HP 6125 Blade Switch Series Fundamentals Configuration Guide Part number: 5998-3153 Software version: Release 2103 Document version: 6W100-20120907...
Page 2
HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
Contents Using the CLI ································································································································································ 1 Logging in to the CLI ························································································································································· 1 Command conventions ····················································································································································· 1 Using the undo form of a command ······························································································································· 2 CLI views ············································································································································································ 2 Entering system view from user view ······················································································································ 3 ...
Page 4
Logging in through SSH ················································································································································ 40 Configuring the SSH server on the device ·········································································································· 40 Using the device as an SSH client to log in to the SSH server ········································································· 43 Modem dial-in through the console port ······················································································································ 43 ...
Page 5
Configuring basic parameters ····························································································································· 76 Configuring authentication and authorization ··································································································· 77 FTP server configuration example ························································································································ 78 Displaying and maintaining FTP ··································································································································· 80 Configuring TFTP ························································································································································ 81 Prerequisites ···································································································································································· 81 Using the device as a TFTP client ································································································································· 81 ...
Using the CLI At the command-line interface (CLI), you can enter text commands to configure, manage, and monitor your device. Figure 1 CLI example Logging in to the CLI You can log in to the CLI in a variety of ways. For example, you can log in through the console port, or by using Telnet or SSH.
Convention Description The argument or keyword and argument combination before the ampersand (&) sign can &<1-n> be entered 1 to n times. A line that starts with a pound (#) sign is comments. Command keywords are case insensitive. The following example analyzes the syntax of the clock datetime time date command according to Table Figure 2 Understanding command-line parameters For example, to set the system time to 10:30:20, February 23, 201 1, enter the following command line...
view to configure login user attributes, or create a local user and enter local user view to configure attributes for the local user. To display all commands available in a view, enter a question mark (?) at the view prompt. Figure 3 CLI view hierarchy Entering system view from user view Task...
Task Command Return to user view. return Accessing the CLI online help The CLI online help is context sensitive. You can enter a question mark at any point of a command to display all available options. To access the CLI online help, use one of the following methods: Enter a question mark at a view prompt to display the first keywords of all commands available in •...
ftp-server ftp-user Entering a command When you enter a command, you can use some keys or hotkeys to edit the command line, or use abbreviated keywords or keyword aliases. Editing a command line You can use the keys listed in Table 2 or the hotkeys listed in Table 3...
saved-configuration and system-view. To enter system view, you only need to enter sy. To set the configuration file to be used at the next startup, you can enter st s. You can also press Tab to have an incomplete keyword automatically completed. Configuring and using command keyword aliases The command keyword alias function allows you to replace the first keyword of a non-undo command or the second keyword of an undo command with your preferred keyword when you execute the command.
Page 13
Step Command Remarks By default: • Ctrl+G is assigned the display current-configuration command. hotkey { CTRL_G | CTRL_L | • Ctrl+L is assigned the display ip Configure hotkeys. CTRL_O | CTRL_T | CTRL_U } routing-table command. command • Ctrl+O is assigned the undo debugging all command.
Hotkey Function Esc+P Moves the cursor up one line. This hotkey is available before you press Enter. Esc+< Moves the cursor to the beginning of the clipboard. Esc+> Moves the cursor to the ending of the clipboard. Enabling redisplaying entered-but-not-submitted commands After you enable redisplaying entered-but-not-submitted commands: If you entered nothing at the command-line prompt before the system outputs system information •...
Using the command history function The system can automatically save successfully executed commands to the command history buffer for the current user interface. You can view them and execute them again, or set the maximum number of commands that can be saved in the command history buffer. A command is saved to the command history buffer in the exact format as it was entered.
Controlling the CLI output This section describes the CLI output control features that help you quickly identify the desired output. Pausing between screens of output If the output being displayed is more than will fit on one screen, the system automatically pauses after displaying a screen.
Page 17
Table 6 Special characters supported in a regular expression Character Meaning Remarks Starting sign. Matches a line that For example, regular expression "^user" matches a ^string starts with string. line beginning with "user", not "Auser". Ending sign. Matches a line that For example, regular expression "user$"...
Page 18
Character Meaning Remarks For example, [^16A] means to match a string containing any character except 1, 6 or A, and the Matches a single character not matching string can also contain 1, 6 or A, but contained within the brackets. cannot contain only these three characters.
