HP 6125G Configuration Manual

Hp 6125g & 6125g/xg blade switches fundamentals configuration guide-r2103.
Hide thumbs

Advertisement

HP 6125 Blade Switch Series
Fundamentals
Part number: 5998-3153
Software version: Release 2103
Document version: 6W100-20120907

Advertisement

   Related Manuals for HP 6125G

   Summary of Contents for HP 6125G

  • Page 1: Configuration Guide

    HP 6125 Blade Switch Series Fundamentals Configuration Guide Part number: 5998-3153 Software version: Release 2103 Document version: 6W100-20120907...

  • Page 2

    HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.

  • Page 3: Table Of Contents

    Contents Using the CLI ································································································································································ 1   Logging in to the CLI ························································································································································· 1   Command conventions ····················································································································································· 1   Using the undo form of a command ······························································································································· 2   CLI views ············································································································································································ 2   Entering system view from user view ······················································································································ 3  ...

  • Page 4: Table Of Contents

    Logging in through SSH ················································································································································ 40   Configuring the SSH server on the device ·········································································································· 40   Using the device as an SSH client to log in to the SSH server ········································································· 43   Modem dial-in through the console port ······················································································································ 43  ...

  • Page 5: Table Of Contents

    Configuring basic parameters ····························································································································· 76   Configuring authentication and authorization ··································································································· 77   FTP server configuration example ························································································································ 78   Displaying and maintaining FTP ··································································································································· 80   Configuring TFTP ························································································································································ 81   Prerequisites ···································································································································································· 81   Using the device as a TFTP client ································································································································· 81  ...

  • Page 6: Table Of Contents

    Upgrading software ················································································································································ 100   Software upgrade methods ········································································································································· 100   Upgrading BootWare ·················································································································································· 101   Upgrading the entire system software ······················································································································· 101   Installing patches ·························································································································································· 102   Displaying and maintaining software upgrade ········································································································ 103   Software upgrade examples ······································································································································· 103  ...

  • Page 7: Using The Cli, Logging In To The Cli, Command Conventions

    Using the CLI At the command-line interface (CLI), you can enter text commands to configure, manage, and monitor your device. Figure 1 CLI example Logging in to the CLI You can log in to the CLI in a variety of ways. For example, you can log in through the console port, or by using Telnet or SSH.

  • Page 8: Using The Undo Form Of A Command, Cli Views

    Convention Description The argument or keyword and argument combination before the ampersand (&) sign can &<1-n> be entered 1 to n times. A line that starts with a pound (#) sign is comments. Command keywords are case insensitive. The following example analyzes the syntax of the clock datetime time date command according to Table Figure 2 Understanding command-line parameters For example, to set the system time to 10:30:20, February 23, 201 1, enter the following command line...

  • Page 9: Entering System View From User View, Returning To The Upper-level View From Any View

    view to configure login user attributes, or create a local user and enter local user view to configure attributes for the local user. To display all commands available in a view, enter a question mark (?) at the view prompt. Figure 3 CLI view hierarchy Entering system view from user view Task...

  • Page 10: Accessing The Cli Online Help

    Task Command Return to user view. return Accessing the CLI online help The CLI online help is context sensitive. You can enter a question mark at any point of a command to display all available options. To access the CLI online help, use one of the following methods: Enter a question mark at a view prompt to display the first keywords of all commands available in •...

  • Page 11: Entering A Command, Editing A Command Line, Entering A String Type Value For An Argument

    ftp-server ftp-user Entering a command When you enter a command, you can use some keys or hotkeys to edit the command line, or use abbreviated keywords or keyword aliases. Editing a command line You can use the keys listed in Table 2 or the hotkeys listed in Table 3...

  • Page 12: Configuring And Using Command Keyword Aliases, Configuring And Using Hotkeys

    saved-configuration and system-view. To enter system view, you only need to enter sy. To set the configuration file to be used at the next startup, you can enter st s. You can also press Tab to have an incomplete keyword automatically completed. Configuring and using command keyword aliases The command keyword alias function allows you to replace the first keyword of a non-undo command or the second keyword of an undo command with your preferred keyword when you execute the command.

  • Page 13

    Step Command Remarks By default: • Ctrl+G is assigned the display current-configuration command. hotkey { CTRL_G | CTRL_L | • Ctrl+L is assigned the display ip Configure hotkeys. CTRL_O | CTRL_T | CTRL_U } routing-table command. command • Ctrl+O is assigned the undo debugging all command.

  • Page 14: Enabling Redisplaying Entered-but-not-submitted Commands, Understanding Command-line Error Messages

    Hotkey Function Esc+P Moves the cursor up one line. This hotkey is available before you press Enter. Esc+< Moves the cursor to the beginning of the clipboard. Esc+> Moves the cursor to the ending of the clipboard. Enabling redisplaying entered-but-not-submitted commands After you enable redisplaying entered-but-not-submitted commands: If you entered nothing at the command-line prompt before the system outputs system information •...

  • Page 15: Using The Command History Function, Viewing History Commands

    Using the command history function The system can automatically save successfully executed commands to the command history buffer for the current user interface. You can view them and execute them again, or set the maximum number of commands that can be saved in the command history buffer. A command is saved to the command history buffer in the exact format as it was entered.

  • Page 16: Controlling The Cli Output, Pausing Between Screens Of Output

    Controlling the CLI output This section describes the CLI output control features that help you quickly identify the desired output. Pausing between screens of output If the output being displayed is more than will fit on one screen, the system automatically pauses after displaying a screen.

