Page 1 Quidway S7700 Smart Routing Switch V100R006C00 Configuration Guide - Basic Configuration Issue Date 2011-07-15 HUAWEI TECHNOLOGIES CO., LTD.
Page 2 All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope.
Page 3: About This Document
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration About This Document About This Document Intended Audience This document provides the basic concepts, basic configuration procedures, and configuration examples supported by the S7700. This document is intended for: Data configuration engineers...
Page 4: Command Conventions
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration About This Document Command Conventions The command conventions that may be found in this document are defined as follows. Convention Description Boldface The keywords of a command line are in boldface.
Page 5: Table Of Contents
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration Contents Contents About This Document........................ii 1 Logging In to Switch........................1 1.1 Introduction................................2 1.1.1 Login Through the Console........................2 1.1.2 Login Through Telnet..........................2 1.2 Logging In to the Device Through the Console Port..................2 1.2.1 Establishing the Configuration Task......................3...
Page 6 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration Contents 2.3.5 Batch Command Execution........................23 2.4 Shortcut Keys..............................23 2.4.1 Classifying Shortcut Keys........................23 2.4.2 Defining Shortcut Keys...........................25 2.4.3 Use of Shortcut Keys..........................25 2.5 Configuration Examples...........................25 2.5.1 Example for Running Commands in Batches..................26 2.5.2 Example for Using the Tab Key......................26...
Page 7 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration Contents 4.4 Displaying System Status Messages.........................48 4.4.1 Displaying System Configuration......................49 4.4.2 Displaying System Status........................49 4.4.3 Collecting System Diagnostic Information.....................49 5 User Management........................51 5.1 User Management Introduction........................52 5.1.1 User Interface............................52 5.1.2 User Authentication..........................53 5.2 Logging In to the S7700 Through the Console Port..................55...
Page 8 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration Contents 6.1 Overview of the File System..........................79 6.2 Managing a Storage Device..........................79 6.2.1 Establishing the Configuration Task.......................79 6.2.2 Restoring Storage Devices with File System Troubles................80 6.2.3 (Optional) Formatting a Storage Device....................80 6.3 Managing the Directory............................80...
Page 9 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration Contents 8.2 Configuring the Switch to be the FTP Server....................99 8.2.1 Establishing the Configuration Task.....................100 8.2.2 (Optional) Specifying a Port Number for the FTP Server..............100 8.2.3 Enabling the FTP Server........................101 8.2.4 Configuring the Source IP Address of the FTP Server.................101...
Page 10 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration Contents 9.1 Telnet and SSH Introduction..........................127 9.1.1 Overview of User Login........................127 9.1.2 Telnet Terminal Services........................127 9.1.3 SSH Terminal Services..........................128 9.2 Configuring Telnet Terminal Services......................129 9.2.1 Establishing the Configuration Task.....................129 9.2.2 Enabling the Telnet Service........................130 9.2.3 Establishing a Telnet Connection......................131...
Page 11 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration Contents 9.6.5 Enabling the SFTP Client........................152 9.6.6 (Optional) Managing the Directory.......................153 9.6.7 (Optional) Managing the File........................154 9.6.8 (Optional) Displaying the SFTP Client Command Help...............155 9.6.9 Checking the Configuration........................156 9.7 Configuring the SCP Client..........................157 9.7.1 Establishing the Configuration Task.....................157...
Page 12 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration Contents 11.5 Configuring Secure Web Network Management..................216 11.5.1 Establishing the Configuration Task....................217 11.5.2 Configuring an SSL Policy and Loading a Digital Certificate............218 11.5.3 Loading a Web Page File........................219 11.5.4 Enabling the HTTPS Function......................219 11.5.5 Creating a Web Account........................220...
Page 13: Logging In To Switch
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 1 Logging In to Switch Logging In to Switch About This Chapter Before configuring switches, you need to log in to the switch. 1.1 Introduction You can log in to switches through console port or Telnet.
Page 14: Introduction
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 1 Logging In to Switch 1.1 Introduction You can log in to switches through console port or Telnet. 1.1.1 Login Through the Console When a switch is powered on for the first time or a switch needs to be locally configured, you can log in to the switch through the console port.
Page 15: Establishing The Configuration Task
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 1 Logging In to Switch 1.2.1 Establishing the Configuration Task Before configuring login to the switch through the console port, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
Page 16: Configuring Terminals
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 1 Logging In to Switch Procedure Step 1 Connect the COM port on the PC and the console port on the switch by a cable. Step 2 Power on all devices to perform a self-check.
Page 17: Establishing The Configuration Task
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 1 Logging In to Switch 1.3.1 Establishing the Configuration Task Before configuring login to the switch through Telnet, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
Page 18: Configuring Login User Parameters
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 1 Logging In to Switch 1.3.3 Configuring Login User Parameters This part describes how to configure user parameters for login to the switch through Telnet. Context Do as follows on the switch: Procedure Step 1 Configure the authentication mode of login users.
Page 19 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 1 Logging In to Switch Figure 1-1 Networking diagram of logging in through the console port Switch Configuration Roadmap The configuration roadmap is as follows: Connect the PC and the switch through the console port.
Page 20 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 1 Logging In to Switch Figure 1-3 Setting the port Figure 1-4 Setting the port communication parameters Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 21: Example For Logging In Through Telnet
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 1 Logging In to Switch Step 3 Power on the switch to perform a self-check and the system performs automatic configuration. When the self-check ends, you are prompted to press Enter until a command line prompt such as <Quidway>...
Page 22 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 1 Logging In to Switch Step 2 Configure login user parameters on the target switch. # Configure the login address <Quidway> system-view [Quidway] vlan 10 [Quidway-vlan10] quit [Quidway] interface gigabitethernet 1/0/0...
Page 23: Cli Overview
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 2 CLI Overview CLI Overview About This Chapter Users operate devices, that is, configure the device and perform routine maintenance, by entering command lines. 2.1 CLI Introduction The command line interface (CLI) is the common tool for running commands.
Page 24: Cli Introduction
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 2 CLI Overview 2.1 CLI Introduction The command line interface (CLI) is the common tool for running commands. 2.1.1 Command Line Interface You can configure and manage a switch by using the CLI commands.
Page 25: Command Views
Not all display commands are of the monitoring level. For example, the display current- configuration and display saved-configuration commands are of the management level. For the level of a command, see the Quidway S7700 Command Reference. To implement efficient management, you can increase the command levels to 0-15. For the increase in the command levels, refer to Chapter 4 "Basic Configuration"...
Page 26 Common Views The S7700 provides various command line views. For the methods of entering the command line views except the following views, see the Quidway S7700 Command Reference. User View Item...
Page 27: Online Help
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 2 CLI Overview Item Description Prompt upon [Quidway-EthernetX/Y/Z] entry Quit command [Quidway-EthernetX/Y/Z] quit Prompt upon [Quidway] quit NOTE X/Y/Z indicates the number of an FE interface that needs to be configured. It is in the format of slot number/sub card number/interface sequence number.
Page 28: Full Help
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 2 CLI Overview Partial help Error Messages of the Command Line Interface 2.2.1 Full Help When you enter a command line, you can view the description of keywords or parameters in the command line through the Full Help.
Page 29: Error Messages Of The Command Line Interface
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 2 CLI Overview Enter a command and a character string with "?" closely following it to display all the key words that begin with this character string. <Quidway> display b?
Page 30: Displaying
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 2 CLI Overview Table 2-2 Keys for editing Function Common key Inserts a character in the current position of the cursor if the editing buffer is not full and the cursor moves to the right. Otherwise, an alarm is generated.
