Scribd
Upload
42 views25 pages

Commands I Used in The CLI

The document lists commands used in the CLI for various networking protocols and technologies including OSPF, VLAN, VTY, STP, link aggregation, VRRP, ACL, IS-IS, VPN, MPLS, and MPLS L2VPN. It provides over 100 commands organized by topic to configure and display information for each protocol and technology.

Uploaded by

sarkar salam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
42 views25 pages

Commands I Used in The CLI

The document lists commands used in the CLI for various networking protocols and technologies including OSPF, VLAN, VTY, STP, link aggregation, VRRP, ACL, IS-IS, VPN, MPLS, and MPLS L2VPN. It provides over 100 commands organized by topic to configure and display information for each protocol and technology.

Uploaded by

sarkar salam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 25

Document Title Security Level

Commands I used in CLI


1. Display version
2. System-view
3. Display ip routing-table
4. Ip route static
5. Compare configuration
6. Save
7. Reset saved-config
8. Startup saved-configuration
9. Save test.cfg
10. Startup saved-configuration test.cfg
11. Display startup
12. Reset saved-configuration
13. Reboot
14. Undo portswitch
15. Language-mode {English | chineese}
16. Clock datetime
17. Clock timezone
18. Clock summer-time
19. Display clock
20. Display version
21. Display cpu-usage
22. Router id
23. Display system mac-address
24. Hotkey
25. Clock time-zone
26. Clock datetime
27. Clock daylight-saving-time
28. Command-privilige level [level] view [view name]
29. Display saved configuration
30. Reset saved-configuration
31. Startup saved-configuration
32. Reboot
33. Display configuration candidate

OSPF :
1. ospf
2. Area [number]
3. Network [network address] [wildcard mask]
4. Display ospf [process id] routing

2024-05-18 Huawei Proprietary - Restricted Distribution Page1,


Total25
Document Title Security Level

5. Display ospf peer


6. Display ospf peer brief
7. Display ospf lsdb
8. display ip routing-table protocol ospf
9. display ospf [process id] asbr-summary
10. display ospf routing
11. display ospf[process id] lsdb
12. display ospf peer last-nbr-down
13. int: ospf authentication-mode md5 1 cipher [password]
14. area: authentication-mode md5 1 cipher [password]
15. default-route-advertise always
16. int: ospf cost
17. router id
18. display router id
19. int: ospf network-type p2p
20. [AR-OSPF-area-0.0.0.0] stub -----------> stub area
21. [AR-OSPF-area-0.0.0.0] stub no-summary -----------> totally stubby area
22. [AR-OSPF-area-0.0.0.0] nssa -----------------------> NSSA area
23. Ospf: import-route {direct | is-is | Rip…}
24. Ospf: asbr-summary [summarized address]
25. Ospf: bandwidth-reference
26. Area: abr-summary
27. Int: ospf cost <1-65535>
28. Int: ospf network-type {broadcast | NBMA | p2p | p2mp}
29. Ospf: dr-priority <0-255>
30. Ospf: frr
31. Ospffrr: loop-free-alternate
32. Ospf: bfd all interfaces-enable
33. Ospf: filter ip-prefix 1 export -----> prevent from advertising
34. Area: vlink-peer [RID]

VLAN :
1. Int: port link-type {access | trunk | hybrid}
2. Int: port default vlan [vlan number]
3. Int: port trunk allow-pass vlan
4. Int: port trunk pvid vlan
5. Int: port hybrid tagged vlan
6. Int: port hybrid untagged vlan
7. Int: port hybrid pvid vlan

2024-05-18 Huawei Proprietary - Restricted Distribution Page2,


Total25
Document Title Security Level

8. Int: mac-vlan enable


9. vlan: mac-vlan mac-addresss [mac address]
10. Vlan
11. Vlan batch [number of VLANs]
12. Display vlan summary
13. Display vlan
14. Display mac-vlan vlan [vlan number]
15. Display mac-address verbose
16. Display mac-vlan mac-address all

VTY:
1. User-interface maximum-vty
2. User-interface {console | vty}
3. Vty: authentication-mode {aaa | none | password}
4. Vty: set authentication password {cipher| simple}
5. Vty: idle-timeout [minute:seconds]
6. Display user-interface
STP:
1. Stp enable
2. Stp mode {STP | RSTP | MSTP}
3. Display stp
4. Displat stp brief
5. Stp root primary
6. Stp root secondary
7. Stp priority
8. Stp pathcost-standard {802.1q | 802.1t | legacy}
9. Int: stp cost
10. Int: stp priority
11. Int : stp edged-port enable
12. Stp bpdu-protection
13. Stp bridge-address [39-39-39]

Link aggregation(manual and LACP):


