Huawei Quidway S2700 Series Configuration Manual
Hide thumbs
Also See for Quidway S2700 Series:
- Configuration manual (354 pages) ,
- Hardware installation and maintenance manual (183 pages) ,
- Quick start manual (62 pages)
Related Manuals for Huawei Quidway S2700 Series
Summary of Contents for Huawei Quidway S2700 Series
- Page 1 Quidway S2700 Series Ethernet Switches V100R006C00 Configuration Guide - Basic Configuration Issue Date 2011-07-15 HUAWEI TECHNOLOGIES CO., LTD.
- Page 2 All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope.
-
Page 3: About This Document
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration About This Document About This Document Intended Audience This document provides the basic concepts, basic configuration procedures, and configuration examples supported by the S2700. This document is intended for: Data configuration engineers... - Page 4 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration About This Document Command Conventions The command conventions that may be found in this document are defined as follows. Convention Description Boldface The keywords of a command line are in boldface.
-
Page 5: Table Of Contents
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration Contents Contents About This Document........................ii 1 Logging In to Switch........................1 1.1 Introduction................................2 1.1.1 Login Through the Console........................2 1.1.2 Login Through Telnet..........................2 1.2 Logging In to the Device Through the Console Port..................2 1.2.1 Establishing the Configuration Task......................3... - Page 6 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration Contents 2.4 Shortcut Keys..............................23 2.4.1 System Shortcut Keys..........................23 2.5 Configuration Examples...........................24 2.5.1 Example for Using the Tab Key......................24 3 How to Use Interfaces.........................26 3.1 Introduction to Interfaces..........................27 3.2 Setting Basic Parameters of an Interface......................29 3.2.1 Establishing the Configuration Task.......................29...
- Page 7 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration Contents 5.1.2 User Authentication..........................47 5.2 Logging In to the S2700 Through the Console Port..................49 5.2.1 Establishing the Configuration Task.......................49 5.2.2 Logging In to the S2700 Through the Console Interface................50 5.3 Configuring Console User Interface.........................53 5.3.1 Establishing the Configuration Task.......................53...
- Page 8 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration Contents 6.3.2 Viewing the Current Directory........................75 6.3.3 Switching a Directory..........................75 6.3.4 Displaying a Directory or File.........................76 6.3.5 Creating a Directory..........................76 6.3.6 Deleting a Directory..........................76 6.4 Managing Files..............................77 6.4.1 Establishing the Configuration Task.......................77 6.4.2 Displaying Contents of Files........................78...
- Page 9 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration Contents 8.3.1 Establishing the Configuration Task.......................95 8.3.2 Enabling the FTP Server..........................96 8.3.3 Configuring a Basic ACL........................96 8.3.4 Configuring the Basic FTP ACL......................97 8.3.5 Checking the Configuration........................97 8.4 Configuring the Switch to Be the FTP Client....................98 8.4.1 Establishing the Configuration Task.......................98...
- Page 10 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration Contents 9.3.1 Establishing the Configuration Task.....................123 9.3.2 Creating SSH User..........................124 9.3.3 Configuring SSH for the VTY User Interface..................125 9.3.4 Generating a Local RSA Key Pair......................125 9.3.5 Configuring the Authentication Mode for SSH Users................126 9.3.6 (Optional) Configuring the Basic Authentication Information for SSH Users........127...
- Page 11 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration Contents 9.8.3 Example for Configuring the Switch as the STelnet Client to Connect to the SSH Server ....153 9.8.4 Example for Connecting the SFTP Clinet and the SSH Server.............160 9.8.5 Example for Configuring the SSH Server to Support the Access from Another Port......165 9.8.6 Example for Authenticating SSH Through RADIUS................172...
-
Page 12: Logging In To Switch
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 1 Logging In to Switch Logging In to Switch About This Chapter Before configuring switches, you need to log in to the switch. 1.1 Introduction You can log in to switches through console port or Telnet. -
Page 13: Introduction
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 1 Logging In to Switch 1.1 Introduction You can log in to switches through console port or Telnet. 1.1.1 Login Through the Console When a switch is powered on for the first time or a switch needs to be locally configured, you can log in to the switch through the console port. -
Page 14: Establishing The Configuration Task
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 1 Logging In to Switch 1.2.1 Establishing the Configuration Task Before configuring login to the switch through the console port, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately. -
Page 15: Configuring Terminals
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 1 Logging In to Switch Procedure Step 1 Connect the COM port on the PC and the console port on the switch by a cable. Step 2 Power on all devices to perform a self-check. -
Page 16: Establishing The Configuration Task
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 1 Logging In to Switch 1.3.1 Establishing the Configuration Task Before configuring login to the switch through Telnet, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately. -
Page 17: Configuring Login User Parameters
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 1 Logging In to Switch 1.3.3 Configuring Login User Parameters This part describes how to configure user parameters for login to the switch through Telnet. Context Do as follows on the switch: Procedure Step 1 Configure the authentication mode of login users. - Page 18 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 1 Logging In to Switch Figure 1-1 Networking diagram of logging in through the console port Switch Configuration Roadmap The configuration roadmap is as follows: Connect the PC and the switch through the console port.
- Page 19 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 1 Logging In to Switch Figure 1-3 Setting the port Figure 1-4 Setting the port communication parameters Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
-
Page 20: Example For Logging In Through Telnet
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 1 Logging In to Switch Step 3 Power on the switch to perform a self-check and the system performs automatic configuration. When the self-check ends, you are prompted to press Enter until a command line prompt such as <Quidway>... - Page 21 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 1 Logging In to Switch Step 2 Configure login user parameters on the target switch. # Configure the login address <Quidway> system-view [Quidway] vlan 10 [Quidway-vlan10] quit [Quidway] interface gigabitethernet 0/0/1...