Page 31: Regular Expressions
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 2 CLI Overview Function Enter Continues to display the information on the next line. 2.3.3 Regular Expressions The regular expression is a mode matching tool. You can construct the matching mode based on certain rules, and then match the mode with the target object.
Page 32 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 2 CLI Overview Particul Syntax Example characte Matches the preceding element zero 10* matches "1", "10", "100", and or more times. "1000". (10)* matches "null", "10", "1010", and "101010". Matches the preceding element one 10+ matches "10", "100", and...
Page 33 Specifying a Filtering Mode in Command CAUTION The Quidway S7700 uses a regular expression to implement the filtering function of the pipe character. A display command supports the pipe character only when there is excessive output information.
Page 34: History Commands
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 2 CLI Overview Specify a Filtering Mode when Information is Displayed When a lot of information is displayed, you can specify a filtering mode in the prompt "---- More ----".
Page 35: Batch Command Execution
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 2 CLI Overview 2.3.5 Batch Command Execution By running pre-defined command lines in batches, you can simplify the operation of entering common commands and improve efficiency. Context Log in to the switch from the client and do as follows: Procedure Step 1 Run the batch-cmd edit to edit commands to be run in batches.
Page 36 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 2 CLI Overview NOTE Different terminal software defines these keys differently. Therefore, the shortcut keys on the terminal may be different from those listed in this section. Table 2-6 System-defined shortcut keys...
Page 37: Defining Shortcut Keys
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 2 CLI Overview 2.4.2 Defining Shortcut Keys Only management-level users have the rights to define shortcut keys. NOTE When defining the shortcut keys, use double quotation marks to define the command if this command contains several commands words, that is, if spaces exist in the command.
Page 38: Example For Running Commands In Batches
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 2 CLI Overview 2.5.1 Example for Running Commands in Batches This part provides an example for running commands in batches. In this example, by editing the commands to be run in batches, you can configure the system to automatically run the commands in batches.
Page 39: Example For Defining Hotkeys
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 2 CLI Overview do as follows on the S7700. Enter an incomplete keyword. [Quidway] info- Press Tab. The system replaces the incomplete keyword with a complete keyword and displays the complete keyword in another line. There is only one space between the cursor and the end of the keyword.
Page 40: Example For Copying A Command By Using Hotkeys
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 2 CLI Overview 1.1.1.1/32 Direct 0 127.0.0.1 InLoopBack0 10.1.1.1/32 Direct 0 127.0.0.1 InLoopBack0 44.0.0.0/24 Direct 0 44.0.0.1 Vlanif44 44.0.0.1/32 Direct 0 127.0.0.1 InLoopBack0 127.0.0.0/8 Direct 0 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 127.0.0.1...
Page 41: How To Use Interfaces
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 3 How to Use Interfaces How to Use Interfaces About This Chapter This chapter describes the concept of the interface and the basic configuration about the interface. 3.1 Introduction to Interfaces This section describes different types of interfaces.
Page 42: Introduction To Interfaces
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 3 How to Use Interfaces 3.1 Introduction to Interfaces This section describes different types of interfaces. The interfaces are provided by the S7700 to receive and send data. Interfaces are classified into management interfaces and service interfaces based on their functions;...
Page 43: Physical Interfaces
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 3 How to Use Interfaces Classification of Service Interfaces Service interfaces are used to transmit service data. They are classified into 100 Mbit/s interfaces, 1 Gbit/s interfaces and 10 Gbit/s interfaces according to their rates; they are classified into electrical interfaces and optical interfaces according to their electrical properties.
Page 44: Logical Interfaces
This ensures link reliability. For details about the Eth-Trunk configuration, see "Configuring the Eth-Trunk" in the Quidway S7700 Smart Routing Switch Configuration Guide - Ethernet. Loopback interface A loopback interface is a virtual interface. The TCP/IP protocol suite defines IP address 127.0.0.0 as a loopback address.
Page 45: Setting Basic Parameters Of An Interface
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 3 How to Use Interfaces For details about the configuration, see "Configuring the MTI" in the Quidway S7700 Smart Routing Switch Configuration Guide - Multicast. Sub-interface The sub-interface provides a solution to creating multiple logical interfaces or network interconnections on a physical interface.
Page 46: Entering The Interface View
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 3 How to Use Interfaces 3.2.2 Entering the Interface View To configure an interface, you need to enter the interface view. Context Do as follows on the S7700. Procedure Step 1 Run: system-view The system view is displayed.
Page 47: Starting And Shutting Down An Interface
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 3 How to Use Interfaces Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: interface interface-type interface-number The view of a specified interface is displayed. Step 3 Run: description description The description is configured for the interface.
Page 48: Further Configuration An Interface
For the detailed Configuration, please see the other configuration manuals of S7700. For the detailed Configuration, please see Quidway S7700 Smart Routing Switch Configuration Guide - Ethernet and Quidway S7700 Smart Routing Switch Configuration Guide - IP Routing. 3.2.7 Checking the Configuration After completing the basic configuration of an interface, you can use the display commands to check the configuration.
Page 49: Configuring The Loopback Interface
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 3 How to Use Interfaces 3.3 Configuring the Loopback Interface This section describes how to configure the loopback interface. 3.3.1 Establishing the Configuration Task The users can create or delete a loopback interface. When being created, the loopback interface remains in the Up state until you delete it.
Page 50: Checking The Configuration
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 3 How to Use Interfaces The value of interface-number ranges from 0 to 1023. A maximum of 1024 loopback interfaces can be created. Step 3 (Optional) Run: ip binding vpn-instance vpn-instance-name The loopback interface is bound to the VPN instance.
Page 51 Debugging affects the performance of the system. So, after debugging, run the undo debugging all command to disable it immediately. For the description about debugging commands, see the Quidway S7700 Smart Routing Switch Debugging Reference. For details about debugging commands on an interface, see the following chapters.
Page 52: Basic Configuration
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 4 Basic Configuration Basic Configuration About This Chapter This chapter describes how to configure the basic system environment and the basic user environment. 4.1 Basic Configuration Introduction This section describes the meaning and scope of the basic configuration.
Page 53: Basic Configuration Introduction
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 4 Basic Configuration 4.1 Basic Configuration Introduction This section describes the meaning and scope of the basic configuration. Before configuring services, users often need to perform basic configurations for actual operation and maintenance.
Page 54: Switching The Language Mode
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 4 Basic Configuration Data Host name Login information Command level 4.2.2 Switching the Language Mode You can switch between the Chinese mode and the English mode as required. Context Do as follows on the switch:...
Page 55: Setting The System Clock
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 4 Basic Configuration By default, the host name of the switch is Quidway. ----End 4.2.4 Setting the System Clock To ensure that devices on the network work with the same clock, you need to set or change the system clock.
Page 56: Configuring A Header
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 4 Basic Configuration NOTE When the current time is within the daylight saving time, running the clock timezone time-zone-name { add | minus } offset command can successfully set the time zone name. If the display clock command is run to view the time zone name at the moment, the time zone name, however, is displayed as the name of the daylight saving time.
Page 57: Configuring The Undo Command To Match In The Previous View Automatically
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 4 Basic Configuration The command Level 2 is updated to Level 10 and Level 3 is updated to Level 15. No command lines exist in Level 2 to Level 9 and Level 11 to Level 14. The user can adjust the command lines to these levels separately to refine the management of privilege.
Page 58: Configuring Basic User Environment
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 4 Basic Configuration NOTE l By default, the undo command does not automatically match the upper level view. l The matched upper-view command is valid for current login users who run this command.
Page 59: Configuring The Password For Switching User Levels
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 4 Basic Configuration 4.3.2 Configuring the Password for Switching User Levels Passwords need to be set for users that are switched from lower levels to higher levels. Context When users log in to the switch with a lower user level, they switch to a higher user level to perform advanced operations by entering the corresponding password.
