It is recommended to implement the separation of management and data/customer traffic in your Huawei Service Routers (e.g. NE40E Series). Traffic passing through the management plane should be exclusively for management or administrative access purposes only like SSH, SNMP, NTP and AAA. These are the steps on hardening the security on Huawei Routers. Management instance can be configured using these commands: ip vpn-instance STRING<1-31> description TEXT<1-242> ipv4-family Here’s the recommended configuration or practices for these management services. Configure Authentication, Authorization…
Tag: <span>huawei</span>
Cisco uses RPL (Route Policy Language) while Huawei uses XPL (Extended Route Policy language). Basically they are the same concept but of course the commands are slightly different, though editing the policy or prefix-set requires vi/vim knowlege. Cisco IOS-XR RPL Huawei NE40E XPL Adding Prefix-Set:prefix-set FNT-Prefixes 192.168.0.0/24, 172.16.0.0/23end-set Adding Prefix-Set:xpl ip-prefix-list FNT-Prefixes192.168.0.0 24,172.16.0.0 23end-list Creating Route Policy:route-policy FNT-EXPORT if (destination in FNT-Prefixes) then prepend as-path 65555 2 endifend-policy Creating Route Policy:xpl route-filter FNT-EXPORT if ip route-destination in FNT-Prefixes then …
Here is sample basic IPv4 & IPv6(OSPFv3) Open Shortest Path First (OSPF) configuration between 2 Huawei Routers with MD5 authentication. Fig1. RouterA Configuration: Configure physical interface <RouterA>interface 100GE6/0/0 <RouterA>description Connection to RouterB <RouterA>undo shutdown <RouterA>eth-trunk 1 <RouterA>undo lldp enable <RouterA>undo dcn 2. Configure the Eth-Trunk IPv4/IPv6 address <RouterA>interface Eth-Trunk1 <RouterA>description Eth-Trunk to RouterB <RouterA>ipv6 enable <RouterA>ip address 192.168.10.1 255.255.255.252 <RouterA>ipv6 address fdfe:13bb:8abc:a00:8::2a/127 <RouterA>mode lacp-static 3. Configure the OSPF (IPv4) process (with optional parameters) <RouterA>ospf 8888 router-id 172.16.1.1 <RouterA>bfd all-interfaces min-tx-interval…
Here is sample tutorial on how to configure External Border Gateway Protocol (EBGP) between Huawei Router and another router. I will focus on the configuration of the Huawei router (RouterA). Fig.1.1 Procedure: 1. Configure the Loopback IP address a. Enter system view command: system-view <RouterA>system-view Enter system view, return user view with return command. <RouterA>interface LoopBack0 <RouterA>description RouterA Loopback0 <RouterA>ip address 172.16.1.1 255.255.255.255 <RouterA>quit Verify: <RouterA>display current-configuration interface LoopBack 0 2. Configure the P2P(point to point) IP, we will assume…
Objective: To separate management traffic from data/customer traffic in your Huawei Routers Preferably, Data and Management are into 2 separate network domains. Pre-requisite: UTP cables (for each MPU management port in case for switchover) are connected to a network switch to access the OOB management gateway To go configuration mode: system-view To preview configuration change before commiting display configuration candidate * * Management IP Configuration* * a. Configure the vpn instance for management ip vpn-instance <vpn instance name> description <description> ipv4-family b. Set…
Here is an example on how to query or display optical power of an interface in a Huawei Router. This is tested using NetEngine40E Universal Service Router or NE40E running version 8.x OS. display interface <interface> extensive Sample Output: (Can see link down and not receiving any power from the neighboring device) <Huawei-NE40E>display interface GigabitEthernet1/1/1 extensive GigabitEthernet1/1/10 current state : DOWN(LOS) (ifindex: 142) Line protocol current state : DOWN Link quality grade : — Port BW: 10G, Transceiver max BW:…
Here’s a sample steps for configuring Netstream or Netflow on Huawe Router: Netstream Server = 192.168.30.100 Netstream UDP port = 9991 version = v9 Loopback IP = 1.1.1.1 Configure Netstream for IPv4 & IPv6 ip netstream timeout active <value> ip netstream export version <version#> origin-as ip netstream export template timeout-rate <value> ip netstream sampler fix-packets <packets> inbound ip netstream export source <source IP> ip netstream export host <Netstream Server IP> <port> ipv6 netstream timeout active <value> ipv6 netstream export version…
Here’s a syslog configuration examples for Huawei Routers Remote Syslog Server IP = 10.50.50.50 Pre-configured: sysname <device hostname> Syslog Configuration: 1. Enable the logging functionality info-center enable 2. Configure the channel to send logs to the remote syslog server info-center channel 6 name <channel name> info-center source <source> channel <channel name> trap level <level> debug level <debug level> info-center source <source> channel <channel name> log level <notification | warning> 3. Configure the source interface of the logging info-center loghost source <source…
Here’s the SNMP configuration examples for Huawei routers. Taking the following details: SNMP community: snmpcomm123 Loopback/management IP address: 192.168.10.100 SNMP Polling Server: 192.168.20.199 SNMP Trap Server: 192.168.20.200 Pre-config: (assuming Loopback0 is your source interface to send those SNMP traffic) interface LoopBack0 description _ Loopback for Huawei Router ip address 192.168.10.100 255.255.255.255 SNMPv2c Polling: 1. Configure SNMP (version can be set to all to support v1,v2c and v3) snmp-agent sys-info version all 2. Configure SNMP engine ID and community…
Leave a Comment