No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Maintenance Guide

TE30, TE40, TE50, TE60, and TX50 Videoconferencing Endpoint V600R006C10

This document guides the operator to maintain the device
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Application Layer Account List

Application Layer Account List

This section describes application layer accounts and their default passwords, functions, and configuration methods. To ensure account security, you are advised to change the password at the first login and regularly change the password afterward.

Administrator Password of the Remote Control UI

This section describes the default password of the remote control UI administrator and relevant settings and precautions.

The administrator of the remote control UI has the highest-level rights on the endpoint, including enabling or disabling the web-based login, changing the user name and password of the web interface administrator, enabling SSH or Telnet login, setting the SiteCall security, and enabling encryption.

The default password of the remote control UI administrator is 12345678. To ensure account security, you are advised to change the password at the first login and regularly change the password afterward. To simplify user operation, you can set the password of the remote control UI administrator to a number or leave the password blank.

NOTE:

It is recommended that you set a complex password. A simple or empty password brings security risks.

You can change the password of the remote control UI administrator in either of the following ways:

  • On the remote control UI, choose Advanced > Settings > Security > Password and set the password.
  • On the web interface, choose System Settings > Security > GUI and set the password.

When using the password of the remote control UI administrator, note that:

  • On the remote control UI, the administrator password is required for accessing the Settings screen and customizing the option bar.
  • By default, remote control UI standard users can directly access Advanced but must enter the administrator password to access the Settings screen under Advanced and customize the option bar. (The password can be obtained from the administrator.)
  • If the administrator select Encryption advanced settings, standard users can directly access Settings but must enter the administrator password to access the Advanced menu and customize the option bar. If the administrator password is left blank, standard users have access to all menus on the remote control UI.

Screen Unlock Password

This section describes the password for unlocking the remote control UI and relevant settings and precautions.

Table 7-1 describes the password for unlocking the remote control UI.

Table 7-1 Screen unlock password

User Name

Default Password

Description

Remarks

-

12345678

If you have enabled the screen lock to secure the endpoint, its screen will be locked after it is put in sleep mode. To unlock the screen, enter the password.

To secure the endpoint, you are advised to change the screen unlock password at the first login and regularly change the password afterward.

To change the screen unlock password:
  • On the web interface, choose System Settings > Security > Screen Lock, set Screen lock to Allow, and set the screen unlock password.
  • On the remote control UI, choose Advanced > Settings > Security > Password > Screen Lock, set Screen lock to Allow, and set the screen unlock password.

Web Management Account

The web management account is a default account and has the highest-level rights on the web interface. This account cannot be deleted. The web management account has the permission of exporting the address book, logs, and settings. Keep the account safe to prevent disclosure of personal information.

The endpoint supports a maximum of 10 concurrent logins to the web interface, and controls user permissions by setting permission levels. Table 7-2 describes the web management account.

Table 7-2 Web management account

Account Name

Default Password

Description

Remarks

admin

Change_Me

The web management account is a default account and has the highest-level rights on the web interface. This account cannot be deleted.

For details about account levels, see Web Management Users.

To ensure account security, you are advised to change the password at the first login and regularly change the password afterward.

To change the password:

  • On the remote control UI, choose Advanced > Settings > Security > Web Login.
  • On the web interface, choose System Settings > General > Personal.

To change the Administrator name, you can choose Advanced > Settings > Security > Web Login from the remote control UI.

If the number of user attempts to log in to the endpoint web interface reaches a predefined number, the user account will be locked and cannot be used for login until the locking duration ends. To set the maximum number of user login attempts and locking duration, perform the following operations:

On the web interface, choose System Settings > Security > Web Login. On the displayed screen, set Maximum login attempts and Lock time.

System Connection Whitelist

The whitelist helps enhance videoconferencing security. After you configure a whitelist, only devices with the IP addresses specified in the whitelist can connect to the endpoint.

Set the whitelist under the guidance of technical support engineers.

