Download  Print this page

HP 10500 Series Configuration Manual

Hide thumbs

Advertisement

HP 10500 Switch Series
Fundamentals

Configuration Guide

Part number: 5998-7111b
Software version: 10500-CMW710-R7169P01
Document version: 6W102-20160218

Advertisement

Table of Contents
loading

  Related Manuals for HP 10500 Series

  Summary of Contents for HP 10500 Series

  • Page 1: Configuration Guide

    HP 10500 Switch Series Fundamentals Configuration Guide Part number: 5998-7111b Software version: 10500-CMW710-R7169P01 Document version: 6W102-20160218...
  • Page 2 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
  • Page 3: Table Of Contents

    Contents Using the CLI ································································································································································ 1 CLI views ············································································································································································ 1 Entering system view from user view ······················································································································ 2 Returning to the upper-level view from any view ·································································································· 2 Returning to user view ·············································································································································· 2 Accessing the CLI online help ·········································································································································· 2 Using the undo form of a command ·······························································································································...
  • Page 4 Displaying and maintaining RBAC settings ················································································································· 28 RBAC configuration examples ······································································································································ 28 RBAC configuration example for local AAA authentication users ··································································· 28 RBAC configuration example for RADIUS authentication users ······································································· 30 RBAC temporary user role authorization configuration example (HWTACACS authentication) ················· 33 RBAC temporary user role authorization configuration example (RADIUS authentication) ··························...
  • Page 5 FTP server configuration example in standalone mode ····················································································· 77 FTP server configuration example in IRF mode ·································································································· 79 Using the device as an FTP client ································································································································· 80 Establishing an FTP connection ···························································································································· 80 Managing directories on the FTP server ············································································································· 81 Working with files on the FTP server ···················································································································...
  • Page 6 Saving the running configuration ······························································································································· 103 Configuring configuration rollback ···························································································································· 104 Configuration task list ········································································································································· 104 Configuring configuration archive parameters ································································································ 105 Enabling automatic configuration archiving ····································································································· 106 Manually archiving the running configuration ································································································· 106 Rolling back configuration·································································································································· 106 Specifying a next-startup configuration file ··············································································································· 107 Backing up the main next-startup configuration file to a TFTP server ·····································································...
  • Page 7 Identifying the ISSU method ······························································································································· 135 Verifying feature status ······································································································································· 135 Determining the upgrade procedure ················································································································· 136 Understanding ISSU guidelines ························································································································· 136 Logging in to the device through the console port ··························································································· 136 Saving the running configuration ······················································································································ 137 Performing an ISSU by using issu commands ··········································································································· 138 Performing a compatible upgrade·····················································································································...
  • Page 8 Preparing the interfaces used for automatic configuration ······················································································ 205 Starting and completing automatic configuration ···································································································· 205 Automatic configuration examples ····························································································································· 206 Automatic configuration using TFTP server ······································································································· 206 Automatic configuration using HTTP server and Tcl script ·············································································· 210 Automatic configuration using HTTP server and Python script ······································································· 211 Automatic IRF setup ·············································································································································...
  • Page 9 Managing the system with BootWare ··················································································································· 243 Overview ······································································································································································· 243 Restrictions and guidelines ·········································································································································· 244 Using the BASIC-BOOTWARE menu (for LSU1SUPB0(JG496A) MPUs) ································································ 244 Modifying serial port parameters ······················································································································ 245 Updating the extended BootWare segment ····································································································· 245 Updating the entire BootWare ··························································································································· 246 Running the primary extended BootWare segment ·························································································...
  • Page 10 API get_standby_slot ··········································································································································· 296 API get_slot_range··············································································································································· 297 API get_slot_info ·················································································································································· 298 Support and other resources ·································································································································· 299 Contacting HP ······························································································································································ 299 Subscription service ············································································································································ 299 Related information ······················································································································································ 299 Documents ···························································································································································· 299 Websites ······························································································································································· 299 Conventions ·································································································································································· 300 Index ········································································································································································ 302...
  • Page 11: Using The Cli

    Using the CLI At the command-line interface (CLI), you can enter text commands to configure, manage, and monitor the device. Figure 1 CLI example You can use different methods to log in to the CLI, including through the console port, Telnet, and SSH. For more information about login methods, see "Login overview."...
  • Page 12: Entering System View From User View

    Perform basic operations including display, debug, file management, FTP, Telnet, clock setting, and • reboot. Enter system view. The system view prompt is [Device-name]. • In system view, you can perform the following tasks: Configure global settings (such as the daylight saving time, banners, and hotkeys) and some •...
  • Page 13: Using The Undo Form Of A Command

    Enter a question mark at a view prompt to display the first keyword of every command available in • the view. For example: <Sysname> ? User view commands: archive Archive configuration backup Backup the startup configuration file to a TFTP server bash blade Enter a space and a question mark after a command keyword to display all available, subsequent...
  • Page 14: Entering A Command

    For example, the info-center enable command enables the information center. The undo info-center enable command disables the information center. Entering a command When you enter a command, you can perform the following tasks: Use keys or hotkeys to edit the command line. •...
  • Page 15: Abbreviating Commands

    Space. • A specific argument might have more requirements. For more information, see the relevant command reference. To enter a printable character, you can enter the character or its ASCII code (in the range of 32 to 126). Abbreviating commands You can enter a command line quickly by entering incomplete keywords that uniquely identify the complete command.
  • Page 16: Configuring And Using Command Hotkeys

    Configuring and using command hotkeys The system defines the hotkeys shown in Table 2 and provides five configurable command hotkeys. Pressing a command hotkey is the same as entering a command. If a hotkey is also defined by the terminal software you are using to interact with the device, the terminal software definition takes effect.
  • Page 17: Enabling Redisplaying Entered-But-Not-Submitted Commands

    Hotkey Function Ctrl+] Terminates the current connection. Esc+B Moves the cursor back one word. Esc+D Deletes all characters from the cursor to the end of the word. Esc+F Moves the cursor forward one word. Enabling redisplaying entered-but-not-submitted commands Your input might be interrupted by system information output. If redisplaying entered-but-not-submitted commands is enabled, the system redisplays your input after finishing the output.
  • Page 18: Using The Command History Feature

    Using the command history feature The system automatically saves commands successfully executed by a login user to the following two command history buffers: • Command history buffer for the user line. Command history buffer for all user lines. • Table 4 Comparison between the two types of command history buffers Command history buffer for all Item Command history buffer for a user line...
  • Page 19: Pausing Between Screens Of Output

    Pausing between screens of output The system automatically pauses after displaying a screen if the output is too long to fit on one screen. You can use the keys described in "Output controlling keys" to display more information or stop the display.
  • Page 20: Filtering The Output From A Display Command

    VLAN ID: 999 VLAN type: Static Route interface: Configured IP address: 192.168.2.1 Subnet mask: 255.255.255.0 Description: For LAN Access Name: VLAN 0999 Tagged ports: None Untagged ports: GigabitEthernet1/0/1 Filtering the output from a display command You can use the | { begin | exclude | include } regular-expression option to filter the display command output.
  • Page 21 Characters Meaning Examples "[16A]" matches a string containing 1, 6, or A; "[1-36A]" matches a string containing 1, 2, 3, 6, or A (- is a hyphen). Matches a single character in the brackets. To match the character "]", put it immediately after "[", for example, []abc].
  • Page 22: Saving The Output From A Display Command To A File

    # Use | begin line for the display current-configuration command to match the first line of output that contains line to the last line of output. <Sysname> display current-configuration | begin line line aux 0 user-role network-operator line con 0 user-role network-admin line vty 0 63 authentication-mode scheme...
  • Page 23 Task Command Save the output from a display command to a separate file. display command > filename Append the output from a display command to the end of a file. display command >> filename For example: # Save the VLAN 1 settings to a separate file named vlan.txt. <Sysname>...
  • Page 24: Viewing And Managing The Output From A Display Command Effectively

    Viewing and managing the output from a display command effectively You can use the following methods in combination to filter and manage the output from a display command: • Numbering each output line from a display command Filtering the output from a display command •...
  • Page 25: Configuring Rbac

    Configuring RBAC Overview Role-based access control (RBAC) controls user access to items and system resources based on user roles. In this chapter, items include commands, XML elements, and MIB nodes, and system resources include interfaces, VLANs, and VPN instances. RBAC assigns access permissions to user roles that are created for different job functions. Users are given permission to access a set of items and resources based on the users' user roles.
  • Page 26 Write—Commands, XML elements, or MIB nodes that configure the features in the system. For • example, the info-center enable command and the debugging command. Execute—Commands, XML elements, or MIB nodes that execute specific functions. For example, the • ping command and the ftp command. A user role can access the set of permitted commands, XML elements, and MIB nodes specified in the user role rules.
  • Page 27 User role name Permissions • Accesses the display commands for features and resources in the system. To display all accessible commands of the user role, use the display role command. • Changes between MDC views. • Enables local authentication login users to change their own network-operator passwords.
  • Page 28: User Role Assignment

    User role name Permissions Security log manager. The user role has the following access rights to security log files: • Accesses the commands for displaying and maintaining security log files (for example, the dir, display security-logfile summary, and more commands). •...
  • Page 29: Configuration Task List

    Configuration task list Tasks at a glance (Required.) Creating user roles (Required.) Configuring user role rules (Optional.) Configuring feature groups (Optional.) Configuring resource access policies (Optional.) Assigning user roles (Optional.) Configuring temporary user role authorization Creating user roles In addition to the predefined user roles, you can create a maximum of 64 custom user roles for granular access control.
  • Page 30: Configuration Restrictions And Guidelines

    Configuration restrictions and guidelines When you configure RBAC user role rules, follow these restrictions and guidelines: • For MDC configuration, only the rules configured by the following user roles take effect: network-admin, network-operator, mdc-admin, mdc-operator, and level- 1 5. You can configure a maximum of 256 user-defined rules for a user role. The total number of •...
  • Page 31: Configuring Feature Groups

    Step Command Remarks • Configure a command rule: rule number { deny | permit } command command-string • Configure a feature rule: By default, a user-defined user role rule number { deny | permit } does not have any rules or access to { execute | read | write } * feature any commands, XML elements, or [ feature-name ]...
  • Page 32: Configuring Resource Access Policies

    Configuring resource access policies Every user role has one interface policy, VLAN policy, and VPN instance policy. By default, these policies permit user roles to access any interface, VLAN, and VPN instance. You can configure the policies of a user-defined user role or a predefined level-n user role to limit its access to interfaces, VLANs, and VPN instances.
  • Page 33: Configuring The Vpn Instance Policy Of A User Role

    Configuring the VPN instance policy of a user role Step Command Remarks Enter system view. system-view Enter user role view. role name role-name By default, the VPN instance policy of the user role permits access to all VPN instances. Enter user role VPN vpn-instance policy deny This command denies the access of the instance policy view.
  • Page 34: Assigning User Roles To Remote Aaa Authentication Users

    Assigning user roles to remote AAA authentication users For remote AAA authentication users, user roles are configured on the remote authentication server. For information about configuring user roles for RADIUS users, see the RADIUS server documentation. For HWTACACS users, the role configuration must use the roles="role- 1 role-2 … role-n" format, where user roles are space separated.
  • Page 35: Configuring Temporary User Role Authorization

    SSH clients that use publickey or password-publickey authentication. User roles assigned to these • SSH clients are specified in their respective device management user accounts. For more information about user lines, see "Login overview" and "Configuring CLI login." For more information about SSH, see Security Configuration Guide.
  • Page 36 To enable a user to obtain another user role without reconnecting to the device, you must configure • user role authentication. Table 7 describes the available authentication modes and configuration requirements. If HWTACACS authentication is used, the following rules apply: •...
  • Page 37: Configuring User Role Authentication

    Keywords Authentication mode Description The device sends the username and password to the HWTACACS or RADIUS server for remote authentication. To use this mode, you must perform the following configuration tasks: Remote AAA authentication • Configure the required HWTACACS or RADIUS scheme through HWTACACS or scheme, and configure the ISP domain to use the...
  • Page 38: Obtaining Temporary User Role Authorization

    Obtaining temporary user role authorization AUX or VTY users must pass authentication before they can use a user role that is not included in the user account they are logged in with. Perform the following task in user view: Task Command Remarks If you do not specify the rolename argument, you obtain...
  • Page 39 Figure 3 Network diagram Configuration procedure # Assign an IP address to VLAN-interface 2 (the interface connected to the Telnet user). <Switch> system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Enable Telnet server. [Switch] telnet server enable # Enable scheme authentication on the user lines for Telnet users.
  • Page 40: Rbac Configuration Example For Radius Authentication Users

    # Remove the default user role network-operator from the user. This operation ensures that the user has only the permissions of role1. [Switch-luser-manage-user1] undo authorization-attribute user-role network-operator [Switch-luser-manage-user1] quit Verifying the configuration # Telnet to the switch, and enter the username and password to access the switch. (Details not shown.) # Verify that you can create VLANs 10 to 20.
  • Page 41 Figure 4 Network diagram Configuration procedure Make sure the settings on the switch and the RADIUS server match. Configure the switch: # Assign VLAN-interface 2 an IP address from the same subnet as the Telnet user. <Switch> system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Assign VLAN-interface 3 an IP address from the same subnet as the RADIUS server.
  • Page 42 [Switch-isp-bbb] quit # Create feature group fgroup1. [Switch] role feature-group name fgroup1 # Add the arp and radius features to the feature group. [Switch-featuregrp-fgroup1] feature arp [Switch-featuregrp-fgroup1] feature radius [Switch-featuregrp-fgroup1] quit # Create the user role role2. [Switch] role name role2 # Configure rule 1 to permit the user role to use all commands available in ISP view.
  • Page 43: Rbac Temporary User Role Authorization Configuration Example (Hwtacacs Authentication)

