How to log into Huawei S3300 switch? It is very simple. Which method you will chose depends on what you want to do on this device. If you want to upload file to or download it from the switch, use FTP or SFTP. If you want to configure the switch, use telnet, SSH or HTTP methods. Each time you can access the switch using console port,  locally or remotely, in case a console server is configured.

telnet S3300

#
telnet server enable
#
aaa
local-user labnario password cipher &EU15O"Q3/;Q=^Q`MAF4
local-user labnario privilege level 15
local-user labnario service-type telnet
#
user-interface vty 0 4
 authentication-mode aaa
 protocol inbound all
#

By default telnet server is enabled on S3300 switch. As this is default setting, it is not displayed in switch’s configuration. VTY lines use local user configured, to let you access the switch. Protocol inbound all command informs you that you can use both protocols, telnet and SSH.

The second method of using telnet is to configure authentication-mode for VTY as none or password. None means access without login and password, authentication-mode as password means you have to know password to access the switch. Additionally you should configure privilege level and password for VTY lines. By default user privilege level is set to 0.

#
user-interface vty 0 4
 authentication-mode none
 user privilege level 15
 protocol inbound all
#
user-interface vty 0 4
 authentication-mode password
 user privilege level 15
 set authentication password cipher &EU15O"Q3/;Q=^Q`MAF4
 protocol inbound all
#

 ssh S3300

#
aaa
local-user labnario password cipher &EU15O"Q3/;Q=^Q`MAF4
local-user labnario privilege level 15
local-user labnario service-type ssh
#
stelnet server enable
ssh user labnario
ssh user labnario authentication-type password
ssh user labnario service-type all
#
user-interface vty 0 4
 authentication-mode aaa
 protocol inbound all
#

In this case, SSH uses aaa settings, to access the device. For proper SSH configuration it is required to create RSA key. You can do this using the following command:

[labnario] rsa local-key-pair create
The key name will be: labnario_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
       It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
.............++++++++++++
..........++++++++++++
................++++++++
....................................++++++++

You can display RSA key by display rsa local-key-pair public command. Besides password, it is also possible to use RSA key or both RSA key and password, for SSH connection.

S3300 as FTP server

#
FTP server enable
#
aaa
 local-user labnario password cipher &EU15O"Q3/;Q=^Q`MAF4
 local-user labnario privilege level 15
 local-user labnario ftp-directory flash:
 local-user labnario service-type ftp
#

You can also configure secure FTP (sFTP) adding the following command:

#
sftp server enable
#

Access S3300 by HTTP

For Huawei S3300 switch there is also possible to use HTTP to access it. To do this, you have to load necessary file, delivered together with software. You can display all files, stored in flash, using dir command:

<labnario> dir
Directory of flash:/

Idx  Attr   Size(Byte)  Date        Time      FileName
0  -rw-    8,124,916  Jan 01 2008 02:14:24  S3328-V100R005C00SPC100.cc
1  -rw-          869  Jan 01 2008 00:01:21  private-data.txt
2  -rw-          396  Jan 01 2008 00:12:06  hostkey
3  -rw-          120  Aug 04 2011 08:49:23  vrpcfg.zip
4  -rw-          540  Jan 01 2008 00:12:11  serverkey
5  -rw-    1,087,883  Jan 01 2008 00:36:13  s3328-v100r005.001.web.zip

14,632 KB total (5,580 KB free)

HTTP access configuration:

[labnario] http server load s3328-v100r005.001.web.zip
Info: Load web file successfully.
[labnario] http server enable
Info: Starting the HTTP server successfully.

