HP FlexFabric 7900 Series Configuration Manual
  1. Manuals
  2. Brands
  3. HP Manuals
  4. Switch
  5. FlexFabric 7900 Series
  6. Configuration manual
HP FlexFabric 7900 Series Configuration Manual

HP FlexFabric 7900 Series Configuration Manual

Hide thumbs Also See for FlexFabric 7900 Series:
Table of Contents

Advertisement

Quick Links

Download this manual
HP FlexFabric 7900 Switch Series
Fundamentals

Configuration Guide

Part number: 5998-4279
Software version: Release 2109
Document version: 6W100-20140122

Advertisement

Table of Contents
loading

Related Manuals for HP FlexFabric 7900 Series

Summary of Contents for HP FlexFabric 7900 Series

  • Page 1: Configuration Guide

    HP FlexFabric 7900 Switch Series Fundamentals Configuration Guide Part number: 5998-4279 Software version: Release 2109 Document version: 6W100-20140122...
  • Page 2 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Contents Using the CLI ································································································································································ 1   CLI views ············································································································································································ 1   Entering system view from user view ······················································································································ 2   Returning to the upper-level view from any view ·································································································· 2   Returning to user view ·············································································································································· 2   Accessing the CLI online help ·········································································································································· 2  ...
  • Page 4 Controlling user access ·············································································································································· 37   FIPS compliance ····························································································································································· 38   Controlling Telnet/SSH logins ······································································································································ 38   Configuration procedures ····································································································································· 38   Configuration example ········································································································································· 38   Controlling SNMP access·············································································································································· 39   Configuration procedure ······································································································································ 39   Configuration example ········································································································································· 40  ...
  • Page 5 Changing to another user account ······················································································································ 71   Maintaining and troubleshooting the FTP connection ······················································································· 72   Terminating the FTP connection ··························································································································· 72   Displaying command help information ··············································································································· 72   Displaying and maintaining FTP client ························································································································· 72   FTP client configuration example in standalone mode ······························································································· 73  ...
  • Page 6 Upgrading software ··················································································································································· 95   Overview ········································································································································································· 95   Software types ······················································································································································· 95   Software file naming conventions ························································································································ 96   Comware image redundancy and loading procedure ····················································································· 96   System startup process ·········································································································································· 97   Upgrade methods ·························································································································································· 97  ...
  • Page 7   HTTP server configuration guidelines ················································································································ 136   TFTP server configuration guidelines ················································································································· 137   Support and other resources ·································································································································· 138   Contacting HP ······························································································································································ 138   Subscription service ············································································································································ 138   Related information ······················································································································································ 138   Documents ···························································································································································· 138  ...

  • Page 8: Using The Cli

    Using the CLI At the command-line interface (CLI), you can enter text commands to configure, manage, and monitor your device. Figure 1 CLI example You can use different methods to log in to the CLI, including through the console port, Telnet, and SSH. For more information about login methods, see "Login overview."...

  • Page 9: Entering System View From User View

    You are placed in user view immediately after you log in to the CLI. The user view prompt is <Device-name>, where Device-name indicates the device name. The device name is Sysname by default. You can change it by using the sysname command. In user view, you can do the following: Perform basic operations including display, debug, file management, FTP, Telnet, clock setting, and •...

  • Page 10: Using The Undo Form Of A Command

    Enter a question mark at a view prompt to display the first keyword of every command available in • the view. For example: <Sysname> ? User view commands: archive Archive configuration backup Backup the startup configuration file to a TFTP server boot-loader Set boot loader …...

  • Page 11: Entering A Command

    For example, the info-center enable command enables the information center. The undo info-center enable command disables the information center. Entering a command When you enter a command, you can do the following: Use keys or hotkeys to edit the command line. •...

  • Page 12: Abbreviating Commands

    Space. • A specific argument might have more requirements. For more information, see the relevant command reference. To enter a printable character, you can enter the character or its ASCII code (in the range of 32 to 126). Abbreviating commands You can enter a command line quickly by entering incomplete keywords that uniquely identify the complete command.

  • Page 13: Configuring And Using Command Hotkeys

    Configuring and using command hotkeys The system defines the hotkeys shown in Table 2 and provides five configurable command hotkeys. Pressing a command hotkey is the same as entering a command. If a hotkey is also defined by the terminal software you are using to interact with the device, the terminal software definition takes effect.

  • Page 14: Enabling Redisplaying Entered-But-Not-Submitted Commands

    Hotkey Function Esc+F Moves the cursor forward one word. Esc+N Moves the cursor down one line. This hotkey is available before you press Enter. Esc+P Moves the cursor up one line. This hotkey is available before you press Enter. Esc+< Moves the cursor to the beginning of the clipboard.

  • Page 15: Using The Command History Function

    Using the command history function The system automatically saves commands successfully executed by a login user to two command history buffers: • Command history buffer for the user line. Command history buffer for all user lines. • Table 4 Comparison between the two types of command history buffers Command history buffer for all Item Command history buffer for a user line...

  • Page 16: Pausing Between Screens Of Output

    Pausing between screens of output The system automatically pauses after displaying a screen if the output is too long to fit on one screen. You can use the keys described in "Output controlling keys" to display more information or stop the display.

  • Page 17: Filtering The Output From A Display Command

    # Display information about VLAN 999, numbering each output line. <Sysname> display vlan 999 | by-linenum VLAN ID: 999 VLAN type: Static Route interface: Configured IP address: 192.168.2.1 Subnet mask: 255.255.255.0 Description: For LAN Access Name: VLAN 0999 Tagged ports: None Untagged ports: FortyGigE1/0/1...
  • Page 18 Characters Meaning Examples "(string)\1" matches a string containing "stringstring". Matches the preceding strings in "(string1)(string2)\2" matches a string containing parentheses, with the Nth string "string1string2string2". repeated once. "(string1)(string2)\1\2" matches a string containing " string1string2string1string2". "[16A]" matches a string containing 1, 6, or A; "[1-36A]"...

  • Page 19: Saving The Output From A Display Command To A File

    Characters Meaning Examples Escape character. If a special "\\" matches a string containing "\", "\^" character listed in this table follows \, matches a string containing "^", and "\\b" the specific meaning of the character is matches a string containing "\b". removed.
  • Page 20 Use one of the following methods to save the output from a display command: • Save the output to a separate file. Use this method if you want to use one file for a single display command. Append the output to the end of a file. Use this method if you want to use one file for multiple •...

