HP 5830 Series Configuration Manual
  1. Manuals
  2. Brands
  3. HP Manuals
  4. Switch
  5. 5830 series
  6. Configuration manual

HP 5830 Series Configuration Manual

Hide thumbs Also See for 5830 Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Installation Manual
HP 5830 Switch Series
Fundamentals

Configuration Guide

Part number: 5998-2060
Software version: Release 1115, Release 1118
Document version: 6W101-20130604

Advertisement

Table of Contents
loading

Related Manuals for HP 5830 Series

Summary of Contents for HP 5830 Series

  • Page 1: Configuration Guide

    HP 5830 Switch Series Fundamentals Configuration Guide Part number: 5998-2060 Software version: Release 1115, Release 1118 Document version: 6W101-20130604...
  • Page 2 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Contents Using the CLI ································································································································································ 1   FIPS compliance ································································································································································ 1   Command conventions ····················································································································································· 1   Using the undo form of a command ······························································································································· 2   CLI views ············································································································································································ 2   Entering system view from user view ······················································································································ 3  ...
  • Page 4 Setting the DSCP value for outgoing Telnet packets when the device acts as the Telnet server ··················· 39   Using the device to log in to a Telnet server ······································································································ 40   Setting the DSCP value for outgoing Telnet packets when the device acts as the Telnet client ···················· 40  ...
  • Page 5 Configuring TFTP ························································································································································ 74   FIPS compliance ····························································································································································· 74   Prerequisites ···································································································································································· 74   Using the device as a TFTP client ································································································································· 74   Displaying and maintaining the TFTP client ················································································································ 75   TFTP client configuration example ································································································································ 76   Managing the file system ··········································································································································...
  • Page 6 Upgrading BootWare without performing ISSU ········································································································· 96   Upgrading system software without performing ISSU (method 1) ············································································ 97   Upgrading system software without performing ISSU (method 2) ············································································ 97   Installing hotfixes ···························································································································································· 98   Basic concepts ······················································································································································· 98   Patch states ·····························································································································································...
  • Page 7 Obtaining the configuration file from the TFTP server ····················································································· 140   Executing the configuration file ·························································································································· 142   Support and other resources ·································································································································· 143   Contacting HP ······························································································································································ 143   Subscription service ············································································································································ 143   Related information ······················································································································································ 143  ...

  • Page 8: Using The Cli

    Using the CLI At the command-line interface (CLI), you can enter text commands to configure, manage, and monitor your device. You can use different methods to log in to the CLI, including through the console port, Telnet, and SSH. For more information about login methods, see "Logging in to the CLI."...

  • Page 9: Using The Undo Form Of A Command

    You are placed in user view immediately after you are logged in to the CLI. The user view prompt is <Device-name>, where the Device-name argument defaults to HP and can be changed by using the sysname command. In user view, you can perform some basic operations, including display, debug, file management, FTP, Telnet, clock setting, and reboot.

  • Page 10: Entering System View From User View

    Figure 2 CLI view hierarchy Entering system view from user view Task Command Enter system view from user view. system-view Returning to the upper-level view from any view Task Command Return to the upper-level view from any view. quit Executing the quit command in user view terminates your connection to the device. NOTE: In public key code view, use the public-key-code end command to return to the upper-level view (public key view).

  • Page 11: Accessing The Cli Online Help

    Accessing the CLI online help The CLI online help is context sensitive. You can enter a question mark at any point of a command to display all available options. To access the CLI online help, use one of the following methods: •...

  • Page 12: Entering A Command

    Entering a command When you enter a command, you can use some keys or hotkeys to edit the command line, or use abbreviated keywords or keyword aliases. Editing a command line You can use the keys listed in Table 2 or the hotkeys listed in Table 3 to edit a command line.

  • Page 13: Configuring And Using Command Keyword Aliases

    Configuring and using command keyword aliases The command keyword alias function allows you to replace the first keyword of a non-undo command or the second keyword of an undo command with your preferred keyword when you execute the command. For example, if you configure show as the alias for the display keyword, you can enter show to execute a display command.
  • Page 14 Step Command Remarks By default: • Ctrl+G is assigned the display current-configuration command. hotkey { CTRL_G | CTRL_L | • Ctrl+L is assigned the display ip Configure hotkeys. CTRL_O | CTRL_T | CTRL_U } routing-table command. command • Ctrl+O is assigned the undo debugging all command.

  • Page 15: Enabling Redisplaying Entered-But-Not-Submitted Commands

    Hotkey Function Esc+P Moves the cursor up one line. This hotkey is available before you press Enter. Esc+< Moves the cursor to the beginning of the clipboard. Esc+> Moves the cursor to the ending of the clipboard. Enabling redisplaying entered-but-not-submitted commands After you enable redisplaying entered-but-not-submitted commands: If you entered nothing at the command-line prompt before the system outputs system information •...

  • Page 16: Using The Command History Function

    Using the command history function The system can automatically save successfully executed commands to the command history buffer for the current user interface. You can view them and execute them again, or set the maximum number of commands that can be saved in the command history buffer. A command is saved to the command history buffer in the exact format as it was entered.

  • Page 17: Controlling The Cli Output

    Controlling the CLI output This section describes the CLI output control features that help you quickly identify the desired output. Pausing between screens of output If the output is too long to fit on one screen, the system automatically pauses after displaying a screen. By default, up to 24 lines can be displayed on a screen.
  • Page 18 A regular expression is a case-sensitive string of 1 to 256 characters that supports the special characters Table Table 6 Special characters supported in a regular expression Character Meaning Examples "^user" matches all lines beginning with "user". A ^string Matches the beginning of a line. line beginning with "Auser"...
  • Page 19 Character Meaning Examples [^16A] means to match a string containing any character except 1, 6 or A, and the matching string Matches a single character not can also contain 1, 6 or A, but cannot contain these contained within the brackets. three characters only.

  • Page 20: Configuring User Privilege And Command Levels

    # Use | include Vlan in the display ip routing-table command to filter in route entries that contain Vlan. <Sysname> display ip routing-table | include Vlan Routing Tables: Public Destination/Mask Proto Cost NextHop Interface 192.168.1.0/24 Direct 0 192.168.1.42 Vlan999 Configuring user privilege and command levels To avoid unauthorized access, the device defines the user privilege levels and command levels in Table 7.
  • Page 21 For more information about user login authentication, see "Logging in to the CLI." For more information about AAA and SSH, see Security Configuration Guide. Configuring a user privilege level for users through the AAA module Step Command Remarks Enter system view. system-view user-interface { first-num1 Enter user interface view.
  • Page 22 Configuring the user privilege level directly on a user interface To configure the user privilege level directly on a user interface that uses the scheme authentication mode: Step Command Remarks Configure the authentication For more information, see Security Required only for SSH users who type for SSH users as Configuration Guide.