[labnario] aaa
[labnario-aaa] local-user labnario password cipher &EU15O"Q3/;Q=^Q`MAF4
[labnario-aaa] local-user labnario privilege level 15
[labnario-aaa] local-user labnario service-type http

Finally use IP address configured on the switch for HTTP access:

#
vlan 100
#
interface Ethernet0/0/1
 port link-type access
 port default vlan 100
#
interface Vlanif100
 ip address 172.16.1.2 255.255.0.0
#

To start working with Huawei devices, it is necessary to look at CLI (Command Line Interface). All Huawei datacom devices use the same OS called VRP (Versatile Routing Platform). As an example we can take NE40E router with V600R001C00SPC900 software installed. When you establish connection with the router, it does not matter it is telnet, ssh or console, you enter the user view with the prompt of <Quidway>. The prompt < > indicates user view and the prompt [ ] indicates other views. To start configuring the router you should move from user view to system view. You can do this by using “system-view” command.

<Quidway> system-view
[Quidway]

From system view you are able to configure all functions available in VRP software. Let’s assume that you want to configure MPLS, both globally and on Ethernet interface.

[Quidway]
[Quidway]mpls
[Quidway-mpls]quit
[Quidway]interface GigabitEthernet 1/0/5
[Quidway-GigabitEthernet1/0/5]mpls

Besides command line views the system adopts a hierarchical protection mode that has 16 command levels. The default command levels are as follows:

• Level 0 – visit
• Level 1 – monitoring
• Level 2 – configuration
• Level 3 – management

You can change default to 16 command levels by “command-privilege level rearrange” command.

[Quidway]command-privilege level rearrange

You will be asked about super password for level 15, so be careful and follow instructions displayed. Otherwise you will have problem, after this change, to log into the router.

If you don’t adjust a command level separately, after the command level is updated, all originally registered command lines adjust automatically according to the following rules:

• Level 0 and Level 1 – unchanged
• Level 2 – Level 10
• Level 3 – Level 15

You can adjust the command lines to remaining levels separately to refine the management of privilege.

You can enter “?” in any command line views to display all available commands with a short description.

[Quidway]mpls ?
l2vpn        Operate on MPLS L2 VPN
ldp          Label Distribution Protocol(LDP)
lsr-id       Specify LSR(Label Switched Router) identifier
oam          Specify OAM(Operation, Administration and Maintenance)
             configuration information
switch-l2vc  Specifying switch-l2vc configuration information
<cr>

You can enter a character string with a “?” closely following it to display all commands that begin with this character string.

[Quidway]d?
 dhcp            diffserv
 display         dns
 dustproof

Common error massages of the command line:

System-defined shortcut keys:

You can also define shortcut keys using the following command:

[Quidway]hotkey CTRL_U "display ip interface brief"

By default three shortcut keys are defined:

• CTRL_G – display current-configuration
• CTRL_L – display ip routing-table
• CTRL_O – undo debugging all

There are also two hidden modes available for Huawei R&D:

[Quidway]_h
Now you enter a hidden command view for developer's testing, some
commands may affect operation by wrong use, please carefully use it
with HUAWEI engineer's direction.
[Quidway-hidecmd]
[Quidway]_d
Now you enter diagnose command view.
[Quidway-diagnose]

There are many commands but using them by normal engineer is not safe 😉

I wanted to show you the basic structure of Huawei VRP CLI. Next time I will show you a basic system configuration. If you have any additional questions, anything is not clear for you, would like to know more, do not hesitate to ask.

For sure all network engineers know the word Cisco… Some of them know the word Juniper… Has anyone heard about Huawei?

Probably some of you have but it is still not so popular like its competitors. It seems to be a niche in IP networks worldwide. What is a reason of it? I’ll leave this question without any answer. Maybe you can answer it. Please let me know your opinion.

Datacom devices are small part of Huawei’s portfolio, which let you build end-to-end solution, both for telecom and enterprise networks. Besides Datacom Technology, in Huawei’s portfolio, we can find Radio Access, Fixed Access, Transport Network, Core Network and Software.

As Huawei is getting more and more popular it is time to show you that it is really an alternative for other vendors. This blog is just to popularize Huawei’s datacom devices throughout the world. What I want to do in this blog is to show you potential of this equipment, configuration tricks and technologies used by this equipment. I wouldn’t like to talk about Huawei as a company but about technical aspects of working in Huawei.

I hope this blog will be helpful for you and become the first knowledge base, for Huawei Datacom devices, on the internet.

Enjoy!