This section describes how to set IP address information for using the LMT to log in to the U2000 or base station.
3.1 Logging In to and Exiting the LMT
You can log in to the local maintenance terminal (LMT) to manage the base station locally.
After the operation and maintenance (OM) channel between the base station and the U2000 server is established, you can also use the U2000 client to log in to the base station.
Prerequisites
Before using the LMT, install the JAVA Platform Standard Edition Runtime Environment (JRE) plug-in on the computer where the LMT is installed. The JRE plug-in is a standard Java runtime environment plug-in, which can be downloaded from http://java.com/.
l If the plug-in is not installed on the computer, the system displays the message "Java plug-in is not found. If the Java plug-in is not installed, please download and install the recommended Java plug-in."
l If the installed plug-in is not the compatible version, the system displays the message
"The recommended version of the Java plug-in is x.x.x.xx, but the installed version is x.x.x.xx now, it may be incompatible with WebLMT. Please download and install the recommended Java plug-in."
NOTE
l x.x.x.xx indicates the version of the installed JRE plug-in.
l If the LMT of SRAN7.0 and that of a later version are used simultaneously, JRE 1.6.0.27 is recommended.
l To solve problems about installing or using Java plug-in, follow instructions provided in 9.33 Help for Installing and Using the Java Plug-in.
l If the Java Update Needed dialog box is displayed when you log in to the LMT, preferentially click Update to install the latest Java version.
l If you cannot log in to the LMT after the plug-in is upgraded to the latest version, restart the browser and then log in.
Context
l LMT users are categorized into local users and element management system (EMS) users. For details, see 3.2.1 Concepts Related to Rights Management.
l A maximum of six local users and EMS users can log in to the LMT at the same time.
NOTE
When the BBU3900 is configured with the LMPT, a maximum of four local users and EMS users can log in to the LMT at the same time.
l HTTPS connection is the default policy for logging in to the LMT. Specifically, when you enter an HTTP URL in a web browser to log in to the LMT, the HTTP request automatically changes to an HTTPS request.
l Login in to the LMT over HTTPS requires configuration of digital certificates.
– The operator-issued certificate, device certificate of a base station, and preconfigured certificate on the LMT have descending priorities.
– The preconfigured certificate on the LMT is used only for initial secure access and is inadequate to ensure security. The operator-issued certificate is preferred.
– If an operator has deployed a PKI system on the live network, secure base station deployment by PnP is recommended and the operator-issued certificate must be obtained prior to access.
l If the colors cannot be displayed in the main window of the LMT, see 9.4 How to Handle Incorrect Display of Colors of the LMT Main Window.
CAUTION
When the LMT is running, do not change the system time or time zone of an LMT PC.
Otherwise, a critical fault may occur in the system. If the system time or time zone has to be changed, perform the operation after the LMT exits.
NOTICE
l When the LMT uses the Firefox browser and Block pop-up windows is selected, you will fail to log in to the LMT. To avoid this problem, open a web page using the Firefox browser. On the web page, choose Tools > Options from the menu bar. On the Options window, under Content, clear Block pop-up windows check box.
l The refresh function of the browser cannot be used on the LMT. If you use the refresh function in the LMT main window, the LMT is logged out. If you use the refresh function on the monitor window, an error occurs in the script.
l When the LMT is used in Internet Explorer, do not change the properties of the cache file folder. Otherwise, Internet Explorer is automatically refreshed, and therefore, an error occurs in the LMT main window.
l If you choose Start > Run to start File Transfer Protocol (FTP) services, the LMT main window is replaced with the login dialog box of the FTP server. To avoid this problem, choose Tools > Internet Options from the Internet Explorer menu bar. On the
Advanced tab page, under Browse, clear the Reuse windows for launching shortcuts check box.
l Before you use the LMT to upgrade or roll back a base station, clear the browser's buffer and cookies.
l If you press ALT+<---, the LMT main window may experience an error. In this case, press ALT+---> to restore the window settings. If the window settings cannot be restored, close the browser and log in to the LMT again.
l The default policy to log in to the LMT can be specified by the WebLMT Login Policy parameter in the SET WEBLOGINPOLICY command. The parameter can be set to any of the following values. (1) COMPATIBLE(Compatible): Either HTTP or HTTPS can be used to log in to the LMT. (2) HTTPS_ONLY(Https_only): Only HTTPS can be used to log in to the LMT. (3) LOGIN_HTTPS_ONLY(Login_https_only): When HTTP is used to log in to the LMT, HTTP is changed to HTTPS before login, then HTTPS returns to HTTP after login. Data over HTTP is transmitted in plaintext and prone to disclosure. Therefore, the value HTTPS_ONLY(Https_only) is recommended.
l If the WebLMT Login Policy parameter is set to HTTPS_ONLY(Https_only) but login by HTTP is configured on the U2000, login to the LMT in U2000 proxy mode does not work.
l The password status will be checking when you log in to the LMT. You can set whether the LMT to force the user to change the password on first login by running the SET PWDPOLICY command.
l The TLS/SSL version of the web browser and JRE must be set to the same value as the TLS/SSL Version configured using the SET SSLCONF command. Otherwise, the LMT login page cannot be opened using the web browser or the LMT that you have logged in to cannot work properly.
Procedure
l To use the LMT to log in to the base station, perform the following steps:
a. Connect the LMT to the base station.
n Wired connection:
The network port on the PC where the LMT application is installed can connect to the GTMUb, WMPT or LMPT board in the BBU3900 through a crossover cable or
straight-through cable and can connect to the UMPT board in the BBU3900 through a USB-to-Ethernet adaption cable, as shown in Table 3-1 and Figure 3-1.
Table 3-1 Cable connections
Cable Port
Crossover cable/
Straight-through cable
ETH port on the GTMUb, LMPT or WMPT
USB-Ethernet adaption cable
USB port on the UMPT
Figure 3-1 Connection between the computer where the LMT is installed and the BBU3900
(1) BBU3900 (2) Crossover cable, Straight-through cable, or USB-to-Ethernet adaption cable
(3) Computer where the LMT is installed
n Wireless connection (applicable only to the BBU3910A)
(1) BBU3910A (2) Computer where the LMT is installed
n If the computer where the LMT is installed is configured with a WLAN wireless network adapter and the local wireless access point device is enabled on the base station (by running the SET LOCALWAP command with Switch set to the default value ON(On)), the computer can be connected to the base station through the local wireless access point device as long as the base station transmits WLAN signals:
○ If the OMCH works properly, the base station by default disables WLAN signals. To enable the LMT PC to connect the base station through a local wireless access point device, run the SET LOCALWAPSW command on the U2000 with Enable Switch set to ENABLE(ENABLE) and Enable Elapse Time set to an appropriate value. During the time specified by Enable Elapse Time, the base station transmits WLAN signals so that the LMT PC can connect the base station through a local wireless access point device.
○ If the OMCH is disconnected, the base station automatically transmits WLAN signals to allow for the connection. After the OMCH is recovered, the duration in which the base station continues to transmit WLAN signals is specified by AP auto disable time in the SET LOCALWAP command.
n How to configure a WLAN wireless NIC on a computer, see 9.35 How to Configure Wireless NIC on a Computer.
n The service set identifier (SSID) of the local wireless access point device is in the format of HID_XXXXXXXXXX, where XXXXXXXXXX indicates the last 10 digits in the ESN.
n The initial password of the local wireless access point device is the same as that of the LMT. The default password is hwbs@com (case-sensitive). The password can be changed using the SET LOCALWAPPWD command on the U2000.
n To ensure security, only one terminal or user can log in to the local wireless access point device at a time.
n The LMT PC can locally connect to the base station in wireless mode with the valid line of sight (LOS) being less than 10 m.
b. In the address box of the browser, enter the IP address of the main control board for local maintenance. The default maintenance IP address of the base station is 192.168.0.49 in wired login mode and 192.168.1.49 in wireless login mode.
NOTE
l For UMTS base stations:
l If the main control board UMPT is upgraded from V200R014C00 or an earlier version to V200R015C00 or a later version, use the local maintenance IP address used before the upgrade.
l If the main control board UMPT is newly delivered and the software version is V200R015C00 or a later version, use the default local maintenance IP address 192.168.0.49.
l If the ACT CFGFILE command is executed to enable minimum configuration, the local maintenance IP address is restored to 192.168.0.49.
l The local maintenance IP address cannot be the same or on the same network segment as an existing IP address used on the live network. If such a local maintenance IP address is used, it must be changed by running the SET LOCALIP command. Otherwise, information on the U2000, such as traffic statistics and CHR logs are lost when the base station is maintained both locally and remotely.
c. Click Go. The Local Maintenance Terminal login window is displayed, as shown in Figure 3-2.
After the LMT application software is successfully installed, you can log in to the LMT using either of the following methods. Figure 3-3 shows the LMT login window.
n Choose Start > All Programs > HUAWEI Local Maintenance Terminal(WEBLMT CLIENT) > Web Local Maintenance
Terminal(WEBLMT CLIENT). The Local Maintenance Terminal window is displayed.
n In the address box of the browser, enter the IP address http://127.0.0.1:822.
The Local Maintenance Terminal window is displayed.
NOTE
The service port number is 822 by default. If the service port of the local LMT is changed, the entered port number must be consistent with the changed service port.
Figure 3-2 Local Maintenance Terminal login window
NOTE
l During login, the system checks the Java version and compatibility view settings of the browser. To use the optimum LMT configurations, perform the operations as prompted.
l In the login window, you can download the default Huawei CA certificate, including the LMT predefined certificate and the predefined certificate of the U2000 proxy server. If the
predefined certificates have been replaced, the CA certificate downloaded in the login window is invalid. In this case, import the CA certificate matching the new predefined certificates.
d. Enter the user name, password, and verification code in the User name, Password, and Verification code text boxes, respectively. Set User type to Local.
NOTE
l User name is admin by default. The value of Password varies depending on scenarios:
l For newly delivered base stations of SRAN7.0SPC200 or later, the default value of Password is hwbs@com (case-sensitive).
l For base stations that are upgraded from a version earlier than SRAN7.0SPC100 to SRAN7.0SPC200 or later, the password needs to be the same as that used before the upgrade (case-sensitive).
l User name and Password must be set to those of a local user of the base station.
l Change the password after you have logged in to the LMT. For details, see Changing the password of a current user account.
l If the verification code is illegible, click Refresh to change the verification code.
e. Click Login. The LMT main window is displayed.
NOTE
If the login fails because the provided information is incorrect, click Reset and enter the correct information. If the login failure persists, check the connection between the LMT and the main control board.
l To use the U2000 client to log in to the base station, perform the following steps:
a. Set proxy server.
If the LMT is used in Internet Explorer, perform the following steps before entering the IP address:
i. Choose Tools > Internet Options from the menu bar. The Internet Options dialog box is displayed. On the Connections tab page, click LAN Settings. In the displayed LAN Settings dialog box, select Use a proxy server for your LAN in the Proxy server area, set the Address and Port Number of the U2000 client.
ii. Choose Tools > Internet Options from the menu bar. The Internet Options dialog box is displayed. On the Advanced tab page, select Use HTTP1.1 through proxy connections under HTTP 1.1 settings.
b. Enter the OM IP address of the main control board in the address box of the browser, enter the user name and password in the User name and Password text boxes, and then press Enter key. The Local Maintenance Terminal login window is displayed, as shown in Figure 3-2.
c. Enter the user name, password, and verification code in the User name, Password, and Verification code text boxes, respectively. Set User type to EMS.
NOTE
l EMS user names and passwords are authorized by the U2000 server. ei*b+@b#6Nh(tS1j is the default password for user names emscomm and emscommneteco.
l If the verification code is illegible, click Refresh to change the verification code.
l If port 8080 or 8081 is used by the U2000 agent, you need to enter the user name and password of the agent server when performing the tasks of logging in to the web LMT, tracing, monitoring, batch processing, and device maintenance. The default user name is proxyuser and the default password is Changeme_123.
d. Click Login. The LMT main window is displayed.
NOTE
If the login fails because the provided information is incorrect, click Reset and enter the correct information. If the login failure persists, check the connection between the LMT and the main control board.
l Exit the LMT.
a. Click Logout in the toolbar in the LMT main window. The Confirm dialog box is displayed.
b. Click Yes. The LMT is disconnected from the base station. A dialog box for logging in to the LMT is displayed.
c. Close the browser to exit the LMT.
----End
3.2 Managing Rights
Managing rights involves managing login accounts, user passwords, and command groups.
3.2.1 Concepts Related to Rights Management
This section describes rights control principles, command groups, user types, user rights, login passwords, and operation time limits.
Table 3-2 describes the concepts related to rights management.
Table 3-2 Concepts related to rights management
Name Description
Principles for rights control
The local maintenance terminal (LMT) operation and maintenance (OM) subsystem enables multiple users to perform operations at the same time. To ensure system security, user rights are controlled in the following aspects:
l User identity: A user must enter the correct user name and password when logging in to the LMT.
l User rights: Users of different levels are allowed to use different graphical user interface (GUI) operations and man-machine language (MML) operations.
l Operation time limit: It specifies the time during which a user can perform operations.
Name Description
Command groups The NE provides 32 command groups G_0 to G_31 Command groups G_22 to G_31 are reserved. The command groups are described as follows:
l G_0: Basic command.
This command group contains all the basic commands.
l G_1: System command.
This command group contains commands for managing NMS interfaces and other common services.
l G_2: Alarm query.
This command group contains commands for querying alarms and faults that cause the alarms.
l G_3: Alarm management.
This command group contains commands for masking alarms (faults), controlling alarm indicators, clearing alarms, enabling correlation, checking synchronization, and customizing alarm environment, as well as commands for configuring and maintaining alarms.
l G_4: Performance query.
This command group contains commands for querying performance task files, description files, measurement objects, and measurement result files.
l G_5: Performance management.
This command group contains commands for download/
uploading performance task files, uploading measurement description files, adding/deleting measurement objects, uploading/deleting measurement result object, verifying services, and other maintenance management commands.
l G_6: Device query.
This command group contains commands for querying
configuration parameters and status for slots/subracks/cabinets, boards, BBUs, and commands for querying the NE status and configuration parameters for NE names and other NE basic information.
l G_7: Device management.
This command group contains commands for managing configuration parameters for slots/subracks/cabinets, boards, BBUs, and maintaining the status of such equipment, and commands for managing NE names and other NE configuration parameters and maintaining the NE status.
l G_8: Trace query.
This command group contains commands for querying tracing tasks.
l G_9: Trace management.
This command group contains commands for managing tracing tasks, for example, creating, deleting, starting, stopping, and querying tracing tasks, and uploading tracing result files.
l G_10: Wireless query.
Name Description
This command group contains commands for querying parameter configurations for radio resources, cells, and neighboring cells, and commands for querying their status.
l G_11: Wireless management.
This command group contains commands for configuring radio resources, cells, and neighboring cells, and commands for maintaining their status.
l G_12: Transport query.
This command group contains commands for querying parameters related to IP and ATM transmission and querying the transmission status.
l G_13: Transport management.
This command group contains commands for configuring parameters related to IP and ATM transmission and maintaining the transmission status.
l G_14: Security query.
This command group contains commands for querying parameters and status of the security management functions.
l G_15: Security management.
This command group contains commands for configuring parameters and status of the security management functions and maintaining the status.
l G_16: Time query.
This command group contains commands for querying clock and clock reference sources.
l G_17: Time management.
This command group contains commands for configuring clock and clock reference sources and maintaining their status.
l G_18: Software query.
This command group contains commands for querying the transmission of files, such as license files, version files, patch files, and FTP files.
l G_19: Software management.
This command group contains commands for configuring
This command group contains commands for configuring