  • Page 17

    Table 6 Special characters supported in a regular expression Character Meaning Remarks Starting sign. Matches a line that For example, regular expression "^user" matches a ^string starts with string. line beginning with "user", not "Auser". Ending sign. Matches a line that For example, regular expression "user$"...

  • Page 18

    Character Meaning Remarks For example, [^16A] means to match a string containing any character except 1, 6 or A, and the Matches a single character not matching string can also contain 1, 6 or A, but contained within the brackets. cannot contain only these three characters.

  • Page 19: Configuring User Privilege And Command Levels, Configuring A User Privilege Level

    # Use | include Vlan in the display ip routing-table command to filter in route entries that contain Vlan. <Sysname> display ip routing-table | include Vlan Routing Tables: Public Destination/Mask Proto Cost NextHop Interface 192.168.1.0/24 Direct 0 192.168.1.42 Vlan999 Configuring user privilege and command levels To avoid unauthorized access, the device defines the user privilege levels and command levels in Table 7.

  • Page 20

    For more information about user login authentication, see "Logging in to the CLI." For more information about AAA and SSH, see Security Configuration Guide. Configuring a user privilege level for users by using the AAA module Step Command Remarks Enter system view. system-view user-interface { first-num1 Enter user interface view.

  • Page 21

    [Sysname-luser-test] authorization-attribute level 3 Configuring the user privilege level directly on a user interface To configure the user privilege level directly on a user interface that uses the scheme authentication mode: Step Command Remarks Configure the authentication For more information, see Security Required only for SSH users who type for SSH users as Configuration Guide.

  • Page 22

    ping Ping function quit Exit from current command view Establish one RSH connection ssh2 Establish a secure shell client connection super Set the current user priority level telnet Establish one TELNET connection tftp Open TFTP connection tracert Trace route function # Configure the device to perform no authentication for Telnet users, and to authorize authenticated Telnet users to use level-0 and level- 1 commands.

  • Page 23: Switching The User Privilege Level

    Switching the user privilege level Users can switch to a different user privilege level without logging out and terminating the current connection. After the privilege level switching, users can continue to manage the device without relogging in, but the commands they can execute have changed. For example, with the user privilege level 3, a user can configure system parameters.

  • Page 24

    Step Command Remarks Enter system view. system-view Set the authentication mode Optional. super authentication-mode { local for user privilege level By default, local-only | scheme } * switching. authentication is used. Required for local authentication. By default, a privilege level has no Configure the password for a super password [ level user-level ] password.

  • Page 25: Changing The Level Of A Command, Saving The Running Configuration

    User interface User privilege level Information required for Information required for the authentication switching the first authentication second authentication mode mode authentication mode mode Password configured on the device with the super local password command for the privilege level. Password for privilege level Password configured on the switching that is configured on device with the super...

  • Page 26: Displaying And Maintaining Cli

    Displaying and maintaining CLI Task Command Remarks Display the command keyword display command-alias [ | { begin | Available in any view alias configuration. exclude | include } regular-expression ] display clipboard [ | { begin | exclude | Display data in the clipboard. Available in any view include } regular-expression ]...

  • Page 27: Login Overview, Login Methods At A Glance

    Login overview This chapter describes the available CLI login methods and their configuration procedures. Login methods at a glance You can access the device only through the console port at the first login, locally or remotely by using a pair of modems. After you log in to the device, you can configure other login methods, including Telnet and SSH, for remote access.

  • Page 28: User Interfaces, User Interface Assignment, User Interface Identification

    User interfaces The device uses user interfaces (also called "lines") to control CLI logins and monitor CLI sessions. You can configure access control settings, including authentication, user privilege, and login redirect on user interfaces. After users are logged in, their actions must be compliant with the settings on the user interfaces assigned to them.

  • Page 29: Logging In To The Cli, Logging In Through The Console Port For The First Time

    Logging in to the CLI By default, the first time you access the CLI you must log in through the console port, locally or remotely by using a pair of modems. At the CLI, you can configure Telnet or SSH for remote access. Logging in through the console port for the first time To log in through the console port, make sure the console terminal has a terminal emulation program (for example, HyperTerminal in Windows XP).

  • Page 30

    Figure 5 Connection description Figure 6 Specifying the serial port used to establish the connection...

  • Page 31: Configuring Console Login Control Settings

    Figure 7 Setting the properties of the serial port Power on the device and press Enter at the prompt. Figure 8 CLI At the default user view prompt <HP>, enter commands to configure the device or view the running status of the device. To get help, enter ?. Configuring console login control settings The following authentication modes are available for controlling console logins:...

  • Page 32: Configuring None Authentication For Console Login

    None—Requires no authentication. This mode is insecure. • • Password—Requires password authentication. Scheme—Uses the AAA module to provide local or remote console login authentication. You must • provide a username and password for accessing the CLI. If the username or password configured on a remote server was lost, contact the server administrator for help.

  • Page 33: Configuring Password Authentication For Console Login

    The next time you attempt to log in through the console port, you do not need to provide any username or password, as shown in Figure Figure 9 Accessing the CLI through the console port without authentication Configuring password authentication for console login Step Command Remarks...

  • Page 34: Configuring Scheme Authentication For Console Login

    Figure 10 Password authentication interface for console login Configuring scheme authentication for console login Follow these guidelines when you configure scheme authentication for console login: To make the command authorization or command accounting function take effect, apply an • HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the authorization server and other authorization parameters.