Page 60: Locking User Interfaces
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 4 Basic Configuration User levels are switched. Step 2 Follow the prompt and enter a password. If the password entered is correct, the user can switch to a higher level. If the user enters a password incorrectly for three consecutive times, the user remains at the current login level and returns to the user view.
Page 61: Displaying System Configuration
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 4 Basic Configuration Displays the diagnostic information about a system. Displays the restart information about the main control board. See the related sections for display commands for protocols and interfaces. The following only shows the system display commands.
Page 62 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 4 Basic Configuration When the system fails or performs the routine maintenance, you need to collect a lot of information to locate faults. Then, you have to run different display commands to collect all information.
Page 63: User Management
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management User Management About This Chapter This chapter describes user interfaces and the configuration of users' login. 5.1 User Management Introduction This section describes basic concepts of user interfaces and user management.
Page 64: User Management Introduction
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management 5.1 User Management Introduction This section describes basic concepts of user interfaces and user management. 5.1.1 User Interface A user interface (UI) enables users to log in to the S7700. Through a user interface, you can configure the parameters on all physical and logical interfaces that work in asynchronous and interactive modes.
Page 65: User Authentication
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management Figure 5-1 Numbering of user interfaces on the S7700 Types ofset Relative Obsolute interface numbering numbering console0 …… vty0 vty1 vty2 vty3 vty4 In the figure, console 0 and 0 indicate the same user interface; vty1 and 35 indicate the same user interface.
Page 66 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management User Type Description Authentication Telnet users Logs in to the S7700 through the Ethernet interface Recommended using Telnet and have limited rights. A Telnet connection is set up between the user terminal and the S7700.
Page 67: Logging In To The S7700 Through The Console Port
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management Table 5-3 Authentication modes of login users Authenticatio Description n Mode Non- Users can log in to the S7700 without entering the user name and password. authentication There is a great potential security risk.
Page 68: Logging In To The S7700 Through The Console Interface
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management 5.2.2 Logging In to the S7700 Through the Console Interface Context When setting up a local configuration environment through the console interface, you can connect the PC and the S7700 through the Windows HyperTerminal.
Page 69 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management Figure 5-4 Setting the connection port Step 4 Set communication parameters. After entering the COM1 Properties window as shown in Figure 5-5, set the communication parameters according to the description in Table 5-4.
Page 70 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management Figure 5-5 Setting communication parameters for the port Table 5-4 Communication parameters Parameter Value Bit per second (Baud rate) 9600 Data bit Parity check None Stop bit...
Page 71: Configuring Console User Interface
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management Figure 5-6 Selecting a terminal type After the preceding steps are complete, press Enter. If the prompt <Quidway> is displayed, it indicates that you have logged in to the S7700. At this time, you can enter the command to configure and manage the S7700.
Page 72: Configuring Console Interface Attributes
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management Powering on the switch Connecting a PC to the switch Data Preparation To configure a console interface, you need the following data. Data Baud rate, flow-control mode, parity, stop bit, and data bit...
Page 73: Setting Console Terminal Attributes
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management The flow control mode is set. By default, the flow-control mode is none. Step 5 (Optional) Run: parity { even | mark | none | odd | space } The parity mode is set.
Page 74: Configuring User Priority
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management The timeout period for idle users is set. By default, the timeout period for idle users is 10 minutes. Step 5 Run: screen-length screen-length The number of lines to be displayed on each screen is set.
Page 75: Configuring User Authentication
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management For more information about the command priority, see "Command Level" in Chapter 3 "CLI Overview". ----End 5.3.5 Configuring User Authentication The system provides three authentication modes, namely, AAA, password, and none.
Page 76: Checking The Configuration
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management Configuring Non-Authentication Run: system-view The system view is displayed. Run: user-interface console interface-number The console user interface view is displayed. Run: authentication-mode none The authentication mode is set to non-authentication.
Page 77: Configuring Maximum Vty User Interfaces
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management Pre-configuration Tasks Before configuring a VTY user interface, complete the following tasks: Powering on the switch Connecting a PC to the switch correctly Data Preparation To configure a VTY user interface, you need the following data.
Page 78: Optional)Configuring Limits For Incoming Calls And Outgoing Calls
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management If the maximum number of VTY user interfaces to be configured is larger than the maximum number of current interfaces, the authentication mode and password need to be configured for newly added user interfaces.
Page 79: Configuring User Authentication
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management Context Do as follows on the switch: Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: user-interface vty number1 [ number2 ] The VTY interface view is displayed.
Page 80 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management AAA authentication: requires the user name and password. Password authentication: requires no user name but a password must be set. Otherwise, the user can log in to the switch only through the console interface.
Page 81: Checking The Configuration
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management system-view The system view is displayed. Run: user-interface vty number1 [ number2 ] The VTY user interface view is displayed. Run: authentication-mode none The authentication mode is set to none.
Page 82: Sending Messages To Other User Interfaces
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management Powering on the switch Connecting the PC with the switch properly Data Preparations To manage the user interface, you need the following data: Data Type and number of the user interface Contents of the message to be sent 5.5.2 Sending Messages to Other User Interfaces...
Page 83: Checking The Configuration
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management 5.5.4 Checking the Configuration After configuring user management interfaces, you can view the usage information of user interfaces. Prerequisite The configuration of User Interfaces are complete. Procedure Step 1 Run the display users [ all ] command to check the usage information of the user interface.
Page 84: Configuring Authentication Mode
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management 5.6.2 Configuring Authentication Mode The system provides three authentication modes, namely, AAA local authentication, password authentication, and none authentication. Context Do as follows on the switch that the user logs in to:...
Page 85: Setting Username And Password For Aaa Local Authentication
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management NOTE The default authentication mode is the password authentication. ----End 5.6.4 Setting Username and Password for AAA Local Authentication You can configure a plain or cipher text password for AAA local authentication.
Page 86: Configuring User Priority
5.6.6 Configuring User Priority You can configure the user priority. Context Refer to the Quidway S7700 Configuration Guide - Security. 5.6.7 Checking the Configuration After configuring user management, you can view the usage information of user interfaces, local user list, and online users.
Page 87: Configuration Examples
Networking Requirements The COM port of the PC is connected with the Console port. Set the priority of VTY0 to 2 and authenticate the passwords of users. Users need to enter the password Huawei to log in successfully. After login, if the operations are not carried out in 30 minutes, it means that the user-interface is disconnected from the switch.
Page 88: Example For Logging In To The Device Through Aaa
Configure the priority of VTY0 to be 2, perform AAA authentication on the user that logs in through VTY0. The login user must enter the username "huawei" and the password "huawei". After login, if the user does not operate the switch within 30 minutes, the connection with the switch is disabled.
Page 89 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 5 User Management Username and password for authentication Disconnect time Procedure Step 1 Configure the priority of VTY0 to be 2 and the disconnection time within 30 minutes. <Quidway> system-view...
Page 90: File System Management
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 6 File System Management File System Management About This Chapter This chapter describes the basic knowledge of the file system, including the methods of managing files, directories, and storage devices.