-
Page 22: Cli Overview
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 2 CLI Overview CLI Overview About This Chapter Users operate devices, that is, configure the device and perform routine maintenance, by entering command lines. 2.1 CLI Introduction The command line interface (CLI) is the common tool for running commands. -
Page 23: Cli Introduction
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 2 CLI Overview 2.1 CLI Introduction The command line interface (CLI) is the common tool for running commands. 2.1.1 Command Line Interface You can configure and manage a switch by using the CLI commands. -
Page 24: Command Views
Not all display commands are of the monitoring level. For example, the display current- configuration and display saved-configuration commands are of the management level. For the level of a command, see the Quidway S2700 Series Command Reference. To implement efficient management, you can increase the command levels to 0-15. For the increase in the command levels, refer to Chapter 4 "Basic Configuration"... - Page 25 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 2 CLI Overview NOTE The prompt <Quidway> indicates the default switch name. The prompt <> indicates the user view and the prompt [] indicates other views. Some commands that are implemented in the system view can also be implemented in the other views;...
-
Page 26: Online Help
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 2 CLI Overview Item Description Prompt upon [Quidway-EthernetX/Y/Z] entry Quit command [Quidway-EthernetX/Y/Z] quit Prompt upon [Quidway] quit NOTE X/Y/Z indicates the number of an FE interface that needs to be configured. It is in the format of slot number/sub card number/interface sequence number. -
Page 27: Full Help
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 2 CLI Overview Partial help Error Messages of the Command Line Interface 2.2.1 Full Help When you enter a command line, you can view the description of keywords or parameters in the command line through the Full Help. -
Page 28: Error Messages Of The Command Line Interface
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 2 CLI Overview bootrom bpdu bpdu-tunnel buffer Enter the first several letters of a key word in the command and then press Tab to display the complete key word on the condition that the letters uniquely identify the key word. -
Page 29: Displaying
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 2 CLI Overview Table 2-2 Keys for editing Function Common key Inserts a character in the current position of the cursor if the editing buffer is not full and the cursor moves to the right. Otherwise, an alarm is generated. -
Page 30: Regular Expressions
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 2 CLI Overview Function Enter Continues to display the information on the next line. 2.3.3 Regular Expressions The regular expression is a mode matching tool. You can construct the matching mode based on certain rules, and then match the mode with the target object. - Page 31 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 2 CLI Overview Particul Syntax Example characte Matches the preceding element zero 10* matches "1", "10", "100", and or more times. "1000". (10)* matches "null", "10", "1010", and "101010". Matches the preceding element one 10+ matches "10", "100", and...
- Page 32 Specifying a Filtering Mode in Command CAUTION The Quidway S2700 Series uses a regular expression to implement the filtering function of the pipe character. A display command supports the pipe character only when there is excessive output information.
-
Page 33: History Commands
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 2 CLI Overview Specify a Filtering Mode when Information is Displayed When a lot of information is displayed, you can specify a filtering mode in the prompt "---- More ----". -
Page 34: Shortcut Keys
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 2 CLI Overview 2.4 Shortcut Keys Using the system shortcut keys makes it easier to enter commands. 2.4.1 System Shortcut Keys System-defined shortcut keys with fixed functions are defined by the system. -
Page 35: Configuration Examples
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 2 CLI Overview Function ESC_F The cursor moves to the right to the end of next word. ESC_N The cursor moves downward to the next line. ESC_P The cursor moves upward to the previous line. - Page 36 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 2 CLI Overview Enter a space and enter the next keyword channel. [Quidway] info-center logbuffer channel ----End Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
-
Page 37: How To Use Interfaces
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 3 How to Use Interfaces How to Use Interfaces About This Chapter This chapter describes the concept of the interface and the basic configuration about the interface. 3.1 Introduction to Interfaces This section describes different types of interfaces. -
Page 38: Introduction To Interfaces
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 3 How to Use Interfaces 3.1 Introduction to Interfaces This section describes different types of interfaces. The interfaces are provided by the S2700 to receive and send data. Interfaces are classified into management interfaces and service interfaces based on their functions;... - Page 39 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 3 How to Use Interfaces Slot ID: indicates the slot where an interface is located. The value is 0. Subcard ID: indicates the subcard where an interface is located. The value is 0.
-
Page 40: Setting Basic Parameters Of An Interface
3 How to Use Interfaces For details about the Eth-Trunk configuration, see "Configuring the Eth-Trunk" in the Quidway S2700 Series Ethernet Switches Configuration Guide - Ethernet. Loopback interface A loopback interface is a virtual interface. The TCP/IP protocol suite defines IP address 127.0.0.0 as a loopback address. -
Page 41: Entering The Interface View
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 3 How to Use Interfaces Data Preparation To set parameters of an interface, you need the following data. Data Type and number of the interface to be configured Description of the interface 3.2.2 Entering the Interface View... -
Page 42: Configuring The Description For An Interface
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 3 How to Use Interfaces Step 3 Run: All the commands in the view of the specified interface are displayed. ----End 3.2.4 Configuring the Description for an Interface The description configured for an interface on the S2700 helps you identify and memorize the usage of the interface, which facilitates the management. -
Page 43: Further Configuration An Interface
Configuring routes For the detailed Configuration, please see the other configuration manuals of S2700. For the detailed Configuration, please see Quidway S2700 Series Ethernet Switches Configuration Guide - Ethernet and Quidway S2700 Series Ethernet Switches Configuration Guide - IP Routing. -
Page 44: Configuring The Loopback Interface
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 3 How to Use Interfaces Procedure Step 1 Run the display interface [ interface-type [ interface-number ] ] command to check the running status of the interface and the statistics on the interface. -
Page 45: Checking The Configuration
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 3 How to Use Interfaces Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: interface loopback interface-number A loopback interface is created. The value of interface-number ranges from 0 to 1023. A maximum of 1024 loopback interfaces can be created. -
Page 46: Debugging The Interface
Debugging affects the performance of the system. So, after debugging, run the undo debugging all command to disable it immediately. For the description about debugging commands, see the Quidway S2700 Series Ethernet Switches Debugging Reference. For details about debugging commands on an interface, see the following chapters. -
Page 47: Basic Configuration
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 4 Basic Configuration Basic Configuration About This Chapter This chapter describes how to configure the basic system environment and the basic user environment. 4.1 Basic Configuration Introduction This section describes the meaning and scope of the basic configuration. -
Page 48: Basic Configuration Introduction
