Configuring the GE/FE Optical/Electrical Interface

Generally, the ME60 sets an Ethernet interface to an optical or electrical interface based on the interface module's type. If the  Huawei ME60  cannot identify an interface module, you need to manually set the interface to the optical or electrical mode.

Run:

system-view

The system view is displayed.

Run:

interface { ethernet | gigabitethernet } interface-number

The Ethernet interface view is displayed.

Run:

port-type { copper | fiber-100 | fiber-1000 }

The interface type is set.

NOTE:

When an SFP module is being replaced, the configurations such as the loopback test, interface speed, auto-negotiation mode, and duplex mode on the interface are all restored to default ones. You need to reconfigure them on the interface.

After the port-type command is run, the configurations such as the loopback test, interface speed, auto-negotiation mode, and duplex mode on the interface are all restored to default ones. You need to reconfigure them on the interface.

The parameter copper can be configured in the port-type command only when an optical/electrical SFP module is installed.

fiber-100 cannot be set for interfaces on the 24-Port 1000Base-X-SFP Flexible Card E(BP51-E) subcard.

Confirming the GTL License

The file extension of a GTL license file is .dat, which is different from the file extension of a software license file.

NE40E-X3  &NE40E-X8  600R003C00 supports the GTL license. For details on the features that can be controlled by the GTL license, see "NE40E&80E V600R003C00 License Policy Guide." Before the upgrade, confirm whether a new GTL license is required for both the master MPU and slave MPU. If a new GTL license is required but not obtained, services controlled by the GTL license cannot be used.

After obtaining the GTL license, check whether the electronic serial numbers (ESNs) of MPUs are the same as those in the GTL license file.

<HUAWEI> display esn

ESN of master:030MDB108B000014

ESN of slave:030MDB108B000013

Compare the output of the above command with the ESN field in the GTL license file.

You can open a GTL license file with the notepad application to check whether the ESNs in the GTL license file are the same as those of the MPUs.

To use the license-controlled features in V600R003C00, you need to apply for the corresponding GTL license from Huawei's GTL platform before the upgrade.

After the MPU of the device is replaced, the original GTL license will support the new MPU for 60 days. After this period, if use of the new MPU continues, a new GTL license from Huawei is required.

Configuration Example of the RADIUS Authentication

The MA5616  is interconnected with the RADIUS server through the RADIUS protocol to implement authentication.

Configure the authentication scheme.
Configure authentication scheme newscheme (users are authenticated through RADIUS).
huawei(config)#aaa
huawei(config-aaa)#authentication-scheme newscheme
huawei(config-aaa-authen-newscheme)#authentication-mode radius
huawei(config-aaa-authen-newscheme)#quit
huawei(config-aaa)#quit
Configure the RADIUS protocol.
Create RADIUS server template template1. RADIUS server 10.10.66.66 functions as the primary authentication server, and RADIUS server 10.10.66.67 functions as the secondary authentication.
huawei(config)#radius-server template template1
 Note: Create a new server template
huawei(config-radius-template1)#radius-server authentication 10.10.66.66 1812
huawei(config-radius-template1)#radius-server authentication 10.10.66.67 1812 secondary
huawei(config-radius-template1)#quit
Create a domain.
Create domain isp1.
huawei(config)#aaa
huawei(config-aaa)#domain isp1
  Info: Create a new domain
Reference the authentication scheme.
You can reference an authentication scheme in a domain only after the authentication scheme is created.
huawei(config-aaa-domain-isp1)#authentication-scheme newscheme
Reference the RADIUS server template.
You can reference a RADIUS server template in a domain only after the RADIUS server template is created.
huawei(config-aaa-domain-isp1)#radius-server template1
huawei(config-aaa-domain-isp1)#quit

User1 in isp1 can be authenticated and can log in to the MA5620

Configuring the NE80E with 5000 W power consumption to Power on LPUF-40s/LPUI-40s

How to configure the NE40E-X3   with 5000 W power consumption to power on LPUF-40s/LPUI-40s.

Run:
system-view
The system view is displayed.
Run:
set board-power-on lower-performance-fan enable
The NE80E with 5000 W power consumption is configured to power on LPUF-40s/LPUI-40s.
Run:
system-view
The system view is displayed.
Run:
set power input-power power-value
The input power of the power module is configured.

NOTE:
This command can only be used on the NE80E with 5000 W power consumption, and does not need to be used on the NE40E-X8   with 8000 W power consumption.

Configuration Example of the RADIUS Authentication

The MA5600  is interconnected with the RADIUS server through the RADIUS protocol to implement authentication.

Configure the authentication scheme.
Configure authentication scheme newscheme (users are authenticated through RADIUS).
huawei(config)#aaa
huawei(config-aaa)#authentication-scheme newscheme
huawei(config-aaa-authen-newscheme)#authentication-mode radius
huawei(config-aaa-authen-newscheme)#quit
huawei(config-aaa)#quit
Configure the RADIUS protocol.
Create RADIUS server template template1. RADIUS server 10.10.66.66 functions as the primary authentication server, and RADIUS server 10.10.66.67 functions as the secondary authentication.
huawei(config)#radius-server template template1
 Note: Create a new server template
huawei(config-radius-template1)#radius-server authentication 10.10.66.66 1812
huawei(config-radius-template1)#radius-server authentication 10.10.66.67 1812 secondary
huawei(config-radius-template1)#quit
Create a domain.
Create domain isp1.
huawei(config)#aaa
huawei(config-aaa)#domain isp1
  Info: Create a new domain
Reference the authentication scheme.
You can reference an authentication scheme in a domain only after the authentication scheme is created.
huawei(config-aaa-domain-isp1)#authentication-scheme newscheme
Reference the RADIUS server template.
You can reference a RADIUS server template in a domain only after the RADIUS server template is created.
huawei(config-aaa-domain-isp1)#radius-server template1
huawei(config-aaa-domain-isp1)#quit

User1 in isp1 can be authenticated and can log in to the MA5600.
Configuration Script

aaa
authentication-scheme newscheme
authentication-mode radius
quit
quit
radius-server template radtest
radius-server authentication 10.10.66.66 1812
radius-server authentication 10.10.66.67 1812 secondary
quit
aaa
domain isp1
authentication  MA5600T -scheme newscheme
radius-server radtest
quit

Configuring a Load Balancing Mode

Run:
system-view
The system view is displayed.
Run:
interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
Run:
load-balance { dst-ip | dst-mac | src-ip | src-mac | src-dst-ip | src-dst-mac }
The load balancing mode of the Eth-Trunk is set.

NOTE:
The S2350, S5328C-SI    and S5300LI use the parameter src-dst-ip in the HASH algorithm for load balance regardless of whether you configure this parameter.
On the S2350, S5300LI, and S5300SI, when the load balancing mode of an Eth-Trunk is modified, the modification takes effect on all Eth-Trunks. The load balancing mode will be set to the default mode when a new Eth-Trunk is created.

Run:
system-view
The system view is displayed.
Run:
load-balance-profile profile-name
A load balancing profile is created and its view is displayed. Only one load balancing profile can be created.
Run:
l2 field [ dmac | l2-protocol | smac | sport | vlan ] *
The load balancing mode of Layer 2 packets is set.
Run:
ipv4 field [ dip | l4-dport | l4-sport | protocol | sip | sport | vlan ] *
The load balancing mode of IPv4 packets is set.
Run:
ipv6 field [ dip | l4-dport | l4-sport | protocol | sip | sport | vlan ] *
The load balancing mode of IPv6 packets is set.
Run:
mpls field [ 2nd-label | dip | sip | sport | top-label | vlan ] *
The load balancing mode of MPLS packets is set.
Run:
quit
Return to the system view.
Run:
interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
Run:
load-balance enhanced profile profile-name
The load balancing profile is applied.


NOTE:
The preceding load balancing modes apply only to known unicast traffic. To configure the load balancing mode for unknown unicast traffic, run the unknown-unicast load-balance { dmac | smac | smacxordmac | enhanced }command in the system view. Only the S5300EI, LS-S5328C-EI-24S   , and S5300HI support load balancing configuration for unknown unicast traffic.

Configuring the Broadcast Mode NTP

MA5600    uses the local clock as the master NTP clock on stratum 2 and works in the broadcast mode NTP, sends broadcast clock synchronization packets periodically through IP address 10.10.10.10/24 of the L3 interface of VLAN 2; MA5600_C functions as the NTP client, listens to the broadcast packets sent from the server through IP address 10.10.10.20/24 of the L3 interface of VLAN 2, and synchronizes with the clock on the broadcast server. To perform these configurations, do as follows:
On MA5600_S:
huawei(config)#ntp-service refclock-master 2
huawei(config)#vlan 2 standard
huawei(config)#port vlan 2 0/7 0
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 10.10.10.10 24
huawei(config-if-vlanif2)#ntp-service broadcast-server
huawei(config-if-vlanif2)#quit
On MA5600_C:
huawei(config)#vlan 2 standard
huawei(config)#port vlan 2 0/7 0
huawei(config)#interface vlanif 2
huawei(config-if-vlanif2)#ip address 10.10.10.20 24
huawei(config-if-vlanif2)#ntp-service broadcast-client
huawei(config-if  MA5600T -vlanif2)#quit

Configure the S5300 as an FTP server.

No FTP server software is installed on the   LS-S5352C-EI  ; therefore, the customer needs to buy FTP server software and install it.

Configure the S5300 as an FTP server.

Start the FTP server on the S5300, and set the FTP user name to ftpuser and password to ftppwd.

<Quidway> system-view

[Quidway] ftp server enable

[Quidway] aaa

[Quidway-aaa] local-user ftpuser password cipher ftppwd

[Quidway-aaa] local-user ftpuser service-type ftp

[Quidway-aaa] local-user ftpuser ftp-directory flash:

[Quidway-aaa] return

Set an IP address for the S5300.

An idle service interface is recommended. This example assumes that GigabitEthernet0/0/1 is used and the IP address is 1.1.1.1/24.

<Quidway> system-view

 [Quidway]interface gigabitethernet0/0/1

[Quidway-GigabitEthernet0/0/1]port link-type access 

[Quidway-GigabitEthernet0/0/1]quit

[Quidway] vlan 10

[Quidway-vlan10] port gigabitethernet0/0/1    

[Quidway-vlan10] quit

[Quidway] interface vlanif 10

[Quidway-Vlanif10] ip address 1.1.1.1 24

[Quidway-Vlanif10] quit

[Quidway]

Log in to the FTP server (the S5300).

Store the file to be uploaded in the specified directory (for example, D:\>directory). Choose Start > Run. Enter cmd and press Enter. Enter FTP 1.1.1.1. Enter the user name at the user prompt and the password at the password prompt, and then press Enter. The following information is displayed:

D:\>ftp 1.1.1.1

Connected to 1.1.1.1.

220 FTP service ready.

User (1.1.1.1:(none)): ftpuser

331 Password required for 1.

Password:

S5328C-SI    User logged in.

ftp> 

Configuring a GPON ONT

The MA5680T /MA5603T provides end users with services through the ONT. The MA5600T/MA5603T can manage the ONT and the ONT can work in the normal state only after the channel between the MA5600T/MA5603T and the ONT is available.

To add five ONTs in offline mode with password authentication mode (ONT passwords are 0100000001-0100000005), set the discovery mode of password authentication to always-on, and bind ONT capability profile 10, do as follows:

huawei(config)#interface gpon 0/2

huawei(config-if-gpon-0/2)#ont add 0 password-auth 0100000001 always-on profile-id 10 manage-mode omci

huawei(config-if-gpon-0/2)#ont add 0 password-auth 0100000002 always-on profile-id 10 manage-mode omci

huawei(config-if-gpon-0/2)#ont add 0 password-auth 0100000003 always-on profile-id 10 manage-mode omci

huawei(config-if-gpon-0/2)#ont add 0 password-auth 0100000004 always-on profile-id 10 manage-mode omci

huawei(config-if-gpon-0/2)#ont add 0 password-auth 0100000005 always-on profile-id 10 manage-mode omci

To add an ONT that is managed by the OLT through the OMCI protocol, confirm this ONT according to the SN 3230313185885B41 automatically reported by the system, and bind the ONT with capability profile 3 that match the ONT, do as follows:

huawei(config)#interface gpon 0/2

huawei(config-if-gpon-0/2)#port 0 ont-auto-find enable

huawei(config-if-gpon-0/2)#ont confirm 0 sn-auth 3230313185885B41 profile-id 3 manage-mode omci

To add an ONU that is managed as an independent NE and whose SN is known as 3230313185885641, bind the ONU with capability profile 4 that matches the ONU, configure the NMS parameters for the ONU, and set the management VLAN to 100, do as follows:

huawei(config)#snmp-profile add profile-id 1 v2c public private 10.10.5.53 161 huawei

huawei(config)#interface gpon 0/2

huawei(config-if-gpon-0/2)#ont add 0 2 sn-auth 3230313185885641 profile-id 4 manage-mode snmp

huawei(config-if-gpon-0/2)#ont ipconfig 0 2 static ip-address 10.20.20.20 mask 255.255.255.0 gateway 10.10.20.1 vlan 100 

huawei(config-if-gpon-0/2)#ont snmp-profile 0 2 profile-id 1

huawei(config-if-gpon-0/2)#ont snmp-route 0 2 ip-address 10.10.20.190 mask 255.255.255.0 next-hop 10.10.20.100

Configuring the NTP Peer Mode

Configure the Huawei MA5680T   for clock synchronization in the NTP peer mode. In the peer mode, configure only the active peer, and the passive peer need not be configured. In the peer mode, the active peer and the passive peer can synchronize with each other. The peer with a higher clock stratum is synchronized by the peer with a lower clock stratum.

Run the ntp-service refclock-master command to configure the local clock as the master NTP clock, and specify the stratum of the master NTP clock.

Run the ntp-service unicast-peer command to configure the NTP peer mode, and specify the IP address of the remote server that functions as the local timer server and the interface for transmitting and receiving NTP packets.

 NOTE:

In this command, ip-address is a unicast address, which cannot be a broadcast address, a multicast address, or the IP address of a reference clock.

After the source interface of the NTP packets is specified by source-interface, the source IP address of the NTP packets is configured as the primary IP address of the specified interface.

One MA5616 functions as the NTP active peer (IP address of the L3 interface of VLAN 2: 10.10.10.10/24) and works on clock stratum 4, the other MA5616 (IP address: 10.10.10.20/24) functions as the NTP passive peer, the active peer sends a clock synchronization request packet through the VLAN L3 interface to the passive peer, the passive peer responds to the request packet, and the peer with a higher clock stratum is synchronized by the peer with a lower clock stratum. To perform these configurations, do as follows:

huawei(config)#ntp-service refclock-master 4

huawei(config)#ntp-service unicast-peer

huawei(config)#vlan 2 standard

huawei(config)#port vlan 2 0/0 1

huawei(config)#interface vlanif 2

huawei(config-if-vlanif2)#ip address 10.10.10.10 24

huawei(config  Huawei MA5683T  -if-vlanif2)#quit