Configuration Example of the RADIUS Authentication

The MA5600 is interconnected with the RADIUS server through the RADIUS protocol to implement authentication.

Configure the authentication scheme.

Configure authentication scheme newscheme (users are authenticated through RADIUS).

huawei(config)#aaa

huawei(config-aaa)#authentication-scheme newscheme

huawei(config-aaa-authen-newscheme)#authentication-mode radius

huawei(config-aaa-authen-newscheme)#quit

huawei(config-aaa)#quit

Configure the RADIUS protocol.

Create RADIUS server template template1. RADIUS server 10.10.66.66 functions as the primary authentication server, and RADIUS server 10.10.66.67 functions as the secondary authentication.

huawei(config)#radius-server template template1

 Note: Create a new server template

huawei(config-radius-template1)#radius-server authentication 10.10.66.66 1812

huawei(config-radius-template1)#radius-server authentication 10.10.66.67 1812 secondary

huawei(config-radius-template1)#quit

Create a domain.

Create domain isp1.

huawei(config)#aaa

huawei(config-aaa)#domain isp1

  Info: Create a new domain 

Reference the authentication scheme.

You can reference an authentication scheme in a domain only after the authentication scheme is created.

huawei(config-aaa-domain-isp1)#authentication-scheme newscheme

Reference the RADIUS server template.

You can reference a RADIUS server template in a domain only after the RADIUS server template is created.

huawei(config-aaa-domain-isp1)#radius-server template1

huawei(config-aaa-domain-isp1)#quit

Result

User1 in isp1 can be authenticated and can log in to the MA5600T

Configuring DOCSIS Event Reporting

DOCSIS 3.0 defines various DOCSIS events, such as authentication failure and CM certificate error events. Configuring DOCSIS event reporting helps you obtain MA5600T/MA5600 /MA5608T and CM running status.

The following configurations are used as an example to configure the CM management feature:

Priority of DOCSIS events: alert

Mode of reporting DOCSIS events to the U2000: trap

Mode of reporting DOCSIS events to the log host: syslog

IP address of the U2000: 10.10.10.10

IP address of the log host: 10.10.20.10

huawei(config)#cable event alert report trap

huawei(config)#snmp-agent target-host trap-hostname huawei address 10.10.10.10 trap-paramsname docsis

huawei(config)#cable event alert report syslog

huawei(config)#cable event loghost ip 10.10.20.10

Configure the SHDSL service.

The MA5600T/MA5683T/MA5608T supports the SHDSL service of multiple encapsulation modes, such as IPoA, PPPoA, IPoE, and PPPoE. This topic uses the PPPoE mode as an example to describe how to configure the SHDSL service. For other encapsulation modes, see "Example: Configuring the xDSL Internet Access Service."

Configure the SHDSL line profile.

To configure the SHDSL line profile, run the shdsl line-profile add or shdsl line-profile quickadd command.

huawei(config)#shdsl line-profile quickadd 10 line two-wire rate 2048 2048 psd

symmetric transmission Annex-A remote disable probe disable snr-margin ds-curr 10 ds-worst

 10 us-curr 10 us-worst 10 bitmap 0x03

Configure the SHDSL alarm profile.

To configure the SHDSL alarm profile, run the shdsl alarm-profile add command.

In this example, the default profile (profile 1) is used.

Configure the SHDSL traffic profile.

To configure the SHDSL traffic profile, run the traffic table ip command.

In this example, the default profile (profile 1) is used.

Activate the SHDSL port.

huawei(config)#interface shl 0/5

huawei(config-if-shl-0/5)#deactivate all

huawei(config-if-shl-0/5)#alarm-config all 1

huawei(config-if-shl-0/5)#activate all 10

huawei(config-if-shl-0/5)#quit

Configure the upstream port.

The SHDSL users of MA5600T/MA5603T/MA5608T-2 use the PPPoE authentication. In this case, the smart VLAN is used to identify the users.

huawei(config)#vlan 3020 smart

huawei(config)#port vlan 3020 0/19 0-1

Add the service port.

Ports 0-15 of the SHDSL board in 0/5 provide the SHDSL services.

To add service ports in batches, run the multi-service-port command.

huawei(config)#multi-service-port vlan 3020 port 0/5 0-15 vpi 0 vci 35

rx-cttr 6 tx-cttr 6

Configure the SHDSL service.

The MA5600 supports the SHDSL Internet access service in multiple encapsulation modes, such as IPoA, PPPoA, IPoE, and PPPoE.

Configure the SHDSL line profile.

To configure the SHDSL line profile, run the shdsl line-profile add or shdsl line-profile quickadd command.

huawei(config)#shdsl line-profile quickadd 10 line two-wire rate 2048 2048 psd symmetric transmission Annex-A remote disable probe disable snr-margin ds-curr 10 ds-worst 10 us-curr 10 us-worst 10 bitmap 0x03

Configure the SHDSL alarm profile.

To configure the SHDSL alarm profile, run the shdsl alarm-profile add command.

In this example, the default profile (profile 1) is used.

Configure the SHDSL traffic profile.

To configure the SHDSL traffic profile, run the traffic table command.

In this example, the default profile (profile 1) is used.

Activate the SHDSL port.

huawei(config)#interface shdsl 0/5

huawei(config-if-shdsl-0/5)#deactivate all

huawei(config-if-shdsl-0/5)#alarm-config all 1

huawei(config-if-shdsl-0/5)#activate all profile-index 10

huawei(config-if-shdsl-0/5)#quit

Configure the upstream port.

The SHDSL users of MA5600-2 use the PPPoE authentication. In this case, the smart VLAN is used to identify the users.

huawei(config)#vlan 1300 smart

huawei(config)#port vlan 1300 0/7 0-1

Add the service port.

