Monthly Archives: September 2016

When downgrade failed on S5700-28X-PWR-LI-AC running V200R002C00SPC100

Issue Description

Switch:
VRP (R) software, Version 5.120 (S5700 V200R002C00SPC100)
Copyright (C) 2000-2015 HUAWEI TECH CO., LTD
HUAWEI S5700-28X-PWR-LI-AC Routing Switch

downgrade to V200R001C00SPC300 failed.

Alarm Information

error that we have received when trying to set the new system software as startup was:

startup system-software s5700li-v200r001c00spc300.cc
Error: Upgrade basic-bootrom failed.Software does not match this device.
Error: Failed in upgrading bootrom, next step is copying file. Continue?[Y/N]:Y
Error: The file is not supported by the device.
Info: Failed in setting the software for booting system.

Handling Process

S5700-28X-PWR-LI-AC is new on the market and was designed to support new features

available only on the newer versions. So actually the first system-software and only available

for this model is V200R002C00SPC100 and V200R003C00SPC300.

Root Cause

Suggestions

Upgrade to V00R003C00SPC300.

 

TwitterLinkedInGoogle+FacebookPinterestTumblrStumbleUponRedditShare

How to authenticate specific users on a interface

Issue Description

Hello everyone,

I want to present a quite interesting scenario that you might find helpful sometime.

How about if we want to use 802.1x authentication with a radius server to authenticate

more users on an interface.
Ohh, yes. This is not that hard because we can configure 802.1x based on MAC address

and authenticate all users of the interface.

What if we want to authenticate just some users of the interface and let the others access

our network without any restrictions because they are our really good friends. How can

we do this on our switches?

Solution

To explain our proposed solution I would take as reference the picture bellow :

As you can see they are both connected to the same interface, so what can we do?

First we have to configure the interface as hybrid to allow both tagged and untagged

packets. We also have to enable the voice VLAN function on the interface and to

configure the VLAN in question.

After this we remember that the device can manage users through domains. In this case,

we can configure two domains: one for users that will need radius authentication and we

will name it radius4you domain and one for users that won’t need authentication and we

will call it noauth4phone domain.

For this in the AAA view we will create the domains I have just specified and we will set

a radius authentication scheme to one and no authentication for the lucky one.

After we configure the interface, create the domains and the radius server template

(check the hedex) we should enable and configure the dot1x authentication in the system

and interface view.

As a result the switch authenticates the computer with the radius server conform to

the radius4you domain configured.
Since we don’t want to authenticate the phone we tried to trick the switch with the

dot1x mac-bypass command. Because we used this command, when the switch tries

to authenticate the phone and the dot1x authentication fails,  the switch will use the

MAC address of the phone for authentication. Since we created a MAC authentication

domain where no authentication is necessary, when the dot1x authentication fails,

the devices that have the MAC address specified in the mac-authen domain won’t be

authenticated at all.

The configuration example :
System view
#
voice-vlan mac-address 04c5-a44c-98b1 mask ffff-ffff-ffff description phone

//Specifies the OUI   address of voice packets that can be transmitted in the voice VLAN
#
#
domain radius4you
#
dot1x enable          //enable dot1x in system view
dot1x timer reauthenticate-period 100     //sets the re-authentication interval for 802.1x

authentication
mac-authen enable             // enables MAC address authentication
mac-authen domain noauth4phone mac-address 04c5-a44c-98b1 mask ffff-ffff-ffff

//configures an authentication domain for MAC address authentication users
#

AAA view:
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authentication-scheme noauth
authentication-mode none
accounting-scheme default
accounting start-fail online
domain default
domain default_admin
domain radius4you
authentication-scheme radius
radius-server  acs
domain noauth4phone           // creates nouaht4phone domain in aaa view
authentication-scheme noauth     // applies the noauth authentication-scheme to the

noauth4phone domain

The interface view:
#
interface Ethernet5/0/20
voice-vlan 184 enable             // configures and enables the 184 voice vlan
voice-vlan mode manual
voice-vlan legacy enable          //enables CDP-compatible Voice VLAN function
port hybrid pvid vlan 183
port hybrid tagged vlan 184
port hybrid untagged vlan 183
stp disable
bpdu bridge enable
dot1x mac-bypass       //Once 802.1x authentication fails, the device uses the MAC

address   for authentication
#

I hope this example is helpful if you want to configure this scenario in the future. Thank you

 

How to delete interface configuration using one command?

Issue Description

none

Alarm Information

none

Handling Process

<Quidway> system-view
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] display this
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 50
port hybrid tagged vlan 50
loopback-detect enable
port-security enable
port-security aging-time 30
#
return
[Quidway-GigabitEthernet0/0/1] quit
[Quidway] clear configuration interface gigabitethernet 0/0/1
Warning: All configurations of the interface will be cleared, and its state will
be shutdown. Continue? [Y/N] :y…
Info: Total execute 5 command(s), 5 successful, 0 failed.
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] display this
#
interface GigabitEthernet0/0/1
shutdown
#
return

Root Cause

none

Suggestions

none

How to Replace the Satellite Card of the SRCU Board in the BITSV3

Issue Description

Q:
The satellite card of the SRCU board of the BITS V3 is a sub-card. If the satellite card is faulty,

the replacement method is as follows:

the replacement method

the replacement method

Alarm Information

Null

Handling Process

A:

In the slide of the BITS V3 hardware architecture, only the logical diagram inside the board is provided,

without internal structure of the SRCU board. Many engineers do not see this board and cannot handle

relevant problems.

SRCU board

SRCU board

Figure 1 GPS satellite card component

GPS satellite card

GPS satellite card

Figure 2 Installation location of the SRCU/SOCU satellite card

SRCU/SOCU satellite card

SRCU/SOCU satellite card

Figure 3 Rubidium clock partition board
To replace the board, perform the following steps:
1. Use the board component as shown in Figure 1 to install in the position as shown in Figure 2. Insert

the board in socket correctly. The board component is inserted in the SRCU or SOCU board.
2. Pick 4PCS M3 x 6 screws (26010420). Use the 3.0kgf.cm screwdriver to tighten the sub board in the

positions of M15, M16, M17, and M18 in the stud. It should be noted that the rubidium clock partition

board is installed on the side of the rubidium clock, that is, M16 and M17 stud.
3. The GPS/GLONASS dual-satellite receive card is installed in the same way as that of the rubidium

clock partition board. A partition board is not required in the GPS/GLONASS dual-satellite card.

GPS/GLONASS dual-satellite card

GPS/GLONASS dual-satellite card

Root Cause

Null

Suggestions

Null

What’s the Failure of I-Type PDU Backplane on MA5600T due to Overcurrent

Keywords: MA5600T, Access network

Summary:  If an H801ESCA0 board (BOM number: 03030BYR) of a version earlier than VER.D is installed in the PDU and two channels of external power are input to the PDU, the PDU backplane may be burnt when the two copper plates are poorly connected due to misoperations.

[Problem Description]

Trigger conditions: 1. An I-type PDU (BOM number: 02120328) is used on an MA5600T cabinet. 2. Two channels of external power are input to the PDU. 3. An H801ESCA0 board (BOM number: 03030BYR) of a version earlier than VER.D is installed in the PDU. 4. The RTN copper plate on the PDU is poorly connected. If conditions 1, 2, and 3 are met, this problem will be triggered when condition 4 occurs. The poorer the connection is, the higher the problem occurrence possibility is. Symptom: The PDU backplane is damaged due to overcurrent. The PCB is badly burnt, causing devices inside the cabinet to be powered off. The power is restored only after the PDU is replaced and services are interrupted for a long time. Identification method: Visually check the I-type PDU, especially the copper plates on the PDU. The following figure shows copper plates in good connection status.

 I-type PDU

I-type PDU

The following figure shows copper plates in poor connection status.

copper plates

copper plates

 

[Root Cause]

The I-type PDU supports two external power inputs and four external power inputs. When four channels of power are input to the PDU, the copper plates must be removed. However, when two channels of power are input to the PDU, the copper plates are used to ensure a reliable connection to terminals and cannot be removed. If the RTN copper plate is removed or poorly connected, the input current flows through the H801ESCA board to the negative terminal. In other words, the RTN terminals on the H801ESCA board are short-circuited. As a result, the circuit from the power backplane to the RTN copper plates on the H801ESCA0 board is overcurrent and burnt.

RTN copper plate

RTN copper plate

[Impact and Risk]

Devices inside the cabinet will be powered off. Services will be interrupted and can be restored only after the PDU is replaced.

[Measures and Solutions]

Recovery measures: Replace the I-type PDU and restore power supply promptly. Workarounds: 1. During the installation and deployment of new devices, ensure that the RTN copper plate is properly connected when two channels of power are input to the PDU.

RTN copper plate

RTN copper plate

2. Detail the device installation guide so that the copper plates can be properly connected. To obtain the detailed device installation guide, visit: http://support.huawei.com/support/pages/kbcenter/view/product.do?actionFlag=detailProductSimple&web_doc_ id=SE0000606789&doc_type=ProductManual&doc_type=ProductManual&saveBrowserLoged=true

copper plates

copper plates

Preventive measures: To prevent this problem, the new I-type PDU is optimized in the following aspects: 1. Add a cap for the copper plate screw since March 30, 2013 so that it will not be mistakenly loosened. 2. Upgrade the H801ESCA board to VER.D and replace the RTN copper plate with a diode insulator from September 30, 2013.

H801ESCA board

H801ESCA board

[Warning Expiration]

This warning automatically expires after related conditions are not met.

[Attachment]

None

DSC_3994

How to do when Occasional MA5616 Database Clearing?

Keywords: MA5616, Access network product line

Summary

In MA5616 V800R312 equipped with an H831CCUB or H831CCUC control board, if data is

frequently saved into the database, the database malfunctions after the MA5616 runs for a

period of time. As a result, the MA5616 resets and starts from an empty database.

Problem Description

Trigger Conditions

This issue occurs if data is frequently saved into the database.

Each data saving reduces 256 bytes from the flash memory. When the remaining flash

memory is about 1 KB larger than the database file size, this issue occurs sometimes.

Symptom

The MA5616 database is cleared.

Identification Method

l For risky MA5616s:

Case 1:

This issue occurs after the MA5616 resets if the sizes of the database files in active and

standby partitions are both 0 KB.

MA5616(su)%%filesystem cmd dir /all

Directory of flash:/

 

0    -rw-  15361414  May 13 2013 05:07:43   program.efs

………………………………

51   -rw-     59668  Aug 14 2013 04:04:16   log_oper00.dat

52   -rw-         0  Aug 11 2013 22:31:25   data.dat

53   -rw-         0  Aug 13 2013 02:27:19   data_bak.dat

57785 KB total (83 KB free)

 

Case 2:

This issue occurs after data is saved into the database several times and the MA5616

resets if the size of the database file in a partition is 0 KB.

MA5616(su)%%filesystem cmd dir /all

Directory of flash:/

 

0    -rw-  15361414  May 15 2013 00:20:39   program.efs

……………………………………

51   -rw-     58467  Aug 07 2013 14:57:17   log_oper00.dat

52   -rw-     95309  Aug 27 2013 22:35:31   data.dat

53   -rw-         0  Aug 27 2013 22:35:15   data_bak.dat

57785 KB total (94 KB free)

 

Case 3:

This issue occurs sometimes after the MA5616 runs a period of time and meanwhile

data is frequently saved into the database if the sizes of the database files in active and

standby partitions are greater than 0 KB but the remaining flash memory is nearly the

same as the size of the database file.

MA5616(su)%%filesystem cmd dir /all

Directory of flash:/

 

0    -rw-  15361414  May 21 2013 21:51:07   program.efs

………………………………

49   -rw-     65296  Aug 22 2013 01:53:29   log_oper00.dat

50   -rw-     91636  Aug 27 2013 23:50:05   data.dat

51   -rw-     91636  Aug 27 2013 23:49:55   data_bak.dat

57785 KB total (107 KB free)

 

l For affected MA5616s:

Log in to the MA5616s to query configuration files after confirming that the database

is not manually cleared.

