Category: <span>Huawei</span>

Objective: To separate management traffic from data/customer traffic in your Huawei Routers Preferably, Data and Management are into 2 separate network domains. Pre-requisite: UTP cables (for each MPU management port in case for switchover) are connected to a network switch to access the OOB management gateway To go configuration mode: system-view To preview configuration change before commiting display configuration candidate * * Management IP Configuration* *  a. Configure the vpn instance for management ip vpn-instance <vpn instance name> description <description> ipv4-family b. Set…

Huawei

Here is an example on how to query or display optical power of an interface in a Huawei Router. This is tested using NetEngine40E Universal Service Router or NE40E running version 8.x OS. display interface <interface> extensive Sample Output: (Can see link down and not receiving any power from the neighboring device) <Huawei-NE40E>display interface GigabitEthernet1/1/1 extensive GigabitEthernet1/1/10 current state : DOWN(LOS) (ifindex: 142) Line protocol current state : DOWN Link quality grade : — Port BW: 10G, Transceiver max BW:…

Huawei

Here’s a sample steps for configuring Netstream or Netflow on Huawe Router: Netstream Server = 192.168.30.100 Netstream UDP port = 9991 version = v9 Loopback IP = 1.1.1.1 Configure Netstream for IPv4 & IPv6 ip netstream timeout active <value> ip netstream export version <version#> origin-as ip netstream export template timeout-rate <value> ip netstream sampler fix-packets <packets> inbound ip netstream export source <source IP> ip netstream export host <Netstream Server IP> <port> ipv6 netstream timeout active <value> ipv6 netstream export version…

Huawei

Here’s a syslog configuration examples for Huawei Routers Remote Syslog Server IP = 10.50.50.50 Pre-configured: sysname <device hostname> Syslog Configuration: 1. Enable the logging functionality info-center enable 2. Configure the channel to send logs to the remote syslog server info-center channel 6 name <channel name> info-center source <source> channel <channel name> trap level <level> debug level <debug level> info-center source <source> channel <channel name> log level <notification | warning> 3. Configure the source interface of the logging info-center loghost source <source…

Huawei

Here’s the SNMP configuration examples for Huawei routers. Taking the following details: SNMP community: snmpcomm123 Loopback/management IP address: 192.168.10.100 SNMP Polling Server: 192.168.20.199 SNMP Trap Server: 192.168.20.200 Pre-config: (assuming Loopback0 is your source interface to send those SNMP traffic) interface LoopBack0     description _ Loopback for Huawei Router ip address 192.168.10.100 255.255.255.255 SNMPv2c Polling: 1. Configure SNMP (version can be set to all to support v1,v2c and v3) snmp-agent sys-info version all 2. Configure SNMP engine ID and community…

Huawei

Configuring Huawei Router to authenticate (also including authorization and accounting) to Tacacs+ server 10.10.10.10 – Tacacs+/ACS/ISE/AAA server#1 10.10.10.11 – Tacacs+/ACS/ISE/AAA server#2 20.20.20.2 –  Loopback/source IP Configure the tacacs server profile or template hwtacacs-server template <PROFILENAME> hwtacacs-server authentication <TACACS IP#1> hwtacacs-server authentication <TACACS IP#2> secondary hwtacacs-server authorization <TACACS IP#1> hwtacacs-server authorization <TACACS IP#2> secondary hwtacacs-server accounting <TACACS IP#1> hwtacacs-server accounting <TACACS IP#2> secondary hwtacacs-server source-ip <SOURCE IP> hwtacacs-server shared-key cipher <TACACS KEY> hwtacacs-server user-name original Sample Config: hwtacacs-server template freenetworktutorials  …

Huawei

One of the Best Security Practice and Recommendation is to configure Huawei Router in client mode and never run as  NTP server. NTP Server1: 192.168.10.101 NTP Server1: 192.168.10.102 Configuration: ntp-service server disable ntp-service ipv6 server disable ntp-service unicast-server 192.168.10.101 ntp-service unicast-server 192.168.10.102 Verification: display ntp-service status display ntp-service sessions If authentication is enabled on your NTP server. -Enable the NTP service authentication function -Configure the NTP authentication key -Specify the NTP key -Configure the NTP server(s) with the authentication key…

Huawei

SSH Configuration Examples in  Huawei Router Here are the configuration examples: whereas: 192.168.100.100 = Jumphost IP (Allowed IP to SSH into the device) Enable the SSH service stelnet server enable 2. Configure key exchange algorithm ssh server key-exchange { dh_group_exchange_sha256 dh_group_exchange_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521 sm2_kep} 3. Configure encryption algorithm ssh server cipher { aes256_ctr aes128_ctr aes256_cbc aes128_cbc 3des_cbc } 4. Configure HMAC algorithm ssh server hmac { md5 | md5_96 | sha1 | sha1_96 | sha2_256 | sha2_256_96 } 5.…

Huawei