1. Manuals
  2. Brands
  3. HP Manuals
  4. Switch
  5. 3100 v2 Series
  6. Configuration manual

HP 3100 v2 Series Configuration Manual

Hide thumbs Also See for 3100 v2 Series:
Table of Contents

Advertisement

Quick Links

Download this manual
HPE 3100 v2 Switch Series
Fundamentals

Configuration Guide

Part number: 5998-5990s
Software version: Release 5213 and Release 5213P02
Document version: 6W101-20160506

Advertisement

Table of Contents
loading

Related Manuals for HP 3100 v2 Series

Summary of Contents for HP 3100 v2 Series

  • Page 1: Configuration Guide

    HPE 3100 v2 Switch Series Fundamentals Configuration Guide Part number: 5998-5990s Software version: Release 5213 and Release 5213P02 Document version: 6W101-20160506...
  • Page 2 © Copyright 2016 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Contents Using the CLI ·································································································· 1     FIPS compliance ················································································································································ 1   Logging in to the CLI ·········································································································································· 1   Command conventions ······································································································································ 1   Using the undo form of a command ··················································································································· 2   CLI views ··························································································································································· 2  ...
  • Page 4   Setting up the configuration environment ································································································· 41   Configuring none authentication for modem dial-in (not supported in FIPS mode) ································· 43   Configuring password authentication for modem dial-in (not supported in FIPS mode) ·························· 44   Configuring scheme authentication for modem dial-in ············································································· 44  ...
  • Page 5 Configuring TFTP ·························································································· 75     FIPS compliance ·············································································································································· 75   Prerequisites ···················································································································································· 75   Using the device as a TFTP client ··················································································································· 75   Displaying and maintaining the TFTP client ····································································································· 76   TFTP client configuration example ·················································································································· 77 Managing the file system ··············································································...
  • Page 6   Installing a patch step-by-step ················································································································· 99   Uninstalling a patch step-by-step ··········································································································· 100   Displaying and maintaining software upgrade ······························································································· 101   Software upgrade examples ·························································································································· 101   Upgrading the entire system software ···································································································· 101   Hotfix configuration example ·················································································································· 103 Managing the device ···················································································...

  • Page 7: Using The Cli

    Using the CLI At the command-line interface (CLI), you can enter text commands to configure, manage, and monitor your device. Figure 1 CLI example FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode.

  • Page 8: Using The Undo Form Of A Command

    Command keywords are case insensitive. The following example analyzes the syntax of the clock datetime time date command according Table Figure 2 Understanding command-line parameters For example, to set the system time to 10:30:20, February 23, 2011, enter the following command line at the CLI and press Enter: <Sysname>...

  • Page 9: Entering System View From User View

    Figure 3 CLI view hierarchy Entering system view from user view Task Command Enter system view from user view. system-view Returning to the upper-level view from any view Task Command Return to the upper-level view from any view. quit Executing the quit command in user view terminates your connection to the device. NOTE: In public key code view, use the public-key-code end command to return to the upper-level view (public key view).

  • Page 10: Accessing The Cli Online Help

    Accessing the CLI online help The CLI online help is context sensitive. You can enter a question mark at any point of a command to display all available options. To access the CLI online help, use one of the following methods: •...

  • Page 11: Entering A Command

    Entering a command When you enter a command, you can use some keys or hotkeys to edit the command line, or use abbreviated keywords or keyword aliases. Editing a command line You can use the keys listed in Table 2 or the hotkeys listed in Table 3 to edit a command line.

  • Page 12: Configuring And Using Command Keyword Aliases

    Configuring and using command keyword aliases The command keyword alias function allows you to replace the first keyword of a non-undo command or the second keyword of an undo command with your preferred keyword when you execute the command. For example, if you configure show as the alias for the display keyword, you can enter show to execute a display command.
  • Page 13 Step Command Remarks By default: • Ctrl+G is assigned the display current-configuration command. hotkey { CTRL_G | CTRL_L | • Ctrl+L is assigned the Configure hotkeys. CTRL_O | CTRL_T | CTRL_U } display ip routing-table command command. • Ctrl+O is assigned the undo debugging all command.

  • Page 14: Enabling Redisplaying Entered-But-Not-Submitted Commands

    Hotkey Function Esc+P Moves the cursor up one line. This hotkey is available before you press Enter. Esc+< Moves the cursor to the beginning of the clipboard. Esc+> Moves the cursor to the ending of the clipboard. Enabling redisplaying entered-but-not-submitted commands After you enable redisplaying entered-but-not-submitted commands: •...

  • Page 15: Viewing History Commands

    A command is saved to the command history buffer in the exact format as it was entered. For example, if you enter an incomplete command, the command saved in the command history buffer is also incomplete; if you enter a command by using a command keyword alias, the command saved in the command history buffer also uses the alias.

