HPE FlexNetwork 5510 HI Series Fundamentals Configuration Manual
  1. Manuals
  2. Brands
  3. HPE Manuals
  4. Network Router
  5. FlexNetwork 5510 HI Series
  6. Fundamentals configuration manual

HPE FlexNetwork 5510 HI Series Fundamentals Configuration Manual

Hide thumbs Also See for FlexNetwork 5510 HI Series:
Table of Contents

Advertisement

Quick Links

See also: Configuration Manual , Installation Manual
HPE FlexNetwork 5510 HI Switch Series
Fundamentals

Configuration Guide

Part number: 5200-0067a
Software version: Release 11xx
Document version: 6W101-20161221

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FlexNetwork 5510 HI Series and is the answer not in the manual?

Questions and answers

Related Manuals for HPE FlexNetwork 5510 HI Series

Summary of Contents for HPE FlexNetwork 5510 HI Series

  • Page 1: Configuration Guide

    HPE FlexNetwork 5510 HI Switch Series Fundamentals Configuration Guide Part number: 5200-0067a Software version: Release 11xx Document version: 6W101-20161221...
  • Page 2 © Copyright 2015, 2016 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Contents Using the CLI ··················································································1 CLI views ··································································································································· 1 Entering system view from user view························································································· 2 Returning to the upper-level view from any view ·········································································· 2 Returning to user view ············································································································ 2 Accessing the CLI online help········································································································· 2 Using the undo form of a command ································································································· 3 Entering a command·····················································································································...
  • Page 4 Controlling SNMP access ············································································································ 37 Configuration procedure ······································································································· 37 Configuration example ········································································································· 38 Configuring command authorization ······························································································· 39 Configuration procedure ······································································································· 39 Configuration example ········································································································· 40 Configuring command accounting ································································································· 41 Configuration procedure ······································································································· 42 Configuration example ········································································································· 42 Configuring RBAC ·········································································· 44 Overview ··································································································································...
  • Page 5 Configuring TFTP ··········································································· 79 FIPS compliance ························································································································ 79 Configuring the device as an IPv4 TFTP client ················································································· 79 Configuring the device as an IPv6 TFTP client ················································································· 80 Managing the file system ································································· 81 FIPS compliance ························································································································ 81 Storage medium naming rules ······································································································ 81 File name formats ······················································································································...
  • Page 6 Software types ·················································································································· 102 Software file naming conventions ························································································· 102 Comware image redundancy and loading procedure ································································ 102 System startup process ······································································································ 103 Upgrade methods ···················································································································· 104 Upgrade procedure summary ····································································································· 104 Preparing for the upgrade ·········································································································· 105 Preloading the Boot ROM image to Boot ROM ·············································································· 105 Specifying startup images and completing the upgrade ···································································...
  • Page 7 Setting the system time ······································································································ 133 Enabling displaying the copyright statement ·················································································· 134 Configuring banners ················································································································· 134 Banner types ···················································································································· 134 Banner input modes ··········································································································· 134 Configuration procedure ····································································································· 135 Setting the table capacity mode ·································································································· 136 Rebooting the device ················································································································ 136 Configuration guidelines ·····································································································...
  • Page 8 Automatic configuration using HTTP server and Python script ··················································· 170 Automatic IRF setup ·········································································································· 171 Document conventions and icons ···················································· 174 Conventions ···························································································································· 174 Network topology icons ············································································································· 175 Support and other resources··························································· 176 Accessing Hewlett Packard Enterprise Support·············································································· 176 Accessing updates ···················································································································...

  • Page 9: Using The Cli

    Using the CLI At the command-line interface (CLI), you can enter text commands to configure, manage, and monitor the device. The following text is displayed when you access the CLI: ****************************************************************************** * Copyright (c) 2010-2016 Hewlett Packard Enterprise Development LP * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.

  • Page 10: Entering System View From User View

    Enter interface view to configure interface parameters.  Enter VLAN view to add ports to the VLAN.  Enter user line view to configure login user attributes.  To display all commands available in a view, enter a question mark (?) at the view prompt. Entering system view from user view Task Command...

  • Page 11: Using The Undo Form Of A Command

    logging Display logs on the current terminal monitor Enable to display logs on the current terminal If the question mark is in the place of an argument, the CLI displays the description for the  argument. For example: <Sysname> system-view [Sysname] interface vlan-interface ? <1-4094>...

  • Page 12: Entering A Text Or String Type Value For An Argument

    Keys Function characters. Unless the buffer is full, all common characters that you enter before pressing Enter are saved in the edit buffer. Deletes the character to the left of the cursor and moves the cursor back Backspace one character. Left arrow key (←) Moves the cursor one character to the left.

  • Page 13: Configuring And Using Command Hotkeys

    The command string represented by an alias can include up to nine parameters. Each parameter starts with the dollar sign ($) and a sequence number in the range of 1 to 9. For example, you can configure the alias shinc for the command display ip $1 | include $2. Then, to execute the display ip routing-table | include Static command, you can enter shinc routing-table Static.

  • Page 14: Enabling Redisplaying Entered-But-Not-Submitted Commands

    Step Command Remarks • to a hotkey. ctrl_t | ctrl_u } command Ctrl+G assigned display current-configuration command. • Ctrl+L is assigned the display ip routing-table command. • Ctrl+O is assigned the undo debugging all command. • No command is assigned to Ctrl+T or Ctrl+U.

  • Page 15: Understanding Command-Line Error Messages

    Step Command Remarks entered-but-not-sub entered-but-not-submitted commands. mitted commands. For more information about this command, see Network Management Monitoring Command Reference. Understanding command-line error messages After you press Enter to submit a command, the command line interpreter examines the command syntax. •...

  • Page 16: Command Buffering Rules

    Command history buffer for a user Command history buffer for all Item line user lines HyperTerminal or Telnet, use the up or down arrow key (↑ or ↓). In Windows 9x HyperTerminal, use  Ctrl+P and Ctrl+N. (Method 2.) Use the repeat command. •...

  • Page 17: Controlling The Cli Output

    Controlling the CLI output This section describes the CLI output control features that help you identify the desired output. Pausing between screens of output The system automatically pauses after displaying a screen if the output is too long to fit on one screen.

  • Page 18: Filtering The Output From A Display Command

    <Sysname> display clock | by-linenum 06:14:21 UTC Sat 01/01/2011 Filtering the output from a display command You can use the | { begin | exclude | include } regular-expression option to filter the display command output. • begin—Displays the first line matching the specified regular expression and all subsequent lines.
  • Page 19 Characters Meaning Examples Matches the preceding character n times. The number n must be a "o{2}" matches "food", but not "Bob". nonnegative integer. Matches the preceding character n times or more. The number n must be {n,} "o{2,}" matches "foooood", but not "Bob". a nonnegative integer.

  • Page 20: Saving The Output From A Display Command To A File

    user-role network-operator ssh server enable return # Use | exclude Direct for the display ip routing-table command to filter out direct routes and display only the non-direct routes. <Sysname> display ip routing-table | exclude Direct Destinations : 12 Routes : 12 Destination/Mask Proto Cost...

  • Page 21: Viewing And Managing The Output From A Display Command Effectively

    # Verify that the system time information is appended to the end of file clock.txt. <Sysname> more clock.txt 06:03:58 UTC Sat 01/01/2014 06:04:58 UTC Sat 01/01/2014 Viewing and managing the output from a display command effectively You can use the following methods in combination to filter and manage the output from a display command: •...

  • Page 22: Login Overview

    Login overview The first time you access the device, you can log in to the CLI through the console port. After login, you can change console login parameters or configure other access methods, including Telnet, SSH, modem and SNMP. Telnet is not supported in FIPS mode. Table 7 Login methods at a glance Default settings...

  • Page 23: Logging In Through The Console Port For The First Device Access

    Data bits—8.  Power on the device and press Enter as prompted. The default user view prompt <HPE> appears. ou can enter commands to configure or manage the device. To get help, enter ?. Press Ctrl-B to enter Boot Menu...
  • Page 24 Press ENTER to get started. <HPE>%Sep 24 09:48:54:109 2014 HPE SHELL/4/LOGIN: Console login from aux0 <HPE>...

