QTech QSR-3920 Series, Configuration Manual

Page 1: ...CONFIGURATION MANUAL www qtech ru QSR 3920 Series Router Configuration Manual QSR 3920 08...

Page 2: ...Device 20 2 3 2 Configure a Local Device to Log in to a Remote Device via Telnet 22 2 3 3 Configure a Local Device to Log in to a Remote Device via SSH 23 3 SYSTEM CONTROL AND MANAGEMENT 25 3 1 Overv...

Page 3: ...ons 66 5 2 4 Download Files from the FTP 68 5 2 5 Execute a Configuration File Manually 69 5 2 6 Configure Startup Parameters 69 5 2 7 File System Managing Monitoring and Maintaining 70 5 3 Typical Co...

Page 4: ...em Fan Alarms 89 8 2 4 Configure System Alarm Parameters 89 8 2 5 System Alarm Monitoring and Maintaining 90 9 SYSTEM LOG MANAGEMENT 91 9 1 Overview 91 9 2 System Log Function Configuration 92 9 2 1 C...

Page 5: ...figuring the Bootloader Functions 117 11 2 2 Set the Bootloader Boot Parameters 117 11 2 3 Upgrade the Bootloader Program 118 11 2 4 Bootloader Monitoring and Maintaining 119 11 3 Typical Configuratio...

Page 6: ...nfigure the device directly in this mode Logging in to the device by remote dial up through a Modem The device cannot be configured directly in this mode that is before configuration some preparations...

Page 7: ...ons and chapters The following table shows how to enter the common command modes and switch over between the modes Table 1 2 System modes and methods of switching over between the modes Mode How to En...

Page 8: ...e run the ip access list standard or ip access list extended command Hostname con fig std nacl Hostname con fig ext nacl Run the exit command to exit to the global configuration mode Run the end comma...

Page 9: ...elp Help Full help Partial help With the above types of online help users can obtain various help information The following gives some examples To obtain a brief description of the online help system...

Page 10: ...ion factor alarm of the cpu or memory apply Command apply arp Set a static ARP entry banner Define a login banner bgp BGP information bridge Bridge Group cam Config cam global parameters cardreset exc...

Page 11: ...rror messages to the users The following table shows common error messages Table 1 3 Command line error messages Error Message Error Cause Invalid input detected at marker No command or key word is fo...

Page 12: ...own arrow keys when you telnet to the device in the Windows 98 or Windows NT OS set Terminals Preferred Options Simulation Options to VT 100 ANSI History command display is based on the current comman...

Page 13: ...e end of the command line Ctrl U Deletes all characters on the left of the cursor till the beginning of the command line Display Features To facilitate users the command line interface provides the fo...

Page 14: ...Configuration manual 1 System Operation Basics 14 www qtech ru Any other keys Exit the display Then the information that has not been displayed will not be displayed...

Page 15: ...System Login Function Configuration Table 2 1 System login function configuration list Configuration Tasks Logging in to the device through the Console port Configuring remote login through Telnet Ena...

Page 16: ...via the console port Step 3 Configure the HyperTerminal After powering on the terminal you need to set the communication parameters of the terminal that is baud rate of 9600 bps 8 data bits 1 stop bi...

Page 17: ...a serial communication port Configure parameters for the serial communication port Baud rate 9600 bps Data bit 8 bits Parity check None Stop bit 1 bit Data stream control None Figure 2 4 Configuring p...

Page 18: ...ce enable the Telnet service of the device After the Telnet service of the device is enabled the Telnet service port 23 is monitored Table 2 2 Enabling the telnet service of the device Step Command De...

Page 19: ...H service of the device is enabled the SSH service port 22 is monitored If the ip ssh server command is used without parameter sshv1 compatible it indicates that an SSH client can log in only through...

Page 20: ...d The Telnet client can log in to a remote device only when the SSH service of the remote device is enabled and the network between the SSH client and the remote device is normal 2 2 4 System Login Mo...

Page 21: ...he enable password Device enable Device configure terminal Device config enable password admin Step 3 Telnet to the device On the PC run the Telnet program and input the IP address of gigabitethernet0...

Page 22: ...has been configured 2 3 2 Configure a Local Device to Log in to a Remote Device via Telnet Network Requirements The local device Device1 acts as the Telnet client while the remote device Device2 acts...

Page 23: ...rom the IP address during the specified time If the Password required but none set message is displayed it indicates that no login password has been configured 2 3 3 Configure a Local Device to Log in...

