HP MSR Series Configuration Manual

Hide thumbs Also See for MSR Series:

Configuration manual (889 pages)

Command reference manual (684 pages)

Wan access configuration manual (293 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

Table of Contents

Quick Links

Summary of Contents for HP MSR Series

Page 1 HP MSR Router Series Fundamentals Configuration Guide(V5) Part number: 5998-8197 Software version: CMW520-R2513 Document version: 6PW106-20150808...
Page 2 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an...
Page 3: Table Of Contents
Contents Using the CLI ································································································································································ 1 Command conventions ····················································································································································· 1 Using the undo form of a command ······························································································································· 2 CLI views ············································································································································································ 2 Entering system view from user view ······················································································································ 3 Returning to the upper-level view from any view ·································································································· 3 ...
Page 4 Configuring the SSH server on the device ·········································································································· 41 Using the device to log in to an SSH server ······································································································· 43 Local login through the AUX port ································································································································· 43 Configuring none authentication for AUX login ································································································· 44 ...
Page 5 Enabling displaying the copyright statement ·············································································································· 87 Configuring banners ······················································································································································ 87 Banner message input modes ······························································································································ 87 Configuration procedure ······································································································································ 88 Configuring the maximum number of concurrent users ····························································································· 89 Configuring the exception handling method ··············································································································· 89 ...
Page 6 Displaying the contents of a file ························································································································· 113 Renaming a file ···················································································································································· 113 Copying a file ······················································································································································ 113 Moving a file ························································································································································ 113 Deleting/restoring a file ····································································································································· 113 Emptying the recycle bin ···································································································································· 114 Calculating the digest of a file ···························································································································...
Page 7 Deployment guidelines ········································································································································ 153 Enabling automatic configuration from a USB disk ························································································· 154 Support and other resources ·································································································································· 155 Contacting HP ······························································································································································ 155 Subscription service ············································································································································ 155 Related information ······················································································································································ 155 Documents ···························································································································································· 155 ...
Page 8: Using The Cli
Using the CLI At the command-line interface (CLI), you can enter text commands to configure, manage, and monitor your device. Figure 1 CLI example You can log in to the CLI in a variety of ways. For example, you can log in through the console port, or using Telnet or SSH.
Page 9: Using The Undo Form Of A Command
You are placed in user view immediately after you are logged in to the CLI. The user view prompt is <Device-name>, where the Device-name argument, representing the device hostname, defaults to HP and can be changed by using the sysname command. In user view, you can perform basic operations including display, debug, file management, FTP, Telnet, clock setting, and reboot.
Page 10: Entering System View From User View
Figure 3 CLI view hierarchy Entering system view from user view Task Command Enter system view from user view. system-view Returning to the upper-level view from any view Task Command Return to the upper-level view from any view. quit Executing the quit command in user view terminates your connection to the device. In public key code view, use the public-key-code end command to return to the upper-level view (public key view).
Page 11: Accessing The Cli Online Help
Accessing the CLI online help The CLI online help is context sensitive. You can enter a question mark at any prompt or in any position of a command to display all available options. To access the CLI online help, use one of the following methods: •...
Page 12: Entering A Command
Entering a command When you enter a command, you can use keys or hotkeys to edit the command line, or use abbreviated keywords or keyword aliases. Editing a command line Use the keys listed in Table 2 or the hotkeys listed in Table 3 to edit a command line.
Page 13: Configuring And Using Command Keyword Aliases
Configuring and using command keyword aliases The command keyword alias function allows you to replace the first keyword of a non-undo command or the second keyword of an undo command with your preferred keyword when you execute the command. For example, if you configure show as the alias for the display keyword, you can enter show in place of display to execute a display command.
Page 14 Step Command Remarks By default: • Ctrl+G is assigned the display current-configuration command. hotkey { CTRL_G | CTRL_L | • Ctrl+L is assigned the display ip Configure hotkeys. CTRL_O | CTRL_T | CTRL_U } routing-table command. command • Ctrl+O is assigned the undo debugging all command.
Page 15: Enabling Redisplaying Entered-But-Not-Submitted Commands
Hotkey Function Esc+P Moves the cursor up one line. This hotkey is available before you press Enter. Esc+< Moves the cursor to the beginning of the clipboard. Esc+> Moves the cursor to the ending of the clipboard. Enabling redisplaying entered-but-not-submitted commands The redisplay entered-but-not-submitted commands feature enables the system to display what you have typed (except Yes or No for confirmation) at the CLI when your configuration is interrupted by system output such as logs.
Page 16: Using The Command History Function
Using the command history function The system can automatically save successfully executed commands to the command history buffer for the current user interface. You can view them and execute them again, or set the maximum number of commands that can be saved in the command history buffer. A command is saved to the command history buffer in the exact format as it was entered.
Page 17: Pausing Between Screens Of Output
Pausing between screens of output If the output being displayed is more than will fit on one screen, the system automatically pauses after displaying a screen. By default, up to 24 lines can be displayed on a screen. To change the screen length, use the screen-length screen-length command.
Page 18 Table 6 Special characters supported in a regular expression Character Meaning Examples "^user" matches all lines beginning with "user". A ^string Matches the beginning of a line. line beginning with "Auser" is not matched. "user$" matches lines ending with "user". A line string$ Matches the end of a line.
Page 19 Character Meaning Examples [^16A] means to match a string containing any character except 1, 6 or A, and the matching string Matches a single character not can also contain 1, 6 or A, but cannot contain these contained within the brackets. three characters only.
Page 20: Configuring User Privilege And Command Levels
# Use | include Vlan in the display ip routing-table command to filter in route entries that contain Vlan. <Sysname> display ip routing-table | include Vlan Routing Tables: Public Destination/Mask Proto Cost NextHop Interface 192.168.1.0/24 Direct 0 192.168.1.42 Vlan999 Configuring user privilege and command levels To avoid unauthorized access, the device defines the user privilege levels and command levels in Table 7.
Page 21 Configuring a user privilege level for users through the AAA module Step Command Remarks Enter system view. system-view user-interface { first-num1 [ last-num1 ] Enter user interface view. | { aux | console | tty | vty } first-num2 [ last-num2 ] } By default, the authentication mode for VTY and AUX users is Specify the scheme...
Page 22 Step Command Remarks Configure the authentication For more information, see Security Required only for SSH users who type for SSH users as Configuration Guide. use public-key authentication. publickey. Enter system view. system-view user-interface { first-num1 Enter user interface view. [ last-num1 ] | vty first-num2 [ last-num2 ] } By default, the authentication Enable the scheme...
Page 23: Switching The User Privilege Level
ssh2 Establish a secure shell client connection super Set the current user priority level telnet Establish one TELNET connection tracert Trace route function # Configure the device to perform no authentication for Telnet users, and to authorize authenticated Telnet users to use level-0 and level- 1 commands. (Use no authentication mode only in a secure network environment.) <Sysname>...
Page 24 After the user logs in again, the user privilege restores to the original level. To avoid problems, HP recommends that administrators log in with a lower privilege level to view switch operating parameters, and switch to a higher level temporarily only when they must maintain the device.
Page 25 Step Command Remarks If local authentication is involved, this step is required. By default, a privilege level has no Configure the password for super password [ level user-level ] password. the user privilege level. { cipher | simple } password If no user privilege level is specified when you configure the command, the user privilege level defaults to...
Page 26: Changing The Level Of A Command
User privilege User interface level switching Information required for the Information required for the authentication authentication first authentication mode second authentication mode mode mode Password configured for the local privilege level on the device with the super password command. Password for privilege level Password configured for the switching configured on the local scheme...
Page 27 Task Command Remarks display clipboard [ | { begin | exclude | Display data in the clipboard. Available in any view. include } regular-expression ]...
Page 28: Login Overview
Login overview This chapter describes the available login methods and their configuration procedures. FIPS compliance Table 9 shows the support of devices for the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.
Page 29: Cli User Interfaces
Login method Configuration requirements To use SSH service, complete the following configuration tasks: • Enable the SSH server function and configure SSH attributes. • Assign an IP address to a Layer 3 interface and make sure the • Logging in through SSH interface and the SSH client can reach each other.
Page 30: User Interface Assignment
User interface assignment The device automatically assigns user interfaces to CLI login users, depending on their login methods. Each user interface can be assigned to only one user at a time. If no user interface is available, a CLI login attempt will be rejected. The maximum number of user interfaces varies by device. For a CLI login, the device always picks the lowest numbered user interface from the idle user interfaces available for the type of login.
Page 31: Logging In To The Cli
Logging in to the CLI By default, the first time you access the CLI you must log in through the console port. At the CLI, you can configure Telnet, SSH, or modem dial-in (through the AUX port) for remote access. Logging in through the console port for the first time To log in through the console port, make sure the console terminal has a terminal emulation program (for example, HyperTerminal in Windows XP).
Page 32 Figure 5 Connection description Figure 6 Specifying the serial port used to establish the connection...
Page 33: Configuring Console Login Control Settings
Power on the device and press Enter at the prompt. Figure 8 CLI At the default user view prompt <HP>, enter commands to configure the device or view the running status of the device. To get help, enter ?. Configuring console login control settings The following authentication modes are available for controlling console logins: None—Requires no authentication.
Page 34: Configuring None Authentication For Console Login
Table 13 Configuration required for different console login authentication modes Authentication Configuration tasks Reference mode "Configuring none Set the authentication mode to none for the console user None authentication for console interface. login" Enable password authentication on the console user "Configuring password interface.
Page 35: Configuring Password Authentication For Console Login
Figure 9 Accessing the CLI through the console port without authentication Configuring password authentication for console login Step Command Remarks Enter system view. system-view Enter console user interface user-interface console first-number view. [ last-number ] By default, you can log in to the Enable password device through the console port authentication-mode password...
Page 36 To make the command authorization or command accounting function take effect, apply an • HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the authorization server and other authorization parameters. • If the local authentication scheme is used, use the authorization-attribute level level command in local user view to set the user privilege level on the device.
Page 37 Step Command Remarks Optional. By default, command accounting is disabled. The accounting server does not record the commands executed by users. Command accounting allows the HWTACACS server to record all commands executed by users, regardless of command execution results. This function helps control Enable command command accounting and monitor user behaviors on the...
Page 38: Configuring Common Console User Interface Settings (Optional)
The next time you attempt to log in through the console port, you must provide the configured login username and password, as shown in Figure 1 Figure 11 Scheme authentication interface for console login Configuring common console user interface settings (optional) Some common settings configured for a console user interface take effect immediately and can interrupt the console login session.
Page 39 By default, the terminal display type is ANSI. The device supports two types of terminal display: ANSI and VT100. HP recommends that you set the display type of both the device and the terminal to VT100. If the device Specify the terminal display...
Page 40: Logging In Through Telnet
Step Command Remarks The default idle-timeout is 10 minutes. The system automatically terminates the user's connection if there is no information interaction Set the idle-timeout timer. idle-timeout minutes [ seconds ] between the device and the user within the idle-timeout time. Setting idle-timeout to 0 disables the idle-timeout function.
Page 41: Configuring None Authentication For Telnet Login
Table 15 Configuration required for different Telnet login authentication modes Authentication Configuration tasks Reference mode "Configuring none Set the authentication mode to none for the VTY user None authentication for Telnet interface. login" Enable password authentication on the VTY user "Configuring password interface.
Page 42: Configuring Password Authentication For Telnet Login
Figure 13 Telnetting to the device without authentication Configuring password authentication for Telnet login Step Command Remarks Enter system view. system-view Enable Telnet server. telnet server enable Enter one or multiple VTY user-interface vty first-number user interface views. [ last-number ] Enable password authentication-mode password authentication.
Page 43: Configuring Scheme Authentication For Telnet Login
Figure 14 Password authentication interface for Telnet login Configuring scheme authentication for Telnet login Follow these guidelines when you configure scheme authentication for Telnet login: To make the command authorization or command accounting function take effect, apply an • HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the authorization server and other authorization parameters.
Page 44 Step Command Remarks Optional. By default, command authorization is disabled. The commands available for a user only depend on the user privilege level. Enable command command authorization If command authorization is enabled, a authorization. command is available only if the user has the commensurate user privilege level and is authorized to use the command by the AAA scheme.
Page 45: Configuring Common Vty User Interface Settings (Optional)
Step Command Remarks Optional. Specify the command authorization-attribute level level of the local user. level By default, the command level is 0. Specify Telnet service for service-type telnet By default, no service type is specified. the local user. Exit to system view. quit Configure common "Configuring common...
Page 46 Step Command Remarks Enter one or multiple VTY user user-interface vty first-number interface views. [ last-number ] Optional. Enable the terminal service. shell By default, terminal service is enabled. Optional. By default, all the three protocols are supported. Enable the user interfaces to protocol inbound { all | pad | support PAD, Telnet, SSH, or all of In non-FIPS mode, the device...
Page 47: Using The Device To Log In To A Telnet Server
Using the device to log in to a Telnet server You can use the device as a Telnet client to log in to a Telnet server. If the server is located in a different subnet than the device, make sure the two devices have routes to reach each other. Figure 16 Telnetting from the device to a Telnet server To use the device to log in to a Telnet server: Step...
Page 48: Configuring The Ssh Server On The Device
Table 16 SSH server and client requirements Device role Requirements Assign an IP address to a Layer 3 interface, and make sure the interface and the client can reach each other. SSH server Configure the authentication mode and other settings. If the host operates as an SSH client, run the SSH client program on the host.
Page 49 Step Command Remarks Optional. By default, command authorization is disabled. The commands available for a user only depend on the user privilege level. Enable command command authorization If command authorization is authorization. enabled, a command is available only if the user has the commensurate user privilege level and is authorized to use the command by the AAA scheme.
Page 50: Using The Device To Log In To An Ssh Server
Step Command Remarks Set a password for the local password { cipher | simple } By default, no password is set. user. password Optional. Specify the command level of authorization-attribute level level the user. By default, the command level is 0. Specify SSH service for the By default, no service type is service-type ssh...
Page 51: Configuring None Authentication For Aux Login
Figure 19 AUX login diagram To control AUX logins, configure authentication and user privilege for AUX port users. By default, password authentication applies to AUX login, but no login password is configured. To allow AUX login, you must configure a password. The following are authentication modes available for controlling AUX logins: None—Requires no authentication and is insecure.
Page 52: Configuring Password Authentication For Aux Login
Step Command Remarks Configure common settings "Configuring common settings Optional. for AUX login. for AUX login (optional)." The next time you attempt to log in through the AUX port, you do not need to provide any username or password, as shown in Figure Figure 20 Accessing the CLI through the AUX port without authentication Configuring password authentication for AUX login...
Page 53: Configuring Scheme Authentication For Aux Login
Figure 21 Password authentication interface for AUX login Configuring scheme authentication for AUX login Follow these guidelines when you configure scheme authentication for AUX login: To make the command authorization or command accounting function take effect, apply an • HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the authorization server and other authorization parameters.
Page 54 Step Command Remarks Optional. By default, command authorization is disabled. The commands available for a user only depend on the user privilege Enable command level. command authorization authorization. If command authorization is enabled, a command is available only if the user has the commensurate user privilege level and is authorized to use the command by the AAA scheme.
Page 55: Configuring Common Settings For Aux Login (Optional)
Step Command Remarks Create a local user and enter local-user user-name local user view. Set a password for the local password { cipher | simple } By default, no password is set. user. password Optional. Specifies the command level authorization-attribute level level By default, the command level is of the local user.
Page 56 associate Device A's IP address with the Telnet redirect listening port, a user can use the telnet DeviceA-IP-address command to log in to Device B. This Telnet redirect function enables a device to provide Telnet service with its IP address protected. To configure common settings for AUX user interfaces: Step Command...
Page 57 By default, the terminal display type is ANSI. The device supports two types of terminal display: ANSI and VT100. HP recommends that you set the display type of both the device and the client to VT100. If the device and the client use...
Page 58: Login Procedure
Step Command Remarks Configure the user interface to change carriage returns 0x0d By default, the user interface does 0x0a and 0x0d 0x00 received not change carriage returns redirect return-deal from-telnet from Telnet clients to 0x0d received from Telnet clients during during redirecting a Telnet redirecting a Telnet connection.
Page 59 IMPORTANT: Identify the mark on the console port and make sure you are connecting to the correct port. • The serial ports on PCs do not support hot swapping. If the switch has been powered on, always • connect the console cable to the PC before connecting to the switch, and when you disconnect the cable, first disconnect from the switch.
Page 60 Figure 25 Specifying the serial port used to establish the connection Figure 26 Setting the properties of the serial port Power on the device and press Enter at the prompt.
Page 61: Modem Dial-In Through The Aux Port
Figure 27 CLI At the default user view prompt <HP>, enter commands to configure the device or check the running status of the device. To get help, enter ?. Modem dial-in through the AUX port An administrator can use a pair of modems to remotely connect to the device through its AUX port over PSTN when the IP network connection is broken.
Page 62: Setting Up The Configuration Environment
Authentication Configuration task Reference mode Enable scheme authentication on the AUX user interface. Configure local or remote authentication settings. To configure local authentication: Configure a local user and specify the password. "Configuring scheme Configure the device to use local authentication. Scheme authentication for To configure remote authentication:...
Page 63 Launch the terminal emulation program on the PC and create a connection using the telephone number of the modem connected to the device. Figure 29 Figure 30 shows the configuration procedure in Windows XP HyperTerminal. On Windows Server 2003, add the HyperTerminal program first, and then log in to and manage the device as described in this document.
Page 64 Character string CONNECT9600 is displayed on the terminal. Press Enter as prompted. Figure 32 Login page At the default user view prompt <HP>, enter commands to configure the device or check the running status of the device. To get help, enter ?. IMPORTANT: Do not directly close the HyperTerminal.
Page 65: Configuring None Authentication For Modem Dial-In
Configuring none authentication for modem dial-in Step Command Remarks Enter system view. system-view Enter one or more AUX user user-interface aux first-number interface views. [ last-number ] Enable none authentication authentication-mode none mode. Configure common settings "Configuring common settings Optional. for the AUX user interfaces.
Page 66: Configuring Scheme Authentication For Modem Dial-In
The next time you attempt to dial in to the device, you must provide the configured login password, as shown in Figure Figure 34 Password authentication interface for modem dial-in users Configuring scheme authentication for modem dial-in Follow these guidelines when you configure scheme authentication for AUX login: •...
Page 67 Step Command Remarks Optional. By default, command authorization is disabled. The commands available for a user only depend on the user privilege level. Enable command command authorization If command authorization is authorization. enabled, a command is available only if the user has the commensurate user privilege level and is authorized to use the command by the AAA scheme.
Page 68: Configuring Common Settings For Modem Dial-In (Optional)
Step Command Remarks Create a local user and enter local user local-user user-name view. Set a password for the password { cipher | simple } password By default, no password is set. local user. Optional. Specify the command authorization-attribute level level level of the local user.
Page 69 IMPORTANT: To avoid packet loss, make sure the speed of the AUX port is slower than the transmission rate of the modem. You can connect a device (Device B) to the AUX port of the current device (Device A), and configure the current device to redirect a Telnet login user to that device.
Page 70 By default, the terminal display type is ANSI. The device supports two types of terminal display: ANSI and VT100. HP recommends that you set the display type of both the device and the client to VT100. If the device and Configure the type of...
Page 71: Displaying And Maintaining Cli Login
Step Command Remarks Enable Telnet redirect for the By default, the redirect function is redirect enable current user interface. disabled. The default port number is the Specify a Telnet redirect redirect listen-port port-number absolute user interface number plus listening port. 2000.
Page 72 Task Command Remarks display user-interface [ num1 | { aux | console | tty | vty } num2 ] Display user interface information. Available in any view. [ summary ] [ | { begin | exclude | include } regular-expression ] Display the configuration of the display telnet client configuration device when it serves as a Telnet...
Page 73: Logging In To The Web Interface
Logging in to the Web interface The device provides a built-in Web server for you to configure the device through a Web browser. The device supports HTTP 1.0 and HTTPS for transferring webpage data across the Internet. HTTPS uses SSL to encrypt data between the client and the server for data integrity and security, and is more secure than HTTP.
Page 74: Configuring Https Login
Step Command Remarks Optional. The default HTTP service port is 80. Configure the HTTP ip http port port-number If you execute the command multiple service port number. times, the most recent configuration takes effect. Optional. By default, the HTTP service is not associated with any ACL.
Page 75 If the HTTPS service and the SSL VPN service use the same port number, they must have the same • SSL server policy. Otherwise, only one of the two services can be enabled. If the HTTPS service and the SSL VPN service use the same port number and the same SSL server •...
Page 76 Step Command Remarks Optional. By default, the HTTPS service is not associated with any certificate-based attribute access control policy. Associating the HTTPS service with a certificate-based attribute access control policy Associate the HTTPS enables the device to control the access rights service with a of clients.
Page 77: Displaying And Maintaining Web Login
Step Command Remarks Configure a password { cipher | simple } By default, no password is configured for the password for the password local user. local user. Specify the authorization-attribute level By default, no command level is configured for command level of the level the local user.
Page 78: Https Login Configuration Example
<Sysname> system-view [Sysname] interface ethernet1/1 [Sysname-Ethernet1/1] ip address 192.168.0.58 255.255.255.0 [Sysname-Ethernet1/1] quit # Create a local user named admin, and set the password to admin for the user. Specify the Web service type for the local user, and set the command level to 3 for this user. [Sysname] local-user admin [Sysname-luser-admin] service-type web [Sysname-luser-admin] authorization-attribute level 3...
Page 79: Configuration Procedure
Configuration procedure This example assumes that the CA is named new-ca, runs Windows Server, and is installed with the SCEP add-on. This example also assumes that the device, host, and CA can reach one other. Configure the device (HTTPS server): # Configure a PKI entity, configure the common name of the entity as http-server1, and the FQDN of the entity as ssl.security.com.
Page 80 # Associate the HTTPS service with certificate attribute-based access control policy myacp. [Device] ip https certificate access-control-policy myacp # Enable the HTTPS service. [Device] ip https enable # Create a local user named usera, set the password to 123, specify the Web service type, and specify the user privilege level 3.
Page 81: Logging In Through Snmp
Logging in through SNMP You can run SNMP on an NMS to access the device MIB and perform GET and SET operations to manage and monitor the device. The device supports SNMPv1, SNMPv2c, and SNMPv3, and can work with various network management software products, including IMC. For more information about SNMP, see Network Management and Monitoring Configuration Guide.
Page 82: Configuring Snmpv1 Or Snmpv2C Settings
Step Command Remarks snmp-agent group v3 group-name [ authentication | privacy ] Configure an SNMP [ read-view read-view ] [ write-view By default, no SNMP group is group and specify its write-view ] [ notify-view configured. access right. notify-view ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * snmp-agent usm-user v3 user-name group-name [ [ cipher ]...
Page 83: Nms Login Example
NMS login example Network requirements Configure the device and network management station so you can remotely manage the device through SNMPv3. Figure 40 Network diagram Configuration procedure Configure the device: # Assign an IP address to the device. Make sure the device and the NMS can reach each other. (Details not shown.) # Enter system view.
Page 84: Controlling User Logins
Controlling user logins Use ACLs to prevent unauthorized logins. For more information about ACLs, see ACL and QoS Configuration Guide. Controlling Telnet logins Use a basic ACL (2000 to 2999) to filter Telnet traffic by source IP address. Use an advanced ACL (3000 to 3999) to filter Telnet traffic by source and/or destination IP address.
Page 85: Configuring Source Mac-Based Telnet Login Control
Step Command Remarks Create an advanced ACL and acl [ ipv6 ] number acl-number enter its view, or enter the By default, no advanced ACL [ name name ] [ match-order view of an existing advanced exists. { config | auto } ] ACL.
Page 86: Configuring Source Ip-Based Snmp Login Control
Figure 41 Network diagram Configuration procedure # Configure basic ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit packets sourced from Host A. <Sysname> system-view [Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit...
Page 87: Snmp Login Control Configuration Example
Step Command Remarks • SNMPv1/v2c community: snmp-agent community { read | write } community-name [ mib-view view-name ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * • SNMPv1/v2c group: snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * •...
Page 88: Configuring Web Login Control
[Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit # Associate the ACL with the SNMP community and the SNMP group. [Sysname] snmp-agent community read aaa acl 2000 [Sysname] snmp-agent group v2c groupa acl 2000 [Sysname] snmp-agent usm-user v2c usera groupa acl 2000 Configuring Web login control...
Page 89 Figure 43 Network diagram Host A 10.110.100.46 IP network Device Host B 10.110.100.52 Configuration procedure # Create ACL 2000, and configure rule 1 to permit packets sourced from Host B. <Sysname> system-view [Sysname] acl number 2030 match-order config [Sysname-acl-basic-2030] rule 1 permit source 10.110.100.52 0 # Associate the ACL with the HTTP service so only the Web users on Host B can access the device.
Page 90: Managing The Device
A device name identifies a device in a network and works as the user view prompt at the CLI. For example, if the device name is Sysname, the user view prompt is <Sysname>. To configure the device name: Step Command Remarks Enter system view. system-view Optional. Configure the device name. sysname sysname The default device name is HP.
Page 91: Changing The System Time
Changing the system time You must synchronize your device with a trusted time source by using NTP or changing the system time before you run it on the network. Network management depends on an accurate system time setting, because the timestamps of system messages and logs use the system time. For NTP configuration, see Network Management and Monitoring Configuration Guide.
Page 92: Configuration Example
Command Effective system time Configuration example System time clock datetime 1:00 date-time outside the 2007/1/1 daylight saving time 01:00:00 UTC Mon clock summer-time ss range: 01/01/2007 one-off 1:00 date-time 2006/1/1 1:00 2006/8/8 2 10:00:00 ss Mon 01/01/2007 If the date-time plus 1, 3 clock datetime 8:00 summer-offset is outside the...
Page 93: Configuration Procedure
Command Effective system time Configuration example System time clock datetime 1:00 2007/1/1 date-time ± zone-offset clock timezone outside the daylight 02:00:00 zone-time Mon zone-time add 1 saving time range: 01/01/2007 clock summer-time ss date-time ± zone-offset one-off 1:00 2008/1/1 1:00 2008/8/8 2 1, 2, 3 or 1, 3, 2 clock datetime 1:00...
Page 94: Enabling Displaying The Copyright Statement
Step Command Remarks • Set a non-recurring scheme: clock summer-time zone-name Optional. one-off start-time start-date Use either command. end-time end-date add-time Set a daylight saving time By default, daylight saving time is scheme. • Set a recurring scheme: disabled, and the UTC time zone clock summer-time zone-name applies.
Page 95: Configuration Procedure
keywords and the delimiters cannot exceed 510 characters. In this mode, do not press Enter before you input the end delimiter. For example, you can configure the shell banner "Have a nice day." as follows: <System> system-view [System] header shell %Have a nice day.% Multiple-line input •...
Page 96: Configuring The Maximum Number Of Concurrent Users
Configuring the maximum number of concurrent users You can configure this command to limit the number of users that can enter the system view simultaneously. When the number of concurrent users reaches the upper limit, other users cannot enter system view. When multiple users configure a setting in system view, the most recent configuration applies.
Page 97: Rebooting Devices Immediately At The Cli
Reboot the device immediately at the CLI. • • At the CLI, schedule a reboot to occur at a specific time and date or after a delay. Power off and then power on the device. This method might cause data loss, and is the •...
Page 98: Job Configuration Methods
Job configuration methods You can configure jobs by using the non-modular or modular method. Use the non-modular method for a one-time command execution and use non-modular method for complex maintenance work. Table 22 A comparison of non-modular and modular methods Scheduling a job by using the Scheduling a job by using the Comparison item...
Page 99: Scheduling A Job By Using The Non-Modular Method
Scheduling a job by using the non-modular method To schedule a job, execute one of the following commands in user view: Task Command Remarks Use either command. • Schedule a job to run a NOTE: command at a specific time: •...
Page 100 Figure 44 Network diagram Configuration procedure # Enter system view. <Sysname> system-view # Create a job named pc1, and enter its view. [Sysname] job pc1 # Configure the job to be executed in the view of Ethernet 1/1. [Sysname-job-pc1] view ethernet 1/1 # Configure the device to enable Ethernet 1/1 at 8:00 on working days every week.
Page 101: Disabling Password Recovery Capability
# Configure the device to shut down Ethernet 1/3 at 18:00 on working days every week. [Sysname-job-pc3] time 2 repeating at 18:00 week-day mon tue wed thu fri command shutdown [Sysname-job-pc3] quit # Display information about scheduled jobs. [Sysname] display job Job name: pc1 Specified view: Ethernet1/1 Time 1: Execute command undo shutdown at 08:00 Mondays Tuesdays Wednesdays Thursdays...
Page 102: Setting The Port Status Detection Timer
Figure 45 Handling console login password loss Console login password lost Reboot the device to access the extended Boot ROM menu Password recovery capability enabled? Restore to Factory Default Skip Current System Skip Authentication for Configuration Configuration Console Login Reboot the device Configure new password in system view Save the running configuration...
Page 103: Monitoring An Nms-Connected Interface
NMS of the new IP address. The IP address changes of the interface not under monitor will be ignored. The device preferentially monitors the primary interface. HP recommends that you specify the interface that has better route or more reliable link as the primary.
Page 104: Setting The Operating Mode For An Interface Card
To monitor NMS-connected interfaces: Step Command Remarks Enter system view. system-view • Specify the primary interface: Configure at least one command. nms primary monitor-interface By default, no interfaces are interface-type interface-number configured as NMS-connected Specify NMS-connected • Specify the secondary interfaces to be monitored.
Page 105: Clearing Unused 16-Bit Interface Indexes
Ethernet packet transmission by switching the interface card to operate in EFM mode, thus protecting user investment and improving packet transmission speed by avoiding ATM devices from converting packets between Ethernet packets and ATM cells. • 3G modem (PPP/Ethernet)—Supports switching between PPP mode and Ethernet mode. In PPP mode, the link layer protocol is PPP and the network layer protocol is IP.
Page 106: Verifying Transceiver Modules
Verifying transceiver modules You can verify the genuineness of a transceiver module in the following ways: Display the key parameters of a transceiver module, including its transceiver type, connector type, • central wavelength of the transmit laser, transfer distance and vendor name. •...
Page 107: Disabling The Usb Ports
Disabling the USB ports Before you disable the USB ports, make sure the USB ports are not being used for data read/write operation. Otherwise, the operation might fail. Disabling the USB ports also disables the USB-based storage and 3G functions. To disable the USB ports: Task Command...
Page 108 Task Command Remarks display diagnostic-information [ | Display or save running status data { begin | exclude | include } Available in any view. for multiple feature modules. regular-expression ] display cpu-usage [ entry-number [ offset ] [ verbose ] [ from-device ] ] [ | Display CPU usage statistics.
Page 109: Managing Configuration Files
Managing configuration files You can manage configuration files at the CLI or by using the Boot menu of the device. This chapter describes only managing configuration files from the CLI. Overview A configuration file saves configurations as a set of text commands. You can save the running configuration to a configuration file so the configuration takes effect after you reboot the device.
Page 110: Next-Startup Configuration File Redundancy
• You can execute the save command to save the running configuration to a configuration file. To make sure the configuration file can be loaded, HP recommends not modifying the content and format of the configuration file. Next-startup configuration file redundancy You can specify one main next-startup configuration file and one backup next-startup configuration file for redundancy.
Page 111: Saving The Running Configuration
Hardware FIPS mode MSR30 Yes (except the MSR30-16). MSR50 Yes. MSR1000 Yes. Saving the running configuration To make configuration changes take effect at the next startup, save the running configuration to the startup configuration file to be used at the next startup before the device reboots. Complete the following tasks to save the running configuration: Task Remarks...
Page 112: Using Automatic Configuration Backup After A Software Upgrade
process, the next-startup configuration file is lost. You must re-specify a new startup configuration file after the device reboots (see "Specifying a configuration file for the next startup"). Safe mode—Use the save command with the safely keyword. Safe mode is slower than fast mode, •...
Page 113: Configuring Configuration Rollback
Overwrite the configuration file—The system uses the running configuration to overwrite the old • configuration file on the device without backing up the file. Make sure the storage medium has enough space for the backup configuration file and the new next-startup configuration file.
Page 114: Enabling Automatic Configuration Archiving
Step Command Remarks Create the configuration See "Managing the file system." archive directory. Enter system view. system-view By default, no path or file name prefix is set for configuration archives, and the system does not regularly save configuration. IMPORTANT: Configure the directory and archive configuration location The undo form of this command file name prefix for archiving...
Page 115: Manually Archiving Running Configuration
Manually archiving running configuration To save system resources, disable automatic configuration archiving and manually archive configuration if the configuration will not be changed very often. You can also manually archive configuration before performing complicated configuration tasks so you can use the archive for configuration recovery after the configuration attempt fails.
Page 116: Backing Up The Next-Startup Configuration File To A Tftp Server
Task Command Remarks The configuration file must use Specify the startup configuration startup saved-configuration cfgfile the .cfg extension and be saved in file to be used at the next startup. [ backup | main ] the root directory of storage media.
Page 117: Deleting A Next-Startup Configuration File
Deleting a next-startup configuration file CAUTION: This task permanently deletes the next-startup configuration file from the device. Before performing this task, back up the file as needed. You can delete the main, the backup, or both. If the main and backup next-startup configuration files are the same file, the system sets the attribute of the configuration file to NULL instead of deleting the file.
Page 118: Managing The File System
Managing the file system The following matrix shows the storage media supported on different router models: Hardware Storage media • Flash MSR900 • USB disk • Flash MSR93X • USB disk • Flash MSR20-1X • USB disk • CF card MSR20 •...
Page 119: Fips Compliance
Format Description Length Example Specifies a file in a specific folder in the current working directory. The path argument represents the test/a.cfg indicates a file named path to the file. If the file is in a 1 to 135 path/file-name a.cfg in the test folder in the current single-level folder, specify the characters...
Page 120: Displaying File Information
The copy operation enables you to create a file. You can also create a file by performing the download operation or using the save command. Displaying file information Perform this task in user view. Task Command Display file or directory information. dir [ /all ] [ file-url | /all-filesystems ] Displaying the contents of a file Perform this task in user view.
Page 121: Emptying The Recycle Bin
A file in the recycle bin occupies storage space. To release the occupied space, execute the reset recycle-bin command in the directory that holds the file. To save storage space, periodically empty the recycle bin with the reset recycle-bin command. Perform the following tasks in user view: Task Command...
Page 122: Changing The Current Working Directory
Task Command Display the current working directory. Changing the current working directory Perform this task in user view. Task Command Change the current working cd { directory | .. | / } directory. Creating a directory Perform this task in user view. Task Command Create a directory.
Page 123: Mounting And Unmounting A Storage Medium
To manage the space of a storage medium, perform one of the following tasks in user view: Task Command Remarks Repair a storage medium. fixdisk device FAT16 and FAT32 are not Format a storage medium. format device [ FAT16 | FAT32 ] applicable to a Flash.
Page 124: Displaying And Maintaining The Nand Flash Memory
Task Command Remarks By default, a storage medium is automatically mounted Mount a storage medium. mount device and in mounted state when connected to the system. By default, a storage medium is automatically mounted Unmount a storage medium. umount device and in mounted state when connected to the system.
Page 125: Performing Batch Operations
Task Command display nandflash page-data page-value [ | { begin | Display data on the specified physical page. exclude | include } regular-expression ] Performing batch operations A batch file comprises a set of executable commands. Executing a batch file is the same as executing the commands one by one.
Page 126 19540 KB total (2521 KB free) # Create new folder mytest in the test directory. <Sysname> cd test <Sysname> mkdir mytest %Created dir flash:/test/mytest. # Display the current working directory. <Sysname> pwd flash:/test # Display the files and the subdirectories in the test directory. <Sysname>...
Page 127: Configuring Ftp
Configuring FTP NOTE: FTP is not supported in FIPS mode. File Transfer Protocol (FTP) is an application layer protocol based on the client/server model. It is used to transfer files from one host to another over a TCP/IP network. FTP server uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959.
Page 128: Using The Device As An Ftp Client
Using the device as an FTP client To connect to an FTP server or enter FTP client view, make sure the following requirements are met: You have level-3 (Manage) user privileges on the device. In FTP client view, whether a directory or •...
Page 129: Managing Directories On The Ftp Server
Step Command Remarks • (Method 1) Log in to the remote FTP server in user view: ftp [ server-address [ service-port ] [ vpn-instance vpn-instance-name ] [ source { interface interface-type interface-number | ip Log in to the remote FTP Use either method.
Page 130: Working With The Files On The Ftp Server
Working with the files on the FTP server After you log in to the server, you can upload a file to or download a file from the authorized directory by following these steps: Use the dir or ls command to display the directory and the location of the file on the FTP server. Delete unused files to get more free storage space.
Page 131: Maintaining And Troubleshooting The Ftp Connection
Maintaining and troubleshooting the FTP connection Task Command Remarks Display the help information of remotehelp [ protocol-command ] FTP-related commands on the FTP server. Enable information display in a detailed By default, the function is verbose manner. enabled. Enable FTP related debugging when the By default, the function is debugging device acts as the FTP client.
Page 132: Using The Device As An Ftp Server
Press CTRL+K to abort Connected to 10.1.1.1 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user User(10.1.1.1:(none)):abc 331 Give me your password, please Password: 230 Logged in successfully # Set the file transfer mode to binary. [ftp] binary 200 Type set to I.
Page 133: Configuring Basic Parameters
NOTE: When you use the Internet Explorer browser to log in to the device operating as an FTP server, some FTP functions are not available. This is because multiple connections are required during the login process but the device supports only one connection at a time. Configuring basic parameters The FTP server uses one of the following modes to update a file when you upload the file (use the put command) to the FTP server:...
Page 134: Ftp Server Configuration Example
Remote authentication—The device sends the client's username and password to a remote • authentication server for authentication. The user account is configured on the remote authentication server rather than the device. To assign an FTP user write access (including upload, delete, and create) to the device, assign level-3 (Manage) user privileges to the user.
Page 135 # Create a local user account abc, set its password to abc and the user privilege level to level 3 (the manage level), specify the root directory of the Flash as the authorized directory, and specify the service type as FTP. <Sysname>...
Page 136: Displaying And Maintaining Ftp
NOTE: After you finish transferring the Boot ROM image through FTP, execute the bootrom update command to upgrade Boot ROM. Upgrade the device: # Specify newest.bin as the main system software image file for the next startup. <Sysname> boot-loader file newest.bin main IMPORTANT: The system software image file used for the next startup and the startup configuration file must be saved in the root directory of the storage medium.
Page 137: Configuring Tftp
Configuring TFTP NOTE: TFTP is not supported in FIPS mode. Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for connection establishment and data transmission. In contrast to TCP-based FTP, TFTP requires no authentication or complex message exchanges, and is easier to deploy.
Page 138: Using The Device As A Tftp Client
Using the device as a TFTP client The device provides the following modes for downloading a new file from a TFTP server: Normal download—The new file is written directly to the storage medium and overwrites the old file • that has the same name as it. If file download is interrupted, both old and new files are lost. Secure download—The new file is downloaded to memory and will not be written to the storage •...
Page 139: Displaying And Maintaining The Tftp Client
Step Command Remarks • For IPv4: tftp server-address { get | put | sget } source-filename [ destination-filename ] [ vpn-instance vpn-instance-name ] [ source { interface interface-type interface-number | ip Download or upload a file. Optional. source-ip-address } ] •...
Page 140 # Examine the storage medium of the device for insufficiency or impairment. If no sufficient free space is available, use the fixdisk command to fix the storage medium or use the delete/unreserved file-url command to delete unused files. (Details not shown.) # Download system software image file newest.bin from the PC.
Page 141: Managing Licenses
Managing licenses License compliance Table 28 shows the support of devices for the license feature. Table 28 Hardware and license compatibility matrix Hardware License MSR900 MSR93X MSR20-1X MSR20 MSR30 MSR50 Yes (Only supported by MPU-G2) MSR1000 Registering the software The system software comes with a trial period. You must register the software within its trial period. If you have not registered the software before the trial period expires, the software automatically restarts every 30 minutes.
Page 142: Upgrading Software
Upgrading software You can use the CLI or Boot menu to upgrade software. This chapter describes only upgrading the software and installing hotfixes from the CLI. Upgrading software includes upgrading the BootWare (called "bootrom" in CLI) and system software. Each time the device is powered on, it runs the BootWare image to initialize hardware and display hardware information, and then runs the system software image (called the "boot file"...
Page 143: Software Upgrade Methods
Hardware FIPS mode MSR30 Yes (except the MSR30-16). MSR50 Yes. Software upgrade methods You can use one of the following methods to upgrade software: Upgrading method Software types Remarks Upgrading from the CLI: • BootWare image • You must reboot the device to complete the upgrade. System software Upgrading software This method causes service disruption.
Page 144: Upgrading System Software
Upgrading system software Step Command Remarks Use FTP or TFTP to transfer the The image file must be saved in system software image to the See "Configuring FTP" or the root directory for a successful root directory of the device's "Configuring TFTP."...
Page 145: Patch States
Patch states A patch is in IDLE, DEACTIVE, ACTIVE, or RUNNING state, depending on the patch manipulation command. Patch manipulation commands include patch load (load), patch active (run temporarily), patch run (confirm running), patch deactive (stop running), patch delete (delete), patch install (install), and undo patch install (uninstall).
Page 146 Figure 53 Patches that are not loaded to the patch memory area DEACTIVE state Patches in DEACTIVE state have been loaded to the patch memory area but have not yet run in the system. Suppose that the patch file you are loading has seven patches. After the seven patches successfully pass the version check and CRC check, they are loaded to the patch memory area and are in DEACTIVE state.
Page 147: Patch Installation Task List
Figure 55 Patches are activated RUNNING state After you confirm ACTIVE patches, their state changes to RUNNING and persists after a reboot. In contrast to ACTIVE patches, RUNNING patches continue to take effect after a reboot. For example, if you confirm the first three patches in Figure 55, their state changes from ACTIVE to RUNNING, and the...
Page 148: Installing And Running A Patch In One Step
Save the patch file or the patch package file to the root directory of the device's storage media. • • Correctly name a patch file in the patch_PATCH-FlAG suffix.bin format. The PATCH-FLAG suffix is pre-defined, and must be the same as the first three characters of the value for the Version field in the output from the display patch information command.
Page 149 Task Remarks Loading a patch file Required. Activating patches Required. Confirming ACTIVE patches Optional. Configuring the patch file location The patch file location must be the root directory of a storage medium. If the device has only one storage medium, you do not need to perform this task. To configure the patch file location: Step Command...
Page 150: Uninstalling A Patch Step By Step
Activating patches Activating a patch changes its state to ACTIVE. An ACTIVE patch runs in memory until a reboot occurs. To have a patch continue to run after a reboot, you must change its state to RUNNING. To activate patches: Step Command Enter system view.
Page 151: Displaying And Maintaining Software Upgrade
Displaying and maintaining software upgrade Task Command Remarks Display information about the display boot-loader [ | { begin | exclude Available in any view. system software image. | include } regular-expression ] Display information about the display patch [ | { begin | exclude | Available in any view.
Page 152: Installing Patches
[FTP-Server-luser-aaa] authorization-attribute work-directory flash:/aaa Configure the device: # Log in to the FTP server. <Device> ftp 2.2.2.2 Trying 2.2.2.2 ... Press CTRL+K to abort Connected to 2.2.2.2. 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user User(2.2.2.2:(none)):aaa 331 Give me your password, please Password: 230 Logged in successfully...
Page 153 # Save the patch file patch_xxx.bin to the directory of the TFTP server. (Details not shown.) Configure the device: # Use the save command to save the running configuration. (Details not shown.) # Examine the space of the Flash on the device. If the free space is not sufficient for the patches, delete unused files to release space.
Page 154: Automatic Configuration
Automatic configuration Automatic configuration enables a device without any configuration file to automatically obtain and execute a configuration file during startup. Automatic configuration simplifies network configuration, facilitates centralized management, and reduces maintenance workload. To implement automatic configuration, the network administrator saves configuration files on a server and a device automatically obtains and executes a specific configuration file.
Page 155: How Automatic Configuration Operates
How automatic configuration operates During startup, the device sets the first interface in up state as the DHCP client to request parameters from the DHCP server, such as an IP address and name of a TFTP server, IP address of a DNS server, and the configuration file name.
Page 156: Using Dhcp To Obtain An Ip Address And Other Configuration Information
Using DHCP to obtain an IP address and other configuration information Address acquisition process As mentioned in "How automatic configuration operates," a device sets the first up interface as the DHCP client during startup. The DHCP client broadcasts a DHCP request, where the Option 55 field specifies the information the client wants to obtain from the DHCP server such as the configuration file name, domain name and IP address of the TFTP server, and DNS server IP address.
Page 157: Obtaining The Configuration File From The Tftp Server
To configure static address pools, you must obtain corresponding client IDs. To obtain a device's client ID, use the display dhcp server ip-in-use command to display address binding information on the DHCP server after the device obtains its IP address through DHCP. Obtaining the configuration file from the TFTP server A device can obtain the following files from the TFTP server during automatic configuration: The configuration file specified by the Option 67 or file field in the DHCP response.
Page 158 Obtaining the configuration file Figure 61 Obtaining the configuration file A device obtains its configuration file by using the following work flow: • If the DHCP response contains the configuration file name, the device requests the specified configuration file from the TFTP server. If not, the device tries to get its host name from the host name file obtained from the TFTP server.
Page 159: Executing The Configuration File
If the IP address and the domain name of the TFTP server are not contained in the DHCP response • or they are illegitimate, the device broadcasts a TFTP request. After broadcasting a TFTP request, the device selects the TFTP server that responds first to obtain the configuration file.
Page 160: Deployment Guidelines
During the reboot, the device checks whether all commands in the main startup configuration file are executed successfully. If yes, the automatic configuration succeeds. If not, the automatic configuration fails, and the device writes a log entry to a log file that is named autodeploy.cfg.log and saved in the root directory of the USB disk.
Page 161: Enabling Automatic Configuration From A Usb Disk
The USB disk for automatic configuration must be inserted to the device before the device starts up. The configuration file intended for automatic configuration must meet the following requirements: Be named in the format device serial number.cfg or xxx.autodeploy.cfg, or use the name •...
Page 162: Support And Other Resources
Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...
Page 163: Conventions
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 164 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Page 165: Index
Index basic concept patch, abbreviating commands (CLI), BootWare accessing online help, upgrade, activating patches, aliases (configuring command keyword), changing archiving command level, configuration archive, current working directory, 1 15 configuration archive parameters, configuration archiving (automatic), abbreviating commands, running configuration (manual), accessing online help, assignment command conventions,...
Page 166 editing command lines, authentication mode for user privilege level switching, entering, CLI, entering STRING type values (CLI), CLI hotkeys, filtering output (display), command keyword aliases, redisplaying unsubmitted commands, configuration archive parameters, syntax, configuration rollback, undo form, console login password authentication, viewing history, console port login, command history...
Page 167 confirming directory ACTIVE patches, changing current working directory, 1 15 connecting creating, 1 15 establishing FTP connection, displaying current working directory, 1 14 terminating FTP connection, displaying information, 1 14 console FTP server, configuring login password authentication, management, 1 14 logging in through console port, removing, 1 15...
Page 168 file configuration file content, history configuration file format, command buffer (CLI), configuration file management, command buffer size, copying, 1 13 history commands (viewing), deleting, 1 13 hotfix device configuration startup file selection, basic concepts, displaying directory information, 1 14 installation, displaying information, 1 13 states,...
Page 169 Telnet authentication modes, media user login control, managing storage media, 1 15 login method configuring (NMS), software upgrade, configuring (SNMP), 74, mode configuring console login, console login authentication, configuring console login password FTP configuration, authentication, setting file system operation modes, 1 18 configuring device login as Telnet client, setting prompt modes,...
Page 170 configuring modem login, pausing between CLI output screens, output port filtering (display command), logging in through console port, pausing between screens (CLI), prerequisites patch installation, privilege parameter configuring user level, configuration archive parameters, switching user level, 16, configuring FTP server basic parameters, procedure password activiting patches,...
Page 171 configuring source MAC-based Telnet user login loading patch file, control, 78, logging in through console port, configuring source/destination IP-based Telnet maintaining CLI, user login control, maintaining CLI login, configuring SSH login, maintaining FTP, configuring SSH server, maintaining TFTP client, configuring Telnet login none authentication, managing directories, 1 14 configuring Telnet login password...
Page 172 restoring file, 1 13 configuring FTP server, redisplaying unsubmitted commands, configuring FTP server basic parameters, redundancy configuring SSH server, next-startup configuration file redundancy, managing FTP directories, regular expressions, switching to another user account (FTP), removing working with FTP files, patches, setting removing directory, 1 15...
Page 173 next-startup configuration file, configuring login password authentication, next-startup configuration file redundancy, configuring login scheme authentication, step-by-step patch installation configuring source IP-based user login control, task list, configuring source MAC-based user login control, 78, stopping configuring source/destination IP-based user login running patches, control, storage media configuring user login control,...
Page 174 switching to another user account (FTP), switching to higher privilege level, user interface assignment, numbering, view, user privilege configuring authentication mode for switching level, user view, entering system view, returning to, view CLI, interface, local user, public key code, system, user, user interface, VLAN,...

HP MSR Series Configuration Manual

Quick Links

Related Manuals for HP MSR Series

Summary of Contents for HP MSR Series

Table of Contents