1. Manuals
  2. Brands
  3. HP Enterprise Manuals
  4. Switch
  5. FlexNetwork 10500 Series
  6. Configuration manual

HP Enterprise FlexNetwork 10500 Series Configuration Manual

Fundamentals configuration guide
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
HPE FlexNetwork 10500 Switch Series
Fundamentals Configuration Guide
Part number: 5200-1887a
Software version: 10500-CMW710-R7557P01
Document version: 6W101-20171020

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the FlexNetwork 10500 Series and is the answer not in the manual?

Questions and answers

Related Manuals for HP Enterprise FlexNetwork 10500 Series

Summary of Contents for HP Enterprise FlexNetwork 10500 Series

  • Page 1 HPE FlexNetwork 10500 Switch Series Fundamentals Configuration Guide Part number: 5200-1887a Software version: 10500-CMW710-R7557P01 Document version: 6W101-20171020...
  • Page 2 © Copyright 2017 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Contents Using the CLI ································································································· 1 CLI views···························································································································································· 1 Entering system view from user view ········································································································· 2 Returning to the upper-level view from any view ······················································································· 2 Returning to user view ······························································································································· 2 Accessing the CLI online help ···························································································································· 2 Using the undo form of a command ···················································································································...
  • Page 4 Troubleshooting RBAC ···································································································································· 42 Local users have more access permissions than intended ······································································ 42 Login attempts by RADIUS users always fail ··························································································· 42 Login overview ····························································································· 44 Using the console port for the first device access ········································ 46 Configuring CLI login ··················································································· 47 CLI overview ····················································································································································...
  • Page 5 Configuring FTP ·························································································· 84 FIPS compliance ·············································································································································· 84 Using the device as an FTP server ·················································································································· 84 Configuring basic parameters ·················································································································· 84 Configuring authentication and authorization ··························································································· 85 Manually releasing FTP connections ······································································································· 86 Displaying and maintaining the FTP server ····························································································· 86 FTP server configuration example in standalone mode ···········································································...
  • Page 6 Managing configuration files ······································································ 108 Overview ························································································································································ 108 Configuration types ································································································································ 108 Next-startup configuration file redundancy····························································································· 109 Configuration file formats ······················································································································· 109 Startup configuration file selection ········································································································· 109 Configuration file content organization and format ················································································· 109 FIPS compliance ············································································································································ 110 Enabling configuration encryption ··················································································································...
  • Page 7 Performing an ISSU by using install commands ···························································································· 136 ISSU task list ·········································································································································· 136 Decompressing an .ipe file ····················································································································· 137 Installing or upgrading software images································································································· 137 Uninstalling feature or patch images ······································································································ 138 Aborting a software activate/deactivate operation ················································································· 139 Committing software changes ················································································································...
  • Page 8 Configuring banners ······································································································································· 196 Banner types ·········································································································································· 196 Banner input methods ···························································································································· 196 Configuration procedure ························································································································· 197 Setting the system operating mode················································································································ 198 Rebooting the device ····································································································································· 198 Configuration guidelines ························································································································· 199 Rebooting devices immediately at the CLI ····························································································· 199 Scheduling a device reboot ····················································································································...
  • Page 9 Running the primary extended BootWare segment ··············································································· 237 Running the backup extended BootWare segment················································································ 237 Using the EXTENDED-BOOTWARE menu on LSU1SUPB0 (JG496A) MPUs ············································· 238 Running the Comware software ············································································································· 240 Upgrading Comware software through the console port ········································································ 241 Upgrading Comware software through the management Ethernet port·················································...

  • Page 10: Using The Cli

    Using the CLI At the command-line interface (CLI), you can enter text commands to configure, manage, and monitor the device. You can use different methods to log in to the CLI, including through the console port, Telnet, and SSH. For more information about login methods, see "Login overview."...

  • Page 11: Entering System View From User View

    Entering system view from user view Task Command system-view Enter system view. Returning to the upper-level view from any view Task Command Return to the upper-level view from any view. quit Executing the quit command in user view terminates your connection to the device. In public key view, use the peer-public-key end command to return to system view.

  • Page 12: Using The Undo Form Of A Command

    display Display current system information erase Alias for 'delete' exception Exception information configuration exit Alias for 'quit' fdisk Partition a storage medium fixdisk Check and repair a storage medium format Format a storage medium ---- More ---- • Enter a space and a question mark after a command keyword to display all available keywords and arguments.

  • Page 13: Entering A Command

    Entering a command When you enter a command, you can perform the following tasks: • Use keys or hotkeys to edit the command line. • Use abbreviated keywords or keyword aliases. Editing a command line To edit a command line, use the keys listed in Table 1 or the hotkeys listed in Table...

  • Page 14: Entering An Interface Type

    A string type argument value can contain any printable characters except for the following characters: • Question mark (?). • Quotation mark ("). • Backward slash (\). • Space. A specific argument might have more requirements. For more information, see the relevant command reference.

  • Page 15: Abbreviating Commands

    Full spelling Acronym VE-L2VPN L2VE Virtual-Template Vlan-interface Vlan-int Vsi-interface Abbreviating commands You can enter a command line quickly by entering incomplete keywords that uniquely identify the complete command. In user view, for example, commands starting with an s include startup saved-configuration and system-view.

  • Page 16: Configuring And Using Command Hotkeys

    Command alias Command or command keyword undo show display write save Configuration procedure To configure a command alias: Step Command Remarks Enter system view. system-view By default, the device has a set of Configure a command alias. alias alias command command aliases, as listed in Table (Optional.) Display command...

  • Page 17: Enabling Redisplaying Entered-But-Not-Submitted Commands

    Hotkey Function or command erase_the_character_to_the_left_of_the_cursor: Deletes the character to the Ctrl+H left of the cursor. Ctrl+K abort_the_connection_request: Aborts the connection request. Ctrl+L display ip routing-table: Displays routing table information. display_the_next_command_in_the_history_buffer: Displays the next Ctrl+N command in the history buffer. Ctrl+O undo debugging all: Disables debugging for all features and functions.

  • Page 18: Understanding Command-Line Error Messages

    Step Command Remarks Enter system view. system-view By default, the system does not redisplay entered-but-not-submitted commands. Enable redisplaying entered-but-not-sub info-center synchronous For more information about this command, see mitted commands. Network Management and Monitoring Command Reference. Understanding command-line error messages After you press Enter to submit a command, the command line interpreter examines the command syntax.

  • Page 19: Command Buffering Rules

    Command history buffer for all Item Command history buffer for a user line user lines • (Method 1.) Navigate to the command in the buffer and press Enter. • How to recall a (Method 2.) Use the repeat command. You cannot recall buffered buffered command? commands.

  • Page 20: Controlling The Cli Output

    Controlling the CLI output This section describes the CLI output control features that help you identify the desired output. Pausing between screens of output By default, the system automatically pauses after displaying a maximum of 24 lines if the output is too long to fit on one screen.

  • Page 21: Filtering The Output From A Display Command

    VLAN ID: 999 VLAN type: Static Route interface: Configured IP address: 192.168.2.1 Subnet mask: 255.255.255.0 Description: For LAN Access Name: VLAN 0999 Tagged ports: None Untagged ports: Gigabitethernet 1/0/1 Filtering the output from a display command You can use the | { begin | exclude | include } regular-expression option to filter the display command output.
  • Page 22 Characters Meaning Examples "[16A]" matches a string containing 1, 6, or A; "[1-36A]" matches a string containing 1, 2, 3, 6, or A (- is a hyphen). Matches a single character in the brackets. To match the character "]", put it immediately after "[", for example, []abc].

  • Page 23: Saving The Output From A Display Command To A File

    line class vty user-role network-operator line aux 0 user-role network-admin line vty 0 63 authentication-mode none user-role network-admin user-role network-operator # Display brief information about interfaces in up state. <Sysname> display interface brief | exclude DOWN Brief information on interfaces in route mode: Link: ADM - administratively down;...
  • Page 24 To save the output from a display command to a file, use one of the following commands in any view: Task Command Save the output from a display command to a separate file. display command > filename Append the output from a display command to the end of a file. display command >>...

  • Page 25: Viewing And Managing The Output From A Display Command Effectively

    Viewing and managing the output from a display command effectively You can use the following methods in combination to filter and manage the output from a display command: • Numbering each output line from a display command • Filtering the output from a display command •...

  • Page 26: Configuring Rbac

    Configuring RBAC Overview Role-based access control (RBAC) controls user access to items and system resources based on user roles. In this chapter, items include commands, Web pages, XML elements, and MIB nodes, and system resources include interfaces, VLANs, and VPN instances. RBAC assigns access permissions to user roles that are created for different job functions.
  • Page 27 The commands, Web menus, XML elements, and MIB nodes are controlled based on the following types: • Read—Commands, Web menus, XML elements, or MIB nodes that display configuration and maintenance information. For example, the display commands and the dir command. •...
  • Page 28 User role name Permissions • Accesses the display commands for features and resources in the system. To display all accessible commands of the user role, use the display role command. • Changes between MDC views. • Enables local authentication login users to change their own network-operator passwords.

  • Page 29: User Role Assignment

    User role name Permissions Security log manager. The user role has the following access rights to security log files: • Accesses the commands for displaying and maintaining security log files (for example, the dir, display security-logfile summary, and more commands). •...

  • Page 30: Configuration Task List

    Configuration task list Tasks at a glance (Required.) Creating a user role (Required.) Configuring user role rules (Optional.) Configuring a feature group (Required.) Configuring resource access policies: • Configuring the user role interface policy • Configuring the user role VLAN policy •...

  • Page 31: Configuration Restrictions And Guidelines

    Configuration restrictions and guidelines When you configure RBAC user role rules, follow these restrictions and guidelines: • For MDC configuration, only the rules configured by the following user roles take effect: network-admin, network-operator, mdc-admin, mdc-operator, and level-15. • You can configure a maximum of 256 user-defined rules for a user role. The total number of user-defined user role rules cannot exceed 1024.

  • Page 32: Configuring A Feature Group

    Step Command Remarks • Configure a command rule: rule number { deny | permit } command command-string • Configure a feature rule: rule number { deny | permit } By default, a user-defined user role { execute | read | write } * feature does not have any rule or access to [ feature-name ] any command, Web page, XML...

  • Page 33: Configuring Resource Access Policies

    Configuring resource access policies Every user role has one interface policy, VLAN policy, and VPN instance policy. By default, these policies permit a user role to access any interface, VLAN, and VPN instance. You can configure the policies of a user-defined user role or a predefined level-n user role to limit its access to interfaces, VLANs, and VPN instances.

  • Page 34: Configuring The User Role Vpn Instance Policy

    Configuring the user role VPN instance policy Step Command Remarks Enter system view. system-view Enter user role view. role name role-name By default, the VPN instance policy of the user role permits access to all VPN instances. Enter user role VPN vpn-instance policy deny This command denies the access of instance policy view.

  • Page 35: Assigning User Roles To Remote Aaa Authentication Users

    Step Command Remarks By default, the default user role feature is disabled. If you do not specify a user role, the following default user role settings apply: • For login to the default MDC, the default user role is Enable the default user role default-role enable network-operator.

  • Page 36: Assigning User Roles To Non-Aaa Authentication Users On User Lines

    Step Command Remarks Repeat this step to assign a maximum of 64 user roles to the user. The following default settings apply: • The network-operator user role is assigned to local users Authorize the user to have authorization-attribute created by a network-admin or a user role.

  • Page 37: Configuring Temporary User Role Authorization

    Step Command Remarks Repeat this step to specify a maximum of 64 user roles on a user line. The following MDC default settings apply: • The network-admin user role is specified on the AUX user line for default-MDC login users. The network-operator user role is specified on any other user line for default-MDC login users.
  • Page 38 • If RADIUS authentication is used, the following rules apply: The device does not use the username you enter to request user role authentication. It uses  a username in the $enabn$ format. The variable n represents a user role level, and a domain name is not included in the username.

  • Page 39: Configuring User Role Authentication

    Configuring user role authentication Step Command Remarks Enter system view. system-view Set an super authentication-mode authentication By default, local-only authentication applies. { local | scheme } * mode. The following default settings apply: (Optional.) Specify • the default target For default-MDC login users, the default user role for super default role role-name target user role is network-admin.

  • Page 40: Rbac Configuration Examples

    RBAC configuration examples RBAC configuration example for local AAA authentication users Network requirements As shown in Figure 2, the switch performs local AAA authentication for the Telnet user. The user account for the Telnet user is user1@bbb and is assigned user role role1. Configure role1 to have the following permissions: •...

  • Page 41: Rbac Configuration Example For Radius Authentication Users

    [Switch-role-role1] quit # Create a device management user named user1 and enter local user view. [Switch] local-user user1 class manage # Set a plaintext password of aabbcc for the user. [Switch-luser-manage-user1] password simple aabbcc # Set the service type to Telnet. [Switch-luser-manage-user1] service-type telnet # Assign role1 to the user.
  • Page 42 • Can configure only VLANs 1 to 20 and interfaces Ten-GigabitEthernet 1/0/1 to Ten-GigabitEthernet 1/0/4. The switch and the FreeRADIUS server use a shared key of expert and authentication port 1812. The switch delivers usernames with their domain names to the server. Figure 3 Network diagram RADIUS server 10.1.1.1/24...
  • Page 43 [Switch] domain bbb [Switch-isp-bbb] authentication login radius-scheme rad [Switch-isp-bbb] authorization login radius-scheme rad [Switch-isp-bbb] quit # Create feature group fgroup1. [Switch] role feature-group name fgroup1 # Add the arp and radius features to the feature group. [Switch-featuregrp-fgroup1] feature arp [Switch-featuregrp-fgroup1] feature radius [Switch-featuregrp-fgroup1] quit # Create user role role2.

