Huawei EGW1520A User Manual
eSpace EGW1520 Enterprise Gateway |
|
|
|
Product Documentation |
|
7 Feature Description and Implementation |
|
|
|
|
|
|
Parameter |
Description |
|
|
|
|
|
|
|
|
IPv4: Internet Protocol version 4, which is the first widely |
|
|
|
used protocol version and is at the core of standards-based |
|
|
|
Internet technology. |
|
|
|
AppleTalk: A proprietary suite of protocols developed by |
|
|
|
Apple Inc. to provide communication services for Apple |
|
|
|
computers, such as file transfer, printing, email, and other |
|
|
|
network services. |
|
|
|
IPX: Internet Packet Exchange (IPX) protocol stack, which is |
|
|
|
supported by Novell's NetWare operating system. |
|
|
|
NetBEUI: Network Basic Input/Output System (NetBIOS) |
|
|
|
Extended User Interface, which is a non-routable protocol |
|
|
|
developed for the IBM to transfer NetBIOS messages. |
|
|
|
IGMP: Internet Group Management Protocol, which is used by |
|
|
|
hosts and neighboring routers on IP networks to establish |
|
|
|
multicast group memberships. |
|
|
|
|
|
Destination MAC |
Indicates the destination MAC address. For example, value |
|
|
Address |
00:01:6C:4C:58:FE indicates that the ADSL port filters data |
|
|
|
frames whose destination MAC addresses are |
|
|
|
00:01:6C:4C:58:FE. If this parameter is left blank, the ADSL port |
|
|
|
filters the destination MAC addresses for all data frames. |
|
|
|
|
|
|
Source MAC Address |
Indicates the source MAC address. For example, value |
|
|
|
90:FB:A6:14:9E:5A indicates that the ADSL port filters data |
|
|
|
frames whose source MAC addresses are 90:FB:A6:14:9E:5A. If |
|
|
|
this parameter is left blank, the ADSL port filters the source MAC |
|
|
|
addresses for all data frames. |
|
|
|
|
|
|
Frame Direction |
Indicates the direction in which a data frame is transmitted. The |
|
|
|
options are as follows: |
|
LAN<=>WAN: The ADSL port filters the MAC addresses for data frames that are transmitted mutually between the LAN and WAN ports.
WAN=>LAN: The ADSL port filters the MAC addresses for data frames that are transmitted from the WAN ports to the LAN ports.
LAN=>WAN: The ADSL port filters the MAC addresses for data frames that are transmitted from the LAN ports to the WAN ports.
5.Click 
to save the settings. Figure 7-260 shows the configuration result.
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
349 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
7 Feature Description and Implementation |
Figure 7-260 Configuration result
Value BOTH indicates that the ADSL port filters the MAC addresses for data frames that are transmitted from the LAN port to the WAN port and from the WAN port to the LAN port.
----End
7.6.5 URL Filter
Using the URL filtering feature, an enterprise or a family can prevent its members from visiting certain websites.
Description
Principle
At present, contents at many websites are illegal or improper because they are not effectively supervised or restricted. Therefore, more and more enterprises use the URL access control function to ensure information security and restrict URL access.
As shown in Figure 7-261, URL filtering is used to:
Control access to websites containing content including pornography, terrorism, violence, gambling, or illegal information.
Shield phishing websites to protect employees' privacy.
Shield malicious websites to protect the enterprise's private network from attack.
Provide customized services for enterprises, for example, allow employees to access specified websites.
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
350 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
7 Feature Description and Implementation |
Figure 7-261 URL filtering
Implementation
The EGW1520 provides the following URL filter modes:
Include
URLs in the whitelist can be accessed.
Exclude
URLs in the blacklist cannot be accessed.
Use either whitelist or blacklist mode.
EGW1520 can filter the whole URL (for example, http://www.example.com) or the keyword in the URL (for example, example.com).
Specification
Maximum number of URLs to be filtered at the same time: 100
Maximum length of each URL: 128 bytes
Full match and partial match
Limitation
Wildcards, for example, using * for full match, are not allowed in filtering rules.
Configuration
Prerequisite
You have logged in to the web management system. For details, see 7.7.1 Web Management.
