1. Manuals
  2. Brands
  3. HPE Manuals
  4. Switch
  5. FlexFabric 7900 Series
  6. Configuration manual

HPE FlexFabric 7900 Series Configuration Manual

Hide thumbs Also See for FlexFabric 7900 Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Installation Manual
HPE FlexFabric 7900 Switch Series
Fundamentals

Configuration Guide

Part number: 5998-8230R
Software version: Release 213x
Document version: 6W101-20151113

Advertisement

Table of Contents
loading

Related Manuals for HPE FlexFabric 7900 Series

Summary of Contents for HPE FlexFabric 7900 Series

  • Page 1: Configuration Guide

    HPE FlexFabric 7900 Switch Series Fundamentals Configuration Guide Part number: 5998-8230R Software version: Release 213x Document version: 6W101-20151113...
  • Page 2 © Copyright 2015 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Contents Contents ··········································································································· i   Using the CLI ·································································································· 1   CLI views ··························································································································································· 1   Entering system view from user view ········································································································· 2   Returning to the upper-level view from any view ······················································································· 2   Returning to user view ······························································································································· 2  ...
  • Page 4 Configuration procedures ························································································································· 37   Configuration example ····························································································································· 37   Controlling SNMP access ································································································································ 38   Configuration procedure ··························································································································· 38   Configuration example ····························································································································· 39   Configuring command authorization ················································································································ 40   Configuration procedure ··························································································································· 40   Configuration example ····························································································································· 41  ...
  • Page 5 Configuring TFTP ·························································································· 78   FIPS compliance ·············································································································································· 78   Configuring the device as an IPv4 TFTP client ································································································ 78   Managing the file system ·············································································· 79   Storage medium naming rules ························································································································· 79   File name formats ············································································································································ 79  ...
  • Page 6   Software upgrade examples ·························································································································· 108   Software upgrade example for the HPE 7904 or HPE 7904 TAA switch in standalone mode··············· 108   Software upgrade example for the HPE 7910 or HPE 7910 TAA switch in standalone mode··············· 109  ...
  • Page 7 Rebooting devices immediately at the CLI ····························································································· 135   Scheduling a device reboot ···················································································································· 135   Scheduling a task ··········································································································································· 136   Configuration guidelines ························································································································· 136   Configuration procedure ························································································································· 136   Schedule configuration example ············································································································ 138   Disabling password recovery capability ········································································································· 141  ...
  • Page 8 Support and other resources ······································································ 181   Accessing Hewlett Packard Enterprise Support ···························································································· 181   Accessing updates ········································································································································· 181   Websites ················································································································································ 182   Customer self repair ······························································································································· 182   Remote support ······································································································································ 182   Documentation feedback ······················································································································· 182   Index ···········································································································...

  • Page 9: Using The Cli

    Using the CLI At the command-line interface (CLI), you can enter text commands to configure, manage, and monitor your device. Figure 1 CLI example You can use different methods to log in to the CLI, including through the console port, Telnet, and SSH.

  • Page 10: Entering System View From User View

    • Configure global settings (such as the daylight saving time, banners, and hotkeys) and some functions. • Enter different function views. For example, you can enter interface view to configure interface parameters, enter VLAN view to add ports to the VLAN, and enter user line view to configure login user attributes.

  • Page 11: Using The Undo Form Of A Command

    • Enter a space and a question mark after a command keyword to display all available, subsequent keywords and arguments. If the question mark is in the place of a keyword, the CLI displays all possible keywords, each with a brief description. For example: <Sysname>...

  • Page 12: Editing A Command Line

    Editing a command line To edit a command line, use the keys listed in Table 1 or the hotkeys listed in Table 3. When you are finished, you can press Enter to execute the command. The total length of a command line cannot exceed 512 characters, including spaces and special characters.

  • Page 13: Configuring And Using Command Aliases

    Configuring and using command aliases You can configure an alias for a command or the starting keywords of commands, and use the alias to execute the command or commands. For example, if you configure the alias siprt for display ip routing-table, you can enter siprt to execute the display ip routing-table command.

  • Page 14: Configuring And Using Command Hotkeys

    Configuring and using command hotkeys The system defines the hotkeys shown in Table 3 and provides five configurable command hotkeys. Pressing a command hotkey is the same as entering a command. If a hotkey is also defined by the terminal software you are using to interact with the device, the terminal software definition takes effect.

  • Page 15: Enabling Redisplaying Entered-But-Not-Submitted Commands

    Enabling redisplaying entered-but-not-submitted commands Your input might interrupted system information output. redisplaying entered-but-not-submitted commands is enabled, the system redisplays your input after finishing the output. You can then continue entering the command line. To enable redisplaying entered-but-not-submitted commands: Step Command Remarks Enter system view.

  • Page 16: Controlling The Cli Output

    Table 5 Comparison between the two types of command history buffers Command history buffer for a user Command history buffer for Item line all user lines What kind of Commands successfully executed by the Commands successfully executed commands are current user of the user line. by all login users.

  • Page 17: Numbering Each Output Line From A Display Command

    Output controlling keys Keys Function Displays the next screen. Space Displays the next line. Enter Stops the display and cancels the command execution. Ctrl+C Displays the previous page. <PageUp> Displays the next page. <PageDown> Disabling pausing between screens of output To disable pausing between screens of output, execute the following command in user view: Task Command...

  • Page 18: Filtering The Output From A Display Command

    Filtering the output from a display command You can use the | { begin | exclude | include } regular-expression option to filter the display command output: • begin—Displays the first line matching the specified regular expression and all subsequent lines.
  • Page 19 Characters Meaning Examples Matches the preceding character n {n,} times or more. The number n must be "o{2,}" matches "foooood", but not "Bob". a nonnegative integer. Matches the preceding character n to m times or more. The numbers n and "...

  • Page 20: Saving The Output From A Display Command To A File

    return # Use | exclude Direct in the display ip routing-table command to filter out direct routes and display only the non-direct routes. <Sysname> display ip routing-table | exclude Direct Destinations : 12 Routes : 12 Destination/Mask Proto Cost NextHop Interface 2.2.2.0/24 OSPF...

  • Page 21: Viewing And Managing The Output From A Display Command Effectively

    FortyGigE1/0/2 # Append the VLAN 999 settings to the end of file vlan.txt. <Sysname> display vlan 999 >> vlan.txt # Verify whether the VLAN 999 settings are appended to the end of file vlan.txt. <Sysname> more vlan.txt VLAN ID: 1 VLAN type: Static Route interface: Not configured Description: VLAN 0001...

  • Page 22: Saving The Running Configuration

    # Display the first line that begins with "user-group" in the running configuration and all the following lines. <Sysname> display current-configuration | by-linenum begin user-group 114: user-group system 115- 116- return Saving the running configuration To make your configuration take effect after a reboot, save the running configuration to a configuration file by using the save command in any view.

  • Page 23: Login Overview

    Login overview The first time you access the device, you can log in to the CLI of the device through the console port. After login, you can change console login parameters, or configure other access methods, including Telnet, SSH, and SNMP. The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements.

  • Page 24: Logging In Through The Console Port For The First Device Access

    Logging in through the console port for the first device access The first time you access the device, you can only log in to the CLI through the console port. To log in through the console port, prepare a console terminal (for example, a PC) and make sure the console terminal has a terminal emulation program, for example, HyperTerminal in Windows XP.
  • Page 25 Figure 4 Creating a connection Figure 5 Specifying the serial port used to establish the connection...
  • Page 26 Figure 6 Setting the properties of the serial port Power on the device and press Enter as prompted. At the default user view prompt <HPE>, enter commands to configure the device or to view the running status of the device. To get help, enter ?.

  • Page 27: Logging In To The Cli

    Logging in to the CLI By default, you can log in to the CLI through the console port. After you log in, you can configure other login methods, including Telnet, and SSH. To prevent illegal access to the CLI and control user behavior, you can configure login authentication, assign user roles, configure command authorization and command accounting, and use ACLs to filter unauthorized logins.

  • Page 28: User Roles

    In non-FIPS mode, the device supports the following login authentication modes: • None—Disables authentication. This mode allows access without authentication and is insecure. Password—Requires password authentication. • • Scheme—Uses the AAA module to provide local or remote login authentication. You must provide a username and password at login.

