2013年9月30日星期一

Huawei router: the Eth-Trunk Technology

The Eth-Trunk interface is a dynamically created interface, Huawei Transmission the interface can Ethernetinterface binding number of physics as a logical interface. Added to the Ethernet interface and Eth-Trunk interface are called member interface. Users only need to configure Eth-Trunk interface, the configuration will eventually mapped to member interface.
Huawei NE40 series universal switching router support routing model and two kinds of Eth-Trunk interface switching mode, switching between the two modes of interface support. Eth-Trunk interface and Ethernet interface routing mode routing model is similar, you can configure the IP address, operating a variety of routing protocols, MPLS VPN and other business. Eth-Trunk interface switching mode and the Ethernet interface exchange patternsimilar, can join the VLAN, run the STP protocol. The main characteristics of the Eth-Trunkinterface with expansion interface bandwidth, increase the link reliability and flow load sharing.
Methods the following introduce configuration of Eth-Trunk in Huawei on NE40 router:
Step 1 configure NE40E
<Quidway> System-View
[Quidway] sysname NE40E
Create a Eth-Trunk interface, and the configuration of IP address.
[NE40E] interface eth-trunk 1
[NE40E-Eth-Trunk1] IP address 192.1.1.1 24
[NE40E-Eth-Trunk1] quit
Huawei router NE40E, NE80E Eth-trunk is the default routing mode, if you want to bind toVLAN, two layer model from the three layer mode switching to Eth-Trunk interface. Thecommand will change the mode to exchange mode.
[NE40E] interface eth-trunk 1
[NE40E-Eth-Trunk1]portswitch
Execute the command portswitch, will the Eth-Trunk interface from the three layer mode to the two layer model. Switch to the two layer model, the three layers of the Eth-Trunk function and the indicator is forbidden, the SRU board (main control board) on Meth0 interface MAC address. Execute the undo portswitch command can be Eth-Trunk interface back to thethree layer model from the two layer mode switching.
The port GE1/0/0, GE2/0/0 into Eth-Trunk 1.
[NE40E] interface gigabitethernet 1/0/0
[NE40E-GigabitEthernet1/0/0] eth-trunk 1
[NE40E-GigabitEthernet1/0/0] quit
[NE40E] interface gigabitethernet 2/0/0
[NE40E-GigabitEthernet2/0/0] eth-trunk 1
[NE40E-GigabitEthernet2/0/0] quit
Step 2 check the configuration results
Implementation of display interface eth-trunk command in the NE40E, you can see theinterface state is UP.
[NE40E] display interface eth-trunk 1
Eth-Trunk1 current state: UP
Line protocol current state: UP
Description: HUAWEI, Quidway Series, Eth-Trunk1 Interface, Route Port
Hash arithmatic: According to IP
The Maximum Transmit Unit is 1500 bytes
Internet Address is 100.1.1.1/24
IP Sending Frames'Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc0e-a421
Physical is ETH_TRUNK
5 minutes input rate 0 bytes/sec, 0 packets/sec
5 minutes output rate 0 bytes/sec, 0 packets/sec
0 packets input, 0 bytes, 0 drops
0 packets output, 0 bytes, 0 drops
Hash arithmetic: According to MAC
When a router when switching mode using according to the MAC address hash
Hash arithmatic: According to IP
When a router when routing model is used according to the IP address hash
[NE40E] display trunkmembership eth-trunk 1
Trunk ID: 1
Used status: VALID
TYPE: Ethernet
Number Of Ports in Trunk = 2
Number Of UP Ports in Trunk = 1
Operate status: up
Interface GigabitEthernet1/0/0, valid, selected, operate up, weight=1,
Standby interface NULL
Interface GigabitEthernet2/0/0, valid, CSHD selected, operate down, weight=1,
Standby interface NULL
More information, please view: http://www.huanetwork.com


2013年9月26日星期四

Password recovery of the Huawei router (including all versions of BootROM)

