Enable remote access ont Huawei

1

Hey guys, I need your help, I have some ONT from Huawei HG8145v5 v1 and v2 that are losing remote access.

I have these commands but I don’t know how to apply them

  • InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.AccessControlListEnable: true
  • InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.1.Mode: 0
  • InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.1.ServicePort: HTTP,ICMP
  • InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.1.SrcPortName: ALL

could you help me how do i add these commands in GenieAcs,

I was indicated that I have to add it to the file “genieacs.yaml” but I haven’t found this file on my server yet, if anyone can help, I’ll be grateful.

2

If you don’t have this parameters in you device’s tree, you can try yo update a shallowest parameter, like InternetGatewayDevice.X_HW_Security.AclServices, or just set the value in a provision, like this:

  // Enable ACL
  declare(
    'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.AccessControlListEnable',
    { value: now },
    { value: true },
  )

  // Create ACL
  declare(
    'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.*',
    null,
    { path: 1 },
  )

  // Update created ACL parameters
  declare(
    'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.1',
    { path: now },
  )

  // Enable remote access from TELNET, HTTP, SSH, ICMP and SAMBA
  declare(
    'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.1.ServicePort',
    { value: now },
    { value: 'TELNET,HTTP,SSH,ICMP,SAMBA' },
  )

  // Set source IP to our range
  declare(
    'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.1.SrcIp',
    { value: now },
    { value: 'your-range' },
  )

  // Set source port type to WAN
  declare(
    'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.1.SrcPortType',
    { value: now },
    { value: '2' },
  )

  // Set port name to all
  declare(
    'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.1.SrcPortName',
    { value: now },
    { value: 'ALL' },
  )

  // Set mode to permit
  declare(
    'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.1.Mode',
    { value: now },
    { value: '0' },
  )
1 Like
3

Thank you Felipe,

But a doubt, could you pass me, how can I add this parameter that you informed and how can I run it so that it is applied in the ONT?

4

For sure, you need to add this in a provision in Admin > Provision.
After this you create a new Preset with the Event and Precondition you want, for exemple:
Event: 6 CONNECTION REQUEST
Precondition: Tags.webAccess <> “null”

It means that this provision will running only in CPE that have this tag in a Connection request event.

5

Do not use the script from @Felipe. It does not take into account that the instance id can change. Instance values are never guaranteed.

Use this:

const now = Date.now();
// Enable ACLs
declare(
    'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.AccessControlListEnable',
    { value: now },
    { value: true },
)

// Create the ACL
declare(
    'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.[].[SrcPortName:All]',
    { path: 1 }, {path: 1}
)

// Enable remote access from TELNET, HTTP, SSH, ICMP and SAMBA
declare(
    'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.[].[SrcPortName:All].ServicePort',
    { value: now },
    { value: 'TELNET,HTTP,SSH,ICMP,SAMBA' },
)

// Set source IP to our range
declare(
    'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.[].[SrcPortName:All].SrcIp',
    { value: now },
    { value: 'your-range' },
)

// Set source port type to WAN
declare(
    'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.[].[SrcPortName:All].SrcPortType',
    { value: now },
    { value: 2 },
)

// Set port name to all
declare(
    'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.[].[SrcPortName:All].SrcPortName',
    { value: now },
    { value: 'ALL' },
)

// Set mode to permit
declare(
    'InternetGatewayDevice.X_HW_Security.AclServices.AccessControl.List.[].[SrcPortName:All].Mode',
    { value: now },
    { value: 0 },
)
6

Sorry, I forgot this.