  • Page 29: Disabling Authentication For Console Login

    Figure 7 Logging in through the console port By default, console login is enabled and does not require authentication. To improve device security, configure the password or scheme authentication mode and assign user roles immediately after you log in to the device for the first time. To configure console login, complete the following tasks: Task Remarks...

  • Page 30: Configuring Password Authentication For Console Login

    Configuring password authentication for console login Step Command Remarks Enter system view. system-view Use either command. A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class.

  • Page 31: Configuring Common Aux Line Settings

    Step Command Remarks Use either command. A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. • To enter AUX line view: A non-default setting in either view takes line aux first-number precedence over a default setting in the...
  • Page 32 Step Command Remarks Use either command. A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. • To enter AUX line view: A non-default setting in either view takes line aux first-number precedence over a default setting in the...

  • Page 33: Logging In Through Telnet

    Step Command Remarks By default, the terminal display type is ANSI. The device supports two terminal display types: ANSI and VT100. As a best 10. Specify the practice, set the display type to VT100 on terminal display terminal type { ansi | vt100 } both the device and the configuration type.
  • Page 34 Task Remarks (Optional.) Setting the DSCP value for outgoing Telnet packets (Optional.) Configuring common VTY line settings The Telnet login configuration is effective only for users who log in after the configuration is completed. Disabling authentication for Telnet login Step Command Remarks Enter system view.
  • Page 35 Figure 8 Telnetting to the device without authentication Configuring password authentication for Telnet login Step Command Remarks Enter system view. system-view Enable Telnet By default, the Telnet server feature is telnet server enable server. disabled. Use either command. A setting in user line view is applied only to the user line.
  • Page 36 Figure 9 Password authentication interface for Telnet login Configuring scheme authentication for Telnet login Step Command Remarks Enter system view. system-view By default, the Telnet server feature is Enable Telnet server. telnet server enable disabled. Use either command. A setting in user line view is applied only to the user line.
  • Page 37 Figure 10 Scheme authentication interface for Telnet login Setting the maximum number of concurrent Telnet users Step Command Remarks Enter system view. system-view By default, the maximum number of concurrent Telnet users is 32. Changing this setting does not affect online Set the maximum number users.
  • Page 38 Step Command Remarks Use either command. A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. • To enter VTY line view: A non-default setting in either view takes line vty first-number...

  • Page 39: Using The Device To Log In To A Telnet Server

    Using the device to log in to a Telnet server You can use the device as a Telnet client to log in to a Telnet server. If the server is located in a different subnet than the device, make sure the two devices have routes to reach each other. Figure 11 Telnetting from the device to a Telnet server To use the device to log in to a Telnet server: Step...
  • Page 40 Step Command Remarks public-key local create { dsa Create local key | rsa | ecdsa } [ name By default, no local key pairs are created. pairs. key-name ] Enable SSH server. By default, SSH server is disabled. ssh server enable •...

  • Page 41: Using The Device To Log In To An Ssh Server

    Step Command Remarks In non-FIPS mode, both Telnet and SSH are supported by default. In FIPS mode, SSH is supported by default. This configuration takes effect only for users • In non-FIPS mode: who log in to the user lines after the protocol inbound { all | (Optional.) Specify configuration is completed.
  • Page 42 Task Command Remarks Display online CLI user display users [ all ] information. display line [ num1 | { aux | vty } Display user line information. num2 ] [ summary ] Display the source IPv4 address or interface configured for the device display telnet client to use for outgoing Telnet packets when serving as...

  • Page 43: Accessing The Device Through Snmp

    Accessing the device through SNMP You can run SNMP on an NMS to access the device MIB and perform Get and Set operations to manage and monitor the device. Figure 13 SNMP access diagram Get/Set requests Get/Set responses Agent and Traps The device supports SNMPv1, SNMPv2c, and SNMPv3, and can work with various network management software products, including IMC.

  • Page 44: Configuring Snmpv1 Or Snmpv2C Access

    Configuring SNMPv1 or SNMPv2c access Step Command Remarks Enter system view. system-view Enable the SNMP By default, the SNMP agent is snmp-agent agent. disabled. By default, the device has four views, all of which are named ViewDefault: • View 1 includes MIB subtree iso.

  • Page 45: Controlling User Access

    Controlling user access Use ACLs to prevent unauthorized access and configure command authorization and accounting to monitor and control user behavior. For more information about ACLs, see ACL and QoS Configuration Guide. FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode.

  • Page 46: Controlling Snmp Access

    Figure 14 Network diagram Configuration procedure # Configure an ACL to permit packets sourced from Host A and Host B. <Sysname> system-view [Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit # Apply the ACL to filter Telnet logins.

  • Page 47: Configuration Example

    Step Command Remarks • SNMP community: snmp-agent community { read | write } [ simple | cipher ] community-name [ mib-view view-name ] [ acl acl-number ] * • SNMPv1/v2c group: snmp-agent group { v1 | v2c } group-name [ read-view view-name ] [ write-view view-name ] [ notify-view view-name ] [ acl acl-number ] * For more...

  • Page 48: Configuring Command Authorization

    [Sysname] snmp-agent group v2c groupa acl 2000 [Sysname] snmp-agent usm-user v2c usera groupa acl 2000 Configuring command authorization By default, commands are available for a user depending only on that user's user roles. When the authentication mode is scheme, you can configure the command authorization feature to further control access to commands.

  • Page 49: Configuration Example

    Step Command Remarks By default, command authorization is disabled. The commands available for a user only depend on the user role. If the command authorization Enable command command is configured in user line class command authorization authorization. view, command authorization is enabled on all user lines in the class, and you cannot configure the undo command authorization command in the view of a...
  • Page 50 [Device-hwtacacs-tac] primary authorization 192.168.2.20 49 [Device-hwtacacs-tac] key authentication expert [Device-hwtacacs-tac] key authorization expert [Device-hwtacacs-tac] server-type standard [Device-hwtacacs-tac] user-name-format without-domain [Device-hwtacacs-tac] quit # Configure the system-predefined domain system to use the HWTACACS scheme tac for login user authentication and command authorization and to use local authentication and local authorization as the backup method.

  • Page 51: Network Requirements

    Step Command Remarks Use either command. A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the • To enter user line view: class.

  • Page 52: Network Diagram

    Network diagram Figure 17 Configuration procedure # Enable the Telnet server. <Device> system-view [Device] telnet server enable # Enable command accounting for user line AUX 0. [Device] line aux 0 [Device-line-aux0] command accounting [Device-line-aux0] quit # Enable command accounting for user lines VTY 0 through VTY 63. [Device] line vty 0 63 [Device-line-vty0-63] command accounting [Device-line-vty0-63] quit...

  • Page 53: Configuring Rbac

    Configuring RBAC Overview Role-based access control (RBAC) controls user access to specific items and system resources based on user roles. In this chapter, items include commands, XML elements, and MIB nodes, and system resources include interfaces, VLANs, and VPN instances. RBAC assigns access permissions to user roles that are created for different job functions.
  • Page 54 A user role can access the set of permitted commands, XML elements, and MIB nodes specified in the user role rules. The user role rules include predefined (identified by sys-n) and user-defined user role rules. For more information about the user role rule priority, see "Configuring user role rules."...

  • Page 55: Assigning User Roles

    User role name Permissions • Accesses the display commands for features and resources available in the administered MDC. To display all accessible commands of the user role, use the display role command. • Enables local authentication login users to change their own mdc-operator passwords.

  • Page 56: Fips Compliance

    For more information about AAA and SSH, see Security Configuration Guide. For more information about user line, see "Login overview" and "Logging in to the CLI." FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode.

  • Page 57: Configuring User Role Rules

    Configuring user role rules You can configure user role rules to permit or deny the access of a user role to specific commands, XML elements, and MIB nodes. Configuration restrictions and guidelines When you configure RBAC user role rules, follow these restrictions and guidelines: •...

  • Page 58: Configuring Feature Groups

    Step Command Remarks • Configure a command rule: rule number { deny | permit } command command-string • Configure a feature rule: By default, a user-defined user role rule number { deny | permit } has no rules or access to any { execute | read | write } * feature command, XML element, or MIB [ feature-name ]...

  • Page 59: Configuring The User Role Interface Policy

    VLANs, and VPN instances. The policy configuration takes effect only on users who are logged in with the user role after the configuration. Configuring the user role interface policy Step Command Remarks Enter system view. system-view Enter user role view. role name role-name By default, the interface policy of the user role permits access to all...