  • Page 16: Filtering The Output From A Display Command

    screen length, use the screen-length screen-length command. For more information about this command, see Fundamentals Command Reference. To control output, use keys in Table Table 5 Keys for controlling output Keys Function Space Displays the next screen. Enter Displays the next line. Ctrl+C Stops the display and cancels the command execution.
  • Page 17 Character Meaning Remarks Matches any single character, such as a single character, a special For example, ".s" matches both "as" and "bs". character, and a blank. Matches the preceding character or For example, "zo*" matches "z" and "zoo"; "(zo)*" character group zero or multiple matches "zo"...
  • Page 18 Character Meaning Remarks Matches character1character2. For example, "\ba" matches "-a" with "-" being character1 can be any character \bcharacter2 character1, and "a" being character2, but it does except number, letter or underline, not match "2a" or "ba". and \b equals [^A-Za-z0-9_]. Matches a string containing For example, "\Bt"...

  • Page 19: Configuring User Privilege And Command Levels

    Configuring user privilege and command levels To avoid unauthorized access, the device defines the user privilege levels and command levels Table 7. User privilege levels correspond to command levels. A user who has been logged in with a specific privilege level can use only the commands at that level or lower levels. All commands are categorized into four levels: visit, monitor, system, and manage, and are identified from low to high, respectively by 0 through 3.
  • Page 20 Step Command Remarks By default, the authentication Specify the scheme mode for VTY users is password, authentication-mode scheme authentication mode. and no authentication is needed for AUX users. Return to system view. quit This task is required only for SSH Configure the authentication For more information, see users who are required to provide...
  • Page 21 Step Command Remarks user-interface { first-num1 Enter user interface view. [ last-num1 ] | vty first-num2 [ last-num2 ] } By default, the authentication Enable the scheme mode for VTY users is password, authentication-mode scheme authentication mode. and no authentication is needed for AUX users.

  • Page 22: Switching The User Privilege Level

    [Sysname] user-interface vty 0 15 [Sysname-ui-vty0-15] authentication-mode none [Sysname-ui-vty0-15] user privilege level 1 # Display the commands a Telnet user can use after login. Because the user privilege level is 1, a Telnet user can use more commands now. <Sysname> ? User view commands: debugging Enable system debugging functions...
  • Page 23 Configuring the authentication parameters for user privilege level switching A user can switch to a privilege level equal to or lower than the current one unconditionally and is not required to enter a password (if any). For security, a user is required to enter a password (if any) to switch to a higher privilege level. The authentication falls into one of the following categories: Authentication Keywords...
  • Page 24 Switching to a higher user privilege level Before you switch to a higher user privilege level, obtain the required authentication data as described in Table The privilege level switching fails after three consecutive unsuccessful password attempts. To switch the user privilege level, perform the following task in user view: Task Command Remarks...

  • Page 25: Changing The Level Of A Command

    User User privilege Information required Information required for interface level switching for the first the second authentication authenticatio authentication authentication mode mode n mode mode Password for privilege level switching that is configured Password configured on the on the AAA server. The device with the super scheme local system uses the username...

  • Page 26: Login Overview

    Login overview This chapter describes the available CLI login methods and their configuration procedures. Login methods at a glance You can access the device only through the console port at the first login, locally or remotely by using a pair of modems. After you log in to the device, you can configure other login methods, including Telnet and SSH, for remote access.

  • Page 27: User Interfaces

    Telnet and HTTP are not supported in FIPS mode. User interfaces The device uses user interfaces (also called "lines") to control CLI logins and monitor CLI sessions. You can configure access control settings, including authentication, user privilege, and login redirect on user interfaces.

  • Page 28: Logging In To The Cli

    Logging in to the CLI By default, the first time you access the CLI you must log in through the console port, locally or remotely by using a pair of modems. At the CLI, you can configure Telnet or SSH for remote access. FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements.
  • Page 29 Figure 5 through Figure 7 show the configuration procedure on Windows XP HyperTerminal. On Windows Server 2003, add the HyperTerminal program first, and then log in to and manage the device as described in this document. On Windows Server 2008, Windows 7, Windows Vista, or some other operating system, obtain a third-party terminal control program first, and then follow the user guide or online help to log in to the device.

  • Page 30: Configuring Console Login Control Settings

    Figure 7 Setting the properties of the serial port Power on the device and press Enter as prompted. At the user view prompt, enter commands to configure the device or view the running status of the device. To get help, enter ?. Configuring console login control settings The following authentication modes are available for controlling console logins: •...

  • Page 31: Configuring None Authentication For Console Login (Not Supported In Fips Mode)

    Authenticatio Configuration tasks Reference n mode Enable scheme authentication on the AUX user interface. Configure local or remote authentication settings. To configure local authentication: Configure a local user and specify the password. "Configuring scheme Configure the device to use local authentication. Scheme authentication for console To configure remote authentication:...

  • Page 32: Configuring Scheme Authentication For Console Login

    Step Command Remarks set authentication password [ hash ]{ cipher | simple } Set a password. By default, no password is set. password Configure common settings "Configuring common Optional. for console login. console login settings (optional)." The next time you attempt to log in through the console port, you must provide the configured login password.
  • Page 33 Step Command Remarks Optional. By default, command accounting is disabled. The accounting server does not record the commands executed by users. Command accounting allows the HWTACACS server to record all commands executed by users, regardless of command execution Enable command results.

