HPE FlexNetwork 5130 EI Series Fundamentals Configuration Manual
  1. Manuals
  2. Brands
  3. HPE Manuals
  4. Network Router
  5. FlexNetwork 5130 EI Series
  6. Fundamentals configuration manual

HPE FlexNetwork 5130 EI Series Fundamentals Configuration Manual

Hide thumbs Also See for FlexNetwork 5130 EI Series:
Table of Contents

Advertisement

Quick Links

See also: Configuration Manual
HPE FlexNetwork 5130 EI Switch Series
Fundamentals Configuration Guide
Part number: 5998-5473t
Software version: Release 3111P02 and later
Document version: 6W101-20161010

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FlexNetwork 5130 EI Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for HPE FlexNetwork 5130 EI Series

Summary of Contents for HPE FlexNetwork 5130 EI Series

  • Page 1 HPE FlexNetwork 5130 EI Switch Series Fundamentals Configuration Guide Part number: 5998-5473t Software version: Release 3111P02 and later Document version: 6W101-20161010...
  • Page 2 © Copyright 2015, 2016 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Contents Using the CLI ·································································································· 1   CLI views ··························································································································································· 1   Entering system view from user view ········································································································· 2   Returning to the upper-level view from any view ······················································································· 2   Returning to user view ······························································································································· 2   Accessing the CLI online help ···························································································································· 2  ...
  • Page 4 Accessing the device through SNMP ···························································· 43   Controlling user access ················································································· 44   FIPS compliance ·············································································································································· 44   Controlling Telnet/SSH logins ·························································································································· 44   Configuration procedures ························································································································· 44   Configuration example ····························································································································· 44   Controlling Web logins ····································································································································· 45  ...
  • Page 5 FTP server configuration example ··········································································································· 80   Using the device as an FTP client ··················································································································· 81   Establishing an FTP connection ··············································································································· 81   Managing directories on the FTP server ·································································································· 83   Working with files on the FTP server ······································································································· 83  ...
  • Page 6 Displaying and maintaining configuration files ······························································································· 105   Upgrading software ····················································································· 106   Overview ························································································································································ 106   Software types ······································································································································· 106   Software file naming conventions ·········································································································· 106   Comware image redundancy and loading procedure ············································································ 106   System startup process ·························································································································· 107  ...
  • Page 7 Executing a Python script ······························································································································ 135   Exiting the Python shell ·································································································································· 135   Python usage example ·································································································································· 135   Network requirements ···························································································································· 135   Configuration procedure ························································································································· 136   Verifying the configuration ······················································································································ 136   Comware 7 extended Python API ······························································· 137  ...

  • Page 8: Using The Cli

    Using the CLI At the command-line interface (CLI), you can enter text commands to configure, manage, and monitor the device. The following text is displayed when you access the CLI: ****************************************************************************** * Copyright (c) 2010-2016 Hewlett Packard Enterprise Development LP * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.

  • Page 9: Entering System View From User View

    Enter interface view to configure interface parameters. Enter VLAN view to add ports to the VLAN. Enter user line view to configure login user attributes. To display all commands available in a view, enter a question mark (?) at the view prompt. Entering system view from user view Task Command...

  • Page 10: Using The Undo Form Of A Command

    monitor Enable to display logs on the current terminal If the question mark is in the place of an argument, the CLI displays the description of the argument. For example: <Sysname> system-view [Sysname] interface vlan-interface ? <1-4094> Vlan-interface interface number [Sysname] interface vlan-interface 1 ? <cr>...

  • Page 11: Entering A Text Or String Type Value For An Argument

    Keys Function before pressing Enter are saved in the edit buffer. Deletes the character to the left of the cursor and moves the cursor back Backspace one character. Left arrow key (←) Moves the cursor one character to the left. Right arrow key (→) Moves the cursor one character to the right.

  • Page 12: Configuring And Using Command Hotkeys

    Usage guidelines • After you successfully execute a command by using a keyword alias, the system saves the keyword, instead of its alias, to the running configuration. • If a string you entered for a command partially matches an alias and a keyword, the command indicated by the alias is executed.

  • Page 13: Enabling Redisplaying Entered-But-Not-Submitted Commands

    Table 2 System-reserved hotkeys Hotkey Function Moves the cursor to the beginning of a line. Ctrl+A Moves the cursor one character to the left. Ctrl+B Stops the current command. Ctrl+C Deletes the character at the cursor. Ctrl+D Moves the cursor to the end of a line. Ctrl+E Moves the cursor one character to the right.

  • Page 14: Using The Command History Feature

    • If the command fails syntax check, the CLI displays an error message. Table 3 Common command-line error messages Error message Cause % Unrecognized command found at '^' position. The keyword in the marked position is invalid. One or more required keywords or arguments are % Incomplete command found at '^' position.

  • Page 15: Controlling The Cli Output

    • Buffering a command in the exact format in which the command was entered. For example, if you enter an incomplete command, the buffered command is also incomplete. If you enter a command with a command keyword alias, the buffered command also uses the alias. •...

  • Page 16: Numbering Each Output Line From A Display Command

    Numbering each output line from a display command You can use the | by-linenum option to prefix each display command output line with a number for easy identification. Each line number is displayed as a 5-character string and might be followed by a colon (:) or hyphen (-).
  • Page 17 Characters Meaning Examples "(string)\1" matches a string containing "stringstring". Matches the preceding strings in "(string1)(string2)\2" matches a string containing parentheses, with the Nth string "string1string2string2". repeated once. "(string1)(string2)\1\2" matches a string containing " string1string2string1string2". "[16A]" matches a string containing 1, 6, or A; "[1-36A]"...

  • Page 18: Saving The Output From A Display Command To A File

    For example: # Use | begin line for the display current-configuration command to match the first line of output that contains line to the last line of output. <Sysname> display current-configuration | begin line line class aux user-role network-admin line class vty user-role network-operator line aux 0 user-role network-admin...

  • Page 19: Viewing And Managing The Output From A Display Command Effectively

    Task Command Save the output from a display command to a separate file. display command > filename Append the output from a display command to the end of a file. display command >> filename For example: # Save system time information to a separate file named clock.txt. <Sysname>...

  • Page 20: Saving The Running Configuration

    Saving the running configuration To make your configuration take effect after a reboot, save the running configuration to a configuration file by using the save command in any view. This command saves all commands that have been successfully executed, except for the one-time commands. Typical one-time commands include display commands used for displaying information and reset commands used for clearing information.

  • Page 21: Login Overview

    Login overview The first time you access the device, you can log in to the CLI through the console port. After login, you can change console login parameters or configure other access methods, including Telnet, SSH, modem, Web, and SNMP. Telnet and HTTP-based Web login are not supported in FIPS mode.
  • Page 22 Default settings and minimum configuration Login method requirements • Configure SNMP basic parameters.

  • Page 23: Logging In Through The Console Port For The First Device Access

    Logging in through the console port for the first device access The first time you access the device, you can only log in to the CLI through the console port. To log in through the console port, prepare a console terminal (for example, a PC). Make sure the console terminal has a terminal emulation program, for example, HyperTerminal in Windows XP.
  • Page 24 Figure 3 Creating a connection Figure 4 Specifying the serial port used to establish the connection...
  • Page 25 User interface aux0 is available. Press ENTER to get started. <HPE>%Sep 24 09:48:54:109 2014 HPE SHELL/4/LOGIN: Console login from aux0 <HPE> At the default user view prompt <HPE>, you can enter commands to configure or manage the device. To get help, enter ?.

