Tuesday , October 27 2020
Home / Tag Archives: Huawei router

Tag Archives: Huawei router

fun with wildcard mask on Huawei device

You, as the network administrator, were tasked with providing access to a network, where 4 machines have been connected.

It is simple task. Nothing can happen, but…

Everything is ready and you are checking connectivity between RT2 and those machines, and… To your suprise, you can only ping even-numbered IP addresses:

[RT2]ping 192.168.10.1
   PING 192.168.10.1: 56  data bytes, press CTRL_C to break
     Request time out
     Request time out
     Request time out
     Request time out
     Request time out

 [RT2]ping 192.168.10.2
   PING 192.168.10.2: 56  data bytes, press CTRL_C to break
     Reply from 192.168.10.2: bytes=56 Sequence=1 ttl=127 time=30 ms
     Reply from 192.168.10.2: bytes=56 Sequence=2 ttl=127 time=20 ms
     Reply from 192.168.10.2: bytes=56 Sequence=3 ttl=127 time=30 ms
     Reply from 192.168.10.2: bytes=56 Sequence=4 ttl=127 time=40 ms
     Reply from 192.168.10.2: bytes=56 Sequence=5 ttl=127 time=30 ms

 [RT2]ping 192.168.10.3
   PING 192.168.10.3: 56  data bytes, press CTRL_C to break
     Request time out
     Request time out
     Request time out
     Request time out
     Request time out

 [RT2]ping 192.168.10.4
   PING 192.168.10.4: 56  data bytes, press CTRL_C to break
     Reply from 192.168.10.4: bytes=56 Sequence=1 ttl=127 time=30 ms
     Reply from 192.168.10.4: bytes=56 Sequence=2 ttl=127 time=40 ms
     Reply from 192.168.10.4: bytes=56 Sequence=3 ttl=127 time=30 ms
     Reply from 192.168.10.4: bytes=56 Sequence=4 ttl=127 time=30 ms
     Reply from 192.168.10.4: bytes=56 Sequence=5 ttl=127 time=30 ms

Read More »

VPN FRR on Huawei routers

Last time IP FRR on Huawei routers was introduced. Let’s go on with VPN FRR today.

VPN FRR topology

 

  1. Configure IP addresses based on the topology (omitted)
  2. Configure ISIS on PE1, PE2 and PE3.
  3. Configure MPLS function on all PE routers and enable MPLS LDP to set up an LSP.
  4. Configure VPN instance on all PE devices.
  5. Configure MP-IBGP between PE routers.
  6. Configure EBGP between CE and PE2/PE3 routers.
  7. Configure VPN FRR policy on PE1.
  8. Configure BFD session between PE1 and PE2.

Read More »

IP FRR on Huawei routers

What do we have in traditional IP networks?

Let’s assume that there is a fault at the physical or data link layers. Router sees that a physical interface becomes DOWN. After the router detects this fault, it informs upper layer routing system to update routing information. The convergence time is several seconds, what is critical for sensitive services.

That’s why IP FRR has been developed. After we configure IP FRR, a router doesn’t wait for network convergence but a backup link is immediately used to forward packets.

We have 2 scenarios of using IP FRR:

  1. To protect routers in public networks.
  2. To protect CE routers in private networks.

Let’s focus on the first one.

IP FRR topology

 

Read More »

configuring SNMPv3 on Huawei devices

SNMPv1 and SNMPv2c protocols security model uses the community-based pseudo-authentication. That means that a password (called a community string) is sent in a clear text between a network management station and managed devices. Both SNMPv1 and v2c are subject to packet sniffing because they do not implement encryption. Security has been the biggest weakness of the SNMP since the beginning. More about SNMPv2c concepts, operation and configuration you can find at “SNMPv2c configuration on Huawei devices“.

What if we want SNMP to be used over a public network?

SNMPv3 can be implemented. It provides important security features, which are not available in both SNMPv1 and v2c:

  • Confidentiality – encryption of packets to prevent snooping by an unauthorized source
  • Integrity – to ensure that a packet has not been tampered while in transit using optional packet reply protection
  • Authentication – to verify that a packet comes from a valid source.

Read More »

L2TP LAC-auto-initiated tunnel mode

 Layer 2 tunneling protocol (L2TP) connection can be established in the following tree modes:

  • NAS-initializated
  • Client-initializated
  • LAC-auto-initializated.

This is not my job to tell you about the theory. You can find plenty of information about L2TP on the internet. Let’s focus today on the third mode.

In most cases, an L2TP user directly dials up to a LAC, and only connection is established between the user and LAC. Unlike NAS and Client-initializated modes, in LAC-auto-initializated mode users can connect to the LAC by sending IP packets. At the same time LAC needs to have a PPP user created and a tunnel with the LNS established. The two ends of an L2TP tunnel reside on LAC and LNS respectively. As you can see from the topology below, in LAC-auto-initiated mode, LAN can be directly connected to LAC.

L2TP topology

Let’s look how to configure L2TP on Huawei routers.

Read More »