Page 91: Overview Of The File System
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 6 File System Management 6.1 Overview of the File System This section describes the concepts of the file system. Basic Concepts of the File System A file system allows you to manage files and directories on the storage devices. In the file system, you can create, delete, modify, and rename a file or a directory, and view contents of a file.
Page 92: Restoring Storage Devices With File System Troubles
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 6 File System Management 6.2.2 Restoring Storage Devices with File System Troubles When the file system on a storage device fails, the terminal of the switch prompts you to rectify the fault.
Page 93: Viewing The Current Directory
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 6 File System Management Applicable Environment When you need to transfer files between the client and the server, configure the directory by using the file system. Pre-configuration Tasks Before configuring the management directory, complete the following tasks:...
Page 94: Displaying A Directory Or File
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 6 File System Management A directory is specified. Step 2 Run: The current directory is displayed. ----End 6.3.4 Displaying a Directory or File You can view a directory or files in the directory.
Page 95: Managing Files
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 6 File System Management Context Do as follows on the switch: Procedure Step 1 Run: cd directory The parent directory of the directory to be deleted is displayed. Step 2 Run: rmdir directory The directory is deleted.
Page 96: Displaying Contents Of Files
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 6 File System Management 6.4.2 Displaying Contents of Files You can view the contents of a file, which are displayed in texts. Context Do as follows on the switch: Procedure...
Page 97: Renaming Files
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 6 File System Management Procedure Step 1 Run: cd directory The directory of the file is displayed. Step 2 Run: move source-filename destination-filename The file is moved. ----End 6.4.5 Renaming Files You can rename files.
Page 98: Deleting Files In The Recycle Bin
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 6 File System Management Context Do as follows on the switch: Procedure Step 1 Run: cd directory The directory of the file is displayed. Step 2 Run: delete [ /unreserved ] filename The file is deleted.
Page 99: Running Files In Batch
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 6 File System Management 6.4.10 Running Files in Batch You can upload the files and then process the files in batches. Prerequisite Uploading the batched files on the client end to the switch.
Page 100: Configuration Examples
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 6 File System Management By default, the prompt mode is alert. CAUTION If the prompt is in the quiet mode, no prompt appears for data lossdue to maloperation. ----End 6.5 Configuration Examples This section provides several configuration examples of the file system.
Page 101 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 6 File System Management -rw- 140,708 Apr 03 2009 18:06:56 patchhistory -rw- Mar 30 2009 18:42:28 $_patchstate_a.backup -rw- 22,064,779 Mar 11 2009 18:26:08 s7700v100r006c02b118.cc -rw- 10,405 Mar 31 2009 14:17:52 bfd.pat...
Page 102: Management Of Configuration Files
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 7 Management of Configuration Files Management of Configuration Files About This Chapter This chapter describes current configurations, configuration files, detection of master/slave configuration consistency, and configuration recovery. 7.1 Management of Configuration Files Introduction The configuration file is the add-in configuration item when restarting the switch this time or next time.
Page 103: Management Of Configuration Files Introduction
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 7 Management of Configuration Files 7.1 Management of Configuration Files Introduction The configuration file is the add-in configuration item when restarting the switch this time or next time. 7.1.1 Configuration Files This part describes basic concepts of configuration files.
Page 104: Establishing The Configuration Task
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 7 Management of Configuration Files 7.2.1 Establishing the Configuration Task Before managing configuration files, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
Page 105: Configuring The Configuration File For Switch To Load For The Next Startup
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 7 Management of Configuration Files You can specify the system-file and use the system software for the next startup that is saved on the device. slave-board is valid only on the switch with dual main control boards.
Page 106 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 7 Management of Configuration Files After the parameter interval interval is specified, the device saves the configuration file at specified intervals regardless of whether the configuration file is changed. – If the set save-configuration command is not run, the system does not automatically save configurations.
Page 107: Clearing A Configuration File
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 7 Management of Configuration Files 7.2.5 Clearing a Configuration File You can clear the configuration file that has been loaded to a device, or clear the inactive configurations of the boards that are not installed in slots.
Page 108: Checking The Configuration
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 7 Management of Configuration Files compare configuration [ configuration-file ] [ current-line-number save-line- number ] The current configuration is compared with the configuration file for next startup. If no parameter is set, the comparison begins with the first lines of configuration files. current- line-number and save-line-number are used to continue the comparison by ignoring the differences between the configuration files.
Page 109 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 7 Management of Configuration Files The S7700 system software and configuration file to be loaded at the next startup are correct and saved in the root directory of the storage device.
Page 110: Ftp And Tftp
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP FTP and TFTP About This Chapter This chapter describes the fundamentals, configuration procedures and configuration examples of FTP and TFTP. 8.1 FTP and TFTP Introduction This section describes the basic concepts of FTP and TFTP.
Page 111: Ftp And Tftp Introduction
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP 8.1 FTP and TFTP Introduction This section describes the basic concepts of FTP and TFTP. 8.1.1 FTP You can transfer files between local and remote hosts through FTP. FTP is commonly used in version upgrade, log downloading, file transfer, and configuration saving.
Page 112: Establishing The Configuration Task
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP 8.2.1 Establishing the Configuration Task Before configuring a switch to be the FTP server, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
Page 113: Enabling The Ftp Server
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: ftp [ ipv6 ] server port port-number The port number of the FTP server is configured.
Page 114: Optional) Configuring The Timeout Period
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP ftp server-source -a source-ip-address The source IP address of an FTP server is configured. After the source address is configured, the address specified in the ftp command for login to the FTP server must be the configured source address.
Page 115: Configuring The Service Type And Authorization Information
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP The local username and the password are configured. ----End 8.2.7 Configuring the Service Type and Authorization Information You can configure the authorization mode and authorization directory for FTP users. In this case, unauthorized users cannot access the restricted directory, which guarantees the security.
Page 116: Configuring Ftp Acl
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP Example After configuring the FTP server, run the display [ ipv6 ] ftp-server command. You can view that the parameters of the current FTP server. <Quidway> display ftp-server...
Page 117: Enabling The Ftp Server
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP 8.3.2 Enabling the FTP Server The FTP server is disabled by default. You need to enable the FTP server before using FTP functions. Context Do as follows on the switch that serves as the FTP server:...
Page 118: Checking The Configuration
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP Context Do as follows on the switch that serves as the FTP server: Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: ftp [ ipv6 ] acl acl-number The basic FTP ACL is configured.
Page 119: Establishing The Configuration Task
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP 8.4.1 Establishing the Configuration Task Before configuring a switch to be an FTP client, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
Page 120: Optional) Configuring Source Ip Address And Interface Of The Ftp Client
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP 8.4.2 (Optional) Configuring Source IP Address and Interface of the FTP Client This section describes how to configure the source IP address and interface of FTP client to establish the connection with FTP server.
Page 121: Configuring Data Type And Transmission Mode For The File
The data type of the file to be transmitted is ascii or binary mode. NOTE FTP server supports ascii mode for data transmission. But in Quidway S7700, user has to switch to binary mode for data transfer. Step 2 Run: passive The passive file transfer mode is configured.
Page 122: Optional) Viewing Online Help Of The Ftp Command
