8/10/2019 MA5616 Basic Operation.ppt
1/115
HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Huawei Confidential
Security Level:
DSLAM SmartAXMA5616 Operation &
Administration (CLI)
8/10/2019 MA5616 Basic Operation.ppt
2/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
About This Course
This course provides basic operation and administration
of MA5616 such as log in and log out, CLI features,
operation security management, alarm and log
management, database management, hardwaremanagement based on CLI.
8/10/2019 MA5616 Basic Operation.ppt
3/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Objectives
Upon completion of this course, you will be able to:Connect the LCT to equipment and Login to system
Describe the operational features of CLI
Perform the initial setup modeCreate, query and maintain management user account
Query and maintain alarm and log information
Backup and restore database
Maintain and manage system frame and board
8/10/2019 MA5616 Basic Operation.ppt
4/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
1. CLI Management Overview2. Initial Setup
3. Operation Security Management
4. Alarm Management
5. Log Management6. Database Management
7. Hardware Management
8/10/2019 MA5616 Basic Operation.ppt
5/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
1. CLI Management Overview 2. Initial Setup
3. Operation Security Management
4. Alarm Management
5. Log Management6. Database Management
7. Hardware Management
8/10/2019 MA5616 Basic Operation.ppt
6/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
1. CLI Management Overview1.1 General Management
1.2 CLI Terminal Access
1.3 CLI Features and Functions
8/10/2019 MA5616 Basic Operation.ppt
7/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
System Platform
Management Entities
The MA5616 supports two
management entities
CLI (command Line Interface )
agent
SNMP (Simple Network
Management Protocol) agent
CLIAgent
SNMPAgent
MIB
TL1
8/10/2019 MA5616 Basic Operation.ppt
8/115
8/10/2019 MA5616 Basic Operation.ppt
9/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Management Strategy
Management the MA5616 use:
Outband:The maintenance information
goes through the maintenance
Ethernet port.Inband
The maintenance information
goes through the service channel.
User Data
OAM Data
Outband
Inband
8/10/2019 MA5616 Basic Operation.ppt
10/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
1. CLI Management Overview1.1 General Management
1.2 CLI Terminal Access
1.3 CLI Features and Functions
8/10/2019 MA5616 Basic Operation.ppt
11/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
CLI
CLI
LAN/WAN
LAN/WAN
CLI Based Management
CLI access
Serial link
Telnet session
Serial link Telnet session
Ethernet Cable Ethernet CableRS232
8/10/2019 MA5616 Basic Operation.ppt
12/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Serial Link Access
Physical connection:
RS232 serial cable
Software:
Hyper terminal
RS232
Start-> All Programs->Accessories->Communication-> Hyper terminal
Hyper terminal parameters:Bit per Second :9600
Data Bit:8Parity: NoneStop Bit:1Flow Control: None
8/10/2019 MA5616 Basic Operation.ppt
13/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Telnet Access
Physical connection:
Ethernet cable
Software:
telnet PC
Ethernet
Cable
EthernetCable
Start-> Run- >RUN cmd
Telnet:telnet interface ip address
LAN/WAN LAN/WAN
8/10/2019 MA5616 Basic Operation.ppt
14/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Logging and out
How to Log in ?
Username: root
Password: mduadmin
How to Log out ?quit
8/10/2019 MA5616 Basic Operation.ppt
15/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
1. CLI Management Overview1.1 General Management
1.2 CLI Terminal Access
1.3 CLI Features and Functions
8/10/2019 MA5616 Basic Operation.ppt
16/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Command Line Modes
The MA5616 provides multiple
command modes to implement
hierarchical protection for preventing
any unauthorized access.
in terface ... qui t
re tu rn
qui t
BTV modeMA5616(BTV)#
Port/Interface mode
MA5616(config-if-...)#
qui tqu i t
enable
disable
c o n f i g Global config mode
MA5616(config)#User mode
MA5616>
Privilege mode
MA5616#
BTV
L o g i n
8/10/2019 MA5616 Basic Operation.ppt
17/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
CLI Command Features (1/2)
Obtain help information and view the prompt to find the
current available commands
Press question mark
MA5616(config)# interface ?
---------------------------------------------
Command of config Mode:
adsl Change into ADSL command mode
eth Change into ETH command mode
meth MEth interface
vlanif VLAN interface
... ...
---------------------------------------------
8/10/2019 MA5616 Basic Operation.ppt
18/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
CLI Command Features (2/2)
Intelligent matching to the entire keyword when you enter an
incomplete keyword.
Press Space or Tab
MA5616> ena
MA5616> enable
MA5616# con
MA5616# config
Run the command after input the complete command
Press EnterMA5616(config)# interface meth 0
MA5616config-if-meth0)#
8/10/2019 MA5616 Basic Operation.ppt
19/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
CLI Command Control Characters
Delete the characters before the cursorPress
Move the cursor to the left / right of one characterPress
Press Display history commands
Press Enter display history command
Move the cursor to the beginning / end of the line
Press Suspend the display and the running of commands
Press < Ctrl C>
8/10/2019 MA5616 Basic Operation.ppt
20/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Command Syntax and Format (1/2)
Character Meaning
Keyword
Enumeration. Items following it are the available options.