Procedure
Step 1 On the web management system, choose Network > Security from the navigation tree.
Step 2 Click the Filter URL tab.
The page shown in Figure 7-262 is displayed.
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
351 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
7 Feature Description and Implementation |
Figure 7-262 Configuring the URL filter (1)
Step 3 Select a URL filter mode, for example, Exclude.
Include
URLs in the whitelist can be accessed.
Exclude
URLs in the blacklist cannot be accessed.
Step 4 Click 
to save the filter mode.
The page shown in Figure 7-263 is displayed.
Figure 7-263 Configuring the URL filter (2)
Step 5 Click 
to add a URL to be filtered.
The page shown in Figure 7-264 is displayed.
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
352 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
7 Feature Description and Implementation |
Figure 7-264 Configuring the URL filter (3)
Step 6 Enter the URL to be filtered (a compete URL or keywords) and the port number. The default port number is 80.
Step 7 Click 
to save the settings.
Figure 7-265 shows the configuration result.
Figure 7-265 Configuring the URL filter (4)
----End
7.6.6 Virtual Server
After configuring the virtual server, users can access to servers in the private network, and enable services, such as web browsing and FTP download.
Description
A virtual server functions as a public server in the private network. Users in the external network can use services that the virtual server provides (such as web and FTP download services) after accessing the external address obtained from the EGW1520. Figure 7-266 shows the typical network.
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
353 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
7 Feature Description and Implementation |
Figure 7-266 Typical virtual server network
Configuration
Prerequisites
You have logged in to the web management system. For details, see 7.7.1 Web Management.
The EGW1520 has been connected to the upstream network and the NAT function has been enabled.
Required services and port numbers have been enabled on the private network.
Procedure
Step 1 On the web management system, choose Network > Security from the navigation tree.
Step 2 Click the Virtual Server tab.
The page shown in Figure 7-267 is displayed.
Figure 7-267 Configuring a virtual server (1)
Step 3 Click 
to add a virtual server.
The page shown in Figure 7-268 is displayed.
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
354 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
7 Feature Description and Implementation |
Figure 7-268 Configuring a virtual server (2)
Step 4 Set parameters according to Table 7-68.
Table 7-68 Parameter description
|
|
Parameter |
|
|
Description |
|
|
|
|
|
|
|
|
|
|
Select a Service |
|
|
Indicates the service that is provided by the virtual server, such as |
|
|
|
|
|
|
the web, mail, and FTP services. The service must be enabled on |
|
|
|
|
|
|
the internal server(Multiple services can be enabled on a server in |
|
|
|
|
|
|
the internal network). |
|
|
|
|
|
|
|
|
|
|
Custom Service |
|
|
Allows you to define a service different from options in the Select |
|
|
|
|
|
|
a Service drop-down list box. The service that you define must be |
|
|
|
|
|
|
enabled on the internal server. |
|
|
|
|
|
|
|
|
|
|
Virtual Server IP |
|
|
Indicates the IP address of the internal server, for example, |
|
|
|
Address |
|
192.168.1.5. |
|
|
|
|
|
|
|
|
|
|
|
External Port Start |
|
Indicates the start and end port numbers that the virtual server |
|
|
|
|
|
|
|
provides for external users. External users can use the port |
|
|
|
External Port End |
|
|
|
|
|
|
|
|
numbers between the start and end port numbers to access the |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
virtual server. You are advised to use the default value. |
|
|
|
|
|
|
|
|
|
|
Protocol |
|
|
Indicates the transfer protocol used by the virtual server, for |
|
|
|
|
|
|
example, TCP for the web server. |
|
|
|
|
|
|
|
|
|
|
Type |
|
|
Indicates the port count used by the internal server. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
355 |
||||
Copyright © Huawei Technologies Co., Ltd.
eSpace EGW1520 Enterprise Gateway |
|
|
|
|
||
Product Documentation |
|
|
|
7 Feature Description and Implementation |
||
|
|
|
|
|
|
|
|
|
Parameter |
|
|
Description |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Single: The internal server uses only one port. |
|
|
|
|
|
|
Range: The internal server uses multiple ports. Port numbers |
|
|
|
|
|
|
on the internal server must be the same as those provided by |
|
|
|
|
|
|
the virtual server for external access, and you cannot change |
|
|
|
|
|
|
them. |
|
|
|
|
|
|
|
|
|
Internal Port Start |
|
|
Indicates the start and end port numbers that the internal server |
|
|
|
|
|
|
provides for external users, which must be the same as the start |
|
|
|
Internal Port End |
|
|
||
|
|
|
|
and end port numbers that the virtual server provides for external |
||
|
|
|
|
|
||
|
|
|
|
|
users. |
|
|
|
|
|
|
|
|
Step 5 Click 
to save the settings.