  • Page 26: Logging In To The Cli

    Logging in to the CLI By default, you can log in to the CLI through the console port. After you log in, you can configure other login methods, including Telnet, SSH, and modem dial-in. To prevent illegal access to the CLI and control user behavior, you can perform the following tasks: •...

  • Page 27: Login Authentication Modes

    Login authentication modes You can configure login authentication to prevent illegal access to the device CLI. In non-FIPS mode, the device supports the following login authentication modes: • None—Disables authentication. This mode allows access without authentication and is insecure. • Password—Requires password authentication.

  • Page 28: Logging In Through The Console Port Locally

    Logging in through the console port locally You can connect a terminal to the console port of the device to log in and manage the device, as shown in Figure 6. For the login procedure, see "Logging in through the console port for the first device access."...

  • Page 29: Configuring Password Authentication For Console Login

    Step Command Remarks authentication. the AUX line. Assign a user By default, an AUX line user is assigned user-role role-name role. the user role network-admin. The next time you log in through the console port, you do not need to provide any username or password.

  • Page 30: Configuring Common Aux Line Settings

    Step Command Remarks non-default setting in user line class view. A setting in user line view takes effect immediately and affects the online user. A setting in user line class view does not affect online users and takes effect only for users who log in after the configuration is completed.
  • Page 31 Step Command Remarks line class view. The default is 1. Stop bits indicate the end of a character. Specify the The more the stop bits, the slower the number of stop stopbits { 1 | 1.5 | 2 } transmission. bits.

  • Page 32: Logging In Through Telnet

    Logging in through Telnet You can Telnet to the device to remotely manage the device, or use the device as a Telnet client to Telnet to other devices to manage them. By default, Telnet login is disabled on the device. To log in to the device through Telnet, you must perform the following tasks: •...
  • Page 33 Step Command Remarks By default, password authentication is enabled for VTY lines. In VTY line view, this command is associated with the protocol inbound Disable authentication. authentication-mode none command. If you specify a non-default value for only one of the two commands in VTY line view, the other command uses the default setting, regardless of the setting in VTY line class view.
  • Page 34 Step Command Remarks regardless of the setting in VTY line class view. set authentication password { hash Set a password. By default, no password is set. | simple } password (Optional.) Assign a By default, a VTY line user is assigned user-role role-name user role.
  • Page 35 • Configure login authentication methods in ISP domain view. • To use remote authentication, configure the scheme to be used. • To use local authentication, configure a local user and the relevant attributes. For more information, see Security Configuration Guide. The next time you Telnet to the CLI, you must provide the configured login username and password, as shown in the following example: ******************************************************************************...
  • Page 36 Typically, you configure the auto-execute command telnet X.X.X.X command on the device so the device redirects a Telnet user to the host at X.X.X.X. In this case, the connection to the current device is closed when the user terminates the Telnet connection to X.X.X.X. To configure common settings for VTY lines: Step Command...

  • Page 37: Using The Device To Log In To A Telnet Server

    Using the device to log in to a Telnet server You can use the device as a Telnet client to log in to a Telnet server. If the server is located in a different subnet than the device, make sure the two devices have routes to reach each other. Figure 7 Telnetting from the device to a Telnet server To use the device to log in to a Telnet server: Step...
  • Page 38 Step Command Remarks Enter system view. system-view public-key local create { dsa Create local key | rsa | ecdsa } [ name By default, no local key pairs are created. pairs. key-name ] Enable SSH server. By default, SSH server is disabled. ssh server enable •...

  • Page 39: Using The Device To Log In To An Ssh Server

    Step Command Remarks regardless of the setting in VTY line class view. By default, the maximum number of concurrent SSH users is 32. Changing this setting does not affect online (Optional.) Set the users. If the current number of online SSH maximum number of aaa session-limit ssh users is equal to or greater than the new...
  • Page 40 Figure 9 Connecting the PC to the device through modems Obtain the telephone number of the device-side modem. Configure the following settings on the device-side modem: AT&F—Restores the factory default. ATS0=1—Configures auto-answer on first ring. AT&D—Ignores DTR signals. AT&K0—Disables local flow control. AT&R1—Ignores RTS signals.
  • Page 41 Figure 12 Dialing the number After you hear the dial tone, press Enter as prompted. If the authentication mode is none, the prompt <HPE> appears. If the authentication mode is password or scheme, you must enter the correct authentication information as prompted.

  • Page 42: Displaying And Maintaining Cli Login

    Displaying and maintaining CLI login Execute display commands in any view and the other commands in user view. Task Command Remarks Display online CLI user display users [ all ] information. display line [ num1 | { aux | vty } Display user line information.

  • Page 43: Logging In To The Web Interface

    Logging in to the Web interface The device provides a built-in Web server that supports HTTP 1.0 and HTTPS. You can use a Web browser to log in to and configure the device. HTTPS uses SSL to ensure the integrity and security of data exchanged between the client and the server, and is more secure than HTTP.

  • Page 44: Configuring Https Login

    Step Command Remarks out. For more information about this command, see Security Command Reference. Create a local user and local-user user-name [ class By default, no local user is enter local user view. manage ] configured. A password is saved in hashed form.
  • Page 45 Step Command Remarks Disabling the HTTPS service de-associates the SSL service policy from the HTTPS service. To enable the HTTPS service again, you must reconfigure this command again. If the HTTPS service has been enabled, any changes to the SSL server policy associated with it do not take effect.

  • Page 46: Displaying And Maintaining Web Login

    Step Command Remarks online users log out. For more information about this command, see Security Command Reference. 10. Create a local user and local-user user-name [ class By default, no local user is configured. enter local user view. manage ] The password is saved in hashed form.

  • Page 47: Https Login Configuration Example

    Figure 13 Network diagram Configuration procedure Configure the device: # Assign the IP address 192.168.100.99 and subnet mask 255.255.255.0 to VLAN-interface 1. [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] ip address 192.168.100.99 255.255.255.0 [Sysname-Vlan-interface1] quit # Create a local user named admin. Set the password to admin, the service type to HTTP, and the user role to network-admin.

  • Page 48: Certificate Request

    Configure the device (HTTPS server): # Create PKI entity en. Set the common name to http-server1 and the FQDN to ssl.security.com. <Device> system-view [Device] pki entity en [Device-pki-entity-en] common-name http-server1 [Device-pki-entity-en] fqdn ssl.security.com [Device-pki-entity-en] quit # Create PKI domain 1 and configure the domain parameters. [Device] pki domain 1 [Device-pki-domain-1] ca identifier new-ca [Device-pki-domain-1] certificate request url...
  • Page 49 # Create local user usera. Set the password to 123, the service type to HTTPS, and the user role to network-admin. [Device] local-user usera [Device-luser-manage-usera] password simple 123 [Device-luser-manage-usera] service-type https [Device-luser-manage-usera] authorization-attribute user-role network-admin Configure the host (HTTPS client): # On the host, run the IE browser and enter http://10.1.2.2/certsrv in the address bar.

