H3C S5500-HI Series Fundamentals Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. S5500-HI Switch Series
  6. Fundamentals configuration manual

H3C S5500-HI Series Fundamentals Configuration Manual

Hide thumbs Also See for S5500-HI Series:
Table of Contents

Advertisement

Quick Links

Download this manual
H3C S5500-HI Switch Series
Fundamentals Configuration Guide
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: Release 52xx
Document version: 6W102-20131220

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the S5500-HI Series and is the answer not in the manual?

Questions and answers

Related Manuals for H3C S5500-HI Series

Summary of Contents for H3C S5500-HI Series

  • Page 1 H3C S5500-HI Switch Series Fundamentals Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 52xx Document version: 6W102-20131220...
  • Page 2 Copyright © 2013, Hangzhou H3C Technologies Co., Ltd. and its licensors All rights reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.
  • Page 3 Preface The H3C S5500-HI documentation set includes 1 1 configuration guides, which describe the software features for the H3C S5500-HI Switch Series and guide you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
  • Page 4 Configuration guide Added and modified features Modified feature: a password configured by the super password command for user privilege level switching can be hashed. Added features: • Setting the DSCP value for outgoing IPv4 or IPv6 HTTP packets. • Setting the DSCP value for IPv4 or IPv6 packets sent by the Telnet client. Login management •...
  • Page 5 Layer 2 forwarding and other Layer 2 features. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. About the H3C S5500-HI documentation set The H3C S5500-HI documentation set includes:...
  • Page 6 Obtaining documentation You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support &...
  • Page 7 – Provides information about products and technologies, as well as solutions. [Technical Support & Documents > Software Download] – Provides the documentation released with the software version. Technical support service@h3c.com http://www.h3c.com Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

  • Page 8: Table Of Contents

    Contents Using the CLI ································································································································································ 1   Logging in to the CLI ························································································································································· 1   Command conventions ····················································································································································· 1   Using the undo form of a command ······························································································································· 2   CLI views ············································································································································································ 2   Entering system view from user view ······················································································································ 3  ...
  • Page 9 Setting the DSCP value for IP to use for outgoing Telnet packets ···································································· 38   Logging in through SSH ················································································································································ 38   Configuring the SSH server on the device ·········································································································· 39   Using the device as an SSH client to log in to the SSH server ········································································· 41  ...
  • Page 10 Terminating the FTP connection ··························································································································· 73   FTP client configuration example ························································································································· 73   Using the device as an FTP server ································································································································ 74   Configuring basic parameters ····························································································································· 75   Configuring authentication and authorization ··································································································· 75   Associating an SSL server policy with the FTP service ······················································································ 76  ...
  • Page 11 Specifying a configuration file for the next startup ····································································································· 98   Backing up the next-startup configuration file to a TFTP server ················································································· 98   Deleting the next-startup configuration file ·················································································································· 99   Restoring the next-startup configuration file from a TFTP server ················································································ 99  ...
  • Page 12 Configuration procedure ···································································································································· 134   Enabling displaying the copyright statement ············································································································ 134   Configuring banners ···················································································································································· 135   Banner message input modes ···························································································································· 135   Configuration procedure ···································································································································· 136   Configuring the exception handling method ············································································································· 136   Rebooting the device ··················································································································································· 136  ...

  • Page 13: Using The Cli

    Using the CLI At the command-line interface (CLI), you can enter text commands to configure, manage, and monitor your device. Figure 1 CLI example Logging in to the CLI You can log in to the CLI in a variety of ways. For example, you can log in through the console port, or by using Telnet or SSH.

  • Page 14: Using The Undo Form Of A Command

    Convention Description A line that starts with a pound (#) sign is comments. Command keywords are case insensitive. The following example analyzes the syntax of the clock datetime time date command according to Table Figure 2 Understanding command-line parameters For example, to set the system time to 10:30:20, February 23, 201 1, enter the following command line at the CLI and press Enter: <Sysname>...

  • Page 15: Entering System View From User View

    Figure 3 CLI view hierarchy Entering system view from user view Task Command Enter system view from user view. system-view Returning to the upper-level view from any view Task Command Return to the upper-level view from any view. quit Executing the quit command in user view terminates your connection to the device. NOTE: In public key code view, use the public-key-code end command to return to the upper-level view (public key view).

  • Page 16: Accessing The Cli Online Help

    Accessing the CLI online help The CLI online help is context sensitive. You can enter a question mark at any point of a command to display all available options. To access the CLI online help, use one of the following methods: •...

  • Page 17: Entering A Command

    Entering a command When you enter a command, you can use some keys or hotkeys to edit the command line, or use abbreviated keywords or keyword aliases. Editing a command line You can use the keys listed in Table 2 or the hotkeys listed in Table 3 to edit a command line.

  • Page 18: Configuring And Using Command Keyword Aliases

    Configuring and using command keyword aliases The command keyword alias function allows you to replace the first keyword of a non-undo command or the second keyword of an undo command with your preferred keyword when you execute the command. For example, if you configure show as the alias for the display keyword, you can enter show to execute a display command.
  • Page 19 Step Command Remarks By default: • Ctrl+G is assigned the display current-configuration command. hotkey { CTRL_G | CTRL_L | • Ctrl+L is assigned the display ip Configure hotkeys. CTRL_O | CTRL_T | CTRL_U } routing-table command. command • Ctrl+O is assigned the undo debugging all command.

  • Page 20: Enabling Redisplaying Entered-But-Not-Submitted Commands

    Hotkey Function Esc+P Moves the cursor up one line. This hotkey is available before you press Enter. Esc+< Moves the cursor to the beginning of the clipboard. Esc+> Moves the cursor to the ending of the clipboard. Enabling redisplaying entered-but-not-submitted commands After you enable redisplaying entered-but-not-submitted commands: If you entered nothing at the command-line prompt before the system outputs system information •...

  • Page 21: Using The Command History Function

    Using the command history function The system can automatically save successfully executed commands to the command history buffer for the current user interface. You can view them and execute them again, or set the maximum number of commands that can be saved in the command history buffer. A command is saved to the command history buffer in the exact format as it was entered.