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 4 Basic Configuration 4.1 Basic Configuration Introduction This section describes the meaning and scope of the basic configuration. Before configuring services, users often need to perform basic configurations for actual operation and maintenance. -
Page 49: Configuring The Equipment Name
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 4 Basic Configuration Data Login information Command level 4.2.2 Configuring the Equipment Name You can change the equipment name as required. The new equipment name takes effect immediately. Context Do as follows on the switch:... -
Page 50: Configuring A Header
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 4 Basic Configuration The current date and time is set. Step 2 Run: clock timezone time-zone-name { add | minus } offset The time zone is set. l If add is configured, the current time is the UTC time plus the time offset. That is, the default UTC time plus offset is equal to the time of time-zone-name. -
Page 51: Configuring Command Levels
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 4 Basic Configuration header shell { information text | file file-name } The header displayed after login is set. A header is a system prompt displayed when a user logs in to the switch or starts interactive configuration with the switch. -
Page 52: Configuring Basic User Environment
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 4 Basic Configuration The command level is configured. With the command, you can specify the level and view multiple commands at one time (command-key). All commands have default command views and levels. You need not reconfigure them. -
Page 53: Switching User Levels
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 4 Basic Configuration CAUTION When simple is used, the password is saved in the configuration files in simple text. Login users with lower level can obtain the password by viewing the configuration. This may cause security problems. -
Page 54: Locking User Interfaces
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 4 Basic Configuration 4.3.4 Locking User Interfaces You can enter the set password to unlock the locked user interface. Context When you leave the operation terminals for a moment, you can lock the user interface to prevent unauthorized users from operating the interface. -
Page 55: Displaying System Status
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 4 Basic Configuration Prerequisite Basic Configuration are complete. Procedure Run the display version command to display the system version. Run the display clock command to display the system time. Run the display saved-configuration command to display the original configuration. -
Page 56: User Management
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management User Management About This Chapter This chapter describes user interfaces and the configuration of users' login. 5.1 User Management Introduction This section describes basic concepts of user interfaces and user management. -
Page 57: User Management Introduction
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management 5.1 User Management Introduction This section describes basic concepts of user interfaces and user management. 5.1.1 User Interface A user interface (UI) enables users to log in to the S2700. Through a user interface, you can configure the parameters on all physical and logical interfaces that work in asynchronous and interactive modes. -
Page 58: User Authentication
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management Figure 5-1 Numbering of user interfaces on the S2700 Types ofset Relative Obsolute interface numbering numbering console0 …… vty0 vty1 vty2 vty3 vty4 In the figure, console 0 and 0 indicate the same user interface; vty1 and 35 indicate the same user interface. - Page 59 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management User Type Description Authentication Telnet users Logs in to the S2700 through the Ethernet interface Recommended using Telnet and have limited rights. A Telnet connection is set up between the user terminal and the S2700.
-
Page 60: Logging In To The S2700 Through The Console Port
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management Table 5-3 Authentication modes of login users Authenticatio Description n Mode Non- Users can log in to the S2700 without entering the user name and password. authentication There is a great potential security risk. -
Page 61: Logging In To The S2700 Through The Console Interface
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management 5.2.2 Logging In to the S2700 Through the Console Interface Context When setting up a local configuration environment through the console interface, you can connect the PC and the S2700 through the Windows HyperTerminal. - Page 62 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management Figure 5-4 Setting the connection port Step 4 Set communication parameters. After entering the COM1 Properties window as shown in Figure 5-5, set the communication parameters according to the description in Table 5-4.
- Page 63 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management Figure 5-5 Setting communication parameters for the port Table 5-4 Communication parameters Parameter Value Bit per second (Baud rate) 9600 Data bit Parity check None Stop bit...
-
Page 64: Configuring Console User Interface
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management Figure 5-6 Selecting a terminal type After the preceding steps are complete, press Enter. If the prompt <Quidway> is displayed, it indicates that you have logged in to the S2700. At this time, you can enter the command to configure and manage the S2700. -
Page 65: Configuring Console Interface Attributes
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management Powering on the switch Connecting a PC to the switch Data Preparation To configure a console interface, you need the following data. Data Baud rate, flow-control mode, parity, stop bit, and data bit... -
Page 66: Setting Console Terminal Attributes
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management The flow control mode is set. By default, the flow-control mode is none. Step 5 (Optional) Run: parity { even | mark | none | odd | space } The parity mode is set. -
Page 67: Configuring User Priority
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management The timeout period for idle users is set. By default, the timeout period for idle users is 10 minutes. Step 5 Run: screen-length screen-length The number of lines to be displayed on each screen is set. -
Page 68: Configuring User Authentication
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management For more information about the command priority, see "Command Level" in Chapter 3 "CLI Overview". ----End 5.3.5 Configuring User Authentication The system provides three authentication modes, namely, AAA, password, and none. -
Page 69: Checking The Configuration
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management Configuring Non-Authentication Run: system-view The system view is displayed. Run: user-interface console interface-number The console user interface view is displayed. Run: authentication-mode none The authentication mode is set to non-authentication. -
Page 70: Configuring Maximum Vty User Interfaces
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management Pre-configuration Tasks Before configuring a VTY user interface, complete the following tasks: Powering on the switch Connecting a PC to the switch correctly Data Preparation To configure a VTY user interface, you need the following data. -
Page 71: Optional)Configuring Limits For Incoming Calls And Outgoing Calls
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management If the maximum number of VTY user interfaces to be configured is larger than the maximum number of current interfaces, the authentication mode and password need to be configured for newly added user interfaces. -
Page 72: Configuring User Authentication
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management Context Do as follows on the switch: Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: user-interface vty number1 [ number2 ] The VTY interface view is displayed. - Page 73 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management AAA authentication: requires the user name and password. Password authentication: requires no user name but a password must be set. Otherwise, the user can log in to the switch only through the console interface.