  • Page 44: Rbac Temporary User Role Authorization Configuration Example (Hwtacacs Authentication) )

    [Switch] domain abc [Switch-isp-abc] authentication login radius-scheme abc [Switch-isp-abc] quit # Verify that you can use all read and write commands of the radius and arp features. This example uses radius. [Switch] radius scheme rad [Switch-radius-rad] primary authentication 2.2.2.2 [Switch-radius-rad] display radius scheme rad …...
  • Page 45 Configuration procedure Configure the switch: # Assign an IP address to VLAN-interface 2 (the interface connected to the Telnet user). <Switch> system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Assign an IP address to VLAN-interface 3 (the interface connected to the HWTACACS server).
  • Page 46 # Remove the default user role (network-operator). [Switch-luser-manage-test] undo authorization-attribute user-role network-operator [Switch-luser-manage-test] quit # Set the local authentication password to 654321 for user role level-3. [Switch] super password role level-3 simple 654321 [Switch] quit # Set the local authentication password to 654321 for user role network-admin. [Switch] super password role network-admin simple 654321 [Switch] quit Configure the HWTACACS server:...
  • Page 47 a. Select Shell (exec) and Custom attributes, and enter allowed-roles="network-admin" in the Custom attributes field. Use a blank space to separate the allowed roles. Figure 6 Configuring custom attributes for the Telnet user Verifying the configuration Telnet to the switch, and enter username test@bbb and password aabbcc to access the switch.

  • Page 48: Rbac Temporary User Role Authorization Configuration Example (Radius Authentication)

    tracert Tracert function <Switch> Verify that you can obtain the level-3 user role: # Use the super password to obtain the level-3 user role. When the system prompts for a username and password, enter username test@bbb and password enabpass. <Switch> super level-3 Username: test@bbb Password: The following output shows that you have obtained the level-3 user role.
  • Page 49 # Assign an IP address to VLAN-interface 2 (the interface connected to the Telnet user). <Switch> system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Assign an IP address to VLAN-interface 3 (the interface connected to the RADIUS server). [Switch] interface vlan-interface 3 [Switch-Vlan-interface3] ip address 10.1.1.2 255.255.255.0 [Switch-Vlan-interface3] quit...
  • Page 50 [Switch] quit Configure the RADIUS server: This example uses ACSv4.2. a. Add a user account named $enab0$ and set the password to 123456. (Details not shown.) b. Access the Cisco IOS/PIX 6.x RADIUS Attributes page. c. Configure the cisco-av-pair attribute, as shown in Figure Figure 8 Configuring the cisco-av-pair attribute Verifying the configuration...

  • Page 51: Troubleshooting Rbac

    Username: test@bbb Password: The following output shows that you have obtained the network-admin user role. User privilege role is network-admin, and only those commands that authorized to the role can be used. # If the ACS server does not respond, enter local authentication password abcdef654321 at the prompt.
  • Page 52 Configure the role default-role enable command. A RADIUS user can log in with the  default user role when no user role is assigned by the RADIUS server. Add the user role authorization attributes on the RADIUS server.  If the issue persists, contact Hewlett Packard Enterprise Support.

  • Page 53: Login Overview

    Login overview The first time you access the device, you can only log in to the CLI of the default MDC through the console port. After login, you can create non-default MDCs, change console login parameters, or configure other access methods. Table 10 describes the supported login methods, the default login settings, and the minimum configuration requirements.
  • Page 54 Default settings and minimum configuration Login Login method requirements configuration By default, Web login is disabled. To enable Web login, perform the following tasks: • Assign an IP address to a Layer 3 interface. Make sure the interface and the Web user's host can reach each other. Configuring Web Web login •...

  • Page 55: Using The Console Port For The First Device Access

    Using the console port for the first device access The first time you access the device, you can only log in to the CLI through the console port. To log in through the console port, prepare a console terminal, for example, a PC. Make sure the console terminal has a terminal emulation program, such as HyperTerminal or PuTTY.

  • Page 56: Configuring Cli Login

    Configuring CLI login By default, you can log in to the CLI through the console port. After you log in, you can configure other CLI login methods, including Telnet and SSH. To prevent illegal access to the CLI and control user behavior, perform the following tasks as required: •...

  • Page 57: Login Authentication Modes

    Each user line can be assigned only to one user at a time. If no user line is available, a CLI login attempt will be rejected. Login authentication modes You can configure login authentication to prevent illegal access to the device CLI. In non-FIPS mode, the device supports the following login authentication modes: •...

  • Page 58: Configuring Console Or Usb Console Login

    Configuring console or USB console login You can connect a terminal to the console port or USB console port of the device to log in and manage the device, as shown in Figure 10. For the login procedure, see "Using the console port for the first device access."...

  • Page 59: Configuring Password Authentication For Console Or Usb Console Login

    Step Command Remarks In non-FIPS mode, authentication is disabled for the console line and password authentication is enabled for the AUX line Disable authentication-mode none by default. authentication. In FIPS mode, scheme authentication is enabled by default. By default, a console user of the default Assign a user MDC is assigned the network-admin user user-role role-name...

  • Page 60: Configuring Scheme Authentication For Console Or Usb Console Login

    Configuring scheme authentication for console or USB console login Step Command Remarks Enter system view. system-view A setting in user line view applies only to the user line. A setting in user line class • view applies to all user lines of the class. Enter console or AUX line view: A non-default setting in either view takes...
  • Page 61 Step Command Remarks A setting in user line view applies only to the user line. A setting in user line class view applies to all user lines of the class. • Enter console or AUX line view: A non-default setting in either view takes line { aux | console } Enter precedence over a default setting in the...

  • Page 62: Configuring Telnet Login

    Step Command Remarks By default, the terminal display type is ANSI. The device supports ANSI and VT100 terminal display types. As a best practice, 11. Specify the specify VT100 type on both the device terminal display terminal type { ansi | vt100 } and the configuration terminal.
  • Page 63 Tasks at a glance (Required.) Perform one of the following tasks: • Disabling authentication for Telnet login • Configuring password authentication for Telnet login • Configuring scheme authentication for Telnet login (Optional.) Setting the maximum number of concurrent Telnet users (Optional.) Setting the DSCP value for outgoing Telnet packets (Optional.)
  • Page 64 ****************************************************************************** * Copyright (c) 2010-2017 Hewlett Packard Enterprise Development LP * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ****************************************************************************** <HPE> If the maximum number of login users has been reached, the login attempt fails and the message "All user lines are used, please try later!"...
  • Page 65 Password: <HPE> If the maximum number of login users has been reached, the login attempt fails and the message "All user lines are used, please try later!" appears. Configuring scheme authentication for Telnet login Step Command Remarks Enter system view. system-view A setting in user line view applies only to the user line.
  • Page 66 Setting the maximum number of concurrent Telnet users Step Command Remarks Enter system view. system-view The default is 32. Changing this setting does not affect users who are currently online. If the new limit is less than Set the maximum number aaa session-limit the number of online Telnet users, no additional of concurrent Telnet...
  • Page 67 Step Command Remarks A setting in user line view applies only to the user line. A setting in user line class view applies to all user lines of the class. • Enter VTY line view: A non-default setting in either view takes line vty first-number precedence over a default setting in the other [ last-number ]...

  • Page 68: Using The Device To Log In To A Telnet Server

    Using the device to log in to a Telnet server You can use the device as a Telnet client to log in to a Telnet server. If the server is located in a different subnet than the client, make sure the two devices can reach each other. Figure 11 Telnetting from the device to a Telnet server IP network Telnet client...

  • Page 69: Configuring The Device As An Ssh Server

    Configuring the device as an SSH server This section provides the SSH server configuration procedure used when the SSH client authentication method is password. For more information about SSH and publickey authentication configuration, see Security Configuration Guide. To configure the device as an SSH server: Step Command Remarks...

  • Page 70: Using The Device To Log In To An Ssh Server

    Step Command Remarks In non-FIPS mode, password authentication is enabled for VTY lines by default. In FIPS mode, scheme authentication is enabled for VTY lines by default. Enable scheme authentication-mode In VTY line view, this command is associated authentication. scheme with the protocol inbound command.

  • Page 71: Displaying And Maintaining Cli Login

    To work with the SSH server, you might need to specify a set of parameters. For more information, see Security Configuration Guide. Displaying and maintaining CLI login Execute display commands in any view. Task Command Remarks display users [ all ] Display online CLI users.

  • Page 72: Configuring Web Login

    Configuring Web login The device provides a built-in Web server that supports HTTP (1.0 and 1.1) and HTTPS. You can use a Web browser to log in to and configure the device. HTTPS uses SSL to ensure the integrity and security of data exchanged between the client and the server, and is more secure than HTTP.

  • Page 73: Configuring Https Login

    Step Command Remarks A password is saved in hashed form. By default, no password is configured for a local user. • • In non-FIPS mode: In non-FIPS mode, the local password [ { hash | simple } user can pass authentication Configure a password for the password ] after entering the correct...
  • Page 74 Step Command Remarks By default, no fixed verification code is (Optional.) Specify a configured. A Web user must enter the fixed verification code for web captcha verification-code verification code displayed on the login Web login. page at login. Enter system view. system-view By default, no SSL server policy is applied.

  • Page 75: Displaying And Maintaining Web Login

    Step Command Remarks (Optional.) Set the Web connection idle-timeout web idle-timeout minutes timer. The default is 32. Changing this setting does not affect users who are currently online. If the new setting is less than the number of (Optional.) Specify the aaa session-limit https online HTTPS users, no additional maximum number of...

  • Page 76: Web Login Configuration Examples

    Web login configuration examples HTTP login configuration example Network requirements As shown in Figure 13, the PC and the device can communicate over the IP network. Configure the device to allow the PC to log in by using HTTP. Figure 13 Network diagram 192.168.100.99/24 192.168.101.99/24 IP network...
  • Page 77 Figure 14 Network diagram Device 10.1.1.1/24 10.1.2.1/24 10.1.1.2/24 10.1.2.2/24 Host Configuration procedure In this example, the CA runs Windows Server and has the SCEP add-on installed. Configure the device (HTTPS server): # Create PKI entity en and set entity parameters. <Device>...
  • Page 78 # Create certificate-based access control policy myacp. Configure a certificate access control rule that uses the matching criteria in certificate attribute group mygroup1. [Device] pki certificate access-control-policy myacp [Device-pki-cert-acp-myacp] rule 1 permit mygroup1 [Device-pki-cert-acp-myacp] quit # Associate SSL server policy myssl with the HTTPS service. [Device] ip https ssl-server-policy myssl # Use certificate-based access control policy myacp to control HTTPS access.

  • Page 79: Accessing The Device Through Snmp

    Accessing the device through SNMP You can run SNMP on an NMS to access the device MIB and perform Get and Set operations to manage and monitor the device. Figure 15 SNMP access diagram Get/Set requests Get/Set responses Agent and Traps The device supports SNMPv1, SNMPv2c, and SNMPv3, and can cooperate with various network management software products.

  • Page 80: Configuring Restful Access

    Configuring RESTful access The device provides the Representational State Transfer application programming interface (RESTful API). Based on this API, you can use programming languages such as Python, Ruby, or Java to write programs to perform the following tasks: • Send RESTful requests to the device to pass authentication. •...
  • Page 81 Step Command Remarks Create a local user and enter local-user user-name [ class By default, no local user is local user view. manage ] configured. • In non-FIPS mode: The password is saved in hashed password [ { hash | simple } form.

  • Page 82: Controlling User Access To The Device

    Controlling user access to the device Use ACLs to prevent unauthorized access, and configure command authorization and accounting to monitor and control user behavior. For more information about ACLs, see ACL and QoS Configuration Guide. FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode.

  • Page 83: Configuration Example

    Step Command Remarks By default, logging is disabled for SSH login attempts that are (Optional.) Enable denied by the SSH login control logging for SSH login ACL. attempts that are ssh server acl-deny-log enable denied by the SSH For more information about this login control ACL.

  • Page 84: Configuring Source Ip-Based Web Login Control

    Configuring source IP-based Web login control Web login requests contain usernames and passwords. For security purposes, the device always uses HTTPS to transfer Web login requests. Only users that are permitted by the following ACLs can access the device through HTTP: •...

  • Page 85: Controlling Snmp Access

    # Apply the ACL to the HTTP service so only a Web user on Host B can access the device. [Sysname] ip http acl 2030 Controlling SNMP access Use a basic ACL (2000 to 2999) to control SNMP access by source IP address. To access the requested MIB view, an NMS must use a source IP address permitted by the ACL.

  • Page 86: Configuration Example

    Step Command Remarks In non-FIPS mode: snmp-agent group v3 group-name [ authentication | privacy ] [ read-view view-name ] [ write-view view-name ] [ notify-view view-name ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name Create an ipv6-acl-name } ] * SNMPv3 group,...

  • Page 87: Configuring Command Authorization

    Figure 18 Network diagram Host A 10.110.100.46 IP network Device Host B 10.110.100.52 Configuration procedure # Create an ACL to permit packets sourced from Host A and Host B. <Sysname> system-view [Sysname] acl basic 2000 match-order config [Sysname-acl-ipv4-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-ipv4-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-ipv4-basic-2000] quit # Associate the ACL with the SNMP community and the SNMP group.

  • Page 88: Configuration Example

    Step Command Remarks A setting in user line view applies only to • the user line. A setting in user line class Enter user line view: view applies to all user lines of the class. line { first-number1 [ last-number1 ] | { aux | A non-default setting in either view takes console | vty } precedence over a default setting in the...
  • Page 89 Figure 19 Network diagram HWTACACS server 192.168.2.20/24 IP network Device Host A Configuration procedure # Assign IP addresses to relevant interfaces. Make sure the device and the HWTACACS server can reach each other. Make sure the device and Host A can reach each other. (Details not shown.) # Enable the Telnet server.

  • Page 90: Configuring Command Accounting

    [Device-luser-manage-monitor] authorization-attribute user-role level-1 Configuring command accounting Command accounting uses the HWTACACS server to record all executed commands to monitor user behavior on the device. If command accounting is enabled but command authorization is not, every executed command is recorded. If both command accounting and command authorization are enabled, only authorized commands that are executed are recorded.

  • Page 91: Configuration Example

    Step Command Remarks By default, command accounting is disabled. The accounting server does not record the commands executed by users. If the command accounting command is Enable command configured in user line class view, command accounting accounting. command accounting is enabled on all user lines in the class.
  • Page 92 [Device-line-vty0-63] quit # Create HWTACACS scheme tac. [Device] hwtacacs scheme tac # Configure the scheme to use the HWTACACS server at 192.168.2.20:49 for accounting. [Device-hwtacacs-tac] primary accounting 192.168.2.20 49 # Set the shared key to expert. [Device-hwtacacs-tac] key accounting simple expert # Remove domain names from usernames sent to the HWTACACS server.

  • Page 93: Configuring Ftp

    Configuring FTP File Transfer Protocol (FTP) is an application layer protocol for transferring files from one host to another over an IP network. It uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959. FTP is based on the client/server model.

  • Page 94: Configuring Authentication And Authorization

    Step Command Remarks (Optional.) Use an ACL to ftp server acl By default, no ACL is used for access control access to the FTP { ipv4-acl-number | ipv6 control. server. ipv6-acl-number } (Optional.) Enable logging By default, logging is disabled for FTP for FTP login attempts that ftp server acl-deny-log login attempts that are denied by the...

  • Page 95: Manually Releasing Ftp Connections

    For information about configuring authentication and authorization, see Security Configuration Guide. Manually releasing FTP connections Execute the following commands in user view. Task Command • Release the FTP connection established by using a specific user account: Manually release FTP free ftp user username connections.
  • Page 96 # Assign the network-admin user role to the user. Set the working directory to the root directory of the flash memory on the active MPU. (To set the working directory to the root directory of the flash memory on the standby MPU, replace flash:/ with slot1#flash:/.) [Sysname-luser-abc] authorization-attribute user-role network-admin work-directory flash:/ # Assign the service type FTP to the user.

  • Page 97: Ftp Server Configuration Example In Irf Mode

    FTP server configuration example in IRF mode Network requirements • Configure the IRF fabric as an FTP server. • Create a local user account named abc on the FTP server. Set the password to 123456. • Use the user account to log in to the FTP server from the FTP client. •...

  • Page 98: Using The Device As An Ftp Client

    User(1.1.1.1:(none)):abc 331 Password required for abc. Password: 230 User logged in. # Use the ASCII mode to download configuration file config.cfg from the server to the client for backup. ftp> ascii 200 TYPE is now ASCII ftp> get config.cfg back-config.cfg # Use the binary mode to upload the temp.bin file to the root directory of the flash memory on the global active MPU.

  • Page 99: Managing Directories On The Ftp Server

    Step Command Remarks Enter system view. system-view (Optional.) Specify the By default, no source IPv6 ftp client ipv6 source { interface source IPv6 address for address is specified. The source interface-type interface-number | ipv6 FTP packets sent by the address is automatically selected source-ipv6-address } FTP client.

  • Page 100: Changing To Another User Account

    Use the lcd command to change the local working directory of the FTP client. You can upload the file or save the downloaded file in this directory. Upload or download the file. To work with files on an FTP server, execute the following commands in FTP client view: Task Command Remarks...

  • Page 101: Maintaining And Troubleshooting The Ftp Connection

    Maintaining and troubleshooting the FTP connection Perform the following tasks in FTP client view: Task Command Remarks Display FTP commands on the FTP rhelp server. Display FTP commands help rhelp protocol-command information on the FTP server. Display FTP server status. rstatus Display detailed information about a rstatus remotefile...

  • Page 102: Ftp Client Configuration Example In Standalone Mode

    FTP client configuration example in standalone mode Network requirements As shown in Figure 24, the PC is acting as an FTP server. A user account with the username abc and password 123456 has been created on the PC. • Use the device as an FTP client to log in to the FTP server. •...

  • Page 103: Ftp Client Configuration Example In Irf Mode

    200 TYPE is now ASCII ftp> put startup.cfg back-startup.cfg local: startup.cfg remote: back-startup.cfg 150 Connecting to port 47461 226 File successfully transferred 3494 bytes sent in 5.646 seconds (618.00 kbyte/s) ftp> bye 221-Goodbye. You uploaded 2 and downloaded 2 kbytes. 221 Logout.
  • Page 104 # Set the file transfer mode to binary. ftp> binary 200 TYPE is now 8-bit binary # Download the temp.bin file from the PC to the root directory of the flash memory on the global active MPU. ftp> get temp.bin local: temp.bin remote: temp.bin 150 Connecting to port 47457 226 File successfully transferred...

  • Page 105: Configuring Tftp

    Configuring TFTP Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for data transmission. In contrast to TCP-based FTP, TFTP does not require authentication or complex message exchanges, and is easier to deploy. TFTP is suited for reliable network environments.

  • Page 106: Configuring The Device As An Ipv6 Tftp Client

    Configuring the device as an IPv6 TFTP client Step Command Remarks Enter system view. system-view (Optional.) Use an ACL to tftp-server ipv6 acl By default, no ACL is used for control the client's access to ipv6-acl-number access control. TFTP servers. tftp client ipv6 source By default, no source IPv6 Specify the source IPv6...

  • Page 107: Managing File Systems

    Managing file systems Overview File systems The device supports the flash memory, CF card, and USB disk. • The flash memory has one file system. • The CF card and USB disk can be partitioned. An unpartitioned storage medium has one file system.

  • Page 108: Directories

    Directories Directories in a file system are structured in a tree form. Root directory The root directory is represented by a forwarding slash (/). For example, flash:/ represents the root directory of the flash memory. Working directory The working directory is also called the current directory. In standalone mode, the default working directory is the root directory of the flash memory on the active MPU.

  • Page 109: Specifying A Directory Name Or File Name

    Hidden files and directories Some system files and directories are hidden. For correct system operation and full functionality, do not modify or delete hidden files or directories. Specifying a directory name or file name Specifying a directory name To specify a directory, you can use the absolute path or a relative path. For example, the working directory is flash:/.

  • Page 110: Managing Storage Media And File Systems

    • Creating, deleting, starting, or stopping an MDC. If you remove a storage medium while a directory or file on the medium is being accessed, the device might not recognize the medium when you reinstall it. To reinstall this kind of storage medium, perform one of the following tasks: •...

  • Page 111: Mounting Or Unmounting A File System

    info-center logfile directory command to change the directory to avoid log loss. For more information about this command, see Network Management and Monitoring Command Reference. Configuration procedure Perform this task in user view. Task Command Remarks By default, a CF card or USB disk has only one partition (cfa0: or usba0:).

  • Page 112: Repairing A File System

    Perform this task in user view. Task Command format filesystem Format a file system. Repairing a file system If part of a file system is inaccessible, use this task to examine and repair the file system. You can repair a file system only when no other users are accessing the file system. Perform this task in user view.

  • Page 113: Renaming A Directory

    Task Command mkdir directory Create a directory. Renaming a directory Perform this task in user view. Task Command rename source-directory dest-directory Rename a directory. Archiving or extracting directories When you archive or extract directories or display archived directories, files in the directories are also archived, extracted, or displayed.

  • Page 114: Managing Files

    Step Command Remarks The default mode is alert. Set the operation mode for file prompt { alert | quiet } This command also sets the directories. operation mode for files. Managing files You can create a file by copying a file, downloading a file, or using the save command. For more information about downloading a file, see "Configuring FTP"...

  • Page 115: Moving A File

    Moving a file Perform this task in user view. Task Command Move a file. move source-file { dest-file | dest-directory } Compressing or decompressing a file Perform the following tasks in user view: Task Command Compress a file. gzip file gunzip file Decompress a file.

  • Page 116: Deleting Files From The Recycle Bin

    Deleting files from the recycle bin Each file system has a recycle bin of its own. A recycle bin is a folder named .trash in the root directory of a file system. To view which files or directories are in a recycle bin, use either of the following methods: •...

  • Page 117: Managing Configuration Files

    Managing configuration files Overview You can manage configuration files from the CLI or the BootWare menu. The following information explains how to manage configuration files from the CLI. A configuration file saves a set of commands for configuring software features on the device. You can save any configuration to a configuration file so the configuration can survive a reboot.

  • Page 118: Next-Startup Configuration File Redundancy

    Running configuration The running configuration includes unchanged startup settings and new settings. The running configuration is stored in memory and is cleared at a device reboot or power off. To use the running configuration after a power cycling or reboot, save it to a configuration file. To display the running configuration, use the display current-configuration command.

  • Page 119: Fips Compliance

    • Two adjacent sections are separated by a pound sign (#). • The configuration file ends with the word return. The following is a sample configuration file excerpt: local-user root class manage password hash $h$6$Twd73mLrN8O2vvD5$Cz1vgdpR4KoTiRQNE9pg33gU14Br2p1VguczLSVyJLO2huV5Syx/LfDIf8ROLtV ErJ/C31oq2rFtmNuyZf4STw== service-type ssh telnet terminal authorization-attribute user-role network-admin authorization-attribute user-role network-operator interface Vlan-interface1...

  • Page 120: Saving The Running Configuration

    The main next-startup configuration file. The backup next-startup configuration file if the main next-startup configuration file is unavailable. If both the main and backup next-startup configuration files are unavailable, the system displays a message indicating that no next-startup configuration files exist. To compare configurations for their differences in any view: Task Command...

  • Page 121: Using Different Methods To Save The Running Configuration

    After the member device rejoins the IRF fabric, execute the display current-configuration command to verify that the member device's settings have been restored from memory to the running configuration. Save the running configuration to the next-startup configuration file on the IRF fabric. IMPORTANT: To ensure a successful configuration restoration, make sure the IRF fabric has not rebooted after the member device left.

  • Page 122: Configuring Configuration Rollback

    Task Command Remarks Save the running configuration to save file-url [ all | chassis a configuration file without chassis-number slot specifying the file as a slot-number ] next-startup configuration file. Make sure you save the configuration to a file in the root directory of the storage medium.

  • Page 123: Setting Configuration Archive Parameters

    Setting configuration archive parameters Before archiving the running configuration, either manually or automatically, you must set a file directory and file name prefix for configuration archives. (In standalone mode.) The configuration archive feature saves the running configuration only on the active MPU.

  • Page 124: Enabling Automatic Configuration Archiving

    Enabling automatic configuration archiving Make sure you have set an archive path and file name prefix before performing this task. To enable automatic configuration archiving: Step Command Remarks Enter system view. system-view By default, automatic configuration archiving is disabled. Enable automatic archive configuration interval To display configuration configuration archiving and...

  • Page 125: Configuring Configuration Commit Delay

    The configuration rollback feature might fail to reconfigure some commands in the running configuration for one of the following reasons: • A command cannot be undone because prefixing the undo keyword to the command does not result in a valid undo command. For example, if the undo form designed for the A [B] C command is undo A C, the configuration rollback feature cannot undo the A B C command.

  • Page 126: Backing Up The Main Next-Startup Configuration File To A Tftp Server

    Alternatively, you can execute the startup saved-configuration cfgfile [ backup | main ] command to specify a .cfg configuration file as the main or backup next-startup configuration file. When you perform this task, follow these restrictions and guidelines: • (In standalone mode.) Make sure the specified configuration file is valid and has been saved to the root directory of a storage medium on both the active and standby MPUs.

  • Page 127: Restoring The Main Next-Startup Configuration File From A Tftp Server

    Restoring the main next-startup configuration file from a TFTP server Perform this task to download a configuration file to the device from a TFTP server and specify the file as the main next-startup configuration file. Before restoring the main next-startup configuration file, make sure the following requirements are met: •...

  • Page 128: Displaying And Maintaining Configuration Files

    Task Command Remarks If you do not specify the backup reset saved-configuration Delete a next-startup or main keyword, this command configuration file. [ backup | main ] deletes the main next-startup configuration file. Displaying and maintaining configuration files Execute display commands in any view and reset commands in user view. Task Command Display configuration archive...

  • Page 129: Upgrading Software

    Upgrading software Overview Software upgrade enables you to add new features and fix bugs. This chapter describes types of software and methods to upgrade software from the CLI without using ISSU. For a comparison of all software upgrade methods, see "Upgrade methods."...

  • Page 130: System Startup Process

    In this procedure, both the main and backup image lists have feature and patch images. If an image list does not have feature or patch images, the system starts up with the boot and system images after they pass verification. If both the main and backup boot images are nonexistent or invalid, access the BootWare menu during the system startup to upgrade software.

  • Page 131: Upgrade Methods

    Figure 29 System startup process Start BootWare runs Enter BootWare Press Ctrl+B menus to upgrade promptly? BootWare or startup software images Startup software images System starts up Upgrade methods Upgrading method Software types Remarks • BootWare image Upgrading from the CLI This method is disruptive.

  • Page 132: Upgrade Restrictions And Guidelines

    Upgrade restrictions and guidelines The device can start up from the built-in flash memory, CF card, or the USB disk. As a best practice, store the startup images in the built-in flash memory or CF card. If you store the startup images on the USB disk, do not remove the USB disk during the startup process.