ULONG. Information following it is the range of the value to be entered
LONG. Information following it is the range of the value to be entered.
Character string. Information following it is the length of the character string to be entered.
IP address
MASK, such as the mask of an IP address.
MAC address
Hexadecimal number.The system supports the input of "0x". By default, the system supports decimal numbers.
Date
Time
8/10/2019 MA5616 Basic Operation.ppt
21/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Command Syntax and Format (2/2)
Format Description
Boldface The keywords of a command are in boldface.
Italics Command parameters are in italics.
[ ] Items in square brackets [ ] are optional.
{ x | y | ... } Alternative items are grouped in braces and separated by vertical bars. One isselected.
[ x | y | ... ] Alternative items that are optional are grouped in square brackets and separatedby vertical bars. One or none is selected.
{ x | y | ... } * Alternative items are grouped in braces and separated by vertical bars. A
minimum of one or a maximum of all can be selected.
[ x | y | ... ] * Optional alternative items are grouped in square brackets and separated byvertical bars. Multiple or none is selected.
8/10/2019 MA5616 Basic Operation.ppt
22/115
8/10/2019 MA5616 Basic Operation.ppt
23/115
8/10/2019 MA5616 Basic Operation.ppt
24/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
1. CLI Management Overview 2. Initial Setup
3. Operation Security Management
4. Alarm Management
5. Log Management6. Database Management
7. Hardware Management
8/10/2019 MA5616 Basic Operation.ppt
25/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
2. Initial Setup
2.1 Outband Management
2.2 Inband Management
2.3 Miscellaneous Stuff
8/10/2019 MA5616 Basic Operation.ppt
26/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Outband and Inband Access
When initial setup, inband and
outband management mode should
be configured first through console
port.
Telnet IP Address of Interface
ETH or GE
PC
Ethernet Cable
PC
Ethernet Cable
Outband Inband
LAN/WANLAN/WAN
8/10/2019 MA5616 Basic Operation.ppt
27/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Prerequisites + First time login
Physical connection:
RS232 serial cable
Software:
Hyper terminal
CLI account (default) :
User name: root
Password: mduadminRS232
Start-> All Programs->Accessories->communication-> Hyper terminal
Hyper terminal parameters:
Bit per Second :9600
Data Bit:8
Parity: None
Stop Bit:1
Flow Control: None
8/10/2019 MA5616 Basic Operation.ppt
28/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Outband Initial Setup Procedures and Commands
WAN?
Add IP route
No Yes
First Time Login
Remote login
ip address ip-addr { mask-length | mask-ipaddr }
[ sub ] [ description text ]
ip route-static ip_addr { mask-ip-addr | mask-length } { gateway-addr | interface-typeinterface-number | gateway-addr }
[ preference preference-value ]
Configure the IP address ofmaintenance network port
8/10/2019 MA5616 Basic Operation.ppt
29/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Outband Initial Setup ExampleRemote CLI
WAN
Item Data
Remote terminal IP 10.10.21.1/24
Management IP 192.168.3.250/24
gateway 192.168.3.1/24
PC
8/10/2019 MA5616 Basic Operation.ppt
30/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Outband IP Address Configuring
Step1:Login to the outband modeMA5616(config)# interface meth 0
Step2:Configure the IP address of the ETHMA5616config-if-MEth0)# ip address 192.168.3.250 24
Step3:Add a route( WAN if needed )MA5616(config-if-MEth0)# quit
MA5616(config)# ip route-static 10.10.21.0 24 192.168.3.1
Query the IP addressMA5616(config)# display ip interface meth 0
MA5616
Interface meth 0
8/10/2019 MA5616 Basic Operation.ppt
31/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Remote login
Telnet to the management IP from the remote side
telnet 192.168.3.250
Username: root
Password: mduadmin
CLI remote access to the system
8/10/2019 MA5616 Basic Operation.ppt
32/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
2. Initial Setup
2.1 Outband Management
2.2 Inband Management
2.3 Miscellaneous Stuff
8/10/2019 MA5616 Basic Operation.ppt
33/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
VLAN Used for Management
Inband management
Management interface
Uplink port GE0/GE1
Management VLAN
Any VLAN ID in the range of 2-4096
Management IP
L3 IP address of management VLAN
Remote EMSClient/CLI
EMS
VLAN
IP
LAN/WAN
8/10/2019 MA5616 Basic Operation.ppt
34/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Inband Initial Setup Procedures and Commands
Provision Management IP
WAN?