  • Page 60: Assigning User Roles

    Step Command Remarks By default, the VPN instance policy of the user role permits access to all VPN instances. Enter user role VPN vpn-instance policy deny This command denies the access of instance policy view. the user role to all VPN instances if the permit vpn-instance command is not configured.

  • Page 61: Assigning User Roles To Local Aaa Authentication Users

    documentation. For HWTACACS users, the role configuration must use the roles="role-1 role-2 … role-n" format, where user roles are space separated. For example, configure roles="level-0 level-1 level-2" to assign level-0, level-1, and level-2 to an HWTACACS user. NOTE: • To be compatible with privilege-based access control, the device automatically converts privilege-based user levels (0 to 15) assigned by an AAA server to RBAC user roles (level-0 to level-15).

  • Page 62: Configuring Temporary User Role Authorization

    Step Command Remarks • To enter user line view: For information about the priority line { first-num1 [ last-num1 ] order and application scope of the | { aux | vty } first-num2 Enter user line view or configurations in user line view and [ last-num2 ] } user line class view.

  • Page 63: Configuring User Role Authentication

    • If you execute the quit command after obtaining user role authorization, you are logged out of the device. Table 11 User role authentication modes Keywords Authentication mode Description The device uses the locally configured password for authentication. Local password authentication only local If no local password is configured for a user role in this...

  • Page 64: Obtaining Temporary User Role Authorization

    Step Command Remarks • In non-FIPS mode: Use this step for local password authentication. super password [ role Set a local rolename ] [ { hash | By default, no password is configured. authentication simple } password ] password for a user If you do not specify the role rolename option, •...
  • Page 65 • Cannot configure any VLANs except VLANs 10 to 20. Figure 18 Network diagram Configuration procedure # Assign an IP address to VLAN-interface 2 (the interface connected to the Telnet user). <Switch> system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Enable Telnet server.

  • Page 66: Rbac Configuration Example For Radius Authentication Users

    [Switch-luser-manage-user1] undo authorization-attribute user-role network-operator [Switch-luser-manage-user1] quit Verifying the configuration # Telnet to the switch, and enter the username and password to access the switch. (Details not shown.) # Verify that you can create VLANs 10 to 20. This example uses VLAN 10. <Switch>...
  • Page 67 Figure 19 Network diagram Configuration procedure Make sure the settings on the switch and the RADIUS server match. Configure the switch: # Assign VLAN-interface 2 an IP address from the same subnet as the Telnet user. <Switch> system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Assign VLAN-interface 3 an IP address from the same subnet as the RADIUS server.
  • Page 68 [Switch-isp-bbb] quit # Create the feature group fgroup1. [Switch] role feature-group name fgroup1 # Add the features arp and radius to the feature group. [Switch-featuregrp-fgroup1] feature arp [Switch-featuregrp-fgroup1] feature radius [Switch-featuregrp-fgroup1] quit # Create the user role role2. [Switch] role name role2 # Configure rule 1 to permit the user role to use all commands available in ISP view.

  • Page 69: Rbac Configuration Example For Hwtacacs Authentication Users

    # Verify that you can use all read and write commands of the features radius and arp. Take radius as an example. [Switch] radius scheme rad [Switch-radius-rad] primary authentication 2.2.2.2 [Switch-radius-rad] display radius scheme rad … Output of the RADIUS scheme is omitted. # Verify that you cannot configure any VLAN except VLANs 1 to 20.
  • Page 70 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Assign an IP address to VLAN-interface 3 (the interface connected to the HWTACACS server). [Switch] interface vlan-interface 3 [Switch-Vlan-interface3] ip address 10.1.1.2 255.255.255.0 [Switch-Vlan-interface3] quit # Enable Telnet server. [Switch] telnet server enable # Enable scheme authentication on the user lines for Telnet users.
  • Page 71 Configure the HWTACACS server: This example uses ACSv4.0. Perform the following tasks on the User Setup page: a. Add a user account test. (Details not shown.) b. In the Advanced TACACS+ Settings area, configure the following parameters: − Select Level 3 for the Max Privilege for any AAA Client option. −...

  • Page 72: Troubleshooting Rbac

    ****************************************************************************** login: test@bbb Password: <Switch>? User view commands: ping Ping function quit Exit from current command view ssh2 Establish a secure shell client connection super Switch to a user role system-view Enter the System View telnet Establish a telnet connection tracert Tracert function <Switch>...

  • Page 73: Login Attempts By Radius Users Always Fail

    If the problem persists, contact Hewlett Packard Enterprise Support. Login attempts by RADIUS users always fail Symptom Attempts by a RADIUS user to log in to the network access device always fail, even though the following conditions exist: • The network access device and the RADIUS server can communicate with one another. •...

  • Page 74: Configuring Ftp

    Configuring FTP File Transfer Protocol (FTP) is an application layer protocol based on the client/server model. It is used to transfer files from one host to another over an IP network. FTP server uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959.

  • Page 75: Configuring Authentication And Authorization

    Step Command Remarks (Optional.) Use an ACL to By default, no ACL is used for access control access to the FTP ftp server acl acl-number control. server. By default, the FTP connection idle-timeout timer is 30 minutes. (Optional.) Set the FTP If no data transfer occurs on an FTP connection idle-timeout ftp timeout minutes...

  • Page 76: Displaying And Maintaining The Ftp Server

    Displaying and maintaining the FTP server Execute display commands in any view. Task Command Display FTP server configuration and status display ftp-server information. Display detailed information about online FTP users. display ftp-user FTP server configuration example in standalone mode Network requirements On the device, create a local user account with the username abc and password 123456 and enable the FTP server.

  • Page 77: Ftp Server Configuration Example In Irf Mode

    # Examine the storage space for space insufficiency and delete unused files for more free space. <Sysname> dir Directory of flash: -rw- Sep 27 2010 14:43:34 kernel.bin -rw- Sep 27 2010 14:43:34 base.bin drw- Jun 29 2011 18:30:38 logfile drw- Jun 21 2011 14:51:38 diagfile drw-...
  • Page 78 Download the configuration file config.cfg from the FTP server to the FTP client for backup. • Figure 24 Network diagram IRF (FTP server) IP: 1.1.1.1/16 Master Subordinate FTP client (Member_ID=1) (Member_ID=2) 1.2.1.1/16 Internet Note: The orange line represents an IRF connection. Configuration procedure Configure IP addresses as shown in Figure...

  • Page 79: Using The Device As An Ftp Client

    230 User logged in. # Use the ASCII mode to download the configuration file config.cfg from the server to the client for backup. ftp> ascii 200 TYPE is now ASCII ftp> get config.cfg back-config.cfg # Use the binary mode to upload the file temp.bin to the Flash root directory of the master. ftp>...

  • Page 80: Managing Directories On The Ftp Server

    Managing directories on the FTP server Task Command • Display the detailed information of a directory or file on the FTP server: dir [ remotefile [ localfile ] ] Display directory and file information on the FTP • server. Display the name of a directory or file on the FTP server: ls [ remotefile [ localfile ] ] cd { directory | ..

  • Page 81: Changing To Another User Account

    Task Command Remarks Set the FTP operation mode to passive The default mode is passive. passive. Display or change the local lcd [ directory | / ] working directory of the FTP client. put localfile [ remotefile ] Upload a file to the FTP server. Download a file from the FTP get remotefile [ localfile ] server.

  • Page 82: Terminating The Ftp Connection

    Task Command Remarks Enable or disable FTP client By default, FTP client debugging is debug debugging. disabled. Clear the reply information in the reset buffer. Terminating the FTP connection Task Command Remarks • disconnect Terminate the connection to the FTP Use either command in FTP client view.
  • Page 83 Figure 25 Network diagram Configuration procedure # Configure IP addresses as shown in Figure 25 and make sure the device and PC can reach each other. (Details not shown.) # Examine the storage space of the device. If the free space is insufficient, use the delete/unreserved file-url command to delete unused files.

  • Page 84: Ftp Client Configuration Example In Irf Mode

    FTP client configuration example in IRF mode Network requirements As shown in Figure 26, a PC acts as the FTP server. An FTP user account with the username abc and password 123456 is configured on the FTP server. A two-chassis IRF fabric has two MPUs. The global active MPU is in slot 17 of the master.
  • Page 85 ftp> ascii 200 TYPE is now ASCII ftp> put config.cfg back-config.cfg local: config.cfg remote: back-config.cfg 150 Connecting to port 47461 226 File successfully transferred 3494 bytes sent in 5.646 seconds (618.00 kbyte/s) ftp> bye 221-Goodbye. You uploaded 2 and downloaded 2 kbytes. 221 Logout.