Figure 7-269 shows the configuration result.
Figure 7-269 Configuring a virtual server (3)
After the configuration is successful, external users can access the internal server through the EGW1520 WAN port or the ADSL IP address and port number.
----End
Typical Configuration Example
Network Requirements
Users access the Internet through EGW1520 and want to configure a web server and an FTP server on the private network to provide web and FTP download services for external users. The network requirements are as follows:
Connect EGW1520 to the Internet through the WAN port whose IP address is 11.11.11.1.
Configure a web server and an FTP server on the private network, whose IP addresses are 192.168.1.8 and 192.168.1.5 respectively.
After the configuration is complete, external systems can access the internal web server and FTP server.
Typical Network
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
356 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
7 Feature Description and Implementation |
Figure 7-270 shows the typical network diagram of the virtual server.
Figure 7-270 Typical network
Procedure
For details on how to configure the web and FTP servers, see the relevant documents.
For details on how to add a virtual server, see Adding a virtual server.
1.Configure the web server software on the server whose IP address is 192.168.1.8 and enable the port number 80. Configure the FTP server software on the server whose IP address is 192.168.1.5 and enable the port number 21.
For details, see the related user guide.
2.On the web management system, add a virtual server. Figure 7-271 shows the configuration result.
Figure 7-271 Configuration result
Verification
If an external user enters http://11.11.11.1 in the address box of the Internet Explorer and accesses the web server successfully, the web server is configured successfully. Otherwise, verify the configurations of the web server software and the EGW1520 virtual server.
If an external user enters ftp://11.11.11.1 in the address box of the Internet Explorer and accesses the FTP server successfully, the FTP server is configured successfully. Otherwise, verify the configurations of the FTP server software and the EGW1520 virtual server.
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
357 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
7 Feature Description and Implementation |
An external user must use the IP address that EGW1520 provides for external users (WAN port IP address 11.11.11.1 in this example) to access the internal server.
7.6.7 DMZ
A virtual server enables external users to access internal servers on the private network. When multiple services are running on internal servers, several virtual servers must be configured. This makes the configuration complicated. To simplify the configuration, configure only the IP addresses for internal servers in the Demilitarized Zone (DMZ). External users can access only the internal servers (such as the WWW and FTP servers) in the DMZ but cannot use the other internal resources. This protects the internal network against illegal access.
Description
The DMZ is deployed between a public network and an enterprise's private network. Some public servers (such as the web server and FTP server) are deployed in the DMZ, as shown in Figure 7-272. The EGW1520 forwards all access requests from the public network (excluding those meeting NAT requirements) to the DMZ. This protects the internal network.
Figure 7-272 DMZ implementation
The following uses a web server in the DMZ as an example to describe the DMZ implementation.
1.After receiving external HTTP packets, the EGW1520 checks the packets. If the packets do not meet NAT requirement, EGW1520 forwards the packets to the DMZ.
2.EGW1520 converts the destination address of request packets to the DMZ web server's preset IP address, and sends the packets to the DMZ web server.
3.After receiving the request packets, the web server sends response packets to the computer on the public network. Then NAT is performed.
Configuration
Prerequisites
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
358 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
7 Feature Description and Implementation |
You have logged in to the web management system. For details, see 7.7.1 Web Management.
You have connected to the upstream network and the NAT function has been enabled. For details on how to connect to the upstream network, see 7.2 Connection Modes.
Procedure
Step 1 On the web management system, choose Network > Security from the navigation tree.
Step 2 Click the DMZ Host tab.
The page shown in Figure 7-273 is displayed.