  • Page 23: Switching The User Privilege Level

    ssh2 Establish a secure shell client connection super Set the current user priority level telnet Establish one TELNET connection tftp Open TFTP connection tracert Trace route function # Configure the device to perform no authentication for Telnet users, and to authorize authenticated Telnet users to use level-0 and level- 1 commands.
  • Page 24 After the user logs in again, the user privilege restores to the original level. To avoid problems, HP recommends that administrators log in with a lower privilege level to view switch operating parameters, and switch to a higher level temporarily only when they must maintain the device.
  • Page 25 Step Command Remarks Optional. Set the authentication mode super authentication-mode { local for user privilege level By default, local-only | scheme } * switching. authentication is used. Required for local authentication. By default, a privilege level has no password. super password [ level user-level ] Configure the password for a If you do not specify a user [ hash ] { cipher | simple }...

  • Page 26: Changing The Level Of A Command

    User privilege level User interface Information required for switching Information required for the authentication the first authentication authentication second authentication mode mode mode mode Password configured on the device with the super local password command for the privilege level. Password for privilege level Password configured on the switching configured on the device with the super...
  • Page 27 Task Command Remarks Display the command keyword display command-alias [ | { begin | Available in any view. alias configuration. exclude | include } regular-expression ] display clipboard [ | { begin | exclude | Display data in the clipboard. Available in any view.

  • Page 28: Login Overview

    Login overview This chapter describes the available CLI login methods and their configuration procedures. FIPS compliance In Release 1 1 18 and later versions, the device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode.

  • Page 29: User Interfaces

    Login method Default setting and configuration requirements By default, SNMP login is disabled. To use SNMP service, complete the following configuration tasks: Accessing the device through • Assign an IP address to a Layer 3 interface, and make sure the interface SNMP and the NMS can reach each other.

  • Page 30: Logging In To The Cli

    Logging in to the CLI By default, the first time you access the CLI you must log in through the console port, you can enable Telnet or SSH access. FIPS compliance In Release 1 1 18 and later versions, the device supports the FIPS mode that complies with NIST FIPS 140-2 requirements.
  • Page 31 If the PC is off, turn on the PC. Launch the terminal emulation program and configure the communication properties on the PC. Figure 4 through Figure 6 show the configuration procedure on Windows XP HyperTerminal. Make sure the port settings are the same as listed in Table NOTE: On Windows Server 2003, add the HyperTerminal program first, and then log in to and manage the...

  • Page 32: Configuring Console Login Control Settings

    Power on the device and press Enter at the prompt. Figure 7 CLI At the default user view prompt <HP>, enter commands to configure the device or view the running status of the device. To get help, enter ?. Configuring console login control settings The following authentication modes are available for controlling console logins: None—Requires no authentication.

  • Page 33: Disable Authentication For Console Login (Not Supported In Fips Mode)

    Scheme—Uses the AAA module to provide local or remote console login authentication. You must • provide a username and password for accessing the CLI. If the username or password configured on a remote server was lost, contact the server administrator for help. By default, console login does not require authentication.

  • Page 34: Configuring Password Authentication For Console Login (Not Supported In Fips Mode)

    The next time you attempt to log in through the console port, you do not need to provide any username or password, as shown in Figure Figure 8 Accessing the CLI through the console port without authentication Configuring password authentication for console login (not supported in FIPS mode) Step Command...

  • Page 35: Configuring Scheme Authentication For Console Login

    Figure 9 Password authentication interface for console login Configuring scheme authentication for console login Follow these guidelines when you configure scheme authentication for console login: To make the command authorization or command accounting function take effect, apply an • HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the authorization server and other authorization parameters.
  • Page 36 If NTP is being used for system time synchronization, HP recommends that you wait 10 minutes before changing the password, so the configuration time of the new password is based on the synchronized system time.
  • Page 37 Step Command Remarks Optional. By default, local authentication is Enter ISP domain view: used. domain domain-name Apply an AAA scheme to For local authentication, configure the domain: local user accounts. authentication default For RADIUS or HWTACACS Apply an AAA { hwtacacs-scheme authentication, configure the authentication scheme to hwtacacs-scheme-name...

  • Page 38: Configuring Common Console Login Settings (Optional)

    Figure 10 Scheme authentication interface for console login Configuring common console login settings (optional) Some common settings configured for an AUX user interface take effect immediately and can interrupt the console login session. To save you the trouble of repeated re-logins, use a login method different from console login to log in to the device before you change console login settings.
  • Page 39 By default, the terminal display type is ANSI. The device supports two terminal display types: ANSI and VT100. HP recommends that you set the display type to VT100 on both the device Specify the terminal display. terminal type { ansi | vt100 } and the configuration terminal.

  • Page 40: Logging In Through Telnet (Not Supported In Fips Mode)

    Logging in through Telnet (not supported in FIPS mode) You can Telnet to the device through a VTY user interface for remote management, or use the device as a Telnet client to Telnet to other devices, as shown in Figure 1 Figure 11 Telnet login Table 14 shows the Telnet server and client configuration required for a successful Telnet login.

  • Page 41: Disable Authentication For Telnet Login

    Authentication Configuration tasks Reference mode Enable password authentication on the VTY user "Configuring password interface. Password authentication for Telnet login" Set a password. Enable scheme authentication on the VTY user interface. Configure local or remote authentication settings. To configure local authentication: Configure a local user and specify the password.

  • Page 42: Configuring Password Authentication For Telnet Login

    Figure 12 Telnetting to the device without authentication Configuring password authentication for Telnet login Step Command Remarks Enter system view. system-view By default, the Telnet service is Enable Telnet. telnet server enable enabled. Enter one or multiple VTY user-interface vty first-number user interface views.

  • Page 43: Configuring Scheme Authentication For Telnet Login

    If NTP is being used Enable scheme authentication. authentication-mode scheme for system time synchronization, HP recommends that you wait 10 minutes before changing the password, so the configuration time of the new password is based on the synchronized system time.
  • Page 44 Step Command Remarks Optional. By default, command accounting is disabled. The accounting server does not record the commands executed by users. Command accounting allows the HWTACACS server to record all executed commands that are supported by the device, regardless of the command execution result.

  • Page 45: Configuring Common Settings For Vty User Interfaces (Optional)

    Step Command Remarks "Configuring common Configure common settings for settings for VTY user interfaces Optional. VTY user interfaces. (optional)." The next time you attempt to Telnet to the CLI, you must provide the configured login username and password, as shown in Figure 14.

