For example, I’ll configure the Huawei MA5800-X15; in fact, the configuration will be similar to the old OLT MA5600.
Login is root, default password is admin123.
Let’s switch to elevated privilege mode:
enable
I looked at what boards were installed:
display board 0
-------------------------------------------------------------------------
SlotID BoardName Status SubType0 SubType1 Online/Offline
-------------------------------------------------------------------------
0
1
2
3 H901GPHF Auto_find
4
5
6
7
8 H905MPLB Config
9 H905MPLB Active_normal
10
11
12
13
14
15
16
17
18 H903PILA Normal
19 H903PILA Normal
-------------------------------------------------------------------------
Confirmed GPON H901GPHF board:
board confirm 0/3
display board 0
-------------------------------------------------------------------------
SlotID BoardName Status SubType0 SubType1 Online/Offline
-------------------------------------------------------------------------
0
1
2
3 H901GPHF Normal
4
5
6
7
8 H905MPLB Standby_normal
9 H905MPLB Active_normal
10
11
12
13
14
15
16
17
18 H903PILA Normal
19 H903PILA Normal
-------------------------------------------------------------------------
If you want to add more boards, you need to look at what board versions are supported by the firmware:
display io-packetfile information
I will connect the Huawei MA5800 with a passive SFP+ cable to the Cisco Nexus switch; on the switch you need to disable auto negotiation, manually specify the speed of 10G and full duplex. You can make LACP from 4 SFP+ ports to get 40 Gbit/s.
I configured the same port on both control boards, also disabled auto negotiation, manually specified the speed and full duplex:
interface mpu 0/8
auto-neg 0 disable
speed 0 10000
duplex 0 full
interface mpu 0/9
auto-neg 0 disable
speed 0 10000
duplex 0 full
Let’s change the password for the root user:
terminal user password
root
...
I added one more administrator, since under the root user there can only be one connection to the device at a time:
terminal user name
User Name(length<6,15>):ixnfo.com
User Password(length<8,15>):
Confirm Password(length<8,15>):
User profile name(<=15 chars)[root]:root
User's Level:
1. Common User 2. Operator 3. Administrator:3
Permitted Reenter Number(0--20):20
User's Appended Info(<=30 chars):
Adding user successfully
Repeat this operation? (y/n)[n]:n
I did not use the meth0 interface to save ports, but simply created a vlan interface for management:
enable
config
vlan 210 smart
port vlan 210 0/8 0
port vlan 210 0/9 0
interface vlanif 210
ip address 10.0.3.251 255.255.255.0
quit
ip route-static 0.0.0.0 0.0.0.0 10.0.3.1
And added firewall rules to allow only trusted IP addresses to access it:
sysman ip-access telnet 10.0.3.1 10.0.3.5
sysman ip-access telnet 192.168.5.5 192.168.5.5
sysman firewall telnet enable
sysman ip-access ssh 10.0.3.1 10.0.3.5
sysman ip-access ssh 192.168.5.5 192.168.5.5
sysman firewall ssh enable
sysman ip-access snmp 10.0.3.1 10.0.3.5
sysman ip-access snmp 192.168.5.5 192.168.5.5
sysman firewall snmp enable
Let’s indicate on which interface the services should run:
ssh user ixnfo.com authentication-type password
sysman server source telnet vlanif 210
sysman server source ssh vlanif 210
sysman server source snmp vlanif 210
Warning: SNMP is a management plane protocol, Ensure that the Layer 3
interface bound to SNMP is isolated from the user plane interface
Let’s set the time:
timezone GMT+ 02:00
time dst start 04-01 00:00:00 end 10-28 00:00:00 adjust 01:00
ntp-service unicast-server 192.168.1.7 source-interface vlanif210
Let’s configure SNMP:
display snmp-agent community read
display snmp-agent community write
snmp-agent community write ixnfo.com
snmp-agent community read ixnfo.com
snmp-agent sys-info contact ixnfo.com
snmp-agent sys-info location ixnfo.com
snmp-agent sys-info version v2c
snmp-agent target-host trap-hostname U2000SERVER address 192.168.5.3 udp-port 162 trap-paramsname NMS
snmp-agent target-host trap-paramsname NMS v2C securityname NMS
snmp-agent trap enable standard
You can disable telnet:
sysman service telnet disable
Added VLAN for users:
vlan 750 smart
port vlan 750 0/8 0
port vlan 750 0/9 0
display vlan 750
Added a DBA profile with a speed of 1 Gbit/s:
dba-profile add profile-name 1G type3 assure 1024 max 1000000
display dba-profile all
Let’s add the ont-lineprofile profile:
ont-lineprofile gpon profile-name "VLAN 750 DEFAULT"
display dba-profile profile-name 1G
tcont 4 dba-profile-id 10
gem add 1 eth tcont 4
mapping-mode vlan
gem mapping 1 0 vlan 750
commit
quit
Added profile ont-srvprofile:
ont-srvprofile gpon profile-name "VLAN 750 DEFAULT"
ont-port eth 1
port vlan eth 1 750
commit
quit
On the GPON board we activate auto detection of new ONTs:
interface gpon 0/3
port 0 ont-auto-find enable
port 1 ont-auto-find enable
port 2 ont-auto-find enable
port 3 ont-auto-find enable
port 4 ont-auto-find enable
port 5 ont-auto-find enable
port 6 ont-auto-find enable
port 7 ont-auto-find enable
port 8 ont-auto-find enable
port 9 ont-auto-find enable
port 10 ont-auto-find enable
port 11 ont-auto-find enable
port 12 ont-auto-find enable
port 13 ont-auto-find enable
port 14 ont-auto-find enable
port 15 ont-auto-find enable
Let’s add a test ONT:
display ont autofind 0
ont add 0 0 sn-auth 00004117C04C0000 omci ont-lineprofile-name "VLAN 750 DEFAULT" ont-srvprofile-name "VLAN 750 DEFAULT" desc "ixnfo.com"
ont port native-vlan 0 0 eth 1 vlan 750
quit
To make the Internet work, all you have to do is add a service-port for this ONT:
service-port 0 vlan 750 gpon 0/3/0 ont 0 gemport 1 multi-service user-vlan 750
We activate loop protection and specify that the ONT should unlock automatically after 30 minutes:
ring check enable
ring check resume-interval 30
An example of enabling different types of protections:
security anti-dos enable
security anti-dos control-packet policy deny
security anti-dos control-packet rate 0/3/0 default
display security anti-dos control-packet rate 0/3/0
display security dos-blacklist all
security anti-icmpattack enable
security anti-ipattack enable
security anti-macduplicate enable
display log security
display security config
display security conflict
Let’s save the configuration:
save
I also wrote an SNMP template in Zabbix and made triggers for CPU load, temperature, etc. above the norm, I will give examples of SNMP OID:
CPU:
snmpwalk -v 2c -c ixnfo 192.168.0.5 1.3.6.1.4.1.2011.2.6.7.1.1.2.1.5
SNMPv2-SMI::enterprises.2011.2.6.7.1.1.2.1.5.0.3 = INTEGER: 13
SNMPv2-SMI::enterprises.2011.2.6.7.1.1.2.1.5.0.8 = INTEGER: 4
SNMPv2-SMI::enterprises.2011.2.6.7.1.1.2.1.5.0.9 = INTEGER: 5
SNMPv2-SMI::enterprises.2011.2.6.7.1.1.2.1.5.0.18 = INTEGER: -1
SNMPv2-SMI::enterprises.2011.2.6.7.1.1.2.1.5.0.19 = INTEGER: -1
Temperature:
snmpwalk -v 2c -c ixnfo 192.168.0.5 1.3.6.1.4.1.2011.6.3.3.2.1.13
SNMPv2-SMI::enterprises.2011.6.3.3.2.1.13.0.3 = INTEGER: 27
SNMPv2-SMI::enterprises.2011.6.3.3.2.1.13.0.8 = INTEGER: 20
SNMPv2-SMI::enterprises.2011.6.3.3.2.1.13.0.9 = INTEGER: 21
SNMPv2-SMI::enterprises.2011.6.3.3.2.1.13.0.18 = INTEGER: 2147483647
SNMPv2-SMI::enterprises.2011.6.3.3.2.1.13.0.19 = INTEGER: 2147483647
As you can see, the CPU load, temperatures for the GPON board and two control boards are displayed.
power (* 0.1)
snmpwalk -v 2c -c ixnfo 192.168.0.5 1.3.6.1.4.1.2011.2.6.7.1.1.1.1.11
SNMPv2-SMI::enterprises.2011.2.6.7.1.1.1.1.11.0 = INTEGER: 537
See also my articles:
- Configuring Huawei SmartAX MA5683T
- OID and MIB for Huawei OLT and ONU
- Setting up ETP48100-B1 with Huawei MA5800
- Adding ONT Huawei HG8245 on Huawei MA5800