HP 12500 Routing Switch Series
Fundamentals
Part number: 5998-3407
Software version: 12500-CMW710-R7128
Document version: 6W710-20121130

Advertising

   Related Manuals for HP 12500

   Summary of Contents for HP 12500

  • Page 1: Configuration Guide

    HP 12500 Routing Switch Series Fundamentals Configuration Guide Part number: 5998-3407 Software version: 12500-CMW710-R7128 Document version: 6W710-20121130...

  • Page 2

    The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Contents Using the CLI ································································································································································ 1   CLI views ············································································································································································ 1   Entering system view from user view ······················································································································ 2   Returning to the upper-level view from any view ·································································································· 2   Returning to user view ·············································································································································· 3   Accessing the CLI online help ·········································································································································· 3  ...

  • Page 4: Table Of Contents

    RBAC configuration example for RADIUS authentication users ················································································ 27   Network requirements ··········································································································································· 27   Configuration procedure ······································································································································ 28   Verifying the configuration ··································································································································· 29   RBAC configuration example for HWTACACS authentication users ······································································· 30   Network requirements ··········································································································································· 30  ...

  • Page 5: Table Of Contents

    Displaying and maintaining the FTP server ········································································································ 65   FTP server configuration example in standalone mode ····················································································· 65   FTP server configuration example in IRF mode ·································································································· 67   Using the device as an FTP client ································································································································· 68   Establishing an FTP connection ···························································································································· 68  ...

  • Page 6: Table Of Contents

    Configuring configuration archive parameters ·································································································· 91   Enabling automatic configuration archiving ······································································································· 92   Manually archiving the running configuration ··································································································· 93   Performing a configuration rollback ···················································································································· 93   Specifying a next-startup configuration file ················································································································· 94   Backing up the main next-startup configuration file to a TFTP server ······································································· 94  ...

  • Page 7: Table Of Contents

    HTTP feature upgrade to an incompatible version ·························································································· 136   HTTP feature rollback example ·························································································································· 139   Performing an ISSU by using install series commands ························································································· 144   Performing an ISSU ······················································································································································ 144   Obtaining the software images issued in an IPE file ······················································································· 144  ...

  • Page 8: Table Of Contents

    Configuration guidelines ···································································································································· 178   Configuration procedure ···································································································································· 178   Schedule configuration example ······················································································································· 180   Performing power supply management ····················································································································· 183   Enabling power supply management ················································································································ 183   Powering on/off a card ······································································································································ 184   Re-assigning IDs to AC power supplies ············································································································ 185  ...

  • Page 9: Using The Cli

    Using the CLI At the command-line interface (CLI), you can enter text commands to configure, manage, and monitor your device. Figure 1 CLI example You can log in to the CLI in a variety of ways. For example, you can log in through the console port, or by using Telnet or SSH.

  • Page 10: Entering System View From User View

    Figure 2 CLI views You are placed in user view immediately after you are logged in to the CLI. The user view prompt is <Device-name>, where Device-name indicates the device name, defaults to Sysname, and can be changed by using the sysname command. In user view, you can perform basic operations including display, debug, file management, FTP, Telnet, clock setting, and reboot.

  • Page 11: Returning To User View

    Returning to user view You can return directly to user view from any other view by using the return command or pressing Ctrl+Z, instead of using the quit command multiple times. To return directly to user view from any other view: Task Command Return directly to user view.

  • Page 12: Using The Undo Form Of A Command

    format free <Sysname> display ftp? ftp-server ftp-user Using the undo form of a command Most configuration commands have an undo form for canceling a configuration, restoring the default, or disabling a feature. For example, the info-center enable command enables the information center, and the undo info-center enable command disables the information center.

  • Page 13: Entering A String Or Text Type Value For An Argument

    Entering a string or text type value for an argument Generally, a string type argument value can contain any printable character (in the ASCII code range of 32 to 126) other than the question mark (?), quotation mark ("), backward slash (\), and space, and a text type argument value can contain any printable character other than the question mark.

  • Page 14: Configuring And Using Command Hotkeys

    Configuring and using command hotkeys To facilitate CLI operation, the system defines the hotkeys shown in Table 2 and provides five configurable command hotkeys. Pressing a command hotkey is the same as entering a command. If a hotkey is also defined by the terminal software that you are using to interact with the device, the definition of the terminal software takes effect.

  • Page 15: Enabling Redisplaying Entered-but-not-submitted Commands

    Hotkey Function Esc+B Moves the cursor back one word. Esc+D Deletes all characters from the cursor to the end of the word. Esc+F Moves the cursor forward one word. Esc+N Moves the cursor down one line. This hotkey is available before you press Enter. Esc+P Moves the cursor up one line.

  • Page 16: Using The Command History Function

    Using the command history function The system automatically saves commands successfully executed by a login user to two command history buffers: the command history buffer for the user interface and the command history buffer for all user interfaces. Table 4 compares these two types of command history buffers.

  • Page 17: Pausing Between Screens Of Output

    Pausing between screens of output If the output being displayed is more than will fit on one screen, the system automatically pauses after displaying a screen. You can use the keys described in "Output controlling keys" to display more information or stop the display. By default, up to 24 lines can be displayed on a screen.

  • Page 18: Filtering The Output From A Display Command

    VLAN type: Static Route interface: Configured IP address: 10.1.1.125 Subnet mask: 255.255.255.0 Description: VLAN 0100 Name: VLAN 0100 Tagged ports: None Untagged ports: GigabitEthernet7/0/1 Filtering the output from a display command You can use the | { begin | exclude | include } regular-expression option to filter the display command output: begin—Displays the first line matching the specified regular expression and all subsequent lines.

  • Page 19

    Characters Meaning Examples "[16A]" matches a string containing 1, 6, or A; "[1-36A]" matches a string containing 1, 2, 3, 6, or A (- is a hyphen). Matches a single character in the brackets. To match the character "]", put it immediately after "[", for example, []abc].

  • Page 20: Saving The Output From A Display Command To A File

    user-role network-operator user-interface con 0 1 user-role network-admin user-interface vty 0 15 authentication-mode scheme user-role network-operator ssh server enable return # Use | exclude Direct in the display ip routing-table command to filter out direct routes and display only the non-direct routes. <Sysname>...

  • Page 21: Viewing And Managing The Output From A Display Command Effectively

    <Sysname> display vlan 1 > vlan.txt # Verify whether the VLAN 1 settings are saved to file vlan.txt. <Sysname> more vlan.txt VLAN ID: 1 VLAN type: Static Route interface: Not configured Description: VLAN 0001 Name: VLAN 0001 Tagged ports: None Untagged ports: GigabitEthernet3/0/2 # Append the VLAN 999 settings to the end of file vlan.txt.

  • Page 22: Saving The Running Configuration

    Task Command View and manage the output from a display command [ | [ by-linenum ] { begin | exclude | include } display command effectively. regular-expression ] [ > filename | >> filename ] For example: # Save the running configuration to a separate file named test.txt, with each line numbered. <Sysname>...

  • Page 23: Configuring Rbac

    Configuring RBAC Role based access control (RBAC) controls user access to commands and resources based on user role. This chapter describes the basic idea of RBAC and guides you through the RBAC configuration procedure. Overview On devices that support multiple users, RBAC is used to assign command and resource access permissions to user roles that are created for different job functions.

  • Page 24

    A user role can have multiple rules uniquely identified by rule numbers. The set of permitted commands in these rules are accessible to the user role. If two rules conflict, the one with higher number takes effect. For example, if rule 1 permits the ping command, rule 2 permits the tracert command, and rule 3 denies the ping command, the user role can use the tracert command but not the ping command.

  • Page 25: Assigning User Roles

    User role name Permissions • level-0—Has access to diagnostic commands, including ping and tracert. Level-0 access rights are configurable. • level-1—Has access to the display commands (except display history-command all) of all features and resources in the system, in addition to all access rights of the user role level-0. Level- 1 access rights are configurable.

  • Page 26: Creating User Roles

    Tasks at a glance (Required.) Configuring user role rules (Optional.) Configuring feature groups (Optional.) Changing resource access policies (Optional.) Assigning user roles (Optional.) Configuring user role switching Creating user roles In addition to the predefined user roles, you can create up to 64 custom user roles for granular access control.

  • Page 27: Configuring Feature Groups

    Step Command Remarks Enter user role view. role name role-name Configure at least one command. By default, a user-defined user role • Configure a command rule: has no rules or access to any rule number { deny | permit } command.

  • Page 28: Changing Resource Access Policies

    Changing resource access policies Every user role has one interface policy, VLAN policy, and VPN instance policy. By default, these policies permit user roles to access any interface, VLAN, and VPN. You can change the policies of user-defined user roles and the predefined level-n user roles to limit their access to interfaces, VLANs, and VPNs. A changed policy takes effect only on users that are logged in with the user role after the change.

  • Page 29

    Step Command Remarks By default, the VPN policies of user roles permit access to all VPNs. Enter user role VPN vpn-instance policy deny instance policy view. This command disables the access of the user role to any VPN. By default, no accessible VPNs are (Optional.) Specify a list of configured.

  • Page 30: Assigning User Roles To Non-aaa Authentication Users On User Interfaces

    Step Command Remarks Create a local user and local-user user-name class enter local user view. { manage | network } Repeat this step to assign the user to up to 64 user roles. By default, network-operator is Authorize the user to have a authorization-attribute user-role assigned to local users created by a user role.

  • Page 31: Configuring User Role Switching

    Step Command Remarks Repeat this step to specify up to 64 user roles on a user interface. By default: • Network-admin is specified on the console user interface for default-MDC login users, and network-operator is specified on any other user interface for Specify a user role on the user-role role-name default-MDC login users.