  • Page 46: Setting The Dscp Value For Outgoing Telnet Packets When The Device Acts As The Telnet Server

    Step Command Remarks Optional. Configure the type of terminal terminal type { ansi | vt100 } By default, the terminal display display. type is ANSI. Optional. Set the maximum number of lines By default, a screen displays 24 screen-length screen-length to be displayed on a screen.

  • Page 47: Using The Device To Log In To A Telnet Server

    Using the device to log in to a Telnet server You can use the device as a Telnet client to log in to a Telnet server. If the server is located in a different subnet than the device, make sure the two devices have routes to reach each other. Figure 15 Telnetting from the device to a Telnet server To use the device to log in to a Telnet server: Step...

  • Page 48: Logging In Through Ssh

    Logging in through SSH SSH offers a secure method for remote login. By providing encryption and strong authentication, it protects devices against attacks such as IP spoofing and plaintext password interception. You can log in to the device acting as an SSH server for remote management, as shown in Figure 16.
  • Page 49 Step Command Remarks By default, no local key pairs are Create local key pairs. public-key local create { dsa | rsa } created. Enable SSH server. ssh server enable By default, SSH server is disabled. Enter one or more VTY user user-interface vty first-number interface views.
  • Page 50 Step Command Remarks Optional. By default, command accounting is disabled. The accounting server does not record the commands executed by users. Command accounting allows the HWTACACS server to record all executed commands that are supported by the device, regardless of the command execution result.

  • Page 51: Using The Device As An Ssh Client To Log In To The Ssh Server

    Step Command Remarks ssh user username service-type Create an SSH user, and stelnet authentication-type specify the authentication { password | { any | mode for the SSH user. password-publickey | publickey } assign publickey keyname } Configure common settings "Configuring common settings Optional.

  • Page 52: Logging In To The Web Interface

    Logging in to the Web interface The device provides a built-in Web server for you to configure the device through a Web browser. Web login is by default disabled. To enable Web login, log in through the console port, and perform the following configuration tasks: Enable HTTP or HTTPS service.

  • Page 53: Configuring Http Login (Not Supported In Fips Mode)

    Configuring HTTP login (not supported in FIPS mode) Step Command Remarks Optional. By default, a Web user must enter Specify a fixed verification the verification code indicated on web captcha verification-code code for Web login. the login page to log in. This command is available in user view.

  • Page 54: Configuring Https Login

    Step Command Remarks Exit to system view. quit If the VLAN interface already Create a VLAN interface and interface vlan-interface exists, the command enters its enter its view. vlan-interface-id view. Assign an IP address and ip address ip-address { mask | By default, no IP address is subnet mask to the interface.
  • Page 55 Step Command Remarks Optional. By default, the HTTPS service is not associated with any SSL server policy, and the device uses a self-signed certificate for authentication. If you disable the HTTPS service, the Associate the HTTPS system automatically de-associates the ip https ssl-server-policy service with an SSL server HTTPS service from the SSL service...
  • Page 56 Step Command Remarks Optional. Specify the HTTPS service ip https port port-number port number. The default HTTPS service port is 443. By default, the HTTPS service is not associated with any ACL. Associate the HTTPS Associating the HTTPS service with an ip https acl acl-number service with an ACL.

  • Page 57: Displaying And Maintaining Web Login

    Step Command Remarks If the VLAN interface already exists, the command enters its view. Create a VLAN interface interface vlan-interface You could replace this VLAN interface and enter its view. vlan-interface-id with any other Layer 3 interface as appropriate. Assign an IP address and ip address ip-address { mask | By default, no IP address is assigned to subnet mask to the...

  • Page 58: Https Login Configuration Example

    # Assign the IP address 192.168.0.58 and the subnet mask 255.255.255.0 to VLAN-interface 999. [Sysname] interface vlan-interface 999 [Sysname-VLAN-interface999] ip address 192.168.0.58 255.255.255.0 [Sysname-VLAN-interface999] quit # Create a local user named admin, and set the password to admin for the user. Specify the Web service type for the local user, and set the command level to 3 for this user.
  • Page 59 Figure 20 Network diagram Configuration procedure This example assumes that the CA is named new-ca, runs Windows Server, and is installed with the SCEP add-on. This example also assumes that the device, host, and CA can reach one other. Configure the device (HTTPS server): # Configure a PKI entity, configure the common name of the entity as http-server1, and the FQDN of the entity as ssl.security.com.
  • Page 60 [Device-pki-cert-attribute-group-mygroup1] attribute 1 issuer-name dn ctn new-ca [Device-pki-cert-attribute-group-mygroup1] quit # Create a certificate attribute-based access control policy myacp. Configure a certificate attribute-based access control rule, specifying that a certificate is considered valid when it matches an attribute rule in certificate attribute group myacp. [Device] pki certificate access-control-policy myacp [Device-pki-cert-acp-myacp] rule 1 permit mygroup1 [Device-pki-cert-acp-myacp] quit...

  • Page 61: Accessing The Device Through Snmp

    Accessing the device through SNMP You can use an NMS to access the device MIB and perform GET and SET operations to manage and monitor the device. The device supports SNMPv1, SNMPv2c, and SNMPv3, and can work with various network management software products, including IMC. For more information about SNMP, see Network Management and Monitoring Configuration Guide.

  • Page 62: Configuring Snmpv1 Or Snmpv2C Settings

    Step Command Remarks snmp-agent group v3 group-name [ authentication | privacy ] Configure an SNMP [ read-view read-view ] [ write-view By default, no SNMP group is group and specify its write-view ] [ notify-view configured. access right. notify-view ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * snmp-agent usm-user v3 user-name group-name [ [ cipher ]...

  • Page 63: Nms Login Example

    NMS login example Network requirements Configure the device and network management station so you can remotely manage the device through SNMPv3. Figure 22 Network diagram Configuration procedure Configure the device: # Assign an IP address to the device. Make sure the device and the NMS can reach each other. (Details not shown.) # Enter system view.

  • Page 64: Controlling User Logins

    Controlling user logins To harden device security, use ACLs to prevent unauthorized logins. For more information about ACLs, see ACL and QoS Configuration Guide. FIPS compliance In Release 1 1 18 and later versions, the device supports the FIPS mode that complies with NIST FIPS 140-2 requirements.

  • Page 65: Configuring Source/Destination Ip-Based Telnet Login Control

    Step Command Remarks • For IPv4 networks: rule [ rule-id ] { deny | permit } [ counting | fragment | logging | source { sour-addr sour-wildcard | any } | time-range time-range-name | vpn-instance By default, a basic ACL does not vpn-instance-name ] * contain any rule.