  • Page 34: Configuring Common Console Login Settings (Optional)

    The next time you attempt to log in through the console port, you must provide the configured login username and password. Configuring common console login settings (optional) Some common settings configured for an AUX user interface take effect immediately and can interrupt the console login session.

  • Page 35: Logging In Through Telnet (Not Supported In Fips Mode)

    Step Command Remarks By default, the terminal display type is ANSI. The device supports two terminal display types: ANSI and VT100. Hewlett Packard Enterprise recommends setting the display type to VT100 for both the device and the client. If the device and the 11.
  • Page 36 Table 13 Telnet server and Telnet client configuration requirements Object Requirements Assign an IP address to a Layer 3 interface, and make sure the Telnet server and client can reach each other. Telnet server Configure the authentication mode and other settings. Enable Telnet server.

  • Page 37: Configuring None Authentication For Telnet Login

    Configuring none authentication for Telnet login Step Command Remarks Enter system view. system-view Enable Telnet By default, the Telnet server is telnet server enable server. enabled. Enter one or user-interface vty first-number multiple VTY user [ last-number ] interface views. Enable the none By default, authentication mode for authentication...

  • Page 38: Configuring Scheme Authentication For Telnet Login

    Step Command Remarks Configure common "Configuring common settings for settings for VTY user Optional. VTY user interfaces (optional)." interfaces. The next time you attempt to Telnet to the device, you must provide the configured login password, as shown in Figure 10.
  • Page 39 Step Command Remarks Optional. By default, command authorization is disabled. The commands available for a user only depend on the user privilege Enable command level. command authorization authorization. If command authorization is enabled, a command is available only if the user has the commensurate user privilege level and is authorized to use the command by the AAA scheme.

  • Page 40: Configuring Common Settings For Vty User Interfaces (Optional)

    Step Command Remarks Optional. 11. Specify the command level of authorization-attribute level By default, the command level is the local user. level 12. Specify Telnet service for the By default, no service type is service-type telnet local user. specified. 13. Exit to system view. quit "Configuring common 14.

  • Page 41: Using The Device To Log In To A Telnet Server

    Step Command Remarks Optional. By default, both Telnet and SSH are supported. Enable the user interfaces to protocol inbound { all | ssh | support Telnet, SSH, or both of The telnet keyword is not telnet } them. supported in FIPS mode. The configuration takes effect the next time you log in.

  • Page 42: Setting The Dscp Value For Ip To Use For Outgoing Telnet Packets

    Figure 12 Telnetting from the device to a Telnet server To use the device to log in to a Telnet server: Step Command Remarks Enter system view. system-view Optional. By default, no source IPv4 Specify a source IPv4 telnet client source { interface address or source interface is address or source interface interface-type interface-number |...

  • Page 43: Logging In Through Ssh

    Logging in through SSH SSH offers a secure approach to remote login. By providing encryption and strong authentication, it protects devices against attacks such as IP spoofing and plaintext password interception. You can log in to the device working as an SSH server for remote management, as shown in Figure 13.
  • Page 44 Step Command Remarks Enter one or more VTY user user-interface vty first-number interface views. [ last-number ] By default, password Enable scheme authentication-mode scheme authentication is enabled on VTY authentication. user interfaces. Optional. Enable the user interfaces to By default, both Telnet and SSH protocol inbound { all | ssh | support Telnet, SSH, or both are supported.

  • Page 45: Using The Device As An Ssh Client To Log In To The Ssh Server

    Step Command Remarks a. Enter the ISP domain Optional. view: For local authentication, configure domain domain-name local user accounts. b. Apply the specified AAA For RADIUS or HWTACACS scheme to the domain: authentication, configure the authentication default 10. Apply an AAA authentication RADIUS or HWTACACS scheme { hwtacacs-scheme scheme to the intended...

  • Page 46: Modem Dial-In Through The Console Port

    Task Command Remarks Log in to an IPv4 SSH The server argument represents the IPv4 ssh2 server server. address or host name of the server. Log in to an IPv6 SSH The server argument represents the IPv6 ssh2 ipv6 server server.

  • Page 47: Setting Up The Configuration Environment

    Setting up the configuration environment Set up a configuration environment as shown in Figure Connect the serial port of the PC to a modem and the console port of the device to a modem. Connect each modem to the PSTN through a telephone cable. Obtain the telephone number of the modem connected to the device.
  • Page 48 Figure 16 Creating a connection Figure 17 Configuring the dialing parameters NOTE: On Windows Server 2003, you must add the HyperTerminal program first, and then log in to and manage the device as described in this document. On Windows Server 2008, Windows 7, Windows Vista, or some other operating system, obtain a third-party terminal control program first, and follow the user guide or online help of that program to log in to the device.

  • Page 49: Configuring None Authentication For Modem Dial-In (Not Supported In Fips Mode)

    Figure 18 Dialing the number Press Enter as prompted. At the user view prompt, enter commands to configure the device or view the running status of the device. To get help, enter ?. To disconnect the PC from the device, execute the ATH command in the HyperTerminal. If the command cannot be entered, type AT+ + + and then press Enter.