-
Page 74: Checking The Configuration
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management system-view The system view is displayed. Run: user-interface vty number1 [ number2 ] The VTY user interface view is displayed. Run: authentication-mode none The authentication mode is set to none. -
Page 75: Sending Messages To Other User Interfaces
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management Powering on the switch Connecting the PC with the switch properly Data Preparations To manage the user interface, you need the following data: Data Type and number of the user interface Contents of the message to be sent 5.5.2 Sending Messages to Other User Interfaces... -
Page 76: Checking The Configuration
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management 5.5.4 Checking the Configuration After configuring user management interfaces, you can view the usage information of user interfaces. Prerequisite The configuration of User Interfaces are complete. Procedure Step 1 Run the display users [ all ] command to check the usage information of the user interface. -
Page 77: Configuring Authentication Mode
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management 5.6.2 Configuring Authentication Mode The system provides three authentication modes, namely, AAA local authentication, password authentication, and none authentication. Context Do as follows on the switch that the user logs in to:... -
Page 78: Setting Username And Password For Aaa Local Authentication
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management NOTE The default authentication mode is the password authentication. ----End 5.6.4 Setting Username and Password for AAA Local Authentication You can configure a plain or cipher text password for AAA local authentication. -
Page 79: Configuring User Priority
5.6.6 Configuring User Priority You can configure the user priority. Context Refer to the Quidway S2700 Series Configuration Guide - Security. 5.6.7 Checking the Configuration After configuring user management, you can view the usage information of user interfaces, local user list, and online users. -
Page 80: Configuration Examples
Networking Requirements The COM port of the PC is connected with the Console port. Set the priority of VTY0 to 2 and authenticate the passwords of users. Users need to enter the password Huawei to log in successfully. After login, if the operations are not carried out in 30 minutes, it means that the user-interface is disconnected from the switch. -
Page 81: Example For Logging In To The Device Through Aaa
Configure the priority of VTY0 to be 2, perform AAA authentication on the user that logs in through VTY0. The login user must enter the username "huawei" and the password "huawei". After login, if the user does not operate the switch within 30 minutes, the connection with the switch is disabled. - Page 82 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 5 User Management Username and password for authentication Disconnect time Procedure Step 1 Configure the priority of VTY0 to be 2 and the disconnection time within 30 minutes. <Quidway> system-view...
-
Page 83: File System Management
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 6 File System Management File System Management About This Chapter This chapter describes the basic knowledge of the file system, including the methods of managing files, directories, and storage devices. -
Page 84: Overview Of The File System
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 6 File System Management 6.1 Overview of the File System This section describes the concepts of the file system. Basic Concepts of the File System A file system allows you to manage files and directories on the storage devices. In the file system, you can create, delete, modify, and rename a file or a directory, and view contents of a file. -
Page 85: Restoring Storage Devices With File System Troubles
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 6 File System Management 6.2.2 Restoring Storage Devices with File System Troubles When the file system on a storage device fails, the terminal of the switch prompts you to rectify the fault. -
Page 86: Viewing The Current Directory
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 6 File System Management Applicable Environment When you need to transfer files between the client and the server, configure the directory by using the file system. Pre-configuration Tasks Before configuring the management directory, complete the following tasks:... -
Page 87: Displaying A Directory Or File
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 6 File System Management A directory is specified. Step 2 Run: The current directory is displayed. ----End 6.3.4 Displaying a Directory or File You can view a directory or files in the directory. -
Page 88: Managing Files
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 6 File System Management Context Do as follows on the switch: Procedure Step 1 Run: cd directory The parent directory of the directory to be deleted is displayed. Step 2 Run: rmdir directory The directory is deleted. -
Page 89: Displaying Contents Of Files
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 6 File System Management 6.4.2 Displaying Contents of Files You can view the contents of a file, which are displayed in texts. Context Do as follows on the switch: Procedure... -
Page 90: Renaming Files
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 6 File System Management Procedure Step 1 Run: cd directory The directory of the file is displayed. Step 2 Run: move source-filename destination-filename The file is moved. ----End 6.4.5 Renaming Files You can rename files. -
Page 91: Deleting Files In The Recycle Bin
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 6 File System Management Context Do as follows on the switch: Procedure Step 1 Run: cd directory The directory of the file is displayed. Step 2 Run: delete [ /unreserved ] filename The file is deleted. -
Page 92: Running Files In Batch
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 6 File System Management 6.4.10 Running Files in Batch You can upload the files and then process the files in batches. Prerequisite Uploading the batched files on the client end to the switch. - Page 93 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 6 File System Management By default, the prompt mode is alert. CAUTION If the prompt is in the quiet mode, no prompt appears for data lossdue to maloperation. ----End Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright ©...
-
Page 94: Management Of Configuration Files
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 7 Management of Configuration Files Management of Configuration Files About This Chapter This chapter describes current configurations, configuration files, detection of master/slave configuration consistency, and configuration recovery. 7.1 Management of Configuration Files Introduction The configuration file is the add-in configuration item when restarting the switch this time or next time. -
Page 95: Management Of Configuration Files Introduction
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 7 Management of Configuration Files 7.1 Management of Configuration Files Introduction The configuration file is the add-in configuration item when restarting the switch this time or next time. 7.1.1 Configuration Files This part describes basic concepts of configuration files. -
Page 96: Managing Configuration Files
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 7 Management of Configuration Files 7.2 Managing Configuration Files You can manage configuration files to ensure that the switch starts normally. 7.2.1 Establishing the Configuration Task Before managing configuration files, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. -
Page 97: Configuring The Configuration File For Switch To Load For The Next Startup
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 7 Management of Configuration Files Procedure Step 1 Run: startup system-software system-file [ slave-board ] The S2700 system software for the switch to load next time when it starts is configured. -
Page 98: Clearing A Configuration File
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 7 Management of Configuration Files The user can modify the current configuration through the command line interface. To set the current configuration as initial configuration when the switch starts next time, you can use the save command to save the current configuration in the flash memory. -
Page 99: Checking The Configuration
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 7 Management of Configuration Files Context Do as follows on the switch: Procedure Step 1 Run: compare configuration [ configuration-file ] [ current-line-number save-line- number ] The current configuration is compared with the configuration file for next startup. - Page 100 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 7 Management of Configuration Files The current configuration of the switch is saved in the storage device. The S2700 system software and configuration file that are to be loaded on the switch next time are correct and they are saved in the root directory of the storage device.
