HP A5830 Switch Series
Fundamentals
Abstract
This document describes the software features for the HP A Series products and guides you through the
software configuration procedures. These configuration guides also provide configuration examples to
help you apply software features to different network scenarios.
This documentation is intended for network planners, field technical support and servicing engineers,
and network administrators working with the HP A Series products.
Part number: 5998-2060 Version 3
Software version: Release 1109
Document version: 6W100-20110715

Advertising

   Also See for HP A5830 Series

   Summary of Contents for HP A5830 Series

  • Page 1: Configuration Guide

    Configuration Guide Abstract This document describes the software features for the HP A Series products and guides you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.

  • Page 2

    The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Contents Configuring CLI ···························································································································································· 1 Entering the CLI ·································································································································································1 Undo form of a command················································································································································1 CLI views ············································································································································································1 Entering system view················································································································································2 Exiting the current view ···········································································································································2 Returning to user view··············································································································································3 Using the CLI online help ·················································································································································3 Entering and editing commands······································································································································4 Entering incomplete keywords ································································································································4 Configuring command aliases ································································································································5 Configuring CLI hotkeys···········································································································································5 Redisplaying commands previously entered but not submitted···········································································7...

  • Page 4: Table Of Contents

    Logging in through Telnet·············································································································································· 34 Telnet login authentication modes ······················································································································· 35 Configuring none authentication for Telnet login ······························································································ 36 Configuring password authentication for Telnet login ······················································································ 37 Configuring scheme authentication for Telnet login ·························································································· 38 Configuring common settings for VTY user interfaces (optional)······································································ 42 Configuring the device to log in to a Telnet server as a Telnet client······························································...

  • Page 5: Table Of Contents

    Using another username to log in to the FTP server ·························································································· 74 Maintaining and debugging the FTP connection······························································································· 74 Terminating an FTP connection ···························································································································· 75 FTP client configuration example························································································································· 75 Configuring the FTP server ············································································································································ 77 Configuring FTP server operating parameters ··································································································· 77 Configuring authentication and authorization on the FTP server ·····································································...

  • Page 6

    Enabling configuration file auto-save ·················································································································· 94 Selecting the modes for saving the configuration file························································································ 94 Setting configuration rollback······································································································································· 95 Configuration task list ··········································································································································· 96 Configuring parameters for saving the current running configuration ···························································· 96 Enabling automatic saving of the running configuration ·················································································· 97 Manually saving the running configuration········································································································...

  • Page 7

    Clearing unused assigned 16-bit interface indexes ·································································································126 Verifying and diagnosing transceiver modules ········································································································126 Verifying transceiver modules ····························································································································126 Diagnosing transceiver modules························································································································126 Displaying device management configuration ·········································································································127 Support and other resources ·································································································································· 129 Contacting HP ······························································································································································129 Subscription service ············································································································································129 Related information······················································································································································129 Documents····························································································································································129 Websites ······························································································································································129 Conventions ··································································································································································130...

  • Page 8: Configuring Cli

    Configuring CLI The command line interface enables you to interact with your device by typing text commands. At the CLI, instruct the device to perform a given task by typing a text command and then pressing Enter (Figure 1). Compared with a GUI where you use a mouse to perform configuration, the CLI allows you to enter more information in one command line.

  • Page 9

    After logging in to the switch, you are in user view. The user view prompt is <device name>. In user • view, perform display, debugging, and file management operations, set the system time, restart your device, and perform FTP and Telnet operations. Enter system view from user view.

  • Page 10: Using The Cli Online Help

    The quit command in user view terminates the current connection between the terminal and the • device. In public key code view, use the public-key-code end command to return to the parent view (public • key view). In public key view, use the peer-public-key end command to return to system view. Task…...

  • Page 11: Entering And Editing Commands

    [Sysname] interface vlan-interface 1 ? <cr> [Sysname] interface vlan-interface 1 The string <cr> indicates that the command is a complete command, and can be executed by pressing Enter. Enter an incomplete character string followed by ?. The CLI displays all commands starting with the entered character(s).

  • Page 12: Configuring Command Aliases, Configuring Cli Hotkeys

    Press Tab to have an incomplete keyword automatically completed. Configuring command aliases The command alias function allows you to replace the first keyword of a command with your preferred keyword. For example, if you configure show as the replacement for the display keyword, then to execute the display xx command, enter the command alias show xx.

  • Page 13

    Task… Command… Remarks Enter system view. system-view — Optional. hotkey { CTRL_G | CTRL_L | Configure CTRL_O | CTRL_T | CTRL_U } The Ctrl+G, Ctrl+L and Ctrl+O hotkeys are hotkeys. command specified at the CLI by default. display hotkey [ | { begin | Available in any view.

  • Page 14: Using Command History

    Redisplaying commands previously entered but not submitted If command input is interrupted by output system information, use this feature to redisplay the commands entered previously but not submitted. With this feature enabled, the following rules apply: If there is no input at the command line prompt and the system outputs system information such as •...

  • Page 15

    Accessing history commands Use arrow keys to access history commands in Windows 200X and XP Terminal or Telnet. In Windows 9X HyperTerminal, use Ctrl+P or Ctrl+N. They are defined differently and the up and down arrow keys are invalid. The commands saved in the history command buffer are in the same format in which you entered the commands.

  • Page 16

    Controlling the CLI display By default, each screen displays up to 24 lines. To change the maximum number of lines displayed on the next screen, use screen-length. For more information about this command, see Fundamentals Command Reference. If the output information spans multiple screens, each screen pauses after it is displayed. Perform one of the following operations to proceed: Action Function...