1. Intrtface eth-trunk [number]
2. Mode {manual load-balance | lacp-static} default is the manual
3. Int: eth-trunk [number]
4. Eth-trunk: trunkports ethernet0//0 to 0/12
2024-05-18 Huawei Proprietary - Restricted Distribution Page3,
Total25
Document Title Security Level

5. Display eth-trunk [number]


6. Lacp priority <0-65535> --- lacp system priority, default is 32768
7. Int: lacp priority <0-65535> --- lacp interface priority, default is 32768
8. Eth-trunk: max active-linknumber
9. Eth-trunk: least active-linknummber
10. Eth-trunk: lacp preempt enable
11. Eth-trunk: load-balance {src-mac|dst-mac|src-ip|dst-ip|…..}
12. Eth-turnk: mixed-rate link enable --- enable interfaces with different rate
13.

VRRP:
1. display VRRP interface [int number]
2. display vrrp brief
3. vrrp ping-enable
4. undo vrrp vrid [vrid]
5. int: vrrp vrid [id] virtual-ip [vip]
6. int: vrrp vrid [id] priority [number]
7. int: vrrp vrid [id] timer advertise [seconds]
8. int: vrrp vrid [id] preempt-mode timer delay <0-3600>
9. int: vrrp vrid [id] authentication-mode {simple | md5} [text]
10. int: vrrp vrid [id] track interface [id] reduced <0-255>

ACL:

Basic ACL
1. Acl [number]
2. Acl name basic
3. Acl: rule [rule-id] {permit| deny} {source | any} [time-range]
4. Int: traffic-filter {inbound | outbound} acl [id]
Advanced ACL
5. Acl [number]
6. Acl name advanced
7. Acl: rule [id] {permit | deny} ip destination source dscp tos time-range
8. Acl: rule [id] {permit | deny} tcp destination destination-port source source-
port tcp-flag
2024-05-18 Huawei Proprietary - Restricted Distribution Page4,
Total25
Document Title Security Level

9. Display acl [id]

IS-IS:
1. [R] isis [process ID]
2. Display isis lsdb
3. Display isis peer
4. Display isis error
5. Display isis route
6. Display isis spf-tree
7. Display isis frr summary
8. Display isis interface
9. Display isis interface verbose
10. display isis bfd session all
11. Isis: network-entity [NET]
12. Isis: is-level level-{1 | 2 | 1-2}
13. Isis: summary
14. Isis: area-authentication-mode
15. Isis: domain-authentication-mode
16. Display current-configuration configuration isis
17. Int: isis authentication-mode
18. Isis: import-route isis level-2 into level-1
19. Isis: maximum-loadbalancing
20. Isis: nexthop [ipaddress] weight [lower better]
21. Isis: cost-style
22. Int: isis enable [process id]
23. Int: isis cost [number] ----------> Default is 10
24. Isis: circuit-cost
25. Isis: bandwidth-reference
26. Isis: auto-cost enable [compatible]
27. set-overload on-startup 120 send-sa-bit 60 allow external
28. Isis: import-route direct {level-2 | level-1} | level-1-2}
29. Int: isis circuit-level [level-1 | level-2]
30. Int: isis circuit-type p2p
31. Int: isis dis-priority <0-127> --------------> default 64
32. intL isis timer hello
33.
34. Isis: area-authentication-mode
2024-05-18 Huawei Proprietary - Restricted Distribution Page5,
Total25
Document Title Security Level

35. Isis: domain-authentication-mode


36. Isis: set-overload
37. Isis: frr
(a) Ecmp disable
(b) Loop-free-alternate
(c)
38. Isis: default-route-advertise {level-1 | level-2 | level-1-2} {tag | cost |route-
policy}

VPN:
1. Ip vpn-instance [instance name]
2. Vpn: ipv4-family VPNv4 ---------> enabling MP-BGP
 Vpnv4af: peer [id] enable
3. Description
4. Vpn: route-distinguisher
5. Display ip vpn
6. display ip vpn-instance verbose
7. display bgp vpnva all peer
8. Display ip routing-table vpn-instance [id]
9. Int: ip binding vpn-instance [instance id]
10. Ip route-static vpn-instance [id]
11. Ping -vpn-instance [id]
12. Tracert -vpn-instance [id]
13. Ospf [process id] vpn-instance [id]
14. Service-id
15. Ospf vpn-instance [id]

MPLS and MPLS L3VPN:


1. Mpls lsr-id [loopback address]
2. Mpls
3. Mpls ldp
4. Int: mpls
5. Int: mpls ldp
6. Static-lsp {egress | ingress | transit}
7. Display mpls route-state
8. Display mpls ldp session
9. Display mpls ldp lsp

