SupportDocumentationRoutersAccess RoutersAR600&6100&6200&6300Configuration & CommissioningConfiguration Guide

NetEngine AR600, AR6100, AR6200, and AR6300 V300R019 CLI-based Configuration Guide - Interface Management

Configuring Authentication Parameters

Configuring Authentication Parameters

Context

An OLT authenticates validity and identity of each ONU to prevent access from unauthorized ONUs. An EPON system supports the following ONU authentication modes:

Table 21-2 Comparison of ONU authentication modes in an EPON system

Authentication Mode

Description

Advantage

Disadvantage

Usage Scenario

Physical identifier authentication

The OLT authenticates an ONU by checking the MAC address of the ONU.

It is simple to configure and reliable. After an ONU passes the authentication, the MAC address used for authentication cannot be changed.

When an ONU fails and needs to be replaced by a new one, the MAC address of the new ONU must be configured on the OLT, so this mode is not flexible.

Networks requiring high security

Logical identifier (LOID) authentication

The OLT authenticates an ONU by checking the LOID and check code of the ONU. You can configure the OLT to check only the LOID, or check both the LOID and check code.

You do not need to configure new logical identifiers when users change their physical locations. The OLT can be configured to check only the LOID or check both the LOID and check code, implementing flexible access.

When two ONUs use the same logical identifier, the OLT allows the one that passes the authentication earlier to go online. Therefore, if an unauthorized ONU has gone online by using the logical identifier of an authorized ONU, the authorized ONU cannot go online.

Networks requiring flexible access

Password authentication

This is a Huawei proprietary authentication mode. When this mode is used, the OLT must be a Huawei device.

It is simple to configure and you do not need to configure new passwords when users change their physical locations.

The OLT must be a Huawei device and support password authentication.

Networks requiring flexible access

An EPON system supports physical identifier authentication, LOID authentication, and password authentication. The three authentication modes can be used separately or jointly. All the authentication parameters are pre-configured on the OLT and cannot be modified on the ONU. If the authentication parameters are not pre-configured, the ONU cannot be successfully authenticated. Therefore, you can configure authentication parameters on the ONU according to the authentication mode.

Procedure

  • Configure physical identifier authentication (MAC address authentication).
    1. Run system-view

      The system view is displayed.

    2. Run interface pon interface-number

      The PON interface view is displayed.

    3. Run epon-mac-address mac-address

      The MAC address used for authentication is specified.

    The MAC address cannot be changed after the ONU is authenticated.

  • Configure logical identifier authentication.
    1. Run system-view

      The system view is displayed.

    2. Run interface pon interface-number

      The PON interface view is displayed.

    3. Run epon-loid loid

      The LOID used for logical identifier authentication is configured.

    4. Run epon-checkcode checkcode

      The check code used for logical identifier authentication is configured.

    You can configure the OLT to check only the LOID, or check both the LOID and check code. When step 3 and step 4 are configured, the router will check both the LOID and check code.

  • Configure password authentication.
    1. Run system-view

      The system view is displayed.

    2. Run interface pon interface-number

      The PON interface view is displayed.

    3. Run epon-password cipher password

      The password used for password authentication is configured.

    Password authentication is a Huawei proprietary authentication mode. When this mode is used, the OLT must be a Huawei device.