Add IP route
No
Yes
First Time Login
Provision Management VLAN
Remote login
vlan vlanid [ to end-vlanid ] { mux | smart |standard }
ip address ip-addr { mask-length | mask-ipaddr }
[ sub ] [ description text ]
ip route-static ip_addr { mask-ip-addr | mask-length } { gateway-addr | interface-typeinterface-number | gateway-addr }
[ preference preference-value ]
Provision uplink port ofManagement VLAN
port vlan vlanid [ to end-vlanid ] frameid/slotid
portlist
8/10/2019 MA5616 Basic Operation.ppt
35/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
WAN
Inband Initial Setup ExampleRemote C LI
Item Data
Remote terminal IP 10.50.1.1/24
Remote terminal
gateway
10.50.1.254/24
Management VLAN 1000
Management IP 10.10.21.1/24
gateway 10.10.21.2/24
PC
8/10/2019 MA5616 Basic Operation.ppt
36/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Inband IP Address Configuring
Step1:Create the management VLANMA5616(config)# vlan 1000 standard
Step2:Configure the uplink port of management VLANMA5616(config)# port vlan 1000 0/0 0
Step3:Configure the Layer3 address of management VLANMA5616(config)# interface vlanif 1000MA5616(config-if-Vlanif1000)# ip address 10.10.21.1 24
Step4: Add a route ( WAN if needed )MA5616(config-if-vlanif1000)# quitMA5616(config)# ip route-static 10.10.21.0 24 10.10.20.2
Query the IP addressMA5616(config)# display ip interface vlanif 1000
MA5616
Interface vlanif 1000
8/10/2019 MA5616 Basic Operation.ppt
37/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Remote login
Telnet to the management IP from the remote side
telnet 10.10.21.1
Username: root
Password: mduadmin
CLI remote access to the system
8/10/2019 MA5616 Basic Operation.ppt
38/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
2. Initial Setup
2.1 Outband Management
2.2 Inband Management
2.3 Miscellaneous Stuff
8/10/2019 MA5616 Basic Operation.ppt
39/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Configure Miscellaneous Stuff
Set the system timeMA5616(config)# time
{time|date
}: 11:15:59 2009-05-30
Query system timeMA5616(config)# display time
{|dst|time-stamp}:
command: display time 2009-05-30 11:16:00 +08:00
Set the system identityMA5616(config)# sysname
{prompt}: LA_s1
LA_s1 (config)#
8/10/2019 MA5616 Basic Operation.ppt
40/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Questions
1. What are the necessary prerequisites when the first time login? A. RS232 serial cableB. Hyper terminalC. IP addressD. User name and password
2. How to establish the outband management ? A. management VLANB. management IPC. IP routeD. user name and password
3. How to establish the inband management ? A. management VLANB. management IPC. IP routeD. user name and password
8/10/2019 MA5616 Basic Operation.ppt
41/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
1. CLI Management Overview 2. Initial Setup
3. Operation Security Management
4. Alarm Management
5. Log Management
6. Database Management
7. Hardware Management
8/10/2019 MA5616 Basic Operation.ppt
42/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Operation Security Management Overview
UserSecurity Firewall
SecurityManagement
ACL
ACL is used to filter the specific datapackets based on a series of matchingrules contained in the ACL, and identifythe filtering objects.
After the filtering objects are identified,the corresponding data packets arepermitted to pass or are discardedaccording to the preset rules.
User security maintains themanagement user who need theauthority for configuring andmaintaining the MA5616through CLI.
The firewall featureenables the MA5616 tofilter data packets basedon an ACL rule. Thisprevents unauthorized
users from accessing theMA5616.
8/10/2019 MA5616 Basic Operation.ppt
43/115
Copyright 2009 Huawei Technologies Co., Ltd. All rights reserved.
Contents
3. Operation Security Management3.1 User Security
3.2 ACL
3.3 Firewall
8/10/2019 MA5616 Basic Operation.ppt
44/115
8/10/2019 MA5616 Basic Operation.ppt
45/115
8/10/2019 MA5616 Basic Operation.ppt
46/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Step 1 Add a new user-profileMA5616(config)# terminal user-profile add
User profile name(
8/10/2019 MA5616 Basic Operation.ppt
47/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Create an User (2/2)
Step2 Add a new userMA5616(config)# terminal user name
User profile name(
8/10/2019 MA5616 Basic Operation.ppt
48/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Query Users
Query all the user profileMA5616(config)# display terminal user-profile
Query all the terminal userMA5616(config)# display terminal user
{all | online | name username}: all
-----------------------------------------------
Name Level Status ReenterNum AppendInfo
test Operator Offline 4
root Super Online 1
Query the online terminal userMA5616(config)# display client
8/10/2019 MA5616 Basic Operation.ppt
49/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Maintaining Users
Modify the user password/Level/Reenter/ informationMA5616config)# terminal user password
MA5616(config)# terminal user level
MA5616(config)# terminal user reenter
MA5616(config)# terminal user apdinfo
Delete the userMA5616(config)# undo terminal user name
Lock a terminal userMA5616(config)# terminal hold
Unlock a terminal userMA5616(config)# undo terminal hold
Kick off the online userMA5618(config)# client kickoff
8/10/2019 MA5616 Basic Operation.ppt
50/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
3. Operation Security Management
3.1 User Security
3.2 ACL
3.3 Firewall
8/10/2019 MA5616 Basic Operation.ppt
51/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
What is ACL
ACL (access control list) is used to filter the specific data packets basedon a series of matching rules contained in the ACL, and therefore identify
the filtering objects.