  • Page 25: Logging In To The Cli

    Logging in to the CLI By default, you can log in to the CLI through the console port. After you log in, you can configure other login methods, including Telnet, SSH, and modem dial-in. To prevent illegal access to the CLI and control user behavior, perform the following tasks as required: •...

  • Page 26: Login Authentication Modes

    Login authentication modes You can configure login authentication to prevent illegal access to the device CLI. In non-FIPS mode, the device supports the following login authentication modes: None—Disables authentication. This mode allows access without authentication and is • insecure. Password—Requires password authentication. •...

  • Page 27: Logging In Through The Console Port Locally

    Logging in through the console port locally You can connect a terminal to the console port of the device to log in and manage the device, as shown in Figure 3. For the login procedure, see "Logging in through the console port for the first device access."...

  • Page 28: Configuring Password Authentication For Console Login

    Step Command Remarks Assign user By default, an AUX line user is assigned the user-role role-name user role network-admin. role. The next time you log in through the console port, you do not need to provide a username or password. Configuring password authentication for console login Step Command...

  • Page 29: Configuring Common Aux Line Settings

    Step Command Remarks Enable scheme By default, authentication is disabled for the authentication-mode scheme authentication. AUX line. To use scheme authentication, you must also perform the following tasks: • Configure login authentication methods in ISP domain view. • To use remote authentication, configure the scheme to be used. •...

  • Page 30: Logging In Through Telnet

    Step Command Remarks The default is 8. Configure this command depending the Specify character coding type. For example, set the number of data number of data bits to 7 for standard ASCII databits { 5 | 6 | 7 | 8 } bits each characters.

  • Page 31: Configuring Telnet Login On The Device

    NOTE: Telnet login is not supported in FIPS mode. For more information about FIPS mode, see Security Configuration Guide. Configuring Telnet login on the device Task Remarks (Required.) Configuring login authentication: • Disabling authentication for Telnet login Configure one authentication mode as •...
  • Page 32 The next time you Telnet to the device, you do not need to provide a username or password, as shown in Figure 4. If the maximum number of login users has been reached, your login attempt fails and the message "All user lines are used, please try later!" appears. Figure 4 Telnetting to the device without authentication Configuring password authentication for Telnet login Step...
  • Page 33 Figure 5 Password authentication interface for Telnet login Configuring scheme authentication for Telnet login Step Command Remarks Enter system view. system-view By default, the Telnet server feature is Enable Telnet server. telnet server enable disabled. A setting in user line view is applied only to the user line.
  • Page 34 Figure 6 Scheme authentication interface for Telnet login Setting the maximum number of concurrent Telnet users Step Command Remarks Enter system view. system-view By default, the maximum number of concurrent Telnet users is 32. Changing this setting does not affect online Set the maximum number users.

  • Page 35: Using The Device To Log In To A Telnet Server

    Step Command Remarks [ last-number ] applied to all user lines of the class. • Enter VTY line class A non-default setting in either view takes view: precedence over a default setting in the other line class vty view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.

  • Page 36: Logging In Through Ssh

    Figure 7 Telnetting from the device to a Telnet server IP network Telnet client Telnet server To use the device to log in to a Telnet server: Step Command Remarks Enter system view. system-view By default, no source IPv4 address or source interface is (Optional.) Specify the telnet client...
  • Page 37 Step Command Remarks public-key local create { dsa Create local | rsa | ecdsa } [ name By default, no local key pairs are created. pairs. key-name ] Enable SSH server. ssh server enable By default, SSH server is disabled. •...

  • Page 38: Using The Device To Log In To An Ssh Server

    Step Command Remarks maximum number of max-sessions concurrent SSH users is 32. concurrent Changing this setting does not affect online users. users. If the current number of online SSH users is equal to or greater than the new setting, no additional SSH users can log in until online users log out.
  • Page 39 Figure 9 Connecting the PC to the device through modems Telphone Telphone Serial Serial cable cable cable cable PSTN Console port Modem Modem Device Obtain the telephone number of the device-side modem. Configure the following settings on the device-side modem: AT&F—Restores the factory default.
  • Page 40 Figure 12 Dialing the number After you hear the dial tone, press Enter as prompted. If the authentication mode is none, the prompt <HPE> appears. If the authentication mode is password or scheme, you must enter the correct authentication information as prompted.

  • Page 41: Displaying And Maintaining Cli Login

    Figure 13 Login page IMPORTANT: Do not directly close the HyperTerminal. Doing so can cause some modems to stay in use, and your subsequent dial-in attempts will always fail. To disconnect the PC from the device, execute the appropriate ATH command in the HyperTerminal. If the command cannot be entered, enter AT+ + +.
  • Page 42 Task Command Remarks send { all | num1 | { aux | vty } Send messages to user Use this command in user view. lines. num2 }...

  • Page 43: Accessing The Device Through Snmp

    Accessing the device through SNMP You can run SNMP on an NMS to access the device MIB and perform Get and Set operations to manage and monitor the device. Figure 14 SNMP access diagram Get/Set requests Get/Set responses Agent and Traps The device supports SNMPv1, SNMPv2c, and SNMPv3, and can cooperate with various network management software products, including IMC.

  • Page 44: Controlling User Access

    Controlling user access Use ACLs to prevent unauthorized access and configure command authorization and accounting to monitor and control user behavior. For more information about ACLs, see ACL and QoS Configuration Guide. FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode.

  • Page 45: Controlling Snmp Access

    Configure the device to permit only Telnet packets sourced from Host A and Host B. Figure 15 Network diagram Host A 10.110.100.46 IP network Device Host B 10.110.100.52 Configuration procedure # Configure an ACL to permit packets sourced from Host A and Host B. <Sysname>...

  • Page 46: Configuration Example

    Step Command Remarks [ read-view view-name ] [ write-view view-name ] [ notify-view view-name ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * b. snmp-agent usm-user { v1 | v2c } user-name group-name acl-number ipv6 ipv6-acl-number ] * To control SNMPv3 access, configure ACLs and perform the following tasks: Step Command Remarks...

  • Page 47: Configuring Command Authorization

    Figure 16 Network diagram Host A 10.110.100.46 IP network Device Host B 10.110.100.52 Configuration procedure # Create an ACL to permit packets sourced from Host A and Host B. <Sysname> system-view [Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit # Associate the ACL with the SNMP community and the SNMP group.

  • Page 48: Configuration Example

    Step Command Remarks line class { aux | vty } other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view. A setting in user line view takes effect immediately and affects the online user. A setting in user line class view does not affect online users and takes effect only for new login users.

  • Page 49: Configuring Command Accounting

    Configuration procedure # Assign IP addresses to relevant interfaces. Make sure the device and the HWTACACS server can reach each other. Make sure the device and Host A can reach each other. (Details not shown.) # Enable the Telnet server. <Device>...

  • Page 50: Configuration Procedure

    command authorization are enabled, only authorized commands that are executed are recorded on the HWTACACS server. This section provides only the procedure for configuring command accounting. To make the command accounting feature take effect, you must configure a command accounting method in ISP domain view.
  • Page 51 Figure 18 Network diagram HWTACAS server 192.168.2.20/24 Console Connection Internet Device Host C Host A 10.10.10.10/24 Intranet Host B 192.168.1.20/24 Configuration procedure # Enable the Telnet server. <Device> system-view [Device] telnet server enable # Enable command accounting for user line AUX 0. [Device] line aux 0 [Device-line-aux0] command accounting [Device-line-aux0] quit...

  • Page 52: Configuring Rbac

    Configuring RBAC Overview Role-based access control (RBAC) controls user access to items and system resources based on user roles. In this chapter, items include commands, XML elements, and MIB nodes, and system resources include interfaces, VLANs, and VPN instances. RBAC assigns access permissions to user roles that are created for different job functions. Users are given permission to access a set of items and resources based on the users' user roles.
  • Page 53 A user role can access the set of permitted commands, XML elements, and MIB nodes specified in the user role rules. The user role rules include predefined (identified by sys-n) and user-defined user role rules. For more information about the user role rule priority, see "Configuring user role rules."...

  • Page 54: Assigning User Roles

    User role name Permissions user account. Level-9 access rights are configurable. RBAC non-debugging commands.  Local users.  File management.  Device management.  The display history-command all command.  • level-15—Has the same rights as network-admin. Security log manager. The user role has the following access to security log files: •...

