01-03 Typical Basic Configuration
Uploaded by
Barrymuyinda_201-03 Typical Basic Configuration
Uploaded by
Barrymuyinda_2Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
3 Typical Basic Configuration
3.1 Typical Login Configuration
3.2 Typical File Management Configuration
3.3 Example for Upgrading a New Device
3.1 Typical Login Configuration
3.1.1 Example for Configuring Switch Login Through a
Console Port
Overview
After a PC is connected to a switch through a dedicated console cable, you can
perform login configurations and use the PC to manage the switch.
Logging in through a console port is a basic login mode and forms the basis of
other login modes such as Telnet and STelnet. When you log in to a switch for the
first time or if you cannot remotely log in to a switch, you can log in to the switch
through a console port.
Configuration Notes
● Prepare a console cable. If you use a laptop or a PC without a serial port,
prepare a USB to serial cable and install the driver stored on the CD-ROM
(delivered with the cable) according to instructions.
● Install the terminal emulation software on the PC. You can use the built-in
HyperTerminal of Windows 2000 on the PC. If no built-in terminal emulation
software is available, prepare the terminal emulation software. For details on
how to use terminal emulation software, see the related usage guide or
online help.
● This example applies to all versions and models of S series switches.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 78
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
NOTE
The following uses the command lines and outputs of the S9300 running V200R006C00 as an
example.
Networking Requirements
The IT maintenance department of a company purchases S series switches, which
are configured by network administrators. A network administrator usually logs in
to a new switch through a console port and then performs initial configurations.
As shown in Figure 3-1, the serial port of a PC is connected to the console port of
the Switch through a console cable. The user wants to log in to the Switch
through the console port and requires local authentication upon the next login. To
facilitate remote maintenance on the Switch, the user wants to configure the
Telnet function.
Figure 3-1 Networking diagram for configuring switch login through a console
port
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure terminal emulation software, set the connected port and
communication parameters, and log in to the Switch.
2. Configure basic information for the Switch, including the date, time, time
zone, and name, to facilitate management.
3. Configure an authentication mode for the console user interface so that the
user is authenticated upon the next login through the console port.
4. Configure the management IP address and Telnet to facilitate remote
maintenance on the Switch.
Procedure
Step 1 Connect the DB9 female connector of the console cable to the serial port (COM)
on the PC, and connect the RJ45 connector to the console port on the switch, as
shown in Figure 3-2.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 79
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
Figure 3-2 Connecting to the switch through the console port
NOTE
● If you use a laptop or a PC without a serial port, prepare a USB to serial cable. Install
the driver stored on the CD-ROM (delivered with the cable) according to instructions,
connect the USB-DB9 female connector of the cable to the USB port on the PC, and
connect the RJ-45 connector to the console port on the switch.
● If the switch has two MPUs, you can log in to the switch through the console port on
either of the two MPUs.
Step 2 Configure terminal emulation software and log in to the Switch.
Start terminal emulation software on the PC. Establish a connection, and set the
connected port and communication parameters. Table 3-1 lists the default
attribute settings of a console port.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 80
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
Table 3-1 Default attribute settings of a console port
Parameter Default Setting
Baud rate 9600 bit/s
Flow Control No flow control
Parity No parity check
Stop bits 1
Data bits 8
Step 3 Configure basic information for the Switch.
# Set the date, time, time zone, and name.
NOTE
The time zone varies depending on the location of a switch. Set the time zone based on the site
requirements. The following information is only for reference.
<Quidway> clock timezone BJ add 08:00:00 //BJ is the name of the time zone, and 08:00:00 indicates
that the local time is 8 plus the system default UTC time zone.
<Quidway> clock datetime 10:10:00 2014-07-26 //Set the current date and time. Before setting the
current time, check the time zone and set a correct time zone offset to ensure the correct local time.
<Quidway> system-view
[Quidway] sysname Switch //Set the switch name to Switch.
Step 4 Configure an authentication mode for the console user interface. (From V200R010
to V200R019, the default authentication mode for the console user interface is
AAA authentication. In V200R020 and later versions, the default authentication
mode for the console user interface is password authentication. The method of
changing the authentication mode is similar and is not provided here.)
# Set the authentication mode of the console interface to AAA, and create a local
user.
[Switch] user-interface console 0
[Switch-ui-console0] authentication-mode aaa //Set the authentication mode of the user to AAA.
[Switch-ui-console0] quit
[Switch] aaa
[Switch-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789 //Create a local
user named admin1234 and set its password to Helloworld@6789. Versions earlier than V200R003
support only the cipher keyword but do not support irreversible-cipher.
[Switch-aaa] local-user admin1234 privilege level 15 //Set the user level to 15.
[Switch-aaa] local-user admin1234 service-type terminal //Set the access type to terminal, that is,
console user.
[Switch-aaa] quit
Step 5 Configure the management IP address and Telnet.
# Configure the management IP address.
[Switch] vlan 10
[Switch-vlan10] interface vlanif 10 //Configure VLANIF 10 as the management interface.
[Switch-Vlanif10] ip address 10.1.1.1 24
[Switch-Vlanif10] quit
[Switch] interface gigabitethernet 0/0/10 //GE0/0/10 is the physical interface used for logging in to the
switch through the web system on a PC. Select an interface based on actual networking requirements.
[Switch-GigabitEthernet0/0/10] port link-type access //Set the interface type to access.
[Switch-GigabitEthernet0/0/10] port default vlan 10 //Add GE0/0/10 to VLAN 10.
[Switch-GigabitEthernet0/0/10] quit
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 81
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
# Configure the Telnet function.
[Switch] telnet server enable //Enable Telnet.
[Switch] telnet server-source -i Vlanif 10 //Configure the source interface of the server as the interface
corresponding to 10.1.1.1. Assume that the interface is Vlanif 10.
[Switch] user-interface vty 0 4 //Enter the user interface views of VTY 0 to VTY 4.
[Switch-ui-vty0-4] protocol inbound telnet //Set the protocol supported by the VTY user interface to
Telnet.
[Switch-ui-vty0-4] user privilege level 15 //Set the level of users in VTY 0 to VTY 4 to 15.
[Switch-ui-vty0-4] authentication-mode aaa //Set the authentication mode of users in VTY 0 to VTY 4
to AAA.
[Switch-ui-vty0-4] quit
[Switch] aaa
[Switch-aaa] local-user admin123 password irreversible-cipher Huawei@6789 //Create a local user
named admin1234 and set its password to Huawei@6789. Versions earlier than V200R003 support only
the cipher keyword but do not support irreversible-cipher.
[Switch-aaa] local-user admin123 privilege level 15 //Set the user level to 15.
Warning: This operation may affect online users, are you sure to change the user privilege level ?[Y/N]y
[Switch-aaa] local-user admin123 service-type telnet //Set the access type to telnet, that is, Telnet user.
[Switch-aaa] quit
Step 6 Verify the configuration.
When logging in to the switch again through the console port after completing
the configuration, you need to enter the user name and authentication password
configured in the preceding steps to pass identity authentication and log in to the
switch successfully. You can also log in to the switch using Telnet.
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 10
#
telnet server enable
telnet server-source -i Vlanif 10
#
clock timezone BJ add 08:00:00
#
aaa
local-user admin123 password irreversible-cipher %^%#}+ysUO*B&+p'NRQR0{ZW7[GA*Z*!X@o:Va15dxQAj
+,$>NP>63de|G~ws,9G%^%#
local-user admin123 privilege level 15
local-user admin123 service-type telnet
local-user admin1234 password irreversible-cipher %^%#}+ysUO*B&+p'NRQR0{ZW7[GA*Z*!X@o:Va15dxQAj
+,$>NP>63de|G~ws,9G%^%#
local-user admin1234 privilege level 15
local-user admin1234 service-type terminal
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/10
port link-type access
port default vlan 10
#
user-interface con 0
authentication-mode aaa
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
protocol inbound telnet
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 82
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
#
return
3.1.2 Example for Configuring Telnet Login (Based on ACL
Rules and RADIUS Authentication)
Overview
Telnet login to a switch facilitates remote management and maintenance on the
switch so that you do not need to connect a terminal to each switch. By default,
you cannot log in to a switch using Telnet. You need to log in to a switch through
a console port and configure the Telnet function first. For details, see 3.1.1
Example for Configuring Switch Login Through a Console Port.
An Access Control List (ACL) is a packet filter that filters packets based on rules.
One or more rules describe the packet matching conditions, such as the source
address, destination address, and port number of packets. For packets that match
the ACL rules configured on a device, the device forwards or discards these
packets according to the policies used by the service module to which the ACL is
applied.
RADIUS uses the client/server model in distributed mode and protects a network
against unauthorized access. It is often used on networks that require high
security and remote user access control. After Telnet login based on RADIUS
authentication is configured, a switch sends the user name and password of a
login user to the RADIUS server. The RADIUS server then authenticates the user
and records the user operations, ensuring network security.
If ACLs and RADIUS authentication are both configured, packets matching ACL
rules reach an upper-layer module and then are authenticated in RADIUS mode
based on the user name and password. The Telnet login mode based on ACL rules
and RADIUS authentication therefore ensures network security.
Configuration Notes
● Telnet is an insecure protocol. Using STelnet V2 is recommended.
● Ensure that the user terminal has reachable routes to the switch and RADIUS
server.
● Ensure that the IP address, port number, and shared key of the RADIUS server
are configured correctly on the switch and are the same as those on the
RADIUS server.
● Ensure that a user has been configured on the RADIUS server. In this example,
the user [email protected] (in the format of user name@domain
name) and password Example@123 have been configured.
● This example applies to all versions of all S series switches.
NOTE
The following uses the command lines and outputs of the S9300 running V200R006C00 as an
example.
Networking Requirements
The network administrator requires remote management and maintenance on a
switch and high network security for protecting the network against unauthorized
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 83
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
access. To meet the requirements, configure Telnet login based on ACL rules and
RADIUS authentication.
As shown in Figure 3-3, the Switch has reachable routes to the administrator and
the RADIUS server. The IP address and port number of the RADIUS server are
10.2.1.1/24 and 1812 respectively.
Figure 3-3 Networking diagram for configuring Telnet login based on ACL rules
and RADIUS authentication
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the Telnet protocol so that users can log in to the Switch using
Telnet.
2. Configure an ACL rule to ensure that only users matching the ACL rule can
log in to the Switch.
3. Configure the RADIUS protocol to implement RADIUS authentication. After
the configuration is complete, you can use the user name and password
configured on the RADIUS server to log in to the Switch using Telnet, ensuring
user login security.
Procedure
Step 1 Configure Telnet login.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] telnet server enable //Enable Telnet.
[Switch] telnet server-source -i Vlanif 10 //Configure the source interface of the server as the interface
corresponding to 10.1.1.1. Assume that the interface is Vlanif 10.
[Switch] user-interface vty 0 14 //Enter the user interface views of VTY 0 to VTY 14.
[Switch-ui-vty0-14] protocol inbound telnet //Configure the VTY user interface to support Telnet. By
default, switches in V200R006 and earlier versions support Telnet, and switches in V200R007 and later
versions support SSH.
[Switch-ui-vty0-14] authentication-mode aaa //Set the authentication mode of users in VTY 0 to VTY 14
to AAA.
[Switch-ui-vty0-14] user privilege level 15 //Set the level of users in VTY 0 to VTY 14 to 15.
[Switch-ui-vty0-14] quit
Step 2 Configure a basic ACL rule.
[Switch] acl 2008
[Switch-acl-basic-2008] rule permit source 10.137.217.177 0
[Switch-acl-basic-2008] quit
[Switch] user-interface vty 0 14
[Switch-ui-vty0-14] acl 2008 inbound //Allow only users matching ACL 2008 in VTY 0 to VTY 14 to log in
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 84
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
to the switch.
[Switch-ui-vty0-14] quit
Step 3 Configure RADIUS authentication.
# Configure a RADIUS server template on the Switch to implement
communication with the RADIUS server.
[Switch] radius-server template 1 //Enter the RADIUS server template view.
[Switch-radius-1] radius-server authentication 10.2.1.1 1812 //Configure the RADIUS server.
[Switch-radius-1] radius-server shared-key cipher Huawei@6789 //Set the shared key of the RADIUS
server to Huawei@6789.
[Switch-radius-1] quit
NOTE
If the RADIUS server does not support a user name containing the domain name, run the
undo radius-server user-name domain-included command to configure the Switch to
send packets carrying a user name without the domain name to the RADIUS server.
# Configure an AAA authentication scheme, with the authentication mode being
RADIUS.
[Switch] aaa
[Switch-aaa] authentication-scheme sch1 //Create an authentication scheme named sch1.
[Switch-aaa-authen-sch1] authentication-mode radius //Set the authentication mode to RADIUS.
[Switch-aaa-authen-sch1] quit
# Create a domain, and apply the AAA authentication scheme and RADIUS server
template in the domain.
[Switch-aaa] domain huawei.com //Create a domain named huawei.com and enter the domain view.
[Switch-aaa-domain-huawei.com] authentication-scheme sch1 //Configure the authentication scheme
sch1 for the domain.
[Switch-aaa-domain-huawei.com] radius-server 1 //Apply the RADIUS server template 1 to the domain.
[Switch-aaa-domain-huawei.com] quit
[Switch-aaa] quit
# Configure the domain huawei.com as the default global management domain
so that an administrator does not need to enter the domain name for logging in
to the Switch.
[Switch] domain huawei.com admin
Step 4 Verify the configuration.
Choose Start > Run as an administrator. Enter cmd to open the Windows
Command Prompt window. Type telnet 10.1.1.1, and press Enter.
C:\Documents and Settings\Administrator> telnet 10.1.1.1
In the login interface, type the user name admin123 and password Example@123
as prompted and press Enter. Authentication succeeds, and you successfully log in
to the Switch using Telnet. (The following information is only for reference.)
Login authentication
Username:admin123
Password:
Info: The max number of VTY users is 8, and the number
of current VTY users on line is 2.
The current login time is 2014-07-30 09:54:02+08:00.
<Switch>
----End
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 85
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
Configuration Files
Switch configuration file
#
sysname Switch
#
domain huawei.com admin
#
telnet server enable
telnet server-source -i Vlanif 10
#
radius-server template 1
radius-server shared-key cipher %^%#}+ysUO*B&+p'NRQR0{ZW7[GA*Z*!X@o:Va15dxQAj+,$>NP>63de|
G~ws,9G%^%#
radius-server authentication 10.2.1.1 1812 weight 80
#
acl number 2008
rule 5 permit source 10.137.217.177 0
#
aaa
authentication-scheme sch1
authentication-mode radius
domain huawei.com
authentication-scheme sch1
radius-server 1
#
user-interface vty 0 14
acl 2008 inbound
authentication-mode aaa
user privilege level 15
protocol inbound telnet
#
return
Related Content
3.1.3 Example for Configuring STelnet Login (Based on
RADIUS Authentication)
Overview
The Secure Shell (SSH) protocol implements secure remote login on insecure
networks, which ensures data integrity and reliability and guarantees secure data
transmission. STelnet, based on the SSH protocol, ensures information security and
provides powerful authentication function. STelnet protects a switch against
attacks such as IP spoofing. By default, you cannot log in to a switch using
STelnet. You need to log in to a switch using a console port or Telnet, and
configure the STelnet function and user interface parameters first.
RADIUS uses the client/server model in distributed mode and protects a network
against unauthorized access. It is often used on networks that require high
security and remote user access control. After STelnet login based on RADIUS
authentication is configured, a switch sends the user name and password of a
login user to the RADIUS server. The RADIUS server then authenticates the user
and records the user operations, ensuring network security.
Configuration Notes
● STelnet V1 is an insecure protocol. Using STelnet V2 is recommended.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 86
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
● Ensure that the user terminal has SSH server login software installed before
configuring STelnet login. In this example, the third-party software PuTTY is
used as the SSH server login software.
● Ensure that the user terminal has reachable routes to the switch and RADIUS
server.
● Ensure that the IP address, port number, and shared key of the RADIUS server
are configured correctly on the switch and are the same as those on the
RADIUS server.
● Ensure that a user has been configured on the RADIUS server. In this example,
the user [email protected] (in the format of user name@domain
name) and password Example@123 have been configured.
● This example applies to all versions of all S series switches.
NOTE
The following uses the command lines and outputs of the S9300 running V200R006C00 as an
example.
Networking Requirements
The network administrator requires remote login to a switch and high network
security for protecting the network against unauthorized access. To meet the
requirements, configure STelnet login based on RADIUS authentication.
As shown in Figure 3-4, the Switch functions as the SSH server and has a
reachable route to the RADIUS server. The IP address and port number of the
RADIUS server are 10.2.1.1/24 and 1812 respectively.
Figure 3-4 Networking diagram for configuring STelnet login based on RADIUS
authentication
Configuration Roadmap
The configuration roadmap is as follows:
1. Generate a local key pair on the SSH server to implement secure data
exchange between the server and client.
2. Configure the STelnet protocol so that users can log in to the Switch using
STelnet.
3. Configure the RADIUS protocol to implement RADIUS authentication. After
the configuration is complete, you can use the user name and password
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 87
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
configured on the RADIUS server to log in to the Switch using STelnet,
ensuring user login security.
Procedure
Step 1 Configure STelnet login.
# Generate a local key pair on the server.
<Quidway> system-view
[Quidway] sysname Switch
[Quidway] dsa local-key-pair create //Generate a local DSA key pair.
Info: The key name will be: HUAWEI_Host_DSA.
Info: The key modulus can be any one of the following : 1024, 2048.
Info: If the key modulus is greater than 512, it may take a few minutes.
Please input the modulus [default=2048]:
Info: Generating keys...
Info: Succeeded in creating the DSA host keys.
# Configure the VTY user interface.
[Switch] stelnet server enable //Enable the STelnet server function.
[Switch] ssh server-source -i Vlanif 10 //Configure the source interface of the server as the interface
corresponding to 10.1.1.1. Assume that the interface is Vlanif 10.