  • Page 50: Configuring Password Authentication For Modem Dial-In (Not Supported In Fips Mode)

    Configuring password authentication for modem dial-in (not supported in FIPS mode) Step Command Remarks Enter system view. system-view Enter one or more AUX user user-interface aux first-number interface views. [ last-number ] By default, no authentication is Enable password authentication-mode password performed for modem dial-in authentication.
  • Page 51 Step Command Remarks Optional. By default, command authorization is disabled. The commands available for a user only depend on the user privilege Enable command level. command authorization authorization. If command authorization is enabled, a command is available only if the user has the commensurate user privilege level and is authorized to use the command by the AAA scheme.

  • Page 52: Configuring Common Settings For Modem Dial-In (Optional)

    Step Command Remarks Optional. 10. Specify the command authorization-attribute level level level of the local user. By default, the command level is 0. 11. Specify terminal service for the local service-type terminal By default, no service type is specified. user. 12.

  • Page 53: Displaying And Maintaining Cli Login

    Step Command Remarks Define a shortcut key for By default, press Enter to start a activation-key character starting a session. session. Define a shortcut key for escape-key { default | By default, press Ctrl+C to terminating tasks. character } terminate a task. By default , the flow control mode is none.
  • Page 54 Task Command Remarks display user-interface [ num1 | Display user interface { aux | vty } num2 ] [ summary ] [ | Available in any view. { begin | exclude | include } information. regular-expression ] display telnet client Display the configuration of the configuration [ | { begin | device when it serves as a Telnet...

  • Page 55: Logging In To The Web Interface

    Logging in to the Web interface The device provides a built-in Web server for you to configure the device through a Web browser. Web login is by default disabled. To enable Web login, log in via the console port, and perform the following configuration tasks: •...

  • Page 56: Configuring Https Login

    Step Command Remarks By default, HTTP service is Enable the HTTP service. ip http enable enabled. Optional. The default HTTP service port is Configure the HTTP service ip http port port-number port number. If you execute the command multiple times, the last one takes effect.
  • Page 57 Step Command Remarks By default, the HTTPS service is not associated with any SSL server policy, and the device uses a self-signed certificate for authentication. If you disable the HTTPS service, the system automatically de-associates Associate the HTTPS the HTTPS service from the SSL ip https ssl-server-policy service with an SSL service policy.

  • Page 58: Displaying And Maintaining Web Login

    Step Command Remarks By default, the HTTPS service is not associated with any ACL. Associate the HTTPS Associating the HTTPS service with an ip https acl acl-number service with an ACL. ACL enables the device to allow only clients permitted by the ACL to access the device.

  • Page 59: Http Login Configuration Example

    HTTP login configuration example Network requirements As shown in Figure 19, configure the device to allow the PC to log in over the IP network by using HTTP. Figure 19 Network diagram Configuration procedure Configure the device: # Create VLAN 999, and add Ethernet 1/0/1 (the interface connected to the PC) to VLAN 999. <Sysname>...

  • Page 60: Configuration Procedure

    Figure 20 Network diagram Configuration procedure This example assumes that the CA is named new-ca, runs Windows Server, and is installed with the SCEP add-on. This example also assumes the device, host, and CA can reach one other. Configure the device (HTTPS server): # Configure a PKI entity, configure the common name of the entity as http-server1, and the FQDN of the entity as ssl.security.com.
  • Page 61 [Device-pki-cert-attribute-group-mygroup1] attribute 1 issuer-name dn ctn new-ca [Device-pki-cert-attribute-group-mygroup1] quit # Create a certificate attribute-based access control policy myacp. Configure a certificate attribute-based access control rule, specifying that a certificate is considered valid when it matches an attribute rule in certificate attribute group myacp. [Device] pki certificate access-control-policy myacp [Device-pki-cert-acp-myacp] rule 1 permit mygroup1 [Device-pki-cert-acp-myacp] quit...

  • Page 62: Logging In Through Snmp

    Logging in through SNMP You can use an NMS to access the device MIB and perform GET and SET operations to manage and monitor the device. The device supports SNMPv1, SNMPv2c, and SNMPv3, and can work with various network management software products, including IMC. For more information about SNMP, see Network Management and Monitoring Configuration Guide.

  • Page 63: Configuring Snmpv1 Or Snmpv2C Settings

    Step Command Remarks snmp-agent usm-user v3 user-name group-name [ [ cipher ] authentication-mode { md5 | Add a user to the SNMP sha } auth-password group. [ privacy-mode { 3des | aes128 | des56 } priv-password ] ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * Configuring SNMPv1 or SNMPv2c settings...

  • Page 64: Configuration Procedure

    Figure 22 Network diagram Configuration procedure Configure the device: # Assign an IP address to the device. Make sure the device and the NMS can reach each other. (Details not shown.) # Enter system view. <Sysname> system-view # Enable the SNMP agent. [Sysname] snmp-agent # Configure an SNMP group.

  • Page 65: Controlling User Logins

    Controlling user logins To harden device security, use ACLs to prevent unauthorized logins. For more information about ACLs, see ACL and QoS Configuration Guide. FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode.