  • Page 17

    Character Meaning Remarks For example, regular expression "^user" only Starting sign. string only appears at the ^string matches a string beginning with "user," not beginning of a line. "Auser." Ending sign. string only appears at the end For example, regular expression "user$" only string$ of a line.

  • Page 18

    Character Meaning Remarks For example, [^16A] matches a string containing any character except 1, 6 or A. The matching Matches a single character not contained string can also contain 1, 6 or A, but cannot within the brackets. contain only these three characters. For example, [^16A] matches "abc"...

  • Page 19: Configuring User Privilege And Command Levels

    Example of using the include keyword # Display the route entries that contain Vlan in the routing table (the output depends on the current configuration). <Sysname> display ip routing-table | include Vlan Routing Tables: Public Destination/Mask Proto Cost NextHop Interface 192.168.1.0/24 Direct 0 192.168.1.42...

  • Page 20

    For more information about AAA authentication, see Security Configuration Guide. • For more information about the local-user and authorization-attribute commands, see Security • Command Reference. For more information about SSH, see Security Configuration Guide. • Configure user privilege level by using AAA authentication parameters If the user interface authentication mode is scheme, the user privilege level of users logging into the user interface is specified in AAA authentication configuration.

  • Page 21

    When users Telnet to the switch through VTY 1, they must enter username test and password 12345678. After passing authentication, the users can only use level 0 commands. If the users want to use commands of level 0, 1, 2 and 3 commands, the following configuration is required: [Sysname-luser-test] authorization-attribute level 3 Configure the user privilege level under a user interface If the user interface authentication mode is scheme, and SSH publickey authentication type (only a...

  • Page 22: Switching User Privilege Level

    Task… Command… Remarks Optional. Configure the authentication By default, the authentication mode for mode for any user who uses authentication-mode { none | VTY user interfaces is password, and no the current user interface to password } authentication is needed for AUX login log in to the switch.

  • Page 23

    • privilege restores to the original level. To avoid problems, HP recommends that administrators log in to the switch by using a lower privilege level and view switch operating parameters. To maintain the switch, administrators can temporarily switch to a higher level.

  • Page 24

    Step… Command… Remarks Enter system view. system-view — Optional. Set the authentication mode super authentication-mode for user privilege level switch. { local | scheme } * local by default. Required if the authentication mode is set to local (specify the local keyword when setting super password [ level user- Configure the password for the authentication mode).

  • Page 25: Modifying The Level Of A Command

    Modifying the level of a command CAUTION: HP recommends using the default command level or modifying the command level under the guidance of professional staff. An improper change of the command level may cause disruptions in maintenance and operation, or cause potential security problems.

  • Page 26: Displaying Cli

    information, and the reset commands, which clear specified information. One-time commands that are executed are never saved. Displaying CLI Task… Command… Remarks Display defined command aliases display command-alias [ | { begin and the corresponding | exclude | include } regular- Available in any view.

  • Page 27: Login Methods

    Login methods Log in to the switch in the following ways: Table 6 Login methods Login method Default state Logging in By default, log in to a device through the console port. The authentication mode through the is None (no username or password required). The user privilege level is 3. console port By default, you cannot log in to a device through Telnet.

  • Page 28: User Interface Overview

    User interface overview A user interface, also called line, enables you to manage and monitor sessions between the terminal and the device when logging in to the device through the console port, Telnet or SSH. A single user interface corresponds to a single user interface view where you can configure a set of parameters, such as whether to authenticate users at login, and the user privilege level after login.

  • Page 29

    Relative numbering Relative numbering allows you to specify a user interface e or a group of user interfaces of a specific type. The number format is "user interface type + number." The following rules of relative numbering apply: AUX user interfaces are numbered from 0 in the ascending order, with a step of 1. •...

  • Page 30: Overview

    CLI login Overview The CLI enables interaction with a device via entered text commands. At the CLI, instruct the device to perform a given task by entering a text command and pressing Enter to submit it. Compared to using a GUI with a mouse to perform configuration, the CLI allows entry of more information in a single command line.

  • Page 31: Login Procedure

    Login procedure WARNING! Identify interfaces correctly to avoid connection errors. The PC serial port does not support hot-swap. Do not plug or unplug the console cable to or from the PC when the device is powered on. To disconnect the PC from the device, first unplug the RJ-45 connector and then the DB-9 connector. Use the console cable shipped with the device to connect the PC and the device.

  • Page 32

    Figure 5 Specify the serial port used to establish the connection Figure 6 Set the properties of the serial port Power on the device. Press Enter if the device successfully completes the POST. A prompt such as <HP> Step3 appears after you press Enter, as shown in...

  • Page 33: Console Login Authentication Modes

    Figure 7 Configuration page Execute commands to configure the device or check the running status of the device. Step4 To get help, enter ?. Console login authentication modes Authentication falls into local authentication and remote authentication. For more information about authentication modes and parameters, see Security Configuration Guide.

  • Page 34: Configuring None Authentication For Console Login

    Authentication Configuration Remarks mode authentication for console login." Set the local password. Configure the authentication scheme. Configure a RADIUS/HWTACA CS scheme. Configure the AAA Remote AAA scheme used by the authentication domain. Configure the For more information, see Select an username and Scheme "Configuring scheme authentication...

  • Page 35: Configuring Password Authentication For Console Login

    After the configuration, you are prompted to press Enter the next time you log in to the device through the console port. A prompt such as <HP> appears after you press Enter, as shown in Figure Figure 8 Configuration page...

  • Page 36: Configuring Scheme Authentication For Console Login

    When logging in to the device through the console port after configuration, you are prompted to enter a login password. A prompt such as <HP> appears after you enter the password and press Enter, as shown Figure Figure 9 Configuration page...