-
Page 101: Ftp And Tftp
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP FTP and TFTP About This Chapter This chapter describes the fundamentals, configuration procedures and configuration examples of FTP and TFTP. 8.1 FTP and TFTP Introduction This section describes the basic concepts of FTP and TFTP. -
Page 102: Ftp And Tftp Introduction
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP 8.1 FTP and TFTP Introduction This section describes the basic concepts of FTP and TFTP. 8.1.1 FTP You can transfer files between local and remote hosts through FTP. FTP is commonly used in version upgrade, log downloading, file transfer, and configuration saving. -
Page 103: Establishing The Configuration Task
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP 8.2.1 Establishing the Configuration Task Before configuring a switch to be the FTP server, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately. -
Page 104: Enabling The Ftp Server
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP The system view is displayed. Step 2 Run: ftp [ ipv6 ] server port port-number The port number of the FTP server is configured. If a new number of a monitored port is configured, the FTP server interrupts all the FTP connections and monitors the port of the new number. -
Page 105: Configuring The Local Username And The Password
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP 8.2.5 Configuring the Local Username and the Password You can configure the authentication information for FTP users, which prevents unauthorized users from performing operations on the device and thus guarantees the security. -
Page 106: Checking The Configuration
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP The FTP service type is configured. Step 5 Run: local-user user-name ftp-directory directory The authorization directory about the FTP user is configured. ----End 8.2.7 Checking the Configuration After configuring a switch to be the FTP server, you can view the configuration and status of the FTP server as well as information about login FTP users. -
Page 107: Enabling The Ftp Server
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP Applicable Environment When the switch serves as the FTP server, for security, you can configure the switch by the access control list (ACL) to be accessed by only those clients that meet the matching conditions. -
Page 108: Configuring The Basic Ftp Acl
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: acl acl-number The ACL view is displayed. Step 3 Run: rule [ rule-id ] { deny | permit } [ source { source-address source-wildcard | any } | time-range time-name ] The ACL rule is configured. -
Page 109: Configuring The Switch To Be The Ftp Client
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP Procedure Run the display ftp-server [ ] command to check the configuration and status of the FTP server. ----End Example After configuring an FTP server, you can run the display ftp-server command and view that the ACL number allocated for the FTP server is 2345. -
Page 110: Logging In To The Ftp Server
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP Data FTP protocol command Local file name and file name on the remote FTP server Working directory name of the remote FTP server, local working directory of the... -
Page 111: Configuring Data Type And Transmission Mode For The File
The data type of the file to be transmitted is ascii or binary mode. NOTE FTP server supports ascii mode for data transmission. But in Quidway S2700 Series, user has to switch to binary mode for data transfer. Step 2 Run: passive The passive file transfer mode is configured. -
Page 112: Uploading Or Downloading Files
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP 8.4.5 Uploading or Downloading Files You can upload local files to a remote FTP server, download files of the FTP server, and save the files on the local device. -
Page 113: Managing Files
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP l Run: rmdir remote-directory A directory is removed from the FTP server. NOTE l The directory to be created can comprise letters and digits, but not special characters such as <, >, ?, \ and :. -
Page 114: Disconnecting From The Ftp Server
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP Context The username and password are of string data type. The string length for username must be in the range of 1 to 85 case-insensitive characters and password must be in the range of 1 to 16 case-insensitive characters. -
Page 115: Establishing The Configuration Task
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP 8.5.1 Establishing the Configuration Task Before configuring TFTP, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately. -
Page 116: Downloading Files Through Tftp
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP After the configuration, the source IP address of the TFTP client displayed on the TFTP server must be the same as the configured one. ----End 8.5.3 Downloading Files Through TFTP You can download files from the TFTP server to the TFTP client. -
Page 117: Limiting The Access To The Tftp Server
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP 8.6 Limiting the Access to the TFTP Server You can configure the maximum number of TFTP servers that a TFTP client can access to determine which TFTP servers the TFTP client can log in to. -
Page 118: Configuring The Basic Tftp Acl
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP The system view is displayed. Step 2 Run: acl acl-number The ACL view is displayed. Step 3 Run: rule [ rule-id ] { deny | permit } [ source { source-address source-wildcard | any } | time-range time-name ] The ACL rule is configured. - Page 119 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP Networking Requirements As shown in Figure 8-1, the local PC functions as the FTP client of which the IP address is 10.1.1.1/24. The Switch acts as the FTP server. VLAN 10 is created on the Switch and Ethernet0/0/1 is added to VLAN 10.
- Page 120 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP [Quidway] interface vlanif 10 [Quidway-Vlanif10] ip address 10.1.1.2 24 Step 2 Start the FTP server on the Switch, and set the FTP user name to u1 and password to ftpwd.
-
Page 121: Example For Configuring An Acl Of The Ftp Server
Configure the ACL on the FTP server. Data Preparation To complete the configuration, you need the following data: Name of the FTP user set as u1 and password set as huawei on the server Number of the ACL Procedure Step 1 Configure basic FTP functions. -
Page 122: Example For Configuring The Ftp Client
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP [Quidway-acl-basic-2001] quit Step 3 Configure the ACL supported by the FTP server. [Quidway] ftp acl 2001 Step 4 Connect PC1 to the FTP server. This step needs to be performed on the DOS of the PC. - Page 123 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP Networking Requirements As shown in Figure 8-3, the remote server at 10.1.1.2 serves as the FTP server. The Switch and the FTP server are directly connected and on the same network segment. The Switch has a reachable route to the FTP server.
- Page 124 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP [Quidway-Ethernet0/0/3] port hybrid untagged vlan 10 [Quidway-Ethernet0/0/3] quit [Quidway] interface ethernet 0/0/4 [Quidway-Ethernet0/0/4] port hybrid pvid vlan 10 [Quidway-Ethernet0/0/4] port hybrid untagged vlan 10 [Quidway-Ethernet0/0/4] quit [Quidway] interface vlanif 10 [Quidway-Vlanif10] ip address 10.1.1.3 24...
