Labnario Huawei From Scratch

Access Control List ACL

There are five types of ACLs on Huawei devices. Taking CX600 into consideration there are:

1. Basic ACL (number ranges from 2000 to 2999) classifies packets based on a source address
2. Advanced ACL (number ranges from 3000 to 3999) source address, destination address, source port number, destination port number, and protocol type
3. Interface-based ACL (number ranges from 1000 to 1999) classifies packets based on the interface from which the packets are received
4. Ethernet Frame Header ACL (number ranges from 4000 to 4099) classifies packets based on source and destination MAC addresses
5. User ACL (number ranges from 6000 to 9999) classifies packets based on user groups.

The rules order depends on rule ID and rule matching order. There are two matching orders:

• Configuration order – ACL rules are matched based on their configuration order. Rules IDs can be configured by user or generated by system automatically according to ACL step. By default the system generates 5 as the first rule ID. So the next rule ID will be 10, 15 and so on. Anytime you can configure rule ID manually, for example rule 1 and this rule will be placed before 5. You do not have to delete the whole ACL. Each time you can delete a specific rule without deleting the whole ACL.

• Automatic order – the most precise rule is taking as the first. This is implemented through the comparison of wildcard masks. The system assigns rule IDs automatically.

What is NQA?

It is a feature that functions above link layer to measure performance of protocols running at the network layer, transport layer and application layer. It is useful to monitor network and locate faults occurring in the network. NQA can accurately test the network and collect statistics as well. You can configure and display NQA statistics through CLI but, as NQA is fully supported by Huawei NMS, you can also do this in GUI.

Most of Huawei devices support NQA but configuration can vary a little bit between NE routers, AR routers and switches. Of course we can perform more advanced test on carrier class devices. In this post we will focus on CLI and use CX600 router as an example.

NQA tests supported by CX600:

• • ICMP test
  • DHCP test
  • FTP test
  • HTTP test
  • DNS test
  • Traceroute test
  • SNMP test
  • TCP test
  • UDP test
  • ICMP Jitter test
  • UDP Jitter test
  • LSP Ping test
  • LSP Traceroute test
  • LSP Jitter test

reset recycle-bin

Sometimes new engineers, not familiar with Huawei devices, complain that there is not enough space in flash to upload a new software by FTP. The reason of it is that files from flash haven’t been deleted permanently from the memory. They use “delete name of file” command to delete files. Actually this command causes that deleted file is moved to recycle bin and “dir” command does not display it in flash, but it still occupies memory of flash. To display all files stored in flash you should use “dir /all” command.

<labnario>dir
Directory of flash:/
1  -rw-     12017319  Jan 19 2012 17:30:51   labnario.bin
2  -rw-     12017553  Aug 12 2008 18:02:39   ar28-vrp340-r0201p20.bin
3  -rw-         9018  Dec 05 2011 16:22:11   config.cfg

31877 KB total ( 7843 KB free)

Look what will happen if we use “delete labnario.bin” command:

<labnario>delete labnario.bin
Delete flash:/labnario.bin?[Y/N]:y
...
%Delete file flash:/labnario.bin...Done.

Let’s assume that we have a topology like in the picture:

1. IP addresses of ETH 0/1 and ETH 0/2 on Router A are 172.16.1.128/25 and 172.16.1.1/25 respectively.
2. Router B (dhcp client) obtains static IP address, gateway address and DNS server address from DHCP server (router A). A MAC address of interface ETH 0/0 of router B is 0800-6902-01FC.
3. DHCP server assigns IP addresses to clients in subnet 172.16.1.0/24 subnetted to 172.16.1.1/25 and 172.16.1.128/25.
4. DNS server address and WINS server address are 172.16.1.10/25 and 172.16.1.200/25 respectively.
5. For subnet 172.16.1.128/25 configure DNS server address, WINS server address, gateway address and address lease duration for 6 days and 6 hours.
6. For subnet 172.16.1.1/25 configure DNS server address, gateway address and address lease duration for 10 days.

To make it easy to maintain Huawei’s device it is recommended to configure proper time. You can do it manually or configure NTP protocol to force the device to use reference time from external servers. I will also show you how to configure header for login information and how to execute the specified batch file.

Setting of time zone:

clock timezone time-zone-name { add | minus } offset

Let’s take Poland time zone as an example.

<NE40E>clock timezone labnario add 1

 Setting of daylight-saving-time:

clock daylight-saving-time time-zone-name repeating start-time { { { first | second | third | fourth | last } weekday month } | start-date } end-time { { { first | second | third | fourth | last } weekday month } | end-date } offset