  • Page 86: Configuring Tftp

    Configuring TFTP Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for data transmission. In contrast to TCP-based FTP, TFTP does not require authentication or complex message exchanges, and is easier to deploy. TFTP is suited for reliable network environments.

  • Page 87: Managing The File System

    Managing the file system This chapter describes how to manage the device's file system, including the storage media, directories, and files. IMPORTANT: • Before managing storage media, files, and directories, make sure you know the possible impacts. • A file or directory whose name starts with a period (.) is considered a hidden file or directory. Do not give a common file or directory a name that starts with a period.
  • Page 88 Format Description Example Specifies a file in a specific storage medium. The drive argument represents the flash:/test/a.cfg indicates a file named storage medium name: a.cfg in the test folder of the MPU's flash memory. • For a storage medium on the •...

  • Page 89: Managing Files

    Managing files CAUTION: To avoid file system corruption, do not perform the following operations during file operations: • Installing or removing storage media. • Performing an active/standby switchover in standalone mode. • Performing a switchover between the global active MPU and a global standby MPU in IRF mode. You can perform the following file management tasks: •...

  • Page 90: Moving A File

    Task Command Copy a file. copy fileurl-source fileurl-dest Moving a file Perform this task in user view. Task Command Move a file. move fileurl-source fileurl-dest Compressing/decompressing a file Perform the following tasks in user view: Task Command Compress a file. gzip filename Decompress a file.

  • Page 91: Deleting Files From The Recycle Bin

    Calculating the digest of a file File digests are used to verify file integrity. For example, you can calculate the digest of a software image file and compare it with that provided on the HPE website to verify whether the file has been tampered with.

  • Page 92: Displaying Directory Information

    Before you create or remove a directory on a USB disk, make sure the disk is not write protected. Displaying directory information Perform this task in user view. Task Command Display directory or file information. dir [ /all ] [ file-url | /all-filesystems ] Displaying the current working directory Perform this task in user view.

  • Page 93: Managing Storage Media

    Managing storage media CAUTION: To avoid file system corruption, do not perform the following operations while the system is repairing, formatting, partitioning, mounting, or unmounting a storage medium: • Installing or removing storage media or cards. • Performing an active/standby switchover in standalone mode. •...

  • Page 94: Mounting Or Unmounting A Storage Medium

    Mounting or unmounting a storage medium Generally, a hot-swappable storage medium is automatically mounted when it is connected to the device. If the system cannot recognize the storage medium, however, you must mount the storage medium before you can access it. To remove a hot-swappable storage medium from the device, you must first unmount it to disconnect it from the device.

  • Page 95: Setting The Operation Mode For Files And Folders

    • To guarantee the startup system software image and configuration files sufficient storage space, set the path for log files to a partition other than the first partition. By default, the system automatically saves log files to the second partition. If the path does not exist, use the info-center logfile switch-directory command to change the path to avoid log loss.

  • Page 96: Managing Configuration Files

    Managing configuration files Overview A configuration file saves a set of commands for configuring software features on the device. You can save any configuration to a configuration file so they can survive a reboot. You can also back up configuration files to a host for future use. You can use the CLI or the BootWare menus to manage configuration files.

  • Page 97: Configuration File Formats

    Figure 28 Configuration loading process during startup Start BootWare runs Enter BootWare menus? Main configuration file available? Backup configuration file available? Select "Skip Load backup Load main Current System configuration file configuration file Configuration" Software runs with Software runs with Software runs with Software runs with settings in backup...

  • Page 98: Startup Configuration File Selection

    Startup configuration file selection At startup, the device uses the following procedure to identify the configuration file to load: The device searches for a valid .cfg next-startup configuration file. If one is found, the device searches for an .mdb file that has the same name and content as the .cfg file.

  • Page 99: General Configuration Restrictions And Guidelines

    BootWare menus to specify the built-in flash memory or the USB disk as the default storage medium. • In standalone mode, make sure both the active and standby MPUs on an HPE 7910 or HPE 7910 TAA switch use the same type of storage medium as the default storage medium. •...

  • Page 100: Saving The Running Configuration

    If both the main and backup next-startup configuration files are unavailable or corrupt, the system displays a message indicating that the next-startup configuration file does not exist. To display configuration differences in any view: Task Command Display the configuration differences display diff configfile file-name-s configfile file-name-d between two specified configuration files.

  • Page 101: Using Different Methods To Save The Running Configuration

    On an IRF fabric, use the display irf command to verify that the IRF topology is correct before you save the running configuration. After a member device leaves because of an IRF split, the member device's settings are still retained in the running configuration and the next-startup configuration file. However, saving the running configuration before recovering the IRF fabric will remove the member device's settings from the next-startup configuration file.

  • Page 102: Configuring Configuration Commit Delay

    Task Command Remarks This command applies to each MPU. If you execute the save [ safely ] command without specifying any other keyword, the command saves the Save the running configuration to configuration to the main startup a configuration file in the root configuration file.

  • Page 103: Specifying A Next-Startup Configuration File

    Step Command Remarks (Optional.) Commit the settings configured after the configuration commit configuration commit delay command was executed. Specifying a next-startup configuration file CAUTION: In an IRF fabric, use the undo startup saved-configuration command with caution. This command can cause an IRF split after the IRF fabric or an IRF member reboots. You can specify a .cfg configuration file as a main or backup next-startup configuration file when using the save [ safely ] [ backup | main ] [ force ] command to save the running configuration.

  • Page 104: Backing Up The Main Next-Startup Configuration File To A Tftp Server

    Backing up the main next-startup configuration file to a TFTP server Before performing this task, make sure the following requirements are met: • The server is reachable. • The server is enabled with TFTP service. • You have read and write permissions to the server. To back up the main next-startup configuration file to a TFTP server: Step Command...

  • Page 105: Deleting A Next-Startup Configuration File

    Deleting a next-startup configuration file CAUTION: This task permanently deletes the next-startup configuration file from each MPU. Before performing this task, back up the file as needed. Delete a next-startup configuration file if one of the following events occurs: • After you upgrade system software, the file no longer matches the new system software.
  • Page 106 Task Command Display the valid configuration in the display this current view.

  • Page 107: Upgrading Software

    7910 TAA switch uses two removable switching fabric modules (slots 10 and 11) for switching and control. Unless otherwise stated, the term "MPU" collectively refers to the switching fabric modules on the HPE 7910 or HPE 7910 TAA switch and the built-in MPU on the HPE 7904 or HPE 7904 TAA switch.

  • Page 108: Comware Image Redundancy And Loading Procedure

    Comware image redundancy and loading procedure You can specify one main image list and one backup image list. The system always attempts to start up with the main images. If any main image does not exist or is invalid, the system tries the backup images. Figure 29 shows the entire Comware image loading procedure.

  • Page 109: Upgrade Methods

    Figure 30 System startup process Upgrade methods Upgrading method Software types Remarks • BootWare image Upgrading from the CLI This method is disruptive. You must reboot the • Comware images without using ISSU entire device to complete the upgrade. (excluding patches) The ISSU method enables a software upgrade without service interruption.

  • Page 110: Upgrade Procedure Summary

    Upgrade procedure summary To upgrade software from the CLI: Download the upgrade software image file. (Optional.) Preload the BootWare image to the BootWare. If a BootWare upgrade is required, you can perform this task to shorten the subsequent upgrade time. This task helps avoid upgrade problems caused by unexpected electricity failure. If you skip this task, the device upgrades the BootWare automatically when it upgrades the startup software images.

  • Page 111: Specifying Startup Images And Completing The Upgrade

    In standalone mode You can specify startup images for the MPUs in bulk or one by one. Specifying startup images for the MPU on an HPE 7904 or HPE 7904 TAA switch Perform this task in user view. To specify startup images and complete the upgrade in standalone mode:...
  • Page 112 Specifying startup images for all MPUs in bulk on an HPE 7910 or HPE 7910 TAA switch Perform this task in user view. To specify startup images and complete the upgrade in standalone mode: Step Command Remarks Make sure the following file path format requirements are met: •...

