • LAC-auto-initializated.

This is not my job to tell you about the theory. You can find plenty of information about L2TP on the internet. Let’s focus today on the third mode.

In most cases, an L2TP user directly dials up to a LAC, and only connection is established between the user and LAC. Unlike NAS and Client-initializated modes, in LAC-auto-initializated mode users can connect to the LAC by sending IP packets. At the same time LAC needs to have a PPP user created and a tunnel with the LNS established. The two ends of an L2TP tunnel reside on LAC and LNS respectively. As you can see from the topology below, in LAC-auto-initiated mode, LAN can be directly connected to LAC.

L2TP topology

Let’s look how to configure L2TP on Huawei routers.

Read More »

from Huawei CLI – user-interface current

Sometimes we want to change any parameter of our current user interface quickly, let’s say terminal length or idle timeout, but we don’t know which user interface we are currently using. To check that we use display user-interface command. Then we try to find the “+” mark in the command output, which means that this is our current user interface. After that we have to go back to our user interface configuration and change its parameters. Why not to do that in a quicker manner?

[labnario]display user-interface
  Idx  Type     Tx/Rx      Modem Privi ActualPrivi Auth  Int
  0    CON 0    9600       -     15    -           P     -
  33   AUX 0    9600       -     0     -           P     -  	

 + 34   VTY 0              -     0     3           A     -
  35   VTY 1               -     0     -           A     -
  36   VTY 2               -     0     -           A     -
  37   VTY 3               -     0     -           A     -
  38   VTY 4               -     0     -           A     -
  50   VTY 16              -     15    -           A     -
  51   VTY 17              -     15    -           A     -
  52   VTY 18              -     15    -           A     -
  53   VTY 19              -     15    -           A     -
  54   VTY 20              -     15    -           A     -
UI(s) not in async mode -or- with no hardware support:
  +    : Current UI is active.
  F    : Current UI is active and work in async mode.
  Idx  : Absolute index of UIs.
  Type : Type and relative index of UIs.
  Privi: The privilege of UIs.
  ActualPrivi: The actual privilege of user-interface.
  Auth : The authentication mode of UIs.
      A: Authenticate use AAA.
      N: Current UI need not authentication.
      P: Authenticate use current UI's password.
  Int  : The physical location of UIs.

In case we want to change any parameter of our current user terminal interface, without checking which user interface we are using, “current” option for the user-interface command can be used.

Let’s look at VTY configuration:

Read More »