2024-05-18 Huawei Proprietary - Restricted Distribution Page6,


Total25
Document Title Security Level

10. Display mpls ldp adjacency


11. Display mpls ldp remote-peer
12. Display mpls static-lsp
13. Display mpls ldp session
14. Mpls: lsp-trigger ip-prefix [prefix id]
15. Mpls: lsp trigeer all
16. Mpls ldp advertisement {du | dod}
17.
18. Ping lsp ip [ip address]
19. Tracert lsp ip [ip address]
20. Reset mpls ldp all

21. Mpls: mpls ldp remote-peer [peer name]


22. remoteLDP: description
23. remoteLDP: remote-ip
24. remotLDP: remote-ip [ip-address] pwe3

MPLS L2VPN:
CCC
1. Mpls lsr-id
2. Mpls
3. Mpls l2vpn
4. Ccc [name] interface out-interface
5. Interface [id].10
6. subInt: vlan-type dot1q [vid]
7. display vll ccc
8. dis l2vpn ccc-interface vc-type ccc
martini
9. Mpls lsr-id [loopback address]
10. Mpls
11. Mpls ldp
12. Int: mpls
13. Int: mpls ldp
14. Mpls: mpls ldp remote-peer [peer name]
15. remoteLDP: description
16. remoteLDP: remote-ip
17. mpls-l2vc-[ipaddress]-[label]
SVC
2024-05-18 Huawei Proprietary - Restricted Distribution Page7,
Total25
Document Title Security Level

18. Mpls lsr-id [loopback address]


19. Mpls
20. Mpls ldp
21. Int: mpls
22. Int: mpls ldp
23. Subint: mpls static-l2vc destination [mpls lsr-id] [VCID] transmit-vpn-label
[TX vpn label] receive-vpn-label [RX vpn label]
24. Display mpls static-l2vc
Kompella
25. Mpls ldp configuration
26. L2vpn enable
27. Bgp l2vpn configuration
28. Mpls l2vpn [name] encapsulation ethernet
29. L2vpn: route-distinguisher
30. L2vpn: vpn-target
31. L2vpn: ce [ce name] id [number] range [number of CEs]
32. L2vpnce: connection ce-offset 2 interface [int id]
33. Display mpls l2vpn

MPLS-TE:
1. Mpls lsr-id
2. Mpls
3. Mpls: mpls te
4. Int: mpls
5. Int: mpls te
6. Interface tunnel [tunnel ID]
7. Tunnel: ip address unnumbered interface
8. Tunnel: tunnel-protocol mpls te
9. Tunnel: Destination [dst IP]
10. Tunnel: mpls te bidirectional
11. Tunnel: Mpls te tunnel-id
12. Tunnel: Mpls te signal-protocol cr-static
13. static-cr-lsp {ingress | egress | transit}
14. display interface tunnel
15. display mpls te tunnel
16. display mpls lsp
17. display mpls
18. display mpls static-cr-lsp
19. int: mpls te bandwidth max-reservable-bandwidth
20. int: mpls te bandwidth bc0
2024-05-18 Huawei Proprietary - Restricted Distribution Page8,
Total25
Document Title Security Level

21. bidirectional static-cr-lsp ingress Tunnel [tunnel name]


1. forward nexthop 10.21.1.2 out-label 20 bandwidth ct0 100 pir 100
2. backward in-label 20
22. tunnel: mpls te passive-tunnel
23. tunnel: mpls te binding bidirectional static-cr-lsp egress
MPLS TE RSVP
24. mpls
25. mpls: mpls te
26. mpls: mpls rsvp-te
27. mpls: mpls te cspf
28. mpls: mpls te auto-frr
29. int: mpls, mpls te, mpls rsvp-te
30. isis: cost-style wide
31. isis: traffic-eng {level-1-2 | level-2 | level-1}
32. ospf: opaque-capability enable
33. ospfarea: mpls-te enable
34. int tunnel: ip address, dst, id, mple te, mpls te signal-protocol rsvp-te
35. int tunnel: mpls te record-route label
36. int tunnel: mpls te path explicit-path [path name]
37. int tunnel: mpls te bandwidth ct0
38. int tunnel: mpls te priority
39. int tunnel: mpls te fast-reroute bandwidth
40. int tunnel: bypass-attributes bandwisth [BW] priority
41. explicit-path [name]
42. explicitpath: next hop
43. lsp-attribute [name]
44.
45. display mpls te cspf tedb all

Bgp:
1. Bgp [AS]
2. Bgp: router-id
3. Bgp: peer [address] as-number [as]
4. Bgp: peer [address] connect-interface [int id]
5. Bgp: peer [id] ebgp-mac-hop [number]
6. Bgp: peer [id] next-hop-local
7. Bgp: peer [id] preferred-value [number]
8. Bgp: peer [id] password cipher
2024-05-18 Huawei Proprietary - Restricted Distribution Page9,
Total25
Document Title Security Level