-
Page 125: Example For Configuring The Tftp Client
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP return 8.7.4 Example for Configuring the TFTP Client In this example, the TFTP application is run on the TFTP server and the location of the source file on the server is set. - Page 126 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 8 FTP and TFTP [Quidway-Ethernet0/0/1] quit [Quidway] interface vlanif 10 [Quidway-Vlanif10] ip address 10.1.1.1 24 Step 3 On the Switch, initiate a connection to the TFTP server and download the 8031.cc file.
-
Page 127: Telnet And Ssh
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Telnet and SSH About This Chapter Telnet and SSH can provide a terminal which enables users to remotely log in to and access a server. 9.1 Telnet and SSH Introduction This section explains basic concepts of user login by means of Telnet and SSH. -
Page 128: Telnet And Ssh Introduction
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH 9.1 Telnet and SSH Introduction This section explains basic concepts of user login by means of Telnet and SSH. 9.1.1 Overview of User Login You can locally or remotely log in to a switch through the console port, Telnet, or SSH. -
Page 129: Ssh Terminal Services
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH 9.1.3 SSH Terminal Services The S2700 supports the basic SSH protocol, client function, SFTP protocol, STelnet protocol and SCP. Introduction to SSH SSH works at the application layer in the TCP/IP protocol suite. SSH provides remote login and virtual terminal on the network where security is guaranteed. -
Page 130: Configuring Telnet Terminal Services
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH – Supporting Data Encryption Standard (DES) and 3DES – Supporting the encrypted transfer of the user name or password – Supporting the encrypted transfer of interactive data SSH adopts RSA. -
Page 131: Enabling The Telnet Service
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Applicable Environment To remotely log in to the switch through the Telnet protocol for maintenance and management, you need to configure Telnet terminal services. Pre-configuration Tasks... -
Page 132: Establishing A Telnet Connection
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH The Telnet service is enabled. NOTE l By default, the function of the Telnet server is enabled. l If the undo telnet server enable command is run when Telnet login is in progress, the command does not take effect. -
Page 133: Optional) Scheduled Telnet Disconnection
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Context Do as follows on the switch that functions as a Telnet server: Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: telnet server port port-number A Telnet server port number is set. -
Page 134: Configuring Ssh Users
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Prerequisite The configuration of Telnet Terminal Services are complete. Procedure Run the display users command to check information about connected users. Run the display users all command to check information about all users, including connected and disconnected users. -
Page 135: Creating Ssh User
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Creating a local user Configuring an RSA public key for the SSH client on the SSH server Data Preparation To configure SSH users, you need the following data. -
Page 136: Configuring Ssh For The Vty User Interface
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Name and password of the local user are created. ----End 9.3.3 Configuring SSH for the VTY User Interface You can configure SSH for the VTY user interface. -
Page 137: Configuring The Authentication Mode For Ssh Users
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH A local RSA key pair is generated. NOTE To log in to an SSH server, the local RSA key pair must be configured and generated first. Before performing the other SSH configurations, you must configure the rsa local-key-pair create command to generate a local key pair. -
Page 138: Optional) Configuring The Basic Authentication Information For Ssh Users
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH The public key editing view is displayed. Run: hex-data The public key is edited. The public key must be a string of hexadecimal alphanumeric characters. It is automatically generated by an SSH client. -
Page 139: Optional) Authorizing Ssh Users Through The Command Line
"AAA and User Management" in the Quidway S2700 Series Configuration Guide - Security. This section describes how to configure the command line authorization for RSA authentication. -
Page 140: Optional) Configuring The Authorized Directory Of The Sftp Service For Ssh Users
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Context Do as follows on the switch that functions as an SSH server: Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: ssh user username service-type { sftp | stelnet | all } The service type for the SSH user is configured. -
Page 141: Configuring The Ssh Server Function
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Procedure Run the display ssh user-information command to check the information about the SSH client on the SSH server. Run the display ssh user-information username command to check the information about the specified SSH client on the SSH server. -
Page 142: Enabling The Stelnet Service
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Data Number of the port monitored by the SSH server 9.4.2 Enabling the STelnet Service Before enjoying the STelnet service, you need to enable it. Context... -
Page 143: Optional) Enabling The Earlier Version - Compatible Function
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Context Do as follows on the S2700 functioning as the SCP server: Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: scp server enable SCP services are enabled. -
Page 144: Optional) Configuring The Interval For Updating The Key Pair On The Ssh Server
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Context Do as follows on the switch that serves as an SSH server: Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: ssh server port port-number The number of the port monitored by the SSH server is configured. -
Page 145: Configuring The Stelnet Client Function
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Procedure Step 1 Run the display ssh server status command to view the global configuration of the SSH server. ----End Example Run the display ssh server status command, and you can view that the SSH version of the SSH session is 1.99, and the times for re-establishing the SSH session is 5. -
Page 146: Enabling The First-Time Authentication On The Ssh Client
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Data Name of the SSH server Number of the port monitored by the SSH server Preferred encrypted algorithm from the STelnet client to the SSH server... -
Page 147: Optional) Assigning An Rsa Public Key To The Ssh Server
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH NOTE l The purpose of enabling the first-time authentication on the SSH client is to skip checking the validity of the RSA public key of the SSH server when the STelnet client logs in to the SSH server for the first time. -
Page 148: Enabling The Stelnet Client
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH that the key does not exist after the peer-public-key end command is run and the system view is displayed. Step 6 Run: peer-public-key end Return to the system view from the public key view. -
Page 149: Checking The Configuration
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH md5 | md5_96 } ] | [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ] ] [ -ki aliveinterval [ -kc alivecountmax ] ]command. You can log in to the SSH server through STelnet. -
Page 150: Configuring The First-Time Authentication On The Ssh Client
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Applicable Environment SFTP enables users to log in to the device from a secure remote end to manage files. This improves the security of data transmission for the remote end to update its system. The SFTP client function also enables you to log in to the remote device through SFTP for the secure file transmission. -
Page 151: Optional) Assigning An Rsa Public Key To The Ssh Server
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH To simplify user operations, you are recommended to enable the first-time authentication on the SSH client. Do as follows on the switch that serves as an SSH client:... -
Page 152: Enabling The Sftp Client
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Step 3 Run: public-key-code begin The public key editing view is displayed. Step 4 Run: hex-data The public key is edited. The public key must be a string of hexadecimal alphanumeric characters. It is automatically generated by an SSH client. -
Page 153: Optional) Managing The Directory
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Procedure Step 1 Run: system-view The system view is displayed. Step 2 According to the address type of the SSH server, select and perform one of the two configurations below. -
Page 154: Optional) Managing The File
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH sha1_96 | md5 | md5_96 } ] | [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ] ] [ -ki aliveinterval [ -kc alivecountmax ] ] You can log in to the SSH server through SFTP. -
Page 155: Optional) Displaying The Sftp Client Command Help
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH system-view The system view is displayed. Step 2 According to the address type of the SSH server, select and perform one of the two configurations below. -
Page 156: Checking The Configuration
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH The system view is displayed. Step 2 According to the address type of the SSH server, select and perform one of the two configurations below. l For IPv4 addresses,... -
Page 157: Configuring The Scp Client
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH STOC Cipher : aes128-cbc CTOS Hmac : hmac-sha1-96 STOC Hmac : hmac-sha1-96 : diffie-hellman-group1-sha1 Service Type : sftp Authentication Type : rsa 9.7 Configuring the SCP Client This section describes how to configure the SCP client. -
Page 158: Copying Files
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Context Do as follows on the switch functioning as the SCP client: Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: scp client-source { -a source-ip-address | -i interface-type interface-number } A source IP address or a source interface is configured for the SCP client. -
Page 159: Checking The Configuration
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH 9.7.4 Checking the Configuration After the SCP client is successfully configured, you can view configurations of the SCP connection. Prerequisite The configurations of the SCP client are complete. - Page 160 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Configuration Roadmap The configuration roadmap is as follows: Assign IP addresses to Switch A and Switch B. Configure an authentication mode and password on Switch B.
-
Page 161: Example For Configuring The Pc As The Stelnet Client To Connect To The Ssh Server
9-4, after the STelnet service is enabled on the SSH server, the STelnet client can log in to the SSH server with the password, RSA, password-rsa, or all authentication mode. Configure Client001 with the password as huawei and adopt the password authentication. Issue 01 (2011-07-15) Huawei Proprietary and Confidential... - Page 162 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH The IP address of the SSH server is 192.168.1.1. The user interface supports only SSH. Figure 9-4 Networking diagram of configuring the PC as the STelnet client to connect to the...
- Page 163 9 Telnet and SSH NOTE If SSH is configured as the login protocol, the S2700 automatically disables Telnet. Step 3 Configure the password of the SSH user Client001 to huawei. [SSH Server] aaa [SSH Server-aaa] local-user client001 password cipher huawei...
-
Page 164: Example For Configuring The Switch As The Stelnet Client To Connect To The Ssh Server
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH ----End Configuration Files Configuration file of the SSH server sysname SSH Server local-user client001 password cipher N`C55QK<`=/Q=^Q`MAF4<1!! local-user client001 privilege level 3 local-user client001 service-type ssh... - Page 165 The following login users need to be configured. Client001, with the password as huawei and the authentication mode as password Client002, with the password as rsakey001 and the authentication mode as RSA The user interface supports only the SSH protocol.
- Page 166 # Create an SSH user named Client001 and configure the authentication mode as password for the user. [Quidway] ssh user client001 [Quidway] ssh user client001 authentication-type password # Set the password of Client001 to huawei. Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
- Page 167 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH [Quidway] aaa [Quidway-aaa] local-user client001 password simple huawei [Quidway-aaa] local-user client001 service-type ssh l # Create an SSH user named Client002 and configure the authentication mode as RSA for the user.
- Page 168 The server's public key will be saved with the name: 10.164.39.222. Please wait... Enter password: Enter the password huawei, and information indicating that the login succeeds is displayed as follows: info: The max number of VTY users is 20, and the current number of VTY users on line is 1.
- Page 169 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH # Check the status of the SSH server. [Quidway] display ssh server status SSH version :1.99 SSH connection timeout :60 seconds SSH server key generating interval...
- Page 170 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH interface Vlanif10 ip address 10.164.39.222 255.255.255.0 rsa peer-public-key rsakey001 public-key-code begin 3047 0240 BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8 EA91FC4B B9E18836 5E74BFD5 4C687767 A89C6B43...
-
Page 171: Example For Connecting The Sftp Clinet And The Ssh Server
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH return 9.8.4 Example for Connecting the SFTP Clinet and the SSH Server In this example, the local key pairs are generated on the SFTP client and the SSH server respectively;... - Page 172 # Create an SSH user named Client001 and configure the authentication mode as password for the user. [Quidway] ssh user client001 [Quidway] ssh user client001 authentication-type password # Set the password of Client001 to huawei. [Quidway] aaa [Quidway-aaa] local-user client001 password simple huawei Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright ©...
- Page 173 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH [Quidway-aaa] local-user client001 service-type ssh l # Create an SSH user named Client002 and configure the authentication mode as RSA for the user. [Quidway] ssh user client002 [Quidway] ssh user client002 authentication-type rsa Step 4 Configure the RSA public key on the server.
- Page 174 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH [Quidway-rsa-key-code] 0203 [Quidway-rsa-key-code] 010001 [Quidway-rsa-key-code] public-key-code end [Quidway-rsa-public-key] peer-public-key end Step 5 Bind the RSA public key of the SSH client to Client002. [Quidway] ssh user client002 assign rsa-key RsaKey001 Step 6 Enable the SFTP service on the SSH server.
- Page 175 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH [Quidway] display ssh server session Session 1: Conn: VTY 3 Version: 2.0 State: started Username: client001 Retry: 1 CTOS Cipher: aes128-cbc STOC Cipher: aes128-cbc CTOS Hmac: hmac-sha1-96...
-
Page 176: Example For Configuring The Ssh Server To Support The Access From Another Port
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH peer-public-key end local-user client001 password simple huawei local-user client001 service-type ssh sftp server enable ssh user client001 ssh user client002 ssh user client001 authentication-type password ssh user client002 authentication-type rsa... - Page 177 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Networking Requirements The standard listening port is numbered 22, as defined in the SSH protocol. If attackers access the standard port continuously, the bandwidth is consumed and the performance of the server is degraded.
- Page 178 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Generate an RSA public key on the SSH server and bind the RSA public key of the SSH client to Client002. Enable the STelnet and SFTP services on the SSH server.
- Page 179 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH [client002] display rsa local-key-pair public ===================================================== Time of Key pair created: 16:38:51 2007/5/25 Key name: client002_Host Key type: RSA encryption Key ===================================================== Key code: 3047 0240...
- Page 180 The server's public key will be saved with the name: 10.164.39.222. Please wait... Enter password: Enter the password huawei, and information indicating that the login succeeds is displayed as follows: info: The max number of VTY users is 20, and the current number of VTY users on line is 1.
- Page 181 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH # The SFTP client logs in to the SSH server by using the new listening port. [client002]sftp 10.164.39.222 1025 Please input the username:client002 Trying 10.164.39.222 ...
- Page 182 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Configuration Files Configuration file of the Quidway, the SSH server sysname Quidway vlan batch 10 interface Vlanif10 ip address 10.164.39.222 255.255.255.0 rsa peer-public-key rsakey001 public-key-code begin...
-
Page 183: Example For Authenticating Ssh Through Radius
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH vlan batch 10 interface Vlanif10 ip address 10.164.39.221 255.255.255.0 ssh client first-time enable interface Ethernet0/0/1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 return 9.8.6 Example for Authenticating SSH Through RADIUS... - Page 184 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Generate the RSA public key on SSH server and bind the RSA public key of the SSH client to ssh2@ssh.com. Enable the STelnet and SFTP services on the SSH server.
- Page 185 On the RADIUS server, add two users named ssh1@ssh.com and ssh2@ssh.com ; in addition, designate the NAS address 10.164.39.222 and the key huawei. The NAS address refers to the address of the SSH server that connects to the RADIUS server.
- Page 186 [Quidway] radius-server template ssh # Configure the IP address as 10.164.6.49 and port of the RADIUS authentication server as 1812. [Quidway-radius-ssh] radius-server authentication 10.164.6.49 1812 # Configure the key of RADIUS server as huawei. [Quidway-radius-ssh] radius-server shared-key huawei [Quidway-radius-ssh] quit Step 5 Configure RADIUS domain name.
- Page 187 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH Step 7 Verify the configuration. After the configuration, run the display radius-server configuration and display ssh server session commands on the SSH server. You can view the configuration of the RADIUS server on the SSH server.
-
Page 188: Example For Configuring The Scp Client
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH rsa peer-public-key rsakey001 public-key-code begin 3047 0240 C4989BF0 416DA8F2 2675910D 7F2997E8 5573A35D 0163FD4A FAC39A6E 0F45F325 A4E3AA1D 54692B04 C6A28D3D C58DE2E8 E0D58D65 7A25CF92 A74D21F9 E917182B 0203 010001 public-key-code end... - Page 189 # Configure the password authentication for the SSH user Client001. [SSH Server] ssh user client001 [SSH Server] ssh user client001 authentication-type password # Configure the password of the SSH user Client001 to huawei. [SSH Server] aaa [SSH Server-aaa] local-user client001 password cipher huawei...
- Page 190 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 9 Telnet and SSH [SSH Server] ssh user client001 service-type all Step 3 Enable SCP services on the SCP server. [SSH Server] scp server enable Step 4 Download files from the SCP server to the SCP client.
-
Page 191: Web System Configuration
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 10 Web System Configuration Web System Configuration About This Chapter Before configuring the S2700 in Web mode, you need to configure the S2700 as the Web server. 10.1 Overview of Web System Through the Web system, users can manage and maintain the S2700 in the graphical user interface (GUI). -
Page 192: Overview Of Web System
Through the Web system, users can manage and maintain the S2700 in the graphical user interface (GUI). To facilitates the use and maintenance of the S2700 , Huawei develops the Web system for S2700. The S2700 is installed with a built-in Web server. Thus, the terminal (such as a PC) connected to the S2700 can access the S2700 through the Web browser. - Page 193 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 10 Web System Configuration Choose Start > All Programs > Accessories > Communications > HyperTerminal to start the HyperTerminal. Step 2 Set up a new connection. As shown in Figure 10-2, enter the name of the new connection in the Name text box and choose an icon.
- Page 194 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 10 Web System Configuration Figure 10-3 Setting the connection port Step 4 Set communication parameters. After entering the COM1 Properties window as shown in Figure 10-4, set the communication parameters according to the description in Table 10-1.
- Page 195 Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 10 Web System Configuration Figure 10-4 Setting communication parameters for the port Table 10-1 Communication parameters Parameter Value Bit per second (Baud rate) 9600 Data bit Parity check None Stop bit...
-
Page 196: Setting The Management Ip Address Of The S2700
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 10 Web System Configuration Figure 10-5 Selecting a terminal type After the preceding steps are complete, press Enter. If the prompt <Quidway> is displayed, it indicates that you have logged in to the S2700. At this time, you can enter the command to configure and manage the S2700. -
Page 197: Uploading Web
FTP. Prerequisite To obtain the Web page file of the S2700, log in to http://support.huawei.com, and then choose Software Center > Version Software > Data Communication Product Line > Ethernet Switch > S23&33&53&CX200D Series. Download the software package of the current version. -
Page 198: Loading A Web
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 10 Web System Configuration Step 7 Run the following command in the cmd view of the PC: ftp ip-address The user name and password are displayed. The PC can log in to the S2700. -
Page 199: Logging In To The Web System
Quidway S2700 Series Ethernet Switches Configuration Guide - Basic Configuration 10 Web System Configuration Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: http server enable The HTTP server is enabled. Step 3 Run: The AAA view is displayed. - Page 200 Step 2 Click Login or press enter to display the homepage of the Web system. You can configure the S2700 after logging in to the Web system. For details on how to configure the S2700 on the Web system, see the Quidway S2700 Series Ethernet Switches Web Network Management System Client Operation Guide.