  • Page 35

    Step Command Remarks Optional. By default, command authorization is disabled. The commands available for a user only depend on the user privilege level. Enable command command authorization authorization. If command authorization is enabled, a command is available only if the user has the commensurate user privilege level and is authorized to use the command by the AAA scheme.

  • Page 36: Configuring Common Console Login Settings (optional)

    Step Command Remarks Set an authentication password { cipher | simple } By default, no password is set. password for the local user. password Specifies a command level Optional. authorization-attribute level level of the local user. By default, the command level is 0. Specify terminal service for By default, no service type is service-type terminal...

  • Page 37

    Step Command Remarks Enter AUX user interface user-interface aux first-number view. [ last-number ] By default, the transmission rate is Configure the baud rate. speed speed-value 9600 bps. Configure the parity check The default setting is none, namely, parity { even | none | odd } mode.

  • Page 38: Logging In Through Telnet

    Step Command Remarks Set the size of command By default, the buffer saves 10 history-command max-size value history buffer. history commands at most. The default idle-timeout is 10 minutes. The system automatically terminates the user's connection if there is no information interaction Set the idle-timeout timer.

  • Page 39: Configuring None Authentication For Telnet Login

    username or password configured on a remote server was lost, contact the server administrator for help. Table 14 Configuration required for different Telnet login authentication modes Authentication Configuration tasks Reference mode "Configuring none Set the authentication mode to none for the VTY user None authentication for Telnet interface.

  • Page 40: Configuring Password Authentication For Telnet Login

    The next time you attempt to Telnet to the device, you do not need to provide any username or password, as shown in Figure 13. If the maximum number of login users has been reached, your login attempt fails and the message "All user interfaces are used, please try later!" appears. Figure 13 Telneting to the device without authentication Configuring password authentication for Telnet login Step...

  • Page 41: Configuring Scheme Authentication For Telnet Login

    Figure 14 Password authentication interface for Telnet login Configuring scheme authentication for Telnet login Follow these guidelines when you configure scheme authentication for Telnet login: To make the command authorization or command accounting function take effect, apply an • HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the authorization server and other authorization parameters.

  • Page 42

    Step Command Remarks Optional. By default, command authorization is disabled. The commands available for a user only depend on the user privilege level. Enable command authorization. command authorization If command authorization is enabled, a command is available only if the user has the commensurate user privilege level and is authorized to use the command by the AAA scheme.

  • Page 43: Configuring Common Settings For Vty User Interfaces (optional)

    Step Command Remarks Create a local user and enter local-user user-name By default, no local user exists. local user view. password { cipher | simple } Set a password. By default, no password is set. password Specify the command level of Optional.

  • Page 44

    Step Command Remarks Enter system view. system-view Enable copyright information By default, copyright information copyright-info enable display. display is enabled. Enter one or multiple VTY user user-interface vty first-number interface views. [ last-number ] Optional. Enable the terminal service. shell By default, terminal service is enabled.

  • Page 45: Using The Device To Log In To A Telnet Server

    Step Command Remarks Optional. By default, no automatically executed command is specified. The command auto-execute Specify a command to be function is typically used for auto-execute command automatically executed when a redirecting a Telnet user to a command user logs in to the user interfaces. specific host.

  • Page 46: Setting The Dscp Value For Ip To Use For Outgoing Telnet Packets

    Setting the DSCP value for IP to use for outgoing Telnet packets Step Command Remarks Enter system view. system-view • On a Telnet client running IPv4: The default is as follows: telnet client dscp dscp-value • 16 for a Telnet client running IPv4. •...

  • Page 47

    To make the command authorization or command accounting function take effect, apply an • HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the authorization server and other authorization parameters. • If the local authentication scheme is used, use the authorization-attribute level level command in local user view to set the user privilege level on the device.

  • Page 48

    Step Command Remarks Optional. By default, command accounting is disabled. The accounting server does not record the commands executed by users. Command accounting allows the HWTACACS server to record all executed commands that are supported by the device, regardless of the command execution result.

  • Page 49: Using The Device As An Ssh Client To Log In To The Ssh Server

    Step Command Remarks ssh user username service-type Create an SSH user, and stelnet authentication-type specify the authentication { password | { any | mode for the SSH user. password-publickey | publickey } assign publickey keyname } Configure common settings "Configuring common settings Optional.

  • Page 50: Setting Up The Configuration Environment

    Table 16 Configuration required for different modem login authentication modes Authentication Configuration task Reference mode "Configuring none None Set the authentication mode to none for the AUX user interface. authentication for modem dial-in" "Configuring Enable password authentication on the AUX user interface. password Password authentication for...

  • Page 51

    NOTE: The configuration commands and output vary by modem. For more information, see the modem user guide. To avoid data loss, verify that the speed of the console port is lower than the transmission rate of the modem, and the default parity check, stop bits, and data bits settings are used. Launch the terminal emulation program and create a connection by using the telephone number of the modem connected to the device.

  • Page 52

    NOTE: On Windows Server 2003, you must add the HyperTerminal program first, and then log in to and manage the device as described in this document. On Windows Server 2008, Windows 7, Windows Vista, or some other operating system, obtain a third-party terminal control program first, and follow the user guide or online help of that program to log in to the device.

  • Page 53: Configuring None Authentication For Modem Dial-in, Configuring Password Authentication For Modem Dial-in

    command. The connection is terminated if "OK" is displayed. You can also terminal the connection by clicking in the HyperTerminal window. IMPORTANT: Do not directly close the HyperTerminal. Doing so can cause some modems to stay in use, and your subsequent dial-in attempts will always fail.