Ports 0-30 of the SHDSL board in slot 0/5 provide the SHDSL services. To add service ports in batches, run the multi-service-port command.

huawei(config MA5600T )#multi-service-port vlan 1300 port 0/5 0-31 vpi 0 vci 35 rx-cttr 6 tx-cttr 6

Configuring the Attributes of an Uplink GPON Port

How to query the statistics for a port, set the working mode of an optical module, and set the alarm thresholds for the receive optical power of the optical module through an uplink Huawei GPON   port.

When dual GPON ports are used for upstream transmission, only 0/0/2 port can be set. After the setting, the parameters of port 0/0/2 are the same as those of port 0/0/1.

To set the password for registering with an OLT through a GPON port, set the lower limit for the receive optical power of an optical module to 5 dBm and the upper limit for the receive optical power to 50 dBm, set the working mode of the optical module of the uplink PON port to auto, run the following command:
huawei(config-if-gponnni-0/0/1)#password
{ passwordvalue<S><Length 1-10> }:huawei

  Command:
          password huawei
huawei(config-if-gponnni-0/0/1)#optical-module threshold rx-power lower-limit 5 upper-limit 50
{ <cr>|bias<K>|temperature<K>|tx-power<K>|voltage<K> }:

  Command:
          optical-module threshold rx-power lower-limit 5 upper-limit 50
huawei(config  MA5600T -if-gponnni-0/0/1)#laser auto

Configuring Local Management (Through a Serial Port)

This topic describes how to connect the maintenance terminal to the MA5620/MA5626 through a local serial port, log in to the MA5620/MA5680T, and then manage the MA5620/MA5626 from the maintenance terminal.

Connect the serial port cable.
Use a standard RS-232 serial port cable to connect the serial port of the PC to the CONSOLE port (maintenance serial port) on the control board of the MA5620/MA5626, as shown in Figure 1.
Start the HyperTerminal.
Set up a connection.
Choose Start > Programs > Accessories > Communications > HyperTerminal on the PC. The Connection Description dialog box is displayed. Enter the connection name, as shown in Figure 3, and click OK.
Figure 3 Setting up a connection
Set the serial port.
On the PC that is connected to the MA5620/MA5626, select the number of the PC terminal serial port. You can select "COM1" or "COM2". In this example, "COM2" is selected, as shown in Figure 4. Click OK.
Figure 4 Selecting the serial port ID
Set the communication parameters of the HyperTerminal.
Set the parameters in the COM2 Properties dialog box, as shown in Figure 5. The parameters are as follows:
Baud rate: 9600 bit/s
Data bit: 8
Parity: None
Stop bit: 1
Flow control: None

NOTE:
The baud rate of the HyperTerminal must be the same as that of the serial port on the MA5620/MA5626. By default, the baud rate of the serial port on the MA5620/MA5626 is 9600 bit/s.
There may be illegible characters in the displayed input information after you log in to the system. This is because the baud rates between the HyperTerminal and the MA5620/MA5626 are not the same. In this case, set a different baud rate to log in to the system. The system supports the baud rates of 9600 bit/s, 19200 bit/s, 38400 bit/s, 57600 bit/s, and 115200 bit/s.

Configuring the Ethernet OAM

How to configure the Ethernet OAM on the MA5612

Create a VLAN.
The VLAN ID is 100, and the VLAN is a smart VLAN.
huawei(config)#vlan 100 smart
Add an upstream port to the VLAN.
Add port 0/7 to VLAN 100.
huawei(config)#port vlan 100 0/7 0
(Optional) Set the native VLAN of the port.
This step is to set the packets of the upstream Ethernet port to or not to carry the VLAN tag. Whether the native VLAN needs to be set for the upstream port depends on whether the upper-layer device connected to the upstream port supports packets carrying a VLAN tag. The setting on the MA5600 must be the same as that on the upper-layer device. In this example, the Ethernet packets are of the untagged type.
huawei(config)#interface scu 0/7
huawei(config-if-scu-0/7)#native-vlan 0 100
huawei(config-if-scu-0/7)#quit
Configure an MD.
MDs with the same index or level cannot be created.
The name format and the name of an MD must be unique.
The total length of the names of an MD and its MAs cannot be longer than 44 characters.
huawei(config)#cfm md 2 name-format string huawei level 3
Configure an MA.
The system supports up to 4096 MAs and each MD can be configured with up to 48 MAs. That is, if an MD is configured with 4096 MAs, the other MDs in the system cannot be configured with any MA. An MA of a non-existing MD cannot be created. An existing MA cannot be created again.
The total length of the names of an MD and its MAs cannot be longer than 44 characters.
huawei(config)#cfm ma 2/6 name-format string huawei-6 vlan 100
Configure an MEP.
MEP refers to the maintenance association end points. Ethernet OAM is used to test the link connectivity by using the MEPs at the two ends of a maintenance channel.
By default, the MEP management function is enabled, the priority of sending CFM packets is 7, and the function of sending CC packets is enabled.
huawei(config)#cfm mep 2/6/0 mepid 260 direction outward port
0/7/0 priority 7
Configure an RMEP.
By default, the detection function of the RMEP is disabled.
huawei(config)#cfm remote-mep-detect enable
(Optional) Set the interval for the MA to transmit CCMs. By default, the interval is one minute.
huawei(config)#cfm ma 2/6 cc-interval 10m
Enable the local CFM globally. By default, the local CFM is disabled globally.
huawei(config)#cfm enable
Enable the detection function of the remote MEP detection globally. By default, the remote MEP detection is disabled globally.
huawei(config)#cfm remote-mep-detect enable
Save the data.
huawei(config)#save

 NOTE:
Configuration on Huawei MA5600 B is the same as that on MA5600_A and it is not repeated here.