  • Page 32: Configuring User Role Switching Authentication

    Table 7 Authentication modes for user role switching Keywords Authentication mode Description Local password The device uses the locally configured switching password for local authentication only authentication. (local-only) The device sends the username and password to the HWTACACS or RADIUS server for remote authentication. To use this mode, you must perform the following configuration tasks: Remote AAA authentication...

  • Page 33: Displaying Rbac Settings

    Task Command Remarks The user role switching fails after three consecutive Switch the user role. super [ rolename] unsuccessful password attempts. Displaying RBAC settings Execute display commands in any view. Task Command Display user role information. display role [ name role-name ] Display user role feature display role feature [ name feature-name | verbose ] information.

  • Page 34: Verifying The Configuration

    [Switch] user-interface vty 0 15 [Switch-ui-vty0-15] authentication-mode scheme [Switch-ui-vty0-15] quit # Enable local authentication and authorization for the ISP domain bbb. [Switch] domain bbb [Switch-isp-bbb] authentication login local [Switch-isp-bbb] authorization login local [Switch-isp-bbb] quit # Create the user role role1. [Switch] role name role1 # Configure rule 1 to permit the user role to access read commands of all features.

  • Page 35: Rbac Configuration Example For Radius Authentication Users

    [Switch] display ? Specify ACL configuration information adjacent-table Display adjacent information alarm Display alarm information archive Display archive information ARP module BFD module Border Gateway Protocol(BGP) boot-loader Display boot-loader ---- More ---- # Verify that you cannot use the write or execute commands of any feature. <Switch>...

  • Page 36: Configuration Procedure

    Configuration procedure Make sure that the settings on the switch and the RADIUS server match. Configure the switch: # Assign VLAN interface 2 an IP address from the same subnet as the Telnet user. <Switch> system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Assign VLAN interface 3 an IP address from the same subnet as the RADIUS server.

  • Page 37

    [Switch-role-role2] rule 1 permit command system-view ; domain * # Configure rule 2 to permit the user role to use read and write commands of all features in fgroup1. [Switch-role-role2] rule 2 permit read write feature-group fgroup1 # Configure rule 3 to disable access to the read commands of the acl feature. [Switch-role-role2] rule 3 deny read feature acl # Configure rule 4 to permit the user role to create VLANs and use all commands available in VLAN view.

  • Page 38: Rbac Configuration Example For Hwtacacs Authentication Users

    # Verify that you cannot configure any VLAN except VLANs 1 to 20. Take VLAN 10 and VLAN 30 as examples. [Switch] vlan 10 [Switch-vlan10] quit [Switch] vlan 30 Permission denied. # Verify that you cannot configure any interface except GigabitEthernet 3/0/1 to GigabitEthernet 3/0/24.

  • Page 39

    # Assign an IP address to VLAN-interface 3, the interface connected to the HWTACACS server. [Switch] interface vlan-interface 3 [Switch-Vlan-interface3] ip address 10.1.1.2 255.255.255.0 [Switch-Vlan-interface3] quit # Enable Telnet server. [Switch] telnet server enable # Enable scheme authentication on the user interfaces for Telnet users. [Switch] user-interface vty 0 15 [Switch-ui-vty0-15] authentication-mode scheme [Switch-ui-vty0-15] quit...

  • Page 40

    Select Level 3 for the Max Privilege for any AAA Client option. Select the Use separate password option, and specify enabpass as the password. Figure 6 Configuring advanced TACACS+ settings Verifying the configuration Telnet to the switch, and enter the username test@bbb and password aabbcc to access the user interface.

  • Page 41: Troubleshooting Rbac

    <Switch>? User view commands: display Display current system information ping Ping function quit Exit from current command view ssh2 Establish a secure shell client connection super Switch to a user role system-view Enter the System View telnet Establish a telnet connection tracert Tracert function <Switch>...

  • Page 42: Login Attempts By Radius Users Always Fail

    Login attempts by RADIUS users always fail Symptom Attempts by a RADIUS user to log in to the network access device always fail, even though the network access device and the RADIUS server can communicate with one another and all AAA settings are correct.

  • Page 43: Login Overview

    Login overview The first time you access the device, you can only log in to the CLI of the default MDC through the console port. After login, you can create non-default MDCs, change console login parameters, or configure other login methods including console login, AUX login, Telnet login, SSH login, and SNMP access.

  • Page 44

    Login method Default settings and minimum configuration requirements By default, SNMP access is disabled. To access the device through SNMP, complete the following configuration tasks: Accessing the device through SNMP • Assign an IP address to a Layer 3 interface, and make sure the interface and the NMS can reach each other.

  • Page 45: Logging In Through The Console Port For The First Device Access

    Logging in through the console port for the first device access The first time you access the device, you can only log in to the CLI through the console port. To log in through the console port, prepare a console terminal (for example, a PC) and make sure the console terminal has a terminal emulation program, for example, HyperTerminal in Windows XP.

  • Page 46

    Figure 8 Creating a connection Figure 9 Specifying the serial port used to establish the connection...

  • Page 47

    Figure 10 Setting the properties of the serial port Power on the device and press Enter as prompted. Figure 11 Device CLI At the default user view prompt <HP>, enter commands to configure the device or view the running status of the device. To get help, enter ?.

  • Page 48: Logging In To The Cli

    Logging in to the CLI By default, you can log in to the CLI only through the console port. To facilitate device management, you can log in to the device through the console port and configure other login methods, including Telnet, SSH, and AUX.

  • Page 49: Login Authentication Modes

    interfaces. You can use the display user-interface command without any parameters to view supported user interfaces and their absolute numbers. A relative number uniquely identifies a user interface among all user interfaces that are the same type. The number format is user interface type + number. The console and AUX user interfaces corresponding to the console and AUX ports on the MPU in slot 0 are CON 0 and AUX 0.

  • Page 50: Logging In Through The Console/aux Port Locally

    Logging in through the console/AUX port locally You can connect a terminal to the console or AUX port of the device to log in and manage the device, as shown in Figure 12. For the login procedure, see "Logging in through the console port for the first device access."...

  • Page 51: Configuring Password Authentication For Console/aux Login

    The next time you attempt to log in through the console or AUX port, you do not need to provide any username or password, as shown in Figure 13 Figure Figure 13 Accessing the CLI through the console port without authentication Figure 14 Accessing the CLI through the AUX port without authentication Configuring password authentication for console/AUX login Step...

  • Page 52: Configuring Scheme Authentication For Console/aux Login

    Step Command Remarks The default is as follows: • network-admin for a console user interface user of the default MDC. Assign a user role. user-role role-name • network-operator for an AUX user interface user of the default MDC. Non-default MDCs do not support console or AUX login.

  • Page 53: Configuring Common Console/aux User Interface Settings

    Step Command Remarks Enter console/AUX user-interface { aux | console } user interface view. first-number [ last-number ] By default, the authentication mode is none Enable scheme authentication-mode scheme for the console user interface and authentication. password for the AUX user interface. To use scheme authentication, you must also configure login authentication methods in ISP domain view.

  • Page 54

    To log in through the console/AUX port after the configuration is complete, change the terminal settings on the configuration terminal to match the console/AUX port settings on the device. To configure common settings for a console/AUX user interface: Step Command Remarks Enter system view.

  • Page 55: Logging In Through Telnet

    Step Command Remarks The default is 10 minutes. If there is no interaction between the device and the user within the session idle-timeout interval, the system idle-timeout minutes [ seconds ] idle-timeout timer. automatically terminates the user connection on the user interface. If you set the idle-timeout timer to 0, the session will never be aged out.

  • Page 56

    The next time you attempt to Telnet to the device, you do not need to provide any username or password, as shown in Figure 19. If the maximum number of login users has been reached, your login attempt fails and the message "All user interfaces are used, please try later!" appears. Figure 19 Telnetting to the device without authentication Configuring password authentication for Telnet login Step...

  • Page 57

    Figure 20 Password authentication interface for Telnet login Configuring scheme authentication for Telnet login Step Command Remarks Enter system view. system-view By default, the Telnet server function is Enable Telnet server. telnet server enable disabled. Enter one or multiple VTY user-interface vty first-number user interface views.

  • Page 58

    Figure 21 Scheme authentication interface for Telnet login Configuring common VTY user interface settings For a VTY user interface, you can specify a command that is to be automatically executed when a user logs in. After executing the specified command and performing the incurred task, the system automatically disconnects the Telnet session.

  • Page 59: Using The Device To Log In To A Telnet Server

    Step Command Remarks By default, up to 24 lines is displayed on a maximum screen. number of lines to be screen-length screen-length displayed on a screen. A value of 0 disables the function. size history-command max-size By default, the buffer saves 10 history command history value...

  • Page 60: Logging In Through Ssh

    Step Command Remarks • Log in to an IPv4 Telnet server: telnet remote-host [ service-port ] [ vpn-instance vpn-instance-name ] [ source { interface interface-type interface-number | ip ip-address } ] Use the device to log in to Use either command. a Telnet server.

  • Page 61: Using The Device To Log In To An Ssh Server

    Step Command Remarks By default, Telnet and SSH are supported. (Optional.) Specify The device does not support the pad keyword. the protocols for the protocol inbound { all | pad | This configuration is effective only for users user interfaces ssh | telnet } who log in to the user interfaces after the support.

  • Page 62

    Task Command Remarks Display the source IPv4 address or interface configured for the device display telnet client to use for outgoing Telnet packets when serving as a Telnet client. Multiple users can log in to the device to simultaneously configure the device. When necessary, you can execute this free user-interface { num1 | { aux | Release a user interface.

  • Page 63: Accessing The Device Through Snmp

    Accessing the device through SNMP You can run SNMP on an NMS to access the device MIB and perform GET and SET operations to manage and monitor the device. Figure 24 SNMP access diagram Get/Set requests Get/Set responses Agent and Traps The device supports SNMPv1, SNMPv2c, and SNMPv3, and can work with various network management software products, including IMC.

