Thursday, April 7, 2016

Basic Configuration on the Device at First Login for Huawei Switches

Huawei Switches Basic Configuration:  How to first login the device on console port or mini USB port.
Here, we will describe how to configure the time and date, device name, management IP address, and the user level and authentication mode for Telnet users at first login through the console port or mini USB port. This configuration apply to all the Huawei switches, such as the popular switch: Huawei S5700,S3700, S2700…

Procedure


1 Set the time and date on the device.

Run:
system-view
The system view is displayed.

Run:
clock timezone time-zone-name { add | minus } offset
The time zone is set.

By default, the system uses the Coordinated Universal Time (UTC) time zone.
add: adds the specified time zone offset to the UTC. That is, the sum of the default UTC time zone and offset equals the time zone specified by time-zone-name.
minus: subtracts the specified time zone offset from the UTC. That is, the remainder obtained by subtracting offset from the default UTC time zone equals the time zone specified by time-zone-name.

Run:
quit
Return to the system view.

Run:
clock datetime HH:MM:SS YYYY-MM-DD
The current time and date are set.
If the time zone is not set, the time set using this command is considered as the UTC time. Before setting the current time, you are advised to confirm the current zone and set the correct time zone offset.

Run:
system-view
The system view is displayed.

Run:
clock daylight-saving-time time-zone-name one-year start-time start-date end-time end-date offset
Or clock daylight-saving-time time-zone-name repeating start-time { { first | second | third | fourth | last } weekday month | start-date1 } end-time { { first | second | third | fourth | last } weekday month | end-date1 } offset [ start-year [ end-year ] ]
Daylight saving time (DST) is set.
By default, DST is not configured.

NOTE:
If you configure periodic DST, the combination of the DST start time and end time can be any of the following: date+date, day of the week+day of the week, date+day of the week, and day of the week+date.
When DST is used, you can run the clock timezone time-zone-name { add | minus } offset command to set the time zone. The time zone in the output of the display clock command is, however, the name of the DST time zone. When DST ends, the system displays the original time zone.

2, Set the device name and management IP address.

Run:
sysname host-name
The device name is set.
By default, the device name is HUAWEI.
When the network management tool needs to obtain the network element (NE) name of a device, you can run the sys-netid command to set an NE name for the device.

Run:
interface interface-type interface-number
The interface view is displayed.
In addition to the management interface on the device, you can also assign the management IP address to Layer 3 interfaces such as VLANIF interfaces on the device.

Run:
ip address ip-address { mask | mask-length }
The management IP address is assigned.
NOTE:
The management IP address is used to maintain and manage the device. Configure the IP address and routes based on the network plan to ensure that the routes between the terminal and device are reachable.

3 Set the user level and authentication mode for Telnet users.

Run:
telnet [ ipv6 ] server enable
The Telnet server is enabled.
By default, the Telnet server is disabled.

Run:
user-interface vty first-ui-number [ last-ui-number ]
The VTY user interface view is displayed.

Run:
protocol inbound { all | telnet }
he VTY user interface is configured to support the Telnet protocol.
By default, a VTY user interface supports the SSH protocol.

Run:
user privilege level level
The Telnet user level is set.
By default, users who log in through the VTY user interface can access commands at level 0.

Run:
authentication-mode aaa
The authentication mode for Telnet users is set to AAA authentication.
By default, no authentication mode is configured for the VTY user interface.
NOTE:
The system provides three authentication modes: AAA authentication, password authentication, and non-authentication modes. AAA authentication requires both the user name and password, and is therefore more secure than password authentication. Non-authentication mode is not recommended because it cannot ensure system security. This section describes how to configure AAA authentication..

Run:
aaa
The AAA view is displayed.

Run:
local-user user-name password irreversible-cipher password
The user name and password for login through Telnet are configured.
The value of password can be a plain-text string of 8 to 128 characters or a cipher-text string of 68 characters.
A too simple password may cause a potential security risk. To enhance the security strength, the password entered in plain text must contain at least two of the following: uppercase letters, lowercase letters, digits, and special characters. In addition, the password cannot be the same as the user name or the mirror user name.

Run:
local-user user-name service-type telnet
The login mode is set to Telnet.

4, Save the configuration.

After basic configuration is complete, you are advised to save the configuration. If the configuration is lost, the connection and configuration for the first login must be performed again.

Run:
return
Return to the user view.

Run:
save
The configuration is saved.

More related:

Huawei Low-end Switches Boot Upgrade For BOOTROM

No comments:

Post a Comment