[Switch] user-interface vty 0 14 //Enter the user interface views of VTY 0 to VTY 14.
[Switch-ui-vty0-14] user privilege level 15 //Set the level of users in VTY 0 to VTY 14 to 15.
[Switch-ui-vty0-14] authentication-mode aaa //Set the authentication mode of users in VTY 0 to VTY 14
to AAA.
[Switch-ui-vty0-14] protocol inbound ssh //Configure the user interface views in VTY 0 to VTY 14 to
support SSH.
[Switch-ui-vty0-14] quit
# Set the authentication mode of the SSH user admin123 to password
authentication, and service type to STelnet.
[Switch] ssh user admin123 authentication-type password //Set the authentication of the SSH user
admin123 to password authentication.
[Switch] ssh user admin123 service-type stelnet //Set the service type of the SSH user admin123 to
STelnet.
NOTE
To configure password authentication for multiple SSH users, run the ssh authentication-
type default password command to specify password authentication as the default
authentication mode of SSH users. After this configuration is complete, you do not need to
configure the authentication mode and service type for each SSH user, simplifying
configuration and improving efficiency.
Step 2 Configure RADIUS authentication.
# Configure a RADIUS server template on the Switch to implement
communication with the RADIUS server.
[Switch] radius-server template 1 //Enter the RADIUS server template view.
[Switch-radius-1] radius-server authentication 10.2.1.1 1812 //Configure the RADIUS server.
[Switch-radius-1] radius-server shared-key cipher Huawei@6789 //Set the shared key of the RADIUS
server to Huawei@6789.
[Switch-radius-1] quit
NOTE
If the RADIUS server does not support a user name containing the domain name, run the
undo radius-server user-name domain-included command to configure the Switch to
send packets carrying a user name without the domain name to the RADIUS server.
# Configure an AAA authentication scheme, with the authentication mode being
RADIUS.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 88
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
[Switch] aaa
[Switch-aaa] authentication-scheme sch1 //Create an authentication scheme named sch1.
[Switch-aaa-authen-sch1] authentication-mode radius //Set the authentication mode to RADIUS.
[Switch-aaa-authen-sch1] quit
# Create a domain, and apply the AAA authentication scheme and RADIUS server
template in the domain.
[Switch-aaa] domain huawei.com //Create a domain named huawei.com and enter the domain view.
[Switch-aaa-domain-huawei.com] authentication-scheme sch1 //Configure the authentication scheme
sch1 for the domain.
[Switch-aaa-domain-huawei.com] radius-server 1 //Apply the RADIUS server template 1 to the domain.
[Switch-aaa-domain-huawei.com] quit
[Switch-aaa] quit
# Configure the domain huawei.com as the default global management domain
so that an administrator does not need to enter the domain name for logging in
to the Switch.
[Switch] domain huawei.com admin
Step 3 Verify the configuration.
# Log in to the Switch using PuTTY on the PC. Enter the IP address of the Switch
and set the protocol type to SSH, as shown in Figure 3-5.
Figure 3-5 Connecting to the SSH server using PuTTY
# Click Open. In the login interface, type the user name admin123 and password
Example@123 as prompted and press Enter. Authentication succeeds, and you
successfully log in to the Switch using STelnet. (The following information is only
for reference.)
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 89
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
login as: admin123
password:
Info: The max number of VTY users is 8, and the number
of current VTY users online is 2.
The current login time is 2014-07-30 09:54:02+08:00.
<Switch>
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
domain huawei.com admin
#
radius-server template 1
radius-server shared-key cipher %^%#}+ysUO*B&+p'NRQR0{ZW7[GA*Z*!X@o:Va15dxQAj+,$>NP>63de|
G~ws,9G%^%#
radius-server authentication 10.2.1.1 1812 weight 80
#
aaa
authentication-scheme sch1
authentication-mode radius
domain huawei.com
authentication-scheme sch1
radius-server 1
#
user-interface vty 0 14
authentication-mode aaa
user privilege level 15
#
stelnet server enable
ssh server-source -i Vlanif 10
ssh user admin123
ssh user admin123 authentication-type password
ssh user admin123 service-type stelnet
#
return
Related Content
3.1.4 Example for Configuring Switch Login Through the Web
System (Based on RADIUS Authentication)
Overview
The web system uses the built-in web server on a switch to provide a GUI through
which users can perform switch management and maintenance. Users can log in
to the web system from terminals using HTTPS.
RADIUS is a protocol that uses the client/server model in distributed mode and
protects networks from unauthorized access. It is often used in network
environments that require high security and remote user access control. After
login through the web system based on RADIUS authentication is configured, a
switch sends the user name and password of a login user to the RADIUS server.
The RADIUS server then authenticates the user and records the user operations,
ensuring network security.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 90
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
Configuration Notes
● Ensure that the user terminal has reachable routes to the switch and RADIUS
server.
● Ensure that the IP address, port number, and shared key of the RADIUS server
are configured correctly on the switch and these settings on the switch are
the same as those on the RADIUS server.
● Ensure that a user has been configured on the RADIUS server. In this example,
the user [email protected] (in the format of user name@domain
name) and password Example@123 have been configured on the RADIUS
server.
● When the extended RADIUS attribute HW-Exec-Privilege (26-29) is used to
authorize the privilege level of an administrator, the value ranges from 0 to
15. The value greater than or equal to 16 is invalid. In this example, the
authorized user privilege level is 15.
● In this example, the S6320-EI running V200R020C00 is used.
Networking Requirements
In Figure 3-6, the Switch functions as the HTTPS server and has reachable routes
to the RADIUS server. The IP address and port number of the RADIUS server are
10.2.1.1/24 and 1812, respectively.
Figure 3-6 Configuring switch login through the web system (based on RADIUS
authentication)
Configuration Roadmap
The configuration roadmap is as follows:
1. Enable the HTTPS service and configure the source interface of the HTTPS
server to implement web login.
2. Configure the RADIUS protocol for RADIUS authentication. After the
configuration is complete, a user can use the user name and password
configured on the RADIUS server to log in to the Switch through the web
system, ensuring user login security.
Procedure
Step 1 Configure device login through the web system.
# Enable the HTTPS service.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 91
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
NOTE
HTTPS is recommended because it is more secure than HTTP.
<Quidway> system-view
<Quidway> sysname Switch
[Switch] http secure-server enable //By default, the HTTPS IPv4 service is enabled and the HTTPS IPv6
service is disabled on the device.
[Switch] http server-source -i Ethernet0/0/0 //By default, the source interface and source IPv6 address
of the HTTP server are not specified.
Step 2 Configure RADIUS authentication.
# Configure a RADIUS server template on the Switch to implement
communication with the RADIUS server.
[Switch] radius-server template 1 //Enter the RADIUS server template view.
[Switch-radius-1] radius-server authentication 10.2.1.1 1812 //Configure the RADIUS server.
[Switch-radius-1] radius-server shared-key cipher Huawei@6789 //Set the shared key of the RADIUS
server to Huawei@6789.
[Switch-radius-1] quit
NOTE
If the RADIUS server does not support a user name containing the domain name, run the
undo radius-server user-name domain-included command to configure the Switch to
send packets carrying a user name without the domain name to the RADIUS server.
# Configure an AAA authentication scheme, with the authentication mode being
RADIUS.
[Switch] aaa
[Switch-aaa] authentication-scheme sch1 //Create an authentication scheme named sch1.
[Switch-aaa-authen-sch1] authentication-mode radius //Set the authentication mode to RADIUS.
[Switch-aaa-authen-sch1] quit
# Create a domain, and apply the AAA authentication scheme and RADIUS server
template in the domain.
[Switch-aaa] domain huawei.com //Create a domain named huawei.com and enter the domain view.
[Switch-aaa-domain-huawei.com] authentication-scheme sch1 //Configure the authentication scheme
sch1 for the domain.
[Switch-aaa-domain-huawei.com] radius-server 1 //Apply the RADIUS server template 1 to the domain.
[Switch-aaa-domain-huawei.com] quit
[Switch-aaa] quit
# Configure the domain huawei.com as the default global management domain
so that an administrator does not need to enter the domain name for logging in
to the Switch.
[Switch] domain huawei.com admin
Step 3 Configure a RADIUS server.
The configuration includes adding a device, adding a user, and setting the user
privilege level to 15.
Step 4 Verify the configuration.
# Enter https://192.168.1.253 in the address box of the browser on the PC, and
enter the administrator account [email protected] and password
Example@123 to log in to the Switch. The login is successful.
Run the display http server command on the Switch. The command output
displays the status of the HTTPS server.
[Switch] display http server
HTTP Server Status : enabled
HTTP Server Port : 80(80)
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 92
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
HTTP Timeout Interval : 20
Current Online Users :0
Maximum Users Allowed :5
HTTP Secure-server Status : enabled
HTTP Secure-server Port : 443(443)
HTTP SSL Policy : Default
HTTP IPv6 Server Status : disabled
HTTP IPv6 Server Port : 80(80)
HTTP IPv6 Secure-server Status : disabled
HTTP IPv6 Secure-server Port : 443(443)
HTTP server source interface : Ethernet0/0/0
----End
Configuration Files
Switch
#
sysname Switch
#
domain huawei.com admin
#
radius-server template 1
radius-server shared-key cipher %^%#}+ysUO*B&+p'NRQR0{ZW7[GA*Z*!X@o:Va15dxQAj+,$>NP>63de|
G~ws,9G%^%#
radius-server authentication 10.2.1.1 1812 weight 80
#
aaa
authentication-scheme sch1
authentication-mode radius
domain huawei.com
authentication-scheme sch1
radius-server 1
#
http server-source -i Ethernet0/0/0
#
return
3.1.5 Example for Configuring the Device as the Telnet Client
to Log In to Another Device
Networking Requirements
As shown in Figure 3-7, the PC and Client have reachable routes to each other;
Client and Server have reachable routes to each other. The user needs to manage
and maintain Server remotely. However, the PC cannot directly log in to Server
through Telnet because it has no reachable route to Server. The user can log in to
Client through Telnet, and then log in to Server from Client. To prevent
unauthorized devices from logging in to Server through Telnet, an ACL needs to be
configured to allow only the Telnet connection from Client to Server.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 93
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
Figure 3-7 Networking diagram of configuring the device as the Telnet client to
log in to another device
NOTICE
The Telnet protocol poses a security risk, and therefore the STelnet V2 protocol is
recommended.
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the Telnet authentication mode on Server.
2. Configure the login user information on Server.
3. Configure an ACL on Server to allow Client access.
4. Log in to Server from Client through Telnet.
Procedure
Step 1 Configure the Telnet authentication mode and password on Server.
<Quidway> system-view
[Quidway] sysname Server
[Server] telnet server enable //Enable Telnet.
[Server] telnet server-source -i Vlanif 10 //Configure the source interface of the server as the interface
corresponding to 10.2.1.1. Assume that the interface is Vlanif 10.
[Server] user-interface vty 0 4
[Server-ui-vty0-4] user privilege level 15
[Server-ui-vty0-4] protocol inbound telnet
[Server-ui-vty0-4] authentication-mode aaa
[Server-ui-vty0-4] quit
Step 2 Configure the login user information.
[Server] aaa
[Server-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789
[Server-aaa] local-user admin1234 service-type telnet
[Server-aaa] local-user admin1234 privilege level 3
[Server-aaa] quit
Step 3 Configure an ACL on Switch2 to allow Client access.
[Server] acl 2000
[Server-acl-basic-2000] rule permit source 10.1.1.1 0
[Server-acl-basic-2000] quit
[Server] user-interface vty 0 4
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 94
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
[Server-ui-vty0-4] acl 2000 inbound
[Server-ui-vty0-4] quit
NOTE
It is optional to configure an ACL for Telnet services.
Step 4 Verify the configuration.
# After the preceding configuration, you can log in to Server from Client through
Telnet. You cannot log in to Server from other devices.
<Quidway> system-view
[Quidway] sysname Client
[Client] quit
<Client> telnet 10.2.1.1
Trying 10.2.1.1 ...
Press CTRL+K to abort
Connected to 10.2.1.1 ...
Warning: Telnet is not a secure protocol, and it is recommended to use STelnet.
Login authentication
Username:admin1234
Password:
<Server>
----End
Configuration File
Server configuration file
#
sysname Server
#
telnet server enable
telnet server-source -i Vlanif 10
#
acl number 2000
rule 5 permit source 10.1.1.1 0
#
aaa
local-user admin1234 password irreversible-cipher $1a$gRNl~ukoL~0.WU)C2]~2a}Cz/Y0-u8M{j@Ql6/
xHryO-Y7m{=A>kWc.-q}>*$
local-user admin1234 privilege level 3
local-user admin1234 service-type telnet
#
user-interface vty 0 4
acl 2000 inbound
authentication-mode aaa
user privilege level 15
protocol inbound telnet
#
return
3.1.6 Example for Configuring the Device as the STelnet Client
to Log In to Another Device
Networking Requirements
The enterprise requires that secure data exchange should be performed between
the server and client. As shown in Figure 3-8, two login users client001 and
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 95
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
client002 are configured and they use the password and DSA authentication
modes respectively to log in to the SSH server.
Figure 3-8 Networking diagram of logging in to another device through STelnet
NOTICE
The STelnet V1 protocol poses a security risk, and therefore the STelnet V2 mode is
recommended.
Configuration Roadmap
The configuration roadmap is as follows:
1. Generate a local key pair on the SSH server to implement secure data
exchange between the server and client.
2. Configure different authentication modes for the SSH users client001 and
client002 on the SSH server.
3. Enable the STelnet service on the SSH server.
4. Configure the STelnet server type for the SSH users client001 and client002
on the SSH server.
5. Log in to the SSH server as the client001 and client002 users through
STelnet.
Procedure
Step 1 Generate a local key pair on the server.
<Quidway> system-view
[Quidway] sysname SSH Server
[SSH Server] dsa local-key-pair create
Info: The key name will be: SSH Server_Host_DSA.
Info: The DSA host key named SSH Server_Host_DSA already exists.
Info: The key modulus can be any one of the following : 1024, 2048.
Info: If the key modulus is greater than 512, it may take a few minutes.
Please input the modulus [default=2048]:
Info: Generating keys........
Info: Succeeded in creating the DSA host keys.
Step 2 Create an SSH user on the server.
# Configure the VTY user interface.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 96
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
[SSH Server] user-interface vty 0 4
[SSH Server-ui-vty0-4] authentication-mode aaa
[SSH Server-ui-vty0-4] protocol inbound ssh
[SSH Server-ui-vty0-4] quit
● Create an SSH user named client001.
# Create an SSH user named client001 and configure the password
authentication mode for the user.
[SSH Server] aaa
[SSH Server-aaa] local-user client001 password irreversible-cipher Example@123
[SSH Server-aaa] local-user client001 privilege level 3
[SSH Server-aaa] local-user client001 service-type ssh
[SSH Server-aaa] quit
[SSH Server] ssh user client001
[SSH Server] ssh user client001 authentication-type password
● Create an SSH user named client002.
# Create an SSH user named client002 and configure the DSA authentication
mode for the user.
[SSH Server] ssh user client002
[SSH Server] ssh user client002 authentication-type dsa
# Generate a local key pair for Client002.
<Quidway> system-view
[Quidway] sysname client002
[client002] dsa local-key-pair create
Info: The key name will be: SSH Server_Host_DSA.
Info: The DSA host key named SSH Server_Host_DSA already exists.
Info: The key modulus can be any one of the following : 1024, 2048.
Info: If the key modulus is greater than 512, it may take a few minutes.
Please input the modulus [default=2048]:
Info: Generating keys........
Info: Succeeded in creating the DSA host keys.
# Check the public key in the DSA key pair generated on the client.
[client002] display dsa local-key-pair public
=====================================================
Time of Key pair created: 2014-03-03 16:51:28-05:13
Key name: client002_Host
Key modulus : 2048
Key type: DSA encryption Key
Key fingerprint: c0:52:b0:37:4c:b2:64:d1:8f:ff:a1:42:87:09:8c:6f
=====================================================
Key code:
30820109 02820100 CA97BCDE 697CEDE9 D9AB9475 9E004D15 C8B95116 87B79B0C
5698C582 69A9F4D0 45ED0E53 AF2EDEC1 A09DF4BE 459E34B6 6697B85D 2191A00E
92F3A5E7 FB0E73E7 F0212432 E898D979 8EAA491E E2B69727 4B51A2BE CD86A144
16748D1E 4847A814 3FE50862 6EB1AD81 EB49A05E 64F6D186 C4E94CDB 04C53074
B839305A 7F7BCE2C 606F6C91 EA958B6D AC46C12B 8C2B1E03 98F1C09D 3AF2A69D
6867F930 DF992692 9A921682 916273FC 4DD875D4 44BC371E DDBB8F6A C0A4CDB3
ADDAE853 DB86B9FA DB13CCA9 D8CF6EC1 530CC2F5 697C4707 90829982 4339507F
F354FAF9 0F9CD2C2 F7D6FF3D 901D700F F0588104 856B9592 71D773E2 E76E8EEB
431FB60D 60ABC20B 0203 010001
Host public key for PEM format code:
---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1yc2EAAAADAQABAAABAQDKl7zeaXzt6dmrlHWeAE0VyLlRFoe3mwxW
mMWCaan00EXtDlOvLt7BoJ30vkWeNLZml7hdIZGgDpLzpef7DnPn8CEkMuiY2XmO
qkke4raXJ0tRor7NhqFEFnSNHkhHqBQ/5QhibrGtgetJoF5k9tGGxOlM2wTFMHS4
OTBaf3vOLGBvbJHqlYttrEbBK4wrHgOY8cCdOvKmnWhn+TDfmSaSmpIWgpFic/xN
2HXURLw3Ht27j2rApM2zrdroU9uGufrbE8yp2M9uwVMMwvVpfEcHkIKZgkM5UH/z
VPr5D5zSwvfW/z2QHXAP8FiBBIVrlZJx13Pi526O60Mftg1gq8IL
---- END SSH2 PUBLIC KEY ----
Public key code for pasting into OpenSSH authorized_keys file :
ssh-dsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDKl7zeaXzt6dmrlHWeAE0VyLlRFoe3mwxWmMWCaan00EXtD
lOvLt7BoJ30vkWeNLZml7hdIZGgDpLzpef7DnPn8CEkMuiY2XmOqkke4raXJ0tRor7NhqFEFnSNHkhHqBQ
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 97
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
/5QhibrGtgetJoF5k9tGGxOlM2wTFMHS4OTBaf3vOLGBvbJHqlYttrEbBK4wrHgOY8cCdOvKmnWhn
+TDfmSaSmpIWgpFic/
xN2HXURLw3Ht27j2rApM2zrdroU9uGufrbE8yp2M9uwVMMwvVpfEcHkIKZgkM5UH/zVPr5D5zSwvfW/
z2QHXAP8FiBBIVrlZJx13Pi526O60Mftg1gq8IL dsa-key
# Configure the generated public key in the DSA key pair on the server. The
bold part in the display command output indicates the generated public key
in the DSA key pair. Copy the key to the server.