  • Page 22: Controlling The Cli Output

    Controlling the CLI output This section describes the CLI output control features that help you quickly identify the desired output. Pausing between screens of output If the output being displayed is more than will fit on one screen, the system automatically pauses after displaying a screen.
  • Page 23 Table 6 Special characters supported in a regular expression Character Meaning Remarks Starting sign. Matches a line that For example, regular expression "^user" matches a ^string starts with string. line beginning with "user", not "Auser". Ending sign. Matches a line that For example, regular expression "user$"...
  • Page 24 Character Meaning Remarks For example, [^16A] means to match a string containing any character except 1, 6 or A, and the Matches a single character not matching string can also contain 1, 6 or A, but contained within the brackets. cannot contain only these three characters.

  • Page 25: Configuring User Privilege And Command Levels

    # Use | include Vlan in the display ip routing-table command to filter in route entries that contain Vlan. <Sysname> display ip routing-table | include Vlan Routing Tables: Public Destination/Mask Proto Cost NextHop Interface 192.168.1.0/24 Direct 0 192.168.1.42 Vlan999 Configuring user privilege and command levels To avoid unauthorized access, the device defines the user privilege levels and command levels in Table 7.
  • Page 26 For more information about user login authentication, see "Logging in to the CLI." For more information about AAA and SSH, see Security Configuration Guide. Configuring a user privilege level for users by using the AAA module Step Command Remarks Enter system view. system-view user-interface { first-num1 Enter user interface view.
  • Page 27 [Sysname-luser-test] authorization-attribute level 3 Configuring the user privilege level directly on a user interface To configure the user privilege level directly on a user interface that uses the scheme authentication mode: Step Command Remarks Configure the authentication For more information, see Security Required only for SSH users who type for SSH users as Configuration Guide.
  • Page 28 cluster Run cluster command display Display current system information ping Ping function quit Exit from current command view ssh2 Establish a secure shell client connection super Set the current user priority level telnet Establish one TELNET connection tracert Trace route function # Configure the device to perform no authentication for Telnet users, and to authorize authenticated Telnet users to use level-0 and level- 1 commands.

  • Page 29: Switching The User Privilege Level

    After the user relogs in, the user privilege restores to the original level. To avoid problems, H3C recommends that administrators log in with a lower privilege level to view switch operating parameters, and switch to a higher level temporarily only when they must maintain the device.
  • Page 30 Step Command Remarks Enter system view. system-view Set the authentication mode Optional. super authentication-mode { local for user privilege level By default, local-only | scheme } * switching. authentication is used. In non-FIPS mode: Required for local authentication. super password [ level user-level ] By default, a privilege level has no [ hash ]{ cipher | simple } Configure the password for a...

  • Page 31: Changing The Level Of A Command

    User interface User privilege level Information required for Information required for the authentication switching the first authentication second authentication mode mode authentication mode mode Username and password for scheme the privilege level. Username and password for Local user privilege level scheme local the privilege level.

  • Page 32: Saving The Running Configuration

    Saving the running configuration You can use the save command in any view to save all submitted and executed commands into the configuration file. Commands saved in the configuration file can survive a reboot. The save command does not take effect on one-time commands, including display and reset commands. One-time commands are never saved.

  • Page 33: Login Overview

    Login overview This chapter describes the available CLI login methods and their configuration procedures. Login methods at a glance You can access the device only through the console port at the first login, locally or remotely by using a pair of modems. After you log in to the device, you can configure other login methods, including Telnet and SSH, for remote access.

  • Page 34: User Interfaces

    User interfaces The device uses user interfaces (also called "lines") to control CLI logins and monitor CLI sessions. You can configure access control settings, including authentication, user privilege, and login redirect on user interfaces. After users are logged in, their actions must be compliant with the settings on the user interfaces assigned to them.

  • Page 35: Logging In To The Cli

    Logging in to the CLI By default, the first time you access the CLI you must log in through the console port, locally or remotely by using a pair of modems. At the CLI, you can configure Telnet or SSH for remote access. FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements.
  • Page 36 Figure 5 through Figure 7 show the configuration procedure on Windows XP HyperTerminal. On Windows Server 2003, add the HyperTerminal program first, and then log in to and manage the device as described in this document. On Windows Server 2008, Windows 7, Windows Vista, or some other operating system, obtain a third-party terminal control program first, and then follow the user guide or online help to log in to the device.

  • Page 37: Configuring Console Login Control Settings

    Power on the device and press Enter at the prompt. Figure 8 CLI At the default user view prompt <H3C>, enter commands to configure the device or view the running status of the device. To get help, enter ?. Configuring console login control settings The following authentication modes are available for controlling console logins: None—Requires no authentication.

  • Page 38: Configuring None Authentication For Console Login (Not Supported In Fips Mode)

    Scheme—Uses the AAA module to provide local or remote console login authentication. You must • provide a username and password for accessing the CLI. If the username or password configured on a remote server was lost, contact the server administrator for help. By default, console login does not require authentication.

  • Page 39: Configuring Password Authentication For Console Login (Not Supported In Fips Mode)

    The next time you attempt to log in through the console port, you do not need to provide any username or password. Configuring password authentication for console login (not supported in FIPS mode) Step Command Remarks Enter system view. system-view user-interface aux first-number Enter AUX user interface view.
  • Page 40 Step Command Remarks Whether local, RADIUS, or HWTACACS authentication is adopted depends on the configured AAA scheme. Enable scheme authentication-mode scheme authentication. By default, console log users are not in non-FIPS mode authenticated and scheme authentication is used in FIPS mode. Optional.

  • Page 41: Configuring Common Console Login Settings (Optional)

    Step Command Remarks Optional. Enter ISP domain view: By default, local authentication is domain domain-name used. Apply an AAA scheme to For local authentication, configure the domain: local user accounts. authentication default For RADIUS or HWTACACS Apply an AAA { hwtacacs-scheme authentication, configure the authentication scheme to hwtacacs-scheme-name...
  • Page 42 By default, the terminal display type is ANSI. The device supports two terminal display types: ANSI and VT100. H3C recommends setting the display type to VT100 for both the device and the client. If the device Specify the terminal display.

  • Page 43: Logging In Through Telnet (Not Supported In Fips Mode)

    Step Command Remarks By default, a screen displays 24 Set the maximum number of lines at most. lines to be displayed on a screen-length screen-length A value of 0 disables pausing screen. between screens of output. Set the size of command By default, the buffer saves 10 history-command max-size value history buffer.

  • Page 44: Configuring None Authentication For Telnet Login

    Password—Requires a password for accessing the CLI. If your password was lost, log in to the • device through the console port and change the password. Scheme—Uses the AAA module to provide local or remote authentication. You must provide a •...

  • Page 45: Configuring Password Authentication For Telnet Login

    Step Command Remarks Configure common "Configuring common settings for settings for the VTY Optional. VTY user interfaces (optional)." user interfaces. The next time you attempt to Telnet to the device, you do not need to provide any username or password, as shown in Figure 10.

  • Page 46: Configuring Scheme Authentication For Telnet Login

    Figure 11 Password authentication interface for Telnet login Configuring scheme authentication for Telnet login Follow these guidelines when you configure scheme authentication for Telnet login: To make the command authorization or command accounting function take effect, apply an • HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the authorization server and other authorization parameters.
  • Page 47 Step Command Remarks Optional. By default, command authorization is disabled. The commands available for a user only depend on the user privilege level. Enable command authorization. command authorization If command authorization is enabled, a command is available only if the user has the commensurate user privilege level and is authorized to use the command by the AAA scheme.

  • Page 48: Configuring Common Settings For Vty User Interfaces (Optional)

    Step Command Remarks Create a local user and enter local-user user-name By default, no local user exists. local user view. password [ [ hash ] { cipher | Set a password. By default, no password is set. simple } password ] Specify the command level of Optional.

  • Page 49: Using The Device To Log In To A Telnet Server

    Step Command Remarks Optional. Enable the terminal service. shell By default, terminal service is enabled. Optional. Enable the user interfaces to By default, both Telnet and SSH protocol inbound { all | ssh | support Telnet, SSH, or both of are supported.

  • Page 50: Setting The Dscp Value For Ip To Use For Outgoing Telnet Packets

    To use the device to log in to a Telnet server: Step Command Remarks Enter system view. system-view Optional. By default, no source IPv4 address Specify a source IPv4 address telnet client source { interface or source interface is specified. or source interface for interface-type interface-number | ip The IP address of the outbound...

  • Page 51: Configuring The Ssh Server On The Device

    Figure 14 SSH login diagram Table 15 shows the SSH server and client configuration required for a successful SSH login. Table 15 SSH server and client requirements Device role Requirements Assign an IP address to a Layer 3 interface, and make sure the interface and the client can reach each other.
  • Page 52 Step Command Remarks By default, password authentication is enabled on VTY Enable scheme user interfaces in non-FIPS mode authentication-mode scheme authentication. and scheme authentication is used in FIPS mode. Enable the In non-FIPS protocol inbound { all | ssh | user Optional.

  • Page 53: Using The Device As An Ssh Client To Log In To The Ssh Server

    Step Command Remarks Enter the ISP domain view: Optional. domain domain-name For local authentication, configure Apply the specified AAA local user accounts. scheme to the domain: For RADIUS or HWTACACS authentication default authentication, configure the Apply an AAA authentication { hwtacacs-scheme RADIUS or HWTACACS scheme scheme to the intended hwtacacs-scheme-name...

  • Page 54: Modem Dial-In Through The Console Port

    Task Command Remarks The server argument represents the IPv4 address Log in to an IPv4 SSH server. ssh2 server or host name of the server. The server argument represents the IPv6 address Log in to an IPv6 SSH server. ssh2 ipv6 server or host name of the server.

  • Page 55: Setting Up The Configuration Environment

    Authentication Configuration task Reference mode Enable scheme authentication on the AUX user interface. Configure local or remote authentication settings. To configure local authentication: Configure a local user and specify the password. Configure the device to use local authentication. "Configuring scheme Scheme authentication for To configure remote authentication:...
  • Page 56 Figure 17 Figure 20 shows the configuration procedure in Windows XP HyperTerminal. Figure 17 Creating a connection Figure 18 Configuring the dialing parameters NOTE: On Windows Server 2003, you must add the HyperTerminal program first, and then log in to and manage the device as described in this document.
  • Page 57 Press Enter as prompted. Figure 20 Configuration page At the default user view prompt <H3C>, enter commands to configure the device or view the running status of the device. To get help, enter ?. To disconnect the PC from the device, execute the ATH command in the HyperTerminal. If the command cannot be entered, type AT+ + + and then press Enter.

  • Page 58: Configuring None Authentication For Modem Dial-In (Not Supported In Fips Mode)

    Configuring none authentication for modem dial-in (not supported in FIPS mode) Step Command Remarks Enter system view. system-view Enter one or more AUX user user-interface aux first-number interface views. [ last-number ] By default, modem users can dial Enable the none authentication-mode none in to the device without authentication mode.
  • Page 59 If password aging is enabled, make sure passwords for legal users are within the validity period. • To configure scheme authentication for modem dial-in users: Step Command Remarks Enter system view. system-view Enter AUX user user-interface aux first-number interface view. [ last-number ] Whether local, RADIUS, or HWTACACS authentication is adopted depends on...

  • Page 60: Configuring Common Settings For Modem Dial-In (Optional)

    Step Command Remarks Optional. Enter the ISP domain view: domain domain-name By default, local authentication is used. Apply the specified AAA For local authentication, configure local scheme to the domain: user accounts. authentication default Apply an AAA For RADIUS or HWTACACS { hwtacacs-scheme authentication scheme authentication, configure the RADIUS or...
  • Page 61 By default, the terminal display type is ANSI. The device supports two terminal display types: ANSI and VT100. H3C recommends setting the display type to VT100 for both the device and the client. If the device Specify the terminal display...

  • Page 62: Displaying And Maintaining Cli Login

    Step Command Remarks Set the maximum number of By default, a screen displays 24 lines to be displayed on a lines at most. screen-length screen-length screen. A value of 0 disables the function. Set the size of the command By default, the buffer saves 10 history-command max-size value history buffer.
  • Page 63 Task Command Remarks Send messages to the specified send { all | num1 | { aux | vty } Available in user view. user interfaces. num2 }...

  • Page 64: Logging In To The Web Interface

    Logging in to the Web interface The device provides a built-in Web server for you to configure the device through a Web browser. Web login is by default disabled. To enable Web login, log in via the console port, and perform the following configuration tasks: Enable HTTP or HTTPS service.
  • Page 65 Step Command Remarks • When the device starts up with empty configuration, the software initial settings are used, and HTTP service is enabled. • When the device starts up with the default configuration file, Enable the HTTP service. the software default settings are ip http enable used, and HTTP service is disabled.