  • Page 133: Preloading The Bootware Image To Bootware

    Preloading the BootWare image to BootWare Task Command Remarks In standalone mode: bootrom update file file slot Specify the downloaded software slot-number-list Load the upgrade BootWare image file for the file argument. image to the Normal area of In IRF mode: The new BootWare image takes BootWare.

  • Page 134: Specifying Startup Images And Completing The Upgrade (In Irf Mode)

    Step Command Remarks When you use method 2, make sure you • Method 1: understand the following requirements and Use an .ipe file for  upgrade results: upgrade: • If an ISSU upgrade has been performed, boot-loader file use the install commit command to ipe-filename { all | update the main startup images on the slot slot-number }...

  • Page 135: Enabling Software Synchronization From The Active Mpu To The Standby Mpu At Startup

    Step Command Remarks • Use an .ipe file for upgrade: boot-loader file ipe-filename { all | chassis chassis-number Upgrade files must be saved in the root slot slot-number } directory of a file system on the global active Specify main or { backup | main } MPU.

  • Page 136: Displaying And Maintaining Software Image Settings

    command. For more information about software auto-update, see Virtual Technologies Configuration Guide. When the standby MPU starts up, this feature examines its startup software images for version inconsistency with the current software images on the active MPU. If the software versions are different, the standby MPU performs the following operations: Copies the current software images of the active MPU.

  • Page 137: Software Upgrade Example (In Irf Mode)

    Figure 30 Network diagram TFTP server TFTP client 2.2.2.2/24 1.1.1.1/24 Internet Device Configuration procedure # Configure IP addresses and routes. Make sure the device and the TFTP server can reach each other. (Details not shown.) # Configure TFTP settings on both the device and the TFTP server. (Details not shown.) # Display information about the current software images.
  • Page 138 Figure 31 Network diagram Master Subordinate (Member ID = 1) (Member ID = 2) IRF link Internet 1.1.1.1/24 2.2.2.2/24 TFTP server Configuration procedure # Configure IP addresses and routes. Make sure the device and the TFTP server can reach each other.
  • Page 139 <Sysname> display version...

  • Page 140: Performing An Issu

    Performing an ISSU Unless otherwise stated, the term "upgrade" refers to both software upgrade and downgrade in ISSU. Overview The In-Service Software Upgrade (ISSU) feature upgrades software with a minimum amount of downtime. ISSU is implemented on the basis of the following design advantages: •...

  • Page 141: Issu Commands

    ISSU method Description CAUTION: The Reboot method disrupts service if hardware redundancy (MPU-, switching fabric-, or device-level) is not available. As a best practice, schedule the downtime Reboot carefully to minimize the upgrade impact on the services. The Reboot method reboots MPUs to complete the software upgrade. While one MPU is rebooting, the other MPUs can provide services.

  • Page 142: Preparing The Upgrade Images

    Preparing the upgrade images Use the dir command to verify that all MPUs have sufficient storage space for the upgrade images. Use the display mdc resource command to verify that all MDCs have sufficient storage space for the upgrade images. If the storage space is not sufficient, delete unused files by using the delete /unreserved file-url command.

  • Page 143: Determining The Upgrade Procedure

    Feature Setting requirements • Set the physical state change suppression interval to 0 on Ethernet interfaces so their physical state changes are immediately reported to the CPU. • Enable link-aggregation traffic redirection to ensure continuous traffic service. • Enable the IRF bridge MAC address to be permanent. •...

  • Page 144: Logging In To The Device Through The Console Port

    Logging in to the device through the console port Log in to the device through the console port after you finish all the preparation tasks and read all the ISSU guidelines. If you use Telnet or SSH, you might be disconnected from the device before the ISSU is completed. Saving the running configuration Use the save command to save the running configuration.

  • Page 145: Performing An Incompatible Upgrade

    Performing an incompatible upgrade Perform this task in user view. Step Command Remarks IMPORTANT: Because incompatible versions cannot run simultaneously, the • upgraded subordinate devices will be Use .bin image files: isolated and cannot forward traffic issu load file { boot filename | until a master/subordinate switchover system filename | feature Load the upgrade...

  • Page 146: Decompressing An .Ipe File

    Tasks at a glance Remarks This task updates the main startup image list with the changes. (Optional.) Committing software changes If service upgrade or file upgrade is performed, you must perform this task for the changes to take effect after a reboot. Perform this task to verify that the software changes (Optional.) Verifying software images...

  • Page 147: Uninstalling Feature Or Patch Images

    Installing or upgrading feature images Perform this task in user view. Step Command • In standalone mode: install activate feature filename&<1-30> slot slot-number (Optional.) Identify the ISSU test method and possible impact of the • In IRF mode: upgrade. install activate feature filename&<1-30> chassis chassis-number slot slot-number test •...

  • Page 148: Aborting A Software Activate/Deactivate Operation

    Task Command • In standalone mode: install deactivate patch filename slot slot-number • Deactivate patch images. In IRF mode: install deactivate patch filename chassis chassis-number slot slot-number Aborting a software activate/deactivate operation This task is available only for service upgrade or file upgrade performed through activate or deactivate operation.

  • Page 149: Displaying And Maintaining Issu

    Perform this task in user view. Task Command • In standalone mode: install remove [ slot slot-number ] { filename | inactive } • Delete inactive software images. In IRF mode: install remove [ chassis chassis-number slot slot-number ] { filename | inactive } Displaying and maintaining ISSU Standalone mode The commands in this section applies to devices in standalone mode.

  • Page 150: Troubleshooting Issu In Irf Mode

    Task Command Remarks display install committed [ chassis Display main startup chassis-number slot slot-number ] software images. [ verbose ] display install inactive [ chassis Display inactive software chassis-number slot slot-number ] images. [ verbose ] Display the software display install ipe-info ipe-filename images included in an .ipe file.

  • Page 151: Examples Of Using Issu Commands For Issu On A Dual-Member Irf Fabric

    Examples of using issu commands for ISSU on a dual-member IRF fabric Feature upgrade to a compatible version Upgrade requirements As shown in Figure 32, the IRF fabric has two members. Each member has one active MPU (slot 6) and one standby MPU (slot 7). Upgrade the feature1 feature from R0201 to R0202.
  • Page 152 flash:/system-r0201.bin flash:/feature1-r0201.bin Active packages on chassis 2 slot 7: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0201.bin # Identify the ISSU method and possible impact of the upgrade. <Sysname> display version comp-matrix file feature flash:/feature1-r0202.bin Verifying the file flash:/feature1-r0202.bin on Chassis 1 slot 6...Done. Feature image: flash:/feature1-r0202.bin Version: V700R001B45D002 Version Compatibility List:...
  • Page 153 [Sysname] interface gigabitethernet1/3/0/1 [Sysname-GigabitEthernet1/3/0/1] link-delay 0 mode updown [Sysname-GigabitEthernet1/3/0/1] quit [Sysname] interface gigabitethernet2/3/0/1 [Sysname-GigabitEthernet2/3/0/1] link-delay 0 mode updown [Sysname-GigabitEthernet2/3/0/1] quit [Sysname] quit # Upgrade the feature1 feature on the subordinate member. <Sysname> issu load file feature flash:/feature1-r0202.bin chassis 2 This operation will delete the rollback point information for the previous upgrade and maybe get unsaved configuration lost.

  • Page 154: Feature Upgrade To An Incompatible Version

    flash:/feature1-r0202.bin Running Version New Version Alpha 0201 Alpha 0202 Chassis Slot Upgrade Way Service Upgrade Service Upgrade Upgrading software images to compatible versions. Continue? [Y/N]: y This operation might take several minutes, please wait...Done. # Verify that both members are running the new feature image. <Sysname>...
  • Page 155 Figure 33 Network diagram Master Subordinate (Member_ID=1) (Member_ID=2) 1.1.1.1/24 GE1/3/0/1 GE2/3/0/1 Internet 2.2.2.2/24 TFTP server Note: The orange line represents an IRF connection. Upgrade procedure # Download the image file that contains the R0202 feature from the TFTP server. <Sysname> tftp 2.2.2.2 get feature1-r0202.bin % Total % Received % Xferd Average Speed...
  • Page 156 V700R001B45D002 Version Compatibility List: V700R001B45D002 Version Dependency System List: V700R001B45D001 V700R001B45D002 Incompatible upgrade. The output shows that the two versions are incompatible. The cards will be rebooted for the upgrade. # Enable link-aggregation traffic redirection. [Sysname] link-aggregation lacp traffic-redirect-notification enable # Enable the IRF bridge MAC address to be permanent.

  • Page 157: Examples Of Using Issu Commands For Issu On A Four-Member Irf Fabric

    Verifying the file flash:/feature1-r0202.bin on Chassis 1 slot 7...Done. Upgrade summary according to following table: flash:/feature1-r0202.bin Running Version New Version Alpha 0201 Alpha 0202 Chassis Slot Upgrade Way Reboot Reboot Upgrading software images to incompatible versions. Continue? [Y/N]: y This operation might take several minutes, please wait...Done. # Verify that both members are running the new feature image.
  • Page 158 Figure 34 Network diagram Master Subordinate Subordinate Subordinate (Member_ID=1) (Member_ID=3) (Member_ID=4) (Member_ID=2) GE3/3/0/1 GE2/3/0/1 1.1.1.1/24 GE1/3/0/1 GE4/3/0/1 Internet 2.2.2.2/24 TFTP server Note: The orange lines represent IRF connections. Upgrade procedure # Download the upgrade image file from the TFTP server. <Sysname>...
  • Page 159 flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 2 slot 7: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 3 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 3 slot 6: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 3 slot 7: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 4 slot 3:...
  • Page 160 Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade The output shows that service upgrade is recommended. The feature module will be rebooted during the upgrade. # Disable automatic rollback. <Sysname> system-view [Sysname] issu rollback-timer 0 # Enable link-aggregation traffic redirection. [Sysname] link-aggregation lacp traffic-redirect-notification enable # Enable the IRF bridge MAC address to be permanent.
  • Page 161 Service Upgrade Service Upgrade Service Upgrade Upgrading software images to compatible versions. Continue? [Y/N]:y This operation might take several minutes, please wait..Done. # Perform a main/backup feature process switchover. <Sysname> issu run switchover Upgrade summary according to following table: flash:/soft-version2.bin Running Version New Version None...
  • Page 162 Service Upgrade Service Upgrade Service Upgrade Upgrading software images to compatible versions. Continue? [Y/N]:y This operation might take several minutes, please wait..Done. <Sysname> issu commit chassis 4 Copying file flash:/soft-version2.bin to chassis4#slot6#flash:/soft-version2.bin ...Done. Verifying the file flash:/soft-version2.bin on chassis 4 slot 6...Done Copying file flash:/soft-version2.bin to chassis4#slot7#flash:/soft-version2.bin ...Done.

  • Page 163: Feature Upgrade To An Incompatible Version (Upgrading One Subordinate Member First)

    flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 3 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 3 slot 6: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 3 slot 7: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 4 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin...
  • Page 164 Figure 35 Network diagram Master Subordinate Subordinate Subordinate (Member_ID=1) (Member_ID=3) (Member_ID=4) (Member_ID=2) GE3/3/0/1 GE2/3/0/1 1.1.1.1/24 GE1/3/0/1 GE4/3/0/1 Internet 2.2.2.2/24 TFTP server Note: The orange lines represent IRF connections. Upgrade procedure # Download the upgrade image file from the TFTP server. <Sysname>...
  • Page 165 flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 2 slot 7: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 3 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 3 slot 6: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 3 slot 7: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 4 slot 3:...
  • Page 166 # Enable link-aggregation traffic redirection. [Sysname] link-aggregation lacp traffic-redirect-notification enable # Enable the IRF bridge MAC address to be permanent. [Sysname] irf mac-address persistent always # Set the physical state change suppression interval to 0 on the interfaces. [Sysname] interface gigabitethernet1/3/0/1 [Sysname-GigabitEthernet1/3/0/1] link-delay 0 mode updown [Sysname-GigabitEthernet1/3/0/1] quit [Sysname] interface gigabitethernet2/3/0/1...
  • Page 167 Verifying the file flash:/soft-version2.bin on chassis 1 slot 7...Done. Copying file flash:/soft-version2.bin to chassis3#slot6#flash:/soft-version2.bin ...Done. Verifying the file flash:/soft-version2.bin on chassis 3 slot 6...Done. Copying file flash:/soft-version2.bin to chassis3#slot7#flash:/soft-version2.bin ...Done. Verifying the file flash:/soft-version2.bin on chassis 3 slot 7...Done. Copying file flash:/soft-version2.bin to chassis4#slot6#flash:/soft-version2.bin ...Done.

  • Page 168: Feature Upgrade To An Incompatible Version (Upgrading Multiple Subordinate Members First)

    flash:/soft-version2.bin Active packages on chassis 2 slot 6: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 2 slot 7: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 3 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 3 slot 6: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 3 slot 7: flash:/cmw710-boot-test.bin...
  • Page 169 Figure 36 Network diagram Master Subordinate Subordinate Subordinate (Member_ID=1) (Member_ID=3) (Member_ID=4) (Member_ID=2) GE3/3/0/1 GE2/3/0/1 1.1.1.1/24 GE1/3/0/1 GE4/3/0/1 Internet 2.2.2.2/24 TFTP server Note: The orange lines represent IRF connections. Upgrade procedure # Download the upgrade image file from the TFTP server. <Sysname>...
  • Page 170 flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 2 slot 7: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 3 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 3 slot 6: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 3 slot 7: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 4 slot 3:...
  • Page 171 # Enable link-aggregation traffic redirection. [Sysname] link-aggregation lacp traffic-redirect-notification enable # Enable the IRF bridge MAC address to be permanent. [Sysname] irf mac-address persistent always # Set the physical state change suppression interval to 0 on the interfaces. [Sysname] interface gigabitethernet1/3/0/1 [Sysname-GigabitEthernet1/3/0/1] link-delay 0 mode updown [Sysname-GigabitEthernet1/3/0/1] quit [Sysname] interface gigabitethernet2/3/0/1...
  • Page 172 Chassis Slot Upgrade Way Reboot Reboot Reboot Reboot Reboot Reboot Reboot Reboot Reboot Upgrading software images to incompatible versions. Continue? [Y/N]:y This operation might take several minutes, please wait...Done. # Perform a master/subordinate switchover to upgrade the original master. The original master will reboot and join the new IRF fabric.

  • Page 173: Examples Of Using Install Commands For Issu On A Standalone Device

    flash:/soft-version2.bin Active packages on chassis 2 slot 6: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 2 slot 7: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 3 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 3 slot 6: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 3 slot 7: flash:/cmw710-boot-test.bin...
  • Page 174 Figure 37 Network diagram TFTP client TFTP server Internet 2.2.2.2/24 Device 1.1.1.1/24 Upgrade procedure # Download the .ipe file that contains the R0202 feature image from the TFTP server. <Sysname> tftp 2.2.2.2 get feature1-r0202.ipe % Total % Received % Xferd Average Speed Time Time...
  • Page 175 Verifying the file flash:/feature1-r0202.bin on slot 6...Done. Upgrade summary according to following table: flash:/feature1-r0202.bin Running Version New Version Alpha 0201 Alpha 0202 Slot Upgrade Way Service Upgrade Service Upgrade Influenced service according to following table on slot 6: flash:/feature1-r0202.bin feature1 The output shows that both MPUs need a service upgrade.

  • Page 176: Examples Of Using Install Commands For Issu On An Irf Fabric

    flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0202.bin Active packages on slot 7: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0202.bin # Commit the software changes. <Sysname> install commit This operation will take several minutes, please wait......Done. Examples of using install commands for ISSU on an IRF fabric Feature upgrade example Upgrade requirements As shown in Figure...
  • Page 177 <Sysname> install add flash:/feature1-r0202.ipe flash: Verifying the file flash:/feature1-r0202.ipe on chassis 1 slot 6...Done. Decompressing file feature1-r0202.bin to flash:/feature1-r0202.bin.......Done. # Display active software images. <Sysname> display install active Active packages on chassis 1 slot 6: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0201.bin Active packages on chassis 1 slot 7: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0201.bin...
  • Page 178 flash:/feature1-r0202.bin Running Version New Version Alpha 0201 Alpha 0202 Chassis Slot Upgrade Way Service Upgrade Influenced service according to following table on chassis 2 slot 6: flash:/feature1-r0202.bin feature1 <Sysname> install activate feature flash:/feature1-r0202.bin chassis 1 slot 7 test Copying file flash:/feature1-r0202.bin to chassis1#slot7#flash:/feature1-r0202.bin..Done.
  • Page 179 <Sysname> install activate feature flash:/feature1-r0202.bin chassis 2 slot 7 flash:/feature1-r0202.bin already exists on chassis 2 slot 7. Overwrite it?[Y/N]:y Copying file flash:/feature1-r0202.bin to chassis2#slot7#flash:/feature1-r0202.bin..Done. Verifying the file flash:/feature1-r0202.bin on chassis 2 slot 7...Done. Upgrade summary according to following table: flash:/feature1-r0202.bin Running Version New Version Alpha 0201...
  • Page 180 This operation might take several minutes, please wait......Done. <Sysname> install activate feature flash:/feature1-r0202.bin chassis 1 slot 6 Verifying the file flash:/feature1-r0202.bin on chassis 1 slot 6...Done. Upgrade summary according to following table: flash:/feature1-r0202.bin Running Version New Version Alpha 0201 Alpha 0202 Chassis Slot Upgrade Way...

  • Page 181: Using The Emergency Shell

    Using the emergency shell At startup, the device tries to locate and load the Comware startup software images. These images can include a boot image, a system image, feature images, and patch images. If the following requirements are met, the device enters emergency shell mode: •...

  • Page 182: Obtaining A System Image From An Ftp/Tftp Server

    Task Command Remarks To delete a directory, first delete all files Delete a directory. rmdir directory and subdirectories in the directory. Format a file system. format filesystem Obtaining a system image from an FTP/TFTP server If the required system image is saved on an FTP or TFTP server, configure the management Ethernet interface and obtain the system image as described in this section.

  • Page 183: Checking The Connectivity To A Server

    Step Command Remarks By default, no IPv6 address is Assign an IPv6 address to ipv6 address ipv6-address assigned to the management the interface. prefix-length Ethernet interface. By default, no IPv6 gateway is Specify an IPv6 gateway for ipv6 gateway ipv6-address specified for the management the interface.

  • Page 184: Loading The System Image

    Task Command telnet server-ipv4-address Telnet to an IPv4 server. ssh2 server-ipv4-address Use SSH to log in to an IPv4 server. Use FTP to download a file from or upload a file to ftp server-ipv4-address { get remote-file local-file | put an IPv4 server.

  • Page 185: Displaying Device Information In Emergency Shell Mode

    Displaying device information in emergency shell mode Execute display commands in any view. Task Command Display copyright information. display copyright Display software package information. display install package package Display management Ethernet interface information. display interface m-eth0 Display IPv4 routing information. display ip routing-table display ipv6 routing-table Display IPv6 routing information.
  • Page 186 HPE Comware Software, Version 7.1.070, Release 7557P01 Copyright (c) 2010-2017 Hewlett Packard Enterprise Development LP HPE 10504 uptime is 0 weeks, 0 days, 1 hour, 58 minutes Last reboot reason : Cold reboot Boot image: flash:/10500-CMW710-BOOT-R7557P01.bin Boot image version: 7.1.070, Release 7557P01 Compiled Mar 02 2016 16:00:00 …...
  • Page 187 Press ENTER to get started. After you press Enter, the following information appears: <System> <System>%Sep 23 18:29:59:777 2016 S58.59 SHELL/5/SHELL_LOGIN: TTY logged in from aux0.

  • Page 188: Using Automatic Configuration

    Using automatic configuration Overview When the device starts up without a valid next-startup configuration file, the device searches the root directory of its default file system for the autocfg.py, autocfg.tcl, and autocfg.cfg files. If any one of the files exists, the device loads the file. If none of the files exists, the device uses the automatic configuration feature to obtain a set of configuration settings.

  • Page 189: Configuring The File Server

    Tasks at a glance (Required.) Configuring the DHCP server (Optional.) Configuring the DNS server (Optional.) Configuring the gateway (Required.) Preparing the interface used for automatic configuration (Required.) Starting and completing automatic configuration Configuring the file server For devices to obtain configuration information from a TFTP server, start TFTP service on the file server.

  • Page 190: Configuring The Dhcp Server

    file. If no common configuration file is found when a TFTP file server is used, the device obtains and uses the default configuration file. Script files Script files can be used for automatic software upgrade and automatic configuration. The device supports Python scripts (.py files) and Tcl scripts (.tcl files).
  • Page 191 Configuring the DHCP server when an HTTP file server is used Step Command Remarks Enter system view. system-view Enable DHCP. dhcp enable By default, DHCP is disabled. Create a DHCP address By default, no DHCP address pool is dhcp server ip-pool pool-name pool and enter its view.

  • Page 192: Configuring The Dns Server

    Configuring the DNS server A DNS server is required in the following situations: • The TFTP server does not have a host name file. However, devices need to perform the following operations: Use their IP addresses to obtain their host names. ...

  • Page 193: Server-Based Automatic Configuration Examples

    For more information about the save command, see Fundamentals Command Reference. Server-based automatic configuration examples Automatic configuration using TFTP server Network requirements As shown in Figure 41, two departments of a company are connected to the network through gateways (Switch B and Switch C). Access devices Switch D, Switch E, Switch F, and Switch G do not have a configuration file.

  • Page 194: Enable Dhcp

    # Enable the DHCP server on VLAN-interface 2. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] dhcp select server [SwitchA-Vlan-interface2] quit # Configure address pool market to assign IP addresses on the 192.168.2.0/24 subnet to clients in the Marketing department. Specify the TFTP server, gateway, and configuration file name for the clients.
  • Page 195 [SwitchB-Vlan-interface3] dhcp relay server-address 192.168.1.42 Configure the gateway Switch C: # Create VLAN interfaces and assign IP addresses to the interfaces. <SwitchC> system-view [SwitchC] vlan 2 [SwitchC-vlan2] port gigabitethernet 1/0/3 [SwitchC-vlan2] quit [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] ip address 192.168.1.43 24 [SwitchC-Vlan-interface2] quit [SwitchC] vlan 3 [SwitchC-vlan3] port gigabitethernet 1/0/1...
  • Page 196 user-role network-admin return # On the TFTP server, create a configuration file named rd.cfg. sysname RD telnet server enable vlan 3 local-user rd password simple rd service-type telnet quit interface Vlan-interface3 ip address dhcp-alloc quit interface gigabitethernet 1/0/1 port access vlan 3 quit user-interface vty 0 63 authentication-mode scheme...

  • Page 197: Automatic Configuration Using Http Server And Tcl Script

    302e-3335-3131-2d56- 6c61-6e2d-696e-7465- 7266-6163-6531 192.168.3.3 3030-6530-2e66-6330- May 6 05:24:10 2013 Auto(C) 302e-3335-3135-2d56- 6c61-6e2d-696e-7465- 7266-6163-6532 Telnet to 192.168.2.2 from Switch A. <SwitchA> telnet 192.168.2.2 Enter username market and password market as prompted. (Details not shown.) You are logged in to Switch D or Switch E. Automatic configuration using HTTP server and Tcl script Network requirements As shown in...

  • Page 198: Automatic Configuration Using Http Server And Python Script

    local-user user password simple abcabc service-type telnet quit user-interface vty 0 63 authentication-mode scheme user-role network-admin quit interface gigabitethernet 1/0/1 port link-mode route ip address dhcp-alloc return # Start HTTP service software and enable HTTP service. (Details not shown.) Verifying the configuration Power on Switch A.
  • Page 199 Figure 43 Network diagram Device A DHCP server GE1/0/1 192.168.1.1 GE1/0/1 Switch A 192.168.1.40 HTTP server Configuration procedure Configure the DHCP server: # Enable DHCP. <DeviceA> system-view [DeviceA] dhcp enable # Configure address pool 1 to assign IP addresses on the 192.168.1.0/24 subnet to clients. [DeviceA] dhcp server ip-pool 1 [DeviceA-dhcp-pool-1] network 192.168.1.0 24 # Specify the URL of the script file for the clients.

  • Page 200: Automatic Irf Setup

    Automatic IRF setup Network requirements As shown in Figure 44, Switch A and Switch B do not have a configuration file. Configure the servers so the switches can obtain a Python script to complete their respective configurations and form an IRF fabric. Figure 44 Network diagram Device A HTTP server...
  • Page 201 File Content Remarks Python commands that complete the following tasks: (Optional.) Verify that the flash memory has sufficient space for the files to be downloaded. Download the configuration file and sn.txt. For more information about .py Python script file (Optional.) Download the software Python script configuration, see "Using Python."...
  • Page 202 Auto upgrade : yes Mac persistent : always Domain ID Auto merge : yes The output shows that the switches have formed an IRF fabric.

  • Page 203: Managing The Device

    Managing the device This chapter describes how to configure basic device parameters and manage the device. You can perform the configuration tasks in this chapter in any order. Device management task list Tasks at a glance (Required.) Configuring the device name (Required.) Configuring the system time (Optional.)

  • Page 204: Configuring The System Time

    Step Command Remarks Enter system view. system-view Configure the device name. sysname sysname The default device name is HPE. Configuring the system time Correct system time is essential to network management and communication. Configure the system time correctly before you run the device on the network. The system time is determined by the UTC time, the time zone, and the daylight saving time.

  • Page 205: Enabling Displaying The Copyright Statement

    Enabling displaying the copyright statement When displaying the copyright statement is enabled, the device displays the copyright statement in the following situations: • When a Telnet or SSH user logs in. • When a console user quits user view. This is because the device automatically tries to restart the user session.

  • Page 206: Configuration Procedure

    [System] header shell %Have a nice day.% • Multiline banner. A multiline banner can contain carriage returns. A carriage return is counted as two characters. To input a multiline banner, use one of the following methods: Method 1—Press Enter after the final command keyword, enter the banner as prompted, ...

  • Page 207: Setting The System Operating Mode

    Step Command Remarks By default, the device does not have a Configure the shell banner. header shell text shell banner. Setting the system operating mode The device can operate in one of the following modes: • advance—Advanced mode. • standard—Standard mode. In different operating modes, t he device supports different features, and might have different specifications for the supported features.

  • Page 208: Configuration Guidelines

    Configuration guidelines When you schedule a reboot, follow these guidelines: • In standalone mode, the automatic reboot configuration is canceled if an active/standby switchover occurs. • In IRF mode, the automatic reboot configuration is effective on all member devices. It will be canceled if a switchover between the global active MPU and a global standby MPU occurs.

  • Page 209: Configuration Procedure

    • A schedule cannot contain any of these commands: telnet, ftp, ssh2, and monitor process. • A schedule does not support user interaction. If a command requires a yes or no answer, the system always assumes that a Y or Yes is entered. If a command requires a character string input, the system assumes that either the default character string (if any) or a null string is entered.

  • Page 210: Schedule Configuration Example

    Step Command Remarks • Specify the execution date and time: time at time date • Specify the execution days and time: time once at time [ month-date month-day | week-day By default, no execution time is week-day&<1-7> ] specified for a schedule. •...
  • Page 211 [Sysname-job-shutdown-GigabitEthernet1/0/1] command 2 interface gigabitethernet 1/0/1 [Sysname-job-shutdown-GigabitEthernet1/0/1] command 3 shutdown [Sysname-job-shutdown-GigabitEthernet1/0/1] quit # Configure a job for enabling interface GigabitEthernet 1/0/1. [Sysname] scheduler job start-GigabitEthernet1/0/1 [Sysname-job-start-GigabitEthernet1/0/1] command 1 system-view [Sysname-job-start-GigabitEthernet1/0/1] command 2 interface gigabitethernet 1/0/1 [Sysname-job-start-GigabitEthernet1/0/1] command 3 undo shutdown [Sysname-job-start-GigabitEthernet1/0/1] quit # Configure a job for disabling interface GigabitEthernet 1/0/2.
  • Page 212 Job name: start-GigabitEthernet1/0/1 system-view interface GigabitEthernet 1/0/1 undo shutdown Job name: start-GigabitEthernet1/0/2 system-view interface GigabitEthernet 1/0/2 undo shutdown # Display the schedule information. [Sysname] display scheduler schedule Schedule name : START-pc1/pc2 Schedule type : Run on every Mon Tue Wed Thu Fri at 08:00:00 Start time : Wed Sep 28 08:00:00 2011 Last execution time...

  • Page 213: Disabling Password Recovery Capability

    --------------------------------- Job output ----------------------------------- <Sysname>system-view System View: return to User View with Ctrl+Z. [Sysname]interface GigabitEthernet 1/0/2. [Sysname-GigabitEthernet1/0/2]undo shutdown Job name : shutdown-GigabitEthernet1/0/1 Schedule name : STOP-pc1/pc2 Execution time : Wed Sep 28 18:00:00 2011 Completion time : Wed Sep 28 18:00:01 2011 --------------------------------- Job output ----------------------------------- <Sysname>system-view System View: return to User View with Ctrl+Z.
  • Page 214 Figure 46 Handling console login password loss Console login password lost Reboot the switch to access EXTENDED-BOOTWARE menu Password recovery capability enabled? Restore to Factory Default Skip Current System Skip Authentication Configuration Configuration for Console Login Reboot the switch Configure new passwords in system view Save the running configuration Table 15...

  • Page 215: Setting The Port Status Detection Timer

    Step Command Remarks Disable password recovery By default, password recovery undo password-recovery enable capability. capability is enabled. When password recovery capability is disabled, you cannot downgrade the software configuration of the device to a version that does not support the capability through the BootWare menus. You can do so at the CLI, but the configured BootWare menu password becomes effective again.

  • Page 216: Setting Memory Alarm Thresholds

    To monitor CPU usage in IRF mode: Step Command Remarks Enter system view. system-view monitor cpu-usage threshold Set the CPU usage cpu-threshold [ chassis The default CPU usage threshold threshold. chassis-number slot slot-number is 99%. [ cpu cpu-number ] ] monitor cpu-usage enable By default, CPU usage tracking is Enable CPU usage tracking.
  • Page 217 Notification Triggering condition Remarks After generating and sending a severe The amount of free memory alarm notification, the system does not space decreases to or below the Severe alarm notification generate and send any additional severe severe alarm threshold for the alarm notifications until the first severe first time.

  • Page 218: Configuring The Temperature Alarm Thresholds

    Step Command Remarks • In standalone mode: memory-threshold [ slot The defaults are as follows: slot-number [ cpu cpu-number ] ] • Minor alarm threshold—96 [ ratio ] minor minor-value severe severe-value critical critical-value • normal normal-value Severe alarm threshold—64 Set the free-memory •...

  • Page 219: Specifying An Operating Mode And A Proxy Mode For A Service Module

    Table 17 Default load sharing modes for service modules Service modules Default load sharing mode OAA modules source-ip • EC interface module LSUM1CGC2EC0 (JH196A, JH204A) flexible • SE interface module LSU1CGC2SE0 (JG916A) • EA interface modules • EB interface modules •...
  • Page 220 Table 18 Service module operating modes Recommended application Operating mode Feature highlights scenario Uses the default MAC address table normal Common networks. and routing table. Increases the MAC address table size bridging to provide higher Layer 2 packet A large MAC address table is required. forwarding performance.
  • Page 221 Mode Specifications Routing (IPv4)—16K Routing (IPv6)—8K ARP (NNI)—16K MAC—32K ipv6 Routing (IPv4)—16K Routing (IPv6)—64K Table 20 Table sizes on EB service modules in operating modes Mode Specifications ARP (NNI)—16K MAC—32K normal Routing (IPv4)—16K Routing (IPv6)—8K ARP (NNI)—16K bridging MAC—256K ARP (NNI)—16K routing Routing (IPv4)—256K Routing (IPv6)—8K...
  • Page 222 Mode Specifications • Routing (IPv6)—6K LSUM1CGC2EC0 (JH196A, JH204A): • ARP (UNI)—55K • ARP (NNI)—64K • MAC—256K bridging Other modules: • ARP (UNI)—170K • ARP (NNI)—64K • MAC—256K LSUM1CGC2EC0 (JH196A, JH204A): • ARP (UNI)—55K • ARP (NNI)—64K • Routing (IPv4)—192K • Routing (IPv6)—6K routing Other modules:...
  • Page 223 Mode Specifications ARP (NNI)—8K MAC—32K Routing (IPv4)—12K Routing (IPv6)—6K ARP (UNI)—8K ARP (NNI)—8K MAC—32K standard-ipv6 Routing (IPv4)—12K Routing (IPv6)—6K Table 23 Table sizes on SE service modules in operating modes Mode Specifications LSU1GP24TXSE0 (JC617A, JG376A), LSU1GT48SE0 (JC618A, JG377A), LSU1GP48SE0 (JC619A, JG378A), LSU1TGX4SE0 (JC620A, JG379A), LSU1GP24TSE0 (JC763A, JG347A), and LSU1TGS8SE0 (JC631A, JG389A): •...
  • Page 224 Mode Specifications Routing (IPv6)—8K ARP (NNI)—16K MAC—128K standard-ipv6 Routing (IPv4)—16K Routing (IPv6)—8K Table 25 Table sizes on SG service modules in operating modes Mode Specifications LSUM1TGS48SG0 (JH197A, JH205A): • ARP (UNI)—8K • ARP (NNI)—24K • MAC—288K bridging LSUM2QGS12SG0 (JH434A), LSUM2TGS48SG0 (JH433A),and LSUM2TGS32QSSG0 (JH432A),: •...

  • Page 225: About Proxy Modes For Service Modules

    Table 26 Default operating modes for service modules Service modules Default operating mode • EA, EB, EC, and SG interface modules • SE interface modules listed below: mix-bridging-routing LSUM2GP44TSSE0 (JH191A, JH199A) LSUM2GT48SE0 (JH192A, JH200A) • SC and SF interface modules •...

  • Page 226: Configuration Procedure

    If the new service module supports the specified operating mode and proxy mode, the new  service module operates in the specified operating mode and proxy mode. If the new service module does not support the specified operating mode, the new service ...

  • Page 227: Enabling The Port Down Feature Globally

    Step Command Remarks • In standalone mode: switch-mode { balance | bridging | enhance-bridging | ipv6 | By default, a service module mix-bridging-routing | normal | routing | does not operate in any proxy standard-ipv6 } [ adj-proxy-high | mode. adj-proxy-low | l3-proxy-high | route-proxy-high | route-proxy-low ] Specify an...

  • Page 228: Isolating A Switching Fabric Module

    Step Command • In standalone mode: set asset-info { chassis | fan fan-id | power power-id | slot slot-number } { csn csn-number | custom name value | department department | description description | location location | service-date Configure an asset date | state state } profile for a physical •...

  • Page 229: Suppressing Switching Fabric Module Removal Interrupt Signals

    Suppressing switching fabric module removal interrupt signals If a switching fabric module frequently sends incorrect removal interrupt signals, configure the interrupt signal suppression feature. By default, a switching fabric module sends removal interrupt signals before it is removed. After receiving the signals, the system switches the traffic on the module to another module to ensure service continuity.

  • Page 230: Enabling Hardware Failure Protection For Interfaces

    Enabling hardware failure protection for interfaces IMPORTANT: Before enabling hardware failure protection on an interface, make sure a backup link is available for service continuity. After you enable hardware failure protection on an interface, the system automatically shuts down the interface when it detects a hardware failure on the interface. An interface shut down this way is in Protect Down state.

  • Page 231: Enabling Data Forwarding Path Failure Detection

    Step Command Remarks By default, the system takes the Set the action to be taken in hardware-failure-detection action of warning (sending traps) response to failures on the forwarding isolate in response to forwarding-plane forwarding plane to isolate. failures. Enter Ethernet interface interface interface-type view.

  • Page 232: Diagnosing Transceiver Modules

    Task Command Remarks display transceiver interface Display the key parameters of transceiver modules. [ interface-type interface-number ] Display the electrical label display transceiver manuinfo This command cannot display information of transceiver interface [ interface-type information for some transceiver modules. interface-number ] modules.

  • Page 233: Restoring The Factory-Default Configuration

    This task is required in dense wavelength division multiplexing scenarios. To specify an ITU channel number for a transceiver module: Step Command Remarks Enter system view. system-view Enter Ethernet interface interface interface-type view. interface-number Specify an ITU channel By default, the ITU channel itu-channel channel-number number.
  • Page 234 Task Command display cpu-usage history [ job job-id ] [ slot Display historical CPU usage statistics in a chart. slot-number [ cpu cpu-number ] ] display device [ cf-card | flash ] [ slot slot-number | Display hardware information. verbose ] Display the electronic label information of the display device manuinfo [ slot slot-number ] device.

  • Page 235: Irf Mode

    Task Command Clear the startup software image upgrade history reset version-update-record records of the active MPU. Clear job execution log information. reset scheduler logfile IRF mode Task Command display alarm [ chassis chassis-number slot Display device alarm information. slot-number ] display asset-info chassis chassis-number { chassis | fan fan-id | power power-id | slot Display asset information.
  • Page 236 Task Command display memory [ summary ] [ chassis Display memory usage statistics. chassis-number slot slot-number [ cpu cpu-number ] ] display memory-threshold [ chassis chassis-number slot slot-number [ cpu Display memory alarm thresholds and statistics. cpu-number ] ] display power-supply [ chassis chassis-number ] Display power supply information.
  • Page 237 NOTE: • The display device command displays device information about the physical device, whether you execute the command on the default MDC or on a non-default MDC. • Executing one of the following commands on an MDC displays CPU or memory information for the MDC: display cpu-usage ...

  • Page 238: Using Tcl

    Using Tcl Comware 7 provides a built-in tool command language (Tcl) interpreter. From user view, you can use the tclsh command to enter Tcl configuration view to execute the following commands: • All Tcl 8.5 commands. • Comware commands. The Tcl configuration view is equivalent to the user view. You can use Comware commands in Tcl configuration view in the same way they are used in user view.

  • Page 239: Executing Comware Commands In Tcl Configuration View

    Executing Comware commands in Tcl configuration view Follow these restrictions and guidelines when you execute Comware commands in Tcl configuration view: • For Comware commands, you can enter ? to obtain online help or press Tab to complete an abbreviated command. For more information, see "Using the CLI."...

  • Page 240: Managing The System With Bootware

    Managing the system with BootWare BootWare provides a menu method for performing basic file operations, software upgrade, and system management. You can use this method when you cannot access the Comware CLI, for example, because of software image corruption. NOTE: Output in this document is for illustration only.

  • Page 241: Using The Basic-Bootware Menu On Lsu1Supb0 (Jg496A) Mpus

    Availability of some menu options depends on the password recovery capability setting. For more information about password recovery capability, see "Managing the device." Using the BASIC-BOOTWARE menu on LSU1SUPB0 (JG496A) MPUs To access the BASIC-BOOTWARE menu: Connect a configuration terminal to the console port of the device. Power on the device.

  • Page 242: Updating The Extended Bootware Segment

    For faster file transfer, change the default baud rate to a higher value before downloading a software image file with XMODEM through the console port. To change the baud rate of the console port: Enter 1 in the BASIC-BOOTWARE menu. Enter your choice(0-5): 1 ===============================<BAUDRATE SET>=============================== |Note:'*'indicates the current baudrate...

  • Page 243: Running The Primary Extended Bootware Segment

    Running the primary extended BootWare segment To bootstrap the Comware software images with the primary extended BootWare segment, enter 4 in the BASIC-BOOTWARE menu. Enter your choice(0-5): 4 Booting Normal Extended BootWare The Extended BootWare is self-decompressing..Done. **************************************************************************** BootWare, Version 1.33 **************************************************************************** Compiled Date : Nov 20 2014...

  • Page 244: Using The Basic-Bootware Menu On Mpus Except Lsu1Supb0 (Jg496A)

    BootWare Size : 1536KB Flash Size : 500MB BASIC CPLD Version : 4.0 EXTENDED CPLD Version : 3.0 PCB Version : Ver.A BootWare Validating... Press Ctrl+B to access EXTENDED-BOOTWARE MENU... Using the BASIC-BOOTWARE menu on MPUs except LSU1SUPB0 (JG496A) To access the BASIC-BOOTWARE menu: Connect a configuration terminal to the console port of the device.

  • Page 245: Modifying Serial Port Parameters

    Modifying serial port parameters When using the console port to access the system, make sure the port parameters are consistent with the serial port settings on the configuration terminal. Port parameters include the baud rate, data bits, parity check, stop bits, flow control, and emulation. If the settings are inconsistent, communication will fail.