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP When verbose is enabled, all FTP responses are displayed. After file transmission, the statistics about transmission efficiency will be displayed. ----End 8.4.5 (Optional) Viewing Online Help of the FTP Command This section describes how to view the online help of the FTP command.
Page 123: Managing Files
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP Procedure Step 1 Run one or more commands in the following order to manage directories. l Run: cd pathname The working path of the remote FTP server is specified.
Page 124: Optional) Changing Login Users
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP The specified directory or file on the local FTP server is displayed. If the directory name is not specified when a specific remote file is selected, the system searches the working directory for the specific file.
Page 125: Checking The Configuration
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP Return to the user view. Step 2 Run: close disconnect The client switch is disconnected from the FTP server. This command terminates the FTP session. ----End 8.4.11 Checking the Configuration...
Page 126: Optional) Configuring A Source Ip Address For A Tftp Client
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP Powering on the switch Connecting the TFTP client with the server Data Preparation To configure TFTP, you need the following data. Data IP address of the TFTP server...
Page 127: Uploading Files Through Tftp
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP l The IP address of the server is IPv4 address, run: tftp [ -a source-ip-address | -i interface-type interface-number ] tftp-server [ public-net | vpn-instance vpn-instance-name ] get source-filename [ destination-filename ] The switch is configured to download files through TFTP.
Page 128: Configuring The Basic Acl
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP Pre-configuration Tasks Before configuring a limit to access the TFTP server, complete the following tasks: Powering on the switch Connecting the TFTP client to the server Data Preparation To configure a limit to access to the TFTP server, you need the following data.
Page 129: Configuration Examples
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP Context Do as follows on the switch that serves as the TFTP client: Procedure Step 1 Run: system-view The system view is displayed. Step 2 According to the address type of the TFTP server, select and run one of the following two commands.
Page 130 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP Figure 8-1 Networking diagram of the Switch functioning as the FTP server VLAN10 FTP Session FTP Client FTP Server L2 Switch Switch Ethernet Ethernet Switch Interface...
Page 131: Example For Configuring An Acl Of The Ftp Server
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP Step 3 On the PC, initiate a connection to the Switch with the user name u1 and the password ftppwd. Use Windows XP on the FTP client to illustrate the preceding operations.
Page 132 Configure the ACL on the FTP server. Data Preparation To complete the configuration, you need the following data: Name of the FTP user set as u1 and password set as huawei on the server Number of the ACL Procedure Step 1 Configure basic FTP functions.
Page 133: Example For Configuring The Ftp Client
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP 331 Password required for u1 Password: 230 User logged in. ftp> Step 5 Connect PC2 to the FTP server. This step needs to be performed on the DOS of the PC.
Page 134 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP Figure 8-3 Networking diagram of the Switch functioning as the FTP client FTP session configuration cable FTP Client FTP Server Configuration Roadmap The configuration roadmap is as follows: Log in to the FTP server from the FTP client.
Page 135: Example For Configuring The Tftp Client
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP Trying 10.1.1.2 ... Press CTRL+K to abort Connected to 10.1.1.2. 220 FTP service ready. User(10.1.1.2:(none)):u1 331 Password required for u1. Enter password: 230 User logged in.
Page 136 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP The Switch acts as a TFTP client. VLAN 10 is created on the Switch, and GigabitEthernet3/0/1 is added to VLAN 10. The IP address 10.1.1.1/24 is assigned to VLANIF The Switch downloads files from the TFTP server.
Page 137 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 8 FTP and TFTP Configuration Files sysname Quidway vlan batch 10 interface Vlanif10 ip address 10.1.1.1 255.255.255.0 interface GigabitEthernet3/0/1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 Return...
Page 138: Telnet And Ssh
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH Telnet and SSH About This Chapter Telnet and SSH can provide a terminal which enables users to remotely log in to and access a server. 9.1 Telnet and SSH Introduction This section explains basic concepts of user login by means of Telnet and SSH.
Page 139: Telnet And Ssh Introduction
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH 9.1 Telnet and SSH Introduction This section explains basic concepts of user login by means of Telnet and SSH. 9.1.1 Overview of User Login You can locally or remotely log in to a switch through the console port, Telnet, or SSH.
Page 140: Ssh Terminal Services
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH 9.1.3 SSH Terminal Services The S7700 supports the basic SSH protocol, client function, SFTP protocol, STelnet protocol and SCP. Introduction to SSH SSH works at the application layer in the TCP/IP protocol suite. SSH provides remote login and virtual terminal on the network where security is guaranteed.
Page 141: Configuring Telnet Terminal Services
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH – Supporting Data Encryption Standard (DES) and 3DES – Supporting the encrypted transfer of the user name or password – Supporting the encrypted transfer of interactive data SSH adopts RSA.
Page 142: Enabling The Telnet Service
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH Applicable Environment To remotely log in to the switch through the Telnet protocol for maintenance and management, you need to configure Telnet terminal services. Pre-configuration Tasks...
Page 143: Establishing A Telnet Connection
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH Run: telnet server enable The Telnet service is enabled. NOTE l By default, the function of the Telnet server is enabled. l If the undo telnet server enable command is run when Telnet login is in progress, the command does not take effect.
Page 144: Optional) Configuring A Telnet Server Port Number
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH 9.2.4 (Optional) Configuring a Telnet Server Port Number A user can configure or change the Telnet server port number. After the port number is changed, only the user knows the port number, improving security.
Page 145: Checking The Configuration
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH 9.2.6 Checking the Configuration After configuring Telnet terminal services, you can view the connection status of the current user interface, connection status of each user interface, and status of all established TCP connections.
Page 146: Establishing The Configuration Task
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH 9.3.1 Establishing the Configuration Task Before configuring SSH users, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
Page 147: Configuring Ssh For The Vty User Interface
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: ssh user user-name If you want to create an SSH user in the password authentication mode, you need to create a local user with the same name in the AAA view.
Page 148: Generating A Local Rsa Key Pair
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH 9.3.4 Generating a Local RSA Key Pair You need to create an RSA key before configuring SSH. Context Do as follows on the switchs that serve as a client or a server:...
Page 149 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH The default password authentication is configured for the SSH user. For the local authentication or HWTACACS authentication, if the number of SSH users is small, you can adopt the former command; if the number of SSH users is large, adoptthe later command to simplify the configuration.
Page 150: Optional) Configuring The Basic Authentication Information For Ssh Users
"AAA and User Management" in the Quidway S7700 Configuration Guide - Security. This section describes how to configure the command line authorization for RSA authentication.
Page 151: Configuring The Service Type Of Ssh Users
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: ssh user user-name authorization-cmd aaa The command line authorization is configured for the specified SSH user.
Page 152: Checking The Configuration
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: ssh user username sftp-directory directoryname The authorized directory of the SFTP service for SSH users is configured.
Page 153: Enabling The Stelnet Service
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH Applicable Environment Before configuring the SSH server, you must enable STelnet, SFTP, or SCP on the SSH server. You can change the number of the port monitored by the SSH server to other port numbers. This can prevent attackers from accessing standard ports of the SSH server and thus save bandwidth and system resources.
Page 154: Enabling Scp Services
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH Context Do as follows on the switch that serves as an SSH server: Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: sftp server enable The SFTP service is enabled.
Page 155: Optional) Configuring The Number Of The Port Monitored By The Ssh Server
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH The system view is displayed. Step 2 Run: ssh server compatible-ssh1x enable The earlier version-compatible function is enabled. By default, the server configured with the SSH2.0 protocol is compatible with the server configured with SSH1.X.
Page 156: Checking The Configuration
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: ssh server rekey-interval interval The interval for updating the key pair is set.