NOTE
The public key must be a hexadecimal string. If it is not a hexadecimal string, convert
it into a hexadecimal string in advance.
[SSH Server] dsa peer-public-key dsakey001 encoding-type der
[SSH Server-dsa-public-key] public-key-code begin
Info: Enter "DSA key code" view, return the last view with "public-key-code end".
[SSH Server-dsa-key-code] 30820109
[SSH Server-dsa-key-code] 2820100
[SSH Server-dsa-key-code] CA97BCDE 697CEDE9 D9AB9475 9E004D15 C8B95116
[SSH Server-dsa-key-code] 87B79B0C 5698C582 69A9F4D0 45ED0E53 AF2EDEC1
[SSH Server-dsa-key-code] A09DF4BE 459E34B6 6697B85D 2191A00E 92F3A5E7
[SSH Server-dsa-key-code] FB0E73E7 F0212432 E898D979 8EAA491E E2B69727
[SSH Server-dsa-key-code] 4B51A2BE CD86A144 16748D1E 4847A814 3FE50862
[SSH Server-dsa-key-code] 6EB1AD81 EB49A05E 64F6D186 C4E94CDB 04C53074
[SSH Server-dsa-key-code] B839305A 7F7BCE2C 606F6C91 EA958B6D AC46C12B
[SSH Server-dsa-key-code] 8C2B1E03 98F1C09D 3AF2A69D 6867F930 DF992692
[SSH Server-dsa-key-code] 9A921682 916273FC 4DD875D4 44BC371E DDBB8F6A
[SSH Server-dsa-key-code] C0A4CDB3 ADDAE853 DB86B9FA DB13CCA9 D8CF6EC1
[SSH Server-dsa-key-code] 530CC2F5 697C4707 90829982 4339507F F354FAF9
[SSH Server-dsa-key-code] 0F9CD2C2 F7D6FF3D 901D700F F0588104 856B9592
[SSH Server-dsa-key-code] 71D773E2 E76E8EEB 431FB60D 60ABC20B
[SSH Server-dsa-key-code] 203
[SSH Server-dsa-key-code] 10001
[SSH Server-dsa-key-code] public-key-code end
[SSH Server-dsa-public-key] peer-public-key end
# Bind the DSA public key of the STelnet client to the SSH user client002 on
the SSH server.
[SSH Server] ssh user client002 assign dsa-key dsakey001
Step 3 Enable the STelnet service on the SSH server.
# Enable the STelnet service.
[SSH Server] stelnet server enable //Enable the STelnet server function. In V200R020 and later versions,
you must run the ssh server-source command to set the source interface of the server to the interface
using the IP address 10.1.1.1 so that the client can connect to the server through 10.1.1.1.
Step 4 Configure the STelnet service type for the client001 and client002 users.
[SSH Server] ssh user client001 service-type stelnet
[SSH Server] ssh user client002 service-type stelnet
Step 5 Connect the STelnet client to the SSH server.
# Enable the first authentication function on the SSH client upon the first login.
Enable the first authentication function for Client001.
<Quidway> system-view
[Quidway] sysname client001
[client001] ssh client first-time enable
Enable the first authentication function for Client002.
[client002] ssh client first-time enable
# Log in to the SSH server from Client001 in password authentication mode by
entering the user name and password.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 98
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
[client001] stelnet 10.1.1.1
Please input the username:client001
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
The server is not authenticated. Continue to access it? [Y/N] :y
Save the server's public key? [Y/N] :y
The server's public key will be saved with the name 10.1.1.1. Please wait...
Please select public key type for user authentication [R for RSA; D for DSA; Enter for Skip publickey
authentication; Ctrl_C for Can
cel], Please select [R, D, Enter or Ctrl_C]:d
Enter password:
Enter the password. The following information indicates that you have logged in
successfully:
<SSH Server>
# Log in to the SSH server from Client002 in DSA authentication mode.
[client002] stelnet 10.1.1.1 user-identity-key dsa
Please input the username:client002
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
Please select public key type for user authentication [R for RSA; D for DSA; Enter for Skip publickey
authentication; Ctrl_C for Can
cel], Please select [R, D, Enter or Ctrl_C]:d
<SSH Server>
If the user view is displayed, you have logged in successfully. If the message
"Session is disconnected" is displayed, the login fails.
Step 6 Verify the configuration.
Run the display ssh server status command. You can see that the STelnet service
has been enabled. Run the display ssh user-information command. Information
about the configured SSH users is displayed.
# Check the status of the SSH server.
[SSH Server] display ssh server status
SSH version :2.0
SSH connection timeout :60 seconds
SSH server key generating interval :0 hours
SSH authentication retries :3 times
SFTP server :Disable
Stelnet server :Enable
Scp server :Disable
SSH server source :0.0.0.0
ACL4 number :0
ACL6 number :0
# Check information about SSH users.
[SSH Server] display ssh user-information
User 1:
User Name : client001
Authentication-type : password
User-public-key-name : -
User-public-key-type : -
Sftp-directory :-
Service-type : stelnet
Authorization-cmd : No
User 2:
User Name : client002
Authentication-type : dsa
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 99
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
User-public-key-name : dsakey001
User-public-key-type : dsa
Sftp-directory :-
Service-type : stelnet
Authorization-cmd : No
----End
Configuration File
● SSH server configuration file
#
sysname SSH Server
#
dsa peer-public-key dsakey001 encoding-type der
public-key-code begin
30820109
02820100
CA97BCDE 697CEDE9 D9AB9475 9E004D15 C8B95116 87B79B0C 5698C582 69A9F4D0
45ED0E53 AF2EDEC1 A09DF4BE 459E34B6 6697B85D 2191A00E 92F3A5E7 FB0E73E7
F0212432 E898D979 8EAA491E E2B69727 4B51A2BE CD86A144 16748D1E 4847A814
3FE50862 6EB1AD81 EB49A05E 64F6D186 C4E94CDB 04C53074 B839305A 7F7BCE2C
606F6C91 EA958B6D AC46C12B 8C2B1E03 98F1C09D 3AF2A69D 6867F930 DF992692
9A921682 916273FC 4DD875D4 44BC371E DDBB8F6A C0A4CDB3 ADDAE853 DB86B9FA
DB13CCA9 D8CF6EC1 530CC2F5 697C4707 90829982 4339507F F354FAF9 0F9CD2C2
F7D6FF3D 901D700F F0588104 856B9592 71D773E2 E76E8EEB 431FB60D 60ABC20B
0203
010001
public-key-code end
peer-public-key end
#
aaa
local-user client001 password irreversible-cipher $1a$gRNl~ukoL~0.WU)C2]~2a}Cz/Y0-u8M{j@Ql6/
xHryO-Y7m{=A>kWc.-q}>*$
local-user client001 privilege level 3
local-user client001 service-type ssh
#
stelnet server enable
ssh user client001
ssh user client001 authentication-type password
ssh user client001 service-type stelnet
ssh user client002
ssh user client002 authentication-type dsa
ssh user client002 assign dsa-key dsakey001
ssh user client002 service-type stelnet
#
user-interface vty 0 4
authentication-mode aaa
#
return
● Client001 configuration file
#
sysname client001
#
ssh client first-time enable
#
return
● Client002 configuration file
#
sysname client002
#
ssh client first-time enable
#
return
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 100
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
3.1.7 Example for Configuring Switch Login Through the Web
System
3.1.7.1 Factory Settings of Web Page Files for S Series Switches
For fixed switches, in V200R006 and later versions, the web page file has been
integrated in the system software and loaded. For factory settings of web page
files in versions earlier than V200R006, see the following tables.
For modular switches:
● For factory settings of web page files in versions earlier than V200R006, see
the following tables.
● The system software of V200R006 and later versions (except the system
software used by SRUAs and SRUBs of V200R020C00 and later versions, for
example, S9300-V200R020C00SPC300-SRUA&B.cc) has integrated and loaded
the web page file.
● In V200R020C00 and later versions, the system software used by SRUAs and
SRUBs does not integrate the web page file; to use the web function, obtain
the web page file, upload it to the root directory of the storage device, and
run the http server load filename command to load the file.
Table 3-2 Factory settings of web page files for fixed switches
Product V100R006 V200R001 V200R002 V200R003 V200R005
Model C05
S2300-SI/ The - - - -
S2300-EI storage
medium
does not
contain a
web page
file.
S2350-EI - - - The The system
storage software
medium contains a
does not web page
contain a file that is
web page loaded for
file. the Classics
web
system.
S3300-SI/ The - - - -
S3300-EI storage
medium
does not
contain a
web page
file.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 101
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
Product V100R006 V200R001 V200R002 V200R003 V200R005
Model C05
S3300-HI - The - - -
storage
medium
does not
contain a
web page
file.
S5300-LI - The The The The system
storage storage storage software
medium medium medium contains a
does not does not does not web page
contain a contain a contain a file that is
web page web page web page loaded.
file. file. file.
S5300-SI/ - The The The The
S5300-EI storage storage storage storage
medium medium medium medium
does not does not does not does not
contain a contain a contain a contain a
web page web page web page web page
file. file. file. file.
S5310-EI - - The The The
storage storage storage
medium medium medium
does not does not does not
contain a contain a contain a
web page web page web page
file. file. file.
S5300-HI - The The The The
storage storage storage storage
medium medium medium medium
does not does not does not does not
contain a contain a contain a contain a
web page web page web page web page
file. file. file. file.
S5306-LI - The The The The system
storage storage storage software
medium medium medium contains a
does not does not does not web page
contain a contain a contain a file that is
web page web page web page loaded.
file. file. file.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 102
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
Product V100R006 V200R001 V200R002 V200R003 V200R005
Model C05
S6300-EI - The The The The
storage storage storage storage
medium medium medium medium
does not does not does not does not
contain a contain a contain a contain a
web page web page web page web page
file. file. file. file.
Table 3-3 Factory settings of web page files for modular switches
Product V200R001 V200R002 V200R003 V200R005
Model
S9300 The storage The storage The storage The system
medium does medium does medium does software
not contain a not contain a not contain a contains a
web page file. web page file. web page file. web page file
that is loaded.
S9300E The S9300E does not support web system login.
NOTE
A hyphen (-) indicates that the version is not available for the model.
3.1.7.2 Example for Configuring Switch Login Through the Web System
(V200R001)
Overview
The web system uses the built-in web server on a switch to provide a GUI through
which users can perform switch management and maintenance. Users can log in
to the web system from terminals using HTTPS.
Configuration Notes
This example applies to V200R001 of all S series switches.
NOTE
The following uses the command lines and outputs of the S5300-EI running V200R001C00
as an example.
Networking Requirements
As shown in Figure 3-9, a switch functions as the HTTPS server. The user wants to
log in to the web system using HTTPS to manage and maintain the switch. The
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 103
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
user has obtained the server digital certificate 1_servercert_pem_dsa.pem and
private key file 1_serverkey_pem_dsa.pem from the CA.
Figure 3-9 Networking diagram for configuring switch login through the web
system
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a management IP address for remotely transferring files and
logging in to the switch through the web system.
2. Upload the required files to the HTTPS server through FTP, including the web
page file, server digital certificate, and private key file.
3. Load the web page file and digital certificate.
4. Bind an SSL policy and enable the HTTPS service.
5. Configure a web user and enter the web system login page.
NOTICE
FTP is an insecure protocol. Using SFTP V2, SCP, or FTPS is recommended.
Procedure
Step 1 Obtain the web page file.
The following methods are available:
● Obtain the web page file from a Huawei agent.
● Download the web page file from the Huawei technical support website
(http://support.huawei.com/carrier). In V200R001, the web page file is
named in the format of product name-software version.web page file
version.web.zip.
NOTE
Check whether the size of the obtained web page file is the same as the file size displayed
on the website. If not, an exception may occur during file download. Download the file
again.
Step 2 Configure a management IP address.
<Quidway> system-view
[Quidway] sysname HTTPS_Server
[HTTPS_Server] vlan 10
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 104
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
[HTTPS_Server-vlan10] quit
[HTTPS_Server] interface vlanif 10 //Configure VLANIF 10 as the management interface.
[HTTPS_Server-Vlanif10] ip address 192.168.0.1 24 //Configure the IP address and deploy the route based
on the network plan to ensure reachability between the PC and switch.
[HTTPS_Server-Vlanif10] quit
[HTTPS_Server] interface gigabitethernet 0/0/10 //In this example, GE0/0/10 is the physical interface
used for logging in to the switch through the web system on a PC. Select an interface based on actual
networking requirements.
[HTTPS_Server-GigabitEthernet0/0/10] port link-type access //Set the interface type to access.
[HTTPS_Server-GigabitEthernet0/0/10] port default vlan 10 //Add the interface to VLAN 10.
[HTTPS_Server-GigabitEthernet0/0/10] quit
Step 3 Upload the web page file and digital certificate to the HTTPS server through FTP.
# Configure VTY user interfaces on the HTTPS server.
[HTTPS_Server] user-interface vty 0 14 //Enter VTY user interfaces 0 to 14.
[HTTPS_Server-ui-vty0-14] authentication-mode aaa //Set the authentication mode of users in VTY user
interfaces 0 to 14 to AAA.
[HTTPS_Server-ui-vty0-14] quit
# Configure the FTP function for the switch and information about an FTP user,
including the password, user level, service type, and authorized directory.
[HTTPS_Server] ftp server enable //Enable the FTP server function.
[HTTPS_Server] aaa
[HTTPS_Server-aaa] local-user client001 password cipher Helloworld@6789 //Set the login password to
Helloworld@6789.
[HTTPS_Server-aaa] local-user client001 privilege level 15 //Set the user level to 15.
[HTTPS_Server-aaa] local-user client001 service-type ftp //Set the user service type to FTP.
[HTTPS_Server-aaa] local-user client001 ftp-directory flash:/ //Set the FTP authorized directory to
flash:/.
[HTTPS_Server-aaa] quit
[HTTPS_Server] quit
# Log in to the HTTPS server from the PC through FTP and upload the web page
file and digital certificate to the HTTPS server.
Connect the PC to the switch using FTP. Enter the user name client001 and
password Helloworld@6789 and set the file transfer mode to binary.
The following example assumes that the PC runs the Windows XP operating
system.
C:\Documents and Settings\Administrator> ftp 192.168.0.1
Connected to 192.168.0.1.
220 FTP service ready.
User (192.168.0.1:(none)): client001
331 Password required for client001.
Password:
230 User logged in.
ftp> binary //Set the file transfer mode to binary. By default, files are transferred in ASCII mode.
200 Type set to I.
ftp>
Upload the web page file and digital certificate to the HTTPS server from the PC.
ftp> put web.zip //Upload the web page file. The web.zip file is used as an example here.
200 Port command okay.
150 Opening BINARY mode data connection for web.zip
226 Transfer complete.
ftp: 1308478 bytes sent in 11 Seconds 4.6Kbytes/sec.
ftp> put 1_servercert_pem_dsa.pem
200 Port command okay.
150 Opening BINARY mode data connection for 1_servercert_pem_dsa.pem
226 Transfer complete.
ftp: 1302 bytes sent in 2 Seconds 4.6Kbytes/sec.
ftp> put 1_serverkey_pem_dsa.pem
200 Port command okay.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 105
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
150 Opening BINARY mode data connection for 1_serverkey_pem_dsa.pem
226 Transfer complete.
ftp: 951 bytes sent in 1 Second 4.6Kbytes/sec.
# Run the dir command on the Switch to check whether the web page file and
digital certificate exist in the current storage directory.
NOTE
If the sizes of the web page file and digital certificate in the current storage directory on
the switch is different from those on the PC, an exception may occur during file transfer.
Upload the files again.
# Create the subdirectory security on the HTTPS server and copy the digital
certificate and private key file to the subdirectory.
<HTTPS_Server> mkdir security
<HTTPS_Server> copy 1_servercert_pem_dsa.pem security
Copy flash:/1_servercert_pem_dsa.pem to flash:/security/1_servercert_pem_dsa.pem?[Y/N]:y
100% complete
Info: Copied file flash:/1_servercert_pem_dsa.pem to flash:/security/1_servercert_pem_dsa.pem...Done.
<HTTPS_Server> copy 1_serverkey_pem_dsa.pem security
Copy flash:/1_serverkey_pem_dsa.pem to flash:/security/1_serverkey_pem_dsa.pem?[Y/N]:y
100% complete
Info: Copied file flash:/1_serverkey_pem_dsa.pem to flash:/security/1_serverkey_pem_dsa.pem...Done.
# Run the dir command in the security subdirectory to check the digital
certificate.