9. Bgp: peer [id] valid-ttl-hops


10. Bgp: peer [id] advertise-community
11. Bgp: ipv4-family vpnv4
12. Bgp: summary automatic
13. Bgp: aggregate
14. Bgp: aggregate [address] detail-supressed
15. Bgp: aggregate [address] detail-supressed as-set
16. Bgp: aggregate [address] suppress-policy [policy name]
17. Bgp: bestroute as-path-ignore
18. Bgp: compare-different-as-med
19. Bgp: bestroute med-none-as-maximum
20. Bgp: load-balancing as-path-ignore
21. Bgp: maximum load-balancing {IBGP | EBGP}
22. Bgp: load-balancing as-path-ignore
23. peer [id] advertise-community
24. Bgp: active-route-advertise
25. Bgpvpn: peer [address] enable
26. Debug bgp update
 Terminal monitor
 Terminal debugging
27. Display bgp peer
28. Display bgp routing-table
29. Bgp-RR: peer [client address] reflect-client
30. Bgp-RR: reflector cluster-id
31. Bgp-RR: undo policy vpn-target
32. Routepolicy: app as-path [pathNO] additive
33. Bgp: group ebgp external
34. Bgp: group ibgp internal
35. Bgp: peer ebgp [id] as-number
36. Bgp: ipv4-familt VPNv4
37. Vpnaf: peer ibgp enable
38. Vpnaf: peer [id] group ibgp
39. RP: apply community no-advertise
Confideration
40. bgp [sub-AS]
41. Bgpsub: confederation id [main AS]
42. Bgpsub: confideration peer-as [sub-AS]

2024-05-18 Huawei Proprietary - Restricted Distribution Page10,


Total25
Document Title Security Level

Route policy:
Implementing RP by using ACL rules
1. Create the ACL rule
2. RP: ifmatch acl [acl id]
3. Apply cost
Implementing RP by using IP-prefix
4. Ip ip-prefix [name] {permit| deny} address {greater-qual | less-equal}
5. Route-policy [name] permit node [id]
6. If-match ip-prefix [ip-prefix name]
7. Apply {….}
Implementing RP by using Route filtering
8. Ip ip-prefix [name] deny address--- deny sth
9. Ip ip-prefix [name] permit address less-equal 32 --- permit all other
10. Ospf: filter-policy ip-prefix [name] {import | export}

Ip ip-prefix {permit | deny} [address] [subnet mask]


Route-policy [name] {permit | deny} node [number]
Policy: if-match ip-prefix [number]

VxLAN:
1. bridge-domain 10
2. interface gigabitethernet1/0/2.1 mode l2
3. subint: encapsulation dot1q vid 10
4. subint: rewtite pop single
5. subint: bridge-domain 10
6. bridge-domain 10
7. bd: vxlan vni [number]
8. bd: split-horizon enable
9. interface nve 1
10. nve: source
11. nve: vni [vxlanid] head-end peer-list [dst id]

2024-05-18 Huawei Proprietary - Restricted Distribution Page11,


Total25
Document Title Security Level

12. nve: vni [vxlanid] head-end peer-list protocol bgp


13. display vxlan peer
14. display vxlan tunnel
15. display vxlan vni
16. display bridge-domain
17. display interface nve
18. interface vbdif
19. vbdif: arp collect host enable
20. vbdif: arp distribute-gateway enable
21. vbdif: arp broadcast-detect enable
22. bgpevpnaf: peer [id] advertise irb

EVPN
23. evpn [name] bd-mode
24. route-distinguisher
25. vpn-target [NO.]
26. bd: evpn binding vpn-instance
27. bd: split-horizon enable
28. display bgp evpn peer
29. evpn source-address

M-LAG V-STP mode:


1. display dfs-group dfs-group-id
2. display error-down recovery
3. display stp
4. display m-lag troubleshooting { history | current }
5. stp mode {stp | rstp}
6. stp bridge-address (optional, but its better)
7. stp v-stp enable
8. stp v-stp port-id-extension enable (optional, but its better)
DFS configuration
9. dfs-group [dfs-group-id]
10. source ip
11. priority
peer-link
12. interface eth-trunk
13. mode lacp-static
14. stp enable
2024-05-18 Huawei Proprietary - Restricted Distribution Page12,
Total25
Document Title Security Level

15. peer-link [peer-link-id]


16. port vlan exclude
member-interface
17. dfs-group [dfs-group-id] m-lag [m-lag-id]