  • Page 50: Accessing The Device Through Snmp

    Accessing the device through SNMP You can run SNMP on an NMS to access the device MIB and perform Get and Set operations to manage and monitor the device. Figure 15 SNMP access diagram Get/Set requests Get/Set responses Agent and Traps The device supports SNMPv1, SNMPv2c, and SNMPv3, and can cooperate with various network management software products, including IMC.

  • Page 51: Controlling User Access

    Controlling user access Use ACLs to prevent unauthorized access and configure command authorization and accounting to monitor and control user behavior. For more information about ACLs, see ACL and QoS Configuration Guide. FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode.

  • Page 52: Controlling Web Logins

    Configure the device to permit only Telnet packets sourced from Host A and Host B. Figure 16 Network diagram Configuration procedure # Configure an ACL to permit packets sourced from Host A and Host B. <Sysname> system-view [Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit...

  • Page 53: Web Login Control Configuration Example

    Task Command Log off online Web users. free web-users { all | user-id user-id | user-name user-name } Web login control configuration example Network requirements As shown in Figure 17, the device is an HTTP server. Configure the device to provide the HTTP service only to Host B. Figure 17 Network diagram Configuration procedure # Create an ACL and configure rule 1 to permit packets sourced from Host B.

  • Page 54: Configuration Example

    Step Command Remarks • (Method 1.) Create an SNMP community and specify ACLs for the community: In VACM mode: snmp-agent community { read | write } [ simple | cipher ] community-name [ mib-view view-name ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * In RBAC mode: For more snmp-agent community [ simple | cipher ]...

  • Page 55: Configuring Command Authorization

    Figure 18 Network diagram Configuration procedure # Create an ACL to permit packets sourced from Host A and Host B. <Sysname> system-view [Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit # Associate the ACL with the SNMP community and the SNMP group.

  • Page 56: Configuration Example

    Step Command Remarks class. first-number2 [ last-number2 ] } A non-default setting in either view takes • Enter user line class view: precedence over a default setting in the line class { aux | vty } other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
  • Page 57 Figure 19 Network diagram Configuration procedure # Assign IP addresses to relevant interfaces. Make sure the device and the HWTACACS server can reach each other. Make sure the device and Host A can reach each other. (Details not shown.) # Enable the Telnet server. <Device>...

  • Page 58: Configuring Command Accounting

    [Device-luser-manage-admin] service-type telnet [Device-luser-manage-admin] authorization-attribute user-role level-1 Configuring command accounting Command accounting allows the HWTACACS server to record all executed commands that are supported by the device, regardless of the command execution result. This feature helps control and monitor user behavior on the device. When command accounting is disabled, the accounting server does not record the commands executed by users.

  • Page 59: Configuration Example

    Step Command Remarks command accounting is enabled on all user lines in the class. You cannot configure the undo command accounting command in the view of a user line in the class. Configuration example Network requirements As shown in Figure 20, users need to log in to the device to manage the device.
  • Page 60 # Configure the scheme to use the HWTACACS server at 192.168.2.20:49 for accounting. [Device-hwtacacs-tac] primary accounting 192.168.2.20 49 # Set the shared key to expert. [Device-hwtacacs-tac] key accounting expert # Remove domain names from usernames sent to the HWTACACS server. [Device-hwtacacs-tac] user-name-format without-domain [Device-hwtacacs-tac] quit # Configure the system-predefined domain system to use the HWTACACS scheme for command...

  • Page 61: Configuring Rbac

    Configuring RBAC Overview Role-based access control (RBAC) controls user access to items and system resources based on user roles. In this chapter, items include commands, XML elements, and MIB nodes, and system resources include interfaces and VLANs. RBAC assigns access permissions to user roles that are created for different job functions. Users are given permission to access a set of items and resources based on the users' user roles.
  • Page 62 A user role can access the set of permitted commands, XML elements, and MIB nodes specified in the user role rules. The user role rules include predefined (identified by sys-n) and user-defined user role rules. For more information about the user role rule priority, see "Configuring user role rules."...

  • Page 63: Assigning User Roles

    User role name Permissions RBAC non-debugging commands. Local users. File management. Device management. The display history-command all command. • level-15—Has the same rights as network-admin. Security log manager. The user role has the following access to security log files: • Accesses to the commands for displaying and maintaining security log files (for example, the dir, display security-logfile summary, and more commands).

  • Page 64: Fips Compliance

    FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. Configuration task list Tasks at a glance (Required.) Creating user roles...

  • Page 65: Configuration Restrictions And Guidelines

    Configuration restrictions and guidelines When you configure RBAC user role rules, follow these restrictions and guidelines: • You can configure a maximum of 256 user-defined rules for a user role. The total number of user-defined user role rules cannot exceed 1024. •...

  • Page 66: Configuring Feature Groups

    Step Command Remarks • feature names the same as the Configure an XML element rule: feature names are displayed, rule number { deny | permit } including the case. { execute | read | write } * xml-element [ xml-string ] •...

  • Page 67: Configuring The Vlan Policy Of A User Role

    Step Command Remarks This command denies the access of the user role to all interfaces if the permit interface command is not configured. By default, no accessible interfaces are configured in user role interface (Optional.) Specify a list of policy view. interfaces accessible to permit interface interface-list the user role.

  • Page 68: Assigning User Roles To Remote Aaa Authentication Users

    Step Command Remarks If you do not specify a user role, the default user role is network-operator. If the none authorization method is used for local users, you must enable the default user role feature. Assigning user roles to remote AAA authentication users For remote AAA authentication users, user roles are configured on the remote authentication server.

  • Page 69: Assigning User Roles To Non-Aaa Authentication Users On User Lines

    Assigning user roles to non-AAA authentication users on user lines Specify user roles for the following two types of login users on the user lines: • Users who use password authentication or no authentication. • SSH clients that use publickey or password-publickey authentication. User roles assigned to these SSH clients are specified in their respective local device management user accounts.
  • Page 70 Whether the domain name is included in the username depends on the user-name-format command in the HWTACACS scheme. To obtain a level-n user role, the user account on the server must have the target user role level or a user role level higher than the target user role. A user account that obtains the level-n user role can obtain any user roles among level 0 through level-n.

  • Page 71: Configuring User Role Authentication

    Keywords Authentication mode Description Local password authentication is performed first. If no local password is configured for the user role in this Local password mode: authentication first, and local then remote AAA • The device performs remote AAA authentication for scheme authentication VTY users.

  • Page 72: Displaying And Maintaining Rbac Settings

    Task Command Remarks authorization. Displaying and maintaining RBAC settings Execute display commands in any view. Task Command Display user role information. display role [ name role-name ] Display user role feature display role feature [ name feature-name | verbose ] information.
  • Page 73 # Enable local authentication and authorization for the ISP domain bbb. [Switch] domain bbb [Switch-isp-bbb] authentication login local [Switch-isp-bbb] authorization login local [Switch-isp-bbb] quit # Create the user role role1. [Switch] role name role1 # Configure rule 1 to permit the user role to access read commands of all features. [Switch-role-role1] rule 1 permit read feature # Configure rule 2 to permit the user role to create VLANs and access commands in VLAN view.