<HTTPS_Server> cd security
<HTTPS_Server> dir
Directory of flash:/security/
Idx Attr Size(Byte) Date Time FileName
0 -rw- 1,200 Sep 26 2013 22:35:37 1_servercert_pem_dsa.pem
1 -rw- 736 Sep 26 2013 22:36:11 1_serverkey_pem_dsa.pem
30,008 KB total (348 KB free)
Step 4 Load the web page file and digital certificate.
# Load the web page file.
<HTTPS_Server> system-view
[HTTPS_Server] http server load web.zip
# Create an SSL policy and load the PEM digital certificate.
[HTTPS_Server] ssl policy http_server
[HTTPS_Server-ssl-policy-http_server] certificate load pem-cert 1_servercert_pem_dsa.pem key-pair dsa
key-file 1_serverkey_pem_dsa.pem auth-code 123456
[HTTPS_Server-ssl-policy-http_server] quit
# After the preceding configurations are complete, run the display ssl policy
command on the HTTPS server to check detailed information about the loaded
digital certificate.
[HTTPS_Server] display ssl policy
SSL Policy Name: http_server
Policy Applicants:
Key-pair Type: DSA
Certificate File Type: PEM
Certificate Type: certificate
Certificate Filename: 1_servercert_pem_dsa.pem
Key-file Filename: 1_serverkey_pem_dsa.pem
Auth-code: 123456
MAC:
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 106
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
CRL File:
Trusted-CA File:
Step 5 Bind an SSL policy and enable the HTTPS service.
NOTE
Disable the HTTP service before enabling the HTTPS service.
[HTTPS_Server] undo http server enable //Disable the HTTP service.
[HTTPS_Server] http secure-server ssl-policy http_server //Bind an SSL policy named http_server to the
HTTP server.
[HTTPS_Server] http secure-server enable //Enable the HTTPS service.
Step 6 Configure a web user and enter the web system login page.
# Configure a web user.
[HTTPS_Server] aaa
[HTTPS_Server-aaa] local-user admin password cipher Helloworld@6789 //Create a local user named
admin and set its password to Helloworld@6789.
[HTTPS_Server-aaa] local-user admin privilege level 15 //Set the user level to 15.
[HTTPS_Server-aaa] local-user admin service-type http //Set the access type to http, that is, web user.
[HTTPS_Server-aaa] quit
# Enter the web system login page.
Open the web browser on the PC, type https://192.168.0.1 in the address box, and
press Enter. The web system login page is displayed, as shown in Figure 3-10.
You can log in to the web system using the Internet Explorer (6.0 or 8.0) or Firefox
(3.5) browsers. If the browser version or browser patch version is not within the
preceding ranges, the web page may be displayed incorrectly. Additionally, the
web browser used to log in to the web system must support JavaScript.
Enter the user name, password, and verification code. Click Login. The web system
home page is displayed.
Figure 3-10 Web system login page
Step 7 Verify the configuration.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 107
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
Log in to the switch through the web system. The login succeeds.
Run the display http server command to view the SSL policy name and the
HTTPS server status.
[HTTPS_Server] display http server
HTTP Server Status : disabled
HTTP Server Port : 80(80)
HTTP Timeout Interval : 20
Current Online Users :0
Maximum Users Allowed :5
HTTP Secure-server Status : enabled
HTTP Secure-server Port : 443(443)
HTTP SSL Policy : http_server
----End
Configuration Files
HTTPS_Server configuration file
#
sysname HTTPS_Server
#
FTP server enable
#
vlan batch 10
#
undo http server enable
http server load web.zip
http secure-server ssl-policy http_server
http secure-server enable
#
aaa
local-user admin password cipher %$%$_h,hW_!nJ!2gXkH9v$X)+,#w%$%$
local-user admin privilege level 15
local-user admin service-type http
local-user client001 password cipher %$%$jD,QKAhe{Yd9kD9Fqi#I+QH~%$%$
local-user client001 privilege level 15
local-user client001 ftp-directory flash:/
local-user client001 service-type ftp
#
interface Vlanif10
ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet0/0/10
port link-type access
port default vlan 10
#
user-interface vty 0 14
authentication-mode aaa
#
ssl policy http_server
certificate load pem-cert 1_servercert_pem_dsa.pem key-pair dsa key-file 1_serverkey_pem_dsa.pem auth-
code 123456
#
return
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 108
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
3.1.7.3 Example for Configuring Switch Login Through the Web System
(V100R006C05&V200R002&V200R003)
Overview
The web system uses the built-in web server on a switch to provide a GUI through
which users can perform switch management and maintenance. Users can log in
to the web system from terminals using HTTPS.
Configuration Notes
This example applies to V100R006C05, V200R002, and V200R003 of all S series
switches.
NOTE
The following uses the command lines and outputs of the S5300-EI running V200R002C00
as an example.
Networking Requirements
As shown in Figure 3-11, a switch functions as the HTTPS server. The user wants
to log in to the web system using HTTPS to manage and maintain the switch.
Figure 3-11 Networking diagram for configuring switch login through the web
system
Configuration Roadmap
The configuration roadmap is as follows:
NOTE
A switch provides a default SSL policy and has a randomly generated self-signed digital
certificate in the web page file. If the default SSL policy and self-signed digital certificate
can meet security requirements, you do not need to upload a digital certificate or manually
configure an SSL policy, simplifying configuration. The following configuration uses the
default SSL policy provided by the switch as an example.
1. Configure a management IP address for remotely transferring files and
logging in to the switch through the web system.
2. Upload the web page file to the HTTPS server through FTP.
3. Load the web page file.
4. Configure a web user and enter the web system login page.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 109
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
NOTICE
FTP is an insecure protocol. Using SFTP V2, SCP, or FTPS is recommended.
Procedure
Step 1 Obtain the web page file.
The following methods are available:
● Obtain the web page file from a Huawei agent.
● Obtain the web page file from http://support.huawei.com/carrier.
– For a fixed switch, download the system software containing the web
page file.
– For a modular switch, download the web page file.
– In V100R006C05, the web page file is named in the format of product
name-software version.web page file version.web.zip. In V200R002 and
V200R003, the web page file is named in the format of product name-
software version.web page file version.web.7z.
NOTE
Check whether the size of the obtained web page file is the same as the file size displayed
on the website. If not, an exception may occur during file download. Download the file
again.
Step 2 Configure a management IP address.
<Quidway> system-view
[Quidway] sysname HTTPS_Server
[HTTPS_Server] vlan 10
[HTTPS_Server-vlan10] quit
[HTTPS_Server] interface vlanif 10 //Configure VLANIF 10 as the management interface.
[HTTPS_Server-Vlanif10] ip address 192.168.0.1 24 //Configure the IP address and deploy the route based
on the network plan to ensure reachability between the PC and switch.
[HTTPS_Server-Vlanif10] quit
[HTTPS_Server] interface gigabitethernet 0/0/10 //In this example, GE0/0/10 is the physical interface
used for logging in to the switch through the web system on a PC. Select an interface based on actual
networking requirements.
[HTTPS_Server-GigabitEthernet0/0/10] port link-type access //Set the interface type to access.
[HTTPS_Server-GigabitEthernet0/0/10] port default vlan 10 //Add the interface to VLAN 10.
[HTTPS_Server-GigabitEthernet0/0/10] quit
Step 3 Upload the web page file to the HTTPS server through FTP.
# Configure VTY user interfaces on the HTTPS server.
[HTTPS_Server] user-interface vty 0 14 //Enter VTY user interfaces 0 to 14.
[HTTPS_Server-ui-vty0-14] authentication-mode aaa //Set the authentication mode of users in VTY user
interfaces 0 to 14 to AAA.
[HTTPS_Server-ui-vty0-14] quit
# Configure the FTP function for the switch and information about an FTP user,
including the password, user level, service type, and authorized directory.
[HTTPS_Server] ftp server enable //Enable the FTP server function.
[HTTPS_Server] aaa
[HTTPS_Server-aaa] local-user client001 password cipher Helloworld@6789 //Set the login password to
Helloworld@6789.
[HTTPS_Server-aaa] local-user client001 privilege level 15 //Set the user level to 15.
[HTTPS_Server-aaa] local-user client001 service-type ftp //Set the user service type to FTP.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 110
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
[HTTPS_Server-aaa] local-user client001 ftp-directory flash:/ //Set the FTP authorized directory to
flash:/.
[HTTPS_Server-aaa] quit
[HTTPS_Server] quit
# Log in to the HTTPS server from the PC through FTP and upload the web page
file to the HTTPS server.
Connect the PC to the switch using FTP. Enter the user name client001 and
password Helloworld@6789 and set the file transfer mode to binary.
The following example assumes that the PC runs the Windows XP operating
system.
C:\Documents and Settings\Administrator> ftp 192.168.0.1
Connected to 192.168.0.1.
220 FTP service ready.
User (192.168.0.1:(none)): client001
331 Password required for client001.
Password:
230 User logged in.
ftp> binary //Set the file transfer mode to binary. By default, files are transferred in ASCII mode.
200 Type set to I.
ftp>
Upload the web page file to the HTTPS server from the PC.
ftp> put web.7z //Upload the web page file. The web.7z file is used as an example here.
200 Port command okay.
150 Opening BINARY mode data connection for web.7z
226 Transfer complete.
ftp: 1308478 bytes sent in 11 Seconds 4.6Kbytes/sec.
NOTE
If the size of the web page file in the current directory on the switch is different from that
on the PC, an exception may occur during file transfer. Upload the web page file again.
Step 4 Load the web page file.
<HTTPS_Server> system-view
[HTTPS_Server] http server load web.7z //Load the web page file.
Step 5 Enable the HTTPS service.
[HTTPS_Server] http secure-server enable //The HTTPS service is enabled by default and does not
require manual configuration. If the HTTPS service is manually disabled, run this command to enable it.
Step 6 Configure a web user and enter the web system login page.
# Configure a web user.
[HTTPS_Server] aaa
[HTTPS_Server-aaa] local-user admin password cipher Helloworld@6789 //Create a local user named
admin and set its password to Helloworld@6789.
[HTTPS_Server-aaa] local-user admin privilege level 15 //Set the user level to 15.
[HTTPS_Server-aaa] local-user admin service-type http //Set the access type to http, that is, web user.
[HTTPS_Server-aaa] quit
# Enter the web system login page.
Open the web browser on the PC, type https://192.168.0.1 in the address box, and
press Enter. The web system login page is displayed, as shown in Figure 3-12.
You can use the Internet Explorer (6.0 – 9.0), Firefox (3.5 – 17.0) browsers to log in
to the web system for V100R006C05, use the Internet Explorer (8.0), Firefox (3.6)
browsers to log in to the web system for V200R001C00, use the Internet Explorer
(6.0 – 9.0), Firefox (3.5 – 17.0) browsers to log in to the web system for
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 111
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
V2100R003C00. If the browser version or browser patch version is not within the
preceding ranges, the web page may be displayed incorrectly. Additionally, the
web browser used to log in to the web system must support JavaScript.
Enter the user name, password, and verification code. Click Login. The web system
home page is displayed.
Figure 3-12 Web system login page
Step 7 Verify the configuration.
Log in to the switch through the web system. The login succeeds.
Run the display http server command to view the status of the HTTPS server.
[HTTPS_Server] display http server
HTTP Server Status : enabled
HTTP Server Port : 80(80)
HTTP Timeout Interval : 20
Current Online Users :0
Maximum Users Allowed :5
HTTP Secure-server Status : enabled
HTTP Secure-server Port : 443(443)
HTTP SSL Policy : Default
----End
Configuration Files
HTTPS server configuration file
#
sysname HTTPS_Server
#
FTP server enable
#
vlan batch 10
#
http server load web.7z
#
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 112
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
aaa
local-user admin password cipher %$%$llCb"D|46>hV2w2=%&nOT/_K%$%$
local-user admin privilege level 15
local-user admin service-type http
local-user client001 password cipher %$%$aL$_U%#$W^1T-\}Fqpe$E<#HN%$%$
local-user client001 privilege level 15
local-user client001 ftp-directory flash:/
local-user client001 service-type ftp
#
interface Vlanif10
ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet1/0/10
port link-type access
port default vlan 10
#
user-interface vty 0 14
authentication-mode aaa
#
return
3.1.7.4 Example for Configuring Switch Login Through the Web System
(V200R005)
Overview
The web system uses the built-in web server on a switch to provide a GUI through
which users can perform switch management and maintenance. Users can log in
to the web system from terminals using HTTPS.
The web system is available in EasyOperation and Classics versions.
● The EasyOperation version provides rich graphics and a more user-friendly UI
on which users can perform monitoring, configuration, maintenance, and
other network operations.
● The Classics version inherits the web page style of Huawei switches and
provides comprehensive configuration and management functions.
Configuration Notes
This example applies to V200R005 of all S series switches.
NOTE
The following uses the command lines and outputs of the S5300-HI running V200R005 as
an example.
Networking Requirements
As shown in Figure 3-13, a switch functions as the HTTPS server. The user wants
to log in to the web system using HTTPS to manage and maintain the switch.
Figure 3-13 Networking diagram for configuring switch login through the web
system
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 113
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
Configuration Roadmap
The configuration roadmap is as follows:
NOTE
A switch provides a default SSL policy and has a randomly generated self-signed digital
certificate in the web page file. If the default SSL policy and self-signed digital certificate
can meet security requirements, you do not need to upload a digital certificate or manually
configure an SSL policy, simplifying configuration. The following configuration uses the
default SSL policy provided by the switch as an example.
1. Configure a management IP address for remotely transferring files and
logging in to the switch through the web system.
2. Upload the web page file to the HTTPS server through FTP.
3. Load the web page file.
4. Configure a web user and enter the web system login page.
NOTE
FTP is an insecure protocol. Using SFTP V2, SCP, or FTPS is recommended.
On the following switch models, the system software has integrated and loaded the web
page file. You only need to configure a web user and enter the web system login page.
● Modular switch: all models
● Fixed switch: S2350, S5300-LI, S5306-LI
Procedure
Step 1 Obtain the web page file.
The following methods are available:
● Obtain the web page file from a Huawei agent.
● Download the web page file from the Huawei technical support website
(http://support.huawei.com/carrier).
– For a fixed switch, download the system software containing the web
page file.
– For a modular switch, download the web page file.
– In V200R005, the web page file is named in the format of product name-
software version.web page file version.web.7z.
NOTE
Check whether the size of the obtained web page file is the same as the file size displayed
on the website. If not, an exception may occur during file download. Download the file
again.
Step 2 Configure a management IP address.
<Quidway> system-view
[Quidway] sysname HTTPS_Server
[HTTPS_Server] vlan 10
[HTTPS_Server-vlan10] quit
[HTTPS_Server] interface vlanif 10 //Configure VLANIF 10 as the management interface.
[HTTPS_Server-Vlanif10] ip address 192.168.0.1 24 //Configure the IP address and deploy the route based
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 114
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
on the network plan to ensure reachability between the PC and switch.
[HTTPS_Server-Vlanif10] quit
[HTTPS_Server] interface gigabitethernet 0/0/10 //In this example, GE0/0/10 is the physical interface
used for logging in to the switch through the web system on a PC. Select an interface based on actual
networking requirements.
[HTTPS_Server-GigabitEthernet0/0/10] port link-type access //Set the interface type to access.
[HTTPS_Server-GigabitEthernet0/0/10] port default vlan 10 //Add the interface to VLAN 10.
[HTTPS_Server-GigabitEthernet0/0/10] quit
Step 3 Upload the web page file to the HTTPS server through FTP.
# Configure VTY user interfaces on the HTTPS server.
[HTTPS_Server] user-interface vty 0 14 //Enter VTY user interfaces 0 to 14.
[HTTPS_Server-ui-vty0-14] authentication-mode aaa //Set the authentication mode of users in VTY user
interfaces 0 to 14 to AAA.
[HTTPS_Server-ui-vty0-14] quit
# Configure the FTP function for the switch and information about an FTP user,
including the password, user level, service type, and authorized directory.
[HTTPS_Server] ftp server enable //Enable the FTP server function.
[HTTPS_Server] aaa
[HTTPS_Server-aaa] local-user client001 password irreversible-cipher Helloworld@6789 //Set the login
password to Helloworld@6789.
[HTTPS_Server-aaa] local-user client001 privilege level 15 //Set the user level to 15.
[HTTPS_Server-aaa] local-user client001 service-type ftp //Set the user service type to FTP.
[HTTPS_Server-aaa] local-user client001 ftp-directory flash:/ //Set the FTP authorized directory to
flash:/.
[HTTPS_Server-aaa] quit
# Log in to the HTTPS server from the PC through FTP and upload the web page
file to the HTTPS server.
Connect the PC to the switch using FTP. Enter the user name client001 and
password Helloworld@6789 and set the file transfer mode to binary.
The following example assumes that the PC runs the Windows XP operating
system.
C:\Documents and Settings\Administrator> ftp 192.168.0.1
Connected to 192.168.0.1.
220 FTP service ready.
User (192.168.0.1:(none)): client001
331 Password required for client001.
Password:
230 User logged in.
ftp> binary //Set the file transfer mode to binary. By default, files are transferred in ASCII mode.
200 Type set to I.
ftp>
Upload the web page file to the HTTPS server from the PC.
ftp> put web.7z //Upload the web page file. The web.7z file is used as an example here.
200 Port command okay.
150 Opening BINARY mode data connection for web.zip
226 Transfer complete.
ftp: 1308478 bytes sent in 11 Seconds 4.6Kbytes/sec.
NOTE
If the size of the web page file in the current directory on the switch is different from that
on the PC, an exception may occur during file transfer. Upload the web page file again.
Step 4 Load the web page file.
# Load the web page file.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 115
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
[HTTPS_Server] http server load web.7z //Load the web page file.
Step 5 Enable the HTTPS service.
[HTTPS_Server] http secure-server enable //The HTTPS service is enabled by default and does not
require manual configuration. If the HTTPS service is manually disabled, run this command to enable it.