  • Page 66: Configuring Https Login

    Step Command Remarks Assign an IP address and ip address ip-address { mask | By default, no IP address is subnet mask to the interface. mask-length } assigned to the interface. NOTE: When the device transitions from FIPS mode to non-FIPS mode, it automatically enables the HTTP service. If you want the HTTP service to be disabled, execute the undo ip http enable command.
  • Page 67 Step Command Remarks Optional. By default, the HTTPS service is not associated with any certificate-based attribute access control policy. Associating the HTTPS service with a certificate-based attribute access control policy enables the device to control the access rights of clients. Associate the HTTPS ip https certificate You must configure the client-verify...

  • Page 68: Displaying And Maintaining Web Login

    For more information about SSL and PKI, see Security Configuration Guide. Displaying and maintaining Web login Task Command Remarks display web users [ | { begin | Display information about Web exclude | include } Available in any view users. regular-expression ] display ip http [ | { begin | exclude Display HTTP state information.

  • Page 69: Https Login Configuration Example

    [Sysname-luser-admin] password simple admin Verify the configuration: # On the PC, run the Web browser. Enter the IP address of the device in the address bar. The Web login page appears, as shown in Figure Figure 22 Web login page # Enter the user name, password, verify code, select English, and click Login.

  • Page 70: Configuration Procedure

    Configuration procedure This example assumes that the CA is named new-ca, runs Windows Server, and is installed with the SCEP add-on. This example also assumes the device, host, and CA can reach one other. Configure the device (HTTPS server): # Configure a PKI entity, configure the common name of the entity as http-server1, and the FQDN of the entity as ssl.security.com.
  • Page 71 # Associate the HTTPS service with SSL server policy myssl. [Device] ip https ssl-server-policy myssl # Associate the HTTPS service with certificate attribute-based access control policy myacp. [Device] ip https certificate access-control-policy myacp # Enable the HTTPS service. [Device] ip https enable # Create a local user named usera, set the password to 123, specify the Web service type, and specify the user privilege level 3.

  • Page 72: Logging In Through Snmp

    Logging in through SNMP You can use an NMS to access the device MIB and perform GET and SET operations to manage and monitor the device. The device supports SNMPv1, SNMPv2c, and SNMPv3, and can work with various network management software products, including IMC. For more information about SNMP, see Network Management and Monitoring Configuration Guide.

  • Page 73: Configuring Snmpv1 Or Snmpv2C Settings

    Step Command Remarks snmp-agent group v3 group-name [ authentication | privacy ] Configure an SNMP [ read-view read-view ] [ write-view By default, no SNMP group is group and specify its write-view ] [ notify-view configured. access right. notify-view ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * snmp-agent usm-user v3 user-name group-name [ [ cipher ]...

  • Page 74: Nms Login Example

    NMS login example Network requirements Configure the device and the NMS so you can remotely manage the device through SNMPv3. Figure 25 Network diagram Configuration procedure Configure the device: # Assign an IP address to the device. Make sure the device and the NMS can reach each other. (Details not shown.) # Enter system view.

  • Page 75: Controlling User Logins

    Controlling user logins To harden device security, use ACLs to prevent unauthorized logins. For more information about ACLs, see ACL and QoS Configuration Guide. Controlling Telnet logins (not supported in FIPS mode) Use a basic ACL (2000 to 2999) to filter Telnet traffic by source IP address. Use an advanced ACL (3000 to 3999) to filter Telnet traffic by source and/or destination IP address.

  • Page 76: Configuring Source Mac-Based Telnet Login Control

    Step Command Remarks rule [ rule-id ] { permit | deny } Configure an ACL rule. rule-string Exit advanced ACL view. quit user-interface [ type ] first-number Enter user interface view. [ last-number ] • inbound: Filters incoming Use the ACL to control user packets.

  • Page 77: Configuring Source Ip-Based Snmp Login Control

    Figure 26 Network diagram Configuration procedure # Configure basic ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit packets sourced from Host A. <Sysname> system-view [Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit...

  • Page 78: Snmp Login Control Configuration Example

    Step Command Remarks • SNMPv1/v2c community: snmp-agent community { read | write } community-name [ mib-view view-name ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * • SNMPv1/v2c group: snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number | acl ipv6 ipv6-acl-number ] *...

  • Page 79: Configuring Web Login Control (Not Supported In Fips Mode)

    Configuration procedure # Create ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit packets sourced from Host A. <Sysname> system-view [Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit # Associate the ACL with the SNMP community and the SNMP group.

  • Page 80: Web Login Control Configuration Example

    Web login control configuration example Network requirements As shown in Figure 28Figure 28, configure the device to allow only Web users from Host B to access. Figure 28 Network diagram Configuration procedure # Create ACL 2000, and configure rule 1 to permit packets sourced from Host B. <Sysname>...

  • Page 81: Configuring Ftp

    Configuring FTP File Transfer Protocol (FTP) is an application layer protocol based on the client/server model. It is used to transfer files from one host to another over a TCP/IP network. FTP server uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959.
  • Page 82 You can use the ftp client source command to specify a source IP address or source interface for the FTP packets sent by the device. If a source interface (typically a loopback interface) is specified, its primary IP address is used as the source IP address for the FTP packets sent by the device. The source interface setting and the source IP address setting overwrite each other.

  • Page 83: Setting The Dscp Value For Ip To Use For Outgoing Ftp Packets

    Setting the DSCP value for IP to use for outgoing FTP packets You can set the DSCP value for IPv4 or IPv6 to use for outgoing FTP packets on an FTP client, so outgoing FTP packets are forwarded based on their priorities on transit devices. To set the DSCP value for IP to use for outgoing FTP packets: Step Command...

  • Page 84: Switching To Another User Account

    Task Command Remarks The ls command displays the name of a Display detailed information directory or file only, while the dir about a directory or file on the dir [ remotefile [ localfile ] ] command displays detailed information FTP server. such as the file size and creation time.

  • Page 85: Terminating The Ftp Connection

    Terminating the FTP connection To terminate an FTP connection, perform one of the following tasks: Task Command Remarks • disconnect Terminate the FTP connection without exiting FTP Use either command in FTP client view. client view. • close • Terminate the FTP connection and return to user Use either command in FTP view.

  • Page 86: Using The Device As An Ftp Server

    # Download the system software image file newest.bin from the PC to the IRF fabric: • Download the file newest.bin from the PC to the Flash root directory of the master device. [ftp] get newest.bin Download the file newest.bin from the PC to the Flash root directory of the subordinate device (with •...

  • Page 87: Configuring Basic Parameters

    Configuring basic parameters The FTP server uses one of the following modes to update a file when you upload the file (using the put command) to the FTP server: Fast mode—The FTP server starts writing data to the Flash after a file is transferred to the memory. •...