After the filtering objects are identified, the corresponding data packets
are permitted to pass or are discarded according to the preset rules.
Discard orforward packets
Matching? Implementactions
Match thepackets with
the ACL
Discardedpackets
Forwardedpackets
Output packetstream
Input packetstream
Yes
No
8/10/2019 MA5616 Basic Operation.ppt
52/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
ACL Management Overview
Create ACL Query ACL Maintain ACL
Query ACLQuery the filter
Delete the filter->Delete ACL rule->
Delete ACL
Create ACL->Create ACL rule->
Bind the ACL to filter
8/10/2019 MA5616 Basic Operation.ppt
53/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Create ACL (1/2)Step1: Create an ACL
MA5616(config)# acl { basic-acl-number | adv-acl-number | link--acl-number |user-acl-number }
MA5618(config)# acl 2001
Step2: Create an ACL ruleMA5616(config-acl-basic-2001 )# rule [ rule-id ] { permit | deny } protocol
[ established | source { sour-addr { sour-wildcard | 0 } | any } | destination
{ dest-addr dest-mask | any } | source-port operator port1 [ port2 ] | destination-
port operator port1 [ port2 ] | icmp-type icmp-type icmp-code | precedence
precedence | tos tos | dscp dscp | time-range time-range-name | fragment ]
MA5616(config-acl-basic-2001)# rule 10 permit ip source 10.10.10.2 0 destination
10.20.20.2 0 tos max -reliability time-range worktime
MA5616
LAN/WAN
10.10.10.210.20.20.2
ACL2001(rule 10): Permit access in time-range worktime, tos max-reliability
0/1/0
8/10/2019 MA5616 Basic Operation.ppt
54/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Create ACL (2/2)
Step3: Enable an ACL filtering rule for a specific portMA5616(config)# packet-filter { inbound | outbound } { user-group
access-list-number1 [ rule rule-id ] | { ip-group access-list-number2
[ rule rule-id ] | link-group access-list-number3 [ rule rule-id ] } * }
port frameid/slotid/portidMA5616(config)# packet-filter inbound ip-group 2001 port 0/1/0
MA5616
LAN/WAN
10.10.10.210.20.20.2
Packe-filter enable in port 0/1/0 of inbound direction
0/1/0
8/10/2019 MA5616 Basic Operation.ppt
55/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Query ACL
Query ACL configurationMA5616(config)# display acl { all | basic-acl-number | adv-acl-number |
link-acl-number | user-acl-number }
MA5616(config)# display acl 2001
Query the filterMA5616(config)# display packet-filter { all | port frameid/slotid/portid }
MA5616(config)# display packet-filter statistics 2001
8/10/2019 MA5616 Basic Operation.ppt
56/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Maintain ACL
Step1: Delete the filterMA5616(config)# undo packet-filter { inbound | outbound } { user-group access-
list-number1 [ rule rule-id ] | { ip-group access-list-number2 [ rule rule-id ] | link-
group access-list-number3 [ rule rule-id ] } * } port frameid/slotid/portid
MA5616(config)# undo packet-filter inbound ip-group 2001 port 0/1/0
Step2: Delete an ACL ruleMA5616(config-acl-basic-2001)# undo rule rule-id [ [ source ] | [ time-range ] |
[ fragment ] ]
MA5616(config-acl-basic-2001)# undo rule 10
Step3: Delete an ACL
MA5616(config)# undo acl { all | basic-acl-number | adv-acl-number | link--acl-number | user-acl-number }
MA5616(config)# undo acl 2001
8/10/2019 MA5616 Basic Operation.ppt
57/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
3. Operation Security Management
3.1 User Security
3.2 ACL
3.3 Firewall
8/10/2019 MA5616 Basic Operation.ppt
58/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Firewall Management Overview
Enable Firewall Query Firewall Disable Firewall
Query firewall blacklist
Query the firewall filter
Delete the filter->
Delete firewallconfiguration
Enable Firewall ->
Apply packagefiltering rules to an
interface
8/10/2019 MA5616 Basic Operation.ppt
59/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Enable Firewall
Step1: Enable the firewall functionMA5616(config)# firewall enable
Step2: Apply package filtering rules to an interfaceMA5616(config)# firewall packet-filter{ basic-acl-number | adv-acl-
number } { inbound | outbound }
MA5618(config)# firewall packet-filter 2001 inbound
MA5616
LAN/WAN
10.10.10.210.20.20.2
Enable firewall to block unauthenticated user attack
And permit PC 10.10.10.2 can access PC 10.20.20.2 through port 0/1/0 based on ACL 2001
0/1/0
8/10/2019 MA5616 Basic Operation.ppt
60/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Query Firewall
Query the firewall blacklistMA5616(config)# display firewall blacklist { config | item [ ip-addr ] }
MA5616(config)# display firewall blacklist config