Step 6 Configure a web user and enter the web system login page.
# Configure a web user.
[HTTPS_Server] aaa
[HTTPS_Server-aaa] local-user admin password irreversible-cipher Helloworld@6789 //Set the login
password to Helloworld@6789.
[HTTPS_Server-aaa] local-user admin privilege level 15 //Set the user level to 15.
[HTTPS_Server-aaa] local-user admin service-type http //Set the user service type to HTTP.
[HTTPS_Server-aaa] quit
# Enter the web system login page.
Open the web browser on the PC, type https://192.168.0.1 in the address box, and
press Enter. The web system login page is displayed, as shown in Figure 3-14.
Enter the web user name admin and password Helloworld@6789, and click GO
or press Enter. The web system home page is displayed. The EasyOperation web
system is logged in by default.
Figure 3-14 Web system login page
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 116
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
Step 7 Verify the configuration.
Log in to the switch through the web system. The login succeeds.
Run the display http server command to view the status of the HTTPS server.
[HTTPS_Server] display http server
HTTP Server Status : enabled
HTTP Server Port : 80(80)
HTTP Timeout Interval : 20
Current Online Users :0
Maximum Users Allowed :5
HTTP Secure-server Status : enabled
HTTP Secure-server Port : 443(443)
HTTP SSL Policy : Default
HTTP IPv6 Server Status : disabled
HTTP IPv6 Server Port : 80(80)
HTTP IPv6 Secure-server Status : disabled
HTTP IPv6 Secure-server Port : 443(443)
----End
Configuration Files
HTTPS_Server configuration file
#
sysname HTTPS_Server
#
FTP server enable
#
vlan batch 10
#
http server load web.7z
#
aaa
local-user admin password irreversible-cipher %@%@wU:(2j8~r8Htyu3.]',NwU`Td[-A9~9"%4Kvhm'0RV[/
U`Ww%@%@
local-user admin privilege level 15
local-user admin service-type http
local-user client001 password irreversible-cipher %@%@5d~9:M^ipCfL
\iB)EQd>,,ajwsi[\ad,saejin[qndi83Uwe%@%@
local-user client001 privilege level 15
local-user client001 ftp-directory flash:/
local-user client001 service-type ftp
#
interface Vlanif10
ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet1/0/10
port link-type access
port default vlan 10
#
user-interface vty 0 14
authentication-mode aaa
#
return
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 117
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
3.1.7.5 Example for Configuring Switch Login Through the Web System
(V200R006 and later versions)
Overview
The web system uses the built-in web server on a switch to provide a GUI through
which users can perform switch management and maintenance. Users can log in
to the web system from terminals using HTTPS.
The web system is available in EasyOperation and Classics versions.
● The EasyOperation version provides rich graphics and a more user-friendly UI
on which users can perform monitoring, configuration, maintenance, and
other network operations.
● The Classics version inherits the web page style of Huawei switches and
provides comprehensive configuration and management functions.
NOTE
In V200R011C10 and later versions, the Classics version is not supported.
Configuration Notes
This example applies to V200R006 and later versions of all S series switches.
NOTE
The following uses the command lines and outputs of the S5320-EI running V200R008C00
as an example.
Networking Requirements
As shown in Figure 3-15, a switch functions as the HTTPS server. The user wants
to log in to the web system using HTTPS to manage and maintain the switch.
Figure 3-15 Networking diagram for configuring switch login through the web
system
Configuration Roadmap
The configuration roadmap is as follows:
● The system software of the switch has integrated and loaded the web page
file. No manual configuration is required.
● A switch provides a default SSL policy and has a randomly generated self-
signed digital certificate in the web page file. If the default SSL policy and
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 118
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
self-signed digital certificate can meet security requirements, you do not need
to upload a digital certificate or manually configure an SSL policy, simplifying
configuration. The following configuration uses the default SSL policy
provided by the switch as an example.
● Configure a management IP address for logging in to the switch through the
web system.
● Configure a web user and enter the web system login page.
Procedure
Step 1 Configure a management IP address.
<HUAWEI> system-view
[HUAWEI] sysname HTTPS_Server
[HTTPS_Server] vlan 10
[HTTPS_Server-vlan10] quit
[HTTPS_Server] interface vlanif 10 //Configure VLANIF 10 as the management interface.
[HTTPS_Server-Vlanif10] ip address 192.168.0.1 24 //Configure the IP address and deploy the route
based on the network plan to ensure reachability between the PC and switch.
[HTTPS_Server-Vlanif10] quit
[HTTPS_Server] interface gigabitethernet 1/0/10 //In this example, GE1/0/10 is the physical interface
used for logging in to the switch through the web system on a PC. Select an interface based on actual
networking requirements.
[HTTPS_Server-GigabitEthernet1/0/10] port link-type access //Set the interface type to access.
[HTTPS_Server-GigabitEthernet1/0/10] port default vlan 10 //Add the interface to VLAN 10.
[HTTPS_Server-GigabitEthernet1/0/10] quit
Step 2 Enable the HTTPS service.
[HTTPS_Server] http secure-server enable //The HTTPS service is enabled by default and does not
require manual configuration. If the HTTPS service is manually disabled, run this command to enable it.
[HTTPS_Server] http server-source -i Vlanif 10 //Set the source interface of the server to VLANIF 10 so
that the client can connect to the server through 192.168.0.1.
Step 3 Configure a web user and enter the web system login page.
# Configure a web user.
[HTTPS_Server] aaa
[HTTPS_Server-aaa] local-user admin password irreversible-cipher Helloworld@6789 //Set the login
password to Helloworld@6789.
[HTTPS_Server-aaa] local-user admin privilege level 15 //Set the user level to 15.
Warning: This operation may affect online users, are you sure to change the user privilege level ?[Y/N]Y
[HTTPS_Server-aaa] local-user admin service-type http //Set the user service type to HTTP.
[HTTPS_Server-aaa] quit
# Enter the web system login page.
Open the web browser on the PC, type https://192.168.0.1 in the address box, and
press Enter. The web system login page is displayed, as shown in Figure 3-16.
Table 3-4 lists browser versions required for login to a switch through the web
system. If the browser version or browser patch version is not within the preceding
ranges, the web page may not be properly displayed. Upgrade the browser and
browser patch. In addition, the browser must support JavaScript.
Enter the web user name admin and password Helloworld@6789, and click GO
or press Enter. The web system home page is displayed. The EasyOperation web
system is logged in by default.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 119
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
Table 3-4 Mapping between the product version and browser version
Product Browser Version for Browser Version for Classic
Version EasyOperation Web System Web System
V200R006 IE 8.0 to 11.0, Firefox 12.0 to IE 8.0 to 11.0, or Firefox 12.0 to
28.0, or Chrome 23.0 to 34.0 28.0
V200R007 IE 8.0 to 11.0, Firefox 12.0 to IE 8.0 to 11.0, or Firefox 12.0 to
32.0, or Chrome 23.0 to 37.0 32.0
V200R008 IE 10.0, IE 11.0, Firefox 31.0 to IE 10.0, IE 11.0, or Firefox 31.0
35.0, or Chrome 30.0 to 39.0 to 35.0
V200R009 IE 10.0, IE 11.0, Firefox 35.0 to IE 10.0, IE 11.0, or Firefox 35.0
45.0, or Chrome 34.0 to 49.0 to 45.0
V200R010 Microsoft Edge, IE 10.0, IE 11.0, IE 10.0, IE 11.0, or Firefox 39.0
Firefox 39.0 to 49.0, or Chrome to 49.0
39.0 to 54.0
V200R011C Microsoft Edge, IE 10.0, IE 11.0, –
10 Firefox 53.0 to 59.0, or Chrome
54.0 to 66.0
V200R012( Microsoft Edge, IE 10.0, IE 11.0, –
C00&C20) Firefox 53.0 to 59.0, or Chrome
54.0 to 66.0
V200R013C Microsoft Edge, IE 10.0, IE 11.0, –
00 Firefox 58.0 to 62.0, or Chrome
60.0 to 69.0
V200R013C Microsoft Edge, IE10.0, IE11.0, –
02 Firefox 61.0 to Firefox 66.0, or
Chrome 64.0 to Chrome 73.0
V200R019C Microsoft Edge, IE10.0, IE11.0, –
00 Firefox 61.0 to Firefox 66.0, or
Chrome 64.0 to Chrome 73.0
V200R019C Microsoft Edge, IE10.0, IE11.0, –
10 Firefox 61.0 to Firefox 66.0, or
Chrome 64.0 to Chrome 73.0
V200R020C Microsoft Edge, IE10.0, IE11.0, –
00 Firefox 61.0 to Firefox 66.0, or
Chrome 64.0 to Chrome 73.0
V200R020C Microsoft Edge, IE10.0, IE11.0, –
10 Firefox 61.0 to Firefox 66.0, or
Chrome 64.0 to Chrome 73.0
V200R021C Microsoft Edge, IE10.0, IE11.0, –
00 Firefox 85.0 to Firefox 89.0, or
Chrome 82.0 to Chrome 91.0
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 120
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
Product Browser Version for Browser Version for Classic
Version EasyOperation Web System Web System
V200R021C Microsoft Edge, IE10.0, IE11.0, –
00SPC600 Firefox 85.0 to Firefox 89.0, or
Chrome 82.0 to Chrome 91.0
V200R021C Microsoft Edge, IE10.0, IE11.0, –
01 Firefox 85.0 to Firefox 89.0, or
Chrome 82.0 to Chrome 91.0
V200R021C Microsoft Edge, IE10.0, IE11.0, –
10 Firefox 85.0 to Firefox 89.0, or
Chrome 82.0 to Chrome 91.0
V200R022C Microsoft Edge, IE10.0, IE11.0, –
00 Firefox 97.0 to Firefox 101.0, or
Chrome 93.0 to Chrome 102.0
V200R022C Microsoft Edge, IE10.0, IE11.0, –
10 Firefox 107.0 to Firefox 111.0,
or Chrome 102.0 to Chrome
111.0
Figure 3-16 Web system login page
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 121
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
Step 4 Verify the configuration.
Log in to the switch through the web system. The login succeeds.
Run the display http server command to view the status of the HTTPS server.
[HTTPS_Server] display http server
HTTP Server Status : enabled
HTTP Server Port : 80(80)
HTTP Timeout Interval : 20
Current Online Users :0
Maximum Users Allowed :5
HTTP Secure-server Status : enabled
HTTP Secure-server Port : 443(443)
HTTP SSL Policy : Default
HTTP IPv6 Server Status : disabled
HTTP IPv6 Server Port : 80(80)
HTTP IPv6 Secure-server Status : disabled
HTTP IPv6 Secure-server Port : 443(443)
HTTP server source address : 0.0.0.0 //This field displays HTTP server source interface in V200R020
and later versions.
----End
Configuration Files
HTTPS_Server configuration file
#
sysname HTTPS_Server
#
vlan batch 10
#
aaa
local-user admin password irreversible-cipher %#%#wU:(2j8~r8Htyu3.]',NwU`Td[-A9~9"%4Kvhm'0RV[/
U`Ww%#%#
local-user admin privilege level 15
local-user admin service-type http
#
interface Vlanif10
ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet1/0/10
port link-type access
port default vlan 10
#
return
3.2 Typical File Management Configuration
3.2.1 Example for Logging In to the Switch to Manage Files
Overview
You can log in to the switch using the console port, Telnet, or STelnet to manage
storage, directories, and local files. Only logged in users can manage the storage.
To transfer files, you can use FTP, TFTP, Secure Copy Protocol (SCP), or FTPS.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 122
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
Configuration Notes
● Before logging in to the switch to manage files, complete the following task:
– Log in to the switch from a terminal.
● This example applies to all versions of all S series switches.
NOTE
The following uses the command lines and outputs of the S5320-EI running V200R008C00 as an
example.
Networking Requirements
A user logs in to the Switch using the console port, Telnet, or STelnet from the PC,
and needs to perform the following operations on the files on the Switch:
● View the files and subdirectories in the current directory.
● Create the directory test. Copy the file vrpcfg.zip to test and rename the file
as backup.zip.
● View files in test.
Figure 3-17 Networking diagram for logging in to the switch to manage files
Procedure
Step 1 View the files and subdirectories in the current directory.
<Quidway> system-view
[Quidway] sysname Switch
[Switch] quit
<Switch> dir
Directory of flash:/
Idx Attr Size(Byte) Date Time FileName
0 -rw- 889 Mar 01 2012 14:41:56 private-data.txt
1 -rw- 6,311 Feb 17 2012 14:05:04 backup.cfg
2 -rw- 2,393 Mar 06 2012 17:20:10 vrpcfg.zip
3 -rw- 812 Dec 12 2011 15:43:10 hostkey
4 drw- - Mar 01 2012 14:41:46 compatible
5 -rw- 540 Dec 12 2011 15:43:12 serverkey
...
509,256 KB total (52,752 KB free)
Step 2 Create the directory test. Copy the file vrpcfg.zip to test and rename the file as
backup.zip.
# Create the directory test.
<Switch> mkdir test
Info: Create directory flash:/test......Done.
# Copy the file vrpcfg.zip to test and rename the file as backup.zip.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 123
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
<Switch> copy vrpcfg.zip flash:/test/backup.zip //Set the target file name to backup.zip. If not
specified, the target file name is the same as the source file name.
Copy flash:/vrpcfg.zip to flash:/test/backup.zip?[Y/N]:y
100% complete/
Info: Copied file flash:/vrpcfg.zip to flash:/test/backup.zip...Done.
Step 3 View files in test.
# Access test.
<Switch> cd test
# View the current directory.
<Switch> pwd
flash:/test
# View files in test.
<Switch> dir
Directory of flash:/test/
Idx Attr Size(Byte) Date Time FileName
0 -rw- 2,399 Mar 12 2012 11:16:44 backup.zip
509,256 KB total (52,748 KB free)
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
return
3.2.2 Example for Managing Files Using FTP
Overview
After a switch is configured as an FTP server, users can access the switch using the
FTP client software on the local terminals. Users can then manage files between
the switch and local terminals. The configuration for managing files using FTP is
simple, and FTP supports file transfer and file directory management.
FTP provides the authorization and authentication functions for managing files.
However, data is transferred in plaintext, which brings security risks.
FTP is applicable to file management when high network security is not required,
and is often used in version upgrades.
Configuration Notes
● Before managing files using FTP, complete the following tasks:
– Ensure that routes are reachable between the terminal and the switch.
– Ensure that FTP client software is installed on the terminal.
● FTP is an insecure protocol. Using SFTP V2, Secure Copy Protocol (SCP), or
FTPS is recommended.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 124
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
● If the number of FTP users on the switch reaches the maximum value (5),
new authorized users cannot log in. To ensure that new FTP users successfully
log in to the switch, FTP users who have completed file operations need to
get offline.
● This example applies to all versions of all S series switches.
NOTE
The following uses the command lines and outputs of the S5320-EI running V200R008C00 as an
example.
Networking Requirements
As shown in Figure 3-18, the PC connects to the switch, and the IP address of the
management network interface on the switch is 10.136.23.5. The switch needs to
be upgraded. The switch is required to function as the FTP server so that you can
upload the system software from the PC to the switch and back up the
configuration file to the PC.
Figure 3-18 Networking diagram for managing files using FTP
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure the FTP function for the switch and information about an FTP user,
including the user name and password, user level, service type, and
authorized directory.
2. Save the current configuration file on the switch.
3. Establish an FTP connection between the PC and the switch.
4. Upload the system software to the switch and back up the configuration file
of the switch to the PC.
Procedure
Step 1 Configure the FTP function for the switch and information about an FTP user.
<Quidway> system-view
[Quidway] sysname FTP_Server
[FTP_Server] ftp server enable //Enable the FTP server function.
[FTP_Server] ftp server-source -i Vlanif 10 //Configure the source interface of the server as the interface
corresponding to 10.136.23.5. Assume that the interface is Vlanif 10.
[FTP_Server] aaa
[FTP_Server-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789 //Set the login
password to Helloworld@6789.
[FTP_Server-aaa] local-user admin1234 privilege level 15 //Set the user level to 15.
[FTP_Server-aaa] local-user admin1234 service-type ftp //Set the user service type to FTP.
[FTP_Server-aaa] local-user admin1234 ftp-directory flash:/ //Set the FTP service authorized directory to
flash:/.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 125
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
[FTP_Server-aaa] quit
[FTP_Server] quit
Step 2 Save the current configuration file on the switch.
<FTP_Server> save
Step 3 Establish an FTP connection between the PC and the switch. Enter the user name
admin1234 and password Helloworld@6789 and set the file transfer mode to
binary.
The following example assumes that the PC runs the Windows XP operating
system.
C:\Documents and Settings\Administrator> ftp 10.136.23.5
Connected to 10.136.23.5.
220 FTP service ready.
User (10.136.23.5:(none)): admin1234
331 Password required for admin1234.
Password:
230 User logged in.
ftp> binary //Set the file transfer mode to binary. The default mode is ASCII.
200 Type set to I.
ftp>
The ASCII mode is used to transfer text files, and the binary mode is used to
transfer programs including the system software (with the file name extension
of .cc, .bin, or .pat), images, voices, videos, compressed packages, and database
files.
Step 4 Upload the system software to the switch and back up the configuration file of
the switch to the PC.
# Upload the system software to the switch.
ftp> put devicesoft.cc
200 Port command okay.
150 Opening BINARY mode data connection for devicesoft.cc
226 Transfer complete.
ftp: 106616955 bytes sent in 151.05 Seconds 560.79Kbytes/sec.
# Back up the configuration file of the switch to the PC.
ftp> get vrpcfg.zip
200 Port command okay.
150 Opening BINARY mode data connection for vrpcfg.zip.
226 Transfer complete.
ftp: 1257 bytes received in 0.03Seconds 40.55Kbytes/sec.