  • Page 246: Running The Primary Extended Bootware Segment

    Waiting ...CCCCC Download successfully! 329344 bytes downloaded! Updating Basic BootWare? [Y/N]Y Updating Basic BootWare....Done. Updating Extended BootWare? [Y/N]Y Updating Extended BootWare....Done. Running the primary extended BootWare segment To bootstrap the Comware software images with the primary extended BootWare segment, enter 4 in the BASIC-BOOTWARE menu.

  • Page 247: Using The Extended-Bootware Menu On Lsu1Supb0 (Jg496A) Mpus

    CPU Type : XLP208 Rev A2 CPU Clock Speed : 1000MHz Memory Type : DDR3 SDRAM Memory Size : 8192MB Memory Speed : 667MHz BootWare Size : 1536KB Flash Size : 4MB BootWare Validating... Press Ctrl+B to access EXTENDED-BOOTWARE MENU... Using the EXTENDED-BOOTWARE menu on LSU1SUPB0 (JG496A) MPUs To access the EXTENDED-BOOTWARE menu, press Ctrl+B within three seconds after the "Press...
  • Page 248 Enter < Storage Device Operation > to select device. ==========================<EXTENDED-BOOTWARE MENU>========================== |<1> Boot System |<2> Enter Serial SubMenu |<3> Enter Ethernet SubMenu |<4> File Control |<5> Restore to Factory Default Configuration |<6> Skip Current System Configuration |<7> BootWare Operation Menu |<8>...

  • Page 249: Running The Comware Software

    Option Task Reference Enable console login without authentication. This is a one-time operation and takes effect only for the first system <8> Skip Authentication for Skipping console login boot or reboot after you choose Console Login authentication this option. This option is not available if password recovery capability is disabled.

  • Page 250: Upgrading Comware Software Through The Console Port

    Upgrading Comware software through the console port You can upgrade the Comware software through the console port or modify the baud rate of the console port from the Serial submenu. To upgrade the Comware software through the console port from the Serial submenu: Enter 2 in the EXTENDED-BOOTWARE menu to access the Serial submenu.

  • Page 251: Upgrading Comware Software Through The Management Ethernet Port

    ============================================================================ Enter your choice(0-5):1 Enter an appropriate baud rate option. For example, enter 5 to set the baud rate to 115200 bps. For faster file transfer, change the default baud rate to a higher value before downloading Comware software with XMODEM through the console port. Enter 0 to return to the Serial submenu.
  • Page 252 Option Task Download Comware software images to the current storage medium as main images (the file attribute is set to M). <2> Update Main Image File As a result, the M file attribute of the original main images is removed. Download Comware software images to the current storage medium as backup images (the file attribute is set to B).
  • Page 253 Field Description Set a file name for saving the file in the current storage medium on the device. Target File Name By default, the target file name is the same as the source file name. Server IP Address Set the IP address of the FTP or TFTP server. Local IP Address Set the IP address of the device.

  • Page 254: Managing Files

    Managing files To change the type of a Comware software image, retrieve files, or delete files, enter 4 in the EXTENDED-BOOTWARE menu. ==========================<EXTENDED-BOOTWARE MENU>========================== |<1> Boot System |<2> Enter Serial SubMenu |<3> Enter Ethernet SubMenu |<4> File Control |<5> Restore to Factory Default Configuration |<6>...
  • Page 255 Mar/18/2013 09:59:13 N/A flash:/ifindex.dat 294388736 Aug/08/2014 11:27:50 M flash:/10500-cmw710-system-R7557| |p01.bin ============================================================================ NOTE: A maximum of 998 files can be displayed. Changing the file attribute of a Comware software image Comware software image file attributes include main (M) and backup (B). A Comware software image can have any combination of the M and B attributes.
  • Page 256 Enter your choice(0-2): Enter a number in the range of 1 to 2 to add a file attribute for the files. For example, enter 2 to assign the B attribute to the files. Enter your choice(0-2):2 Set the file attribute success! Deleting a file When a storage medium does not have sufficient space, you can delete unused files to free the storage space.

  • Page 257: Restoring The Factory-Default Configuration

    ============================================================================ Enter file No.: Enter the number of the file to copy. For example, enter 1. Enter file No: 1 The selected file is :flash:/logfile/logfile.log Choose copy dest device : ============================================================================ |NO. Device Name File System Total Size Available Space flash JFFS2 503808KB...

  • Page 258: Skipping The Configuration File At The Next Startup

    If password recovery capability is enabled, first disable the capability from the CLI, and then  reboot the device to access the EXTENDED-BOOTWARE menu. Password recovery capability is enabled. To perform this operation, first disable the password recovery capability using the undo password-recovery enable command in CLI.
  • Page 259 Table 35 BootWare Operation menu options Option Task <1> Backup Full BootWare Back up the BootWare image. <2> Restore Full BootWare Recover the BootWare image. <3> Update BootWare By Serial Update the BootWare from the console port. <4> Update BootWare By Ethernet Update the BootWare from the management Ethernet port.

  • Page 260: Skipping Console Login Authentication

    Option Task <3> Update Basic BootWare Upgrade the basic segment. Modify the baud rate of the console port. <4> Modify Serial Interface Parameter Perform this task before you perform any upgrade task. <0> Exit To Main Menu Return to the BootWare Operation menu. To upgrade the BootWare image through the management Ethernet port, enter 4 in the BootWare Operation menu.

  • Page 261: Managing Storage Media

    Figure 48 Skipping console login authentication Console login password lost Reboot the switch to access the EXTENDED-BOOTWARE menu Select Skip Authentication for Console Login Reboot the switch to enter user line view No password is required for console Execute the login, whether or not you save the quit command? running configuration.

  • Page 262: Using The Extended Assistant Menu

    Table 38 DEVICE CONTROL menu options Option Task Display all storage media on the MPU you are <1> Display All Available Nonvolatile Storage Device(s) working with. Set the current storage medium. All file <2> Set The Operating Device operations in BootWare menus are performed on the current storage medium.

  • Page 263: Using The Extended-Bootware Menu On Mpus Except Lsu1Supb0 (Jg496A)

    Table 39 Error messages Error message Description The start or end address is beyond the memory space or the end address is Invalid address. lower than the start address. The entered memory length is so great that the calculated end address is Invalid length beyond the memory space.
  • Page 264 ==========================<EXTENDED-BOOTWARE MENU>========================== |<1> Boot System |<2> Enter Serial SubMenu |<3> Enter Ethernet SubMenu |<4> File Control |<5> Restore to Factory Default Configuration |<6> Skip Current System Configuration |<7> BootWare Operation Menu |<8> Skip Authentication for Console Login |<9> Storage Device Operation |<0>...
  • Page 265 Option Task Reference Download files with FTP or TFTP Upgrading Comware software and upgrade the Comware <3> Enter Ethernet SubMenu through the management Ethernet software through the management port Ethernet port. • Display files on the current storage medium. • Set a software image file as the primary or backup startup <4>...

  • Page 266: Running The Comware Software

    Running the Comware software Comware software after completing operations, enter EXTENDED-BOOTWARE menu. Enter your choice(0-9): 1 Loading the main image files... Loading file flash:/10500-cmw710-system-R7557P01.bin ....................................Done. Loading file flash:/10500-cmw710-boot-R7557P01.bin......Done. Image file flash:/10500-cmw710-boot-R7557P01.bin is self-decompressing............Done. System image is starting... Line aux1 is available.
  • Page 267 Option Task Download Comware software images to the current storage medium as backup images (the file attribute is set to B). <3> Update Backup Image File As a result, the B file attribute of the original backup images is removed. <4>...

  • Page 268: Upgrading Comware Software Through The Management Ethernet Port

    Enter 1 in the EXTENDED-BOOTWARE menu to run the new software. Upgrading Comware software through the management Ethernet port You can upgrade the Comware software through the management Ethernet port from the Ethernet submenu. To upgrade Comware software through the management Ethernet port from the Ethernet submenu: Enter 3 in the EXTENDED-BOOTWARE menu to access the Ethernet submenu.
  • Page 269 ============================================================================ Protocol (FTP or TFTP) :ftp Load File Name : 10500.ipe Target File Name : 10500.ipe Server IP Address :192.168.2.79 Local IP Address :192.168.2.105 Subnet Mask :255.255.255.0 Gateway IP Address :192.168.2.105 FTP User Name :123 FTP User Password :*** Table 43 Setting Ethernet parameters for file transfer Field Description Press the dot (.), and then press Enter to clear the setting for a...

  • Page 270: Managing Files

    ............Done. Image file 10500-CMW710-SYSTEM-R7557P01.bin is self-decompressing... Saving file flash:/10500-CMW710-SYSTEM-R7557P01.bin ......................................................Done. Enter 0 in the Serial submenu to return to the EXTENDED-BOOTWARE menu. Enter 1 in the EXTENDED-BOOTWARE menu to run the new software. Managing files To change the type of a Comware software image, retrieve files, or delete files, enter 4 in the EXTENDED-BOOTWARE menu.
  • Page 271 ============================================================================ |NO. Size(B) Time Type Name 4577 Feb/19/2013 13:07:54 N/A flash:/labtop.cfg 141952 Feb/19/2013 13:07:54 N/A flash:/labtop.mdb 341547 Feb/20/2013 12:00:15 N/A flash:/logfile/logfile.log Jul/29/2014 16:32:27 N/A flash:/test.cfg 1681 Jul/29/2014 17:34:42 N/A flash:/vlan.txt 8299 Jul/29/2014 17:36:00 N/A flash:/test.txt 27708416 Jul/31/2014 09:27:30 M flash:/10500-CMW710-BOOT-R7557P0| |1.bin 208249856 Jul/31/2014 09:28:27 M flash:/10500-CMW710-SYSTEM-R7557|...
  • Page 272 You have selected: flash:/10500-CMW710-BOOT-R7557P01.bin flash:/10500-CMW710-SYSTEM-R7557P01.bin Modify the file attribute: ============================================================================ |<1>+Main |<2>+Backup |<0> Exit ============================================================================ Enter your choice(0-2): Enter a number in the range of 1 to 2 to add a file attribute for the files. For example, enter 2 to assign the B attribute to the files.

  • Page 273: Restoring The Factory-Default Configuration

    Copying a file Enter 5 in the FILE CONTROL submenu. Enter your choice(0-5): 5 'M' = MAIN 'B' = BACKUP 'N/A' = NOT ASSIGNED ============================================================================ |NO. Size(B) Time Type Name 141952 Feb/19/2013 13:07:54 N/A flash:/labtop.mdb 341547 Feb/20/2013 12:00:15 N/A flash:/logfile/logfile.log Jul/29/2014 16:32:27 N/A flash:/test.cfg 1681...

  • Page 274: Skipping The Configuration File At The Next Startup

    ==========================<EXTENDED-BOOTWARE MENU>========================== |<1> Boot System |<2> Enter Serial SubMenu |<3> Enter Ethernet SubMenu |<4> File Control |<5> Restore to Factory Default Configuration |<6> BootWare Operation Menu |<7> Skip Authentication for Console Login |<8> Storage Device Operation |<0> Reboot ============================================================================ Ctrl+Z: Access EXTENDED ASSISTANT MENU Ctrl+F: Format File System Enter your choice(0-8):5 Follow the system instruction to complete the task.

  • Page 275: Managing The Bootware Image

    Managing the BootWare image You can use the BootWare Operation menu to back up, recover, and upgrade the BootWare image. To access the BootWare Operation menu, enter 7 in the EXTENDED-BOOTWARE menu. Enter your choice(0-9): 7 =========================<BootWare Operation Menu>========================== |Note:the operating device is flash |<1>...
  • Page 276 Enter your choice(0-4):3 ====================<BOOTWARE OPERATION SERIAL SUB-MENU>==================== |<1> Update Full BootWare |<2> Update Extended BootWare |<3> Update Basic BootWare |<4> Modify Serial Interface Parameter |<0> Exit To Main Menu ============================================================================ Enter your choice(0-4):4 Table 45 BOOTWARE OPERATION SERIAL submenu options Option Task <1>...

  • Page 277: Skipping Console Login Authentication

    Skipping console login authentication IMPORTANT: • To perform this task, make sure password recovery capability is enabled. If the capability is disabled, you cannot perform this task. • Perform this task only if the switch has one MPU. If the switch has two MPUs, you cannot skip console login authentication.

  • Page 278: Managing Storage Media

    Figure 49 Skipping console login authentication Console login password lost Reboot the switch to access the EXTENDED-BOOTWARE menu Select Skip Authentication for Console Login Reboot the switch to enter user line view No password is required for console Execute the login, whether or not you save the quit command? running configuration.

  • Page 279: Using The Extended Assistant Menu

    Table 47 DEVICE CONTROL menu options Option Task <1> Display All Available Nonvolatile Display all storage media on the MPU you are working with. Storage Device(s) Set the current storage medium. All file operations in BootWare <2> Set The Operating Device menus are performed on the current storage medium.

  • Page 280: Bootware Shortcut Keys

    Table 48 Error messages Error message Description The start or end address is beyond the memory space or the end address is Invalid address. lower than the start address. The entered memory length is so great that the calculated end address is Invalid length beyond the memory space.

  • Page 281: Comware Software Upgrade Examples

    Comware software upgrade examples Using XMODEM to upgrade software through the console port In the EXTENDED-BOOTWARE menu, enter 2. The Serial submenu appears: ===========================<Enter Serial SubMenu>=========================== |Note:the operating device is flash |<1> Download Image Program To SDRAM And Run |<2> Update Main Image File |<3>...

  • Page 282: Using Tftp To Upgrade Comware Software Through The Management Ethernet Port

    If your terminal is running Windows 98, change the baud rate before closing the connection. If your terminal is running Windows 2000, you must close the connection before you can change the setting. Select an option as required. In this example, enter 2 to download Comware software to the current storage medium as the main image: Please Select File .
  • Page 283 To upgrade Comware software through the management Ethernet port: Connect the device to the intended TFTP server through the device's management Ethernet port and obtain the IP address of the intended TFTP server. Connect your terminal to the device's console port. You can use the same PC for the two purposes.

  • Page 284: Using Ftp To Upgrade Comware Software Through The Management Ethernet Port

    Enter your choice(0-5):2 In the Ethernet submenu, enter 2 to download the specified image file to the device. Loading......................................................Done. 227301376 bytes downloaded! Image file 10500-CMW710-BOOT-R7557P01.bin is self-decompressing... Saving file flash:/10500-CMW710-BOOT-R7557P01.bin ..................Done. Image file 10500-CMW710-SYSTEM-R7557P01.bin is self-decompressing... Saving file flash:/10500-CMW710-SYSTEM-R7557P01.bin ......

  • Page 285: Using Python

    Using Python Comware 7 provides a built-in Python interpreter that supports the following items: • Python 2.7 commands. • Python 2.7 standard API. • Comware 7 extended API. For more information about the Comware 7 extended API, see "Comware 7 extended Python API."...
  • Page 286 Figure 52 Network diagram TFTP server TFTP client 192.168.1.200/24 192.168.1.26/24 Internet Device Usage procedure # Use a text editor on the PC to configure Python script test.py as follows: #!usr/bin/python import comware comware.Transfer('tftp', '192.168.1.26', 'main.cfg', 'flash:/main.cfg') comware.Transfer('tftp', '192.168.1.26', 'backup.cfg', 'flash:/backup.cfg') comware.CLI('startup saved-configuration flash:/main.cfg main ;startup saved-configuration flash:/backup.cfg backup') # Use TFTP to download the script to the device.

  • Page 287: Comware 7 Extended Python Api

    Comware 7 extended Python API The Comware 7 extended Python API is compatible with the Python syntax. Importing and using the Comware 7 extended Python API To use the Comware 7 extended Python API, you must import the API to Python. Use either of the following methods to import and use the Comware 7 extended Python API: •...

  • Page 288: Usage Guidelines

    the commands used to enter the view. For example, you must enter ’system-view ;local-user test class manage’ to execute the local-user test class manage command. do_print: Specifies whether to output the execution result: • True—Outputs the execution result. This value is the default. •...

  • Page 289: Transfer Class

    Transfer class Transfer Use Transfer to download a file from a server. Syntax Transfer(protocol=‘’, host=‘’, source=‘’, dest=‘’, vrf=‘’,login_timeout=10, user=‘’, password=‘’) Parameters protocol: Specifies the protocol used to download a file: • ftp—Uses FTP. • tftp—Uses TFTP. • http—Uses HTTP. host: Specifies the IP address of the remote server. source: Specifies the name of the file to be downloaded from the remote server.

  • Page 290: Api Get_Self_Slot

    Examples # Download the test.cfg file from TFTP server 1.1.1.1 and get the error information from the operation. <Sysname> python Python 2.7.3 (default) [GCC 4.4.1] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import comware >>> c = comware.Transfer('tftp', '1.1.1.1', 'test.cfg', 'flash:/test.cfg', user='', password='') >>>...

  • Page 291: Api Get_Slot_Range

    Syntax get_standby_slot() Returns (In standalone mode.) A list object in the format of [[-1,slot-number]]. The slot-number indicates the slot number of a standby MPU. If the device does not have a standby MPU, [ ] is returned. (In IRF mode.) A list object in one of the following formats: •...

  • Page 292: Api Get_Slot_Info

    API get_slot_info get_slot_info Use get_slot_info to get information about a card. Syntax get_slot_info() Returns A dictionary object in the format of {'Slot': slot-number, 'Status': 'status', 'Chassis': chassis-number, 'Role': 'role', 'Cpu': CPU-number }. The slot-number argument indicates the slot number of the card. The status argument indicates the status of the card.

  • Page 293: Document Conventions And Icons

    Document conventions and icons Conventions This section describes the conventions used in the documentation. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional.

  • Page 294: Network Topology Icons

    Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 295: Support And Other Resources

    Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...

  • Page 296: Websites

    Websites Website Link Networking websites Hewlett Packard Enterprise Information Library for www.hpe.com/networking/resourcefinder Networking Hewlett Packard Enterprise Networking website www.hpe.com/info/networking Hewlett Packard Enterprise My Networking website www.hpe.com/networking/support Hewlett Packard Enterprise My Networking Portal www.hpe.com/networking/mynetworking Hewlett Packard Enterprise Networking Warranty www.hpe.com/networking/warranty General websites Hewlett Packard Enterprise Information Library www.hpe.com/info/enterprise/docs Hewlett Packard Enterprise Support Center...
  • Page 297 part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.

  • Page 298: Index

    Index Python extended API, Python extended API functions, Python extended API import, RBAC AAA authorization, archiving RBAC default user role, configuration archive, RBAC local AAA authentication user configuration archive parameters, configuration, configuration archiving (automatic), RBAC non-AAA authorization, file, RBAC user role local AAA authentication, file system directory, RBAC user role non-AAA authentication, running configuration (manual),...
  • Page 299 RBAC user role local AAA authentication, boot loader RBAC user role remote AAA authentication, software upgrade startup image file specification (in IRF mode), authorizing software upgrade startup image file specification (in standalone mode), FTP basic server authorization, BootWare login management command authorization, 78, 79 software upgrade image preload, login management user device access control,...
  • Page 300 display command output filtering, CLI interface type value, display command output line numbering, CLI string/text type argument value, display command output management, CLI undo command form, display command output save to file, command line interface. Use display command output viewing, ISSU, emergency shell file system management, ISSU command series,...
  • Page 301 encryption enable, emergency shell management Ethernet interface, file formats, FTP, FIPS compliance, FTP basic server parameters, format, FTP client (IRF mode), main next-startup configuration file backup, FTP client (standalone mode), main next-startup configuration file restoration, FTP server (IRF mode), FTP server (standalone mode), maintain, login management CLI configuration, management,...
  • Page 302 RBAC user role VPN instance policy, device factory-default configuration restore, software upgrade, file system, TFTP, RBAC default user role, console deleting login management CLI console authentication file, disable, file system directory, login management CLI console common line next-startup configuration file, settings, recycle bin file, login management CLI console password...
  • Page 303 emergency shell server connectivity check, RBAC temporary user role authorization, 28, 30 RBAC temporary user role authorization emergency shell system software image load, (HWTACACS authentication), RBAC temporary user role authorization emergency shell use, 172, 176 (RADIUS authentication), factory default configuration, RBAC user role assignment, 20, 25 file system format,...
  • Page 304 task scheduling, 199, 201 login management Telnet login authentication, temperature alarm threshold, sending removal interrupt signals before switching fabric module removal, transceiver module alarm traps, disabling sending removal interrupt signals before transceiver module diagnosis, 222, 223 switching fabric module removal, transceiver module ITU channel number, displaying transceiver module verification,...
  • Page 305 device data forwarding path failure detection, automatic configuration script file (server-based), device hardware failure protection compression, (aggregation group), configuration file content, device hardware failure protection (interface), configuration file difference comparison, configuration file format, login management Telnet server, configuration file formats, port-down function globally, configuration file management, RBAC default user role,...
  • Page 306 file copy, file system, file decompression, file deletion, automatic configuration file server configuration (server-based), file digest calculation, basic server parameters configuration, file extraction, client configuration (IRF mode), file information display, client configuration (standalone mode), file management, client connection establishment, file move, client display, file name specification, 100, 100...
  • Page 307 help software upgrade Comware image redundancy, CLI online help access, software upgrade Comware image type, history software upgrade Comware system image type, CLI history, CLI history buffered commands, software upgrade startup image file specification host (in IRF mode), automatic configuration host name file software upgrade startup image file specification (server-based), (in standalone mode),...
  • Page 308 ISSU feature compatible upgrade (issu issu commands (IRF mode), 142, 148 commands/IRF mode), 142, 148, 154, 159 maintaining, ISSU feature incompatible upgrade (issu methods, commands/IRF mode), patch image uninstall (install commands), ISSU feature status verification, restrictions, ISSU feature upgrade (install saving running configuration, commands)(standalone mode), software activate/deactivate (install commands),...
  • Page 309 file system, CLI console common line settings, logging in CLI console password authentication, ISSU console port, CLI console scheme authentication, login management CLI console authentication CLI local console port login, disable, CLI login authentication modes, login management CLI console common line CLI login display, settings, CLI login maintain,...
  • Page 310 configuration files, device transceiver module alarm traps, device management configuration, device transceiver module diagnosis, 222, 223 FTP connection, device transceiver module ITU channel number, ISSU, device transceiver module verification, 222, 222 login management CLI login, monitoring login management Web login, device CPU usage, management Ethernet interface configuration, mounting...
  • Page 311 automatic configuration gateway emergency shell system software image load, (server-based), automatic configuration start (server-based), enabling port-down function globally, file system, automatic configuration use (server-based), file system directories, file system directory management, configuration file difference comparison, file system directory name specification, configuring physical component asset profile, file system file management, file system file name specification,...
  • Page 312 ISSU software activate/deactivate (install RBAC user role rule configuration, commands), RBAC user role VLAN policy, ISSU software changes commit (install RBAC user role VPN instance policy, commands), software upgrade, ISSU software image (install commands), switching fabric module isolate, ISSU software image upgrade (install troubleshooting FTP connection, commands), network management...
  • Page 313 operating mode ISSU install commands (standalone mode), specifying operating mode for service module, ISSU issu commands (IRF mode), 142, 148 permitting specifying proxy mode for service module, RBAC permission assignment, RBAC user role assignment, outputting physical component asset profile, CLI display command output filtering, policy CLI display command output line numbering, RBAC interface access policy,...
  • Page 314 committing ISSU software changes (install configuring login management CLI console commands), common line settings, comparing configuration file differences, 110, configuring login management CLI console password authentication, completing software upgrade (in IRF mode), configuring login management CLI console scheme authentication, completing software upgrade (in standalone configuring login management CLI local console mode), port login,...
  • Page 315 configuring software upgrade, displaying text file content, controlling CLI output, 11, 11 editing CLI command line, controlling login management login (Telnet), enabling CLI redisplay of entered-but-not-submitted command, controlling login management logins (Telnet, enabling configuration archiving (automatic), SSH), enabling configuration encryption, controlling login management SNMP access, enabling device copyright statement display, enabling device data forwarding path failure...
  • Page 316 managing emergency shell file system, restoring main next-startup configuration file, managing file system directories, returning CLI user view, managing file system files, returning to CLI upper-level view from any view, managing file system+storage media, rolling back configuration file, managing FTP server directories, saving CLI display command output to file, monitoring device CPU usage, saving CLI running configuration,...
  • Page 317 using CLI command history buffered predefined user roles, commands, RADIUS authentication user configuration, using CLI command hotkey, resource access policies, 18, 24 using CLI undo command form, rule configuration restrictions, using emergency shell, settings display, using Python language, temporary user role authorization, using Tcl to configure the device, temporary user role authorization (HWTACACS verifying device transceiver module,...
  • Page 318 CLI command history buffered commands, FTP configuration, Representational State Transfer API. Use RESTful FTP server configuration (IRF mode), resource FTP server configuration (standalone mode), RBAC resource access policies, TFTP configuration, 96, 96 RESTful rule FIPS compliance, CLI command history buffering rules, login configuration (HTTP), RBAC command rule, login configuration (HTTPS),...
  • Page 319 Python extended API functions (get_slot_info), RBAC user role VPN instance policy, server Python extended API functions automatic configuration (HTTP server+Python (get_slot_range), script), Python extended API functions automatic configuration (HTTP server+Tcl script), (get_standby_slot), Python extended API functions (Transfer automatic configuration (IRF fabric setup), class), automatic configuration (server-based), 179, 184...
  • Page 320 SNMPv2 ISSU preparation, login management SNMP device access, ISSU procedure determination, SNMPv3 ISSU software image (install commands), login management SNMP device access, ISSU software image upgrade (install commands), software ISSU upgrade image preparation, emergency shell system software image load, methods, emergency shell system software image MPU synchronization, retrieval,...
  • Page 321 file system management, 98, 101 CLI display command output filtering, USB disk partition, CLI display command output line numbering, string type argument value (CLI), CLI display command output management, switching fabric module isolate, CLI display command output save to file, synchronizing CLI display command output viewing, software upgrade MPU,...
  • Page 322 device transceiver module diagnosis, 222, ISSU inactive software image removal (install commands), device transceiver module ITU channel ISSU install commands (IRF mode), number, ISSU install commands (standalone mode), device transceiver module verification, 222, ISSU issu commands (IRF mode), 142, 148 ISSU method identification, directory system file name specification, ISSU patch image (install commands),...
  • Page 323 login management Telnet login authentication disable, task login management Telnet login password device management task scheduling, 199, 201 authentication, login management Telnet login scheme automatic configuration (HTTP server+Tcl script), authentication, login management Telnet packet DSCP value, configuring the device, executing Comware commands, login management Telnet server device login, use, login management Telnet server enable,...
  • Page 324 emergency shell system software image user retrieval, FTP user account change, FIPS compliance, interface, See also user line IPv4 client configuration, interface login management Telnet VTY common IPv6 client configuration, line settings, threshold login management CLI user roles, device CPU usage, login management login control (Telnet), device memory alarm thresholds, login management login control (Telnet, SSH),...
  • Page 325 Python language, 276, 276 Tcl, verifying device transceiver modules, 222, 222 ISSU device operating status, ISSU feature status, ISSU software image (install commands), viewing CLI display command output, CLI system view entry from user view, CLI upper-level view return from any view, CLI user view return, CLI view hierarchy, VLAN...

Table of Contents