Page 24: ...pening or the IP address for the host and its host key have changed RSA key fingerprint is 7b ed cc 81 cf 12 36 6f f7 ff 29 15 63 75 64 10 Are you sure you want to continue connecting yes no yes Pleas...

Page 25: ...ong the levels level 0 has the lowest rights while level 15 has the highest rights 3 2 Login Control and Management Function Configuration Table 3 1 Configuration list of login control and management...

Page 26: ...r level authentication is required according to the current configuration and the authentication mode is selected according to the configuration If the enable password of the corresponding level has b...

Page 27: ...o input the password If passwords have been set for users of different levels on the RADIUS server after inputting the correct password the login succeeds otherwise the login fails For example in runn...

Page 28: ...only the commands with the levels 0 12 In configuring the command level you need to make use of command modes You can modify the level of a single command or all commands in a specified command mode T...

Page 29: ...nds are executed automatically By default the command execution is not delayed and the user connection is disconnected after the commands are executed automatically Table 3 5 Configuring auto commands...

Page 30: ...necessary to limit the online login quantity of one user at one time you can configure the maximum online quantity of the user Table 3 8 Configuring the maximum online quantity of the user Step Comma...

Page 31: ...er When it is necessary to limit the authentication failure times of one user you can configure the maximum failure times of the user Table 3 11 Configuring the maximum authentication failure times of...

Page 32: ...er To ensure the security of the file system you can specify the user to own one file authority preventing the illegal access Table 3 14 Configuring the file system authority of the user Step Command...

Page 33: ...6 Entering the line configuration mode of the console port Step Command Description Enter the global configuration mode configure terminal Enters the line configuration mode of the Console port line c...

Page 34: ...configuration mode of the Console port or Virtual Type Terminal VTY line con 0 vty vty min number vty max number Mandatory Configure the absolute time for the login user operation absolute timeout abs...

Page 35: ...t no command is executed automatically Configure Auto Command Execution Options You can configure delay time for auto commands and configure whether to disconnect the user connection after the command...

Page 36: ...nsole port or VTY line con 0 vty vty min number vty max number Mandatory Configuring the idle timeout exit time exec timeout exec timeout minute_number exec timeout second_number Mandatory The default...

Page 37: ...entication mode Step Command Description Enter the global configuration mode configure terminal Enter the line configuration mode of the Console port or VTY line con 0 vty vty min number vty max numbe...

Page 38: ...n mode of the Console port or VTY line con 0 vty vty min number vty max number Mandatory Configuring the accounting mode accounting exec commands level default word Mandatory For the accounting method...

Page 39: ...ion mode line vty vty min number vty max number Optional Enter the line configuration mode of the Console port line con 0 Optional Configure the ingress ACL of the IP address access class access list...

Page 40: ...obal configuration mode configure terminal Enter the line configuration mode of the Console port line con 0 Mandatory Configure the user login wait timeout time timeout login respond respond time valu...

Page 41: ...o receive data it sends the PORT command through this channel The PORT command contains through which port the client receives data Then the FTP server connects its TCP20 port to the specified port of...

Page 42: ...e transmission adopts the encryption decryption technology so the transmission efficiency is lower than the FTP file transmission 4 2 FTP FTPS TFTP and SFTP Function Configuration Table 4 1 FTP FTPS T...

Page 43: ...r num user num Optional By default the maximum allowed number of concurrent login users is 1 Configure the connection timeout time ftp timeout time Optional By default the connection timeout time is 3...

Page 44: ...he device to the FTP server and the FTP server but the other service interface addresses are available In this case users can use the ip ftp source address or ip ftp source interface commands to speci...

Page 45: ...the TFTP server For the security sake some networks may restrict the communication between the address of the outgoing interface of the route from the device to the TFTP server and the TFTP server bu...

Page 46: ...server function Step Command Description Enter the global configuration mode configure terminal Enable the SFTP server function ip ssh server sshv1 compatible listen port Mandatory By default do not...

Page 47: ...iguring a device as an FTP client Configuration Steps Step 1 Configure an FTP server and place the files to be downloaded in the FTP server directory Omitted Step 2 Configure the IP addresses of the d...

Page 48: ...FTP Hookup connect error 65 message is printed it indicates that the server cannot be reached and the cause may be that the route is not available or the server has not been started If the Total 51054...

Page 49: ...e the authorized user name and password Device1 configure terminal Device1 config user admin password 0 admin On Device1 enable the FTP service Device1 configure terminal Device1 config ftp enable on...