NOTE
Before uploading and downloading files to the FTP server, determine the FTP working
directory on the FTP client. For example, the default FTP working directory on the Windows
XP operating system is the login user working directory (such as C:\Documents and
Settings\Administrator). This directory also stores the system software to be uploaded and
backup configuration file.
Step 5 Verify the configuration.
# Run the dir command on the switch to check whether the system software is
uploaded to the switch.
<FTP_Server> dir
Directory of flash:/
Idx Attr Size(Byte) Date Time FileName
0 -rw- 14 Mar 13 2012 14:13:38 back_time_a
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 126
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
1 drw- - Mar 11 2012 00:58:54 logfile
2 -rw- 4 Nov 17 2011 09:33:58 snmpnotilog.txt
3 -rw- 11,238 Mar 12 2012 21:15:56 private-data.txt
4 -rw- 1,257 Mar 12 2012 21:15:54 vrpcfg.zip
5 -rw- 14 Mar 13 2012 14:13:38 back_time_b
6 -rw- 106,616,955 Mar 13 2012 14:24:24 devicesoft.cc
7 drw- - Oct 31 2011 10:20:28 sysdrv
8 drw- - Feb 21 2012 17:16:36 compatible
9 drw- - Feb 09 2012 14:20:10 selftest
10 -rw- 19,174 Feb 20 2012 18:55:32 backup.cfg
11 -rw- 23,496 Dec 15 2011 20:59:36 20111215.zip
12 -rw- 588 Nov 04 2011 13:54:04 servercert.der
13 -rw- 320 Nov 04 2011 13:54:26 serverkey.der
14 drw- - Nov 04 2011 13:58:36 security
...
509,256 KB total (52,752 KB free)
# Check whether the file vrpcfg.zip is stored in the FTP working directory on the
PC.
----End
Configuration Files
FTP_Server configuration file
#
sysname FTP_Server
#
FTP server enable
#
aaa
local-user admin1234 password irreversible-cipher %^%#-=9Z)M,-aL$_U%#$W^1T-\}Fqpe$E<#H
$J<6@KTSL/J'\}I-%^%#
local-user admin1234 privilege level 15
local-user admin1234 ftp-directory flash:/
local-user admin1234 service-type ftp
#
return
3.2.3 Example for Managing Files Using SFTP
Overview
After a switch is configured as an SFTP server, users can communicate with the
switch using SFTP. The SSH protocol can be used to ensure connection security.
SFTP implements data encryption and protects data integrity, ensuring high
security. Both SFTP and FTP configured for the switch.
SFTP is applicable to file management when high network security is required, and
is often used for downloading logs and backing up the configuration file.
Configuration Notes
● Before managing files using SFTP, complete the following tasks:
– Ensure that routes are reachable between the terminal and the switch.
– Ensure that SSH client software is installed on the terminal.
● SFTP V1 is an insecure protocol. Using SFTP V2 or FTPS is recommended.
● This example applies to all versions of all S series switches.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 127
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
NOTE
The following uses the command lines and outputs of the S5320-EI running V200R008C00 as an
example.
Networking Requirements
As shown in Figure 3-19, the PC connects to the switch, and the IP address of the
management network interface on the switch is 10.136.23.4. Files need to be
securely transferred between the PC and switch to prevent man-in-the-middle
attacks and some network attacks (such as DNS spoofing and IP spoofing).
Configure the switch as the SSH server to provide the SFTP service so that the SSH
server can authenticate the client and encrypt data in bidirectional mode to
ensure secure file transfer.
Figure 3-19 Networking diagram for managing files using SFTP
Configuration Roadmap
The configuration roadmap is as follows:
1. Generate a local key pair on the SSH server and enable the SFTP server
function to implement secure data exchange between the server and client.
2. Configure VTY user interfaces on the SSH server.
3. Configure an SSH user, including the authentication mode, service type, SFTP
authorized directory, user name, and password.
4. Use the third-party software OpenSSH to access the SSH server.
Procedure
Step 1 Generate a local key pair on the SSH server and enable the SFTP server function.
<Quidway> system-view
[Quidway] sysname SSH_Server
[SSH_Server] dsa local-key-pair create //Generate a local DSA key pair.
Info: The key name will be: SSH_Server_Host_DSA.
Info: The key modulus can be any one of the following : 1024,
2048.
Info: If the key modulus is greater than 512, it may take a few
minutes.
Please input the modulus [default=2048]: //Press Enter. The default key length (2048 bits) is
used.
Info: Generating keys...
Info: Succeeded in creating the DSA host keys.
[SSH_Server] sftp server enable //Enable the SFTP server function.
[SSH_Server] ssh server-source -i Vlanif 10 //Configure the source interface of the server as the interface
corresponding to 10.136.23.4. Assume that the interface is Vlanif 10.
Step 2 # Configure VTY user interfaces on the SSH_Server.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 128
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
[SSH_Server] user-interface vty 0 14 //Enter the user interface views of VTY 0 to VTY 14.
[SSH_Server-ui-vty0-14] authentication-mode aaa //Set the authentication mode of users in VTY 0 to
VTY 14 to AAA.
[SSH_Server-ui-vty0-14] protocol inbound ssh //Configure the user interface views of VTY 0 to VTY 14 to
support SSH.
[SSH_Server-ui-vty0-14] quit
Step 3 Configure an SSH user, including the authentication mode, service type, SFTP
authorized directory, user name, and password.
[SSH_Server] ssh user client001 authentication-type password //Set the authentication mode to
password authentication.
[SSH_Server] ssh user client001 service-type sftp //Set the user service type to SFTP.
[SSH_Server] ssh user client001 sftp-directory flash: //Set the SFTP service authorized directory to flash:.
[SSH_Server] aaa
[SSH_Server-aaa] local-user client001 password irreversible-cipher Helloworld@6789 //Set the login
password to Helloworld@6789.
[SSH_Server-aaa] local-user client001 privilege level 15 //Set the user level to 15.
[SSH_Server-aaa] local-user client001 service-type SSH //Set the user service type to SSH.
[SSH_Server-aaa] quit
Step 4 Access the SFTP server using OpenSSH.
OpenSSH commands can be used in the Windows Command Prompt window only
after the OpenSSH software is installed.
NOTE
Ensure that the OpenSSH version matches the operating system of the PC. Otherwise, you
may fail to access the switch using SFTP.
Figure 3-20 Windows Command Prompt window
After the PC connects to the switch using the third-party software, enter the SFTP
view to perform file operations.
----End
Configuration Files
SSH_Server configuration file
#
sysname SSH_Server
#
aaa
local-user client001 password irreversible-cipher %^%#-=9Z)M,-aL$_U%#$W^1T-\}Fqpe$E<#H$J<6@KTSL/
J'\}I-%^%#
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 129
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
local-user client001 privilege level 15
local-user client001 service-type ssh
#
sftp server enable
ssh user client001
ssh user client001 authentication-type password
ssh user client001 service-type sftp
ssh user client001 sftp-directory flash:
#
user-interface vty 0 14
authentication-mode aaa
#
return
3.2.4 Example for Accessing Files on Other Devices Using TFTP
Overview
After a switch is configured as a TFTP client, it can access the remote TFTP server
to upload and download files on the TFTP server. When you access other devices
using TFTP, you do not need to enter the user name or password, simplifying
information exchange. TFTP has no authorization or authentication mechanism
and transfers data in plaintext, which brings security risks and is vulnerable to
network viruses and attacks. Exercise caution when using TFTP.
On a good-performance LAN in a lab, TFTP can be used for the system software
loading and upgrade.
Configuration Notes
● Before accessing files on the TFTP server, ensure that routes are reachable
between the switch and TFTP server.
● The switch can only function as a TFTP client.
● The TFTP mode supports only file transfer, but does not support interaction.
● TFTP has no authorization or authentication mechanism and transfers data in
plaintext, which brings security risks and is vulnerable to network viruses and
attacks.
● This example applies to all versions of all S series switches.
NOTE
The following uses the command lines and outputs of the S5320-EI running V200R008C00 as an
example.
Networking Requirements
As shown in Figure 3-21, the remote server at IP address 10.1.1.1/24 functions as
the TFTP server. The switch at IP address 10.2.1.1/24 functions as the TFTP client
and has reachable routes to the TFTP server.
The switch needs to be upgraded. You need to download the system software
from the TFTP server to the switch and back up the current configuration file of
the switch to the TFTP server.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 130
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
Figure 3-21 Networking diagram for accessing files on another device using TFTP
Configuration Roadmap
The configuration roadmap is as follows:
1. Run the TFTP software on the TFTP server and set the TFTP working directory.
2. Upload and download files on the switch using TFTP commands.
Procedure
Step 1 Run the TFTP software on the TFTP server and set the TFTP working directory. For
the detailed operations, see the help document of the third-party TFTP software.
Step 2 Upload and download files on the switch using TFTP commands.
<Quidway> tftp 10.1.1.1 get devicesoft.cc //Download devicesoft.cc.
Info: Transfer file in binary mode.
Downloading the file from the remote TFTP server. Please
wait...
|
TFTP: Downloading the file successfully.
106616955 byte(s) received in 722 second(s).
<Quidway> tftp 10.1.1.1 put vrpcfg.zip //Upload vrpcfg.zip.
Info: Transfer file in binary mode.
Uploading the file to the remote TFTP server. Please wait...
100%
TFTP: Uploading the file successfully.
7717 byte(s) sent in 1 second(s).
Step 3 Verify the configuration.
# Run the dir command on the switch to check whether the system software is
downloaded to the switch.
<Quidway> dir
Directory of flash:/
Idx Attr Size(Byte) Date Time FileName
0 -rw- 14 Mar 13 2012 14:13:38 back_time_a
1 drw- - Mar 11 2012 00:58:54 logfile
2 -rw- 4 Nov 17 2011 09:33:58 snmpnotilog.txt
3 -rw- 11,238 Mar 12 2012 21:15:56 private-data.txt
4 -rw- 7,717 Mar 12 2012 21:15:54 vrpcfg.zip
5 -rw- 14 Mar 13 2012 14:13:38 back_time_b
6 -rw- 106,616,955 Mar 13 2012 14:24:24 devicesoft.cc
7 drw- - Oct 31 2011 10:20:28 sysdrv
8 drw- - Feb 21 2012 17:16:36 compatible
9 drw- - Feb 09 2012 14:20:10 selftest
10 -rw- 19,174 Feb 20 2012 18:55:32 backup.cfg
11 -rw- 43,496 Dec 15 2011 20:59:36 20111215.zip
12 -rw- 588 Nov 04 2011 13:54:04 servercert.der
13 -rw- 320 Nov 04 2011 13:54:26 serverkey.der
14 drw- - Nov 04 2011 13:58:36 security
...
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 131
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
509,256 KB total (52,752 KB free)
# Check whether the file vrpcfg.zip is stored in the working directory on the TFTP
server.
----End
Configuration Files
None
3.2.5 Example for Accessing Files on Other Devices Using FTP
Overview
After a switch is configured as an FTP client, it can log in to the FTP server for
transferring files and managing files and directories on the FTP server. The
configuration for accessing other devices using FTP is simple, and FTP supports file
transfer and file directory management. FTP provides the authorization and
authentication functions for managing files. However, data is transferred in
plaintext, which brings security risks.
FTP is applicable to file transfer when high network security is not required, and is
often used for downloading the system software from the FTP server and backing
up the configuration file.
Configuration Notes
● Before accessing files on the FTP server, ensure that routes are reachable
between the switch and FTP server.
● FTP is an insecure protocol. Using SFTP V2, Secure Copy Protocol (SCP), or
FTPS is recommended.
● This example applies to all versions of all S series switches.
NOTE
The following uses the command lines and outputs of the S5320-EI running V200R008C00 as an
example.
Networking Requirements
As shown in Figure 3-22, the remote server at IP address 10.1.1.1/24 functions as
the FTP server. The switch at IP address 10.2.1.1/24 functions as the FTP client and
has reachable routes to the FTP server.
The switch needs to be upgraded. You need to download the system software
from the FTP server to the switch and back up the current configuration file of the
switch to the FTP server.
Figure 3-22 Networking diagram for accessing files on another device using FTP
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 132
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1. Run the FTP software on the FTP server and configure an FTP user.
2. Establish an FTP connection between the switch and the FTP server.
3. Upload and download files on the switch using FTP commands.
Procedure
Step 1 Run the FTP software on the FTP server and configure an FTP user. For the
detailed operations, see the help document of the third-party FTP software.
Step 2 Establish an FTP connection between the switch and the FTP server.
<Quidway> ftp 10.1.1.1
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1.
220 FTP service ready.
User(10.1.1.1:(none)):admin
331 Password required for admin.
Enter password:
230 User logged in.
Step 3 Upload and download files on the switch using FTP commands.
[ftp] binary //Set the file transfer mode to binary. The default mode is ASCII.
[ftp] get devicesoft.cc //Download the system software on the FTP server to the switch.
[ftp] put vrpcfg.zip //Upload the backup configuration file on the switch to the FTP server.
[ftp] quit
The ASCII mode is used to transfer text files, and the binary mode is used to
transfer programs including the system software (with the file name extension
of .cc, .bin, or .pat), images, voices, videos, compressed packages, and database
files.
Step 4 Verify the configuration.
# Run the dir command on the switch to check whether the system software is
downloaded to the switch.
<Quidway> dir
Directory of flash:/
Idx Attr Size(Byte) Date Time FileName
0 -rw- 14 Mar 13 2012 14:13:38 back_time_a
1 drw- - Mar 11 2012 00:58:54 logfile
2 -rw- 4 Nov 17 2011 09:33:58 snmpnotilog.txt
3 -rw- 11,238 Mar 12 2012 21:15:56 private-data.txt
4 -rw- 7,717 Mar 12 2012 21:15:54 vrpcfg.zip
5 -rw- 14 Mar 13 2012 14:13:38 back_time_b
6 -rw- 106,616,955 Mar 13 2012 14:24:24 devicesoft.cc
7 drw- - Oct 31 2011 10:20:28 sysdrv
8 drw- - Feb 21 2012 17:16:36 compatible
9 drw- - Feb 09 2012 14:20:10 selftest
10 -rw- 19,174 Feb 20 2012 18:55:32 backup.cfg
11 -rw- 43,496 Dec 15 2011 20:59:36 20111215.zip
12 -rw- 588 Nov 04 2011 13:54:04 servercert.der
13 -rw- 320 Nov 04 2011 13:54:26 serverkey.der
14 drw- - Nov 04 2011 13:58:36 security
...
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 133
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
509,256 KB total (52,752 KB free)
# Check whether the file vrpcfg.zip is stored in the working directory on the FTP
server.
----End
Configuration Files
None
3.2.6 Example for Accessing Files on Other Devices Using SFTP
Overview
SFTP is an SSH-based secure file transfer protocol, which uses secure connections
for data transmission. After a switch is configured as an SFTP client, the remote
SFTP server can authenticate the client and encrypt data in bidirectional mode to
ensure secure file transfer and directory management.
SFTP is applicable to accessing files on other devices when high network security
is required, and is used for uploading and downloading logs.
Configuration Notes
● Before accessing files on the SSH server using SFTP, ensure that routes are
reachable between the switch and SSH server.
● SFTP V1 is an insecure protocol. Using SFTP V2 or FTPS is recommended.
● This example applies to all versions of all S series switches.
NOTE
The following uses the command lines and outputs of the S5320-EI running V200R008C00 as an
example.
Networking Requirements
As shown in Figure 3-23, the routes between the SSH server and clients client001
and client002 are reachable. A Huawei switch is used as the SSH server in this
example.
The clients client001 and client002 are required to connect to the SSH server in
password and DSA authentication modes respectively to ensure secure access to
files on the SSH server.
Figure 3-23 Networking diagram for accessing files on another device using SFTP
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 134
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
Configuration Roadmap
The configuration roadmap is as follows:
1. Generate a local key pair on the SSH server and enable the SFTP server
function to implement secure data exchange between the server and client.
2. Configure the clients client001 and client002 on the SSH server to log in to
the SSH server in password and DSA authentication modes, respectively.
3. Generate a local key pair on client002 and configure the generated DSA
public key on the SSH server, which implements authentication for the client
when a user logs in to the server from the client.
4. On the SSH server, enable client001 and client002 to log in to the SSH server
using SFTP and access the files.
Procedure
Step 1 On the SSH server, generate a local key pair and enable the SFTP server function.
<Quidway> system-view
[Quidway] sysname SSH Server
[SSH Server] dsa local-key-pair create //Generate a local DSA key pair.
Info: The key name will be: SSH Server_Host_DSA.
Info: The key modulus can be any one of the following : 1024,
2048.
Info: If the key modulus is greater than 512, it may take a few
minutes.
Please input the modulus [default=2048]: //Press Enter. The default key length (2048 bits) is used.
Info: Generating keys........
Info: Succeeded in creating the DSA host keys.
[SSH Server] sftp server enable //Enable the SFTP server function. In V200R020 and later versions, you
must run the ssh server-source command to set the source interface of the server to the interface using
the IP address 10.1.1.1 so that the client can connect to the server through 10.1.1.1.
[SSH_Server] ssh server-source -i Vlanif 10 //Configure the source interface of the server as the interface
corresponding to 10.1.1.1. Assume that the interface is Vlanif 10.
Info: Succeeded in starting the SFTP server.
Step 2 Create SSH users on the SSH server.
# Configure VTY user interfaces on the SSH server.
[SSH Server] user-interface vty 0 4 //Enter the user interface views of VTY 0 to VTY 4.
[SSH Server-ui-vty0-4] authentication-mode aaa //Set the authentication mode of users in VTY 0 to VTY
4 to AAA.
[SSH Server-ui-vty0-4] protocol inbound ssh //Configure the user interface views of VTY 0 to VTY 4 to
support SSH.
[SSH Server-ui-vty0-4] user privilege level 3 //Set the user level to 3.
[SSH Server-ui-vty0-4] quit
# Create an SSH user named client001 and configure the password
authentication mode for the user.
