HP 10500 Switch Series Fundamentals Configuration Guide Part number: 5998-7111b Software version: 10500-CMW710-R7169P01 Document version: 6W102-20160218...
Page 2
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
Contents Using the CLI ································································································································································ 1 CLI views ············································································································································································ 1 Entering system view from user view ······················································································································ 2 Returning to the upper-level view from any view ·································································································· 2 Returning to user view ·············································································································································· 2 Accessing the CLI online help ·········································································································································· 2 Using the undo form of a command ·······························································································································...
Page 4
Displaying and maintaining RBAC settings ················································································································· 28 RBAC configuration examples ······································································································································ 28 RBAC configuration example for local AAA authentication users ··································································· 28 RBAC configuration example for RADIUS authentication users ······································································· 30 RBAC temporary user role authorization configuration example (HWTACACS authentication) ················· 33 RBAC temporary user role authorization configuration example (RADIUS authentication) ··························...
Page 5
FTP server configuration example in standalone mode ····················································································· 77 FTP server configuration example in IRF mode ·································································································· 79 Using the device as an FTP client ································································································································· 80 Establishing an FTP connection ···························································································································· 80 Managing directories on the FTP server ············································································································· 81 Working with files on the FTP server ···················································································································...
Page 6
Saving the running configuration ······························································································································· 103 Configuring configuration rollback ···························································································································· 104 Configuration task list ········································································································································· 104 Configuring configuration archive parameters ································································································ 105 Enabling automatic configuration archiving ····································································································· 106 Manually archiving the running configuration ································································································· 106 Rolling back configuration·································································································································· 106 Specifying a next-startup configuration file ··············································································································· 107 Backing up the main next-startup configuration file to a TFTP server ·····································································...
Page 7
Identifying the ISSU method ······························································································································· 135 Verifying feature status ······································································································································· 135 Determining the upgrade procedure ················································································································· 136 Understanding ISSU guidelines ························································································································· 136 Logging in to the device through the console port ··························································································· 136 Saving the running configuration ······················································································································ 137 Performing an ISSU by using issu commands ··········································································································· 138 Performing a compatible upgrade·····················································································································...
Page 8
Preparing the interfaces used for automatic configuration ······················································································ 205 Starting and completing automatic configuration ···································································································· 205 Automatic configuration examples ····························································································································· 206 Automatic configuration using TFTP server ······································································································· 206 Automatic configuration using HTTP server and Tcl script ·············································································· 210 Automatic configuration using HTTP server and Python script ······································································· 211 Automatic IRF setup ·············································································································································...
Page 9
Managing the system with BootWare ··················································································································· 243 Overview ······································································································································································· 243 Restrictions and guidelines ·········································································································································· 244 Using the BASIC-BOOTWARE menu (for LSU1SUPB0(JG496A) MPUs) ································································ 244 Modifying serial port parameters ······················································································································ 245 Updating the extended BootWare segment ····································································································· 245 Updating the entire BootWare ··························································································································· 246 Running the primary extended BootWare segment ·························································································...
Page 10
API get_standby_slot ··········································································································································· 296 API get_slot_range··············································································································································· 297 API get_slot_info ·················································································································································· 298 Support and other resources ·································································································································· 299 Contacting HP ······························································································································································ 299 Subscription service ············································································································································ 299 Related information ······················································································································································ 299 Documents ···························································································································································· 299 Websites ······························································································································································· 299 Conventions ·································································································································································· 300 Index ········································································································································································ 302...
Using the CLI At the command-line interface (CLI), you can enter text commands to configure, manage, and monitor the device. Figure 1 CLI example You can use different methods to log in to the CLI, including through the console port, Telnet, and SSH. For more information about login methods, see "Login overview."...
Perform basic operations including display, debug, file management, FTP, Telnet, clock setting, and • reboot. Enter system view. The system view prompt is [Device-name]. • In system view, you can perform the following tasks: Configure global settings (such as the daylight saving time, banners, and hotkeys) and some •...
Enter a question mark at a view prompt to display the first keyword of every command available in • the view. For example: <Sysname> ? User view commands: archive Archive configuration backup Backup the startup configuration file to a TFTP server bash blade Enter a space and a question mark after a command keyword to display all available, subsequent...
For example, the info-center enable command enables the information center. The undo info-center enable command disables the information center. Entering a command When you enter a command, you can perform the following tasks: Use keys or hotkeys to edit the command line. •...
Space. • A specific argument might have more requirements. For more information, see the relevant command reference. To enter a printable character, you can enter the character or its ASCII code (in the range of 32 to 126). Abbreviating commands You can enter a command line quickly by entering incomplete keywords that uniquely identify the complete command.
Configuring and using command hotkeys The system defines the hotkeys shown in Table 2 and provides five configurable command hotkeys. Pressing a command hotkey is the same as entering a command. If a hotkey is also defined by the terminal software you are using to interact with the device, the terminal software definition takes effect.
Hotkey Function Ctrl+] Terminates the current connection. Esc+B Moves the cursor back one word. Esc+D Deletes all characters from the cursor to the end of the word. Esc+F Moves the cursor forward one word. Enabling redisplaying entered-but-not-submitted commands Your input might be interrupted by system information output. If redisplaying entered-but-not-submitted commands is enabled, the system redisplays your input after finishing the output.
Using the command history feature The system automatically saves commands successfully executed by a login user to the following two command history buffers: • Command history buffer for the user line. Command history buffer for all user lines. • Table 4 Comparison between the two types of command history buffers Command history buffer for all Item Command history buffer for a user line...
Pausing between screens of output The system automatically pauses after displaying a screen if the output is too long to fit on one screen. You can use the keys described in "Output controlling keys" to display more information or stop the display.
VLAN ID: 999 VLAN type: Static Route interface: Configured IP address: 192.168.2.1 Subnet mask: 255.255.255.0 Description: For LAN Access Name: VLAN 0999 Tagged ports: None Untagged ports: GigabitEthernet1/0/1 Filtering the output from a display command You can use the | { begin | exclude | include } regular-expression option to filter the display command output.
Page 21
Characters Meaning Examples "[16A]" matches a string containing 1, 6, or A; "[1-36A]" matches a string containing 1, 2, 3, 6, or A (- is a hyphen). Matches a single character in the brackets. To match the character "]", put it immediately after "[", for example, []abc].
# Use | begin line for the display current-configuration command to match the first line of output that contains line to the last line of output. <Sysname> display current-configuration | begin line line aux 0 user-role network-operator line con 0 user-role network-admin line vty 0 63 authentication-mode scheme...
Page 23
Task Command Save the output from a display command to a separate file. display command > filename Append the output from a display command to the end of a file. display command >> filename For example: # Save the VLAN 1 settings to a separate file named vlan.txt. <Sysname>...
Viewing and managing the output from a display command effectively You can use the following methods in combination to filter and manage the output from a display command: • Numbering each output line from a display command Filtering the output from a display command •...
Configuring RBAC Overview Role-based access control (RBAC) controls user access to items and system resources based on user roles. In this chapter, items include commands, XML elements, and MIB nodes, and system resources include interfaces, VLANs, and VPN instances. RBAC assigns access permissions to user roles that are created for different job functions. Users are given permission to access a set of items and resources based on the users' user roles.
Page 26
Write—Commands, XML elements, or MIB nodes that configure the features in the system. For • example, the info-center enable command and the debugging command. Execute—Commands, XML elements, or MIB nodes that execute specific functions. For example, the • ping command and the ftp command. A user role can access the set of permitted commands, XML elements, and MIB nodes specified in the user role rules.
Page 27
User role name Permissions • Accesses the display commands for features and resources in the system. To display all accessible commands of the user role, use the display role command. • Changes between MDC views. • Enables local authentication login users to change their own network-operator passwords.
User role name Permissions Security log manager. The user role has the following access rights to security log files: • Accesses the commands for displaying and maintaining security log files (for example, the dir, display security-logfile summary, and more commands). •...
Configuration task list Tasks at a glance (Required.) Creating user roles (Required.) Configuring user role rules (Optional.) Configuring feature groups (Optional.) Configuring resource access policies (Optional.) Assigning user roles (Optional.) Configuring temporary user role authorization Creating user roles In addition to the predefined user roles, you can create a maximum of 64 custom user roles for granular access control.
Configuration restrictions and guidelines When you configure RBAC user role rules, follow these restrictions and guidelines: • For MDC configuration, only the rules configured by the following user roles take effect: network-admin, network-operator, mdc-admin, mdc-operator, and level- 1 5. You can configure a maximum of 256 user-defined rules for a user role. The total number of •...
Step Command Remarks • Configure a command rule: rule number { deny | permit } command command-string • Configure a feature rule: By default, a user-defined user role rule number { deny | permit } does not have any rules or access to { execute | read | write } * feature any commands, XML elements, or [ feature-name ]...
Configuring resource access policies Every user role has one interface policy, VLAN policy, and VPN instance policy. By default, these policies permit user roles to access any interface, VLAN, and VPN instance. You can configure the policies of a user-defined user role or a predefined level-n user role to limit its access to interfaces, VLANs, and VPN instances.
Configuring the VPN instance policy of a user role Step Command Remarks Enter system view. system-view Enter user role view. role name role-name By default, the VPN instance policy of the user role permits access to all VPN instances. Enter user role VPN vpn-instance policy deny This command denies the access of the instance policy view.
Assigning user roles to remote AAA authentication users For remote AAA authentication users, user roles are configured on the remote authentication server. For information about configuring user roles for RADIUS users, see the RADIUS server documentation. For HWTACACS users, the role configuration must use the roles="role- 1 role-2 … role-n" format, where user roles are space separated.
SSH clients that use publickey or password-publickey authentication. User roles assigned to these • SSH clients are specified in their respective device management user accounts. For more information about user lines, see "Login overview" and "Configuring CLI login." For more information about SSH, see Security Configuration Guide.
Page 36
To enable a user to obtain another user role without reconnecting to the device, you must configure • user role authentication. Table 7 describes the available authentication modes and configuration requirements. If HWTACACS authentication is used, the following rules apply: •...
Keywords Authentication mode Description The device sends the username and password to the HWTACACS or RADIUS server for remote authentication. To use this mode, you must perform the following configuration tasks: Remote AAA authentication • Configure the required HWTACACS or RADIUS scheme through HWTACACS or scheme, and configure the ISP domain to use the...
Obtaining temporary user role authorization AUX or VTY users must pass authentication before they can use a user role that is not included in the user account they are logged in with. Perform the following task in user view: Task Command Remarks If you do not specify the rolename argument, you obtain...
Page 39
Figure 3 Network diagram Configuration procedure # Assign an IP address to VLAN-interface 2 (the interface connected to the Telnet user). <Switch> system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Enable Telnet server. [Switch] telnet server enable # Enable scheme authentication on the user lines for Telnet users.
# Remove the default user role network-operator from the user. This operation ensures that the user has only the permissions of role1. [Switch-luser-manage-user1] undo authorization-attribute user-role network-operator [Switch-luser-manage-user1] quit Verifying the configuration # Telnet to the switch, and enter the username and password to access the switch. (Details not shown.) # Verify that you can create VLANs 10 to 20.
Page 41
Figure 4 Network diagram Configuration procedure Make sure the settings on the switch and the RADIUS server match. Configure the switch: # Assign VLAN-interface 2 an IP address from the same subnet as the Telnet user. <Switch> system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Assign VLAN-interface 3 an IP address from the same subnet as the RADIUS server.
Page 42
[Switch-isp-bbb] quit # Create feature group fgroup1. [Switch] role feature-group name fgroup1 # Add the arp and radius features to the feature group. [Switch-featuregrp-fgroup1] feature arp [Switch-featuregrp-fgroup1] feature radius [Switch-featuregrp-fgroup1] quit # Create the user role role2. [Switch] role name role2 # Configure rule 1 to permit the user role to use all commands available in ISP view.
[Switch-isp-abc] authentication login radius-scheme abc [Switch-isp-abc] quit # Verify that you can use all read and write commands of the radius and arp features. Take radius as an example. [Switch] radius scheme rad [Switch-radius-rad] primary authentication 2.2.2.2 [Switch-radius-rad] display radius scheme rad …...
Page 44
Configuration procedure Configure the switch: # Assign an IP address to VLAN-interface 2 (the interface connected to the Telnet user). <Switch> system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Assign an IP address to VLAN-interface 3 (the interface connected to the HWTACACS server). [Switch] interface vlan-interface 3 [Switch-Vlan-interface3] ip address 10.1.1.2 255.255.255.0 [Switch-Vlan-interface3] quit...
Page 45
# Assign level-0 to the user. [Switch-luser-manage-test] authorization-attribute user-role level-0 # Remove the default user role network-operator. [Switch-luser-manage-test] undo authorization-attribute user-role network-operator [Switch-luser-manage-test] quit # Set the local authentication password to 654321 for the user role level-3. [Switch] super password role level-3 simple 654321 [Switch] quit # Set the local authentication password to 654321 for the user role network-admin.
Page 46
Figure 6 Configuring advanced TACACS+ settings Select Shell (exec) and Custom attributes, and enter allowed-roles="network-admin" in the Custom attributes field. Use a blank space to separate the allowed roles.
Page 47
Figure 7 Configuring custom attributes for the Telnet user Verifying the configuration Telnet to the switch, and enter the username test@bbb and password aabbcc to access the switch. Verify that you have access to diagnostic commands. <Switch> telnet 192.168.1.70 Trying 192.168.1.70 ... Press CTRL+K to abort Connected to 192.168.1.59 ...
<Switch> Verify that you can obtain the level-3 user role: # Use the super password to obtain the level-3 user role. When the system prompts for a username and password, enter the username test@bbb and password enabpass. <Switch> super level-3 Username: test@bbb Password: The following output shows that you have obtained the level-3 user role.
Page 49
# Assign an IP address to VLAN-interface 2 (the interface connected to the Telnet user). <Switch> system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Assign an IP address to VLAN-interface 3 (the interface connected to the RADIUS server). [Switch] interface vlan-interface 3 [Switch-Vlan-interface3] ip address 10.1.1.2 255.255.255.0 [Switch-Vlan-interface3] quit...
Page 50
# Set the local authentication password to abcdef654321 for the user role network-admin. [Switch] super password role network-admin simple abcdef654321 [Switch] quit Configure the RADIUS server: This example uses ACSv4.2. Add a user account $enab0$ and set the password to 123456. (Details not shown.) Access the Cisco IOS/PIX 6.x RADIUS Attributes page.
To resolve the problem: Use the display local-user command to examine the local user accounts for undesirable user roles, and delete them. If the problem persists, contact HP Support. Login attempts by RADIUS users always fail Symptom Attempts by a RADIUS user to log in to the network access device always fail, even though the following conditions exist: The network access device and the RADIUS server can communicate with one another.
Page 52
Configure the role default-role enable command. A RADIUS user can log in with the default user role when no user role is assigned by the RADIUS server. Add the user role authorization attributes on the RADIUS server. If the problem persists, contact HP Support.
Login overview The first time you access the device, you can only log in to the CLI of the default MDC through the console port. After login, you can create non-default MDCs, change console login parameters, or configure other access methods, including Telnet, SSH, and SNMP. Non-default MDCs do not have any console ports.
Page 54
Login method Default settings and minimum configuration requirements Login configuration By default, SSH login is disabled. To enable SSH login, perform the following tasks: • Enable the SSH server feature and configure SSH attributes. • Assign an IP address to a Layer 3 interface. Make sure the Configuring SSH •...
Flow control—None. Parity—None. Stop bits—1. Data bits—8. Power on the device and press Enter as prompted. The startup information and the default user view prompt <HP> appears as follows: Press Ctrl-B to enter Boot Menu Auto-booting Decompress Image Starting at 0x80100000 Cryptographic algorithms tests passed.
Page 56
Press ENTER to get started. <HP>%Sep 24 09:48:54:109 2014 HP SHELL/4/LOGIN: Console login from aux0 <HP> Y ou can enter commands to configure or manage the device. To get help, enter ?.
Configuring CLI login By default, you can log in to the CLI through the console port. After you log in, you can configure other login methods, including Telnet and SSH. To prevent illegal access to the CLI and control user behavior, perform the following tasks as required: Configure login authentication.
An absolute number uniquely identifies a user line among all user lines. The user lines are numbered starting from 0 and incrementing by 1 and in the sequence of AUX and VTY lines. You can use the display line command without any parameters to view supported user lines and their absolute numbers. A relative number uniquely identifies a user line among all user lines that are the same type.
FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. Telnet login is not supported in FIPS mode. Configuring console login You can connect a terminal to the console port of the device to log in and manage the device, as shown Figure 1...
Step Command Remarks A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. A non-default setting in either view takes precedence over a default •...
Step Command Remarks set authentication password { hash | Set a password. By default, no password is set. simple } password The default user role is network-admin for an AUX line user of the default MDC. Assign a user role. user-role role-name Non-default MDCs do not support console login.
Page 62
To configure common settings for an AUX line: Step Command Remarks Enter system view. system-view A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. A non-default setting in either view takes •...
Remarks By default, the terminal display type is ANSI. The device supports two terminal display types: ANSI and VT100. HP recommends Specify the that you set the display type to VT100 on terminal display terminal type { ansi | vt100 } both the device and the configuration type.
Configuring the device as a Telnet server Tasks at a glance (Required.) Enabling Telnet server (Required.) Configuring login authentication: • Disabling authentication for Telnet login • Configuring password authentication for Telnet login • Configuring scheme authentication for Telnet login (Optional.) Setting the maximum number of online Telnet users (Optional.) Setting the DSCP value for outgoing Telnet packets...
Step Command Remarks By default, a VTY line user of the default MDC is assigned the user role (Optional.) Assign a user user-role role-name network-operator. A VTY line user of a role. non-default MDC is assigned the user role mdc-operator. The next time you Telnet to the device, you do not need to provide a username or password, as shown Figure Figure 12 Telnetting to the device without authentication...
Page 66
Step Command Remarks By default, password authentication is enabled for VTY lines. In VTY line view, this command is associated with the protocol inbound Enable password authentication-mode password command. If you specify a non-default authentication. value for only one of the two commands in VTY line view, the other command uses the default setting, regardless of the setting in VTY line class view.
Page 67
Step Command Remarks A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. A non-default setting in either view takes • Enter VTY line view: precedence over a default setting in the line vty first-number...
Page 68
Figure 14 Scheme authentication interface for Telnet login Setting the maximum number of online Telnet users If you Telnet to the device when the number of online Telnet users is equal to the maximum number, your login attempt fails and the message "All user lines are used, please try later!" appears. To set the maximum number of online Telnet users: Step Command...
Page 69
Configuring common VTY line settings For a VTY line, you can specify a command that is to be automatically executed when a user logs in. After executing the specified command and performing the incurred task, the system automatically disconnects the Telnet session. Typically, you configure the auto-execute command telnet X.X.X.X command on the device so the device redirects a Telnet user to the host at X.X.X.X.
Step Command Remarks By default, the CLI connection idle-timeout timer is 10 minutes. If no interaction occurs between the device and Set the CLI connection idle-timeout minutes the user within the idle-timeout interval, the idle-timeout timer. [ seconds ] system automatically terminates the user connection on the user line.
Step Command Remarks • Log in to an IPv4 Telnet server: telnet remote-host [ service-port ] [ vpn-instance vpn-instance-name ] [ source { interface interface-type interface-number | ip ip-address } ] [ dscp dscp-value ] Use the device to log in to a Telnet server.
Page 72
Step Command Remarks • In non-FIPS mode: ssh user username service-type stelnet authentication-type { password | { any | password-publickey | publickey } assign (Optional.) Create an publickey keyname } SSH user and specify By default, no SSH user is configured on the the authentication device.
Step Command Remarks The default is 64. Changing this setting does not affect users who are currently online. If the current number of (Optional.) Set the aaa session-limit ssh online SSH users is equal to or greater than the maximum number of max-sessions new setting, no additional SSH users can log in concurrent SSH users.
Page 74
Task Command Remarks Display the source address or interface for outgoing Telnet packets display telnet client when the device acts as a Telnet client. Multiple users can log in to the device to simultaneously configure the device. When necessary, you can execute this Release a user line.
Accessing the device through SNMP You can run SNMP on an NMS to access the device MIB and perform Get and Set operations to manage and monitor the device. Figure 17 SNMP access diagram Get/Set requests Get/Set responses Agent and Traps The device supports SNMPv1, SNMPv2c, and SNMPv3, and can cooperate with various network management software products, including IMC.
Controlling user access to the device Use ACLs to prevent unauthorized access and configure command authorization and accounting to monitor and control user behavior. For more information about ACLs, see ACL and QoS Configuration Guide. FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode.
Configuration example Network requirements As shown in Figure 18, the device is a Telnet server. Configure the device to permit only Telnet packets sourced from Host A and Host B. Figure 18 Network diagram Configuration procedure # Configure an ACL to permit packets sourced from Host A and Host B. <Sysname>...
Step Command Remarks • (Method 1.) Create an SNMP community and specify ACLs for the community: In VACM mode: snmp-agent community { read | write } [ simple | cipher ] community-name [ mib-view view-name ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * For more In RBAC mode: information about...
Figure 19 Network diagram Configuration procedure # Create an ACL to permit packets sourced from Host A and Host B. <Sysname> system-view [Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit # Associate the ACL with the SNMP community and the SNMP group.
Step Command Remarks A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. • Enter user line view: A non-default setting in either view takes line { first-number1 precedence over a default setting in the [ last-number1 ] | { aux |...
Page 81
Figure 20 Network diagram Configuration procedure # Assign IP addresses to relevant interfaces. Make sure the device and the HWTACACS server can reach each other. Make sure the device and Host A can reach each other. (Details not shown.) # Enable the Telnet server. <Device>...
[Device] local-user monitor [Device-luser-admin] password cipher 123 [Device-luser-admin] service-type telnet [Device-luser-admin] authorization-attribute user-role level-1 Configuring command accounting Command accounting allows the HWTACACS server to record all executed commands that are supported by the device, regardless of the command execution result. This feature helps control and monitor user behavior on the device.
Step Command Remarks By default, command accounting is disabled. The accounting server does not record the commands executed by users. If the command accounting command is Enable command configured in user line class view, command accounting accounting. command accounting is enabled on all user lines in the class.
Page 84
# Enable command accounting for user lines VTY 0 through VTY 4. [Device] line vty 0 4 [Device-line-vty0-4] command accounting [Device-line-vty0-4] quit # Create HWTACACS scheme tac. [Device] hwtacacs scheme tac # Configure the scheme to use the HWTACACS server at 192.168.2.20:49 for accounting. [Device-hwtacacs-tac] primary accounting 192.168.2.20 49 # Set the shared key to expert.
Configuring FTP File Transfer Protocol (FTP) is an application layer protocol for transferring files from one host to another over an IP network. It uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959. FTP is based on the client/server model.
Configuring basic parameters Step Command Remarks Enter system view. system-view Enable the FTP server. ftp server enable By default, the FTP server is disabled. (Optional.) Use an ACL to ftp server acl { acl-number | By default, no ACL is used for access control access to the FTP ipv6 acl-number6 } control.
Local authorization—The device assigns authorized directories to FTP clients based on the locally • configured authorization attributes. Remote authorization—A remote authorization server assigns authorized directories on the device • to FTP clients. For information about configuring authentication and authorization, see Security Configuration Guide. Manually releasing FTP connections Task Command...
Page 88
<Sysname> system-view [Sysname] local-user abc class manage [Sysname-luser-abc] password simple 123456 # Assign the user role network-admin to the user. (The default working directory is the root directory of the flash memory on the active MPU. To change the working directory to the root directory of the flash memory on the standby MPU, specify the work-directory slotm#flash:/ option for the command.
200 TYPE is now 8-bit binary ftp> put temp.bin # Exit FTP. ftp> bye FTP server configuration example in IRF mode Network requirements Configure the IRF fabric as an FTP server. • Create a local user account with the username abc and password 123456 on the FTP server. •...
[Sysname] ftp server enable [Sysname] quit Perform FTP operations from the FTP client: # Log in to the FTP server at 1.1.1.1 using the username abc and password 123456. c:\> ftp 1.1.1.1 Connected to 1.1.1.1. 220 FTP service ready. User(1.1.1.1:(none)):abc 331 Password required for abc.
Step Command Remarks • (Method 1.) Log in to the FTP server from user view: ftp ftp-server [ service-port ] [ vpn-instance vpn-instance-name ] [ dscp dscp-value | source { interface The source IP address { interface-name | interface-type specified in the ftp command interface-number } | ip Log in to the FTP server.
Task Command • Display the detailed information of a directory or file on the FTP server: dir [ remotefile [ localfile ] ] Display directory and file information on the FTP server. • Display the name of a directory or file on the FTP server: ls [ remotefile [ localfile ] ] Change the working directory on the FTP server.
Task Command Remarks Upload a file to the FTP server. put localfile [ remotefile ] Download a file from the FTP get remotefile [ localfile ] server. Add the content of a file on the FTP client to a file on the FTP append localfile [ remotefile ] server.
Task Command Remarks By default, FTP client debugging is Enable or disable FTP client debugging. debug disabled. Clear the reply information in the buffer. reset Terminating the FTP connection Execute one of the following commands in FTP client view: Task Command •...
Page 95
Figure 25 Network diagram Configuration procedure # Configure IP addresses as shown in Figure 25. Make sure the device and PC can reach each other. (Details not shown.) # Examine the storage space of the device. If the free space is insufficient, use the delete/unreserved file-url command to delete unused files.
221 Logout. <Sysname> FTP client configuration example in IRF mode Network requirements As shown in Figure 26, the PC is acting as an FTP server. A user account with the username abc and password 123456 has been created on the PC. •...
Page 97
local: temp.bin remote: temp.bin 150 Connecting to port 47457 226 File successfully transferred 23951480 bytes received in 95.399 seconds (251.0 kbyte/s) # Download the file temp.bin from the PC to the root directory of the flash memory on each global standby MPU.
Configuring TFTP Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for data transmission. In contrast to TCP-based FTP, TFTP does not require authentication or complex message exchanges, and is easier to deploy. TFTP is suited for reliable network environments.
Step Command Remarks tftp tftp-server { get | put | sget } The source IP address specified in source-filename [ destination-filename ] this command takes precedence Download or upload a file [ vpn-instance vpn-instance-name ] over the one set by the tftp client in an IPv4 network.
Managing the file system This chapter describes how to manage the device's file system, including the storage media, directories, and files. IMPORTANT: Before managing storage media, files, and directories, make sure you know the possible impacts. • A file or directory whose name starts with a period (.) is considered a hidden file or directory. Do not •...
Page 101
Table 11 File name formats in standalone mode Format Description Example a.cfg indicates a file named a.cfg in the current working directory. Specifies a file in the current working file-name directory. This working directory might be on the active MPU or standby MPU. Specifies a file in a folder in the •...
Format Description Example Specifies a file on a storage medium on the device. • Both flash:/test/a.cfg and The drive argument represents the chassis1#slot0#flash:/test/a.cfg storage medium name. It is in the indicate a file named a.cfg in the format chassism#slotn#flash or test folder of the root directory on the chassism#slotn#usba0.
Displaying the contents of a text file Perform this task in user view. Task Command Display the contents of a text file. more file-url Renaming a file Perform this task in user view. Task Command Rename a file. rename fileurl-source fileurl-dest Copying a file Perform this task in user view.
Task Command tar create [ gz ] archive-file file-dest [ verbose ] source Archive files and folders. file-source&<1-5> tar extract archive-file file-dest [ verbose ] [ screen | to Extract files and folders. directory-name ] Display the names of archived files and folders. tar list archive-file file-dest Deleting/restoring a file You can delete a file permanently or move it to the recycle bin.
Use the following commands in user view: Task Command Calculate the digest of a file by using the SHA-256 algorithm. sha256sum file-url Calculate the digest of a file by using the MD5 algorithm. md5sum file-url Managing directories CAUTION: To avoid file system corruption, do not perform the following tasks during file operations: Installing or removing storage media.
Task Command Create a directory. mkdir directory Deleting a directory To delete a directory, you must delete all files and subdirectories in this directory. To delete a file, use the delete command. To delete a subdirectory, use the rmdir command. Deleting a directory permanently deletes all its files in the recycle bin, if any.
Use the cd command to change the current working directory to the root directory of the storage • medium before accessing a file or folder on the medium. For example, to display the contents of the a.cfg file in the root directory of the flash memory, perform the following tasks: Use the cd flash:/ command to change the current working directory to the root directory of the flash memory.
To prevent a USB disk and the USB interface from being damaged, make sure the following requirements are met before unmounting the USB disk: The system has recognized the USB disk. • The USB disk LED is not flashing. • Configuration procedure Perform one of the following tasks in user view as appropriate: Task...
Task Command Remarks By default, a CF card or USB disk has only one partition, cfa0: or usba0:. fdisk medium-name To partition a storage medium evenly, Partition a storage medium. [ partition-number ] specify the partition-number argument. To customize the sizes of partitions, do not specify the partition-number argument.
Managing configuration files Overview You can use the CLI or the BootWare menus to manage configuration files. This chapter explains how to manage configuration files from the CLI. A configuration file saves a set of commands for configuring software features on the device. You can save any configuration to a configuration file so the configuration can survive a reboot.
Next-startup configuration file redundancy You can specify one main next-startup configuration file and one backup next-startup configuration file for redundancy. At startup, the device tries to start up with the main configuration file. If the main configuration file is corrupt or unavailable, the device tries the backup configuration file. If the backup configuration file is corrupt or unavailable, the device starts up with the factory defaults.
Enabling configuration encryption Configuration encryption enables the device to encrypt a startup configuration file automatically when it saves the running configuration. All HP devices running Comware V7 software use the same private key or public key to encrypt configuration files.
Step Command Remarks Enter system view. system-view By default, configuration Enable configuration configuration encrypt { private-key | encryption is disabled. encryption. public-key } Configuration is saved unencrypted. Saving the running configuration When saving the running configuration to a configuration file, you can specify the file as the next-startup configuration file.
Command Remarks This command saves the configuration to a file on the default storage medium. For reliable configuration saving, HP recommends that you specify the safely keyword. If you specify only the safely keyword, the command saves the configuration to...
Configuring configuration archive parameters Before archiving the running configuration, either manually or automatically, you must configure a file directory and file name prefix for configuration archives. Configuration archives are saved with the file name format prefix_serial number.cfg, for example, 20080620archive_1.cfg and 20080620archive_2.cfg. The serial number is automatically assigned from 1 to 1000, increasing by 1.
Enabling automatic configuration archiving Make sure you have set an archive path and file name prefix before performing this task. To enable automatic configuration archiving: Step Command Remarks Enter system view. system-view By default, this function is disabled. Enable automatic To display configuration archive configuration archiving and archive configuration interval minutes...
Step Command Remarks Roll the running configuration back to the configuration The specified configuration file configuration replace file filename defined by a configuration must not be encrypted. file. The configuration rollback function might fail to reconfigure some commands in the running configuration for one of the following reasons: A command cannot be undone because prefixing the undo keyword to the command does not •...
Task Command Remarks By default, no next-startup configuration file is specified. Use the display startup command and the display saved-configuration command in any view to verify the configuration. If you specify neither the backup keyword nor the main keyword, this command sets the Specify the next-startup startup saved-configuration cfgfile configuration file as the main...
Restoring the main next-startup configuration file from a TFTP server To restore the main next-startup configuration file from a TFTP server, the device performs the following operations: • Downloads a configuration file from a TFTP server to the root directory of the default storage medium on each MPU.
Task Command Remarks If you do not specify either backup Delete next-startup configuration reset saved-configuration [ backup | or main, this command deletes the files. main ] main next-startup configuration file. Displaying and maintaining configuration files Execute display commands in any view. Task Command Display information about configuration...
Upgrading software Overview Software upgrade enables you to add new features and fix bugs. This chapter describes types of software and procedures to upgrade software from the CLI without using ISSU. For a comparison of all software upgrade methods, see "Upgrade methods."...
BootWare image, boot image, and system image are required for the system to operate. These images might be released separately or as a whole in one .ipe package file. If an .ipe file is used, the system decompresses the file automatically, loads the .bin images, and sets them as startup software images. NOTE: BootWare might be called Boot ROM on PEXs.
Figure 28 Comware image loading procedure Start Startup fails. You Backup boot Backup boot must load Main boot image Main boot image image exists and image exists and images from the exists and valid? exists and valid? valid? valid? BootWare menu. Starts up with Starts up with Main system...
If a PEX does not have a storage medium, it must start up from the storage medium on the master • device. HP 5700 switches can operate as PEXs for a 10500 eIRF system. NOTE: The PEX startup images on the PEX's local medium are called local startup images. The PEX startup images on the parent devices are called remote startup images.
Page 126
If any images do not exist or are invalid, the PEX goes to step 3. − The system verifies the compatibility of the PEX startup software images with the running software images of the global active MPU: If all the images are compatible, the PEX starts up with the images in the local medium. −...
Page 127
Figure 30 Generic startup process for 5700 PEXs...
Page 128
Figure 31 5700 PEX startup from the local medium...
Figure 32 5700 PEX startup from the parent device's storage medium Start Specify new PEX startup images PEX boot image exists and or enter BootWare menus to upgrade the PEX device valid? PEX system image exists and valid? PEX feature packages exist and valid? 是...
CF card, or a USB disk. To change the default storage medium setting, access the BootWare menu. For more information, see the release notes for the switch. HP recommends that you store the startup images in the flash memory and specify the flash memory as the default storage medium.
By default, this feature is enabled. This feature examines the image for (Optional.) Enable BootWare bootrom-update security-check wrong file type, file corruption, and image validity check. enable hardware incompatibility. HP recommends enabling it to ensure a successful upgrade. Return to user view. quit...
Step Command Remarks • In standalone mode: bootrom update file file-url slot Specify the downloaded software slot-number-list [ subslot image file for the file-url argument. subslot-number-list ] Load the upgrade BootWare The new BootWare image takes image to the Normal area of •...
Step Command Remarks • Use an .ipe file for upgrade: boot-loader file If an ISSU upgrade has been performed, use the ipe-filename { all | slot install commit command to update the main slot-number } { backup | startup images on the active MPU before you main } execute the boot-loader update command.
Page 134
Step Command Remarks • Use an .ipe file for upgrade: boot-loader file ipe-filename { all | chassis chassis-number slot slot-number } { backup | main } Specify main or backup startup • Use .bin files for upgrade: images for the boot-loader file boot global active MPU.
Restoring or downgrading the BootWare image without using ISSU This feature is available only for upgrading the parent device. To restore or upgrade the BootWare image of a PEX device, you must use its BootWare menus. To restore or downgrade the BootWare image for a card, make sure you have used the bootrom backup command to back up the image to the Backup area of BootWare.
Enabling software synchronization from the active MPU to the standby MPU at startup This feature is available only when the device operates in standalone mode. To synchronize software from the global active MPU to other MPUs on an IRF fabric, use the irf auto-update enable command. For more information about software auto-update, see Virtual Technologies Configuration Guide.
PEX startup images automatically to all MPUs on the parent fabric. To prevent a PEX startup failure after an active/standby or master/subordinate switchover, HP • Use .bin files for upgrade: recommends that you execute this boot-loader pex pex-model...
Step Command Remarks This step ensures that any Save the running save configuration you have made can configuration. survive a reboot. Specify the PEX virtual chassis number for the chassis-number argument. Specify the PEX virtual slot number for reboot chassis chassis-number slot Reboot the PEX.
Configuration procedure # Configure IP addresses and routes. Make sure the device and the TFTP server can reach each other. (Details not shown.) # Complete TFTP settings on both the device and the TFTP server. (Details not shown.) # Display information about the current software images. <Sysname>...
Figure 34 Network diagram Master Subordinate (Member ID = 1) (Member ID = 2) IRF link Internet 1.1.1.1/24 2.2.2.2/24 TFTP server Configuration procedure # Configure IP addresses and routes. Make sure the device and the TFTP server can reach each other. (Details not shown.) # Complete TFTP settings on both the device and the TFTP server.
Verifying the configuration # Verify that the IRF fabric is running the correct software. <Sysname> display version Non-ISSU PEX upgrade example Network requirements As shown in Figure • Each IRF member device has two MPUs: one in slot 0 and one in slot 1. The global active MPU is in slot 0 on the master device.
# Specify startup images files for the PEX-5700 switch to load from its local medium. Specify startup-5700.ipe as the main startup image file and startup-5700-backup.ipe as the backup startup image file. <Sysname> boot-loader file flash:/startup-5700.ipe chassis 110 slot 0 main <Sysname>...
Performing an ISSU Unless otherwise stated, the term "upgrade" refers to both software upgrade and downgrade in ISSU. Overview The In-Service Software Upgrade (ISSU) feature upgrades software with a minimum amount of downtime. ISSU is implemented on the basis of the following design advantages: Separation of service features from basic functions—Device software is segmented into boot, •...
Description CAUTION: The Reboot method disrupts service if hardware redundancy (MPU-, switching fabric-, or device-level) is not available. HP recommends that you schedule the downtime Reboot carefully to minimize the upgrade impact on the services. The Reboot method reboots MPUs to complete the software upgrade. While one MPU is rebooting, the other MPUs can provide services.
Verifying the device operating status Verify the following items: • Use the display device command to verify that no cards are in Fault state. Use the display mdc command to verify that all MDCs are in active state. • Use the switchto mdc command to verify that no automatic configuration process is in progress. If •...
Feature Setting requirements GR/NSR Enable GR or NSR for protocols including LDP, RSVP, OSPF, ISIS, BGP, and FSPF. Disable BFD for protocols including LDP, RSVP, OSPF, ISIS, RIP, BGP, VRRP, and NQA. Use the long LACP timeout interval (the lacp period short command is not Ethernet link aggregation configured) on all member ports in dynamic aggregation groups.
Remarks Enter system view. system-view By default, the automatic rollback timer is set to 45 minutes. Disable automatic issu rollback-timer 0 HP recommends not using the automatic rollback. rollback feature. This feature is complicated. Return to user view. quit •...
• Use .bin image files: In a ring-topology IRF fabric, HP issu load file { boot filename | Load the upgrade recommends that you specify half of system filename | feature...
Performing an ISSU by using install commands ISSU task list Tasks at a glance Remarks To use install commands for upgrade, you must use .bin image files. If the upgrade file is an .ipe file, perform (Optional.) Decompressing an .ipe file this task before you use install commands for upgrade.
Page 151
Image by image—Activate one image on all slots before activating another image. • In standalone mode: When you install an image, you must begin with the active MPU. • When you upgrade an image, you must begin with the standby MPU. •...
Step Command Remarks • In standalone mode: install activate { boot filename | The device does not support the system filename | feature boot filename or system filename filename&<1-30> } * slot slot-number option. Activate images. • In IRF mode: To upgrade a PEX, specify its install activate { boot filename | virtual chassis number for the...
Uninstalling patch images Perform this task in user view. Task Command Remarks To deactivate patch images on a PEX, perform the following tasks: • In standalone mode: • Specify its virtual chassis install deactivate patch filename slot number for the slot-number Deactivate patch chassis-number argument.
If an image is not integral, consistent, or committed, use the install activate, install deactivate, and install commit commands as appropriate to resolve the issue. Perform this task in user view. Task Command Remarks This command takes effect for both the parent devices Verify software images.
Task Command Display all software image files that display install which { component name | file filename } [ slot include a specific component or file. slot-number ] Display version compatibility information display version comp-matrix and identify the upgrade method. Clear ISSU log entries.
Use the display device command to verify that all cards are not in Fault state. Use the display mdc command to verify that all MDCs are in active state. If the problem persists, contact HP Support. Examples of using issu commands for ISSU on a...
Page 157
Figure 36 Network diagram Master Subordinate (Member_ID=1) (Member_ID=2) 1.1.1.1/24 GE1/3/0/1 GE2/3/0/1 Internet 2.2.2.2/24 TFTP server Note: The orange line represents an IRF connection. Upgrade procedure # Download the feature1-r0202.bin image file from the TFTP server. <Sysname> tftp 2.2.2.2 get feature1-r0202.bin % Total % Received % Xferd Average Speed...
Page 158
V700R001B45D002 Version Compatibility List: V700R001B45D001 V700R001B45D002 Version Dependency System List: V700R001B45D001 V700R001B45D002 Chassis Slot Upgrade Way Service Upgrade Service Upgrade Service Upgrade Service Upgrade Influenced service according to following table on chassis 1 slot 0: flash:/feature1-r0202.bin feature1 Influenced service according to following table on chassis 1 slot 1: flash:/feature1-r0202.bin feature1 Influenced service according to following table on chassis 2 slot 0:...
Page 159
This operation will delete the rollback point information for the previous upgrade and maybe get unsaved configuration lost. Continue? [Y/N]:y Verifying the file flash:/feature1-r0202.bin on Chassis 1 slot 0...Done. Copying file flash:/feature1-r0202.bin to chassis2#slot0#flash:/feature1-r0202.bin..Done. Verifying the file flash:/feature1-r0202.bin on Chassis 2 slot 0...Done. Copying file flash:/feature1-r0202.bin to chassis2#slot1#flash:/feature1-r0202.bin..Done.
flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0202.bin Active packages on chassis 1 slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0202.bin Active packages on chassis 2 slot 0: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0202.bin Active packages on chassis 2 slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0202.bin Feature upgrade to an incompatible version Upgrade requirements As shown in Figure 37, the IRF fabric has two members.
Page 161
# Display active software images. <Sysname> display install active Active packages on chassis 1 slot 0: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0201.bin Active packages on chassis 1 slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0201.bin Active packages on chassis 2 slot 0: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0201.bin Active packages on chassis 2 slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0201.bin...
Page 162
This operation will delete the rollback point information for the previous upgrade and maybe get unsaved configuration lost. Continue? [Y/N]:y Verifying the file flash:/feature1-r0202.bin on Chassis 1 slot 0...Done. Copying file flash:/feature1-r0202.bin to chassis2#slot0#flash:/feature1-r0202.bin..Done. Verifying the file flash:/feature1-r0202.bin on Chassis 2 slot 0...Done. Copying file flash:/feature1-r0202.bin to chassis2#slot1#flash:/feature1-r0202.bin..Done.
Page 163
flash:/feature1-r0202.bin Active packages on chassis 2 slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0202.bin...
Examples of using issu commands for ISSU on a four-member IRF fabric Feature upgrade to a compatible version Upgrade requirements As shown in Figure 38, the IRF fabric has four members. Each member has one active MPU (slot 0), one standby MPU (slot 1), and one LPU (slot 3).
Page 165
Active packages on chassis 1 slot 1: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 1 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 2 slot 0: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 2 slot 1: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 2 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin...
Page 166
Version: 7.1.045-Release 7168 Version compatibility list: 7.1.045-Release 7168 Version dependency system list: 7.1.045-Release 7168 Chassis Slot Upgrade Way Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade The output shows that service upgrade is recommended.
Page 167
This operation will delete the rollback point information for the previous upgrade and maybe get unsaved configuration lost. Continue? [Y/N]:y Verifying the file flash:/soft-version2.bin on chassis 1 slot 0...Done. Copying file flash:/soft-version2.bin to chassis2#slot0#flash:/soft-version2.bin ...Done. Verifying the file flash:/soft-version2.bin on chassis 2 slot 0...Done Copying file flash:/soft-version2.bin to chassis2#slot1#flash:/soft-version2.bin ...Done.
Page 168
Upgrading software images to compatible versions. Continue? [Y/N]:y This operation maybe take several minutes, please wait..Done. <Sysname> issu commit chassis 3 Copying file flash:/soft-version2.bin to chassis3#slot0#flash:/soft-version2.bin ...Done. Verifying the file flash:/soft-version2.bin on chassis 3 slot 0...Done Copying file flash:/soft-version2.bin to chassis3#slot1#flash:/soft-version2.bin ...Done.
Page 169
flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 1 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 2 slot 0: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 2 slot 1: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 2 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin...
Page 171
# Verify that the IRF fabric is running the new feature version. <Sysname> display version HP Comware Software, Version 7.1.045, Release 7169P01 Copyright (c) 2004-2015 Hewlett-Packard Development Company, L.P. HP uptime is 0 weeks, 0 days, 2 hours, 18 minutes Last reboot reason : Cold reboot...
Boot image: flash:/10500-CMW710-BOOT-R7169P01.bin Boot image version: 7.1.045, Release 7169P01 Compiled Aug 14 2015 11:56:35 System image: flash:/10500-CMW710-SYSTEM-R7169P01.bin System image version: 7.1.045, Release 7169P01 Compiled Aug 14 2015 11:56:35 Feature upgrade to an incompatible version (upgrading one subordinate member first) Upgrade requirements As shown in Figure 39, the IRF fabric has four members.
Page 173
<Sysname> display install active Active packages on chassis 1 slot 0: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 1 slot 1: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 1 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 2 slot 0: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin...
Page 174
flash:/soft-version1.bin # Identify the ISSU method and possible impact of the upgrade. <Sysname> display version comp-matrix file feature flash:/soft-version2.bin Verifying the file flash:/soft-version2.bin on chassis 1 slot 0...Don Feature image: flash:/soft-version2.bin Version: 7.1.045-Release 7168 Version compatibility list: 7.1.045-Release 7168 Version dependency system list: 7.1.045-Release 7168 Upgrade Way: Incompatible upgrade.
Page 175
...Done. Verifying the file flash:/soft-version2.bin on chassis 2 slot 1...Done. flash:/soft-version2.bin Running Version New Version Release 7168 Release 7168 Chassis Slot Upgrade Way Reboot Reboot Reboot Upgrading software images to incompatible versions. Continue? [Y/N]:y # Perform a master/subordinate switchover to upgrade the original master and the other two subordinate members.
Page 176
<Sysname> display install active Active packages on chassis 1 slot 0: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 1 slot 1: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 1 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 2 slot 0: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin...
Page 177
flash:/soft-version2.bin # Verify that the new image is on the current software image lists and startup software image lists of all member devices. <Sysname> display boot-loader Software images on chassis 1 slot 0: Current software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Main startup software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin...
Page 178
flash:/cmw710-system-test.bin flash:/soft-version2.bin Backup startup software images: None Software images on chassis 3 slot 0: Current software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Main startup software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Backup startup software images: None Software images on chassis 3 slot 1: Current software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin...
<Sysname> display version HP Comware Software, Version 7.1.045, Release 7169P01 Copyright (c) 2004-2015 Hewlett-Packard Development Company, L.P. HP uptime is 0 weeks, 0 days, 2 hours, 18 minutes Last reboot reason : Cold reboot Boot image: flash:/10500-CMW710-BOOT-R7169P01.bin Boot image version: 7.1.045, Release 7169P01 Compiled Aug 14 2015 11:56:35 System image: flash:/10500-CMW710-SYSTEM-R7169P01.bin...
Page 180
<Sysname> tftp 2.2.2.2 get soft-version2.bin Press CTRL+C to abort. % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 13312 0 13312 295k 0 --:--:-- --:--:-- --:--:-- 309k # Display active software images. <Sysname>...
Page 181
flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin Active packages on chassis 4 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version1.bin # Identify the ISSU method and possible impact of the upgrade. <Sysname> display version comp-matrix file feature flash:/soft-version2.bin Verifying the file flash:/soft-version2.bin on chassis 2 slot 0...Done Feature image: flash:/soft-version2.bin Version: 7.1.045-Release 7168...
Page 182
This operation will delete the rollback point information for the previous upgrade and maybe get unsaved configuration lost. Continue? [Y/N]:y Verifying the file flash:/soft-version2.bin on chassis 1 slot 0...Done Copying file flash:/soft-version2.bin to chassis2#slot0#flash:/soft-version2.bin ...Done. Copying file flash:/soft-version2.bin to chassis2#slot1#flash:/soft-version2.bin ...Done.
Page 183
Chassis Slot Upgrade Way Reboot Reboot Reboot Upgrading software images to incompatible versions. Continue? [Y/N]:y # Verify that all members are running the new image. <Sysname> display install active Active packages on chassis 1 slot 0: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 1 slot 1: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin...
Page 184
Active packages on chassis 4 slot 1: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Active packages on chassis 4 slot 3: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin # Verify that the new image is on the current software image lists and startup software image lists of all member devices.
Page 185
Software images on chassis 2 slot 1: Current software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Main startup software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Backup startup software images: None Software images on chassis 3 slot 0: Current software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin Main startup software images: flash:/cmw710-boot-test.bin flash:/cmw710-system-test.bin flash:/soft-version2.bin...
<Sysname> display version HP Comware Software, Version 7.1.045, Release 7169P01 Copyright (c) 2004-2015 Hewlett-Packard Development Company, L.P. HP uptime is 0 weeks, 0 days, 2 hours, 18 minutes Last reboot reason : Cold reboot Boot image: flash:/10500-CMW710-BOOT-R7169P01.bin Boot image version: 7.1.045, Release 7169P01 Compiled Aug 14 2015 11:56:35 System image: flash:/10500-CMW710-SYSTEM-R7169P01.bin...
Page 187
Figure 41 Network diagram Upgrade procedure # Download the 5700-feature1-d2403.bin image file for PEX upgrade from the TFTP server. <Sysname> tftp 2.2.2.2 get 5700-feature1-d2403.bin % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 --:--:-- --:--:-- --:--:--...
Page 188
flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0041.bin Active packages on chassis 2 slot 0: flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0041.bin Active packages on chassis 2 slot 8: flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0041.bin Active packages on chassis 100 slot 0: flash:/5700-boot.bin flash:/5700-system.bin flash:/5700-feature1-d2402.bin Active packages on chassis 101 slot 0: flash:/5700-boot.bin flash:/5700-system.bin flash:/5700-feature1-d2402.bin...
Page 189
D2402 Chassis Slot Upgrade Way Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Service Upgrade Influenced service according to following table on chassis 1 slot 0: flash:/feature1-a0042.bin feature1 Influenced service according to following table on chassis 1 slot 1: flash:/feature1-a0042.bin feature1 Influenced service according to following table on chassis 1 slot 8:...
Page 190
The feature module on the PEXs. • # Disable automatic rollback. <Sysname> system-view [Sysname] issu rollback-timer 0 # Enable link-aggregation traffic redirection. [Sysname] link-aggregation lacp traffic-redirect-notification enable # Enable the IRF bridge MAC address to be permanent. [Sysname] irf mac-address persistent always # Set the physical state change suppression interval to 0 on the interfaces.
Page 191
flash:/feature1-a0042.bin Running Version New Version Alpha 0041 Alpha 0042 Chassis Slot Switchover Way Active standby process switchover Chassis Slot Upgrade Way Service Upgrade Upgrading software images to compatible versions. Continue? [Y/N]:Y # Upgrade the feature on the master and PEX 1. <Sysname>...
flash:/feature1-a0042.bin Active packages on chassis 2 slot 8: flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0042.bin Active packages on chassis 2 slot 12: flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0042.bin Active packages on chassis 100 slot 0: flash:/5700-boot.bin flash:/5700-system.bin flash:/5700-feature1-d2403.bin Active packages on chassis 101 slot 0: flash:/5700-boot.bin flash:/5700-system.bin flash:/5700-feature1-d2403.bin Feature upgrade to an incompatible version Upgrade requirements...
Page 193
Upgrade procedure # Download the 5700-feature1-d2404.bin image file for PEX upgrade from the TFTP server. <Sysname> tftp 2.2.2.2 get 5700-feature1-d2404.bin % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 --:--:-- --:--:-- --:--:-- # Download the feature1-a0043.bin image file for parent IRF fabric upgrade from the TFTP server.
Page 194
<Sysname> issu pex PEX-5700 file feature flash:/5700-feature1-d2404.bin Verifying the file flash:/5700-feature1-d2404.bin on chassis 1 slot 0...Done. Copying file flash:/5700-feature1-d2404.bin to chassis1#slot1#flash:/5700-feature1-d2404.bin...Done. Copying file flash:/5700-feature1-d2404.bin to chassis2#slot0#flash:/5700-feature1-d2404.bin...Done. # Identify the recommended ISSU method for the upgrade and view the possible impact of the upgrade. <Sysname>...
Page 195
# Perform an ISSU switchover on the current IRF fabric and upgrade the PEXs. <Sysname> issu run switchover Copying file flash:/feature1-a0043.bin to chassis1#slot1#flash:/feature1-a0043.bin...Done. Verifying the file flash:/feature1-a0043.bin on chassis 1 slot 1...Done. Upgrade summary according to following table: flash:/feature1-a0043.bin Running Version New Version Alpha 0041 Alpha 0043...
flash:/5700-boot.bin flash:/5700-system.bin flash:/5700-feature1-d2404.bin Active packages on chassis 101 slot 0: flash:/5700-boot.bin flash:/5700-system.bin flash:/5700-feature1-d2404.bin Examples of using install commands for ISSU on a standalone device Feature upgrade example Upgrade requirements As shown in Figure 43, the device has two MPUs. The active MPU is in slot 0. The standby MPU is in slot Upgrade the feature from R0201 to R0202.
Page 197
flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0201.bin # Identify the version compatibility, recommended ISSU methods, and possible impact of the upgrade. <Sysname> install activate feature flash:/feature1-r0202.bin slot 1 test Copying file flash:/feature1-r0202.bin to slot1#flash:/feature1-r0202.bin..Done. Verifying the file flash:/feature1-r0202.bin on slot 1...Done. Upgrade summary according to following table: flash:/feature1-r0202.bin Running Version New Version...
Slot Upgrade Way Service Upgrade Upgrading software images to compatible versions. Continue? [Y/N]: y This operation maybe take several minutes, please wait......Done. <Sysname> install activate feature flash:/feature1-r0202.bin slot 0 Verifying the file flash:/feature1-r0202.bin on slot 0...Done. Upgrade summary according to following table: flash:/feature1-r0202.bin Running Version New Version...
Page 199
Figure 44 Network diagram Master Subordinate (Member_ID=1) (Member_ID=2) 1.1.1.1/24 GE1/3/0/1 GE2/3/0/1 Internet 2.2.2.2/24 TFTP server Note: The orange line represents an IRF connection. Upgrade procedure # Download the feature1-r0202.ipe file from the TFTP server. <Sysname> tftp 2.2.2.2 get feature1-r0202.ipe % Total % Received % Xferd Average Speed Time...
Page 200
# Identify the recommended ISSU methods for the upgrade and view the possible impact of the upgrade. <Sysname> install activate feature flash:/feature1-r0202.bin chassis 2 slot 1 test Copying file flash:/feature1-r0202.bin to chassis2#slot1#flash:/feature1-r0202.bin..Done. Verifying the file flash:/feature1-r0202.bin on chassis 2 slot 1...Done. Upgrade summary according to following table: flash:/feature1-r0202.bin Running Version...
Page 201
Service Upgrade Influenced service according to following table on chassis 1 slot 0: flash:/feature1-r0202.bin feature1 Influenced service according to following table on chassis 1 slot 1: flash:/feature1-r0202.bin feature1 <Sysname> install activate feature flash:/feature1-r0202.bin chassis 1 slot 0 test Verifying the file flash:/feature1-r0202.bin on chassis 1 slot 0...Done. Upgrade summary according to following table: flash:/feature1-r0202.bin Running Version...
Page 202
Upgrade summary according to following table: flash:/feature1-r0202.bin Running Version New Version Alpha 0201 Alpha 0202 Chassis Slot Upgrade Way Service Upgrade Upgrading software images to compatible versions. Continue? [Y/N]: y This operation maybe take several minutes, please wait......Done. <Sysname> install activate feature flash:/feature1-r0202.bin chassis 1 slot 1 flash:/feature1-r0202.bin already exists on chassis 1 slot 1.
flash:/feature1-r0202.bin Active packages on chassis 2 slot 0: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0202.bin Active packages on chassis 2 slot 1: flash:/boot-r0201.bin flash:/system-r0201.bin flash:/feature1-r0202.bin # Commit the software changes. <Sysname> install commit This operation will take several minutes, please wait......Done. Examples of using install commands for ISSU on an eIRF system Feature upgrade example Upgrade requirements...
Page 204
Figure 45 Network diagram Upgrade procedure # Download the 5700-feature1-d2403.bin image file for PEX upgrade from the TFTP server. <Sysname> tftp 2.2.2.2 get 5700-feature1-d2403.bin % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 --:--:-- --:--:-- --:--:--...
Page 205
flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0041.bin Active packages on chassis 2 slot 0: flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0041.bin Active packages on chassis 2 slot 8: flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0041.bin Active packages on chassis 100 slot 0: flash:/5700-boot.bin flash:/5700-system.bin flash:/5700-feature1-d2402.bin Active packages on chassis 101 slot 0: flash:/5700-boot.bin flash:/5700-system.bin flash:/5700-feature1-d2402.bin...
Page 206
flash:/feature1-a0042.bin Running Version New Version Alpha 0041 Alpha 0042 Chassis Slot Upgrade Way Service Upgrade Influenced service according to following table on chassis 1 slot 1: flash:/feature1-a0042.bin feature1 <Sysname> install activate feature flash:/feature1-a0042.bin chassis 2 slot 0 test Verifying the file flash:/feature1-a0042.bin on chassis 2 slot 0...Done. Upgrade summary according to following table: flash:/feature1-a0042.bin Running Version...
Page 207
flash:/5700-feature1-d2403.bin Running Version New Version Demo 2402 Demo 2403 Chassis Slot Upgrade Way Service Upgrade Influenced service according to following table on chassis 101 slot 0: flash:/5700-feature1-d2403.bin feature1 The output shows that an incremental upgrade is recommended and the following items will be rebooted during the upgrade: The feature module and related modules on the MPUs.
Page 208
Chassis Slot Upgrade Way Service Upgrade Service Upgrade Service Upgrade Upgrading software images to compatible versions. Continue? [Y/N]:Y This operation maybe take several minutes, please wait......Done. # Activate the new feature image to upgrade the feature on the cards in chassis 2. <Sysname>...
Page 209
flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0042.bin Active packages on chassis 100 slot 0: flash:/5700-boot.bin flash:/5700-system.bin flash:/5700-feature1-d2402.bin Active packages on chassis 101 slot 0: flash:/5700-boot.bin flash:/5700-system.bin flash:/5700-feature1-d2402.bin # Activate the new feature image to upgrade the feature on PEX 1. <Sysname> install activate feature flash:/5700-feature1-d2403.bin chassis 100 slot 0 flash:/5700-feature1-d2403.bin already exists on chassis 100 slot 0.
Page 210
flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0042.bin Active packages on chassis 1 slot 1: flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0042.bin Active packages on chassis 1 slot 8: flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0042.bin Active packages on chassis 1 slot 12: flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0042.bin Active packages on chassis 2 slot 0: flash:/boot-a0041.bin flash:/system-a0041.bin flash:/feature1-a0041.bin...
Using automatic configuration Overview With the automatic configuration feature, the device can automatically obtain a set of configuration settings when it starts up without a configuration file. This feature simplifies network configuration and maintenance. As shown in Figure 46, automatic configuration requires the following servers: DHCP server.
Configuring the file server For devices to obtain configuration information from a TFTP server, start TFTP service on the file server. For devices to obtain configuration information from an HTTP server, start HTTP service on the file server. Preparing the files for automatic configuration The device can use a script file or configuration file for automatic configuration.
Script files Script files can be used for automatic software upgrade and automatic configuration. The device supports Python scripts (.py files) and Tcl scripts (.tcl files). For more information about Python and Tcl scripts, see "Using Python" and "Using Tcl." To prepare script files: For devices that share all or some configurations, create a script file that contains the common •...
Step Command Remarks Create a DHCP address By default, no DHCP address pool is dhcp server ip-pool pool-name pool and enter its view. created. • (Method 1.) Specify the primary subnet for the address pool: network network-address Use either or both methods. [ mask-length | mask mask ] By default, no primary subnet or static •...
Configuring the DNS server A DNS server is required in the following situations: The TFTP server does not have a host name file. However, devices need to perform the following • operations: Use their IP addresses to obtain their host names. Obtain configuration files named in the host name.cfg format from the TFTP server.
If a device does not find a next-start configuration file locally, it starts the automatic configuration process to obtain a configuration file. If one attempt fails, the device waits 30 seconds and then automatically starts the process again. To stop the process, press Ctrl+C or Ctrl+D. After obtaining a configuration file, the device automatically executes the configuration file.
[DeviceB] dhcp enable # Configure the address pool 1 to assign IP addresses on subnet 192.168.1.0/24 to clients. [DeviceB] dhcp server ip-pool 1 [DeviceB-dhcp-pool-1] network 192.168.1.0 24 # Specify the URL of the script file for the clients. [DeviceB-dhcp-pool-1] bootfile-name http://192.168.1.40/device.tcl Configure the HTTP server: # Create the configuration file device.tcl on the HTTP server.
Page 222
Configure the servers so Device A can obtain a Python script to complete the following configuration tasks: Enable the administrator to Telnet to Device A to manage Device A. • Require the administrator to enter the correct username and password at login. •...
<DeviceB> telnet 192.168.1.2 Enter the username user and password abcabc as prompted. (Details not shown.) You are logged in to Device A. Automatic IRF setup Network requirements As shown in Figure 50, Switch A and Switch B do not have a configuration file. Configure the servers so the switches can obtain a Python script to complete their respective configuration and form an IRF fabric.
Page 224
File Content Remarks Python commands and APIs that complete the following tasks: • (Optional.) Verifies that the flash memory has sufficient space for the files to be downloaded. • Downloads the configuration file and sn.txt. For more information about • .py Python script file (Optional.) Downloads the software Python script configuration, see...
Page 225
* indicates the device is the master. + indicates the device through which the user logs in. The Bridge MAC of the IRF is: 000c-1000-1111 Auto upgrade : yes Mac persistent : always Domain ID Auto merge : yes The output shows that the switches have formed an IRF fabric.
A device name (also called hostname) identifies a device in a network and is used in CLI view prompts. For example, if the device name is Sysname, the user view prompt is <Sysname>. To configure the device name: Step Command Remarks Enter system view. system-view Configure the device name. sysname sysname The default device name is HP.
Configuring the system time Correct system time is essential to network management and communication. Configure the system time correctly before you run the device on the network. Specifying the system time source The device can use one of the following system time sources: None—Local system time.
Enabling displaying the copyright statement When displaying the copyright statement is enabled, the device displays the copyright statement in the following situations: • When a Telnet or SSH user logs in. When a console user quits user view. This is because the device automatically tries to restart the user •...
For example, you can configure the shell banner "Have a nice day." as follows: <System> system-view [System] header shell %Have a nice day.% Multiline banner. • A multiline banner can contain carriage returns. A carriage return is counted as two characters. To input a multiline banner, use one of the following methods: Method 1—Press Enter after the final command keyword, enter the banner as prompted, and end the final line with the delimiter character %.
Step Command Remarks By default, the device does not have a Configure the login banner. header login text login banner. Configure the incoming By default, the device does not have an header incoming text banner. incoming banner. By default, the device does not have a Configure the shell banner.
Immediately reboot the device at the CLI. • • Schedule a reboot at the CLI, so the device automatically reboots at the specified time or after the specified period of time. Power off and then power on the device. This method might cause data loss, and is the •...
Scheduling a task You can schedule the device to automatically execute a command or a set of commands without administrative interference. You can configure a non-periodic schedule or a periodic schedule. A non-periodic schedule is not saved to the configuration file and is lost when the device reboots. A periodic schedule is saved to the startup configuration file and is automatically executed periodically.
Page 233
schedule. The jobs will be executed concurrently. By default, a schedule has the user role of the schedule creator. You can assign up to 64 user roles to Assign user roles to the user-role role-name a schedule. A command in a schedule.
Step Command Remarks • Execute the schedule at an interval from the specified time By default, no execution time is time repeating at time specified for a schedule. [ month-date [ month-day | last ] Specify an execution Executing commands clock | week-day week-day&<1-7>...
Job name : shutdown-GigabitEthernet1/0/1 Schedule name : STOP-pc1/pc2 Execution time : Wed Sep 28 18:00:00 2011 Completion time : Wed Sep 28 18:00:01 2011 --------------------------------- Job output ----------------------------------- <Sysname>system-view System View: return to User View with Ctrl+Z. [Sysname]interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1]shutdown Job name : shutdown-GigabitEthernet1/0/2...
[ cpu cpu-number ] ] monitor cpu-usage enable [ slot By default, CPU usage tracking is Enable CPU usage tracking. slot-number [ cpu cpu-number ] ] enabled. monitor cpu-usage interval Set the sampling interval for By default, the sampling interval for interval-value [ slot slot-number CPU usage tracking.
Page 239
Samples memory usage at an interval of 1 minute, and compares the sample with the memory • usage threshold. If the sample is greater, the device sends a trap. Monitors the amount of free memory space in real time. If a free-memory threshold is exceeded, the •...
Figure 52 Memory alarm notification and alarm-removed notification Free memory space Minor alarm-removed Normal Minor Severe alarm-removed alarm Minor Critical alarm-removed Severe alarm Severe Critical alarm Critical Time To set memory alarm thresholds: Step Command Remarks Enter system view. system-view •...
When the temperature drops below the low-temperature threshold or reaches the high-temperature warning threshold, the device performs the following operations: Logs the event. • Sends a log message. • Sends a trap. • When the temperature reaches the high-temperature alarming threshold, the device performs the following operations: Logs the event.
Page 242
Increases both the MAC address table Both a large MAC address table and a mix-bridging-routing size and routing table size. large routing table are required. Optimizes resource sharing for ND and ARP entries to provide optimal standard-ipv6 The IPv4/IPv6 dual-stack is used. forwarding performance in an IPv4/IPv6 dual-stack environment.
• In standalone mode: set asset-info { chassis | fan fan-id | power power-id | slot slot-number } { csn csn-number | custom name value | department department | description description | location location | service-date date | state Configure an asset state } profile for a physical •...
The data is written to the storage component during debugging or testing. Install only transceiver modules that are from HP. If you install a transceiver module that is not from HP, the device will generate a log message to ask you to replace the module. For more information about log messages, see information center configuration in Network Management and Monitoring Configuration Guide.
Disable alarm traps if the transceiver modules were manufactured or sold by HP. The device regularly detects transceiver modules that have a vendor name other than HP or do not have a vendor name. Upon detecting such a transceiver module, the device repeatedly outputs traps and logs to notify the user to replace the module.
After this command is executed, only the items required for fundamental device operation are retained, including the .bin files, MAC addresses, and electronic label information. To restore the factory-default configuration for the device, execute the following command in user view: Task Command Remarks...
Page 249
Display the electronic label display device manuinfo power information of a power module. power-id Display or save the operating display diagnostic-information statistics for multiple feature [ hardware | infrastructure | l2 | modules. l3 | service ] [ filename ] Display device temperature display environment [ slot statistics.
Using Tcl Comware V7 provides a built-in tool command language (Tcl) interpreter. From user view, you can use the tclsh command to enter Tcl configuration view to execute the following commands: • All Tcl 8.5 commands. Comware commands. • The Tcl configuration view is equivalent to the user view. You can use Comware commands in Tcl configuration view in the same way they are used in user view.
Managing the system with BootWare BootWare provides a menu method for performing basic file operations, software upgrade, and system management. You can use this method when you cannot access the Comware CLI, for example, because of software image corruption. NOTE: Output in this document is for illustration only.
Use BootWare menus for software upgrade only when you cannot access the CLI. From BootWare menus, you can upgrade MPUs only one by one. If the device has two MPUs, HP recommends that you remove one MPU before upgrading software.
Option Task <0> Reboot Reboot the device. Modifying serial port parameters When using the console port to access the system, make sure the port parameters are consistent with the serial port settings on the configuration terminal. Port parameters include the baud rate, data bits, parity check, stop bits, flow control, and emulation.
Updating the entire BootWare To update the entire BootWare, enter 3 in the BASIC-BOOTWARE menu. Enter your choice(0-5): 3 Please Start To Transfer File, Press <Ctrl+C> To Exit. Waiting ...CCCCC Download successfully! 329344 bytes downloaded! Updating Basic BootWare? [Y/N]Y Updating Basic BootWare....Done. Updating Extended BootWare? [Y/N]Y Updating Extended BootWare....Done.
Enter your choice(0-5): 5 Booting Normal Extended BootWare The Extended BootWare is self-decompressing..Done. **************************************************************************** BootWare, Version 1.33 **************************************************************************** Compiled Date : Nov 20 2014 CPU Type : XLP316 CPU Clock Speed : 1200MHz Memory Type : DDR3 SDRAM Memory Size : 8192MB Memory Speed : 667MHz...
============================================================================ Ctrl+U: Access BASIC ASSISTANT MENU Enter your choice(0-5): Table 20 BASIC-BOOTWARE menu options Option Task <1> Modify Serial Interface Parameter Change the baud rate of the console port. Update the extended BootWare segment. <2> Update Extended BootWare If the extended segment is corrupt, choose this option to repair Update the entire BootWare, including the basic segment <3>...
NOTE: The baud rate change is a one-time operation. The baud rate will restore to the default (9600 bps) at reboot. To establish a console session with the device after a reboot, you must change the baud rate setting on the configuration terminal to 9600 bps. Updating the extended BootWare segment If the extended BootWare segment is corrupt, enter 2 in the BASIC-BOOTWARE menu to update it.
Memory Size : 8192MB Memory Speed : 667MHz BootWare Size : 1536KB Flash Size : 4MB BootWare Validating... Press Ctrl+B to access EXTENDED-BOOTWARE MENU... Running the backup extended BootWare segment To bootstrap the Comware software images with the backup extended BootWare segment, enter 5 in the BASIC-BOOTWARE menu.
Page 261
**************************************************************************** BootWare, Version 1.33 **************************************************************************** Compiled Date : Nov 20 2014 CPU Type : XLP316 CPU Clock Speed : 1200MHz Memory Type : DDR3 SDRAM Memory Size : 8192MB Memory Speed : 667MHz BootWare Size : 1536KB Flash Size : 500MB BASIC CPLD Version : 4.0 EXTENDED CPLD Version : 3.0...
Page 262
Table 21 EXTENDED-BOOTWARE menu options Option Task Reference Run the Comware software without rebooting the device. <1> Boot System Running the Comware software Choose this option after completing operations in the EXTENDED-BOOTWARE menu. Download files with XMODEM and Upgrading Comware software <2>...
NOTE: Basic Comware V7 software images include a .bin boot image and a .bin system image. A system must • have the two images to operate appropriately. They are released both in separate .bin files and in an .ipe package file so you can update the images separately or as a whole. You can set one Comware software image as a main (M) or backup (B) image.
Page 264
Enter your choice(0-5): Table 22 Serial submenu options Option Task Load and run Comware software images in SDRAM. <1> Download Image Program To This option is not available if password recovery capability is SDRAM And Run disabled. Download Comware software images to the current storage medium as main images (the file attribute is set to M).
Download successfully! 47979456 bytes downloaded! Updating File flash:/test-boot-r7328.bin..........Done. Enter 0 in the Serial submenu to return to the EXTENDED-BOOTWARE menu. Enter 1 in the EXTENDED-BOOTWARE menu to run the new software. Upgrading Comware software through the management Ethernet port You can upgrade the Comware software through the management Ethernet port from the Ethernet submenu.
Page 266
Option Task <0> Exit To Main Menu Return to the EXTENDED-BOOTWARE menu. Enter 5 in the Ethernet submenu to configure file transfer settings. Enter your choice(0-5):5 ==========================<ETHERNET PARAMETER SET>========================== |Note: '.' = Clear field. '-' = Go to previous field. Ctrl+D = Quit.
Choose an option from 1 to 3. For example, to upgrade the main Comware software images, enter ==========================<Enter Ethernet SubMenu>========================== |Note:the operating device is flash |<1> Download Image Program To SDRAM And Run |<2> Update Main Image File |<3> Update Backup Image File |<4>...
Page 268
Enter your choice(0-9):4 The following File Control submenu appears: ===============================<File CONTROL>=============================== |Note:the operating device is flash |<1> Display All File(s) |<2> Set Image File type |<3> Set Bin File type |<4> Delete File |<5> Copy File |<0> Exit To Main Menu ============================================================================ Enter your choice(0-5): Displaying all files...
Page 269
For example, the boot image file main.bin has the M attribute and the boot image file update.bin has the B attribute. If you assign the M attribute to update.bin, update.bin will have both the M and B attributes (M+B), and the file attribute of main.bin will change to N/A. To change the attribute of Comware software images: Enter 3 in the File Control submenu.
Enter the number of the destination storage medium. For example, enter 1 to copy the file to the flash memory. Enter your choice(0-1):1 The destination file can't be the same as the source file. Restoring the factory-default configuration CAUTION: Performing this task can cause all next-startup configuration files in the current storage medium to be permanently deleted.
Skipping the configuration file at the next startup To skip the configuration file at the next startup, enter 6 in the EXTENDED-BOOTWARE menu. ==========================<EXTENDED-BOOTWARE MENU>========================== |<1> Boot System |<2> Enter Serial SubMenu |<3> Enter Ethernet SubMenu |<4> File Control |<5> Restore to Factory Default Configuration |<6>...
Page 273
Backing up the BootWare image You can back up the entire BootWare image, its basic segment, or extended segment. When the BootWare image is corrupt, you could use the backup image for recovery. Enter 1 in the BootWare Operation menu to perform a BootWare image backup. Enter your choice(0-4): 1 Will you backup the Basic BootWare? [Y/N]Y Begin to backup the Basic BootWare..Done.
Figure 53 Skipping console login authentication Console login password lost Reboot the switch to access the EXTENDED-BOOTWARE menu Select Skip Authentication for Console Login Reboot the switch to enter user line view No password is required for console Execute the login, whether or not you save the quit command? running configuration.
Table 28 DEVICE CONTROL menu options Option Task Display all storage media on the MPU you are <1> Display All Available Nonvolatile Storage Device(s) working with. Set the current storage medium. All file <2> Set The Operating Device operations in BootWare menus are performed on the current storage medium.
Table 29 Error messages Error message Description The start or end address is beyond the memory space or the end address is lower Invalid address. than the start address. The entered memory length is so great that the calculated end address is beyond Invalid length the memory space.
Page 278
Enter < Storage Device Operation > to select device. ==========================<EXTENDED-BOOTWARE MENU>========================== |<1> Boot System |<2> Enter Serial SubMenu |<3> Enter Ethernet SubMenu |<4> File Control |<5> Restore to Factory Default Configuration |<6> Skip Current System Configuration |<7> BootWare Operation Menu |<8>...
Page 279
Option Task Reference Download files with XMODEM and Upgrading Comware software <2> Enter Serial SubMenu upgrade the Comware software through the console port through the console port. Download files with FTP or TFTP and Upgrading Comware software upgrade the Comware software <3>...
NOTE: Basic Comware V7 software images include a .bin boot image and a .bin system image. A system must • have the two images to operate appropriately. They are released both in separate .bin files and in an .ipe package file so you can update the images separately or as a whole. You can set one Comware software image as a main (M) or backup (B) image.
Page 281
Enter your choice(0-5): Table 31 Serial submenu options Option Task Load and run Comware software images in SDRAM. <1> Download Image Program To This option is not available if password recovery capability is SDRAM And Run disabled. Download Comware software images to the current storage medium as main images (the file attribute is set to M).
============================================================================ Enter your choice(0-5):2 On the configuration terminal, configure the communication settings and transfer the upgrade file. For more information, see "Using XMODEM to upgrade software through the console port." In this example, the system sets the file as a main software image file when the file transfer is complete.
Page 283
Option Task Download Comware software images to the current storage medium as backup images (the file attribute is set to B). <3> Update Backup Image File As a result, the B file attribute of the original backup images is removed. Download a file to the current storage medium.
Field Description Local IP Address Set the IP address of the device. Subnet Mask Set the IP address mask. Set a gateway IP address if the device is on a different network Gateway IP Address than the server. Set the username for accessing the FTP server. This username must FTP User Name be the same as configured on the FTP server.
Page 285
============================================================================ Ctrl+Z: Access EXTENDED ASSISTANT MENU Ctrl+F: Format File System Enter your choice(0-9):4 The following File Control submenu appears: ===============================<File CONTROL>=============================== |Note:the operating device is flash |<1> Display All File(s) |<2> Set Image File type |<3> Set Bin File type |<4>...
Page 286
On an MPU, you can specify only one main image and one backup image for each type of Comware image. If you assign the same attribute to two images that are the same type, the most recent assignment causes the previously assigned attribute to be removed. For example, the boot image file main.bin has the M attribute and the boot image file update.bin has the B attribute.
Page 287
Enter your choice(0-5): 4 Deleting the file in flash: 'M' = MAIN 'B' = BACKUP 'N/A' = NOT ASSIGNED Display all file(s) in flash: 'M' = MAIN 'B' = BACKUP 'N/A' = NOT ASSIGNED ============================================================================ |NO. Size(B) Time Type Name 4577 Feb/19/2013 13:07:54 N/A flash:/labtop.cfg...
Choose copy dest device : ============================================================================ |NO. Device Name File System Total Size Available Space flash YAFFS2 1048576KB 792990KB Exit ============================================================================ Enter your choice(0-1): Enter the number of the destination storage medium. For example, enter 1 to copy the file to the flash memory.
If password recovery capability is disabled, enter Y at the prompt to complete the task. Because the password recovery capability is disabled, this operation can cause the configuration files to be deleted, and the system will start up with factory defaults. Are you sure to continue?[Y/N]Y Setting...Done.
Page 290
Option Task <2> Restore Full BootWare Recover the BootWare image. <3> Update BootWare By Serial Update the BootWare from the console port. <4> Update BootWare By Ethernet Update the BootWare from the management Ethernet port. <0> Exit To Main Menu Return to the EXTENDED-BOOTWARE menu.
Option Task Modify the baud rate of the console port. <4> Modify Serial Interface Parameter Perform this task before you perform any upgrade task. <0> Exit To Main Menu Return to the BootWare Operation menu. To upgrade the BootWare image through the management Ethernet port, enter 4 in the BootWare Operation menu.
Figure 54 Skipping console login authentication Console login password lost Reboot the switch to access the EXTENDED-BOOTWARE menu Select Skip Authentication for Console Login Reboot the switch to enter user line view No password is required for console Execute the login, whether or not you save the quit command? running configuration.
Table 37 DEVICE CONTROL menu options Option Task <1> Display All Available Nonvolatile Display all storage media on the MPU you are working with. Storage Device(s) Set the current storage medium. All file operations in BootWare <2> Set The Operating Device menus are performed on the current storage medium.
Starts a five-step RAM test. IMPORTANT: Ctrl+T Press Ctrl+T to start five-step full RAM test… This RAM test is intended for memory troubleshooting. HP recommends not performing this test. Starts a nine-step RAM test. IMPORTANT: Ctrl+Y Press Ctrl+Y to start nine-step full RAM test…...
Disabling password recovery capability Password recovery capability controls console user access to the device configuration and SDRAM from BootWare menus. This feature also decides the method for handling console login password loss (see Figure 55). If password recovery capability is enabled, a console user can access the device configuration without authentication to configure new passwords.
Password Password BootWare menu recovery recovery Tasks that can be performed option enabled disabled Skip the configuration file at the next startup. This is a one-time operation. It takes effective only Skip Current System for the first system boot or reboot after you choose Configuration this option.
Page 297
|<4> 57600 |<5> 115200 |<0> Exit ========================================================================== Enter your choice(0-5):1 Select the correct download baud rate. In this example, enter 1 to select 9600 bps. Change the baud rate of your terminal to match the setting on the Serial submenu. Then, close your connection to the device and reestablish the connection to make the terminal's baud rate change take effect.
Figure 56 Selecting the file to transfer Click Open. Figure 57 File transfer progress At the prompt for image attribute, enter m to specify the file as the main (primary) startup image file. Using TFTP to upgrade Comware software through the management Ethernet port In this example, the device acts as the TFTP client.
Page 299
Connect the device to the intended TFTP server through the device's management Ethernet port and obtain the IP address of the intended TFTP server. Connect your terminal to the device's console port. You can use the same PC for the two purposes. On the intended TFTP server, run TFTP server and specify the working path for software upgrade.
Enter your choice(0-5):2 In the Ethernet submenu, enter 2 to download the specified image file to the device. Loading......................................................Done. 227301376 bytes downloaded! Image file 10500-CMW710-BOOT-R7169P01.bin is self-decompressing... Saving file flash:/10500-CMW710-BOOT-R7169P01.bin ..................Done. Image file 10500-CMW710-SYSTEM-R7169P01.bin is self-decompressing... Saving file flash:/10500-CMW710-SYSTEM-R7169P01.bin ......
Using Python Comware V7 provides a built-in Python interpreter that supports the following items: Python 2.7 commands. • Python 2.7 standard API. • Comware V7 extended API. For more information about the Comware V7 extended API, see • "Comware V7 extended Python API." •...
Page 302
comware.Transfer('tftp', '192.168.1.26', 'main.cfg', 'flash:/main.cfg') comware.Transfer('tftp', '192.168.1.26', 'backup.cfg', 'flash:/backup.cfg') comware.CLI('startup saved-configuration flash:/main.cfg main ;startup saved-configuration flash:/backup.cfg backup') # Use TFTP to download the script to the device. <Sysname> tftp 192.168.1.26 get test.py # Execute the script. <Sysname> python flash:/test.py <Sysname>startup saved-configuration flash:/main.cfg main Please wait..
Comware V7 extended Python API The Comware V7 extended Python API is compatible with the Python syntax. Importing and using the Comware V7 extended Python API To use the Comware V7 extended Python API, you must import the API to Python. Use either of the following methods to import and use the Comware V7 extended Python API: Use import comware to import the entire API and use comware.API to execute an API.
Page 304
Parameters command: Specifies the commands to be executed. To enter multiple commands, use a space and a semicolon (;) as the delimiter. To enter a command in a view other than user view, you must first enter the commands used to enter the view. For example, you must enter ’system-view ;local-user test class manage’...
Transfer class Transfer Use Transfer to download a file from a server. Syntax Transfer(protocol=‘’, host=‘’, source=‘’, dest=‘’, vrf=‘’,login_timeout=10, user=‘’, password=‘’) Parameters protocol: Specifies the protocol used to download a file: • ftp—Uses FTP. tftp—Uses TFTP. • http—Uses HTTP. • host: Specifies the IP address of the remote server. source: Specifies the name of the file to be downloaded from the remote server.
Examples # Download file test.cfg from TFTP server 1.1.1.1 and get the error information from the operation. <Sysname> python Python 2.7.3 (default, May 24 2013, 14:37:26) [GCC 4.4.1] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import comware >>>...
Syntax get_standby_slot() Returns A list object in the format of [[- 1 ,slot-number]]. The slot-number indicates the slot number of a standby MPU. If the device does not have a standby MPU, [ ] is returned. (In standalone mode.) A list object in one of the following formats: (In IRF mode.) [ ]—The IRF fabric does not have a global standby MPU.
Sample output {'MaxSlot': 327, 'MinSlot': 0} API get_slot_info get_slot_info Use get_slot_info to get information about a card. Syntax get_slot_info() Returns A dictionary object in the format of {'Slot': slot-number, 'Status': 'status', 'Chassis': chassis-number, 'Role': 'role', 'Cpu': CPU-number }. The slot-number argument indicates the slot number of the card. The status argument indicates the status of the card.
Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 311
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Index extended Python API functions, archiving configuration archive, RBAC AAA authorization, configuration archive parameters, RBAC default user role, configuration archiving (automatic), RBAC local AAA authentication user file, 93, configuration, running configuration (manual), RBAC non-AAA authorization, argument (CLI string/text type), RBAC user role local AAA authentication, ASCII transfer mode, RBAC user role non-AAA authentication, assigning...
Page 313
RBAC temporary user role authorization multiple-line input mode, (RADIUS authentication), shell type, RBAC user role authentication, single-line input mode, RBAC user role local AAA authentication, binary transfer mode, RBAC user role remote AAA authentication, boot loader authorizing software upgrade startup image file specification (in FTP basic server authorization, IRF mode), login management command...
Page 317
RBAC local AAA authentication user device reboot (CLI), configuration, device reboot (scheduled), RBAC permission assignment, disabling sending removal interrupt signals before RBAC RADIUS authentication user switching fabric module removal, configuration, factory-default configuration restore, RBAC resource access policies, memory alarm thresholds, RBAC temporary user role authorization, 25, physical component asset profile, RBAC temporary user role authorization...
Page 318
login management Telnet login private key, authentication, public key, sending removal interrupt signals before entering switching fabric module removal, CLI entered-but-not-submitted command redisplay, disabling sending removal interrupt signals before CLI string/text type argument value, switching fabric module removal, command, displaying system view from user view, command help information, error...
Page 319
file system login management user access control, current working directory change, RBAC, current working directory display, format directory creation, configuration file, 101, directory information display, file name, directory management, file system storage media formatting, directory removal, file archiving, automatic configuration (file server), file compression, basic server parameters configuration, file copy,...
Page 321
ISSU issu series commands (IRF IPE file decompression (install series mode), 146, commands), ISSU method identification, issu series commands, ISSU methods, issu series commands (IRF mode), 146, ISSU performance (issu series commands), maintaining, ISSU procedure determination, methods, ISSU software image verification (install series patch image uninstall (install series commands), commands),...
Page 322
login management CLI AUX common line login settings, device banner login type, login management CLI user line, login management login management CLI user line assignment, CLI AUX common line settings, login management CLI user line CLI configuration, identification, CLI console authentication, login management Telnet VTY common line CLI console password authentication, settings,...
Page 323
ISSU, device CPU usage, login management CLI login, mounting software upgrade image settings, file system storage media, managing moving CLI display command output, file, configuration files, device. See device management ISSU, file system, ISSU (install series commands), file system directories, ISSU (issu series commands), file system files, ISSU availability identification,...
Page 324
device copyright statement display, IPv6 TFTP client configuration, device CPU usage monitoring, ISSU (install series commands), device factory-default configuration restore, ISSU availability identification, device management task scheduling, 222, ISSU command series, device memory alarm thresholds, ISSU device operating status verification, device name configuration, ISSU feature (install series commands), device port status detection timer,...
Page 325
RBAC resource access policies, software upgrade (non-ISSU)(IRF mode), RBAC temporary user role authorization, 25, software upgrade PEX configuration (non-ISSU), RBAC temporary user role authorization Tcl usage, (HWTACACS authentication), TFTP configuration, RBAC temporary user role authorization using Python, (RADIUS authentication), next-startup configuration file, 101, RBAC user role assignment, 18, RBAC user role authentication, login management SNMP device access,...
Page 326
login management Telnet login password RBAC user role assignment, authentication, RBAC user role interface policy, login management Telnet login scheme RBAC user role local AAA authentication, authentication, RBAC user role non-AAA authentication, patch RBAC user role remote AAA authentication, ISSU patch image, RBAC user role VLAN policy, software upgrade Comware patch image, 1 12...
Page 329
rebooting device (scheduled), understanding CLI command-line error message, releasing FTP server connection manually, uninstalling ISSU feature (install series commands), removing directory, uninstalling ISSU patch images (install series removing ISSU inactive software image (install commands), series commands), unmounting file system storage media, renaming file, upgrading ISSU software images (install series repairing file system storage media,...
Page 330
non-AAA authorization, resource permission assignment, RBAC resource access policies, predefined user roles, restoring RADIUS authentication user configuration, device factory-default configuration, resource access policies, 16, file, rule configuration restrictions, main next-startup configuration file, settings display, software upgrade BootWare image (non-ISSU method), temporary user role authorization, restrictions temporary user role authorization (HWTACACS...
Page 331
RBAC feature read rule, login management login control (Telnet, SSH), 66, RBAC feature write rule, login management SNMP access control, 67, RBAC OID rule, login management user access control, RBAC user role rule configuration, RBAC configuration, 15, 19, RBAC XML element rule, RBAC default user role, running configuration RBAC feature group configuration,...
Page 332
device port status detection timer, eIRF system ISSU feature incompatible upgrade (issu series commands), device system operating mode, eIRF system ISSU feature upgrade (install series device system time, commands), file/folder operation mode, eIRF system ISSU performance (issu series login management Telnet packet DSCP commands), value, file naming,...
Page 333
startup image file specification (in IRF next-startup configuration file redundancy, mode), storage media startup image file specification (in standalone CF card partition, mode), CF card partition restrictions, system startup, 1 14 file system management, task list, file system storage media naming rules, specifying formatting, device system time source,...
Page 335
ISSU availability identification, login management CLI user roles, ISSU command series, login management command accounting, 72, ISSU device operating status verification, login management command authorization, 69, ISSU feature (install series commands), login management console port login, ISSU feature compatible upgrade (issu series login management login control (Telnet, commands/IRF mode), 146, 154, 162, SSH), 66,...
Page 336
device CPU usage, device memory alarm thresholds, task scheduling (device management), 222, device temperature threshold alarm, time automatic configuration (HTTP server+Tcl device system time configuration, script), device system time set, configuration view, device system time source set, restrictions, timer use, device port status detection, user view, tool command language.
Page 337
ISSU software images (install series automatic configuration, commands), CLI, software. See software upgrade CLI command history function, CLI command hotkey, disk partitioning, command keyword alias, user device as FTP client, interface, 43, See also user line device as FTP server, interface login management Telnet VTY Extended Python API, 293, common line settings,...