  • Page 88: Associating An Ssl Server Policy With The Ftp Service

    To assign an FTP user write access (including upload, delete, and create) to the device, assign level-3 (Manage) user privileges to the user. For read-only access to the file system, any user privilege level is For more information, see Security Configuration Guide. To configure authentication and authorization for the FTP server: Step Command...

  • Page 89: Ftp Server Configuration Example

    FTP server configuration example Network requirements Create a local user account with username abc and password abc and enable FTP server on the IRF fabric in Figure 31. Use the user account to log in to the FTP server from the FTP client, upload the file newest.bin from the FTP client to the FTP server, and download the configuration file config.cfg from the FTP server to the FTP client for backup.

  • Page 90: Displaying And Maintaining Ftp

    Password: 230 User logged in. # Download the configuration file config.cfg from the FTP server to the PC for backup. ftp> get config.cfg back-config.cfg # Upload the file newest.bin to the Flash root directory of the master. ftp> put newest.bin 200 Port command okay.

  • Page 91: Configuring Tftp

    Configuring TFTP Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for connection establishment and data transmission. In contrast to TCP-based FTP, TFTP requires no authentication or complex message exchanges, and is easier to deploy. TFTP supports the following transfer modes: Binary mode—Used to transfer image files, such as .app and .bin .btm files.

  • Page 92: Displaying And Maintaining The Tftp Client

    IMPORTANT: To avoid TFTP connection failures, when you specify a source interface for TFTP packets, make sure the interface has a primary IP address. To configure the TFTP client: Step Command Remarks Enter system view. system-view Optional. Use an ACL to control the tftp-server [ ipv6 ] acl acl-number By default, no ACL is used for client's access to TFTP servers.

  • Page 93: Tftp Client Configuration Example

    TFTP client configuration example Network requirements Configure the PC in Figure 33 as a TFTP server, and use TFTP to download the system software image file newest.bin from the TFTP server to the client and upload the configuration file config.cfg from the TFTP client to the server for backup.
  • Page 94 IMPORTANT: The system software image file used for the next startup must be saved in the Flash root directory. You can copy or move a file to the Flash root directory. # Reboot the IRF fabric and the software is upgraded. <Sysname>...

  • Page 95: Managing The File System

    Managing the file system This chapter describes how to manage the device's file system, including the storage media, directories and files. File name formats When you specify a file, enter the file name in one of the formats shown in Table 18 Table 18 File name formats Format...

  • Page 96: Displaying File Information

    CAUTION: To avoid file system corruption, do not plug or unplug storage media or perform active/standby switchover while the system is processing a file operation. You can display directory or file information; display file contents; rename, copy, move, remove, restore, and delete files.

  • Page 97: Deleting/Restoring A File

    Deleting/restoring a file You can delete a file permanently or just move it to the recycle bin. A file moved to the recycle bin can be restored, but a file permanently deleted cannot. A file in the recycle bin occupies storage space. To release the occupied space, execute the reset recycle-bin command in the directory that holds the file.

  • Page 98: Displaying The Current Working Directory

    Displaying the current working directory Perform this task in user view. Task Command Display the current working directory. Changing the current working directory Perform this task in user view. Task Command Change the current working directory. cd { directory | .. | / } Creating a directory Perform this task in user view.

  • Page 99: Displaying And Maintaining The Nand Flash Memory

    CAUTION: After a storage medium is formatted, all files on it are erased and cannot be restored. If a startup configuration file exists on the storage medium, formatting the storage medium results in loss of the startup configuration file. To manage the space of a storage medium, perform the following tasks in user view: Task Command Remarks...

  • Page 100: Setting The File System Operation Mode

    every command in the batch file. If a command has error settings or the conditions for executing the command are not satisfied, the system skips this command. You can edit a batch file with any extension on your PC, and then upload or download it to the device to execute it.
  • Page 101 <Sysname> dir Directory of flash:/test/ drw- Apr 01 2011 18:28:14 mytest 515712 KB total (2519 KB free) # Return to the upper directory. <Sysname> cd .. # Display the current working directory. <Sysname> pwd flash:...

  • Page 102: Managing Configuration Files

    Managing configuration files You can use the CLI or the Boot menu to manage configuration files. This chapter explains how to manage configuration files from the CLI. Overview A configuration file saves a set of commands for configuring software features on the device. You can save any configuration to a configuration file so they can survive a reboot.

  • Page 103: Configuration File Format And Content

    The configuration file ends with the word return. You can execute the save command to save the running configuration to a configuration file. To make sure the configuration file can be loaded, H3C recommends that you not edit the content and format of the configuration file.

  • Page 104: Startup Configuration Loading Process

    Startup configuration loading process Figure 34 Configuration loading process during startup Start Boot ROM runs Enter Boot menu? Startup configuration file specified? Main configuration file available? Backup configuration file available? Select “Skip Load default Load backup Load main Current System configuration file configuration file configuration file...

  • Page 105: Fips Compliance

    [ safely ] [ backup | main ] [ force ] command or the save file-url all command. If this function is disabled, only the master saves the configuration. To ensure configuration consistency, H3C recommends enabling the function. To enable configuration auto-update: Step...

  • Page 106: Using Automatic Configuration Backup After A Software Upgrade

    process, the next-startup configuration file is lost. You must re-specify a new startup configuration file after the device reboots (see "Specifying a configuration file for the next startup"). Safe mode—Use the save command with the safely keyword. Safe mode is slower than fast mode, •...

  • Page 107: Configuring Configuration Rollback

    The backup file is named in the _old-filename_bak.cfg format. For example, if the old configuration file is named config.cfg, the backup file is named _config_bak.cfg. The overwrite and backup operations are performed on each member device, regardless of whether configuration auto-update is enabled. If the backup attempt fails on an IRF member device, choose one of the following failure handling actions at prompt: •...

  • Page 108: Configuring Configuration Archive Parameters

    Configuring configuration archive parameters Before archiving the running configuration, either manually or automatically, you must configure a file directory and file name prefix for configuration archives. Configuration archives are saved with the file name format prefix_serial number.cfg, for example, 20080620archive_1.cfg and 20080620archive_2.cfg. The serial number is automatically assigned from 1 to 1000, increasing by 1.

  • Page 109: Enabling Automatic Configuration Archiving

    Enabling automatic configuration archiving To avoid decreasing system performance, follow these guidelines when you configure automatic configuration archiving: If the device configuration does not change frequently, manually archive the running configuration • as needed. • If a low-speed storage medium (such as a flash) is used, archive the running configuration manually, or configure automatic archiving with an interval longer than 1440 minutes (24 hours).

  • Page 110: Specifying A Configuration File For The Next Startup

    Step Command Enter system view. system-view Perform configuration rollback. configuration replace file filename The configuration rollback function might fail to reconfigure some commands in the running configuration for one of the following reasons: A command cannot be undone, because prefixing the undo keyword to the command does not •...

  • Page 111: Deleting The Next-Startup Configuration File

    Step Command Remarks Optional. Verify that a next-startup If no next-startup configuration file configuration file has been display startup has been specified, the backup specified in user view. operation will fail. Back up the next-startup backup startup-configuration to This command is not supported in configuration file to a TFTP dest-addr [dest-filename ] FIPS mode.

  • Page 112: Displaying And Maintaining A Configuration File

    Step Command Remarks Restore the main next-startup restore startup-configuration This command is not supported in configuration file from a TFTP from src-addr src-filename FIPS mode. server in user view. Verify that the specified configuration file has been set display startup Optional.

  • Page 113: Upgrading Software

    Upgrading software Upgrading software includes upgrading the Boot ROM and system software. Each time the switch is powered on, it runs the Boot ROM image to initialize hardware and display hardware information, and then runs the system software image (called the "boot file" in software code) so you can access the software features, as shown in Figure Figure 35 Relationship between the Boot ROM image and the system software image...

  • Page 114: Upgrading Boot Rom Without Performing Issu

    Upgrading method Software types Remarks Hotfixes repair software defects without requiring a reboot or service interruption. Installing hotfixes System software images Hotfixes do not add new features to system software images. The ISSU method enables a software upgrade without service disruption. Use this method for an IRF fabric or Performing ISSU Comware images...

  • Page 115: Upgrading System Software Without Performing Issu (Method 1)

    Step Command Remarks In FIPS mode, the file must pass Upgrade Boot ROM on bootrom update file file-url slot authenticity verification before it member switches. slot-number-list can be set as the Boot ROM image file. Reboot the member switches. reboot Upgrading system software without performing ISSU (method 1) Step...

  • Page 116: Upgrading Software By Installing Hotfixes

    Step Command Remarks Use FTP or TFTP to transfer the The image file must be saved in the system software image to the "Configuring FTP " or root directory for a successful root directory of the master "Configuring TFTP." upgrade. switch's storage medium.

  • Page 117: Patch States

    Patch states A patch is in IDLE, DEACTIVE, ACTIVE, or RUNNING state, depending on the patch manipulation command. Patch manipulation commands include patch load (load), patch active (run temporarily), patch run (confirm running), patch deactive (stop running), patch delete (delete), patch install (install), and undo patch install (uninstall).
  • Page 118 Figure 37 Patches that are not loaded to the patch memory area DEACTIVE state Patches in DEACTIVE state have been loaded to the patch memory area but have not yet run in the system. Suppose that the patch file you are loading has seven patches. After the seven patches successfully pass the version check and CRC check, they are loaded to the patch memory area and are in DEACTIVE state.

  • Page 119: Hotfix Configuration Task List

    Figure 39 Patches are activated RUNNING state After you confirm ACTIVE patches, their states change to RUNNING and persist after a reboot. In contrast to ACTIVE patches, RUNNING patches continue to take effect after a reboot. For example, if you confirm the first three patches in Figure 39, their state changes from ACTIVE to RUNNING, and the...

  • Page 120: Installing And Running A Patch In One Step

    If you execute the patch install file patch-package command, the directory specified with the patch location command does not change. To uninstall all ACTIVE and RUNNING patches in one step, use the undo patch install command. H3C recommends this command for uninstalling patches in an IRF fabric. For information about the step-by-step patch uninstall method, see "Uninstalling a patch step by...

  • Page 121: Installing A Patch Step By Step

    Configuring the patch file location For reliable patch loading, H3C recommends saving patch files to the root directory of the flash. To use a storage medium other than flash, you must specify the directory for saving patch files on the storage medium.

  • Page 122: Uninstalling A Patch Step By Step

    To load a patch file: Step Command Enter system view. system-view Load the patch file on from the storage medium to patch load slot slot-number [ file patch-package ] the patch memory area. Activating patches Activating a patch changes its state to ACTIVE. An ACTIVE patch runs in memory until a reboot occurs. To have a patch continue to run after a reboot, you must change its state to RUNNING.

  • Page 123: Displaying And Maintaining Software Upgrade

    In an IRF fabric, H3C recommends that you uninstall all patches by using the undo patch install command. To remove patches from the patch memory area: Step Command Enter system view. system-view Remove patches from the patch memory area. patch delete [ patch-number ] slot slot-number...
  • Page 124 Configuration procedure Configure the TFTP server (the configuration varies with server vendors): # Obtain the system software image and configuration file, and save these files under the TFTP server's working path. (Details not shown.) Configure the members of the IRF fabric: # Download new-config.cfg from the TFTP server to the master.

  • Page 125: Hotfix Configuration Example

    Hotfix configuration example Network requirements As shown in Figure 42, download the patch package file s5500hi-cmw520-r5206p02h01.hpk to fix software bugs of the member switches in the IRF fabric. Figure 42 Network diagram Master Subordinate (Member_ID=1) (Member_ID=2) 2.2.2.2/24 Internet TFTP server 1.1.1.1/24 Note: The orange line represents the IRF link.

  • Page 126: Performing Issu

    Performing ISSU This chapter describes how to use the In-Service Software Upgrade (ISSU) feature to upgrade software. Overview ISSU enables software upgrade and ensures continuous packet forwarding. As shown in Figure 43, to ensure high availability for user networks, cross-device link aggregation is configured on the IRF member switches at the distribution layer so every three physical links with the same color between the IRF member switches and access switches are aggregated as one logical link.

  • Page 127: Issu States

    Figure 44 ISSU flow chart IMPORTANT: Do not modify the current configuration, plug or unplug cables connected to IRF ports, or delete or • modify the system software image during ISSU. Otherwise, the upgrade might fail. • To upgrade system software of IRF member switches through ISSU, make sure the member switches form a ring topology.

  • Page 128: System Software Version Rollback

    System software version rollback The H3C S5500-HI switch series supports version rollback during ISSU. When ISSU fails to proceed on an IRF member switch (for example, the new system software image file is broken), you can use this feature to revert system software to the previous version.