  • Page 66: Configuring Source Mac-Based Telnet Login Control

    Configuring source MAC-based Telnet login control Ethernet frame header ACLs apply to Telnet traffic only if the Telnet client and server are located in the same subnet. To configure source MAC-based Telnet login control: Step Command Remarks Enter system view. system-view Create an Ethernet frame acl number acl-number [ name...

  • Page 67: Configuring Source Ip-Based Snmp Login Control

    [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit # Reference ACL 2000 in user interface view to allow Telnet users from Host A and Host B to access the Device. [Sysname] user-interface vty 0 4 [Sysname-ui-vty0-4] acl 2000 inbound Configuring source IP-based SNMP login control Use a basic ACL (2000 to 2999) to control SNMP logins by source IP address.

  • Page 68: Snmp Login Control Configuration Example

    Step Command Remarks • SNMPv1/v2c community: snmp-agent community { read | write } community-name [ mib-view view-name ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * • SNMPv1/v2c group: snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number | acl ipv6 ipv6-acl-number ] *...

  • Page 69: Configuring Web Login Control

    Configuration procedure # Create ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit packets sourced from Host A. <Sysname> system-view [Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit # Associate the ACL with the SNMP community and the SNMP group.

  • Page 70: Web Login Control Configuration Example

    Task Command Remarks free web-users { all | user-id Log off online Web users. Available in user interface view. user-id | user-name user-name } Web login control configuration example Network requirements As shown in Figure 25, configure the device to allow only Web users from Host B to access. Figure 25 Network diagram Configuration procedure # Create ACL 2000, and configure rule 1 to permit packets sourced from Host B.

  • Page 71: Configuring Ftp

    Configuring FTP File Transfer Protocol (FTP) is an application layer protocol based on the client/server model. It is used to transfer files from one host to another over a TCP/IP network. FTP server uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959.

  • Page 72: Establishing An Ftp Connection

    Establishing an FTP connection To access an FTP server, use the ftp command in user view or use the open command in FTP client view to establish a connection to the FTP server. You can use the ftp client source command to specify a source IP address or source interface for the FTP packets sent by the device.

  • Page 73: Setting The Dscp Value For Ip To Use For Outgoing Ftp Packets

    Task Command ftp ipv6 Log in to the FTP server from FTP client view. open ipv6 server-address [ service-port ] [ -i interface-type interface-number ] Setting the DSCP value for IP to use for outgoing FTP packets You can set the DSCP value for IPv4 or IPv6 to use for outgoing FTP packets on an FTP client, so outgoing FTP packets are forwarded based on their priorities on transit devices.

  • Page 74: Switching To Another User Account

    Set the file transfer mode. FTP transmits files in two modes: ASCII and binary. Use ASCII mode to transfer text files. Use binary mode to transfer image files. Use the lcd command to display the local working directory of the FTP client. You can upload the file or save the downloaded file in this directory.

  • Page 75: Terminating The Ftp Connection

    Task Command Remarks Display the help information of remotehelp [ protocol-command ] FTP-related commands on the FTP server. Enable displaying detailed prompt verbose Enabled by default. information received from the server. Enable FTP related debugging when the debugging Disabled by default. device acts as the FTP client.
  • Page 76 Press CTRL+K to abort Connected to 10.1.1.1. 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user User(10.1.1.1:(none)):abc 331 Give me your password, please Password: 230 Logged in successfully # Set the file transfer mode to binary. [ftp] binary 200 Type set to I.

  • Page 77: Using The Device As An Ftp Server

    Using the device as an FTP server If the device is operating as an FTP server, make sure the following requirements are met to ensure successful FTP operations: The device and the FTP server can reach each other. • Configure a user account (including the username, password, and authorization) on the device or •...

  • Page 78: Configuring Authentication And Authorization

    Step Command Remarks Return to user view. quit Release the FTP connection free ftp user username Optional. established by a specific user. Configuring authentication and authorization Perform this task on the FTP server to authenticate FTP clients and specify the directories that authenticated clients can access.

  • Page 79: Ftp Server Configuration Example

    FTP server configuration example Network requirements Create a local user account with username abc and password abc and enable FTP server on the IRF fabric in Figure 28. Use the user account to log in to the FTP server from the FTP client, upload the file newest.bin from the FTP client to the FTP server, and download the configuration file config.cfg from the FTP server to the FTP client for backup.

  • Page 80: Displaying And Maintaining Ftp

    Password: 230 User logged in. # Download the configuration file config.cfg from the FTP server to the PC for backup. ftp> get config.cfg back-config.cfg # Upload the file newest.bin to the Flash root directory of the master. ftp> put newest.bin 200 Port command okay.

  • Page 81: Configuring Tftp

    Configuring TFTP Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for connection establishment and data transmission. In contrast to TCP-based FTP, TFTP requires no authentication or complex message exchanges, and is easier to deploy. TFTP supports the following transfer modes: Binary mode—Used to transfer image files, such as .bin, and .btm files.

  • Page 82: Displaying And Maintaining The Tftp Client

    The tftp client source command setting applies to all TFTP sessions. When you set up a TFTP session with the tftp command, you can also specify a different source IP address for the TFTP session. IMPORTANT: To avoid TFTP connection failures, when you specify a source interface for TFTP packets, make sure the interface has a primary IP address.

  • Page 83: Tftp Client Configuration Example

    TFTP client configuration example Network requirements Configure the PC in Figure 30 as a TFTP server, and use TFTP to download the system software image file newest.bin from the TFTP server to the client and upload the configuration file config.cfg from the TFTP client to the server for backup.
  • Page 84 IMPORTANT: The system software image file used for the next startup must be saved in the Flash root directory. You can copy or move a file to the Flash root directory. # Reboot the IRF fabric and the software is upgraded. <Sysname>...

  • Page 85: Managing The File System

    Managing the file system This chapter introduces the storage medium naming rules and file name formats, and describes how to manage the device's file system, including the storage media, directories, and files. Storage medium naming rules If a storage medium is the only storage medium of its type on the device, it is named by its type. For example, if the device has only one Flash, the name of the Flash is flash.

  • Page 86: Managing Files

    Managing files CAUTION: To avoid file system corruption, do not plug in or unplug storage media or perform active/standby switchover while the system is processing a file operation. You can display directory or file information; display file contents; rename, copy, move, remove, restore, and delete files.

  • Page 87: Deleting/Restoring A File

    The digest of a file can be used to verify the file integrity. For example, you can calculate the digest of a software image file and compare it with the file digest provided on the HP website to examine whether the file has been tampered with.

  • Page 88: Displaying Directory Information

    Displaying directory information Perform this task in user view. Task Command Display directory or file information. dir [ /all ] [ file-url | /all-filesystems ] Displaying the current working directory Perform this task in user view. Task Command Display the current working directory. Changing the current working directory Perform this task in user view.