  • Page 66: Configuring Source Mac-Based Telnet Login Control

    Step Command Remarks Create an advanced ACL acl [ ipv6 ] number acl-number and enter its view, or enter By default, no advanced ACL [ name name ] [ match-order the view of an existing exists. { config | auto } ] advanced ACL.

  • Page 67: Configuring Source Ip-Based Snmp Login Control

    Figure 23 Network diagram Configuration procedure # Configure basic ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit packets sourced from Host A. <Sysname> system-view [Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit...

  • Page 68: Snmp Login Control Configuration Example

    Step Command Remarks SNMPv1/v2c community: • snmp-agent community { read | write } community-name [ mib-view view-name ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * • SNMPv1/v2c group: snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number | acl ipv6 ipv6-acl-number ] *...

  • Page 69: Configuring Web Login Control

    Configuration procedure # Create ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit packets sourced from Host A. <Sysname> system-view [Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit # Associate the ACL with the SNMP community and the SNMP group.

  • Page 70: Web Login Control Configuration Example

    Web login control configuration example Network requirements As shown in Figure 25, configure the device to allow only Web users from Host B to access. Figure 25 Network diagram Configuration procedure # Create ACL 2000, and configure rule 1 to permit packets sourced from Host B. <Sysname>...

  • Page 71: Configuring Ftp

    Configuring FTP File Transfer Protocol (FTP) is an application layer protocol based on the client/server model. It is used to transfer files from one host to another over a TCP/IP network. FTP server uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959.
  • Page 72 You can use the ftp client source command to specify a source IP address or source interface for the FTP packets sent by the device. If a source interface (typically a loopback interface) is specified, its primary IP address is used as the source IP address for the FTP packets sent by the device. The source interface setting and the source IP address setting overwrite each other.

  • Page 73: Setting The Dscp Value For Ip To Use For Outgoing Ftp Packets

    Setting the DSCP value for IP to use for outgoing FTP packets You can set the DSCP value for IPv4 or IPv6 to use for outgoing FTP packets on an FTP client, so outgoing FTP packets are forwarded based on their priorities on transit devices. To set the DSCP value for IP to use for outgoing FTP packets: Step Command...

  • Page 74: Switching To Another User Account

    Task Command Remarks The ls command displays the name of a Display detailed information directory or file only, while the dir dir [ remotefile [ localfile ] ] about a directory or file on the command displays detailed information FTP server. such as the file size and creation time.

  • Page 75: Terminating The Ftp Connection

    Terminating the FTP connection To terminate an FTP connection, perform one of the following tasks: Task Command Remarks • disconnect Terminate the FTP connection without exiting FTP Use either command in FTP close • client view. client view. • Terminate the FTP connection and return to user Use either command in FTP quit •...

  • Page 76: Using The Device As An Ftp Server

    125 BINARY mode data connection already open, transfer starting for /newest.bin. 226 Transfer complete. FTP: 23951480 byte(s) received in 95.399 second(s), 251.00K byte(s)/sec. # Set the file transfer mode to ASCII, and upload the configuration file config.cfg from the device to the PC for backup.

  • Page 77: Configuring Authentication And Authorization

    To configure basic parameters for the FTP server: Step Command Remarks system-view Enter system view. By default, the FTP server is ftp server enable Enable the FTP server. disabled. Set the DSCP value for IPv4 Optional. to use for outgoing FTP ftp server dscp dscp-value The default is 0.

  • Page 78: Associating An Ssl Server Policy With The Ftp Service

    Step Command Remarks Set a password password { simple | cipher } for the user password account. Assign FTP By default, no service type is specified. If the service-type ftp service to the user FTP service is specified, the root directory of account the device is by default used.
  • Page 79 # Create a local user account abc, set its password to abc and the user privilege level to level 3 (the manage level), specify the root directory of the Flash as the authorized directory, and specify the service type as FTP. <Sysname>...

  • Page 80: Displaying And Maintaining Ftp

    NOTE: • This FTP procedure also applies to upgrading configuration files. • After you finish transferring the Boot ROM image through FTP, execute the bootrom update command to upgrade Boot ROM. Upgrade the device: # Specify newest.bin as the main system software image file for the next startup. <Sysname>...

  • Page 81: Configuring Tftp

    Configuring TFTP Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for connection establishment and data transmission. In contrast to TCP-based FTP, TFTP requires no authentication or complex message exchanges, and is easier to deploy.

  • Page 82: Displaying And Maintaining The Tftp Client

    The tftp client source command setting applies to all TFTP sessions. When you set up a TFTP session with the tftp command, you can also specify a different source IP address for the TFTP session. IMPORTANT: To avoid TFTP connection failures, when you specify a source interface for TFTP packets, make sure the interface has a primary IP address.

  • Page 83: Tftp Client Configuration Example

    TFTP client configuration example Network requirements As shown, the device and PC can reach each other. Configure the PC in Figure 30 as a TFTP server, and use TFTP to download the system software image file newest.bin from the PC to the device and upload the configuration file config.cfg from the device to the PC for backup.

  • Page 84: Managing The File System

    Managing the file system This chapter describes how to manage the device's file system, including the storage media, directories and files. Storage medium naming rules A storage medium is named based on the following rules:If a storage medium is the only storage medium of its type on the device, it is named by its type.

  • Page 85: Displaying File Information

    The copy operation enables you to create a file. You can also create a file by performing the download operation or using the save command. Displaying file information Perform this task in user view. Task Command Display file or directory information. dir [ /all ] [ file-url | /all-filesystems ] Displaying file contents Perform this task in user view.

  • Page 86: Emptying The Recycle Bin

    Perform the following tasks in user view: Task Command Delete a file by moving it to the recycle bin. delete file-url Restore a file from the recycle bin. undelete file-url Delete a file permanently. delete /unreserved file-url Emptying the recycle bin Step Command Remarks...

  • Page 87: Creating A Directory

    Creating a directory Perform this task in user view. Task Command Create a directory. mkdir directory Removing a directory Before you remove a directory, you must delete all files and subdirectories in this directory. To delete a file, use the delete command; to delete a subdirectory, use the rmdir command. The rmdir command automatically deletes the files in the recycle bin in the current directory.

  • Page 88: Setting The File System Operation Mode

    To execute a batch file: Step Command Enter system view. system-view Execute a batch file. execute filename Setting the file system operation mode The file systems support the following operation modes: • alert—The system warns you about operations that might cause problems such as file corruption and data loss.
  • Page 89 # Display the current working directory. <Sysname> pwd flash:...

  • Page 90: Managing Configuration Files

    Managing configuration files You can manage configuration files at the CLI or by using the Boot menu of the device. This chapter describes the CLI approach. Overview A configuration file saves configurations as a set of text commands. You can save the running configuration to a configuration file so the configuration takes effect after you reboot the device.

  • Page 91: Next-Startup Configuration File Redundancy

    IMPORTANT: To run on the device, a configuration file must meet the content and format requirements of the device. To avoid any configuration loading problem at startup, use a configuration file created on the device. If you edit the configuration file, make sure all edits are compliant with the requirements of the device.

  • Page 92: Saving Configuration In Different Approaches

    Task Remarks Saving configuration in different approaches Required. Saving configuration in different approaches When saving the running configuration to a configuration file, you can specify the file as the next-startup configuration file or not. If you are specifying the file as the next-startup configuration file, use one of the following methods to save the configuration: •...

  • Page 93: Configuring Configuration Rollback

    To verify the compatibility of the next-startup configuration file with the software version and enable automatic configuration backup, use the save [ safely ] [ backup | main ] [ force ] command the first time you save configuration to the file after a software upgrade. This command enables the system to verify the compatibility of the next-startup configuration file with the software version.

  • Page 94: Configuring Configuration Archive Parameters

    Configuring configuration archive parameters Before archiving the running configuration, either manually or automatically, you must configure a file directory and file name prefix for configuration archives. Configuration archives are saved with the file name format prefix_serial number.cfg, for example, 20080620archive_1.cfg and 20080620archive_2.cfg. The serial number is automatically assigned from 1 to 1000, increasing by 1.

  • Page 95: Manually Archiving Running Configuration

    Make sure you have set an archive path and file name prefix before performing this task. To enable automatic configuration archiving: Step Command Remarks system-view Enter system view. By default, this function is disabled. Enable automatic configuration archiving To view configuration archive archive configuration interval minutes and set the archiving names and their archiving time,...

  • Page 96: Specifying A Configuration File For The Next Startup

    • A command (for example, a hardware-dependent command) cannot be deleted, overwritten, or undone due to system restrictions. • The commands in different views are dependent on each other. • Commands or command settings that the device does not support cannot be added to the running configuration.

  • Page 97: Restoring The Next-Startup Configuration File From A Tftp Server

    You may need to delete the next-startup configuration file for one of the following reasons: • After you upgrade system software, the file does not match the new system software. • The file has been corrupted or is not fully compatible with the device. After the file is deleted, the device uses factory defaults at the next startup.
  • Page 98 Task Command Remarks display default-configuration [ | { begin | exclude | include } Display the factory defaults. Available in any view. regular-expression ] display saved-configuration Display the running configuration [ by-linenum ] [ | { begin | exclude | file saved on the storage media of Available in any view.

  • Page 99: Upgrading Software

    Upgrading software Upgrading software includes upgrading the Boot ROM and system software. Each time the switch is powered on, it runs the Boot ROM image to initialize hardware and display hardware information, and then runs the system software image (called the "boot file" in software code) so you can access the software features, as shown in Figure Figure 31 Relationship between the Boot ROM image and the system software image...

  • Page 100: Upgrading Boot Rom

    Upgrading Boot ROM Step Command Remarks Use FTP or TFTP to transfer the Boot ROM image to the See "Configuring FTP" or root directory of the switch's "Configuring TFTP." storage media. Enter system view. system-view Optional. By default, the validity check function is enabled.

