12-Network Management and Monitoring Configuration Guide

HomeSupportResource CenterSwitchesS7500E SeriesS7500E SeriesTechnical DocumentsConfigure & DeployConfiguration GuidesH3C S7500E Switch Series Configuration Guides-R757X-GL-6W10012-Network Management and Monitoring Configuration Guide
16-CWMP configuration
Title Size Download
16-CWMP configuration 139.12 KB

Configuring CWMP

Overview

CPE WAN Management Protocol (CWMP), also called "TR-069," is a DSL Forum technical specification for remote management of home network devices.

The protocol was initially designed to provide remote autoconfiguration through a server for large numbers of dispersed end-user devices in DSL networks. However, it has been increasingly used on other types of networks, including Ethernet, for remote autoconfiguration.

CWMP network framework

Figure 1 shows a basic CWMP network framework.

Figure 1 CWMP network framework

 

A basic CWMP network includes the following network elements:

·     ACS—Autoconfiguration server, the management device in the network.

·     CPE—Customer premises equipment, the managed device in the network.

·     DNS server—Domain name system server. CWMP defines that the ACS and the CPE use URLs to identify and access each other. DNS is used to resolve the URLs.

·     DHCP server—Assigns ACS attributes along with IP addresses to CPEs when the CPEs are powered on. DHCP server is optional in CWMP. With a DHCP server, you do not need to configure ACS attributes manually on each CPE. The CPEs contact the ACS automatically when they are powered on for the first time.

The device is operating as a CPE in the CWMP framework.

Basic CWMP functions

You can autoconfigure and upgrade CPEs in bulk from the ACS.

Autoconfiguration

You can create configuration files for different categories of CPEs on the ACS.

The following are methods available for the ACS to issue configuration to the CPE:

·     Transfers the configuration file to the CPE, and specifies the file as the next-startup configuration file. At a reboot, the CPE starts up with the ACS-specified configuration file.

·     Runs the configuration in the CPE's RAM. The configuration takes effect immediately on the CPE. For the running configuration to survive a reboot, you must save the configuration on the CPE.

Software image management

The ACS can manage CPE software upgrade.

When the ACS finds a software version update, the ACS notifies the CPE to download the software image file from a specific location. The location can be the URL of the ACS or an independent file server.

The CPE notifies the ACS of the download result (success or failure) when it completes a download attempt. The CPE downloads the specified image file only when the file passes validity verification.

Data backup

The ACS can require the CPE to upload a configuration or log file to a specific location. The destination location can be the ACS or a file server.

Status and performance monitoring

The CPE allows the ACS to monitor the status and performance objects in Table 1.

Table 1 CPE status and performance objects available for the ACS to monitor

Category

Objects

Device information

Manufacturer

ManufacturerOUI

SerialNumber

HardwareVersion

SoftwareVersion

Operating status and information

DeviceStatus

UpTime

Configuration file

ConfigFile

CWMP settings

ACS URL

ACS username

ACS password

PeriodicInformEnable

PeriodicInformInterval

PeriodicInformTime

ConnectionRequestURL (CPE URL)

ConnectionRequestUsername (CPE username)

ConnectionRequestPassword (CPE password)

 

How CWMP works

CWMP uses remote procedure call (RPC) methods for bidirectional communication between CPE and ACS. The RPC methods are encapsulated in HTTP or HTTPS.

RPC methods

Table 2 shows the primary RPC methods used in CWMP.

Table 2 RPC methods

RPC method

Description

Get

The ACS obtains the values of parameters on the CPE.

Set

The ACS modifies the values of parameters on the CPE.

Inform

The CPE sends an Inform message to the ACS for the following purposes:

·     Initiates a connection to the ACS.

·     Reports configuration changes to the ACS.

·     Periodically updates CPE settings to the ACS.

Download

The ACS requires the CPE to download a configuration or software image file from a specific URL for software or configuration update.

Upload

The ACS requires the CPE to upload a file to a specific URL.

Reboot

The ACS reboots the CPE remotely for the CPE to complete an upgrade or recover from an error condition.

 

Autoconnect between ACS and CPE

The CPE automatically initiates a connection to the ACS when one of the following events occurs:

·     ACS URL change. The CPE initiates a connection request to the new ACS URL.

·     CPE startup. The CPE initiates a connection to the ACS after the startup.

·     Timeout of the periodic Inform interval. The CPE re-initiates a connection to the ACS at the Inform interval.

·     Expiration of the scheduled connection initiation time. The CPE initiates a connection to the ACS at the scheduled time.

CWMP connection establishment

As shown in Figure 2, the CPE and the ACS use the following process to establish a connection:

1.     After obtaining the basic ACS parameters, the CPE initiates a TCP connection to the ACS.

2.     If HTTPS is used, the CPE and the ACS initialize SSL for a secure HTTP connection.

3.     The CPE sends an Inform message in HTTPS to initiate a CWMP session.

4.     After the CPE passes authentication, the ACS returns an Inform response to establish the session.

5.     After sending all requests, the CPE sends an empty HTTP post message.

6.     If the ACS wants to point the CPE to a new ACS URL, the ACS queries the ACS URL set on the CPE.

7.     The CPE replies with its ACS URL setting.

8.     The ACS sends a Set request to modify the ACS URL on the CPE.

9.     After the ACS URL is modified, the CPE sends a response.

10.     The ACS sends an empty HTTP message to notify the CPE that it has no other requests.

11.     The CPE closes the connection, and then initiates a new connection to the new ACS URL.

Figure 2 CWMP message interaction procedure

 

Configuration task list

To use CWMP, you must enable CWMP from the CLI. You can then configure ACS and CPE attributes from the CPE's CLI, the DHCP server, or the ACS.

For an attribute, the CLI- and ACS-assigned values have higher priority than the DHCP-assigned value. The CLI- and ACS-assigned values overwrite each other, whichever is assigned later.

This document only describes configuring ACS and CPE attributes from the CLI and DHCP server. For more information about configuring and using the ACS, see ACS documentation.

To configure CWMP, perform the following tasks:

 

Tasks at a glance

Remarks

(Required.) Enabling CWMP from the CLI

To use CWMP, you must enable CWMP from the CLI.

Configuring ACS attributes:

·     (Required.) Configuring the preferred ACS attributes

¡     Assigning ACS attributes from the DHCP server

¡     Configuring the preferred ACS attributes from the CLI

·     (Optional.) Configuring the default ACS attributes from the CLI

The preferred ACS attributes are configurable from the CPE's CLI, DHCP server, and ACS.

The default ACS attributes are configurable only from the CLI.

(Optional.) Configuring CPE attributes:

·     Configuring ACS authentication parameters

·     Configuring the provision code

·     Configuring the CWMP connection interface

·     Configuring autoconnect parameters

¡     Configuring the periodic Inform feature

¡     Scheduling a connection initiation

¡     Setting the maximum number of connection retries

¡     Setting the close-wait timer

·     Enabling NAT traversal for the CPE

·     Specifying an SSL client policy for HTTPS connection to ACS

All CPE attributes are configurable from the CLI and ACS except for the following attributes:

·     CWMP connection interface

·     NAT traversal

·     Maximum number of connection retries

·     SSL client policy for HTTPS

These attributes are configurable only from the CLI.

 

Enabling CWMP from the CLI

You must enable CWMP for other CWMP settings to take effect, whether they are configured from the CLI, or assigned through the DHCP server or ACS.

To enable CWMP:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter CWMP view.

cwmp

N/A

3.     Enable CWMP.

cwmp enable

By default, CWMP is disabled.

 

Configuring ACS attributes

You can configure two sets of ACS attributes for the CPE: preferred and default.

·     The preferred ACS attributes are configurable from the CPE's CLI, the DHCP server, and ACS. For an attribute, the CLI- and ACS-assigned values have higher priority than the DHCP-assigned value. The CLI- and ACS-assigned values overwrite each other.

·     The default ACS attributes are configurable only from the CLI.

The CPE uses the default ACS attributes for connection establishment only when it is not assigned a preferred ACS URL from the CLI, ACS, or DHCP server.

Configuring the preferred ACS attributes

Assigning ACS attributes from the DHCP server

You can use DHCP option 43 to assign the ACS URL and ACS login authentication username and password.

If the DHCP server is an H3C device, you can configure DHCP option 43 by using the option 43 hex 01length URL username password command.

·     length—A hexadecimal number that indicates the total length of the length, URL, username, and password arguments, including the spaces between these arguments. No space is allowed between the 01 keyword and the length value.

·     URL—ACS URL.

·     username—Username for the CPE to authenticate to the ACS.

·     password—Password for the CPE to authenticate to the ACS.

 

 

NOTE:

The ACS URL, username and password must use the hexadecimal format and be space separated.

 

The following example configures the ACS address as http://169.254.76.31:7547, username as 1234, and password as 5678:

<Sysname> system-view

[Sysname] dhcp server ip-pool 0

[Sysname-dhcp-pool-0] option 43 hex 0123687474703A2F2F3136392E3235342E37362E33313A3735343720313233342035363738

Table 3 Hexadecimal forms of the ACS attributes

Attribute

Attribute value

Hexadecimal form

Length

35 characters

23

ACS URL

http://169.254.76.31:7547

687474703A2F2F3136392E3235342E37362E33313A3735343720

NOTE:

The two ending digits (20) represent the space.

ACS connect username

1234

3132333420

NOTE:

The two ending digits (20) represent the space.

ACS connect password

5678

35363738

 

For more information about DHCP and DHCP Option 43, see layer 3—IP Services Configuration Guide.

Configuring the preferred ACS attributes from the CLI

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter CWMP view.

cwmp

N/A

3.     Configure the preferred ACS URL.

cwmp acs url url

By default, no preferred ACS URL has been configured.

4.     Configure the username for authentication to the preferred ACS URL.

cwmp acs username username

By default, no username has been configured for authentication to the preferred ACS URL.

5.     (Optional.) Configure the password for authentication to the preferred ACS URL.

cwmp acs password { cipher | simple } string

By default, no password has been configured for authentication to the preferred ACS URL.

 

Configuring the default ACS attributes from the CLI

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter CWMP view.

cwmp

N/A

3.     Configure the default ACS URL.

cwmp acs default url url

By default, no default ACS URL has been configured.

4.     Configure the username for authentication to the default ACS URL.

cwmp acs default username username

By default, no username has been configured for authentication to the default ACS URL.

5.     (Optional.) Configure the password for authentication to the default ACS URL.

cwmp acs default password { cipher | simple } string

By default, no password has been configured for authentication to the default ACS URL.

 

Configuring CPE attributes

You can assign CPE attribute values to the CPE from the CPE's CLI or the ACS. The CLI- and ACS-assigned values overwrite each other, whichever is assigned later.

For more information about the configuration methods supported for each CPE attribute, see "Configuration task list."

Configuring ACS authentication parameters

To protect the CPE against unauthorized access, configure a CPE username and password for ACS authentication. When an ACS initiates a connection to the CPE, the ACS must provide the correct username and password.

 

 

NOTE:

The password setting is optional. You can specify only a username for authentication.

 

To configure ACS authentication parameters:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter CWMP view.

cwmp

N/A

3.     Configure the username for authentication to the CPE.

cwmp cpe username username

By default, no username has been configured for authentication to the CPE.

4.     (Optional.) Configure the password for authentication to the CPE.

cwmp cpe password { cipher | simple } string

By default, no password has been configured for authentication to the CPE.

 

Configuring the provision code

The ACS can use the provision code to identify services assigned to each CPE. For correct configuration deployment, make sure the same provision code is configured on the CPE and the ACS. For information about the support of your ACS for provision codes, see the ACS documentation.

To configure the provision code:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter CWMP view.

cwmp

N/A

3.     Configure the provision code.

cwmp cpe provision-code provision-code

The default provision code is PROVISIONINGCODE.

 

Configuring the CWMP connection interface

The CWMP connection interface is the interface that the CPE uses to communicate with the ACS. To establish a CWMP connection, the CPE sends the IP address of this interface in the Inform messages, and the ACS replies to this IP address.

Typically, the CPE selects the CWMP connection interface automatically. If the CWMP connection interface is not the interface that connects the CPE to the ACS, the CPE fails to establish a CWMP connection with the ACS. For example, an incorrect CWMP connection interface selection occurs when the following conditions exist:

·     The CPE has multiple Layer 3 interfaces.

·     The IP addresses of the CWMP connection interface and the ACS are not in the same subnet.

In this case, you need to perform this task to manually set the CWMP connection interface.

To configure the CWMP connection interface:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter CWMP view.

cwmp

N/A

3.     Specify the interface that connects to the ACS as the CWMP connection interface.

cwmp cpe connect interface interface-type interface-number

By default, no CWMP connection interface is specified.

 

Configuring autoconnect parameters

You can configure the CPE to connect to the ACS periodically, or at a schedule time for configuration or software update. To protect system resources, limit the number of retries that the CPE can make to connect to the ACS.

Configuring the periodic Inform feature

To connect to the ACS periodically for CPE information update:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter CWMP view.

cwmp

N/A

3.     Enable the periodic Inform feature.

cwmp cpe inform interval enable

By default, this function is disabled.

4.     (Optional.) Set the Inform interval.

cwmp cpe inform interval interval

By default, the CPE sends an Inform message to start a session every 600 seconds.

 

Scheduling a connection initiation

To connect to the ACS for configuration or software update at a scheduled time:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter CWMP view.

cwmp

N/A

3.     Schedule a connection initiation.

cwmp cpe inform time time

By default, no connection initiation has been scheduled.

 

Setting the maximum number of connection retries

The CPE retries a connection automatically when one of the following events occurs:

·     The CPE fails to connect to the ACS.

·     The connection is disconnected before the session on the connection is completed.

The CPE considers a connection attempt as having failed when the close-wait timer expires. This timer starts when the CPE sends an Inform request. If the CPE fails to receive a response before the timer expires, the CPE resends the Inform request.

To set the maximum number of connection retries that the CPE can make:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter CWMP view.

cwmp

N/A

3.     Set the maximum number of connection retries.

cwmp cpe connect retry retries

By default, the CPE retries a failed connection until the connection is established.

 

Setting the close-wait timer

The close-wait timer specifies the amount of time the connection to the ACS can be idle before it is terminated. The CPE terminates the connection to the ACS if no traffic is transmitted before the timer expires.

The timer also specifies the maximum amount of time the CPE waits for the response to a session request. The CPE determines that its session attempt has failed when the timer expires.

To set the close-wait timer for the CPE:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter CWMP view.

cwmp

N/A

3.     Set the close-wait timer.

cwmp cpe wait timeout seconds

By default, the close-wait timer is 30 seconds.

 

Enabling NAT traversal for the CPE

For the connection request initiated from the ACS to reach the CPE, you must enable NAT traversal feature on the CPE when a NAT gateway resides between the CPE and the ACS.

The NAT traversal feature complies with RFC 3489 Simple Traversal of UDP Through NATs (STUN). The feature enables the CPE to discover the NAT gateway, and obtain an open NAT binding (a public IP address and port binding) through which the ACS can send unsolicited packets. The CPE sends the binding to the ACS when it initiates a connection to the ACS. For the connection requests sent by the ACS at any time to reach the CPE, the CPE maintains the open NAT binding.

 

 

NOTE:

Connection requests initiated from the CPE can reach the ACS through a NAT gateway without NAT traversal.

 

To enable NAT traversal on the CPE:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter CWMP view.

cwmp

N/A

3.     Enable NAT traversal.

cwmp cpe stun enable

By default, NAT traversal is disabled on the CPE.

 

Specifying an SSL client policy for HTTPS connection to ACS

CWMP uses HTTP or HTTPS for data transmission. If the ACS uses HTTPS for secure access, its URL begins with https://. You must configure an SSL client policy for the CPE to authenticate the ACS for HTTPS connection establishment. For more information about configuring SSL client policies, see Security Configuration Guide.

To specify an SSL client policy for the CPE to establish an HTTPS connection to the ACS:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter CWMP view.

cwmp

N/A

3.     Specify an SSL client policy.

ssl client-policy policy-name

By default, no SSL client policy is specified.

 

Displaying and maintaining CWMP

Execute display commands in any view.

 

Task

Command

Display CWMP configuration.

display cwmp configuration

Display the current status of CWMP.

display cwmp status

 

CWMP configuration example

Network requirements

As shown in Figure 3, use the ACS to bulk-configure the devices (CPEs), and assign ACS attributes to the CPEs from the DHCP server.

The configuration files for the devices in equipment rooms A and B are configure1.cfg and configure2.cfg, respectively.

Figure 3 Network diagram

 

Table 4 shows the ACS attributes for the CPEs to connect to the ACS.

Table 4 ACS attributes

Item

Setting

Preferred ACS URL

http://10.185.10.41:9090

ACS username

admin

ACS password

12345

 

Table 5 lists serial numbers of the CPEs.

Table 5 CPE list

Room

Device

Serial number

A

Device A

210231A95YH10C000045

Device B

210235AOLNH12000010

Device C

210235AOLNH12000015

B

Device D

210235AOLNH12000017

Device E

210235AOLNH12000020

Device F

210235AOLNH12000022

 

Configuration procedure

Configuring the ACS

For more information, see the documents for the ACS.

Configuring the DHCP server

In this example, an H3C device is operating as the DHCP server.

1.     Configure an IP address pool to assign IP addresses and DNS server address to the CPEs. This example uses subnet 10.185.10.0/24 for IP address assignment.

# Enable DHCP.

<DHCP_server> system-view

[DHCP_server] dhcp enable

# Enable DHCP server on VLAN-interface 1.

[DHCP_server] interface vlan-interface 1

[DHCP_server-Vlan-interface1] dhcp select server

[DHCP_server-Vlan-interface1] quit

# Exclude the DNS server address 10.185.10.60 and the ACS IP address 10.185.10.41 from dynamic allocation.

[DHCP_server] dhcp server forbidden-ip 10.185.10.41

[DHCP_server] dhcp server forbidden-ip 10.185.10.60

# Create DHCP address pool 0.

[DHCP_server] dhcp server ip-pool 0

# Assign subnet 10.185.10.0/24 to the address pool, and specify the DNS server address 10.185.10.60 in the address pool.

[DHCP_server-dhcp-pool-0] network 10.185.10.0 mask 255.255.255.0

[DHCP_server-dhcp-pool-0] dns-list 10.185.10.60

2.     Configure DHCP Option 43 to contain the ACS URL, username, and password in hexadecimal format.

[DHCP_server-dhcp-pool-0] option 43 hex 013B687474703A2F2F6163732E64617461626173653A393039302F616373207669636B79203132333435

Configuring the DNS server

Map http://acs.database:9090 to http://10.185.1.41:9090 on the DNS server. For more information about DNS configuration, see DNS server documentation.

Connecting the CPEs to the network

# Connect the CPEs to the network, and then power on the CPEs. (Details not shown.)

At startup, the CPEs obtain the IP address and ACS information from the DHCP server to initiate a connection to the ACS. After the connection is established, the CPEs interact with the ACS to complete autoconfiguration.

Verifying the configuration

Verify that the CPEs have obtained the correct configuration file from the ACS.

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网