  • Page 37

    Task… Command… Remarks Required. Whether local, RADIUS, or HWTACACS Specify scheme authentication-mode authentication is adopted depends on the authentication mode. scheme configured AAA scheme. By default, users that log in through the console port are not authenticated. Optional. • By default, command authorization is not enabled.

  • Page 38

    After the configuration, you are prompted to enter a login username and password when logging in to the device through the console port. A prompt such as <HP> appears after you enter the password and username and press Enter, as shown in...

  • Page 39: Configuring Optional Common Settings For Console Login

    Figure 10 Configuration page Configuring optional common settings for console login CAUTION: The common settings configured for console login take effect immediately. If you configure the common settings after you log in through the console port, the current connection may be interrupted. Use another login method.

  • Page 40

    Optional. By default, the terminal display type is ANSI. The device supports two types of terminal display: ANSI and VT100. HP recommends you Configure to set the display type of both the device and the type client to VT100. If the device and the client use...

  • Page 41: Logging In Through Telnet

    Task… Command… Remarks Configure user Optional. privilege user privilege level By default, the default command level is 3 for level level the AUX user interface. login users. maximum Optional. number screen-length screen- lines By default, the next screen displays 24 lines. length A value of 0 disables the function.

  • Page 42: Telnet Login Authentication Modes

    Object Requirements Configure the IP address of the VLAN interface, and make sure the Telnet server and client can reach each other. Telnet server Configure the authentication mode and other settings. Run the Telnet client program. Telnet client Obtain the IP address of the VLAN interface on the server. Telnet login authentication modes Authentication falls into local authentication and remote authentication.

  • Page 43: Configuring None Authentication For Telnet Login

    Authentication Configuration Remarks mode Configure the authentication username and password. Local authentication Configure the AAA scheme used by the domain as local. Configuring none authentication for Telnet login Configuration prerequisites Log in to the device. By default, log in to the device through the console port without authentication, having user privilege level 3 after login.

  • Page 44: Configuring Password Authentication For Telnet Login

    Figure 12 Configuration page Configuring password authentication for Telnet login Configuration prerequisites Log in to the device. By default, log in to the device through the console port without authentication, having user privilege level 3 after login. For information about logging in to the device with the default configuration, see "Configuration requirements."...

  • Page 45: Configuring Scheme Authentication For Telnet Login

    VTY user interfaces (optional)." When logging in to the device through Telnet again, perform the following steps: Enter the login password. A prompt such as <HP> appears after you enter the correct password and • press Enter, as shown in Figure If "...

  • Page 46

    Task… Command… Remarks Required. Enable Telnet. telnet server enable By default, the Telnet service is disabled. Enter one or multiple VTY user interface user-interface vty first-number — views. [ last-number ] Required. Whether local, RADIUS, or HWTACACS authentication is Specify scheme authentication authentication-mode scheme...

  • Page 47

    Task… Command… Remarks Optional. • By default, command accounting is disabled. The accounting server does not record the commands executed by users. • Command accounting allows the HWTACACS server to record all executed commands that are supported by the device, regardless of the command execution result.

  • Page 48

    For more information about AAA, RADIUS, and HWTACACS, see Security Configuration Guide. When logging in to the device through Telnet again: Enter the login username and password. A prompt such as <HP> appears after you enter the correct • username (for example, admin) and password and press Enter, as shown in...

  • Page 49: Configuring Common Settings For Vty User Interfaces (optional)

    Figure 14 Configuration page Configuring common settings for VTY user interfaces (optional) CAUTION: The auto-execute command command may disable configuring the system through the user interface to which the command is applied. Before configuring the command and saving the configuration (by using the save command), make sure that you can access the device through VTY or AUX user interfaces to remove the configuration if a problem occurs.

  • Page 50: Configuring The Device To Log In To A Telnet Server As A Telnet Client

    Task… Command… Remarks Define shortcut Optional. escape-key { default | for termin- character } By default, press Ctrl+C to terminate a task. ating tasks. Configure Optional. the type of terminal type { ansi | terminal vt100 } By default, the terminal display type is ANSI. display.

  • Page 51: Logging In Through Ssh

    Figure 15 Telnet from one device (Telnet client) to another device (Telnet server) If the Telnet client port and the Telnet server port that connect them are not in the same subnet, make sure that the two devices can reach each other. Configuration procedure Task…...

  • Page 52: Configuring The Ssh Server

    On an SSH client device, log in to an SSH server to perform operations on the server. • On an SSH server device, configure the authentication mode and user level for SSH users. By default, • password authentication is adopted for SSH login, but no login password is configured, so you cannot log in to the device through SSH by default.

  • Page 53

    Task… Command… Remarks Optional. • By default, command authorization is not enabled. • By default, command level for a login user depends on the user privilege level. The user is authorized the command with the default level not higher than the user privilege level.

  • Page 54

    Task… Command… Remarks Apply the authentication default specified { hwtacacs-scheme hwtacacs- scheme-name [ local ] | local scheme | none | radius-scheme radius-scheme-name [ local ] } domain. Exit system quit view. Required. Create a local user and enter local-user user-name local user view.

  • Page 55: Configuring The Ssh Client To Log In To The Ssh Server

    Configuring the SSH client to log in to the SSH server If the SSH client and the SSH server are not in the same subnet, make sure that the two devices can reach each other. Configuration prerequisites Log in to the device. By default, log in to the device through the console port without authentication, having user privilege level 3 after login.

  • Page 56

    Task… Command… Remarks Display the configuration of the display telnet client configuration device when it serves as a Telnet [ | { begin | exclude | include } Available in any view. client. regular-expression ] Available in user view. Multiple users can log in to the system to simultaneously configure the device.