  • Page 64: Configuring Snmpv1 Or Snmpv2c Access

    Step Command Remarks snmp-agent usm-user v3 user-name group-name [ remote { ip-address | ipv6 ipv6-address } [ vpn-instance To send informs to an SNMPv3 Create vpn-instance-name ] ] [ { cipher | simple } NMS, you must use the remote SNMPv3 user.

  • Page 65: Controlling User Access

    Controlling user access Use ACLs to prevent unauthorized access and configure command authorization and accounting to monitor and control user behaviors. For more information about ACLs, see ACL and QoS Configuration Guide. Controlling Telnet/SSH logins Use basic ACLs (2000 to 2999) to filter Telnet and SSH logins by source IP address. Use advanced ACLs (3000 to 3999) to filter Telnet and SSH logins by source and/or destination IP address.

  • Page 66: Controlling Snmp Access

    Figure 25 Network diagram Configuration procedure # Configure an ACL to permit packets sourced from Host A and Host B. <Sysname> system-view [Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit # Apply the ACL to filter Telnet logins.

  • Page 67: Configuration Example

    Step Command Remarks • SNMP community: snmp-agent community { read | write } community-name [ mib-view view-name ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * • SNMPv1/v2c group: snmp-agent group { v1 | v2c } group-name [ read-view view-name ] [ write-view view-name ] [ notify-view view-name ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * •...

  • Page 68: Configuring Command Authorization

    [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit # Associate the ACL with the SNMP community and the SNMP group. [Sysname] snmp-agent community read aaa acl 2000 [Sysname] snmp-agent group v2c groupa acl 2000 [Sysname] snmp-agent usm-user v2c usera groupa acl 2000 Configuring command authorization By default, commands are available for a user depending only on that user's user roles.

  • Page 69

    Figure 27 Network diagram Configuration procedure # Assign IP addresses to relevant interfaces and make sure the device and the HWTACACS server can reach each other and the device and Host A can reach each other. (Details not shown.) # Enable the Telnet server. <Device>...

  • Page 70: Configuring Command Accounting

    [Device-luser-manage-monitor] service-type telnet [Device-luser-manage-monitor] authorization-attribute level 1 Configuring command accounting Command accounting allows the HWTACACS server to record all executed commands that are supported by the device, regardless of the command execution result. This function helps control and monitor user behaviors on the device. When command accounting is disabled, the accounting server does not record the commands executed by users.

  • Page 71

    Figure 28 Network diagram Configuration procedure # Enable the Telnet server. <Device> system-view [Device] telnet server enable # Enable command accounting for user interface Console 0. [Device] user-interface console 0 [Device-ui-console0] command accounting [Device-ui-console0] quit # Enable command accounting for user interfaces VTY 0 through VTY 15. [Device] user-interface vty 0 15 [Device-ui-vty0-15] command accounting [Device-ui-vty0-15] quit...

  • Page 72: Configuring Ftp

    Configuring FTP File Transfer Protocol (FTP) is an application layer protocol based on the client/server model. It is used to transfer files from one host to another over an IP network. FTP server uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959.

  • Page 73: Configuring Authentication And Authorization

    Configuring authentication and authorization Perform this task on the FTP server to authenticate FTP clients and set the authorized directories that authenticated clients can access. The following authentication modes are available: • Local authentication—The device looks up the client's username and password in the local user account database.

  • Page 74

    Figure 30 Network diagram Configuration procedure Configure IP addresses as shown in Figure 30, and make sure the device and PC can reach other. (Details not shown.) Configure the device (FTP server): # Create a local user account abc, set the password to 123456, the user role to network-admin, the working directory to the Flash root directory of the active MPU, and the service type to FTP.

  • Page 75: Ftp Server Configuration Example In Irf Mode

    User(1.1.1.1:(none)):abc 331 Password required for abc. Password: 230 User logged in. # Use the ASCII mode to download the configuration file startup.cfg from the device to the PC for backup. ftp> ascii 200 TYPE is ASCII ftp> get startup.cfg back-startup.cfg # Use the binary mode to upload the file temp.bin from the PC to the Flash root directory of the active MPU.

  • Page 76: Using The Device As An Ftp Client

    <Sysname> system-view [Sysname] local-user abc class manage [Sysname-luser-manage-abc] password simple 123456 [Sysname-luser-manage-abc] authorization-attribute work-directory flash:/ [Sysname-luser-manage-abc] authorization-attribute user-role network-admin [Sysname-luser-manage-abc] service-type ftp [Sysname-luser-manage-abc] quit // To set the working directory to the Flash root directory of one of the IRF fabric's standby MPU, replace flash:/ in the authorization-attribute command with, for example, chassis2#slot1#flash:/.

  • Page 77

    Step Command Remarks Enter system view. system-view By default, no source IP (Optional.) Specify a source address is specified, and the ftp client source { interface interface-type IP address for outgoing FTP primary IP address of the interface-number | ip source-ip-address } packets.

  • Page 78: Managing Directories On The Ftp Server

    Managing directories on the FTP server Task Command • Display the detailed information of a directory or file on the FTP server: dir [ remotefile [ localfile ] ] Display directory and file information on the FTP server. • Display the name of a directory or file on the FTP server: ls [ remotefile [ localfile ] ] Change the working directory on the FTP server.

  • Page 79: Switching To Another User Account

    Task Command Remarks Set the file transfer mode to binary The default file transfer mode is ASCII. binary. Set the FTP operation mode to passive The default mode is passive. passive. Display or change the local working directory of the FTP lcd [ directory | / ] client.

  • Page 80: Terminating The Ftp Connection

    Task Command Remarks Display the system information of the FTP system server. Enable or disable FTP operation verbose By default, this function is enabled. information display. By default, FTP client debugging is Enable or disable FTP client debugging. debug disabled. Clear the reply information in the buffer.

  • Page 81

    Download the file temp.bin from the PC to the device, and upload the configuration file startup.cfg • from the device to the PC for backup. Figure 32 Network diagram Configuration procedure # Configure IP addresses as shown in Figure 32 and make sure the device and PC can reach each other.

  • Page 82: Ftp Client Configuration Example In Irf Mode

    221 Windows FTP Server (WFTPD, by Texas Imperial Software) says goodbye <Sysname> FTP client configuration example in IRF mode Network requirements Use the IRF fabric that comprises two member devices as the FTP client and the PC as the FTP server. •...

  • Page 83

    439291 bytes received in 1.08 seconds (395.6 kbyte/s) # Download the file temp.bin from the PC to the Flash root directory of the IRF fabric's standby MPUs. (In this example the IRF fabric has three standby MPUs: one in slot 1 of member device 1, one in slot 0 of member device 2, and one in slot 1 of member device 2.) ftp>...

  • Page 84: Configuring Tftp

    Configuring TFTP Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for data transmission. In contrast to TCP-based FTP, TFTP requires no authentication or complex message exchanges, and is easier to deploy. TFTP is suited for reliable network environments.

  • Page 85

    Step Command Remarks Enter system view. system-view (Optional.) Use an ACL to By default, no ACL is used for access control the client's access to tftp-server ipv6 acl acl-number control. TFTP servers. By default, no source IPv6 address is Specify the source IPv6 tftp client ipv6 source { interface specified.

  • Page 86: Managing The File System

    Managing the file system This chapter describes how to manage the device's file system, including the storage media, directories, and files. IMPORTANT: Before managing storage media, files, and directories, make sure you know the possible impacts. • Some files and directories are hidden. For normal operation of the system, do not modify or delete •...

  • Page 87

    Format Description Example Specifies a file in a specific folder in • test/a.cfg indicates a file named a.cfg the current working directory. in the test folder in the current working The path argument represents the directory. path to the file. If the file is in a [path/]file-name •...

  • Page 88: Managing Files

    Format Description Example Specifies a file in a specific storage medium on the device. The drive argument represents the storage medium name. • flash:/test/a.cfg indicates a file The storage medium on the active MPU named a.cfg in the test folder in the of the master is typically flash or cf0.

  • Page 89: Renaming A File

    Task Command Display the contents of a text file. more file-url Renaming a file Perform this task in user view. Task Command Rename a file. rename fileurl-source fileurl-dest Copying a file Perform this task in user view. Task Command copy fileurl-source fileurl-dest [ vpn-instance Copy a file.

  • Page 90: Deleting Files From The Recycle Bin

    Task Command Delete a file by moving it to the recycle bin. delete file-url Restore a file from the recycle bin. undelete file-url Delete a file permanently. delete /unreserved file-url IMPORTANT: Do not use the delete command to delete files from the recycle bin. To delete files from the recycle bin, use the reset recycle-bin command.

  • Page 91: Displaying The Current Working Directory

    Displaying the current working directory Perform this task in user view. Task Command Display the current working directory. Changing the current working directory Perform this task in user view. Task Command Change the current working directory. cd { directory | .. | / } Creating a directory Perform this task in user view.

  • Page 92: Repairing A Storage Medium

    Repairing a storage medium If part of a storage medium is inaccessible, use the fixdisk command to examine the medium for any damage and repair the medium. Before repairing a storage medium, make sure no other users are accessing the medium. Otherwise, the repair operation fails.

  • Page 93: Partitioning A Cf Card Or A Usb Disk

    To unmount a USB disk, make sure the system has recognized the USB disk and the USB disk LED is not blinking. Otherwise, the USB interface or USB disk might be damaged. Before unmounting a storage medium, make sure no other users are accessing the medium. Otherwise, the unmount operation fails.

  • Page 94: Setting The Operation Mode For Files And Folders

    Configuration procedure Perform this task in user view. Task Command Remarks By default, only one partition cf0:/ is fdisk medium-name available on a CF card and only one Partition a storage medium. [ partition-number ] partition usb0:/ is available on a USB disk.

  • Page 95: Managing Configuration Files

    Managing configuration files You can use the CLI or the Boot menu to manage configuration files. This chapter describes the CLI approach to configuration file management. Overview A configuration file saves a set of commands for configuring software features on the device. You can save any configuration to a configuration file so they can survive a reboot.

  • Page 96: Configuration File Formats

    At startup, the device tries to start up with the main configuration file. If the main configuration file is corrupted or unavailable, the device tries the backup configuration file. If the backup configuration file is corrupted or unavailable, the device starts up with the factory defaults. For reliability, do not specify one configuration file as both the main and backup configuration files.

  • Page 97: Enabling Configuration Encryption

    This function has the following approaches: Private key approach—Only the encrypting MPU can decrypt the encrypted configuration file. • Public key approach—Any HP device running the same software version as the encrypting device • can decrypt the encrypted configuration file.

  • Page 98: Converting A Comware V5 Configuration File To A Comware V7 Configuration File

    Task Command Remarks If you execute the save [ safely ] command without specifying any other keyword, the command saves the configuration to the main startup configuration file. Save the running configuration to a If the force keyword is specified, configuration file in the root save [ safely ] [ backup | main ] the command saves the...

  • Page 99: Configuring Configuration Archive Parameters

    Tasks at a glance (Required.) Configuring configuration archive parameters (Required.) Perform either task: • Enabling automatic configuration archiving • Manually archiving the running configuration (Required.) Performing a configuration rollback Configuring configuration archive parameters Before archiving the running configuration, either manually or automatically, you must configure a file directory and file name prefix for configuration archives.

  • Page 100: Enabling Automatic Configuration Archiving

    If a high-speed storage medium (such as a CF card) is used and the device configuration changes • frequently, set a shorter saving interval. HP recommends not deleting the configuration files archived by the system when the automatic • configuration archiving is enabled.

  • Page 101: Manually Archiving The Running Configuration

    Step Command Remarks By default, this function is disabled. Enable automatic To view configuration archive configuration archiving and archive configuration interval minutes names and their archiving time, set the archiving interval. use the display archive configuration command. Manually archiving the running configuration To save system resources, disable automatic configuration archiving and manually archive the configuration if the configuration will not be changed very often.

  • Page 102: Specifying A Next-startup Configuration File

    A command (for example, a hardware-dependent command) cannot be deleted, overwritten, or • undone due to system restrictions. • The commands in different views are dependent on each other. Commands or command settings that the device does not support cannot be added to the running •...

  • Page 103: Restoring The Main Next-startup Configuration File From A Tftp Server

    Step Command Remarks (Optional.) Verify that a If no next-startup configuration file next-startup configuration file display startup has been specified, the backup has been specified in user operation will fail. view. Back up the next-startup backup startup-configuration to configuration file to a TFTP dest-addr [dest- filename ] server in user view.

  • Page 104: Displaying And Maintaining Configuration Files

    The file has been corrupted or is not fully compatible with the device. • After the file is deleted, the device uses factory defaults at the next startup. Perform the following task in user view: Task Command Remarks If neither backup nor main is Delete next-startup configuration reset saved-configuration [ backup | specified, this command deletes...

  • Page 105: Upgrading Software

    Upgrading software This chapter describes types of software and how to upgrade software from the CLI in the non-ISSU approach. For a comparison of all software upgrade methods, see "Upgrade methods." Overview Software upgrade enables you to have new features and fix bugs. Before performing an upgrade, use the release notes for the new software version to verify software and hardware compatibility and evaluate upgrade impacts.

  • Page 106: System Startup Process

    Boot menu for loading a boot image. For more information about downloading and loading a boot image, see 12500 release notes. After accessing the emergency shell, connect to the console port and load a system image so you can access the Comware system.

  • Page 107: Upgrade Methods

    Figure 36 System startup process Start BootWare runs Enter Boot menu to Press Ctrl+B upgrade BootWare or promptly? startup software images Startup software images System starts up and CLI appears. Finish Upgrade methods Upgrading method Software types Remarks Upgrading from the CLI: •...

  • Page 108: Non-issu Upgrade Procedure Summary

    Non-ISSU upgrade procedure summary To upgrade software in the non-ISSU approach: Download the upgrade software image file. (Optional.) Preload the BootWare image to the BootWare. If a BootWare upgrade is required, you can perform this task to shorten the subsequent upgrade time.

  • Page 109: Specifying The Startup Image File And Completing The Upgrade

    Task Command Remarks • In standalone mode: bootrom update file filename Specify the downloaded software Load the upgrade BootWare slot slot-number-list image file for the filename image from the root directory of a argument. storage medium (Flash memory or • In IRF mode: CF card) to the Normal area of bootrom update file filename...

  • Page 110: Specifying The Startup Image File And Completing The Upgrade (in Irf Mode)

    Step Command Remarks Use one of the approaches. For more information about the upgrade methods provided by these commands, see Fundamentals Command Reference. In approach 3: • If the active MPU has started up with main startup images, its main Approach 1: startup images are synchronized to boot-loader file ipe-filename slot...

  • Page 111

    Step Command Remarks Use either approach. Approach 1: You can also specify a backup startup boot-loader file ipe-filename image file. chassis chassis-number slot In approach 1, the file name must take slot-number { backup | main } Specify the upgrade file as Approach 2: storage-medium:/base-filename.ipe the main startup image file...

  • Page 112: Upgrading Mbus Daughter Card Software

    Step Command Remarks At startup, the MPUs read the preloaded BootWare image to RAM, Reboot the IRF fabric. load the startup images in the file, and reboot set the images as both current software images and startup software images. display boot-loader [ chassis Verify that the current software images (Optional.) Verify the chassis-number [ slot...

  • Page 113: Upgrading Or Repairing The Power Software On An Interface Card

    If you install an interface card during a CPLD upgrade, the system can supply power to the card only after the upgrade is complete. To upgrade a CPLD on an interface card or MPU: Step Command Remarks Enter system view. system-view Isolate the interface card.

  • Page 114: Upgrading The Power Monitor Software

    Step Command Remarks Enter system view. system-view • In standalone mode: board-offline slot slot-number Set the interface card in In offline state, a card cannot • In IRF mode: offline state. forward traffic. board-offline chassis chassis-number slot slot-number Return to to user view. quit •...

  • Page 115: Upgrading Fan Monitor Software

    Upgrading fan monitor software To avoid fan monitor software upgrading failures, follow these guidelines: On the 12508 or 12518 switch, this task is available only for fan trays that use software version 103 • and CPLD 002 (or above). For a 12504 switch, this task is available only for fan trays that use software version 202 (or above).

  • Page 116: Displaying And Maintaining Software Image Settings

    When the standby MPU starts up, this feature examines its startup software images for version inconsistency with the current software images on the active MPU. If the software versions are different, the standby MPU copies the current software images of the active MPU, specifies them as startup software images, and reboots with these images.

  • Page 117

    Configuration procedure # Configure IP addresses and routes to make sure the device and the TFTP server can reach each other. (Details not shown.) # Complete TFTP settings on both the device and the TFTP server. (Details not shown.) # Display information about the current software images. <Sysname>...

  • Page 118

    Figure 38 Network diagram Master Subordinate (Member ID = 1) (Member ID = 2) IRF link Internet 1.1.1.1/24 2.2.2.2/24 TFTP server Configuration procedure # Configure IP addresses and routes to make sure the device and the TFTP server can reach each other. (Details not shown.) # Complete TFTP settings on both the device and the TFTP server.

  • Page 119

    # Verify that the IRF fabric is running the correct software. <Sysname> display version...

  • Page 120: Issu Overview

    ISSU overview The In-Service Software Upgrade (ISSU) function enables a fast software upgrade without (or with the least) service interruption. During an ISSU, you can perform version rollback and use display commands to view the version compatibility and upgrade status. ISSU is implemented on the basis of the following design advantages: Separation of service features from basic functions.

  • Page 121: Issu Command Series

    system keeps forwarding packets. After startup, the CPU continues to provide services on the basis of the saved system information. For services that require regular protocol message exchanges to maintain connections, this method starts protocol agents to satisfy the requirements. Compared with an incremental upgrade, an ISSU reboot upgrade affects all modules that use the CPU and takes a longer time.

  • Page 122: Issu Prerequisites

    Item issu series commands install series commands Recommended for Yes. common administrators? ISSU prerequisites Read the software release notes to determine which software images need to be upgraded, • whether these software images are compatible with one another, and whether these software images are compatible with the software images running on the device.

  • Page 123

    If the switching fabric cards of the device support sequential upgrade, make sure the device has two or more such cards and the cards are operating properly. Make sure nothing is wrong with the hardware and no hardware upgrade is going on. Otherwise, an upgrade failure or system exception might occur.

  • Page 124: Performing An Issu By Using Issu Series Commands

    Performing an ISSU by using issu series commands Performing an ISSU in standalone mode When you use the issu series commands to install or upgrade the software of MPUs, the device automatically install or upgrade the software of the service cards as needed. You do not need to install or upgrade the software of the service cards separately.

  • Page 125: Performing An Issu For A Single-mpu Device

    Step Command Remarks Perform an active/standby issu run switchover switchover and upgrade the interface cards. (Optional.) Accept the upgrade and delete the issu accept automatic-rollback timer. Specify the slot number of the original active MPU for the slot slot-number option. •...

  • Page 126: Performing An Issu In Irf Mode

    To perform an incremental upgrade to a compatible version, execute the following commands in user view: Step Command Remarks Upgrade the • Approach 1: MPU and issu load file { boot filename | system configure the filename | feature filename&<1-30> } * upgrade images Specify the slot number of the only MPU slot slot-number...

  • Page 127

    Before upgrade, use the display version comp-matrix file { boot filename | system filename | feature filename&<1-30> } * or the display version comp-matrix file ipe ipe-filename command to display the compatibility between the new and old images and the upgrade methods to be used: •...

  • Page 128: Performing An Issu For A Single-member, Dual-mpu Irf Fabric

    If the member devices of the IRF system filename | feature configure the fabric are connected into a ring filename&<1-30> } * chassis upgrade images as topology, HP recommends you specify chassis-number&<1-3> the main startup a half of the subordinate members for software images for •...

  • Page 129

    Step Command Remarks By default, the automatic-rollback interval is 45 minutes. This timer is started when you execute (Optional.) Set the the issu run switchover command. If automatic rollback issu rollback-timer minutes you do not execute the issu accept or timer.

  • Page 130: Performing An Issu For A Single-member, Single-mpu Irf Fabric

    Step Command Remarks • Approach 1: Upgrade the global issu load file { boot filename | standby MPU and Specify the member ID and slot system filename | feature configure the upgrade number of the global standby MPU filename&<1-30> } * chassis images as the startup for the chassis chassis-number slot chassis-number slot slot-number...

  • Page 131: Displaying And Maintaining Issu

    Step Command Remarks Specify the member ID and slot number of the only MPU for the chassis chassis-number slot slot-number option. • To complete the ISSU process: After the issu commit command is issu commit chassis completed, the ISSU process ends chassis-number slot Complete the ISSU process and the ISSU status transitions to Init.

  • Page 132

    Task Command Display backup startup software display install backup [ slot slot-number ] [ verbose ] images. Display ISSU logs. display install log [ log-id ] [ verbose ] Display software image file display install package { filename | all } [ verbose ] information.

  • Page 133: Issu Examples For Using Issu Series Commands (in Standalone Mode)

    ISSU examples for using issu series commands (in standalone mode) HTTP feature upgrade to a compatible version Upgrade requirement Device has two MPUs: one is in slot 0 (active MPU) and the other is in slot 1 (standby MPU). Upgrade the HTTP feature from R0201 to R0202. Figure 39 Network diagram Upgrade procedure # Download the image file that contains the R0202 HTTP feature from the TFTP server.

  • Page 134

    V700R001B34D002 Version Compatibility List: V700R001B34D001 V700R001B34D002 Version Dependency System List: V700R001B34D001 V700R001B34D002 Slot Upgrade Way Service Upgrade File Upgrade Service Upgrade File Upgrade Influenced service according to following table on slot 0: flash:/http-r0202.bin HTTP Influenced service according to following table on slot 1: flash:/http-r0202.bin HTTP The output shows that an incremental upgrade applies and the HTTP and CFA modules will be rebooted...

  • Page 135: Http Feature Upgrade To An Incompatible Version

    # Upgrade the feature on the original active MPU. <Sysname> issu commit slot 0 Upgrade summary according to following table: flash:/http-r0202.bin Running Version New Version Alpha 0201 Alpha 0202 Slot Upgrade Way Service Upgrade File Upgrade Upgrading software images to compatible versions. Continue? [Y/N]: y # Verify that both MPUs are running the new HTTP image.

  • Page 136

    % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 256k 256k 764k 0 --:--:-- --:--:-- --:--:-- 810k # Display active software images. <Sysname> display install active Active packages on slot 0: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.bin...

  • Page 137: Http Feature Rollback Example

    Reboot Upgrading software images to incompatible versions. Continue? [Y/N]: y # Upgrade the feature on the original active MPU. <Sysname> issu run switchover Upgrade summary according to following table: flash:/http-r0202.bin Running Version New Version Alpha 0201 Alpha 0202 Slot Upgrade Way Reboot Reboot Upgrading software images to incompatible versions.

  • Page 138

    Rollback procedure # Download the image file that contains the R0202 HTTP feature from the TFTP server. <Sysname> tftp 2.2.2.2 get http-r0202.bin % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 256k 256k 764k...

  • Page 139

    HTTP The output shows that an incremental upgrade applies and the HTTP and CFA modules will be rebooted during the upgrade process. # Upgrade the HTTP feature on the standby MPU. <Sysname> issu load file feature flash:/http-r0202.bin slot 1 This operation will delete the rollback point information for the previous upgrade and maybe get unsaved configuration lost.

  • Page 140: Issu Examples For Using Issu Series Commands (in Irf Mode)

    # Roll back the HTTP feature to R0201. <Sysname> issu rollback This command will quit the ISSU process and roll back to the previous version. Continue? [Y/N]:Y # Verify that both MPUs are running the old HTTP image. <Sysname> display install active Active packages on slot 0: flash:/boot-r0201.bin flash:/system-r0201.bin...

  • Page 141: Upgrade Procedure

    Figure 42 Network diagram Upgrade procedure # Download the image file that contains the R0202 HTTP feature from the TFTP server. <Sysname> tftp 2.2.2.2 get http-r0202.bin % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left...

  • Page 142

    flash:/system-r0201.bin flash:/http-r0201.bin Active packages on chassis 2 slot 1.1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.bin # Check for the ISSU method to be used for the upgrade and view the possible impact of the upgrade. <Sysname> display version comp-matrix file feature flash:/http-r0202.bin Feature image: flash:/http-r0202.bin Version: V700R001B34D002 Version Compatibility List:...

  • Page 143

    flash:/http-r0202.bin Running Version New Version Alpha 0201 Alpha 0202 Chassis Slot Upgrade Way Service Upgrade File Upgrade Service Upgrade File Upgrade Upgrading software images to compatible versions. Continue? [Y/N]: y # Perform a master/subordinate switchover. <Sysname> issu run switchover Upgrade summary according to following table: flash:/http-r0202.bin Running Version New Version...

  • Page 144

    flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0202.bin Active packages on chassis 1 slot 1.1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0202.bin Active packages on chassis 2 slot 0: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0202.bin Active packages on chassis 2 slot 0.1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0202.bin Active packages on chassis 2 slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0202.bin...

  • Page 145

    <Sysname> tftp 2.2.2.2 get http-r0202.bin % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 256k 256k 764k 0 --:--:-- --:--:-- --:--:-- 810k # Display active software images. <Sysname> display install active Active packages on chassis 1 slot 0: flash:/boot-r0201.bin flash:/system-r0201.bin...

  • Page 146

    Incompatible upgrade. The output shows that the two versions are incompatible. The cards will be rebooted for the upgrade. # Upgrade the HTTP feature on the subordinate member. After the upgrade, the subordinate member will leave the original IRF fabric and form a new IRF fabric by itself. <Sysname>...

  • Page 147

    flash:/http-r0202.bin Active packages on chassis 1 slot 1.1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0202.bin Active packages on chassis 2 slot 0: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0202.bin Active packages on chassis 2 slot 0.1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0202.bin Active packages on chassis 2 slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0202.bin Active packages on chassis 2 slot 1.1: flash:/boot-r0201.bin...

  • Page 148

    Dload Upload Total Spent Left Speed 256k 256k 764k 0 --:--:-- --:--:-- --:--:-- 810k # Display active software images. <Sysname> display install active Active packages on chassis 1 slot 0: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.bin Active packages on chassis 1 slot 0.1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.bin...

  • Page 149

    Chassis Slot Upgrade Way Service Upgrade File Upgrade Service Upgrade File Upgrade Service Upgrade File Upgrade Service Upgrade File Upgrade Influenced service according to following table on chassis 1 slot 0: flash:/http-r0202.bin HTTP Influenced service according to following table on chassis 1 slot 1: flash:/http-r0202.bin HTTP Influenced service according to following table on chassis 2 slot 0:...

  • Page 150

    Chassis Slot Switchover Way Active standby process switchover Active standby process switchover Upgrading software images to compatible versions. Continue? [Y/N]: y # Display active software images. <Sysname> display install active Active packages on chassis 1 slot 0: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.bin Active packages on chassis 1 slot 0.1: flash:/boot-r0201.bin flash:/system-r0201.bin...

  • Page 151

    flash:/http-r0201.bin Active packages on chassis 1 slot 0.1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.bin Active packages on chassis 1 slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.bin Active packages on chassis 1 slot 1.1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.bin Active packages on chassis 2 slot 0: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.bin Active packages on chassis 2 slot 0.1: flash:/boot-r0201.bin...

  • Page 152: Performing An Issu By Using Install Series Commands

    Performing an ISSU by using install series commands Performing an ISSU Obtaining the software images issued in an IPE file Use FTP or TFTP to download or upload the IPE file to the root directory of a storage medium on the active MPU (in standalone mode) or global active MPU (in IRF mode).

  • Page 153: Uninstalling Feature Or Patch Images

    When you install or upgrade a software image on the active MPU, the system automatically installs • or upgrades the software image on the service cards as needed. You do not need to install or upgrade the software of the service cards separately. Installation and upgrade procedure To install or upgrade a boot image, a system image, or feature images, execute the following commands in user view:...

  • Page 154: Rolling Back The Software Configuration

    Uninstalled images are still saved on the storage medium. To permanently remove the images from the device, execute the install remove command. Make sure you remove only images that are no longer useful. To uninstall an image that was installed for an incremental upgrade, deactivate it and then confirm the software change.

  • Page 155: Aborting A Software Image Operation

    Step Command Remarks Roll back the software configuration to an install rollback to { point-id | To view available rollback points, use earlier rollback point or original } the display install rollback command. the original software configuration. (Optional.) Confirm the install commit software changes.

  • Page 156

    To remove inactive software images, execute one of the following commands as appropriate in user view: Task Command Remove inactive software images. (In standalone install remove [ slot slot-number ] { package | inactive } mode.) install remove [ chassis chassis-number slot slot-number ] Remove inactive software images.

  • Page 157: Issu Examples For Using Install Series Commands (in Standalone Mode)

    Task Command Display ongoing ISSU activate, deactivate, display install job and rollback operations. Display ISSU logs. display install log [ log-id ] [ verbose ] Display software image file information. display install package { filename | all } [ verbose ] Display the software images included in an IPE display install ipe-info ipe-file file.

  • Page 158

    flash:/http-r0201.bin Active packages on slot 0.1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.bin Active packages on slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.bin Active packages on slot 1.1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.bin # Check for the ISSU methods to be used for the upgrade and view the possible impact of the upgrade. <Sysname>...

  • Page 159

    <Sysname> install activate feature flash:/http-r0202.bin slot 1 Upgrade summary according to following table: flash:/http-r0202.bin Running Version New Version Alpha 0201 Alpha 0202 Slot Upgrade Way Service Upgrade File Upgrade Upgrading software images to compatible versions. Continue? [Y/N]: y <Sysname> install activate feature flash:/http-r0202.bin slot 0 Upgrade summary according to following table: flash:/http-r0202.bin Running Version...

  • Page 160

    HTTP feature rollback example Rollback requirement As shown in Figure 45, Device has two MPUs: one is in slot 0 (active MPU) and the other is in slot 1 (standby MPU). Roll back the HTTP feature from R0202 to R0201. Rollback procedure # Display active software images.

  • Page 161: Issu Examples For Using Install Series Commands (in Irf Mode)

    flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.bin Active packages on slot 1.1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.binn # Confirm the software change. <Sysname> install commit ISSU examples for using install series commands (in IRF mode) HTTP feature upgrade example Upgrade requirement The IRF fabric comprises two members: the master member with the member ID 1 and the subordinate member with the member ID 2.

  • Page 162

    Active packages on chassis 1 slot 0: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.bin Active packages on chassis 1 slot 0.1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.bin Active packages on chassis 1 slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.bin Active packages on chassis 1 slot 1.1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.bin Active packages on chassis 2 slot 0: flash:/boot-r0201.bin flash:/system-r0201.bin...

  • Page 163

    Upgrade summary according to following table: flash:/http-r0202.bin Running Version New Version Alpha 0201 Alpha 0202 Chassis Slot Upgrade Way Service Upgrade File Upgrade Influenced service according to following table on chassis 2 slot 0: flash:/http-r0202.bin HTTP <Sysname> install activate feature flash:/http-r0202.bin chassis 1 slot 1 test Upgrade summary according to following table: flash:/http-r0202.bin Running Version...

  • Page 164

    Running Version New Version Alpha 0201 Alpha 0202 Chassis Slot Upgrade Way Service Upgrade File Upgrade Upgrading software images to compatible versions. Continue? [Y/N]: y <Sysname> install activate feature flash:/http-r0202.bin chassis 2 slot 0 Upgrade summary according to following table: flash:/http-r0202.bin Running Version New Version...

  • Page 165

    flash:/system-r0201.bin flash:/http-r0202.bin Active packages on chassis 1 slot 0.1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0202.bin Active packages on chassis 1 slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0202.bin Active packages on chassis 1 slot 1.1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0202.bin Active packages on chassis 2 slot 0: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0202.bin Active packages on chassis 2 slot 0.1:...

  • Page 166

    Active packages on chassis 1 slot 0.1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0202.bin Active packages on chassis 1 slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0202.bin Active packages on chassis 1 slot 1.1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0202.bin Active packages on chassis 2 slot 0: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0202.bin Active packages on chassis 2 slot 0.1: flash:/boot-r0201.bin flash:/system-r0201.bin...

  • Page 167

    flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.bin Active packages on chassis 1 slot 0.1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.bin Active packages on chassis 1 slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.bin Active packages on chassis 1 slot 1.1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.bin Active packages on chassis 2 slot 0: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/http-r0201.bin...

  • Page 168: Using The Emergency Shell

    Using the emergency shell At startup, the device tries to locate and load the Comware startup software images, which might include a boot image, a system image, some feature images, and some patch images. If the startup boot image is OK but the startup system image or any startup feature or patch image is missing or corrupted, the device enters emergency shell mode.

  • Page 169: Obtaining A System Image From An Ftp/tftp Server

    Task Command Remarks Display the contents of more file-url a file. Permanently delete a delete file-url file. To delete a folder, first delete all files and child folders Delete a folder. rmdir directory in the folder. Format a storage format medium-name medium.

  • Page 170: Checking The Connectivity To A Server

    Step Command Remarks By default, the management Assign an IPv6 address ipv6 address ipv6-address prefix-length Ethernet port has no IPv6 to the port. address. By default, the management Specify an IPv6 gateway ipv6 gateway ipv6-address Ethernet port has no IPv6 for the port.

  • Page 171: Loading The System Image

    Task Command Telnet to an IPv4 server. telnet server-ipv4-address Use SSH to connect to an IPv4 server. ssh2 server-ipv4-address To access a remote IPv6 server, execute one of the following commands to obtain a system image in user view: Task Command ftp ipv6 server-ipv6-address user username password Use FTP to download a file from or upload a file to...

  • Page 172: Emergency Shell Usage Example

    # Check the version information of the boot image. <boot> display version HP Comware Software, Version 7.1.034, Release 7128 Copyright (c) 2010-2012 Hewlett-Packard Development Company, L.P. HP 12504 uptime is 0 weeks, 0 days, 0 hours, 3 minutes Last reboot reason : User reboot Boot image: cfa0:/12500-CMW710-BOOT-R7128.bin...

  • Page 173

    <boot> tftp 1.2.1.1 get system.bin cfa0:/system.bin # Check whether the version of system.bin matches that of boot.bin. <boot> display install package cfa0:/system.bin cfa0:/system.bin [Package] Vendor: HP Product: **** Service name: system Platform version: 7.1.028 Product version: Alpha 7122 Supported board: mr, lc, sfc...

  • Page 174

    cpio=0x96e7d8@0x13000000 CPIO Length: 0x96e7d8. Starting application at 0x02000000 ..HA_Register OK, ulModuleID = 252772352, ulS ubID = 6.HA_Register OK, ulModuleID = 254803968, ulSubID = 0.HA_Register OK, ulM oduleID = 252706816, ulSubID = 0.HA_Register OK, ulModuleID = 255983616, ulSubID = 2.HA_Register OK, ulModuleID = 256442368, ulSubID = 0.HA daemon start as 1 (b uild Jul 29 2011 11:50:56).

  • Page 175: Automatic Configuration

    Automatic configuration With the automatic configuration feature, the device can automatically obtain a set of configuration settings from some servers when it starts up without a configuration file. This feature simplifies network configuration, facilitates centralized management, and reduces maintenance workload. Understanding automatic configuration The automatic configuration feature requires the cooperation of the following servers: a DHCP server, a TFTP server, and a DNS server, as shown in...

  • Page 176

    server IP address, and a DNS server IP address. For more information, see "Automatic-configuration parameter acquisition process." After getting automatic configuration parameters, the device tries to download a configuration file from a TFTP server. For more information, see "Configuration file acquisition process."...

  • Page 177: Automatic-configuration Parameter Acquisition Process

    Figure 49 Automatic configuration workflow Automatic-configuration parameter acquisition process After the device finds an interface for automatic configuration, it enables the DHCP client on the interface. Then, the DHCP client broadcasts a DHCP request to locate a DHCP server and request configuration settings.

  • Page 178: Configuration File Acquisition Process

    Option 67 or the file field—Carries the configuration file name. The device resolves Option 67 first. • If Option 67 does not contain the configuration file name, the device resolves the file field. Option 150—Carries the TFTP server IP address. If this option contains a valid TFTP server IP •...

  • Page 179: Deploying And Configuring Servers For Automatic Configuration

    Figure 50 Configuration file acquisition process Deploying and configuring servers for automatic configuration To implement automatic configuration, you do not need to perform any configuration on the device. However, you must deploy DHCP, TFTP, and DNS servers and properly configure the servers to cooperate with the device as follows: DHCP server—Assigns the device a set of parameters for automatic configuration, which might •...

  • Page 180: Dhcp Server Configuration Guidelines

    If the DHCP server, the TFTP server, the DNS server, and the device are not in the same network segment, configure the DHCP relay agent on the gateway, and configure routing protocols to make sure the servers have routes to the device and vice versa. DHCP server configuration guidelines DHCP server configuration requirements vary depending on whether the devices use the same configuration file:...

  • Page 181: Managing The Device

    Enter system view. system-view Configure the device name. sysname sysname The default device name is HP Setting the system time CAUTION: The system time is always restored to the default after a reboot. After rebooting the device, reconfigure the Network Management system time or configure NTP for the device.

  • Page 182: Enabling Displaying The Copyright Statement

    Enabling displaying the copyright statement By default, the device displays the copyright statement when a Telnet or SSH user logs in, or when a user quits user view through the console port, AUX port, or through Modem. You can disable or enable the function as needed.

  • Page 183

    Multiple-line input. • Input message text in multiple lines. In this approach, the message text can be up to 2000 characters. Use one of the following methods to implement multi-line input mode: Method 1—Press Enter after the last command keyword. At the system prompt, enter the banner and end the last line with the delimiter character %.

  • Page 184: Changing The Brand Name Of An Mpu

    Changing the brand name of an MPU The device supports both HP MPUs and HP MPUs. Some network management software identifies a device by the brand name of the device's active MPU. If a device has two MPUs and the two MPUs have different brand names, the network management software considers the device a different one after an active/standby switchover occurs on the device.

  • Page 185: Rebooting The Device

    Table 14 Card types supported by operating modes Operating mode EB card EC card EF card standard √ √ √ bridgee × √ √ routee × √ √ advance × × √ The √ sign stands for "supported." The × sign stands for "unsupported." EB cards have the "EB"...

  • Page 186

    Configuration procedure To immediately reboot the device, execute either of the following commands as appropriate in user view: Task Command Reboot a card or the entire device in standalone reboot [ slot slot-number ] mode. Reboot an IRF member device or all IRF member reboot [ chassis chassis-number [ slot slot-number ] ] devices in IRF mode.

  • Page 187

    Step Command Remarks Enter system view. system-view Create a job. scheduler job job-name By default, no job exists. By default, no command is assigned to a job. Assign a command to command id command You can assign multiple commands the job. to a job.

  • Page 188: Schedule Configuration Example

    Step Command Remarks • Execute the schedule at an interval Configure either command. from the specified time on: time repeating at time By default, no execution time is [ month-date [ month-day | last ] | specified for a schedule. Specify an execution week-day week-day&<1-7>...

  • Page 189

    [Sysname-job-start-GigabitEthernet3/0/1] command 2 interface GigabitEthernet 3/0/1 [Sysname-job-start-GigabitEthernet3/0/1] command 3 undo shutdown [Sysname-job-start-GigabitEthernet3/0/1] quit # Configure a job for disabling interface GigabitEthernet 3/0/2. [Sysname] scheduler job shutdown-GigabitEthernet3/0/2 [Sysname-job-shutdown-GigabitEthernet3/0/2] command 1 system-view [Sysname-job-shutdown-GigabitEthernet3/0/2] command 2 interface GigabitEthernet 3/0/2 [Sysname-job-shutdown-GigabitEthernet3/0/2] command 3 shutdown [Sysname-job-shutdown-GigabitEthernet3/0/2] quit # Configure a job for enabling interface GigabitEthernet 3/0/2.

  • Page 190

    interface GigabitEthernet 3/0/2 undo shutdown # Display the schedule information. [Sysname] display scheduler schedule Schedule name : START-pc1/pc2 Schedule type : Run on every Mon Tue Wed Thu Fri at 08:00:00 Start time : Wed Sep 28 08:00:00 2011 Last execution time : Wed Sep 28 08:00:00 2011 Last completion time : Wed Sep 28 08:00:03 2011 Execution counts...

  • Page 191: Performing Power Supply Management

    Schedule name : STOP-pc1/pc2 Execution time : Wed Sep 28 18:00:00 2011 Completion time : Wed Sep 28 18:00:01 2011 --------------------------------- Job output ----------------------------------- <Sysname>system-view System View: return to User View with Ctrl+Z. [Sysname]interface GigabitEthernet 3/0/1 [Sysname-GigabitEthernet3/0/1]shutdown Job name : shutdown-GigabitEthernet3/0/2 Schedule name : STOP-pc1/pc2 Execution time...

  • Page 192: Powering On/off A Card

    starts the redundant power supplies. If the total power is still insufficient, the system does not supply power to the interface card. When the power is insufficient because a power supply fails or is removed: • If power supply management is disabled, the power supplies perform self hardware protection. If power supply management is enabled, the system starts redundant power supplies as configured.

  • Page 193: Re-assigning Ids To Ac Power Supplies

    You can re-assign IDs to PSE9000 AC power supplies after you install the device. For easy identification, HP recommends you use the slot numbers as the power supplies' IDs. Figure 52 Slot numbers of AC power supplies in a 12508...

  • Page 194

    IMPORTANT: To hot-swap AC power supplies, follow these guidelines: After you insert one AC power supply in to the power supply shelf, wait at least three seconds before • inserting another one. • After you remove one AC power supply from the power supply shelf, wait at least 15 seconds before removing another one.

  • Page 195: Setting The Port Status Detection Timer

    Figure 55 Randomly assigned IDs of the power supplies Re-assign IDs as required. <Sysname> system-view [Sysname] power-supply module 3 1 2 new-id 1 3 5 Setting the port status detection timer Some protocols might shut down ports under specific circumstances. For example, MSTP shuts down a BPDU guard-enabled port when the port receives a BPDU.

  • Page 196

    Notification Triggering condition Remarks After generating and sending a Level-2 The amount of the free memory space alarm notification, the system does not Level-2 alarm notification goes down to or below the Level-2 generate and send any additional alarm threshold for the first time. Level-2 alarm notifications until the first Level-2 alarm is canceled.

  • Page 197: Configuring The Temperature Alarm Thresholds

    Step Command Remarks • In standalone mode: memory-threshold [ slot slot-number ] The defaults are as follows: minor minor-value severe severe-value • Level-1 threshold—96 MB. critical critical-value normal normal-value Set memory • • Level-2 threshold—64 MB. In IRF mode: usage thresholds. memory-threshold [ chassis •...

  • Page 198: Isolating A Card

    You cannot perform an ISSU when one or more cards are isolated. Do not perform configurations for an isolated card. The configurations might not be able to take effect. To eliminate possible impact on the system, HP recommends you isolate a switching fabric card before removing it.

  • Page 199: Configuring Hardware Failure Detection And Protection

    Configuring hardware failure detection and protection Specifying the actions to be taken for hardware failures The device automatically detects hardware failures on components, cards, and the forwarding plane. You can specify the actions to be taken in response to detected failures. To specify the actions to be taken in response to hardware failures: Step Command...

  • Page 200

    If the member interface is not the last member in up state in the group, the system shuts down the • interface. If the member interface is the last member in up state in the group, the system does not shut down •...

  • Page 201: Enabling Data Forwarding Path Failure Detection

    Enabling data forwarding path failure detection You can enable the device to automatically detect data forwarding path failures and output log information for notification. To enable data forwarding path failure detection: Step Command Remarks Enter system view. system-view Enable data forwarding path By default, data forwarding path forward-path-detection enable failure detection.

  • Page 202: Disabling Alarm Traps For Transceiver Modules

    Disabling alarm traps for transceiver modules If you install a transceiver module that has no vendor name or a vendor name other than HP, the system repeatedly outputs traps and logs to notify the user to replace the module. To continue to use such a transceiver module that is manufactured or customized by HP but has no vendor information, you can disable alarm traps so the system stops outputting alarm traps.

  • Page 203

    Task Command Display the electronic label data for the device. display device manuinfo [ slot slot-number ] Display the electronic label data for the specified display device manuinfo chassis-only chassis backplane. Display the electronic label data for the specified display device manuinfo fan fan-id fan.

  • Page 204

    Task Command Display the copyright statement. display copyright display cpu-usage [ chassis chassis-number slot Display CPU usage statistics. slot-number [ cpu cpu-number ] ] display cpu-usage history [ job job-id ] [ chassis Display historical CPU usage statistics in a chart. chassis-number slot slot-number [ cpu cpu-number ] ] display device [ cf-card ] [ chassis chassis-number [ slot Display hardware information.

  • Page 205: Configuring Mdcs

    Configuring MDCs Overview The device can be virtualized into multiple logical devices called "multitenant device contexts (MDCs)." Each MDC uses its own interfaces, CPU resources, startup software images, and configuration files, and maintains its own routing table and forwarding table, serves its own users, and is managed by its own administrators.

  • Page 206: Default Mdc And Non-default Mdcs

    Figure 57 Network diagram Internet Internet Gateway 1 Gateway 3 Device Equals Device A Device B Device C Gateway 2 LAN 1 LAN 3 LAN 1 LAN 3 LAN 2 LAN 2 Default MDC and non-default MDCs A device supporting MDCs is an MDC itself, and it is called the "default MDC" (for example, Device Figure 57).

  • Page 207: Creating An Mdc

    Starting an MDC (Required.) Accessing and managing an MDC Although you can assign hardware resources to MDCs before or after you start the MDCs, HP recommends assigning MDCs resources before starting them. Creating an MDC The switch supports creating up to three MDCs. Only an MPU with 4G memory space supports creating MDCs.

  • Page 208: Assigning Physical Interfaces To An Mdc

    To authorize an MDC to use an interface card: Step Command Remarks Enter system view. system-view Enter MDC view. mdc mdc-name [ id mdc-id ] By default, all interface cards of • In standalone mode: the device belong to the default location slot slot-number Authorize the MDC MDC, and a non-default MDC...

  • Page 209: Specifying A Cpu Weight For An Mdc

    In IRF mode, you must assign non-default MDCs physical interfaces used for establishing IRF connections. A non-default MDC needs to use the physical IRF ports to forward packets between member devices. For more information about IRF, see IRF Configuration Guide. After you change the configuration of a physical IRF port, you must use the save command to save the running configuration.

  • Page 210: Specifying A Disk Space Percentage For An Mdc

    Specifying a disk space percentage for an MDC By default, MDCs on a device share and compete for the disk space of the device's storage media, such as the Flash and CF cards. If an MDC occupies too much disk space, the other MDCs might not be able to save information such as configuration files and system logs.

  • Page 211: Starting An Mdc

    Starting an MDC Step Command Enter system view. system-view Enter MDC view. mdc mdc-name [ id mdc-id ] Start the MDC. mdc start IMPORTANT: If you bring up the BootWare menu and select the option for skipping configuration loading at device startup, the device starts up with the null configuration.

  • Page 212: Mdc Configuration Example (in Standalone Mode)

    Task Command Display the interfaces of the MDC. display mdc interface Display the CPU, disk space, and memory space display mdc resource [ cpu | disk | memory ] [ slot usage of the MDC in standalone mode. slot-number ] Display the CPU, disk space, and memory space display mdc resource [ cpu | disk | memory ] [ chassis usage of the MDC in IRF mode.

  • Page 213

    <Device> system-view [Device] mdc MDCA It will take some time to create MDC... This MDC was created successfully. # Authorize MDCA to use the interface card in slot 2. [Device-mdc-2-MDCA] location slot 2 # Assign interfaces GigabitEthernet 2/0/1 through GigabitEthernet 2/0/48 to MDCA. [Device-mdc-2-MDCA] allocate interface GigabitEthernet 2/0/1 to GigabitEthernet 2/0/48 The configurations of the interfaces will be lost.

  • Page 214

    # Start MDCB. [Device-mdc-3-MDCB] mdc start It will take some time to start MDC... This MDC was started successfully. [Device-mdc-3-MDCB] quit # Log in to MDCB from the default MDC. [Device] switchto mdc MDCB ****************************************************************************** * Copyright (c) 2010-2012 Hewlett-Packard Development Company, L.P. * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.

  • Page 215: Mdc Configuration Example (in Irf Mode)

    * no decompiling or reverse-engineering shall be allowed. ****************************************************************************** <Device> system-view # Change the device name to MDCC for easy identification of the MDC. [Device] sysname MDCC # Create VLAN-interface 1 and assign an IP address to it. [MDCC] interface vlan-interface 1 [MDCC-Vlan-interface1] ip address 192.168.3.251 24 # Return to the default MDC.

  • Page 216

    Company A has many users and requires more disk space than Company B and Company C. Company B and Company C do not need a large amount of disk space and the default disk space is enough to satisfy their disk space requirements. Company C has less employees and less Internet traffic, and needs only a small amount of CPU resources.

  • Page 217

    * no decompiling or reverse-engineering shall be allowed. ****************************************************************************** <Device> system-view # Change the device name to MDCA for easy identification of the MDC. [Device] sysname MDCA # Create VLAN-interface 1 and assign an IP address to it. [MDCA] interface vlan-interface 1 [MDCA-Vlan-interface1] ip address 192.168.1.251 24 # Return to the default MDC.

  • Page 218

    [Device] Create and configure MDCC for Company C: # Create MDCC. [Device] mdc MDCC It will take some time to create MDC... This MDC was created successfully. # Authorize MDCC to use the interface card in the subordinate member's slot 4. [Device-mdc-4-MDCC] location chassis 2 slot 4 # Assign interfaces GigabitEthernet 2/4/0/1 through GigabitEthernet 2/4/0/48 to MDCC.

  • Page 219

    MDCC active The output shows that the MDCs have been created and are operating properly. Log in to MDCA as an administrator of Company A and then view the current configuration of the MDC. C:\> telnet 192.168.1.251 ****************************************************************************** * Copyright (c) 2010-2012 Hewlett-Packard Development Company, L.P. * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.

  • Page 220: Configuring Tcl

    Configuring Tcl Comware V7 provides a built-in tool command language (Tcl) interpreter. You can execute Tcl commands on the device. From user view, you can use the tclsh command to enter Tcl configuration view, where you can execute the following commands: All Tcl 8.5 commands.

  • Page 221: Index

    Index ? (CLI online help access), 3 FTP basic server server authentication, 65 none CLI authentication mode, 41 RBAC AAA authorization, 17, 21, 34 password CLI authentication mode, 41 RBAC local AAA authentication user configuration, RBAC HWTACACS authentication user configuration, 30 RBAC user role...

  • Page 222

    MOTD type, 174 display command output viewing, 13 multiple-line input mode, 174 displaying login, 53 shell type, 174 emergency shell file system management, 160 single-line input mode, 174 emergency shell system software image retrieval, binary transfer mode, 64 boot loader emergency shell use, 160, 164 displaying software image settings, 108 enter system view from user view, 2...

  • Page 223

    CLI string/text type argument value entry, 5 configuration types, 87 CLI undo command form, 4 converting file (V5 to V7), 90 command language (Tcl), 212 displaying configuration files, 96 command line interface. Use CLI enabling configuration encryption, 89 completing manual configuration archiving, 93 software upgrade (in IRF mode), 102 performing configuration rollback, 93 software upgrade (in standalone mode), 101...

  • Page 224

    FTP server authorization, 65 CPU (ISSU prerequisites), 1 14 hardware failure detection, 191 CPU (ISSU restrictions), 1 14 hardware failure protection, 191 CPU weight (MDC), 201 management Ethernet port, 161 creating MDC, 197 file system directory, 83 MDC in IRF mode, 207 RBAC user role, 18 MDC in standalone mode, 204 creating MDC, 199...

  • Page 225

    emergency shell reboot, 163 ISSU guidelines, 1 14 emergency shell server connectivity check, 162 ISSU methods, 1 12 emergency shell system software image transfer ISSU overview, 1 12 from server, 162 ISSU prerequisites, 1 14 emergency shell system software image upload, ISSU restrictions, 1 14 managing an MDC, 203 emergency shell use, 160, 164...

  • Page 226

    storage media CF card partition, 85 USB interfaces, 189 storage media USB disk partition, 85 disabling pause between CLI output screens, 9 Telnet login device configuration, 47 disk space percentage, 202 terminating FTP connection, 72 displaying TFTP configuration, 76 command help information, 72 troubleshooting FTP connection, 71 configuration files, 96 using for Telnet server login, 51...

  • Page 227

    FTP client connection, 68 filtering CLI display command output, 10 Ethernet format emergency shell management Ethernet port file name, 78 configuration, 161 file system storage media, 84 factory default (device configuration), 87 format of configuration file, 88 upgrading monitor software, 107 basic server parameters configuration, 64 feature client configuration (in IRF mode), 74...

  • Page 228

    RBAC HWTACACS authentication user FTP server configuration (in IRF mode), 67 configuration, 30 ISSU command series, 1 13 image ISSU guidelines, 1 14 BootWare software image type, 97 ISSU methods, 1 12 Comware Boot software image type, 97 ISSU overview, 1 12 Comware image loading procedure, 97 ISSU prerequisites, 1 14 Comware image redundancy, 97...

  • Page 229

    uninstalling features, 145 CLI login authentication modes, 41 uninstalling patch images, 145 CLI user interfaces, 40 upgrading software images, 144 CLI user roles, 41 verifying software change confirmation status, 147 common VTY user interface settings, 50 verifying software image integrity and consistency, console port access, 37 overview, 35 ISSU methods, 1 12...

  • Page 230

    in standalone mode configuration, 204 network login management overview, 35 assigning hardware resources to MDC, 199 maintaining, 203 assigning physical interfaces to MDC, 200 managing, 203 authorizing MDC to use interface card, 199 non-default MDC, 198 banner configuration, 174, 175 specifying CPU weight, 201 banner input modes, 174 specifying disk space percentage, 202...

  • Page 231

    file system directory removal, 83 RBAC user role interface policy, 20 file system file compression, 81 RBAC user role local authentication file system file copy, 81 assignment, 21 file system file decompression, 81 RBAC user role non-AAA authentication file system file delete from recycle bin, 82 assignment, 22 file system file deletion, 81 RBAC user role remote AAA authentication...

  • Page 232

    ISSU prerequisites, 1 14 parameter ISSU restrictions, 1 14 device management configuration, 173 ISSU software image installation, 144 FTP basic server parameters configuration, 64 ISSU software image upgrade, 144 partitioning managing an MDC, 203 storage media CF card partition, 85 MDC configuration, 197 storage media USB disk, 85 MDC in IRF mode configuration, 207...

  • Page 233

    powering card on/off, 184 configuring device as IPv6 TFTP client, 76 powering card on/off, 184 configuring device name, 173 preloading configuring FTP basic server parameters, 64 software image to BootWare, 100 configuring FTP client (distributed device–in IRF procedure mode), 74 abbreviating CLI command, 5 configuring FTP client (in standalone mode), 72 accessing an MDC, 203...

  • Page 234

    deleting next-startup configuration file, 95 managing file system, 160 diagnosing transceiver module, 193 managing file system directories, 82 disabling pause between CLI output screens, 9 managing file system files, 80 disabling transceiver module alarm traps, 194 managing file system storage media, 83 disabling USB interfaces, 189 managing FTP server directories, 70 displaying CLI login, 53...

  • Page 235

    specifying startup image file (in standalone mode), RBAC RADIUS authentication user configuration, starting an MDC, 203 RBAC switching FTP user accounts, 71 AAA authorization, 17, 21, 34 switching RBAC user role, 24 configuration, 15, 17 synchronizing startup images from active MPU to displaying settings, 25 standby MPU, 107 feature group configuration, 19...

  • Page 236

    returning RBAC user role interface policy, 20 to upper-level view from any view, 2 RBAC user role local authentication to user view, 3 assignment, 21 returning to user view, 212 RBAC user role non-AAA authentication role-based access control. See RBAC assignment, 22 rolling back RBAC user role remote AAA authentication...

  • Page 237

    completing upgrade (in standalone mode), 101 emergency shell use, 160, 164 Comware Boot image type, 97 specifying Comware feature package, 97 CPU weight for an MDC, 201 Comware image loading procedure, 97 disk space percentage for MDC, 202 Comware image redundancy, 97 hardware failure response actions, 191 Comware image type, 97 MDC memory space percentage, 202...

  • Page 238

    switching RBAC user role, 23, 24 console port login procedure, 37 switching to another FTP user account, 71 copyright statement display, 174 system data forwarding path failure detection, 193 Comware feature package, 97 deploying and configuring server (automatic Comware image loading procedure, 97 configuration), 171 Comware image redundancy, 97 device management configuration, 173...

  • Page 239

    MPU brand name, 176 TFTP configuration, 76 overall automatic configuration process, 167 Telnet port status detection timer, 187 common VTY user interface settings, 50 power supply management, 183 login, 47 powering card on/off, 184 login control, 57 return to upper-level view from any view, 2 login device configuration, 47 return to user view, 3 login management overview, 35...

  • Page 240

    file system storage media, 84 RBAC user role remote AAA authentication upgrading assignment, 21 completing software upgrade (in IRF mode), 102 RBAC user role rule configuration, 18 completing software upgrade (in standalone RBAC user role rules, 15 mode), 101 RBAC user role switching, 24 CPLDs, 104 RBAC user...

Comments to this Manuals

Symbols: 0
Latest comments: