VRP Fundamentals

Abstract

One needs to be familiar with Huawei network devices, such as routers, switches and firewalls, so as to configure them. Huawei has developed a general operating system for these network devices, which undoubtedly reduces the learning cost for IT practitioners. Versatile Routing Platform (VRP) is a general network operating system for Huawei network devices.

One needs to be familiar with Huawei network devices, such as routers, switches and firewalls, so as to configure them. Huawei has developed a general operating system for these network devices, which undoubtedly reduces the learning cost for IT practitioners. Versatile Routing Platform (VRP) is a general network operating system for Huawei network devices.

VRP provides users with a Command-Line Interface (CLI), and users are required to master how to use the command line in order to manage network devices.

When configuring Huawei network devices for the first time, you usually log in through the Console port. After the network is configured, you can log in to the network devices through Telnet, SSH, or Web to configure the device. The general configuration of the network devices includes changing the device name, setting the device clock, configuring the IP address for the network device interface, and setting the login password.

The configuration of the device will take effect immediately after completion. At this point, the current configuration can be viewed by the display current-configuration command and can be saved by the display saved-configuration command. In addition, the configuration file to be loaded at the next boot can also be changed.

VRP manages all files (including configuration files, system files, License files and patch files of the device) and directories on the device through the file system. The VRP file system is mainly used to create, delete, modify, copy and display files and directories on the device.

3.1 Introduction to VRP

VRP is a general network operating system of which Huawei Technologies Co., Ltd. has completely independent intellectual property rights. It can run on a full range of communication products from low-end to high-end, such as routers and switches. It is similar to Microsoft’s Windows operating system and Apple’s iOS operating system. At present, Huawei devices are almost ubiquitous in network devices around the world, so it is especially important for network communication technicians to learn about the knowledge of VRP.

VRP can run on a variety of hardware platforms, including routers, LAN switches, ATM switches, dial-up access servers, IP telephony gateways, carrier-grade integrated service access platforms, intelligent service selection gateways and dedicated hardware firewalls. VRP has a consistent network interface, user interface and management interface, providing users with flexible and rich application solutions, as shown in Fig. 3.1.

Fig. 3.1

VRP application solutions

With TCP/IP protocol stack as the core, VRP implements various data link layer, network layer and application layer protocols, integrates data communication functions such as routing and switching technology, QoS technology, security technology and IP voice technology in the operating system, and provides excellent data forwarding function for network devices based on IP forwarding engine technology.

3.2 VRP Command Lines

The commands in the VRP command line consist of keywords and parameters, and the total number of commands mounts to thousands. In order to realize the layered management of these commands, the VRP system registers them under different views according to the types of their functions. VRP command levels are divided into level 0 (visit), level 1 (monitoring), level 2 (configuration) and level 3 (management), while users logging into network devices are divided into levels from 0 to 15. Users of different levels can execute commands of different levels.

3.2.1 Basic Concepts of the Command Line

1. 1.

   Command lines

   The function configuration and service deployment of Huawei network devices are done through VRP command lines. A command line is a string with a certain format and functions registered inside the device. A command line consists of keywords and parameters. Keywords are a set of words or phrases related to the function of the command line. A command line can be uniquely identified by keywords, and keywords of command lines are in bold font in this book. Parameters are words or numbers specified to improve the format of the command line or to indicate the object of the command, including data types such as integers, strings and enumerated values. For example, in the command line ping ip-address for testing inter-device connectivity, ping is the keyword of the command line and ip-address is the parameter (its value is an IP address).

   A newly purchased Huawei network device is initially configured to be empty. If you want it to have functions such as file transfer and network interoperability, you need to enter the command line interface of the device and configure it using corresponding commands.

2. 2.

   Command line interface

   The command line interface is the interface for text-based command interaction between the user and the device, just like the Disk Operation System (DOS) window in the Windows operating system. The VRP command line interface is shown in Fig. 3.2.

3. 3.

   Command line view

   The command line interface is divided into several command line views. When using a command line, you need to first enter the view where the command line is located. Commonly used command line views are the user view, system view and interface view, which are inter-related but have certain differences.

   As shown in Fig. 3.3, after logging in to a Huawei device, you will first enter the user view <R1>, and in the prompt “<R1>”, “<>” indicates the user view and “R1” is the host name of the device. In the user view, users can learn about the basic information of the device and query its status, but they cannot perform configurations related to service functions. If you need to configure the service functions of the device, you need to enter the system view.

   By entering “system-view”, you can enter the system view [R1], and configure the system parameters. At this point, the prompt uses the square bracket “[ ]”. You can use most of the basic configuration commands and configure some global parameters of the router in system view, such as the router host name.

   From the system view, you can enter the interface view, protocol view, AAA view and other views. To configure parameters such as interface parameters, routing protocol parameters and IP address pool parameters, you have to enter their respective views. By entering different views, you can use the commands in that view. If you want to enter other views, you must first enter the system view.

   By entering “quit”, you can return to the view of the previous level. By entering “return”, you can return directly to the user view. By pressing the “Ctrl+Z”, you can return to the user view. When you enter different views, the prompt content will change accordingly. For example, when you enter the interface view, the host name is appended with the information on interface type and interface number. In the interface view, you can complete the configuration operation of the corresponding interface, such as configuring the IP address of the interface. The exemplary code is as follows.

   [R1]interface GigabitEthernet 0/0/0 [R1-GigabitEthernet0/0/0]ip address 192.168.10.111 24

   The VRP system has classified commands and users, with each command having a corresponding level, and each user its own privilege level. The user privilege level corresponds with the command level in a certain way. After logging in, users with certain privilege levels can only execute commands equal to or lower than their own levels.

4. 4.

   Command levels and user privilege levels

   VRP commands are divided into four levels, i.e., level 0 (visit), level 1 (monitoring), level 2 (configuration) and level 3 (management). Network diagnostic commands belong to the visit level commands, and are used to test whether the network is connected or not. Monitoring level commands are used to view the network status and basic information of the device. Configuration level commands are required for service configuration of the device. For some special functions, such as uploading or downloading configuration files, management level commands are needed.

   User privileges are divided into 16 levels from 0 to 15. By default, level 3 users can operate all commands of the VRP system, which means that users of levels 4 to 15 have the same privilege as level 3 users by default. User privileges of levels 4 to 15 are generally used in conjunction with the functions to upgrade command levels. For example, when there are many device administrators, their privilege levels should be further categorized, and then you can elevate the user privilege corresponding to a key command, such as to level 15, so that the default level 3 administrator can no longer use the key command.

   The correspondence between user level and command level is shown in Table 3.1.

Fig. 3.2

VRP command line interface

Fig. 3.3

The command line views

Table 3.1 Correspondence between user privilege levels and command levels

3.2.2 How to Use Command Lines

1. 1.

   Enter the command view

   After entering the VRP system, the first view the user enters is the user view. If “<Huawei>” appears as shown below, with the cursor flashing to the right of “>”, the user has successfully entered the user view.

   <Huawei>

   Once you enter the user view, you can use commands to understand the basic information of the device and view the device status, etc. If you need to configure interface GigabitEthernet1/0/0, you need to enter the system view first using the system-view command, and then use the interface interface-type interface-number command to enter the corresponding interface view.

<Huawei>system-view -- Enter the system view [Huawei] [Huawei]interface gigabitethernet 1/0/0 --Enter the interface view [Huawei-GigabitEthernet1/0/0]

1. 2.

   Exit command view

   The function of the quit command is to exit from any view to the view of the previous level. For example, the interface view is entered from the system view, so the system view is the view of the previous level of interface view.

   [Huawei-GigabitEthernet1/0/0] quit --Exit to system view [Huawei]

   If you wish to continue exiting to the user view, you can execute the quit command for another time.

   [Huawei]quit --Exit to user view <Huawei>

   Some command views are in such a high level that you need to execute the quit command several times in order to exit from the current view to the user view. In this case, you can use the return command to directly exit from the current view to the user view.

   [Huawei-GigabitEthernet 1/0/0]return -- Exit to user view <Huawei>

   In addition, in any view, pressing “Ctrl+Z” can have the same effect as using the return command.

2. 3.

   Command line input

   The VRP system provides rich command line input methods, supporting multi-line input. The maximum length of each command is 510 characters. The command keywords are not case-sensitive. And incomplete keyword input is supported. Table 3.2 lists the functions of some commonly used function keys in the command line input process.

3. 4.

   Incomplete keyword input

   In order to improve the efficiency and accuracy of command line input, the VRP system supports incomplete keyword input, that is, in the current view, you do not need to enter complete keywords if the entered characters can match a unique keyword. For example, in the case of entering the “display current-configuration” command, the user can enter “d cu”, “di cu”, “di cu” or “dis cu”, but not something like “d c” or “dis c”. This is because there are multiple commands in the system starting with “d c” and “dis c”, such as “display cpu-defend”, “display clock” and “display current-configuration”.

4. 5.

   Online help

   Online help is a real-time help function provided by the VRP system. When entering command lines, users can enter a question mark (?) at any time to obtain online help. You can choose to obtain full help or partial help.

   1. (a)

      Example of full help.

      If we want to check the current configuration of the device, but do not know what to do next after entering the user view, we can enter “?” to obtain the following help information.

      <Huawei>? User view commands: arp-ping ARP-ping autosave <Group> autosave command group backup Backup information …… dialer Dialer dir List files on a filesystem display Display information factory-configuration Factory configuration ---- More ----

      You can see “display” in the keyword displayed, which is interpreted as “Display information”. It is natural to think that to view the current configuration of the device, the keyword “display” will probably be used. So, after pressing any letter key to exit help, enter “display” and a question mark “?” separated by a space. Then the following help information will be obtained.

      <Huawei>display ? Cellular Cellular interface aaa AAA access-user User access accounting-scheme Accounting scheme …… cpu-usage Cpu usage information current-configuration Current configuration cwmp CPE WAN Management Protocol ---- More ----

      From the information, we find “current-configuration”. Through simple analysis and reasoning, we know that the command we should enter to view the current configuration of the device is “display current-configuration”.

   2. (b)

      Example of partial help.

      Usually, we would not be completely ignorant of the command line we need to enter, and instead we know part of the command line keywords. Suppose we want to enter the command “display current-configuration”. However, we do not remember the full command format, but only that the keyword “display” starts with “dis”, and current-configuration starts with the letter “c”. At this point, we can use the partial help function to determine the complete command.

      After entering “dis”, enter the question mark “?”.

      <Huawei>dis? display Display information

      The echo message shows that the only keyword starting with “dis” is display, and based on the principle of incomplete keyword input, the keyword display can be uniquely determined by using “dis”. So, after entering “dis”, you can type a space, then “c”, and finally “?” to get help information for the next keyword.

      <Huawei>dis c? <0-0> Slot number Cellular Cellular interface calibrate Global calibrate capwap CAPWAP channel Informational channel status and configuration information clock Clock status and configuration information config System config controller Specify controller cpos CPOS controller cpu-defend Configure CPU defend policy cpu-usage Cpu usage information current-configuration Current configuration cwmp CPE WAN Management Protocol

      The information shows that after the keyword “display”, there are only a few dozen keywords starting with “c”, from which “current-configuration” can be easily identified. At this point, we can use such memory fragments as “dis” and “c” to obtain the complete command “display current-configuration”.

5. 6.

   Shortcut keys

   shortcut keys can further improve the efficiency of command line input. VRP system has defined some shortcut keys, which are called system-defined shortcut keys. System-defined shortcut keys have fixed functions and cannot be redefined by the user. Common VRP system-defined shortcut (combination) keys are shown in Table 3.3.

   The VRP system also allows the user to customize some shortcut keys, but customized shortcut keys may be confused with some operation commands, so it is generally suggested not to customize shortcut keys.

6. 7.

   Use the undo command line

   The undo command is to add the keyword “undo” in front of the command. It is used to restore the default situation, disable a function or delete a configuration. The following is a reference example.

   Use the undo command to restore the default situation.

   <Huawei>system-view [Huawei]sysname Server [Server]undo sysname [Huawei]

   Use the undo command to disable a function.

   <Huawei>system-view [Huawei]ftp server enable [Huawei]undo ftp server

   Use the undo command to delete a configuration.

[Huawei]interface g0/0/1 [Huawei-GigabitEthernet0/0/1]ip address 192.168.1.1 24 [Huawei-GigabitEthernet0/0/1]undo ip address

Table 3.2 Functions of function keys

Table 3.3 Common VRP system-defined shortcut (combination) keys

3.3 Login to Network Devices

Configuring a Huawei network device can be done using the Console (control) port, Telnet (remote login system), SSH (Secure Shell), or Web methods. This section introduces the various ways to configure the user interface and log in to the device.

3.3.1 Configure the User Interface

1. 1.

   Concept of user interface

   Different users have different user interfaces in the process of information interaction with the device. A user who logs in to the device using the Console port has a user interface that corresponds to the physical Console port of the device. A user who logs into the device using Telnet has a user interface that corresponds to the Virtual Type Terminal (VTY) port of the device. The total number of VTY ports supported may vary from device to device.

   If you want to control the login of different users, you need to first enter the corresponding user interface view and configure it accordingly (e.g., specify user privilege level, set user name and password, etc.). For example, assuming that the user logging in via the Console port has a privilege level of 3, then the corresponding operation is as follows.

   <Huawei>system-view [Huawei]user-interface console 0 --Enter Console port user interface view [Huawei-ui-console0]user privilege level 3 --Set privilege level of user logging in through Console port as 3

   If multiple users have logged into the device, such as two administrators using Telnet to configure the same network device at the same time, each user will have their own user interface. So how does the device recognize these different user interfaces? The following section will focus on this issue.

2. 2.

   The numbers of user interface

   When a user logs in to the device, according to how the user logs in, the system will automatically assign the user with the smallest number of the corresponding type of user interface that is currently available. There are two types of user interface numbers, namely relative number and absolute number.

   1. (a)

      Relative numbers.

      The form of a relative number is: user interface type + sequence number. Generally, a device has only 1 Console port (plug-in devices may have multiple Console ports with each main control board providing one Console port), and there are generally 15 user interfaces of VTY type (by default, five of them are turned on). Therefore, the relative number is presented in the following form.

      Relative number of console user interface: CON 0.

      Relative number of VTY user interface: the first one is VTY 0, the second one is VTY 1, and so on.

   2. (b)

      Absolute numbers.

      An absolute number is just a numerical value to uniquely specify a user interface. An absolute number has a one-to-one relationship with the relative number: the relative number of console user interface is CON 0, and the corresponding absolute number is 0; the relative numbers of VTY user interface are VTY 0 to VTY 14, and the corresponding absolute numbers are 129 to 143.

      The information on user interfaces currently supported by the device can be viewed by using the display user-interface command. As shown below, we can see that there is one user of privilege level 3 connected to CON 0, and one user of privilege level 2 connected to VTY 0 through the virtual port. Auth means authentication mode, P stands for Password (only password needs to be entered), and A stands for AAA authentication (user name and password need to be entered).

      <Huawei>display user-interface Idx Type Tx/Rx Modem Privi ActualPrivi Auth Int + 0 CON 0 9600 - 15 15 P - + 129 VTY 0 - 2 2 A - 130 VTY 1 - 2 - A - 131 VTY 2 - 2 - A - 132 VTY 3 - 0 - P - 133 VTY 4 - 0 - P - 145 VTY 16 - 0 - P - 146 VTY 17 - 0 - P - 147 VTY 18 - 0 - P - 148 VTY 19 - 0 - P - 149 VTY 20 - 0 - P - 150 Web 0 9600 - 15 - A - 151 Web 1 9600 - 15 - A - 152 Web 2 9600 - 15 - A - 153 Web 3 9600 - 15 - A - 154 Web 4 9600 - 15 - A - 155 XML 0 9600 - 0 - A - 156 XML 1 9600 - 0 - A - 157 XML 2 9600 - 0 - A - UI(s) not in async mode -or- with no hardware support: 1-128 + : Current UI is active. F : Current UI is active and work in async mode. Idx : Absolute index of UIs. Type : Type and relative index of UIs. Privi: The privilege of UIs. ActualPrivi: The actual privilege of user-interface. Auth : The authentication mode of UIs. A: Authenticate use AAA. N: Current UI need not authentication. P: Authenticate use current UI's password. Int : The physical location of UIs.

      In the echo message, the first column Idx indicates the absolute numbers and the second column Type represents the relative numbers.

3. 3.

   User authentication

   Each user logs in to a device with a user interface corresponding to it. So, how to make sure that only legitimate users can log into the device? The answer is through the user authentication mechanism. There are three types of user authentication modes supported by the device: Password authentication, AAA authentication and None authentication.

   1. (a)

      Password authentication.

      Password authentication only requires entering the password, and once the password authentication is passed, you can login to the device. By default, the device uses the password authentication mode. When using this method, you cannot login to the device without configuring the password.

   2. (b)

      AAA authentication.

      AAA authentication requires entering the username and password, and only when the correct username and its corresponding password are entered can you login to the device. Since both user name and password need to be verified, AAA authentication is more secure than password authentication. Meanwhile, the method can distinguish different users, and different users can be set with different privilege levels without interfering with each other. Therefore, when using Telnet to login, AAA authentication is generally used.

   3. (c)

      None authentication.

      None authentication enables the user to directly login to the device without entering the username and password, that is, no authentication is required. For security reasons, this authentication mode is not recommended.

      The user authentication mechanism ensures the legitimacy of user login. By default, users who login via Telnet have a privilege level of 0 after they login.

4. 4.

   User privilege levels

   The meaning of user privilege level and its correlation with command level have been described earlier. The user privilege level is also called user level. By default, a user with a user level of 3 or above can operate all commands of the device. The level of a certain user can be configured by executing the user privilege level level command under the corresponding user interface view, where level is the specified user level.

3.3.2 Login to the Device via the Console Port

We configure the console user interface in the following, using the password authentication mode, and setting the login password.

During the initial configuration of the router, the console cable can be used to connect the console port of the switch (or router) to the cluster communication port (COM) of the computer so that local debugging and maintenance can be enabled. The console port is a RJ45 port conforming to the RS232 serial port standard. Most desktop computers today provide a COM port that can be connected to the console port, as shown in Fig. 3.4. Laptops generally do not provide a COM port and require the use of a USB to RS232 port converter.

Fig. 3.4

Configure a router

Open the “Computer Management” interface, as shown in Fig. 3.5, and click “Device Manager”; after installing the driver, you can see that the USB port acts as a COM3 port.

Fig. 3.5

View the COM3 port that the USB port acts as

Install SecureCRT on Windows [SecureCRT is a terminal emulation program that supports SSH (SSH1 and SSH2), and in short, it is a software to login to UNIX, Linux server hosts and Huawei network devices on Windows]. Open SecureCRT software, as shown in Fig. 3.6, select “Serial” for SecureCRT protocol, and click “Next”. In the port selection interface displayed, as shown in Fig. 3.7, according to the port simulated by the USB device, select “COM3” here, and refer to Fig. 3.7 for other settings, and then click “Next”.

Fig. 3.6

Select a protocol

Fig. 3.7

Select “COM3” port

The console user interface corresponds to users logging in directly through the console port, usually using Password authentication. Users logging in through the console port are generally network administrators that require the user privileges of the highest level.

1. 1.

   Enter the console user interface.

   The command used to enter the console user interface is user-interface console interface-number. The interface-number indicates the relative number of the console user interface and takes the value of 0.

[Huawei]user-interface console 0

1. 2.

   Configure the user interface.

   In console user interface view, configure the authentication mode as password authentication, and set the password as huawei, and the password is saved in the configuration file in cipher text.

   The command to configure the user authentication mode of the user interface is authentication-mode {aaa l password}.

   [Huawei-ui-console0]authentication-mode ? aaa AAA authentication password Authentication through the password of a user terminal interface [Huawei-ui-console0]authentication-mode password Please configure the login password (maximum length 16):huawei

   If you intend to reset the password, you can enter the following command to set the password to huawei.com. The keyword cipher indicates that the configured password will be stored in the configuration file in cipher text.

   [Huawei-ui-console0]set authentication password cipher huawei.com

   After the configuration is complete, the configuration information will be saved in the device’s memory and can be viewed using the display current-configuration command. If the information is not saved, it will be lost when the device is powered on or rebooted.

   Enter “display current-configuration section user-interface” to display the user-interface settings in the current configuration. If you only enter “display current-configuration”, all settings will be displayed.

<Huawei>display current-configuration section user-interface [V200R003C00] # user-interface con 0 authentication-mode password set authentication password cipher %$%${PA|GW3~G'2AJ%@K{;MA,$/:\,wmOC*yI7U_x!,w kv].$/=,%$%$ user-interface vty 0 4 user-interface vty 16 20 # return

3.3.3 Login to the Device via Telnet

The VTY user interface corresponds to the user logging in using Telnet. Considering that Telnet is a remote login method, it is prone to security risks, so AAA authentication is used to authenticate users. Generally, during the commissioning phase of the device, a lot of people need to login to the device and service configuration is required, so the maximum number of VTY user interfaces is usually configured to 15, which allows up to 15 users to login to the device via Telnet at the same time. Also, the user level should be set to level 2, that is the configuration level, so that normal service configuration can be performed. The following configures the number of VTY interfaces, setting the user level of VTY user interface to level 2 and the authentication mode to AAA authentication.

1. 1.

   Configure the maximum number of VTY user interfaces to 15.

   The command used to configure the maximum number of VTY user interfaces is user-interface maximum-vty number. If you want to configure the maximum number of VTY user interfaces to 15, then the value of number should be 15.

[Huawei]user-interface maximum-vty 15

1. 2.

   Enter the VTY user interface view.

   Enter the user-interface vty first-ui-number [last-ui-number] command to enter the VTY user interface view, where first-ui-number and last-ui-number are the relative numbers of the VTY user interfaces, and the square brackets “[ ]” means that the parameter is optional. Suppose now you need to configure all the 15 VTY user interfaces. Then the value of first-ui-number should be 0, and that of last-ui-number should be 14.

   [Huawei]user-interface vty 0 14

   Enter the VTY user interface view.

[Huawei-ui-vty0-14]

1. 3.

   Configure the user level of VTY user interface as level 2.

   The command to configure the user level is user privilege level level. Since now you need to configure the user level as level 2, the value of level should be 2.

[Huawei-ui-vty0-14]user privilege level 2

1. 4.

   Configure the user authentication mode of VTY user interface as AAA authentication.

   The command to configure the user authentication mode is authentication-mode {aaa l password}, where the braces “{ }” indicate that you can choose either one of the parameters.

[Huawei-ui-vty0-14]authentication-mode aaa

1. 5.

   Configure the user name and password for AAA authentication mode.

   First exit VTY user interface view and execute the aaa command to enter AAA view. Then execute the local-user user-name password cipher password command to configure the username and password. The user-name represents user name, password represents password, and the keyword cipher means the configured password will be saved in cipher text in the configuration file. Finally, execute the local-user user-name service-type telnet command to define the access type of these users as Telnet.

   [Huawei-ui-vty0-14]quit [Huawei]aaa [Huawei-aaa]local-user admin password cipher admin@123 [Huawei-aaa]local-user admin service-type telnet [Huawei-aaa]quit

   After the configuration is completed, when a user logs in to the device via Telnet, the device will automatically assign the available VTY user interface with the smallest number to the user, and the username (admin) and password (admin@123) configured above need to be entered before entering the command line interface.

   The Telnet protocol is one of the application layer protocols of TCP/IP protocol stack. Telnet works in a “server/client” mode, providing a way to remotely login from one device (Telnet client) to another (Telnet server). A TCP connection is required between the Telnet server and the Telnet client, and the default port number for the Telnet server is 23.

   The VRP system supports both the Telnet server and Telnet client functions. With the VRP system, users can also first login to a device, and use this device as a Telnet client to remotely login to other devices on the network via Telnet, thus allowing more flexible maintenance and operations of the network. As shown in Fig. 3.8, router R1 is both a Telnet server for PC and a Telnet client for router R2.

   In Windows, open the command line tool, make sure the network between Windows and the router is unobstructed. By entering “telnet ip-address”, and then the account and password, you can remotely login to the router for configuration. As shown in Fig. 3.9, telnet 192.168.10.111 enters the account and password to successfully login to <Huawei>, then telnet 172.16.1.2 enters the password to successfully login to router <R2>. Then exit Telnet and enter “quit”.

Fig. 3.8

Telnet secondary connection

Fig. 3.9

Login to the router via Telnet on Windows

3.3.4 Login to the Device via SSH

SSH is abbreviated for Secure Shell and was developed by the IETF network group. SSH is a protocol specifically designed to provide security for remote login sessions. Using SSH protocol can effectively prevent information leakage during remote management.

When using Telnet to login to the router, the account and password are transmitted in plain text over the network so it is not secure. Using SSH to login to the router over the network is more secure than Telnet.

From the client’s perspective, SSH provides two levels of security authentication.

The first level is password-based security authentication. As long as you know your own account and password, you can login to the remote host. All data transmitted is encrypted, but there is no guarantee that the server you are connecting to is the one you want to connect to. It is possible that some other servers may be impersonating the real server, i.e., it is subject to the “man-in-the-middle” attack.

The second level is key-based security authentication. You need the keys, that is, you have to create a key pair for yourself and put the public key on the server you need to access. If you want to connect to an SSH server, the client software will send a request to the server for security authentication with your key. After receiving the request, the server first looks for your public key in your home directory on that server, and then compares it to the public key you have sent over. If the two keys match, the server a “challenge” encrypted with the public key and sends it to the client software. Once the client software receives the “challenge”, it can decrypt it with your private key and send it to the server.

In this way, the user must know his own key passphrase. However, in contrast to the first level, the second level does not require the transmission of the passphrase over the network.

The following operation will change the login type of the admin user created above to SSH. Set the authentication mode of SSH user admin to password authentication, turn on the SSH authentication service of the router, generate the local authentication key, and configure the VTY to use the SSH protocol.

[Huawei-aaa]local-user admin service-type ? 8021x 802.1x user bind Bind authentication user ftp FTP user http Http user ppp PPP user ssh SSH user sslvpn Sslvpn user telnet Telnet user terminal Terminal user web Web authentication user x25-pad X25-pad user [Huawei-aaa]local-user admin service-type ssh --The default admin authentication is SSH [Huawei-aaa]quit [Huawei]ssh user admin authentication-type password --The SSH user admin authentication service is password authentication [Huawei]stelnet server enable --Enable SSH authentication service [Huawei]rsa local-key-pair create -- Generate local authentication key The key name will be: Host % RSA keys defined for Host already exist. Confirm to replace them? (y/n)[n]:y The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Input the bits in the modulus[default = 512]: Generating keys... .........++++++++++++ .....++++++++++++ .........++++++++ .......++++++++ [Huawei]user-interface vty 0 14 [Huawei-ui-vty0-14]authentication-mode aaa --Set virtual terminal authentication mode to AAA [Huawei-ui-vty0-14]protocol inbound ssh --Enable SSH [Huawei-ui-vty0-14]quit

Open SecureCRT and create a new connection as shown in Fig. 3.10. Select SSH2 as the protocol to use for the connection, and click “Next”. As shown in Fig. 3.11, enter the hostname, port and username of the router, and click “Next”.

Fig. 3.10

Select a protocol

Fig. 3.11

Enter the hostname, port and username of the router

When you click the created connection, a dialog box will appear, as shown in Fig. 3.12. Enter the password for the account and click “OK”. You will enter the user view after successfully logging in, as shown in Fig. 3.13.

Fig. 3.12

Enter the username and password

Fig. 3.13

Login to the router via SSH

3.3.5 Login to the Device via Web

Some Huawei network devices can also be logged in through the Web. The Web login process is configured as follows.

1. 1.

   Login to the device via the console port.

2. 2.

   Configure the management IP address of the device.

   <Huawei> system-view [Huawei] interface gigabitethernet 0/0/0 [Huawei-GigabitEthernet0/0/0] ip address 10.1.1.1 24 [Huawei-GigabitEthernet0/0/0] quit

3. 3.

   Configure the Web user.

   [Huawei] aaa [Huawei-aaa]local-user admin password cipher huawei [Huawei-aaa] local-user admin privilege level 15 [Huawei-aaa] local-user admin service-type http [Huawei-aaa] quit

4. 4.

   Configure Web network management and use the Web network management function of the device.

   [Huawei] http server enable This operation will take several minutes, please wait.............................. Info: Succeeded in starting the HTTP server [Huawei] quit

5. 5.

   Login to the device via the Web Network Management interface.

Enter “https://10.1.1.1” in the address bar of the browser and hit the Enter key to enter the Web Network Management interface to login to the device, as shown in Fig. 3.14.

Fig. 3.14

Login interface

3.4 Basic Configurations of Network Devices

The following introduces some basic configurations of Huawei network devices, including configuring the device name, device clock, and device IP address.

3.4.1 Configure the Device Name

Normally more than one device will be deployed on the network, and these devices needs unified management from the administrator. When commissioning a device, the primary task is to configure the device name, which is used to uniquely identify a device.

The command line interface contains the name of the device in pointed brackets “< >” or square brackets “[ ]”, which is also known as the hostname of the device. The default device name is “Huawei”. To better distinguish between different devices, it is often necessary to change the device name. We can change the device name by using the sysname hostname command, where sysname is the keyword of the command line and hostname is the parameter that indicates the device name you wish to set to.

For example, by the following operation, you can set the device name to Huawei-AR-01.

<Huawei>? -- View the commands that can be executed in the user view <Huawei>system-view --Enter the system view [Huawei]sysname Huawei-AR-01 --Change the router name to Huawei-AR-01 [Huawei-AR-01]

3.4.2 Configure the Device Clock

To ensure coordinated work with other devices, the system clock needs to be set accurately. System clock = Universal Time Coordinated (UTC) + the time offset between the current time zone and UTC. Generally, there is a built-in UTC and time offest configuration on the device.

The Huawei devices use UTC by default in factory, but no time zone is configured, so before configuring the device system clock, you need to know the time zone where the device is located.

The command line to set the time zone is clock timezone time-zone-name {add | minus} offset, where time-zone-name is the name of the user-defined time zone, which is used to identify the configured time zone. According to the offset direction, select “add” for positive offset (UTC time adds offset to get the local time) and “minus” for negative offset (UTC time minuses offset to get the local time). The offset is the offset time. Assuming the device is located in Beijing time zone, then the corresponding configuration is as follows. (Note: Setting the time zone and time is done in user mode.)

<Huawei>clock timezone BJ add 8:00

After setting the time zone, you can set the current date and time of the device. Huawei device only supports 24-h system, and the command line used is clock datetime HH:MM:SSYYYY-MM-DD, where HH:MM:SS is the time configured and YYYY-MM-DD the date configured. Suppose the current date is October 19, 2020, and the time is 16:37:00, then the corresponding configuration is as follows.

<Huawei>clock datetime 16:37:00 2020-10-19

Enter “display clock” to display the time zone, date and time of the current device.

<Huawei>display clock 2020-10-19 16:37:07 Monday Time Zone(BJ) : UTC+08:00

3.4.3 Configure the Device IP Address

To run IP services on an interface, you must configure an IP address for it. An interface generally requires only one IP address, and if the it is configured with a new one, then the new IP address replaces the original one.

The command to configure an interface IP address is ip address ip-address {mask | mask-length}, where ip address is the command keyword and ip-address is the IP address you wish to set to. The mask indicates the subnet mask in dotted decimal mode, and mask-length represents the subnet mask in length mode, that is, the number of the binary number 1 in the mask.

Assuming that the IP address assigned to the Huawei’s interface Ethernet 0/0/0 is 192.168.1.1 and the subnet mask is 255.255.255.0, then the corresponding configuration is as follows.

[Huawei]interface Ethernet 0/0/0 --Enter the interface view [Huawei-Ethernet0/0/0]ip address 192.168.1.1 255.255.255.0 --Add the IP address and subnet mask [Huawei-Ethernet0/0/0]undo shutdown --Enable the interface [Huawei-Ethernet0/0/0]ip address 192.168.2.1 24 ? sub Indicate a subordinate address <cr> Please press ENTER to execute command [Huawei-Ethernet0/0/0]ip address 192.168.2.1 24 sub -- Add a second address to the interface (the second address and the first address must be on different network segments) [Huawei-Ethernet0/0/0]display this --Display the interface configuration [V200R003C00] # interface Ethernet0/0/0 ip address 192.168.1.1 255.255.255.0 ip address 192.168.2.1 255.255.255.0 sub # return [Huawei-Ethernet0/0/0]quit --Exit interface configuration mode

Usually, a router interface only needs to be configured with one IP address, but sometimes it needs to be configured with multiple addresses. As shown in Fig. 3.15, four computers are connected on switch SW1, which are not separated by routers and belong to the same physical network segment, but PC1 and PC2 are assigned with the address of network segment 192.168.1.0/24, while PC3 and PC4 are assigned with the address of network segment 192.168.2.0/24. PC1 and PC2 belong to the same logical network segment, while PC3 and PC4 belong to the same logical network segment. The computers in these two logical network segments need to be forwarded by the router for communication, which requires interface Ethernet0/0/0 of router AR1 to be configured with two IP addresses to act as the gateway for the computers in these two logical segments.

Note	The shutdown command is used to shut down the interface, and the undo shutdown command is used to enable the interface. The device port state itself is already enabled so it is not necessary to use this command.

Fig. 3.15

Physical network segments and logical network segments

Enter “display ip interface brief” to display summary information about the IP address of the interface.

<Huawei>display ip interface brief *down: administratively down ^down: standby (l): loopback (s): spoofing The number of interface that is UP in Physical is 3 The number of interface that is DOWN in Physical is 1 The number of interface that is UP in Protocol is 3 The number of interface that is DOWN in Protocol is 1 Interface IP Address/Mask Physical Protocol Ethernet0/0/0 192.168.1.1/24 up up Ethernet0/0/8 unassigned down down NULL0 unassigned up up(s) Vlanif1 192.168.10.1/24 up up

As you can see from the above output, the Physical layer of interface Ethernet0/0/0 is enabled (up), and the Protocol layer is also enabled.

Enter “undo ip address” to delete the IP address configured for the interface.

[Huawei-Ethernet0/0/0]undo ip address

A loopback interface is a logical interface that can be used to virtualize a network or an IP host. Loopback can also be used as management interfaces for its stability and reliability.

When configuring an IP address for a physical interface, you need to pay attention to the physical status of the interface. By default, the interface state of Huawei routers and switches is up. If the interface has been manually shut down, you should use “undo shutdown” to enable the interface after configuring the IP address.

3.5 Introduction to Configuration Files

The configuration of a Huawei network device takes immediate effect after it is changed, which is called the current configuration and is saved in memory. If the device is restarted due to power failure or shutdown, the configuration saved in memory will be lost. If you want the current configuration to remain effective after the device is restarted, you need to save the configuration to the root directory of external memory. In the following part, the book explains the configuration files in Huawei network devices and how to manage these files.

3.5.1 Configuration Files of Huawei Network Devices

This section introduces the configurations and configuration files of Huawei routers, involving three concepts: current configuration, configuration file, and configuration file at the next startup.

1. 1.

   Current configuration.

   The configuration in the device memory is the current configuration. Change the current configuration is to enter the system view and change the configuration of the router. When the device is powered off or rebooted, all information in the memory (including configuration information) disappears.

2. 2.

   Configuration file.

   The file containing the device configuration information is called the configuration file, which is stored in the device’s external memory (note that it is not stored in memory), and its file name is generally in the format of “*.cfg” or “*.zip”. The user can save the current configuration in the configuration file. When the device is rebooted, the contents in the configuration file can be reloaded into the memory and become the new current configuration. In addition to the role of saving configuration information, the configuration file can also facilitate maintenance personnel to view, backup, and port configuration information for other devices. By default, when saving the current configuration, the device will save the configuration information to a configuration file named “vrpcfg.zip” and save it in the root directory of the device’s external memory.

3. 3.

   Configuration file for the next startup.

   When saving the configuration, you can specify the name of the configuration file, that is, there can be more than one configuration file saved, and you can specify which configuration file will be loaded at the next startup. By default, the name of the configuration file to be loaded at next startup is “vrpcfg.zip”.

3.5.2 Save the Current Configuration

There are two ways to save the current configuration: manual save and autosave.

1. 1.

   Manual save.

   Users can use the save [configuration-file ] command to manually save the current configuration to the configuration file at any time. The parameter configuration-file is the specified configuration file name, whose format must be “*.cfg” or “*.zip”. If no configuration file name is specified, the configuration file will be named “vrpcfg.zip” by default.

   For example, if you need to save the current configuration to a configuration file named “vrpcfg.zip”, you can do the following.

   In the user view, use the save command, and then enter “y” to confirm to save the router’s configuration. If you do not specify the configuration file name to be saved, it will be named “vrpcfg.zip”. Enter “dir” to display all the files and folders in the flash root directory, and you can see the configuration file there. The flash in the router is equivalent to the hard disk in the computer, which can store files and the configuration saved.

   <R1>save The current configuration will be written to the device. Are you sure to continue? (y/n)[n]:y --Enter y It will take several minutes to save configuration file, please wait....... Configuration file had been saved successfully Note: The configuration file will take effect after being activated

   If there is further need to save the current configuration to a configuration file named “backup.zip” as a backup of vrpcfg.zip, you can do the following.

<Huawei>save backup.zip Are you sure to save the configuration to backup.zip? (y/n)[n]:y It will take several minutes to save configuration file, please wait...... Configuration file had been saved successfully Note: The configuration file will take effect after being activated

1. 2.

   Autosave.

   Configuration autosave function can effectively reduce the risk of configuration loss caused by the user forgetting to save the configuration. Autosave is divided into two ways: autosave interval and autosave time.

   In the autosave internal mode, the device will automatically save the configuration according to the saving interval set by the user. Regardless of whether the current configuration of the device has changed compared to the configuration file, the device will automatically save. In the autosave time mode, the user sets a time value and the device will automatically save at the specific time once a day. By default, the autosave feature of the device is off and needs to be turned on by the user before it can be used.

   How to set the autosave internal method: first, execute the autosave interval on command to enable the autosave interval function of the device, and then execute the autosave interval time command to set the autosave interval. The time is the specified time interval in minutes, and the default value is 1440 min (24 h).

   How to set autosave time: first, execute the autosave time on command to enable the autosave time function of the device, then execute the autosave time time-value command to set the specific time for autosave. The time-value is the specified time in the format of hh:mm:ss, and the default value is 1440 min.

   You can turn on autosave interval using the following command and set the autosave interval to 120 min.

   <R1>autosave interval on --Enable autosave interval System autosave interval switch: on Autosave interval: 1440 minutes --Save every 1440 minutes by default Autosave type: configuration file System autosave modified configuration switch: on -- If the configuration is changed, it will be saved automatically every 30 minutes Autosave interval: 30 minutes Autosave type: configuration file <R1>autosave interval 120 -- Set autosave interval to 120 minutes System autosave interval switch: on Autosave interval: 120 minutes Autosave type: configuration file

   Autosave interval and autosave time cannot be enabled at the same time. Turn off autosave interval, then turn on autosave time, and change the autosave time to 12:00 at noon.

   <R1>autosave interval off --Disable autosave interval <R1>autosave time on --Enable autosave time System autosave time switch: on Autosave time: 08:00:00 --Autosave at 8 every day by default Autosave type: configuration file <R1>autosave time ? --Parameters that can be entered after viewing time ENUM<on,off> Set the switch of saving configuration data automatically by absolute time TIME<hh:mm:ss> Set the time for saving configuration data automatically <R1>autosave time 12:00:00 --Set the time for saving to 12 System autosave time switch: on Autosave time: 12:00:00 Autosave type: configuration file

   By default, the device saves the current configuration to the file “vrpcfg.zip”. If the user specifies another configuration file as the configuration file for the next startup, the device will save the current configuration to the newly specified configuration file for the next startup.

3.5.3 Set the Configuration File for the Next Startup

You can set any “*.cfg” or “*.zip” file in the root directory of the device’s external memory (e.g., flash:/) as the configuration file for the device’s next startup. You can set the configuration file for the next startup of the device by using the startup saved-configuration configuration-file command, where configuration-file is the specified configuration file name. If the configuration file is not available in the root directory of the device’s external memory, the system will prompt that the setting has failed.

For example, if you need to specify the saved backup.zip file as the configuration file for the next startup, you can do the following.

<R1>startup saved-configuration backup.zip --Specify the configuration file to be loaded at the next startup This operation will take several minutes, please wait..... Info: Succeeded in setting the file for booting system <R1>display startup --Display the configuration file to be loaded at the next startup MainBoard: Startup system software: null Next startup system software: null Backup system software for next startup: null Startup saved-configuration file: flash:/vrpcfg.zip Next startup saved-configuration file: flash:/backup.zip --Configuration file to be loaded at the next startup

After setting the configuration file for the next startup, if the current configuration is saved again, the current configuration will be saved to the configuration file set for the next startup by default, thus overwriting the original content of the configuration file for the next startup. Autosave interval configuration and autosave time configuration will also save the configuration to the specified configuration file for the next startup.

3.5.4 View Configuration Results

The display startup command is used to view the system software, backup system software, configuration file, license file, patch file, and voice file related to the current and next startup of the device. It is illustrated as follows.

<Huawei>display startup MainBoard: Startup system software: null Next startup system software: null Backup system software for next startup: null Startup saved-configuration file: flash:/vrpcfg.zip Next startup saved-configuration file: flash:/vrpcfg.zip Startup license file: null Next startup license file: null Startup patch package: null Next startup patch package: null Startup voice-files: null Next startup voice-files: null

• “Startup system software” indicates the VRP file used for the current system startup.

• “Next startup system software” means the VRP file to be used for the next system startup.

• “Startup saved-configuration file” indicates the configuration file used for the current system startup.

• “Next startup saved-configuration file” represents the configuration file used for the next system startup.

When the device starts, the configuration file is loaded from the storage device and initialized. If there is no configuration file in the storage device, the device will be initialized using the default parameters.

The following commands can be used to view the configuration parameters that are currently in effect for the router.

<Huawei>display current-configuration

The following commands can be used to display the saved configuration parameters.

<Huawei>display saved-configuration

If you do not save, the configuration parameters that are currently in effect may be different from the configuration parameters saved. If no further configuration is done after saving, they are the same.

3.5.5 File Management

VRP manages all files (including device configuration files, system files, license files, patch files) and directories on the device through the file system. VRP file system is mainly used to create, delete, modify, copy and display files and directories, which are stored in the external memory of the device. The external memory supported by Huawei routers is generally Flash and SD card, and that supported by switches is generally Flash and CF card.

There are various types of files in the external memory of the device. In addition to the configuration files mentioned earlier, there are also system software files, license files, patch files and so on. Among these files, the system software file is of particular importance because it is in fact the device’s VRP operating system itself. The system software file has the extension “.cc” and must be stored in the root directory of the external memory. When the device starts up, the contents of the system software file are loaded into memory and run.

In the following example, a backup configuration file is used to show the file management process.

1. 1.

   View files.

   View the files in the current path and confirm the name and size of the configuration file to be backed up. The dir [/all] [filename | directory] command can be used to view the files in the current path, where “all” means to view all the files and directories in the current path, including the files that have been deleted to the recycle bin, filename indicates the name of the file to be viewed, and directory represents the path of the directory to be viewed.

   The default external memory of the router is Flash. By executing the following commands, you can view the files and directories in the root directory of the Flash memory of router R1.

   <R1>dir --List current directory files and folders Directory of flash:/ Idx Attr Size(Byte) Date Time(LMT) FileName 0 drw- - May 01 2018 02:51:18 dhcp -- d means this is a folder 1 -rw- 121,802 May 26 2014 09:20:58 portalpage.zip 2 -rw- 2,263 May 01 2018 08:13:21 statemach.efs 3 -rw- 828,482 May 26 2014 09:20:58 sslvpn.zip 4 -rw- 408 May 01 2018 07:27:28 private-data.txt 5 -rw- 897 May 01 2018 08:18:00 backup.zip 6 -rw- 872 May 01 2018 07:27:28 vrpcfg.zip 1,090,732 KB total (784,452 KB free)

   In the echo message, you can see an 872-byte configuration file named “vrpcfg.zip”. Assume it is the configuration file we need to backup.

2. 2.

   Create a new directory.

   The command to create a directory is mkdir directory, where directory means the directory to be created. Create a directory named backup in the root directory of Flash.

<R1>mkdir /backup --Create a folder Info: Create directory flash:/backup......Done

1. 3.

   Copy and rename the file.

   The command to copy the file is copy source-filenames destination-filename, where source-filename indicates the path of the copied file and the source filename, and destination-filename indicates the path of the destination file and the destination filename. Copy the configuration file vrpcfg.zip that needs to be backed up to the new directory and rename it to cfgbak.zip.

<R1>copy vrpcfg.zip flash:/backup/cfgbak.zip --Copy vrpcfg.zip to backup folder Copy flash:/vrpcfg.zip to flash:/backup/cfgbak.zip? (y/n)[n]:y 100% complete Info: Copied file flash:/vrpcfg.zip to flash:/backup/cfgbak.zip...Done

1. 4.

   View the files after backup.

   The cd directory command is used to modify the current working path. We can perform the following actions to see if the file backup is successful.

   <R1>dir flash:/backup/ --List the contents in Flash:/backup Directory of flash:/backup/ Idx Attr Size(Byte) Date Time(LMT) FileName 0 -rw- 872 May 01 2018 08:58:49 cfgbak.zip

   The echo message shows that there is already a cfgbak.zip file in the backup directory, so the backup process of the configuration file vrpcfg.zip has been successfully completed.

2. 5.

   Delete the file.

   When there is not enough space available in the device’s external memory, we will probably need to delete some of the trash files. The command to delete a file is delete [/unreserved] [/force] filename, where /unreserved means to completely delete a specified file and the deleted file will not be recovered, /force means to directly delete the file without confirmation, and filename represents the name of the file to be deleted.

   If you do not use /unreserved, the files deleted by using the delete command will be saved to the recycle bin, and the files in the recycle bin can be restored with the undelete command. Note that files saved to the recycle bin will still occupy memory space. Using the reset recycle-bin command will completely delete all files in the recycle bin, and these files will be permanently deleted and cannot be restored.

   The following are the operations to delete files, view deleted files, and clear files in the recycle bin.

   <R1>delete backup.zip --Delete the file Delete flash:/backup.zip? (y/n)[n]:y Info: Deleting file flash:/backup.zip...succeed. <R1>dir /all --The parameter all is used to display all files, including files in the recycle bin Directory of flash:/ Idx Attr Size(Byte) Date Time(LMT) FileName 0 drw- - May 01 2018 02:51:18 dhcp 1 -rw- 121,802 May 26 2014 09:20:58 portalpage.zip 2 drw- - May 01 2018 08:58:49 backup 3 -rw- 2,263 May 01 2018 08:13:21 statemach.efs 4 -rw- 828,482 May 26 2014 09:20:58 sslvpn.zip 5 -rw- 408 May 01 2018 07:27:28 private-data.txt 6 -rw- 872 May 01 2018 07:27:28 vrpcfg.zip 7 -rw- 897 May 01 2018 09:11:32 [backup.zip] --Files in recycle-bin 1,090,732 KB total (784,440 KB free) <R1>reset recycle-bin --Clear the recycle bin Squeeze flash:/backup.zip? (y/n)[n]:y Clear file from flash will take a long time if needed...Done. %Cleared file flash:/backup.zip.

   Use the move command to move a file.

   <R1>move backup.zip flash:/backup/backup1.zip

   Enter the backup directory.

   <R1>cd backup/

   Use the pwd command to display current directory.

   <R1>pwd flash:/backup

   You can use the move command in the same directory to rename a file.

<R1>move backup1.zip backup2.zip

3.6 Exercises

1. 1.

   Which of the following commands is used to change the name of the router? ( )

   1. A.

      < Huawei > sysname R1

   2. B.

      [Huawei]sysname R1

   3. C.

      [Huawei] system R1

   4. D.

      < Huawei > system R1

2. 2.

   Which of the following commands is incorrect to configure an IP address for a router interface? ( )

   1. A.

      [R1]ip address 192.168.1.1 255.255.255.0

   2. B.

      [R1-GigabitEthernet0/0/0] ip address 192.168.1.1 24

   3. C.

      [R1-GigabitEthernet0/0/0]ip add 192.168.1.1 24

   4. D.

      [R1-GigabitEthernet0/0/0]ip address 192.168.1.1 255.255.255.0

3. 3.

   The command to view the current configuration of the router is ( ).

   1. A.

      <R1>display current-configuration

   2. B.

      <R1>display saved-configuration

   3. C.

      [R1-GigabitEthernet0/0/0]display

   4. D.

      [R1]show current-configuration

4. 4.

   The command to save the configuration of Huawei router is ( ).

   1. A.

      [R1]save

   2. B.

      <R1>save

   3. C.

      <R1>copy current startup

   4. D.

      [R1] copy current startup

5. 5.

   Which command is used to change the configuration file loaded at the next startup of the router? ( )

   1. A.

      <R1>startup saved-configuration backup.zip

   2. B.

      <R1>display startup

   3. C.

      [R1]startup saved-configuration

   4. D.

      [R1]display startup

6. 6.

   When configuring the router via the console port, only password authentication is needed, so the authentication mode should be configured as ( ).

   1. A.

      [R1-ui-console0]authentication-mode password

   2. B.

      [R1-ui-console0]authentication-mode aaa

   3. C.

      [R1-ui-console0]authentication-mode Radius

   4. D.

      [R1-ui-console0]authentication-mode scheme

7. 7.

   (Multi-selection) Which two commands are required to create a user han for the router to allow configuration of the router via Telnet with a user privilege level of 3? ( )

   1. A.

      [R1-aaa]local-user han password cipher huawei3 privilege level 3

   2. B.

      [R1-aaa]local-user han service-type telnet

   3. C.

      [R1-aaa]local-user han password cipher huawei3

   4. D.

      [R1-aaa]local-user hanservice-type terminal

8. 8.

   What command can you enter in system view to switch to the user view? ( )

   1. A.

      system-view

   2. B.

      router

   3. C.

      quit

   4. D.

      user-view

9. 9.

   If the administrator wants to completely delete the old device configuration file config.zip, which of the following commands is correct ( )?

   1. A.

      delete /force config.zip

   2. B.

      delete /unreserved config.zip

   3. C.

      reset config.zip

   4. D.

      clear config.zip

10. 10.

    In the command line interface of Huawei AR router, the save command is used to save the current system time. Is this statement correct? ( )

    1. A.

       Correct

    2. B.

       Incorrect

11. 11.

    When the configuration file of the router is saved, it is usually saved on which of the following storage media? ( )

    1. A.

       SDRAM

    2. B.

       NVRAM

    3. C.

       Flash

    4. D.

       Boot ROM

12. 12.

    What is the full name of VRP? ( )

    1. A.

       Versatile Routine Platform

    2. B.

       Virtual Routing Platform

    3. C.

       Virtual Routing Plane

    4. D.

       Versatile Routing Platform

13. 13.

    The VRP operating system commands are divided into four levels: visit, monitoring, configuration, and management. Which level is able to run various service configuration commands but cannot operate the file system? ( )

    1. A.

       Visit

    2. B.

       Monitoring

    3. C.

       Configuration

    4. D.

       Management level

14. 14.

    In which view can the administrator modify the device name for the router? ( )

    1. A.

       User-view

    2. B.

       System-view

    3. C.

       Interface-view

    4. D.

       Protocol-view

15. 15.

    (Multi-selection) At present, the company has a network administrator, and AR2200 in the company network can be managed remotely by entering the password directly through Telent. After the arrival of two new administrators, the company wants to assign all the administrators their respective usernames and passwords, as well as different privilege levels. So how should this be done? ( )

    1. A.

       Configure three usernames and their corresponding passwords in the AAA view

    2. B.

       The user authentication mode configured by Telent must be AAA mode

    3. C.

       When configuring each administrator’s account, different privilege levels need to be configured

    4. D.

       Each administrator uses a different public IP address of the device when running Telent commands

16. 16.

    (Multi-selection) VRP supports the configuration of the router in which ways? ( )

    1. A.

       Configuring the router via console port

    2. B.

       Configuring the router via Telent

    3. C.

       Configuring the router via mini USB port

    4. D.

       Configuring the router via FTP

17. 17.

    After the carrier successfully Telnetted to the router, the interface IP address cannot be configured using the configuration command. This is probably because ( ).

    1. A.

       The Telnet terminal software of the operating user does not allow the user to configure the IP address of the device’s interface

    2. B.

       The authentication mode of the Telnet user is not set correctly

    3. C.

       The Telnet user’s level is not set correctly

    4. D.

       The SNMP parameter is not set correctly

18. 18.

    Which of the following descriptions of display information is correct ( ).

[R1]display interface g0/0/0 GigabitEthernet0/0/0 current state:Administratively DOWN Line protocol current state: DOWN

1. A.

   The interface Gigabit Ethernet 0/0/0 is connected to a wrong cable

2. B.

   The interface Gigabit Ethernet 0/0/0 is not configured with an IP address

3. C.

   The interface Gigabit Ethernet 0/0/0 is not enabled with a dynamic routing protocol

4. D.

   The interface Gigabit Ethernet 0/0/0 is manually disabled by the administrator