  • Page 89: Managing Storage Medium Space

    Managing storage medium space When the space of a storage medium becomes inaccessible, you can use the fixdisk command to examine the medium for damage and repair any damage. The format command formats the storage medium, and all data on the storage medium is deleted. CAUTION: After a storage medium is formatted, all files on it are erased and cannot be restored.

  • Page 90: File System Management Examples

    Step Command Remarks Optional. Set the file system operation file prompt { alert | quiet } mode. The default is alert. File system management examples # Display the files and the subdirectories in the current directory. <Sysname> dir Directory of flash:/ drw- Feb 16 2012 11:45:36 logfile...

  • Page 91: Managing Configuration Files

    Managing configuration files You can use the CLI or the Boot menu to manage configuration files. This chapter explains how to manage configuration files from the CLI. Overview A configuration file saves configurations as a set of text commands. You can save the running configuration to a configuration file so the configuration takes effect after you reboot the device.

  • Page 92: Startup Configuration Loading Process

    To view the running configuration, including settings that have not been saved yet, use the display current-configuration command. The displayed configuration does not include parameters that use initial or product-specific default settings. Startup configuration loading process Figure 31 shows the configuration loading process during startup. Figure 31 Configuration loading process during startup Start BootWare runs...

  • Page 93: Configuration File Format And Content

    The configuration file ends with the word return. You can execute the save command to save the running configuration to a configuration file. To make sure the configuration file can be loaded, HP recommends that you not edit the content and format of the configuration file.

  • Page 94: Enabling Configuration Auto-Update

    [ safely ] [ backup | main ] [ force ] command or the save filename all command. If this function is disabled, only the master device saves the configuration. To ensure configuration consistency, HP recommends enabling the function. To enable configuration auto-update: Step...

  • Page 95: Using Automatic Configuration Backup After A Software Upgrade

    Task Command Remarks If you execute the save [ safely ] command without specifying any other keyword, the command saves the configuration to the main startup configuration file. If the force keyword is specified, Save the running configuration to a the command saves the configuration file and specify the save [ safely ] [ backup | main ]...

  • Page 96: Configuring Configuration Rollback

    Configuring configuration rollback To replace the running configuration with the configuration in a configuration file without rebooting the device, use the configuration rollback function. This function helps you revert to a previous configuration state or adapt the running configuration to different network environments. The configuration rollback function compares the running configuration against the specified replacement configuration file and handles configuration differences as follows: If a command in the running configuration is not in the replacement file, executes its undo form.

  • Page 97: Enabling Automatic Configuration Archiving

    Step Command Remarks Create the configuration In an IRF fabric, create the "Managing the file system." archive directory. directory at least on the master. Enter system view. system-view Do not include member ID information in the directory name. By default, no path or file name prefix is set for configuration archives, and the system does not regularly save configuration.

  • Page 98: Manually Archiving Running Configuration

    Manually archiving running configuration To save system resources, disable automatic configuration archiving and manually archive configuration if the configuration will not be changed very often. You can also manually archive configuration before performing complicated configuration tasks so you can use the archive for configuration recovery after the configuration attempt fails.

  • Page 99: Backing Up The Next-Startup Configuration File To A Tftp Server

    Alternatively, perform the following task in user view to specify the next-startup configuration file: Task Command Remarks The setting applies to all member devices. Specify the next-startup startup saved-configuration cfgfile IMPORTANT: configuration file. [ backup | main ] The configuration file must use the .cfg extension and be saved in the root directory of the flash.

  • Page 100: Restoring The Next-Startup Configuration File From A Tftp Server

    Task Command Delete the next-startup reset saved-configuration [ backup | main ] configuration file. Restoring the next-startup configuration file from a TFTP server To download a configuration file from a TFTP server to the root directory of each member's flash, and specify the file as the next-startup configuration file, perform the task in this section.
  • Page 101 Task Command Remarks Display names of the configuration display startup [ | { begin | files used at this startup and the exclude | include } Available in any view. next startup. regular-expression ] display this [ by-linenum ] [ | Display the valid configuration in { begin | exclude | include } Available in any view.

  • Page 102: Upgrading Software

    Upgrading software Upgrading software includes upgrading the BootWare and system software. Each time the switch is powered on, it runs the BootWare image to initialize hardware and display hardware information, and then runs the system software image (called the "boot file" in software code) so you can access the software features, as shown in Figure Figure 32 System startup process...

  • Page 103: Upgrading Bootware Without Performing Issu

    Upgrading method Software types Remarks • BootWare image Upgrading without • This method is disruptive. You must reboot the entire device System software performing ISSU to complete the upgrade. image (excluding patches) Hotfixes (called "patches" in this document) repair software defects without requiring a reboot or service disruption.

  • Page 104: Upgrading System Software Without Performing Issu (Method 1)

    Step Command Remarks Return to user view. quit In FIPS mode, the file must pass Upgrade BootWare on bootrom update file file-url slot authenticity verification before it member switches. slot-number-list can be set as the BootWare image file. Reboot the member switches. reboot Upgrading system software without performing ISSU (method 1)

  • Page 105: Installing Hotfixes

    Step Command Remarks Use FTP or TFTP to transfer the The image file must be saved in the system software image to the "Configuring FTP" or root directory for a successful root directory of the master "Configuring TFTP." upgrade. switch's flash. In FIPS mode, the specified file Specify the file as the startup boot-loader update file file-url slot...

  • Page 106: Patch States

    Patch states A patch is in IDLE, DEACTIVE, ACTIVE, or RUNNING state, depending on the patch manipulation command. Patch manipulation commands include patch load (load), patch active (run temporarily), patch run (confirm running), patch deactive (stop running), patch delete (delete), patch install (install), and undo patch install (uninstall).
  • Page 107 Figure 34 Patches that are not loaded to the patch memory area DEACTIVE state Patches in DEACTIVE state have been loaded to the patch memory area but have not yet run in the system. For example, suppose that the patch file you are loading has seven patches. After the seven patches successfully pass the version check and CRC check, they are loaded to the patch memory area and are in DEACTIVE state.

  • Page 108: Hotfix Configuration Task List

    Figure 36 Patches are activated RUNNING state After you confirm ACTIVE patches, their states change to RUNNING and persist after a reboot. In contrast to ACTIVE patches, RUNNING patches continue to take effect after a reboot. For example, if you confirm the first three patches in Figure 36, their state changes from ACTIVE to RUNNING, and the...

  • Page 109: Installing And Running Patches In One Step

    Save patch files to the root directory of each member device's flash. • • Use the display patch information command to verify that no patches have been installed. If patches have been installed, uninstall them. Correctly name a patch file in the patch_PATCH-FlAG suffix.bin format. The PATCH-FLAG suffix is •...

  • Page 110: Installing A Patch Step By Step

    To uninstall all ACTIVE and RUNNING patches in one step, use the undo patch install command. HP recommends this command for uninstalling patches in an IRF fabric. For information about the step-by-step patch uninstall method, see "Uninstalling a patch step by step."...

  • Page 111: Uninstalling A Patch Step By Step

    To load a patch file: Step Command Enter system view. system-view Load the patch file from the flash to the patch patch load slot slot-number [ file patch-package ] memory area. Activating patches Activating a patch changes its state to ACTIVE. An ACTIVE patch runs in memory until a reboot occurs. To have a patch continue to run after a reboot, you must change its state to RUNNING.

  • Page 112: Displaying And Maintaining Software Upgrade

    In an IRF fabric, HP recommends that you uninstall all patches by using the undo patch install command. To remove patches from the patch memory area: Step Command Enter system view. system-view Remove patches from the patch memory area. patch delete [ patch-number ] slot slot-number...

  • Page 113: Hotfix Configuration Example

    Configuration procedure Configure the TFTP server (the configuration varies with server vendors): # Obtain the system software image and configuration file and save these files under the TFTP server's working directory. (Details not shown.) Configure the members of the IRF fabric: # Download new-config.cfg from the TFTP server to the master.
  • Page 114 Figure 39 Network diagram Master Subordinate (Member_ID=1) (Member_ID=2) 2.2.2.2/24 Internet TFTP server 1.1.1.1/24 Note: The orange line indicates the IRF link. Configuration procedure Configure the TFTP server: # Enable the TFTP server function. (Details not shown.) # Save the patch file patch_xxx.bin to the directory of TFTP server. (Details not shown.) Configure the IRF fabric: # Before upgrading the software, use the save command to save the current system configuration.

  • Page 115: Performing Issu

    Performing ISSU This chapter describes how to use the In-Service Software Upgrade (ISSU) feature to upgrade software. Overview ISSU enables software upgrade and ensures continuous packet forwarding. As shown in Figure 40, to ensure high availability for user networks, cross-device link aggregation is configured on the IRF member switches at the distribution layer so every three physical links with the same color between the IRF member switches and access switches are aggregated as one logical link.

  • Page 116: Issu States

    Figure 41 ISSU flow chart IMPORTANT: Do not modify the running configuration, plug in or unplug cables connected to IRF ports, or delete or • modify the system software image during ISSU. Otherwise, the upgrade might fail. • To upgrade system software of IRF member switches through ISSU, make sure the member switches form a ring topology.

  • Page 117: System Software Version Rollback

    System software version rollback The HP 5830 switch series supports version rollback during ISSU. When ISSU fails to proceed on an IRF member switch (for example, the new system software image file is broken), you can use this feature to revert system software to the previous version.

  • Page 118: Examining And Preparing The Member Switches For The Issu

    Task Remarks Setting the ISSU version rollback timer Optional. Performing a manual version rollback Optional. Displaying and maintaining ISSU Optional. Examining and preparing the member switches for the ISSU Task Command Remarks Before performing ISSU, make sure the running Save the running configuration. save configuration of the IRF fabric has been saved to the configuration file.

  • Page 119: Performing An Issu For An Incompatible Version

    Performing an ISSU for an incompatible version Use the display version comp-matrix file upgrading-filename command to view the versions of the new and current system software images. If they are incompatible, use this task for ISSU. To perform an ISSU for an incompatible version: Step Command Remarks...

  • Page 120: Displaying And Maintaining Issu

    Step Command Remarks Optional. By default, automatic rollback is performed to revert Perform a manual to the previous version. issu rollback slot slot-number version rollback. The slot-number argument provided in this command must be the same as that specified in the issu load command.

  • Page 121: Upgrade Procedure

    Figure 42 Network diagram Core Aggregation Group 1 SwitchE Aggregation Group 2 4: GE2/0/1 Aggregation Group 3 5: GE2/0/2 6: GE2/0/3 SwitchD SwitchF 1: GE1/0/1 7: GE3/0/1 2: GE1/0/2 8: GE3/0/2 3: GE1/0/3 9: GE3/0/3 1: GE1/0/1 1: GE1/0/1 1: GE1/0/1 2: GE1/0/2 2: GE1/0/2 2: GE1/0/2...
  • Page 122 [IRF-GigabitEthernet2/0/1] port link-aggregation group 1 [IRF-GigabitEthernet2/0/1] quit [IRF] interface GigabitEthernet 3/0/1 [IRF-GigabitEthernet3/0/1] port link-aggregation group 1 [IRF-GigabitEthernet3/0/1] quit # Add ports GigabitEthernet 1/0/2, GigabitEthernet 2/0/2, and GigabitEthernet 3/0/2 that connect to Switch B to aggregation group 2. [IRF] interface GigabitEthernet 1/0/2 [IRF-GigabitEthernet1/0/2] port link-aggregation group 2 [IRF-GigabitEthernet1/0/2] quit [IRF] interface GigabitEthernet 2/0/2...

  • Page 123: Configuring The Tftp Server

    [SwitchB] interface bridge-aggregation 2 [SwitchB-Bridge-Aggregation2] link-aggregation mode dynamic [SwitchB-Bridge-Aggregation2] quit #Add ports GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 that connect to IRF member switches to aggregation group 2 (corresponding to aggregate interface 2). [SwitchB] interface GigabitEthernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] port link-aggregation group 2 [SwitchB-GigabitEthernet1/0/1] quit [SwitchB] interface GigabitEthernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] port link-aggregation group 2...
  • Page 124 Checking all IRF member switches before the ISSU upgrade Check the running status of all IRF member switches. If the running state of a member switch is abnormal, the ISSU upgrade cannot be performed. <IRF> display device Slot 1 SubSNo PortNum PCBVer FPGAVer CPLDAVer CPLDBVer BootWareVer AddrLM Type State PatchVer REV.B NULL...
  • Page 125 Domain ID The output shows the following information: The member ID and the priority of the master are 1 and 10 respectively. The member ID and the priority of one subordinate switch are 2 and 9 respectively. The member ID and the priority of the other subordinate switch are 3 and 1 respectively. During the ISSU upgrade process, you must select subordinate switch 2 as the specified subordinate switch.

  • Page 126: Performing Incompatible Issu Upgrade

    drw- Apr 26 2011 12:00:33 seclog -rw- Apr 26 2011 12:19:52 system.xml 60833 KB total (26734 KB free) The output shows that the new system software image has been saved to the Flash of subordinate switch 3. Save the running configuration. <IRF>...
  • Page 127 The current boot app is: flash:/soft-version2.bin The main boot app is: flash:/soft-version2.bin The backup boot app is: NULL...

  • Page 128: Managing The Device

    Configure the device name. sysname sysname By default, the device name is HP. Changing the system time You must synchronize your device with a trusted time source by using NTP or changing the system time before you run it on the network. Network management depends on an accurate system time setting, because the timestamps of system messages and logs use the system time.

  • Page 129: Configuration Example

    Command Effective system time Configuration example System time clock timezone 03:00:00 zone-time Sat zone-time add 1 2, 1 date-time 03/03/2007. clock datetime 3:00 2007/3/3 The original system time outside the daylight saving time range: clock summer-time ss 01:00:00 UTC Sat one-off 1:00 The system time does not 01/01/2005.
  • Page 130 Command Effective system time Configuration example System time clock summer-time ss date-time – summer-offset one-off 1:00 in the daylight saving time 03:00:00 ss Mon 2007/1/1 1:00 range: 01/01/2007. 2007/8/8 2 date-time clock datetime 3:00 2007/1/1 Original system clock ± clock timezone zone-offset outside the zone-time add 1 daylight saving time...

  • Page 131: Configuration Procedure

    Command Effective system time Configuration example System time clock timezone date-time in the daylight zone-time add 1 saving time range, but clock summer-time ss date-time – summer-offset 23:30:00 zone-time Mon one-off 1:00 outside the summer-time 12/31/2007. 2008/1/1 1:00 range: 2008/8/8 2 date-time –...

  • Page 132: Configuring Banners

    Step Command Remarks Enter system view. system-view Enable displaying the copyright-info enable Enabled by default. copyright statement. Configuring banners Banners are messages that the system displays during user login. The system supports the following banners: Legal banner—Appears after the copyright or license statement. To continue login, the user must •...

  • Page 133: Configuration Procedure

    Please input the password.A Method 3—After you type the last keyword, type the start delimiter and part of the banner and press Enter. At the system prompt, enter the rest of the banner and end the last line with a delimiter that is the same as the start delimiter.

  • Page 134: Rebooting Devices Immediately At The Cli

    CAUTION: Device reboot can interrupt network services. • To avoid data loss, use the save command to save the current configuration before a reboot. • Use the display startup and display boot-loader commands to verify that you have correctly set the •...

  • Page 135: Scheduling Jobs

    Scheduling jobs You can schedule a job to automatically run a command or a set of commands without administrative interference. The commands in a job are polled every minute. When the scheduled time for a command is reached, the job automatically executes the command. If a confirmation is required while the command is running, the system automatically enters Y or Yes.

  • Page 136: Scheduling A Job By Using The Non-Modular Method

    Every job can have only one view and up to 10 commands. If you specify multiple views, the one specified last takes effect. Enter a view name in its complete form. Most commonly used view names include monitor for x/x/x user view, system for system view, GigabitEthernet for Ethernet interface view, and Vlan-interface...

  • Page 137: Scheduled Job Configuration Example

    Step Command Remarks • Configure a command to run at a specific time and date: time time-id at time date command command • Configure a command to run at a Use any of the commands. specific time: NOTE: Add commands to the time time-id { one-off | repeating } job.
  • Page 138 [Sysname-job-pc1] time 1 repeating at 8:00 week-day mon tue wed thu fri command undo shutdown # Configure the device to shut down GigabitEthernet 1/0/1 at 18:00 on working days every week. [Sysname-job-pc1] time 2 repeating at 18:00 week-day mon tue wed thu fri command shutdown [Sysname-job-pc1] quit # Create a job named pc2, and enter its view.

  • Page 139: Setting The Preferred Airflow Direction

    Setting the preferred airflow direction Two fan tray models are available for the device. One model has airflow from the port side to the power supply side. The other model has airflow from the power supply side to the port side. You can select the fan tray models as required.

  • Page 140: Clearing Unused 16-Bit Interface Indexes

    Sensor temperature temperature temperature temperature direction threshold threshold threshold threshold 87°C power-to-port 0°C (32°F) 70°C (158°F) 5830AF-48G( (188.6°F) JC691A)/ HP 97°C 5830AF-48G port-to-power 0°C (32°F) 80°C (176°F) (206.6°F) TAA (JG316A) 62°C 77°C power-to-port 0°C (32°F) 5830AF-96G( (143.6°F) (170.6°F) JC694A) /HP 62°C...

  • Page 141: Verifying And Diagnosing Transceiver Modules

    NOTE: This feature is supported in Release 1118 and later versions. Password recovery capability controls console user access to the device configuration and SDRAM from BootROM menus. If password recovery capability is enabled, a console user can access the device configuration without authentication and reconfigure the console login password and user privilege level passwords.

  • Page 142: Diagnosing Transceiver Modules

    Diagnosing transceiver modules The device provides the alarm function and digital diagnosis function for transceiver modules. When a transceiver module fails or works inappropriately, you can examine the alarms present on the transceiver module to identify the fault source or examine the key parameters monitored by the digital diagnosis function, including the temperature, voltage, laser bias current, TX power, and RX power.
  • Page 143 Task Command Remarks display device manuinfo [ slot Display the electronic label data slot-number] [ | { begin | exclude | Available in any view. for the device. include } regular-expression ] display device manuinfo slot slot-number Display the electronic label data fan fan-id [ | { begin | exclude | Available in any view.

  • Page 144: Using Automatic Configuration

    Using automatic configuration Automatic configuration enables a device without any configuration file to automatically obtain and execute a configuration file during startup. Automatic configuration simplifies network configuration, facilitates centralized management, and reduces maintenance workload. To implement automatic configuration, the network administrator saves configuration files on a server and a device automatically obtains and executes a specific configuration file.

  • Page 145: How Automatic Configuration Operates

    How automatic configuration operates During startup, the device sets the first interface in up state as the DHCP client to request parameters from the DHCP server, such as an IP address and name of a TFTP server, IP address of a DNS server, and the configuration file name.

  • Page 146: Using Dhcp To Obtain An Ip Address And Other Configuration Information

    Using DHCP to obtain an IP address and other configuration information Address acquisition process As mentioned in "How automatic configuration operates," a device sets the first up interface as the DHCP client during startup. The DHCP client broadcasts a DHCP request, where the Option 55 field specifies the information the client wants to obtain from the DHCP server such as the configuration file name, domain name and IP address of the TFTP server, and DNS server IP address.

  • Page 147: Obtaining The Configuration File From The Tftp Server

    To configure static address pools, you must obtain corresponding client IDs. To obtain a device's client ID, use the display dhcp server ip-in-use command to display address binding information on the DHCP server after the device obtains its IP address through DHCP. Obtaining the configuration file from the TFTP server A device can obtain the following files from the TFTP server during automatic configuration: The configuration file specified by the Option 67 or file field in the DHCP response.
  • Page 148 Obtaining the configuration file Figure 46 Obtaining the configuration file A device obtains its configuration file by using the following work flow: • If the DHCP response contains the configuration file name, the device requests the specified configuration file from the TFTP server. If not, the device tries to get its host name from the host name file obtained from the TFTP server.

  • Page 149: Executing The Configuration File

    If the IP address and the domain name of the TFTP server are not contained in the DHCP response • or they are illegitimate, the device broadcasts a TFTP request. After broadcasting a TFTP request, the device selects the TFTP server that responds first to obtain the configuration file.

  • Page 150: Support And Other Resources

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...

  • Page 151: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
  • Page 152 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 153: Index

    Index Numerics login management Telnet login scheme authentication, 16-bit interface index, authentication configuring FTP server, abbreviating commands (CLI), console login modes, accessing authorization (FTP server), login management SNMP device access, auto accessing online help, configuration. See automatic configuration automatic login management SSH login control, configuration archiving, login management Telnet login control, automatic configuration...
  • Page 154 FTP client configuration, TFTP client configuration, calculating command file digest, abbreviating (CLI), changing changing level, command level, configuring hotkeys, current working directory, configuring keyword aliases, clearing unused interface indexes, configuring user level, conventions, abbreviating commands, editing command lines, accessing online help, entering, command conventions, entering STRING type values (CLI),...
  • Page 155 configuration rollback, 89, login management CLI console password authentication, device configuration types, login management CLI console scheme displaying, authentication, format and content, login management HTTP login, 46, main next-startup file backup, login management HTTPS login, 47, management, login management source IP-based Web login next-startup configuration file, control, next-startup file delete,...
  • Page 156 terminating FTP connection, automatic configuration networking, console automatic configuration work flow, logging in through console port, BootWare upgrade without ISSU, login authentication modes, changing system time, login management CLI console common user clearing unused interface, interface settings, CLI configuration, login management CLI console none configuration file format and content, authentication, configuration types,...
  • Page 157 patch uninstallation step by step, login management Telnet login authentication, rebooting, password recovery capability, rebooting immediately at CLI, disconnecting FTP connection, running configuration, disk space (managing storage media), scheduling job, displaying scheduling reboot, CLI output options, software upgrade, configuration files, software upgrade without ISSU, 97, copyright, startup configuration,...
  • Page 158 examining configuration, members for ISSU, 1 1 1 configuring client, exception handling configuration, configuring server, configuring server authentication, configuring server authorization, fast saving running configuration, configuring server basic parameters, file connection maintenance, batch file, displaying, configuration file management, DSCP for outgoing packets (client side), copying, establishing connection, deleting,...
  • Page 159 overview, preparing members for ISSU, 1 1 1 idle software configuration rollback, 1 12 patch state, software configuration rollback timer, 1 12 In-Service Software Upgrade. Use ISSU states, installing to an incompatible version, 1 12 hotfix, upgrade procedure, patch in one step, version rollback, 1 10 patch step by step,...
  • Page 160 login management Telnet login, CLI console password authentication, login management Telnet login max number CLI console scheme authentication, concurrent users, FTP packet DSCP (client side), login management Telnet login none overview, authentication, SNMP device access, login management Telnet login password source IP-based Web login control, authentication, SSH login control,...
  • Page 161 maintaining CLI, device temperature alarm threshold, managing device transceiver module diagnosis, 134, configuration files, device transceiver module verification, 134, directories, disabling password recovery capability, file system, 78, examining members for ISSU, 1 1 1 file system files, file system file management, FTP server directories, FTP client configuration, storage media,...
  • Page 162 ISSU upgrade states, login management Telnet login none authentication, login management SNMP device access, non-ISSU login management Web interface HTTP login, software upgrade, login management Web interface HTTPS non-modular job scheduling, login, numbering managing file system, user interfaces, non-ISSU software upgrade, obtaining configuration file from TFTP server for online help (CLI), automatic configuration,...
  • Page 163 state, configuring device name, stopping, configuring device temperature alarm threshold, temporary patch, configuring exception handling, uninstalling step by step, configuring FTP, patch file configuring FTP client, 64, hotfix, configuring FTP server, 70, pausing between CLI output screens, configuring FTP server authentication, performing configuring FTP server authorization, batch operation,...
  • Page 164 configuring source MAC-based Telnet user login displaying TFTP client, control, 59, displaying version compatibility, 1 1 1 configuring source/destination IP-based Telnet editing command lines, user login control, emptying recycle bin, configuring SSH login, enabling automatic configuration archiving, configuring SSH server, enabling configuration auto-update, configuring TFTP client, 74, enabling copyright display,...
  • Page 165 performing ISSU to an incompatible switching to higher user privilege level, version, 1 12 switching to another user account (FTP), preparing members for ISSU, 1 1 1 switching user privilege level, rebooting device, terminating FTP connection, rebooting device immediately at CLI, troubleshooting FTP connection, redisplaying entered-but-not-submitted uninstalling patch step by step,...
  • Page 166 rolling back login management Web login control, 62, configuration, 89, login management Web user logoff, ISSU software configuration, 1 12 server timer, 1 12 configuring authentication (FTP), rules (storage media naming), configuring authorization (FTP), running configuring FTP server, patch in one step, configuring FTP server basic parameters, patch state, configuring SSH server,...
  • Page 167 login management SNMP device access, storage media SNMPv3 management, login management SNMP device access, managing space, SNMPv3 settings configuration, naming rules, software STRING (CLI entering STRING type values), hotfix, switching non-ISSU upgrade, user privilege level, patch, user privilege level (higher), patch file, system patch state,...
  • Page 168 ISSU software configuration rollback, 1 12 login management Web login control, 62, ISSU software configuration rollback timer, 1 12 login management Web user logoff, ISSU to an incompatible version, 1 12 obtaining configuration file from TFTP server for automatic configuration, ISSU version compatibility display, 1 1 1 obtaining configuration through DHCP for...
  • Page 169 server login, software upgrade, 95, temperature software upgrade methods, device temperature alarm threshold, software without ISSU, 97, terminating FTP connection, upper-level view (returning to), text file content display, user TFTP configuring command levels, automatic configuration, configuring privilege level on user interface, automatic configuration networking, configuring privilege levels, automatic configuration work flow,...
  • Page 170 verifying device transceiver modules, 134, view CLI, interface, local user, public key code, system, user, user interface, VLAN, viewing command history buffer, history commands, VLAN view, displaying login management Web login, login management Web interface HTTP login, 46, login management Web interface HTTPS login, 47, login management Web interface login, 45, maintaining login management Web login,...

Table of Contents