  • Page 74: Rbac Configuration Example For Radius Authentication Users

    <Switch> ping 192.168.1.58 Permission denied. RBAC configuration example for RADIUS authentication users Network requirements As shown in Figure 22, the switch uses the FreeRADIUS server to provide AAA service for login users, including the Telnet user. The user account for the Telnet user is hello@bbb and is assigned the user role role2.
  • Page 75 [Switch-line-vty0-63] authentication-mode scheme [Switch-line-vty0-63] quit # Create the RADIUS scheme rad and enter RADIUS scheme view. [Switch] radius scheme rad # Specify the primary server address 10.1.1.1 and the service port 1812 in the scheme. [Switch-radius-rad] primary authentication 10.1.1.1 1812 # Set the shared key to expert in the scheme for the switch to authenticate to the server.

  • Page 76: Rbac Temporary User Role Authorization Configuration Example (Hwtacacs Authentication)

    [Switch-role-role2-ifpolicy] permit interface gigabitethernet 1/0/1 to gigabitethernet 1/0/20 [Switch-role-role2-ifpolicy] quit [Switch-role-role2] quit Configure the RADIUS server: # Add either of the user role attributes to the dictionary file of the FreeRADIUS server. Cisco-AVPair = "shell:roles=\"role2\"" Cisco-AVPair = "shell:roles*\"role2\"" # Configure the settings required for the FreeRADIUS server to communicate with the switch. (Details not shown.) Verifying the configuration # Telnet to the switch, and enter the username and password to access the switch.
  • Page 77 level-0 through level-3 or changing the user role to network-admin. If the AAA configuration is invalid or the HWTACACS server does not respond, the switch performs local authentication. Figure 23 Network diagram Configuration procedure Configure the switch: # Assign an IP address to VLAN-interface 2 (the interface connected to the Telnet user). <Switch>...
  • Page 78 [Switch-isp-bbb] authentication login local # Configure ISP domain bbb to use local authorization for login users. [Switch-isp-bbb] authorization login local # Apply the HWTACACS scheme hwtac to the ISP domain for user role authentication. [Switch-isp-bbb] authentication super hwtacacs-scheme hwtac [Switch-isp-bbb] quit # Create a device management user named test and enter local user view.
  • Page 79 Figure 24 Configuring advanced TACACS+ settings d. Select Shell (exec) and Custom attributes, and enter allowed-roles="network-admin" in the Custom attributes field. Use a blank space to separate the allowed roles.
  • Page 80 Figure 25 Configuring custom attributes for the Telnet user Verifying the configuration Telnet to the switch, and enter the username test@bbb and password aabbcc to access the switch. Verify that you have access to diagnostic commands. <Switch> telnet 192.168.1.70 Trying 192.168.1.70 ... Press CTRL+K to abort Connected to 192.168.1.59 ...

  • Page 81: Rbac Temporary User Role Authorization Configuration Example (Radius Authentication)

    Verify that you can obtain the level-3 user role: # Use the super password to obtain the level-3 user role. When the system prompts for a username and password, enter the username test@bbb and password enabpass. <Switch> super level-3 Username: test@bbb Password: The following output shows that you have obtained the level-3 user role.
  • Page 82 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Assign an IP address to VLAN-interface 3 (the interface connected to the RADIUS server). [Switch] interface vlan-interface 3 [Switch-Vlan-interface3] ip address 10.1.1.2 255.255.255.0 [Switch-Vlan-interface3] quit # Enable Telnet server. [Switch] telnet server enable # Enable scheme authentication on the user lines for Telnet users.
  • Page 83 a. Add a user account named $enab0$ and set the password to 123456. (Details not shown.) b. Access the Cisco IOS/PIX 6.x RADIUS Attributes page. c. Configure the cisco-av-pair attribute, as shown in Figure Figure 27 Configuring the cisco-av-pair attribute Verifying the configuration Telnet to the switch, and enter the username test@bbb and password aabbcc to access the switch.

  • Page 84: Troubleshooting Rbac

    User privilege role is network-admin, and only those commands that authorized to the role can be used. # If the ACS server does not respond, enter the local authentication password abcdef654321 at the prompt. Invalid configuration or no response from the authentication server. Change authentication mode to local.

  • Page 85: Configuring Ftp

    Configuring FTP File Transfer Protocol (FTP) is an application layer protocol based on the client/server model. It is used to transfer files from one host to another over an IP network, as shown in Figure FTP server uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959.

  • Page 86: Configuring Authentication And Authorization

    Step Command Remarks server. By default, the FTP connection idle-timeout timer is 30 minutes. (Optional.) Set the FTP If no data transfer occurs on an FTP connection idle-timeout ftp timeout minutes connection within the idle-timeout timer. interval, the FTP server closes the FTP connection to release resources.

  • Page 87: Manually Releasing Ftp Connections

    Manually releasing FTP connections Task Command • Release the FTP connection established using a specific user account: Manually release FTP connections. free ftp user username • Release the FTP connection to a specific IP address: free ftp user-ip [ ipv6 ] client-address [ port port-num ] Displaying and maintaining the FTP server Execute display commands in any view.

  • Page 88: Using The Device As An Ftp Client

    # Create a local user account abc, set the password to 123456, the user role to network-admin, the working directory to the root directory of the Flash, and the service type to FTP. (To set the working directory to the Flash root directory of the subordinate member, replace flash:/ in the authorization-attribute command with slot2#flash:/.) # Create a local user with the username abc and password 123456.
  • Page 89 Step Command Remarks Enter system view. system-view By default, no source IP (Optional.) Specify a source ftp client source { interface address is specified, and the IP address for outgoing FTP interface-type interface-number | ip primary IP address of the packets.

  • Page 90: Managing Directories On The Ftp Server

    Managing directories on the FTP server Task Command • Display the detailed information of a directory or file on the FTP server: dir [ remotefile [ localfile ] ] Display directory and file information on the FTP • server. Display the name of a directory or file on the FTP server: ls [ remotefile [ localfile ] ] cd { directory | ..

  • Page 91: Changing To Another User Account

    Task Command Remarks Display or change the local lcd [ directory | / ] working directory of the FTP client. put localfile [ remotefile ] Upload a file to the FTP server. Download a file from the FTP get remotefile [ localfile ] server.

  • Page 92: Terminating The Ftp Connection

    Terminating the FTP connection Task Command • disconnect Terminate the connection to the FTP server without exiting FTP • client view. close • Terminate the connection to the FTP server and return to user quit view. • Displaying command help information To display command help information after you log in to the server: Task Command...
  • Page 93 Figure 30 Network diagram IRF (FTP client) 10.2.1.1/16 Master Subordinate FTP server (Member_ID=1) (Member_ID=2) 10.1.1.1/16 Internet Note: The orange line represents an IRF connection. Configuration procedure # Configure IP addresses as shown in Figure 30. Make sure the IRF fabric and PC can reach each other.
  • Page 94 221-Goodbye. You uploaded 2 and downloaded 2 kbytes. 221 Logout. <Sysname>...