Figure 7-273 Configuring the DMZ (1)
Step 3 Enter the DMZ host IP address, for example, 192.168.1.5.
Step 4 Click 
to save the settings.
Figure 7-274 shows the configuration result.
Figure 7-274 Configuring the DMZ (2)
----End
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
359 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
7 Feature Description and Implementation |
Typical Example
Networking Requirements
Assume that a user who uses the EGW1520 to connect to the Internet wants to deploy a web server and an FTP server on the intranet to provide website services and FTP resource download services for users on the external network. The network requirements are as follows:
The EGW1520 uses a WAN port to connect to the Internet. The IP address of the WAN port is 11.11.11.1.
Deploy a web server and an FTP server on the same computer on the EGW1520's intranet. The IP address is 192.168.1.5.
Configure the DMZ to enable users on the external network to access the web server and FTP server.
Typical Network
Figure 7-275 shows the typical network.
Figure 7-275 DMZ typical network
Configuration Procedure
For details on how to configure the web and FTP servers, see the relevant documents.
For details on how to configure the DMZ, see Configuration.
1.On the computer whose IP address is 192.168.1.5, configure the web server and the FTP server.
For details, see the related user guide.
2.Configure the DMZ on the web management system. Figure 7-276 shows the configuration result.
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
360 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
7 Feature Description and Implementation |
Figure 7-276 Configuration result
Verification
Start the Internet Explorer and enter http://11.11.11.1 in the address box as a user on the external network. If the web server is connected, the configuration is successful. If the web server is not connected, check the IP address setting of the DMZ host on the web server and EGW1520.
Start the Internet Explorer and enter ftp://11.11.11.1 in the address box as a user on the external network. If the FTP server is connected, the configuration is successful. If the FTP server is not connected, check the IP address setting of the DMZ host on the FTP server and EGW1520.
An external user must use EGW1520 external IP address (in this topic, it is the IP address of the WAN port 11.11.11.1) to access internal servers.
7.6.8 Remote Login
This topic describes how to remotely configure and maintain the EGW1520 by connecting to uplink ports (WAN, ADSL, or 3G port).
The EGW1520 provides a public IP address for remote maintenance.
Enabling Remote Login
Step 1 On the web management system, choose Network > Security from the navigation tree.
Step 2 Click the Remote login tab.
The page shown in Figure 7-277 is displayed.
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
361 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
7 Feature Description and Implementation |
Figure 7-277 Configuring remote login
Step 3 Select Enable.
Step 4 Click 
to save the settings.
----End
Obtaining the Public IP Address of EGW1520
Step 1 On the web management system, choose Management > Status from the navigation tree.
Step 2 Click the Network tab.
The page shown in Figure 7-278 is displayed.
Figure 7-278 Obtaining the IP address of EGW1520
Step 3 View the IP address of EGW1520. The IP address in Figure 7-278 is the public IP address of EGW1520.
----End
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
362 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
7 Feature Description and Implementation |
Logging In to EGW1520 Remotely
Step 1 Use the Internet Explorer (6.0 or a later version) on your computer to access the public IP address of EGW1520.
When you log in to the EGW1520 using HTTP, the EGW1520 automatically changes your login mode to HTTPS to ensure communication security.
If the security level of your browser is not set properly, the system notifies you that the certificate is incorrect, as shown in Figure 7-279.
Figure 7-279 Prompt information
Click 
to continue your operation.
The page shown in Figure 7-280 is displayed.
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
363 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
7 Feature Description and Implementation |
Figure 7-280 Logging in to the EGW1520
Step 2 Enter the user name (initial user name is admin) and password (initial password is
Admin@123) and click 
.
----End
7.7 Operations and Maintenance
The EGW1520 can be managed on web pages or in TR-069 mode.
7.7.1 Web Management
The web management system allows users to set parameters, detect faults, and upgrade devices.
The EGW1520 also supports remote login, from which you can remotely configure and maintain the
EGW1520. For details about how to remotely log in to the EGW1520, see 7.6.8 Remote Login.
Prerequisite
Before logging in to the web management system, ensure that the configuration environment is ready.
1.Prepare a PC (maintenance terminal).
The PC must meet the following requirements:
−Has the Ethernet adapter installed, supporting TCP/IP.