# Use | include Vlan in the display ip routing-table command to filter in route entries that contain Vlan. <Sysname> display ip routing-table | include Vlan Routing Tables: Public Destination/Mask Proto Cost NextHop Interface 192.168.1.0/24 Direct 0 192.168.1.42 Vlan999 Configuring user privilege and command levels To avoid unauthorized access, the device defines the user privilege levels and command levels in Table 7.
Page 20
For more information about user login authentication, see "Logging in to the CLI." For more information about AAA and SSH, see Security Configuration Guide. Configuring a user privilege level for users by using the AAA module Step Command Remarks Enter system view. system-view user-interface { first-num1 Enter user interface view.
Page 21
[Sysname-luser-test] authorization-attribute level 3 Configuring the user privilege level directly on a user interface To configure the user privilege level directly on a user interface that uses the scheme authentication mode: Step Command Remarks Configure the authentication For more information, see Security Required only for SSH users who type for SSH users as Configuration Guide.
Page 22
ping Ping function quit Exit from current command view Establish one RSH connection ssh2 Establish a secure shell client connection super Set the current user priority level telnet Establish one TELNET connection tftp Open TFTP connection tracert Trace route function # Configure the device to perform no authentication for Telnet users, and to authorize authenticated Telnet users to use level-0 and level- 1 commands.
Switching the user privilege level Users can switch to a different user privilege level without logging out and terminating the current connection. After the privilege level switching, users can continue to manage the device without relogging in, but the commands they can execute have changed. For example, with the user privilege level 3, a user can configure system parameters.
Page 24
Step Command Remarks Enter system view. system-view Set the authentication mode Optional. super authentication-mode { local for user privilege level By default, local-only | scheme } * switching. authentication is used. Required for local authentication. By default, a privilege level has no Configure the password for a super password [ level user-level ] password.
User interface User privilege level Information required for Information required for the authentication switching the first authentication second authentication mode mode authentication mode mode Password configured on the device with the super local password command for the privilege level. Password for privilege level Password configured on the switching that is configured on device with the super...
Displaying and maintaining CLI Task Command Remarks Display the command keyword display command-alias [ | { begin | Available in any view alias configuration. exclude | include } regular-expression ] display clipboard [ | { begin | exclude | Display data in the clipboard. Available in any view include } regular-expression ]...
Login overview This chapter describes the available CLI login methods and their configuration procedures. Login methods at a glance You can access the device only through the console port at the first login, locally or remotely by using a pair of modems. After you log in to the device, you can configure other login methods, including Telnet and SSH, for remote access.
User interfaces The device uses user interfaces (also called "lines") to control CLI logins and monitor CLI sessions. You can configure access control settings, including authentication, user privilege, and login redirect on user interfaces. After users are logged in, their actions must be compliant with the settings on the user interfaces assigned to them.
Logging in to the CLI By default, the first time you access the CLI you must log in through the console port, locally or remotely by using a pair of modems. At the CLI, you can configure Telnet or SSH for remote access. Logging in through the console port for the first time To log in through the console port, make sure the console terminal has a terminal emulation program (for example, HyperTerminal in Windows XP).
Page 30
Figure 5 Connection description Figure 6 Specifying the serial port used to establish the connection...
Figure 7 Setting the properties of the serial port Power on the device and press Enter at the prompt. Figure 8 CLI At the default user view prompt <HP>, enter commands to configure the device or view the running status of the device. To get help, enter ?. Configuring console login control settings The following authentication modes are available for controlling console logins:...
None—Requires no authentication. This mode is insecure. • • Password—Requires password authentication. Scheme—Uses the AAA module to provide local or remote console login authentication. You must • provide a username and password for accessing the CLI. If the username or password configured on a remote server was lost, contact the server administrator for help.
The next time you attempt to log in through the console port, you do not need to provide any username or password, as shown in Figure Figure 9 Accessing the CLI through the console port without authentication Configuring password authentication for console login Step Command Remarks...
Figure 10 Password authentication interface for console login Configuring scheme authentication for console login Follow these guidelines when you configure scheme authentication for console login: To make the command authorization or command accounting function take effect, apply an • HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the authorization server and other authorization parameters.