  • Page 21: Viewing And Managing The Output From A Display Command Effectively

    Untagged ports: FortyGigE1/0/1 Viewing and managing the output from a display command effectively You can use the following measures in combination to filter and manage the output from a display command: Numbering each output line from a display command • Filtering the output from a display command •...

  • Page 22: Login Overview

    Login overview The first time you access the device, you can log in to the CLI of the device through the console port. After login, you can change console login parameters, or configure other access methods, including Telnet, SSH, and SNMP. The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements.

  • Page 23: Logging In Through The Console Port For The First Device Access

    Logging in through the console port for the first device access The first time you access the device, you can only log in to the CLI through the console port. To log in through the console port, prepare a console terminal (for example, a PC) and make sure the console terminal has a terminal emulation program, for example, HyperTerminal in Windows XP.
  • Page 24 Select System Tools > Device Manager from the navigation tree. Select Ports (COM & LPT) from the right pane. Figure 4 Creating a connection Figure 5 Specifying the serial port used to establish the connection...
  • Page 25 Power on the device and press Enter as prompted. Figure 7 Device CLI At the default user view prompt <HP>, enter commands to configure the device or to view the running status of the device. To get help, enter ?.

  • Page 26: Logging In To The Cli

    Logging in to the CLI By default, you can log in to the CLI through the console port. After you log in, you can configure other login methods, including Telnet, and SSH. To prevent illegal access to the CLI and control user behavior, you can configure login authentication, assign user roles, configure command authorization and command accounting, and use ACLs to filter unauthorized logins.

  • Page 27: Login Authentication Modes

    A relative number uniquely identifies a user line among all user lines that are the same type. The number format is user line type + number. Both the types of user lines are numbered starting from 0 and incrementing by 1. For example, the first VTY line is VTY 0. Login authentication modes You can configure login authentication to prevent illegal access to the device CLI.

  • Page 28: Logging In Through The Console Port Locally

    Telnet login is not supported in FIPS mode. Logging in through the console port locally You can connect a terminal to the console port of the device to log in and manage the device, as shown Figure 8. For the login procedure, see "Logging in through the console port for the first device access."...

  • Page 29: Configuring Password Authentication For Console Login

    Step Command Remarks Disable By default, authentication is disabled for the authentication-mode none authentication. AUX line. Assign a user By default, an AUX line user is assigned the user-role role-name role. user role network-admin. The next time you attempt to log in through the console port, you do not need to provide any username or password.

  • Page 30: Configuring Common Aux Line Settings

    Step Command Remarks Use either command. A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. A non-default setting in either view takes •...
  • Page 31 Step Command Remarks Use either command. A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. A non-default setting in either view takes •...

  • Page 32: Logging In Through Telnet

    Remarks By default, the terminal display type is ANSI. The device supports two terminal display types: ANSI and VT100. HP recommends Specify the that you set the display type to VT100 on terminal display terminal type { ansi | vt100 } both the device and the configuration type.
  • Page 33 Task Remarks (Optional.) Setting the maximum number of concurrent Telnet users (Optional.) Setting the DSCP value for outgoing Telnet packets (Optional.) Configuring common VTY line settings The Telnet login configuration is effective only for users who log in after the configuration is completed. Disabling authentication for Telnet login Step Command...

  • Page 34: Configuring Password Authentication For Telnet Login

    Figure 9 Telnetting to the device without authentication Configuring password authentication for Telnet login Step Command Remarks Enter system view. system-view By default, the Telnet server function is Enable Telnet server. telnet server enable disabled. Use either command. A setting in user line view is applied only to the user line.

  • Page 35: Configuring Scheme Authentication For Telnet Login

    Step Command Remarks (Optional.) Assign a By default, a VTY line user is assigned user-role role-name user role. the user role network-operator. The next time you attempt to Telnet to the device, you must provide the configured login password, as shown in Figure 10.
  • Page 36 Step Command Remarks By default, password authentication is enabled for VTY lines. In VTY line view, this command is associated with the protocol inbound Enable scheme authentication-mode scheme command. If you specify a non-default authentication. value for only one of the two commands in VTY line view, the other command uses the default setting, regardless of the setting in VTY line class view.
  • Page 37 Setting the DSCP value for outgoing Telnet packets The DSCP value is carried in the ToS/Traffic class field of an IP packet, and it indicates the transmission priority of the packet. To set the DSCP value for outgoing Telnet packets: Step Command Remarks...

  • Page 38: Using The Device To Log In To A Telnet Server

    Step Command Remarks By default, both Telnet and SSH are supported. This configuration is effective only for users who log in to the user lines after the configuration is completed. Specify the protocols protocol inbound { all | ssh In VTY line view, this command is associated for the user lines to | telnet } with the authentication-mode command.

  • Page 39: Logging In Through Ssh

    Step Command Remarks Enter system view. system-view By default, no source IPv4 address or source interface is (Optional.) Specify the telnet client source { interface specified, and the primary IPv4 source IPv4 address or interface-type interface-number | ip address of the outbound source interface for ip-address } interface is used as the source...
  • Page 40 Step Command Remarks • In non-FIPS mode: ssh user username service-type stelnet authentication-type { password | { any | password-publickey | (Optional.) Create an publickey } assign SSH user and specify By default, no SSH user is configured on the publickey keyname } the authentication device.

  • Page 41: Using The Device To Log In To An Ssh Server

    Step Command Remarks In non-FIPS mode, both Telnet and SSH are supported by default. In FIPS mode, SSH is supported by default. This configuration takes effect only for users • In non-FIPS mode: who log in to the user lines after the protocol inbound { all | ssh (Optional.) Specify configuration is completed.

  • Page 42: Displaying And Maintaining Cli Login

    Displaying and maintaining CLI login Execute display commands in any view and the other commands in user view. Task Command Remarks Display online CLI user display users [ all ] information. Display user line display line [ num1 | { aux | vty } information.

  • Page 43: Accessing The Device Through Snmp

    Accessing the device through SNMP You can run SNMP on an NMS to access the device MIB and perform Get and Set operations to manage and monitor the device. Figure 14 SNMP access diagram Get/Set requests Get/Set responses Agent and Traps The device supports SNMPv1, SNMPv2c, and SNMPv3, and can work with various network management software products, including IMC.

  • Page 44: Configuring Snmpv1 Or Snmpv2C Access

    Configuring SNMPv1 or SNMPv2c access Step Command Remarks Enter system view. system-view Enable the SNMP By default, the SNMP agent is snmp-agent agent. disabled. By default, the device has four views, all of which are named ViewDefault: • View 1 includes MIB subtree iso.