  • Page 95: Configuring Tftp

    Configuring TFTP Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for data transmission. In contrast to TCP-based FTP, TFTP does not require authentication or complex message exchanges, and is easier to deploy. TFTP is suited for reliable network environments.

  • Page 96: Configuring The Device As An Ipv6 Tftp Client

    Configuring the device as an IPv6 TFTP client Step Command Remarks Enter system view. system-view (Optional.) Use an ACL to By default, no ACL is used for access control the client's access tftp-server ipv6 acl acl-number control. to TFTP servers. By default, no source IPv6 address is tftp client ipv6 source Specify the source IPv6...

  • Page 97: Managing The File System

    Managing the file system This chapter describes how to manage the device's file system, including the storage media, directories, and files. IMPORTANT: • Before managing storage media, files, and directories, make sure you know the possible impacts. • A file or directory whose name starts with a period (.) is considered a hidden file or directory. Do not give a common file or directory a name that starts with a period.

  • Page 98: Managing Files

    Managing files CAUTION: To avoid file system corruption, do not perform master/subordinate switchover during file operations. You can display directory and file information, display file contents, rename, copy, move, remove, restore, delete, archive, and extract files, and calculate the digests of files for file integrity verification. You can create a file by copying, downloading, or using the save command.

  • Page 99: Compressing/Decompressing A File

    Task Command Move a file. move fileurl-source fileurl-dest Compressing/decompressing a file Perform the following tasks in user view: Task Command Compress a file. gzip filename Decompress a file. gunzip filename Archiving/extracting files Perform the following tasks in user view: Task Command tar create [ gz ] archive-file fileurl-dest [ verbose ] source Archive files.

  • Page 100: Calculating The File Digest

    The device supports multiple storage media. If a storage medium is not partitioned, it has a recycle bin of its own. If a storage medium is partitioned, each partition has its own recycle bin. A recycle bin is a folder named .trash in the root directory of the storage medium or partition. To view which files or directories are in a recycle bin, use either of the following methods: •...

  • Page 101: Changing The Current Working Directory

    Changing the current working directory Perform this task in user view. Task Command Change the current working directory. cd { directory | .. | / } Creating a directory Perform this task in user view. Task Command Create a directory. mkdir directory Removing a directory To remove a directory, you must delete all files and subdirectories in this directory.

  • Page 102: Formatting A Storage Medium

    Formatting a storage medium CAUTION: After a storage medium is formatted, all files and directories on it are erased and cannot be restored. Perform this task in user view. Task Command Format a storage medium. format medium-name Setting the operation mode for files and folders The device supports the following file and folder operation modes: •...

  • Page 103: Managing Configuration Files

    Managing configuration files Overview A configuration file saves a set of commands for configuring software features on the device. You can save any configuration to a configuration file so they can survive a reboot. You can also back up configuration files to a host for future use. You can use the CLI or the Boot menus to manage configuration files.

  • Page 104: Configuration File Formats

    Figure 32 Configuration loading process during startup Start Boot ROM runs Enter Boot menus? Main configuration file available? Backup configuration file available? Select "Skip Load factory Load backup Load main Current System defaults configuration file configuration file Configuration" Software runs with Software runs with Software runs with Software runs with...

  • Page 105: Startup Configuration File Selection

    Startup configuration file selection At startup, the device uses the following procedure to identify the configuration file to load: The device searches for a valid .cfg next-startup configuration file. If one is found, the device searches for an .mdb file that has the same name and content as the .cfg file.

  • Page 106: Enabling Configuration Encryption

    Enabling configuration encryption Configuration encryption enables the device to encrypt a startup configuration file automatically when it saves the running configuration. All HPE devices running Comware 7 software use the same private key or public key to encrypt configuration files.

  • Page 107: Configuring Configuration Rollback

    Task Command Remarks the command saves the configuration to the main startup configuration file If the force keyword is specified, the command saves the configuration to the existing next-startup configuration file. If the force keyword is not specified, the command allows you to specify a new next-startup configuration file.

  • Page 108: Enabling Automatic Configuration Archiving

    • The display archive configuration command no longer displays the old configuration archives. • The serial number for new configuration archives starts at 1. After the maximum number of configuration archives is reached, the system deletes the oldest archive to make room for the new archive. Configuration guidelines In an IRF fabric, the configuration archive function saves the running configuration only on the master device.

  • Page 109: Manually Archiving The Running Configuration

    Manually archiving the running configuration To save system resources, disable automatic configuration archiving and manually archive the configuration if the configuration will not be changed very often. You can also manually archive configuration before performing complicated configuration tasks. Then, you can use the archive for configuration recovery if the configuration attempt fails.

  • Page 110: Backing Up The Main Next-Startup Configuration File To A Tftp Server

    You can use the save [ safely ] [ backup | main ] [ force ] command to save the running configuration to a .cfg configuration file. The .cfg configuration file can be specified as both the main and backup next-startup configuration files. Alternatively, you can use the startup saved-configuration cfgfile [ backup | main ] command to specify a .cfg configuration file as the main or backup next-startup configuration file.

  • Page 111: Restoring The Main Next-Startup Configuration File From A Tftp Server

    Restoring the main next-startup configuration file from a TFTP server To restore the main next-startup configuration file from a TFTP server, the device performs the following operations: • Downloads a configuration file from a TFTP server to the root directory of each member's flash memory.

  • Page 112: Displaying And Maintaining Configuration Files

    Task Command Remarks If neither backup nor main is Delete next-startup configuration specified, this command deletes reset saved-configuration files. [ backup | main ] the main next-startup configuration file. Displaying and maintaining configuration files Execute display commands in any view. Task Command Display information about configuration...

  • Page 113: Upgrading Software

    Upgrading software This chapter describes types of software and how to upgrade software from the CLI. For a comparison of all software upgrade methods, see "Upgrade methods." Overview Software upgrade enables you to add new features and fix bugs. Before performing an upgrade, use the release notes for the new software version to verify software and hardware compatibility and evaluate upgrade impacts.

  • Page 114: System Startup Process

    In this procedure, both the main and backup image sets have feature. If an image set does not have feature images, the system starts up with the main boot and system images after they pass verification. If both the main and backup boot images do not exist or are invalid, connect to the console port and power cycle the device to load a boot image from the Boot menus.

  • Page 115: Upgrade Methods

    Figure 34 System startup process Start Boot ROM runs Enter Boot menus to Press Ctrl+B upgrade Boot ROM or promptly? startup software images Startup software images System starts up and CLI appears Finish Upgrade methods Upgrading method Software types Remarks Upgrading from the CLI: •...

  • Page 116: Preparing For The Upgrade

    Specify the image file as the startup software image file. Reboot the entire IRF fabric. Verify the upgrade. Preparing for the upgrade Use the display version command to verify the current Boot ROM image version and startup software version. Use the release notes for the upgrade software version to evaluate the upgrade impact on your network and verify the following items: Software and hardware compatibility Version and size of the upgrade software...

  • Page 117: Displaying And Maintaining Software Image Settings

    Step Command Remarks feature-package&<1-30> ] • If method 1 is used, the file name slot slot-number { backup | must use the main } storage-medium:/base-filename. ipe format, for example, flash:/startup.ipe. • If method 2 is used, all file names must use the storage-medium:/base-filename.