Page 157: Establishing The Configuration Task
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH 9.5.1 Establishing the Configuration Task Before configuring an STelnet client, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately.
Page 158: Optional) Assigning An Rsa Public Key To The Ssh Server
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH the login, the system automatically allocates the RSA public key and saves it for authentication in next login. To simplify user operations, you are recommended to enable the first-time authentication on the SSH client.
Page 159: Enabling The Stelnet Client
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH The public key view is displayed. Step 3 Run: public-key-code begin The public key editing view is displayed. Step 4 Run: hex-data The public key is edited.
Page 160: Checking The Configuration
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH Procedure Step 1 Run: system-view The system view is displayed. Step 2 According to the address type of the SSH server, select and run one of the following two commands.
Page 161: Configuring The Sftp Client Function
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH STOC Cipher : aes128-cbc CTOS Hmac : hmac-sha1-96 STOC Hmac : hmac-sha1-96 : diffie-hellman-group1-sha1 Service Type : stelnet Authentication Type : password 9.6 Configuring the SFTP Client Function This section explains how to configure the SFTP client.
Page 162: Optional) Configuring A Source Ip Address For An Sftp Client
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH Data Name of the outgoing interface Source address Directory name File name 9.6.2 (Optional) Configuring a Source IP Address for an SFTP Client You can configure a source IP address for an SFTP client. Then, you can set up an SFTP connection from the SFTP client to the server through a specific route by using this source IP address.
Page 163: Optional) Assigning An Rsa Public Key To The Ssh Server
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: ssh client first-time enable Enable the SSH client with the first authentication. By default, first-time authentication is disabled on SSH clients.
Page 164: Enabling The Sftp Client
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH Step 4 Run: hex-data The public key is edited. The public key must be a string of hexadecimal alphanumeric characters. It is automatically generated by an SSH client. You can run the display rsa local-key-pair public command to view a generated public key.
Page 165: Optional) Managing The Directory
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH The system view is displayed. Step 2 According to the address type of the SSH server, select and perform one of the two configurations below. l For IPv4 addresses,...
Page 166: Optional) Managing The File
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH You can log in to the SSH server through SFTP. l For IPv6 addresses, Run: sftp ipv6 [ -a source-address ] host-ipv6 [ -i interface-type interface-...
Page 167: Optional) Displaying The Sftp Client Command Help
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH The system view is displayed. Step 2 According to the address type of the SSH server, select and perform one of the two configurations below. l For IPv4 addresses,...
Page 168: Checking The Configuration
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH The system view is displayed. Step 2 According to the address type of the SSH server, select and perform one of the two configurations below. l For IPv4 addresses,...
Page 169: Configuring The Scp Client
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH Version : 2.0 State : started Username : client002 Retry CTOS Cipher : aes128-cbc STOC Cipher : aes128-cbc CTOS Hmac : hmac-sha1-96 STOC Hmac : hmac-sha1-96...
Page 170: Optional) Configuring A Source Ip Address For The Scp Client
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH 9.7.2 (Optional) Configuring a Source IP Address for the SCP Client It is more secure to configure a source IP address for the SCP client, and use the specified source IP address to set up an SCP connection between the client and server.
Page 171: Checking The Configuration
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH scp ipv6 [ -port port-number | public-net | vpn-instance vpn-instance-name | -a sourceipv6address | -r | -cipher { des | 3des | aes128 } | -c ]...
Page 172 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH Figure 9-3 Networking diagram of the remote login of the Ethernet user SwitchA SwitchB 10.10.10.8/24 10.10.10.9/24 Switch Interface VLANIF interface IP address SwitchA GigabitEthernet1/0/1 VLANIF 2 10.10.10.8/24...
Page 173 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH [SwitchB] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] port hybrid pvid vlan 2 [SwitchB-GigabitEthernet1/0/1] port hybrid untagged vlan 2 [SwitchB-GigabitEthernet1/0/1] quit [SwitchB] interface vlanif 2 [SwitchB-Vlanif2] ip address 10.10.10.9 255.255.255.0...
Page 174: Example For Configuring The Pc As The Stelnet Client To Connect To The Ssh Server
SSH server with the password, RSA, password-rsa, or all authentication mode. Configure Client001 with the password as huawei and adopt the password authentication. The IP address of the SSH server is 192.168.1.1. The user interface supports only SSH.
Page 175 [SSH Server-ui-vty0-4] quit NOTE If SSH is configured as the login protocol, the S7700 automatically disables Telnet. Step 3 Configure the password of the SSH user Client001 to huawei. [SSH Server] aaa [SSH Server-aaa] local-user client001 password cipher huawei [SSH Server-aaa] local-user client001 privilege level 3...
Page 176 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH # Log in to the device through the software putty, and enter the user name client001 and the password huawei. Issue 01 (2011-07-15) Huawei Proprietary and Confidential...
Page 177: Example For Configuring The Switch As The Stelnet Client To Connect To The Ssh Server
The following login users need to be configured. Client001, with the password as huawei and the authentication mode as password Client002, with the password as rsakey001 and the authentication mode as RSA The user interface supports only the SSH protocol.
Page 178 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH Figure 9-5 Networking diagram of connecting the STelnet client and the SSH server SSH Server 10.164.39.222/24 10.164.39.221/24 10.164.39.220/24 Client001 Client002 Switch Interface VLANIF interface IP address...
Page 179 # Create an SSH user named Client001 and configure the authentication mode as password for the user. [Quidway] ssh user client001 [Quidway] ssh user client001 authentication-type password # Set the password of Client001 to huawei. [Quidway] aaa [Quidway-aaa] local-user client001 password simple huawei [Quidway-aaa] local-user client001 service-type ssh l # Create an SSH user named Client002 and configure the authentication mode as RSA for the user.
Page 180 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH [client002] display rsa local-key-pair public ===================================================== Time of Key pair created: 16:38:51 2007/5/25 Key name: client002_Host Key type: RSA encryption Key ===================================================== Key code: 3047 0240...
Page 181 The server's public key will be saved with the name: 10.164.39.222. Please wait... Enter password: Enter the password huawei, and information indicating that the login succeeds is displayed as follows: info: The max number of VTY users is 20, and the current number of VTY users on line is 1.
Page 182 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH Username: client001 Retry: 1 CTOS Cipher: aes128-cbc STOC Cipher: aes128-cbc CTOS Hmac: hmac-sha1-96 STOC Hmac: hmac-sha1-96 Kex: diffie-hellman-group1-sha1 Service Type: stelnet Authentication Type: password Session 1: Conn: VTY 4 Version: 2.0...
Page 183: Example For Connecting The Sftp Clinet And The Ssh Server
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH stelnet server enable ssh user client001 ssh user client002 ssh user client001 authentication-type password ssh user client002 authentication-type rsa ssh user client002 assign rsa-key RsaKey001 ssh user client001 service-type stelnet...
Page 184 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH Figure 9-6 Networking diagram for connecting the SFTP client and the SSH server SSH Server 10.164.39.222/24 10.164.39.221/24 10.164.39.220/24 Client002 Client001 Switch Interface VLANIF interface IP address...
Page 185 # Create an SSH user named Client001 and configure the authentication mode as password for the user. [Quidway] ssh user client001 [Quidway] ssh user client001 authentication-type password # Set the password of Client001 to huawei. [Quidway] aaa [Quidway-aaa] local-user client001 password simple huawei [Quidway-aaa] local-user client001 service-type ssh l # Create an SSH user named Client002 and configure the authentication mode as RSA for the user.
Page 186 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH ===================================================== Time of Key pair created: 16:38:51 2007/5/25 Key name: client002_Host Key type: RSA encryption Key ===================================================== Key code: 3047 0240 BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB...
Page 187 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH [Quidway] ssh user client001 service-type sftp [Quidway] ssh user client001 sftp-directory cfcard:/ [Quidway] ssh user client002 service-type sftp [Quidway] ssh user client002 sftp-directory cfcard:/ Step 8 Connect the SFTP client and the SSH server.
Page 188 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH Retry: 1 CTOS Cipher: aes128-cbc STOC Cipher: aes128-cbc CTOS Hmac: hmac-sha1-96 STOC Hmac: hmac-sha1-96 Kex: diffie-hellman-group1-sha1 Service Type: sftp Authentication Type: rsa # Check information about the SSH user.
Page 189: Example For Configuring The Ssh Server To Support The Access From Another Port
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH port hybrid untagged vlan 10 user-interface vty 0 4 authentication-mode aaa protocol inbound ssh return Configuration file of Client001, the SSH client sysname client001 vlan batch 10 interface Vlanif10 ip address 10.164.39.220 255.255.255.0...