  • Page 54: Configuring Scheme Authentication For Modem Dial-in

    Step Command Remarks Enter system view. system-view Enter one or more AUX user user-interface aux first-number interface views. [ last-number ] Enable password By default, no authentication is authentication-mode password authentication. performed for modem dial-in users. set authentication password Set a password. By default, no password is set.

  • Page 55

    Step Command Remarks Enter system view. system-view Enter AUX user user-interface aux first-number interface view. [ last-number ] Whether local, RADIUS, or HWTACACS authentication is adopted depends on Enable scheme the configured AAA scheme. authentication-mode scheme authentication. By default, no authentication is performed for modem dial-in users.

  • Page 56

    Step Command Remarks Optional. Enter the ISP domain view: domain domain-name By default, local authentication is used. Apply the specified AAA For local authentication, configure local scheme to the domain: user accounts. authentication default Apply an AAA For RADIUS or HWTACACS { hwtacacs-scheme authentication scheme authentication, configure the RADIUS or...

  • Page 57: Configuring Common Settings For Modem Dial-in (optional)

    Figure 26 Scheme authentication interface for modem dial-in users Configuring common settings for modem dial-in (optional) CAUTION: To avoid packet loss, make sure the speed of the console port is lower than the transmission rate of the modem. Some common settings configured for an AUX user interface take effect immediately and can interrupt the login session.

  • Page 58

    Step Command Remarks The default is 1. Configure the number of stop Stop bits indicate the end of a stopbits { 1 | 1.5 | 2 } bits. character. The more the bits, the slower the transmission. By default, the number of data bits in each character is 8.

  • Page 59: Displaying And Maintaining Cli Login

    Step Command Remarks The default idle-timeout is 10 minutes. The system automatically terminates the user's connection if there is no information interaction Set the idle-timeout timer. idle-timeout minutes [ seconds ] between the device and the user within the idle-timeout time. Setting idle-timeout to 0 disables the timer.

  • Page 60: Logging In To The Web Interface, Configuring Http Login

    Logging in to the Web interface The device provides a built-in Web server for you to configure the device through a Web browser. Web login is by default disabled. To enable Web login, log in via the console port, and perform the following configuration tasks: Enable HTTP or HTTPS service.

  • Page 61: Configuring Https Login

    Step Command Remarks Optional. By default, the HTTP service is not associated with any ACL. Associate the HTTP service ip http acl acl-number with an ACL. Associating the HTTP service with an ACL enables the device to allow only clients permitted by the ACL to access the device.

  • Page 62

    Step Command Remarks By default, the HTTPS service is not associated with any SSL server policy, and the device uses a self-signed certificate for authentication. If you disable the HTTPS service, the system automatically de-associates the Associate the HTTPS ip https ssl-server-policy HTTPS service from the SSL service service with an SSL server policy-name...

  • Page 63: Displaying And Maintaining Web Login, Http Login Configuration Example, Network Requirements

    Step Command Remarks By default, the HTTPS service is not associated with any ACL. Associate the HTTPS Associating the HTTPS service with an ip https acl acl-number service with an ACL. ACL enables the device to allow only clients permitted by the ACL to access the device.

  • Page 64: Configuration Procedure

    Figure 27 Network diagram Configuration procedure Configure the device: # Create VLAN 999, and add GigabitEthernet 1/0/1 (the interface connected to the PC) to VLAN 999. <Sysname> system-view [Sysname] vlan 999 [Sysname-vlan999] port GigabitEthernet 1/0/1 [Sysname-vlan999] quit # Assign the IP address 192.168.0.58 and the subnet mask 255.255.255.0 to VLAN-interface 999.

  • Page 65: Https Login Configuration Example, Network Requirements, Configuration Procedure

    Figure 28 Web login page # Enter the user name, password, verify code, select English, and click Login. The homepage appears. After login, you can configure device settings through the Web interface. HTTPS login configuration example Network requirements As shown in Figure 29, to prevent unauthorized users from accessing the device, configure the device as the HTTPS server and the host as the HTTPS client, and request a certificate for each of them.

  • Page 66

    # Configure a PKI entity, configure the common name of the entity as http-server1, and the FQDN of the entity as ssl.security.com. <Device> system-view [Device] pki entity en [Device-pki-entity-en] common-name http-server1 [Device-pki-entity-en] fqdn ssl.security.com [Device-pki-entity-en] quit # Create a PKI domain, specify the trusted CA as new-ca, the URL of the server for certificate request as http://10.1.2.2/certsrv/mscep/mscep.dll, authority for certificate request as RA, and the entity for certificate request as en.

  • Page 67

    # Create a local user named usera, set the password to 123, specify the Web service type, and specify the user privilege level 3. A level-3 user can perform all operations supported by the device. [Device] local-user usera [Device-luser-usera] password simple 123 [Device-luser-usera] service-type web [Device-luser-usera] authorization-attribute level 3 Configure the host (HTTPS client):...

  • Page 68: Logging In Through Snmp, Configuring Snmp Login, Prerequisites, Configuring Snmpv3 Settings

    Logging in through SNMP You can use an NMS to access the device MIB and perform GET and SET operations to manage and monitor the device. The device supports SNMPv1, SNMPv2c, and SNMPv3, and can work with various network management software products, including IMC. For more information about SNMP, see Network Management and Monitoring Configuration Guide.

