HP 6125XLG Blade Switch Fundamentals Configuration Guide Part number: 5998-3715 Software version: Release 2306 Document version: 6W100-20130912...
Page 2
HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
Contents Using the CLI ································································································································································ 1 CLI views ············································································································································································ 1 Entering system view from user view ······················································································································ 2 Returning to the upper-level view from any view ·································································································· 2 Returning to user view ·············································································································································· 3 Accessing the CLI online help ·········································································································································· 3 ...
Page 4
Configuring SNMPv1 or SNMPv2c access ················································································································· 35 Controlling user access ·············································································································································· 36 FIPS compliance ····························································································································································· 36 Controlling Telnet/SSH logins ······································································································································ 36 Controlling Telnet logins (not supported in FIPS mode) ····················································································· 36 Controlling SSH logins ·········································································································································· 36 ...
Page 5
Establishing an FTP connection ···························································································································· 66 Managing directories on the FTP server ············································································································· 67 Working with files on the FTP server ··················································································································· 68 Switching to another user account ······················································································································ 69 Maintaining and troubleshooting the FTP connection ······················································································· 69 ...
Page 6
Deleting a next-startup configuration file ····················································································································· 89 Displaying and maintaining configuration files ·········································································································· 90 Upgrading software ··················································································································································· 91 Overview ········································································································································································· 91 Software types ······················································································································································· 91 Comware image redundancy and loading procedure ····················································································· 91 System startup process ·········································································································································· 92 ...
Page 7
Using automatic configuration ······························································································································· 120 Understanding automatic configuration ···················································································································· 120 Overall automatic configuration process ·········································································································· 120 Automatic-configuration parameter acquisition process ················································································· 122 Configuration file acquisition process ··············································································································· 123 Deploying and configuring servers for automatic configuration ············································································· 124 ...
Using the CLI At the command-line interface (CLI), you can enter text commands to configure, manage, and monitor your device. Figure 1 CLI example You can use a variety of methods to log in to the CLI. For example, you can log in through the console port, or by using Telnet or SSH.
Figure 2 CLI views You are placed in user view immediately after you are logged in to the CLI. The user view prompt is <Device-name>, where Device-name indicates the device name, defaults to Sysname, and can be changed by using the sysname command. In user view, you can perform basic operations including display, debug, file management, FTP, Telnet, clock setting, and reboot.
Returning to user view You can return directly to user view from any other view by using the return command or pressing Ctrl+Z, instead of using the quit command multiple times. To return directly to user view from any other view: Task Command Return directly to user view.
format free <Sysname> display ftp? ftp-server ftp-user Using the undo form of a command Most configuration commands have an undo form for canceling a configuration, restoring the default, or disabling a feature. For example, the info-center enable command enables the information center, and the undo info-center enable command disables the information center.
Entering a string or text type value for an argument Generally, a string type argument value can contain any printable character (in the ASCII code range of 32 to 126) other than the question mark (?), quotation mark ("), backward slash (\), and space, and a text type argument value can contain any printable character other than the question mark.
Step Command Remarks (Optional.) Display command This command is available in any display command-alias keyword alias information. view. Configuring and using command hotkeys The system defines the hotkeys shown in Table 2 and provides five configurable command hotkeys. Pressing a command hotkey is the same as entering a command. If a hotkey is also defined by the terminal software you are using to interact with the device, the terminal software definition takes effect.
Hotkey Function Ctrl+Z Returns to user view. Ctrl+] Terminates the current connection. Esc+B Moves the cursor back one word. Esc+D Deletes all characters from the cursor to the end of the word. Esc+F Moves the cursor forward one word. Esc+N Moves the cursor down one line.
Error message Cause The entered character sequence contains excessive % Too many parameters. keywords or arguments. % Wrong parameter found at '^' position. The argument in the marked position is invalid. Using the command history function The system automatically saves commands successfully executed by a login user to two command history buffers: the command history buffer for the user interface and the command history buffer for all user interfaces.
Controlling the CLI output This section describes the CLI output control features that help you identify the desired output. Pausing between screens of output The system automatically pauses after displaying a screen if the output is too long to fit on one screen. You can use the keys described in "Output controlling keys"...
For example: # Display information about VLAN 999, numbering each output line. <Sysname> display vlan 999 | by-linenum VLAN ID: 999 VLAN type: Static Route interface: Configured IP address: 192.168.2.1 Subnet mask: 255.255.255.0 Description: For LAN Access Name: VLAN 0999 Tagged ports: None Untagged ports:...
Page 18
Characters Meaning Examples "(string)\1" matches a string containing "stringstring". Matches the preceding strings in "(string1)(string2)\2" matches a string parentheses, with the Nth string containing "string1string2string2". repeated once. "(string1)(string2)\1\2" matches a string containing " string1string2string1string2". "[16A]" matches a string containing 1, 6, or A; "[1-36A]"...
Characters Meaning Examples Same as [^A-Za-z0-9_], matches a character that is not a digit, letter, or "\Wa" matches "-a", but not "2a" or "ba". underscore. Escape character. If a special "\\" matches a string containing "\", "\^" character listed in this table follows matches a string containing "^", and "\\b"...
Page 20
Use one of the following methods to save the output from a display command: • Save the output to a separate file. Use this method if you want to use one file for a single display command. Append the output to the end of a file. Use this method if you want to use one file for multiple •...
Untagged ports: Ten-GigabitEthernet1/1/6 Viewing and managing the output from a display command effectively You can use the following measures in combination to filter and manage the output from a display command: Numbering each output line from a display command • Filtering the output from a display command •...
Login overview At the first startup, the device uses the default configuration file. The first time you access the device, you can only log in to the CLI through the console or AUX port. After login, you can change console or AUX login parameters or configure other access methods, including Telnet, SSH, and SNMP.
Page 23
Login method Default settings and minimum configuration requirements By default, SNMP access is disabled. To access the device through SNMP, complete the following configuration tasks: Accessing the device through SNMP • Assign an IP address to a Layer 3 interface, and make sure the interface and the NMS can reach each other.
Logging in through the console port for the first device access The first time you access the device, you can log in to the CLI through the console port. To log in through the console port, prepare a console terminal (for example, a PC) and make sure the console terminal has a terminal emulation program, for example, HyperTerminal in Windows XP.
Page 25
Figure 4 Creating a connection Figure 5 Specifying the serial port used to establish the connection...
Page 26
Figure 6 Setting the properties of the serial port Power on the device and press Enter as prompted. Figure 7 Device CLI At the default user view prompt <HP>, enter commands to configure the device or view the running status of the device. To get help, enter ?.
Logging in to the CLI By default, you can log in to the CLI only through the console or AUX port. After you log in, you can configure other login methods, including Telnet and SSH. To prevent illegal access to the CLI and control user behaviors, you can configure login authentication, assign user roles, configure command authorization and command accounting, and use ACLs to filter unauthorized logins.
A relative number uniquely identifies a user interface among all user interfaces that are the same type. The number format is user interface type + number. Both types of user interfaces are numbered starting from 0 and incrementing by 1. For example, the first VTY user interface is VTY 0. Login authentication modes You can configure login authentication to prevent illegal access to the device CLI.
FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. In FIPS mode, the device does not support Telnet login. Logging in through the console/AUX port locally To configure console/AUX login, complete the following tasks: Task...
The next time you attempt to log in through the console or AUX port, you do not need to provide any username or password. Configuring password authentication for console/AUX login (not supported in FIPS mode) Step Command Remarks Enter system view. system-view Enter console/AUX user user-interface { aux | console }...
Step Command Remarks The defaults are as follows: • Console user interface—Authentication is disabled. • AUX user interface—Authentication is disabled if the device started up with the Enable scheme authentication-mode scheme default configuration file, and password authentication. authentication is enabled if the device started up with empty configuration.
Step Command Remarks The default is 8. The setting depends on the character Specify the number of coding type. For example, you can set it data bits for each databits { 5 | 6 | 7 | 8 } to 7 if standard ASCII characters are to character.
By default, Telnet login is disabled on the device. To log in to the device through Telnet, you must first log in to the device through the console or AUX port, enable the Telnet server, and configure Telnet login authentication on the device. Configuring Telnet login on the device Task Remarks...
Page 34
Figure 8 Telnetting to the device without authentication Configuring password authentication for Telnet login Step Command Remarks Enter system view. system-view The defaults are as follows: • Telnet server is disabled if the device started up with empty configuration. • Telnet server is enabled if the device started up with the default Enable Telnet server.
Page 35
Figure 9 Password authentication interface for Telnet login Configuring scheme authentication for Telnet login Step Command Remarks Enter system view. system-view The defaults are as follows: • Telnet server is disabled if the device started up with empty configuration. • Telnet server is enabled if the device Enable Telnet server.
Page 36
Figure 10 Scheme authentication interface for Telnet login Configuring common VTY user interface settings For a VTY user interface, you can specify a command that is to be automatically executed when a user logs in. After executing the specified command and performing the incurred task, the system automatically disconnects the Telnet session.
Step Command Remarks By default, the idle timeout is 10 minutes for all user interfaces. If there is no interaction between the device and idle-timeout minutes the user within the idle timeout, the system Set the idle timeout. [ seconds ] automatically terminates the user connection on the user interface.
Logging in through SSH SSH offers a secure method for remote login. By providing encryption and strong authentication, it protects devices against attacks such as IP spoofing and plain text password interception. For more information, see Security Configuration Guide. You can use an SSH client to log in to the device for remote management, or use the device as an SSH client to log in to an SSH server.
Step Command Remarks In non-FIPS mode, Telnet and SSH are • In non-FIPS mode: supported by default. In FIPS mode, (Optional.) Specify protocol inbound { all | ssh | SSH is supported by default. the protocols for the telnet } user interfaces to This configuration is effective only for •...
Page 40
Task Command Remarks Display the source IPv4 address or interface configured for the device display telnet client to use for outgoing Telnet packets when serving as a Telnet client. Multiple users can log in to the device to simultaneously configure the device. When necessary, you can execute this free user-interface { num1 | { aux | Release a user interface.
Accessing the device through SNMP You can run SNMP on an NMS to access the device MIB and perform get and set operations to manage and monitor the device. Figure 13 SNMP access diagram Get/Set requests Get/Set responses Agent and Traps The device supports SNMPv1, SNMPv2c, and SNMPv3, and can work with various network management software products, including IMC.
Controlling user access Use ACLs to prevent unauthorized access and configure command authorization and accounting to monitor and control user behaviors. For more information about ACLs, see ACL and QoS Configuration Guide. FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode.
Configuration example Network requirements Configure the device in Figure 14 to permit only Telnet packets sourced from Host A and Host B. Figure 14 Network diagram Configuration procedure # Configure an ACL to permit packets sourced from Host A and Host B. <Sysname>...
Step Command Remarks By default, command authorization is disabled, and the commands available for a user only depend on the user role. Enable command This command takes effect immediately command authorization authorization. after it is configured. Configure the command authorization method in ISP domain view before configuring this command.
Page 48
Step Command Remarks The defaults are as follows: • Console user interface—Authentication is disabled. • AUX user interface—Authentication is disabled if the device started up with the default configuration file, and Enable scheme password authentication is enabled if authentication-mode scheme authentication.
Configuring RBAC Role based access control (RBAC) controls user access to commands and resources based on user role. This chapter describes the basic idea of RBAC and guides you through the RBAC configuration procedure. Overview On devices that support multiple users, RBAC is used to assign command and resource access permissions to user roles that are created for different job functions.
Page 50
A user role can have multiple rules uniquely identified by rule numbers. The set of permitted commands in these rules are accessible to the user role. If two rules conflict, the one with higher number takes effect. For example, if rule 1 permits the ping command, rule 2 permits the tracert command, and rule 3 denies the ping command, the user role can use the tracert command but not the ping command.
User role name Permissions • level-0—Has access to the commands of ping, quit, ssh2, super, system-view, telnet, and tracert. Level-0 access rights are configurable. • level-1—Has access to the display commands (except display history-command all) of all features and resources in the system, in addition to all access rights of the user role level-0.
For more information about AAA and SSH, see Security Configuration Guide. For more information about user interfaces, see "Login overview" and "Logging in to the CLI." FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode.
Configuring user role rules Configure command, feature, and feature group rules to permit or deny the access of a user role to specific commands. You can configure up to 256 rules for a user role, but the total number of user role rules in the system cannot exceed 1024.
Step Command Remarks By default, the system has the following predefined feature groups: • L2—Includes all Layer 2 Create a feature group role feature-group name commands. and enter feature group feature-group-name view. • L3—Includes all Layer 3 commands. These two groups are not user configurable.
Changing the VLAN policy of a user role Step Command Remarks Enter system view. system-view Enter user role view. role name role-name By default, the VLAN policies of user roles permit access to all VLANs. Enter user role VLAN policy vlan policy deny view.
Step Command Remarks Enter system view. system-view The default user role function is disabled. Enable the default user role role default-role enable If the none authorization method is function. used for local users, you must enable the default user role function. Assigning user roles to remote AAA authentication users For remote AAA authentication users, user roles are configured on the remote authentication server.
Step Command Remarks Repeat this step to assign the user to up to 64 user roles. Authorize the user to have a authorization-attribute user-role By default, network-operator is user role. role-name assigned to local users created by a network-admin user or level-15 user. Assigning user roles to non-AAA authentication users on user interfaces Specify user roles for the following two types of login users on the user interfaces:...
Configuration guidelines When you configure temporary user role authorization, follow these guidelines: • To enable users to obtain temporary user roles, you must configure user role authentication. Table describes the available authentication modes and configuration requirements. Local password authentication is available for all user roles, but remote AAA authentication is •...
Configuring user role authentication Step Command Remarks Enter system view. system-view Set an authentication super authentication-mode { local | By default, local-only authentication mode. scheme } * applies. Use this step for local password authentication. • In non-FIPS mode: Set a local super password [ role rolename ] authentication By default, no password is...
RBAC configuration examples RBAC configuration example for local AAA authentication users Unless otherwise noted, devices in the configuration example are operating in non-FIPS mode. Network requirements The switch in Figure 16 performs local AAA authentication for the Telnet user at 192.168.1.58. This Telnet user has the username user1@bbb and is assigned the user role role1.
# Change the VLAN policy to permit the user role to configure only VLANs 10 to 20. [Switch-role-role1] vlan policy deny [Switch-role-role1-vlanpolicy] permit vlan 10 to 20 [Switch-role-role1-vlanpolicy] quit [Switch-role-role1] quit # Create a device management user named user1 and enter its view. [Switch] local-user user1 class manage # Set a plaintext password aabbcc for the user.
Page 62
Network requirements The switch in Figure 17 uses the FreeRADIUS server at 10.1.1.1/24 to provide AAA service for login users, including the Telnet user at 192.168.1.58. This Telnet user uses the username hello@bbb and is assigned the user role role2. This user role has the following permissions: Performs all the commands in ISP view.
Page 63
# Specify the primary server address 10.1.1.1 and the service port 1812 in the scheme. [Switch-radius-rad] primary authentication 10.1.1.1 1812 # Set the shared key to expert in the scheme for the switch to authenticate to the server. [Switch-radius-rad] key authentication simple expert [Switch-radius-rad] quit # Specify the scheme rad as the authentication and authorization schemes for the ISP domain bbb.
[Switch-role-role2-ifpolicy] quit [Switch-role-role2] quit Configure the RADIUS server: # Add either of the user role attributes to the dictionary file of the FreeRADIUS server. Cisco-AVPair = "shell:roles=\"role2\"" Cisco-AVPair = "shell:roles*\"role2\"" # Configure the settings required for the FreeRADIUS server to communicate with the switch. (Details not shown.) Verifying the configuration # Telnet to the switch, and enter the username and password to access the user interface.
Page 65
Configure the remote-then-local authentication mode for temporary user role. The switch uses the HWTACACS server to provide authentication for obtaining the level-3 user role. If the AAA configuration is invalid or the HWTACACS server does not respond, the switch performs local authentication. Figure 18 Network diagram Configuration procedure Configure the switch:...
Page 66
[Switch] domain bbb # Configure ISP domain bbb to use local authentication for login users. [Switch-isp-bbb] authentication login local # Configure ISP domain bbb to use local authorization for login users. [Switch-isp-bbb] authorization login local # Apply the HWTACACS scheme hwtac to the ISP domain. [Switch-isp-bbb] authentication super hwtacacs-scheme hwtac [Switch-isp-bbb] quit # Create a device management user named test and enter its view.
<Switch> telnet 192.168.1.70 Trying 192.168.1.70 ... Press CTRL+K to abort Connected to 192.168.1.59 ... ****************************************************************************** * Copyright (c) 2004-2013 Hewlett-Packard Development Company, L.P. * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ****************************************************************************** login: test@bbb Password: <Switch>?
ssh2 Establish a secure shell client connection super Switch to a user role system-view Enter the System View telnet Establish a telnet connection tracert Tracert function Obtain the level-3 user role: # Use the super password to obtain the level-3 user role. When the system prompts for a username and password, enter the username test@bbb and password enabpass.
Page 69
Analysis RBAC requires that a login user have at least one user role. If the RADIUS server does not authorize the login user to use any user role, the user cannot log in to the device. Solution Resolve the problem in one of the following ways: Configure the role default-role enable command so a RADIUS user can log in with the default user •...
Configuring FTP File Transfer Protocol (FTP) is an application layer protocol based on the client/server model. It is used to transfer files from one host to another over an IP network. FTP server uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959.
Configuring basic parameters Step Command Remarks Enter system view. system-view Enable the FTP server. ftp server enable By default, the FTP server is disabled. (Optional.) Use an ACL to ftp server acl { acl-number | By default, no ACL is used for access control access to the FTP ipv6 acl-number6 } control.
Displaying and maintaining the FTP server Execute display commands in any view. Task Command Display FTP server configuration and status information. display ftp-server Display detailed information about online FTP users. display ftp-user FTP server configuration example Network requirements Create a local user account with username abc and password 123456 on the FTP server. Use the user account to log in to the FTP server from the FTP client, upload the file temp.bin from the FTP client to the FTP server, and download the configuration file config.cfg from the FTP server to the FTP client for backup.
[Sysname] quit Perform FTP operations from the FTP client: # Log in to the FTP server at 1.1.1.1 using the username abc and password 123456. c:\> ftp 1.1.1.1 Connected to 1.1.1.1. (1.1.1.1) 220 FTP service ready. User(1.1.1.1:(none)):abc 331 Password required for abc. Password: 230 User logged in.
Step Command Remarks • (Method 1) Log in to the FTP server directly in user view: ftp ftp-server [ service-port ] [ vpn-instance vpn-instance-name ] Use either method. [ source { interface { interface-name The source IP address | interface-type interface-number } | specified in the ftp command Log in to the FTP server.
Task Command Change the working directory on the FTP server. cd { directory | .. | / } Return to the upper level directory on the FTP cdup server. Display the working directory that is being accessed. Create a directory on the FTP server. mkdir directory Remove the specified working directory on the rmdir directory...
Task Command Remarks Download a file from the FTP get remotefile [ localfile ] server. Add the content of a file on the FTP client to a file on the FTP append localfile [ remotefile ] server. Use this command together with the put, Specify the retransmit marker.
Terminating the FTP connection Task Command Remarks • disconnect Terminate the connection to the FTP server Use either command in FTP client without exiting FTP client view. • view. close • Terminate the connection to the FTP server Use either command in FTP client and return to user view.
Page 78
Figure 22 Network diagram Configuration procedure # Configure IP addresses as shown in Figure 22 and make sure the IRF fabric and PC can reach each other. (Details not shown.) # Examine the storage space on the member devices for insufficiency. If the free space is insufficient, use the delete/unreserved file-url command to delete unused files.
Page 79
226 File successfully transferred 3494 bytes sent in 5.646 seconds (618.00 kbyte/s) ftp> bye 221-Goodbye. You uploaded 2 and downloaded 2 kbytes. 221 Logout. <Sysname>...
Configuring TFTP Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for data transmission. In contrast to TCP-based FTP, TFTP does not require authentication or complex message exchanges, and is easier to deploy. TFTP is suited for reliable network environments.
Step Command Remarks The source IP address specified in this command tftp tftp-server { get | put } source-filename takes precedence over the [ destination-filename ] [ vpn-instance Download or upload a file one set by the tftp client vpn-instance-name ] [ source { interface in an IPv4 network.
Managing the file system This chapter describes how to manage the device's file system, including the storage media, directories, and files. IMPORTANT: Before managing storage media, files, and directories, make sure you know the possible impacts. • A file or directory whose name starts with a period (.) is considered a hidden file or directory. Do not •...
Managing files CAUTION: To avoid file system corruption, do not install or remove storage media or perform master/subordinate switchover during file operations. You can display directory and file information, display file contents, and rename, copy, move, remove, restore, and delete files. You can create a file by copying, downloading, or using the save command.
Moving a file Perform this task in user view. Task Command Move a file. move fileurl-source fileurl-dest Compressing/decompressing a file Perform the following tasks in user view: Task Command Compress a file. gzip filename Decompress a file. gunzip filename Deleting/restoring a file You can delete a file permanently or move it to the recycle bin.
Calculating the file digest The digest of a file can be used to verify the file integrity. For example, you can calculate the digest of a software image file and compare it with that provided on the HP website to verify whether the file has been tampered with.
Removing a directory To remove a directory, you must delete all files and subdirectories in this directory. To delete a file, use the delete command. To delete a subdirectory, use the rmdir command. Removing a directory permanently deletes all its files in the recycle bin, if any. Perform this task in user view.
Page 87
To set the operation mode for files and folders: Step Command Remarks Enter system view. system-view Set the operation mode for file prompt { alert | quiet } The default mode is alert. files and folders.
Managing configuration files You can use the CLI or the BootWare menus to manage configuration files. This chapter explains how to manage configuration files from the CLI. Overview A configuration file saves a set of commands for configuring software features on the device. You can save any configuration to a configuration file so they can survive a reboot.
To view the running configuration, use the display current-configuration command. The displayed configuration does not include parameters that use initial settings. Startup configuration loading process Figure 24 shows the configuration loading process during startup. Figure 24 Configuration loading process during startup The device uses the following process to select the startup configuration file to load at startup: If you access the BootWare menus to select the Skip Current System Configuration option, the device starts up with empty configuration.
If you have not specified a backup startup configuration file, or the specified backup startup configuration file is not available, the device starts up with the default configuration file (factory defaults). If a parameter is not included in the default configuration file, its initial setting is used. Configuration file formats Configuration files you specify for saving configuration must use the .cfg extension.
irf mac-address persistent timer irf auto-update enable irf link-delay 0 irf member 2 priority 1 FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.
overwriting the target next-startup configuration file after the save operation is complete. If a reboot or power failure occurs during the save operation, the next-startup configuration file is still retained. Use the safe mode if the power source is not reliable or you are remotely configuring the device. To save the running configuration, perform either of the following tasks in any view: Task Command...
Configuration archives are saved with the file name format prefix_serial number.cfg, for example, 20080620archive_1.cfg and 20080620archive_2.cfg. The serial number is automatically assigned from 1 to 1000, increasing by 1. After the serial number reaches 1000, it restarts from 1. After you change the file directory or file name prefix, or reboot the device, the old configuration archives are regarded as common configuration files, the configuration archive counter resets, and the display archive configuration command no longer displays them.
If the device configuration changes frequently, configure automatic archiving with an interval longer • than 1440 minutes (24 hours). Make sure you have set an archive path and file name prefix before performing this task. To enable automatic configuration archiving: Step Command Remarks...
The configuration rollback function might fail to reconfigure some commands in the running configuration for one of the following reasons: A command cannot be undone because prefixing the undo keyword to the command does not • result in a valid undo command. For example, if the undo form designed for the A [B] C command is undo A C, the configuration rollback function cannot undo the A B C command, because the system does not recognize the undo A B C command.
Backing up the main next-startup configuration file to a TFTP server Before performing this task, make sure the following requirements are met: • The server is reachable and enabled with TFTP service. You have read and write permissions. • To back up the main next-startup configuration file to a TFTP server: Step Command Remarks...
You can delete the main, the backup, or both. To delete a file that is set as both main and backup next-startup configuration files, you must execute both the reset saved-configuration backup command and the reset saved-configuration main command. Using only one of the commands removes the specified file attribute instead of deleting the file. For example, if the reset saved-configuration backup command is executed, the backup next-startup configuration file setting is set to NULL, but the file is still used as the main file.
Upgrading software This chapter describes types of software and how to upgrade software from the CLI. For a comparison of all software upgrade methods, see "Upgrade methods." Overview Software upgrade enables you to have new features and fix bugs. Before performing an upgrade, use the release notes for the new software version to verify software and hardware compatibility and evaluate upgrade impacts.
This procedure assumes that the main image set and the backup image set have feature packages and patch packages. If an image set has neither feature packages nor patch packages, the system can use the image set to start up after the boot image and the system image passes verification. If neither the main boot image nor the backup boot image exists or is valid, connect to the console port and power cycle the device to access the BootWare menus for loading a boot image.
Figure 26 System startup process Upgrade methods Upgrading method Software types Remarks • BootWare image This method is disruptive. You must reboot the Upgrading from the CLI • Comware images entire device to complete the upgrade. (excluding patches) Use this method when the device cannot start up correctly.
Software upgrade procedure summary To upgrade software from the CLI: Download the upgrade software image file. (Optional.) Preload the BootWare image to the BootWare. If a BootWare upgrade is required, you can perform this task to shorten the subsequent upgrade time.
Specifying the startup image file and completing the upgrade Perform this task in user view. Step Command Remarks You can also specify a backup startup • Method 1: image file. boot-loader file ipe-filename If method 1 is used, the file name must slot slot-number { backup | take the main }...
Step Command Remarks Verify that the current software images (Optional.) Verify the display boot-loader [ slot are the same as the startup software software image settings. slot-number ] images. Displaying and maintaining software image settings Execute display commands in any view. Task Command Display current software images and startup...
Page 104
# Use TFTP to download the image file startup-a2105.ipe from the TFTP server to the root directory of the flash on the master device. <Sysname> tftp 2.2.2.2 get startup-a2105.ipe # (Optional.) Back up the image file to startup-a2105-backup.ipe. Skip this step if the flash does not have sufficient space.
If you perform both configuration tasks, the device uses the system time of the trusted time source. For more information about NTP, see Network Management and Monitoring Configuration Guide. Powering off or rebooting an HP 6125XLG switch does not affect the system time. To set the system time: Step...
You can disable or enable the function as needed. The following is a sample copyright statement: ****************************************************************************** * Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P. * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.
A multi-line banner can be up to 2000 characters. To input a multi-line banner, use one of the following methods: Method 1—Press Enter after the last command keyword. At the system prompt, enter the banner and end the last line with the delimiter character %. For example, you can configure the banner "Have a nice day.
Disabling password recovery capability Password recovery capability controls console user access to the device configuration and SDRAM from BootWare menus. If password recovery capability is enabled, a console user can access the device configuration without authentication to configure new passwords. If password recovery capability is disabled, console users must restore the factory-default configuration before they can configure new passwords.
Rebooting the device CAUTION: A reboot can interrupt network services. • To avoid configuration loss, use the save command to save the running configuration before a reboot. • Fundamentals Command Reference For more information about the save command, see Before a reboot, use the display startup and display boot-loader commands to verify that you have •...
Task Command Remarks Specify the reboot delay scheduler reboot delay time By default, no reboot delay time is specified. time. Scheduling a task You can schedule the device to automatically execute a command or a set of commands without administrative interference. You can configure a one-time schedule or a periodic schedule.
Page 111
Step Command Remarks By default, no job is assigned to a schedule. Assign a job to a job job-name You can assign multiple jobs to a schedule. schedule. The jobs will be executed concurrently. • Specify the execution date and Configure one command as time: required.
Schedule configuration example Network requirements To save energy, configure the device to enable interfaces Ten-GigabitEthernet 1/1/5 and Ten-GigabitEthernet 1/1/6 at 8:00 a.m. every Monday through Friday and disable the interfaces at 18:00 every Monday through Friday. Figure 28 Network diagram Scheduling procedure # Enter system view.
Page 113
[Sysname-job-start-ten-gigabitethernet1/1/6] command 1 system-view [Sysname-job-start-ten-gigabitethernet1/1/6] command 2 interface ten-gigabitethernet1/1/6 [Sysname-job-start-ten-gigabitethernet1/1/6] command 3 undo shutdown [Sysname-job-start-ten-gigabitethernet1/1/6] quit # Configure a periodic schedule for enabling the interfaces at 8:00 a.m. every Monday through Friday. [Sysname] scheduler schedule START-pc1/pc2 [Sysname-schedule-START-pc1/pc2] job start-ten-gigabitethernet1/1/5 [Sysname-schedule-START-pc1/pc2] job start-ten-gigabitethernet1/1/6 [Sysname-schedule-START-pc1/pc2] time repeating at 8:00 week-day mon tue wed thu fri [Sysname-schedule-START-pc1/pc2] quit # Configure a periodic schedule for disabling the interfaces at 18:00 every Monday through Friday.
Page 114
----------------------------------------------------------------------- Job name Last execution status start-ten-gigabitethernet1/1/5 Successful start-ten-gigabitethernet1/1/6 Successful Schedule name : STOP-pc1/pc2 Schedule type : Run on every Mon Tue Wed Thu Fri at 18:00:00 Start time : Wed Sep 28 18:00:00 2011 Last execution time : Wed Sep 28 18:00:00 2011 Last completion time : Wed Sep 28 18:00:01 2011 Execution counts -----------------------------------------------------------------------...
Job name : shutdown-ten-gigabitethernet1/1/6 Schedule name : STOP-pc1/pc2 Execution time : Wed Sep 28 18:00:00 2011 Completion time : Wed Sep 28 18:00:01 2011 --------------------------------- Job output ----------------------------------- <Sysname>system-view System View: return to User View with Ctrl+Z. [Sysname]interface ten-gigabitethernet1/1/6 [Sysname-Ten-GigabitEthernet1/1/6]shutdown Configuring the preferred airflow direction The device supports two air flow directions: •...
Setting memory usage thresholds To ensure correct operation and improve memory utilization, the system monitors the following items in real time: • Memory utilization rate. When the threshold is reached or exceeded, the device sends a trap message for notification. Amount of free memory space.
Figure 29 Memory alarm notification and alarm-removed notification Free memory space Minor alarm-removed Normal Minor Severe alarm-removed alarm Minor Critical alarm-removed Severe alarm Severe Critical alarm Critical Time To set memory usage thresholds: Step Command Remarks Enter system system-view view. The defaults are as follows: •...
Using the emergency shell At startup, the device tries to locate and load the Comware startup software images, which includes a boot image, a system image, and some patch images (if any). If the boot image exists and can be used but the system image or a patch image is missing or corrupted, the device enters emergency shell mode.
Task Command Remarks Permanently delete a delete file-url file. To delete a folder, first delete all files and child folders Delete a folder. rmdir directory in the folder. Format a storage format device medium. Obtaining a system image from an FTP/TFTP server If the required system image is saved on an FTP or TFTP server, configure the management Ethernet interface and obtain the system image as described in the following sections.
Step Command Remarks By default, the management Assign an IPv6 address ipv6 address ipv6-address prefix-length Ethernet interface has no IPv6 to the port. address. By default, the management Specify an IPv6 gateway ipv6 gateway ipv6-address Ethernet interface has no IPv6 for the port.
Task Command Use SSH to connect to an IPv4 server. ssh2 server-ipv4-address To access a remote IPv6 server, execute one of the following commands to obtain a system image in user view: Task Command ftp ipv6 server-ipv6-address user username password Use FTP to download a file from or upload a file to password { get remote-file local-file | put local-file an IPv6 server.
# Check the version information of the boot image. <boot> display version HP Comware Software Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P. All rights reserved. HP 6125XLG Blade Switch Software Version V200R001B02D024 HP 6125XLG Blade Switch uptime is 0 weeks, 0 days, 0 hours, 10 minutes...
Page 125
Boot image: flash:/6125xlg-cmw710-boot-r2306.bin Boot image version: 7.1.035, Release 2306 HP 6125XLG Blade Switch with 2 Processors 2048M bytes SDRAM bytes Nor Flash Memory 512M bytes Nand Flash Memory Config Register points to Nand Flash # Configure an IP address and a gateway for the management Ethernet interface.