  • Page 55: Fips Compliance

    FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. Configuration task list Tasks at a glance (Required.) Creating user roles...

  • Page 56: Configuration Restrictions And Guidelines

    Configuration restrictions and guidelines When you configure RBAC user role rules, follow these restrictions and guidelines: • You can configure a maximum of 256 user-defined rules for a user role. The total number of user-defined user role rules cannot exceed 1024. •...

  • Page 57: Configuring Feature Groups

    Step Command Remarks • feature names the same as the Configure an XML element rule: rule number { deny | permit } feature names displayed, including the case. { execute | read | write } * xml-element [ xml-string ] •...

  • Page 58: Configuring The Vlan Policy Of A User Role

    Step Command Remarks interfaces. This command denies the access of the user role to all interfaces if the permit interface command is not configured. By default, no accessible interfaces are configured in user role interface (Optional.) Specify a list of policy view.

  • Page 59: Assigning User Roles

    Assigning user roles To control user access to the system, you must assign a minimum of one user role. Make sure a minimum of one user role among the user roles assigned by the server exists on the device. User role assignment procedure varies for remote AAA authentication users, local AAA authentication users, and non-AAA authentication users (see "Assigning user...

  • Page 60: Assigning User Roles To Non-Aaa Authentication Users On User Lines

    • When you assign the security-audit user role to a local user, the system requests confirmation to delete all the other user roles of the local user first. • When you assign the other user roles to a local user who has been assigned the security-audit user role, the system requests confirmation to delete the security-audit user role for the local user first.

  • Page 61: Configuring Temporary User Role Authorization

    Step Command Remarks other user line. device cannot assign security-audit user role to non-AAA authentication users. Configuring temporary user role authorization Temporary user role authorization allows you to obtain another user role without reconnecting to the device. This feature is useful when you want to use a user role temporarily to configure a feature. Temporary user role authorization is effective only on the current login.

  • Page 62: Configuring User Role Authentication

    b. The default ISP domain. • If you execute the quit command after obtaining user role authorization, you are logged out of the device. Table 11 User role authentication modes Keywords Authentication mode Description The device uses the locally configured password for authentication.

  • Page 63: Obtaining Temporary User Role Authorization

    Step Command Remarks super password [ role target user role. rolename ] Obtaining temporary user role authorization AUX or VTY users must pass authentication before they can use a user role that is not included in the user account they are logged in with. Perform the following task in user view: Task Command...
  • Page 64 Figure 19 Network diagram Vlan-int 2 192.168.1.70/24 Internet Telnet user Switch 192.168.1.58/24 Configuration procedure # Assign an IP address to VLAN-interface 2, the interface connected to the Telnet user. <Switch> system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Enable Telnet server.

  • Page 65: Rbac Configuration Example For Radius Authentication Users

    [Switch-luser-manage-user1] undo authorization-attribute user-role network-operator [Switch-luser-manage-user1] quit Verifying the configuration # Telnet to the switch, and enter the username and password to access the switch. (Details not shown.) # Verify that you can create VLANs 10 to 20. This example uses VLAN 10. <Switch>...
  • Page 66 Figure 20 Network diagram RADIUS server 10.1.1.1/24 Vlan-int 3 10.1.1.2/24 Vlan-int 2 192.168.1.70/24 Internet Telnet user Switch 192.168.1.58/24 Configuration procedure Make sure the settings on the switch and the RADIUS server match. Configure the switch: # Assign VLAN-interface 2 an IP address from the same subnet as the Telnet user. <Switch>...
  • Page 67 # Create feature group fgroup1. [Switch] role feature-group name fgroup1 # Add the arp and radius features to the feature group. [Switch-featuregrp-fgroup1] feature arp [Switch-featuregrp-fgroup1] feature radius [Switch-featuregrp-fgroup1] quit # Create the user role role2. [Switch] role name role2 # Configure rule 1 to permit the user role to use all commands available in ISP view. [Switch-role-role2] rule 1 permit command system-view ;...

  • Page 68: Rbac Temporary User Role Authorization Configuration Example (Hwtacacs Authentication)

    # Verify that you can use all read and write commands of the radius and arp features. This example uses radius. [Switch] radius scheme rad [Switch-radius-rad] primary authentication 2.2.2.2 [Switch-radius-rad] display radius scheme rad … Output of the RADIUS scheme is omitted. # Verify that you cannot configure any VLAN except VLANs 1 to 20.
  • Page 69 [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Assign an IP address to VLAN-interface 3, the interface connected to the HWTACACS server. [Switch] interface vlan-interface 3 [Switch-Vlan-interface3] ip address 10.1.1.2 255.255.255.0 [Switch-Vlan-interface3] quit # Enable Telnet server. [Switch] telnet server enable # Enable scheme authentication on the user lines for Telnet users.
  • Page 70 # Set the local authentication password to 654321 for the user role network-admin. [Switch] super password role network-admin simple 654321 [Switch] quit Configure the HWTACACS server: This example uses ACSv4.0. a. Access the User Setup page. b. Add a user account named test. (Details not shown.) c.
  • Page 71 Figure 23 Configuring custom attributes for the Telnet user Verifying the configuration Telnet to the switch, and enter the username test@bbb and password aabbcc to access the switch. Verify that you have access to diagnostic commands. <Switch> telnet 192.168.1.70 Trying 192.168.1.70 ... Press CTRL+K to abort Connected to 192.168.1.59 ...

  • Page 72: Rbac Temporary User Role Authorization Configuration Example (Radius Authentication)

    Verify that you can obtain the level-3 user role: # Use the super password to obtain the level-3 user role. When the system prompts for a username and password, enter the username test@bbb and password enabpass. <Switch> super level-3 Username: test@bbb Password: The following output shows that you have obtained the level-3 user role.
  • Page 73 [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Assign an IP address to VLAN-interface 3, the interface connected to the RADIUS server. [Switch] interface vlan-interface 3 [Switch-Vlan-interface3] ip address 10.1.1.2 255.255.255.0 [Switch-Vlan-interface3] quit # Enable Telnet server. [Switch] telnet server enable # Enable scheme authentication on the user lines for Telnet users.
  • Page 74 Configure the RADIUS server: This example uses ACSv4.2. a. Add a user account named $enab0$ and set the password to 123456. (Details not shown.) b. Access the Cisco IOS/PIX 6.x RADIUS Attributes page. c. Configure the cisco-av-pair attribute, as shown in Figure Figure 25 Configuring the cisco-av-pair attribute Verifying the configuration...

  • Page 75: Troubleshooting Rbac

    Password: The following output shows that you have obtained the network-admin user role. User privilege role is network-admin, and only those commands that authorized to the role can be used. # If the ACS server does not respond, enter the local authentication password abcdef654321 at the prompt.
  • Page 76 Add the user role authorization attributes on the RADIUS server.  If the problem persists, contact Hewlett Packard Enterprise Support.

  • Page 77: Configuring Ftp

    Configuring FTP File Transfer Protocol (FTP) is an application layer protocol based on the client/server model. It is used to transfer files from one host to another over an IP network, as shown in Figure FTP server uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959.

  • Page 78: Configuring Authentication And Authorization

    Step Command Remarks server. (Optional.) Associate an SSL server server policy with the FTP By default, no SSL server policy is ssl-server-policy server ensure data associated with the FTP server. policy-name security. default, connection idle-timeout timer is 30 minutes. (Optional.) If no data transfer occurs on an FTP ftp timeout minutes connection...

  • Page 79: Manually Releasing Ftp Connections

    Manually releasing FTP connections Task Command • Release the FTP connection established using a specific user account: free ftp user username Manually release FTP connections. • Release the FTP connection to a specific IP address: free ftp user-ip [ ipv6 ] client-address [ port port-num ] Displaying and maintaining the FTP server Execute display commands in any view.

  • Page 80: Using The Device As An Ftp Client

    # Create a local user account abc, set the password to 123456, the user role to network-admin, the working directory to the root directory of the Flash, and the service type to FTP. (To set the working directory to the Flash root directory of the subordinate member, replace flash:/ in the authorization-attribute command with slot2#flash:/.) # Create a local user with the username abc and password 123456.
  • Page 81 Step Command Remarks Enter system view. system-view By default, no source IP (Optional.) Specify a source client source interface address is specified, and the IP address for outgoing FTP interface-type interface-number | ip primary IP address of the packets. source-ip-address } output interface is used as the source IP address.

  • Page 82: Managing Directories On The Ftp Server

    Managing directories on the FTP server Task Command • Display the detailed information of a directory or file server: dir [ remotefile [ localfile ] ] Display directory and file information on the FTP • server. Display the name of a directory or file on the FTP server: ls [ remotefile [ localfile ] ] cd { directory | ..

  • Page 83: Changing To Another User Account

    Task Command Remarks Display or change the local lcd [ directory | / ] working directory of the FTP client. put localfile [ remotefile ] Upload a file to the FTP server. Download a file from the FTP get remotefile [ localfile ] server.

  • Page 84: Terminating The Ftp Connection

    Terminating the FTP connection Task Command • disconnect Terminate the connection to the FTP server without exiting FTP • client view. close • Terminate the connection to the FTP server and return to user • quit view. Displaying command help information To display command help information after you log in to the server: Task Command...
  • Page 85 Figure 28 Network diagram IRF (FTP client) 10.2.1.1/16 Master Subordinate FTP server (Member_ID=1) (Member_ID=2) 10.1.1.1/16 Internet Note: The orange line represents an IRF connection. Configuration procedure # Configure IP addresses as shown in Figure 28. Make sure the IRF fabric and PC can reach each other.
  • Page 86 226 Transfer finished successfully. 5205 bytes sent in 0.000 seconds (11.28 Mbytes/s) ftp> bye 221-Goodbye. You uploaded 2 and downloaded 2 kbytes. 221 Logout. <Sysname>...

  • Page 87: Configuring Tftp

    Configuring TFTP Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for data transmission. In contrast to TCP-based FTP, TFTP does not require authentication or complex message exchanges, and is easier to deploy. TFTP is suited for reliable network environments.

  • Page 88: Configuring The Device As An Ipv6 Tftp Client

    Configuring the device as an IPv6 TFTP client Step Command Remarks Enter system view. system-view (Optional.) Use an ACL to By default, no ACL is used for access control the client's access tftp-server ipv6 acl acl-number control. to TFTP servers. tftp client ipv6...

  • Page 89: Managing The File System

    Managing the file system This chapter describes how to manage the device's file system, including the storage media, directories, and files. IMPORTANT: • Before managing storage media, files, and directories, make sure you know the possible impacts. • A file or directory whose name starts with a period (.) is considered a hidden file or directory. Do not give a common file or directory a name that starts with a period.

  • Page 90: Managing Files

    Format Description Example name for the argument. If the file is in a subfolder of the test folder in the current working directory. nested folder, separate each folder name by a forward slash (/). Specifies a file in a storage medium on the device.

  • Page 91: Renaming A File

    Renaming a file Perform this task in user view. Task Command Rename a file. rename fileurl-source fileurl-dest Copying a file Perform this task in user view. Task Command • non-FIPS mode: copy fileurl-source fileurl-dest [ vpn-instance vpn-instance-name ] [ source interface interface-type interface-number ] Copy a file.

  • Page 92: Deleting/Restoring A File

    Deleting/restoring a file You can delete a file permanently or move it to the recycle bin. A file moved to the recycle bin can be restored, but a permanently deleted file cannot. Files in the recycle bin occupy storage space. To save storage space, periodically empty the recycle bin with the reset recycle-bin command.

  • Page 93: Managing Directories

    Managing directories CAUTION: To avoid file system corruption, do not install or remove storage media or perform master/subordinate switchover during directory operations. You can create, display, or remove a directory, and display or change the current working directory. Before you create or remove a directory on a USB disk, make sure the disk is not write protected. Displaying directory information Perform this task in user view.

  • Page 94: Managing Storage Media

    Task Command rmdir directory Remove a directory. Managing storage media CAUTION: To avoid file system corruption: Do not install or remove storage media or perform master/subordinate switchover while the system is repairing, formatting, partitioning, mounting, or unmounting a storage medium. If you remove a storage medium while a folder or file on the storage medium is being accessed, the device might not recognize the storage medium when you reinstall it.

  • Page 95: Mounting Or Unmounting A Storage Medium

    To format a storage medium that has been partitioned, you must format all the partitions individually, instead of formatting the medium as a whole. You can format a storage medium only when no one is accessing the medium. Perform this task in user view. Task Command Format a storage medium.

  • Page 96: Setting The Operation Mode For Files And Folders

    • Back up the files in the storage medium. The partition operation clears all data in the medium. • If you are partitioning a USB disk, make sure the disk is not write protected. Otherwise, the partition operation will fail, and you must remount or reinstall the disk to restore access to the USB disk.

  • Page 97: Managing Configuration Files

    Managing configuration files Overview A configuration file saves a set of commands for configuring software features on the device. You can save any configuration to a configuration file so they can survive a reboot. You can also back up configuration files to a host for future use. You can use the CLI or the Boot menus to manage configuration files.

  • Page 98: Configuration File Formats

    Figure 30 Configuration loading process during startup Start Boot ROM runs Enter Boot menus? Main configuration file available? Backup configuration file available? Select "Skip Load factory Load backup Load main Current System defaults configuration file configuration file Configuration" Software runs with Software runs with Software runs with Software runs with...

  • Page 99: Startup Configuration File Selection

    Startup configuration file selection At startup, the device uses the following procedure to identify the configuration file to load: The device searches for a valid .cfg next-startup configuration file. If one is found, the device searches for an .mdb file that has the same name and content as the .cfg file.

  • Page 100: Enabling Configuration Encryption

    Enabling configuration encryption Configuration encryption enables the device to encrypt a startup configuration file automatically when it saves the running configuration. All HPE devices running Comware V7 software use the same method to encrypt configuration files. NOTE: Any HPE devices running Comware V7 software can decrypt the encrypted configuration files. As a best practice, configure access permissions for an encrypted configuration file to prevent this file from being decoded by any unauthorized users.

  • Page 101: Saving The Running Configuration

    Task Command • Method display diff configfile file-name-s Display configuration differences startup-configuration between the specified configuration file and • Method the next-startup configuration file. display diff startup-configuration configfile file-name-d • Method display diff current-configuration startup-configuration Display configuration differences • Method between the next-startup configuration file display current-configuration diff and the current startup configuration file.

  • Page 102: Configuring Configuration Rollback

    starts overwriting the target next-startup configuration file after the save operation is complete. If a reboot or power failure occurs during the save operation, the next-startup configuration file is still retained. Use the safe mode if the power source is not reliable or you are remotely configuring the device. To save the running configuration, use either of the following command in any view: Task Command...

  • Page 103: Configuring Configuration Archive Parameters

    Tasks at a glance (Required.) Rolling back configuration Configuring configuration archive parameters Before archiving the running configuration, either manually or automatically, you must configure a file directory and file name prefix for configuration archives. Configuration archives are saved with the file name format prefix_serial number.cfg, for example, 20080620archive_1.cfg and 20080620archive_2.cfg.

  • Page 104: Enabling Automatic Configuration Archiving

    Enabling automatic configuration archiving Make sure you have set an archive path and file name prefix before performing this task. To enable automatic configuration archiving: Step Command Remarks Enter system view. system-view By default, this function is disabled. Enable automatic display configuration archive...

  • Page 105: Configuring Configuration Commit Delay

    Step Command Remarks configuration back to the filename must not be encrypted. configuration defined by a configuration file. The configuration rollback function might fail to reconfigure some commands in the running configuration for one of the following reasons: • A command cannot be undone because prefixing the undo keyword to the command does not result in a valid undo command.

  • Page 106: Specifying A Next-Startup Configuration File

    Step Command Remarks in effect. (Optional.) Commit the settings configured after configuration commit configuration commit delay command was executed. Specifying a next-startup configuration file CAUTION: In an IRF fabric, use the undo startup saved-configuration command with caution. This command can cause an IRF split after the IRF fabric or an IRF member reboots. You can use the save [ safely ] [ backup | main ] [ force ] command to save the running configuration to a .cfg configuration file.

  • Page 107: Backing Up The Main Next-Startup Configuration File To A Tftp Server

    Backing up the main next-startup configuration file to a TFTP server Before performing this task, make sure the following requirements are met: • The server is reachable. • The server is enabled with TFTP service. • You have read and write permissions to the server. To back up the main next-startup configuration file to a TFTP server: Step Command...

  • Page 108: Deleting A Next-Startup Configuration File

    Deleting a next-startup configuration file CAUTION: This task permanently deletes the next-startup configuration file from all member devices. Before performing this task, back up the file as needed. Delete the next-startup configuration file if one of the following events occurs: •...
  • Page 109 Task Command for the next system startup. Display the names of the configuration files display startup for this startup and the next startup. Display the valid configuration in the current display this view.

  • Page 110: Upgrading Software

    Upgrading software Overview Software upgrade enables you to add new features and fix bugs. This chapter describes types of software and procedures to upgrade software from the CLI. For a comparison of all software upgrade methods, see "Upgrade methods." Software types The following software types are available: •...

  • Page 111: System Startup Process

    In this procedure, both the main and backup image lists have feature and patch images. If an image list does not have either feature images or patch images, the system starts up with the main boot and system images after they pass verification. If both the main and backup boot images are nonexistent or invalid, connect to the console port, and power cycle the device to load a boot image from the Boot ROM menu.

  • Page 112: Upgrade Methods

    Figure 32 System startup process Start Boot ROM runs Enter Boot menus to Press Ctrl+B upgrade Boot ROM or promptly? startup software images Startup software images System starts up and CLI appears Upgrade methods Upgrading method Software types Remarks • Boot image Upgrading...

  • Page 113: Preparing For The Upgrade

    Download the upgrade software image file. (Optional.) Preload the Boot ROM image to the Boot ROM. If a Boot ROM upgrade is required, you can perform this task to shorten the subsequent upgrade time. This task helps avoid upgrade problems caused by unexpected electricity failure. If you skip this task, the device upgrades the Boot ROM automatically when it upgrades the startup software images.

  • Page 114: Specifying Startup Images For Devices One By One

    To specify startup images and complete the upgrade: Step Command Remarks • Use an .ipe file for upgrade: boot-loader file ipe-filename { backup | main } Specify • main .bin files backup upgrade: startup boot-loader file boot images for all boot-package system devices.

  • Page 115: Displaying And Maintaining Software Image Settings

    Step Command Remarks upgrade: member devices. boot-loader file boot • If the master device started up boot-package system with the main startup image system-package list, its main startup images are feature synchronized feature-package&<1- subordinate devices. This 30> ] slot slot-number synchronization occurs { backup | main }...

  • Page 116: Software Upgrade Examples

    Software upgrade examples Example of software upgrade through a reboot Network requirements As shown in Figure 33, use the file startup-a2105.ipe to upgrade software images for the IRF fabric. Figure 33 Network diagram Master Subordinate (Member ID = 1) (Member ID = 2) IRF link Internet 1.1.1.1/24...

  • Page 117: Patch Installation Example

    Patch installation example Network requirements As shown in Figure 34, the IRF fabric has two members. Patch the software of the switches to fix bugs. Figure 34 Network diagram Master Subordinate (Member_ID=1) (Member_ID=2) Internet 1.1.1.1/24 2.2.2.2/24 Note: The orange line represents an IRF connection. TFTP server Configuration procedure # Download the patch images boot-patch.bin and system-patch.bin from the TFTP server to the...
  • Page 118 flash:/boot.bin flash:/system.bin flash:/boot-patch.bin flash:/system-patch.bin The patch images boot-patch.bin and system-patch.bin are on the list. # Confirm the software changes to make the patch image files take effect at the next startup. <Sysname> install commit # Display confirmed active software images. <Sysname>...

  • Page 119: Performing An Issu

    Performing an ISSU Overview The In-Service Software Upgrade (ISSU) feature upgrades software with a minimum amount of downtime. ISSU is implemented on the basis of the following design advantages: • Separation of service features from basic functions—Device software is segmented into boot, system, and feature images.

  • Page 120: Feature And Software Version Compatibility

    Identifying requirements for a patch or an upgrade to a middle version Use the display install ipe-info or display install package command to display the software image signature information. The signature of a software image might be HP, HP-US, or HPE.

  • Page 121: Identifying The Issu Method

    The Comware system can be upgraded from a version with the HP or HP-US signature to a version with the HPE signature. To upgrade the Comware system from a version without a signature to a version with the HPE signature, you must first complete one of the following tasks: •...

  • Page 122: Understanding Issu Guidelines

    Understanding ISSU guidelines During an ISSU, use the following guidelines: • In a multiuser environment, make sure no other administrators access the device while you are performing the ISSU. • Do not perform any of the following tasks during an ISSU: Reboot member devices.
  • Page 123 Step Command Remarks • .bin files: issu load file { boot filename | Load the upgrade system filename feature images main filename&<1-30> slot startup software Specify the member ID of a subordinate slot-number images member for the slot-number argument. • subordinate .ipe file:...

  • Page 124: Upgrading A Single-Chassis Irf Fabric

    Step Command Remarks Verify that If the ISSU state field displays Init, the display issu state ISSU is finished. ISSU is finished. Upgrading a single-chassis IRF fabric Performing a service upgrade or file upgrade Perform this task in user view. Step Command Remarks...

  • Page 125: Performing An Issu By Using Install Commands

    Performing an ISSU by using install commands ISSU task list Tasks at a glance Remarks To use install commands for upgrade, you must use .bin image files. If the upgrade file is an .ipe file, (Optional.) Decompressing an .ipe file perform this task before you use install commands for upgrade.

  • Page 126: Uninstalling Feature Or Patch Images

    • Chassis by chassis—Activate all the images on one member device, and then move to the next member device. • Image by image—Activate one image on all member devices before activating another image. When you install an image, you must begin with the master device. When you upgrade an image, you must begin with a subordinate device.

  • Page 127: Aborting A Software Activate/Deactivate Operation

    • A reboot upgrade is performed. • The install commit command is executed. After a reboot upgrade is performed, you can roll back the running software images only to the status before any activate or deactivate operations are performed. After a commit operation is performed, you cannot perform a rollback. For a rollback to take effect after a reboot, you must perform a commit operation to update the main startup software image list.

  • Page 128: Removing Inactive Software Images

    If an image is not integral, consistent, or committed, use the install activate, install deactivate, and install commit commands as appropriate to resolve the issue. Perform this task in user view. Task Command install verify Verify software images. Removing inactive software images Removing a software image deletes the image file permanently.

  • Page 129: Troubleshooting Issu

    Troubleshooting ISSU Failure to execute the issu load/issu run switchover/issu commit/install activate/install deactivate command Symptom The following commands cannot be executed: • issu commands—issu load, issu run switchover, and issu commit. • install commands—install activate and install deactivate. Solution To resolve this issue: Use the display device command to verify that all member devices are not in Fault state.
  • Page 130 # Display active software images. <Sysname> display install active Active packages on slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0201.bin Active packages on slot 2: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0201.bin # Identify the ISSU method to be used for the upgrade and view the possible impact of the upgrade. <Sysname>...

  • Page 131: Software Image Upgrade To An Incompatible Version

    # Perform a master/subordinate switchover. <Sysname> issu run switchover Upgrade summary according to following table: flash:/feature1-r0202.bin Running Version New Version Alpha 0201 Alpha 0202 Slot Switchover Way Active standby process switchover Upgrading software images to compatible versions. Continue? [Y/N]: y This operation might take several minutes, please wait...Done.
  • Page 132 Figure 44 Network diagram Master Subordinate (Member_ID=1) (Member_ID=2) Internet 1.1.1.1/24 2.2.2.2/24 Note: The orange line represents an IRF connection. TFTP server Upgrade procedure # Save the running configuration. <Sysname> save # Download the image file that contains the R0202 feature1 image from the TFTP server. <Sysname>...

  • Page 133: Software Image Rollback Example

    This operation will delete the rollback point information for the previous upgrade and maybe get unsaved configuration lost. Continue? [Y/N]:y Copying file flash:/feature1-r0202.bin to slot2#flash:/feature1-r0202.bin..Done. Upgrade summary according to following table: flash:/feature1-r0202.bin Running Version New Version Alpha 0201 Alpha 0202 Slot Upgrade Way Reboot...
  • Page 134 Figure 45 Network diagram Master Subordinate (Member_ID=1) (Member_ID=2) Internet 1.1.1.1/24 2.2.2.2/24 Note: The orange line represents an IRF connection. TFTP server Rollback procedure # Save the running configuration. <Sysname> save # Download the image file that contains the R0202 feature1 image from the TFTP server. <Sysname>...
  • Page 135 Influenced service according to following table on slot 1: flash:/feature1-r0202.bin feature1 Influenced service according to following table on slot 2: flash:/feature1-r0202.bin feature1 The output shows that an incremental upgrade is recommended, and the feature1 module will be rebooted during the upgrade process. # Upgrade feature1 on the subordinate member.

  • Page 136: Issu Examples For Using Install Commands

    This command will quit the ISSU process and roll back to the previous version. Continue? [Y/N]:Y # Verify that both members are running the old image. <Sysname> display install active Active packages on slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0201.bin Active packages on slot 2: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0201.bin...
  • Page 137 Active packages on slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0201.bin Active packages on slot 2: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0201.bin # Identify the ISSU methods for the upgrade and view the possible impact of the upgrade. <Sysname> install activate feature flash:/feature1-r0202.bin slot 2 test Copying file flash:/feature1-r0202.bin to slot2#flash:/feature1-r0202.bin..Done.

  • Page 138: Software Image Rollback Example

    Slot Upgrade Way Service Upgrade Upgrading software images to compatible versions. Continue? [Y/N]: y This operation might take several minutes, please wait...Done. <Sysname> install activate feature flash:/feature1-r0202.bin slot 1 Upgrade summary according to following table: flash:/feature1-r0202.bin Running Version New Version Alpha 0201 Alpha 0202 Slot...
  • Page 139 <Sysname> display install rollback Install rollback information 1 on slot 1: Updating from flash:/feature1-r0201.bin to flash:/feature1-r0202.bin. Install rollback information 2 on slot 2: Updating from flash:/feature1-r0201.bin to flash:/feature1-r0202.bin. # Roll back feature1 to R0201. <Sysname> install rollback to original # Display active software images. <Sysname>...

  • Page 140: Managing The Device

    CLI. For example, if the device name is Sysname, the user view prompt is <Sysname>. To configure the device name: Step Command Remarks Enter system view. system-view The default device name is HPE. Configure the device name. sysname sysname...

  • Page 141: Configuring The System Time

    If you configure the clock protocol none command together with the clock protocol ntp command, the device uses the NTP time source. Power cycling an HPE 5510 HI switch restores the default system time settings. Reconfigure the settings after the switch starts up.

  • Page 142: Enabling Displaying The Copyright Statement

    Enabling displaying the copyright statement When displaying the copyright statement is enabled, the device displays the copyright statement in the following situations: • When a Telnet or SSH user logs in. • After a console or modem dial-in user quits user view. This is because the device automatically tries to restart the console session.

  • Page 143: Configuration Procedure

    [System] header shell %Have a nice day.% • Multiline banner. A multiline banner can be up to 2000 characters. To input a multiline banner, use one of the following methods: Method 1—Press Enter after the last command keyword. At the system prompt, enter the ...

  • Page 144: Setting The Table Capacity Mode

    Setting the table capacity mode The switch supports multiple table capacity modes, as shown in Table 13. The table capacity mode determines the capacities of the MAC address table, ARP or ND table, MPLS incoming label mapping table, and VLAN mapping table. Table 13 Table capacities in different table capacity modes Table capacity mode MAC address table capacity...

  • Page 145: Configuration Guidelines

    • Power off and then power on the device. This method might cause data loss, and is the least-preferred method. Using the CLI, you can reboot the device from a remote host. Configuration guidelines When you schedule a reboot, follow these guidelines: •...

  • Page 146: Configuration Procedure

    • A schedule does not support user interaction. If a command requires a yes or no answer, the system always assumes that a Y or Yes is entered. If a command requires a character string input, the system assumes that either the default character string (if any) is entered, or a null string is entered.

  • Page 147: Schedule Configuration Example

    To configure a periodic schedule for the device: Step Command Remarks Enter system view. system-view Create a job. scheduler job job-name By default, no job exists. default, command assigned to a job. Assign a command to command id command You can assign multiple commands the job.
  • Page 148 Device GE1/0/1 GE1/0/2 PC 1 PC 2 Scheduling procedure # Enter system view. <Sysname> system-view # Configure a job for disabling interface GigabitEthernet 1/0/1. [Sysname] scheduler job shutdown-GigabitEthernet1/0/1 [Sysname-job-shutdown-GigabitEthernet1/0/1] command 1 system-view [Sysname-job-shutdown-GigabitEthernet1/0/1] command 2 interface gigabitethernet 1/0/1 [Sysname-job-shutdown-GigabitEthernet1/0/1] command 3 shutdown [Sysname-job-shutdown-GigabitEthernet1/0/1] quit # Configure a job for enabling interface GigabitEthernet 1/0/1.
  • Page 149 [Sysname] scheduler schedule STOP-pc1/pc2 [Sysname-schedule-STOP-pc1/pc2] job shutdown-GigabitEthernet1/0/1 [Sysname-schedule-STOP-pc1/pc2] job shutdown-GigabitEthernet1/0/2 [Sysname-schedule-STOP-pc1/pc2] time repeating at 18:00 week-day mon tue wed thu fri [Sysname-schedule-STOP-pc1/pc2] quit Verifying the scheduling # Display the configuration information of all jobs. [Sysname] display scheduler job Job name: shutdown-GigabitEthernet1/0/1 system-view interface GigabitEthernet 1/0/1 shutdown...
  • Page 150 shutdown-GigabitEthernet1/0/1 Successful shutdown-GigabitEthernet1/0/2 Successful # Display schedule log information. [Sysname] display scheduler logfile Logfile Size: 16054 Bytes. Job name : start-GigabitEthernet1/0/1 Schedule name : START-pc1/pc2 Execution time : Wed Sep 28 08:00:00 2011 Completion time : Wed Sep 28 08:00:02 2011 --------------------------------- Job output ----------------------------------- <Sysname>system-view System View: return to User View with Ctrl+Z.

  • Page 151: Disabling Password Recovery Capability

    Disabling password recovery capability Password recovery capability controls console user access to the device configuration and SDRAM from Boot ROM menus. If password recovery capability is enabled, a console user can access the device configuration without authentication to configure new passwords. If password recovery capability is disabled, console users must restore the factory-default configuration before they can configure new passwords.

  • Page 152: Setting The Port Status Detection Timer

    Setting the port status detection timer The device starts a port status detection timer when a port is shut down by a protocol. Once the detection timer expires, the device brings up the port so the port status reflects the port's physical status.
  • Page 153 Table 14 Memory alarm notifications and memory alarm-removed notifications Notification Triggering condition Remarks After generating and sending a minor alarm The amount of free memory notification, the system does not generate space decreases to or below the Minor alarm notification and send any additional minor alarm minor alarm threshold for the first notifications until the first minor alarm is...

  • Page 154: Configuring The Temperature Alarm Thresholds

    Step Command Remarks Critical alarm threshold—48 • Normal state threshold—128 • memory-threshold usage slot memory By default, the memory usage slot-number [ cpu cpu-number ] ] usage threshold. threshold is 100%. memory-threshold Configuring the temperature alarm thresholds The device monitors its temperature through temperature sensors, based on the following thresholds: •...

  • Page 155: Verifying And Diagnosing Transceiver Modules

    Step Command Remarks Enter system view. system-view By default, all USB interfaces are enabled. Before executing this command, use the Disable umount command to unmount all USB usb disable interfaces. partitions. For more information about this command, Fundamentals Command Reference. Verifying and diagnosing transceiver modules Verifying transceiver modules You can use one of the following methods to verify the genuineness of a transceiver module:...

  • Page 156: Specifying An Itu Channel Number For A Transceiver Module

    Specifying an ITU channel number for a transceiver module IMPORTANT: This feature is available for the HPE X130 10G SFP+ LC LH80 tunable Transceiver (JL250A) module in Release 1121 and later. ITU numbers and identifies fiber signals by wavelength and frequency. A transceiver module sends signals of a specific wavelength and frequency based on the specified ITU channel number.

  • Page 157: Displaying And Maintaining Device Management Configuration

    Display ITU channel information. display transceiver itu-channel interface This command is available for the HPE X130 interface-type interface-number 10G SFP+ LC LH80 tunable Transceiver [ supported-channel ] ] (JL250A) module in Release 1121 and later. display version Display system version information.

  • Page 159: Using Tcl

    Using Tcl Comware V7 provides a built-in tool command language (Tcl) interpreter. From user view, you can use the tclsh command to enter Tcl configuration view to execute the following commands: • Tcl 8.5 commands. • Comware commands. The Tcl configuration view is equivalent to the user view. You can use Comware commands in Tcl configuration view in the same way they are used in user view.
  • Page 160 • To execute multiple Comware commands in one operation: Enter multiple Comware commands separated by semi-colons to execute the commands in  the order they are entered. For example, ospf 100; area 0. Specify multiple Comware commands for the cli command, quote them, and separate them ...

  • Page 161: Using Python

    Using Python Comware V7 provides a built-in Python interpreter that supports the following items: • Python 2.7 commands. • Python 2.7 standard API. • Comware V7 extended API. For more information about the Comware V7 extended API, see "Comware V7 extended Python API."...

  • Page 162: Verifying The Configuration

    comware.Transfer('tftp', '192.168.1.26', 'main.cfg', 'flash:/main.cfg') comware.Transfer('tftp', '192.168.1.26', 'backup.cfg', 'flash:/backup.cfg') comware.CLI('startup saved-configuration flash:/main.cfg main ;startup saved-configuration flash:/backup.cfg backup') # Use TFTP to download the script to the device. <Sysname> tftp 192.168.1.26 get test.py # Execute the script. <Sysname> python flash:/test.py <Sysname>startup saved-configuration flash:/main.cfg main Please wait..

  • Page 163: Comware V7 Extended Python Api

    Comware V7 extended Python API The Comware V7 extended Python API is compatible with the Python syntax. Importing and using the Comware V7 extended Python API To use the Comware V7 extended Python API, you must import the API to Python. Use either of the following methods to import and use the Comware V7 extended Python API: Use import comware to import the entire API and use comware.API to execute an API.
  • Page 164 the commands used to enter the view. For example, you must enter ’system-view ;local-user test class manage’ to execute the local-user test class manage command. do_print: Specifies whether to output the execution result: True—Outputs the execution result. This value is the default. •...

  • Page 165: Transfer Class

    Transfer class Transfer Use Transfer to download a file from a server. Syntax Transfer(protocol=‘’, host=‘’, source=‘’, dest=‘’, vrf=‘’, login_timeout=10, user=‘’, password=‘’) Parameters protocol: Specifies the protocol used to download a file: • ftp—Uses FTP. • tftp—Uses TFTP. • http—Uses HTTP. host: Specifies the IP address of the remote server.

  • Page 166: Api Get_Self_Slot

    <Sysname> python Python 2.7.3 (default, May 24 2014, 14:37:26) [GCC 4.4.1] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import comware >>> c = comware.Transfer('tftp', '1.1.1.1', 'test.cfg', 'flash:/test.cfg', user='', password='') >>> c.get_error() Sample output 'Timeout was reached' API get_self_slot get_self_slot Use get_self_slot to get the member ID of the master device.
  • Page 167 Examples # Get the member IDs of all subordinate devices. <Sysname> python Python 2.7.3 (default, May 24 2014, 14:37:26) [GCC 4.4.1] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import comware >>> comware.get_standby_slot() Sample output...

  • Page 168: Using Automatic Configuration

    Using automatic configuration Overview With the automatic configuration feature, the device can automatically obtain a set of configuration settings when it starts up without a configuration file. This feature simplifies network configuration and maintenance. Automatic configuration applies to scenarios that have the following characteristics: •...

  • Page 169: Configuring The File Server

    Configuring the file server For devices to obtain configuration information from a TFTP server, start TFTP service on the file server. For devices to obtain configuration information from an HTTP server, start HTTP service on the file server. Preparing the files for automatic configuration The device can use a script file or configuration file for automatic configuration.

  • Page 170: Configuring The Dhcp Server

    • For the other devices, create a separate script file for each of them. Configuring the DHCP server The DHCP server assigns the following items to devices that need to be automatically configured: • IP addresses. • Paths of the configuration files or scripts. Configuration guidelines When you configure the DHCP server, follow these guidelines: •...

  • Page 171: Configuring The Dns Server

    Configuring the DHCP server when a TFTP file server is used Step Command Remarks Enter system view. system-view Enable DHCP. dhcp enable By default, DHCP is disabled. Create a DHCP address By default, no DHCP address dhcp server ip-pool pool-name pool and enter its view.

  • Page 172: Selecting The Interfaces Used For Automatic Configuration

    Selecting the interfaces used for automatic configuration For fast automatic device configuration, connect only the management Ethernet interface on each device to the network. Starting and completing automatic configuration Power on the devices to be automatically configured. If a device does not find a next-start configuration file locally, it starts the automatic configuration process to obtain a configuration file.
  • Page 173 Figure 51 Network diagram Switch A DHCP server TFTP server Vlan-int2 GE1/0/1 192.168.1.40/24 192.168.1.42/24 Vlan-int2 Vlan-int2 GE1/0/3 GE1/0/3 Switch B Switch C 192.168.1.41/24 192.168.1.43/24 DHCP relay agent DHCP relay agent GE1/0/1 GE1/0/2 GE1/0/2 GE1/0/1 Vlan-int3 Vlan-int3 Switch G Switch D Switch E Switch F 192.168.2.1/24...

  • Page 174: Enable Dhcp

    [SwitchA] dhcp server ip-pool rd [SwitchA-dhcp-pool-rd] network 192.168.3.0 24 [SwitchA-dhcp-pool-rd] tftp-server ip-address 192.168.1.40 [SwitchA-dhcp-pool-rd] gateway-list 192.168.3.1 [SwitchA-dhcp-pool-rd] bootfile-name rd.cfg [SwitchA-dhcp-pool-rd] quit # Configure static routes to the DHCP relay agents. [SwitchA] ip route-static 192.168.2.0 24 192.168.1.41 [SwitchA] ip route-static 192.168.3.0 24 192.168.1.43 [SwitchA] quit Configure the gateway Switch B: # Create VLAN interfaces and assign IP addresses to the interfaces.
  • Page 175 [SwitchC-Vlan-interface3] quit # Enable DHCP. [SwitchC] dhcp enable # Enable the DHCP relay agent on VLAN-interface 3. [SwitchC] interface vlan-interface 3 [SwitchC-Vlan-interface3] dhcp select relay # Specify the DHCP server address. [SwitchC-Vlan-interface3] dhcp relay server-address 192.168.1.42 Configure the TFTP server: # On the TFTP server, create the configuration file market.cfg.
  • Page 176 interface Vlan-interface3 ip address dhcp-alloc quit interface gigabitethernet1/0/1 port access vlan 3 quit user-interface vty 0 4 authentication-mode scheme user-role network-admin return # Start TFTP service software, and specify the folder where the two configuration files reside as the working directory. (Details not shown.) # Verify that the TFTP server and DHCP relay agents can reach each other.

  • Page 177: Automatic Configuration Using Http Server And Tcl Script

    Automatic configuration using HTTP server and Tcl script Network requirements As shown in Figure 52, Switch A does not have a configuration file. Configure the servers so Switch A can obtain a Tcl script to complete the following configuration tasks: •...

  • Page 178: Automatic Configuration Using Http Server And Python Script

    return # Start HTTP service software and enable HTTP service. (Details not shown.) Verifying the configuration Power on Switch A. After Switch A starts up, display assigned IP addresses on Device A. <DeviceA> display dhcp server ip-in-use IP address Client identifier/ Lease expiration Type Hardware address...

  • Page 179: Automatic Irf Setup

    Configure the HTTP server: # Create the configuration file device.py on the HTTP server. #!usr/bin/python import comware comware.CLI(‘system-view ;telnet server enable ;local-user user ;password simple abcabc ;service-type telnet ;quit ;user-interface vty 0 4 ;authentication-mode scheme ;user-role network-admin ;quit ;interface gigabitethernet 1/0/1 ;port link-mode route ;ip address dhcp-alloc ;return’) # Start HTTP service software and enable HTTP service.
  • Page 180 Configuration procedure Assign IP addresses to the interfaces. Make sure the devices can reach each other. (Details not shown.) Configure the following files on the HTTP server: File Content Remarks You can create a configuration file by copying modifying .cfg configuration file Commands required for IRF setup.
  • Page 181 [DeviceA-dhcp-pool-1] quit Power on Switch A and Switch B. Switch A and Switch B will obtain the Python script file from the DHCP server and execute the script. After completing the IRF configuration, Switch A and Switch B reboot. After Switch A and Switch B start up again, use a cable to connect Switch A and Switch B through their IRF physical ports.

  • Page 182: Document Conventions And Icons

    Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown.

  • Page 183: Network Topology Icons

    Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 184: Support And Other Resources

    Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...

  • Page 185: Websites

    For more information and device support details, go to the following website: www.hpe.com/info/insightremotesupport/docs Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,...
  • Page 186 part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.

  • Page 187: Index

    Index Python extended API import, archiving configuration archive, RBAC AAA authorization, configuration archive parameters, RBAC default user role, configuration archiving (automatic), RBAC local AAA authentication user running configuration (manual), configuration, argument (CLI string/text type), RBAC non-AAA authorization, ASCII transfer mode, RBAC user role local AAA authentication, assigning RBAC user role non-AAA authentication,...
  • Page 188 login management command authorization, startup image file specification, 39, 40 startup image file specification (in bulk), login management user access control, startup image file specification (one by one), RBAC temporary user role authorization, BootWare auto software upgrade image type, 102, 102 automatic configuration archiving, software upgrade methods, configuration.
  • Page 189 Python extended API functions (CLI class), Python extended API, Python extended API functions, return to upper-level view from any view, Python extended API import, return to user view, Python language use, 153, 153 running configuration save, software upgrade Boot image type, software upgrade, software upgrade feature image, string/text type argument value,...
  • Page 190 CWMP, RBAC user role VLAN policy, device airflow direction, 143, 143 RBAC user role VPN instance policy, device as IPv4 TFTP client, TFTP, device as IPv6 TFTP client, console device banner, 134, 134, 135, 135 login management CLI AUX common user line settings, device CPU usage monitoring, 144, 144...
  • Page 191 detecting FTP server directory management, device port status detection timer, 144, 144 FTP server files, device FTP user account change, automatic configuration, 160, 160 IPv4 TFTP client configuration, automatic configuration (DHCP server), IPv6 TFTP client configuration, automatic configuration (DNS server), ISSU install series commands, 128, 128 automatic configuration (HTTP server+Python...
  • Page 192 transceiver module verification, 147, 147, 147, automatic configuration, USB interface disable, 146, 146 automatic configuration (DNS server), DHCP automatic configuration start, automatic configuration, DSL network automatic configuration (DHCP server), CWMP configuration, automatic configuration (HTTP server+Python script), editing command line, automatic configuration (HTTP server+Tcl script), emergency shell automatic configuration (IRF setup),...
  • Page 193 deleting from recycle bin, CLI display command output, deletion, FIPS compliance device configuration startup file selection, configuration file, File Transfer Protocol. Use login management, FTP server files, RBAC, information display, format ISSU IPE file decompressing, configuration file, 90, 91 management, file name, file system storage media formatting, moving,...
  • Page 194 HTTP ISSU patch image uninstall, automatic configuration (HTTP server+Python ISSU software configuration rollback, script), ISSU software image installation, automatic configuration (HTTP server+Tcl ISSU software image upgrade, script), installing, 117, See also install series commands automatic configuration (IRF setup), ISSU patch installation, ISSU HTTP feature compatible upgrade (issu ISSU software images (install series commands), series commands),...
  • Page 195 software upgrade startup image file device transceiver module ITU channel number, specification (in bulk), software upgrade startup image file specification (one by one), ISSU command hotkey, Boot ROM image preload, keyword alias configuration (CLI), command series, displaying, feature uninstall (install series commands), device management, HTTP feature compatible upgrade (issu series legal banner type,...
  • Page 196 login management Telnet login scheme CLI login, authentication, device management configuration, 149, 149 login management Telnet server login, FTP connection, login management VTY common line settings, ISSU, software upgrade image settings, login managing device banner login type, 134, 134 CLI display command output, login management configuration files, CLI access,...
  • Page 197 device transceiver module ITU channel number, ISSU (install series commands), device transceiver module verification, 147, 147, ISSU (issu series commands), 147, 147 ISSU methods, device USB interface disable, 146, 146 multiple-line banner input mode, 134, 134 file system directory management, file system file management, naming file system storage media management,...
  • Page 198 login management SNMP access control, ISSU HTTP feature upgrade (install series commands), 128, 128 login management SSH device as server, ISSU install series commands, 128, 128 login management SSH login control, ISSU issu series commands, login management Telnet login control, ISSU methods, non-ISSU software upgrade, ISSU performance by issu series commands,...
  • Page 199 storage media USB disk, RBAC VPN instance access policy, passive port FTP passive (PASV) operating mode, device status detection timer, 144, 144 password preloading device password recovery capability disable, Boot ROM image, 143, 143 preparing login management CLI authentication mode, ISSU, software upgrade (non-ISSU), login management CLI console or AUX...
  • Page 200 configuring FTP basic server parameters, configuring RBAC user role interface policy, configuring FTP client (centralized IRF configuring RBAC user role rules, device), configuring RBAC user role VLAN policy, configuring FTP server (centralized IRF configuring RBAC user role VPN instance policy, device), configuring FTP server local authentication, controlling CLI output,...
  • Page 201 entering CLI string/text type argument value, performing ISSU HTTP feature upgrade (install series commands), 128, 128 entering Python shell, performing ISSU install series commands, 128, entering system view from user view, establishing FTP client connection, performing ISSU issu series commands, executing Python script, preloading Boot ROM image, executing Tcl configuration view Comware...
  • Page 202 troubleshooting RBAC login attempts by local AAA authentication user configuration, RADIUS users fail, non-AAA authorization, understanding CLI command-line error permission assignment, message, predefined user roles, uninstalling ISSU feature (install series RADIUS authentication user configuration, commands), resource access policies, 45, 49 uninstalling ISSU patch images (install series rule configuration restrictions, commands),...
  • Page 203 file system mount/unmount, device, file system storage media USB disk, encryption, RBAC rule configuration, rollback, Tcl, saving (fast mode), 93, 93 unmounting file system storage media, saving (safe mode), 93, 93 returning to upper-level view from any view, safe saving running configuration, 93, 93 to user view, saving...
  • Page 204 RBAC local AAA authentication user single-line banner input mode, 134, 134 configuration, SNMP RBAC permission assignment, access control, 37, 38 RBAC RADIUS authentication user access management overview, configuration, device access, RBAC resource access policies, SNMPv1 RBAC temporary user role authorization, login management SNMP device access, SNMPv2 RBAC temporary user role authorization...
  • Page 205 ISSU software configuration rollback (install USB disk partition, series commands), string type argument value, ISSU software image (install series system commands), software upgrade Comware feature image, ISSU software image upgrade (install series software upgrade Comware image loading, commands), software upgrade Comware image redundancy, methods, non-ISSU upgrade, software upgrade Comware patch image,...
  • Page 206 configuration file formats, ISSU HTTP feature compatible upgrade (issu series commands), configuration file main next-startup file backup, ISSU HTTP feature incompatible upgrade (issu series commands), configuration file main next-startup file restore, ISSU HTTP feature rollback (install series commands), 130, 130 configuration file management, ISSU HTTP feature rollback (issu series configuration file next-startup file delete,...
  • Page 207 login management SSH server login, device as FTP client, login management Telnet login, device as FTP server, login management Telnet login control, FTP client connection establishment, login management Telnet login device FTP configuration, configuration, IPv4 TFTP client configuration, login management Telnet login max number IPv6 TFTP client configuration, concurrent users, TFTP configuration,...
  • Page 208 Python extended API functions (Transfer RBAC temporary user role authorization class), (HWTACACS authentication), Trivial File Transfer Protocol. Use TFTP RBAC temporary user role authorization (RADIUS authentication), troubleshooting RBAC user role assignment, 46, 51 FTP connection, RBAC user role authentication, ISSU, RBAC user role creation, ISSU failure to execute, RBAC user role interface policy,...
  • Page 209 working with FTP server files,...

Table of Contents

Save PDF