    [Switch-isp-abc] authentication login radius-scheme abc [Switch-isp-abc] quit # Verify that you can use all read and write commands of the radius and arp features. Take radius as an example. [Switch] radius scheme rad [Switch-radius-rad] primary authentication 2.2.2.2 [Switch-radius-rad] display radius scheme rad …...
  • Page 44 Configuration procedure Configure the switch: # Assign an IP address to VLAN-interface 2 (the interface connected to the Telnet user). <Switch> system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Assign an IP address to VLAN-interface 3 (the interface connected to the HWTACACS server). [Switch] interface vlan-interface 3 [Switch-Vlan-interface3] ip address 10.1.1.2 255.255.255.0 [Switch-Vlan-interface3] quit...
  • Page 45 # Assign level-0 to the user. [Switch-luser-manage-test] authorization-attribute user-role level-0 # Remove the default user role network-operator. [Switch-luser-manage-test] undo authorization-attribute user-role network-operator [Switch-luser-manage-test] quit # Set the local authentication password to 654321 for the user role level-3. [Switch] super password role level-3 simple 654321 [Switch] quit # Set the local authentication password to 654321 for the user role network-admin.
  • Page 46 Figure 6 Configuring advanced TACACS+ settings Select Shell (exec) and Custom attributes, and enter allowed-roles="network-admin" in the Custom attributes field. Use a blank space to separate the allowed roles.
  • Page 47 Figure 7 Configuring custom attributes for the Telnet user Verifying the configuration Telnet to the switch, and enter the username test@bbb and password aabbcc to access the switch. Verify that you have access to diagnostic commands. <Switch> telnet 192.168.1.70 Trying 192.168.1.70 ... Press CTRL+K to abort Connected to 192.168.1.59 ...
  • Page 48: Rbac Temporary User Role Authorization Configuration Example (Radius Authentication)

    <Switch> Verify that you can obtain the level-3 user role: # Use the super password to obtain the level-3 user role. When the system prompts for a username and password, enter the username test@bbb and password enabpass. <Switch> super level-3 Username: test@bbb Password: The following output shows that you have obtained the level-3 user role.
  • Page 49 # Assign an IP address to VLAN-interface 2 (the interface connected to the Telnet user). <Switch> system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Assign an IP address to VLAN-interface 3 (the interface connected to the RADIUS server). [Switch] interface vlan-interface 3 [Switch-Vlan-interface3] ip address 10.1.1.2 255.255.255.0 [Switch-Vlan-interface3] quit...
  • Page 50 # Set the local authentication password to abcdef654321 for the user role network-admin. [Switch] super password role network-admin simple abcdef654321 [Switch] quit Configure the RADIUS server: This example uses ACSv4.2. Add a user account $enab0$ and set the password to 123456. (Details not shown.) Access the Cisco IOS/PIX 6.x RADIUS Attributes page.
  • Page 51: Troubleshooting Rbac

    To resolve the problem: Use the display local-user command to examine the local user accounts for undesirable user roles, and delete them. If the problem persists, contact HP Support. Login attempts by RADIUS users always fail Symptom Attempts by a RADIUS user to log in to the network access device always fail, even though the following conditions exist: The network access device and the RADIUS server can communicate with one another.
  • Page 52 Configure the role default-role enable command. A RADIUS user can log in with the default user role when no user role is assigned by the RADIUS server. Add the user role authorization attributes on the RADIUS server. If the problem persists, contact HP Support.
  • Page 53: Login Overview

    Login overview The first time you access the device, you can only log in to the CLI of the default MDC through the console port. After login, you can create non-default MDCs, change console login parameters, or configure other access methods, including Telnet, SSH, and SNMP. Non-default MDCs do not have any console ports.
  • Page 54 Login method Default settings and minimum configuration requirements Login configuration By default, SSH login is disabled. To enable SSH login, perform the following tasks: • Enable the SSH server feature and configure SSH attributes. • Assign an IP address to a Layer 3 interface. Make sure the Configuring SSH •...
  • Page 55: Using The Console Port For The First Device Access

    Flow control—None. Parity—None. Stop bits—1. Data bits—8. Power on the device and press Enter as prompted. The startup information and the default user view prompt <HP> appears as follows: Press Ctrl-B to enter Boot Menu Auto-booting Decompress Image Starting at 0x80100000 Cryptographic algorithms tests passed.
  • Page 56 Press ENTER to get started. <HP>%Sep 24 09:48:54:109 2014 HP SHELL/4/LOGIN: Console login from aux0 <HP> Y ou can enter commands to configure or manage the device. To get help, enter ?.
  • Page 57: Configuring Cli Login

    Configuring CLI login By default, you can log in to the CLI through the console port. After you log in, you can configure other login methods, including Telnet and SSH. To prevent illegal access to the CLI and control user behavior, perform the following tasks as required: Configure login authentication.
  • Page 58: Login Authentication Modes

    An absolute number uniquely identifies a user line among all user lines. The user lines are numbered starting from 0 and incrementing by 1 and in the sequence of AUX and VTY lines. You can use the display line command without any parameters to view supported user lines and their absolute numbers. A relative number uniquely identifies a user line among all user lines that are the same type.
  • Page 59: Fips Compliance

    FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. Telnet login is not supported in FIPS mode. Configuring console login You can connect a terminal to the console port of the device to log in and manage the device, as shown Figure 1...
  • Page 60: Configuring Password Authentication For Console Login

    Step Command Remarks A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. A non-default setting in either view takes precedence over a default •...
  • Page 61: Configuring Scheme Authentication For Console Login

    Step Command Remarks set authentication password { hash | Set a password. By default, no password is set. simple } password The default user role is network-admin for an AUX line user of the default MDC. Assign a user role. user-role role-name Non-default MDCs do not support console login.
  • Page 62 To configure common settings for an AUX line: Step Command Remarks Enter system view. system-view A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. A non-default setting in either view takes •...
  • Page 63: Configuring Telnet Login

    Remarks By default, the terminal display type is ANSI. The device supports two terminal display types: ANSI and VT100. HP recommends Specify the that you set the display type to VT100 on terminal display terminal type { ansi | vt100 } both the device and the configuration type.
  • Page 64: Configuring The Device As A Telnet Server

    Configuring the device as a Telnet server Tasks at a glance (Required.) Enabling Telnet server (Required.) Configuring login authentication: • Disabling authentication for Telnet login • Configuring password authentication for Telnet login • Configuring scheme authentication for Telnet login (Optional.) Setting the maximum number of online Telnet users (Optional.) Setting the DSCP value for outgoing Telnet packets...
  • Page 65: Configuring Password Authentication For Telnet Login

    Step Command Remarks By default, a VTY line user of the default MDC is assigned the user role (Optional.) Assign a user user-role role-name network-operator. A VTY line user of a role. non-default MDC is assigned the user role mdc-operator. The next time you Telnet to the device, you do not need to provide a username or password, as shown Figure Figure 12 Telnetting to the device without authentication...
  • Page 66 Step Command Remarks By default, password authentication is enabled for VTY lines. In VTY line view, this command is associated with the protocol inbound Enable password authentication-mode password command. If you specify a non-default authentication. value for only one of the two commands in VTY line view, the other command uses the default setting, regardless of the setting in VTY line class view.
  • Page 67 Step Command Remarks A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. A non-default setting in either view takes • Enter VTY line view: precedence over a default setting in the line vty first-number...
  • Page 68 Figure 14 Scheme authentication interface for Telnet login Setting the maximum number of online Telnet users If you Telnet to the device when the number of online Telnet users is equal to the maximum number, your login attempt fails and the message "All user lines are used, please try later!" appears. To set the maximum number of online Telnet users: Step Command...
  • Page 69 Configuring common VTY line settings For a VTY line, you can specify a command that is to be automatically executed when a user logs in. After executing the specified command and performing the incurred task, the system automatically disconnects the Telnet session. Typically, you configure the auto-execute command telnet X.X.X.X command on the device so the device redirects a Telnet user to the host at X.X.X.X.
  • Page 70: Using The Device To Log In To A Telnet Server

    Step Command Remarks By default, the CLI connection idle-timeout timer is 10 minutes. If no interaction occurs between the device and Set the CLI connection idle-timeout minutes the user within the idle-timeout interval, the idle-timeout timer. [ seconds ] system automatically terminates the user connection on the user line.
  • Page 71: Configuring Ssh Login

    Step Command Remarks • Log in to an IPv4 Telnet server: telnet remote-host [ service-port ] [ vpn-instance vpn-instance-name ] [ source { interface interface-type interface-number | ip ip-address } ] [ dscp dscp-value ] Use the device to log in to a Telnet server.
  • Page 72 Step Command Remarks • In non-FIPS mode: ssh user username service-type stelnet authentication-type { password | { any | password-publickey | publickey } assign (Optional.) Create an publickey keyname } SSH user and specify By default, no SSH user is configured on the the authentication device.
  • Page 73: Using The Device To Log In To An Ssh Server

    Step Command Remarks The default is 64. Changing this setting does not affect users who are currently online. If the current number of (Optional.) Set the aaa session-limit ssh online SSH users is equal to or greater than the maximum number of max-sessions new setting, no additional SSH users can log in concurrent SSH users.
  • Page 74 Task Command Remarks Display the source address or interface for outgoing Telnet packets display telnet client when the device acts as a Telnet client. Multiple users can log in to the device to simultaneously configure the device. When necessary, you can execute this Release a user line.
  • Page 75: Accessing The Device Through Snmp

    Accessing the device through SNMP You can run SNMP on an NMS to access the device MIB and perform Get and Set operations to manage and monitor the device. Figure 17 SNMP access diagram Get/Set requests Get/Set responses Agent and Traps The device supports SNMPv1, SNMPv2c, and SNMPv3, and can cooperate with various network management software products, including IMC.
  • Page 76: Controlling User Access To The Device

    Controlling user access to the device Use ACLs to prevent unauthorized access and configure command authorization and accounting to monitor and control user behavior. For more information about ACLs, see ACL and QoS Configuration Guide. FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode.
  • Page 77: Configuration Example

    Configuration example Network requirements As shown in Figure 18, the device is a Telnet server. Configure the device to permit only Telnet packets sourced from Host A and Host B. Figure 18 Network diagram Configuration procedure # Configure an ACL to permit packets sourced from Host A and Host B. <Sysname>...
  • Page 78: Configuration Example

    Step Command Remarks • (Method 1.) Create an SNMP community and specify ACLs for the community: In VACM mode: snmp-agent community { read | write } [ simple | cipher ] community-name [ mib-view view-name ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * For more In RBAC mode: information about...
  • Page 79: Configuring Command Authorization

    Figure 19 Network diagram Configuration procedure # Create an ACL to permit packets sourced from Host A and Host B. <Sysname> system-view [Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit # Associate the ACL with the SNMP community and the SNMP group.
  • Page 80: Configuration Example

    Step Command Remarks A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. • Enter user line view: A non-default setting in either view takes line { first-number1 precedence over a default setting in the [ last-number1 ] | { aux |...
  • Page 81 Figure 20 Network diagram Configuration procedure # Assign IP addresses to relevant interfaces. Make sure the device and the HWTACACS server can reach each other. Make sure the device and Host A can reach each other. (Details not shown.) # Enable the Telnet server. <Device>...
  • Page 82: Configuring Command Accounting

    [Device] local-user monitor [Device-luser-admin] password cipher 123 [Device-luser-admin] service-type telnet [Device-luser-admin] authorization-attribute user-role level-1 Configuring command accounting Command accounting allows the HWTACACS server to record all executed commands that are supported by the device, regardless of the command execution result. This feature helps control and monitor user behavior on the device.
  • Page 83: Configuration Example

    Step Command Remarks By default, command accounting is disabled. The accounting server does not record the commands executed by users. If the command accounting command is Enable command configured in user line class view, command accounting accounting. command accounting is enabled on all user lines in the class.
  • Page 84 # Enable command accounting for user lines VTY 0 through VTY 4. [Device] line vty 0 4 [Device-line-vty0-4] command accounting [Device-line-vty0-4] quit # Create HWTACACS scheme tac. [Device] hwtacacs scheme tac # Configure the scheme to use the HWTACACS server at 192.168.2.20:49 for accounting. [Device-hwtacacs-tac] primary accounting 192.168.2.20 49 # Set the shared key to expert.
  • Page 85: Configuring Ftp

    Configuring FTP File Transfer Protocol (FTP) is an application layer protocol for transferring files from one host to another over an IP network. It uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959. FTP is based on the client/server model.
  • Page 86: Configuring Basic Parameters

    Configuring basic parameters Step Command Remarks Enter system view. system-view Enable the FTP server. ftp server enable By default, the FTP server is disabled. (Optional.) Use an ACL to ftp server acl { acl-number | By default, no ACL is used for access control access to the FTP ipv6 acl-number6 } control.
  • Page 87: Manually Releasing Ftp Connections

    Local authorization—The device assigns authorized directories to FTP clients based on the locally • configured authorization attributes. Remote authorization—A remote authorization server assigns authorized directories on the device • to FTP clients. For information about configuring authentication and authorization, see Security Configuration Guide. Manually releasing FTP connections Task Command...
  • Page 88 <Sysname> system-view [Sysname] local-user abc class manage [Sysname-luser-abc] password simple 123456 # Assign the user role network-admin to the user. (The default working directory is the root directory of the flash memory on the active MPU. To change the working directory to the root directory of the flash memory on the standby MPU, specify the work-directory slotm#flash:/ option for the command.
  • Page 89: Ftp Server Configuration Example In Irf Mode

    200 TYPE is now 8-bit binary ftp> put temp.bin # Exit FTP. ftp> bye FTP server configuration example in IRF mode Network requirements Configure the IRF fabric as an FTP server. • Create a local user account with the username abc and password 123456 on the FTP server. •...
  • Page 90: Using The Device As An Ftp Client

    [Sysname] ftp server enable [Sysname] quit Perform FTP operations from the FTP client: # Log in to the FTP server at 1.1.1.1 using the username abc and password 123456. c:\> ftp 1.1.1.1 Connected to 1.1.1.1. 220 FTP service ready. User(1.1.1.1:(none)):abc 331 Password required for abc.
  • Page 91: Managing Directories On The Ftp Server

    Step Command Remarks • (Method 1.) Log in to the FTP server from user view: ftp ftp-server [ service-port ] [ vpn-instance vpn-instance-name ] [ dscp dscp-value | source { interface The source IP address { interface-name | interface-type specified in the ftp command interface-number } | ip Log in to the FTP server.
  • Page 92: Working With Files On The Ftp Server

    Task Command • Display the detailed information of a directory or file on the FTP server: dir [ remotefile [ localfile ] ] Display directory and file information on the FTP server. • Display the name of a directory or file on the FTP server: ls [ remotefile [ localfile ] ] Change the working directory on the FTP server.
  • Page 93: Changing To Another User Account

    Task Command Remarks Upload a file to the FTP server. put localfile [ remotefile ] Download a file from the FTP get remotefile [ localfile ] server. Add the content of a file on the FTP client to a file on the FTP append localfile [ remotefile ] server.
  • Page 94: Terminating The Ftp Connection

    Task Command Remarks By default, FTP client debugging is Enable or disable FTP client debugging. debug disabled. Clear the reply information in the buffer. reset Terminating the FTP connection Execute one of the following commands in FTP client view: Task Command •...
  • Page 95 Figure 25 Network diagram Configuration procedure # Configure IP addresses as shown in Figure 25. Make sure the device and PC can reach each other. (Details not shown.) # Examine the storage space of the device. If the free space is insufficient, use the delete/unreserved file-url command to delete unused files.
  • Page 96: Ftp Client Configuration Example In Irf Mode

    221 Logout. <Sysname> FTP client configuration example in IRF mode Network requirements As shown in Figure 26, the PC is acting as an FTP server. A user account with the username abc and password 123456 has been created on the PC. •...
  • Page 97 local: temp.bin remote: temp.bin 150 Connecting to port 47457 226 File successfully transferred 23951480 bytes received in 95.399 seconds (251.0 kbyte/s) # Download the file temp.bin from the PC to the root directory of the flash memory on each global standby MPU.
  • Page 98: Configuring Tftp

    Configuring TFTP Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for data transmission. In contrast to TCP-based FTP, TFTP does not require authentication or complex message exchanges, and is easier to deploy. TFTP is suited for reliable network environments.
  • Page 99: Configuring The Device As An Ipv6 Tftp Client

    Step Command Remarks tftp tftp-server { get | put | sget } The source IP address specified in source-filename [ destination-filename ] this command takes precedence Download or upload a file [ vpn-instance vpn-instance-name ] over the one set by the tftp client in an IPv4 network.
  • Page 100: Managing The File System

    Managing the file system This chapter describes how to manage the device's file system, including the storage media, directories, and files. IMPORTANT: Before managing storage media, files, and directories, make sure you know the possible impacts. • A file or directory whose name starts with a period (.) is considered a hidden file or directory. Do not •...
  • Page 101 Table 11 File name formats in standalone mode Format Description Example a.cfg indicates a file named a.cfg in the current working directory. Specifies a file in the current working file-name directory. This working directory might be on the active MPU or standby MPU. Specifies a file in a folder in the •...
  • Page 102: Managing Files

    Format Description Example Specifies a file on a storage medium on the device. • Both flash:/test/a.cfg and The drive argument represents the chassis1#slot0#flash:/test/a.cfg storage medium name. It is in the indicate a file named a.cfg in the format chassism#slotn#flash or test folder of the root directory on the chassism#slotn#usba0.
  • Page 103: Displaying The Contents Of A Text File

    Displaying the contents of a text file Perform this task in user view. Task Command Display the contents of a text file. more file-url Renaming a file Perform this task in user view. Task Command Rename a file. rename fileurl-source fileurl-dest Copying a file Perform this task in user view.
  • Page 104: Deleting/Restoring A File

    Task Command tar create [ gz ] archive-file file-dest [ verbose ] source Archive files and folders. file-source&<1-5> tar extract archive-file file-dest [ verbose ] [ screen | to Extract files and folders. directory-name ] Display the names of archived files and folders. tar list archive-file file-dest Deleting/restoring a file You can delete a file permanently or move it to the recycle bin.
  • Page 105: Managing Directories

    Use the following commands in user view: Task Command Calculate the digest of a file by using the SHA-256 algorithm. sha256sum file-url Calculate the digest of a file by using the MD5 algorithm. md5sum file-url Managing directories CAUTION: To avoid file system corruption, do not perform the following tasks during file operations: Installing or removing storage media.
  • Page 106: Deleting A Directory

    Task Command Create a directory. mkdir directory Deleting a directory To delete a directory, you must delete all files and subdirectories in this directory. To delete a file, use the delete command. To delete a subdirectory, use the rmdir command. Deleting a directory permanently deletes all its files in the recycle bin, if any.
  • Page 107: Repairing A Storage Medium

    Use the cd command to change the current working directory to the root directory of the storage • medium before accessing a file or folder on the medium. For example, to display the contents of the a.cfg file in the root directory of the flash memory, perform the following tasks: Use the cd flash:/ command to change the current working directory to the root directory of the flash memory.
  • Page 108: Partitioning A Cf Card Or Usb Disk

    To prevent a USB disk and the USB interface from being damaged, make sure the following requirements are met before unmounting the USB disk: The system has recognized the USB disk. • The USB disk LED is not flashing. • Configuration procedure Perform one of the following tasks in user view as appropriate: Task...
  • Page 109: Setting The Operation Mode For Files And Folders

    Task Command Remarks By default, a CF card or USB disk has only one partition, cfa0: or usba0:. fdisk medium-name To partition a storage medium evenly, Partition a storage medium. [ partition-number ] specify the partition-number argument. To customize the sizes of partitions, do not specify the partition-number argument.
  • Page 110: Managing Configuration Files

    Managing configuration files Overview You can use the CLI or the BootWare menus to manage configuration files. This chapter explains how to manage configuration files from the CLI. A configuration file saves a set of commands for configuring software features on the device. You can save any configuration to a configuration file so the configuration can survive a reboot.
  • Page 111: Next-Startup Configuration File Redundancy

    Next-startup configuration file redundancy You can specify one main next-startup configuration file and one backup next-startup configuration file for redundancy. At startup, the device tries to start up with the main configuration file. If the main configuration file is corrupt or unavailable, the device tries the backup configuration file. If the backup configuration file is corrupt or unavailable, the device starts up with the factory defaults.
  • Page 112: Fips Compliance

    Enabling configuration encryption Configuration encryption enables the device to encrypt a startup configuration file automatically when it saves the running configuration. All HP devices running Comware V7 software use the same private key or public key to encrypt configuration files.
  • Page 113: Saving The Running Configuration

    Step Command Remarks Enter system view. system-view By default, configuration Enable configuration configuration encrypt { private-key | encryption is disabled. encryption. public-key } Configuration is saved unencrypted. Saving the running configuration When saving the running configuration to a configuration file, you can specify the file as the next-startup configuration file.
  • Page 114: Configuring Configuration Rollback

    Command Remarks This command saves the configuration to a file on the default storage medium. For reliable configuration saving, HP recommends that you specify the safely keyword. If you specify only the safely keyword, the command saves the configuration to...
  • Page 115: Configuring Configuration Archive Parameters

    Configuring configuration archive parameters Before archiving the running configuration, either manually or automatically, you must configure a file directory and file name prefix for configuration archives. Configuration archives are saved with the file name format prefix_serial number.cfg, for example, 20080620archive_1.cfg and 20080620archive_2.cfg. The serial number is automatically assigned from 1 to 1000, increasing by 1.
  • Page 116: Enabling Automatic Configuration Archiving

    Enabling automatic configuration archiving Make sure you have set an archive path and file name prefix before performing this task. To enable automatic configuration archiving: Step Command Remarks Enter system view. system-view By default, this function is disabled. Enable automatic To display configuration archive configuration archiving and archive configuration interval minutes...
  • Page 117: Specifying A Next-Startup Configuration File

    Step Command Remarks Roll the running configuration back to the configuration The specified configuration file configuration replace file filename defined by a configuration must not be encrypted. file. The configuration rollback function might fail to reconfigure some commands in the running configuration for one of the following reasons: A command cannot be undone because prefixing the undo keyword to the command does not •...
  • Page 118: Backing Up The Main Next-Startup Configuration File To A Tftp Server

    Task Command Remarks By default, no next-startup configuration file is specified. Use the display startup command and the display saved-configuration command in any view to verify the configuration. If you specify neither the backup keyword nor the main keyword, this command sets the Specify the next-startup startup saved-configuration cfgfile configuration file as the main...
  • Page 119: Restoring The Main Next-Startup Configuration File From A Tftp Server

    Restoring the main next-startup configuration file from a TFTP server To restore the main next-startup configuration file from a TFTP server, the device performs the following operations: • Downloads a configuration file from a TFTP server to the root directory of the default storage medium on each MPU.
  • Page 120: Displaying And Maintaining Configuration Files

    Task Command Remarks If you do not specify either backup Delete next-startup configuration reset saved-configuration [ backup | or main, this command deletes the files. main ] main next-startup configuration file. Displaying and maintaining configuration files Execute display commands in any view. Task Command Display information about configuration...
  • Page 122: Upgrading Software

    Upgrading software Overview Software upgrade enables you to add new features and fix bugs. This chapter describes types of software and procedures to upgrade software from the CLI without using ISSU. For a comparison of all software upgrade methods, see "Upgrade methods."...
  • Page 123: Software File Naming Conventions

    BootWare image, boot image, and system image are required for the system to operate. These images might be released separately or as a whole in one .ipe package file. If an .ipe file is used, the system decompresses the file automatically, loads the .bin images, and sets them as startup software images. NOTE: BootWare might be called Boot ROM on PEXs.
  • Page 124: System Startup Process

    Figure 28 Comware image loading procedure Start Startup fails. You Backup boot Backup boot must load Main boot image Main boot image image exists and image exists and images from the exists and valid? exists and valid? valid? valid? BootWare menu. Starts up with Starts up with Main system...
  • Page 125: Pex Startup Process

    If a PEX does not have a storage medium, it must start up from the storage medium on the master • device. HP 5700 switches can operate as PEXs for a 10500 eIRF system. NOTE: The PEX startup images on the PEX's local medium are called local startup images. The PEX startup images on the parent devices are called remote startup images.
  • Page 126 If any images do not exist or are invalid, the PEX goes to step 3. − The system verifies the compatibility of the PEX startup software images with the running software images of the global active MPU: If all the images are compatible, the PEX starts up with the images in the local medium. −...
  • Page 127 Figure 30 Generic startup process for 5700 PEXs...
  • Page 128 Figure 31 5700 PEX startup from the local medium...
  • Page 129: Upgrade Methods

    Figure 32 5700 PEX startup from the parent device's storage medium Start Specify new PEX startup images PEX boot image exists and or enter BootWare menus to upgrade the PEX device valid? PEX system image exists and valid? PEX feature packages exist and valid? 是...
  • Page 130: Upgrade Restrictions And Guidelines

    CF card, or a USB disk. To change the default storage medium setting, access the BootWare menu. For more information, see the release notes for the switch. HP recommends that you store the startup images in the flash memory and specify the flash memory as the default storage medium.
  • Page 131: Upgrade Task List

    By default, this feature is enabled. This feature examines the image for (Optional.) Enable BootWare bootrom-update security-check wrong file type, file corruption, and image validity check. enable hardware incompatibility. HP recommends enabling it to ensure a successful upgrade. Return to user view. quit...
  • Page 132: Specifying Startup Images And Completing The Upgrade

    Step Command Remarks • In standalone mode: bootrom update file file-url slot Specify the downloaded software slot-number-list [ subslot image file for the file-url argument. subslot-number-list ] Load the upgrade BootWare The new BootWare image takes image to the Normal area of •...
  • Page 133: Irf Mode

    Step Command Remarks • Use an .ipe file for upgrade: boot-loader file If an ISSU upgrade has been performed, use the ipe-filename { all | slot install commit command to update the main slot-number } { backup | startup images on the active MPU before you main } execute the boot-loader update command.
  • Page 134 Step Command Remarks • Use an .ipe file for upgrade: boot-loader file ipe-filename { all | chassis chassis-number slot slot-number } { backup | main } Specify main or backup startup • Use .bin files for upgrade: images for the boot-loader file boot global active MPU.
  • Page 135: Restoring Or Downgrading The Bootware Image Without Using Issu

    Restoring or downgrading the BootWare image without using ISSU This feature is available only for upgrading the parent device. To restore or upgrade the BootWare image of a PEX device, you must use its BootWare menus. To restore or downgrade the BootWare image for a card, make sure you have used the bootrom backup command to back up the image to the Backup area of BootWare.
  • Page 136: Enabling Software Synchronization From The Active Mpu To The Standby Mpu At Startup

    Enabling software synchronization from the active MPU to the standby MPU at startup This feature is available only when the device operates in standalone mode. To synchronize software from the global active MPU to other MPUs on an IRF fabric, use the irf auto-update enable command. For more information about software auto-update, see Virtual Technologies Configuration Guide.
  • Page 137: Upgrade Procedure

    PEX startup images automatically to all MPUs on the parent fabric. To prevent a PEX startup failure after an active/standby or master/subordinate switchover, HP • Use .bin files for upgrade: recommends that you execute this boot-loader pex pex-model...
  • Page 138: Displaying And Maintaining Software Image Settings

    Step Command Remarks This step ensures that any Save the running save configuration you have made can configuration. survive a reboot. Specify the PEX virtual chassis number for the chassis-number argument. Specify the PEX virtual slot number for reboot chassis chassis-number slot Reboot the PEX.
  • Page 139: Configuration Procedure

    Configuration procedure # Configure IP addresses and routes. Make sure the device and the TFTP server can reach each other. (Details not shown.) # Complete TFTP settings on both the device and the TFTP server. (Details not shown.) # Display information about the current software images. <Sysname>...
  • Page 140: Configuration Procedure

    Figure 34 Network diagram Master Subordinate (Member ID = 1) (Member ID = 2) IRF link Internet 1.1.1.1/24 2.2.2.2/24 TFTP server Configuration procedure # Configure IP addresses and routes. Make sure the device and the TFTP server can reach each other. (Details not shown.) # Complete TFTP settings on both the device and the TFTP server.
  • Page 141: Verifying The Configuration

    Verifying the configuration # Verify that the IRF fabric is running the correct software. <Sysname> display version Non-ISSU PEX upgrade example Network requirements As shown in Figure • Each IRF member device has two MPUs: one in slot 0 and one in slot 1. The global active MPU is in slot 0 on the master device.
  • Page 142: Verifying The Configuration

    # Specify startup images files for the PEX-5700 switch to load from its local medium. Specify startup-5700.ipe as the main startup image file and startup-5700-backup.ipe as the backup startup image file. <Sysname> boot-loader file flash:/startup-5700.ipe chassis 110 slot 0 main <Sysname>...
  • Page 143: Performing An Issu

    Performing an ISSU Unless otherwise stated, the term "upgrade" refers to both software upgrade and downgrade in ISSU. Overview The In-Service Software Upgrade (ISSU) feature upgrades software with a minimum amount of downtime. ISSU is implemented on the basis of the following design advantages: Separation of service features from basic functions—Device software is segmented into boot, •...
  • Page 144: Issu Commands

    Description CAUTION: The Reboot method disrupts service if hardware redundancy (MPU-, switching fabric-, or device-level) is not available. HP recommends that you schedule the downtime Reboot carefully to minimize the upgrade impact on the services. The Reboot method reboots MPUs to complete the software upgrade. While one MPU is rebooting, the other MPUs can provide services.
  • Page 145: Verifying The Device Operating Status

    Verifying the device operating status Verify the following items: • Use the display device command to verify that no cards are in Fault state. Use the display mdc command to verify that all MDCs are in active state. • Use the switchto mdc command to verify that no automatic configuration process is in progress. If •...
  • Page 146: Determining The Upgrade Procedure

    Feature Setting requirements GR/NSR Enable GR or NSR for protocols including LDP, RSVP, OSPF, ISIS, BGP, and FSPF. Disable BFD for protocols including LDP, RSVP, OSPF, ISIS, RIP, BGP, VRRP, and NQA. Use the long LACP timeout interval (the lacp period short command is not Ethernet link aggregation configured) on all member ports in dynamic aggregation groups.
  • Page 147: Saving The Running Configuration

    Saving the running configuration Use the save command to save the running configuration.
  • Page 148: Performing An Issu By Using Issu Commands

    Remarks Enter system view. system-view By default, the automatic rollback timer is set to 45 minutes. Disable automatic issu rollback-timer 0 HP recommends not using the automatic rollback. rollback feature. This feature is complicated. Return to user view. quit •...
  • Page 149: Performing An Incompatible Upgrade

    • Use .bin image files: In a ring-topology IRF fabric, HP issu load file { boot filename | Load the upgrade recommends that you specify half of system filename | feature...
  • Page 150: Performing An Issu By Using Install Commands

    Performing an ISSU by using install commands ISSU task list Tasks at a glance Remarks To use install commands for upgrade, you must use .bin image files. If the upgrade file is an .ipe file, perform (Optional.) Decompressing an .ipe file this task before you use install commands for upgrade.
  • Page 151 Image by image—Activate one image on all slots before activating another image. • In standalone mode: When you install an image, you must begin with the active MPU. • When you upgrade an image, you must begin with the standby MPU. •...
  • Page 152: Uninstalling Feature Or Patch Images

    Step Command Remarks • In standalone mode: install activate { boot filename | The device does not support the system filename | feature boot filename or system filename filename&<1-30> } * slot slot-number option. Activate images. • In IRF mode: To upgrade a PEX, specify its install activate { boot filename | virtual chassis number for the...
  • Page 153: Aborting A Software Activate/Deactivate Operation

    Uninstalling patch images Perform this task in user view. Task Command Remarks To deactivate patch images on a PEX, perform the following tasks: • In standalone mode: • Specify its virtual chassis install deactivate patch filename slot number for the slot-number Deactivate patch chassis-number argument.
  • Page 154: Deleting Inactive Software Images

    If an image is not integral, consistent, or committed, use the install activate, install deactivate, and install commit commands as appropriate to resolve the issue. Perform this task in user view. Task Command Remarks This command takes effect for both the parent devices Verify software images.
  • Page 155: Irf Mode

    Task Command Display all software image files that display install which { component name | file filename } [ slot include a specific component or file. slot-number ] Display version compatibility information display version comp-matrix and identify the upgrade method. Clear ISSU log entries.
  • Page 156: Troubleshooting Issu In Irf Mode

    Use the display device command to verify that all cards are not in Fault state. Use the display mdc command to verify that all MDCs are in active state. If the problem persists, contact HP Support. Examples of using issu commands for ISSU on a...
  • Page 157 Figure 36 Network diagram Master Subordinate (Member_ID=1) (Member_ID=2) 1.1.1.1/24 GE1/3/0/1 GE2/3/0/1 Internet 2.2.2.2/24 TFTP server Note: The orange line represents an IRF connection. Upgrade procedure # Download the feature1-r0202.bin image file from the TFTP server. <Sysname> tftp 2.2.2.2 get feature1-r0202.bin % Total % Received % Xferd Average Speed...
  • Page 158 V700R001B45D002 Version Compatibility List: V700R001B45D001 V700R001B45D002 Version Dependency System List: V700R001B45D001 V700R001B45D002 Chassis Slot Upgrade Way Service Upgrade Service Upgrade Service Upgrade Service Upgrade Influenced service according to following table on chassis 1 slot 0: flash:/feature1-r0202.bin feature1 Influenced service according to following table on chassis 1 slot 1: flash:/feature1-r0202.bin feature1 Influenced service according to following table on chassis 2 slot 0:...
  • Page 159 This operation will delete the rollback point information for the previous upgrade and maybe get unsaved configuration lost. Continue? [Y/N]:y Verifying the file flash:/feature1-r0202.bin on Chassis 1 slot 0...Done. Copying file flash:/feature1-r0202.bin to chassis2#slot0#flash:/feature1-r0202.bin..Done. Verifying the file flash:/feature1-r0202.bin on Chassis 2 slot 0...Done. Copying file flash:/feature1-r0202.bin to chassis2#slot1#flash:/feature1-r0202.bin..Done.
  • Page 160: Feature Upgrade To An Incompatible Version

    flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0202.bin Active packages on chassis 1 slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0202.bin Active packages on chassis 2 slot 0: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0202.bin Active packages on chassis 2 slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0202.bin Feature upgrade to an incompatible version Upgrade requirements As shown in Figure 37, the IRF fabric has two members.
  • Page 161 # Display active software images. <Sysname> display install active Active packages on chassis 1 slot 0: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0201.bin Active packages on chassis 1 slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0201.bin Active packages on chassis 2 slot 0: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0201.bin Active packages on chassis 2 slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0201.bin...
  • Page 162 This operation will delete the rollback point information for the previous upgrade and maybe get unsaved configuration lost. Continue? [Y/N]:y Verifying the file flash:/feature1-r0202.bin on Chassis 1 slot 0...Done. Copying file flash:/feature1-r0202.bin to chassis2#slot0#flash:/feature1-r0202.bin..Done. Verifying the file flash:/feature1-r0202.bin on Chassis 2 slot 0...Done. Copying file flash:/feature1-r0202.bin to chassis2#slot1#flash:/feature1-r0202.bin..Done.
  • Page 163 flash:/feature1-r0202.bin Active packages on chassis 2 slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0202.bin...
  • Page 164: Examples Of Using Issu Commands For Issu On A Four-Member Irf Fabric

    Examples of using issu commands for ISSU on a four-member IRF fabric Feature upgrade to a compatible version Upgrade requirements As shown in Figure 38, the IRF fabric has four members. Each member has one active MPU (slot 0), one standby MPU (slot 1), and one LPU (slot 3).
  • Page 165 Active packages on chassis 1 slot 1: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 1 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 2 slot 0: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 2 slot 1: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 2 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin...
  • Page 166 Version: 7.1.045-Release 7168 Version compatibility list: 7.1.045-Release 7168 Version dependency system list: 7.1.045-Release 7168 Chassis Slot Upgrade Way Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade The output shows that service upgrade is recommended.
  • Page 167 This operation will delete the rollback point information for the previous upgrade and maybe get unsaved configuration lost. Continue? [Y/N]:y Verifying the file flash:/soft-version2.bin on chassis 1 slot 0...Done. Copying file flash:/soft-version2.bin to chassis2#slot0#flash:/soft-version2.bin ...Done. Verifying the file flash:/soft-version2.bin on chassis 2 slot 0...Done Copying file flash:/soft-version2.bin to chassis2#slot1#flash:/soft-version2.bin ...Done.
  • Page 168 Upgrading software images to compatible versions. Continue? [Y/N]:y This operation maybe take several minutes, please wait..Done. <Sysname> issu commit chassis 3 Copying file flash:/soft-version2.bin to chassis3#slot0#flash:/soft-version2.bin ...Done. Verifying the file flash:/soft-version2.bin on chassis 3 slot 0...Done Copying file flash:/soft-version2.bin to chassis3#slot1#flash:/soft-version2.bin ...Done.
  • Page 169 flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 1 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 2 slot 0: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 2 slot 1: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 2 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin...
  • Page 170 flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Main startup software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Backup startup software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Software images on chassis 1 slot 1: Current software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Main startup software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Backup startup software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin...
  • Page 171 # Verify that the IRF fabric is running the new feature version. <Sysname> display version HP Comware Software, Version 7.1.045, Release 7169P01 Copyright (c) 2004-2015 Hewlett-Packard Development Company, L.P. HP uptime is 0 weeks, 0 days, 2 hours, 18 minutes Last reboot reason : Cold reboot...
  • Page 172: Feature Upgrade To An Incompatible Version (Upgrading One Subordinate Member First)

    Boot image: flash:/10500-CMW710-BOOT-R7169P01.bin Boot image version: 7.1.045, Release 7169P01 Compiled Aug 14 2015 11:56:35 System image: flash:/10500-CMW710-SYSTEM-R7169P01.bin System image version: 7.1.045, Release 7169P01 Compiled Aug 14 2015 11:56:35 Feature upgrade to an incompatible version (upgrading one subordinate member first) Upgrade requirements As shown in Figure 39, the IRF fabric has four members.
  • Page 173 <Sysname> display install active Active packages on chassis 1 slot 0: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 1 slot 1: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 1 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 2 slot 0: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin...
  • Page 174 flash:/soft-version1.bin # Identify the ISSU method and possible impact of the upgrade. <Sysname> display version comp-matrix file feature flash:/soft-version2.bin Verifying the file flash:/soft-version2.bin on chassis 1 slot 0...Don Feature image: flash:/soft-version2.bin Version: 7.1.045-Release 7168 Version compatibility list: 7.1.045-Release 7168 Version dependency system list: 7.1.045-Release 7168 Upgrade Way: Incompatible upgrade.
  • Page 175 ...Done. Verifying the file flash:/soft-version2.bin on chassis 2 slot 1...Done. flash:/soft-version2.bin Running Version New Version Release 7168 Release 7168 Chassis Slot Upgrade Way Reboot Reboot Reboot Upgrading software images to incompatible versions. Continue? [Y/N]:y # Perform a master/subordinate switchover to upgrade the original master and the other two subordinate members.
  • Page 176 <Sysname> display install active Active packages on chassis 1 slot 0: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 1 slot 1: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 1 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 2 slot 0: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin...
  • Page 177 flash:/soft-version2.bin # Verify that the new image is on the current software image lists and startup software image lists of all member devices. <Sysname> display boot-loader Software images on chassis 1 slot 0: Current software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Main startup software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin...
  • Page 178 flash:/cmw710-system-test.bin flash:/soft-version2.bin Backup startup software images: None Software images on chassis 3 slot 0: Current software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Main startup software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Backup startup software images: None Software images on chassis 3 slot 1: Current software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin...
  • Page 179: Feature Upgrade To An Incompatible Version (Upgrading Multiple Subordinate Members First)

    <Sysname> display version HP Comware Software, Version 7.1.045, Release 7169P01 Copyright (c) 2004-2015 Hewlett-Packard Development Company, L.P. HP uptime is 0 weeks, 0 days, 2 hours, 18 minutes Last reboot reason : Cold reboot Boot image: flash:/10500-CMW710-BOOT-R7169P01.bin Boot image version: 7.1.045, Release 7169P01 Compiled Aug 14 2015 11:56:35 System image: flash:/10500-CMW710-SYSTEM-R7169P01.bin...
  • Page 180 <Sysname> tftp 2.2.2.2 get soft-version2.bin Press CTRL+C to abort. % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 13312 0 13312 295k 0 --:--:-- --:--:-- --:--:-- 309k # Display active software images. <Sysname>...
  • Page 181 flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 4 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin # Identify the ISSU method and possible impact of the upgrade. <Sysname> display version comp-matrix file feature flash:/soft-version2.bin Verifying the file flash:/soft-version2.bin on chassis 2 slot 0...Done Feature image: flash:/soft-version2.bin Version: 7.1.045-Release 7168...
  • Page 182 This operation will delete the rollback point information for the previous upgrade and maybe get unsaved configuration lost. Continue? [Y/N]:y Verifying the file flash:/soft-version2.bin on chassis 1 slot 0...Done Copying file flash:/soft-version2.bin to chassis2#slot0#flash:/soft-version2.bin ...Done. Copying file flash:/soft-version2.bin to chassis2#slot1#flash:/soft-version2.bin ...Done.
  • Page 183 Chassis Slot Upgrade Way Reboot Reboot Reboot Upgrading software images to incompatible versions. Continue? [Y/N]:y # Verify that all members are running the new image. <Sysname> display install active Active packages on chassis 1 slot 0: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 1 slot 1: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin...
  • Page 184 Active packages on chassis 4 slot 1: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 4 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin # Verify that the new image is on the current software image lists and startup software image lists of all member devices.
  • Page 185 Software images on chassis 2 slot 1: Current software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Main startup software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Backup startup software images: None Software images on chassis 3 slot 0: Current software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Main startup software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin...
  • Page 186: Examples Of Using Issu Commands For Issu On An Eirf System

    <Sysname> display version HP Comware Software, Version 7.1.045, Release 7169P01 Copyright (c) 2004-2015 Hewlett-Packard Development Company, L.P. HP uptime is 0 weeks, 0 days, 2 hours, 18 minutes Last reboot reason : Cold reboot Boot image: flash:/10500-CMW710-BOOT-R7169P01.bin Boot image version: 7.1.045, Release 7169P01 Compiled Aug 14 2015 11:56:35 System image: flash:/10500-CMW710-SYSTEM-R7169P01.bin...
  • Page 187 Figure 41 Network diagram Upgrade procedure # Download the 5700-feature1-d2403.bin image file for PEX upgrade from the TFTP server. <Sysname> tftp 2.2.2.2 get 5700-feature1-d2403.bin % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 --:--:-- --:--:-- --:--:--...
  • Page 188 flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0041.bin Active packages on chassis 2 slot 0: flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0041.bin Active packages on chassis 2 slot 8: flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0041.bin Active packages on chassis 100 slot 0: flash:/5700-boot.bin flash:/5700-system.bin flash:/5700-feature1-d2402.bin Active packages on chassis 101 slot 0: flash:/5700-boot.bin flash:/5700-system.bin flash:/5700-feature1-d2402.bin...
  • Page 189 D2402 Chassis Slot Upgrade Way Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Influenced service according to following table on chassis 1 slot 0: flash:/feature1-a0042.bin feature1 Influenced service according to following table on chassis 1 slot 1: flash:/feature1-a0042.bin feature1 Influenced service according to following table on chassis 1 slot 8:...
  • Page 190 The feature module on the PEXs. • # Disable automatic rollback. <Sysname> system-view [Sysname] issu rollback-timer 0 # Enable link-aggregation traffic redirection. [Sysname] link-aggregation lacp traffic-redirect-notification enable # Enable the IRF bridge MAC address to be permanent. [Sysname] irf mac-address persistent always # Set the physical state change suppression interval to 0 on the interfaces.
  • Page 191 flash:/feature1-a0042.bin Running Version New Version Alpha 0041 Alpha 0042 Chassis Slot Switchover Way Active standby process switchover Chassis Slot Upgrade Way Service Upgrade Upgrading software images to compatible versions. Continue? [Y/N]:Y # Upgrade the feature on the master and PEX 1. <Sysname>...
  • Page 192: Feature Upgrade To An Incompatible Version

    flash:/feature1-a0042.bin Active packages on chassis 2 slot 8: flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0042.bin Active packages on chassis 2 slot 12: flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0042.bin Active packages on chassis 100 slot 0: flash:/5700-boot.bin flash:/5700-system.bin flash:/5700-feature1-d2403.bin Active packages on chassis 101 slot 0: flash:/5700-boot.bin flash:/5700-system.bin flash:/5700-feature1-d2403.bin Feature upgrade to an incompatible version Upgrade requirements...
  • Page 193 Upgrade procedure # Download the 5700-feature1-d2404.bin image file for PEX upgrade from the TFTP server. <Sysname> tftp 2.2.2.2 get 5700-feature1-d2404.bin % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 --:--:-- --:--:-- --:--:-- # Download the feature1-a0043.bin image file for parent IRF fabric upgrade from the TFTP server.
  • Page 194 <Sysname> issu pex PEX-5700 file feature flash:/5700-feature1-d2404.bin Verifying the file flash:/5700-feature1-d2404.bin on chassis 1 slot 0...Done. Copying file flash:/5700-feature1-d2404.bin to chassis1#slot1#flash:/5700-feature1-d2404.bin...Done. Copying file flash:/5700-feature1-d2404.bin to chassis2#slot0#flash:/5700-feature1-d2404.bin...Done. # Identify the recommended ISSU method for the upgrade and view the possible impact of the upgrade. <Sysname>...
  • Page 195 # Perform an ISSU switchover on the current IRF fabric and upgrade the PEXs. <Sysname> issu run switchover Copying file flash:/feature1-a0043.bin to chassis1#slot1#flash:/feature1-a0043.bin...Done. Verifying the file flash:/feature1-a0043.bin on chassis 1 slot 1...Done. Upgrade summary according to following table: flash:/feature1-a0043.bin Running Version New Version Alpha 0041 Alpha 0043...
  • Page 196: Examples Of Using Install Commands For Issu On A Standalone Device

    flash:/5700-boot.bin flash:/5700-system.bin flash:/5700-feature1-d2404.bin Active packages on chassis 101 slot 0: flash:/5700-boot.bin flash:/5700-system.bin flash:/5700-feature1-d2404.bin Examples of using install commands for ISSU on a standalone device Feature upgrade example Upgrade requirements As shown in Figure 43, the device has two MPUs. The active MPU is in slot 0. The standby MPU is in slot Upgrade the feature from R0201 to R0202.
  • Page 197 flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0201.bin # Identify the version compatibility, recommended ISSU methods, and possible impact of the upgrade. <Sysname> install activate feature flash:/feature1-r0202.bin slot 1 test Copying file flash:/feature1-r0202.bin to slot1#flash:/feature1-r0202.bin..Done. Verifying the file flash:/feature1-r0202.bin on slot 1...Done. Upgrade summary according to following table: flash:/feature1-r0202.bin Running Version New Version...
  • Page 198: Examples Of Using Install Commands For Issu On An Irf Fabric

    Slot Upgrade Way Service Upgrade Upgrading software images to compatible versions. Continue? [Y/N]: y This operation maybe take several minutes, please wait......Done. <Sysname> install activate feature flash:/feature1-r0202.bin slot 0 Verifying the file flash:/feature1-r0202.bin on slot 0...Done. Upgrade summary according to following table: flash:/feature1-r0202.bin Running Version New Version...
  • Page 199 Figure 44 Network diagram Master Subordinate (Member_ID=1) (Member_ID=2) 1.1.1.1/24 GE1/3/0/1 GE2/3/0/1 Internet 2.2.2.2/24 TFTP server Note: The orange line represents an IRF connection. Upgrade procedure # Download the feature1-r0202.ipe file from the TFTP server. <Sysname> tftp 2.2.2.2 get feature1-r0202.ipe % Total % Received % Xferd Average Speed Time...
  • Page 200 # Identify the recommended ISSU methods for the upgrade and view the possible impact of the upgrade. <Sysname> install activate feature flash:/feature1-r0202.bin chassis 2 slot 1 test Copying file flash:/feature1-r0202.bin to chassis2#slot1#flash:/feature1-r0202.bin..Done. Verifying the file flash:/feature1-r0202.bin on chassis 2 slot 1...Done. Upgrade summary according to following table: flash:/feature1-r0202.bin Running Version...
  • Page 201 Service Upgrade Influenced service according to following table on chassis 1 slot 0: flash:/feature1-r0202.bin feature1 Influenced service according to following table on chassis 1 slot 1: flash:/feature1-r0202.bin feature1 <Sysname> install activate feature flash:/feature1-r0202.bin chassis 1 slot 0 test Verifying the file flash:/feature1-r0202.bin on chassis 1 slot 0...Done. Upgrade summary according to following table: flash:/feature1-r0202.bin Running Version...
  • Page 202 Upgrade summary according to following table: flash:/feature1-r0202.bin Running Version New Version Alpha 0201 Alpha 0202 Chassis Slot Upgrade Way Service Upgrade Upgrading software images to compatible versions. Continue? [Y/N]: y This operation maybe take several minutes, please wait......Done. <Sysname> install activate feature flash:/feature1-r0202.bin chassis 1 slot 1 flash:/feature1-r0202.bin already exists on chassis 1 slot 1.
  • Page 203: Examples Of Using Install Commands For Issu On An Eirf System

    flash:/feature1-r0202.bin Active packages on chassis 2 slot 0: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0202.bin Active packages on chassis 2 slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0202.bin # Commit the software changes. <Sysname> install commit This operation will take several minutes, please wait......Done. Examples of using install commands for ISSU on an eIRF system Feature upgrade example Upgrade requirements...
  • Page 204 Figure 45 Network diagram Upgrade procedure # Download the 5700-feature1-d2403.bin image file for PEX upgrade from the TFTP server. <Sysname> tftp 2.2.2.2 get 5700-feature1-d2403.bin % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 --:--:-- --:--:-- --:--:--...
  • Page 205 flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0041.bin Active packages on chassis 2 slot 0: flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0041.bin Active packages on chassis 2 slot 8: flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0041.bin Active packages on chassis 100 slot 0: flash:/5700-boot.bin flash:/5700-system.bin flash:/5700-feature1-d2402.bin Active packages on chassis 101 slot 0: flash:/5700-boot.bin flash:/5700-system.bin flash:/5700-feature1-d2402.bin...
  • Page 206 flash:/feature1-a0042.bin Running Version New Version Alpha 0041 Alpha 0042 Chassis Slot Upgrade Way Service Upgrade Influenced service according to following table on chassis 1 slot 1: flash:/feature1-a0042.bin feature1 <Sysname> install activate feature flash:/feature1-a0042.bin chassis 2 slot 0 test Verifying the file flash:/feature1-a0042.bin on chassis 2 slot 0...Done. Upgrade summary according to following table: flash:/feature1-a0042.bin Running Version...
  • Page 207 flash:/5700-feature1-d2403.bin Running Version New Version Demo 2402 Demo 2403 Chassis Slot Upgrade Way Service Upgrade Influenced service according to following table on chassis 101 slot 0: flash:/5700-feature1-d2403.bin feature1 The output shows that an incremental upgrade is recommended and the following items will be rebooted during the upgrade: The feature module and related modules on the MPUs.
  • Page 208 Chassis Slot Upgrade Way Service Upgrade Service Upgrade Service Upgrade Upgrading software images to compatible versions. Continue? [Y/N]:Y This operation maybe take several minutes, please wait......Done. # Activate the new feature image to upgrade the feature on the cards in chassis 2. <Sysname>...
  • Page 209 flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0042.bin Active packages on chassis 100 slot 0: flash:/5700-boot.bin flash:/5700-system.bin flash:/5700-feature1-d2402.bin Active packages on chassis 101 slot 0: flash:/5700-boot.bin flash:/5700-system.bin flash:/5700-feature1-d2402.bin # Activate the new feature image to upgrade the feature on PEX 1. <Sysname> install activate feature flash:/5700-feature1-d2403.bin chassis 100 slot 0 flash:/5700-feature1-d2403.bin already exists on chassis 100 slot 0.
  • Page 210 flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0042.bin Active packages on chassis 1 slot 1: flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0042.bin Active packages on chassis 1 slot 8: flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0042.bin Active packages on chassis 1 slot 12: flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0042.bin Active packages on chassis 2 slot 0: flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0041.bin...
  • Page 211: Using Automatic Configuration

    Using automatic configuration Overview With the automatic configuration feature, the device can automatically obtain a set of configuration settings when it starts up without a configuration file. This feature simplifies network configuration and maintenance. As shown in Figure 46, automatic configuration requires the following servers: DHCP server.
  • Page 212: Configuring The File Server

    Configuring the file server For devices to obtain configuration information from a TFTP server, start TFTP service on the file server. For devices to obtain configuration information from an HTTP server, start HTTP service on the file server. Preparing the files for automatic configuration The device can use a script file or configuration file for automatic configuration.
  • Page 213: Script Files

    Script files Script files can be used for automatic software upgrade and automatic configuration. The device supports Python scripts (.py files) and Tcl scripts (.tcl files). For more information about Python and Tcl scripts, see "Using Python" and "Using Tcl." To prepare script files: For devices that share all or some configurations, create a script file that contains the common •...
  • Page 214: Configuring The Dhcp Server When A Tftp File Server Is Used

    Step Command Remarks Create a DHCP address By default, no DHCP address pool is dhcp server ip-pool pool-name pool and enter its view. created. • (Method 1.) Specify the primary subnet for the address pool: network network-address Use either or both methods. [ mask-length | mask mask ] By default, no primary subnet or static •...
  • Page 215: Configuring The Dns Server

    Configuring the DNS server A DNS server is required in the following situations: The TFTP server does not have a host name file. However, devices need to perform the following • operations: Use their IP addresses to obtain their host names. Obtain configuration files named in the host name.cfg format from the TFTP server.
  • Page 216: Automatic Configuration Examples

    If a device does not find a next-start configuration file locally, it starts the automatic configuration process to obtain a configuration file. If one attempt fails, the device waits 30 seconds and then automatically starts the process again. To stop the process, press Ctrl+C or Ctrl+D. After obtaining a configuration file, the device automatically executes the configuration file.
  • Page 217: Enable Dhcp

    <SwitchA> system-view [SwitchA] vlan 2 [SwitchA-vlan2] port gigabitethernet 1/0/1 [SwitchA-vlan2] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 192.168.1.42 24 [SwitchA-Vlan-interface2] quit # Enable DHCP. [SwitchA] dhcp enable # Enable the DHCP server on VLAN-interface 2. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] dhcp select server [SwitchA-Vlan-interface2] quit # Configure the address pool market to assign IP addresses on subnet 192.168.2.0/24 to clients...
  • Page 218 [SwitchB] interface vlan-interface 3 [SwitchB-Vlan-interface3] ip address 192.168.2.1 24 [SwitchB-Vlan-interface3] quit # Enable DHCP. [SwitchB] dhcp enable # Enable the DHCP relay agent on VLAN-interface 3. [SwitchB] interface vlan-interface 3 [SwitchB-Vlan-interface3] dhcp select relay # Specify the DHCP server address. [SwitchB-Vlan-interface3] dhcp relay server-address 192.168.1.42 Configure the gateway Switch C: # Create VLAN interfaces and assign IP addresses to the interfaces.
  • Page 219 interface Vlan-interface3 ip address dhcp-alloc quit interface gigabitethernet1/0/1 port access vlan 3 quit user-interface vty 0 4 authentication-mode scheme user-role network-admin return # On the TFTP server, create the configuration file rd.cfg. sysname RD telnet server enable vlan 3 local-user rd password simple rd service-type telnet quit...
  • Page 220: Automatic Configuration Using Http Server And Tcl Script

    IP address Client-identifier/ Lease expiration Type Hardware address 192.168.2.2 3030-3066-2e65-3233- May 6 05:21:25 2013 Auto(C) 642e-3561-6633-2d56- 6c61-6e2d-696e-7465- 7266-6163-6533 192.168.2.3 3030-3066-2e65-3230- May 6 05:22:50 2013 Auto(C) 302e-3232-3033-2d56- 6c61-6e2d-696e-7465- 7266-6163-6533 192.168.3.2 3030-6530-2e66-6330- May 6 05:23:15 2013 Auto(C) 302e-3335-3131-2d56- 6c61-6e2d-696e-7465- 7266-6163-6531 192.168.3.3 3030-6530-2e66-6330- May 6 05:24:10 2013 Auto(C) 302e-3335-3135-2d56-...
  • Page 221: Automatic Configuration Using Http Server And Python Script

    [DeviceB] dhcp enable # Configure the address pool 1 to assign IP addresses on subnet 192.168.1.0/24 to clients. [DeviceB] dhcp server ip-pool 1 [DeviceB-dhcp-pool-1] network 192.168.1.0 24 # Specify the URL of the script file for the clients. [DeviceB-dhcp-pool-1] bootfile-name http://192.168.1.40/device.tcl Configure the HTTP server: # Create the configuration file device.tcl on the HTTP server.
  • Page 222 Configure the servers so Device A can obtain a Python script to complete the following configuration tasks: Enable the administrator to Telnet to Device A to manage Device A. • Require the administrator to enter the correct username and password at login. •...
  • Page 223: Automatic Irf Setup

    <DeviceB> telnet 192.168.1.2 Enter the username user and password abcabc as prompted. (Details not shown.) You are logged in to Device A. Automatic IRF setup Network requirements As shown in Figure 50, Switch A and Switch B do not have a configuration file. Configure the servers so the switches can obtain a Python script to complete their respective configuration and form an IRF fabric.
  • Page 224 File Content Remarks Python commands and APIs that complete the following tasks: • (Optional.) Verifies that the flash memory has sufficient space for the files to be downloaded. • Downloads the configuration file and sn.txt. For more information about • .py Python script file (Optional.) Downloads the software Python script configuration, see...
  • Page 225 * indicates the device is the master. + indicates the device through which the user logs in. The Bridge MAC of the IRF is: 000c-1000-1111 Auto upgrade : yes Mac persistent : always Domain ID Auto merge : yes The output shows that the switches have formed an IRF fabric.
  • Page 226: Managing The Device

    A device name (also called hostname) identifies a device in a network and is used in CLI view prompts. For example, if the device name is Sysname, the user view prompt is <Sysname>. To configure the device name: Step Command Remarks Enter system view. system-view Configure the device name. sysname sysname The default device name is HP.
  • Page 227: Configuring The System Time

    Configuring the system time Correct system time is essential to network management and communication. Configure the system time correctly before you run the device on the network. Specifying the system time source The device can use one of the following system time sources: None—Local system time.
  • Page 228: Enabling Displaying The Copyright Statement

    Enabling displaying the copyright statement When displaying the copyright statement is enabled, the device displays the copyright statement in the following situations: • When a Telnet or SSH user logs in. When a console user quits user view. This is because the device automatically tries to restart the user •...
  • Page 229: Configuration Procedure

    For example, you can configure the shell banner "Have a nice day." as follows: <System> system-view [System] header shell %Have a nice day.% Multiline banner. • A multiline banner can contain carriage returns. A carriage return is counted as two characters. To input a multiline banner, use one of the following methods: Method 1—Press Enter after the final command keyword, enter the banner as prompted, and end the final line with the delimiter character %.
  • Page 230: Setting The System Operating Mode

    Step Command Remarks By default, the device does not have a Configure the login banner. header login text login banner. Configure the incoming By default, the device does not have an header incoming text banner. incoming banner. By default, the device does not have a Configure the shell banner.
  • Page 231: Configuration Guidelines

    Immediately reboot the device at the CLI. • • Schedule a reboot at the CLI, so the device automatically reboots at the specified time or after the specified period of time. Power off and then power on the device. This method might cause data loss, and is the •...
  • Page 232: Scheduling A Task

    Scheduling a task You can schedule the device to automatically execute a command or a set of commands without administrative interference. You can configure a non-periodic schedule or a periodic schedule. A non-periodic schedule is not saved to the configuration file and is lost when the device reboots. A periodic schedule is saved to the startup configuration file and is automatically executed periodically.
  • Page 233 schedule. The jobs will be executed concurrently. By default, a schedule has the user role of the schedule creator. You can assign up to 64 user roles to Assign user roles to the user-role role-name a schedule. A command in a schedule.
  • Page 234: Schedule Configuration Example

    Step Command Remarks • Execute the schedule at an interval from the specified time By default, no execution time is time repeating at time specified for a schedule. [ month-date [ month-day | last ] Specify an execution Executing commands clock | week-day week-day&<1-7>...
  • Page 235 [Sysname-job-start-GigabitEthernet1/0/1] command 1 system-view [Sysname-job-start-GigabitEthernet1/0/1] command 2 interface gigabitethernet 1/0/1 [Sysname-job-start-GigabitEthernet1/0/1] command 3 undo shutdown [Sysname-job-start-GigabitEthernet1/0/1] quit # Configure a job for disabling interface GigabitEthernet 1/0/2. [Sysname] scheduler job shutdown-GigabitEthernet1/0/2 [Sysname-job-shutdown-GigabitEthernet1/0/2] command 1 system-view [Sysname-job-shutdown-GigabitEthernet1/0/2] command 2 interface gigabitethernet 1/0/2 [Sysname-job-shutdown-GigabitEthernet1/0/2] command 3 shutdown [Sysname-job-shutdown-GigabitEthernet1/0/2] quit # Configure a job for enabling interface GigabitEthernet 1/0/2.
  • Page 236 Job name: start-GigabitEthernet1/0/2 system-view interface GigabitEthernet 1/0/2 undo shutdown # Display the schedule information. [Sysname] display scheduler schedule Schedule name : START-pc1/pc2 Schedule type : Run on every Mon Tue Wed Thu Fri at 08:00:00 Start time : Wed Sep 28 08:00:00 2011 Last execution time : Wed Sep 28 08:00:00 2011 Last completion time : Wed Sep 28 08:00:03 2011...
  • Page 237: Setting The Port Status Detection Timer

    Job name : shutdown-GigabitEthernet1/0/1 Schedule name : STOP-pc1/pc2 Execution time : Wed Sep 28 18:00:00 2011 Completion time : Wed Sep 28 18:00:01 2011 --------------------------------- Job output ----------------------------------- <Sysname>system-view System View: return to User View with Ctrl+Z. [Sysname]interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1]shutdown Job name : shutdown-GigabitEthernet1/0/2...
  • Page 238: Setting Memory Alarm Thresholds

    [ cpu cpu-number ] ] monitor cpu-usage enable [ slot By default, CPU usage tracking is Enable CPU usage tracking. slot-number [ cpu cpu-number ] ] enabled. monitor cpu-usage interval Set the sampling interval for By default, the sampling interval for interval-value [ slot slot-number CPU usage tracking.
  • Page 239 Samples memory usage at an interval of 1 minute, and compares the sample with the memory • usage threshold. If the sample is greater, the device sends a trap. Monitors the amount of free memory space in real time. If a free-memory threshold is exceeded, the •...
  • Page 240: Configuring The Temperature Alarm Thresholds

    Figure 52 Memory alarm notification and alarm-removed notification Free memory space Minor alarm-removed Normal Minor Severe alarm-removed alarm Minor Critical alarm-removed Severe alarm Severe Critical alarm Critical Time To set memory alarm thresholds: Step Command Remarks Enter system view. system-view •...
  • Page 241: Specifying An Operating Mode For A Service Module

    When the temperature drops below the low-temperature threshold or reaches the high-temperature warning threshold, the device performs the following operations: Logs the event. • Sends a log message. • Sends a trap. • When the temperature reaches the high-temperature alarming threshold, the device performs the following operations: Logs the event.
  • Page 242 Increases both the MAC address table Both a large MAC address table and a mix-bridging-routing size and routing table size. large routing table are required. Optimizes resource sharing for ND and ARP entries to provide optimal standard-ipv6 The IPv4/IPv6 dual-stack is used. forwarding performance in an IPv4/IPv6 dual-stack environment.
  • Page 243: Configuration Restrictions And Guidelines

    mix-bridgi standard-i Operating mode normal bridging routing ipv6 ng-routing H191A, JH199A) supported supported supported supported Routing: LSUM2GT48SE0(JH IPv4—32K 192A, JH200A) IPv6—12K MAC: MAC: 128K 128K SF interface modules Routing: Routing: supported supported supported supported IPv4—16K IPv4—16K IPv6—8K IPv6—8K MAC: Routing: 160K MAC: IPv4—128...
  • Page 244: Enabling The Port Down Feature Globally

    Step Command Remarks mix-bridging-routing | normal JH200A). | port-extender | routing | • normal for the following interface standard-ipv6 } chassis modules: chassis-number slot SC interface modules. slot-number SF interface modules. LSU1GP24TXSE0(JC617A, JG376A). LSU1GT48SE0(JC618A, JG377A). LSU1GP48SE0(JC619A, JG378A). LSU1TGX4SE0(JC620A, JG379A). LSU1GP24TSE0(JC763A, JG347A).
  • Page 245: Isolating A Switching Fabric Module

    • In standalone mode: set asset-info { chassis | fan fan-id | power power-id | slot slot-number } { csn csn-number | custom name value | department department | description description | location location | service-date date | state Configure an asset state } profile for a physical •...
  • Page 246: Suppressing Switching Fabric Module Removal Interrupt Signals

    The data is written to the storage component during debugging or testing. Install only transceiver modules that are from HP. If you install a transceiver module that is not from HP, the device will generate a log message to ask you to replace the module. For more information about log messages, see information center configuration in Network Management and Monitoring Configuration Guide.
  • Page 247: Diagnosing Transceiver Modules

    Disable alarm traps if the transceiver modules were manufactured or sold by HP. The device regularly detects transceiver modules that have a vendor name other than HP or do not have a vendor name. Upon detecting such a transceiver module, the device repeatedly outputs traps and logs to notify the user to replace the module.
  • Page 248: Displaying And Maintaining Device Management Configuration

    After this command is executed, only the items required for fundamental device operation are retained, including the .bin files, MAC addresses, and electronic label information. To restore the factory-default configuration for the device, execute the following command in user view: Task Command Remarks...
  • Page 249 Display the electronic label display device manuinfo power information of a power module. power-id Display or save the operating display diagnostic-information statistics for multiple feature [ hardware | infrastructure | l2 | modules. l3 | service ] [ filename ] Display device temperature display environment [ slot statistics.
  • Page 250: Irf Mode

    IRF mode Task Command Remarks display alarm [ chassis Display device alarm information. chassis-number slot slot-number ] display asset-info chassis chassis-number { chassis | fan fan-id | power power-id | slot For a power module, only the csn Display asset information. slot-number } [ csn | custom| keyword is supported.
  • Page 251 Task Command Remarks slot-number } [ fan-id ] ] display memory [ chassis Display memory usage statistics. chassis-number slot slot-number [ cpu cpu-number ] ] display memory-threshold [ chassis Display memory alarm thresholds chassis-number slot slot-number and statistics. [ cpu cpu-number ] ] display power [ chassis Display power module { chassis-number |...
  • Page 252: Using Tcl

    Using Tcl Comware V7 provides a built-in tool command language (Tcl) interpreter. From user view, you can use the tclsh command to enter Tcl configuration view to execute the following commands: • All Tcl 8.5 commands. Comware commands. • The Tcl configuration view is equivalent to the user view. You can use Comware commands in Tcl configuration view in the same way they are used in user view.
  • Page 253: Managing The System With Bootware

    Managing the system with BootWare BootWare provides a menu method for performing basic file operations, software upgrade, and system management. You can use this method when you cannot access the Comware CLI, for example, because of software image corruption. NOTE: Output in this document is for illustration only.
  • Page 254: Restrictions And Guidelines

    Use BootWare menus for software upgrade only when you cannot access the CLI. From BootWare menus, you can upgrade MPUs only one by one. If the device has two MPUs, HP recommends that you remove one MPU before upgrading software.
  • Page 255: Modifying Serial Port Parameters

    Option Task <0> Reboot Reboot the device. Modifying serial port parameters When using the console port to access the system, make sure the port parameters are consistent with the serial port settings on the configuration terminal. Port parameters include the baud rate, data bits, parity check, stop bits, flow control, and emulation.
  • Page 256: Updating The Entire Bootware

    Updating the entire BootWare To update the entire BootWare, enter 3 in the BASIC-BOOTWARE menu. Enter your choice(0-5): 3 Please Start To Transfer File, Press <Ctrl+C> To Exit. Waiting ...CCCCC Download successfully! 329344 bytes downloaded! Updating Basic BootWare? [Y/N]Y Updating Basic BootWare....Done. Updating Extended BootWare? [Y/N]Y Updating Extended BootWare....Done.
  • Page 257: Using The Basic-Bootware Menu (For All Mpus Except Lsu1Supb0(Jg496A))

    Enter your choice(0-5): 5 Booting Normal Extended BootWare The Extended BootWare is self-decompressing..Done. **************************************************************************** BootWare, Version 1.33 **************************************************************************** Compiled Date : Nov 20 2014 CPU Type : XLP316 CPU Clock Speed : 1200MHz Memory Type : DDR3 SDRAM Memory Size : 8192MB Memory Speed : 667MHz...
  • Page 258: Modifying Serial Port Parameters

    ============================================================================ Ctrl+U: Access BASIC ASSISTANT MENU Enter your choice(0-5): Table 20 BASIC-BOOTWARE menu options Option Task <1> Modify Serial Interface Parameter Change the baud rate of the console port. Update the extended BootWare segment. <2> Update Extended BootWare If the extended segment is corrupt, choose this option to repair Update the entire BootWare, including the basic segment <3>...
  • Page 259: Updating The Extended Bootware Segment

    NOTE: The baud rate change is a one-time operation. The baud rate will restore to the default (9600 bps) at reboot. To establish a console session with the device after a reboot, you must change the baud rate setting on the configuration terminal to 9600 bps. Updating the extended BootWare segment If the extended BootWare segment is corrupt, enter 2 in the BASIC-BOOTWARE menu to update it.
  • Page 260: Running The Backup Extended Bootware Segment

    Memory Size : 8192MB Memory Speed : 667MHz BootWare Size : 1536KB Flash Size : 4MB BootWare Validating... Press Ctrl+B to access EXTENDED-BOOTWARE MENU... Running the backup extended BootWare segment To bootstrap the Comware software images with the backup extended BootWare segment, enter 5 in the BASIC-BOOTWARE menu.
  • Page 261 **************************************************************************** BootWare, Version 1.33 **************************************************************************** Compiled Date : Nov 20 2014 CPU Type : XLP316 CPU Clock Speed : 1200MHz Memory Type : DDR3 SDRAM Memory Size : 8192MB Memory Speed : 667MHz BootWare Size : 1536KB Flash Size : 500MB BASIC CPLD Version : 4.0 EXTENDED CPLD Version : 3.0...
  • Page 262 Table 21 EXTENDED-BOOTWARE menu options Option Task Reference Run the Comware software without rebooting the device. <1> Boot System Running the Comware software Choose this option after completing operations in the EXTENDED-BOOTWARE menu. Download files with XMODEM and Upgrading Comware software <2>...
  • Page 263: Running The Comware Software

    NOTE: Basic Comware V7 software images include a .bin boot image and a .bin system image. A system must • have the two images to operate appropriately. They are released both in separate .bin files and in an .ipe package file so you can update the images separately or as a whole. You can set one Comware software image as a main (M) or backup (B) image.
  • Page 264 Enter your choice(0-5): Table 22 Serial submenu options Option Task Load and run Comware software images in SDRAM. <1> Download Image Program To This option is not available if password recovery capability is SDRAM And Run disabled. Download Comware software images to the current storage medium as main images (the file attribute is set to M).
  • Page 265: Upgrading Comware Software Through The Management Ethernet Port

    Download successfully! 47979456 bytes downloaded! Updating File flash:/test-boot-r7328.bin..........Done. Enter 0 in the Serial submenu to return to the EXTENDED-BOOTWARE menu. Enter 1 in the EXTENDED-BOOTWARE menu to run the new software. Upgrading Comware software through the management Ethernet port You can upgrade the Comware software through the management Ethernet port from the Ethernet submenu.
  • Page 266 Option Task <0> Exit To Main Menu Return to the EXTENDED-BOOTWARE menu. Enter 5 in the Ethernet submenu to configure file transfer settings. Enter your choice(0-5):5 ==========================<ETHERNET PARAMETER SET>========================== |Note: '.' = Clear field. '-' = Go to previous field. Ctrl+D = Quit.
  • Page 267: Managing Files

    Choose an option from 1 to 3. For example, to upgrade the main Comware software images, enter ==========================<Enter Ethernet SubMenu>========================== |Note:the operating device is flash |<1> Download Image Program To SDRAM And Run |<2> Update Main Image File |<3> Update Backup Image File |<4>...
  • Page 268 Enter your choice(0-9):4 The following File Control submenu appears: ===============================<File CONTROL>=============================== |Note:the operating device is flash |<1> Display All File(s) |<2> Set Image File type |<3> Set Bin File type |<4> Delete File |<5> Copy File |<0> Exit To Main Menu ============================================================================ Enter your choice(0-5): Displaying all files...
  • Page 269 For example, the boot image file main.bin has the M attribute and the boot image file update.bin has the B attribute. If you assign the M attribute to update.bin, update.bin will have both the M and B attributes (M+B), and the file attribute of main.bin will change to N/A. To change the attribute of Comware software images: Enter 3 in the File Control submenu.
  • Page 270 ============================================================================ |NO. Size(B) Time Type Name 2714337 Mar/19/2013 02:03:23 N/A flash:/logfile/logfile.log 1948 Mar/18/2013 09:59:14 N/A flash:/zss.cfg 929964 Mar/18/2013 09:59:15 N/A flash:/zss.mdb Mar/10/2013 19:18:43 N/A flash:/versionInfo/versionCtl.da| 1056 Mar/10/2013 19:18:43 N/A flash:/versionInfo/version0.dat | Mar/18/2013 09:59:13 N/A flash:/ifindex.dat 294388736 Aug/08/2014 11:27:50 M+B flash:/10500-cmw710-system-R716| |9P01.bin Exit ============================================================================...
  • Page 271: Restoring The Factory-Default Configuration

    Enter the number of the destination storage medium. For example, enter 1 to copy the file to the flash memory. Enter your choice(0-1):1 The destination file can't be the same as the source file. Restoring the factory-default configuration CAUTION: Performing this task can cause all next-startup configuration files in the current storage medium to be permanently deleted.
  • Page 272: Skipping The Configuration File At The Next Startup

    Skipping the configuration file at the next startup To skip the configuration file at the next startup, enter 6 in the EXTENDED-BOOTWARE menu. ==========================<EXTENDED-BOOTWARE MENU>========================== |<1> Boot System |<2> Enter Serial SubMenu |<3> Enter Ethernet SubMenu |<4> File Control |<5> Restore to Factory Default Configuration |<6>...
  • Page 273 Backing up the BootWare image You can back up the entire BootWare image, its basic segment, or extended segment. When the BootWare image is corrupt, you could use the backup image for recovery. Enter 1 in the BootWare Operation menu to perform a BootWare image backup. Enter your choice(0-4): 1 Will you backup the Basic BootWare? [Y/N]Y Begin to backup the Basic BootWare..Done.
  • Page 274: Skipping Console Login Authentication

    ===================<BOOTWARE OPERATION ETHERNET SUB-MENU>=================== |<1> Update Full BootWare |<2> Update Extended BootWare |<3> Update Basic BootWare |<4> Modify Ethernet Parameter |<0> Exit To Main Menu ============================================================================ Enter your choice(0-4): Table 27 BOOTWARE OPERATION ETHERNET submenu options Option Task <1> Update Full BootWare Upgrade the entire BootWare image.
  • Page 275: Managing Storage Media

    Figure 53 Skipping console login authentication Console login password lost Reboot the switch to access the EXTENDED-BOOTWARE menu Select Skip Authentication for Console Login Reboot the switch to enter user line view No password is required for console Execute the login, whether or not you save the quit command? running configuration.
  • Page 276: Using The Extended Assistant Menu

    Table 28 DEVICE CONTROL menu options Option Task Display all storage media on the MPU you are <1> Display All Available Nonvolatile Storage Device(s) working with. Set the current storage medium. All file <2> Set The Operating Device operations in BootWare menus are performed on the current storage medium.
  • Page 277: Using The Extended-Bootware Menu (For All Mpus Except Lsu1Supb0(Jg496A))

    Table 29 Error messages Error message Description The start or end address is beyond the memory space or the end address is lower Invalid address. than the start address. The entered memory length is so great that the calculated end address is beyond Invalid length the memory space.
  • Page 278 Enter < Storage Device Operation > to select device. ==========================<EXTENDED-BOOTWARE MENU>========================== |<1> Boot System |<2> Enter Serial SubMenu |<3> Enter Ethernet SubMenu |<4> File Control |<5> Restore to Factory Default Configuration |<6> Skip Current System Configuration |<7> BootWare Operation Menu |<8>...
  • Page 279 Option Task Reference Download files with XMODEM and Upgrading Comware software <2> Enter Serial SubMenu upgrade the Comware software through the console port through the console port. Download files with FTP or TFTP and Upgrading Comware software upgrade the Comware software <3>...
  • Page 280: Running The Comware Software

    NOTE: Basic Comware V7 software images include a .bin boot image and a .bin system image. A system must • have the two images to operate appropriately. They are released both in separate .bin files and in an .ipe package file so you can update the images separately or as a whole. You can set one Comware software image as a main (M) or backup (B) image.
  • Page 281 Enter your choice(0-5): Table 31 Serial submenu options Option Task Load and run Comware software images in SDRAM. <1> Download Image Program To This option is not available if password recovery capability is SDRAM And Run disabled. Download Comware software images to the current storage medium as main images (the file attribute is set to M).
  • Page 282: Upgrading Comware Software Through The Management Ethernet Port

    ============================================================================ Enter your choice(0-5):2 On the configuration terminal, configure the communication settings and transfer the upgrade file. For more information, see "Using XMODEM to upgrade software through the console port." In this example, the system sets the file as a main software image file when the file transfer is complete.
  • Page 283 Option Task Download Comware software images to the current storage medium as backup images (the file attribute is set to B). <3> Update Backup Image File As a result, the B file attribute of the original backup images is removed. Download a file to the current storage medium.
  • Page 284: Managing Files

    Field Description Local IP Address Set the IP address of the device. Subnet Mask Set the IP address mask. Set a gateway IP address if the device is on a different network Gateway IP Address than the server. Set the username for accessing the FTP server. This username must FTP User Name be the same as configured on the FTP server.
  • Page 285 ============================================================================ Ctrl+Z: Access EXTENDED ASSISTANT MENU Ctrl+F: Format File System Enter your choice(0-9):4 The following File Control submenu appears: ===============================<File CONTROL>=============================== |Note:the operating device is flash |<1> Display All File(s) |<2> Set Image File type |<3> Set Bin File type |<4>...
  • Page 286 On an MPU, you can specify only one main image and one backup image for each type of Comware image. If you assign the same attribute to two images that are the same type, the most recent assignment causes the previously assigned attribute to be removed. For example, the boot image file main.bin has the M attribute and the boot image file update.bin has the B attribute.
  • Page 287 Enter your choice(0-5): 4 Deleting the file in flash: 'M' = MAIN 'B' = BACKUP 'N/A' = NOT ASSIGNED Display all file(s) in flash: 'M' = MAIN 'B' = BACKUP 'N/A' = NOT ASSIGNED ============================================================================ |NO. Size(B) Time Type Name 4577 Feb/19/2013 13:07:54 N/A flash:/labtop.cfg...
  • Page 288: Restoring The Factory-Default Configuration

    Choose copy dest device : ============================================================================ |NO. Device Name File System Total Size Available Space flash YAFFS2 1048576KB 792990KB Exit ============================================================================ Enter your choice(0-1): Enter the number of the destination storage medium. For example, enter 1 to copy the file to the flash memory.
  • Page 289: Skipping The Configuration File At The Next Startup

    If password recovery capability is disabled, enter Y at the prompt to complete the task. Because the password recovery capability is disabled, this operation can cause the configuration files to be deleted, and the system will start up with factory defaults. Are you sure to continue?[Y/N]Y Setting...Done.
  • Page 290 Option Task <2> Restore Full BootWare Recover the BootWare image. <3> Update BootWare By Serial Update the BootWare from the console port. <4> Update BootWare By Ethernet Update the BootWare from the management Ethernet port. <0> Exit To Main Menu Return to the EXTENDED-BOOTWARE menu.
  • Page 291: Skipping Console Login Authentication

    Option Task Modify the baud rate of the console port. <4> Modify Serial Interface Parameter Perform this task before you perform any upgrade task. <0> Exit To Main Menu Return to the BootWare Operation menu. To upgrade the BootWare image through the management Ethernet port, enter 4 in the BootWare Operation menu.
  • Page 292: Managing Storage Media

    Figure 54 Skipping console login authentication Console login password lost Reboot the switch to access the EXTENDED-BOOTWARE menu Select Skip Authentication for Console Login Reboot the switch to enter user line view No password is required for console Execute the login, whether or not you save the quit command? running configuration.
  • Page 293: Using The Extended Assistant Menu

    Table 37 DEVICE CONTROL menu options Option Task <1> Display All Available Nonvolatile Display all storage media on the MPU you are working with. Storage Device(s) Set the current storage medium. All file operations in BootWare <2> Set The Operating Device menus are performed on the current storage medium.
  • Page 294: Bootware Shortcut Keys

    Starts a five-step RAM test. IMPORTANT: Ctrl+T Press Ctrl+T to start five-step full RAM test… This RAM test is intended for memory troubleshooting. HP recommends not performing this test. Starts a nine-step RAM test. IMPORTANT: Ctrl+Y Press Ctrl+Y to start nine-step full RAM test…...
  • Page 295: Disabling Password Recovery Capability