Password recovery of the Huawei router MA5608T 
Mid-range router: method to clear password
Clear BOOTROM password:
The BOOTROM default router is not set, if lost, can only use the universal password: WhiteLily2970013
Note: the master password is case sensitive
Super password for the 5.04 AR46 Bootrom:supperman 
1, VRP 97 version, to eliminate the password, you need to upgrade to version 2.
2, VRP version 2
1> power on self test according to the "Shift+d", enter the download interface.
2> appears after the password type "*"
3> type "shift+3", namely "# input".
3, the vrp1.0 version
1> power on self test according to the "Ctrl+b", enter the download interface.
2> appears after the default password is empty, you can enter
3> type "Ctrl+p".
Delete the password, the first to enter privileged user mode, but after a reboot, or ask for your password. The problem is in what place? Because developers in the design, consider only let you eliminate the password to enter the A, used to modify a change passwords,password command is a hidden command enable password, the first time after entering thepassword and save, you can eliminate or modify as you know the password.
Router (25XX series, 25XXE series, 16XX series, 4001/4001E) erase privileges password
Restart the router;
See "Press Ctrl+B enter BootMenu message", according to the Ctrl+b BootMenu menu;
According to Ctrl+p, the screen will display "#" and BootMenu menu;
Choose Reboot.
Router reboots according few Enter key will directly enter privilege mode, skip the passwordinput privilege this link, then enter the enable password new password in global configuration mode, it can be password change for new password privileges, here we should pay attention to enable password this command to write full, otherwise the system will prompt a bad command.
Router (262X series, 36XX series, 36XXE series, 263X series, 263XE Series) erase privileges password
Restart the router;
See "Press Ctrl+B enter BootMenu message", according to the Ctrl+b BootMenu menu;
Select the Clear application password, input password prompt such privilege would not be innext startup;
Select Exit and reboot.
Router reboots according few Enter key will directly enter privilege mode, skip the passwordinput privilege this link, then enter the enable password new password in global configuration mode, it can be password change for new password privileges, here we should pay attention to enable password this command to write full, otherwise the system will prompt a bad command.
Note: the above BOOTROM version is 3.xx/4.xx
Clear cryptographic method of low end router new command line
Above all the old command line (similar to the CISCO command line, such as show run, the new command line refers to the disp Cu version)
AR router BOOTROM9.07 clear CONSOLE password:
Press Ctrl-B to enter Boot Menu
Please input Bootrom password:
Boot Menu:
1: Download application program with XMODEM
2: Download application program with NET
3: Set application file type
4: Display applications in Flash
5: Clear application password
6: Start up and ignore configuration
7: Enter debugging environment
8: Boot Rom Operation Menu
9: Do not check the version of the software
A: Exit and reboot
Enter your choice (1-A):
Select 5, select a to restart the router
BOOTROM9.06
Boot Menu:
1: Download application program with XMODEM
2: Download application program with NET
3: Clear application password
4: Start up and ignore configuration
5: Enter debugging environment
6: Boot Rom Operation Menu
7: Do not check the version of the software
8: Exit and reboot
Enter your choice (1-8):
3 then choose 8 reboot the router
BOOTROM7.06
Boot Menu:
1: Download application program with XMODEM
2: Download application program with NET
3: Clear application password
4: Start up and ignore configuration
5: Enter debugging environment
6: Boot Rom Operation Menu
7: Do not check the version of the software
8: Exit and reboot
Enter your choice (1-8):
3 after the election of 8 reboot the router
BOOTROM5.28
Press Ctrl-B to enter Boot Menu
Please input Boot ROM password:
Boot Menu:
1: Download application program with XMODEM
2: Download application program with NET
3: Clear configuration
4: Start up and ignore configuration
5: Boot ROM Operation Menu
6: Do not check the version of the software
7: Exit and reboot
Enter your choice (1-7):
Choose 3 will clear configuration, choose 4 ignores configuration to factory settings start
Shipment will be completed after the change password router DOWN configuration and then import
BOOTROM5.1
Press Ctrl-B to enter Boot Menu
Please input Bootrom password:
Boot Menu:
1: Download application program
2: Download Bootrom program
3: Modify Bootrom password
4: Exit the menu
5: Reboot
Enter your choice (1-5):
Press ctrl+p and then choose to remove the password 5
Ignore configuration clear password and then import the configuration steps
1, re configure the router Ethernet address
[Router-Ethernet1]ip address 192.168.10.1 255.255.255.0
2, ensure that the PC and router Ethernet port to communicate
3, in the router configuration for a FTP account to PC from the DOWN configuration
[Router]local-user FTP password SIM FTP ftp-directory flash:/
4, start the routers on the FTP service
[Router]ftp-server enable
Enter CMD run bar 4, in PC
FTP 192.168.10.1
Enter the user name FTP password FTP
Hash
LCD c:\ specifies the download configuration file directory
Get config
Then write the or notepad to open the password change after put.
Note: upload later need not save the configuration, if the SAVE configuration, the configuration will upload cover.
Summary: BOOTROM 5.28/7.03/7.05/7.06/9.03/9.05/9.06/9.07 clear password way basicallyis the same, is nothing more than Clear application password or Start up and ignoreconfiguration X1CA