The endpoint whitelist is empty by default. That is, all IP addresses are allowed to connect to the endpoint. If the endpoint is deployed on a public network, it is recommended that you add frequently-used IP addresses or IP address segments to the whitelist. This approach helps defend against potential network threats, such as flood attack and slow HTTP attack. You must add the IP addresses of the following devices to the whitelist:
  • PC that is used to access the endpoint web interface
  • Videoconferencing MCU
  • SMC2.0
  • Recording server

To set the whitelist on the web interface, perform the following steps:

  1. Choose System Settings > Whitelist.
  2. Select Enable.

    If Enable is deselected, the whitelist is invalid. That is, all IP addresses are allowed to connect to the endpoint. You can modify the whitelist only after selecting Enable here.

  3. Click Add and set IP address and Mask length.
  4. Click OK. The settings take effect immediately.
NOTE:
  • To set the whitelist on the remote control UI, choose Advanced > Settings > Secured. Then you can enable the whitelist but cannot add records to or delete records from the whitelist.
  • If the endpoint is attacked and its web interface stops working, you can log in to the endpoint using the serial port, enter the shell, and execute the iptables command to set the whitelist.

TR-069 Connection Credential and Account

The Auto-Configuration Server (ACS) server is connected to centrally manage endpoints.

To centrally manage endpoints on the ACS server, log in to the web interface, choose System Settings > Network > TR069, and set the TR-069 parameters listed in Table 7-3.

Table 7-3 TR-069 parameters

Parameter

Description

Setting

TR069

Specifies whether to enable the TR-069 function. If this function is enabled, the endpoint will send a session setup request to the ACS. Start the ACS before enabling the TR-069 function.

NOTE:

If you set this parameter to Enable, you must also set ACS User Name, ACS Password, ACS Server IP Address, Report Interval(s), CPE User Name, CPE Password, and Authentication mode.

The default value is Disable.

ACS User Name

Specifies the user name authenticated by the ACS after receiving a session setup request from the endpoint. The user name must be the same as that specified on the ACS.

This parameter does not have a default value.

ACS Password

Specifies the password authenticated by the ACS after receiving a session setup request from the endpoint The password must be the same as that specified on the ACS.

This parameter does not have a default value.

ACS Server IP Address

Specifies the ACS URL, which can be based on an IP address or domain name.
  • IP address-based URL example: http://10.10.10.1:8086
  • Domain name-based URL example: http://company.acs.com:8086 (8086 indicates the ACS port number)

This parameter does not have a default value.

Report Interval(s)

Specifies the interval at which the endpoint sends a session setup request to the ACS.

The default value is 1800.

It is recommended that this interval be shorter than the timeout period of the ACS. If this interval is longer than the timeout period, the ACS may be disconnected or the session status may not be updated in time after a session setup timeout.

CPE User Name

Specifies the user name authenticated by the endpoint after receiving a session setup request from the ACS. The user name must be the same as that specified on the ACS.

This parameter does not have a default value.

CPE Password

Specifies the password authenticated by the endpoint after receiving a session setup request from the ACS. The password must be the same as that specified on the ACS.

This parameter does not have a default value.

Authentication mode

Specifies the mode in which the endpoint will be authenticated when accessing the network management system.

The default value is Digest.

If you set this parameter to None or Basic, the system will prompt you that the authentication mode poses security risks. For security purposes, set this parameter to Digest.

STUN

Specifies whether to enable the Simple Traversal of UDP through NAT (STUN) function. If this function is enabled, the endpoint can perform private-to-public network traversal using the STUN server on the TR-069 network.

NOTE:

If you set this parameter to Enable, you must also set STUN Server IP Address, STUN Server Port, STUN listen port, STUN User Name, STUN Password, and STUN keep-alive period(s).

The default value is Disable.

STUN Server IP Address

Specifies the IP address of the STUN server.

This parameter does not have a default value.

Obtain the value of this parameter from the STUN server administrator.

STUN Server Port

Specifies the port number used by the STUN server to provide the private and public network traversal service.

The default value is 3478.

Obtain the value of this parameter from the STUN server administrator.

STUN listen port

Specifies the port provided by the endpoint for private and public service interaction with the STUN server.

The default value is 3000.

STUN User Name

STUN Password

Specifies the authentication user name and password of the STUN server.

This parameter does not have a default value.

Obtain the value of this parameter from the STUN server administrator.

STUN keep-alive period(s)

Specifies the interval at which the endpoint sends a session setup request to the STUN server.

The default value is 150.

Broadsoft Platform Connection Credential and Account

Your endpoint can download and update configuration data from the configuration server on the Broadsoft platform after being connected to this platform.

To connect your endpoint to the Broadsoft platform, log in to the web interface, choose System Settings > Network > Broadsoft, and set the Broadsoft platform parameters listed in Table 7-4.

Table 7-4 Broadsoft platform parameters

Parameter

Description

Setting

Broadsoft

Specifies whether to interconnect with the Broadsoft platform. After the interconnection, the endpoint can download and update configuration data from the configuration server on the Broadsoft platform.
NOTE:

If you set this parameter to Enable, you must also set URL, User name, and Password.

The default value is Disable.

URL

Specifies the address of the configuration server on the Broadsoft platform.

This parameter does not have a default value.

Obtain the URL from the Broadsoft server administrator.

User name

Specifies the user name authenticated by the Broadsoft platform after receiving a session setup request from the endpoint. The user name must be the same as that specified on the Broadsoft platform.

This parameter does not have a default value.

Obtain the user name from the Broadsoft server administrator.

Password

Specifies the password authenticated by the Broadsoft platform after receiving a session setup request from the endpoint. The password must be the same as that specified on the Broadsoft platform.

This parameter does not have a default value.

Obtain the password from the Broadsoft server administrator.

DDNS Server Connection Credential and Account

The endpoint can be connected to a third-party Dynamic Domain Name System (DDNS) server. Then, once the endpoint's domain name or IP address is changed, the change will dynamically take effect on the DNS server, ensuring that the correct IP address can be found based on the domain name. After the DDNS server is enabled and necessary parameters are defined for the endpoint, the endpoint can be managed based on its domain name.

To connect your endpoint to the DDNS server, log in to the web interface, choose System Settings > Network > DDNS, and set the DDNS server parameters listed in Table 7-5.

Table 7-5 DDNS server parameters

Parameter

Description

Setting

DDNS

Specifies whether to enable the DDNS server. After the DDNS server is enabled, the endpoint can be called by its domain name.
NOTE:

If you set this parameter to Enable, you must also set DDNS URL, Name of DDNS user, and DDNS password.

The default value is Disable.

DDNS URL

Specifies the URL of the DDNS server.
  • https://dynupdate.no-ip.com/nic/update
  • https://dynupdate.no-ip.com/nic/update:443

This parameter does not have a default value.

Name of DDNS user

Specifies the user name that you enter when you apply for an account at https://dynupdate.no-ip.com.

This parameter does not have a default value.

DDNS password

Specifies the password that you enter when you apply for an account at https://dynupdate.no-ip.com.

This parameter does not have a default value.

Endpoint domain name

Specifies the endpoint domain name that you enter when you apply for an account at https://dynupdate.no-ip.com. Then the endpoint can be managed through this domain name.

This parameter does not have a default value.

API Account

The API account is required for a third party (for example, a touch panel or a Videxio platform) to connect the endpoint or for the SMC2.0 to add the endpoint as a manageable site.

Table 7-6 describes the API account.

Table 7-6 API account

Account Name

Default Password

Description

Remarks

api

Change_Me

Specify the user name and password for authenticating the touch panel or the Videxio platform when it attempts to connect to the endpoint or authenticating the SMC2.0 when it attempts to add the endpoint as a manageable site.

The default API account is used for the interconnection between the endpoint and the Videxio platform. After the interconnection is complete, the endpoint is activated and automatically obtains configuration data from the Videxio platform.

The touch panel connects to the endpoint through the API account. Then you can use the touch panel to hold and control conferences.

The account provided here is a default account, which can be modified.

To ensure account security, you are advised to change the password at the first login and regularly change the password afterward.

To change the API account and password, log in to the web interface of the endpoint, choose System Settings > General > Personal, and set Name of API user and Password of API user.

Administrator Password of the Touch Panel UI

The administrator password is required for some conference control operations, which fortifies conference security.

Table 7-7 describes the administrator password of the touch panel UI.

Table 7-7 Administrator password of the touch panel UI

Account Name

Default Password

Description

Remarks

-

Change_Me

Administrator password of the touch panel UI.

The password is required for accessing the Advanced Settings screen.

To ensure account security, you are advised to change the password at the first login and regularly change the password afterward.

To change the password, choose > Setting > Advanced Settings > Security Settings.
NOTE:

The administrator password must meet the following requirements:

  • Contains 8–32 characters.
  • Contains at least two types of the following: uppercase letters, lowercase letters, digits, and special characters (` ~ ! @ # $ % ^ & * ( ) - _ = + \ | [ { } ] ; : , < . > / ?).
  • Contains no spaces or invalid special characters ' "

If you forget the administrator password, select Huawei Telepresence from the touch panel's application list and tap Clear Data to remove all custom data and restore default settings. Then you can use the default administrator password to access the Advanced Settings screen.

SSH and Telnet Login

The endpoint supports both Telnet login and Security Shell (SSH) login. Telnet is an insecure protocol. SSH is a cyber security protocol for remote access using the encryption and authentication mechanism in an insecure cyber environment. During SSH login, all user data is encrypted. For security purposes, you are advised to use SSH login.

  • You can log in to the endpoint through port 23 using Telnet. Telnet login is set to Do not allow by default. Telnet is an insecure communication protocol. You are advised to disable it. If you want to log in using Telnet, see Enabling SSH or Telnet.
  • You can log in to the endpoint through port 22 using SSH. SSH is set to Do not allow by default. If you want to log in using SSH, see Enabling SSH or Telnet.
NOTE:

Fixed accounts are provided for SSH/Telnet login in the normal system and Telnet login in the mini system. These accounts cannot be added, deleted, or modified.

SSH and Telnet Login in the Normal System

The normal system supports SSH and Telnet logins. Table 7-8 describes the account names and passwords used for SSH and Telnet logins in the normal system.

Table 7-8 SSH and Telnet login accounts

Account Name

Default Password

Description

Remarks

debug

Change_Me

Administrator account with the highest permission for system debugging.

This is a special account and not for common users.

admin

Change_Me

Common user account with lower permission than the debug account.

-

user

Change_Me

Common user account with lower permission than the admin account.

-

apiuser

Change_Me

Touch panel account with lower permission than the user account.

This is a special account and not for common users.

test

Change_Me

Dedicated account for testing with lower permission than the user account.

-

NOTE:
  • To secure your account, it is recommended that you change the password upon the first login and regularly change the password afterward.
  • If there are accounts that are not frequently used, you must regularly change the password to ensure account security.
  • After you log in using the debug account, you can run the command mnt debug setpwd [name] to change other accounts' passwords.
  • On the web interface, under System Settings > General > Personal, if you enable Synchronize Account Password, the password of the Debug user on the web interface is changed accordingly when you change the password of the SSH and Telnet login account debug in the normal system, and vice versa. If you disable Synchronize Account Password, the password of the Debug user on the web interface is not changed accordingly when you change the password of the SSH and Telnet login account debug in the normal system, and vice versa.
  • The default value of Synchronize Account Password is Disable. The debug account has the highest permission, while the admin account has lower permission than the debug account. If Synchronize Account Password is set to Enable, the admin account has the highest permission, while the debug account has lower permission than the admin account.
Telnet Login in the Mini System

The mini system supports Telnet login only. The login account and default password are described in Table 7-9.

Table 7-9 Telnet login account

Account Name

Default Password

Description

Remarks

debug

Change_Me

Administrator account for system debugging

To ensure account security, change the password at the first login and regularly change the password afterward.

For details about how to change the password and use the debug commands, see the TE30&TE40&TE50&TE60&TX50&RP100&RP200 Command Reference.

Serial Port Account

The endpoint allows for logins using serial ports to commission applications and locate faults.

Table 7-10 describes the serial port account.

NOTE:

To make the serial port account and functions available on a TE30, use the USB-to-serial cable to convert the USB port into a serial port and then restart the TE30.

Table 7-10 Serial port account

Account Name

Default Password

Description

Remarks

root

Change_Me

This account is used for a computer to log in to the endpoint through serial ports.

To ensure account security, you are advised to change the password at the first login and regularly change the password afterward. To change the password, run the passwd command.

Upgrade Password

To upgrade the endpoint under the normal system with the upgrade tool, you must enter the upgrade password.

The default upgrade password is Change_Me.

To ensure account security, you are advised to change the password at the first login and regularly change the password afterward.

  • On the remote control UI, choose Advanced > Settings > Security > Upgrade password.
  • On the web interface, choose System Settings > Security > Upgrade password.

VPT300 Upgrade Password (TE40&TE50&TE60&TX50 Only)

You must enter the upgrade password when upgrading the VPT300 on the endpoint.

When the VPT300 is connected to the endpoint, you can set the VPT300 upgrade password on the endpoint.

The default VPT300 upgrade password is Change_Me.

To ensure account security, you are advised to change the VPT300 upgrade password at the first login and regularly change the password afterward.
NOTE:

Before setting the VPT300 upgrade password, specify the video input port through which the VPT300 connects to the endpoint.

  • On the remote control UI, choose Advanced > Settings > Video > Video Input, select the video input port to which the VPT300 connects, and set Camera type to VPT300.
  • On the web interface, choose System Settings > Input/Output > Video Input, select the video input port to which the VPT300 connects, and set Camera type to VPT300.
  • On the remote control UI, choose Advanced > Settings > Video > Video Parameters, select the video input port to which the VPT300 connects, and set Upgrade password.
  • On the web interface, choose Device Control > Device Control > Camera parameters adjustment, select the video input port to which the VPT300 connects, and set New upgrade password under VPT300 parameters adjustment.

Air Content Sharing Password

The air content sharing password is used by an air content sharing client to connect to the endpoint. Users can download the air content sharing client from the endpoint web interface. After the air content sharing client successfully connects to the endpoint, users can connect the endpoint to presentation sources and share presentations without the use of any physical ports.

The default air content sharing password is Change_Me.

To ensure account security, you are advised to change the password at the first login and regularly change the password afterward.

  • On the remote control UI, choose Advanced > Settings > Security > Air Content Sharing.
  • On the web interface, choose System Settings > Security > Air Content Sharing.

Network Diagnostics Tool Account

After the network diagnostics function is enabled, the network diagnostics tool can use the H.323 call port, RAS source port, RAS destination port, or SIP call port to diagnose the endpoint.

Table 7-11 describes the network diagnostics tool account.
Table 7-11 Network diagnostics tool account

Account Name

Default Password

Description

Remarks

admin

Change_Me

Specify the user name and password that the network diagnostics tool uses for authentication when attempting to communicate with the endpoint.

To ensure account security, you are advised to change the password at the first login and regularly change the password afterward.

On the web interface, choose System Settings > Network > Network diagnostics, enable Network diagnostics, and set Diagnostics tool user name and Diagnostics tool password.

Information Required for Connecting to the Videoconferencing Network Management System

The endpoint communicates with and is remotely managed by the videoconferencing network management system using SNMP.

The videoconferencing network management system implements the following:
  • Configures endpoint settings, including the H.323 and SIP settings.
  • Queries endpoint status.
  • Checks endpoint alarms.
  • Backs up and restores endpoint settings.
  • Upgrades the endpoint online.

To remotely manage the endpoint from the videoconferencing network management system, log in to the web interface of the endpoint, choose System Settings > Network > SNMP Settings, and set SNMP parameters, as described in Table 7-12.

When the videoconferencing network management system connects to the endpoint through SNMP v2, configure required SNMP v2 information. When the videoconferencing network management system connects to the endpoint through SNMP v3, configure the SNMP v3 account, password, and protocol.

NOTE:

To ensure account security, you are advised to change the password at the first login and regularly change the password afterward. The password you set on the endpoint must be the same as that set in the videoconferencing network management system.

Table 7-12 Information required for connecting to the videoconferencing network management system

Parameter

Default Setting

Description

Remarks

SNMP v2

Get community name

Change_Public

Specifies the credential that the videoconferencing network management server uses to obtain endpoint settings.

The parameter settings must be the same as those in the videoconferencing network management system.

Set these parameters when both Enable SNMP and SNMPv2 are set to Enable.

Set community name

Change_Private

Specifies the credential that the videoconferencing network management server uses to specify endpoint settings.

Trap community name

Change_Me

Specifies the credential that the endpoint uses to report alarms to the videoconferencing network management server.

SNMP v3

User name

v3user

Specifies the user name for connecting the endpoint to the videoconferencing network management system through SNMP v3.

The parameter setting must be the same as that in the videoconferencing network management system.

Authentication protocol

SHA

Specify the authentication mode and password for connecting the videoconferencing network management system to the endpoint.

The parameter settings must be the same as those in the videoconferencing network management system.

When the videoconferencing network management system attempts to connect to the endpoint, Authentication protocol and Authentication password set on the endpoint are required.

Authentication password

Change_Me

Encryption protocol

AES

Specify the encryption protocol and password for connecting the videoconferencing network management system to the endpoint.

The parameter settings must be the same as those in the videoconferencing network management system.

Encryption password

Change_Me

Wi-Fi Hotspot Names and Passwords

When the Wi-Fi hotspot function is enabled on the endpoint, other devices, such as VPM220Ws, tablets, and PCs, can access a Wi-Fi network by connecting to the endpoint.

The endpoint allows you to use a license to disable the Wi-Fi function to meet information security requirements. Before using the Wi-Fi hotspot function, ensure that the Wi-Fi function is enabled and functions properly.

Table 7-13 describes the Wi-Fi hotspot names and passwords.

Table 7-13 Wi-Fi hotspot names and passwords

Wi-Fi Hotspot Name

Default Setting

Description

Remarks

TE30: TE30_wifi_ap+10-digits

TE40: TE40_wifi_ap+10-digits

TE50: TE50_wifi_ap+10-digits

TE60: TE60_wifi_ap+10-digits

TX50: TX50_wifi_ap+10-digits

The default password varies depending on your settings for the Encryption mode parameter.

  • If you set Encryption mode to NONE, the default password is empty.
  • If you set Encryption mode to WEP, the default password is wifi_ap_wep_1.
  • If you set Encryption mode to TKIP or AES, the default password is Change_Me.

The devices, such as VPM220Ws, tablets, and PCs, can access a Wi-Fi network by connecting to the endpoint.

To ensure account security, you are advised to change the password at the first login and regularly change the password afterward.

The required key types vary depending on your settings for the Encryption mode parameter. If you set Encryption mode to NONE, the Wi-Fi network provided by the endpoint is open to everyone. To ensure account security, you are not advised to set Encryption mode to NONE.

To change SSID Number and Password for a Wi-Fi hotspot, perform the following steps:

  • On the remote control UI, choose Advanced > Settings > Network > Wi-Fi > Wi-Fi Hotspot > Web Login, enable Wi-Fi Hotspot, and set SSID Number and Password.
  • On the web interface, choose System Settings > Network > Wi-Fi Settings, enable Wi-Fi Hotspot, and set SSID Number and Password.

Wi-Fi Hotspot Whitelist

To enhance connection security, configure the Wi-Fi hotspot whitelist. Only devices (including tablets and PCs) in the whitelist can connect to the hotspot.

NOTE:

Before configuring the Wi-Fi hotspot whitelist, ensure that Wi-Fi hotspots have been enabled.

The procedure for configuring the Wi-Fi hotspot whitelist is as follows:

  1. Choose System Settings > Network > Wi-Fi Settings and click the Wi-Fi Hotspot tab.
  2. Click Whitelist.
  3. Select Enable.

    You can modify the whitelist only after selecting Enable here.

  4. Click Add and enter the MAC addresses of the devices that need to connect to the hotspot.
  5. Click OK. The settings take effect immediately.
Translation
Download
Updated: 2019-01-31

Document ID: EDOC1000184611

Views: 32085

Downloads: 164

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next