  • Page 101: Basic Concepts

    Basic concepts Patch, patch file, and patch package file A patch fixes certain software defects. A patch file contains one or more patches. After being loaded from the storage media to the patch memory area, each patch is assigned a unique number, which starts from 1. For example, if a patch file has three patches, they are numbered 1, 2, and 3.
  • Page 102 Figure 32 Impact of patch manipulation commands on patch state   IDLE state Patches that have not been loaded are in IDLE state. You cannot install or run these patches. In the example in Figure 33, the patch memory area can load up to eight patches. The patch memory area supports up to 200 patches.
  • Page 103 Figure 34 Patch states in the patch memory area after a patch file is loaded ACTIVE state Patches in ACTIVE state run temporarily in the system and become DEACTIVE at a reboot. For the seven patches in Figure 34, if you activate the first five patches, their states change from DEACTIVE to ACTIVE.

  • Page 104: Hotfix Configuration Task List

    Figure 36 Patches in RUNNING state Hotfix configuration task list Task Remarks Installing patches: Use either approach. • Installing and running a patch in one step Step-by-step patch installation allows you to • control the patch status. Installing a patch step-by-step Uninstalling a patch step-by-step Optional.

  • Page 105: Installing A Patch Step-By-Step

    Step Command Remarks • patch-location: Specifies the directory where the patch file is located. Install and run patches in patch install { patch-location | file • one step. patch-package } file patch-package: Specifies a patch package file name. If you execute the patch install patch-location command, the directory specified for the patch-location argument replaces the directory specified with the patch location command after the upgrade is complete.

  • Page 106: Uninstalling A Patch Step-By-Step

    Loading a patch file Loading the correct patch files is the basis of other hotfix operations. If you install a patch from a patch file, the system by default loads the patch file from Flash memory. If you install a patch from a patch package, the system finds the correct patch file in the patch package file and loads the patch file.

  • Page 107: Displaying And Maintaining Software Upgrade

    Step Command Enter system view. system-view Stop running patches. patch deactive [ patch-number ] slot slot-number Removing patches from the patch memory area After being removed from the patch memory area, a patch is still retained in IDLE state in the storage media.
  • Page 108 Figure 37 Network diagram Configuration procedure Configure the FTP server (the configuration varies with server vendors): # Enable the FTP server function, configure a local user account with the username aaa and password hello, enable the FTP service type, and specify the working directory flash:/aaa. <FTP-server>...

  • Page 109: Hotfix Configuration Example

    # Specify soft-version2.bin as the main startup system software image. <Switch> boot-loader file soft-version2.bin slot 1 main # Reboot the switch to complete the upgrade. <Switch> reboot Use the display version command to verify that the upgrade has succeeded. (Details not shown.) Hotfix configuration example Network requirements...

  • Page 110: Managing The Device

    Managing the device Device management includes monitoring the operating status of devices and configuring their running parameters. The configuration tasks in this document are order independent. You can perform these tasks in any order. Configuring the device name A device name identifies a device in a network and works as the user view prompt at the CLI. For example, if the device name is Sysname, the user view prompt is <Sysname>.
  • Page 111 Effective system Configuration Command System time time example clock timezone zone-time add 1 03:00:00 zone-time Sat 2, 1 date-time 03/03/2007. clock datetime 3:00 2007/3/3 The original system time outside the daylight clock summer-time ss saving time range: one-off 1:00 01:00:00 UTC Sat The system time does 2006/1/1 1:00 01/01/2005.
  • Page 112 Effective system Configuration Command System time time example clock summer-time ss date-time – one-off 1:00 summer-offset in the 2007/1/1 1:00 03:00:00 ss Mon daylight saving time 2007/8/8 2 01/01/2007. range: clock datetime 3:00 date-time 2007/1/1 Original system clock ± clock timezone zone-offset outside the zone-time add 1 daylight saving time...

  • Page 113: Configuration Procedure

    Effective system Configuration Command System time time example clock timezone zone-time add 1 Both date-time and date-time – clock summer-time ss summer-offset in the one-off 1:00 03:00:00 ss Tue daylight saving time 2008/1/1 1:00 01/01/2008. range: 2008/8/8 2 clock datetime 3:00 date-time 2008/1/1 Configuration procedure...

  • Page 114: Configuring Banners

    Configuring banners Banners are messages that the system displays during user login. The system supports the following banners: • Legal banner—Appears after the copyright or license statement. To continue login, the user must enter Y or press Enter. To quit the process, the user must enter N. Y and N are case-insensitive.

  • Page 115: Configuration Procedure

    any character as the start and end delimiters but must make sure that it is not the same as the end character of the message text in the first line. For example, you can configure the banner “Have a nice day. Please input the password.” as follows: <System>...

  • Page 116: Rebooting Devices Immediately At The Cli

    You can reboot the device in one of the following ways to recover from an error condition: • Reboot the device immediately at the CLI. • At the CLI, schedule a reboot to occur at a specific time and date or after a delay. •...

  • Page 117: Scheduling Jobs

    Scheduling jobs You can schedule a job to automatically run a command or a set of commands without administrative interference. The commands in a job are polled every minute. When the scheduled time for a command is reached, the job automatically executes the command. If a confirmation is required while the command is running, the system automatically inputs Y or Yes.

  • Page 118: Scheduling A Job In The Non-Modular Approach

    Every job can have only one view and up to 10 commands. If you specify multiple views, the one specified the last takes effect. Input a view name in its complete form. Most commonly used view names include monitor for user view, system for system view, Ethernet x/x/x, for Ethernet interface view, and Vlan-interfacex for VLAN interface view.

  • Page 119: Disabling Boot Rom Access

    Disabling Boot ROM access By default, anyone can press Ctrl+B during startup to enter the Boot menu and configure the Boot ROM. To protect the system, you can disable Boot ROM access so the users can access only the CLI. You can also set a Boot ROM password the first time you access the Boot menu to protect the Boot ROM.

  • Page 120: Clearing Unused 16-Bit Interface Indexes

    Step Command Remarks For the default temperature thresholds, see Table temperature-limit slot The warning and alarming Configure temperature slot-number inflow thresholds must be higher than thresholds for a device. sensor-number lowerlimit the lower threshold. warninglimit [ alarmlimit ] The alarming threshold must be higher than the warning threshold.

  • Page 121: Verifying And Diagnosing Transceiver Modules

    Step Command Remarks Enter system view. system-view Disable password recovery undo password-recovery By default, password recovery capacity. enable capability is enabled. Verifying and diagnosing transceiver modules Support for the pluggable transceivers and the transceiver type depends on the device model. Verifying transceiver modules You can verify the genuineness of a transceiver module in the following ways: •...

  • Page 122: Displaying And Maintaining Device Management

    Displaying and maintaining device management For diagnosis or troubleshooting, you can use separate display commands to collect running status data module by module, or use the display diagnostic-information command to bulk collect running data for multiple modules. The display diagnostic-information command equals this set of commands: display clock, display version, display device, and display current-configuration.
  • Page 123 Task Command Remarks display reboot-type [ slot Display the mode of the last slot-number ] [ | { begin | exclude | Available in any view reboot. include } regular-expression ] Available in any view. display rps [ rps-id ] [ | { begin | exclude This command is supported Display RPS state information.

  • Page 124: Automatic Configuration

    Automatic configuration Automatic configuration enables a device without any configuration file to automatically obtain and execute a configuration file during startup. Automatic configuration simplifies network configuration, facilitates centralized management, and reduces maintenance workload. To implement automatic configuration, the network administrator saves configuration files on a server and a device automatically obtains and executes a specific configuration file.

  • Page 125: Automatic Configuration Work Flow

    DHCP client to request parameters from the DHCP server, such as an IP address and name of a TFTP server, IP address of a DNS server, and the configuration file name. After getting related parameters, the device sends a TFTP request to obtain the configuration file from the specified TFTP server and executes the configuration file.

  • Page 126: Obtaining The Configuration File From The Tftp Server

    • Option 67 or the file field—Obtains the configuration file name. The device resolves Option 67 first. If Option 67 contains the configuration file name, the device does not resolve the file field. If not, the device resolves the file field. •...
  • Page 127 IMPORTANT: • There must be a space before the keyword ip host. • The host name of a device saved in the host name file must be the same as the configuration file name of the device, and can be identical with or different from that saved in the DNS server. •...

  • Page 128: Executing The Configuration File

    • If all the above operations fail, the device requests the default configuration file from the TFTP server. TFTP request sending mode The device chooses whether to unicast or broadcast a TFTP request as follows: • If a legitimate TFTP server IP address is contained in the DHCP response, the device unicasts a TFTP request to the TFTP server.

  • Page 129: Document Conventions And Icons

    Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown.

  • Page 130: Network Topology Icons

    Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 131: Support And Other Resources

    Hewlett Packard Enterprise Support Center More Information on Access to Support Materials page: www.hpe.com/support/AccessToSupportMaterials IMPORTANT: Access to some updates might require product entitlement when accessed through the Hewlett Packard Enterprise Support Center. You must have an HP Passport set up with relevant entitlements.

  • Page 132: Websites

    Websites Website Link Networking websites Hewlett Packard Enterprise Information Library for www.hpe.com/networking/resourcefinder Networking Hewlett Packard Enterprise Networking website www.hpe.com/info/networking Hewlett Packard Enterprise My Networking website www.hpe.com/networking/support Hewlett Packard Enterprise My Networking Portal www.hpe.com/networking/mynetworking Hewlett Packard Enterprise Networking Warranty www.hpe.com/networking/warranty General websites Hewlett Packard Enterprise Information Library www.hpe.com/info/enterprise/docs Hewlett Packard Enterprise Support Center...
  • Page 133 part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.

  • Page 134: Index

    Index A B C D E F H L M N O P R S T U V Enabling displaying the copyright statement,107 Entering a command,5 Accessing Hewlett Packard Enterprise Support,125 Accessing the CLI online help,4 Accessing updates,125 File name formats,78 File system management examples,82...
  • Page 135 Understanding command-line error messages,8 Upgrading Boot ROM,94 Saving the running configuration,85 Upgrading software by installing hotfixes,94 Saving the running configuration,19 Upgrading the entire system software,94 Scheduling jobs,111 User interfaces,21 Setting the file system operation mode,82 Using the command history function,8 Software upgrade examples,101 Using the device as a TFTP...

Table of Contents