  • Page 118: Example Of Software Upgrade Through A Reboot

    Example of software upgrade through a reboot Network requirements Use the file startup-r3111p02.ipe to upgrade software images for the IRF fabric in Figure Figure 35 Network diagram Master Subordinate (Member ID = 1) (Member ID = 2) IRF link Internet 1.1.1.1/24 2.2.2.2/24 TFTP server...

  • Page 119: Using The Emergency Shell

    Using the emergency shell At startup, the device tries to locate and load the Comware startup software images. These images can include a boot image, a system image, and feature images. If the following requirements are met, the device enters emergency shell mode: •...

  • Page 120: Loading The System Image

    Task Command Remarks Format a storage format storage-medium medium. Loading the system image Use this task to load a system image from a local storage medium. When you load the system image, the system modifies the main startup software image set to include only the boot image and system image.

  • Page 121: Reboot The Device

    # Identify whether the version of the system image to be loaded matches that of the current boot image. <boot> display install package flash:/5130ei-cmw710-system-r3111p02.bin flash:/5130ei-cmw710-system-r3111p02.bin [Package] Vendor: HPE Product: S5X30 Service name: system Platform version: 7.1.045 Product version: Release 3111P02 Supported board: mpu # Load the system image to start the Comware system.
  • Page 122 Press ENTER to get started. After you press Enter, the following information appears: <System> <System>%Sep 23 18:29:59:777 2014 S58.59 SHELL/5/SHELL_LOGIN: TTY logged in from aux0.

  • Page 123: Managing The Device

    Step Command Remarks Enter system view. system-view Configure the device name. The default device name is HPE. sysname sysname Configuring the system time Specifying the system time source The device can use one of the following system time sources: •...

  • Page 124: Setting The System Time

    If you configure the clock protocol none command together with the clock protocol ntp command, the device uses the NTP time source. Power cycling or using the reboot command to reboot an HPE FlexNetwork 5130 EI restores the default system time settings. Reconfigure the settings after the switch starts up.

  • Page 125: Configuring Banners

    * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ****************************************************************************** To enable displaying the copyright statement: Step Command Remarks Enter system view. system-view Enable displaying the By default, this function is copyright-info enable copyright statement. enabled.

  • Page 126: Configuration Procedure

    Method 2—After you type the last command keyword, type any single printable character as the start delimiter for the banner and press Enter. At the system prompt, type the banner and end the last line with the same delimiter. For example, you can configure the banner "Have a nice day.

  • Page 127: Configuration Guidelines

    • Immediately reboot the device at the CLI. • Schedule a reboot at the CLI, so the device automatically reboots at the specified time or after the specified period of time. • Power off and then power on the device. This method might cause data loss, and is the least-preferred method.

  • Page 128: Configuration Procedure

    • Make sure all commands in a schedule are compliant with the command syntax. The system does not check the syntax when you assign a command to a job. • A schedule cannot contain any of these commands: telnet, ftp, ssh2, and monitor process. •...

  • Page 129: Schedule Configuration Example

    Step Command Remarks • Specify the execution date and Configure one command as time: required. time at time date By default, no execution time is • Specify the execution days and specified for a schedule. Specify an execution time: time table for the Executing commands clock time once at time [ month-date non-periodic schedule.
  • Page 130 • Enable interfaces GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 at 8:00 a.m. every Monday through Friday. • Disable the interfaces at 18:00 every Monday through Friday. Figure 36 Network diagram Scheduling procedure # Enter system view. <Sysname> system-view # Configure a job for disabling interface GigabitEthernet 1/0/1. [Sysname] scheduler job shutdown-GigabitEthernet1/0/1 [Sysname-job-shutdown-GigabitEthernet1/0/1] command 1 system-view [Sysname-job-shutdown-GigabitEthernet1/0/1] command 2 interface gigabitethernet 1/0/1...
  • Page 131 [Sysname-schedule-START-pc1/pc2] job start-GigabitEthernet1/0/1 [Sysname-schedule-START-pc1/pc2] job start-GigabitEthernet1/0/2 [Sysname-schedule-START-pc1/pc2] time repeating at 8:00 week-day mon tue wed thu fri [Sysname-schedule-START-pc1/pc2] quit # Configure a periodic schedule for disabling the interfaces at 18:00 every Monday through Friday. [Sysname] scheduler schedule STOP-pc1/pc2 [Sysname-schedule-STOP-pc1/pc2] job shutdown-GigabitEthernet1/0/1 [Sysname-schedule-STOP-pc1/pc2] job shutdown-GigabitEthernet1/0/2 [Sysname-schedule-STOP-pc1/pc2] time repeating at 18:00 week-day mon tue wed thu fri [Sysname-schedule-STOP-pc1/pc2] quit...
  • Page 132 Start time : Wed Sep 28 18:00:00 2011 Last execution time : Wed Sep 28 18:00:00 2011 Last completion time : Wed Sep 28 18:00:01 2011 Execution counts ----------------------------------------------------------------------- Job name Last execution status shutdown-GigabitEthernet1/0/1 Successful shutdown-GigabitEthernet1/0/2 Successful # Display schedule log information. [Sysname] display scheduler logfile Logfile Size: 16054 Bytes.

  • Page 133: Disabling Password Recovery Capability

    System View: return to User View with Ctrl+Z. [Sysname]interface gigabitethernet 1/0/2 [Sysname-GigabitEthernet1/0/2]shutdown Disabling password recovery capability Password recovery capability controls console user access to the device configuration and SDRAM from Boot ROM menus. If password recovery capability is enabled, a console user can access the device configuration without authentication to configure new passwords.

  • Page 134: Setting Memory Thresholds

    Step Command Remarks Enter system view. system-view Enable CPU usage monitor cpu-usage enable [ slot By default, CPU usage monitoring monitoring. slot-number [ cpu cpu-number ] ] is enabled. monitor cpu-usage interval Set the CPU usage sampling By default, the CPU usage interval-value [ slot slot-number interval.

  • Page 135: Configuring The Temperature Alarm Thresholds

    Notification Triggering condition Remarks The amount of free memory Minor alarm-removed space increases to or above the notification normal state threshold. Figure 37 Memory alarm notification and alarm-removed notification Free memory space Minor alarm-removed Normal Minor Severe alarm-removed alarm Minor Critical alarm-removed Severe alarm Severe...

  • Page 136: Verifying And Diagnosing Transceiver Modules

    When the temperature drops below the low-temperature threshold or reaches the high-temperature warning threshold, the device does the following: • Logs the event. • Sends a log message. • Sends a trap. When the temperature reaches the high-temperature alarming threshold, the device does the following: •...

  • Page 137: Diagnosing Transceiver Modules

    The device regularly checks transceiver modules for their vendor names. If a transceiver module does not have a vendor name or the vendor name is not HPE, the device repeatedly outputs traps and log messages. Disable transceiver module source alarm if the transceiver modules were manufactured or sold by Hewlett Packard Enterprise.

  • Page 138: Displaying And Maintaining Device Management Configuration

    Display the electronic label information of the display device manuinfo [ slot slot-number ] device. Display the electronic label information of a power supply. (Available only on the HPE display device manuinfo slot slot-number power FlexNetwork 5130 24G SFP 4SFP+ EI Switch, power-id JG933A.)
  • Page 139 Task Command Display schedule information. display scheduler schedule [ schedule-name ] Display system version information. display version Display the startup software image upgrade display version-update-record history records of the master. Clear job execution log information. reset scheduler logfile...

  • Page 140: Using Tcl

    Using Tcl Comware 7 provides a built-in tool command language (Tcl) interpreter. From user view, you can use the tclsh command to enter Tcl configuration view to execute the following commands: • Tcl 8.5 commands. • Comware commands. The Tcl configuration view is equivalent to the user view. You can use Comware commands in Tcl configuration view in the same way they are used in user view.
  • Page 141 Enter multiple Comware commands separated by semi-colons to execute the commands in the order they are entered. For example, rip 1; network 10.1.1.1. Specify multiple Comware commands for the cli command, quote them, and separate them by a space and a semicolon. For example, cli "rip 1 ; network 10.1.1.1". Specify one Comware command for each cli command and separate them by a space and a semicolon.

  • Page 142: Using Python

    Using Python Comware 7 provides a built-in Python interpreter that supports the following items: • Python 2.7 commands. • Python 2.7 standard API. • Comware 7 extended API. For more information about the Comware 7 extended API, see "Comware 7 extended Python API." •...

  • Page 143: Configuration Procedure

    Figure 38 Network diagram Configuration procedure # Use a text editor on the PC to edit Python script test.py as follows: #!usr/bin/python import comware comware.Transfer('tftp', '192.168.1.26', 'main.cfg', 'flash:/main.cfg') comware.Transfer('tftp', '192.168.1.26', 'backup.cfg', 'flash:/backup.cfg') comware.CLI('startup saved-configuration flash:/main.cfg main ;startup saved-configuration flash:/backup.cfg backup') # Use TFTP to download the script to the device.

  • Page 144: Comware 7 Extended Python Api

    Comware 7 extended Python API The Comware 7 extended Python API is compatible with the Python syntax. Importing and using the Comware 7 extended Python API To use the Comware 7 extended Python API, you must import the API to Python. Use either of the following methods to import and use the Comware 7 extended Python API: Use import comware to import the entire API and use comware.API to execute an API.
  • Page 145 the commands used to enter the view. For example, you must enter ’system-view ;local-user test class manage’ to execute the local-user test class manage command. do_print: Specifies whether to output the execution result: True—Outputs the execution result. This value is the default. •...

  • Page 146: Transfer Class

    Transfer class Transfer Use Transfer to download a file from a server. Syntax Transfer(protocol=‘’, host=‘’, source=‘’, dest=‘’, login_timeout=10, user=‘’, password=‘’) Parameters protocol: Specifies the protocol used to download a file: • ftp—Uses FTP. • tftp—Uses TFTP. • http—Uses HTTP. host: Specifies the IP address of the remote server. source: Specifies the name of the file to be downloaded from the remote server.

  • Page 147: Api Get_Self_Slot

    Type "help", "copyright", "credits" or "license" for more information. >>> import comware >>> c = comware.Transfer('tftp', '1.1.1.1', 'test.cfg', 'flash:/test.cfg', user='', password='') >>> c.get_error() Sample output 'Timeout was reached' API get_self_slot get_self_slot Use get_self_slot to get the member ID of the master device. Syntax get_self_slot() Returns...
  • Page 148 Python 2.7.3 (default, May 24 2014, 14:37:26) [GCC 4.4.1] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import comware >>> comware.get_standby_slot() Sample output...

  • Page 149: Using Automatic Configuration

    Using automatic configuration Overview With the automatic configuration feature, the device can automatically obtain a set of configuration settings when it starts up without a configuration file. This feature simplifies network configuration and maintenance. Automatic configuration applies to scenarios that have the following characteristics: •...

  • Page 150: Configuring The File Server

    Configuring the file server For devices to obtain configuration information from a TFTP server, start TFTP service on the file server. For devices to obtain configuration information from an HTTP server, start HTTP service on the file server. Preparing the files for automatic configuration The device can use a script file or configuration file for automatic configuration.

  • Page 151: Configuring The Dhcp Server

    Configuring the DHCP server The DHCP server assigns the following items to devices that need to be automatically configured: • IP addresses. • Paths of the configuration files or scripts. Configuration guidelines When you configure the DHCP server, follow these guidelines: •...

  • Page 152: Configuring The Dns Server

    Configuring the DHCP server when a TFTP file server is used Step Command Remarks Enter system view. system-view Enable DHCP. By default, DHCP is disabled. dhcp enable Create a DHCP address By default, no DHCP address dhcp server ip-pool pool-name pool and enter its view.

  • Page 153: Selecting The Interfaces Used For Automatic Configuration

    Selecting the interfaces used for automatic configuration For fast automatic device configuration, connect only the management Ethernet interface on each device to the network. Starting and completing automatic configuration Power on the devices to be automatically configured. If a device does not find a next-start configuration file locally, it starts the automatic configuration process to obtain a configuration file.
  • Page 154 Figure 40 Network diagram Configuration procedure Configure the DHCP server: # Create a VLAN interface and assign an IP address to the interface. <SwitchA> system-view [SwitchA] vlan 2 [SwitchA-vlan2] port gigabitethernet 1/0/1 [SwitchA-vlan2] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 192.168.1.42 24 [SwitchA-Vlan-interface2] quit # Enable DHCP.

  • Page 155: Enable Dhcp

    [SwitchA] dhcp server ip-pool rd [SwitchA-dhcp-pool-rd] network 192.168.3.0 24 [SwitchA-dhcp-pool-rd] tftp-server ip-address 192.168.1.40 [SwitchA-dhcp-pool-rd] gateway-list 192.168.3.1 [SwitchA-dhcp-pool-rd] bootfile-name rd.cfg [SwitchA-dhcp-pool-rd] quit # Configure static routes to the DHCP relay agents. [SwitchA] ip route-static 192.168.2.0 24 192.168.1.41 [SwitchA] ip route-static 192.168.3.0 24 192.168.1.43 [SwitchA] quit Configure the gateway Switch B: # Create VLAN interfaces and assign IP addresses to the interfaces.
  • Page 156 [SwitchC-Vlan-interface3] quit # Enable DHCP. [SwitchC] dhcp enable # Enable the DHCP relay agent on VLAN-interface 3. [SwitchC] interface vlan-interface 3 [SwitchC-Vlan-interface3] dhcp select relay # Specify the DHCP server address. [SwitchC-Vlan-interface3] dhcp relay server-address 192.168.1.42 Configure the TFTP server: # On the TFTP server, edit the configuration file market.cfg.
  • Page 157 interface Vlan-interface3 ip address dhcp-alloc quit interface gigabitethernet1/0/1 port access vlan 3 quit user-interface vty 0 4 authentication-mode scheme user-role network-admin return # Start TFTP service software, and specify the folder where the two configuration files reside as the working directory. (Details not shown.) # Verify that the TFTP server and DHCP relay agents can reach each other.

  • Page 158: Automatic Configuration Using Http Server And Tcl Script

    Automatic configuration using HTTP server and Tcl script Network requirements As shown in Figure 41, the device does not have a configuration file. Configure the servers so the device can obtain a Tcl script to complete the following configuration tasks: •...
  • Page 159 # Start HTTP service software and enable HTTP service. (Details not shown.) Verifying the configuration Power on the device. After the device starts up, display assigned IP addresses on Router A. <RouterA> display dhcp server ip-in-use IP address Client identifier/ Lease expiration Type Hardware address...

  • Page 160: Document Conventions And Icons

    Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Bold text represents commands and keywords that you enter literally as shown. Boldface Italic text represents arguments that you replace with actual values.

  • Page 161: Network Topology Icons

    Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 162: Support And Other Resources

    Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...

  • Page 163: Websites

    For more information and device support details, go to the following website: www.hpe.com/info/insightremotesupport/docs Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,...
  • Page 164 part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.

  • Page 165: Index

    Index CLI user line assignment, RBAC local AAA authentication user role, RBAC non-AAA authentication user role, RBAC AAA authorization, RBAC permission assignment, RBAC default user role, RBAC remote AAA authentication user role, RBAC local AAA authentication user RBAC user role, configuration, RBAC user role assignment, RBAC non-AAA authorization,...
  • Page 166 DNS server, command abbreviation, file preparation, command entry, file server configuration, command history function use, gateway, command hotkey use, HTTP server+Tcl script, command keyword alias configuration, interface selection, command keyword alias use, server-based, 142, command keyword hotkey configuration, start, command line editing, TFTP server, command redisplay, USB-based,...
  • Page 167 CLI command abbreviation, management, CLI command entry, next-startup configuration file, CLI command history function use, next-startup file delete, CLI command hotkey configuration, running configuration archiving (manual), CLI command hotkey use, running configuration save, CLI command keyword alias configuration, startup file selection, CLI command keyword alias use, configuring CLI command line editing,...
  • Page 168 login management Telnet login, creating login management Telnet login on device, file system directory, login management Telnet login password RBAC user role, authentication, login management Telnet login scheme decompressing authentication, file, 92, login management Web interface login, deleting login management Web login control, file, RBAC, 54, 57, next-startup configuration file,...
  • Page 169 FTP manual server connection release, task scheduling, 120, 120, 122, FTP server, temperature alarm threshold, 128, FTP server authentication, transceiver module diagnosis, 129, 129, 130, FTP server authorization, transceiver module source alarm, FTP server configuration (centralized IRF transceiver module device), verification, 129, 129, 129, FTP server directory management, DHCP...
  • Page 170 deletion, device configuration startup file selection, editing command line, File Transfer Protocol. Use emergency shell FTP server files, device information display, information display, device reboot, management, file system management, moving, software upgrade (Comware), name format, system software image load, next-startup configuration file, use, 112, renaming, enabling...
  • Page 171 HTTPS automatic configuration (file server), login management Web interface HTTP login, 36, basic server parameters configuration, login management Web interface HTTPS client configuration (centralized IRF login, 37, device), login management Web interface login, client connection establishment, HWTACACS command help information display, login management command accounting, 51, configuration, RBAC temporary user role authorization,...
  • Page 172 keyword alias configuration, login management Telnet server login, login management VTY common line settings, login management Web interface, login management Web interface HTTP device management, login, 36, legal banner type, 118, login management Web interface HTTPS line login, 37, CLI user line assignment, login management Web interface login, login management CLI AUX common user line logging off...
  • Page 173 Web interface login, module Web login, device transceiver module diagnosis, 129, 129, 130, Web login control, 45, device transceiver module source alarm, Web user logoff, device transceiver module verification, 129, 129, 129, main monitoring software image set, device CPU usage, main next-startup configuration file, 103, moving maintaining...
  • Page 174 device system time source set, 116, RBAC temporary user role authorization, 62, device temperature alarm threshold, 128, RBAC user role assignment, 56, device transceiver module RBAC user role authentication, diagnosis, 129, 129, 130, RBAC user role creation, device transceiver module source alarm, RBAC user role interface policy, device transceiver module RBAC user role local AAA authentication,...
  • Page 175 CLI display command output lines, port device status detection timer, 126, preloading obtaining Boot ROM image, RBAC temporary user role authorization, preparing online software upgrade, CLI online help access, procedure outputting abbreviating CLI command, CLI display command output filtering, accessing CLI online help, CLI display command output management, archiving running configuration (manual), CLI display command output view,...
  • Page 176 configuring login management CLI AUX controlling login management logins (Telnet, common user line settings, SSH), configuring login management CLI console or controlling login management SNMP access, AUX password authentication, controlling login management source IP-based configuring login management CLI console or Web logins, AUX scheme authentication, controlling login management SSH logins,...
  • Page 177 entering system view from user view, rolling back configuration, establishing FTP client connection, saving CLI display command output to file, executing Python script, saving CLI running configuration, executing Tcl configuration view Comware saving running configuration, command, scheduling device management exiting Python shell, task, 120, 120, 122, filtering CLI display command output, selecting automatic configuration interface,...
  • Page 178 RADIUS renaming RBAC RADIUS authentication user file, configuration, repairing RBAC temporary user role authorization, file system storage media, RBAC resource AAA authorization, RBAC resource access policies, configuration, 54, 57, restoring default user role, factory-default settings and states, displaying settings, file, feature group configuration, main next-startup configuration file, FIPS compliance,...
  • Page 179 saving (fast mode), RBAC default user role, saving (safe mode), RBAC feature group configuration, RBAC local AAA authentication user configuration, safe saving running configuration, RBAC permission assignment, saving RBAC RADIUS authentication user CLI display command output to file, configuration, CLI running configuration, RBAC resource access policies, running configuration, RBAC temporary user role authorization, 62,...
  • Page 180 access control, 46, system startup, access management overview, startup device access, configuration loading, SNMPv1 device configuration startup file selection, login management SNMP device access, device configuration), SNMPv2 next-startup configuration file, login management SNMP device access, storage media SNMPv3 file system management, login management SNMP device access, formatting, management,...
  • Page 181 CLI undo command form, login management CLI AUX common user line settings, CLI use, login management CLI console or AUX none CLI view hierarchy, authentication, configuration archive parameters, login management CLI console or AUX password configuration archiving (automatic), authentication, configuration file encryption, login management CLI console or AUX scheme configuration file formats, authentication,...
  • Page 182 next-startup configuration file temperature specification, device temperature alarm threshold, 128, Python extended API, terminating Python extended API functions, FTP connection, Python extended API import, text file content display, Python language, 135, text type argument value, Python script execution, TFTP, 88, See also Python shell entry, automatic configuration, Python shell exit,...
  • Page 183 RBAC configuration, 54, 57, RBAC feature group configuration, verifying RBAC local AAA authentication user device transceiver modules, 129, 129, 129, configuration, viewing RBAC permission assignment, CLI display command output, RBAC predefined user roles, VLAN RBAC RADIUS authentication user RBAC user role VLAN policy, configuration, RBAC VLAN access policy, RBAC resource access policies,...

Table of Contents

Save PDF