BOOTROM 5.1 clear password by ctrl+p
More: 
http://jkemma990.wordpress.com/

2013年9月25日星期三

Analysis of the router data packet

Data packet is transmitted in TCP/IP OSN 8800 communication protocol data unit, a single message is divided into a plurality of data blocks, the block of data called a package, which contains the address information of the sender and receiver. The package and then along different paths in one or more of the network transmission, and reassembled at the destination.
Structure data, the data packet is very complicated, here mainly about its key componentscan be, it is very important for the understanding of the principle of TCP/IP protocolcommunication.
The packet is mainly composed of the destination IP address, source IP address, payloaddata and other parts, structure of data packets and we usually write very similar, the destination IP address that the packet is to be sent to the who, the equivalent of the recipient address, IP source address that the packet is from where, quite the sender address, andpayload data is equivalent to the content of the letter.
Two, it is because the data packets having such a structure, installation of the TCP/IP protocol between computer can communicate with each other. We based on the TCP/IP protocol network when in use, the network transmission of data packet is in fact.
To understand the data packet, is of critical importance to the network security of network management, you get online open webpage, this simple act, is that you have to send data packets to the site, after it receives the transmitted data packets, according to your IP address, return to your webpage data packet, that is to say, the webpage browsing, is actually to exchange data packets.
Three, packet filtering is sometimes referred to as static packet filtering, it analyzes theafferent and efferent and data packets according to the established standard transfer or block packets to control access to the network, when the router according to filter rules for forwarding or reject packet, it will serve as a packet filter.
When a packet arrives on the data packet filtering router, the router will extract someinformation from the packet header, according to filter rules determine the packet should bepassed or should be discarded. Packet filtering work in the network layer of the open systems interconnection model, or Internet layer TCP/IP.
Four, as the third layer of equipment, data packet filtering router based on the source and destination IP address, source port and destination port and protocol of data packet, use the rules to determine should allow or reject flow. These rules are defined using the access control list, ACL is a sequential list a series of permit or deny statements, is applied to the IPaddress or the upper layer protocol. ACL can extract information from the packet header,tested according to the rules, and then decide to allow or reject.
Through the data packet capture software, can also be the data packet capture and analysis.Is to use packet interface diagram, capture software Iris to capture data packets on this, we can clearly see the captured data packet MAC address, IP address, protocol type, port number and other details, through the analysis of these data, SL4D the network administrator can know the network exactly what kind of data packets in the activity.
more: http://demoploo.tumblr.com