  • Page 69: Configuring Snmpv1 Or Snmpv2c Settings

    Step Command Remarks snmp-agent group v3 group-name [ authentication | privacy ] Configure an SNMP [ read-view read-view ] [ write-view By default, no SNMP group is group and specify its write-view ] [ notify-view configured. access right. notify-view ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * snmp-agent usm-user v3 user-name group-name [ [ cipher ]...

  • Page 70: Nms Login Example, Network Requirements, Configuration Procedure

    NMS login example Network requirements Configure the device and the NMS so you can remotely manage the device through SNMPv3. Figure 31 Network diagram Configuration procedure Configure the device: # Assign an IP address to the device. Make sure the device and the NMS can reach each other. (Details not shown.) # Enter system view.

  • Page 71: Controlling User Logins, Controlling Telnet Logins, Configuring Source Ip-based Telnet Login Control

    Controlling user logins To harden device security, use ACLs to prevent unauthorized logins. For more information about ACLs, see ACL and QoS Configuration Guide. Controlling Telnet logins Use a basic ACL (2000 to 2999) to filter Telnet traffic by source IP address. Use an advanced ACL (3000 to 3999) to filter Telnet traffic by source and/or destination IP address.

  • Page 72: Configuring Source Mac-based Telnet Login Control, Telnet Login Control Configuration Example

    Step Command Remarks Exit advanced ACL view. quit user-interface [ type ] first-number Enter user interface view. [ last-number ] • inbound: Filters incoming Use the ACL to control user packets. acl [ ipv6 ] acl-number { inbound | logins by source and outbound } •...

  • Page 73: Configuring Source Ip-based Snmp Login Control, Configuration Procedure

    Figure 32 Network diagram Configuration procedure # Configure basic ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit packets sourced from Host A. <Sysname> system-view [Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit...

  • Page 74: Snmp Login Control Configuration Example

    Step Command Remarks • SNMPv1/v2c community: snmp-agent community { read | write } community-name [ mib-view view-name ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * • SNMPv1/v2c group: snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number | acl ipv6 ipv6-acl-number ] *...

  • Page 75: Configuring Web Login Control, Configuring Source Ip-based Web Login Control, Logging Off Online Web Users

    Configuration procedure # Create ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit packets sourced from Host A. <Sysname> system-view [Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit # Associate the ACL with the SNMP community and the SNMP group.

  • Page 76: Web Login Control Configuration Example

    Web login control configuration example Network requirements As shown in Figure 34, configure the device to allow only Web users from Host B to access. Figure 34 Network diagram Configuration procedure # Create ACL 2000, and configure rule 1 to permit packets sourced from Host B. <Sysname>...

  • Page 77: Configuring Ftp, Using The Device As An Ftp Client, Establishing An Ftp Connection

    Configuring FTP File Transfer Protocol (FTP) is an application layer protocol based on the client/server model. It is used to transfer files from one host to another over a TCP/IP network. FTP server uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959.

  • Page 78: Setting The Dscp Value For Ip To Use For Outgoing Ftp Packets

    The ftp client source command setting applies to all FTP sessions. When you set up an FTP session by using the ftp or ftp ipv6 command, you can also specify a different source IP address for the FTP session. IMPORTANT: To avoid FTP connection failures, when you specify a source interface for FTP packets, make sure the interface has been assigned a primary IP address.

  • Page 79: Managing Directories On The Ftp Server, Working With The Files On The Ftp Server

    Step Command Remarks Enter system view. system-view • For IPv4: Set the DSCP value for ftp client dscp dscp-value The default is 0, whether the FTP IP to use for outgoing client is running IPv4 or IPv6. • For IPv6: FTP packets.

  • Page 80: Switching To Another User Account, Maintaining And Troubleshooting The Ftp Connection, Terminating The Ftp Connection

    Task Command Remarks The ls command displays the name of a Query a directory or file on the directory or file only, while the dir ls [ remotefile [ localfile ] ] FTP server. command displays detailed information such as the file size and creation time. Delete the specified file on the delete remotefile FTP server permanently.

  • Page 81: Ftp Client Configuration Example

    Task Command Remarks • disconnect Terminate the FTP connection without exiting FTP Use either command in FTP client view. client view. • close • Terminate the FTP connection and return to user Use either command in FTP view. client view. •...

  • Page 82: Using The Device As An Ftp Server, Configuring Basic Parameters

    Download the file newest.bin from the PC to the Flash root directory of the subordinate device (with • member ID of 2). [ftp] get newest.bin slot2#flash:/newest.bin # Set the transfer mode to ASCII and upload the configuration file config.cfg from the IRF fabric to the PC for backup.

  • Page 83: Configuring Authentication And Authorization

    Fast mode—The FTP server starts writing data to the Flash after a file is transferred to the memory. • This prevents the existing file on the FTP server from being corrupted in the event that anomaly, such as a power failure, occurs during a file transfer. •...

  • Page 84: Ftp Server Configuration Example

    Step Command Remarks Enter system view. system-view Create a local user By default, no local user account authorized account and enter local-user user-name with the FTP service exists, and the system its view. does not support FTP anonymous user access. Set a password for password { simple | cipher } the user account.

  • Page 85

    # Create a local user account abc, set its password to abc and the user privilege level to level 3 (the manage level), specify the Flash root directory of the master device as the authorized directory, and specify the service type as FTP. <Sysname>...