  • Page 129: Issu Upgrade Prerequisites

    Task Remarks Downloading the new system software image to the Flash Required. of all the IRF member switches ISSU upgrade prerequisites Required. Displaying version compatibility Required. Performing an ISSU for a compatible version Required. Use either approach. Performing an ISSU for an incompatible version Setting the ISSU version rollback timer Optional.

  • Page 130: Performing An Issu For A Compatible Version

    Unknown—The current and new system software images have big differences, or the current system • software image does not support ISSU. You cannot upgrade system software through ISSU. To display version compatibility: Step Command Enters system view. system-view Check whether the new system software image is compatible with the current system software display version comp-matrix file upgrading-filename image.

  • Page 131: Performing An Issu For An Incompatible Version

    Step Command Remarks Optional. By default, the rollback timer is 45 minutes. If you do not execute the issu accept command on the specified subordinate switch or you do not execute the issu commit command on any other member switch before the rollback timer expires, the system automatically stops the ISSU process and reverts to the previous software issu accept slot...

  • Page 132: Setting The Issu Version Rollback Timer

    Step Command Remarks The slot-number argument provided in this command must be the same as that specified in the Upgrade all the IRF issu load command. member switches issu run switchover slot When this command is executed, all the IRF that have not been slot-number member switches except the specified subordinate...
  • Page 133 Task Command Remarks Display version compatibility display version comp-matrix [ file Available in any view information. upgrading-filename ]...

  • Page 134: Issu Upgrade Example

    ISSU upgrade example Network status As shown in Figure 45, access layer switches Switch A, Switch B, and Switch C connect to user networks. Distribution layer switches Switch D, Switch E, and Switch form an IRF fabric. The member ID of the master is 1, and those of the subordinate switches are 2 and 3.

  • Page 135: Upgrade Procedure

    Figure 45 Network diagram Core Aggregation Group 1 SwitchE Aggregation Group 2 4: GE2/0/1 Aggregation Group 3 5: GE2/0/2 6: GE2/0/3 SwitchD SwitchF 1: GE1/0/1 7: GE3/0/1 2: GE1/0/2 8: GE3/0/2 3: GE1/0/3 9: GE3/0/3 1: GE1/0/1 1: GE1/0/1 1: GE1/0/1 2: GE1/0/2 2: GE1/0/2 2: GE1/0/2...
  • Page 136 [IRF] interface GigabitEthernet 2/0/1 [IRF-GigabitEthernet2/0/1] port link-aggregation group 1 [IRF-GigabitEthernet2/0/1] quit [IRF] interface GigabitEthernet 3/0/1 [IRF-GigabitEthernet3/0/1] port link-aggregation group 1 [IRF-GigabitEthernet3/0/1] quit # Add ports GigabitEthernet 1/0/2, GigabitEthernet 2/0/2, and GigabitEthernet 3/0/2 that connect to Switch B to aggregation group 2. [IRF] interface GigabitEthernet 1/0/2 [IRF-GigabitEthernet1/0/2] port link-aggregation group 2 [IRF-GigabitEthernet1/0/2] quit...

  • Page 137: Configuring The Tftp Server

    <SwitchB> system-view [SwitchB] interface bridge-aggregation 2 [SwitchB-Bridge-Aggregation2] link-aggregation mode dynamic [SwitchB-Bridge-Aggregation2] quit #Add ports GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 that connect to IRF member switches to aggregation group 2 (corresponding to aggregate interface 2). [SwitchB] interface GigabitEthernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] port link-aggregation group 2 [SwitchB-GigabitEthernet1/0/1] quit [SwitchB] interface GigabitEthernet 1/0/2...

  • Page 138: Checking All Irf Member Switches Before The Issu Upgrade

    <IRF> copy soft-version2.bin slot2#flash:/ <IRF> copy soft-version2.bin slot3#flash:/ Checking all IRF member switches before the ISSU upgrade Check the running status of all IRF member switches. If the running state of a member switch is abnormal, the ISSU upgrade cannot be performed. <IRF>...
  • Page 139 Mac persistent : 6 min Domain ID The output shows the following information: The member ID and priority of the master are 1 and 10 respectively. The member ID and priority of one subordinate switch are 2 and 9 respectively. The member ID and priority of the other subordinate switch are 3 and 1 respectively.

  • Page 140: Viewing The Version Compatibility

    <IRF> dir slot3#flash:/ Directory of slot3#flash:/ -rw- 6085 May 29 2010 11:38:45 config.cfg -rw- 10518 Apr 26 2011 12:45:05 logfile.log -rw- 19057904 Apr 26 2011 14:24:11 soft-version1.bin -rw- 19077744 Apr 26 2011 14:13:46 soft-version2.bin drw- Apr 26 2011 12:00:33 seclog -rw- Apr 26 2011 12:19:52 system.xml...

  • Page 141: Performing Compatible Issu Upgrade

    Running Version: version1 Version Compatibility List: version2 (Incompatible) The output shows that the two versions are incompatible. You must use the incompatible ISSU method. For more information, see "Performing incompatible ISSU upgrade." Performing compatible ISSU upgrade # Upgrade the specified subordinate switch (the new master after the upgrade), which is subordinate switch 2 in this example.

  • Page 142: Performing Incompatible Issu Upgrade

    # Verify whether the current system software images on the IRF member switches are soft-version2.bin. [IRF] display boot-loader Slot 1 The current boot app is: flash:/soft-version2.bin The main boot app is: flash:/soft-version2.bin The backup boot app is: flash:/ Slot 2 The current boot app is: flash:/soft-version2.bin The main boot app is:...

  • Page 143: Managing The Device

    Configure the device name. sysname sysname The default device name is H3C. Changing the system time You must synchronize your device with a trusted time source by using NTP or changing the system time before you run it on the network. Network management depends on an accurate system time setting, because the timestamps of system messages and logs use the system time.
  • Page 144 Command Effective system time Configuration example System time clock timezone 03:00:00 zone-time Sat zone-time add 1 2, 1 date-time 03/03/2007. clock datetime 3:00 2007/3/3 The original system time outside the daylight saving time range: clock summer-time ss 01:00:00 UTC Sat one-off 1:00 The system time does not 01/01/2005.
  • Page 145 Command Effective system time Configuration example System time clock summer-time ss date-time – summer-offset one-off 1:00 outside the daylight 23:30:00 UTC Sun 2007/1/1 1:00 saving time range: 2007/8/8 2 12/31/2006. 3, 1 clock datetime 1:30 date-time – summer-offset 2007/1/1 (date-time in the daylight saving time clock summer-time ss date-time –...