    Disabling password recovery capability Password recovery capability controls console user access to the device configuration and SDRAM from BootWare menus. This feature also decides the method for handling console login password loss (see Figure 55). If password recovery capability is enabled, a console user can access the device configuration without authentication to configure new passwords.
  • Page 296: Comware Software Upgrade Examples

    Password Password BootWare menu recovery recovery Tasks that can be performed option enabled disabled Skip the configuration file at the next startup. This is a one-time operation. It takes effective only Skip Current System for the first system boot or reboot after you choose Configuration this option.
  • Page 297 |<4> 57600 |<5> 115200 |<0> Exit ========================================================================== Enter your choice(0-5):1 Select the correct download baud rate. In this example, enter 1 to select 9600 bps. Change the baud rate of your terminal to match the setting on the Serial submenu. Then, close your connection to the device and reestablish the connection to make the terminal's baud rate change take effect.
  • Page 298: Using Tftp To Upgrade Comware Software Through The Management Ethernet Port

    Figure 56 Selecting the file to transfer Click Open. Figure 57 File transfer progress At the prompt for image attribute, enter m to specify the file as the main (primary) startup image file. Using TFTP to upgrade Comware software through the management Ethernet port In this example, the device acts as the TFTP client.
  • Page 299 Connect the device to the intended TFTP server through the device's management Ethernet port and obtain the IP address of the intended TFTP server. Connect your terminal to the device's console port. You can use the same PC for the two purposes. On the intended TFTP server, run TFTP server and specify the working path for software upgrade.
  • Page 300: Using Ftp To Upgrade Comware Software Through The Management Ethernet Port

    Enter your choice(0-5):2 In the Ethernet submenu, enter 2 to download the specified image file to the device. Loading......................................................Done. 227301376 bytes downloaded! Image file 10500-CMW710-BOOT-R7169P01.bin is self-decompressing... Saving file flash:/10500-CMW710-BOOT-R7169P01.bin ..................Done. Image file 10500-CMW710-SYSTEM-R7169P01.bin is self-decompressing... Saving file flash:/10500-CMW710-SYSTEM-R7169P01.bin ......
  • Page 301: Using Python

    Using Python Comware V7 provides a built-in Python interpreter that supports the following items: Python 2.7 commands. • Python 2.7 standard API. • Comware V7 extended API. For more information about the Comware V7 extended API, see • "Comware V7 extended Python API." •...
  • Page 302 comware.Transfer('tftp', '192.168.1.26', 'main.cfg', 'flash:/main.cfg') comware.Transfer('tftp', '192.168.1.26', 'backup.cfg', 'flash:/backup.cfg') comware.CLI('startup saved-configuration flash:/main.cfg main ;startup saved-configuration flash:/backup.cfg backup') # Use TFTP to download the script to the device. <Sysname> tftp 192.168.1.26 get test.py # Execute the script. <Sysname> python flash:/test.py <Sysname>startup saved-configuration flash:/main.cfg main Please wait..
  • Page 303: Comware V7 Extended Python Api

    Comware V7 extended Python API The Comware V7 extended Python API is compatible with the Python syntax. Importing and using the Comware V7 extended Python API To use the Comware V7 extended Python API, you must import the API to Python. Use either of the following methods to import and use the Comware V7 extended Python API: Use import comware to import the entire API and use comware.API to execute an API.
  • Page 304 Parameters command: Specifies the commands to be executed. To enter multiple commands, use a space and a semicolon (;) as the delimiter. To enter a command in a view other than user view, you must first enter the commands used to enter the view. For example, you must enter ’system-view ;local-user test class manage’...
  • Page 305: Transfer Class

    Transfer class Transfer Use Transfer to download a file from a server. Syntax Transfer(protocol=‘’, host=‘’, source=‘’, dest=‘’, vrf=‘’,login_timeout=10, user=‘’, password=‘’) Parameters protocol: Specifies the protocol used to download a file: • ftp—Uses FTP. tftp—Uses TFTP. • http—Uses HTTP. • host: Specifies the IP address of the remote server. source: Specifies the name of the file to be downloaded from the remote server.
  • Page 306: Api Get_Self_Slot

    Examples # Download file test.cfg from TFTP server 1.1.1.1 and get the error information from the operation. <Sysname> python Python 2.7.3 (default, May 24 2013, 14:37:26) [GCC 4.4.1] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import comware >>>...
  • Page 307: Api Get_Slot_Range

    Syntax get_standby_slot() Returns A list object in the format of [[- 1 ,slot-number]]. The slot-number indicates the slot number of a standby MPU. If the device does not have a standby MPU, [ ] is returned. (In standalone mode.) A list object in one of the following formats: (In IRF mode.) [ ]—The IRF fabric does not have a global standby MPU.
  • Page 308: Api Get_Slot_Info

    Sample output {'MaxSlot': 327, 'MinSlot': 0} API get_slot_info get_slot_info Use get_slot_info to get information about a card. Syntax get_slot_info() Returns A dictionary object in the format of {'Slot': slot-number, 'Status': 'status', 'Chassis': chassis-number, 'Role': 'role', 'Cpu': CPU-number }. The slot-number argument indicates the slot number of the card. The status argument indicates the status of the card.
  • Page 309: Support And Other Resources

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...
  • Page 310: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
  • Page 311 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
  • Page 312: Index

    Index extended Python API functions, archiving configuration archive, RBAC AAA authorization, configuration archive parameters, RBAC default user role, configuration archiving (automatic), RBAC local AAA authentication user file, 93, configuration, running configuration (manual), RBAC non-AAA authorization, argument (CLI string/text type), RBAC user role local AAA authentication, ASCII transfer mode, RBAC user role non-AAA authentication, assigning...
  • Page 313 RBAC temporary user role authorization multiple-line input mode, (RADIUS authentication), shell type, RBAC user role authentication, single-line input mode, RBAC user role local AAA authentication, binary transfer mode, RBAC user role remote AAA authentication, boot loader authorizing software upgrade startup image file specification (in FTP basic server authorization, IRF mode), login management command...
  • Page 314 console password authentication, CLI string/text type argument value, console port login, CLI undo command form, console scheme authentication, ISSU, device reboot (CLI), ISSU availability identification, device reboot (scheduled), ISSU command series, display command output filtering, ISSU device operating status verification, display command output line numbering, ISSU feature status verification, display command output management,...
  • Page 315 main next-startup file restore, login management CLI console scheme authentication, management, login management CLI local console port login, next-startup configuration file, login management command accounting, 72, next-startup file delete, login management command authorization, 69, next-startup file redundancy, login management SNMP access control, restrictions and guidelines, login management SSH device as server, running configuration archiving (manual),...
  • Page 316 login management logins (Telnet, SSH), 66, CLI display command output filtering, login management SNMP access, CLI display command output line numbering, login management user access, CLI display command output management, RBAC configuration, 15, CLI display command output save to file, copying CLI display command output viewing, file,...
  • Page 317 RBAC local AAA authentication user device reboot (CLI), configuration, device reboot (scheduled), RBAC permission assignment, disabling sending removal interrupt signals before RBAC RADIUS authentication user switching fabric module removal, configuration, factory-default configuration restore, RBAC resource access policies, memory alarm thresholds, RBAC temporary user role authorization, 25, physical component asset profile, RBAC temporary user role authorization...
  • Page 318 login management Telnet login private key, authentication, public key, sending removal interrupt signals before entering switching fabric module removal, CLI entered-but-not-submitted command redisplay, disabling sending removal interrupt signals before CLI string/text type argument value, switching fabric module removal, command, displaying system view from user view, command help information, error...
  • Page 319 file system login management user access control, current working directory change, RBAC, current working directory display, format directory creation, configuration file, 101, directory information display, file name, directory management, file system storage media formatting, directory removal, file archiving, automatic configuration (file server), file compression, basic server parameters configuration, file copy,...
  • Page 320 automatic configuration (HTTP server+Python ISSU patch image uninstall, script), 21 1 ISSU software image installation, automatic configuration (HTTP server+Tcl ISSU software image upgrade, script), installing, 140, See also install series commands automatic configuration (IRF setup), ISSU software images (install series HWTACACS commands), login management command...
  • Page 321 ISSU issu series commands (IRF IPE file decompression (install series mode), 146, commands), ISSU method identification, issu series commands, ISSU methods, issu series commands (IRF mode), 146, ISSU performance (issu series commands), maintaining, ISSU procedure determination, methods, ISSU software image verification (install series patch image uninstall (install series commands), commands),...
  • Page 322 login management CLI AUX common line login settings, device banner login type, login management CLI user line, login management login management CLI user line assignment, CLI AUX common line settings, login management CLI user line CLI configuration, identification, CLI console authentication, login management Telnet VTY common line CLI console password authentication, settings,...
  • Page 323 ISSU, device CPU usage, login management CLI login, mounting software upgrade image settings, file system storage media, managing moving CLI display command output, file, configuration files, device. See device management ISSU, file system, ISSU (install series commands), file system directories, ISSU (issu series commands), file system files, ISSU availability identification,...
  • Page 324 device copyright statement display, IPv6 TFTP client configuration, device CPU usage monitoring, ISSU (install series commands), device factory-default configuration restore, ISSU availability identification, device management task scheduling, 222, ISSU command series, device memory alarm thresholds, ISSU device operating status verification, device name configuration, ISSU feature (install series commands), device port status detection timer,...
  • Page 325 RBAC resource access policies, software upgrade (non-ISSU)(IRF mode), RBAC temporary user role authorization, 25, software upgrade PEX configuration (non-ISSU), RBAC temporary user role authorization Tcl usage, (HWTACACS authentication), TFTP configuration, RBAC temporary user role authorization using Python, (RADIUS authentication), next-startup configuration file, 101, RBAC user role assignment, 18, RBAC user role authentication, login management SNMP device access,...
  • Page 326 login management Telnet login password RBAC user role assignment, authentication, RBAC user role interface policy, login management Telnet login scheme RBAC user role local AAA authentication, authentication, RBAC user role non-AAA authentication, patch RBAC user role remote AAA authentication, ISSU patch image, RBAC user role VLAN policy, software upgrade Comware patch image, 1 12...
  • Page 327 configuring automatic configuration configuring login management Telnet login scheme gateway, authentication, configuring CLI command hotkey, configuring login management Telnet VTY common line settings, configuring CLI command keyword alias, configuring physical component asset profile, configuring configuration archive parameters, configuring RBAC, 19, configuring configuration rollback, configuring RBAC feature group, configuring device as IPv4 TFTP client,...
  • Page 328 displaying command help information, maintaining device management configuration, displaying configuration files, 1 10 maintaining FTP connection, displaying current working directory, maintaining ISSU, displaying device management configuration, maintaining login management CLI login, displaying directory information, maintaining software upgrade image settings, displaying file information, managing CLI display command output, displaying FTP client, managing file system directories,...
  • Page 329 rebooting device (scheduled), understanding CLI command-line error message, releasing FTP server connection manually, uninstalling ISSU feature (install series commands), removing directory, uninstalling ISSU patch images (install series removing ISSU inactive software image (install commands), series commands), unmounting file system storage media, renaming file, upgrading ISSU software images (install series repairing file system storage media,...
  • Page 330 non-AAA authorization, resource permission assignment, RBAC resource access policies, predefined user roles, restoring RADIUS authentication user configuration, device factory-default configuration, resource access policies, 16, file, rule configuration restrictions, main next-startup configuration file, settings display, software upgrade BootWare image (non-ISSU method), temporary user role authorization, restrictions temporary user role authorization (HWTACACS...
  • Page 331 RBAC feature read rule, login management login control (Telnet, SSH), 66, RBAC feature write rule, login management SNMP access control, 67, RBAC OID rule, login management user access control, RBAC user role rule configuration, RBAC configuration, 15, 19, RBAC XML element rule, RBAC default user role, running configuration RBAC feature group configuration,...
  • Page 332 device port status detection timer, eIRF system ISSU feature incompatible upgrade (issu series commands), device system operating mode, eIRF system ISSU feature upgrade (install series device system time, commands), file/folder operation mode, eIRF system ISSU performance (issu series login management Telnet packet DSCP commands), value, file naming,...
  • Page 333 startup image file specification (in IRF next-startup configuration file redundancy, mode), storage media startup image file specification (in standalone CF card partition, mode), CF card partition restrictions, system startup, 1 14 file system management, task list, file system storage media naming rules, specifying formatting, device system time source,...
  • Page 334 automatic configuration (IRF setup), device configuration startup file selection, automatic configuration (server-based), device copyright statement display, automatic configuration (TFTP server), device CPU usage monitoring, automatic configuration file preparation, device factory-default configuration restore, automatic configuration gateway, device management, 216, automatic configuration interface selection, device management task scheduling, 222, automatic configuration start, device memory alarm thresholds,...
  • Page 335 ISSU availability identification, login management CLI user roles, ISSU command series, login management command accounting, 72, ISSU device operating status verification, login management command authorization, 69, ISSU feature (install series commands), login management console port login, ISSU feature compatible upgrade (issu series login management login control (Telnet, commands/IRF mode), 146, 154, 162, SSH), 66,...
  • Page 336 device CPU usage, device memory alarm thresholds, task scheduling (device management), 222, device temperature threshold alarm, time automatic configuration (HTTP server+Tcl device system time configuration, script), device system time set, configuration view, device system time source set, restrictions, timer use, device port status detection, user view, tool command language.
  • Page 337 ISSU software images (install series automatic configuration, commands), CLI, software. See software upgrade CLI command history function, CLI command hotkey, disk partitioning, command keyword alias, user device as FTP client, interface, 43, See also user line device as FTP server, interface login management Telnet VTY Extended Python API, 293, common line settings,...