E-Trunk:
1. e-trunk [id]
2. security key{simple | cipher}
3. etrunk: peer-address [peer ip] source-address [source ip]
4. ethtrunk: e-trunk e-trunk-id [ remote-eth-trunk eth-trunk-id ] ----> add an eth-
trunk to an E-trunk.
5. interface global-ve [ve-number]
6. ve-group [ve-group-id] l2-terminate
7. e-trunk e-trunk-id [ remote-global-ve global-ve-id ]
8. etrunk: security-key cipher YsHsjx_202206
9. display e-trunk
10. display e-trunk bfd session all
11. display lacp brief

BFD :
----------------------------------------------------------------------------
1. bfd
2. bfd: discriminator local [number]
3. bfd: discriminator remote [number]
4. etrunk: e-trunk track bfd-session session-name [bfd name]
5. isis: bfd all-interfaces enable
6. display isis bfd session all
7. display bfd link-bundle session
8. display bfd configuration
9. bfd [bfd-id] bind peer-ip [ip] source-ip [ip] {auto}
10. bfd [id] bind link-bundle peer-ip [ip] interface Eth-Trunk 10 source-ip
11. bfd pis
a. process-interface-status
12. bfd pissub
a. process-interface-status sub-if
13. isis ipv6 bfd block -----> disables ipv6 int dynamically establish BFD session
14. reset bfd statistics {all | discriminator}
2024-05-18 Huawei Proprietary - Restricted Distribution Page13,
Total25
Document Title Security Level

EVPN:
1. Source-address [add]
2. evpn vpn-instance [name] bd-mode
3. int: esi [id]
4. interface eth-trunk10.1 mode l2
5. int: encapsulation dot1q vid
6. int: bridge-domain [bd id]
7. evpn redundancy-mode single-active
8. evpn
9. evpn: vlan-extend private enable
10. evpn: vlan-extedn redirect enable
11. evpn: local-remote frr enable
12. establish bgp peering
13. l2vpn-family evpn
14. peer [id] enable
15. display bgp peer
16. display bgp evpn peer
17. display bgp evpn all routing-table
18. display evpn mac routing-table all-evpn-instance
19. display bgp evpn all routing-table mac-route
20. display evpn vpn-instance name evpna df result
configuring single-active PE based on DF election
21. evpn
22. evpn:esi [esi-id]
23. evpn-esi: evpn redundancy-mode single-active df-election

2024-05-18 Huawei Proprietary - Restricted Distribution Page14,


Total25
Document Title Security Level

DHCP:
Configure DHCP global address block
1. Dhcp enable
2. Ip Pool [poolname] --- create an IP pool
3. Pool: network [NETid] mask --- specify the pool range
4. Pool: dns-list --- configure the DNS address
5. Pool: gateway-list ---- configure the gateway address
6. Pool: lease --- set the lease time in the pool
7. Pool: static-bind ip-adrress [ip] mac-address [mac]
8. Int: dhcp select global --- after creating the pool, select and interface
Configure an interface as the DHCP server
9. Int: dhcp select interface --- config the device to use this int address pool to
provide DHCP function
10. Int: dhcp server dns-list [ip address] --- config the DNS server
11. Int: ip address dhcp-alloc
12. Int: dhcp excluded-ip-address ---- excluded usable addresses
13. Int: dhcp server lease --- configure the leased time
14. Display dns server
15. Display ip pool name
16. Display ip pool

telnet :
1. telnet server enable --- configure a device as a telnet server
create AAA account on the server
aaa
local-user [username] password irreversible-cipher
local-user [username] privilege-level
local-user [username] service-type {telnet}
2. user-interface vty
3. vty: user privilege level <0-15>
4. vty: authentication-mode {aaa | none | password} --- config authentication
mode
5. vty: set authentication password {cipher | simple} --- config password
6. vty: acl [id] {inbound | outbound} --- config the ACL
7. vty: protocol inbound {all | telnet | ssh} --- config the supported protocol, by
2024-05-18 Huawei Proprietary - Restricted Distribution Page15,
Total25
Document Title Security Level

default the VTY supports SSH and Telnet

AAA:
1. aaa
2. aaa: authentication-scheme [authentication scheme name] --- create
authentication scheme
3. aaa: authorization-scheme [authorization scheme name] --- create
authorization scheme
4. auth-scheme: authentication-mode [hwtacas | local | radius] ---> default is
local
5. domain [domain-name] --- create a domain name
6. domain: authentication-scheme [authentication scheme name] --- bind
authentication scheme to a domain
7. domain: authorization-scheme [authorization scheme name]
8. aaa: local-user [name] password {cipher} --- create a local user and assign
password
9. aaa: local-user [name] service-type {{terminal | telnet | ftp | http | } ppp |
none } ---- configure the access type of the user, by default all of them are
disabled
10. aaa: local-user [name] privilege level <0-15> --- specify the permission level
of the user
11. Vty: authentication-mode aaa
12. Display domain name
13. Display aaa offline-record all ----after the user logs in and out, you can see the
records

