No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Interface Management

AR100, AR120, AR160, AR1200, AR2200, AR3200, and AR3600 V300R003

This document provides the basic concepts, configuration procedures, and configuration examples of the interfaces supported by the device.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Authentication Parameters

Configuring Authentication Parameters

Context

An OLT authenticates validity and identity of each ONU to prevent access from unauthorized ONUs. An EPON system supports the following ONU authentication modes:

Table 20-2  Comparison of ONU authentication modes in an EPON system

Authentication Mode

Description

Advantage

Disadvantage

Usage Scenario

Physical identifier authentication

The OLT authenticates an ONU by checking the MAC address of the ONU.

It is simple to configure and reliable. After an ONU passes the authentication, the MAC address used for authentication cannot be changed.

When an ONU fails and needs to be replaced by a new one, the MAC address of the new ONU must be configured on the OLT, so this mode is not flexible.

Networks requiring high security

Logical identifier (LOID) authentication

The OLT authenticates an ONU by checking the LOID and check code of the ONU. You can configure the OLT to check only the LOID, or check both the LOID and check code.

You do not need to configure new logical identifiers when users change their physical locations. The OLT can be configured to check only the LOID or check both the LOID and check code, implementing flexible access.

When two ONUs use the same logical identifier, the OLT allows the one that passes the authentication earlier to go online. Therefore, if an unauthorized ONU has gone online by using the logical identifier of an authorized ONU, the authorized ONU cannot go online.

Networks requiring flexible access

Password authentication

This is a Huawei proprietary authentication mode. When this mode is used, the OLT must be a Huawei device.

It is simple to configure and you do not need to configure new passwords when users change their physical locations.

The OLT must be a Huawei device and support password authentication.

Networks requiring flexible access

An EPON system supports physical identifier authentication, LOID authentication, and password authentication. The three authentication modes can be used separately or jointly. All the authentication parameters are pre-configured on the OLT and cannot be modified on the ONU. If the authentication parameters are not pre-configured, the ONU cannot be successfully authenticated. Therefore, you can configure authentication parameters on the ONU according to the authentication mode.

Procedure

  • Configure physical identifier authentication (MAC address authentication).
    1. Run system-view

      The system view is displayed.

    2. Run interface pon interface-number

      The PON interface view is displayed.

    3. Run epon-mac-address mac-address

      The MAC address used for authentication is specified.

    The MAC address cannot be changed after the ONU is authenticated.

  • Configure logical identifier authentication.
    1. Run system-view

      The system view is displayed.

    2. Run interface pon interface-number

      The PON interface view is displayed.

    3. Run epon-loid loid

      The LOID used for logical identifier authentication is configured.

    4. Run epon-checkcode checkcode

      The check code used for logical identifier authentication is configured.

    NOTE:

    You can configure the OLT to check only the LOID, or check both the LOID and check code. When step 3 and step 4 are configured, the router will check both the LOID and check code.

  • Configure password authentication.
    1. Run system-view

      The system view is displayed.

    2. Run interface pon interface-number

      The PON interface view is displayed.

    3. Run epon-password cipher password

      The password used for password authentication is configured.

    NOTE:

    Password authentication is a Huawei proprietary authentication mode. When this mode is used, the OLT must be a Huawei device.

Translation
Download
Updated: 2019-03-06

Document ID: EDOC1100069331

Views: 20889

Downloads: 93

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next