Blacklist is Enabled
Query the packet filtering statistics of firewallMA5616(config)# display firewall packet-filter statistics { all | interface
{ meth | vlanif } interface-number }
MA5616(config)# display firewall packet-filter statistics all
8/10/2019 MA5616 Basic Operation.ppt
61/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Disable Firewall
Cancel the application of package filtering rulesMA5616(config)# undo firewall packet-filter{ basic-acl-number | adv-
acl-number } { inbound | outbound }
MA5618(config)# undo firewall packet-filter 2001 inbound
Disable the firewall functionMA5616(config)# undo firewall enable
8/10/2019 MA5616 Basic Operation.ppt
62/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Questions
1. Which command can query the online management user? A. display terminal user all
B. display client
C. display terminal user online
2. When configure ACL, what s the sequence of the configuration? A. Configure ACL->Configure ACL rule-> Configure filter
B. Configure ACL rule-> Configure ACL- > Configure filter
C. Configure filter-> Configure ACL rule-> Configure ACL
3. Which command can enable system firewall? A. firewall enable
B. firewall packet-filter
C. firewall output
8/10/2019 MA5616 Basic Operation.ppt
63/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
1. CLI Management Overview 2. Initial Setup
3. Operation Security Management
4. Alarm Management
5. Log Management
6. Database Management
7. Hardware Management
8/10/2019 MA5616 Basic Operation.ppt
64/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Alarm Management Overview
Alarm output management
Alarm output management
Alarm export management
Query Alarm
Query alarm based on alarm
ID, alarm SN, etc.
8/10/2019 MA5616 Basic Operation.ppt
65/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Query Alarm (1/2)
An alarm record contains the following information: Alarm ID Alarm serial number Alarm level
Critical/Major/Minor/Warning Alarm parameter
Shelf ID, Shelf ID/slot ID, Shelf ID/slot ID/port ID, and VLAN interface ID Alarm time
E.G.: MA5618(config)# display alarm history alarmtime start 2008-3-27 10:00:00end 2008-4-20 10:00:00 detail
ALARM 174 EVENT MAJOR 0x0b20000c ----- 2008-04-17 21:48:21 ALARM NAME : Backup failure
PARAMETERS : FrameID: 0, SlotID: 0, Backup type: Host program, Failure cause:Failed to transfer the file
DESCRIPTION : Failed in backuping files to maintenance terminal CAUSE : Backup failure ADVICE : Check according to failure cause and back it up again END
Alarm SN
Alarm level
Alarm ID Alarm Time
Alarm Name
Alarm Parameter
8/10/2019 MA5616 Basic Operation.ppt
66/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Query Alarm (2/2)
Command Remark
display alarm history all Query all the alarm
display alarm history alarmsn Query an alarm record by alarm serial number
display alarm history alarmid Query an alarm record by alarm ID
display alarm history alarmlevel Query an alarm record by alarm level
display alarm history alarmtype Query an alarm record by alarm type
display alarm history alarmclass Query an alarm record by alarm class
display alarm history alarmtime start end Query an alarm record by alarm generation time
MA5616(config)# display alarm history { alarmsn s n |all | alarmid id |alarmlevel level | alarmtype t ype | alarmclass c lass | alarmtime start star t -
date s tar t - t im e end end-date end-t im e } [ s ta r t-num ber numb er ] } [ detail |
list ] [ | { begin | include | exclude } text ]
8/10/2019 MA5616 Basic Operation.ppt
67/115
8/10/2019 MA5616 Basic Operation.ppt
68/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Questions
1. An alarm record contains the following information: A. alarm ID
B. alarm SN
C. alarm level
D. alarm type
E. alarm class
2. To query alarm, we can based on ( ) to query the corresponding
alarm? A. alarm ID
B. alarm SN
C. alarm level
D. alarm type
E. alarm class
8/10/2019 MA5616 Basic Operation.ppt
69/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
1. CLI Management Overview 2. Initial Setup
3. Operation Security Management
4. Alarm Management
5. Log Management
6. Database Management
7. Hardware Management
8/10/2019 MA5616 Basic Operation.ppt
70/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Log Management
LogStatistics
Log HostManagement
LogManagement
Log ServerManagement
MA5616 can be configured log serverto dump logs as references for systemmaintenance and troubleshooting.
A fault can be located throughthe system log information. Youcan set and query the log bufferon the MA5616.