NAT:
1. Int: nat static global [public IP] inside [private IP]
Or
Nat static global [public IP] inside [private IP]
Int: nat static enable --- enable NAT on an interface after it is configured
globally in system-view
2. Nat address group [index] [start address] [end address] --- create a pool
3. Acl --- configure an ACL
4. Nat outbound [acl id] address group [index] [no-pat]
5. Nat outbound [acl id] address group [index] -------> NAPT
2024-05-18 Huawei Proprietary - Restricted Distribution Page16,
Total25
Document Title Security Level

Easy IP
6. Int: nat outbound [acl id]
NAT server
7. Nat server protocol tcp global [address] www inside [address] 8080
8. Display nat session all

FTP:
1. Ftp [ipv6] server enable --- enabling ftp server function
Configure a local user on the ftp server
Aaa
Local user [username] password irreversible-cipher [password]
Local user [username] privilege-level [level3 or higher]
Local user [username] service-type {ftp}
Local user [username] ftp-directory

2. Ascii
3. Binary
4. Get
5. Delete
6. Put
7. passive
8. Bye

TFTP:
1. Tftp [server address] {get | put } [file name] --- the device will function as a
client

PPP:
1. Int: link-protocol ppp--- encapsulate an int with PPP, for serial the default

2024-05-18 Huawei Proprietary - Restricted Distribution Page17,


Total25
Document Title Security Level

encapsulation is PPP
2. Int: ppp timer negotiate [seconds] --- negotiating msgs time interval
PAP
3. Aaa: Local-user [name] password --- create an acc on the authenticator
4. Aaa: Local-user [name] service-type ppp ---- select the service type on the
authenticator
5. int:ppp authentication-mode pap --- select the authentication mode
6. int: ppp pap local-user [name] password--- configure the peer to start
negotiation with the authenticator
CHAP
7. aaa: local-user [name] password --- create the AAA acc on the authenticator
8. aaa: local-user service-type ppp ---- select the service type
9. int: ppp authentication-mode chap --- select the authentication mode on
authenticator
10. int: ppp chap user [name] --- configure the username on peer
11. int: ppp chap password --- configure the password on peer

PPPoE
12. dialer-rule --- create a dialer rule
13. dial: dialer user [name] --- configure a username on the dialer interface
14. dial: dialer-group [group number] --- add the int to a dialer group
15. dial: dialer bundle [number]--- specify a dialer bundle for the interface
16. int: pppoe-client dial-bundle-number [number] --- bind a physical interface to
the dialer bundle

example:
17. dialer-rule
18. rule: dialer-rule [number] ip per {permit | deny}
19. interface dialer [number]
20. dial: dialer user [name]
21. diak: dialer-group [number]
22. dial: dialer bundle [number]
23. dial: ip address ppp-negotiate

IPv6:
1. ipv6 ---- enable it globally
2. int: ipv6 enable --- enable it on interface
2024-05-18 Huawei Proprietary - Restricted Distribution Page18,
Total25
Document Title Security Level

3. int: ipv6 address [add] link-local --- configure LLA manually


4. Int: ipv6 address auto link-local --- configure LLA automatically
5. Int: ipv address --- configure GUA manually
6. Int: ipv6 address auto {global | dhcp} --- configure GUA automatically
7. Ipv6 route-static --- configuring static route
8. Display ipv6 interface {brief}
9. Display ipv4 neighbor
10. Int: Undo ipv6 nd ra halt ---- enable an interface to send RA message
Configuring DHCPv6 server
11. Dhcp enable ---- configure the router to be DHCP server
12. Dhcpv6 pool [name] --- configure a pool for IPv6 addresses
13. Pool: Address prefix [prefix-id] --- configure the range
14. Int: dhcpv6 server [pool name] --- bind the pool to an interface
15. Int: undo ipv6 nd ra halt ---- enable RA on the int
16. Int: ipv6 nd autoconfig managed-address flag
17. Int: ipv6 nd autoconfig other-flag
Configuring DHCPv6 client
18. Int: ipv6 address auto dhcp
19. Int: ipv6 address auto global default
Configuring an interface to use SLAAC
20. Int: undo ipv6 nd ra halt--- enable RA on the server
21. Int: ipv6 address auto global --- configure a client

wlan
configure AP to go online
1. Pool: option <1-254> {ascii | cipher | hex | ip-address}
2. Wlan -------> regulatory domain creating
3. Wlan: regulatory-domain-profile name [profile name]
4. Regulatorprofile: country-code [code]
5. Wlan: ap-group [name]
6. Apgroup: regulatory-domain-profile [profile name] -------> binding
7. Capwap source interface {loopback | vlanif}
8. Capwap source ip-address
9. Wlan: ap auth-mode {mac-auth | sn-auth} ----------default: mac-auth
10. Wlan: ap-id
11. Apid: ap-name
12. Wlan: ap-id 0
13. Ap0: ap-group [group name]
14. Display ap {all | ap-group}
2024-05-18 Huawei Proprietary - Restricted Distribution Page19,
Total25
Document Title Security Level

Configure Radios
15. Wlan: ap-id 0
16. Ipid0: radio [radio-id]
17. Radio: channel {20mhz | 40mhz-minus | 40mhz-plus | 80mhz | 160mhz}
18. Radio: antenna-gain
19. Radio: eirp
20. Radio: coverage distance
21. Radio: frequency {2.4g | 5g}
Create radio profile
22. Wlan: radio-2g-profile name [profile name]
23. Wlan: ap-group name [group name]
24. Apgroup: radio-2g-profile [profile name] radio {radio-id | all}
Configuring VAP
25. Wlan: vap-profile name [profile name]
26. Vapprofile: forward-mode {direct-forward | tunnel}
27. Vapprofile: service-vlan {vlan-id [vlan] | vlan-pool [pool]}
Configuring security profile
28. Wlan: security-profile name [profile name]
29. Wlan: vap-profile name
30. Vapprofile: security-profile name

Configuring SSID profile


31. Wlan: ssid-profile name [profile name]
32. Ssidprofile: ssid [ssid] -----> default: HUAWEI-WLAN
33. Wlan: vap-profile name [profile name]
34. Vapprofile: ssid-profile name [profile name]
Binding VAP
35. Wlan: ap-group name [group name]
36. Apgroup: vap-profile [profile name] wlan [wlanid] radio {radio-id | all}
[service-vlan{vlan-id | vlan-pool}]
Display vap {ap-group | ap-name | ap-id | radio| ssid}
Display vap {all | ssid}

SNMP:
1. Snmp-agent ------> enabling snmp agent function
2. Snmp-agent sys-info version {v1 | v2c | v3} ----> specifying the version
2024-05-18 Huawei Proprietary - Restricted Distribution Page20,
Total25
Document Title Security Level

3. Snmp-agent mib-view [view name] {exclude | include} [subtree-name] [mask


mask ]
4. Snmp-agent group v3 {authentication | no-authentication | privacy} [read-view |
write-view | notif-view] ---create an snmp group and specify the authentication
and encryption mode
5. Snmp-agent usm-user v3 [username] group [group name] --- add a user to an
snmp group
6. Snmp-agent usm-user v3 [username] authentication-mode {md5 | sha | sha2-256}
------> authentication password for a user in an snmp group
7. Snmp-agent usm-user v3 [username] privacy-mode {aes128 | des56} ---->
encryption mode for the user
8. Snmp-agent target-host trap-paramsname [paramsname] v3 securityname
{authentication | noauthnopriv | privacy} -----> set the parameters for the device to
send traps
9. Snmp-agent target-host trap-hostname [hostname] address [address] trap-
paramsname [paramsname] -----> configure target host for sending traps
10. Snmp-agent trap enable ------> enable all trap function
11. Snmp-agent trap source [interface type] [interface number] --- specify the
interface that can send trap messages

E-Trunk:
1. lacp e-trunk system-id 00e0-fc00-0000
2. lacp e-trunk priority [number]
3. e-trunk 1
4. Etrunk: priority 50
5. etrunk: peer-address [add] source-address[add]
6. Etrunk: security-key cipher
7. int: e-trunk [etrunk number]
8. int: e-trunk mode force-master
9. int: timer es-recovery 120

SRv6:
2024-05-18 Huawei Proprietary - Restricted Distribution Page21,
Total25
Document Title Security Level

1. Display segment-routing ipv6 local-sid forwarding


2. Display segment-routing ipv6 local-sid end forwarding
3. Display segment-routing ipv6 local-sid end-x forwarding
4. Display segment-routing ipv6 local-sid end-dt4 forwarding
5. Display segment-routing ipv6 local-sid end-dt6 forwarding
6. display segment-routing ipv6 local-sid end-dt2m forwarding
7. display segment-routing ipv6 local-sid end-dt2u forwarding
8. display bgp evpn all routing-table prefix-route
9. Segment-routing ipv6
10. Segrouting: encapsulation source-address --- source address for SRv6
encapsulation.
11. SegRouting: Locator [name] ipv6-prefix [locator id] 64 static 32 --- SRv6
locator
12. Isis: segment-routing ipv6 locator [locater id]--- enables the IS-IS SRv6
function
13. Isis: segment routing ipv6 locator [locator id] auto-sid-disable
14. Bgp
Ipv4-family unicast
15. Bgpipv4: Peer [peer address] prefix-sid---- enables a device to send prefix-sid
information
16. Bgpipv4: segment-routing ipv6 best-effort--- enables public network routes to
recurse to SRv6 BE based on SIDs carried in routes
17. Bgpipv4: segment-routing ipv6 locator [locator id]--- enables a device to add
SIDs into public network routes
Ipv6-family unicast
18. Bgpipv6: Peer [peer address] prefix-sid---- enables a device to send prefix-sid
information
19. Bgpipv6: segment-routing ipv6 best-effort--- enables public network routes to
recurse to SRv6 BE based on SIDs carried in routes
20. Bgpipv6: segment-routing ipv6 locator [locator id]--- enables a device to add
SIDs into public network routes
Ipv4-family vpnv4
21. peer [peer address] prefix-sid
ipv4-family vpn-instance [vpn name]

