No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

HUAWEI Bar 500 V600R019C00 Maintenance Guide

Describes how to maintain, and troubleshoot the Videoconferencing Endpoint.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Application Layer Account List

Application Layer Account List

This section describes application layer accounts and their default passwords, functions, and configuration methods. To ensure account security, you are advised to change the password at the first login and regularly change the password afterward.

Web Management Account

Two web login accounts are available: admin and api. Keep your administrator account and password secure to prevent personal information disclosure.

Both the admin and api accounts:

  • Support web login, Telnet login, and SSH login.
  • Modify all configuration items.
  • Change the name and password of each other. Besides, the two accounts have the same name length and password policies.

The difference is that the api account is not only used for web login but also used for connections from third parties, for example, SMC.

Table 3-1 lists the default user names and passwords for admin, and api accounts.

Table 3-1 admin and api accounts

Account Name

Default Password

Function

Remarks

admin

Change_Me

Web Administrator account.

To ensure account security, you are advised to change the password at the first login and regularly change the password afterward.

On the web interface, choose System Settings > General > Personal, and change the user name and password.

api

Change_Me

Account used for web interface login and connections from third parties, for example, SMC

System Connection Whitelist

The whitelist helps enhance videoconferencing security. After you configure a whitelist, only devices with the IP addresses specified in the whitelist can connect to the endpoint.

Set the whitelist under the guidance of technical support engineers.

The endpoint whitelist is empty by default. That is, all IP addresses are allowed to connect to the endpoint. If the endpoint is deployed on a public network, it is recommended that you add frequently-used IP addresses or IP address segments to the whitelist. This approach helps defend against potential network threats, such as flood attack and slow HTTP attack. You must add the IP addresses of the following devices to the whitelist:

  • PC that is used to access the endpoint web interface
  • Videoconferencing MCU
  • SMC2.0

To set the whitelist on the web interface, perform the following steps:

  1. Choose System Settings > Whitelist.
  2. Select Enable.

    If Enable is deselected, the whitelist is invalid. That is, all IP addresses are allowed to connect to the endpoint. You can modify the whitelist only after selecting Enable here.

  3. Click Add and set IP address and Mask length.
  4. Click OK. The settings take effect immediately.

TR069 Connection Credential and Account

The TR069 server is connected to centrally manage endpoints.

To centrally manage endpoints on the TR069 server, log in to the web interface, choose System Settings > Registration > TR069, and set the TR069 parameters listed in Table 3-2.

Table 3-2 TR069 parameters

Parameter

Description

Setting

TR069

Specifies whether to enable the TR069 function. If this function is enabled, the endpoint will send a session setup request to the Auto-Configuration Server (ACS). Start the ACS before enabling the TR069 function.

NOTE:

If you set this parameter to Enable, you must also set ACS user name, ACS password, ACS server IP address, Report interval(s), CPE user name, CPE password, and Authentication mode.

The default value is Disable.

ACS user name

Specifies the user name authenticated by the ACS after receiving a session setup request from the endpoint. The user name has been specified on the ACS.

No default value is set for this parameter.

ACS password

Specifies the password authenticated by the ACS after receiving a session setup request from the endpoint. The password has been specified on the ACS.

No default value is set for this parameter.

ACS server IP address

Specifies the ACS URL, which can be based on an IP address or domain name.

  • IP address-based URL example: http://10.10.10.1:8086
  • Domain name-based URL example: http://company.acs.com:8086 (8086 indicates the ACS port number)

No default value is set for this parameter.

Report interval(s)

Specifies the interval at which the endpoint sends a session setup request to the ACS.

The default value is 1800.

It is recommended that this interval be shorter than the timeout period of the ACS. If this interval is longer than the timeout period, the ACS may be disconnected or the session status may not be updated in time after a session setup timeout.

CPE user name

Specifies the user name authenticated by the endpoint after receiving a session setup request from the ACS. The user name has been specified on the ACS.

The default value is admin.

CPE password

Specifies the password authenticated by the endpoint after receiving a session setup request from the ACS. The password has been specified on the ACS.

The default value is Change_Me.

In addition, it must include at least two of the following: uppercase letters, lowercase letters, digits, and special characters.

Authentication mode

Specifies the mode in which the endpoint will be authenticated when accessing to the network management system.

The default value is Digest.

If you set this parameter to None or Basic, the system will prompt you that the authentication mode poses security risks. For security purposes, set this parameter to Digest. The default value is recommended.

STUN

Specifies whether to enable the Simple Traversal of UDP through NAT (STUN) function. If this function is enabled, the endpoint can perform private-to-public network traversal using the STUN server on the TR069 network.

NOTE:

If you set this parameter to Enable, you must also set STUN server IP address, STUN server port, STUN listen port, STUN user name, STUN password, and STUN keep-alive period(s).

The default value is Disable.

STUN server IP address

Specifies the IP address of the STUN server.

No default value is set for this parameter.

Obtain the value of this parameter from the STUN server administrator.

STUN server port

Specifies the port number used by the STUN server to provide the private and public network traversal service.

The default value is 3478.

Obtain the value of this parameter from the STUN server administrator.

STUN listen port

Specifies the port provided by the endpoint for private and public service interaction with the STUN server.

The default value is 3000.

STUN user name

STUN password

Specifies the authentication user name and password of the STUN server.

No default value is set for this parameter.

Obtain the value of this parameter from the STUN server administrator.

It is recommended that the password contain at least 16 characters that consist of letters, digits, and special characters.

STUN keep-alive period(s)

Specifies the interval at which the endpoint sends a session setup request to the STUN server.

The default value is 150.

Log collection

Specifies whether eSight is allowed to collect the endpoint's logs.

The default value is Enable.

CHR Switch

Specifies whether session and media call history record (CHR) data can be collected for the endpoint.

After this function is enabled, the endpoint automatically collects call information, generates session and media CHR data, and periodically reports the data to eSight.

The default value is Disable.

CHR collection period (s)

Specifies the interval at which the endpoint collects CHR data.

The default value is 300.

CHR reporting period (s)

Specifies the interval at which the endpoint reports media CHR data to eSight.

The default value is 300.

uPortal Connection Credential and Account

The uPortal server is connected for an endpoint to initiate data conferences.

To allow an endpoint to initiate data conferences, log in to the web interface of the endpoint, choose System Settings > Registration > uPortal, and set uPortal parameters, as shown in Table 3-3.

Table 3-3 uPortal parameters

Parameter

Description

Setting

Server address

Specifies the address of the uPortal server.

No default value is set for this parameter.

User name

Specifies the user name authenticated by the uPortal server after receiving a connection request from the endpoint. The user name has been specified on the uPortal server.

No default value is set for this parameter.

Password

Specifies the password authenticated by the uPortal server after receiving a connection request from the endpoint. The password has been specified on the uPortal server.

No default value is set for this parameter.

Mail Server Connection Credential and Account

The mail server is used to send meeting minutes and other information to a user's email address.

To allow an endpoint to send meeting minutes and other information to a user's email address, log in to the web interface of the endpoint, choose System Settings > General > Email, and set email parameters, as shown in Table 3-4.

Table 3-4 Email parameters

Parameter

Description

Setting

Email server address

Specifies the IP address of the mail server.

No default value is set for this parameter.

Email server port

Specifies the port for communicating with the mail server.

The default value is 25.

Security protocol

Specifies the security protocol used for email transmission.

  • None: No security protocol is used for encryption.

  • TLS: Use TLS to implement email transmission security. If you select this option, you need to import a root certificate when your endpoint registers with the mail server.

  • STARTTLS: Use STARTTLS to implement email transmission security. If you select this option, you need to import a root certificate when your endpoint registers with the mail server.

If you select NONE, security risks exist. Select TLS or STARTTLS based on the encryption type of the mail server.

The default value is STARTTLS.

Email address

Specifies the email address of a sender.

No default value is set for this parameter.

User name

Specifies the user name used by the endpoint to register with the mail server.

This user name must be the same as that added on the mail server.

No default value is set for this parameter.

Password

Specifies the password your endpoint uses to register with the mail server.

For successful authentication on the mail server, this password set on your endpoint must be the same as that set on the mail server.

No default value is set for this parameter.

Nickname

Specifies the nickname displayed when the endpoint sends an email through the mail server.

No default value is set for this parameter.

Set this parameter based on the plan. If this parameter is left empty, the default value in the mail server system is used.

SSH and Telnet Login

The endpoint supports the Telnet login and Secure Shell (SSH) login. Telnet is an insecure protocol. SSH is a cyber security protocol for remote access using the encryption and authentication mechanism in an insecure cyber environment. During SSH login, all user data is encrypted. To ensure the security, you are advised to use the SSH login.

  • You can log in to the endpoint through port 23 using Telnet. Telnet login is set to Do not allow by default.

    Telnet is an insecure communication protocol. You are advised to disable Telnet login. If you want to log in using Telnet, see Performing SSH Access Control.

  • You can log in to the endpoint through port 22 using SSH. SSH is set to Do not allow by default. If you want to log in using SSH, see Performing SSH Access Control.

SSH/Telnet login accounts are the same as web login accounts. For details, see Web Management Account.

Upgrade Password

The upgrade password is required when you use the upgrade tool to upgrade the endpoint.

By default, the upgrade password is Change_Me.

You are advised to change the password at the first login and regularly change the password afterward. On the web interface, choose System Settings > Security > Upgrade password, and change the password.

NOTE:
  • If the default upgrade password is used, a confirm dialog box will be displayed after you choose to upgrade your endpoint on its web interface. The upgrade will start only after you confirm it.
  • The product line can upgrade endpoints in batches using the upgrade tool. If the upgrade password uses the default value and after the default password is entered as prompted on the upgrade tool, no dialog box will be displayed, and the batch upgrade automatically starts.

Information Required for Connecting to the Videoconferencing Network Management System

The endpoint communicates with and is remotely managed by the videoconferencing network management system using SNMP.

The videoconferencing network management system implements the following:

  • Sets endpoint parameters, such as H.323 and SIP.
  • Checks endpoint alarms.
  • Backs up and restores endpoint settings.
  • Upgrades the endpoint online.

To remotely manage the endpoint from the videoconferencing network management system, log in to the web interface of the endpoint, choose System Settings > Registration > SNMP, and set SNMP parameters, as shown in Table 3-5.

NOTE:

To secure your account, it is recommended that you change the password upon the first login and regularly change the password afterwards. The password you set on the endpoint must be the same as that set in the videoconferencing network management system.

Table 3-5 Information required for connecting to the videoconferencing network management system

Parameter

Default Setting

Description

Remarks

Common Settings

Enable SNMP

Enable

Indicates whether to enable SNMP.

When the endpoint is used as a client, the parameter settings must be the same as those in the videoconferencing network management system.

Trap server address 1

-

Indicates the videoconferencing network management server port number used by the endpoint to report alarms.

Trap server address 2

-

Trap server address 3

-

Trap server port 1

162

Indicates the videoconferencing network management server port number used by the endpoint to report alarms.

Trap server port 2

162

Trap server port 3

162

Trap version

v3 trap

Indicates the SNMP server version.

User name

trapinit

Indicates the credential that the endpoint uses to report alarms to the videoconferencing network management server.

Engine ID

-

Used to authenticate trap information reported by the endpoint.

Authentication protocol

SHA

Indicates the authentication mode and password for connecting the videoconferencing network management system to your endpoint.

Authentication password

Change_Me

Encryption protocol

AES

Indicates the encryption protocol and password for connecting the videoconferencing network management system to your endpoint.

Encryption password

Change_Me

SNMPv3 Authentication information

User name

v3user

Indicates the credential that the videoconferencing network management server uses to obtain endpoint settings.

When the videoconferencing network management server is used as a client, the parameter settings must be the same as those on the endpoint.

User rights

Read and write

Indicates the rights that the videoconferencing network management server uses to obtain endpoint settings.

Authentication protocol

SHA

Indicates the authentication mode and password for connecting the videoconferencing network management system to your endpoint.

When the videoconferencing network management server is used as a client, the parameter settings must be the same as those on the endpoint.

When the videoconferencing network management system attempts to connect to your endpoint, Authentication protocol and Authentication password set on your endpoint are required.

Authentication password

Change_Me

Encryption protocol

AES

Indicates the encryption protocol and password for connecting the videoconferencing network management system to your endpoint.

When the videoconferencing network management server is used as a client, the parameter settings must be the same as those on the endpoint.

Encryption password

Change_Me

Wi-Fi Hotspot Names and Passwords

After the Wi-Fi hotspot on the endpoint is turned on, devices such as smartphones and laptops can connect to the Wi-Fi network through this hotspot.

NOTE:

To improve device security, set a password at your first login and regularly change the password afterward.

Table 3-6 describes the requirements on the Wi-Fi hotspot name and password settings.

Table 3-6 Wi-Fi hotspot names and passwords

Default Wi-Fi Hotspot Name

Password

Description

Remarks

HUAWEI Bar500_wifi_ap_Random number

The requirements on setting the Wi-Fi hotspot password depend on the setting of Encryption mode. When Access via password is set to Disable, users can directly connect to the Wi-Fi hotspot without entering any passwords. When Access via password is set to Enable, a password consisting of 8 to 63 characters must be set for the Wi-Fi hotspot.

The devices, such as tablets, and PCs, can access a Wi-Fi network by connecting to the endpoint.

After you select Disable for Access via passcode, the message indicating that use of this option will pose a risk to system security is displayed. The recommended option is Enable.

Setting the Wi-Fi hotspot SSID and password as follows:

  • Web interface: Choose System Settings > Network > Wi-Fi, enable Wi-Fi Hotspot, set SSID number, enable Access via password, and set Password.
  • Touch: Go to Settings > Advanced Settings > Wi-Fi Hotspot, enable Wi-Fi Hotspot, set SSID, enable Password, and set Authentication password.

Wi-Fi Hotspot Whitelist

To enhance connection security, configure the Wi-Fi hotspot whitelist.

NOTE:

Before configuring the Wi-Fi hotspot whitelist, ensure that Wi-Fi hotspots have been enabled.

Configure the Wi-Fi hotspot whitelist as follows:

  1. Choose System Settings > Network > Wi-Fi.
  2. In the Wi-Fi hotspot area, click Whitelist.
  3. Select Enable.

    You can modify the whitelist only after selecting Enable here.

  4. Click Add and add MAC address.
  5. Click OK. The settings take effect immediately.
Translation
Download
Updated: 2019-06-25

Document ID: EDOC1100054964

Views: 8305

Downloads: 9

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next