  • Page 57

    Web login Overview The device provides a built-in web server that enables logging in to the device’s web interface from a PC. The device supports the following web login methods: HTTP login—HTTP is used for transferring web page information across the Internet. It is an •...

  • Page 58: Configuring Https Login

    Task… Command… Remarks Optional. By default, the HTTP service is not associated with any ACL. Associate the HTTP service ip http acl acl-number Associating the HTTP service with with an ACL. an ACL enables the device to allow only clients permitted by the ACL to access the device.

  • Page 59

    Task… Command… Remarks Required. Disabled by default. Enabling the HTTPS service triggers an SSL handshake negotiation process. During the process, if the local certificate of the device exists, the SSL negotiation succeeds, and the HTTPS service can be started Enable the HTTPS ip https enable properly.

  • Page 60: Displaying Web Login

    Task… Command… Remarks Required. Specify service type for the service-type web By default, no service type is configured for the local local user. user. Exit to system view. quit — Required. Create VLAN interface vlan-interface interface and enter If the VLAN interface already exists, the command vlan-interface-id its view.

  • Page 61

    # Create VLAN 999, and add interface GigabitEthernet 1/0/1 on the device that connects to the PC to VLAN 999. <Sysname> system-view [Sysname] vlan 999 [Sysname-vlan999] port GigabitEthernet 1/0/1 [Sysname-vlan999] quit # Configure the IP address of VLAN 999 as 192.168.20.66 and the subnet mask as 255.255.255.0. [Sysname] interface vlan-interface 999 [Sysname-VLAN-interface999] ip address 192.168.20.66 255.255.255.0 [Sysname-VLAN-interface999] quit...

  • Page 62: Https Login Example

    HTTPS login example Network requirements As shown in Figure 20, configure HTTPS login to prevent unauthorized users from accessing the Device: Configure the Device as the HTTPS server, and request a certificate for it. • The Host acts as the HTTPS client. Request a certificate for it. •...

  • Page 63

    [Device-pki-domain-1] certificate request from ra [Device-pki-domain-1] certificate request entity en [Device-pki-domain-1] quit # Create RSA local key pairs. [Device] public-key loc al create rsa # Retrieve the CA certificate from the certificate issuing server. [Device] pki retrieval-certificate ca domain 1 # Request a local certificate from a CA through SCEP for the device.

  • Page 64

    Enter https://10.1.1.1 in the address bar, and select the certificate issued by new-ca. Then the web login page of the Device appears. On the login page, enter the username usera, and password 123 to enter the web management page.

  • Page 65

    NMS login Overview The device supports multiple NMS programs. An NMS is a manager in an SNMP-enabled network which offers a user-friendly interface to facilitate network management. An NMS runs the SNMP client software. Agents are programs that reside in the device. Agents receive and handle requests from the NMS.

  • Page 66

    Task… Command… Remarks Optional. Disabled by default. enable SNMP agent with Enable SNMP agent snmp-agent this command or any command that begins with snmp-agent. Optional. snmp-agent mib-view { excluded | included } By default, the MIB view Create or update MIB view information view-name oid-tree name is ViewDefault and [ mask mask-value ]...

  • Page 67: Nms Login Example

    Task… Command… Remarks snmp-agent usm-user v3 user- Required name group-name [ [ cipher ] authentication-mode { md5 | If the cipher keyword is specified, Add a user to the SNMP sha } auth-password [ privacy- both auth-password and priv- group mode { 3des | aes128 | des56 } password are cipher-text priv-password ] ] [ acl acl-...

  • Page 68

    Figure 22 iMC login page Enter the username and password, and then click Login. The iMC homepage appears, as shown in Figure Figure 23 iMC homepage...

  • Page 69

    Log in to the iMC and configure SNMP settings for the iMC to find the device. After the device is found, manage and maintain the device through the iMC. For example, query device information or configure device parameters. The SNMP settings on the iMC must be the same as those configured on the device. If not, the device cannot be found or managed by the iMC.

  • Page 70: User Login Control Overview

    User login control User login control overview The device provides the following login control methods: Login Through Login control methods ACL used Configuring source IP-based login control over Telnet Basic ACL users Configuring source and destination IP-based login Telnet Advanced ACL control over Telnet users Configuring source MAC-based login control over Ethernet frame header ACL...

  • Page 71: Configuring Source And Destination Ip-based Login Control Over Telnet Users

    Step… Command… Remarks Required. inbound: Filters incoming Telnet Use the ACL to control user acl [ ipv6 ] acl-number { inbound packets. login by source IP address. | outbound } outbound: Filters outgoing Telnet packets. Configuring source and destination IP-based login control over Telnet users Advanced ACLs can match both source and destination IP addresses of packets, so use advanced ACLs to implement source and destination IP-based login control over Telnet users.

  • Page 72: Source Mac-based Login Control Configuration Example

    Step… Command… Remarks Required. Create Ethernet frame acl number acl-number [ match- By default, no Ethernet frame header ACL and enter its view order { config | auto } ] header ACL exists. rule [ rule-id ] { permit | deny } Configure rules for the ACL Required.

  • Page 73: Configuring Source Ip-based Login Control Over Nms Users

    Configuring source IP-based login control over NMS users log in to the NMS to remotely manage the devices. SNMP is used for communication between the NMS and the agent that resides in the device. By using the ACL, you can control SNMP user access to the device.

  • Page 74: Configuring Source Ip-based Login Control Over Web Users

    Figure 25 Network diagram for configuring source IP-based login control over NMS users Configuration procedure # Create ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit packets sourced from Host A. <Sysname>...

  • Page 75: Logging Off Online Web Users

    Step… Command… Remarks rule [ rule-id ] { permit | deny } [ source { sour-addr sour-wildcard Create rules for this ACL. Required. | any } | time-range time-name | fragment | logging ]* Exit the basic ACL view. quit —...

  • Page 76

    # Associate the ACL with the HTTP service so that only web users from Host B are allowed to access the device. [Sysname] ip http acl 2030...

  • Page 77

    Configuring FTP FTP is an application layer protocol used to share files between server and client over a TCP/IP network. For more information about FTP basic operations, see RFC 959. Overview FTP uses TCP ports 20 and 21. Port 20 is used to transmit data. •...

  • Page 78: Configuring The Ftp Client

    Figure 27 Network diagram for FTP Table 7 Configuration when the device serves as the FTP client Device Configuration Remarks If the remote FTP server supports anonymous FTP, the device can log in to it directly; if Use the ftp command to establish the Device (FTP client) not, the device must obtain the FTP connection to the remote FTP server.

  • Page 79

    When using the ftp or ftp client source command, specify the source interface (such as a loopback) or source IP address. The primary IP address of the specified source interface or the specified source IP address is used as the source IP address of sent FTP packets. The FTP client follows these rules to select the source IP address of packets sent to the FTP server: If no source IP address is specified, the IP address of the output interface of the route to the server is •...

  • Page 80: Managing Directories On The Ftp Server

    Managing directories on the FTP server After the device serving as the FTP client establishes a connection with an FTP server, create or delete folders under the authorized directory of the FTP server. For more information about establishing an FTP connection, see "Establishing an FTP connection."...

  • Page 81: Using Another Username To Log In To The Ftp Server

    Task… Command… Remarks Optional. The ls command only displays the Query a directory or file on the name of a directory or file. The ls [ remotefile [ localfile ] ] remote FTP server. dir command displays detailed information such as the file size and creation time.

  • Page 82: Terminating An Ftp Connection

    Task… Command… Remarks Display the help information of FTP-related commands supported remotehelp [ protocol-command ] Optional. by the remote FTP server. Optional. Enable information display in a verbose detailed manner. Enabled by default. Enable FTP related debugging Optional. when the device acts as the FTP debugging Disabled by default.

  • Page 83

    Figure 28 Network diagram for transferring a system software image file from an FTP server IRF fabric (FTP client) 10.2.1.1/ 16 FTP server Master Slave ( Member _ ID=1) ( Member _ ID=2) 10.1.1.1/16 Internet Note: The orange line represents an IRF connection. Configuration procedure CAUTION: If the available memory space of the device is not enough, use the fixdisk command to clear the...

  • Page 84: Configuring The Ftp Server

    # Specify newest.bin as the main system software image file for next startup of all member switches. <Sysname> boot-loader file newest.bin slot all main This command will set the boot file of the specified board. Continue? [Y/N]:y The specified file will be used as the main boot file at the next reboot on slot 1! The specified file will be used as the main boot file at the next reboot on slot 2! # Reboot the IRF fabric, and the system software image file is updated at the system reboot.

  • Page 85: Configuring Authentication And Authorization On The Ftp Server

    Task… Command… Remarks Manually release connection established with free ftp user username Optional. the specified username. Configuring authentication and authorization on the FTP server To allow FTP user access to directories on the FTP server: Create an account for the user. Authorize the user to access the directories.

  • Page 86: Ftp Server Configuration Example

    Task… Command… Remarks authorization-attribute { acl acl- Optional. number | callback-number callback- number | idle-cut minute | level By default, the FTP/SFTP users can access Configure user level | user-profile profile-name | the root directory of the device, and the properties.

  • Page 87

    [Sysname-luser-abc] authorization-attribute work-directory flash:/ # To access the root directory of the storage medium of a subordinate device (with the member ID 2), replace flash:/ with slot2#flash:/ in authorization-attribute work-directory flash:/. [Sysname-luser-abc] service-type ftp [Sysname-luser-abc] quit # Enable FTP server. [Sysname] ftp server enable [Sysname] quit Configure the PC (FTP client)

  • Page 88: Displaying Ftp

    CAUTION: The system software image file used for the next startup must be saved in the storage medium’s root directory. Copy or move a file to the root directory of the storage medium. For more information about Fundamentals Command Reference the boot-loader command, see Displaying FTP Task…...

  • Page 89

    Configuring TFTP Overview TFTP provides functions similar to those provided by FTP, but it is less complex than FTP in interactive access interface and authentication. It is more suitable in environments where complex interaction is not needed between client and server. TFTP uses the UDP port 69 for data transmission.

  • Page 90: Configuring The Tftp Client

    This mode is more secure but consumes more memory. HP recommends using the secure mode. If you use the normal mode, specify a filename that does not exist in the target directory.

  • Page 91: Displaying The Tftp Client

    Task… Command… Remarks Optional. Use an ACL to control the By default, no ACL is used to device’s access to TFTP tftp-server [ ipv6 ] acl acl-number control the device’s access to servers. TFTP servers. Optional. Specify source By default, the source IP tftp client source { interface interface-type address sent...

  • Page 92

    Figure 31 Smooth upgrading using the TFTP client function IRF fabric (TFTP client) 1.1.1.1/ 16 TFTP server Master Slave ( Member _ ID=1) ( Member _ ID=2) 1.2.1.1/ 16 Internet Note: The orange line represents an IRF connection. Configuration procedure CAUTION: If the available memory space of the master and subordinate devices is not enough, use the fixdisk file...

  • Page 93: Filename Formats

    File management Files such as host software and configuration files necessary for operation are saved in the device’s storage media. Manage files on your device through these operations: Performing file operations, Performing directory operations, Performing storage media operations, Performing batch operations, and Setting prompt modes.

  • Page 94: Displaying File Information

    Displaying file information Task… Command… Remarks Required. Display file or directory dir [ /all ] [ file-url | /all- information. filesystems ] Available in user view. Displaying the contents of a file Task… Command… Remarks Required. Only a .txt file can be displayed. Display the contents of a file.

  • Page 95: Deleting A File

    Deleting a file CAUTION: • The files in the recycle bin still occupy storage space. To delete a file in the recycle bin, execute the reset recycle- bin command in the directory to which the file originally belongs. To save storage space, empty the recycle bin periodically with the reset recycle-bin command.

  • Page 96: Displaying The Current Working Directory

    Task… Command… Remarks Required. Display directory or file dir [ /all ] [ file-url | /all- information. filesystems ] Available in user view. Displaying the current working directory Task… Command… Remarks Required. Display the current working directory. Available in user view. Changing the current working directory Task…...

  • Page 97: Performing Storage Media Operations

    Performing storage media operations Managing storage media space CAUTION: When you format a storage medium, all files stored on it are erased and cannot be restored. If a startup configuration file exists on the storage medium, formatting the storage medium results in loss of the startup configuration file.

  • Page 98: Setting Prompt Modes

    Setting prompt modes The system provides the following prompt modes: alert: The system warns you about operations that may cause problems such as file corruption and • data loss. To prevent incorrect operations, the alert mode is preferred. quiet: The system does not prompt confirmation for any operation. •...

  • Page 99

    Configuration file management The device provides the configuration file management function. Manage configuration files on the user- friendly CLI. Overview A configuration file saves the device configurations as a set of text commands, allowing you to: Save the current configuration to a configuration file so that the configuration takes effect after you •...

  • Page 100: Format And Content Of A Configuration File

    Format and content of a configuration file A configuration file is saved as a text file according to these rules: A configuration file contains commands. • Only non-default configuration settings are saved. • The commands are listed in sections by views, usually in this order: system view, interface view, •...

  • Page 101: Saving The Running Configuration

    Saving the running configuration To make configuration changes take effect at the next startup of the device, save the running configuration to the startup configuration file before the device reboots. Task Remarks Enabling configuration file auto-save. Optional Selecting the modes for saving the configuration file. Required Enabling configuration file auto-save When the configuration file auto-save is enabled, and the current configuration saved with save [ safely ]...

  • Page 102

    However, the related configuration is synchronized to the subordinates to verify the rollback of the configuration after the master is changed. HP recommends using the configuration file generated by using the backup function. Apply configuration rollback in these situations: Running configuration error.

  • Page 103: Configuration Task List

    The value of the file-number argument is determined by memory space. HP recommends that you set • a comparatively small value for the file-number argument if the available memory space is small.

  • Page 104

    If the device configuration does not change frequently, manually save the running configuration as • needed HP recommends saving the running configuration manually, or configuring automatic saving with an • interval longer than 1,440 minutes (24 hours). Task…...

  • Page 105

    Specify the path and filename prefix of a save configuration file before you manually save the • running configuration; otherwise, the operation fails. Before performing any complicated configuration, manually save the running configuration so that • the device can revert to the previous state if the configuration fails. Task…...

  • Page 106

    Task… Command… Remarks Required. Specify a startup configuration file startup saved-configuration cfgfile of all member switches. [ backup | main ] Available in user view. Backing up the startup configuration file The backup function allows copying the startup configuration file from the device to the TFTP server. The backup operation backs up the main startup configuration file to the TFTP server.

  • Page 107

    With startup configuration files deleted, the devices uses factory default configuration at the next startup. Task… Command… Remarks Required. Delete a startup configuration file reset saved-configuration from the storage media. [ backup | main ] Available in user view. Restoring a startup configuration file The restore function allows copying a configuration file from a TFTP server to the root directory of all member switches’...

  • Page 108: Software Upgrade Methods

    Software upgrade configuration Overview Device software consists of the BootWare and system software images. Both are required to start up and run the device. Figure 32 illustrates their relationship. After the device is powered on, it runs the BootWare image, initializes hardware, and displays the hardware information.

  • Page 109: Upgrading Bootware

    Upgrade method Upgrade object Description • You must reboot the whole system to upgrade the software of a device. Software upgrade BootWare and through a system reboot system software • This causes running service interruption during the upgrade process, and is not recommended. •...

  • Page 110

    Upgrading system software (method I) CAUTION: You must save the file for the next device boot in the root directory of the device. Copy or move a file to change the path of it to the root directory. To execute the boot-loader command successfully, save the file for the next device boot in the storage media’s root directory on a member switch.

  • Page 111

    Software upgrade by installing hotfixes Hotfix can repair software defects of the current version without rebooting the switch, protecting the running services of the switch from being interrupted. Basic concepts in hotfix Patch and patch file A patch (also called patch unit), is a package used to fix software defects. Patches are usually released as patch files.

  • Page 112

    Patch state Information about patch states is saved in file patchstate on the Flash. HP recommends not operating this file. Each patch has a state, which can only be switched by commands. The relationship between patch state changes and command actions is shown in 0.

  • Page 113

    The memory patch area supports up to 200 patches. In this example, the memory patch area can load up to eight patches. Figure 34 Patches are not loaded to the memory patch area DEACTIVE state Patches in the DEACTIVE state have been loaded to the memory patch area but have not yet run in the system.

  • Page 114

    Figure 36 Patches are activated RUNNING state After you confirm the ACTIVE patches are running, patch state changes to RUNNING and remain in the RUNNING state after system reboot. If you confirm the first three patches are running, for the five patches Figure 36, their states change from ACTIVE to RUNNING.

  • Page 115: Configuration Prerequisites

    To uninstall all patches in one operation, use undo patch install, which is the same as performing Uninstalling a patch step-by-step. In an IRF fabric, HP recommends that you uninstall all patches in operation. Task… Command…...

  • Page 116

    Optional Configuring the patch file location HP recommends saving the patch file to the root directory of the Flash. The directory specified by the patch-location argument must exist on each member switch of an IRF fabric. If a member switch does not have such a directory, the system cannot locate the patch file on the member switch.

  • Page 117

    CAUTION: Set the file transfer mode to binary mode before using FTP or TFTP to upload or download patch files to or from the Flash of the device. Otherwise, patch file cannot be parsed properly. Loading the correct patch files is the basis of other hotfixing operations. If you install a patch from a patch file, the system loads a patch file from the Flash by default.

  • Page 118

    [ patch-number ] slot Required memory patch area. slot-number Displaying software upgrade In an IRF fabric, HP recommends installing all patches using undo patch install in one operation. Task… Command… Remarks display boot-loader [ slot slot-number ] Display information about system...

  • Page 119

    Configure the TFTP server (Configurations may vary with different types of servers.) Obtain the system software image and configuration file through legitimate channels, such as the official website of HP, agents, and technical staff. Save these files under the TFTP server’s working path for the access of the TFTP clients.

  • Page 120: Network Requirements

    # Download file soft-version2.bin on the TFTP server to the master and subordinate. <IRF> tftp 2.2.2.2 get soft-version2.bin File will be transferred in binary mode Downloading file from remote TFTP server, please wait.... TFTP: 10058752 bytes received in 141 second(s) File downloaded successfully.

  • Page 121

    Configuration procedure CAUTION: Make sure the free Flash space of the device is large enough to store the patch files. Configure the TFTP server. The configuration varies depending on server type, and the configuration procedure is omitted. Enable the TFTP server function. •...

  • Page 122: Device Management, Configuring The Device Name, Configuration Guidelines

    Optional Configure the device name. sysname sysname The default device name is HP. Changing the system time Synchronize your switch with a trusted time source by using NTP or changing the system time before running it on the network.

  • Page 123

    Command Effective system time Configuration example System time clock datetime 2:00 2007/2/2 03:00:00 zone-time Fri zone-offset 1, 2 date-time ± 02/02/2007 clock timezone zone-time add 1 clock timezone zone-time add 1 03:00:00 zone-time Sat 2, 1 date-time 03/03/2007 clock datetime 3:00 2007/3/3 The original system time...

  • Page 124

    Command Effective system time Configuration example System time clock summer-time ss one- 3, 1 off 1:00 2007/1/1 1:00 01:00:00 UTC Tue (date-time outside the 2007/8/8 2 date-time 01/01/2008 daylight saving time clock datetime 1:00 range) 2008/1/1 clock summer-time date-time – summer-offset one-off 1:00 outside the daylight...

  • Page 125

    Command Effective system time Configuration example System time clock timezone zone-time add 1 date-time outside the clock summer-time daylight saving time 01:00:00 zone-time Mon one-off 1:00 range: 01/01/2007 2008/1/1 1:00 2008/8/8 2 date-time clock datetime 1:00 2007/1/1 clock timezone date-time in the daylight zone-time add 1 saving time range, but clock...

  • Page 126

    ****************************************************************************** * Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P. * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ****************************************************************************** Task… Command… Remarks Enter system view system-view — Optional Enable displaying the copyright copyright-info enable statement Enabled by default.

  • Page 127

    Method I—Press the Enter key directly after the command keywords, enter the banner information, • and end with the % character. The % character is not part of the banner information. For example, configure the banner " " as follows: Have a nice day.

  • Page 128

    In an IRF fabric, the exception handling method applies to all member switches. The member switches handle system exceptions independently without affecting one another. Task… Command… Remarks Enter system view. system-view — Optional. Configure software system-failure { maintain | By default, the system reboots to exception handling method.

  • Page 129

    Scheduling a reboot CAUTION: • In an IRF fabric, the command applies to all IRF member switches. • The system displays the alert " " one minute before the reboot. REBOOT IN ONE MINUTE • For data security, if you are performing file operations at the reboot time, the system does not reboot. Perform one of the following commands in user view to schedule a reboot: Task…...

  • Page 130

    Scheduling a job in the non- Scheduling a job in the modular Comparison item modular approach approach Can a job be saved? Yes. Configuring job scheduling To have a job successfully run a command, check that the specified view and command are valid. •...

  • Page 131

    Task… Command… Remarks Configure a command to run at a specific time and date: time time-id at time date command command Configure a command to run at a specific time: Required. time time-id { one-off | repeating } Add commands to the job at time [ month-date month-day | Use any of the commands.

  • Page 132

    Task… Command… Remarks Enter system view. system-view — Optional. Configure the detection timer. shutdown-interval time The detection interval is 30 seconds by default. Configuring temperature thresholds Set the temperature thresholds to monitor chassis temperature changes. The temperature thresholds include a low temperature threshold, a warning temperature threshold, and an alarming temperature threshold.

  • Page 133

    Clearing unused assigned 16-bit interface indexes The switch must maintain persistent 16-bit interface indexes and keep one interface index matched with one interface name for network management. After deleting a logical interface, the switch retains its 16-bit interface index so the same index can be assigned to the interface at interface re-creation.

  • Page 134

    When a transceiver module fails or inappropriately works, check for alarms present on the transceiver module to identify the fault source or examine the key parameters monitored by the digital diagnosis function, including the temperature, voltage, laser bias current, TX power, and RX power. The display transceiver diagnosis interface command cannot display information for some transceiver modules.

  • Page 135

    Task… Command… Remarks display device [ [ slot slot-number [ subslot subslot-number ] ] | verbose ] Display hardware information. Available in any view. [ | { begin | exclude | include } regular-expression ] display device manuinfo [ slot slot- Display the electronic label data number [ subslot subslot-number ] ] [ | Available in any view.

  • Page 136: Support And Other Resources, Subscription Service, Related Information

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...

  • Page 137: Command Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...

  • Page 138

    Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 139

    Index 16-bit interface index, 126 configuring AAA user privilege level, 13 AAA user privilege (CLI), 13 configuring aliases, 5 absolute numbering (CLI), 21 configuring device for Telnet, 43 accessing history commands (CLI), 8 configuring FTP, 70 activating patch file, 1 10 configuring FTP client, 71, 75 ACTIVE patch state, 106 configuring FTP server, 77, 79...

  • Page 140

    displaying, 19 configuring FTP, 71, 75 configuring SSH (CLI), 48 displaying login, 48 editing commands, 4 configuring TFTP, 83, 84 entering commands, 4 establishing FTP connection, 71 entering system view, 2 FTP operation mode, 70 establishing FTP connection, 71 SSH login (CLI), 44 exiting current view, 2 TFTP operation mode, 82 filtering by keyword, 1 1...

  • Page 141

    user, 74 backing up startup file, 99 banner, 1 19 using history, 7 command line interface. See CLI changing system time, 1 15 common patch, 104 CLI, 1 concept command aliases (CLI), 5 common patch, 104 deleting startup file, 99 hotfix basics, 104 detection timer, 125 incremental patch, 104...

  • Page 142

    89 confirming running patch file, 1 10 displaying information, 88 performing operations, 88 console port login (CLI), 23, 24 contacting HP, 130 removing, 89 content of configuration file, 93 displaying controlling display (CLI), 9 CLI, 9, 19...

  • Page 143

    editing commands (CLI), 4 performing operations, 86, 91 renaming, 87 emptying recycle bin, 88 enabling restoring from recycle bin, 88 configuration file auto-save, 94 running configuration, 92, 94 copyright display, 1 18 running configuration save parameters, 96 running configuration auto-save, 97 selecting configuration file save mode, 94 entering startup configuration, 92, 93...

  • Page 144

    confirming running patch, 1 10 incremental patch, 104 installing deleting patch, 1 1 1 incremental patch, 104 hotfixes to upgrade system software, 104 loading patch file, 109 patch, 108, 109 one step patch installation, 108 step-by-step patch uninstall, 1 10 patch ACTIVE state, 106 interface patch and patch file, 104...

  • Page 145

    Telnet authentication modes (CLI), 35 TFTP client operation, 82 modifying user command level (CLI), 18 Telnet method (CLI), 34 web, 20 modular job scheduling, 123 web method (CLI), 50 moving a file, 87 logging off web users, 68 network management MAC-based Telnet login control, 64, 65 CLI configuration, 1 maintainingCLI login, 48...

  • Page 146

    login (CLI), 58 stopping running patch, 1 1 1 temporary, 104 user login control, 63 none authentication mode performing CLI, 26, 27 batch operations, 90 Telnet, 35, 36 directory operations, 88 non-modular job scheduling, 123 file operations, 86, 91 numbering user interfaces (CLI), 21 storage media operations, 90 one step patch installation, 108 port...

  • Page 147

    scheduling job, 122 configuring IP-source and destination based Telnet login control, 64 scheduling switch reboot, 122 configuring IP-source based NMS login control, 66 SSH login (CLI), 44 configuring IP-source based Telnet login control, 63 Telnet login (CLI), 34 configuring IP-source based web login control, 67, Telnet login authentication (CLI), 35 user login control, 63 configuring job scheduling, 123...

  • Page 148

    deleting a file, 88 manually saving running configuration, 97 modifying user command level (CLI), 18 deleting patch, 1 1 1 deleting startup configuration file, 99 modular job scheduling, 123 diagnosing transceiver modules, 127 moving a file, 87 disable multi-screen display (CLI), 9 non-modular job scheduling, 123 displaying CLI, 19 operating FTP files, 73...

  • Page 149

    recycle bin configuring user privilege under interface (CLI), 14 configuring user privilege with AAA (CLI), 13 emptying, 88 restoring files, 88 configuring user privilege (CLI), 12 redisplaying command (CLI), 7 login method (CLI), 23 relative numbering (CLI), 22 modifying user command level (CLI), 18 removing a directory, 89 saving user privilege configuration (CLI), 18 renaming a file, 87...

  • Page 150

    configuring exception handling, 120 configuring FTP client, 71, 75 configuring FTP server, 77, 79 displaying upgrade, 1 1 1 system reboot method, 102 configuring HTTP login (CLI), 50, 53 upgrade configuration, 101, 1 12 configuring HTTPS login (CLI), 51, 55 upgrade methods, 101 configuring job scheduling, 123 upgrading (method I), 103...

  • Page 151

    user login control, 63 login authentication modes (CLI), 35 user login control, 63 user privilege level (CLI), 15, 16, 17 web login (CLI), 50 temperature threshold, 125 switching user privilege level (CLI), 15 temporary patch, 104 symbols, 131 TFTP system administration client operation mode, 82 changing system time, 1 15 configuration, 82...

  • Page 152

    configuring privilege with AAA (CLI), 13 username, 74 using online help (CLI), 3 modifying command level (CLI), 18 saving privilege configuration (CLI), 18 verifying transceiver modules, 126 switching user privilege level (CLI), 15, 16, 17 VTY optional common settings (CLI), 42 user interface, 21 user interface configuring IP-source based login control, 67, 68...

Comments to this Manuals

Symbols: 0
Latest comments: