HP 5920 & 5900 Switch Series Fundamentals Configuration Guide Part number: 5998-5302a Software version: Release 23xx Document version: 6W101-20150320...
Page 2
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
Contents Using the CLI ································································································································································ 1 CLI views ············································································································································································ 1 Entering system view from user view ······················································································································ 2 Returning to the upper-level view from any view ·································································································· 2 Returning to user view ·············································································································································· 2 Accessing the CLI online help ·········································································································································· 2 ...
Page 4
Controlling user access ·············································································································································· 40 FIPS compliance ····························································································································································· 40 Controlling Telnet/SSH logins ······································································································································ 40 Configuration procedures ····································································································································· 40 Configuration example ········································································································································· 41 Controlling SNMP access·············································································································································· 41 Configuration procedure ······································································································································ 41 Configuration example ········································································································································· 42 ...
Page 5
FTP server configuration example ························································································································ 73 Using the device as an FTP client ································································································································· 75 Establishing an FTP connection ···························································································································· 75 Managing directories on the FTP server ············································································································· 76 Working with files on the FTP server ··················································································································· 76 ...
Page 6
Configuring configuration archive parameters ·································································································· 96 Enabling automatic configuration archiving ······································································································· 96 Manually archiving the running configuration ··································································································· 97 Rolling back configuration···································································································································· 97 Specifying a next-startup configuration file ················································································································· 98 Backing up the main next-startup configuration file to a TFTP server ······································································· 98 ...
Page 7
Software image upgrade example ···················································································································· 127 Software image rollback example ····················································································································· 129 Using the emergency shell ······································································································································ 131 Managing the file system ············································································································································ 131 Obtaining a system image from an FTP/TFTP server ······························································································· 132 Configuring the management Ethernet port······································································································ 132 ...
Page 8
Automatic configuration using HTTP server and Python script ······································································· 176 Automatic IRF setup ············································································································································· 177 Support and other resources ·································································································································· 181 Contacting HP ······························································································································································ 181 Subscription service ············································································································································ 181 Related information ······················································································································································ 181 Documents ···························································································································································· 181 ...
Using the CLI At the command-line interface (CLI), you can enter text commands to configure, manage, and monitor your device. Figure 1 CLI example You can use different methods to log in to the CLI, including through the console port, Telnet, and SSH. For more information about login methods, see "Login overview."...
Enter system view. The system view prompt is [Device-name]. • In system view, you can do the following: Configure global settings (such as the daylight saving time, banners, and hotkeys) and some • functions. Enter different function views. For example, you can enter interface view to configure interface •...
Enter a space and a question mark after a command keyword to display all available, subsequent • keywords and arguments. If the question mark is in the place of a keyword, the CLI displays all possible keywords, each with a brief description. For example: <Sysname>...
Use abbreviated keywords or keyword aliases. • Editing a command line To edit a command line, use the keys listed in Table 1 or the hotkeys listed in Table 2. When you are finished, you can press Enter to execute the command. Table 1 Command line editing keys Keys Function...
saved-configuration and system-view. To enter the command system-view, you only need to type sy. To enter the command startup saved-configuration, type st s. You can also press Tab to complete an incomplete keyword. Configuring and using command keyword aliases The command keyword alias function allows you to replace the first keyword of a non-undo command or the second keyword of an undo command with your preferred keyword when you execute the command.
Step Command Remarks Enter system view. system-view By default: • Ctrl+G is assigned the display current-configuration command. • Ctrl+L is assigned the display ip Assign a command hotkey { ctrl_g | ctrl_l | ctrl_o | routing-table command. to a hotkey. ctrl_t | ctrl_u } command •...
To enable redisplaying entered-but-not-submitted commands: Step Command Remarks Enter system view. system-view By default, the system does not redisplay entered-but-not-submitted commands. Enable redisplaying entered-but-not-submit info-center synchronous For more information about this command, see ted commands. Network Management and Monitoring Command Reference. Understanding command-line error messages After you press Enter to submit a command, the command line interpreter examines the command syntax.
Command history buffer for all Item Command history buffer for a user line user lines How to view buffered Use the display history-command all Use the display history-command command. commands? command. • In Windows 200x or Windows XP HyperTerminal or Telnet, use the up or down arrow key (↑...
Output controlling keys Keys Function Space Displays the next screen. Enter Displays the next line. Ctrl+C Stops the display and cancels the command execution. <PageUp> Displays the previous page. <PageDown> Displays the next page. Disabling pausing between screens of output To disable pausing between screens of output, execute the following command in user view: Task Command...
Ten-GigabitEthernet1/0/1 Filtering the output from a display command You can use the | { begin | exclude | include } regular-expression option to filter the display command output: begin—Displays the first line matching the specified regular expression and all subsequent lines. •...
Page 19
Characters Meaning Examples "[^16A]" matches a string that contains at least one character other than 1, 6, or A, such as "abc". Matches a single character that is not A match can also contain 1, 6, or A (such as in the brackets.
line class vty user-role network-operator line aux 0 user-role network-admin line vty 0 63 authentication-mode scheme user-role network-operator ssh server enable return # Use | exclude Direct in the display ip routing-table command to filter out direct routes and display only non-direct routes.
For example: # Save the VLAN 1 settings to a separate file named vlan.txt. <Sysname> display vlan 1 > vlan.txt # Verify whether the VLAN 1 settings are saved to file vlan.txt. <Sysname> more vlan.txt VLAN ID: 1 VLAN type: Static Route interface: Not configured Description: VLAN 0001 Name: VLAN 0001...
To use multiple measures to view and manage the output from a display command effectively, execute the following command in any view: Task Command View and manage the output from a display command [ | [ by-linenum ] { begin | exclude | include } display command effectively.
Login overview The first time you access the device, you can log in to the CLI through the console port. After login, you can change console login parameters or configure other access methods, including Telnet, SSH, modem, and SNMP. Telnet login is not supported in FIPS mode. Table 6 Login methods at a glance Login method Default settings and minimum configuration requirements...
Stop bits—1 Data bits—8 Power on the device and press Enter as prompted. The default user view prompt <HP> appears. Y ou can enter commands to configure or manage the device. To get help, enter ?. Cryptographic Algorithms Tests passed.
Page 25
Press ENTER to get started. <HP>%Sep 24 09:48:54:109 2014 HP SHELL/4/LOGIN: Console login from aux0 <HP>...
Logging in to the CLI By default, you can log in to the CLI through the console port. After you log in, you can configure other login methods, including Telnet, SSH, and modem dial-in. To prevent illegal access to the CLI and control user behavior, you can configure login authentication, assign user roles, configure command authorization and command accounting, and use ACLs to filter unauthorized logins.
A relative number uniquely identifies a user line among all user lines that are the same type. The number format is user line type + number. All the types of user lines are numbered starting from 0 and incrementing by 1. For example, the first VTY line is VTY 0. Login authentication modes You can configure login authentication to prevent illegal access to the device CLI.
Telnet login is not supported in FIPS mode. Logging in through the console port locally You can connect a terminal to the console port of the device to log in and manage the device, as shown Figure 4. For the login procedure, see "Logging in through the console port for the first device access."...
Step Command Remarks Disable By default, authentication is disabled for the authentication-mode none authentication. AUX line. Assign a user By default, an AUX line user is assigned the user-role role-name role. user role network-admin. The next time you attempt to log in through the console port, you do not need to provide any username or password.
Step Command Remarks Use either command. A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. A non-default setting in either view takes •...
Page 31
Step Command Remarks Use either command. A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. A non-default setting in either view takes •...
Remarks By default, the terminal display type is ANSI. The device supports two terminal display types: ANSI and VT100. HP recommends Specify the that you set the display type to VT100 on terminal display terminal type { ansi | vt100 } both the device and the configuration type.
Page 33
Task Remarks (Optional.) Setting the maximum number of concurrent Telnet users (Optional.) Setting the DSCP value for outgoing Telnet packets (Optional.) Configuring common VTY line settings The Telnet login configuration is effective only for users who log in after the configuration is completed. Disabling authentication for Telnet login Step Command...
Page 34
Figure 5 Telnetting to the device without authentication Configuring password authentication for Telnet login Step Command Remarks Enter system view. system-view By default, the Telnet server function is Enable Telnet server. telnet server enable disabled. Use either command. A setting in user line view is applied only to the user line.
Page 35
The next time you attempt to Telnet to the device, you must provide the configured login password, as shown in Figure 6. If the maximum number of login users has been reached, your login attempt fails and the message "All user lines are used, please try later!" appears. Figure 6 Password authentication interface for Telnet login Configuring scheme authentication for Telnet login Step...
Page 36
To use scheme authentication, you must also complete the following tasks: • Configure login authentication methods in ISP domain view. To use remote authentication, configure the scheme to be used. • To use local authentication, configure a local user and the relevant attributes. •...
Page 37
Configuring common VTY line settings For a VTY line, you can specify a command that is to be automatically executed when a user logs in. After executing the specified command and performing the incurred task, the system automatically disconnects the Telnet session. Before you configure this function and save the configuration, make sure you can access the CLI through a different user line.
Step Command Remarks Set the size of history-command max-size By default, the buffer saves 10 history command history value commands. buffer. By default, the session idle timeout is 10 minutes for all user lines. If there is no interaction between the device and Set the session idle idle-timeout minutes the user within the idle timeout, the system...
Step Command Remarks • Log in to an IPv4 Telnet server: telnet remote-host [ service-port ] [ vpn-instance vpn-instance-name ] [ source { interface interface-type interface-number | ip ip-address } ] [ dscp dscp-value ] Use the device to log in to Use either command.
Page 40
Step Command Remarks • In non-FIPS mode: ssh user username service-type stelnet authentication-type { password | { any | password-publickey | (Optional.) Create an publickey } assign SSH user and specify By default, no SSH user is configured on the publickey keyname } the authentication device.
Step Command Remarks In non-FIPS mode, Telnet and SSH are supported by default. In FIPS mode, SSH is supported by default. This configuration takes effect only for users who log in to the user lines after the configuration is completed. •...
To work with the SSH server, you might need to configure the SSH client. For information about configuring the SSH client, see Security Configuration Guide. Logging in through a pair of modems You can use a pair of modems to remotely connect to the console port of the device over PSTN when the IP network connection is broken.
Page 43
Figure 11 Creating a connection Figure 12 Configuring the dialing parameters Dial the telephone number to establish a connection to the device.
Page 44
Figure 13 Dialing the number After you hear the dial tone, press Enter as prompted. If the authentication mode is none, the prompt <HP> appears. If the authentication mode is password or scheme, you must enter the correct authentication information as prompted.
Displaying and maintaining CLI login Execute display commands in any view and the other commands in user view. Task Command Remarks Display online CLI user display users [ all ] information. Display user line display line [ num1 | { aux | vty } information.
Accessing the device through SNMP You can run SNMP on an NMS to access the device MIB and perform Get and Set operations to manage and monitor the device. Figure 15 SNMP access diagram Get/Set requests Get/Set responses Agent and Traps The device supports SNMPv1, SNMPv2c, and SNMPv3, and can work with various network management software products, including IMC.
Controlling user access Use ACLs to prevent unauthorized access and configure command authorization and accounting to monitor and control user behavior. For more information about ACLs, see ACL and QoS Configuration Guide. FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode.
Configuration example Network requirements Configure the device in Figure 16 to permit only Telnet packets sourced from Host A and Host B. Figure 16 Network diagram Configuration procedure # Configure an ACL to permit packets sourced from Host A and Host B. <Sysname>...
Figure 17 Network diagram Configuration procedure # Create an ACL to permit packets sourced from Host A and Host B. <Sysname> system-view [Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit # Associate the ACL with the SNMP community and the SNMP group.
Step Command Remarks Use either command. A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. A non-default setting in either view takes •...
Page 53
Figure 18 Network diagram Configuration procedure # Assign IP addresses to relevant interfaces and make sure the device and the HWTACACS server can reach each other and the device and Host A can reach each other. (Details not shown.) # Enable the Telnet server. <Device>...
[Device-luser-manage-admin] password cipher 123 [Device-luser-manage-admin] service-type telnet [Device-luser-manage-admin] authorization-attribute user-role level-1 Configuring command accounting Command accounting allows the HWTACACS server to record all executed commands that are supported by the device, regardless of the command execution result. This function helps control and monitor user behavior on the device.
Step Command Remarks By default, authentication is disabled for AUX lines, and password authentication is enabled for VTY lines. In VTY line view, this command is associated with the protocol inbound command: Enable scheme • If the setting of either command is not authentication-mode scheme authentication.
Page 56
Figure 19 Network diagram Configuration procedure # Enable the Telnet server. <Device> system-view [Device] telnet server enable # Enable command accounting for user line AUX 0. [Device] line aux 0 [Device-line-aux0] command accounting [Device-line-aux0] quit # Enable command accounting for user lines VTY 0 through VTY 63. [Device] line vty 0 63 [Device-line-vty0-63] command accounting [Device-line-vty0-63] quit...
Configuring RBAC Overview Role-based access control (RBAC) controls user access to items and system resources based on user roles. In this chapter, items include commands and XML elements, and system resources include interfaces, VLANs, and VPN instances. On devices that support multiple users, RBAC is used to assign access permissions to user roles that are created for different job functions.
Page 59
Write—Commands and XML elements that configure the features in the system. For example, the • info-center enable command and the debugging command. Execute—Commands and XML elements that execute specific functions. For example, the ping • command and the ftp command. A user role can access the set of permitted commands and XML elements specified in its rules.
User role name Permissions • level-0—Has access to diagnostic commands, including ping, quit, ssh2, super, system-view, telnet, and tracert. Level-0 access rights are configurable. • level-1—Has access to the display commands (except display history-command all) of all features and resources in the system, in addition to all access rights of the user role level-0.
If the user passes remote authorization, the remote AAA server assigns the user roles specified on the server. The AAA server can be a RADIUS or HWTACACS server. Non-AAA authorization—If the user uses password authentication or no authentication, the device •...
Step Command Remarks (Optional.) Configure a By default, a user role does not have a description for the user description text description. role. Configuring user role rules You can configure user role rules to permit or deny the access of a user role to specific commands and XML elements.
Step Command Remarks • Configure a command rule: rule number { deny | permit } By default, a user-defined user role command command-string does not have any rules or access to • Configure a feature rule: any commands or XML elements. rule number { deny | permit } Repeat this step to add a maximum of { execute | read | write } * feature...
Configuring the interface policy of a user role Step Command Remarks Enter system view. system-view Enter user role view. role name role-name By default, the interface policy of the user role permits access to all interfaces. Enter user role interface interface policy deny policy view.
Step Command Remarks By default, the VPN instance policy of the user role permits access to all VPNs. Enter user role VPN vpn-instance policy deny This command denies the access of the instance policy view. user role to all VPNs if the permit vpn-instance command is not configured.
If the AAA server assigns the security-audit user role and other user roles to the same user, only the security-audit user role takes effect. NOTE: To be compatible with privilege-based access control, the device automatically converts privilege-based • user levels (0 to 15) assigned by an AAA server to RBAC user roles (level-0 to level-15). If the AAA server assigns a privilege-based user level and a user role to a user, the user can use the •...
Step Command Remarks Enter system view. system-view • Enter user line view: For information about the priority line { first-num1 [ last-num1 ] | order and application scope of the { aux | vty } first-num2 Enter user line view or use configurations in user line view and [ last-num2 ] } line class view.
Table 10 User role authentication modes Keywords Authentication mode Description The device uses the locally configured password for authentication. Local password authentication only local If no local password is configured for a user role in this (local-only) mode, an AUX user can obtain the user role authorization by either entering a string or not entering anything.
Obtaining temporary user role authorization AUX, or VTY users must pass authentication before they can use a user role that is not included in the user account they are logged in with. Perform the following task in user view: Task Command Remarks The operation fails after three consecutive unsuccessful...
Page 70
Configuration procedure # Assign an IP address to VLAN-interface 2 (the interface connected to the Telnet user). <Switch> system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Enable Telnet server. [Switch] telnet server enable # Enable scheme authentication on the user lines for Telnet users. [Switch] line vty 0 63 [Switch-line-vty0-63] authentication-mode scheme [Switch-line-vty0-63] quit...
# Verify that you can create VLANs 10 to 20. This example uses VLAN 10. <Switch> system-view [Switch] vlan 10 [Switch-vlan10] quit # Verify that you cannot create any VLANs other than VLANs 10 to 20. This example uses VLAN 30. [Switch] vlan 30 Permission denied.
Page 72
Configuration procedure Make sure the settings on the switch and the RADIUS server match. Configure the switch: # Assign VLAN-interface 2 an IP address from the same subnet as the Telnet user. <Switch> system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Assign VLAN-interface 3 an IP address from the same subnet as the RADIUS server.
Page 73
# Configure rule 2 to permit the user role to use the read and write commands of all features in fgroup1. [Switch-role-role2] rule 2 permit read write feature-group fgroup1 # Configure rule 3 to disable access to the read commands of the acl feature. [Switch-role-role2] rule 3 deny read feature acl # Configure rule 4 to permit the user role to create VLANs and use all commands available in VLAN view.
[Switch] vlan 10 [Switch-vlan10] quit [Switch] vlan 30 Permission denied. # Verify that you cannot configure any interface except Ten-GigabitEthernet 1/0/1 to Ten-GigabitEthernet 1/0/20. Take Ten-GigabitEthernet 1/0/2 and Ten-GigabitEthernet 1/0/22 as examples. [Switch] vlan 10 [Switch-vlan10] port ten-gigabitethernet 1/0/2 [Switch-vlan10] port ten-gigabitethernet 1/0/22 Permission denied.
Page 75
# Enable Telnet server. [Switch] telnet server enable # Enable scheme authentication on the user lines for Telnet users. [Switch] line vty 0 63 [Switch-line-vty0-63] authentication-mode scheme [Switch-line-vty0-63] quit # Enable remote-then-local authentication for temporary user role authorization. [Switch] super authentication-mode scheme local # Create the HWTACACS scheme hwtac and enter its view.
Page 76
Access the Advanced TACACS+ Settings page. Select Level 3 for the Max Privilege for any AAA Client option. Select the Use separate password option, and specify enabpass as the password. Figure 23 Configuring advanced TACACS+ settings Verifying the configuration Telnet to the switch, and enter the username test@bbb and password aabbcc to access the switch. Verify that you have access to diagnostic commands.
<Switch>? User view commands: ping Ping function quit Exit from current command view ssh2 Establish a secure shell client connection super Switch to a user role system-view Enter the System View telnet Establish a telnet connection tracert Tracert function <Switch> Obtain the level-3 user role: # Use the super password to obtain the level-3 user role.
If the problem persists, contact HP Support. Login attempts by RADIUS users always fail Symptom Attempts by a RADIUS user to log in to the network access device always fail, even though the following conditions exist: The network access device and the RADIUS server can communicate with one another.
Configuring FTP File Transfer Protocol (FTP) is an application layer protocol based on the client/server model. It is used to transfer files from one host to another over an IP network. FTP server uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959.
Configuring basic parameters Step Command Remarks Enter system view. system-view Enable the FTP server. ftp server enable By default, the FTP server is disabled. (Optional.) Use an ACL to ftp server acl { acl-number | By default, no ACL is used for access control access to the FTP ipv6 acl-number6 } control.
The following authorization modes are available: • Local authorization—The device assigns authorized directories to FTP clients based on the locally configured authorization attributes. Remote authorization—A remote authorization server assigns authorized directories on the device • to FTP clients. For information about configuring authentication and authorization, see Security Configuration Guide. Manually releasing FTP connections Task Command...
Page 82
Configuration procedure Configure IP addresses as shown in Figure 25, and make sure the IRF fabric and the PC can reach each other. (Details not shown.) Configure the FTP server: # Examine the storage space on the member devices. If the free space is insufficient, use the delete/unreserved file-url command to delete unused files.
Using the device as an FTP client Establishing an FTP connection To access the FTP server, you must establish a connection from the FTP client to the FTP server. To establish an IPv4 FTP connection: Step Command Remarks Enter system view. system-view By default, no source IP (Optional.) Specify a source...
Step Command Remarks • Log in to the FTP server directly in user view: ftp ipv6 ftp-server [ service-port ] [ vpn-instance vpn-instance-name ] [ dscp dscp-value | source { interface Use either method. interface-type interface-number The source IP address specified in | ipv6 source-ipv6-address } ] * Log in to the FTP server.
To work with files on an FTP server, execute the following commands in FTP client view: Task Command Remarks • Display the detailed information of a directory or file on the FTP server: dir [ remotefile Display directory or file [ localfile ] ] information on the FTP server.
Maintaining and troubleshooting the FTP connection Task Command Remarks Display FTP commands on the FTP rhelp server. Display FTP commands help information rhelp protocol-command on the FTP server. Display FTP server status. rstatus Display detailed information about a rstatus remotefile directory or file on the FTP server.
Task Command Display source IP address display ftp client source information on the FTP client FTP client configuration example Network requirements • Use the IRF fabric that comprises two member devices as the FTP client and the PC as the FTP server. Log in to the FTP server from the FTP client using the user account with username abc and password •...
Page 88
# Download the file temp.bin from the PC to the Flash root directory of the master device. ftp> get temp.bin 227 Entering Passive Mode (10.1.1.1,17,5) 150 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\temp.bin" file ready to s end (53 bytes) in IMAGE / Binary mode 226 Transfer finished successfully.
Configuring TFTP Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for data transmission. In contrast to TCP-based FTP, TFTP does not require authentication or complex message exchanges, and is easier to deploy. TFTP is suited for reliable network environments.
Step Command Remarks The source IP address specified in this command tftp tftp-server { get | put | sget } takes precedence over the source-filename [ destination-filename ] Download or upload a file one set by the tftp client [ vpn-instance vpn-instance-name ] [ dscp in an IPv4 network.
Managing the file system This chapter describes how to manage the device's file system, including the storage media, directories, and files. IMPORTANT: Before managing storage media, files, and directories, make sure you know the possible impacts. • A file or directory whose name starts with a period (.) is considered a hidden file or directory. Do not •...
Format Description Example Specifies a file in a specific folder in the • test/a.cfg indicates a file named a.cfg current working directory. in the test folder in the current working The path argument represents the path directory. to the file. If the file is in a single-level [path/]file-name •...
Renaming a file Perform this task in user view. Task Command Rename a file. rename fileurl-source fileurl-dest Copying a file Perform this task in user view. Task Command Copy a file. copy fileurl-source fileurl-dest Moving a file Perform this task in user view. Task Command Move a file.
Calculating the digest of a file The digest of a file can be used to verify file integrity. For example, you can calculate a software image file's digest and compare it with the digest on the HP website. Perform this task in user view.
Managing directories CAUTION: To avoid file system corruption, do not install or remove storage media or perform master/subordinate switchover during directory operations. You can create or remove a directory, display or change the current working directory, and display a specific directory. Before you create or remove a directory on a USB disk, make sure the disk is not write protected.
Removing a directory To remove a directory, you must delete all files and subdirectories in this directory. To delete a file, use the delete command. To delete a subdirectory, use the rmdir command. Removing a directory permanently deletes all its files in the recycle bin, if any. Perform this task in user view.
To format a storage medium that has been partitioned, you must format all the partitions individually, instead of formatting the medium as a whole. You can format a storage medium only when no one is accessing the medium. Perform this task in user view. Task Command Format a storage medium.
Restrictions and guidelines It is normal that the specified partition size and the actual partition size have an error less than 5% of the total memory. Before partitioning a USB disk: Back up the files in the storage medium. The partition operation clears all data in the medium. •...
Managing configuration files Overview You can use the CLI or the Boot menu to manage configuration files. This chapter explains how to manage configuration files from the CLI. A configuration file saves a set of commands for configuring software features on the device. You can save any configuration to a configuration file so they can survive a reboot.
To display the running configuration, use the display current-configuration command. The displayed configuration does not include parameters that use initial settings. Startup configuration loading process Figure 28 shows the configuration loading process during startup. Figure 28 Configuration loading process during startup Start Boot ROM runs Enter Boot menu?
If you have not specified a backup startup configuration file, or the specified backup startup configuration file is not available, the device starts up with the factory defaults. If a parameter is not included in the factory defaults, its initial setting is used. Configuration file formats Configuration files you specify for saving configuration must use the .cfg extension.
Enabling configuration encryption Configuration encryption enables the device to encrypt a startup configuration file automatically when it saves the running configuration. All HP devices running Comware V7 software use the same private key or public key to encrypt configuration files.
[ all | slot specifying the file as a slot-number ] next-startup configuration file. For reliable configuration saving, HP recommends that you specify the safely keyword. If you execute the save [ safely ] command without specifying any other...
Configuring configuration archive parameters Before archiving the running configuration, either manually or automatically, you must configure a file directory and file name prefix for configuration archives. Configuration archives are saved with the file name format prefix_serial number.cfg, for example, 20080620archive_1.cfg and 20080620archive_2.cfg. The serial number is automatically assigned from 1 to 1000, increasing by 1.
To enable automatic configuration archiving: Step Command Remarks Enter system view. system-view By default, this function is disabled. Enable automatic To view configuration archive configuration archiving and archive configuration interval minutes names and their archiving time, set the archiving interval. use the display archive configuration command.
is undo A C, the configuration rollback function cannot undo the A B C command, because the system does not recognize the undo A B C command. A command (for example, a hardware-dependent command) cannot be deleted, overwritten, or • undone due to system restrictions.
You have read and write permissions to the server. • To back up the main next-startup configuration file to a TFTP server: Step Command Remarks (Optional.) Verify that a If no next-startup configuration file next-startup configuration file display startup has been specified, the backup has been specified in user operation will fail.
The file is corrupt or not fully compatible with the device. • If both the main and backup next-startup configuration files are deleted, the device uses factory defaults at the next startup. To delete a file that is set as both main and backup next-startup configuration files, you must execute both the reset saved-configuration backup command and the reset saved-configuration main command.
Upgrading software Overview Software upgrade enables you to have new features and fix bugs. This chapter describes types of software and how to upgrade software from the CLI without using ISSU. For a comparison of all software upgrade methods, see "Upgrade methods."...
Comware image redundancy and loading procedure You can specify two lists of Comware software images: one main (primary) and one backup. The system always attempts to start up with the main images. If any main images do not exist or are invalid, the system tries the backup images.
Figure 30 System startup process Start Boot ROM runs Enter Boot menus to Press Ctrl+B upgrade Boot ROM or promptly? startup software images Startup software images System starts up and CLI appears Upgrade methods Upgrading method Software types Remarks • Boot ROM image Upgrading from the CLI This method is disruptive.
Download the upgrade software image file. (Optional.) Preload the Boot ROM image to the Boot ROM. If a Boot ROM upgrade is required, you can perform this task to shorten the subsequent upgrade time. This task helps avoid upgrade problems caused by unexpected electricity failure. If you skip this task, the device upgrades the Boot ROM automatically when it upgrades the startup software images.
Specifying the startup image file and completing the upgrade Perform this task in user view. Step Command Remarks • Use an .ipe file for upgrade: boot-loader file ipe-filename slot slot-number { backup | main } Specify the main or backup •...
Step Command Remarks Verify that the current software images (Optional.) Verify the display boot-loader [ slot are the same as the startup software software image settings. slot-number ] images. Displaying and maintaining software image settings Execute display commands in any view. Task Command Display current software images and startup...
# Use TFTP to download the image file startup-r2310.ipe from the TFTP server to the root directory of the flash on the master device. <Sysname> tftp 2.2.2.2 get startup-r2310.ipe # Back up the image file to startup-r2310-backup.ipe. Skip this step if the flash does not have sufficient space.
ISSU overview The In-Service Software Upgrade (ISSU) function enables software upgrade with the least amount of downtime. ISSU is implemented on the basis of the following design advantages: Separation of service features from basic functions. The software of the device includes a boot •...
To install or uninstall patches, you can use only the install command series. To perform the other ISSU tasks, you can use either of the install command series or the issu command series. HP recommends that you use the issu command series.
Table 13 Comparison between the two command series Item issu series commands install series commands Required compatibility between the old and new Compatible or incompatible. Compatible. software versions Support installing and Yes. uninstalling patches? Upgrade an IRF fabric as per Advanced upgrade mode.
Use FTP or TFTP to transfer the software image files or the .ipe file to the root directory of the • master's storage medium. Before a subordinate member is upgraded, the system will automatically copy the files to the subordinate member. ISSU guidelines Before starting an ISSU, complete the following tasks: Enable GR or NSR for protocols including LDP, RSVP, OSPF, ISIS, BGP, and FSPF, and disable BFD...
Page 120
you can use the install series displaying and maintaining commands with the issu series configuration commands. At reboot, a subordinate device automatically synchronizes the master device's configuration and • status data. This process takes some time. You must wait for the synchronization to complete before using the issu load command on the subordinate device.
Performing an ISSU by using issu series commands The ISSU procedure varies depending on whether the IRF fabric has a single or multiple members. Performing an ISSU for a multichassis IRF fabric Before upgrade, use the display version comp-matrix file { boot filename | system filename | feature filename&<1-30>...
If the filename | feature configure the member devices of the IRF fabric are filename&<1-30> } * slot upgrade images connected into a ring topology, HP slot-number&<1-9> as the main recommends that you specify half of the startup software •...
Step Command Remarks Upgrade the • Method 1: member and issu load file { boot filename | system configure the filename | feature filename&<1-30> } * upgrade images Specify the member ID of the only slot slot-number as the main member for the slot slot-number option.
Figure 32 Network diagram Upgrade procedure # Save the running configuration. <Sysname> save # Download the image file that contains the feature1 image from the TFTP server. <Sysname> tftp 2.2.2.2 get feature1-r0202.bin % Total % Received % Xferd Average Speed Time Time Time...
Page 126
Influenced service according to following table on slot 1: flash:/feature1-r0202.bin feature1 Influenced service according to following table on slot 2: flash:/feature1-r0202.bin feature1 The output shows that an incremental upgrade is recommended, and the feature1 module will be rebooted during the upgrade process. # Upgrade feature1 on the subordinate member.
flash:/boot-r2310.bin flash:/system-r2310.bin flash:/feature1-r0202.bin Active packages on slot 2: flash:/boot-r2310.bin flash:/system-r2310.bin flash:/feature1-r0202.bin Software image upgrade to an incompatible version Upgrade requirements The IRF fabric comprises two members: the master member with the member ID 1 and the subordinate member with the member ID 2. Upgrade feature1 from R0201 to R0202, which is an incompatible version.
Page 128
# Identify the ISSU method to be used for the upgrade and view the possible impact of the upgrade. <Sysname> display version comp-matrix file feature flash:/feature1-r0202.bin Feature image: flash:/feature1-r0202.bin Version: V700R001B45D002 Version Compatibility List: V700R001B45D002 Version Dependency System List: V700R001B45D001 V700R001B45D002 Incompatible upgrade.
Software image rollback example Rollback requirement The IRF fabric comprises two members: the master member with the member ID 1 and the subordinate member with the member ID 2. R0202 and R0201 are compatible. Roll back feature1 from R0202 to R0201 after upgrading it from R0201 to R0202. Figure 34 Network diagram Rollback procedure # Save the running configuration.
Page 130
V700R001B45D002 Version Dependency System List: V700R001B45D001 V700R001B45D002 Slot Upgrade Way Service Upgrade Service Upgrade Influenced service according to following table on slot 1: flash:/feature1-r0202.bin feature1 Influenced service according to following table on slot 2: flash:/feature1-r0202.bin feature1 The output shows that an incremental upgrade is recommended, and the feature1 module will be rebooted during the upgrade process.
Page 131
flash:/feature1-r0201.bin Active packages on slot 2: flash:/boot-r2310.bin flash:/system-r2310.bin flash:/feature1-r0202.bin # Roll back feature1 to R0201. <Sysname> issu rollback This command will quit the ISSU process and roll back to the previous version. Continue? [Y/N]:Y # Verify that both members are running the old image. <Sysname>...
Performing an ISSU by using install series commands Performing an ISSU Obtaining and decompressing an .ipe file If the images required for the ISSU are distributed in an .ipe file, you must obtain and decompress the .ipe file before starting the ISSU. Follow these steps: Transfer the .ipe file to the root directory of the master device's storage medium by using FTP or TFTP.
Step Command install activate { boot filename | system filename | feature Activate the images. filename&<1-30> } * slot slot-number (Optional.) Confirm the software install commit changes. To install or upgrade patch images, execute the following commands in user view: Step Command Activate the patch images.
For an incremental upgrade, up to 50 rollback points are supported. After the limit is reached, the oldest rollback points are deleted to make room for newly created rollback points. For ISSU reboot upgrades and reboot upgrades, the system does not record and maintain any rollback point, and you can roll back the software configuration only to the original software configuration.
IMPORTANT: Removing a software image deletes the image file from the device permanently. You cannot use the install rollback to command to revert the operation, or use the install abort command to abort the operation. To remove inactive software images, execute one of the following commands as appropriate in user view: Task Command...
Page 136
256k 256k 764k 0 --:--:-- --:--:-- --:--:-- 810k # Decompress the .ipe file. <Sysname> install add flash:/feature1-r0202.ipe flash: # Display active software images. <Sysname> display install active Active packages on slot 1: flash:/boot-r2310.bin flash:/system-r2310.bin flash:/feature1-r0201.bin Active packages on slot 2: flash:/boot-r2310.bin flash:/system-r2310.bin flash:/feature1-r0201.bin...
Copying file flash:/feature1-r0202.bin to slot2#flash:/feature1-r0202.bin..Done. Upgrade summary according to following table: flash:/feature1-r0202.bin Running Version New Version Alpha 0201 Alpha 0202 Slot Upgrade Way Service Upgrade Upgrading software images to compatible versions. Continue? [Y/N]: y <Sysname> install activate feature flash:/feature1-r0202.bin slot 1 Upgrade summary according to following table: flash:/feature1-r0202.bin Running Version...
Page 138
Active packages on slot2: flash:/boot-r2310.bin flash:/system-r2310.bin flash:/feature1-r0202.bin # Display available rollback points. <Sysname> display install rollback Install rollback information 1 on slot 1: Updating from flash:/feature1-r0201.bin to flash:/feature1-r0202.bin. Install rollback information 2 on slot 2: Updating from flash:/feature1-r0201.bin to flash:/feature1-r0202.bin. # Roll back feature1 to R0201.
Using the emergency shell At startup, the device tries to locate and load the Comware startup software images, which might include a boot image, a system image, some feature images, and some patch images. If the boot image exists and can be used but the system image or any feature or patch image is missing or corrupted, the device enters emergency shell mode.
Task Command Remarks Display the contents of more file-url a file. Permanently delete a delete file-url file. To delete a folder, first delete all files and child folders Delete a folder. rmdir directory in the folder. Format a storage format storage-medium medium.
Step Command Remarks Enter management interface m-eth0 Ethernet port view. By default, the management Assign an IPv6 address ipv6 address ipv6-address prefix-length Ethernet port has no IPv6 to the port. address. By default, the management Specify an IPv6 gateway ipv6 gateway ipv6-address Ethernet port has no IPv6 for the port.
Task Command Telnet to an IPv4 server. telnet server-ipv4-address Use SSH to connect to an IPv4 server. ssh2 server-ipv4-address ftp server-ipv4-address user username password Use FTP to download a file from or upload a file to password { get remote-file local-file | put local-file an IPv4 server.
Displaying device information in emergency shell mode Execute display commands in any view. Task Command Display copyright information. display copyright Display software package information. display install package package Display management Ethernet port information. display interface m-eth0 Display IPv4 routing information. display ip routing-table Display IPv6 routing information.
Page 144
# Check the version information of the boot image. <boot>display version HP Comware Software Copyright (c) 2004-2015 Hewlett-Packard Development Company, L.P. HP 5920AF uptime is 0 weeks, 0 days, 0 hours, 36 minutes Boot image: flash:/5920-cmw710-boot-R2310.bin Boot image version: 7.1.045 HP 5920AF with 2 Processors...
Page 145
Platform version: 7.1.045 Product version: Ess 2405 Supported board: mpu [Component] Component: system Description: system package # Load the system image to start the Comware system. <boot> install load flash:/system.bin Check package flash:/5920-cmw710-system-R2310.bin ... Extracting package ... Loading... Line aux0 is available. Press ENTER to get started.
CLI. For example, if the device name is Sysname, the user view prompt is <Sysname>. To configure the device name: Step Command Remarks Enter system view. system-view Configure the device name. sysname sysname The default device name is HP.
Configuring the system time Specifying the system time source The device can use one of the following system time sources: None—Local system time, which is manually configured at the CLI. • PTP—PTP time source. When the device uses the PTP time source, you cannot change the system •...
Step Command Remarks clock summer-time name start-time By default, daylight saving time is Set the daylight saving time. start-date end-time end-date disabled. add-time Enabling displaying the copyright statement After you enable displaying the copyright statement, the device displays the copyright statement in the following situations: •...
Single-line banner. • A single-line banner must be input in the same line as the command. The start and end delimiters for the banner can be any printable character, but they must be the same and must not be included in the banner.
Step Command Remarks By default, the device does not have a Configure the MOTD banner. header motd text banner. By default, the device does not have a Configure the login banner. header login text banner. Configure the incoming By default, the device does not have a header incoming text banner.
Rebooting the device CAUTION: A device reboot might interrupt network services. • To avoid configuration loss, use the save command to save the running configuration before a reboot. • Fundamentals Command Reference For more information about the save command, see Before a reboot, use the display startup and display boot-loader commands to verify that you have •...
Task Command Remarks Specify the reboot date scheduler reboot at time [ date ] By default, no reboot date or time is specified. and time. Specify the reboot delay scheduler reboot delay time By default, no reboot delay time is specified. time.
Page 153
Step Command Remarks By default, no job is assigned to a schedule. Assign a job to a job job-name You can assign multiple jobs to a schedule. schedule. The jobs will be executed concurrently. • Specify the execution date and Configure one command as time: required.
Schedule configuration example Network requirements To save energy, configure the device to enable interfaces Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 at 8:00 a.m. every Monday through Friday and disable the interfaces at 18:00 every Monday through Friday. Figure 37 Network diagram Scheduling procedure # Enter system view.
Page 155
[Sysname-job-start-Ten-GigabitEthernet1/0/2] command 1 system-view [Sysname-job-start-Ten-GigabitEthernet1/0/2] command 2 interface ten-gigabitethernet 1/0/2 [Sysname-job-start-Ten-GigabitEthernet1/0/2] command 3 undo shutdown [Sysname-job-start-Ten-GigabitEthernet1/0/2] quit # Configure a periodic schedule for enabling the interfaces at 8:00 a.m. every Monday through Friday. [Sysname] scheduler schedule START-pc1/pc2 [Sysname-schedule-START-pc1/pc2] job start-Ten-GigabitEthernet1/0/1 [Sysname-schedule-START-pc1/pc2] job start-Ten-GigabitEthernet1/0/2 [Sysname-schedule-START-pc1/pc2] time repeating at 8:00 week-day mon tue wed thu fri [Sysname-schedule-START-pc1/pc2] quit...
Page 156
----------------------------------------------------------------------- Job name Last execution status start-Ten-GigabitEthernet1/0/1 Successful start-Ten-GigabitEthernet1/0/2 Successful Schedule name : STOP-pc1/pc2 Schedule type : Run on every Mon Tue Wed Thu Fri at 18:00:00 Start time : Wed Sep 28 18:00:00 2011 Last execution time : Wed Sep 28 18:00:00 2011 Last completion time : Wed Sep 28 18:00:01 2011 Execution counts -----------------------------------------------------------------------...
Job name : shutdown-Ten-GigabitEthernet1/0/2 Schedule name : STOP-pc1/pc2 Execution time : Wed Sep 28 18:00:00 2011 Completion time : Wed Sep 28 18:00:01 2011 --------------------------------- Job output ----------------------------------- <Sysname>system-view System View: return to User View with Ctrl+Z. [Sysname]interface ten-gigabitethernet 1/0/2 [Sysname-Ten-GigabitEthernet1/0/2]shutdown Disabling password recovery capability Password recovery capability controls console user access to the device configuration and SDRAM from...
Step Command Remarks Enter system view. system-view fan prefer-direction slot The default preferred airflow Configure the preferred slot-number { power-to-port | direction is from the power side to airflow direction. port-to-power } the port side. Setting the port status detection timer The device starts a detection timer when a port is shut down by a protocol.
Page 159
If a free-memory threshold is exceeded, the system generates an alarm notification or an • alarm-removed notification and sends it to affected service modules or processes. The device supports the following free-memory thresholds: Normal state threshold. Minor alarm threshold. Severe alarm threshold. Critical alarm threshold.
Figure 38 Memory alarm notification and alarm-removed notification Free memory space Minor alarm-removed Normal Minor Severe alarm-removed alarm Minor Critical alarm-removed Severe alarm Severe Critical alarm Critical Time To set memory thresholds: Step Command Remarks Enter system view. system-view The defaults are as follows: •...
Step Command Remarks To view the default settings, use the undo temperature-limit command to restore the defaults and then execute the display environment command. temperature-limit slot slot-number Configure the temperature The high-temperature alarming hotspot sensor-number lowlimit alarm thresholds. threshold must be higher than the warninglimit [ alarmlimit ] high-temperature warning threshold.
Task Command Remarks Display the electrical label display transceiver manuinfo This command cannot display information of transceiver interface [ interface-type information for some transceiver modules. interface-number ] } modules. Diagnosing transceiver modules The device provides the alarm and digital diagnosis functions for transceiver modules. When a transceiver module fails or is not operating correctly, you can do the following: Check the alarms that exist on the transceiver module to identify the fault source.
Task Command Remarks Restore the factory-default settings This command takes effect after a restore factory-default and states. device reboot. Displaying and maintaining device management configuration Execute display commands in any view and reset commands in user view. Task Command Display the system time, date, local time zone, and display clock daylight saving time.
Page 164
Task Command Display system version information. display version Display the startup software image upgrade history display version-update-record records of the master. Clear job execution log information. reset scheduler logfile...
Using Tcl Comware V7 provides a built-in tool command language (Tcl) interpreter. From user view, you can use the tclsh command to enter Tcl configuration view to execute the following commands: • Tcl 8.5 commands. Comware commands. • The Tcl configuration view is equivalent to the user view. You can use Comware commands in Tcl configuration view in the same way they are used in user view.
Page 166
Enter multiple Comware commands separated by semi-colons to execute the commands in the order they are entered. For example, ospf 100;area 0. Specify multiple Comware commands for the cli command, quote them, and separate them by a space and a semicolon. For example, cli "ospf 100 ; area 0". Specify one Comware command for each cli command and separate them by a space and a semicolon.
Using Python Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.
Page 168
Configuration procedure # Use a text editor on the PC to edit Python script test.py as follows: #!usr/bin/python import comware comware.Transfer('tftp', '192.168.1.26', 'main.cfg', 'flash:/main.cfg') comware.Transfer('tftp', '192.168.1.26', 'backup.cfg', 'flash:/backup.cfg') comware.CLI('startup saved-configuration flash:/main.cfg main ;startup saved-configuration flash:/backup.cfg backup') # Use TFTP to download the script to the device. <Sysname>...
Comware V7 extended Python API The Comware V7 extended Python API is compatible with the Python syntax. Importing and using the Comware V7 extended Python API To use the Comware V7 extended Python API, you must import the API to Python. Use either of the following methods to import and use the Comware V7 extended Python API: Use import comware to import the entire API and use comware.API to execute an API.
Page 170
Parameters command: Specifies the commands to be executed. To enter multiple commands, use a space and a semicolon (;) as the delimiter. To enter a command in a view other than user view, you must first enter the commands used to enter the view. For example, you must enter ’system-view ;local-user test class manage’...
Transfer class Transfer Use Transfer to download a file from a server. Syntax Transfer(protocol=‘’, host=‘’, source=‘’, dest=‘’, vrf=‘’,login_timeout=10, user=‘’, password=‘’) Parameters protocol: Specifies the protocol used to download a file: • ftp—Uses FTP. tftp—Uses TFTP. • http—Uses HTTP. • host: Specifies the IP address of the remote server. source: Specifies the name of the file to be downloaded from the remote server.
Examples # Download file test.cfg from TFTP server 1.1.1.1 and get the error information from the operation. <Sysname> python Python 2.7.3 (default, May 24 2014, 14:37:26) [GCC 4.4.1] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import comware >>>...
Page 173
[[- 1 ,slot-number]]—The IRF fabric has only one subordinate device. • • [[- 1 ,slot-number1],[- 1 ,slot-number2],...]—The IRF fabric has multiple subordinate devices. The slot-number arguments indicate the member IDs of the subordinate devices. Examples # Get the member IDs of all subordinate devices. <Sysname>...
Using automatic configuration Overview With the automatic configuration feature, the device can automatically obtain a set of configuration settings when it starts up without a configuration file. This feature simplifies network configuration and maintenance. Automatic configuration applies to scenarios that have the following characteristics: A number of devices need to be configured.
Tasks at a glance (Optional.) Configuring the gateway (Required.) Selecting the interfaces used for automatic configuration (Required.) Starting and completing automatic configuration Configuring the file server For devices to obtain configuration information from a TFTP server, start TFTP service on the file server. For devices to obtain configuration information from an HTTP server, start HTTP service on the file server.
no common configuration file is found when a TFTP file server is used, the device obtains and uses the default configuration file. Script files Script files can be used for automatic software upgrade and automatic configuration. The device supports Python scripts (.py files) and Tcl scripts (.tcl files). For more information about Python and Tcl scripts, see "Using Python"...
Step Command Remarks • (Method 1.) Specify the primary subnet for the address pool: Use either or both methods. network network-address [ mask-length | mask mask ] By default, no primary subnet or static binding is configured. • (Method 2.) Configure a static Configure the address binding: You can add multiple static bindings.
The TFTP server does not have a host name file. However, devices need to perform the following • tasks: Use their IP addresses to obtain their host names. Obtain configuration files named in the format of host name.cfg from the TFTP server. The DHCP server assigns the TFTP server domain name through the DHCP reply message.
Page 179
Configure the servers and gateways so the access devices can obtain a configuration file to complete the following configuration tasks: Enable administrators of access devices to Telnet to and manage their respective access devices. • Require administrators to enter their respective usernames and passwords at login. •...
[SwitchA-dhcp-pool-market] tftp-server ip-address 192.168.1.40 [SwitchA-dhcp-pool-market] gateway-list 192.168.2.1 [SwitchA-dhcp-pool-market] bootfile-name market.cfg [SwitchA-dhcp-pool-market] quit # Configure the address pool rd to assign IP addresses on subnet 192.168.3.0/24 to clients in the R&D department. Specify the TFTP server, gateway, and configuration file name for the clients. [SwitchA] dhcp server ip-pool rd [SwitchA-dhcp-pool-rd] network 192.168.3.0 24 [SwitchA-dhcp-pool-rd] tftp-server ip-address 192.168.1.40...
Page 181
[SwitchC-Vlan-interface2] ip address 192.168.1.43 24 [SwitchC-Vlan-interface2] quit [SwitchC] vlan 3 [SwitchC-vlan3] port Ten-GigabitEthernet 1/0/1 [SwitchC-vlan3] port Ten-GigabitEthernet 1/0/2 [SwitchC-vlan3] quit [SwitchC] interface vlan-interface 3 [SwitchC-Vlan-interface3] ip address 192.168.3.1 24 [SwitchC-Vlan-interface3] quit # Enable DHCP. [SwitchC] dhcp enable # Enable the DHCP relay agent on VLAN-interface 3. [SwitchC] interface vlan-interface 3 [SwitchC-Vlan-interface3] dhcp select relay # Specify the DHCP server address.
Page 182
telnet server enable vlan 3 local-user rd password simple rd service-type telnet quit interface Vlan-interface3 ip address dhcp-alloc quit interface Ten-GigabitEthernet1/0/1 port access vlan 3 quit user-interface vty 0 4 authentication-mode scheme user-role network-admin return # Start TFTP service software, and specify the folder where the two configuration files reside as the working directory.
Telnet to 192.168.2.2 from Switch A. <SwitchA> telnet 192.168.2.2 Enter the username market and password market as prompted. (Details not shown.) You are logged in to Switch D or Switch E. Automatic configuration using HTTP server and Tcl script Network requirements As shown in Figure 42, Switch A does not have a configuration file.
user-role network-admin quit interface Ten-GigabitEthernet 1/0/1 port link-mode route ip address dhcp-alloc return # Start HTTP service software and enable HTTP service. (Details not shown.) Verifying the configuration Power on Switch A. After Switch A starts up, display assigned IP addresses on Device A. <DeviceA>...
# Enable DHCP. <DeviceA> system-view [DeviceA] dhcp enable # Configure address pool 1 to assign IP addresses on subnet 192.168.1.0/24 to clients. [DeviceA] dhcp server ip-pool 1 [DeviceA-dhcp-pool-1] network 192.168.1.0 24 # Specify the URL of the script file for the clients. [DeviceA-dhcp-pool-1] bootfile-name http://192.168.1.40/device.py Configure the HTTP server: # Edit the configuration file device.py on the HTTP server.
Page 186
Figure 44 Network diagram Configuration procedure Assign IP addresses to the interfaces. Make sure the devices can reach each other. (Details not shown.) Configure the following files on the HTTP server: File Content Remarks You can create a configuration file by copying and modifying the .cfg configuration file Commands required for IRF setup.
Page 187
File Content Remarks Python commands and APIs that complete the following tasks: • (Optional.) Verifies that the flash memory has sufficient space for the files to be downloaded. • Downloads the configuration file and sn.txt. For more information about Python •...
Page 188
* indicates the device is the master. + indicates the device through which the user logs in. The Bridge MAC of the IRF is: 000c-1000-1111 Auto upgrade : yes Mac persistent : always Domain ID Auto merge : yes The output shows that the switches have formed an IRF fabric.
Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 191
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Index configuration archive parameters, configuration archiving (automatic), running configuration (manual), RBAC AAA authorization, argument (CLI string/text type), RBAC default user role feature, ASCII transfer mode, RBAC local AAA authentication user assigning configuration, CLI user line assignment, RBAC user role local AAA authentication, RBAC local AAA authentication user role, RBAC user role non-AAA authentication, RBAC non-AAA authentication user role,...
Page 193
login management command displaying software image settings, authorization, 43, startup image file specification, login management user access control, Boot ROM RBAC temporary user role authorization, Boot ROM image preload, auto software image type, 101, automatic configuration archiving, software upgrade preparation, configuration.
Page 194
emergency shell use, 131, Python, 159, enter system view from user view, Tcl, local console/AUX port login, completing login authentication modes, software upgrade, login management overview, compressing login overview, file, 85, maintaining login, Comware online help access, Boot software image type, output control, feature package, output control keys,...
Page 196
creating emergency shell system software image load, file system directory, emergency shell use, 131, RBAC user role, enter system view from user view, file system management, file system storage media formatting, deactivating file system storage media management, ISSU deactivate operation, file system storage media mount, decompressing file system storage media repair,...
Page 197
banner input modes, 140, file system directory removal, banner types, 140, file system management, configuration, 138, FTP server directory management, copyright statement display, 140, disabling CPU usage monitoring, 138, 150, CLI output screen pausing, device name configuration, 138, device password recovery capability, 149, device reboot, 143, device USB interface, 153, device reboot (immediate), 143,...
Page 198
configuration encryption, software file naming, device copyright statement display, 140, system. See file system RBAC default user role feature, text content display, encrypting file system private key, current working directory change, public key, current working directory display, entering directory creation, CLI entered-but-not-submitted command directory information display, redisplay,...
Page 199
automatic configuration (file server), ISSU HTTP feature compatible upgrade (issu series commands), 1 16 basic server parameters configuration, ISSU HTTP feature incompatible upgrade (issu series client configuration (centralized IRF device), commands), 1 19 client connection establishment, ISSU HTTP feature rollback (install series command help information display, commands), 129, configuration,...
Page 200
ISSU software image installation, ISSU install series commands, 127, ISSU software image upgrade, ISSU issu series commands, 1 16 installing, 124, See also install series commands ISSU methods, ISSU software images (install series ISSU methods (compatible), commands), ISSU methods (incompatible), interface, 15, See also line ISSU overview,...
Page 201
patch image uninstall (install series login management CLI console/AUX scheme commands), authentication, restrictions, 1 10 login management CLI local console/AUX port login, single-chassis IRF fabric, 1 14 login management CLI login, software activate/deactivate (install series commands), login management CLI login authentication modes, software change confirmation status (install series commands),...
Page 208
rebooting device with emergency shell, unmounting file system storage media, removing directory, upgrading ISSU software images (install series commands), removing ISSU inactive software image (install series commands), upgrading software (non-ISSU), renaming file, upgrading software with non-ISSU method, repairing file system storage media, using CLI command history function, restoring factory-default settings and states, using CLI command hotkey,...
Page 209
rule configuration restrictions, Tcl, temporary user role authorization, unmounting file system storage media, temporary user role authorization returning configuration, to upper-level view from any view, troubleshooting, to user view, troubleshooting local user access role-based access control. Use RBAC permissions, rolling back troubleshooting login attempts by RADIUS users configuration, 95, fail,...
Page 210
login management CLI console/AUX common RBAC user role VPN instance policy, user line settings, selecting login management CLI console/AUX scheme automatic configuration interface, authentication, server script automatic configuration (DHCP server), extended Python API, automatic configuration (DNS server), extended Python API functions, automatic configuration (file server), Python, 159, 159, automatic configuration (HTTP server+Python...
Page 213
extended Python API use, login management CLI local console/AUX port login, file system directory management, login management CLI login, file system file management, login management CLI login authentication file system file name formats, modes, file system management, login management CLI user lines, file system storage media management, login management CLI user roles, file system storage media naming rules,...
Page 215
interface, 15, See also user line Python, 159, interface login management VTY common line Tcl, settings, undo command form, user access RBAC configuration, 50, 53, verifying RBAC feature group configuration, device transceiver modules, 153, 153, 153, RBAC HWTACACS authentication user ISSU software change confirmation status (install configuration, series commands),...