  • Page 45: Fips Compliance

    FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. Telnet and HTTP are not supported in FIPS mode. Controlling Telnet/SSH logins Use basic ACLs (2000 to 2999) to filter Telnet and SSH logins by source IP address.

  • Page 46: Controlling Snmp Access

    Figure 15 Network diagram Configuration procedure # Configure an ACL to permit packets sourced from Host A and Host B. <Sysname> system-view [Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit # Apply the ACL to filter Telnet logins.

  • Page 47: Configuration Example

    Step Command Remarks • SNMP community: snmp-agent community { read | write } [ simple | cipher ] community-name [ mib-view view-name ] [ acl acl-number ] * • SNMPv1/v2c group: snmp-agent group { v1 | v2c } group-name [ read-view view-name ] [ write-view view-name ] [ notify-view For more view-name ] [ acl acl-number ] *...

  • Page 48: Configuring Command Authorization

    [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit # Associate the ACL with the SNMP community and the SNMP group. [Sysname] snmp-agent community read aaa acl 2000 [Sysname] snmp-agent group v2c groupa acl 2000 [Sysname] snmp-agent usm-user v2c usera groupa acl 2000 Configuring command authorization By default, commands are available for a user depending only on that user's user roles.

  • Page 49: Configuration Example

    Step Command Remarks By default, authentication is disabled for the AUX line and password authentication is enabled for the VTY line. In VTY line view, this command is Enable scheme associated with the protocol inbound authentication-mode scheme authentication. command. If you specify a non-default value for only one of the two commands in VTY line view, the other command uses the default setting, regardless of the setting in...
  • Page 50 [Device-line-vty0-63] authentication-mode scheme # Enable command authorization for the user lines. [Device-line-vty0-63] command authorization [Device-line-vty0-63] quit # Configure an HWTACACS scheme that does the following: • Uses the HWTACACS server at 192.168.2.20:49 for authentication and authorization. In this example, the HWTACACS server provides authentication and authorization services at port 49. Uses the shared key expert.

  • Page 51: Configuring Rbac

    Configuring RBAC Role based access control (RBAC) controls user access to commands and resources based on user role. This chapter describes the basic idea of RBAC and guides you through the RBAC configuration procedure. Overview On devices that support multiple users, RBAC is used to assign command and resource access permissions to user roles that are created for different job functions.
  • Page 52 A user role can access the set of permitted commands specified in its rules. The user role rules include predefined (identified by sys-n) and user-defined user role rules. If two user-defined rules of the same type conflict, the one with higher number takes effect. For •...

  • Page 53: Assigning User Roles

    User role name Permissions • level-0—Has access to diagnostic commands, including ping, quit, ssh2, super, system-view, telnet, and tracert. Level-0 access rights are configurable. • level-1—Has access to the display commands (except display history-command all) of all features and resources in the system, in addition to all access rights of the user role level-0.

  • Page 54: Fips Compliance

    FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. Configuration task list Tasks at a glance (Required.) Creating user roles...

  • Page 55: Configuring Feature Groups

    If two user-defined rules of a user role conflict, the one with a higher ID takes effect. For level-0 to level- 1 4 user roles, if a predefined user role rule and a user-defined user role rule conflict, the user-defined user role rule takes effect. Any rule modification, addition, or removal for a user role takes effect only on users who are logged in with the user role after the change.

  • Page 56: Changing Resource Access Policies

    Changing resource access policies Every user role has one interface policy and VLAN policy. By default, these policies permit user roles to access any interface and VLAN. You can change the policies of user-defined user roles and the predefined level-n user roles to limit their access to interfaces and VLANs. A changed policy takes effect only on users who are logged in with the user role after the change.

  • Page 57: Enabling The Default User Role Function

    Enabling the default user role function An AAA authentication user must have at least one user role to log in to the device. The default user role function assigns the network-operator user role to a local or remote AAA authenticated user if the AAA server has not authorized the user to use any user roles.

  • Page 58: Assigning User Roles To Non-Aaa Authentication Users On User Lines

    Step Command Remarks Repeat this step to assign the user to up to 64 user roles. Authorize the user to have a authorization-attribute user-role By default, network-operator is user role. role-name assigned to local users created by a network-admin or level-15 user. Assigning user roles to non-AAA authentication users on user lines Specify user roles for the following two types of login users on the user lines:...
  • Page 59 To enable users to obtain temporary user roles, you must configure user role authentication. Table • describes the available authentication modes and configuration requirements. Local password authentication is available for all user roles, but remote AAA authentication is • available only for level-n user roles. If HWTACACS authentication is used, use a user account that has the target user role level or a user role level higher than the target user role.

  • Page 60: Configuring User Role Authentication

    Configuring user role authentication Step Command Remarks Enter system view. system-view Set an authentication super authentication-mode By default, local-only authentication applies. mode. { local | scheme } * • In non-FIPS mode: Use this step for local password authentication. super password [ role Set a local rolename ] [ { hash | By default, no password is configured.

  • Page 61: Rbac Configuration Examples

    RBAC configuration examples RBAC configuration example for local AAA authentication users Network requirements The switch in Figure 18 performs local AAA authentication for the Telnet user at 192.168.1.58. This Telnet user has the username user1@bbb and is assigned the user role role1. Configure role1 to have the following permissions: •...

  • Page 62: Rbac Configuration Example For Radius Authentication Users

    [Switch-role-role1] vlan policy deny [Switch-role-role1-vlanpolicy] permit vlan 10 to 20 [Switch-role-role1-vlanpolicy] quit [Switch-role-role1] quit # Create a device management user named user1 and enter its view. [Switch] local-user user1 class manage # Set a plaintext password aabbcc for the user. [Switch-luser-manage-user1] password simple aabbcc # Set the service type to Telnet.
  • Page 63 Performs read and write commands of the features arp and radius. • • Has no access to read commands of the feature acl. Configures VLANs 1 to 20 and interfaces FortyGigE 1/0/1 to FortyGigE 1/0/24. • The switch and the FreeRADIUS server use the shared key expert and authentication port 1812. The switch delivers usernames with their domain names to the server.
  • Page 64 IMPORTANT: Because RADIUS user authorization information is piggybacked in authentication responses, the authentication and authorization methods must use the same RADIUS scheme. [Switch] domain bbb [Switch-isp-bbb] authentication login radius-scheme rad [Switch-isp-bbb] authorization login radius-scheme rad [Switch-isp-bbb] quit # Create the feature group fgroup1. [Switch] role feature-group name fgroup1 # Add the features arp and radius to the feature group.

  • Page 65: Rbac Configuration Example For Hwtacacs Authentication Users

    Verifying the configuration # Telnet to the switch, and enter the username and password to access the switch. (Details not shown.) # Verify that you can use all commands available in ISP view. <Switch> system-view [Switch] domain abc [Switch-isp-abc] authentication login radius-scheme abc [Switch-isp-abc] quit # Verify that you can use all read and write commands of the features radius and arp.
  • Page 66 Figure 20 Network diagram Configuration procedure Configure the switch: # Assign an IP address to VLAN-interface 2, the interface connected to the Telnet user. <Switch> system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Assign an IP address to VLAN-interface 3, the interface connected to the HWTACACS server. [Switch] interface vlan-interface 3 [Switch-Vlan-interface3] ip address 10.1.1.2 255.255.255.0 [Switch-Vlan-interface3] quit...
  • Page 67 # Configure ISP domain bbb to use local authorization for login users. [Switch-isp-bbb] authorization login local # Apply the HWTACACS scheme hwtac to the ISP domain. [Switch-isp-bbb] authentication super hwtacacs-scheme hwtac [Switch-isp-bbb] quit # Create a device management user named test and enter its view. Set the service type to Telnet, and set the password to aabbcc.
  • Page 68 Figure 21 Configuring advanced TACACS+ settings Verifying the configuration Telnet to the switch, and enter the username test@bbb and password aabbcc to access the switch. Verify that you have access to diagnostic commands. <Switch> telnet 192.168.1.70 Trying 192.168.1.70 ... Press CTRL+K to abort Connected to 192.168.1.59 ...

  • Page 69: Troubleshooting Rbac

    ssh2 Establish a secure shell client connection super Switch to a user role system-view Enter the System View telnet Establish a telnet connection tracert Tracert function <Switch> Obtain the level-3 user role: # Use the super password to obtain the level-3 user role. When the system prompts for a username and password, enter the username test@bbb and password enabpass.

  • Page 70: Login Attempts By Radius Users Always Fail

    Login attempts by RADIUS users always fail Symptom Attempts by a RADIUS user to log in to the network access device always fail, even though the network access device and the RADIUS server can communicate with one another and all AAA settings are correct.

  • Page 71: Configuring Ftp

    Configuring FTP File Transfer Protocol (FTP) is an application layer protocol based on the client/server model. It is used to transfer files from one host to another over an IP network. FTP server uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959.

  • Page 72: Configuring Basic Parameters

    Configuring basic parameters Step Command Remarks Enter system view. system-view Enable the FTP server. ftp server enable By default, the FTP server is disabled. (Optional.) Use an ACL to By default, no ACL is used for access control access to the FTP ftp server acl acl-number control.

  • Page 73: Manually Releasing Ftp Connections

    Manually releasing FTP connections Task Command Manually release FTP connections. free ftp user username Displaying and maintaining the FTP server Execute display commands in any view. Task Command Display FTP server configuration and status information. display ftp-server Display detailed information about online FTP users. display ftp-user FTP server configuration example in standalone mode Network requirements...
  • Page 74 [Sysname-luser-manage-abc] authorization-attribute user-role network-admin work-directory flash:/ # Assign the service type FTP to the user. [Sysname-luser-manage-abc] service-type ftp [Sysname-luser-manage-abc] quit NOTE: If the password control feature is configured, the password must meet the password requirements Security Configuration Guide defined by the feature. For more information, see # Enable the FTP server.

  • Page 75: Ftp Server Configuration Example In Irf Mode

    ftp> put temp.bin # Exit FTP. ftp> bye FTP server configuration example in IRF mode Network requirements As shown in Figure 24, a two-chassis IRF fabric has two MPUs. The global active MPU is in slot 0 of the master. The global standby MPU is in slot 0 of the subordinate member. On the device, create a local user account with the username abc and password 123456 and enable the FTP server function.

  • Page 76: Using The Device As An Ftp Client

    NOTE: If the password control feature is configured, the password must meet the password requirements Security Configuration Guide defined by the feature. For more information, see # Enable the FTP server. [Sysname] ftp server enable [Sysname] quit Perform FTP operations from the FTP client: # Log in to the FTP server at 1.1.1.1 using the username abc and password 123456.

  • Page 77: Managing Directories On The Ftp Server

    Step Command Remarks • (Method 1) Log in to the FTP server directly in user view: ftp [ ftp-server [ service-port ] [ dscp Use either method. dscp-value | source { interface interface-type interface-number | ip The source IP address source-ip-address } ] ] * specified in the ftp command Log in to the FTP server.

  • Page 78: Changing To Another User Account

    Task Command Remarks • Display the detailed information of a directory or file on the FTP server: dir [ remotefile Display directory or file [ localfile ] ] information on the FTP server. • Display the name of a directory or file on the FTP server: ls [ remotefile [ localfile ] ] Delete the specified file on the...

  • Page 79: Maintaining And Troubleshooting The Ftp Connection

    Maintaining and troubleshooting the FTP connection Task Command Remarks Display FTP commands on the FTP rhelp server. Display FTP commands help information rhelp protocol-command on the FTP server. Display FTP server status. rstatus Display detailed information about a rstatus remotefile directory or file on the FTP server.

  • Page 80: Ftp Client Configuration Example In Standalone Mode

    Task Command Display source IP address information on the FTP client. display ftp client source FTP client configuration example in standalone mode Network requirements As shown in Figure 25, a PC acts as the FTP server. An FTP user account with the username abc and password 123456 is configured on the FTP server.

  • Page 81: Ftp Client Configuration Example In Irf Mode

    # Set the file transfer mode to ASCII. Upload the configuration file startup.cfg from the device to the PC for backup. ftp> ascii 200 TYPE is now ASCII ftp> put startup.cfg back-startup.cfg local: startup.cfg remote: back-startup.cfg 150 Connecting to port 47461 226 File successfully transferred 3494 bytes sent in 5.646 seconds (618.00 kbyte/s) ftp>...
  • Page 82 331 Give me your password, please Password: 230 Logged in successfully Remote system type is MSDOS. 200 Type is Image (Binary) # Download the file temp.bin from the PC to the Flash root directory of the global active MPU. ftp> get temp.bin local: temp.bin remote: temp.bin 150 Connecting to port 47457 226 File successfully transferred...

  • Page 83: Configuring Tftp

    Configuring TFTP Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for data transmission. In contrast to TCP-based FTP, TFTP does not require authentication or complex message exchanges, and is easier to deploy. TFTP is suited for reliable network environments.
  • Page 84 Step Command Remarks The source IP address specified in this command tftp tftp-server { get | put | sget } takes precedence over the Download or upload a file source-filename [ destination-filename ] [ dscp one set by the tftp client in an IPv4 network.