The MA5616 can logimportant operations in theUNIX or Windows host (alsoreferred to as the log server)of the internal networkthrough the syslog
mechanism.
8/10/2019 MA5616 Basic Operation.ppt
71/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
5. Log Management
5.1 Log Query
5.2 Log Server Management
5.3 Log Host Management
8/10/2019 MA5616 Basic Operation.ppt
72/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Query Log
Query the operation logMA5616(config)# display log [ cli | snmp | tl1 ] { name username | all }
[ start-date [ start-time ] [ - end-date [ end-time ] ] ]
MA5616(config)# display log memory
MA5616(config)# display log failureE.g. MA5616(config)# display log all 2008-3-27 10:00:00 - 2008-4-20
10:00:00
---------------------------------------------------------------------------
No. UserName Domain IP-Address
71 root -- 192.168.3.210 Time : 2009-06-11 02:07:30
Cmd : ftp set
---------------------------------------------------------------------------
Log No.
Log User Name Log Domain Log IP address
Log Time
Log command
8/10/2019 MA5616 Basic Operation.ppt
73/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
5. Log Management
5.1 Log Query
5.2 Log Server Management
5.3 Log Host Management
8/10/2019 MA5616 Basic Operation.ppt
74/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Log Server Management Overview
Create Log Server Query Log ServerMaintaining Log
Server
Query Log Server
Query the system logoutput configuration
Delete the system log
configuration->Delete log server
Create Log Server->
Configure system logoutput to server
8/10/2019 MA5616 Basic Operation.ppt
75/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Create Log Server (1/2)
Configure the primary and secondary file servers MA5616(config)# file-server { { auto-load program } | { auto-backup
{ alarm-event | cdr | configuration | data | debug | log } } } { primary |
secondary } ip-address { tftp | ftp { user username | path pathname
user username } { password | nopassword } | sftp { user username |
path pathname user username | path pathname port portid userusername } { password | nopassword } }
MA5616(config)# file-server auto-backup cdr primary 10.10.10.1 ftp
path abc user
User Name(
8/10/2019 MA5616 Basic Operation.ppt
76/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Create Log Server (2/2)
Configure system log output to serverMA5616(config)# syslog output { sizevalue | all }
MA5616(config)# syslog output debug
MA5616 Server
system automaticallybacks up or loads filesto server
8/10/2019 MA5616 Basic Operation.ppt
77/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Query Log Server
Query the operation logMA5616(config)# display file-server { { auto-load program } | { auto-
backup { data | board-info | alarm-event | cdr | configuration | data |
debug | log } } }
MA5618(config)# display file-server auto-backup cdrQuery the level-based output status of the system log
MA5616(config)# display syslog output configuration
8/10/2019 MA5616 Basic Operation.ppt
78/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Maintaining Log Server
Delete the system log configuration MA5616(config)# undo syslog output { sizevalue | all }
MA5616(config)# undo syslog output debug
Delete the primary and secondary file servers
MA5616(config)# undo file-server { { auto-load program } | { auto-backup { alarm-event | board-info | cdr | configuration | data | debug |
log } } } { primary | secondary }
MA5616(config)# undo file-server auto-backup cdr primary
8/10/2019 MA5616 Basic Operation.ppt
79/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
5. Log Management
5.1 Log Query
5.2 Log Server Management
5.3 Log Host Management
8/10/2019 MA5616 Basic Operation.ppt
80/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Log Host Management Overview
Create Log Host Query Log HostMaintaining Log
Host
Query Log Host Log Host Deactivate->
Delete log host
Create Log Host->
Log Host activate
8/10/2019 MA5616 Basic Operation.ppt
81/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Create Log Host
Step1: Add a log hostMA5616(config)# loghost add ip-addr hostname
MA5616(config)# loghost add 10.11.136.56 log
Step2: Activate a log host
MA5616(config)# loghost activate {ip ip-addr| name hostname}MA5616(config)# loghost activate ip 10.11.136.56
MA5616 PC 10.11.136.56
collecting and storingthe log information
8/10/2019 MA5616 Basic Operation.ppt
82/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Query Log Host
Query the configuration of the log hostMA5616(config)# display loghost list [ ip ip-addr | name hostname ]
MA5616(config)# display loghost list ip 10.11.136.56
8/10/2019 MA5616 Basic Operation.ppt
83/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Maintaining Host
Deactivate a log hostMA5616(config)# loghost deactivate { ip ip-addr | name hostname }
MA5616(config)# loghost deactivate ip 10.11.136.56
Delete a log host
MA5616(config)# loghost delete { ip ip-addr | name hostname }MA5616(config)# loghost delete ip 10.11.136.56
8/10/2019 MA5616 Basic Operation.ppt
84/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Questions
1. An log record contains the following information: A. log user name
B. log time
C. log domain
D. log command2 . When query log, we can based on ( ) to query the
corresponding log? A. log name
B. log time
C. log level
D. log type
8/10/2019 MA5616 Basic Operation.ppt
85/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
1. CLI Management Overview
2. Initial Setup
3. Operation Security Management
4. Alarm Management
5. Log Management
6. Database Management
7. Hardware Management
8/10/2019 MA5616 Basic Operation.ppt
86/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Database Management
SaveManagement
LoadingManagement
DatabaseManagement
BackupManagement
MA5616 support s backuping theconfiguration and database filesinto file server through ftfp,ftp,sftp .
MA5616 supports two savemodes: auto-save and manualsave. You can save the datafiles and the configuration file.
The MA5616 supportsloading the configurationand data files from fileserver through tftp, ftp, sftp.
8/10/2019 MA5616 Basic Operation.ppt
87/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
6. Database Management
6.1 Save Management
6.2 Backup Management
6.3 Loading Management
8/10/2019 MA5616 Basic Operation.ppt
88/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Data Management Conceptions
File Server
S DRAM
CCUB
1
2
F L A
S H
3
Database file
Configuration file
1: Save
2: Backup
3: Load
8/10/2019 MA5616 Basic Operation.ppt
89/115
8/10/2019 MA5616 Basic Operation.ppt
90/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Save Management (2/4)
To save the database file and the configuration file at thesame time.
MA5616(config)# save {|configuration|data}:
S DRAM
CCUB
1
F L A
S H
Database file
Configurationfile
save
8/10/2019 MA5616 Basic Operation.ppt
91/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Save Management (3/4)
To save the database file automatically at the present time.MA5616(config)# autosave time on
System autosave time switch: on
Autosave time: 12:20:30
Autosave type: data
( )
8/10/2019 MA5616 Basic Operation.ppt
92/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Save Management (4/4)
To save the database file automatically at intervalsMA5616(config)# autosave interval on
System autosave interval switch: on
Autosave interval: 1440 minutes
Autosave type: data
System autosave modified configuration switch: on
Autosave interval: 30 minutes
Autosave type: data
C t t
8/10/2019 MA5616 Basic Operation.ppt
93/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
6. Database Management
6.1 Save Management
6.2 Backup Management
6.3 Loading Management
B k M (1/2)
8/10/2019 MA5616 Basic Operation.ppt
94/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Backup Management (1/2)
Query the system current configuration.MA5616(config)# display current-configuration [ section string ] [ |
{ begin | include | exclude } text ]
MA5616(config)# display current-configuration section dev
Query the data configuration saved in memoryMA5616(config)# display saved-configuration
B k M (2/2)
8/10/2019 MA5616 Basic Operation.ppt
95/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Backup Management (2/2)Back up the configuration file to the server .
MA5616(config)# backup configuration {tftp server-ipaddr filename | ftp
server-ipaddr filename | sftp server-ipaddr filename }
MA5616(config)# backup configuration tftp 1.1.1.1 config.txt
File Server
CCUB
FLASH
BackupIP 1.1.1.1
C t t
8/10/2019 MA5616 Basic Operation.ppt
96/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
6. Database Management
6.1 Save Management
6.2 Backup Management
6.3 Loading Management
L di M
8/10/2019 MA5616 Basic Operation.ppt
97/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Loading Management
Load the configuration file .MA5616(config)# load configuration {tftp server-ipaddr filename | ftp server-
ipaddr filename | sftp server-ipaddr filename }
MA5616(config)# load configuration tftp 1.1.1.1 config.txt
Load the data configuration.MA5616(config)# load data { xmodem | tftp ServerIpAddress filename | sftp
ServerIpAddress filename | ftp ServerIpAddress filename }
MA5616(config)# load data ftp 1.1.1.1 db_ccuh.dat
File Server
CCUB
FLASH
Load IP 1.1.1.1
S t R b ti
8/10/2019 MA5616 Basic Operation.ppt
98/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
System Rebooting
After loading configuration or database file successfully,
system will remind the next step is system rebooting.
Rebooting the systemMA5616(config)# reboot system
Caution :
Rebooting the system interrupts the ongoing services. Therefore, run
this command with caution.
L di M i t
8/10/2019 MA5616 Basic Operation.ppt
99/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Loading Maintenance
Load the configuration file .MA5616(config)# display progress { load | backup }
MA5616(config)# display progress load
Activate a configuration file .
MA5616(config)# active configuration system
E l S t D t B k
8/10/2019 MA5616 Basic Operation.ppt
100/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Example: System Data Backup
Step1: Confirm PC can ping MA5616
Step2: start-up the TFTP server software of PC
Step3: Save the dataMA5616(config)# save data
Step4: Backup to file serverMA5616(config)# backup data
tftp 192.168.1.139 20090511
Example: Restoration of the System Data
8/10/2019 MA5616 Basic Operation.ppt
101/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Example: Restoration of the System Data
Step1: Confirm PC can ping MA5616
Step2: Start-up the TFTP server software of PC
Step3: Restoration data to MA5616 and reboot systemMA5616(config)# load data tftp 192.168.1.139 20090511
MA5616(config)# reboot system
Q estions
8/10/2019 MA5616 Basic Operation.ppt
102/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Questions
1. Please outline the difference between backup and load .
2. MA5618 supports backup and load files operation, by which protocol the
file can transferred between MA5618 and file server? A. ftp
B. tftp
C. sftp
D. xmodem
8/10/2019 MA5616 Basic Operation.ppt
103/115
Contents
8/10/2019 MA5616 Basic Operation.ppt
104/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
7. Hardware Management
7.1 Shelf Management
7.2 Board Management
Shelf Management
8/10/2019 MA5616 Basic Operation.ppt
105/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Shelf Management
Set a frameMA5616(config)# frame set frameid desc description
MA5616(config)# frame set 0 desc test
Delete the description of a shelf
MA5616(config)# undo frame desc frameidMA5616(config)# undo frame desc 0
Query Shelf Information
8/10/2019 MA5616 Basic Operation.ppt
106/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Query Shelf Information
Query the description of a shelfMA5616(config)# display frame desc { frameid | bydesc description }
MA5616(config)# display frame desc 0
Query the basic information about a shelf
MA5616(config)# display frame info [ frameid ]MA5616(config)# display frame info 0
Contents
8/10/2019 MA5616 Basic Operation.ppt
107/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Contents
7. Database Management
7.1 Shelf Management
7.2 Board Management
Board Statuses
8/10/2019 MA5616 Basic Operation.ppt
108/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Board Statuses
Board Status
Main Control
Board
Active-Normal
Standby-Normal
Service Board
Auto_find
Config (transition status)
Normal
Failed
1 The board can be automatically foundafter inserted into the slot but notregistered in the system
2 Confirm the board, the statusbecomes normal, the config status is atransitional status
3 Faults happen, the status becomesfailed
Board Management (1/2)
8/10/2019 MA5616 Basic Operation.ppt
109/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Board Management (1/2)
Step1: Add a boardMA5616(config)# board add frameid/slotid board-type
MA5616(config)# board add 0/3 VSNK
Step2: Confirm a board
MA5616(config)# board confirm frameid [/slotid ]MA5616(config)# board confirm 0/1
Query all the boards in the frameMA5616(config)# display board frameid [ /slotid ]
MA5616(config)# display board 0
MA5616(config)# display board 0/0
Board Management (2/2)
8/10/2019 MA5616 Basic Operation.ppt
110/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Board Management (2/2)
Delete boardMA5616(config)# board delete 0/3
Reset boardMA5616(config)# board reset 0/3
Questions
8/10/2019 MA5616 Basic Operation.ppt
111/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Questions1. When initial setup, what configuration should be run to active the
service board ? A. board add
B. board confirm
C. board active
D. board delete
2. What status the MA5616 service board can have? A. normal
B. auto-find
C. fault
D. active-normal
Summary (1/2)
8/10/2019 MA5616 Basic Operation.ppt
112/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Summary (1/2)
CLI Management Access:The CLI terminal can access the device through local consol port or
the telnet session.
Operation Security:
Management user can be created in MA5616, and can be maintainedaccording to user level, password, reenter time and description
information.
The access security is guaranteed by ACL and firewall.
Alarm ManagementQuery alarms can according to alarm SN, alarm ID, alarm level, alarm
type,alarm class and alarm time.
Summary (2/2)
8/10/2019 MA5616 Basic Operation.ppt
113/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Summary (2/2)Log Management:
To query the operation log of a user can get the information of the name and IP address ofthe user who performs operations on the system, the time when the user performsoperations on the system.To put the system logs to log server or log host, the server or host should be created inMA5616 first, and system can automatically dump logs.
Database Management:
Database Management includes save, backup and load system configuration or databasefile.Save system configuration or database file can be manual operation or automaticoperation based on system commandBackup operation indicates put the files from MA5616 to file server through tftp, ftp or sftp.Loading operation indicates take the files from file server to MA5616 through tftp, ftp orsftp
Hardware ManagementMA5616 frame information can be described through command line.MA5616 service board has four status: Auto_find,Config,Normal,Failed. To provideservices through MA5616, the service board should be Normal status.
Glossary
8/10/2019 MA5616 Basic Operation.ppt
114/115
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Glossary
ACL: Access Control ListCLI: Command Line InterfaceEMS: Element Management SystemFTP: File Transfer ProtocolGUI: Graphic User Interface
LAN: Local Area NetworkMIB: Management Information BaseTFTP: Trivial File Transfer ProtocolTL1: Transaction Language Number 1SFTP: SSH File Transfer ProtocolVLAN: Virtual Local Area NetworkWAN: Wide Area Network
8/10/2019 MA5616 Basic Operation.ppt
115/115
Thank youwww.huawei.com