  • Page 86: Displaying And Maintaining Ftp

    The specified file will be used as the main boot file at the next reboot on slot The specified file will be used as the main boot file at the next reboot on slot IMPORTANT: The system software image file used for the next startup and the startup configuration file must be saved in the Flash root directory.

  • Page 87: Configuring Tftp, Prerequisites, Using The Device As A Tftp Client

    Configuring TFTP Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for connection establishment and data transmission. In contrast to TCP-based FTP, TFTP requires no authentication or complex message exchanges, and is easier to deploy. TFTP supports the following transfer modes: Binary mode—Used to transfer image files, such as .app and .bin .btw files.

  • Page 88: Displaying And Maintaining The Tftp Client, Tftp Client Configuration Example

    To configure the TFTP client: Step Command Remarks Enter system view. system-view Optional. Use an ACL to control the tftp-server [ ipv6 ] acl acl-number By default, no ACL is used for client's access to TFTP servers. access control. Optional. tftp client source { interface Specify a source IP address By default, the primary IP...

  • Page 89

    Figure 39 Network diagram Configuration procedure This configuration procedure assumes that the PC and the IRF fabric can reach each other. Configure the PC (TFTP server): Enable the TFTP server. (Details not shown.) Configure a TFTP working directory. (Details not shown.) Configure the IRF fabric (TFTP client): # Examine the storage medium of the device for insufficiency or impairment.

  • Page 90: Managing The File System, Storage Medium Naming Rules, File Name Formats

    Managing the file system This chapter describes how to manage the device's file system, including the storage media, directories and files. Storage medium naming rules A storage medium is named based on the following rules:If a storage medium is the only storage medium of its type on the device, it is named by its type.

  • Page 91: Managing Files, Displaying File Information, Displaying File Contents, Renaming A File, Copying A File

    Managing files CAUTION: To avoid file system corruption, do not plug or unplug storage media or perform active/standby switchover while the system is processing a file operation. You can display directory or file information; display file contents; rename, copy, move, remove, restore, and delete files.

  • Page 92: Deleting/restoring A File, Emptying The Recycle Bin, Managing Directories, Displaying Directory Information

    Task Command Move a file. move fileurl-source fileurl-dest Deleting/restoring a file You can delete a file permanently or just move it to the recycle bin. A file moved to the recycle bin can be restored, but a file permanently deleted cannot. A file in the recycle bin occupies storage space.

  • Page 93: Changing The Current Working Directory, Creating A Directory, Removing A Directory, Managing Storage Medium Space

    Task Command Display the current working directory. Changing the current working directory Perform this task in user view. Task Command Change the current working directory. cd { directory | .. | / } Creating a directory Perform this task in user view. Task Command Create a directory.

  • Page 94: Displaying And Maintaining The Nand Flash Memory, Performing Batch Operations

    Displaying and maintaining the NAND Flash memory The physical space of the NAND Flash memory is divided into multiple blocks, each of which is subdivided into multiple pages. The NAND Flash memory is erased on a block basis and read on a page basis;...

  • Page 95: Setting The File System Operation Mode, File System Management Examples

    Setting the file system operation mode The file systems support the following operation modes: alert—The system warns you about operations that might cause problems such as file corruption • and data loss. To prevent incorrect operations, use the alert mode. quiet—The system does not prompt for any operation confirmation.

  • Page 96: Managing Configuration Files, Overview, Configuration Types

    Managing configuration files You can manage configuration files at the CLI or by using the Boot menu of the device. This chapter describes the CLI approach. Overview A configuration file saves configurations as a set of text commands. You can save the running configuration to a configuration file so the configuration takes effect after you reboot the device.

  • Page 97: Configuration File Format And Content, Next-startup Configuration File Redundancy, Startup With A Configuration File

    Configuration file format and content IMPORTANT: To run on the device, a configuration file must meet the content and format requirements of the device. To avoid any configuration loading problem at startup, use a configuration file created on the device. If you edit the configuration file, make sure all edits are compliant with the requirements of the device.

  • Page 98: Enabling Configuration File Auto-update, Saving Configuration In Different Approaches

    Complete these tasks to save the current configuration: Task Remarks Optional. Enabling configuration file auto-update Perform this task to ensure configuration consistency across member devices. Saving configuration in Required. Enabling configuration file auto-update The configuration auto-update function enables all subordinate switches to automatically save the running configuration as the master does when you execute the save [ safely ] [ backup | main ] [ force ] command or the save filename all command.

  • Page 99: Configuring Configuration Rollback, Configuration Task List

    Task Command Remarks The save command executed with only the file-url argument saves the Save the running configuration to a running configuration only to the configuration file without save file-url [ all | slot slot-number ] specified path, regardless of specifying the file as a next-startup whether the configuration configuration file.

  • Page 100: Configuring Configuration Archive Parameters

    Task Remarks Configuring configuration archive parameters Required. • Required. Enabling automatic configuration archiving • Manually archiving running configuration Use either approach. Performing configuration rollback Required. Configuring configuration archive parameters Before archiving the running configuration, either manually or automatically, you must configure a file directory and file name prefix for configuration archives.

  • Page 101: Enabling Automatic Configuration Archiving

    Step Command Remarks Do not include member ID information in the directory name. By default, no path or file name prefix is set for configuration archives, and the system does not regularly save configuration. Configure the directory and archive configuration location IMPORTANT: file name prefix for archiving directory filename-prefix...

  • Page 102: Manually Archiving Running Configuration, Performing Configuration Rollback

    Manually archiving running configuration To save system resources, disable automatic configuration archiving and manually archive configuration if the configuration will not be changed very often. You can also manually archive configuration before performing complicated configuration tasks so you can use the archive for configuration recovery after the configuration attempt fails.

  • Page 103: Specifying A Configuration File For The Next Startup

    Specifying a configuration file for the next startup You can specify a .cfg configuration file as the main startup configuration file to be used at the next startup when you use the save command to save the running configuration to it. Alternatively, perform the following task in user view to specify the next-startup configuration file: Task Command...

  • Page 104: Restoring The Next-startup Configuration File From A Tftp Server, Displaying And Maintaining A Configuration File

    You can delete the main, the backup, or both. If the main and backup next-startup configuration files are the same file, the system sets the attribute of the configuration file to NULL instead of deleting the file. You can permanently delete the file after its attribute changes to NULL. You may need to delete the next-startup configuration file for one of the following reasons: After you upgrade system software, the file does not match the new system software.

  • Page 105

    Task Command Remarks display current-configuration [ [ configuration [ configuration ] | interface [ interface-type ] Display the running configuration. [ interface-number ] | exclude Available in any view. modules ] [ by-linenum ] [ | { begin | exclude | include } regular-expression ] ] display default-configuration [ | Display the factory defaults.

  • Page 106: Upgrading Software, Software Upgrade Methods

    Upgrading software You can use the CLI or Boot menu to upgrade software. This chapter describes only the CLI approach to software upgrade. Upgrading software includes upgrading the BootWare (called "bootrom" in CLI) and system software. Each time the switch is powered on, it runs the BootWare image to initialize hardware and display hardware information, and then runs the system software image (called the "boot file"...

  • Page 107: Upgrading Bootware, Upgrading The Entire System Software

    Upgrading method Software types Remarks Patches repair software defects without requiring a reboot or service interruption. Installing patches System software images Patches do not add new features to system software images. Use this method when the device cannot correctly start up. For information about this upgrading method, see the release notes for your switch.

  • Page 108: Installing Patches

    Step Command Remarks Use FTP or TFTP to transfer the The image file must be saved in the system software image to the See "Configuring FTP" or root directory for a successful root directory of the master "Configuring TFTP." upgrade. device's storage media.

  • Page 109: Displaying And Maintaining Software Upgrade, Software Upgrade Examples, Upgrading The Entire System Software

    Step Command Remarks file patch-package: Specifies a Install a patch package file. patch install file patch-package patch package file name. Displaying and maintaining software upgrade Task Command Remarks display boot-loader [ slot slot-number ] Display information about system [ | { begin | exclude | include } Available in any view.

  • Page 110

    File will be transferred in binary mode Downloading file from remote TFTP server, please wait..TFTP: 917 bytes received in 1 second(s) File downloaded successfully. # Download new-config.cfg to the subordinate switch. <IRF> tftp 2.2.2.2 get new-config.cfg slot2#flash:/new-config.cfg # Download soft-version2.bin from the TFTP server to both member switches. <IRF>...

  • Page 111

    Figure 42 Network diagram Master Subordinate (Member_ID=1) (Member_ID=2) 2.2.2.2/24 Internet TFTP server 1.1.1.1/24 Note: The orange line represents the IRF link. Configuration procedure Configure the TFTP server: # Enable the TFTP server function. (Details not shown.) # Save the patch package file patch_package.bin to the working directory of TFTP server. (Details not shown.) Configure the IRF fabric: # Use the save command to save the current system configuration.

  • Page 112: Managing The Device, Configuring The Device Name, Changing The System Time, Configuration Guidelines

    Managing the device Device management includes monitoring the operating status of devices and configuring their running parameters. The configuration tasks in this document are order independent. You can perform these tasks in any order. Configuring the device name A device name identifies a device in a network and works as the user view prompt at the CLI. For example, if the device name is Sysname, the user view prompt is <Sysname>.

  • Page 113

    Command Effective system time Configuration example System time clock timezone 03:00:00 zone-time Sat zone-time add 1 2, 1 date-time 03/03/2007. clock datetime 3:00 2007/3/3 The original system time outside the daylight saving time range: clock summer-time ss 01:00:00 UTC Sat one-off 1:00 The system time does not 01/01/2005.

  • Page 114

    Command Effective system time Configuration example System time clock summer-time ss date-time – summer-offset one-off 1:00 outside the daylight 23:30:00 UTC Sun 2007/1/1 1:00 saving time range: 2007/8/8 2 12/31/2006. 3, 1 clock datetime 1:30 date-time – summer-offset 2007/1/1 (date-time in the daylight saving time clock summer-time ss date-time –...

  • Page 115: Enabling Displaying The Copyright Statement, Configuration Procedure

    You can disable or enable the function as needed. The following is a sample copyright statement: ****************************************************************************** * Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P. * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.

  • Page 116: Configuring Banners, Banner Message Input Modes

    Step Command Remarks Enter system view. system-view Enable displaying the copyright-info enable Enabled by default. copyright statement. Configuring banners Banners are messages that the system displays during user login. The system supports the following banners: Legal banner—Appears after the copyright or license statement. To continue login, the user must •...

  • Page 117: Configuring The Exception Handling Method, Configuration Procedure, Rebooting The Device

    Have a nice day. Please input the password.A Method 3—After you type the last keyword, type the start delimiter and part of the banner message and press Enter. At the system prompt, enter the rest of the banner and end the last line with a delimiter that is the same as the start delimiter.

  • Page 118: Rebooting Devices Immediately At The Cli, Scheduling A Device Reboot

    CAUTION: A reboot can interrupt network services. • To avoid data loss, use the save command to save the current configuration before a reboot. • Use the display startup and display boot-loader commands to verify that you have correctly set the •...

  • Page 119: Scheduling Jobs, Job Configuration Approaches, Configuration Guidelines

    Scheduling jobs You can schedule a job to automatically run a command or a set of commands without administrative interference. The commands in a job are polled every minute. When the scheduled time for a command is reached, the job automatically executes the command. If a confirmation is required while the command is running, the system automatically inputs Y or Yes.

  • Page 120: Scheduling A Job In The Non-modular Approach, Scheduling A Job In The Modular Approach

    In the modular approach: • Every job can have only one view and up to 10 commands. If you specify multiple views, the one specified the last takes effect. Input a view name in its complete form. Most commonly used view names include monitor for user view, system for system view, GigabitEthernet x/x/x, and Ten-GigabitEthernet x/x/x for Ethernet interface view, and Vlan-interfacex for VLAN interface view.

  • Page 121: Configuring The Port Status Detection Timer, Clearing Unused 16-bit Interface Indexes

    Step Command Remarks • Configure a command to run at a specific time and date: time time-id at time date command command • Configure a command to run at a Use any of the commands. specific time: NOTE: time time-id { one-off | repeating } Add commands to the job.

  • Page 122: Verifying And Diagnosing Transceiver Modules, Verifying Transceiver Modules, Diagnosing Transceiver Modules

    Verifying and diagnosing transceiver modules Support for the pluggable transceivers and the transceiver type depends on the device model. Verifying transceiver modules You can verify the genuineness of a transceiver module in the following ways: Display the key parameters of a transceiver module, including its transceiver type, connector type, •...

  • Page 123

    Task Command Remarks Display system version display version [ | { begin | exclude | Available in any view information. include } regular-expression ] display clock [ | { begin | exclude | Display the system time and date. Available in any view include } regular-expression ] display diagnostic-information [ | Display or save operating statistics...

  • Page 124

    Task Command Remarks Clear the system software version reset version-update-record Available in system view update history of the device.

  • Page 125: Automatic Configuration, Typical Application Scenario

    Automatic configuration Automatic configuration enables a device without any configuration file to automatically obtain and execute a configuration file during startup. Automatic configuration simplifies network configuration, facilitates centralized management, and reduces maintenance workload. To implement automatic configuration, the network administrator saves configuration files on a server and a device automatically obtains and executes a specific configuration file.

  • Page 126: How Automatic Configuration Works, Automatic Configuration Work Flow

    How automatic configuration works Automatic configuration works in the following manner: During startup, the device sets the first up interface (if up Layer 2 Ethernet ports exist, the VLAN interface of the default VLAN of the Ethernet ports is selected as the first up interface.) as the DHCP client to request parameters from the DHCP server, such as an IP address and name of a TFTP server, IP address of a DNS server, and the configuration file name.

  • Page 127: Using Dhcp To Obtain An Ip Address And Other Configuration Information

    Using DHCP to obtain an IP address and other configuration information Address acquisition process As previously mentioned, a device sets the first up interface as the DHCP client during startup. The DHCP client broadcasts a DHCP request, where the Option 55 field specifies the information that the client wants to obtain from the DHCP server such as the configuration file name, domain name and IP address of the TFTP server, and DNS server IP address.

  • Page 128: Obtaining The Configuration File From The Tftp Server

    To configure static address pools, you must obtain corresponding client IDs. To obtain a device's client ID, use the display dhcp server ip-in-use command to display address binding information on the DHCP server after the device obtains its IP address through DHCP. Obtaining the configuration file from the TFTP server A device can obtain the following files from the TFTP server during automatic configuration: Configuration file specified by the Option 67 or file field in the DHCP response.

  • Page 129

    Obtaining the configuration file Figure 45 Obtaining the configuration file A device obtains its configuration file by using the following workflow: • If the DHCP response contains the configuration file name, the device requests the specified configuration file from the TFTP server. If not, the device tries to get its host name from the host name file obtained from the TFTP server.

  • Page 130: Executing The Configuration File

    If the IP address and the domain name of the TFTP server are not contained in the DHCP response • or they are illegitimate, the device broadcasts a TFTP request. After broadcasting a TFTP request, the device selects the TFTP server that responds first to obtain the configuration file.

  • Page 131: Support And Other Resources, Contacting Hp, Subscription Service, Related Information, Documents, Websites

    Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.com/support Before contacting HP, collect the following information: Product model names and numbers • • Technical support registration number (if applicable) Product serial numbers •...

  • Page 132: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...

  • Page 133

    Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 134: Index

    Index A B C D E F H I L M N O P R S T U V Enabling displaying the copyright statement,109 Entering a command,5 Accessing the CLI online help,4 File name formats,84 Backing up the next-startup configuration file to a TFTP File system management examples,89 server,97...

  • Page 135

    Saving the running configuration,91 Understanding command-line error messages,8 Saving the running configuration,19 Upgrading BootWare,101 Scheduling jobs,1 13 Upgrading the entire system software,101 Setting the file system operation mode,89 User interfaces,22 Software upgrade examples,103 Using the command history function,9 Software upgrade methods,100 Using the device as a TFTP client,81...

This manual also for:

5500 hi series

Comments to this Manuals

Symbols: 0
Latest comments: