No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Maintenance Guide

TE20 Videoconferencing Endpoint V600R019C00

Describes how to maintain and troubleshoot the Videoconferencing Endpoint.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Application Layer Account List

Application Layer Account List

This section describes application layer accounts and their default passwords, functions, and configuration methods. To ensure account security, you are advised to change the password at the first login and regularly change the password afterward.

Administrator Password of the User Interface

This section describes the default password of the user interface administrator and relevant settings and precautions.

By default, the user interface does not require any password. In this case, you can directly access any module of the user interface. To improve device security, set a password at your first login and regularly change the password afterward.

NOTE:

It is recommended that you set a complex password. A simple or empty password brings security risks.

If you have specified an administrator password, the user interface will ask you to enter it when you attempt to access the System Settings screen. Tell the other users the password if they need.

To set the administrator password for logging in to the user interface, perform the following steps:

  • On the user interface, choose System Settings > More > Administrator Password, and set the password.
  • On the web interface, choose System Settings > Security > GUI, and set the password.

Web Management Account

Two web login accounts are available: adminand api.Keep your administrator account and password secure to prevent personal information disclosure.

Both the admin and api accounts:

  • Support web login, Telnet login, and SSH login.
  • Modify all configuration items.
  • Change the name and password of each other. Besides, the two accounts have the same name length and password policies.

The difference is that the api account is not only used for web login but also used for connections from third parties, for example, VTS.

Table 3-1 lists the default user names and passwords for admin, and api accounts.

Table 3-1 admin and api accounts

Account Name

Default Password

Function

Remarks

admin

Change_Me

Web Administrator account.

To ensure account security, you are advised to change the password at the first login and regularly change the password afterward.

On the web interface, choose System Settings > General > Personal, and change the user name and password.

api

Change_Me

Used for web login and connections from third parties, for example, VTS

System Connection Whitelist

The whitelist helps enhance videoconferencing security. After you configure a whitelist, only devices with the IP addresses specified in the whitelist can connect to the endpoint.

Set the whitelist under the guidance of technical support engineers.

The endpoint whitelist is empty by default. That is, all IP addresses are allowed to connect to the endpoint. If the endpoint is deployed on a public network, it is recommended that you add frequently-used IP addresses or IP address segments to the whitelist. This approach helps defend against potential network threats, such as flood attack and slow HTTP attack. You must add the IP addresses of the following devices to the whitelist:

  • PC that is used to access the endpoint web interface
  • Videoconferencing MCU
  • SMC2.0
  • Recording server

To set the whitelist on the web interface, perform the following steps:

  1. Choose System Settings > Whitelist.
  2. Select Enable.

    If Enable is deselected, the whitelist is invalid. That is, all IP addresses are allowed to connect to the endpoint. You can modify the whitelist only after selecting Enable here.

  3. Click Add and set IP address and Mask length.
  4. Click OK. The settings take effect immediately.

TR069 Connection Credential and Account

The TR069 server is connected to centrally manage endpoints.

To centrally manage endpoints on the TR069 server, log in to the web interface, choose System Settings > Network > TR069, and set the TR069 parameters listed in Table 3-2.

Table 3-2 TR069 parameters

Parameter

Description

Setting

TR069

Specifies whether to enable the TR069 function. If this function is enabled, the endpoint will send a session setup request to the Auto-Configuration Server (ACS). Start the ACS before enabling the TR069 function.

NOTE:

If you set this parameter to Enable, you must also set ACS user name, ACS password, ACS server IP address, Report interval(s), CPE user name, CPE password, and Authentication mode.

The default value is Disable.

ACS user name

Specifies the user name authenticated by the ACS after receiving a session setup request from the endpoint. The user name has been specified on the ACS.

No default value is set for this parameter.

ACS password

Specifies the password authenticated by the ACS after receiving a session setup request from the endpoint The password has been specified on the ACS.

No default value is set for this parameter.

ACS server IP address

Specifies the ACS URL, which can be based on an IP address or domain name.

  • IP address-based URL example: http://10.10.10.1:8086
  • Domain name-based URL example: http://company.acs.com:8086 (8086 indicates the ACS port number)

No default value is set for this parameter.

Report interval(s)

Specifies the interval at which the endpoint sends a session setup request to the ACS.

The default value is 1800.

It is recommended that this interval be shorter than the timeout period of the ACS. If this interval is longer than the timeout period, the ACS may be disconnected or the session status may not be updated in time after a session setup timeout.

CPE user name

Specifies the user name authenticated by the endpoint after receiving a session setup request from the ACS. The user name has been specified on the ACS.

The default value is admin.

CPE password

Specifies the password authenticated by the endpoint after receiving a session setup request from the ACS. The password has been specified on the ACS.

The default value is Change_Me.

In addition, it must include at least two of the following: uppercase letters, lowercase letters, digits, and special characters.

Authentication mode

Specifies the mode in which the endpoint will be authenticated when accessing to the network management system.

The default value is Digest.

If you set this parameter to None or Basic, the system will prompt you that the authentication mode poses security risks. For security purposes, set this parameter to Digest.

The default value is recommended.

STUN

Specifies whether to enable the Simple Traversal of UDP through NAT (STUN) function. If this function is enabled, the endpoint can perform private-to-public network traversal using the STUN server on the TR069 network.

NOTE:

If you set this parameter to Enable, you must also set STUN server IP address, STUN server port, STUN listen port, STUN user name, STUN password, and STUN keepalive period(s).

The default value is Disable.

STUN server IP address

Specifies the IP address of the STUN server.

No default value is set for this parameter.

Obtain the value of this parameter from the STUN server administrator.

STUN server port

Specifies the port number used by the STUN server to provide the private and public network traversal service.

The default value is 3478.

Obtain the value of this parameter from the STUN server administrator.

STUN listen port

Specifies the port provided by the endpoint for private and public service interaction with the STUN server.

The default value is 3000.

STUN User Name

STUN Password

Specifies the authentication user name and password of the STUN server.

No default value is set for this parameter.

Obtain the value of this parameter from the STUN server administrator.

It is recommended that the password contain at least 16 characters that consist of letters, digits, and special characters.

STUN keepalive period(s)

Specifies the interval at which the endpoint sends a session setup request to the STUN server.

The default value is 150.

Log collection

Specifies whether eSight is allowed to collect the endpoint's logs.

The default value is Disable.

CHR collection

Specifies whether session and media call history record (CHR) data can be collected for the endpoint.

The default value is Enable.

CHR collection interval

Specifies the interval at which the endpoint collects CHR data.

The default value is 300.

CHR reporting interval

Specifies the interval at which the endpoint reports media CHR data to eSight.

The default value is 300.

SSH and Telnet Login

The endpoint supports the Telnet login and Security Shell (SSH) login. Telnet is an insecure protocol. SSH is a cyber security protocol for remote access using the encryption and authentication mechanism in an insecure cyber environment. During SSH login, all user data is encrypted. To ensure the security, you are advised to use the SSH login.

  • You can log in to the endpoint through port 23 using Telnet. Telnet login is set to Do not allow by default.

    Telnet is an insecure communication protocol. You are advised to disable it. If you want to log in using Telnet, see Performing SSH Access Control.

  • You can log in to the endpoint through port 22 using SSH. SSH is set to Do not allow by default. If you want to log in using SSH, see Performing SSH Access Control.

SSH/Telnet login accounts are the same as web login accounts. For details, see Web Management Account.

Upgrade Password

The upgrade password is required when you use the upgrade tool to upgrade the endpoint.

By default, the upgrade password is Change_Me.

You are advised to change the password at the first login and regularly change the password afterward. On the web interface, choose System Settings > Security > Upgrade password, and change the password.

NOTE:
  • If the default upgrade password is used, a confirm dialog box will be displayed after you choose to upgrade your endpoint on its user interface or web interface. The upgrade will start only after you confirm it.
  • The product line can upgrade endpoints in batches using the upgrade tool. If the upgrade password uses the default value and after the default password is entered as prompted on the upgrade tool, no dialog box will be displayed, and the batch upgrade automatically starts.

AirPresence Password

The AirPresence password is used by an AirPresence client to connect to the endpoint. Users can download the AirPresence client from the endpoint web interface. After the AirPresence client successfully connects to the endpoint, users can connect the endpoint to presentation sources and share presentations without the use of any physical ports.

The default AirPresence password is Change_Me.

You are advised to change the password at the first login and regularly change the password afterward. The path for changing the password on the web interface is: System Settings > Security > AirPresence.

NOTE:

After being connected to the endpoint, the AirPresence client has the same rights as the api account. Keep the password secure.

AirPresence Whitelist

To enhance connection security, configure the AirPresence whitelist.

NOTE:

Before configuring the Wi-Fi hotspot whitelist, ensure that Connection over Wi-Fi only have been enabled.

Configure the AirPresence whitelist as follows:

  1. Choose System Settings > Security > AirPresence.
  2. Click Whitelist.
  3. Select Enable.

    You can modify the whitelist only after selecting Enable here.

  4. Click Add and set IP address and Mask length.
  5. Click OK. The settings take effect immediately.

Information Required for Connecting to the Videoconferencing Network Management System

The endpoint communicates with and is remotely managed by the videoconferencing network management system using SNMP.

The videoconferencing network management system implements the following:

  • Sets endpoint parameters, such as H.323 and SIP.
  • Checks endpoint alarms.
  • Backs up and restores endpoint settings.
  • Upgrades the endpoint online.

To remotely manage the endpoint from the videoconferencing network management system, log in to the web interface of the endpoint, choose System Settings > Network > SNMP Settings, and set SNMP parameters, as shown in Table 3-3.

NOTE:

To secure your account, it is recommended that you change the password upon the first login and regularly change the password afterwards. The password you set on the endpoint must be the same as that set in the videoconferencing network management system.

Table 3-3 Information required for connecting to the videoconferencing network management system

Parameter

Default Setting

Description

Remarks

Common Settings

Enable SNMP

Enable

Indicates whether to enable SNMP.

When the endpoint is used as a client, the parameter settings must be the same as those in the videoconferencing network management system.

Trap server address 1

-

Indicates the videoconferencing network management server address used by the endpoint to report alarms.

Trap server address 2

-

Trap server address 3

-

Trap server port 1

162

Indicates the videoconferencing network management server port number used by the endpoint to report alarms.

Trap server port 2

162

Trap server port 3

162

Trap version

v3 trap

Indicates the SNMP server version.

User name

trapinit

Indicates the credential that the endpoint uses to report alarms to the videoconferencing network management server.

Engine ID

-

Used to authenticate trap information reported by the endpoint.

Authentication protocol

SHA

Indicates the authentication mode and password for connecting the videoconferencing network management system to your endpoint.

Authentication password

Change_Me

Encryption protocol

AES

Indicates the encryption protocol and password for connecting the videoconferencing network management system to your endpoint.

Encryption password

Change_Me

SNMPv3 Authentication information

User name

v3user

Indicates the credential that the videoconferencing network management server uses to obtain endpoint settings.

When the videoconferencing network management server is used as a client, the parameter settings must be the same as those on the endpoint.

User rights

Read and write

Indicates the rights that the videoconferencing network management server uses to obtain endpoint settings.

Authentication protocol

SHA

Indicates the authentication mode and password for connecting the videoconferencing network management system to your endpoint.

When the videoconferencing network management server is used as a client, the parameter settings must be the same as those on the endpoint.

When the videoconferencing network management system attempts to connect to your endpoint, Authentication protocol and Authentication password set on your endpoint are required.

Authentication password

Change_Me

Encryption protocol

AES

Indicates the encryption protocol and password for connecting the videoconferencing network management system to your endpoint.

When the videoconferencing network management server is used as a client, the parameter settings must be the same as those on the endpoint.

Encryption password

Change_Me

Wi-Fi Hotspot Names and Passwords

After the Wi-Fi hotspot on the TE20 is turned on, devices such as smartphones and laptops can connect to the Wi-Fi network through this hotspot.

NOTE:

Before using the Wi-Fi hotspot function, ensure that the Wi-Fi function is enabled and functions properly. To improve device security, set a password at your first login and regularly change the password afterward.

Table 3-4 describes the requirements on the Wi-Fi hotspot name and password settings.

Table 3-4 Wi-Fi hotspot names and passwords

Default Wi-Fi Hotspot Name

Password

Description

Remarks

TE20_wifi_ap+6-digit number

The requirements on setting the Wi-Fi hotspot password depend on the setting of Encryption mode. When Access via password is set to Disable, users can directly connect to the Wi-Fi hotspot without entering any passwords. When Access via password is set to Enable, a password consisting of 8 to 63 characters must be set for the Wi-Fi hotspot.

The devices, such as tablets, and PCs, can access a Wi-Fi network by connecting to the endpoint.

After you select Disable for Access via passcode, the message indicating that use of this option will pose a risk to system security is displayed. The recommended option is Enable.

Setting the Wi-Fi hotspot name and password as follows:

  • If you are using the remote control, choose System Settings > Network > Wi-Fi Settings and select Wi-Fi Hotspot. Then set SSID Number, set Access via password to Enable, and then set Password.
  • If you are using the web interface, choose System Settings > Network > Wi-Fi Settings and set Wi-Fi Hotspot to Enable. Then set SSID Number, set Access via password to Enable, and then set Password.

Wi-Fi Hotspot Whitelist

To enhance connection security, configure the Wi-Fi hotspot whitelist.

NOTE:

Before configuring the Wi-Fi hotspot whitelist, ensure that Wi-Fi hotspots have been enabled.

Configure the Wi-Fi hotspot whitelist as follows:

  1. Choose System Settings > Network > Wi-Fi Settings, and click the Wi-Fi hotspot tab.
  2. Click Whitelist.
  3. Select Enable.

    You can modify the whitelist only after selecting Enable here.

  4. Click Add and add MAC address.
  5. Click OK. The settings take effect immediately.
Translation
Download
Updated: 2019-06-15

Document ID: EDOC1100044520

Views: 13677

Downloads: 17

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next