Page 35
Step Command Remarks Optional. By default, command authorization is disabled. The commands available for a user only depend on the user privilege level. Enable command command authorization authorization. If command authorization is enabled, a command is available only if the user has the commensurate user privilege level and is authorized to use the command by the AAA scheme.
Step Command Remarks Set an authentication password { cipher | simple } By default, no password is set. password for the local user. password Specifies a command level Optional. authorization-attribute level level of the local user. By default, the command level is 0. Specify terminal service for By default, no service type is service-type terminal...
Page 37
Step Command Remarks Enter AUX user interface user-interface aux first-number view. [ last-number ] By default, the transmission rate is Configure the baud rate. speed speed-value 9600 bps. Configure the parity check The default setting is none, namely, parity { even | none | odd } mode.
Step Command Remarks Set the size of command By default, the buffer saves 10 history-command max-size value history buffer. history commands at most. The default idle-timeout is 10 minutes. The system automatically terminates the user's connection if there is no information interaction Set the idle-timeout timer.
username or password configured on a remote server was lost, contact the server administrator for help. Table 14 Configuration required for different Telnet login authentication modes Authentication Configuration tasks Reference mode "Configuring none Set the authentication mode to none for the VTY user None authentication for Telnet interface.
The next time you attempt to Telnet to the device, you do not need to provide any username or password, as shown in Figure 13. If the maximum number of login users has been reached, your login attempt fails and the message "All user interfaces are used, please try later!" appears. Figure 13 Telneting to the device without authentication Configuring password authentication for Telnet login Step...
Figure 14 Password authentication interface for Telnet login Configuring scheme authentication for Telnet login Follow these guidelines when you configure scheme authentication for Telnet login: To make the command authorization or command accounting function take effect, apply an • HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the authorization server and other authorization parameters.
Page 42
Step Command Remarks Optional. By default, command authorization is disabled. The commands available for a user only depend on the user privilege level. Enable command authorization. command authorization If command authorization is enabled, a command is available only if the user has the commensurate user privilege level and is authorized to use the command by the AAA scheme.
Step Command Remarks Create a local user and enter local-user user-name By default, no local user exists. local user view. password { cipher | simple } Set a password. By default, no password is set. password Specify the command level of Optional.
Page 44
Step Command Remarks Enter system view. system-view Enable copyright information By default, copyright information copyright-info enable display. display is enabled. Enter one or multiple VTY user user-interface vty first-number interface views. [ last-number ] Optional. Enable the terminal service. shell By default, terminal service is enabled.
Step Command Remarks Optional. By default, no automatically executed command is specified. The command auto-execute Specify a command to be function is typically used for auto-execute command automatically executed when a redirecting a Telnet user to a command user logs in to the user interfaces. specific host.
Setting the DSCP value for IP to use for outgoing Telnet packets Step Command Remarks Enter system view. system-view • On a Telnet client running IPv4: The default is as follows: telnet client dscp dscp-value • 16 for a Telnet client running IPv4. •...
Page 47
To make the command authorization or command accounting function take effect, apply an • HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the authorization server and other authorization parameters. • If the local authentication scheme is used, use the authorization-attribute level level command in local user view to set the user privilege level on the device.
Page 48
Step Command Remarks Optional. By default, command accounting is disabled. The accounting server does not record the commands executed by users. Command accounting allows the HWTACACS server to record all executed commands that are supported by the device, regardless of the command execution result.
Step Command Remarks ssh user username service-type Create an SSH user, and stelnet authentication-type specify the authentication { password | { any | mode for the SSH user. password-publickey | publickey } assign publickey keyname } Configure common settings "Configuring common settings Optional.
Table 16 Configuration required for different modem login authentication modes Authentication Configuration task Reference mode "Configuring none None Set the authentication mode to none for the AUX user interface. authentication for modem dial-in" "Configuring Enable password authentication on the AUX user interface. password Password authentication for...
Page 51
NOTE: The configuration commands and output vary by modem. For more information, see the modem user guide. To avoid data loss, verify that the speed of the console port is lower than the transmission rate of the modem, and the default parity check, stop bits, and data bits settings are used. Launch the terminal emulation program and create a connection by using the telephone number of the modem connected to the device.
