Friday , March 29 2024
Home / Tag Archives: Huawei VRP (page 3)

Tag Archives: Huawei VRP

Huawei basic user environment

As you already know you can assign a different privilege level for each user, configured on a Huawei device. How to configure local user and how to access Huawei device you can read in one of my previous posts.

user privilege level

Today I want to focus on the privilege level of local user. Each year lots of accidents in IP networks are caused by inexperienced employees. We can decrease the number of such accidents setting privilege level for local users, logging into network devices. Setting a lower privilege level for such employees increases networks’ safety. For more experienced engineers  we can either configure higher privilege level or set a super password, to let them to perform advanced operation.

Let’s assume that we have created a local user with the lowest priority:

#
local-user labnario password cipher &EU15O"Q3/;Q=^Q`MAF4<1!!
 local-user labnario service-type telnet
 local-user labnario level 0
#

Read More »

ACL and PBR on Huawei CX600

Access Control List ACL

There are five types of ACLs on Huawei devices. Taking CX600 into consideration there are:

  1. Basic ACL (number ranges from 2000 to 2999) classifies packets based on a source address
  2. Advanced ACL (number ranges from 3000 to 3999) source address, destination address, source port number, destination port number, and protocol type
  3. Interface-based ACL (number ranges from 1000 to 1999) classifies packets based on the interface from which the packets are received
  4. Ethernet Frame Header ACL (number ranges from 4000 to 4099) classifies packets based on source and destination MAC addresses
  5. User ACL (number ranges from 6000 to 9999) classifies packets based on user groups.

The rules order depends on rule ID and rule matching order. There are two matching orders:

  • Configuration order – ACL rules are matched based on their configuration order. Rules IDs can be configured by user or generated by system automatically according to ACL step. By default the system generates 5 as the first rule ID. So the next rule ID will be 10, 15 and so on. Anytime you can configure rule ID manually, for example rule 1 and this rule will be placed before 5. You do not have to delete the whole ACL. Each time you can delete a specific rule without deleting the whole ACL.
  • Automatic order – the most precise rule is taking as the first. This is implemented through the comparison of wildcard masks. The system assigns rule IDs automatically.

Read More »

from Huawei CLI – reset recycle-bin

reset recycle-bin

Sometimes new engineers, not familiar with Huawei devices, complain that there is not enough space in flash to upload a new software by FTP. The reason of it is that files from flash haven’t been deleted permanently from the memory. They use “delete name of file” command to delete files. Actually this command causes that deleted file is moved to recycle bin and “dir” command does not display it in flash, but it still occupies memory of flash. To display all files stored in flash you should use “dir /all” command.

<labnario>dir
Directory of flash:/
1  -rw-     12017319  Jan 19 2012 17:30:51   labnario.bin
2  -rw-     12017553  Aug 12 2008 18:02:39   ar28-vrp340-r0201p20.bin
3  -rw-         9018  Dec 05 2011 16:22:11   config.cfg

31877 KB total ( 7843 KB free)

Look what will happen if we use “delete labnario.bin” command:

<labnario>delete labnario.bin
Delete flash:/labnario.bin?[Y/N]:y
...
%Delete file flash:/labnario.bin...Done.

Read More »

upgrade of Huawei S5300 switch

Any time you want to upgrade huawei’s device you have 2 methods to do this. The first of them is to use CLI (command line interface), the second is to use bootrom menu. Using CLI is the most popular method. You can configure FTP server on the device and use your PC as FTP client or install FTP server on your PC and treat the device as FTP client. Anyway, you can use TFTP or serial (slow connection) instead of FTP. Sometimes it is not possible to get CLI because there is a problem with software file. It is damaged or does not exist. In this case we can use bootrom menu to download a new software and upgrade the device. Let’s take S5300 as an example.

Upgrade of Huawei S5300 switch from CLI
Huawei S5300 as FTP server:
#
FTP server enable
#
local-user labnario password simple labnario
local-user labnario privilege level 15
local-user labnario ftp-directory flash:
local-user labnario service-type ftp
#
interface MEth0/0/1
 ip address 192.168.0.20 255.255.255.0
#

Read More »

Huawei S3300 switch – access methods

How to log into Huawei S3300 switch? It is very simple. Which method you will chose depends on what you want to do on this device. If you want to upload file to or download it from the switch, use FTP or SFTP. If you want to configure the switch, use telnet, SSH or HTTP methods. Each time you can access the switch using console port,  locally or remotely, in case a console server is configured.

telnet S3300
#
telnet server enable
#
aaa
local-user labnario password cipher &EU15O"Q3/;Q=^Q`MAF4
local-user labnario privilege level 15
local-user labnario service-type telnet
#
user-interface vty 0 4
 authentication-mode aaa
 protocol inbound all
#

Read More »