  • Page 113: In Irf Mode

    Step Command Remarks When you use method 3, make sure you understand the following requirements and upgrade results: • Method 1: • If the active MPU started up with boot-loader file ipe-filename main startup images, its main slot slot-number { backup | startup images are main } synchronized to the standby...
  • Page 114 Step Command Remarks This step ensures that any Save the running configuration you have made can save configuration. survive a reboot. At startup, the MPUs read the Reboot the IRF fabric. preloaded BootWare image to RAM reboot and load the startup images in the file. display boot-loader [ chassis Verify that the current software (Optional.) Verify the...

  • Page 115: Restoring Or Downgrading The Bootware Image

    MPU to the standby MPU at startup This feature is available only for the HPE 7910 or HPE 7910 TAA switch in standalone mode. To synchronize software from the global active MPU to other MPUs on an IRF fabric, use the irf auto-update enable command.

  • Page 116: Displaying And Maintaining Software Image Settings

    TAA switch in standalone mode Network requirements As shown in Figure 31, upgrade software images for the HPE 7904 or HPE 7904 TAA switch. The device has one built-in MPU in slot 0. Figure 31 Network diagram TFTP server TFTP client 2.2.2.2/24...

  • Page 117: Software Upgrade Example For The Hpe 7910 Or Hpe 7910 Taa Switch In Standalone Mode

    Network requirements As shown in Figure 32, upgrade software images for the HPE 7910 or HPE 7910 TAA switch. The device has two MPUs: one active MPU in slot 10 and one standby MPU in slot 11. Figure 32 Network diagram...

  • Page 118: Software Upgrade Example For The Hpe 7904 Or Hpe 7904 Taa Irf Fabric

    As shown in Figure 33, upgrade software images for an HPE 7904 or HPE 7904 TAA IRF fabric. Each IRF member device has one built-in MPU in slot 0. The global active MPU is in slot 0 on the master device.

  • Page 119: Software Upgrade Example For The Hpe 7910 Or Hpe 7910 Taa Irf Fabric

    As shown in Figure 34, upgrade software images for an HPE 7910 or HPE 7910 TAA IRF fabric. Each IRF member device has two MPUs: one in slot 10 and one in slot 11. The global active MPU is in slot 10 on the master device.
  • Page 120 # Complete TFTP settings on both the device and the TFTP server. (Details not shown.) # Display information about the current software images. <Sysname> display version # Use TFTP to download the image file 7910.ipe from the TFTP server to the root directory of the flash memory on the global active MPU.

  • Page 121: Performing An Issu

    Performing an ISSU The HPE 7904 or HPE 7904 TAA switch uses one built-in MPU (slot 0) and the HPE 7910 or HPE 7910 TAA switch uses two removable switching fabric modules (slots 10 and 11) for switching and control.

  • Page 122: Issu Flow Chart

    ISSU flow chart Figure 35 ISSU flow chart Preparing for ISSU For a successful ISSU, make sure all the preparation requirements are met. Identifying availability of ISSU Use the release notes to verify that ISSU is supported between the current and upgrade versions.

  • Page 123: Preparing The Upgrade Images

    • Use the switchto mdc command to verify that no automatic configuration process is in progress. If the message Automatic configuration is running, press CTRL_C or CTRL_D to break. appears, an automatic configuration process is in progress. To perform an ISSU, wait for the process to complete or abort the process.

  • Page 124: Logging In To The Device Through The Console Port

    Logging in to the device through the console port Log in to the device through the console port after you finish all the preparation tasks and understand all the ISSU guidelines. If you use Telnet or SSH, you might be disconnected from the device before the ISSU is completed.

  • Page 125: Adjusting And Saving The Running Configuration

    Adjusting and saving the running configuration Remove the configured commands that the new software version do not support. Use the save command to save the running configuration. Performing an ISSU When you use the issu series commands to install or upgrade the software of MPUs, the device automatically install or upgrade the software of LPUs as needed.

  • Page 126: Installing Patch Images

    Installing patch images To install a patch image on an IRF fabric, you must start with the master. To install a patch image on a member device, you must start with the active MPU. When you install a patch image on the active MPU, the system automatically installs the image on the LPUs that require patching.

  • Page 127: Issu Example

    Task Command • In standalone mode: display install active [slot slot-number ] [ verbose ] Display active software images. • In IRF mode: display install active [ chassis chassis-number slot slot-number ] [ verbose ] • In standalone mode: display install committed [slot slot-number ] [ verbose ] Display main startup software •...
  • Page 128 # Display active software images. <Sysname> display install active Active packages on chassis 1 slot 10: flash:/boot-r0201.bin flash:/system-r0201.bin Active packages on chassis 1 slot 11: flash:/boot-r0201.bin flash:/system-r0201.bin Active packages on chassis 2 slot 10: flash:/boot-r0201.bin flash:/system-r0201.bin Active packages on chassis 2 slot 11: flash:/boot-r0201.bin flash:/system-r0201.bin # Upgrade the boot and system images on the subordinate member.
  • Page 129 flash:/SYSTEM-R0202.bin Running Version New Version Release 0201 Release 0202 Chassis Slot Switchover Way Global active standby MPU switchover Upgrading software images to compatible versions. Continue? [Y/N]:y # Upgrade the original master. <Sysname> issu commit chassis 1 flash:/BOOT-r0202.bin Running Version New Version Release 0201 Release 0202 flash:/SYSTEM-r0202.bin...

  • Page 130: Using Python

    Using Python Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.
  • Page 131 Figure 37 Network diagram Configuration procedure # Use a text editor on the PC to edit Python script test.py as follows: #!usr/bin/python import comware comware.Transfer('tftp', '192.168.1.26', 'main.cfg', 'flash:/main.cfg') comware.Transfer('tftp', '192.168.1.26', 'backup.cfg', 'flash:/backup.cfg') comware.CLI('startup saved-configuration flash:/main.cfg main ;startup saved-configuration flash:/backup.cfg backup') # Use TFTP to download the script to the device.

  • Page 132: Comware V7 Extended Python Api

    Comware V7 extended Python API The Comware V7 extended Python API is compatible with the Python syntax. Importing and using the Comware V7 extended Python API To use the Comware V7 extended Python API, you must import the API to Python. Use either of the following methods to import and use the Comware V7 extended Python API: Use import comware to import the entire API and use comware.API to execute an API.
  • Page 133 the commands used to enter the view. For example, you must enter ’system-view ;local-user test class manage’ to execute the local-user test class manage command. do_print: Specifies whether to output the execution result: True—Outputs the execution result. This value is the default. •...

  • Page 134: Transfer Class

    Transfer class Transfer Use Transfer to download a file from a server. Syntax Transfer(protocol=‘’, host=‘’, source=‘’, dest=‘’, vrf=‘’, login_timeout=10, user=‘’, password=‘’) Parameters protocol: Specifies the protocol used to download a file: • ftp—Uses FTP. • tftp—Uses TFTP. • http—Uses HTTP. host: Specifies the IP address of the remote server.

  • Page 135: Api Get_Self_Slot

    <Sysname> python Python 2.7.3 (default, Sep 24 2014, 14:37:26) [GCC 4.4.1] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import comware >>> c = comware.Transfer('tftp', '1.1.1.1', 'test.cfg', 'flash:/test.cfg', user='', password='') >>> c.get_error() Sample output “Couldn’t connect to server” API get_self_slot get_self_slot Use get_self_slot to get the slot number of the active MPU in standalone mode, or the slot number...

  • Page 136: Api Get_Slot_Range

    Returns In standalone mode, this command returns a list object in the format [[–1,slot-number]]. The slot-number indicates the slot number of the standby MPU. If the switch does not have a standby MPU, [ ] is returned. In IRF mode, a list object in one of the following formats is returned: •...

  • Page 137: Api Get_Slot_Info

    API get_slot_info get_slot_info Use get_slot_info to obtain information about a slot. Syntax get_slot_info(slot-number) Returns A dictionary object in the format {'Slot': slot-number, 'Status': 'Normal/Absent/Fail', 'Chassis': chassis-number, 'Role': 'Master/Standby/IO', 'Cpu': cpu-number}. The chassis-number indicates the member ID of the device. The slot-number indicates the slot number of the card. The cpu-number indicates the number of the CPU.

  • Page 138: Managing The Device

    You can perform the configuration tasks in this chapter in any order. The HPE 7904 (JG682A) or HPE 7904 TAA (JH122A) switch uses one built-in MPU (slot 0) for switching and control. The HPE 7910 (JG841A) or HPE 7910 TAA (JH123A) switch uses two removable switching fabric modules (slots 10 and 11) for switching and control.

  • Page 139: Specifying The System Time Source

    Step Command Remarks Enter system view. system-view clock timezone zone-name { add The default local time zone is the Set the local time zone. | minus } zone-offset UTC time zone. clock summer-time name By default, daylight saving time is Set the daylight saving time.

  • Page 140: Configuring Banners

    Configuring banners Banners are messages that the system displays when a user logs in. Banner types The system supports the following banners: • Legal banner—Appears after the copyright statement. To continue login, the user must enter Y or press Enter. To quit the process, the user must enter N. Y and N are case insensitive. •...

  • Page 141: Configuration Procedure

    last line with the same delimiter. For example, you can configure the banner "Have a nice day. Please input the password." as follows: <System> system-view [System] header shell AHave a nice day. Please input banner content, and quit with the character 'A'. Please input the password.

  • Page 142: Setting The Packet Statistics Collection Mode

    Step Command Remarks By default, the device operates in standard mode. The bridgee keyword is available in Release 2137 and later versions. For an operating mode change to take effect, you must perform the Set the system operating system-working-mode { advance | following tasks: mode.

  • Page 143: Rebooting The Device

    Rebooting the device CAUTION: • A reboot can interrupt network services. • To avoid configuration loss, use the save command to save the running configuration before a reboot. For more information about the save command, see Fundamentals Command Reference. • Before a reboot, use the display startup and display boot-loader commands to verify that you have correctly specified the startup configuration file and startup software images.

  • Page 144: Scheduling A Task

    Task Command Remarks Specify the reboot date scheduler reboot at time [ date ] By default, no reboot date or time is specified. and time. Specify the reboot delay scheduler reboot delay time By default, no reboot delay time is specified. time.
  • Page 145 Step Command Remarks By default, no job is assigned to a schedule. Assign a job to a job job-name You can assign multiple jobs to a schedule. schedule. The jobs will be executed concurrently. By default, a schedule has the user role of the schedule creator.

  • Page 146: Schedule Configuration Example

    Step Command Remarks • Execute the schedule at an interval from the specified time Configure either command. By default, no execution time is time repeating at time specified for a schedule. [ month-date [ month-day | Specify an execution last ] | week-day Executing commands clock time table for the week-day&<1-7>...
  • Page 147 # Configure a job for disabling interface FortyGigE 1/0/2. [Sysname] scheduler job shutdown-FortyGigE1/0/2 [Sysname-job-shutdown-FortyGigE1/0/2] command 1 system-view [Sysname-job-shutdown-FortyGigE1/0/2] command 2 interface fortygige 1/0/2 [Sysname-job-shutdown-FortyGigE1/0/2] command 3 shutdown [Sysname-job-shutdown-FortyGigE1/0/2] quit # Configure a job for enabling interface FortyGigE 1/0/2. [Sysname] scheduler job start-FortyGigE1/0/2 [Sysname-job-start-FortyGigE1/0/2] command 1 system-view [Sysname-job-start-FortyGigE1/0/2] command 2 interface fortygige 1/0/2 [Sysname-job-start-FortyGigE1/0/2] command 3 undo shutdown...
  • Page 148 # Display schedule information. [Sysname] display scheduler schedule Schedule name : START-pc1/pc2 Schedule type : Run on every Mon Tue Wed Thu Fri at 08:00:00 Start time : Wed Sep 28 08:00:00 2011 Last execution time : Wed Sep 28 08:00:00 2011 Last completion time : Wed Sep 28 08:00:03 2011 Execution counts -----------------------------------------------------------------------...

  • Page 149: Disabling Password Recovery Capability

    Completion time : Wed Sep 28 18:00:01 2011 --------------------------------- Job output ----------------------------------- <Sysname>system-view System View: return to User View with Ctrl+Z. [Sysname]interface fortygige 1/0/1 [Sysname-FortyGigE1/0/1]shutdown Job name : shutdown-FortyGigE1/0/2 Schedule name : STOP-pc1/pc2 Execution time : Wed Sep 28 18:00:00 2011 Completion time : Wed Sep 28 18:00:01 2011 --------------------------------- Job output ----------------------------------- <Sysname>system-view...

  • Page 150: Monitoring The Cpu Usage

    Step Command Remarks Set the port status detection The default setting is 30 seconds. shutdown-interval time timer. Monitoring the CPU usage You can enable CPU usage monitoring so the system periodically samples and saves CPU usage. To examine recent CPU usage, use the display cpu-usage history command. You can also set CPU usage thresholds.
  • Page 151 • If a free-memory threshold is exceeded, the system generates an alarm notification or an alarm-removed notification and sends it to affected service modules or processes. The device supports the following free-memory thresholds: Normal state threshold. Minor alarm threshold. Severe alarm threshold. Critical alarm threshold.

  • Page 152: Setting Temperature Alarm Thresholds

    Figure 39 Memory alarm notification and alarm-removed notification Free memory space Minor alarm-removed Normal Minor Severe alarm-removed alarm Minor Critical alarm-removed Severe alarm Severe Critical alarm Critical Time To set memory thresholds: Step Command Remarks Enter system view. system-view • In standalone mode: memory-threshold [ slot The defaults are as follows:...

  • Page 153: Isolating A Switching Fabric Module

    Isolating a switching fabric module A switching fabric module for an HPE 7910 or HPE 7910 TAA switch has a forwarding plane and a control plane. The forwarding plane has multiple forwarding channels. You can isolate the forwarding plane or some of its channels to troubleshoot forwarding problems. An isolated forwarding plane or channel does not receive or forward any traffic.

  • Page 154: Configuring Global On-Demand Diagnostics

    Step Command Remarks Enter system view. system-view • In standalone mode: By default, a switching fabric switch-fabric isolate slot slot-number [ channel module is not isolated from the channel-number ] forwarding plane and it forwards Isolate a switching fabric traffic. •...

  • Page 155: Diagnosing Transceiver Modules

    Configuring user process maintenance parameters HPE Comware V7 is a modular network operating system based on the Linux kernel. Comware V7 software features run as independent kernel threads or user processes. A kernel thread runs in kernel space. A user process runs in user space.

  • Page 156: Displaying And Maintaining Device Management Configuration

    Task Command Remarks The default directory for saving core files is flash: on an MPU. Make sure the directory for saving core files on the active MPU or global active MPU is not NULL and Specify the directory for saving is accessible.

  • Page 157: Irf Mode

    Task Command Display global on-demand diagnostic test display diagnostic content [ slot slot-number ] configuration. [ verbose ] Display the operating statistics for multiple feature display diagnostic-information [ hardware | modules. infrastructure | l2 | l3 | service ] [ filename ] Display device temperature information.
  • Page 158 Task Command display cpu-usage configuration [ chassis Display CPU usage monitoring configuration. chassis-number slot slot-number [ cpu cpu-number ] ] display cpu-usage history [ job job-id ] [ chassis Display historical CPU usage statistics in a chart. chassis-number slot slot-number [ cpu cpu-number ] ] display device [ flash ] [ chassis chassis-number Display hardware information.

  • Page 159: Configuring Mdcs

    Configuring MDCs Overview The Multitenant Device Context (MDC) technology can partition a physical device or an IRF fabric into multiple logical devices called MDCs. Each MDC uses its own hardware and software resources, runs independently of other MDCs, and provides services for its own customer. Creating, starting, rebooting, or deleting an MDC does not affect any other MDCs.

  • Page 160: Feature And Software Version Compatibility

    On the default MDC, you can perform the following tasks: • Manage the entire physical device. • Create and delete non-default MDCs, for example, Device A, Device B, and Device C in Figure • Assign resources to non-default MDCs. These resources include interfaces, CPU resources, and memory space.

  • Page 161: Assigning Hardware Resources To Mdcs

    Step Command Remarks By default, there is a default MDC with the name Admin and ID 1. The default MDC is system defined. You cannot delete it. Create an MDC. mdc mdc-name [ id mdc-id ] The MDC starts to work after you execute the mdc start command.
  • Page 162 b. Authorize the MDC to use the LPU where the physical interface resides. • Interfaces on LPUs are grouped. The interfaces in a group must be assigned to or removed from the same MDC at the same time. Different groups of interfaces on an LPU can be assigned to different MDCs.
  • Page 163 b. Use the undo port group interface command to remove the binding of the physical interface to the IRF port. For more information about the undo port group interface command, see Virtual Technologies Command Reference. c. Assign or reclaim the IRF physical interface. d.

  • Page 164: Specifying A Cpu Weight For An Mdc

    To ensure correct operation of all MDCs, assign the MDCs CPU weights. All MDCs share and compete for the CPU resources on the MPUs (for the HPE 7904 or HPE 7904 TAA switch) or the switching fabric modules (for the HPE 7910 or HPE 7910 TAA switch) in the system. All MDCs that are authorized to use the same LPU share and compete for the CPU resources on the LPU.

  • Page 165: Specifying A Memory Space Percentage For An Mdc

    MPUs (for the HPE 7904 or HPE 7904 TAA switch) or the switching fabric modules (for the HPE 7910 or HPE 7910 TAA switch) in the system. If an MDC occupies too much memory space, the other MDCs might be unable to operate correctly.

  • Page 166: Displaying And Maintaining Mdcs

    As shown in Figure 42, two departments need to use an HPE 7910 switch to access the Internet. Configure two MDCs on the switch to meet the Internet access requirements of two departments. Assign CPU weights for the MDCs. Use the default memory space allocation settings.
  • Page 167 Figure 42 Network diagram Configuration procedure Create and configure MDCs: # Create MDCA for Department A. <Device> system-view [Device] mdc MDCA It will take some time to create MDC... MDC created successfully. [Device-mdc-2-MDCA] quit # Create MDCB for Department B. [Device] mdc MDCB It will take some time to create MDC...
  • Page 168 [Device-mdc-2-MDCA] location slot 1 # Set the CPU weight to 5 for MDCA. [Device-mdc-2-MDCA] limit-resource cpu weight 5 # Start MDCA. [Device-mdc-2-MDCA] mdc start It will take some time to start MDC... MDC started successfully. [Device-mdc-2-MDCA] quit # Assign interfaces FortyGigE 1/0/7 through FortyGigE 1/0/12 to MDCB. [Device] mdc MDCB [Device-mdc-3-MDCB] allocate interface fortygige 1/0/7 to fortygige 1/0/12 Configuration of the interfaces will be lost.
  • Page 169 [Device] Configure the management Ethernet interface for MDCA: # Log in to MDCB from the default MDC. Press Ctrl+D as prompted to access the CLI of MDCB. [Device] switchto mdc MDCB ****************************************************************************** * Copyright (c) 2010-2015 Hewlett Packard Enterprise Development LP * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.

  • Page 170: Mdc Configuration Example In Irf Mode

    As shown in Figure 43, the IRF fabric contains two HPE 7910 switches. Each member device has two LPUs (in slots 2 and 3). Each LPU has 12 Forty-GigabitEthernet interfaces. The first six interfaces belong to one group and the remaining interfaces belong to another group.
  • Page 171 # Shut down FortyGigE 1/1/0/1 and FortyGigE 2/1/0/1. <IRF> system-view [IRF] interface range fortygige 1/1/0/1 fortygige 2/1/0/1 [IRF-if-range] shutdown [IRF-if-range] quit # Remove the binding for IRF port 1/1. [IRF] irf-port 1/1 [IRF-irf-port1/1] undo port group interface FortyGigE1/1/0/1 [IRF-irf-port1/1] quit # Remove the binding for IRF port 2/2.
  • Page 172 Configure FortyGigE 1/1/0/1 and FortyGigE 2/1/0/1 as the IRF physical interface on MDCA: # Log in to MDCA from the default MDC. Press Ctrl+D as prompted to stop automatic MDC configuration and access the CLI of MDCA. [IRF] switchto mdc MDCA ****************************************************************************** * Copyright (c) 2010-2015 Hewlett Packard Enterprise Development LP * Without the owner's prior written consent,...
  • Page 173 * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ****************************************************************************** <MDCA> system-view # Bring up FortyGigE 1/1/0/1 and FortyGigE 2/1/0/1. [MDCA] interface range fortygige 1/1/0/1 fortygige 2/1/0/1 [MDCA-if-range] undo shutdown [MDCA-if-range] quit # To enable the administrator of MDCA to remotely manage MDCA, assign an IP address to the management Ethernet interface and enable the Telnet service.
  • Page 174 [IRF] mdc Admin [IRF-mdc-1-Admin] undo location chassis 1 slot 2 The configuration associated with the specified slot of MDC will be lost. Continue? [Y/N]:y [IRF-mdc-1-Admin] undo location chassis 2 slot 2 The configuration associated with the specified slot of MDC will be lost. Continue? [Y/N]:y [IRF-mdc-1-Admin] quit # Assign FortyGigE 1/2/0/7 through FortyGigE 1/2/0/12 and FortyGigE 2/2/0/7 through...
  • Page 175 [MDCB-M-GigabitEthernet1/0/0/0] ip address 192.168.2.252 24 [MDCB-M-GigabitEthernet1/0/0/0] quit [MDCB] telnet server enable [MDCB] user-interface vty 0 63 [MDCB-line-vty0-63] authentication-mode none [MDCB-line-vty0-63] user-role mdc-admin # Return to the default MDC. [MDCB-line-vty0-63] return <MDCB> switchback [IRF] Verifying the configuration Verify that the MDCs exist and are operating correctly. <IRF>...

  • Page 176: Configuring Preprovisioning

    Configuring preprovisioning Overview Preprovisioning allows you to preconfigure interfaces on an offline module. In this release, interface cards can be preprovisioned. With preprovisioning, you can configure a module before installing or attaching the module to the device. The preprovisioned settings are applied when the module comes online. You can also enable preprovisioning for an online module and configure the module.

  • Page 177: Displaying And Maintaining Preprovisioned Settings

    Displaying and maintaining preprovisioned settings Execute display commands in any view and reset commands in user view. Task Command Remarks After preprovisioned modules come online, you can use this command to determine the Display the preprovisioned application result of preprovisioned settings. commands that were not display provision applied to preprovisioned...

  • Page 178: Using Automatic Configuration

    Using automatic configuration With the automatic configuration feature, the device can automatically obtain a set of configuration settings from some servers when it starts up without a configuration file. This feature simplifies network configuration, facilitates centralized management, and reduces maintenance workload. Understanding automatic configuration The automatic configuration feature requires the cooperation of the following servers: a DHCP server, an HTTP server, a TFTP server, and a DNS server, as shown in...
  • Page 179 interface and repeating Step 2 to Step 4. To stop the automatic configuration process, press Ctrl+D at the CLI of the device. IMPORTANT: • To ensure quick and successful automatic configuration of a device, connect only the interface used for automatic configuration to the network. •...

  • Page 180: Interface Selection Process

    Figure 45 Automatic configuration workflow Interface selection process The device follows the following process to select an interface for automatic configuration: If the device has a management Ethernet interface that is up at Layer 2, the device uses the management Ethernet interface for automatic configuration.

  • Page 181: Automatic-Configuration Parameter Acquisition Process

    If the device has no management Ethernet interface in up state at Layer 2 but has one or more Layer 2 Ethernet interfaces in up state, the device selects the VLAN interface of the default VLAN. If no Layer 2 Ethernet interface is in up state, the device sorts all Layer 3 Ethernet interfaces in up state first by the dictionary order of the interface types and then in ascending order of interface numbers, and selects the one with the smallest interface number among the interfaces of the first interface type.
  • Page 182 configuration file name is in the form of a valid HTTP URL, the device tries to download the configuration file from the URL. See Figure • If the device did not obtain a configuration file name during the automatic-configuration parameter acquisition process, or if the device got a configuration file name that is not in the form of a valid HTTP URL, the device starts to acquire a configuration file from a TFTP server: If the device has got a TFTP server IP address, it unicasts a request to the TFTP server.

  • Page 183: Deploying And Configuring Servers For Automatic Configuration

    Deploying and configuring servers for automatic configuration To implement automatic configuration, you do not need to perform any configuration on the device. However, you must deploy DHCP, TFTP, and DNS servers and configure the servers to cooperate with the device as follows: •...

  • Page 184: Http Server Configuration Guidelines

    b. Ask the device administrator to power on the device. c. Execute the display dhcp server ip-in-use command on the DHCP server to view the client ID of the device after the device starts up. After you complete the static binding configuration, ask the device administrator to power off the device and then power it on so the device obtains the IP address and configuration parameters you configured for it.
  • Page 185 Figure 48 Network diagram Configuration procedure Assign IP addresses to the interfaces. Make sure the devices can reach each other. (Details not shown.) Configure the following files on the HTTP server: File Content Remarks You can create a configuration file by modifying the .cfg configuration file Commands required for IRF setup.
  • Page 186 File Content Remarks Python commands and APIs that complete the following tasks: a. (Optional.) Verifies that the flash memory has sufficient space for the files to be downloaded. b. Downloads the configuration file, Edit a Python script file for each sn.txt, and the software image member switch.

  • Page 187: Document Conventions And Icons

    Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Bold text represents commands and keywords that you enter literally as shown. Boldface Italic text represents arguments that you replace with actual values.

  • Page 188: Network Topology Icons

    Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 189: Support And Other Resources

    Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...

  • Page 190: Websites

    Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title, part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.

  • Page 191: Index

    Index MDC, 151 argument (CLI string/text type), 4 ASCII transfer mode, 66 RBAC AAA authorization, 47 assigning RBAC default user role, 52 CLI user line assignment, 19 RBAC local AAA authentication user MDC hardware resources, 153 configuration, 56 MDC physical interface, 153 RBAC user role local AAA authentication, 53 RBAC local AAA authentication user role, 53 RBAC user role non-AAA authentication, 53...
  • Page 192 login management command image restore, 107 authorization, 40, 41 software image type, 99, 99 login management user access control, 37 software upgrade preparation, 102 MDC LPU use, 153 startup image file specification (in IRF mode), 105 RBAC temporary user role authorization, 54 startup image file specification (in standalone mode), 103 auto...
  • Page 193 login overview, 19 software upgrade (in standalone mode), 103 maintaining login, 33 compressing file, 82, 82 online help access, 2 Comware output control, 8 Boot software image type, 99 output control keys, 9 feature package, 99 return to upper-level view from any view, 2 image loading, 100 return to user view, 2 image redundancy, 100...
  • Page 194 FTP server (standalone mode), 68 user process maintenance parameter, 147 FTP server authentication, 67 console login management CLI console/AUX common user FTP server authorization, 67 line settings, 23 login management CLI console/AUX common login management CLI console/AUX none user line settings, 23 authentication, 21 login management CLI console/AUX none login management CLI console/AUX password...
  • Page 195 device port status detection timer, 141 login management SSH login configuration on device, 31 device login management SSH server login, 33 automatic configuration, 170 automatic configuration server login management Telnet login device configuration, 25 configuration, 175 automatic configuration server deployment, 175 login management Telnet server login, 31 MDC access, 157 CLI command history function use, 7...
  • Page 196 system operating mode, 133 preprovisioned settings, 169 system time set, 130 RBAC settings, 56 system time source set, 131 software image settings, 108 task scheduling, 136, 138 automatic configuration, 170 temperature alarm threshold, 144 automatic configuration server configuration, 175 transceiver module diagnosis, 147 automatic configuration server deployment, 175 transceiver module verification, 146, 146 downgrading...
  • Page 197 decompression, 82, 82 storage media repair, 85 deleting from recycle bin, 83 storage media unmount, 86 deletion, 82 storage media USB disk partition, 86, 86 device configuration startup file selection, 90 text file content display, 81 FTP server files, 72 File Transfer Protocol.
  • Page 198 MDC physical interface assignment, 153 BootWare image preload, 102, 102 MDC resource assignment, 153 FTP client configuration (IRF mode), 76 history CLI history function, 7 FTP server configuration (IRF mode), 69 ISSU, 113, 117, 119 hotkey (command), 6 HWTACACS ISSU device operating status verification, 114 login management command ISSU feature status verification, 115 accounting, 42, 43...
  • Page 199 CLI console/AUX scheme authentication, 22 local RBAC local AAA authentication user CLI local console/AUX port login, 20 configuration, 56 CLI login authentication modes, 19 RBAC user role local AAA authentication, 53 CLI user line assignment, 19 logging in CLI user line identification, 19 ISSU console port, 116 CLI user roles, 20 login management CLI console/AUX common...
  • Page 200 file system, 79 module device transceiver module diagnosis, 147 file system directories, 83 device transceiver module verification, 146, 146 file system files, 81 preprovisioning configuration, 168 file system storage media, 85 monitoring FTP server directories, 72 CPU usage, 142 manual mounting FTP server connection release, 67 file system storage media, 86...
  • Page 201 device reboot (immediate), 135 login management Telnet login control, 37, 37 device reboot (scheduled), 135 MDC access, 157 device system operating mode, 133 MDC application, 151 device system time set, 130 MDC CPU weight specification, 156 device system time source set, 131 MDC creation, 152 device temperature alarm threshold, 144 MDC hardware resources assignment, 153...
  • Page 202 MDC configuration, 151, 152, 158, 162 automatic configuration parameter acquisition process, 173 preprovisioning configuration, 168 outputting Python use, 122, 122 CLI display command output filtering, 10 RBAC configuration, 45, 48, 56 CLI display command output management, 13 RBAC HWTACACS authentication user CLI display command output view, 13 configuration, 61 CLI display comment output to file, 12...
  • Page 203 RBAC user role assignment, 52 configuring CLI command hotkey, 6 RBAC user role interface policy, 51 configuring CLI command keyword alias, 5 RBAC user role local AAA authentication, 53 configuring configuration commit delay, 94 RBAC user role non-AAA authentication, 53 configuring device as IPv4 TFTP client, 78 RBAC user role remote AAA authentication, 52 configuring device banner, 132, 133...
  • Page 204 configuring MDC, 158, 162 displaying device management configuration, 148 configuring RBAC, 48, 56 displaying directory information, 84 configuring RBAC feature group, 50 displaying file information, 81 configuring RBAC for HWTACACS displaying FTP client, 74 authentication user, 61 displaying FTP server, 68 configuring RBAC for RADIUS authentication displaying ISSU, 118 user, 58...
  • Page 205 manually releasing FTP server connection, 67 specifying startup image file (in IRF mode), 105 monitoring CPU usage, 142 specifying startup image file (in standalone mode), 103 mounting file system storage media, 86 starting MDC, 157 moving file, 82 terminating FTP connection, 74 numbering CLI display command output lines, 9 troubleshooting FTP connection, 73 obtaining RBAC temporary user role...
  • Page 206 HWTACACS authentication user main next-startup configuration file, 96 configuration, 61 restrictions local AAA authentication user configuration, 56 ISSU upgrade, 115 non-AAA authorization, 47 paritioning storage media CF cards, 86 permission assignment, 45 paritioning storage media USB disks, 86 predefined user roles, 46 RBAC rule configuration, 49 RADIUS authentication user configuration, 58 unmounting file system storage media, 86...
  • Page 207 RBAC user role interface policy, 51 RBAC user role local AAA authentication, 53 safe saving running configuration, 92, 93 RBAC user role non-AAA authentication, 53 saving CLI display command output to file, 12 RBAC user role remote AAA authentication, 52 CLI running configuration, 14 RBAC user role rule configuration, 49 ISSU running configuration, 117...
  • Page 208 BootWare image preload, 102 login control, 37 BootWare image restore, 107 login management overview, 15 BootWare image type, 99 server login, 33 completion (in IRF mode), 105 standby software synchronization from active to standby completion (in standalone mode), 103 MPU, 107 Comware Boot image type, 99 starting MDC, 157 Comware feature package, 99...
  • Page 209 automatic configuration, 170 device packet statistics collection mode, 134, 134 automatic configuration parameter acquisition device password recovery capability disable, 141 process, 173 device port status detection timer, 141 automatic configuration process, 170 device reboot, 135 CLI command abbreviation, 4 device reboot (immediate), 135 CLI command entry, 3 device reboot (scheduled), 135 CLI command history function use, 7...
  • Page 210 login management CLI login authentication Python use, 122, 122 modes, 19 return to upper-level view from any view, 2 login management CLI user lines, 19 return to user view, 2 login management CLI user roles, 20 running configuration save, 92 login management command software upgrade, 99 accounting, 42, 43...
  • Page 211 RBAC user role creation, 48 threshold device memory usage, 142 RBAC user role interface policy, 51 device temperature threshold alarm, 144 RBAC user role local AAA authentication, 53 time RBAC user role non-AAA authentication, 53 device system time set, 130 RBAC user role remote AAA authentication, 52 device system time source set, 131 RBAC user role rule configuration, 49...

Table of Contents