−Has Windows XP or later operating system installed.
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
364 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
7 Feature Description and Implementation |
−Has Microsoft Internet Explorer 6.0 or later version without configuring the proxy server.
−Supports the resolution 1024 x 768 or above.
2.The console cables have been connected.
You can connect cables by using either of the following methods according to the network:
−Use the straight-through cable to connect the EGW1520 LAN port to the PC network port.
−Use the straight-through cable to connect the EGW1520 LAN port to the PC network port through the switch or hub.
3.The PC IP address has been set.
The IP addresses of the PC and EGW1520 must be on the same network segment. For example, if IP address of the EGW1520 is 192.168.1.1 (default value), the PC IP address can be set to 192.168.1.x, where x ranges from 2 to 254.
By default, DHCP is enabled on an EGW1520. The PC can use the automatic mode to obtain the IP address.
Background
Users can access the web management system in the following two modes:
HTTPS
The web browser interacts with the EGW1520 using HTTPS, which ensures user information security.
HTTP
The web browser interacts with the EGW1520 using HTTP.
Only HTTPS access mode is enabled on EGW1520 by default. The HTTP access mode can be enabled on the page for configuring the LAN. For details, see Configuring the LAN.
HTTP transmits plain text. Use HTTP to perform web management only in trusted networks.
If only the HTTPS mode is enabled, the system switches to the HTTPS mode automatically when you access the EGW1520 in HTTP mode.
Procedure
Step 1 Log in to the EGW1520 using Internet Explorer 6.0 or later. The default URL is https://192.168.1.1.
The page shown in Figure 7-281 is displayed.
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
365 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
7 Feature Description and Implementation |
Figure 7-281 Logging in to the web management system (1)
The default IP address of the EGW1520, login user name, and password can be obtained from the label at the bottom of the EGW1520.
After logging in to the web management system, you can change IP address of the EGW1520. For details, see Configuring the LAN.
Step 2 Enter the user name and password, and click Log In.
Administrator: The user name is admin and the password is Admin@123.
Common user: Both the initial user name and password are the internal number of a common user.
Choose Management > Password to change the password after the initial login.
Make a note of your password and keep it in a safe place. Do not share your password with anyone. If you forget your password, press and hold the RESET button on EGW1520 for more than six seconds, and log in to the web management system using the default password Admin@123. The configuration is restored to factory settings.
If you fail to log in to the web management system for 5 consecutive times in 10 minutes, the system locks your PC IP address for 30 minutes.
If you do not perform any operation in 10 minutes after logging in to the web management system, the login times out and the system requires re-login to ensure security.
----End
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
366 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
7 Feature Description and Implementation |
7.7.2 TR-069
The Technical Report 069 (TR-069) is a DSL forum (which was later renamed as broadband forum) technical specification entitled CPE WAN Management Protocol (CWMP). It defines an application layer protocol for remote management of end-user devices.
Description
This topic describes the principle, implementation, specification, and limitation of the
TR-069.
Principle
The Technical Report 069 (TR-069) is a DSL forum (which was later renamed as broadband forum) technical specification entitled CPE WAN Management Protocol (CWMP). It defines an application layer protocol for remote management of end-user devices. As a bidirectional SOAP/HTTP-based protocol, it provides the communication between customer premises equipment (CPE) and Auto Configuration Servers (ACS). It includes both a safe auto configuration and the control of other CPE management functions within an integrated framework.
Customer premises equipment, such as gateways and set top boxes (STBs) are scattered on the user side. Maintenance personnel need to provide on-site services when configuration modification or troubleshooting is required, which increases management difficulty. TR-069 enables you to manage and maintain user's devices remotely on the network side. Details about the functions that TR-069 provides are as follows:
Configuration management
Installs CPE without configurations and modifies parameter settings remotely.
Version management
Manages CPE software and firmware, for example, download the software version, and back up and restore the configuration file.
Remote monitoring
Monitors the CPE status and performance, and queries the CPE status.
GUI-based management
Manages NEs on the EMS in GUI mode.
Alarm management
Reports alarms to the EMS and instructs the EMS to delete an alarm in time once the alarm is cleared.
Implementation
As a CPE, EGW1520 supports TR-069, Figure 7-282 shows TR-069 network.
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
367 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
7 Feature Description and Implementation |
Figure 7-282 TR-069 network diagram
ACS |
Auto-Configuration Server |
|
|
BRAS |
Broadband Remote Access Server |
|
|
DSLAM |
Digital Subscriber Line Access Multiplexer |
|
|
CPE |
Customer Premises Equipment |
|
|
EGW1520 uses the ADSL port or WAN port to connect to ACS. The preceding figure uses the ADSL port as an example.
Specification
TR-069
TR-098
TR-104
Limitation
N/A
Setting TR-069 Parameters on the ACS
This topic describes how to set TR-069 parameters on the ACS.
TR-069 Connection Parameters
For details about configurations on the ACS, see the related ACS configuration guide. This topic only lists TR-069 parameters for the ACS to connect to EGW1520, as shown in Table 7-69.
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
368 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
|
Product Documentation |
7 Feature Description and Implementation |
|
|
Table 7-69 TR-069 connection parameters |
|
|
|
|
|
Parameter |
Description |
|
|
|
|
ACS URL |
Indicates the ACS URL. For example, http://www.acs.com. |
|
|
|
|
ACS User Name |
Indicates the user name for the ACS to authenticate the |
|
|
TR-069 client, which must be the same as the user name on |
|
|
the ACS. |
|
|
|
|
ACS Password |
Indicates the password for the ACS to authenticate the |
|
|
TR-069 client, which must be the same as the user name on |
|
|
the ACS. |
|
|
|
|
Connection Request User |
Indicates the user name for the TR-069 client to authenticate |
|
Name |
the ACS, which must be the same as the user name on the |
|
|
TR-069 client. |
|
|
|
|
Connection Request |
Indicates the password for the TR-069 client to authenticate |
|
Password |
the ACS, which must be the same as the user name on the |
|
|
TR-069 client. |
|
|
|
|
Connection Request URL |
Indicates the URL of the TR-069 client. For example, |
|
|
http://192.168.1.1:8081/CPE. 192.168.1.1 is the IP address of |
|
|
the EGW1520 local area network (LAN) gateway. |
|
|
|
Setting TR-069 Parameters on the CPE
This topic describes how to set TR-069 parameters on the EGW1520.
Prerequisites
You have logged in to the web management system. For details, see 7.7.1 Web Management.
Procedure
Step 1 On the web management system, choose Management > TR-069 Client from the navigation tree.
The page shown in Figure 7-283 is displayed.
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
369 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
7 Feature Description and Implementation |
Figure 7-283 TR-069 client configuration
Step 2 Set parameters according to Table 7-70.
Table 7-70 Parameter description
|
Parameter |
|
Description |
|
|
|
|
|
|
|
Manufacturer |
|
Indicates the device manufacturer. |
|
|
|
|
||
|
Manufacturer OUI |
Indicates the organizationally Unique Identifier (OUI) |
||
|
|
|
of the manufacturer. |
|
|
|
|
|
|
|
Product Class |
|
Indicates the device model. |
|
|
|
|
|
|
|
Device SN |
|
Indicates the device sequence number. |
|
|
|
|
|
|
|
WAN Interface Used by TR-069 |
Indicates the WAN port on the TR-069 client |
|
|
|
Client |
|
connected to the ACS. |
|
|
|
|
|
|
|
ACS URL |
|
Indicates the ACS URL. For example, |
|
|
|
|
http://www.acs.com. |
|
|
|
|
|
|
|
ACS User Name |
|
Indicates the user name for the ACS to authenticate the |
|
|
|
|
TR-069 client, which must be the same as the user |
|
|
|
|
name on the ACS. |
|
|
|
|
|
|
|
ACS Password |
|
Indicates the password for the ACS to authenticate the |
|
|
|
|
TR-069 client, which must be the same as the user |
|
|
|
|
name on the ACS. |
|
|
|
|
|
|
|
Connection Request URL |
Indicates the URL of the TR-069 client. |
|
|
|
|
|
|
|
|
Connection Request User Name |
Indicates the user name for the TR-069 client to |
|
|
|
|
|
authenticate the ACS, which must be the same as the |
|
|
|
|
user name on the TR-069 client. |
|
|
|
|
|
|
|
Connection Request Password |
Indicates the password for the TR-069 client to |
|
|
|
|
|
authenticate the ACS, which must be the same as the |
|
|
|
|
|
|
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
370 |
||
|
Copyright © Huawei Technologies Co., Ltd. |
|
||
eSpace EGW1520 Enterprise Gateway |
|
|
|
Product Documentation |
|
7 Feature Description and Implementation |
|
|
|
|
|
|
Parameter |
|
Description |
|
|
|
|
|
|
|
user name on the TR-069 client. |
|
|
|
|
|
Manual Trigger |
|
Initiates the session to the ACS manually by clicking |
|
|
|
Trigger. |
|
|
|
|
|
Inform |
|
Indicates whether to initiate a session to the ACS |
|
|
|
periodically. |
|
|
|
|
|
Inform Interval(Sec) |
|
Indicates the interval to initiate a session to the ACS, in |
|
|
|
seconds. The default value is 1800. |
|
|
|
|
Step 3 Click |
to save the settings. |
||
|
----End |
|
|
Result
After the EGW1520 is connected to the ACS by using TR-069, use ACS to configure and manage the EGW1520. TR-069 parameters reference lists parameters in the TR-069 data model.
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
371 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
8 Diagnosis Mode |
8 Diagnosis Mode
About This Chapter
This topic describes diagnosis modes for the EGW1520.
8.1Enabling the Debug Log
This topic describes how to enable the debug log for each process. The system can generate the debug logs for different processes.
8.2Configuring Traffic Mirroring
This section describes how to configure traffic mirroring to capture packets. Traffic mirroring allows you to use a packet capture tool on the mirroring port to obtain information about packets entering or leaving the monitored port.
8.3Downloading Black Box Files
This topic describes how to download black box files.
8.4Pinging IP Addresses
This topic describes how to ping an IP address. Using the ping function, you can ping the peer device of the EGW1520 to check the connection between them.
8.1 Enabling the Debug Log
This topic describes how to enable the debug log for each process. The system can generate the debug logs for different processes.
Large amounts of logs are generated during the EGW1520 running process.
By default, the system does not generate the debug logs. To generate the debug logs, enable the debug log and log generation function, set the log level to debug, and configure the log saving mode. For details, see 9.4 Managing System Logs.
Procedure
Step 1 On the web management system, choose Diagnose > Debug Logs from the navigation tree.
The page shown in Figure 8-1 is displayed.
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
372 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
8 Diagnosis Mode |
Figure 8-1 Enabling the debug logs for each module
Step 2 Enable the debug logs for modules according to Table 8-1.
Table 8-1 Parameter description
|
Parameter |
Description |
|
|
|
|
Output |
Debug logs are generated when the system starts. For example, when you |
|
debug-level |
want to debug the system during system startup, enable this function. |
|
log in start-up |
|
|
process |
|
|
|
|
|
Voice services |
Debug logs for voice services are generated. For example, when the |
|
|
synchronization server cannot synchronize service data, enable this |
|
|
function. |
|
|
|
|
Network |
Debug logs for network services are generated. For example, when you |
|
services |
want to view the IP address obtained by EGW1520 that functions as a |
|
|
client, enable this function. |
|
|
|
|
System |
Debug logs for system management are generated. For example, when |
|
management |
you want to view message sending and receiving information in the |
|
|
system, enable this function. |
|
|
|
|
Configuration |
Debug logs for configuration management are generated. For example, |
|
management |
when you want to monitor network time synchronization, enable this |
|
|
function. |
|
|
|
Step 3 Click |
to save the settings. |
|
|
----End |
|
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
373 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
8 Diagnosis Mode |
8.2 Configuring Traffic Mirroring
This section describes how to configure traffic mirroring to capture packets. Traffic mirroring allows you to use a packet capture tool on the mirroring port to obtain information about packets entering or leaving the monitored port.
Procedure
Step 1 On the web management system, choose Diagnose > Packet Mirroring from the navigation tree.
The page shown in Figure 8-2 is displayed.
Figure 8-2 Traffic mirroring
Step 2 Set parameters according to Table 8-2.
Table 8-2 Parameters
|
Item |
|
Description |
|
|
|
|
|
|
|
|
|
Monitored |
|
Port that the mirroring port monitors. |
|
|
|
port |
|
|
|
|
|
|
|
|
|
|
|
Direction |
|
Direction in which packets are monitored: |
|
|
|
|
|
|
IN: Only the packets that the EGW1520 receives on the monitored |
|
|
|
|
|
port are monitored. |
|
|
|
|
|
OUT: Only the packets that the EGW1520 sends from the monitored |
|
|
|
|
|
port are monitored. |
|
|
|
|
|
BOTH: The packets that the monitored port receives and sends out are |
|
|
|
|
|
monitored. |
|
|
|
|
|
||
|
Mirroring port |
|
Port that captures packets from the monitored port. As shown in Figure |
||
|
|
|
|
|
|
|
|
|
|
|
|
Issue 01 (2012-05-15) |
|
Huawei Proprietary and Confidential |
374 |
||
|
|
Copyright © Huawei Technologies Co., Ltd. |
|
||
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
8 Diagnosis Mode |
Item 
Description
8-2, interface LAN3 captures the incoming and outgoing packets on interface LAN1.
NOTE
Manage the captured packets carefully.
Step 3 Click 
to save the settings.
----End
8.3 Downloading Black Box Files
This topic describes how to download black box files.
Critical or minor defects that occur during the EGW1520 running process are recorded in black box files. You can view black box files to analyze system exceptions.
Procedure
Step 1 On the web management system, choose Diagnose > Black Box from the navigation tree.
The page shown in Figure 8-3 is displayed.
Figure 8-3 Downloading black box files
Step 2 Select a black box file to download.
Step 3 Click 
to save the file to the local host or other hosts on the network as prompted.
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
375 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
8 Diagnosis Mode |
To delete a black box file, select the file and click |
. |
|
|
----End |
|
8.4 Pinging IP Addresses
This topic describes how to ping an IP address. Using the ping function, you can ping the peer device of the EGW1520 to check the connection between them.
Procedure
Step 1 On the web management system, choose Diagnose > Ping Diagnose from the navigation tree.
The page shown in Figure 8-4 is displayed.
Figure 8-4 IPPing Diagnose page
Step 2 Select Bind Interface.
Step 3 Set parameters according to Table 8-3.
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
376 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
||
Product Documentation |
8 Diagnosis Mode |
||
|
Table 8-3 Parameter settings |
||
|
|
|
|
|
Parameter |
|
Description |
|
|
|
|
|
IP/Domain |
|
The IP address that will be pinged. |
|
|
|
|
|
Packet Length |
|
Size of packets that are sent during the ping operation. The packet size |
|
|
|
ranges from 20 bytes to 1500 bytes. |
|
|
|
|
Step 4 Click |
. |
||
The page shown in Figure 8-5 is displayed.
Figure 8-5 Diagnosis result
----End
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
377 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
eSpace EGW1520 Enterprise Gateway |
|
Product Documentation |
9 System Management |
9 System Management
About This Chapter
This topic describes how to manage and maintain the EGW1520 in different modes.
9.1Configuring the System Time
This topic describes how to configure the system time manually and how to synchronize the NTP server time.
9.2Managing the Configuration File
This topic describes how to back up and load the configuration file.
9.3Restoring Factory Settings
This topic describes how to restore factory settings.
9.4Managing System Logs
This topic describes how to manage system logs.
9.5Viewing Alarms
This topic describes how to view alarms. You can analyze the exceptions occur during system running according to the alarms.
9.6Viewing Security Logs
This topic describes how to view security logs to query the recent operations.
9.7Viewing Electronic Labels
You can learn about the device information based on its electronic label.
9.8Downloading Call Records
This topic describes how to back up call records on the local computer.
9.9One-Click Download
This topic describes how to use the one-click download function to collect system information. If the system is faulty, you can download system information and send it to the maintenance personnel for fault location.
9.10Changing the Password
Issue 01 (2012-05-15) |
Huawei Proprietary and Confidential |
378 |
|
Copyright © Huawei Technologies Co., Ltd. |
|
Loading...