H3C S5500-HI Series Fundamentals Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Network Router
  5. S5500-HI Switch Series
  6. Fundamentals configuration manual

H3C S5500-HI Series Fundamentals Configuration Manual

Hide thumbs Also See for S5500-HI Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Installation Manual
H3C S5500-HI Switch Series
Fundamentals Configuration Guide
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: Release 5101
Document version: 6W100-20111031

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the S5500-HI Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for H3C S5500-HI Series

Summary of Contents for H3C S5500-HI Series

  • Page 1 H3C S5500-HI Switch Series Fundamentals Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 5101 Document version: 6W100-20111031...
  • Page 2 SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V G, V G, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice.
  • Page 3 The H3C S5500-HI documentation set includes 1 1 configuration guides, which describe the software features for the H3C S5500-HI Switch Series Release 5101, and guide you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
  • Page 4 Layer 2 forwarding and other Layer 2 features. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. About the S5500-HI documentation set The H3C S5500-HI documentation set includes: Documents Purposes Product description and specifications Marketing brochure Describe product specifications and benefits.

  • Page 5: Obtaining Documentation

    Obtaining documentation You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support &...

  • Page 6: Technical Support

    Technical support customer_service@h3c.com http://www.h3c.com Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

  • Page 7: Table Of Contents

    Contents CLI configuration ·························································································································································· 1 What is CLI? ······································································································································································1 Entering the CLI ·································································································································································1 Command conventions ·····················································································································································1 Undo form of a command················································································································································2 CLI views ············································································································································································2 CLI view description ·················································································································································2 Entering system view ················································································································································3 Exiting the current view············································································································································3 Returning to user view··············································································································································4 Using the CLI online help ·················································································································································4 Entering commands···························································································································································5 Editing command lines·············································································································································5...
  • Page 8 Configuring none authentication for Telnet login ······························································································ 37 Configuring password authentication for Telnet login ······················································································ 38 Configuring scheme authentication for Telnet login ·························································································· 40 Configuring common settings for VTY user interfaces (optional)······································································ 43 Configuring the device to log in to a Telnet server as a Telnet client······························································ 44 Logging in through SSH ················································································································································...
  • Page 9 Managing directories on the FTP server ············································································································· 86 Operating the files on the FTP server ·················································································································· 86 Changing the username after FTP login·············································································································· 87 Maintaining and debugging the FTP connection······························································································· 88 Terminating an FTP connection ···························································································································· 88 FTP client configuration example ························································································································· 88 Configuring the FTP server ············································································································································...
  • Page 10 Configuration task list ·········································································································································110 Configuring parameters for saving the current running configuration ··························································110 Enabling automatic saving of the running configuration ················································································111 Manually saving the running configuration······································································································112 Setting configuration rollback ····························································································································112 Specifying a startup configuration file ·······················································································································113 Backing up the startup configuration file ···················································································································113 Deleting a startup configuration file ···························································································································113 Restoring a startup configuration file ·························································································································114 Displaying and maintaining a configuration file ······································································································114...
  • Page 11 Changing the system time ···········································································································································147 Configuration guidelines ····································································································································147 Configuration procedure ····································································································································150 Enabling displaying the copyright statement ············································································································150 Configuring banners····················································································································································151 Introduction to banners ·······································································································································151 Configuration procedure ····································································································································152 Configuring the exception handling method·············································································································152 Rebooting the device ···················································································································································153 Rebooting devices immediately at the CLI ········································································································153 Scheduling a device reboot ·······························································································································153 Scheduling jobs ····························································································································································154 Job configuration approaches ···························································································································154...

  • Page 12: Cli Configuration

    CLI configuration What is CLI? The command-line interface (CLI) enables you to interact with your device by entering text commands. At the CLI, you can instruct your device to perform a given task by entering a text command and then pressing Enter.

  • Page 13: Undo Form Of A Command

    Convention Description Asterisk marked square brackets enclose optional syntax choices separated by vertical [ x | y | ... ] * bars, from which you select one choice, multiple choices, or none. The argument or keyword and argument combination before the ampersand (&) sign can &<1-n>...

  • Page 14: Entering System View

    From system view, you can enter different function views. For example, enter interface view to • configure interface parameters, create a VLAN and enter its view, enter user interface view to configure login user attributes, create a local user and enter local user view to configure the password and level of the local user.

  • Page 15: Returning To User View

    To do… Use the command… Remarks Required Return to the parent view from the quit current view Available in any view. NOTE: The quit command in user view terminates the current connection between the terminal and the device. • In public key code view, use the public-key-code end command to return to the parent view (public key •...

  • Page 16: Entering Commands

    <1-4094> VLAN interface [Sysname] interface vlan-interface 1 ? <cr> [Sysname] interface vlan-interface 1 The string <cr> indicates that the command is a complete command, and you can be executed by pressing Enter. Enter an incomplete character string followed by?. The CLI displays all commands starting with the entered character(s).

  • Page 17: Entering Incomplete Keywords

    <Sysname> system-view [Sysname] snmp-agent group v3 ? STRING<1-32> Group name In this example, the SNMPv3 group name is an argument of the STRING type. It can contain 1 to 32 characters, each of which can be any printable character except the question mark (?), quotation mark (“), backward slash (\), and the blank space.

  • Page 18: Configuring Cli Hotkeys

    Configuring CLI hotkeys Follow these steps to configure CLI hotkeys: To do… Use the command… Remarks Enter system view system-view — Optional hotkey { CTRL_G | CTRL_L | The Ctrl+G, Ctrl+L and Ctrl+O Configure CLI hotkeys CTRL_O | CTRL_T | CTRL_U } hotkeys are specified at the CLI by command default.

  • Page 19: Redisplaying Entered But Not Submitted Commands

    Hotkey Function Esc+B Moves the cursor to the leading character of the continuous string to the left. Deletes all the characters of the continuous string at the current cursor position and Esc+D to the right of the cursor. Esc+F Moves the cursor to the front of the next continuous string to the right. Esc+N Moves the cursor down by one line (available before you press Enter) Esc+P...

  • Page 20: Using Command History

    Error information Cause % Incomplete command found at '^' position. Incomplete command % Ambiguous command found at '^' position. Ambiguous command Too many parameters Too many parameters % Wrong parameter found at '^' position. Wrong parameters Using command history The CLI automatically saves the commands recently used in the history command buffer. You can access these commands and execute them again.

  • Page 21: Controlling The Cli Display

    To do… Use the command… Remarks Enter system view system-view — user-interface { first-num1 Enter user interface view [ last-num1 ] | { aux | vty } — first-num2 [ last-num2 ] } Optional Set the maximum number of history-command max-size commands that can be saved in the By default, the history buffer can size-value...

