Useful training for beginners. If you want to start your adventure with Huawei VRP just click on the link and enjoy!
routing policy configuration
Some time ago I wrote about local PBR and interface PBR.
It’s time to talk about routing policy, that is a different mechanism. Routing policy is applied to routing information and it is combined with routing protocols to form policies. PBR mechanism is applied to data flows and and packets are forwarded according to the configured policy.
Routing policy is a tool which can be used to filter routes and set route attributes, when importing routing information into OSPF, RIP, ISIS or BGP protocols. BGP can use routing policy to filter advertising routes as well. Routing policy defines which of the routes from the specific routing protocol are allowed to be imported into the target routing protocol. It can be also used to match routes or certain route attributes and to change these attributes when the matching rules are met.
Routing policy command syntax:
route-policy route-policy-name { permit | deny } node node
A route-policy may consists of multiple nodes, for example:
route-policy LABNARIO-POLICY permit node 10 route-policy LABNARIO-POLICY deny node 20
from Huawei CLI – upgrade rollback …
As I am in the process of upgrading Huawei ATN950B routers, I decided to describe very useful command, supported by carrier class routers like NE40E, CX600 and ATN950B – “upgrade rollback enable rollback-timer time”
When you are doing upgrade, there is always a small risk that something goes wrong and you will lose this router, I mean it will fall out of management. To minimize such risk, you can use the command in question.
Let’s look at the upgrade procedure:
<labnario>startup system-software v200r002c00spc300.cc Info: Succeeded in setting the software for booting system. <labnario>startup system-software v200r002c00spc300.cc slave-board Info: Succeeded in setting the software for booting system. <labnario>startup patch v200r002sph008.pat Info: Succeeded in setting main board resource file for system. <labnario>startup patch v200r002sph008.pat slave-board Info: Succeeded in setting slave board resource file for system.
HWTACACS configuration on Huawei device
Let’s look at a typical configuration of HWTACACS server on Huawei device:
# hwtacacs-server template labnario hwtacacs-server authentication 172.16.10.1 hwtacacs-server authorization 172.16.10.1 hwtacacs-server accounting 172.16.10.1 hwtacacs-server source-ip 172.16.10.10 hwtacacs-server shared-key cipher %$%$;XioR#N`7=~][vLDTr2S(2.#%$%$ undo hwtacacs-server user-name domain-included # aaa authentication-scheme hwtacacs authentication-mode hwtacacs local authorization-scheme hwtacacs authorization-mode hwtacacs local accounting-scheme hwtacacs accounting-mode hwtacacs domain default_admin authentication-scheme hwtacacs accounting-scheme hwtacacs authorization-scheme hwtacacs hwtacacs-server labnario local-user labnario password cipher %$%$'3N&Y#>c>Ibb;f:!o4mW(7#h%$%$ local-user labnario privilege level 15 local-user labnario service-type telnet terminal ssh ftp # user-interface vty 0 4 authentication-mode aaa
assigning multiple IP addresses to network interface
Why might we want to assign multiple IP addresses to the same interface? The following are the most common scenarios:
- hosts in the network segment use IP addresses on different networks
- there are not enough host addresses on a logical network segment, suppose a /24 address space and 300 hosts
How to configure multiple IP addresses on Huawei devices?
Let’s configure a pair of routers connected via a Gigabit Ethernet link and use four different logical networks.
[labnarioR1]int gi 0/0/0 [labnarioR1-GigabitEthernet0/0/0]ip add 192.168.12.1 255.255.255.0 [labnarioR1-GigabitEthernet0/0/0]ip add 10.0.12.1 255.255.255.0 sub [labnarioR1-GigabitEthernet0/0/0]ip add 10.0.22.1 255.255.255.0 sub [labnarioR1-GigabitEthernet0/0/0]ip add 10.0.32.1 255.255.255.0 sub