Page 52
NOTE: On Windows Server 2003, you must add the HyperTerminal program first, and then log in to and manage the device as described in this document. On Windows Server 2008, Windows 7, Windows Vista, or some other operating system, obtain a third-party terminal control program first, and follow the user guide or online help of that program to log in to the device.
command. The connection is terminated if "OK" is displayed. You can also terminal the connection by clicking in the HyperTerminal window. IMPORTANT: Do not directly close the HyperTerminal. Doing so can cause some modems to stay in use, and your subsequent dial-in attempts will always fail.
Step Command Remarks Enter system view. system-view Enter one or more AUX user user-interface aux first-number interface views. [ last-number ] Enable password By default, no authentication is authentication-mode password authentication. performed for modem dial-in users. set authentication password Set a password. By default, no password is set.
Page 55
Step Command Remarks Enter system view. system-view Enter AUX user user-interface aux first-number interface view. [ last-number ] Whether local, RADIUS, or HWTACACS authentication is adopted depends on Enable scheme the configured AAA scheme. authentication-mode scheme authentication. By default, no authentication is performed for modem dial-in users.
Page 56
Step Command Remarks Optional. Enter the ISP domain view: domain domain-name By default, local authentication is used. Apply the specified AAA For local authentication, configure local scheme to the domain: user accounts. authentication default Apply an AAA For RADIUS or HWTACACS { hwtacacs-scheme authentication scheme authentication, configure the RADIUS or...
Figure 26 Scheme authentication interface for modem dial-in users Configuring common settings for modem dial-in (optional) CAUTION: To avoid packet loss, make sure the speed of the console port is lower than the transmission rate of the modem. Some common settings configured for an AUX user interface take effect immediately and can interrupt the login session.
Page 58
Step Command Remarks The default is 1. Configure the number of stop Stop bits indicate the end of a stopbits { 1 | 1.5 | 2 } bits. character. The more the bits, the slower the transmission. By default, the number of data bits in each character is 8.
Step Command Remarks The default idle-timeout is 10 minutes. The system automatically terminates the user's connection if there is no information interaction Set the idle-timeout timer. idle-timeout minutes [ seconds ] between the device and the user within the idle-timeout time. Setting idle-timeout to 0 disables the timer.
Logging in to the Web interface The device provides a built-in Web server for you to configure the device through a Web browser. Web login is by default disabled. To enable Web login, log in via the console port, and perform the following configuration tasks: Enable HTTP or HTTPS service.
Step Command Remarks Optional. By default, the HTTP service is not associated with any ACL. Associate the HTTP service ip http acl acl-number with an ACL. Associating the HTTP service with an ACL enables the device to allow only clients permitted by the ACL to access the device.
Page 62
Step Command Remarks By default, the HTTPS service is not associated with any SSL server policy, and the device uses a self-signed certificate for authentication. If you disable the HTTPS service, the system automatically de-associates the Associate the HTTPS ip https ssl-server-policy HTTPS service from the SSL service service with an SSL server policy-name...
Step Command Remarks By default, the HTTPS service is not associated with any ACL. Associate the HTTPS Associating the HTTPS service with an ip https acl acl-number service with an ACL. ACL enables the device to allow only clients permitted by the ACL to access the device.
Figure 27 Network diagram Configuration procedure Configure the device: # Create VLAN 999, and add GigabitEthernet 1/0/1 (the interface connected to the PC) to VLAN 999. <Sysname> system-view [Sysname] vlan 999 [Sysname-vlan999] port GigabitEthernet 1/0/1 [Sysname-vlan999] quit # Assign the IP address 192.168.0.58 and the subnet mask 255.255.255.0 to VLAN-interface 999.
Figure 28 Web login page # Enter the user name, password, verify code, select English, and click Login. The homepage appears. After login, you can configure device settings through the Web interface. HTTPS login configuration example Network requirements As shown in Figure 29, to prevent unauthorized users from accessing the device, configure the device as the HTTPS server and the host as the HTTPS client, and request a certificate for each of them.
Page 66
# Configure a PKI entity, configure the common name of the entity as http-server1, and the FQDN of the entity as ssl.security.com. <Device> system-view [Device] pki entity en [Device-pki-entity-en] common-name http-server1 [Device-pki-entity-en] fqdn ssl.security.com [Device-pki-entity-en] quit # Create a PKI domain, specify the trusted CA as new-ca, the URL of the server for certificate request as http://10.1.2.2/certsrv/mscep/mscep.dll, authority for certificate request as RA, and the entity for certificate request as en.