Page 190 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH Negotiating the version of the SSH protocol Negotiating the algorithm Generating the session key Authenticating Sending a request for a session Performing the interactive session Figure 9-7 Networking diagram for configuring the SSH server to support the access from...
Page 191 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH SSH user name and authentication mode Password or RSA public key of the SSH user Server name Listening port number on the SSH server Procedure Step 1 Create a VLAN that each interface belongs to and assign an IP address to each VLANIF interface.
Page 192 # Create an SSH user named Client001, and configure the authentication mode as password for the user. [Quidway] ssh user client001 [Quidway] ssh user client001 authentication-type password # Set the password of Client001 to huawei. Issue 01 (2011-07-15) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
Page 193 The server's public key will be saved with the name: 10.164.39.222. Please wait... Enter password: Enter the password huawei, and information indicating that the login succeeds is displayed as follows: info: The max number of VTY users is 20, and the current number of VTY users on line is 1.
Page 194 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH [client002] sftp 10.164.39.222 Please input the username:client002 Trying 10.164.39.222 ... Press CTRL+K to abort Can't establish tcp connection to server After the configuration, run the commands of display ssh server status and display ssh server session on the SSH server.
Page 195 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH 0240 C4989BF0 416DA8F2 2675910D 7F2997E8 5573A35D 0163FD4A FAC39A6E 0F45F325 A4E3AA1D 54692B04 C6A28D3D C58DE2E8 E0D58D65 7A25CF92 A74D21F9 E917182B 0203 010001 public-key-code end peer-public-key end local-user client001 password simple huawei...
Page 196: Example For Authenticating Ssh Through Radius
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH 9.8.6 Example for Authenticating SSH Through RADIUS In this example, a user that attempts to access the SSH server is authenticated by the RADIUS server, and the SSH server determines whether to set up a connection with the user according to the authentication result.
Page 197 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH Configure the password authentication for the two SSH users . RADIUS authentication Name of the RADIUS template Name of the RADIUS domain Name and password of the RADIUS user Procedure Step 1 Generate a local key pair on the SSH server.
Page 198 On the RADIUS server, add two users named ssh1@ssh.com and ssh2@ssh.com ; in addition, designate the NAS address 10.164.39.222 and the key huawei. The NAS address refers to the address of the SSH server that connects to the RADIUS server.
Page 199 10.164.39.222. Please wait... Enter password: Enter the password Huawei and view as follows: Info: The max number of VTY users is 10, and the current number of VTY users on line is 2.
Page 200 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH Shared-secret-key huawei Timeout-interval(in second) Primary-authentication-server 10.164.6.49 :1812 LoopBack:NULL Primary-accounting-server 0.0.0.0 LoopBack:NULL Secondary-authentication-server 0.0.0.0 LoopBack:NULL Secondary-accounting-server 0.0.0.0 LoopBack:NULL Retransmission Domain-included Calling-station-id MAC-format xxxx-xxxx-xxxx ------------------------------------------------------------------- Total of radius template :1 # Display the connection of the SSH server.
Page 201: Example For Configuring The Scp Client
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH domain ssh.com authentication-scheme newscheme radius-server ssh sftp server enable stelnet server enable ssh user ssh1@ssh.com ssh user ssh2@ssh.com ssh user ssh1@ssh.com authentication-type password ssh user ssh2@ssh.com authentication-type password ssh user ssh2@ssh.com assign rsa-key RsaKey001...
Page 202 # Configure the password authentication for the SSH user Client001. [SSH Server] ssh user client001 [SSH Server] ssh user client001 authentication-type password # Configure the password of the SSH user Client001 to huawei. [SSH Server] aaa [SSH Server-aaa] local-user client001 password cipher huawei...
Page 203 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 9 Telnet and SSH # Configure the IP address 1.1.1.1 of a loopback interface as the source IP address for the SCP client. [SCP Client] scp client-source -a 1.1.1.1 # Use 3des to encrypt the file license.txt, and then download the file to the local working directory from the remote SCP server with the IP address of 172.16.104.110.
Page 204: Web System Configuration
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 10 Web System Configuration Web System Configuration About This Chapter Before configuring the S7700 in Web mode, you need to configure the S7700 as the Web server. 10.1 Overview of Web System Through the Web system, users can manage and maintain the S7700 in the graphical user interface (GUI).
Page 205: Overview Of Web System
Through the Web system, users can manage and maintain the S7700 in the graphical user interface (GUI). To facilitates the use and maintenance of the S7700 , Huawei develops the Web system for S7700. The S7700 is installed with a built-in Web server. Thus, the terminal (such as a PC) connected to the S7700 can access the S7700 through the Web browser.
Page 206 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 10 Web System Configuration Choose Start > All Programs > Accessories > Communications > HyperTerminal to start the HyperTerminal. Step 2 Set up a new connection. As shown in Figure 10-2, enter the name of the new connection in the Name text box and choose an icon.
Page 207 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 10 Web System Configuration Figure 10-3 Setting the connection port Step 4 Set communication parameters. After entering the COM1 Properties window as shown in Figure 10-4, set the communication parameters according to the description in Table 10-1.
Page 208 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 10 Web System Configuration Figure 10-4 Setting communication parameters for the port Table 10-1 Communication parameters Parameter Value Bit per second (Baud rate) 9600 Data bit Parity check None Stop bit...
Page 209: Setting The Management Ip Address Of The S7700
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 10 Web System Configuration Figure 10-5 Selecting a terminal type After the preceding steps are complete, press Enter. If the prompt <Quidway> is displayed, it indicates that you have logged in to the S7700. At this time, you can enter the command to configure and manage the S7700.
Page 210: Uploading Web
If you need to upgrade the web version, load the web page files of the new version to the S7700. To obtain the Web page file of the S7700, log in to http://support.huawei.com, and then choose Software Center > Version Software > Data Communication Product Line > Ethernet Switch >...
Page 211: Loading A Web
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 10 Web System Configuration Step 6 Run: local-user user-name service-type ftp The service type of an FTP login user is set. Step 7 Run the following command in the cmd view of the PC: ftp ip-address The user name and password are displayed.
Page 212: Logging In To The Web System
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 10 Web System Configuration Context Before enabling the HTTP server,load the Web Page File to S7700. Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: http server enable The HTTP server is enabled.
Page 213 Step 2 Click Login or press enter to display the homepage of the Web system. You can configure the S7700 after logging in to the Web system. For details on how to configure the S7700 on the Web system, see the Quidway S7700 Smart Routing Switch Web Network Management System Client Operation Guide.
Page 214: Ssl Configuration
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration SSL Configuration About This Chapter The Secure Sockets Layer (SSL) protocol is used to authenticate the identities of a client and a server and encrypt data transmitted between the client and the server. SSL ensures that only authorized users can log in to the server.
Page 215: Ssl
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration 11.1 SSL Currently, SSL is only used for the File Transfer Protocol-SSL (FTPS) and the Hypertext Transfer Protocol-SSL (HTTPS) applications (secure Web network management is an HTTPS application).
Page 216: Ssl Features Supported By The S7700
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration Figure 11-1 Schematic diagram for certificate issuing and authentication Certificate issuing Server's certificate Certificate authentication Digital certificate A digital certificate is an electronic document which uses a digital signature to bind a public key with an identity.
Page 217: Configuring Login To An Ftps Server From A User Terminal
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration Login to an FTPS server from an FTPS client – An SSL policy needs to be configured and a trusted-CA file needs to be loaded to an FTP client to verify the identify of the certificate owner, sign a digital certificate to prevent eavesdropping and tampering, and manage the certificate and key.
Page 218: Configuring An Ssl Policy And Loading A Digital Certificate
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration Figure 11-2 Networking diagram for a PC to log in to an FTPS server VLANIF10 192.168.0.1/24 Network FTP-Server Pre-configuration Tasks Before configuring login to an FTPS server from a user terminal, complete the following tasks:...
Page 219: Enabling The Ftps Function
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration The PFX format is a binary format that can be converted into the PEM or ASN1 format. Perform the following steps on the device that functions as an FTPS server:...
Page 220: Accessing An Ftps Server
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: ftp secure-server ssl-policy policy-name An SSL policy is configured for the device. Step 3 Run: ftp secure-server enable The FTPS server function is enabled.
Page 221: Configuring Login To An Ftps Server From An Ftps Client
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration Certificate Filename: 1_servercert_pem_rsa.pem Key-file Filename: 1_serverkey_pem_rsa.pem Auth-code: 123456 MAC: CRL File: Trusted-CA File: Run the display ftp-server command on the FTP server. The command output shows that the SSL policy name is ftp_server and the FTPS server is running.
Page 222: Configuring The Ftps Client
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration Figure 11-3 Accessing an FTPS server from an FTPS client FTP-Server FTP-Client VLANIF30 VLANIF20 1.1.1.2/24 1.1.1.1/24 Network VLANIF10 VLANIF40 192.168.0.1/24 192.168.0.2/24 If the FTPS client and server are routable, you can log in to the FTPS server from the FTPS client to remotely manage files.
Page 223 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration The ASN1 format is a universal digital certificate format. The file name extension of an ASN1 digital certificate is .der. The PFX format is a universal digital certificate format. The file name extension of a PFX digital certificate is .pfx.
Page 224: Configuring The Ftps Server
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration 11.4.3 Configuring the FTPS Server FTPS that adds support for SSL is an extension to the commonly used FTP. Using SSL to authenticate the identities of the client and server and encrypt data to be transmitted, FTPS implements security management of devices.
Page 225: Accessing An Ftps Server
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration l Run: certificate load pfx-cert cert-filename key-pair { dsa | rsa } { mac mac-code | key-file key-filename } auth-code auth-code A PFX digital certificate is loaded.
Page 226 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration Follow-up Procedure The client can log in to the server only after the entered user name and password are authenticated by the server. After logging in to the FTPS server, you can operate files on the FTPS server in the same way as that on an FTP server.
Page 227: Checking The Configuration
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration File Operation Operation Managin Changing the Run the cd pathname command. working path of a directori remote FTP server Changing the Run the cdup command. working path of an...
Page 228: Configuring Secure Web Network Management
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration Procedure Run the display ssl policy command to check the SSL policy configured on and trusted- CA certificate loaded to the FTPS client as well as the SSL policy configured on and digital certificate loaded to the FTPS server.
Page 229: Establishing The Configuration Task
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration 11.5.1 Establishing the Configuration Task Before configuring an HTTPS server, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the data required for the configuration. This will help you complete the configuration task quickly and efficiently.
Page 230: Configuring An Ssl Policy And Loading A Digital Certificate
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration 11.5.2 Configuring an SSL Policy and Loading a Digital Certificate A digital certificate is used to authenticate the identities of both the user terminal and the HTTPS server to ensure secure communication.
Page 231: Loading A Web
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration A PEM digital certificate is loaded. l Run: certificate load asn1-cert cert-filename key-pair { dsa | rsa } key-file key- filename An ASN1 digital certificate is loaded.
Page 232: Creating A Web Account
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: http secure-server ssl-policy policy-name An SSL policy is configured for a device. Step 3 Run: http secure-server enable The HTTPS server function is enabled.
Page 233: Logging In To The Web System
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration local-user user-name service-type http HTTP is configured as the service type. ----End 11.5.6 Logging In to the Web System After logging in to the Web system, you can manage and maintain a device on a GUI.
Page 234: Configuration Examples
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration Example Run the display ssl policy command. The command output shows detailed information about the configured SSL policy and loaded digital certificate. <Quidway> display ssl policy SSL Policy Name: http_server...
Page 235 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration Figure 11-6 Operating files using FTPS VLANIF10 192.168.0.1/24 Network FTP-Server Configuration Roadmap The configuration roadmap is as follows: Upload a digital certificate. Upload the digital certificate saved on the PC to the FTP server.
Page 236 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration [FTP-Server-aaa] local-user huawei ftp-directory cfcard: [FTP-Server-aaa] quit [FTP-Server] quit # Run the ftp ftp-server-address commands at the Windows command prompt. Enter the correct user name and password to set up an FTP connection to the FTP server, as shown in Figure 11-7.
Page 237 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration After the preceding configurations are complete, run the dir command on the FTP server. The command output shows that the digital certificate has been successfully uploaded to the server.
Page 238: Example For Configuring Login To An Ftps Server From An Ftps Client
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration Key-file Filename: 1_serverkey_pem_rsa.pem Auth-code: 123456 MAC: CRL File: Trusted-CA File: # Run the display ftp-server command on the FTPS server. The command output shows that the configured SSL policy name is ftp_server and the FTPS server is running.
Page 239: Networking Requirements
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration Networking Requirements Traditional FTP does not have a security mechanism. It transmits data in plain text. If the FTP server is configured with login user names and passwords, the FTP server can authenticate clients, but the clients cannot authenticate the server.
Page 240 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration Configure IP addresses for the interfaces that interconnect the FTP client and server to ensure that the client and server are routable. Run the ftp command on the FTP client to log in to the FTPS server to remotely manage files.
Page 241 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration Figure 11-10 Logging in to an FTP server from a user terminal Upload the digital certificate saved on the user terminal to the FTP server, as shown in Figure 11-11.
Page 242 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration -rw- 1,302 May 10 2011 05:32:05 1_servercert_pem_rsa.pem -rw- May 10 2011 05:32:44 1_serverkey_pem_rsa.pem drw- May 10 2011 05:43:39 security 304,292 KB total (303,766 KB free) l Perform the following steps on the FTP client: The procedure for uploading the trusted-CA file to the FTP client is similar to the procedure for uploading the digital certificate to the FTP server.
Page 243 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration Certificate Type: certificate Certificate Filename: 1_servercert_pem_rsa.pem Key-file Filename: 1_serverkey_pem_rsa.pem Auth-code: 123456 MAC: CRL File: Trusted-CA File: l Configure the FTP client. # Create a sub-directory named security and copy the trusted-CA file to this sub-directory.
Page 244 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration [FTP-Server-vlan30] port gigabitethernet 1/0/2 [FTP-Server-vlan30] quit [FTP-Server] interface vlanif 30 [FTP-Server-Vlanif30] ip address 1.1.1.2 24 [FTP-Server-Vlanif30] quit # Configure the FTP client. [FTP-Client] interface gigabitethernet 1/0/2 [FTP-Client-GigabitEthernet1/0/2] port link-type access...
Page 245 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration ssl policy ftp_server certificate load pem-cert 1_servercert_pem_rsa.pem key-pair rsa key-file 1_serverkey_pem_rsa.pem auth-code 123456 authentication-scheme default authorization-scheme default accounting-scheme default local-user huawei password simple huawei local-user huawei service-type ftp...
Page 246: Example For Configuring Secure Web Network Management
Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration 11.6.3 Example for Configuring Secure Web Network Management Using SSL to authenticate the identities of the client and server, encrypt data to be transmitted, and check message integrity, secure Web network management provides a secure Web access.
Page 247 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration Web account Web page file Procedure Step 1 Upload the digital certificate and Web page file. # Configure an IP address for the device that functions as an HTTP server so that the PC and HTTP server are routable.
Page 248 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration After the preceding configurations are complete, run the dir command on the HTTP server. The command output shows that the digital certificate and Web page file have been successfully uploaded to the server.
Page 249 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration CRL File: Trusted-CA File: Step 3 Load the Web page file. [HTTP-Server] http server load web.zip Step 4 Create a Web account. # Enable the HTTPS server function.
Page 250 Quidway S7700 Smart Routing Switch Configuration Guide - Basic Configuration 11 SSL Configuration HTTP Timeout Interval : 20 Current Online Users Maximum Users Allowed HTTP Secure-server Status : enabled HTTP Secure-server Port : 443(443) HTTP SSL Policy : http_server ----End...

This manual is also suitable for:

Quidway s3700 series

Huawei quidway s7700 Configuration Manual

About this Document

1 Logging in to Switch

151 CLI Overview

3 How to Use Interfaces

4 Basic Configuration

5 User Management

6 File System Management

7 Management of Configuration Files

8 FTP and TFTP

9 Telnet and SSH

10 Web System Configuration

11 SSL Configuration

Quick Links

Related Manuals for Huawei quidway s7700

Summary of Contents for Huawei quidway s7700