  • Page 146: Configuration Procedure

    You can disable or enable the function as needed. The following is a sample copyright statement: ****************************************************************************** * Copyright (c) 2004-2013 Hangzhou H3C Tech. Co., Ltd. All rights reserved. * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.

  • Page 147: Configuring Banners

    Step Command Remarks Enter system view. system-view Enable displaying the copyright-info enable Enabled by default. copyright statement. Configuring banners Banners are messages that the system displays during user login. The system supports the following banners: Legal banner—Appears after the copyright or license statement. To continue login, the user must •...

  • Page 148: Configuration Procedure

    Have a nice day. Please input the password.A Method 3—After you type the last keyword, type the start delimiter and part of the banner message and press Enter. At the system prompt, enter the rest of the banner and end the last line with a delimiter that is the same as the start delimiter.

  • Page 149: Rebooting Devices Immediately At The Cli

    CAUTION: A reboot can interrupt network services. • To avoid data loss, use the save command to save the current configuration before a reboot. • Use the display startup and display boot-loader commands to verify that you have correctly set the •...

  • Page 150: Scheduling Jobs

    Scheduling jobs You can schedule a job to automatically run a command or a set of commands without administrative interference. The commands in a job are polled every minute. When the scheduled time for a command is reached, the job automatically executes the command. If a confirmation is required while the command is running, the system automatically inputs Y or Yes.

  • Page 151: Scheduling A Job In The Non-Modular Approach

    In the modular approach: • Every job can have only one view and up to 10 commands. If you specify multiple views, the one specified the last takes effect. Input a view name in its complete form. Most commonly used view names include monitor for user view, system for system view, GigabitEthernet x/x/x, and Ten-GigabitEthernet x/x/x for Ethernet interface view, and Vlan-interfacex for VLAN interface view.

  • Page 152: Configuring The Power-Saving Function

    Step Command Remarks • Configure a command to run at a specific time and date: time time-id at time date command command • Configure a command to run at a Use any of the commands. specific time: NOTE: time time-id { one-off | repeating } Add commands to the job.

  • Page 153: Configuring The Port Status Detection Timer

    Automatic switching—When the device is in sleeping status, if data is being exchanged through • the console port or you press the Mode button, the device automatically switches to the wake-up status, so that you can check the LED statuses. When the device is in wake-up status, if no data is being exchanged on the console port for a period of time (defined by the save-power delay-timer command) and you do not press the Mode button, the device automatically switches to the sleeping status.

  • Page 154: Clearing Unused 16-Bit Interface Indexes

    When the device temperature reaches the shutdown threshold, the device logs the event, outputs a • log message and a trap, and automatically shuts down. To configure temperature thresholds for an IRF member device: Step Command Remarks Enter system view. system-view For the default temperature thresholds, Table...

  • Page 155: Disabling Password Recovery Capacity

    To clear unused 16-bit interface indexes, perform the following task in user view: Task Command Remarks Clear unused 16-bit interface In an IRF fabric, the command reset unused porttag indexes. applies to all member switches. Disabling password recovery capacity Password recovery capability controls console user access to the device configuration and SDRAM from BootROM menus.

  • Page 156: Diagnosing Transceiver Modules

    Disabling alarm traps for transceiver modules If you install a transceiver module that has no vendor name or a vendor name other than H3C, the system repeatedly outputs traps and logs to notify the user to replace the module. To continue to use such a transceiver module that is manufactured or customized by H3C but has no vendor information, you can disable alarm traps so the system stops outputting alarm traps.
  • Page 157 Task Command Remarks Display system version display version [ | { begin | exclude | Available in any view information. include } regular-expression ] display clock [ | { begin | exclude | Display the system time and date. Available in any view include } regular-expression ] display diagnostic-information [ | Display or save operating statistics...

  • Page 158: Automatic Configuration

    Task Command Remarks Display the configuration of the job display schedule job [ | { begin | configured by using the schedule Available in any view exclude | include } regular-expression ] job command. display schedule reboot [ | { begin | Display the device reboot setting.

  • Page 159: How Automatic Configuration Works

    TFTP server—Saves files needed in automatic configuration. The device gets the files needed from • the TFTP server, such as the host name file that saves mappings between host IP addresses and host names, and the configuration file. DNS server—Resolves between IP addresses and host names. In some cases, the device resolves its •...

  • Page 160: Using Dhcp To Obtain An Ip Address And Other Configuration Information

    Figure 47 Automatic configuration work flow Using DHCP to obtain an IP address and other configuration information Address acquisition process As previously mentioned, a device sets the first up interface as the DHCP client during startup. The DHCP client broadcasts a DHCP request, where the Option 55 field specifies the information that the client wants to obtain from the DHCP server such as the configuration file name, domain name and IP address of the TFTP server, and DNS server IP address.

  • Page 161: Obtaining The Configuration File From The Tftp Server

    For more information about DHCP, see Layer 3—IP Services Configuration Guide. For more information about the ip host command, see Layer 3—IP Services Command Reference. Principles for selecting an address pool on the DHCP server The DHCP server selects IP addresses and other network configuration parameters from an address pool for clients.
  • Page 162 Obtaining the configuration file Figure 48 Obtaining the configuration file A device obtains its configuration file by using the following workflow: • If the DHCP response contains the configuration file name, the device requests the specified configuration file from the TFTP server. If not, the device tries to get its host name from the host name file obtained from the TFTP server.

  • Page 163: Executing The Configuration File

    If the IP address and the domain name of the TFTP server are not contained in the DHCP response • or they are illegitimate, the device broadcasts a TFTP request. After broadcasting a TFTP request, the device selects the TFTP server that responds first to obtain the configuration file.

  • Page 164: Index

    Index A B C D E F H L M N O P R S T U V Displaying and maintaining Web login,56 Accessing the CLI online help,4 Enabling displaying the copyright statement,134 Entering a command,5 Backing up the next-startup configuration file to a TFTP server,98 File name formats,83...
  • Page 165 Overview,90 TFTP client configuration example,81 Typical application scenario,146 Performing an ISSU,1 16 Performing batch operations,87 Understanding command-line error messages,8 Prerequisites,79 Upgrade procedure,123 Upgrading Boot ROM without performing ISSU,102 Upgrading software by installing hotfixes,104 Rebooting the device,136 Upgrading system software without performing ISSU Restoring the next-startup configuration file from a TFTP (method 1),103...

Table of Contents