Page 67
# Create a local user named usera, set the password to 123, specify the Web service type, and specify the user privilege level 3. A level-3 user can perform all operations supported by the device. [Device] local-user usera [Device-luser-usera] password simple 123 [Device-luser-usera] service-type web [Device-luser-usera] authorization-attribute level 3 Configure the host (HTTPS client):...
Logging in through SNMP You can use an NMS to access the device MIB and perform GET and SET operations to manage and monitor the device. The device supports SNMPv1, SNMPv2c, and SNMPv3, and can work with various network management software products, including IMC. For more information about SNMP, see Network Management and Monitoring Configuration Guide.
NMS login example Network requirements Configure the device and the NMS so you can remotely manage the device through SNMPv3. Figure 31 Network diagram Configuration procedure Configure the device: # Assign an IP address to the device. Make sure the device and the NMS can reach each other. (Details not shown.) # Enter system view.
Controlling user logins To harden device security, use ACLs to prevent unauthorized logins. For more information about ACLs, see ACL and QoS Configuration Guide. Controlling Telnet logins Use a basic ACL (2000 to 2999) to filter Telnet traffic by source IP address. Use an advanced ACL (3000 to 3999) to filter Telnet traffic by source and/or destination IP address.
Step Command Remarks Exit advanced ACL view. quit user-interface [ type ] first-number Enter user interface view. [ last-number ] • inbound: Filters incoming Use the ACL to control user packets. acl [ ipv6 ] acl-number { inbound | logins by source and outbound } •...
Configuration procedure # Create ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit packets sourced from Host A. <Sysname> system-view [Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit # Associate the ACL with the SNMP community and the SNMP group.
Web login control configuration example Network requirements As shown in Figure 34, configure the device to allow only Web users from Host B to access. Figure 34 Network diagram Configuration procedure # Create ACL 2000, and configure rule 1 to permit packets sourced from Host B. <Sysname>...
Configuring FTP File Transfer Protocol (FTP) is an application layer protocol based on the client/server model. It is used to transfer files from one host to another over a TCP/IP network. FTP server uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959.
The ftp client source command setting applies to all FTP sessions. When you set up an FTP session by using the ftp or ftp ipv6 command, you can also specify a different source IP address for the FTP session. IMPORTANT: To avoid FTP connection failures, when you specify a source interface for FTP packets, make sure the interface has been assigned a primary IP address.
Step Command Remarks Enter system view. system-view • For IPv4: Set the DSCP value for ftp client dscp dscp-value The default is 0, whether the FTP IP to use for outgoing client is running IPv4 or IPv6. • For IPv6: FTP packets.
Task Command Remarks The ls command displays the name of a Query a directory or file on the directory or file only, while the dir ls [ remotefile [ localfile ] ] FTP server. command displays detailed information such as the file size and creation time. Delete the specified file on the delete remotefile FTP server permanently.
Task Command Remarks • disconnect Terminate the FTP connection without exiting FTP Use either command in FTP client view. client view. • close • Terminate the FTP connection and return to user Use either command in FTP view. client view. •...
Download the file newest.bin from the PC to the Flash root directory of the subordinate device (with • member ID of 2). [ftp] get newest.bin slot2#flash:/newest.bin # Set the transfer mode to ASCII and upload the configuration file config.cfg from the IRF fabric to the PC for backup.
Fast mode—The FTP server starts writing data to the Flash after a file is transferred to the memory. • This prevents the existing file on the FTP server from being corrupted in the event that anomaly, such as a power failure, occurs during a file transfer. •...
Step Command Remarks Enter system view. system-view Create a local user By default, no local user account authorized account and enter local-user user-name with the FTP service exists, and the system its view. does not support FTP anonymous user access. Set a password for password { simple | cipher } the user account.
Page 85
# Create a local user account abc, set its password to abc and the user privilege level to level 3 (the manage level), specify the Flash root directory of the master device as the authorized directory, and specify the service type as FTP. <Sysname>...
The specified file will be used as the main boot file at the next reboot on slot The specified file will be used as the main boot file at the next reboot on slot IMPORTANT: The system software image file used for the next startup and the startup configuration file must be saved in the Flash root directory.
Configuring TFTP Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for connection establishment and data transmission. In contrast to TCP-based FTP, TFTP requires no authentication or complex message exchanges, and is easier to deploy. TFTP supports the following transfer modes: Binary mode—Used to transfer image files, such as .app and .bin .btw files.
To configure the TFTP client: Step Command Remarks Enter system view. system-view Optional. Use an ACL to control the tftp-server [ ipv6 ] acl acl-number By default, no ACL is used for client's access to TFTP servers. access control. Optional. tftp client source { interface Specify a source IP address By default, the primary IP...
Page 89
Figure 39 Network diagram Configuration procedure This configuration procedure assumes that the PC and the IRF fabric can reach each other. Configure the PC (TFTP server): Enable the TFTP server. (Details not shown.) Configure a TFTP working directory. (Details not shown.) Configure the IRF fabric (TFTP client): # Examine the storage medium of the device for insufficiency or impairment.
Managing the file system This chapter describes how to manage the device's file system, including the storage media, directories and files. Storage medium naming rules A storage medium is named based on the following rules:If a storage medium is the only storage medium of its type on the device, it is named by its type.
Managing files CAUTION: To avoid file system corruption, do not plug or unplug storage media or perform active/standby switchover while the system is processing a file operation. You can display directory or file information; display file contents; rename, copy, move, remove, restore, and delete files.
Task Command Move a file. move fileurl-source fileurl-dest Deleting/restoring a file You can delete a file permanently or just move it to the recycle bin. A file moved to the recycle bin can be restored, but a file permanently deleted cannot. A file in the recycle bin occupies storage space.
Task Command Display the current working directory. Changing the current working directory Perform this task in user view. Task Command Change the current working directory. cd { directory | .. | / } Creating a directory Perform this task in user view. Task Command Create a directory.
Displaying and maintaining the NAND Flash memory The physical space of the NAND Flash memory is divided into multiple blocks, each of which is subdivided into multiple pages. The NAND Flash memory is erased on a block basis and read on a page basis;...
Setting the file system operation mode The file systems support the following operation modes: alert—The system warns you about operations that might cause problems such as file corruption • and data loss. To prevent incorrect operations, use the alert mode. quiet—The system does not prompt for any operation confirmation.
Managing configuration files You can manage configuration files at the CLI or by using the Boot menu of the device. This chapter describes the CLI approach. Overview A configuration file saves configurations as a set of text commands. You can save the running configuration to a configuration file so the configuration takes effect after you reboot the device.
Configuration file format and content IMPORTANT: To run on the device, a configuration file must meet the content and format requirements of the device. To avoid any configuration loading problem at startup, use a configuration file created on the device. If you edit the configuration file, make sure all edits are compliant with the requirements of the device.
Complete these tasks to save the current configuration: Task Remarks Optional. Enabling configuration file auto-update Perform this task to ensure configuration consistency across member devices. Saving configuration in Required. Enabling configuration file auto-update The configuration auto-update function enables all subordinate switches to automatically save the running configuration as the master does when you execute the save [ safely ] [ backup | main ] [ force ] command or the save filename all command.
Task Command Remarks The save command executed with only the file-url argument saves the Save the running configuration to a running configuration only to the configuration file without save file-url [ all | slot slot-number ] specified path, regardless of specifying the file as a next-startup whether the configuration configuration file.
Task Remarks Configuring configuration archive parameters Required. • Required. Enabling automatic configuration archiving • Manually archiving running configuration Use either approach. Performing configuration rollback Required. Configuring configuration archive parameters Before archiving the running configuration, either manually or automatically, you must configure a file directory and file name prefix for configuration archives.
Step Command Remarks Do not include member ID information in the directory name. By default, no path or file name prefix is set for configuration archives, and the system does not regularly save configuration. Configure the directory and archive configuration location IMPORTANT: file name prefix for archiving directory filename-prefix...
Manually archiving running configuration To save system resources, disable automatic configuration archiving and manually archive configuration if the configuration will not be changed very often. You can also manually archive configuration before performing complicated configuration tasks so you can use the archive for configuration recovery after the configuration attempt fails.
Specifying a configuration file for the next startup You can specify a .cfg configuration file as the main startup configuration file to be used at the next startup when you use the save command to save the running configuration to it. Alternatively, perform the following task in user view to specify the next-startup configuration file: Task Command...
You can delete the main, the backup, or both. If the main and backup next-startup configuration files are the same file, the system sets the attribute of the configuration file to NULL instead of deleting the file. You can permanently delete the file after its attribute changes to NULL. You may need to delete the next-startup configuration file for one of the following reasons: After you upgrade system software, the file does not match the new system software.
Page 105
Task Command Remarks display current-configuration [ [ configuration [ configuration ] | interface [ interface-type ] Display the running configuration. [ interface-number ] | exclude Available in any view. modules ] [ by-linenum ] [ | { begin | exclude | include } regular-expression ] ] display default-configuration [ | Display the factory defaults.
Upgrading software You can use the CLI or Boot menu to upgrade software. This chapter describes only the CLI approach to software upgrade. Upgrading software includes upgrading the BootWare (called "bootrom" in CLI) and system software. Each time the switch is powered on, it runs the BootWare image to initialize hardware and display hardware information, and then runs the system software image (called the "boot file"...
Upgrading method Software types Remarks Patches repair software defects without requiring a reboot or service interruption. Installing patches System software images Patches do not add new features to system software images. Use this method when the device cannot correctly start up. For information about this upgrading method, see the release notes for your switch.
Step Command Remarks Use FTP or TFTP to transfer the The image file must be saved in the system software image to the See "Configuring FTP" or root directory for a successful root directory of the master "Configuring TFTP." upgrade. device's storage media.
Step Command Remarks file patch-package: Specifies a Install a patch package file. patch install file patch-package patch package file name. Displaying and maintaining software upgrade Task Command Remarks display boot-loader [ slot slot-number ] Display information about system [ | { begin | exclude | include } Available in any view.
File will be transferred in binary mode Downloading file from remote TFTP server, please wait..TFTP: 917 bytes received in 1 second(s) File downloaded successfully. # Download new-config.cfg to the subordinate switch. <IRF> tftp 2.2.2.2 get new-config.cfg slot2#flash:/new-config.cfg # Download soft-version2.bin from the TFTP server to both member switches. <IRF>...
Page 111
Figure 42 Network diagram Master Subordinate (Member_ID=1) (Member_ID=2) 2.2.2.2/24 Internet TFTP server 1.1.1.1/24 Note: The orange line represents the IRF link. Configuration procedure Configure the TFTP server: # Enable the TFTP server function. (Details not shown.) # Save the patch package file patch_package.bin to the working directory of TFTP server. (Details not shown.) Configure the IRF fabric: # Use the save command to save the current system configuration.
Managing the device Device management includes monitoring the operating status of devices and configuring their running parameters. The configuration tasks in this document are order independent. You can perform these tasks in any order. Configuring the device name A device name identifies a device in a network and works as the user view prompt at the CLI. For example, if the device name is Sysname, the user view prompt is <Sysname>.
Page 113
Command Effective system time Configuration example System time clock timezone 03:00:00 zone-time Sat zone-time add 1 2, 1 date-time 03/03/2007. clock datetime 3:00 2007/3/3 The original system time outside the daylight saving time range: clock summer-time ss 01:00:00 UTC Sat one-off 1:00 The system time does not 01/01/2005.
Page 114
Command Effective system time Configuration example System time clock summer-time ss date-time – summer-offset one-off 1:00 outside the daylight 23:30:00 UTC Sun 2007/1/1 1:00 saving time range: 2007/8/8 2 12/31/2006. 3, 1 clock datetime 1:30 date-time – summer-offset 2007/1/1 (date-time in the daylight saving time clock summer-time ss date-time –...
You can disable or enable the function as needed. The following is a sample copyright statement: ****************************************************************************** * Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P. * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.
Step Command Remarks Enter system view. system-view Enable displaying the copyright-info enable Enabled by default. copyright statement. Configuring banners Banners are messages that the system displays during user login. The system supports the following banners: Legal banner—Appears after the copyright or license statement. To continue login, the user must •...
Have a nice day. Please input the password.A Method 3—After you type the last keyword, type the start delimiter and part of the banner message and press Enter. At the system prompt, enter the rest of the banner and end the last line with a delimiter that is the same as the start delimiter.
CAUTION: A reboot can interrupt network services. • To avoid data loss, use the save command to save the current configuration before a reboot. • Use the display startup and display boot-loader commands to verify that you have correctly set the •...
Scheduling jobs You can schedule a job to automatically run a command or a set of commands without administrative interference. The commands in a job are polled every minute. When the scheduled time for a command is reached, the job automatically executes the command. If a confirmation is required while the command is running, the system automatically inputs Y or Yes.
In the modular approach: • Every job can have only one view and up to 10 commands. If you specify multiple views, the one specified the last takes effect. Input a view name in its complete form. Most commonly used view names include monitor for user view, system for system view, GigabitEthernet x/x/x, and Ten-GigabitEthernet x/x/x for Ethernet interface view, and Vlan-interfacex for VLAN interface view.
Step Command Remarks • Configure a command to run at a specific time and date: time time-id at time date command command • Configure a command to run at a Use any of the commands. specific time: NOTE: time time-id { one-off | repeating } Add commands to the job.
Verifying and diagnosing transceiver modules Support for the pluggable transceivers and the transceiver type depends on the device model. Verifying transceiver modules You can verify the genuineness of a transceiver module in the following ways: Display the key parameters of a transceiver module, including its transceiver type, connector type, •...
Page 123
Task Command Remarks Display system version display version [ | { begin | exclude | Available in any view information. include } regular-expression ] display clock [ | { begin | exclude | Display the system time and date. Available in any view include } regular-expression ] display diagnostic-information [ | Display or save operating statistics...
Page 124
Task Command Remarks Clear the system software version reset version-update-record Available in system view update history of the device.
Automatic configuration Automatic configuration enables a device without any configuration file to automatically obtain and execute a configuration file during startup. Automatic configuration simplifies network configuration, facilitates centralized management, and reduces maintenance workload. To implement automatic configuration, the network administrator saves configuration files on a server and a device automatically obtains and executes a specific configuration file.
How automatic configuration works Automatic configuration works in the following manner: During startup, the device sets the first up interface (if up Layer 2 Ethernet ports exist, the VLAN interface of the default VLAN of the Ethernet ports is selected as the first up interface.) as the DHCP client to request parameters from the DHCP server, such as an IP address and name of a TFTP server, IP address of a DNS server, and the configuration file name.
Using DHCP to obtain an IP address and other configuration information Address acquisition process As previously mentioned, a device sets the first up interface as the DHCP client during startup. The DHCP client broadcasts a DHCP request, where the Option 55 field specifies the information that the client wants to obtain from the DHCP server such as the configuration file name, domain name and IP address of the TFTP server, and DNS server IP address.
To configure static address pools, you must obtain corresponding client IDs. To obtain a device's client ID, use the display dhcp server ip-in-use command to display address binding information on the DHCP server after the device obtains its IP address through DHCP. Obtaining the configuration file from the TFTP server A device can obtain the following files from the TFTP server during automatic configuration: Configuration file specified by the Option 67 or file field in the DHCP response.
Obtaining the configuration file Figure 45 Obtaining the configuration file A device obtains its configuration file by using the following workflow: • If the DHCP response contains the configuration file name, the device requests the specified configuration file from the TFTP server. If not, the device tries to get its host name from the host name file obtained from the TFTP server.
If the IP address and the domain name of the TFTP server are not contained in the DHCP response • or they are illegitimate, the device broadcasts a TFTP request. After broadcasting a TFTP request, the device selects the TFTP server that responds first to obtain the configuration file.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.com/support Before contacting HP, collect the following information: Product model names and numbers • • Technical support registration number (if applicable) Product serial numbers •...
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 133
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Index A B C D E F H I L M N O P R S T U V Enabling displaying the copyright statement,109 Entering a command,5 Accessing the CLI online help,4 File name formats,84 Backing up the next-startup configuration file to a TFTP File system management examples,89 server,97...
Page 135
Saving the running configuration,91 Understanding command-line error messages,8 Saving the running configuration,19 Upgrading BootWare,101 Scheduling jobs,1 13 Upgrading the entire system software,101 Setting the file system operation mode,89 User interfaces,22 Software upgrade examples,103 Using the command history function,9 Software upgrade methods,100 Using the device as a TFTP client,81...