  • Page 85: Managing The File System

    Managing the file system This chapter describes how to manage the device's file system, including the storage media, directories, and files. IMPORTANT: Before managing storage media, files, and directories, make sure you know the possible impacts. • A file or directory whose name starts with a period (.) is considered a hidden file or directory. Do not •...

  • Page 86: Managing Files

    Format Description Example Specifies a file in a specific storage medium. The drive argument represents the storage medium name. flash:/test/a.cfg indicates a file named drive:/[path]/file-name a.cfg in the test folder in the root directory A storage medium is typically flash or of the MPU.

  • Page 87: Displaying File Information

    Display directory and file information. • • Display file contents. Rename, copy, move, remove, restore, delete, compress, decompress, archive, and extract files. • Calculate the digests of files for file integrity verification. • You can create a file by copying, downloading, or using the save command. For more information about downloading a file, see "Configuring FTP"...

  • Page 88: Compressing/Decompressing A File

    Task Command Move a file. move fileurl-source fileurl-dest Compressing/decompressing a file Perform the following tasks in user view: Task Command Compress a file. gzip filename Decompress a file. gunzip filename Archiving/extracting files Perform the following tasks in user view: Task Command tar create [ gz ] archive-file fileurl-dest [ verbose ] source Archive files.

  • Page 89: Deleting Files From The Recycle Bin

    Calculating the digest of a file File digests are used to verify file integrity. For example, you can calculate the digest of a software image file and compare it with that provided on the HP website to verify whether the file has been tampered with.

  • Page 90: Displaying The Current Working Directory

    Task Command Display directory or file information. dir [ /all ] [ file-url | /all-filesystems ] Displaying the current working directory Perform this task in user view. Task Command Display the current working directory. Changing the current working directory Perform this task in user view. Task Command Change the current working directory.

  • Page 91: Repairing A Storage Medium

    If you remove a storage medium while a folder or file on the storage medium is being accessed, the device might not recognize the storage medium when you reinstall it. To reinstall this kind of a storage medium, complete one of the following tasks: •...

  • Page 92: Partitioning A Usb Disk

    Restrictions and guidelines To mount/unmount a partitioned storage medium, you must mount/unmount all the partitions individually, instead of mounting/unmounting the medium as a whole. To unmount a USB disk, make sure the system has recognized the USB disk and the USB disk LED is not blinking. Otherwise, the USB interface or USB disk might be damaged.

  • Page 93: Setting The Operation Mode For Files And Folders

    Configuration procedure Perform this task in user view. Task Command Remarks fdisk medium-name By default, only one partition usb0:/ is Partition a storage medium. [ partition-number ] available on a USB disk. Setting the operation mode for files and folders The device supports the following file and folder operation modes: alert—The system prompts for confirmation when your operation might cause problems such as file •...

  • Page 94: Managing Configuration Files

    Managing configuration files You can use the CLI or the BootWare menus to manage configuration files. This chapter explains how to manage configuration files from the CLI. Overview A configuration file saves a set of commands for configuring software features on the device. You can save any configuration to a configuration file so they can survive a reboot.

  • Page 95: Startup Configuration Loading Process

    Running configuration The running configuration includes startup settings that have not been changed and new settings you made. The running configuration is stored in the memory and is cleared at a device reboot or power off. To use the running configuration after a power cycling or reboot, save it to a configuration file. To view the running configuration, use the display current-configuration command.

  • Page 96: Configuration File Formats

    If you have not specified a main startup configuration file, or the specified main startup configuration file is not available, the device searches for the backup startup configuration file. If you have not specified a backup startup configuration file, or the specified backup startup configuration file is not available, the device starts up with the default configuration file (called "factory defaults").

  • Page 97: Fips Compliance

    If a reboot or power failure occurs during the save operation, the next-startup configuration file is still retained. HP recommends that you use the safe mode if the power source is not reliable or you are remotely configuring the device.

  • Page 98: Specifying A Next-Startup Configuration File

    Task Command Remarks • In standalone mode: save file-url [ all | slot slot-number ] Save the running configuration to • In IRF mode: a configuration file. save file-url [ all | chassis chassis-number slot slot-number ] If you execute the save [ safely ] command without specifying any other keyword, the command saves the configuration to the main startup...

  • Page 99: Backing Up The Main Next-Startup Configuration File To A Tftp Server

    The undo startup saved-configuration command changes the attribute of the main or backup • next-startup configuration file to NULL instead of deleting the file. To specify a next-startup configuration file, perform the following task in user view: Task Command Remarks By default, no configuration file is specified for the next startup.

  • Page 100: Deleting A Next-Startup Configuration File

    You have read and write permissions. • To restore the main next-startup configuration file from a TFTP server: Step Command Remarks Restore the main next-startup restore startup-configuration from This command is not supported in configuration file from a TFTP src-addr src-filename FIPS mode.
  • Page 101 Task Command display current-configuration [ configuration [ module-name ] | Display the running configuration. interface [ interface-type [ interface-number ] ] ] Display the factory defaults. display default-configuration Display the contents of the configuration display saved-configuration file for the next system startup. Display names of the configuration files display startup used at this startup and the next startup.

  • Page 102: Upgrading Software

    Upgrading software This chapter describes types of software and how to upgrade software from the CLI. For a comparison of all software upgrade methods, see "Upgrade methods." Overview Software upgrade enables you to have new features and fix bugs. Before performing an upgrade, use the release notes for the new software version to verify software and hardware compatibility and evaluate upgrade impacts.

  • Page 103: Software File Naming Conventions

    Software file naming conventions Software image file names use the chassis-comware version-image type-release format, for example, 7904-CMW710-SYSTEM-R2109.bin and 7904-CMW710-BOOT-R2109.bin. This document uses boot.bin and system.bin as boot and system image file names. Comware image redundancy and loading procedure You can specify two sets of Comware software images: one main and one backup. The system always attempts to start up with the main images.

  • Page 104: System Startup Process

    System startup process Upon power-on, the BootWare image runs to initialize hardware, and then the startup software images run to start up the entire system, as shown in Figure Figure 30 System startup process Upgrade methods Upgrading method Software types Remarks •...

  • Page 105: Preparing For The Upgrade

    Download the upgrade software image file. (Optional.) Preload the BootWare image to the BootWare. If a BootWare upgrade is required, you can perform this task to shorten the subsequent upgrade time. This task helps avoid upgrade problems caused by unexpected electricity failure. If you skip this task, the device upgrades the BootWare automatically when it upgrades the startup software images.

  • Page 106: Specifying The Startup Image File And Completing The Upgrade (In Standalone Mode)

    This function examines the image (Optional.) Enable BootWare bootrom-update security-check for wrong file type, file corruption, image validity check. enable and hardware incompatibility. HP recommends enabling it to ensure a successful upgrade. Return to user view. quit • In standalone mode:...

  • Page 107: Specifying The Startup Image File And Completing The Upgrade (In Irf Mode)

    Step Command Remarks Save the running This step makes sure any configuration save configuration. you have made can survive a reboot. At startup, the MPU reads the preloaded BootWare image to RAM, loads the startup images in the file, Reboot the device. reboot and sets the images as both current software images and startup software...

  • Page 108: Restoring Or Downgrading The Bootware Image

    Step Command Remarks When you use method 3, make sure you understand the following requirements and upgrade results: • If the global active MPU started up • Method 1: with main startup images, its main boot-loader file ipe-filename startup images are synchronized to chassis chassis-number slot the standby MPU.

  • Page 109: Displaying And Maintaining Software Image Settings

    Step Command Remarks In standalone mode: • Use the BootWare image in the Backup area of BootWare for a replacement: bootrom restore slot slot-number-list • Use the BootWare image in a storage medium for a replacement: bootrom update file file-url slot slot-number-list Use one of the commands, Replace the BootWare...

  • Page 110: Software Upgrade Examples

    Software upgrade examples Software upgrade example (for standalone mode) Network requirements As shown in Figure 31, use the file 7904.ipe to upgrade software images for the device. Figure 31 Network diagram TFTP server TFTP client 2.2.2.2/24 1.1.1.1/24 Internet Device Configuration procedure # Configure IP addresses and routes.
  • Page 111 Figure 32 Network diagram Master Subordinate (Member ID = 1) (Member ID = 2) IRF link Internet 1.1.1.1/24 2.2.2.2/24 TFTP server Configuration procedure # Configure IP addresses and routes. Make sure the device and the TFTP server can reach each other. (Details not shown.) # Complete TFTP settings on both the device and the TFTP server.

  • Page 112: Managing The Device

    Enter system view. system-view Configure the device name. sysname sysname By default, the device name is HP. Setting the system time CAUTION: The system time is always restored to the default after a reboot. After rebooting the device, reconfigure the Network Management system time or configure NTP for the device.

  • Page 113: Specifying The System Time Source

    Step Command Remarks By default, the factory default UTC time is used. Set the UTC time. clock datetime time date Use this command in user view. Enter system view. system-view clock timezone zone-name { add | The default local time zone is the Set the local time zone.

  • Page 114: Configuring Banners

    Step Command Remarks Enable displaying the copyright-info enable By default, this function is enabled. copyright statement. Configuring banners Banners are messages that the system displays when a user logs in. Banner types The system supports the following banners: Legal banner—Appears after the copyright statement. To continue login, the user must enter Y or •...

  • Page 115: Configuration Procedure

    <System> system-view [System] header shell A Please input banner content, and quit with the character 'A'. Have a nice day. Please input the password.A Method 3—After you type the last command keyword, type the start delimiter and part of the banner and press Enter.

  • Page 116: Configuration Guidelines

    Schedule a reboot at the CLI, so the device automatically reboots at the specified time or after the • specified period of time. Power off and then power on the device. This method might cause data loss, and is the •...

  • Page 117: Configuration Guidelines

    You can configure a one-time schedule or a periodic schedule. A one-time schedule is not saved to the configuration file and is lost when the device reboots. A periodic schedule is saved to the startup configuration file and is automatically executed periodically. Configuration guidelines To make sure a task schedule can be executed as expected, reconfigure the system time or configure •...
  • Page 118 Step Command Remarks • Specify the execution date and Configure one command as time: required. time at time date By default, no execution time is • Specify the execution days and Specify an execution specified for a schedule. time: time table for the Executing commands clock time once at time [ month-date one-time schedule.

  • Page 119: Schedule Configuration Example

    Schedule configuration example Network requirements To save energy, configure the device to enable interfaces FortyGigE 1/0/1 and FortyGigE 1/0/2 at 8:00 a.m. every Monday through Friday and disable the interfaces at 18:00 every Monday through Friday. Figure 33 Network diagram Scheduling procedure # Enter system view.
  • Page 120 [Sysname-job-start-FortyGigE1/0/2] command 3 undo shutdown [Sysname-job-start-FortyGigE1/0/2] quit # Configure a periodic schedule for enabling the interfaces at 8:00 a.m. every Monday through Friday. [Sysname] scheduler schedule START-pc1/pc2 [Sysname-schedule-START-pc1/pc2] job start-FortyGigE1/0/1 [Sysname-schedule-START-pc1/pc2] job start-FortyGigE1/0/2 [Sysname-schedule-START-pc1/pc2] time repeating at 8:00 week-day mon tue wed thu fri [Sysname-schedule-START-pc1/pc2] quit # Configure a periodic schedule for disabling the interfaces at 18:00 every Monday through Friday.
  • Page 121 start-FortyGigE1/0/2 Successful Schedule name : STOP-pc1/pc2 Schedule type : Run on every Mon Tue Wed Thu Fri at 18:00:00 Start time : Wed Sep 28 18:00:00 2011 Last execution time : Wed Sep 28 18:00:00 2011 Last completion time : Wed Sep 28 18:00:01 2011 Execution counts ----------------------------------------------------------------------- Job name...

  • Page 122: Disabling Password Recovery Capability

    --------------------------------- Job output ----------------------------------- <Sysname>system-view System View: return to User View with Ctrl+Z. [Sysname]interface fortygige 1/0/2 [Sysname-FortyGigE1/0/2]shutdown Disabling password recovery capability Password recovery capability controls console user access to the device configuration and SDRAM from BootWare menus. This feature also determines the method for handling console login password loss. If password recovery capability is enabled, a console user can access the device configuration without authentication to configure new passwords.
  • Page 123 To monitor the CPU usage: Step Command Remarks Enter system view. system-view • In standalone mode: monitor cpu-usage enable [ slot slot-number ] Enable the CPU usage By default, the CPU usage • In IRF mode: monitoring function. monitoring function is enabled. monitor cpu-usage enable [ chassis chassis-number slot slot-number ]...