Page 50: ...nabled you can find that port 21 is in the listen state Step 4 Use Device2 as an FTP client to copy a startup file from FTP server Device1 to Device2 Device2 filesystem Device2 config fs copy ftp 2 0...

Page 51: ...to the FTP server via the windows DOS screen Configure the PC and FTP server to transmit data in binary mode ftp binary Figure 4 4 Configuring the PC and FTP server to transmit data in binary mode Ob...

Page 52: ...ed message is printed the cause may be that the server function is not enabled or the route between the server and the client is not reachable When you connect the FTP server through the FTP client PC...

Page 53: ...fs copy tftp 2 1 2 1 rp34 7 3 0 26 R pck file system rp34 7 3 0 26 R pck On Device copy the startup file from Device to the TFTP server Device filesystem Device config fs copy startup config tftp 2 1...

Page 54: ...ing a device as an SFTP client Configuration Steps Step 1 Configure an SFTP server and place the files to be downloaded in the SFTP server directory Omitted Step 2 Configure the IP addresses of the de...

Page 55: ...ice acts as an SFTP client The network between the server and the device is normal On the SFTP server the user name for a device to log in to the SFTP server is admin and the password is admin The fil...

Page 56: ...ftp get startup startup Fetching flash startup to startup flash startup 100 13KB 12 9KB s 00 00 After copying the file you can find the related file in the operation directory sftp ls sp8 g 6 6 7 74 d...

Page 57: ...certificate at the FTP Server and set the FTP user certificate path private key path and CA certificate path Step 3 FTP Client imports the FTP CA certificate user certificate and private key Create o...

Page 58: ...Bsile5tFv7 bHz0yqJVoUJMIaWOdmLXJj5fI5GeBCprzLM88RJCv6LBHfg4ThOC4Ds80Ssive1 eAod 7kbmVPOZg8 END CERTIFICATE Input the private key data press Enter twice after data to finish or press Enter without data...

Page 59: ...swDQYJKoZIhvcNAQEFBQADgYEAYrFZQrINHoLN9odc GctzTRGVmMcv9sJ0ncgUEfbrLu6QUodQy3jjxWFIxheJK1btfF66 ShuKtZpqJ1WE9l92tfIHwLp XT0gujtxNi02TOPBNEU7P9nUgxgfDG uhyPTeufSkfn3LCTHmGfVORF2soGSlaUPV1Zy5E9hmFZo Mhs...

Page 60: ...test index 3 My Certificate Status Valid Serial Number 109eedc1b977a43973273f7d0c538a3b Subject C RU ST moscow L moscow O foobar OU foobar E user example ru CN rsa2 Issuer C RU ST MOSCOW O FOOBAR OU F...

Page 61: ...ads the file from FTP Server Device config fs ftpscopy 1 0 0 1 a a test doc test doc VerifyType peer Downloading OK Step 5 Check the result After downloading view the downloaded file in the file syste...

Page 62: ...pplication programs Implement tasks such as route forwarding file management and system management Configuration files Store the system parameters that are configured by the users Log files Store syst...

Page 63: ...system has started normally Display the Information about a Storage Devices By displaying the information about a storage device you can view the features of the storage device and the size of the re...

Page 64: ...e fschange usb remove Mandatory Before removing the storage device first uninstall device in the same way as uninstalling a device on a PC If the storage device is not uninstalled file directory on th...

Page 65: ...ystem configuration mode filesystem Display the current working path pwd Mandatory Change the Current Working Path By changing the current working path you can switch over a user to the specified dire...

Page 66: ...Mandatory Exercise caution when deleting a directory because the operation of deleting the directory may permanently delete all sub directories and files in the directory and the files cannot be recov...

Page 67: ...Description Enter the file system configuration mode filesystem Rename a file rename src filename dest filename Mandatory Display the Content of a File In the file system you can view the content of...

Page 68: ...ted files on the FTP server to the file system via the FTP download command The ftpscopy command uses the SSL authenticated encryption mode to download files from the FTP security server The ftpscopy...

Page 69: ...ually By executing a configuration file manually you can load the configuration file in the specified path Table 5 9 Executing a configuration file manually Step Command Description Enter the file sys...

Page 70: ...and Maintaining Table 5 11 File system managing monitoring and maintaining Command Description clear boot loader bootline number Clears the startup parameters with the specified index show filesystem...

Page 71: ...t loader1 g1 rp39 7 3 2 25 v2 3 0 309 debug pck Boot loader4 backup0 rp39 7 3 2 26 v2 3 0 309 debug pck Modify the next startup file of the system to the rp39 7 3 2 26 v2 3 0 309 debug pck file stored...