22. segment-routing ipv6 best-effort


23. segment-routing ipv6 locator aa
24. segRouting: opcode ::100 end-dt4 vpn-instance [vpn name] evpn
ipv4-family vpn-instance
25. segment-routing ipv6 locator PE1 evpn
26. segment-routing ipv6 best-effort evpn
2024-05-18 Huawei Proprietary - Restricted Distribution Page22,
Total25
Document Title Security Level

EVPN VPN-instance
27. segment-routing ipv6 locator {PE1_ARG} unicast-locator {PE1}
28. segment-routing ipv6 best-effort

in the metro regions


#
segment-routing ipv6
encapsulation source-address FD00:A51A:CE11:2::101
locator SRV6BE ipv6-prefix FD00:A51A:CE11:3:1:1010:: 96 static 12 args 8
opcode ::2 end-op
#
Isis 1000
segment-routing ipv6 locator SRV6BE
ipv6 avoid-microloop segment-routing
#
bgp
ipv4-family vpn-instance 2G&3G
segment-routing ipv6 locator SRV6BE evpn
segment-routing ipv6 best-effort evpn
#
l2vpn-family evpn
advertise encap-type srv6
#

evpn srv6 next-header-field 59

Software upgrade:
Pre-checks
1. display version ------ Verifying the Current System Software Version
2. display device ----- Checking the MPUs' and LPUs' operating statuses
3. display health ---- Checking the MPUs' memory usage
4. display alarm all/active ---- Checking the equipment's alarms

2024-05-18 Huawei Proprietary - Restricted Distribution Page23,


Total25
Document Title Security Level

5. Display device ---- Checking the Board Register Status


6. Display device pic-status ---- Checking Subcard Register Status
7. Display temperature slot ---- Checking the Temperature
8. Dir cfcard2:/ ---- Checking the Log Information
9. Dir logfile/ ---- Checking the Log Information
10. Dir cfcard: ---- Verifying Remaining Space
11. Dir slave#cfcard:/ ---- Verifying Remaining Space
12. Delete/undelete ---- delete and restore the files
13. reset recycle-bin cfcard:/
14. reset recycle-bin cfcard2:/
15. reset recycle-bin slave#cfcard:/
16. reset recycle-bin slave#cfcard2:
17. check hardware-compatibility cfcard:/[version name]---- Verify that the version of every
MPU, LPU, and SFU matches the source version.
18. check version startup
19. compare configuration

VPLS:
Static VPLS
1. mpls l2vpn ---- enable LDP L2VPN function
2. vsi [id] ---- create VSI on each PE
3. vsi: pwsignal {ldp | bgp} ---- choose the VPLS signaling protocol
4. vsi-ldp: vsi-id [id] ----- specify the VSI ID
5. vsi-ldp: peer [address] static-upe trans [label] recv [label]
6. subint: vlan-type dot1q
7. subint: l2 binding vsi [vsi name]
8. display vsi
9. Display vsi verbose
LDP VPLS
10. mpls ldp remote-peer [id] --- create remote ldp session
11. mplsremote: remote-ip [address] ---- specify the address of the remote peer

License :
1. display license state --- default, normal, trial, emergency, demo …
2. display license --- check license items

2024-05-18 Huawei Proprietary - Restricted Distribution Page24,


Total25
Document Title Security Level

3. displace license verbose


4. display license esn--- to check the esn of the master and slave boards
5. license verify--- verify the license file
6. license activate--- to activate a license file
7. license: active port-basic slot --- remove restriction on the interface
8. display license resource usage port-basic all --- check the available license resource
9. license trial enable --- you can enable trial license two times, each for 90 days.
10. Display license trial
11. Display esn backplane --- to check if the esn is associated with the main control plane

1. Firewall zone name [name]  creates a security zone


2. Zone: set priority [1-100]  assigning a security level to a zone
3. Add interface [int]  assigning interfaces to a security zone

2024-05-18 Huawei Proprietary - Restricted Distribution Page25,


Total25

You might also like