  • Page 124: Setting Memory Alarm Thresholds

    Setting memory alarm thresholds To ensure correct operation and improve memory utilization, the system monitors the amount of free memory space in real time. When a threshold is exceeded, the system generates an alarm notification or an alarm-removed notification and sends it to affected service modules or processes. As shown in Table 13 Figure...

  • Page 125: Configuring The Temperature Alarm Thresholds

    Figure 34 Memory alarm notification and alarm-removed notification Free memory space Minor alarm-removed Normal Minor Severe alarm-removed alarm Minor Critical alarm-removed Severe alarm Severe Critical alarm Critical Time To set memory alarm thresholds: Step Command Remarks Enter system view. system-view •...

  • Page 126: Verifying And Diagnosing Transceiver Modules

    Step Command Remarks Enter system view. system-view • In standalone mode: temperature-limit slot For the default settings, see Table slot-number hotspot sensor-number lowlimit The high-temperature alarming warninglimit [ alarmlimit ] threshold must be higher than the Configure the temperature • In IRF mode: high-temperature warning alarm thresholds.

  • Page 127: Diagnosing Transceiver Modules

    Task Command Remarks Display the electrical This command cannot display display transceiver manuinfo interface label information of information for some transceiver [ interface-type interface-number ] transceiver modules. modules. Diagnosing transceiver modules The device provides the alarm and digital diagnosis functions for transceiver modules. When a transceiver module fails or is not operating correctly, you can do the following: Check the alarms that exist on the transceiver module to identify the fault source.
  • Page 128 Task Command display device [ flash ] [ slot slot-number [ subslot Display hardware information. subslot-number ] | verbose ] Display the electronic label information of the device. display device manuinfo [ slot slot-number ] Display the electronic label information of a fan. display device manuinfo fan fan-id Display the electronic label information of a power display device manuinfo power power-id...
  • Page 129 Task Command display device [ flash ] [ chassis chassis-number [ slot Display hardware information. slot-number [ subslot subslot-number ] ] | verbose ] display device manuinfo [ chassis chassis-number [ slot Display the electronic label information of the device. slot-number ] ] display device manuinfo chassis chassis-number fan Display the electronic label information of a fan.

  • Page 130: Using Python

    Using Python Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.
  • Page 131 Configuration procedure # Use a text editor on the PC to edit Python script test.py as follows: #!usr/bin/python import comware comware.Transfer('tftp', '192.168.1.26', 'main.cfg', 'flash:/main.cfg') comware.Transfer('tftp', '192.168.1.26', 'backup.cfg', 'flash:/backup.cfg') comware.CLI('startup saved-configuration flash:/main.cfg main ;startup saved-configuration flash:/backup.cfg backup') # Use TFTP to download the script to the device. <Sysname>...

  • Page 132: Comware V7 Extended Python Api

    Comware V7 extended Python API The Comware V7 extended Python API is compatible with the Python syntax. Importing and using the Comware V7 extended Python API To use the Comware V7 extended Python API, you must import the API to Python. Use either of the following methods to import and use the Comware V7 extended Python API: Use import comware to import the entire API and use comware.API to execute an API.
  • Page 133 Parameters command: Specifies the commands to be executed. To enter multiple commands, use a space and a semicolon (;) as the delimiter. To enter a command in a view other than user view, you must first enter the commands used to enter the view. For example, you must enter ’system-view ;local-user test class manage’...

  • Page 134: Transfer Class

    Transfer class Transfer Use Transfer to download a file from a server. Syntax Transfer(protocol=‘’, host=‘’, source=‘’, dest=‘’, login_timeout=10, user=‘’, password=‘’) Parameters protocol: Specifies the protocol used to download a file: • ftp—Uses FTP. tftp—Uses TFTP. • http—Uses HTTP. • host: Specifies the IP address of the remote server. source: Specifies the name of the file to be downloaded from the remote server.

  • Page 135: Api Get_Self_Slot

    [GCC 4.4.1] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import comware >>> c = comware.Transfer('tftp', '1.1.1.1', 'test.cfg', 'flash:/test.cfg', user='', password='') >>> c.get_error() Sample output “Couldn’t connect to server” API get_self_slot get_self_slot Use get_self_slot to get the slot number of the MPU in standalone mode, or the slot number of the global active MPU in IRF mode.
  • Page 136 [ ]—The IRF fabric does not have a global standby MPU. • • [[chassis-number,slot-number]]—The IRF fabric has only one global standby MPU. The chassis-number indicates the member ID of the subordinate switch. The slot-number indicates the slot number of the global standby MPU. [[chassis-number1,slot-number1],[chassis-number2,slot-number2],...]—The IRF fabric has multiple •...

  • Page 137: Using Automatic Configuration

    Using automatic configuration With the automatic configuration feature, the device can automatically obtain a set of configuration settings from some servers when it starts up without a configuration file. This feature simplifies network configuration, facilitates centralized management, and reduces maintenance workload. Understanding automatic configuration The automatic configuration feature requires the cooperation of the following servers: a DHCP server, an HTTP server, a TFTP server, and a DNS server, as shown in...
  • Page 138 A TFTP server IP address. A DNS server IP address. For more information, see "Automatic-configuration parameter acquisition process." After obtaining automatic configuration parameters, the device tries to download a configuration file from a TFTP server or an HTTP server. For more information, see "Configuration file acquisition process."...

  • Page 139: Interface Selection Process

    Figure 37 Automatic configuration workflow Device powered on (no configuration file) Select an interface Enable DHCP client and request parameters Restore the default Got parameters? for the interface Y: HTTP method Got a configuration file name and the name is in the form of an HTTP URL? N: TFTP method Got the TFTP server...

  • Page 140: Automatic-Configuration Parameter Acquisition Process

    If the device has no management Ethernet interface in up state at Layer 2 but has one or more Layer 2 Ethernet interfaces in up state, the device selects the VLAN interface of the default VLAN. If no Layer 2 Ethernet interface is in up state, the device sorts all Layer 3 Ethernet interfaces in up state first by the dictionary order of the interface types and then in ascending order of interface numbers, and selects the one with the smallest interface number among the interfaces of the first interface type.
  • Page 141 If the device got a configuration file name during the automatic-configuration parameter acquisition • process, the device examines the form of the configuration file name. If the configuration file name is in the form of a valid HTTP URL, the device tries to download the configuration file from the URL. Figure •...

  • Page 142: Deploying And Configuring Servers For Automatic Configuration

    Figure 39 Configuration file acquisition process Deploying and configuring servers for automatic configuration To implement automatic configuration, you do not need to perform any configuration on the device. However, you must deploy DHCP, TFTP, and DNS servers and configure the servers to cooperate with the device as follows: DHCP server—Assigns the device a set of parameters for automatic configuration, which might •...

  • Page 143: Dhcp Server Configuration Guidelines

    HTTP server—Assigns files for automatic configuration to the device, for example, the configuration • file. TFTP server—Stores files required for device automatic configuration, including the configuration • files and host name files. For more information about the TFTP server, see "Configuring TFTP."...

  • Page 144: Tftp Server Configuration Guidelines

    TFTP server configuration guidelines Create configuration files and host name files required for device automatic configuration on the TFTP server, including the default configuration file device.cfg. For easy file name identification, use configuration file names that do not contain spaces. To use the host name file network.cfg, do the following: Create a configuration file for each device on the TFTP server.

  • Page 145: Support And Other Resources

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...

  • Page 146: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
  • Page 147 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 148: Index

    Index RBAC remote AAA authentication user role, RBAC user role, authenticating RBAC AAA authorization, FTP basic server authentication, RBAC default user role function, login management CLI console/AUX none RBAC local AAA authentication user authentication, configuration, login management CLI console/AUX password RBAC user role local AAA authentication, authentication, RBAC user role non-AAA authentication,...
  • Page 149 parameter acquisition process, calculating process, file digest, server configuration, CF card partitioning, server deployment, changing file system current working directory, console/AUX common user line settings, FTP user account, console/AUX none authentication, RBAC resource access policies, console/AUX password authentication, RBAC user role interface policy, console/AUX scheme authentication, RBAC user role VLAN policy, login management CLI local console/AUX port...
  • Page 150 software upgrade, device configuration types, string/text type argument value, displaying, undo command form, encryption, use, file formats, user lines, FIPS compliance, user roles, format, view hierarchy, main next-startup file backup, client main next-startup file restore, FTP client configuration (IRF mode), management, FTP client configuration (standalone mode), next-startup configuration file,...
  • Page 151 login management SSH login, RBAC user role, login management SSH login on device, login management Telnet login, decompressing login management Telnet login on device, file, 81, login management Telnet login password deleting authentication, file, login management Telnet login scheme next-startup configuration file, authentication, recycle bin file, RBAC, 44, 47,...
  • Page 152 FTP server configuration (IRF mode), automatic configuration server configuration, FTP server configuration (standalone mode), automatic configuration server deployment, FTP server directory management, diagnosing FTP server files, device transceiver modules, FTP user account change, directory IPv4 TFTP client configuration, file system current working directory change, login management SNMP device access, file system current working directory display, login management SSH login configuration on...
  • Page 153 CPU usage monitoring, 1 15 directory creation, device copyright statement display, directory information display, RBAC default user role function, directory management, encrypting directory removal, private key, file compression, 81, public key, file copy, entering file decompression, 81, CLI entered-but-not-submitted command file deletion, redisplay, file digest calculation,...
  • Page 154 command help information display, displaying software image settings, configuration, startup image file specification (in IRF mode), connection maintenance, startup image file specification (in standalone mode), connection termination, Import device as client, extended Pythond API, device as server, incoming banner type, displaying client, interface, 15, See also line...
  • Page 155 login management CLI console/AUX common CLI user roles, user line settings, console port access, login management CLI console/AUX none displaying CLI login, authentication, DSCP value for outgoing Telnet packet, login management CLI console/AUX password maintaining CLI login, authentication, overview, login management CLI console/AUX scheme SNMP access control, authentication, SNMP device access,...
  • Page 156 FTP server connection release, automatic configuration server configuration, memory automatic configuration server deployment, device memory usage threshold, 1 17 command help information display, message device as FTP client, CLI command line error message, device as FTP server, message-of-the-day (MOTD) banner type, device banner configuration, device banner input modes, login management SNMP device access,...
  • Page 157 login management SNMPv2 access software upgrade (IRF mode), configuration, TFTP configuration, login management SNMPv3 access next-startup configuration file, configuration, login management SSH login control, login management SNMP device access, login management Telnet login control, 38, non-AAA authentication (RBAC), monitoring CPU usage, 1 15 none RBAC default user role function,...
  • Page 158 FTP basic server parameters configuration, assigning RBAC non-AAA authentication user role, partitioning assigning RBAC remote AAA authentication user storage media CF card partition, role, storage media USB disk, assigning RBAC user role, passive backing up main next-startup configuration file, FTP passive (PASV) operating mode, calculating file digest, password changing current working directory,...
  • Page 159 configuring login management SNMPv3 displaying command help information, access, displaying configuration files, configuring login management SSH login, displaying current working directory, configuring login management SSH login on displaying device management configuration, device, displaying directory information, configuring login management Telnet login, displaying file information, configuring login management Telnet login on displaying FTP client,...
  • Page 160 partitioning USB disk, using CLI command keyword alias, pausing between CLI output screens, using CLI undo command form, preloading BootWare image, using Python, preparing for non-ISSU software upgrade, verifying device transceiver module, 1 19 rebooting device, viewing CLI display command output, rebooting device (immediate), working with FTP server files, rebooting device (scheduled),...
  • Page 161 user role VLAN policy, rebooting safe saving running configuration, device, saving device (immediate), CLI display command output to file, device (scheduled), CLI running configuration, remote running configuration, RBAC user role AAA authentication, scheduling removing device management task, 109, 1 12 file system directory, device reboot (scheduled), renaming...
  • Page 162 RBAC user role rules, Comware Boot image type, RBAC user role VLAN policy, Comware feature image, temporary RBAC user role authorization, 51, Comware image loading, selecting Comware image redundancy, interface selection process, Comware image type, server Comware patch image, FTP server directory management, Comware system image type, setting displaying image settings,...
  • Page 163 management, configuration file main next-startup file backup, mounting, configuration file main next-startup file restore, repair, configuration file management, unmounting, configuration file next-startup file delete, USB disk partition, 85, device banner configuration, 107, string type argument value, device banner input modes, system device banner types, BootWare image downgrade,...
  • Page 164 login management CLI local console/AUX port software upgrade completion (in IRF mode), login, software upgrade completion (in standalone login management CLI login, mode), login management CLI login authentication TFTP configuration, modes, login management CLI user lines, task scheduling (device management), 109, 1 12 login management CLI user roles, login management command...
  • Page 165 timer temporary RBAC user role authorization, 51, device port status detection, 1 15 user access control transceiver login control, device module diagnosis, login management command authorization, 41, device module verification, 1 19 login management SNMP access control, 39, Trivial File Transfer Protocol. Use TFTP login management SSH login control, troubleshooting...

Table of Contents