Got it
Huawei Enterprise Support Community
Community Forums Access Network
HUAWEIs Access Network GP...

HUAWEIs Access Network GPON OLT Management Environment Configuration

Latest reply: Mar 25, 2020 08:31:43 523 1 2 0 0
View the author 1#

Hi everyone

Today we finish the theme with this post, concluding with the 4 of 4


GPON OLT BASIC OPERATIONS

Management  Environment Configuration

 

Overview of the Management and Maintenance Environment

·        Management interface configuration

§  Out-band management channel

ü IP address of the ETH maintenance network port on the control board

 

§  In-band management channel

ü IP address of the GE/10GE upstream port on a service board

in band management


 

 

Overview of the Management and Maintenance Environment

overview


 

·        In out-band management mode, non-service channels are used to transmit management information so that management channels are separated from service channels. The out-band management mode provides more reliable device management channels than the in-band management mode. When an MA5680T is faulty, the device information can be quickly located and monitored in real time.

 

·        The MA5680T is connected to a LAN through a straight-through cable. The IP address of the maintenance network port of the MA5680T must be in the same network segment as the IP address of the operation console. Note: You can directly connect the network port of the operation console to the maintenance network port of the MA5680T control board for out-band management using a crossover cable.

 

Out-band Configuration Process

outband


Out-band Management Procedure

·        interface meth

§  This command is used to enter Meth mode from global config mode. Run this command when you need to configure the parameters such as the IP protocol, firewall, and duplex status of the maintenance network port.

 

·        iproute-static

§  The iproute-static command is used to configure a static unicast route. If the network structure is simple, you only need to configure static routes to ensure the normal operation of the network. After static routes are created, network devices can communicate with each other at Layer 3.

§  The undo iproute-static command is used to delete a static unicast route. If a fault occurs on the network or the topology changes, the static routes do not change automatically, and you need to run this command to delete the static routes.

 

·        iproute-static user guide

If the destination IP address and mask are both 0.0.0.0, the configured route is the default route. If the route matching fails, the default route is used for packet forwarding.

 

§  Different priorities can be configured to implement different routing management policies. For example, if multiple routes are configured for the same destination with the same priority, route load balancing is implemented. If different priorities are specified, route backup is implemented.

 

§  When configuring a static route, you can specify the transmission interface or next hop address as required. For an interface or point-to-point interface that supports the resolution from the network address to the link layer address, you can specify the transmission interface or the next hop address.

 

§  In some cases, for example, when the link layer is encapsulated by PPP, even if the peer address is not known, the outbound interface can be specified when the router is configured. In this way, even if the peer address changes, the configuration of the router does not need to be changed.

 

§  A maximum of 1000 static routes can be configured on the public network

 

Example of In-band Network Port Maintenance

example of inband


·        In in-band management mode, management interaction messages are transmitted through a service channel of a device, the networking is flexible, and no additional device is required. This saves the cost but makes maintenance inconvenient.



In-band Management Configuration Process

in band management


 

 

In-band Management Procedure

in band management procedure


 

·        Standard VLAN: One Standard VLAN contains only multiple upstream ports. Ethernet ports in a VLAN can communicate with each other, and Ethernet ports in different VLANs are isolated from each other.

 

·        The interface vlanif command is used to create a VLAN interface in global config mode and enter the VLAN interface mode. When you need to configure the virtual L3 interface in VLANIF mode, run this command.

§  In VLANIF mode, you can configure the DHCP command group, firewall, IP command group, MPLS command group, DHCP server group, and ARP command group of a VLAN interface.

 

§  You can create a VLAN interface or enter the corresponding VLAN interface mode only after the VLAN is created.

 

§  The system supports a maximum of 32 VLAN L3 interfaces.

 

·        VLANs in the system must be unique. An existing VLAN cannot be created again.

 

·        Before deleting a VLAN, you need to delete the L3 interfaces, upstream ports, and service ports of the VLAN. If the MPLS function is enabled in the VLAN, you must disable the MPLS function before deleting the VLAN.

 

§  Run the undo port vlan command to delete upstream ports.

§  Run the undo service-port vlan command to delete service ports.

§  Run the undo interface vlanif command to delete L3 interfaces.

§  Run the undo mpls command to disable the MPLS function.

 

·        The system supports a maximum of 4000 VLANs. The default VLAN ID is 1 and cannot be created or deleted.

 

 

Querying Related Configurations

querying



·        Functions of the display ip interface command

§  This command is used to query the IP configuration and statistics of an interface. Run this command when you need to query the number of packets, bytes, and multicast packets received and sent by an interface, and the number of broadcast packets received, sent, forwarded, and discarded by the interface.

 

checkout


 

 

Device Management Security

·        How to prevent unauthorized users from logging in to the device?

§  Enable Firewall

§   

§  Set an access control list  (ACL)

ü Set the forwarding forwarding policy based on the source and destination address in IP packets.

 

·        Configure the access mode and access networks segment

 

 

·        There are multiple methods to prevent unauthorized users from logging in to the device. For example, you can set an access control list or configure the access mode and network segment. You can also enable multiple modes at the same time.

 

·        Configure the system firewall to control the packets that access the management interface of the device to prevent unauthorized users from accessing the system in in-band or out-band mode.

 

 

Configuring a Security Policy

confiring


 

·        Wildcard mask: 0 indicates strict matching, and 1 indicates random matching. In the permitipsource10.10.21.0 0.0.0.255example, terminals whose IP addresses are in the 10.10.21.0–255 range can access the system.

 

 

Applying a Security Policy

applying


Configuring the Telnet Security Policy

telnet


·        Functions of the sysman ip-access command

§  This parameter specifies the IP address segment that is allowed to access the device over a specified protocol. Run this command when you need to set a firewall for users who access the device to prevent unauthorized users from logging in to the device. After the configuration succeeds, the users who do not meet the address and access protocol requirements will be denied access to the device.



Well, so here we end the theme. Sooon I will post about the FTTx Terminal Gpon and Maintenance.

Remember to share, comment and click on useful


#HuaweiEnterprise

#OneHuawei


OLT COMMANDSOLT MAINTENANCEOLT CONFIGURATION

Like (2) Dislike (0) Favorite(0) Share Report
Previous: OLT Data Back Up
Next: Port Mapping
(0) (0)
2#
Chenxintao
Admin Created Mar 25, 2020 08:31:43

HUAWEIs Access Network GPON OLT Management Environment Configuration-3251694-1
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.