  • Page 22: Filtering Output Information

    To do… Use the command… Remarks Required By default, a login user uses the settings of the screen-length command. The default settings of the screen-length command are: multiple-screen display is enabled Disable the multi-screen display screen-length disable and up to 24 lines are displayed on function the next screen.
  • Page 23 Character Meaning Remarks Matches the preceding or For example, “def|int” only matches a character succeeding character string string containing “def” or “int”. If it is at the beginning or the end of a regular expression, it equals ^ or $. For example, “a_b”...
  • Page 24 Character Meaning Remarks Matches character1character2. For example, “v\w” matches “vlan”, with “v” being character2 must be a number, letter, character1\w character1, and “l” being character2. v\w also or underline, and \w equals matches “service”, with “i” being character2. [A-Za-z0-9_]. For example, “\Wa” matches “-a”, with “-” being Equals \b.

  • Page 25: Configuring User Privilege And Command Levels

    Configuring user privilege and command levels Introduction To avoid unauthorized access, the switch defines user privilege levels and command levels. User privilege levels correspond to command levels. When a user at a specific privilege level logs in, the user can only use commands at that level or lower levels.
  • Page 26 To do… Use the command… Remarks user-interface { first-num1 Enter user interface view [ last-num1 ] | { aux | vty } — first-num2 [ last-num2 ] } Required By default, the authentication Specify the scheme authentication authentication-mode scheme mode for VTY users is password, mode and no authentication is needed for AUX login users.
  • Page 27 Follow these steps to configure the user privilege level under a user interface (SSH publickey authentication type): To do… Use the command… Remarks Required if the SSH login mode is adopted, and only username is needed during authentication. Configure the authentication type For more information, see Security After the configuration, the for SSH users as publickey...

  • Page 28: Switching User Privilege Level

    After the user logs back in, the user privilege restores to the original level. To avoid problems, H3C recommends that administrators log in to the switch by using a lower • privilege level and view switch operating parameters. To maintain the switch, administrators can temporarily switch to a higher level.
  • Page 29 Authentication Meaning Description mode The switch authenticates a user by using the privilege level switching password entered by the user. Local password local authentication When this mode is applied, you need to set the password for privilege level switching with the super password command. The switch sends the username and password for privilege level switching to the HWTACACS or RADIUS server for remote authentication.
  • Page 30 CAUTION: If no user privilege level is specified when you configure the password for switching the user privilege • level with the super password command, the user privilege level defaults to 3. Specifying the simple keyword saves the password in plain text, which is less secure than specifying the •...

  • Page 31: Modifying The Level Of A Command

    CAUTION: H3C recommends you to use the default command level or modify the command level under the guidance of professional staff. An improper change of the command level may bring inconvenience to your maintenance and operation, or even potential security problems.

  • Page 32: Displaying And Maintaining Cli

    information, and the reset commands, which clear specified information. One-time commands that are executed are never saved. Displaying and maintaining CLI To do… Use the command… Remarks display command-alias [ | { begin Display defined command aliases | exclude | include } Available in any view and the corresponding commands regular-expression ]...

  • Page 33: Login Methods

    Login methods Login methods You can log in to the switch in the following ways. Table 7 Login methods Login method Default state Logging in By default, you can log in to a device through the console port, the through the authentication mode is None (no username or password required), and the console port user privilege level is 3.

  • Page 34: User Interface Overview

    Login method Default state By default, you cannot log in to a device through a network management system (NMS). To do so, log in to the device through the console port, and complete the following configuration: • NMS login Configure the IP address of the VLAN interface, and make sure the device and the NMS can reach each other (by default, your device does not have an IP address.).
  • Page 35 VTY user interfaces. You can use the display user-interface command without any parameters to view supported user interfaces and their absolute numbers. Relative numbering Relative numbering allows you to specify a user interface or a group of user interfaces of a specific type. The number format is “user interface type + number”.

  • Page 36: Cli Login

    CLI login The CLI enables you to interact with a device by typing text commands. At the CLI, you can instruct your device to perform a given task by typing a text command and then pressing Enter to submit it to your device.

  • Page 37: Login Procedure

    Login procedure Use the console cable shipped with the device to connect the PC and the device. Plug the DB-9 connector of the console cable into the serial port of the PC, and plug the RJ-45 connector into the console port of your device. Figure 4 Connect the device and PC through a console cable WARNING! Identify interfaces correctly to avoid connection errors.
  • Page 38 Figure 5 Connection description Figure 6 Specify the serial port used to establish the connection...

  • Page 39: Console Login Authentication Modes

    Figure 7 Set the properties of the serial port Power on the device. Press Enter if the device successfully completes the power-on self test (POST). A prompt such as <H3C> appears after you press Enter, as shown in Figure Figure 8 Configuration page Execute commands to configure the device or check the running status of the device.

  • Page 40: Configuring None Authentication For Console Login

    none—Requires no username and password at the next login through the console port. This mode • is insecure. • password—Requires password authentication at the next login through the console port. scheme—Requires username and password authentication at the next login through the console •...

  • Page 41: Configuring Password Authentication For Console Login

    (optional).” After the configuration, the next time you log in to the device through the console port, you are prompted to press Enter. A prompt such as <H3C> appears after you press Enter, as shown in Figure Figure 9 Configuration page...

  • Page 42: Configuring Scheme Authentication For Console Login

    (optional).” When you log in to the device through the console port after configuration, you are prompted to enter a login password. A prompt such as <H3C> appears after you enter the password and press Enter, as shown in Figure...
  • Page 43 By default, you can log in to the device through the console port without authentication and have user privilege level 3 after login. For information about logging in to the device with the default configuration, “Configuration requirements.” Configuration procedure Follow these steps to configure scheme authentication for console login: To do…...
  • Page 44 After the configuration, when you log in to the device through the console port, you are prompted to enter a login username and password. A prompt such as <H3C> appears after you enter the password and username and press Enter, as shown in...

  • Page 45: Configuring Common Settings For Console Login (Optional)

    Figure 11 Configuration page Configuring common settings for console login (optional) Follow these steps to configure common settings for console login: To do… Use the command… Remarks Enter system view system-view — Optional Enable display of copyright copyright-info enable information Enabled by default.
  • Page 46 By default, the terminal display type is ANSI. The device supports two types of terminal display: ANSI and VT100. H3C recommends you to set the display type of both the device and the client to VT100. If the device and the client...

  • Page 47: Logging In Through Telnet

    To do… Use the command… Remarks Optional The default idle-timeout is 10 minutes. The system automatically terminates the user’s Set the idle-timeout idle-timeout minutes connection if there is no information interaction timer [ seconds ] between the device and the user within the idle-timeout time.

  • Page 48: Configuring None Authentication For Telnet Login

    none—Requires no username and password at the next login through Telnet. This mode is insecure. • • password—Requires password authentication at the next login through Telnet. Keep your password. If you lose your password, log in to the device through the console port to view or modify the password.

  • Page 49: Configuring Password Authentication For Telnet Login

    Configuration procedure Follow these steps to configure none authentication for Telnet login: To do… Use the command… Remarks Enter system view system-view — Required Enable Telnet telnet server enable By default, the Telnet service is enabled. Enter one or multiple VTY user user-interface vty first-number —...
  • Page 50 When you log in to the device through Telnet again, perform the following steps: • You are required to enter the login password. A prompt such as <H3C> appears after you enter the correct password and press Enter, as shown in Figure If “All user interfaces are used, please try later!”...

  • Page 51: Configuring Scheme Authentication For Telnet Login

    Figure 14 Configuration page Configuring scheme authentication for Telnet login Configuration prerequisites You have logged in to the device. By default, you can log in to the device through the console port without authentication and have user privilege level 3 after login. For information about logging in to the device with the default configuration, “Configuration requirements.”...
  • Page 52 To do… Use the command… Remarks Optional By default, command authorization is not enabled. • Create a HWTACACS scheme, and specify the IP address of the authorization server and other authorization Enable command authorization command authorization parameters. For more information, see Security Configuration Guide.
  • Page 53 When you log in to the device through Telnet again: • You are required to enter the login username and password. A prompt such as <H3C> appears after you enter the correct username (for example, admin) and password and press Enter, as shown...

  • Page 54: Configuring Common Settings For Vty User Interfaces (Optional)

    Figure 15 Configuration page Configuring common settings for VTY user interfaces (optional) Follow these steps to configure Common settings for VTY user interfaces: To do… Use the command… Remarks Enter system view system-view — Optional Enable display of copyright copyright-info enable information Enabled by default.

  • Page 55: Configuring The Device To Log In To A Telnet Server As A Telnet Client

    To do… Use the command… Remarks Optional Set the size of history history-command By default, the buffer saves 10 history command buffer max-size value commands. Optional The default idle-timeout is 10 minutes for all user interfaces. Set the idle-timeout idle-timeout minutes The system automatically terminates the timer [ seconds ]...

  • Page 56: Logging In Through Ssh

    NOTE: If the Telnet client port and the Telnet server port that connect them are not in the same subnet, make sure that the two devices can reach each other. Configuration procedure Follow the step below to configure the device to log in to a Telnet server as a Telnet client: To do…...

  • Page 57: Configuring The Ssh Server

    On a device that serves as the SSH server, you can configure the authentication mode and user level • for SSH users. By default, password authentication is adopted for SSH login, but no login password is configured, so you cannot log in to the device through SSH by default. Before you can log in to the device through SSH, you need to log in to the device through the console port and configure the authentication mode, user level, and common settings.
  • Page 58 To do… Use the command… Remarks Optional • By default, command authorization is not enabled. • By default, command level for a login user depends on the user privilege level. The user is authorized the command with the default level not higher than the user privilege level.
  • Page 59 To do… Use the command… Remarks Optional Enter the default ISP domain domain domain-name By default, the AAA scheme is local. view If you specify the local AAA scheme, authentication default perform the configuration concerning local { hwtacacs-scheme user as well. If you specify an existing Apply the hwtacacs-scheme-name scheme by providing the...

  • Page 60: Configuring The Ssh Client To Log In To The Ssh Server

    For more information, see Security Configuration Guide. When users adopt the scheme mode to log in to the device, the level of the commands that the users can access depends on the user privilege level defined in the AAA scheme. When the AAA scheme is local, the user privilege level is defined by the authorization-attribute •...

  • Page 61: Logging In Through Modems

    Logging in through modems The administrator can use two modems to remotely maintain a switch through its console port over the Public Switched Telephone Network (PSTN) when the IP network connection is broken. Configuration requirements By default, no authentication is needed when you log in through modems, and the default user privilege level is 3.
  • Page 62 CAUTION: Note the following device settings: The bits per second of the console port is lower than the transmission rate of the modem. Otherwise, • packets may be lost. The parity check mode, stop bits, and data bits of the console port adopt the default settings. •...
  • Page 63 Figure 20 Connection Description Figure 21 Enter the phone number...
  • Page 64 Figure 22 Dial the number Character string CONNECT9600 is displayed on the terminal. Then a prompt such as <H3C> appears when you press Enter. Figure 23 Configuration page Execute commands to configure the device or check the running status of the device. To get help, enter ?.

  • Page 65: Modem Login Authentication Modes

    Modem login authentication modes The following authentication modes are available for modem dial-in login: none, password, and scheme. none—Requires no username and password at the next login through modems. This mode is • insecure. • password—Requires password authentication at the next login through the console port. Keep your password.

  • Page 66: Configuring None Authentication For Modem Login

    (optional).” After the configuration, when you log in to the device through modems, you are prompted to press Enter. A prompt such as <H3C> appears after you press Enter, as shown in Figure Figure 24 Configuration page...

  • Page 67: Configuring Password Authentication For Modem Login

    (optional).” After the configuration, when you log in to the device through modems, you are prompted to enter a login password. A prompt such as <H3C> appears after you enter the password and press Enter, as shown in Figure...

  • Page 68: Configuring Scheme Authentication For Modem Login

    Figure 25 Configuration page Configuring scheme authentication for modem login Configuration prerequisites You have logged in to the device. By default, you can log in to the device through the console port without authentication and have user privilege level 3 after login. For information about logging in to the device with the default configuration, “Configuration requirements.”...
  • Page 69 To do… Use the command… Remarks Optional • By default, command authorization is not enabled. • By default, command level for a login user depends on the user privilege level. The user is authorized the command with the default level not higher than the user privilege level.
  • Page 70 After the configuration, when you log in to the device through modems, you are prompted to enter a login username and password. A prompt such as <H3C> appears after you enter the password and username and press Enter, as shown in...

  • Page 71: Configuring Common Settings For Modem Login (Optional)

    Figure 26 Configuration page Configuring common settings for modem login (optional) Follow these steps to configure common settings for modem login: To do… Use the command… Remarks Enter system view system-view — Optional Enable display of copyright copyright-info enable information Enabled by default.
  • Page 72 By default, the terminal display type is ANSI. The device supports two types of terminal display: ANSI and VT100. H3C recommends you to set the display type of both the device and the client to VT100. If the device and Configure the type...

  • Page 73: Displaying And Maintaining Cli Login

    To do… Use the command… Remarks Optional Set the size of the history command history-command max-size value By default, the buffer saves 10 buffer history commands at most. Optional The default idle-timeout is 10 minutes. The system automatically terminates the user’s connection if Set the idle-timeout idle-timeout minutes [ seconds ] there is no information interaction...
  • Page 74 To do… Use the command… Remarks Available in user view Lock the current user interface lock By default, the current user interface is not locked. Send messages to the specified send { all | num1 | { aux | vty } Available in user view user interfaces num2 }...

  • Page 75: Web Login

    Web login Web login overview The device provides a built-in web server that enables you to log in to the web interface of the device from a PC. The device supports the following web login methods: HTTP login—The Hypertext Transfer Protocol (HTTP) is used for transferring web page information •...

  • Page 76: Configuring Https Login

    To do… Use the command… Remarks Optional 80 by default. Configure the HTTP service port ip http port port-number If you execute the command number multiple times, the last one takes effect. Optional By default, the HTTP service is not associated with any ACL.
  • Page 77 To do… Use the command… Remarks Required By default, the HTTPS service is not associated with any SSL server policy. • If you disable the HTTPS service, the system automatically de-associates the Associate the HTTPS service with ip https ssl-server-policy HTTPS service from the SSL service an SSL server policy policy-name...

  • Page 78: Displaying And Maintaining Web Login

    To do… Use the command… Remarks Required By default, the HTTPS service is not Associate the HTTPS service with associated with any ACL. ip https acl acl-number an ACL Associating the HTTPS service with an ACL enables the device to allow only clients permitted by the ACL to access the device.

  • Page 79: Web Login Example

    Web login example HTTP login example Network requirements As shown in Figure 27, configure the device to allow the PC to log in over the IP network. Figure 27 Network diagram Configuration procedure Configure the device # Create VLAN 999, and add interface GigabitEthernet 1/0/1 on the device that connects to the PC to VLAN 999.

  • Page 80: Https Login Example

    Figure 28 Web login page # Enter the user name, password, verify code, select English, and click Login. The homepage appears. After login, you can configure device settings through the web interface. HTTPS login example Network requirements As shown in Figure 29, to prevent unauthorized users from accessing the device, configure the device as the HTTPS server and the host as the HTTPS client, and request a certificate for each of them.
  • Page 81 NOTE: This example assumes that the CA is named new-ca, runs Windows Server, is installed with the Simple • Certificate Enrollment Protocol (SCEP) add-on. Before performing the following configuration, make sure that the device, host, and CA can reach each •...
  • Page 82 [Device-pki-cert-acp-myacp] quit # Associate the HTTPS service with SSL server policy myssl. [Device] ip https ssl-server-policy myssl # Associate the HTTPS service with certificate attribute-based access control policy myacp. [Device] ip https certificate access-control-policy myacp # Enable the HTTPS service. [Device] ip https enable # Create a local user named usera, set the password to 123, specify the web service type.

  • Page 83: Nms Login

    NMS login NMS login overview An NMS runs the SNMP client software. It offers a user-friendly interface to facilitate network management. An agent is a program that resides in the device. It receives and handles requests from the NMS. An NMS is a manager in an SNMP enabled network, whereas agents are managed by the NMS. The NMS and agents exchange information through the SNMP protocol.

  • Page 84: Nms Login Example

    To do… Use the command… Remarks snmp-agent usm-user v3 user-name group-name [ [ cipher ] Required authentication-mode { md5 | Add a user to the If the cipher keyword is specified, both sha } auth-password SNMP group auth-password and priv-password are cipher [ privacy-mode { 3des | aes128 | text passwords.
  • Page 85 # Enter system view. <Sysname> system-view # Enable the SNMP agent. [Sysname] snmp-agent # Configure an SNMP group. [Sysname] snmp-agent group v3 managev3group # Add a user to the SNMP group. [Sysname] snmp-agent usm-user v3 managev3user managev3group Configure the NMS On the PC, launch the browser, and enter http://192.168.3.104:8080/imc in the address bar (suppose that the IP address of the iMC is 192.168.3.104).
  • Page 86 Figure 32 iMC homepage Log in to the iMC and configure SNMP settings for the iMC to find the device. After the device is found, you can manage and maintain the device through the iMC. For example, query device information or configure device parameters. NOTE: The SNMP settings on the iMC must be the same as those configured on the device.

  • Page 87: User Login Control

    User login control User login control overview The device provides the following login control methods: Login Through Login control methods ACL used Configuring source IP-based login control over Telnet Basic ACL users Configuring source and destination IP-based login Telnet Advanced ACL control over Telnet users Configuring source MAC-based login control over Ethernet frame header ACL...

  • Page 88: Configuring Source And Destination Ip-Based Login Control Over Telnet Users

    To do… Use the command… Remarks user-interface [ type ] first-number Enter user interface view — [ last-number ] Required inbound: Filters incoming Telnet Use the ACL to control user login acl [ ipv6 ] acl-number { inbound | packets. by source IP address outbound } outbound: Filters outgoing Telnet...

  • Page 89: Source Mac-Based Login Control Configuration Example

    To do… Use the command… Remarks Required Create an Ethernet frame header acl number acl-number By default, no Ethernet frame ACL and enter its view [ match-order { config | auto } ] header ACL exists. rule [ rule-id ] { permit | deny } Configure rules for the ACL Required rule-string...

  • Page 90: Configuring Source Ip-Based Login Control Over Nms Users

    [Sysname] user-interface vty 0 15 [Sysname-ui-vty0-15] acl 2000 inbound Configuring source IP-based login control over NMS users You can log in to the NMS to remotely manage the devices. SNMP is used for communication between the NMS and the agent that resides in the device. By using the ACL, you can control SNMP user access to the device.

  • Page 91: Source Ip-Based Login Control Over Nms Users Configuration Example

    To do… Use the command… Remarks snmp-agent community { read | Associate this SNMP community write } community-name [ acl with the ACL acl-number | mib-view view-name ]* snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ] [ notify-view Required notify-view ] [ acl acl-number ]...

  • Page 92: Configuring Source Ip-Based Login Control Over Web Users

    <Sysname> system-view [Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit # Associate the ACL with the SNMP community and the SNMP group. [Sysname] snmp-agent community read aaa acl 2000 [Sysname] snmp-agent group v2c groupa acl 2000 [Sysname] snmp-agent usm-user v2c usera groupa acl 2000 Configuring source IP-based login control over web...

  • Page 93: Source Ip-Based Login Control Over Web Users Configuration Example

    To do… Use the command… Remarks Required free web-users { all | user-id Log off online web users user-id | user-name user-name } Available in user interface view Source IP-based login control over web users configuration example Network requirements As shown in Figure 35, configure the device to allow only web users from Host B to access.

  • Page 94: Ftp Configuration

    FTP configuration FTP overview Introduction to FTP The File Transfer Protocol (FTP) is an application layer protocol used to share files between server and client over a TCP/IP network. FTP uses TCP ports 20 and 21. Port 20 is used to transmit data, and port 21 is used to transmit control commands.

  • Page 95: Configuring The Ftp Client

    Table 8 Configuration when the device serves as the FTP client Device Configuration Remarks If the remote FTP server supports anonymous FTP, the device can log in to it directly; if not, Use the ftp command to establish the Device (FTP client) the device must obtain the FTP username and connection to the remote FTP server password first to log in to the remote FTP...

  • Page 96: Establishing An Ftp Connection

    Establishing an FTP connection Before you can access the FTP server, you must establish a connection from the FTP client to the FTP server. You can either use the ftp command to establish the connection directly or use the open command in FTP client view to establish the connection.

  • Page 97: Managing Directories On The Ftp Server

    To do… Use the command… Remarks ftp ipv6 [ server-address [ service-port ] [ vpn-instance Log in to the remote FTP server vpn-instance-name ] [ source ipv6 Use either approach. directly in user view source-ipv6-address ] [ -i The ftp ipv6 command is available interface-type interface-number ] ] in user view;...

  • Page 98: Changing The Username After Ftp Login

    Use the lcd command to display the local working directory of the FTP client. You can upload the file or save the downloaded file under this directory. Upload or download the file. Follow these steps to operate the files on an FTP server: To do…...

  • Page 99: Maintaining And Debugging The Ftp Connection

    Maintaining and debugging the FTP connection After a device serving as the FTP client has established a connection with the FTP server, you can perform the following operations to locate and diagnose FTP connection problems. For more information about establishing an FTP connection, see “Establishing an FTP connection.”...
  • Page 100 Figure 37 Network diagram Configuration procedure CAUTION: If the available memory space of the device is not enough, use the fixdisk command to clear the memory file or use the delete/unreserved command to delete the files not in use and then perform the following operations.

  • Page 101: Configuring The Ftp Server

    # Specify newest.bin as the main system software image file for next startup of all the member switches. <Sysname> boot-loader file newest.bin slot all main This command will set the boot file of the specified board. Continue? [Y/N]:y The specified file will be used as the main boot file at the next reboot on slot 1! The specified file will be used as the main boot file at the next reboot on slot 2! # Reboot the IRF fabric, and the system software image file is updated at the system reboot.

  • Page 102: Configuring Authentication And Authorization On The Ftp Server

    To do… Use the command… Remarks Manually release the FTP connection established with the free ftp user username Optional specified username Configuring authentication and authorization on the FTP server To allow an FTP user to access certain directories on the FTP server, you must create an account for the user, authorize the user to access the directories, and configure a password for the user.

  • Page 103: Ftp Server Configuration Example

    FTP server configuration example Network requirements As shown in Figure 38, an IRF fabric comprises a master and a slave device. The member ID of the master is 1 and that of the slave device is 2. The IRF fabric serves as an FTP server, and the PC serves as an FTP client.

  • Page 104: Displaying And Maintaining Ftp

    c:\> ftp 1.1.1.1 Connected to 1.1.1.1. 220 FTP service ready. User(1.1.1.1:(none)):abc 331 Password required for abc. Password: 230 User logged in. # Download the configuration file config.cfg of the IRF fabric to the PC for backup. ftp> get config.cfg back-config.cfg # Upload the configuration file newest.bin to the root directory of the storage medium on the master.
  • Page 105 To do… Use the command… Remarks display ftp-user [ | { begin | Display detailed information about exclude | include } Available in any view logged-in FTP users regular-expression ]...

  • Page 106: Tftp Configuration

    TFTP configuration TFTP overview Introduction to TFTP The Trivial File Transfer Protocol (TFTP) provides functions similar to those provided by FTP, but it is less complex than FTP in interactive access interface and authentication. It is more suitable in environments where complex interaction is not needed between client and server.

  • Page 107: Configuring The Tftp Client

    This mode is more secure but consumes more memory. H3C recommends that you use the secure mode or, if you use the normal mode, specify a filename that does not exist in the target directory.

  • Page 108: Displaying And Maintaining The Tftp Client

    To do… Use the command… Remarks Optional Use an ACL to control the device’s By default, no ACL is used to tftp-server [ ipv6 ] acl acl-number access to TFTP servers control the device’s access to TFTP servers. Optional tftp client source { interface Specify the source IP address of By default, the source IP address interface-type interface-number | ip...
  • Page 109 Figure 40 Network diagram Configuration procedure Configure the PC (TFTP server). (Details not shown) • On the PC, enable the TFTP server Configure a TFTP working directory • Configure the IRF fabric (TFTP client) CAUTION: If the available memory space of the master and slave devices is not enough, use the fixdisk command to file clear the memory or use the delete /unreserved command to delete the files not in use and then...

  • Page 110: File System Management

    File system management File system overview Files such as host software and configuration files that are necessary for the operation of the device are saved in the storage media of the device. You can manage the storage media and the files saved on the media, and organize the files under different directories for easy management.

  • Page 111: Displaying File Information

    NOTE: You can create a file by copying, downloading or using the save command. Displaying file information To do… Use the command… Remarks Required Display file or directory dir [ /all ] [ file-url | information /all-filesystems ] Available in user view Displaying the contents of a file To do…...

  • Page 112: Restoring A File From The Recycle Bin

    CAUTION: The files in the recycle bin still occupy storage space. To delete a file in the recycle bin, execute the reset • recycle-bin command in the directory to which the file originally belongs. To save storage space, empty the recycle bin periodically with the reset recycle-bin command. file The delete /unreserved command deletes a file permanently and the action cannot be undone.

  • Page 113: Changing The Current Working Directory

    Changing the current working directory To do… Use the command… Remarks Required Change the current working cd { directory | .. | / } directory Available in user view Creating a directory To do… Use the command… Remarks Required Create a directory mkdir directory Available in user view Removing a directory...

  • Page 114: Displaying And Maintaining The Nand Flash Memory

    Displaying and maintaining the NAND flash memory The physical space of the NAND flash memory is divided into multiple blocks, each of which is subdivided into multiple pages. The NAND flash memory is erased on a block basis and read on a page basis;...

  • Page 115: Setting The File System Operation Modes

    CAUTION: Executing a batch file does not guarantee successful execution of every command in the batch file. If a command has error settings or the conditions for executing the command are not satisfied, this command fails to be executed, and the system skips to the next command. Setting the file system operation modes The file systems support the following operation modes: •...
  • Page 116 <Sysname> cd .. # Display the current working directory. <Sysname> pwd flash:...

  • Page 117: Configuration File Management

    Configuration file management The device provides the configuration file management function. You can manage configuration files on the user-friendly command line interface (CLI). Configuration file overview A configuration file saves the device configurations as a set of text commands. You can save the current configuration to a configuration file so that the configuration takes effect after you reboot the device.

  • Page 118: Format And Content Of A Configuration File

    Format and content of a configuration file A configuration file is saved as a text file according to these rules: A configuration file contains commands. • Only non-default configuration settings are saved. • The commands are listed in sections by views, usually in this order: system view, interface view, •...

  • Page 119: Enabling Configuration File Auto-Save

    Complete these tasks to save the current configuration: Task Remarks Enabling configuration file auto-save Optional Selecting the modes for saving the configuration file Required Enabling configuration file auto-save When the configuration file auto-save function is enabled, and you save the current configuration •...

  • Page 120: Setting Configuration Rollback

    If the configuration file is generated by another device, the file must comply with the format of the configuration file on the current device. H3C recommends that you use the configuration file generated by using the backup function. You can apply configuration rollback in these situations: Running configuration error.

  • Page 121: Configuration Task List

    NOTE: The running configuration is saved only to the master. Only the configuration on the master can be rolled back. However, the related configuration is synchronized to the slaves to ensure the rollback of the configuration after the master is changed. Configuration task list Complete these tasks to configure the configuration rollback: Task...

  • Page 122: Enabling Automatic Saving Of The Running Configuration

    If the device configuration does not change frequently, manually save the running configuration as • needed • H3C recommends that you save the running configuration manually, or configure automatic saving with an interval longer than 1,440 minutes (24 hours). Follow these steps to enable automatic saving of the running configuration: To do…...

  • Page 123: Manually Saving The Running Configuration

    Manually saving the running configuration Automatic saving the running configuration consumes system resources. Frequent save operations can hamper system performance. Therefore, if the system configuration does not change frequently, disable the automatic saving of the running configuration and save it manually. While automatic saving of the running configuration is performed periodically, while manual saving can be used to immediately save the running configuration.

  • Page 124: Specifying A Startup Configuration File

    Specifying a startup configuration file To specify a startup configuration file, you can: Use the save command. If you save the running configuration to the specified configuration file in • the interactive mode, the system automatically sets the file as the main startup configuration file. •...

  • Page 125: Restoring A Startup Configuration File

    With startup configuration files deleted, the devices uses factory default configuration at the next startup. Follow the step below to delete a startup configuration file: To do… Use the command… Remarks Required Delete a startup configuration file reset saved-configuration [ backup from the storage media | main ] Available in user view...
  • Page 126 To do… Use the command… Remarks display startup [ | { begin | Display the configuration files used exclude | include } Available in any view at this and the next system startup regular-expression ] display this [ by-linenum ] [ | Display the valid configuration { begin | exclude | include } Available in any view...

  • Page 127: Software Upgrade Configuration

    Software upgrade configuration Device software overview The device software comprises the Boot ROM and the system software images. After the device is powered on, it runs the Boot ROM image, initializes hardware, and displays the hardware information. Then the device runs the system software image, which provides drivers and adapters for hardware and implements service features.

  • Page 128: Software Upgrade Through A System Reboot

    Upgrade method Upgrade object Description • Hotfix is a fast, cost-effective method to repair software defects of a device. • Compared with software version upgrade, hotfix can upgrade the software without interrupting the running services of the device. In other words, it can repair the Software upgrade by System software software defects of the current version without rebooting...

  • Page 129: Upgrading System Software Through A System Reboot (Method

    Upgrading system software through a system reboot (method I) Save the system software image to the root directory of the master device's storage media by using a method such as FTP or TFTP. Copy the new system software image to the root directory of the storage media of a slave. Use commands to specify the system software image to be used at the next boot of the master and slave respectively.

  • Page 130: Software Upgrade By Installing Hotfixes

    Software upgrade by installing hotfixes Hotfix can repair software defects of the current version without rebooting the switch, protecting the running services of the switch from being interrupted. Basic concepts in hotfix Patch and patch file A patch, also called patch unit, is a package used to fix software defects. Generally, patches are released as patch files.
  • Page 131 DEACTIVE state, the patches switch to the ACTIVE state. Figure 42 Relationship between patch state changes and command actions NOTE: Information about patch states is saved in file patchstate on the Flash. H3C recommends that you do not operate this file. IDLE state Patches in IDLE state are not loaded.
  • Page 132 NOTE: Currently, the memory patch area supports up to 200 patches. DEACTIVE state Patches in DEACTIVE state have been loaded to the memory patch area but have not yet run in the system. Suppose that there are seven patches in the patch file to be loaded. After the seven patches successfully pass the version check and CRC check, they are loaded to the memory patch area and are in DEACTIVE state.

  • Page 133: Hotfix Configuration Task List

    The patches that are in RUNNING state are still in RUNNING state after system reboot. Figure 46 Patches are running Hotfix configuration task list Task Remarks Installing a patch in one step Use either approach. Install patches The step-by-step patch installation allows you to Installing a patch step-by-step control the patch status.

  • Page 134: Installing A Patch Step-By-Step

    To uninstall all patches in one operation, use the undo patch install command, which is the same as • performing “Uninstalling a patch step-by-step.” In an IRF fabric, H3C recommends that you uninstall all patches in one operation. Installing a patch step-by-step Step-by-step patch installation enables you to control the patch status during the patch installation process.
  • Page 135 NOTE: H3C recommends that you save the patch file to the root directory of the Flash. • The directory specified by the patch-location argument must exist on each member switch of an IRF •...

  • Page 136: Uninstalling A Patch Step-By-Step

    Follow these steps to activate patches: To do… Use the command… Remarks Enter system view system-view — patch active [ patch-number ] slot Activate patches Required slot-number Confirming running patches After you confirm that the installed patch is running, the patch state changes to RUNNING, and the patch is in the normal running stage.

  • Page 137: Displaying And Maintaining Software Upgrade

    Available in any view exclude | include } regular-expression ] NOTE: In an IRF fabric, H3C recommends that you uninstall all patches by using the undo patch install command in one operation. Software upgrade configuration examples Immediate upgrade configuration example...
  • Page 138 Configure the TFTP server (Configurations may vary with different types of servers) Obtain the system software image and configuration file through legitimate channels, such as the official website of H3C, agents, and technical staff. Save these files under the TFTP server’s working path for the access of the TFTP clients.

  • Page 139: Hotfix Configuration Example

    Hotfix configuration example Network requirements The IRF fabric in this example comprises two member switches, the master and slave. The software running on the member switches is having problems, and a hotfix is needed. The patch files patch_xxx.bin and patch_lpu.bin are saved on the TFTP server. The IRF fabric and TFTP server can reach each other.

  • Page 140: Issu Configuration

    ISSU configuration ISSU overview In-Service Software Upgrade (ISSU) enables software upgrade and ensures continuous packet forwarding. As shown in Figure 49, to ensure high availability for user networks, cross-device link aggregation is configured on the IRF member switches at the distribution layer so that every three physical links with the same color between the IRF member switches and access switches are aggregated as one logical link.
  • Page 141 Figure 50 ISSU flow chart Start Download the new boot file and save it to the flash of all the IRF member switches Check the IRF member switches Use the display version comp-matrix file command to check whether the current and new boot files are compatible. Incompatible Compatible Check result...

  • Page 142: System Software Version Rollback

    System software version rollback The H3C S5500-HI switch series supports version rollback during ISSU. When ISSU fails to proceed on an IRF member switch (for example, the new system software image file is broken), you can use this feature to revert system software to the previous version.

  • Page 143: Prerequisites For Performing Issu

    Task Remarks Download the new system software image to the Flash of Required all the IRF member switches Prerequisites for performing ISSU Required Enabling version compatibility check Required Configuring compatible ISSU Required Configuring ISSU Use either approach Configuring incompatible ISSU Configure the ISSU version rollback timer Optional Displaying and maintaining ISSU...

  • Page 144: Enabling Version Compatibility Check

    Enabling version compatibility check Before performing an ISSU upgrade, you need to check the version compatibility between the new and current system software images, to determine whether ISSU can be performed, and which ISSU method is adopted. After downloading and saving the new system software image, select an ISSU upgrade method according to one of the following version compatibility check results: •...
  • Page 145 To do… Use the command… Remarks Required With this command executed: • The master reboots with the current system software image, and becomes a slave switch after reboot. • The slave switches of the IRF fabric perform master election. The winner (the slave switch specified with Reboot the master issu run switchover slot the issu load command) becomes the new master.

  • Page 146: Configure The Issu Version Rollback Timer

    CAUTION: To upgrade system software of the IRF fabric through ISSU when the new and current system software image versions are incompatible, make sure that the multi-active detection (MAD) function has been configured for the IRF fabric. Otherwise, duplicate IRF fabrics will coexist after the new master (the slave switch specified with the issu load command) is rebooted, causing network faults.

  • Page 147: Displaying And Maintaining Issu

    To do… Use the command… Remarks Optional By default, automatic rollback is performed to revert Perform a manual to the previous version. issu rollback slot slot-number version rollback The slot-number argument provided in this command must be the same as that specified in the issu load command.

  • Page 148: Issu Configuration Example

    ISSU configuration example Current network status and requirements analysis Current network status As shown in Figure 51, access layer switches Switch A, Switch B, and Switch C connect to user networks. Distribution layer switches Switch D, Switch E, and Switch form an IRF fabric. The member ID of the master is 1, and those of the slave switches are 2 and 3 respectively.

  • Page 149: Configuration Procedure

    Figure 51 Network diagram Core Aggregation Group 1 SwitchE Aggregation Group 2 Aggregation Group 3 4: GE2/0/1 5: GE2/0/2 6: GE2/0/3 SwitchD SwitchF 1: GE1/0/1 7: GE3/0/1 2: GE1/0/2 8: GE3/0/2 3: GE1/0/3 9: GE3/0/3 1: GE1/0/1 1: GE1/0/1 1: GE1/0/1 2: GE1/0/2 2: GE1/0/2 2: GE1/0/2...
  • Page 150 [IRF-GigabitEthernet1/0/1] port link-aggregation group 1 [IRF-GigabitEthernet1/0/1] quit [IRF] interface GigabitEthernet 2/0/1 [IRF-GigabitEthernet2/0/1] port link-aggregation group 1 [IRF-GigabitEthernet2/0/1] quit [IRF] interface GigabitEthernet 3/0/1 [IRF-GigabitEthernet3/0/1] port link-aggregation group 1 [IRF-GigabitEthernet3/0/1] quit # Add ports GigabitEthernet 1/0/2, GigabitEthernet 2/0/2, and GigabitEthernet 3/0/2 that connect to Switch B to aggregation group 2.

  • Page 151: Issu Upgrade Preparation

    Configure Switch B # Create dynamic aggregate interface 2. <SwitchB> system-view [SwitchB] interface bridge-aggregation 2 [SwitchB-Bridge-Aggregation2] link-aggregation mode dynamic [SwitchB-Bridge-Aggregation2] quit #Add ports GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 that connect to IRF member switches to aggregation group 2 (corresponding to aggregate interface 2). [SwitchB] interface GigabitEthernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] port link-aggregation group 2 [SwitchB-GigabitEthernet1/0/1] quit...
  • Page 152 Downloading file from remote TFTP server, please wait…… TFTP: 10058752 bytes received in 141 second(s) File downloaded successfully. <IRF> copy soft-version2.bin slot2#flash:/ <IRF> copy soft-version2.bin slot3#flash:/ Check all IRF member switches before the ISSU upgrade Check the running status of all IRF member switches. If the running state of a member switch is abnormal, the ISSU upgrade cannot be performed.
  • Page 153 The Bridge MAC of the IRF is: 0023-8927-ad53 Auto upgrade : yes Mac persistent : 6 min Domain ID The output shows that the following information: • The member ID and the priority of the master is 1 and 10 respectively The member ID and the priority of one slave switch is 2 and 9 respectively •...
  • Page 154 # Verify whether the new system software image soft-version2.bin has been saved to the Flash of slave switch 3. <IRF> dir slot3#flash:/ Directory of slot3#flash:/ -rw- 6085 May 29 2010 11:38:45 config.cfg -rw- 10518 Apr 26 2011 12:45:05 logfile.log -rw- 19057904 Apr 26 2011 14:24:11 soft-version1.bin...

  • Page 155: Performing Compatible Issu Upgrade

    Running Version: version1 Version Compatibility List: version2 (Incompatible) The output shows that the two versions are incompatible. You need to use the incompatible ISSU method. For more information, see “Performing incompatible ISSU upgrade.” Performing compatible ISSU upgrade # Upgrade the specified slave switch (the new master after the upgrade), which is slave switch 2 in this example.

  • Page 156: Performing Incompatible Issu Upgrade

    Then the ISSU upgrade process completes and the system software images of all IRF member switches have been upgraded to the new version. # Verify whether the current system software images on the IRF member switches are soft-version2.bin. [IRF] display boot-loader Slot 1 The current boot app is: flash:/soft-version2.bin...
  • Page 157 The main boot app is: flash:/soft-version2.bin The backup boot app is: flash:/ Slot 3 The current boot app is: flash:/soft-version2.bin The main boot app is: flash:/soft-version2.bin The backup boot app is: flash:/...

  • Page 158: Device Management

    Optional Configure the device name sysname sysname The default device name is H3C. Changing the system time You must synchronize your device with a trusted time source by using NTP or changing the system time before you run it on the network. Network management depends on an accurate system time setting, because the timestamps of system messages and logs use the system time.
  • Page 159 Command Effective system time Configuration example System time clock datetime 2:00 03:00:00 zone-time Fri 2007/2/2 zone-offset 1, 2 date-time ± 02/02/2007 clock timezone zone-time add 1 clock timezone 03:00:00 zone-time Sat zone-time add 1 2, 1 date-time 03/03/2007 clock datetime 3:00 2007/3/3 The original system time outside the daylight...
  • Page 160 Command Effective system time Configuration example System time clock summer-time ss date-time – summer-offset one-off 1:00 outside the daylight 23:30:00 UTC Sun 2007/1/1 1:00 saving time range: 2007/8/8 2 12/31/2006 3, 1 clock datetime 1:30 date-time – summer-offset (date-time in the 2007/1/1 daylight saving time clock summer-time ss...

  • Page 161: Configuration Procedure

    You can disable or enable the function as needed. The following is a sample copyright statement: ****************************************************************************** * Copyright (c) 2004-2011 Hangzhou H3C Tech. Co., Ltd. All rights reserved. * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.

  • Page 162: Configuring Banners

    To do… Use the command… Remarks Enter system view system-view — Optional Enable displaying the copyright copyright-info enable statement Enabled by default. Configuring banners Introduction to banners Banners are messages that the system displays when a user connects to the device to perform login authentication, and start interactive configuration.

  • Page 163: Configuration Procedure

    Have a nice day. Please input the Password.% Method II—Type a character after the command keywords at the first line, and then press Enter. • Type the banner information, and end with the character you typed at the first line. The start character and the end character are not part of the banner information.

  • Page 164: Rebooting The Device

    NOTE: In an IRF fabric, the exception handling method applies to all member switches, but the member switches handle system exceptions independently without affecting one another. Rebooting the device You can reboot the device in one of the following ways to recover from an error condition: •...

  • Page 165: Scheduling Jobs

    NOTE: In an IRF fabric, the command applies to all IRF member switches. • If you execute the schedule reboot at command or the schedule reboot delay command repeatedly, the • last configuration takes effect. If you change the system time by using the clock datetime, clock summer-time, or clock timezone •...

  • Page 166: Configuration Guidelines

    Configuration guidelines To have a job successfully run a command, check that the specified view and command are valid. • The system does not verify their validity. The configuration interface, view, and user status that you have before job execution restores even •...

  • Page 167: Disabling Boot Rom Access

    To do… Use the command… Remarks Required Specify the view in which the You can specify only one view for view view-name commands in the job run a job. The job executes all commands in the specified view. Configure a command to run at a specific time and date: time time-id at time date command command...

  • Page 168: Configuring Power-Saving Status

    When the power-saving function is enabled globally, all LEDs operate according to the • power-saving status, and all Ethernet interfaces are automatically enabled with the power-saving function. Follow these steps to enable the power-saving function: To do… Use the command… Remarks Enter system view system-view...

  • Page 169: Configuring Temperature Thresholds For A Device

    the port is still down when the detection timer expires, the port quits the shutdown status and resume its actual physical status. Follow these steps to configure the port status detection timer: To do… Use the command… Remarks Enter system view system-view —...

  • Page 170: Clearing Unused 16-Bit Interface Indexes

    Clearing unused 16-bit interface indexes The device must maintain persistent 16-bit interface indexes and keep one interface index match one interface name for network management. After deleting a logical interface, the device retains its 16-bit interface index so the same index can be assigned to the interface at interface re-creation. To avoid index depletion causing interface creation failures, you can clear all 16-bit indexes that have been assigned but not in use.

  • Page 171: Diagnosing Transceiver Modules

    Diagnosing transceiver modules The device provides the alarm function and digital diagnosis function for transceiver modules. When a transceiver module fails or inappropriately work, you can check for alarms present on the transceiver module to identify the fault source or examine the key parameters monitored by the digital diagnosis function, including the temperature, voltage, laser bias current, TX power, and RX power.
  • Page 172 To do… Use the command… Remarks display device manuinfo [ slot Display the electronic label data slot-number [ subslot subslot-number ] ] Available in any view for the device [ | { begin | exclude | include } regular-expression ] display device manuinfo slot slot-number Display the electronic label data power power-id [ | { begin | exclude |...

  • Page 173: Automatic Configuration

    Automatic configuration Automatic configuration overview Automatic configuration enables a device without any configuration file to automatically obtain and execute a configuration file during startup. Automatic configuration simplifies network configuration, facilitates centralized management, and reduces maintenance workload. To implement automatic configuration, the network administrator saves configuration files on a server and a device automatically obtains and executes a specific configuration file.

  • Page 174: How Automatic Configuration Works

    How automatic configuration works Automatic configuration works in the following manner: During startup, the device sets the first up interface (if up Layer 2 Ethernet ports exist, the VLAN interface of the default VLAN of the Ethernet ports is selected as the first up interface. Otherwise, the up Layer 3 Ethernet interface with the smallest interface number is selected as the first up interface) as the DHCP client to request parameters from the DHCP server, such as an IP address and name of a TFTP server, IP address of a DNS server, and the configuration file name.

  • Page 175: Using Dhcp To Obtain An Ip Address And Other Configuration Information

    Using DHCP to obtain an IP address and other configuration information Address acquisition process As mentioned before, a device sets the first up interface as the DHCP client during startup. The DHCP client broadcasts a DHCP request, where the Option 55 field specifies the information that the client wants to obtain from the DHCP server such as the configuration file name, domain name and IP address of the TFTP server, and DNS server IP address.

  • Page 176: Obtaining The Configuration File From The Tftp Server

    If devices use different configuration files, you need to configure static address pools to ensure that • each device can get a fixed IP address and a specific configuration file. With this method, the administrator does not need to perform any other configuration for the devices. NOTE: To configure static address pools, you must obtain corresponding client IDs.
  • Page 177 Obtaining the configuration file Figure 54 Obtain the configuration file A device obtains its configuration file by using the following workflow: If the DHCP response contains the configuration file name, the device requests the specified • configuration file from the TFTP server. If not, the device tries to get its host name from the host name file obtained from the TFTP server.

  • Page 178: Executing The Configuration File

    If the IP address and the domain name of the TFTP server are not contained in the DHCP response • or they are illegitimate, the device broadcasts a TFTP request. NOTE: After broadcasting a TFTP request, the device selects the TFTP server that responds first to obtain the •...

  • Page 179: Index

    Index A B C D E F H I L M N P R S T U V W Displaying and maintaining CLI,21 Displaying and maintaining CLI login,62 Automatic configuration overview,162 Displaying and maintaining device management,160 Displaying and maintaining FTP,93 Displaying and maintaining software upgrade,126 Backing up the startup configuration...
  • Page 180 Performing batch operations,103 TFTP client configuration example,97 TFTP overview,95 Typical automatic configuration network,162 Rebooting the device,153 Restoring a startup configuration file,1 14 Understanding command-line errors,8 Undo form of a command,2 Saving the current configuration,20 User interface overview,23 Saving the running configuration,107 User login control overview,76...

Table of Contents