How to set up Huawei MA5800

Posted byVyacheslav Leave a comment on How to set up Huawei MA5800

For example, I’ll configure the Huawei MA5800-X15; in fact, the configuration will be similar to the old OLT MA5600.

Login is root, default password is admin123.

Let’s switch to elevated privilege mode:

enable

I looked at what boards were installed:

display board 0
  -------------------------------------------------------------------------
  SlotID  BoardName  Status          SubType0 SubType1    Online/Offline
  -------------------------------------------------------------------------
  0
  1
  2
  3       H901GPHF   Auto_find
  4
  5
  6
  7
  8       H905MPLB   Config
  9       H905MPLB   Active_normal
  10
  11
  12
  13
  14
  15
  16
  17
  18      H903PILA   Normal
  19      H903PILA   Normal
  -------------------------------------------------------------------------

Confirmed GPON H901GPHF board:

board confirm 0/3
display board 0
  -------------------------------------------------------------------------
  SlotID  BoardName  Status          SubType0 SubType1    Online/Offline
  -------------------------------------------------------------------------
  0
  1
  2
  3       H901GPHF   Normal
  4
  5
  6
  7
  8       H905MPLB   Standby_normal
  9       H905MPLB   Active_normal
  10
  11
  12
  13
  14
  15
  16
  17
  18      H903PILA   Normal
  19      H903PILA   Normal
  -------------------------------------------------------------------------

If you want to add more boards, you need to look at what board versions are supported by the firmware:

display io-packetfile information

I will connect the Huawei MA5800 with a passive SFP+ cable to the Cisco Nexus switch; on the switch you need to disable auto negotiation, manually specify the speed of 10G and full duplex. You can make LACP from 4 SFP+ ports to get 40 Gbit/s.

I configured the same port on both control boards, also disabled auto negotiation, manually specified the speed and full duplex:

interface mpu 0/8
auto-neg 0 disable
speed 0 10000
duplex 0 full
interface mpu 0/9
auto-neg 0 disable
speed 0 10000
duplex 0 full

Let’s change the password for the root user:

terminal user password
root
...

I added one more administrator, since under the root user there can only be one connection to the device at a time:

terminal user name
  User Name(length<6,15>):ixnfo.com
  User Password(length<8,15>):
  Confirm Password(length<8,15>):
  User profile name(<=15 chars)[root]:root
  User's Level:
     1. Common User  2. Operator  3. Administrator:3
  Permitted Reenter Number(0--20):20
  User's Appended Info(<=30 chars):
  Adding user successfully
  Repeat this operation? (y/n)[n]:n

I did not use the meth0 interface to save ports, but simply created a vlan interface for management:

enable
config
vlan 210 smart
port vlan 210 0/8 0
port vlan 210 0/9 0
interface vlanif 210
ip address 10.0.3.251 255.255.255.0
quit
ip route-static 0.0.0.0 0.0.0.0 10.0.3.1

And added firewall rules to allow only trusted IP addresses to access it:

sysman ip-access  telnet  10.0.3.1  10.0.3.5
sysman ip-access  telnet  192.168.5.5  192.168.5.5
sysman firewall telnet enable
sysman ip-access  ssh  10.0.3.1  10.0.3.5
sysman ip-access  ssh  192.168.5.5  192.168.5.5
sysman firewall ssh enable
sysman ip-access  snmp  10.0.3.1  10.0.3.5
sysman ip-access  snmp  192.168.5.5  192.168.5.5
sysman firewall snmp enable

Let’s indicate on which interface the services should run:

ssh user ixnfo.com authentication-type password

sysman server source telnet vlanif 210
sysman server source ssh vlanif 210
sysman server source snmp vlanif 210
  Warning: SNMP is a management plane protocol, Ensure that the Layer 3
interface bound to SNMP is isolated from the user plane interface

Let’s set the time:

timezone GMT+ 02:00
time dst start 04-01 00:00:00 end 10-28 00:00:00 adjust 01:00
ntp-service unicast-server 192.168.1.7 source-interface vlanif210

Let’s configure SNMP:

display snmp-agent community read
display snmp-agent community write
snmp-agent community write ixnfo.com
snmp-agent community read ixnfo.com
snmp-agent sys-info contact ixnfo.com
snmp-agent sys-info location ixnfo.com
snmp-agent sys-info version v2c 
 
snmp-agent target-host trap-hostname U2000SERVER address 192.168.5.3 udp-port 162 trap-paramsname NMS
snmp-agent target-host trap-paramsname NMS v2C securityname NMS 
snmp-agent trap enable standard

You can disable telnet:

sysman service telnet disable

Added VLAN for users:

vlan 750 smart
port vlan 750 0/8 0
port vlan 750 0/9 0
display vlan 750

Added a DBA profile with a speed of 1 Gbit/s:

dba-profile add profile-name 1G type3 assure 1024 max 1000000
display dba-profile all

Let’s add the ont-lineprofile profile:

ont-lineprofile gpon profile-name "VLAN 750 DEFAULT"
display dba-profile profile-name 1G
tcont 4 dba-profile-id 10
gem add 1 eth tcont 4
mapping-mode vlan
gem mapping 1 0 vlan 750
commit
quit

Added profile ont-srvprofile:

ont-srvprofile gpon profile-name "VLAN 750 DEFAULT"
ont-port eth 1
port vlan eth 1 750
commit
quit

On the GPON board we activate auto detection of new ONTs:

interface gpon 0/3
port 0 ont-auto-find enable
port 1 ont-auto-find enable
port 2 ont-auto-find enable
port 3 ont-auto-find enable
port 4 ont-auto-find enable
port 5 ont-auto-find enable
port 6 ont-auto-find enable
port 7 ont-auto-find enable
port 8 ont-auto-find enable
port 9 ont-auto-find enable
port 10 ont-auto-find enable
port 11 ont-auto-find enable
port 12 ont-auto-find enable
port 13 ont-auto-find enable
port 14 ont-auto-find enable
port 15 ont-auto-find enable

Let’s add a test ONT:

display ont autofind 0
ont add 0 0 sn-auth 00004117C04C0000 omci ont-lineprofile-name "VLAN 750 DEFAULT" ont-srvprofile-name "VLAN 750 DEFAULT" desc "ixnfo.com"
ont port native-vlan 0 0 eth 1 vlan 750
quit

To make the Internet work, all you have to do is add a service-port for this ONT:

service-port 0 vlan 750 gpon 0/3/0 ont 0 gemport 1 multi-service user-vlan 750

We activate loop protection and specify that the ONT should unlock automatically after 30 minutes:

ring check enable
ring check resume-interval 30

An example of enabling different types of protections:

security anti-dos enable
security anti-dos control-packet policy deny
security anti-dos control-packet rate 0/3/0 default
display security anti-dos control-packet rate 0/3/0
display security dos-blacklist all

security anti-icmpattack enable
security anti-ipattack enable
security anti-macduplicate enable
display log security 
display security config
display security conflict

Let’s save the configuration:

save

I also wrote an SNMP template in Zabbix and made triggers for CPU load, temperature, etc. above the norm, I will give examples of SNMP OID:

CPU:
snmpwalk -v 2c -c ixnfo 192.168.0.5 1.3.6.1.4.1.2011.2.6.7.1.1.2.1.5
SNMPv2-SMI::enterprises.2011.2.6.7.1.1.2.1.5.0.3 = INTEGER: 13
SNMPv2-SMI::enterprises.2011.2.6.7.1.1.2.1.5.0.8 = INTEGER: 4
SNMPv2-SMI::enterprises.2011.2.6.7.1.1.2.1.5.0.9 = INTEGER: 5
SNMPv2-SMI::enterprises.2011.2.6.7.1.1.2.1.5.0.18 = INTEGER: -1
SNMPv2-SMI::enterprises.2011.2.6.7.1.1.2.1.5.0.19 = INTEGER: -1

Temperature:
snmpwalk -v 2c -c ixnfo 192.168.0.5 1.3.6.1.4.1.2011.6.3.3.2.1.13
SNMPv2-SMI::enterprises.2011.6.3.3.2.1.13.0.3 = INTEGER: 27
SNMPv2-SMI::enterprises.2011.6.3.3.2.1.13.0.8 = INTEGER: 20
SNMPv2-SMI::enterprises.2011.6.3.3.2.1.13.0.9 = INTEGER: 21
SNMPv2-SMI::enterprises.2011.6.3.3.2.1.13.0.18 = INTEGER: 2147483647
SNMPv2-SMI::enterprises.2011.6.3.3.2.1.13.0.19 = INTEGER: 2147483647

As you can see, the CPU load, temperatures for the GPON board and two control boards are displayed.

power (* 0.1)
snmpwalk -v 2c -c ixnfo 192.168.0.5 1.3.6.1.4.1.2011.2.6.7.1.1.1.1.11
SNMPv2-SMI::enterprises.2011.2.6.7.1.1.1.1.11.0 = INTEGER: 537

See also my articles:

Leave a comment

Leave a Reply