MA5616(config)%% display current-configuration

If only original configuration data remains in the configuration file, this issue has occurred.

Root Cause

The mechanism of writing data into the MA5616 database is defective. As a result, the

dbupdate.bin redundant file uses the flash memory. If the remaining flash memory is

about 1 KB larger than the database file size, saving data into the database results in a

database exception. After the MA5616 resets, the database is cleared.

Impact and Risk

The MA5616 configuration restores to default settings, which results in service failures.

Measures and Solutions

Recovery Measures

For the affected MA5616s, perform the following operations:

1. Configure data again or import the correct database file into the MA5616s. Then,

reset the MA5616s.

2. Run the save command to save the data.

3. Run the following command to delete the dbupdate.bin file:

MA5616(su)%%filesystem cmd delete dbupdate.bin

The contents cannot be recycled!!! Delete flash:/dbupdate.bin?[confirm]:y

Workarounds

For the risky MA5616s, perform the following operations:

1. Delete the dbupdate.bin file to ensure that the remaining flash memory is sufficient.

MA5616(su)%%filesystem cmd delete dbupdate.bin

The contents cannot be recycled!!! Delete flash:/dbupdate.bin?[confirm]:y

 

2. In su mode, delete invalid database files (size: 0 KB), regardless whether the database

file is in the active or standby partition.

MA5616(su)%%filesystem cmd delete data.dat

The contents cannot be recycled!!! Delete flash:/ data.dat?[confirm]:y

 

MA5616(su)%%filesystem cmd delete data_bak.dat

The contents cannot be recycled!!! Delete flash:/ data_bak.dat?[confirm]:y

 

3. Manually save the database file. If the database file can be saved, the issue is rectified.

Preventive Measures

Load V800R312C00SPH206.

Prewarning Retraction Conditions

This prewarning can be retracted if issue triggering conditions are not met.

Attachment

None

What are the meanings of the short names of UA5000 boards

Issue Description

Q:
IPMB, PVMB, PVMD, CSRB, DSL, SDLE, SDLB, EDTB, ASL, TSSB boards, they are

short name of UA5000 boards,  their functions details can be found in product manual,

but what are the meanings of the short names?

Alarm Information

null

Handling Process

A:
the meanings (not just full names) of the short names of the UA5000 boards are followings:
IPMB: IP processing Module
PVMB: Packet Voice Module
PVMD: Packet Voice Module
CSRB: Combo Service, B is the type
ASL: Analog Subscriber Line
DSL: Digital Subscriber Line
SDLE: Single-pair high-speed Digital subscriber Line, E is the type
SDLB: Single-pair high-speed Digital subscriber Line, B is the type
EDTB: E1 Digital Trunk Board
TSSB:  Test System of Subscriber, B is the type

Root Cause

null

Suggestions

the meanings (not just full names) of the short names of boards should be add to the product

manual with their functions details.

 

What Are the Configuration Specifications of the CBS and the PBS?

Issue Description

Q:
What is the requirement for the configuration specifications of the committed burst size (CBS)

and peak burst size (PBS) when the MA5680TV800R006C002 HG series ONU Ethernet ports

limit the upstream/downstream rate through a traffic profile?

Alarm Information

Null

Handling Process

A:
1. The function of restriction check is added to the V800R006C02. The maximum specification

supported by the EPBA CBS/PBS is 65535. The maximum specification supported by the EPBC

and EPBD CBS/PBS is 1024000.
2. If the upstream/downstream rate is limited in a service profile by running the port eth ont-portid

ds-policing traffic-table-index or port eth ont-portid up-policing traffic-table-index command, note

that the CBS and PBS in the traffic profile must comply with the restriction

of the preceding specifications. Otherwise, the following prompt appears:
MA5680T(config-if-epon-0/1)#  ont add 0 mac-auth 001F-A451-E3B3 oam ont-lineprofile-id 21

ont-srvprofile-id 21
A failure occurs when the CBS value of the traffic profile exceeds the configuration range of the board.
3. When the rate of the entire ONU is limited by referencing a traffic profile through a line profile,

the rate is not restricted by the specification.

Root Cause

Null

Suggestions

Null