Page 72: ...he system copies the backup startup configuration file to the location of the default startup configuration file and loads this startup configuration file Current configuration Current configuration i...

Page 73: ...uration the active and the backup startup configuration file save the current configuration to a specified configuration file to ensure that the content in the active and the backup startup configurat...

Page 74: ...P protocol copy running config ftp vrf vrf name hostname ip address username password dest filename ftps vrf vrf name hostname ip address username password dest filename VerifyType none peer Mandatory...

Page 75: ...tion Enter the privileged user mode enable Restore the startup configuration copy ftp ip address username password src filename startup config Mandatory Before overwriting the local startup configurat...

Page 76: ...ression redirect file file name ftp vrf vrf name hostname ip address user name password file name Display the current configuration information show startup config begin exclude include redirect expre...

Page 77: ...iguring the login security service Configuring CPU monitoring Configuring display of properties in pages 7 2 System Management Function Configuration Table 7 1 System management function list Configur...

Page 78: ...ion mode configure terminal Configure the device name hostname host name Mandatory 7 2 2 Configure the System Time and Time Zone Configuration Condition None Configure the System Time and Time Zone Th...

Page 79: ...on mode configure terminal Configure the login welcome message banner motd banner line Mandatory 7 2 4 Configure the System Exception Processing Mode Configuration Condition None Configure the System...

Page 80: ...vel or a higher level occurs the device restarts From high to low exception levels include emergency alert critical error and warn 7 2 5 Configure to Restart a Device Configuration Condition None Rest...

Page 81: ...the encryption service you need to select an encryption mode Then all passwords are encrypted in this mode Table 7 7 Configuring the encryption service Step Command Description Enter the global confi...

Page 82: ...he system finds that the number of continuous login authentication failures of a user reaches the number specified by the system the system rejects the login request from the IP address within the spe...

Page 83: ...e 7 10 Configuring the parameters of the system login security service Step Command Description Enter the global configuration mode configure terminal Configure the time of forbidding the IP address f...

Page 84: ...default CPU occupancy monitoring is disabled Enable history statistics of CPU occupancy monitor cpu Mandatory By default history statistics of CPU occupancy is enabled 7 2 10 Configure Display of Pro...

Page 85: ...ter the privileged user mode enable Configure a serial number for a module part serialnumber write mpu lpu lpu num serialnumber Mandatory Before modifying the serial number of a module part ensure tha...

Page 86: ...e restored 7 2 13 System Management Monitoring and Maintaining Table 7 15 System management monitoring and maintaining Command Description show about Display the system version information show clock...

Page 87: ...stem and their operating statuses show semaphore sem name all binary counting list mutex any pended unpended Display the information about the system semaphore show spy Display the status of the monit...

Page 88: ...n Tasks Configure system temperature alarms Configure system temperature alarms Configure system power supply alarms Configure system power supply alarms Configure system fan alarms Configure system f...

Page 89: ...Fan Alarms Configuration Condition None Configure System Fan Alarms If a system fan fault or exception occurs the system immediately generates log information about the system fan alarm This helps th...

Page 90: ...de configure terminal Configure system alarm types to be shielded sysalarm shield type minor major critical all Mandatory 8 2 5 System Alarm Monitoring and Maintaining Table 8 4 System alarm monitorin...

Page 91: ...ertain type and some functions are affected errors 3 Error message warnings 4 Warning message notifications 5 Event notification message informational 6 Message prompt and notification debugging 7 Deb...

Page 92: ...e log module collects statistics of the lost information and output the information The log module then obtains the logs one by one from the buffer at the background and outputs the logs at different...

Page 93: ...figure log display colors 9 2 1 Configure Log Output Functions Configuration Condition None Configure Log Output to the Control Console The control console refers to a Console terminal It is a channel...

Page 94: ...isplay on the monitor console logging monitor logging level Optional By default the log display function of the global monitor console is enabled Enable log display of the current monitor console term...

Page 95: ...tgoing interface for sending log information is determined according to the route The main IP address of the outgoing interface acts as the source IP address for sending log information Configure the...

Page 96: ...tions and higher levels are stored By default the flash memory stores log information of level 5 notifications and higher levels For the levels of logs refer to the detailed description in Table 2 1 B...

Page 97: ...By default log timestamps adopt the Datetime absolute time format but they also support Uptime relative time format The absolute time format records the year and the time with millisecond precision It...