[SSH Server] ssh user client001 //Create an SSH user.
[SSH Server] ssh user client001 authentication-type password //Set the authentication mode to
password authentication.
[SSH Server] ssh user client001 service-type sftp //Set the user service type to SFTP.
[SSH Server] ssh user client001 sftp-directory flash: //Set the SFTP service authorized directory to flash:.
[SSH Server] aaa
[SSH Server-aaa] local-user client001 password irreversible-cipher Helloworld@6789 //Set the login
password to Helloworld@6789.
[SSH Server-aaa] local-user client001 service-type ssh //Set the user service type to SSH.
[SSH Server-aaa] local-user client001 privilege level 3 //Set the user level to 3.
[SSH Server-aaa] quit
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 135
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
# Create an SSH user named client002 and configure the DSA authentication
mode for the user.
[SSH Server] ssh user client002 //Create an SSH user.
[SSH Server] ssh user client002 authentication-type dsa //Set the authentication mode to DSA
authentication.
[SSH Server] ssh user client002 service-type sftp //Set the user service type to SFTP.
[SSH Server] ssh user client002 sftp-directory flash: //Set the SFTP service authorized directory to flash:.
Step 3 Generate a local key pair on client002 and configure the generated DSA public
key on the SSH server.
# Generate a local key pair on client002.
<Quidway> system-view
[Quidway] sysname client002
[client002] dsa local-key-pair create //Generate a local DSA key pair.
Info: The key name will be: SSH Server_Host_DSA.
Info: The key modulus can be any one of the following : 1024,
2048.
Info: If the key modulus is greater than 512, it may take a few
minutes.
Please input the modulus [default=2048]: //Press Enter. The default key length (2048 bits) is used.
Info: Generating keys........
Info: Succeeded in creating the DSA host keys.
# Check the DSA public key generated on client002.
[client002] display dsa local-key-pair public
=====================================================
Time of Key pair created:2014-08-27 06:35:16+08:00
Key name : client002_Host_DSA
Key modulus : 2048
Key type : DSA encryption Key
Key fingerprint: b7:68:86:90:d8:19:f3:e6:4a:f2:e9:fd:e4:24:ef:a5
=====================================================
Key code:
30820322
02820100
DEDEBA5C 8244DCB8 E696917C EFEBC0B3
E6FB60BE
8B9E36D3 E4EB9CD6 EB7FD210 219AC0F4
1AD47BF1
EACD435D 39AFA8FA CB6A7819 305EE147
E428912E
60452B37 CA17D611 C2EE4C46 B4BC7726
54C26856
A99ECFA5 D800367B 31A90522 F139496F
4182DBFD
AAB59973 9AB02185 856A881F 9197368B
92DBF684
9D1C746B A27E12F9 8A28E4B6 D0587D65
5979A750
5413E91E FC961C3F 79209625 CFA8D7D4
69FA35A3
9E37B614 047D535D CD63AF30 58B3A25B
79C714B6
326B7DB6 067EBF15 3CC1A720 B0E1A7E3
9C13FEB3
BA26E6B0 52DC5BFF EE7C5C52 148FE6C2
40738FBB
8F05D416 B2B5DD72 E3629BB5 9244BF9F
A29C4FCD
4EA0EE50 1FC6695D 03D68D51
9324E493
0214
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 136
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
C6C484E1 F0076B8A FCAD302B 98B50A3A
542ABEBB
02820100
3AC11746 EE959CBD 30F669C5 7E290BC4
7CB5BBFD
96AE9215 7A29C723 72FE8A02 EBED3B76
BE810B42
21AD8D32 F7723F83 59F46B66 FF7805CC
3F86D5D6
5BD424BD 70677EFF 1ACF9B3C CE02CD40
46560DA4
2036205C 6EFAB148 66E6A106 0DF6258B
EE31CFE7
4B6C59B4 6FE59A9F BE64F982 EC36A669
FF597FB7
9A56E32E C15A0659 3D17C407 29F587C7
74959017
62B08070 24564B2E E79C6E1D 86793548
76CC662A
1D3DE1D1 2C79E102 C0B10E5C 9C4428B3
AEB93278
26D4CDE5 189A93EA 531E0FF8 2199EF35
DF038976
4538434F F39924F0 5BF17AC8 8E340991
B5EA0A62
A915EE63 F660C092 360C5D2D 796AF230
DB7461F7
C15B6DBA 65C9EFAB 247DB13D
4942E2FF
02820100
D7C6399A 86F7B38C 85168EF8 692BD9B4
01AA7BCD
98559075 98039259 0C54818C 650A95C7
0A5250EB
12124E5B C4123350 C190CC8B 4FFFD418
7E8F113F
6C36AB4B A56D2D1D 2C874C75 8400DAFE
4BABF957
4EDC8E7C DF5934DB 3AD717E5 50B1096B
C0B46DE5
3FB508FA CB76FF1C 42CF7082 7DDEEB47
5C5C4F64
B1C8815C 496AC1E0 04C10EDD FE849B76
6DA15B48
0C9CF0B1 10BDDC08 41A65C28 8E21ADC6
48A93DF6
14552C1F 76A401AE E06E482D 6582052E
5B11A678
A467B38A B77C1C55 D367E253 FFA44841
FC38A462
B9AC24E6 DAD01628 F09ED629 58F666C1
1DEF7BD0
634C3D13 D75F2614 8CB49AFC 498A5195
F443CA4D
C02FF228 A90D7593 AE46C5D0 4B224FEE
Host public key for PEM format code:
---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1kc3MAAAEBAN7eulyCRNy45paRfO/rwLPm+2C
+i5420+TrnNbrf9IQ
IZrA9BrUe/HqzUNdOa+o
+stqeBkwXuFH5CiRLmBFKzfKF9YRwu5MRrS8dyZUwmhW
qZ7PpdgANnsxqQUi8TlJb0GC2/2qtZlzmrAhhYVqiB
+RlzaLktv2hJ0cdGuifhL5
iijkttBYfWVZeadQVBPpHvyWHD95IJYlz6jX1Gn6NaOeN7YUBH1TXc1jrzBYs6Jb
eccUtjJrfbYGfr8VPMGnILDhp+OcE/6zuibmsFLcW//ufFxSFI/
mwkBzj7uPBdQW
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 137
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
srXdcuNim7WSRL+fopxPzU6g7lAfxmldA9aNUZMk5JMAAAAVAMbEhOHwB2uK/
K0w
K5i1CjpUKr67AAABADrBF0bulZy9MPZpxX4pC8R8tbv9lq6SFXopxyNy/
ooC6+07
dr6BC0IhrY0y93I/g1n0a2b/eAXMP4bV1lvUJL1wZ37/Gs
+bPM4CzUBGVg2kIDYg
XG76sUhm5qEGDfYli+4xz+dLbFm0b+Wan75k+YLsNqZp/1l/
t5pW4y7BWgZZPRfE
Byn1h8d0lZAXYrCAcCRWSy7nnG4dhnk1SHbMZiodPeHRLHnhAsCxDlycRCizrrky
eCbUzeUYmpPqUx4P+CGZ7zXfA4l2RThDT/
OZJPBb8XrIjjQJkbXqCmKpFe5j9mDA
kjYMXS15avIw23Rh98Fbbbplye
+rJH2xPUlC4v8AAAEAVkz2m0fokxPL5DekN8U4
2SkvxBhh7W+pMLesuDOBY9PIqfwcZqY23Oi7/eJGojmX0wYTOWi8t09Qn/
LmeFNt
AEaxHc4nLmvjxDuyjoTSA/AAYJDYJ6HWZoScy3mzDCUtEMGuaL/
6SRUuH5wf9hMf
LZzmb6ETrf8S5RZWVyZv3TKm3/
FEAH7PNQYe8BYYG3SCfvgtqYQzRTZrDL6wLbCo
otdHydlhfz9CtIYH3gfhnjXoq/
X6HLQAFTexhBuoJ7nCtjC9c1HhJFicadQK2iY/
AOOu8jCp0l6vOUH4cniOONh6Mts9UiJNYnvZsjVJFzdkRsNpvcMBhK4/
NneGPPMN
+A==
---- END SSH2 PUBLIC KEY ----
Public key code for pasting into OpenSSH authorized_keys
file :
ssh-dss AAAAB3NzaC1kc3MAAAEBAN7eulyCRNy45paRfO/rwLPm+2C+i5420+TrnNbrf9IQIZrA9BrUe/
HqzUNdOa+o+stqeBkwXuFH5CiRLmBFKzfKF9YRwu5MRrS8dyZU
wmhWqZ7PpdgANnsxqQUi8TlJb0GC2/2qtZlzmrAhhYVqiB
+RlzaLktv2hJ0cdGuifhL5iijkttBYfWVZeadQVBPpHvyWHD95IJYlz6jX1Gn6NaOeN7YUBH1TXc1jrzBYs6Jb
eccUtjJrfbYGfr8VPMGnILDhp+OcE/6zuibmsFLcW//ufFxSFI/mwkBzj7uPBdQWsrXdcuNim7WSRL
+fopxPzU6g7lAfxmldA9aNUZMk5JMAAAAVAMbEhOHwB2uK/K0wK5i1
CjpUKr67AAABADrBF0bulZy9MPZpxX4pC8R8tbv9lq6SFXopxyNy/ooC6+07dr6BC0IhrY0y93I/g1n0a2b/
eAXMP4bV1lvUJL1wZ37/Gs+bPM4CzUBGVg2kIDYgXG76sUhm
5qEGDfYli+4xz+dLbFm0b+Wan75k+YLsNqZp/1l/
t5pW4y7BWgZZPRfEByn1h8d0lZAXYrCAcCRWSy7nnG4dhnk1SHbMZiodPeHRLHnhAsCxDlycRCizrrkyeCbUzeU
YmpPq
Ux4P+CGZ7zXfA4l2RThDT/OZJPBb8XrIjjQJkbXqCmKpFe5j9mDAkjYMXS15avIw23Rh98Fbbbplye
+rJH2xPUlC4v8AAAEAVkz2m0fokxPL5DekN8U42SkvxBhh7W+pMLes
uDOBY9PIqfwcZqY23Oi7/eJGojmX0wYTOWi8t09Qn/LmeFNtAEaxHc4nLmvjxDuyjoTSA/
AAYJDYJ6HWZoScy3mzDCUtEMGuaL/6SRUuH5wf9hMfLZzmb6ETrf8S5RZWVyZv
3TKm3/FEAH7PNQYe8BYYG3SCfvgtqYQzRTZrDL6wLbCootdHydlhfz9CtIYH3gfhnjXoq/
X6HLQAFTexhBuoJ7nCtjC9c1HhJFicadQK2iY/AOOu8jCp0l6vOUH4cniOONh6
Mts9UiJNYnvZsjVJFzdkRsNpvcMBhK4/NneGPPMN+A== dsa-key
# Configure the generated DSA public key on the SSH server. The bold part in the
display command output indicates the generated DSA public key. Copy the key to
the SSH server.
[SSH Server] dsa peer-public-key dsakey001 encoding-type der
[SSH Server-dsa-public-key] public-key-code begin
[SSH Server-dsa-key-code]30820322
[SSH Server-dsa-key-code]02820100
[SSH Server-dsa-key-code]DEDEBA5C 8244DCB8 E696917C EFEBC0B3
E6FB60BE
[SSH Server-dsa-key-code]8B9E36D3 E4EB9CD6 EB7FD210 219AC0F4
1AD47BF1
[SSH Server-dsa-key-code]EACD435D 39AFA8FA CB6A7819 305EE147
E428912E
[SSH Server-dsa-key-code]60452B37 CA17D611 C2EE4C46 B4BC7726
54C26856
[SSH Server-dsa-key-code]A99ECFA5 D800367B 31A90522 F139496F
4182DBFD
[SSH Server-dsa-key-code]AAB59973 9AB02185 856A881F 9197368B
92DBF684
[SSH Server-dsa-key-code]9D1C746B A27E12F9 8A28E4B6 D0587D65
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 138
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
5979A750
[SSH Server-dsa-key-code]5413E91E FC961C3F 79209625 CFA8D7D4
69FA35A3
[SSH Server-dsa-key-code]9E37B614 047D535D CD63AF30 58B3A25B
79C714B6
[SSH Server-dsa-key-code]326B7DB6 067EBF15 3CC1A720 B0E1A7E3
9C13FEB3
[SSH Server-dsa-key-code]BA26E6B0 52DC5BFF EE7C5C52 148FE6C2
40738FBB
[SSH Server-dsa-key-code]8F05D416 B2B5DD72 E3629BB5 9244BF9F
A29C4FCD
[SSH Server-dsa-key-code]4EA0EE50 1FC6695D 03D68D51
9324E493
[SSH Server-dsa-key-code]0214
[SSH Server-dsa-key-code]C6C484E1 F0076B8A FCAD302B 98B50A3A
542ABEBB
[SSH Server-dsa-key-code]02820100
[SSH Server-dsa-key-code]3AC11746 EE959CBD 30F669C5 7E290BC4
7CB5BBFD
[SSH Server-dsa-key-code]96AE9215 7A29C723 72FE8A02 EBED3B76
BE810B42
[SSH Server-dsa-key-code]21AD8D32 F7723F83 59F46B66 FF7805CC
3F86D5D6
[SSH Server-dsa-key-code]5BD424BD 70677EFF 1ACF9B3C CE02CD40
46560DA4
[SSH Server-dsa-key-code]2036205C 6EFAB148 66E6A106 0DF6258B
EE31CFE7
[SSH Server-dsa-key-code]4B6C59B4 6FE59A9F BE64F982 EC36A669
FF597FB7
[SSH Server-dsa-key-code]9A56E32E C15A0659 3D17C407 29F587C7
74959017
[SSH Server-dsa-key-code]62B08070 24564B2E E79C6E1D 86793548
76CC662A
[SSH Server-dsa-key-code]1D3DE1D1 2C79E102 C0B10E5C 9C4428B3
AEB93278
[SSH Server-dsa-key-code]26D4CDE5 189A93EA 531E0FF8 2199EF35
DF038976
[SSH Server-dsa-key-code]4538434F F39924F0 5BF17AC8 8E340991
B5EA0A62
[SSH Server-dsa-key-code]A915EE63 F660C092 360C5D2D 796AF230
DB7461F7
[SSH Server-dsa-key-code]C15B6DBA 65C9EFAB 247DB13D
4942E2FF
[SSH Server-dsa-key-code]02820100
[SSH Server-dsa-key-code]D7C6399A 86F7B38C 85168EF8 692BD9B4
01AA7BCD
[SSH Server-dsa-key-code]98559075 98039259 0C54818C 650A95C7
0A5250EB
[SSH Server-dsa-key-code]12124E5B C4123350 C190CC8B 4FFFD418
7E8F113F
[SSH Server-dsa-key-code]6C36AB4B A56D2D1D 2C874C75 8400DAFE
4BABF957
[SSH Server-dsa-key-code]4EDC8E7C DF5934DB 3AD717E5 50B1096B
C0B46DE5
[SSH Server-dsa-key-code]3FB508FA CB76FF1C 42CF7082 7DDEEB47
5C5C4F64
[SSH Server-dsa-key-code]B1C8815C 496AC1E0 04C10EDD FE849B76
6DA15B48
[SSH Server-dsa-key-code]0C9CF0B1 10BDDC08 41A65C28 8E21ADC6
48A93DF6
[SSH Server-dsa-key-code]14552C1F 76A401AE E06E482D 6582052E
5B11A678
[SSH Server-dsa-key-code]A467B38A B77C1C55 D367E253 FFA44841
FC38A462
[SSH Server-dsa-key-code]B9AC24E6 DAD01628 F09ED629 58F666C1
1DEF7BD0
[SSH Server-dsa-key-code]634C3D13 D75F2614 8CB49AFC 498A5195
F443CA4D
[SSH Server-dsa-key-code]C02FF228 A90D7593 AE46C5D0 4B224FEE
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 139
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
[SSH Server-dsa-key-code] public-key-code end
[SSH Server-dsa-public-key] peer-public-key end
# On the SSH server, bind the DSA public key to client002.
[SSH Server] ssh user client002 assign dsa-key dsakey001
Step 4 Connect SFTP clients to the SSH server.
# Enable the first authentication function on the SSH clients upon the first login.
<Quidway> system-view
[Quidway] sysname client001
[client001] ssh client first-time enable //Enable the first authentication function on client001.
[client002] ssh client first-time enable //Enable the first authentication function on client002.
# Log in to the SSH server from client001 in password authentication mode.
[client001] sftp 10.1.1.1
Please input the username:client001
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
password:SSH_SERVER_CODE
Please select public key type for user authentication [R for RSA; D for DSA; Enter for Skip publickey
authentication; Ctrl_C for Cancel], Please select [R, D, Enter or
Ctrl_C]:D
Enter password:
sftp-client>
# Log in to the SSH server from client002 in DSA authentication mode.
[client002] sftp 10.1.1.1
Please input the username:client002
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
password:SSH_SERVER_CODE
Please select public key type for user authentication [R for RSA; D for DSA; Enter for Skip publickey
authentication; Ctrl_C for Cancel], Please select [R, D, Enter or
Ctrl_C]:D
sftp-client>
Step 5 Verify the configuration.
Run the display ssh server status command on the SSH server to check whether
the SFTP service is enabled. Run the display ssh user-information command to
check information about SSH users on the server.
# Check the status of the SSH server.
[SSH Server] display ssh server status
SSH version :1.99
SSH connection timeout :60 seconds
SSH server key generating interval :0 hours
SSH authentication retries :3 times
SFTP server :Enable
Stelnet server :Disable
Scp server :Disable
SSH server source :0.0.0.0
ACL4 number :0
ACL6 number :0
# Check information about SSH users.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 140
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
[SSH Server] display ssh user-information
User 1:
User Name : client001
Authentication-type : password
User-public-key-name : -
User-public-key-type : -
Sftp-directory : flash:
Service-type : sftp
Authorization-cmd : No
User 2:
User Name : client002
Authentication-type : dsa
User-public-key-name : dsakey001
User-public-key-type : dsa
Sftp-directory : flash:
Service-type : sftp
Authorization-cmd : No
----End
Configuration Files
● SSH server configuration file
#
sysname SSH Server
#
dsa peer-public-key dsakey001 encoding-type der
public-key-code begin
30820322
02820100
DEDEBA5C 8244DCB8 E696917C EFEBC0B3
E6FB60BE
8B9E36D3 E4EB9CD6 EB7FD210 219AC0F4
1AD47BF1
EACD435D 39AFA8FA CB6A7819 305EE147
E428912E
60452B37 CA17D611 C2EE4C46 B4BC7726
54C26856
A99ECFA5 D800367B 31A90522 F139496F
4182DBFD
AAB59973 9AB02185 856A881F 9197368B
92DBF684
9D1C746B A27E12F9 8A28E4B6 D0587D65
5979A750
5413E91E FC961C3F 79209625 CFA8D7D4
69FA35A3
9E37B614 047D535D CD63AF30 58B3A25B
79C714B6
326B7DB6 067EBF15 3CC1A720 B0E1A7E3
9C13FEB3
BA26E6B0 52DC5BFF EE7C5C52 148FE6C2
40738FBB
8F05D416 B2B5DD72 E3629BB5 9244BF9F
A29C4FCD
4EA0EE50 1FC6695D 03D68D51
9324E493
0214
C6C484E1 F0076B8A FCAD302B 98B50A3A
542ABEBB
02820100
3AC11746 EE959CBD 30F669C5 7E290BC4
7CB5BBFD
96AE9215 7A29C723 72FE8A02 EBED3B76
BE810B42
21AD8D32 F7723F83 59F46B66 FF7805CC
3F86D5D6
5BD424BD 70677EFF 1ACF9B3C CE02CD40
46560DA4
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 141
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
2036205C 6EFAB148 66E6A106 0DF6258B
EE31CFE7
4B6C59B4 6FE59A9F BE64F982 EC36A669
FF597FB7
9A56E32E C15A0659 3D17C407 29F587C7
74959017
62B08070 24564B2E E79C6E1D 86793548
76CC662A
1D3DE1D1 2C79E102 C0B10E5C 9C4428B3
AEB93278
26D4CDE5 189A93EA 531E0FF8 2199EF35
DF038976
4538434F F39924F0 5BF17AC8 8E340991
B5EA0A62
A915EE63 F660C092 360C5D2D 796AF230
DB7461F7
C15B6DBA 65C9EFAB 247DB13D
4942E2FF
02820100
D7C6399A 86F7B38C 85168EF8 692BD9B4
01AA7BCD
98559075 98039259 0C54818C 650A95C7
0A5250EB
12124E5B C4123350 C190CC8B 4FFFD418
7E8F113F
6C36AB4B A56D2D1D 2C874C75 8400DAFE
4BABF957
4EDC8E7C DF5934DB 3AD717E5 50B1096B
C0B46DE5
3FB508FA CB76FF1C 42CF7082 7DDEEB47
5C5C4F64
B1C8815C 496AC1E0 04C10EDD FE849B76
6DA15B48
0C9CF0B1 10BDDC08 41A65C28 8E21ADC6
48A93DF6
14552C1F 76A401AE E06E482D 6582052E
5B11A678
A467B38A B77C1C55 D367E253 FFA44841
FC38A462
B9AC24E6 DAD01628 F09ED629 58F666C1
1DEF7BD0
634C3D13 D75F2614 8CB49AFC 498A5195
F443CA4D
C02FF228 A90D7593 AE46C5D0 4B224FEE
public-key-code end
peer-public-key end
#
aaa
local-user client001 password irreversible-cipher %^%#-=9Z)M,-aL$_U%#$W^1T-\}Fqpe$E<#H
$J<6@KTSL/J'\}I-%^%#
local-user client001 privilege level 3
local-user client001 service-type ssh
#
sftp server enable
ssh user client001
ssh user client001 authentication-type password
ssh user client001 service-type sftp
ssh user client001 sftp-directory flash:
ssh user client002
ssh user client002 authentication-type dsa
ssh user client002 assign dsa-key dsakey001
ssh user client002 service-type sftp
ssh user client002 sftp-directory flash:
#
user-interface vty 0 4
authentication-mode aaa
user privilege level 3
#
return
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 142
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
● client001 configuration file
#
sysname client001
#
ssh client first-time enable
#
return
● client002 configuration file
#
sysname client002
#
ssh client first-time enable
#
return
3.3 Example for Upgrading a New Device
Preparations for the Upgrade
1. Prepare the upgrade tools, including the operation terminal PC, Ethernet
cable, and serial cable.
2. Obtaining the Target System Software
– Enterprise users: Log in to https://support.huawei.com/e, enter the
switch model in the search box, and click the path that is automatically
displayed below the search box to enter the product page. On the page
that is displayed, click Software Download and select the version. On the
Version and Patch tab page, obtain the system software (.cc) required
for the upgrade.
– Carrier users: Log in to https://support.huawei.com, enter the switch
model in the search box, and click the path that is automatically
displayed below the search box to enter the product page. On the page
that is displayed, click Software, select a version in the VxxxRxxxCxx or
VxxxRxxxCxxSPCxxx format, go to the corresponding version path, and
obtain the system software (.cc) required for the upgrade.
3. Obtaining the Patch File of the Target System Software
– Enterprise users: Log in to https://support.huawei.com/e, enter the
switch model in the search box, and click the path that is automatically
displayed below the search box to enter the product page. On the page
that is displayed, click Software Download, select a version, and click the
path under the Public Patch in V and R Version tab to obtain the patch
file (.pat) required for the upgrade.
– Carrier users: Log in to https://support.huawei.com, enter the switch
model in the search box, and click the path that is automatically
displayed below the search box to enter the product page. On the page
that is displayed, click Software, select a version in VxxxRxxxSPHxxx
format, go to the corresponding version path, and obtain the patch file
(.pat) required for the upgrade.
4. Enable the FTP server function on the PC.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 143
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
NOTE
● Most laptops do not provide COM ports and can only be connected to devices
through USB ports. In this case, you need to purchase a USB-serial cable, directly
connect the COM female connector to the COM male connector of the console
communication cable delivered with the device, and connect the USB port of the
device to that of the PC. Then install the driver delivered with the USB-serial cable
on the PC or download a USB-to-RS232 driver from the Internet.
Establishing the Upgrade Environment in FTP Mode
1. Connect the switch to the PC using a console communication cable and
Ethernet cable to establish the networking. As shown in Figure 3-24, connect
the console communication cable to the console port of the switch and
connect the Ethernet cable to any Ethernet port. (GigabitEthernet 0/0/1 is
used as an example here.)
Figure 3-24 Networking diagram for upgrading a new device
2. Start the terminal emulation software on your PC, create a connection, select
the connected COM port, and set communication parameters. Communication
parameter settings on the terminal emulation software must be the same as
the default settings on the switch, which are: 9600 bit/s baud rate, 8 data bits,
1 stop bit, no parity check, and no flow control.
3. Enter the user name and password.
The default username and password are available in S Series Switches Default
Usernames and Passwords (Enterprise Network or Carrier). If you have not
obtained the access permission of the document, see Help on the website to
find out how to obtain it.
4. Configure a management IP address for the switch to make the switch and PC
reside on the same network segment, so that the switch and PC can ping
each other.
<HUAWEI> system-view
[HUAWEI] interface vlanif 1
[HUAWEI-vlanif1] ip address 10.10.1.1 24 //10.10.1.1/24 is the IP address configured for the
VLANIF interface. You can configure the interface IP address based on the actual situation. Ensure
that the interface IP address is on the same network segment as the PC.
[HUAWEI-vlanif1] quit
Version Upgrade Operations
1. Configure the switch as an FTP client to transmit files between the FTP server
and the PC.
<HUAWEI> ftp 10.10.1.2 //10.10.1.2 is the IP address of the terminal PC.
[ftp] get S5320-HI-V200R010C00SPC600.cc //Load the system software to the switch. S5320-HI-
V200R010C00SPC600.cc is the file name of the system software.
[ftp] get S5320-HI-V200R010SPH013.pat //Load the patch file to the switch. S5320-HI-
V200R010SPH013.pat is the file name of the system patch.
2. Check whether the system software and patch file are successfully loaded.
<HUAWEI> dir flash: //Check whether the size of the loaded file is the same as that of the file on
the PC. If not, delete the file and load it again.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 144
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
Directory of flash:/
Idx Attr Size(Byte) Date Time FileName
0 -rw- 106,395,444 Jul 22 2017 23:44:18 S5320-HI-V200R010C00SPC600.cc
1 -rw- 84210 Jun 28 2017 05:16:29 S5320-HI-V200R010SPH013.pat
2 drw- - Jan 01 2017 00:00:44 dhcp
3 drw- - Dec 03 2013 09:22:27 user
4 -rw- 13,432 Jan 01 2017 00:00:45 default_ca.cer
3. Specify the system software and patch for next startup of the switch.
<HUAWEI> startup system-software S5320-HI-V200R010C00SPC600.cc //Set the system software
for next startup.
<HUAWEI> startup patch S5320-HI-V200R010SPH013.pat //Set the patch for next startup.
NOTE
If the switch is a modular switch with two MPUs, run the following command in the user
view to set the system software and patch to be used by the standby MPU.
● copy S5320-HI-V200R010C00SPC600.cc slave#flash:
● startup system-software S5320-HI-V200R010C00SPC600.cc slave-board
● startup patch S5320-HI-V200R010SPH013.pat slave-board
4. Check the configuration for next startup.
<HUAWEI> display startup
MainBoard:
Configured startup system software: flash:/defaultdevicesoft.cc
Startup system software: flash:/defaultdevicesoft.cc
Next startup system software: flash:/S5320-HI-V200R010C00SPC600.cc
Startup saved-configuration file: flash:/vrpcfg.zip
Next startup saved-configuration file: flash:/vrpcfg.zip
Startup paf file: default
Next startup paf file: default
Startup license file: default
Next startup license file: default
Startup patch package: flash:/patch.pat
Next startup patch package: flash:/S5320-HI-V200R010SPH013.pat
5. Restart the switch.
<HUAWEI> reboot fast
Info: If want to reboot with saving diagnostic information, input 'N' and then e
xecute 'reboot save diagnostic-information'.
System will reboot! Continue?[Y/N]: y
NOTE
If the system software of the switch is damaged and you cannot restart the switch, you can use
the BootLoad program to modify the system software, configuration files, and patch files, and
configure the switch to start with the specified files. This implements the system software
restoration and rollback of the switch. For detailed operations, see Configuration Guide - Basic
Configuration Guide - BootLoad Menu Operation.
Verifying the Upgrade
After the switch is restarted, check whether the upgrade succeeds following Table
3-5.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 145
Sx300 Series Switches
Typical Configuration Examples 3 Typical Basic Configuration
Table 3-5 Upgrade verification table
No. Item Check Criteria
1 Check the system software. Run the display startup
command to check whether the
running system software
(displayed in the Configured
startup system software field) is
the target version.
Run the display patch-
information command to check
whether the patch package
name and patch package version
are of the patch package to be
loaded and check whether the
patch package state is Running.
Run the check version
command to check whether the
software to be upgraded is
displayed in the output. If the
command output is not empty,
run the upgrade all command
to upgrade the software.
2 Check the running status of the Run the display device
switch. command to check whether all
components of the switch are
present (displayed in the Online
field), and the registration status
(displayed in the Register field)
and running status (displayed in
the Status field) of the
components.
Issue 38 (2023-11-30) Copyright © Huawei Technologies Co., Ltd. 146
You might also like
- 6.5.1.1 Lab - Securing Layer 2 Switches - Instructor0% (1)6.5.1.1 Lab - Securing Layer 2 Switches - Instructor45 pages
- Cisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3From EverandCisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #34.5/5 (2)
- 28-Port 10/100/1000Mbps + 4-Port Shared SFP Managed Gigabit SwitchNo ratings yet28-Port 10/100/1000Mbps + 4-Port Shared SFP Managed Gigabit Switch16 pages
- 2.3.3.4 Lab - Configuring A Switch Management Address - ILMNo ratings yet2.3.3.4 Lab - Configuring A Switch Management Address - ILM10 pages
- Network Proximity Access Control System 701 Server User ManualNo ratings yetNetwork Proximity Access Control System 701 Server User Manual35 pages
- 6.3.1.1 Lab - Securing Layer 2 SwitchesNo ratings yet6.3.1.1 Lab - Securing Layer 2 Switches22 pages
- Lab - Establishing A Console Session With Tera TermNo ratings yetLab - Establishing A Console Session With Tera Term5 pages
- 4-5-1 - Lab - Connect Laptop or Computer To Console PortNo ratings yet4-5-1 - Lab - Connect Laptop or Computer To Console Port12 pages
- 2.3.3.4 Lab - Configuring A Switch Management Address0% (1)2.3.3.4 Lab - Configuring A Switch Management Address8 pages
- Lab2 - Configuring A Switch Management Address: TopologyNo ratings yetLab2 - Configuring A Switch Management Address: Topology8 pages
- 6.3.1.1 Lab - Securing Layer 2 SwitchesNo ratings yet6.3.1.1 Lab - Securing Layer 2 Switches18 pages
- 6.3.1.1 Lab - Securing Layer 2 Switches PDF0% (2)6.3.1.1 Lab - Securing Layer 2 Switches PDF23 pages
- Lab 2 Configuring Basic Routing and Switching PDFNo ratings yetLab 2 Configuring Basic Routing and Switching PDF11 pages
- Topic 7D. Lab - Basic Configuration of A CISCO SwitchNo ratings yetTopic 7D. Lab - Basic Configuration of A CISCO Switch5 pages
- 6.3.1.1 Lab - Securing Layer 2 Switches_InstructorNo ratings yet6.3.1.1 Lab - Securing Layer 2 Switches_Instructor39 pages
- Network Proximity Access Control System 701 Server User ManualNo ratings yetNetwork Proximity Access Control System 701 Server User Manual33 pages
- 2.3.3.5 Lab - Configuring A Switch Management Address NewportNo ratings yet2.3.3.5 Lab - Configuring A Switch Management Address Newport4 pages
- 2.3.3.5 Lab - Configuring A Switch Management Address33% (3)2.3.3.5 Lab - Configuring A Switch Management Address8 pages
- Migrating To H3C Lab Guide Lab01 Basic Config v2.8No ratings yetMigrating To H3C Lab Guide Lab01 Basic Config v2.832 pages
- Lab 9 - RSS100 - Securing Layer 2 SwitchesNo ratings yetLab 9 - RSS100 - Securing Layer 2 Switches38 pages
- Basic Cisco Router - Switch Configuration StepsNo ratings yetBasic Cisco Router - Switch Configuration Steps6 pages
- CCNASv1 1 Chp08 Lab B RMT Acc VPN Instructor PDFNo ratings yetCCNASv1 1 Chp08 Lab B RMT Acc VPN Instructor PDF33 pages
- Lab4-4.1.4.6 - Configuring Basic Router Settings0% (2)Lab4-4.1.4.6 - Configuring Basic Router Settings19 pages
- ITNE2005R Lab Tutorial 2 Administrative Access - Task 2No ratings yetITNE2005R Lab Tutorial 2 Administrative Access - Task 212 pages
- How To Configure Cisco Switches - A Step by Step Guide - ComparitechNo ratings yetHow To Configure Cisco Switches - A Step by Step Guide - Comparitech12 pages
- Network with Practical Labs Configuration: Step by Step configuration of Router and Switch configurationFrom EverandNetwork with Practical Labs Configuration: Step by Step configuration of Router and Switch configurationNo ratings yet
- WAN TECHNOLOGY FRAME-RELAY: An Expert's Handbook of Navigating Frame Relay NetworksFrom EverandWAN TECHNOLOGY FRAME-RELAY: An Expert's Handbook of Navigating Frame Relay NetworksNo ratings yet
- CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting NetworkFrom EverandCISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting NetworkNo ratings yet
- Exchange Management Shell Commands For BeginnersNo ratings yetExchange Management Shell Commands For Beginners6 pages
- Sample PDF of STD 12 Science Information Technology Sample Content 4339No ratings yetSample PDF of STD 12 Science Information Technology Sample Content 433923 pages
- Cs Artificial Intelligence, Data AnalyticsNo ratings yetCs Artificial Intelligence, Data Analytics446 pages
- Asia Pacific College The School of Management: ITTOOLS: Reflection Paper SGV Cyber Roadshow: Cracking The Code To SuccessNo ratings yetAsia Pacific College The School of Management: ITTOOLS: Reflection Paper SGV Cyber Roadshow: Cracking The Code To Success3 pages
- Using Cumulus-Direct URLs For "Always Fresh" Web DownloadsNo ratings yetUsing Cumulus-Direct URLs For "Always Fresh" Web Downloads7 pages
- Sophos-Email-Feature-Comparison-Matrix-EnNo ratings yetSophos-Email-Feature-Comparison-Matrix-En1 page
- Novell GroupWise, Create A Rule With Expiration DateNo ratings yetNovell GroupWise, Create A Rule With Expiration Date4 pages
- How To Use and Configure The New Functionality in IIS Application Request Routing v. 2.0No ratings yetHow To Use and Configure The New Functionality in IIS Application Request Routing v. 2.013 pages
- WINSEM2023-24 BCSE309L TH CH2023240501453 Model Question Paper WINSEM2023-24 BCSE309L TH CH2023240501437 Model Question Paper Sample QPNo ratings yetWINSEM2023-24 BCSE309L TH CH2023240501453 Model Question Paper WINSEM2023-24 BCSE309L TH CH2023240501437 Model Question Paper Sample QP1 page