Page 98: ...n 9 2 4 Configure the Log Filtration Function Configuration Condition None Configure the Log Filtration Function When configuring log filtration you can not only specify the filtration string to be di...

Page 99: ...e terminal Configure the log file capacity logging file max size file size Optional By default the log file capacity is 256000 bytes 9 2 6 Configure Log Display Colors Configuration Condition None Con...

Page 100: ...n in different colors you need to configure the color option of the terminals otherwise no color is displayed for the log information 9 2 7 System Log Monitoring and Maintaining Table 9 12 System log...

Page 101: ...are again Usually you can restart the device only after the all software versions are upgraded The following types of software are available The image program package Program package with the suffix p...

Page 102: ...ode ensure that the device can obtain the upgrade program through the external TFTP FTP server and then use the sysupdate image command to upgrade the program package Table 10 2 Upgrading the image pr...

Page 103: ...rade fails In this case you can manually delete files that are not in need from the flash memory to obtain more space for upgrading application programs It takes a long time to upgrade the image progr...

Page 104: ...a command Table 10 3 Upgrading the FPGA program through the TFTP FTP Step Command Description Enter the privileged user mode None Mandatory Upgrade the FPGA program sysupdate vrf vrf name dest ip addr...

Page 105: ...ading the bootloader program ensure that The route between the TFTP FTP server and the device interface is reachable and the TFTP FTP server and the device can ping each other successfully The TFTP FT...

Page 106: ...ce will prompt the following information downloading Bootloader PR020_29_v1 13 bin omitted OK downloading bootloader qsr3920 1 0 13 bin OK Download bootloader qsr3920 1 0 13 bin 1667912 Bytes successf...

Page 107: ...ommand manual Table 10 5 Upgrading the bootloader program via the console port Step Command Description Set the HyperTerminal None Mandatory Run the HyperTerminal program select the corresponding seri...

Page 108: ...start run command loady Ready for binary ymodem download to 0x20000000 at 9600 bps CCCC Starting ymodem transfer Press Ctrl C to cancel Transferring Bootloader PR020_29_v1 13 bin 100 1326 KB 0 KB s 0...

Page 109: ...hronously It is recommended that you upgrade the bootloader program in TFTP FTP mode The Console port is used to upgrade the monitor program only when the upgrade conditions of the first upgrade mode...

Page 110: ...ully Update Devinfo Writing file to filesystem Writing file to filesystem OK Updating devinfo OK Sysupdate devinfo devInfo_qsr3920_v11 17 successfully The above information indicates that the devinfo...

Page 111: ...n the FTP server directory Omitted Step 2 Back up device configuration files Omitted Step 3 Configure the IP addresses of the interfaces so that the network between Device and the FTP server is normal...

Page 112: ...de version is newer than the current version of the system first and then upgrade For the method of viewing the FPGA version number of the system refer to Step 6 Step 7 Use a command to restart the de...

Page 113: ...re 49 C CPU On Card Information 1 CPUs CPU Idx 00 Status 0000 Core Num 0008 Core State Core Idx 00 Core Status 0000 Core Utilization 18 Core Idx 01 Core Status 0000 Core Utilization 100 Core Idx 02 Co...

Page 114: ...Total 4966164480 bytes SizeFree 4137019392 bytes STATISTICS 1 IN 0 OUT 0 IERR 0 OERR The show system lpu command will display the related information of all online service sub cards Here just display...

Page 115: ...released version the unchanged programs need not be upgraded 10 3 2 Upgrade the bootloader Program via the Console Port Network Requirements PC and the Console port of the device is directly connected...

Page 116: ...e 0 Use boot parameter 0 device flash0 file rp39 7 3 2 80 v2 3 0 309 debug pck Loading 52040332 bytes in 2297 ms 21 6 MiB s Upgrade through the Console port is complex and slow so the TFTP FTP upgrade...

Page 117: ...Function Configuration Table 11 1 Bootloader function configuration list Configuration Tasks Set the Bootloader boot parameters Set the Bootloader boot parameters Upgrade the Bootloader program Upgrad...

Page 118: ...to load and run according to the prompt information If setting the boot device type to the network boot it is necessary to ensure that the route between the Ethernet interface of the host or terminal...

Page 119: ...the command reset or power off and restart the device and then you can use the latest Bootloader system program When using the update command to upgrade the Bootloader program ensure that the route b...

Page 120: ...is reachable Network Topology Figure 11 2 Networking for configuring bootloader to guide the Image program from the network Configuration Steps Set Bootloader boot parameter 0 select to load and run t...