Page 126
User interface aux0 is available. Press ENTER to get started.
Using automatic configuration With the automatic configuration feature, the device can automatically obtain a set of configuration settings from some servers when it starts up without a configuration file. This feature simplifies network configuration, facilitates centralized management, and reduces maintenance workload. Automatic configuration cannot be used for automatic IRF fabric setup.
Page 128
After getting automatic configuration parameters, the device tries to download a configuration file from a TFTP server. For more information, see "Configuration file acquisition process." If the device gets a configuration file, it deletes its temporary settings to restore the factory defaults and then executes the configuration file.
Figure 32 Automatic configuration workflow Automatic-configuration parameter acquisition process After the device finds an interface for automatic configuration, it enables the DHCP client on the interface. Then, the DHCP client broadcasts a DHCP request to locate a DHCP server and request configuration settings.
After the device obtains an IP address, it resolves the received DHCP reply to examine the following fields: Option 67 or the file field—Carries the configuration file name. The device resolves Option 67 first. • If Option 67 does not contain the configuration file name, the device resolves the file field. Option 12—Carries the host name.
Figure 33 Configuration file acquisition process Deploying and configuring servers for automatic configuration To implement automatic configuration, you do not need to perform any configuration on the device. However, you must deploy DHCP, TFTP, and DNS servers and configure the servers to cooperate with the device as follows: DHCP server—Assigns the device a set of parameters for automatic configuration, which might •...
TFTP server—Stores files needed for device automatic configuration, including the configuration • files and host name files. For more information about the TFTP server, see "Configuring TFTP." DNS server—Resolves the device's temporary IP address to its host name so the device can request •...
Page 133
forwards the unicast packet to the TFTP server. For more information about UDP helper, see Layer 3—IP Services Configuration Guide.
Configuring Tcl Comware V7 provides a built-in tool command language (Tcl) interpreter. You can execute Tcl commands on the device. From user view, you can use the tclsh command to enter Tcl configuration view, where you can execute the following commands: All Tcl 8.5 commands.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.com/support Before contacting HP, collect the following information: Product model names and numbers • Technical support registration number (if applicable) • • Product serial numbers Error messages •...
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 137
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Index CLI user interface assignment, RBAC local AAA authentication user role, RBAC non-AAA authentication user role, default user role function, RBAC remote AAA authentication user role, RBAC AAA authorization, RBAC user role, RBAC local AAA authentication user authenticating configuration, FTP basic server authentication, RBAC user role local AAA authentication, login management CLI console/AUX none RBAC user role non-AAA authentication,...
Page 139
automatic configuration file system current working directory, configuration file acquisition process, RBAC resource access policies, DHCP server configuration, RBAC user role interface policy, feature, RBAC user role VLAN policy, parameter acquisition process, RBAC user role VPN instance policy, process, checking server configuration, server connectivity, 1 15...
Page 140
running configuration save, FIPS compliance, string/text type argument value, format, undo command form, main next-startup file backup, use, main next-startup file restore, user interfaces, management, user roles, next-startup configuration file, view hierarchy, next-startup file delete, command running configuration archiving (manual), CLI command abbreviation, running configuration save, CLI command entry,...
Page 144
file information display, server configuration, file management, server directory management, file move, server files, file name formats, TFTP configuration, file rename, troubleshooting connection, file restoration, user account switch, file/folder operation mode, management, history recycle bin file delete, CLI history function, storage media formatting, hotkey (command), storage media management,...
Page 146
Telnet login scheme authentication, transceiver module verification, 1 10 Telnet server login, moving user access control, file, VTY common user interface settings, emergency shell device reboot, 1 16 emergency shell use, 1 17 main multiple-line banner input method, software image set, main next-startup configuration file, 89, maintaining naming...
Page 147
FTP server authentication, network management FTP server authorization, automatic configuration, FTP server configuration, CLI use, FTP server directory management, configuration file management, FTP server files, device management, FTP user account switch, emergency shell use, 1 17 IPv4 TFTP client configuration, file system management, IPv6 TFTP client configuration, FTP configuration,...
Page 148
automatic configuration parameter acquisition RBAC user role interface policy, process, RBAC user role local AAA authentication, Option 66 (DHCP);Option 066 RBAC user role non-AAA authentication, automatic configuration parameter acquisition RBAC user role remote AAA authentication, process, RBAC user role VLAN policy, Option 67 (DHCP);Option 067 RBAC user role VPN instance policy, automatic configuration parameter acquisition...
Page 149
configuring FTP server local authentication, configuring RBAC user role authentication, configuring FTP server local authorization, configuring RBAC user role rules, configuring FTP server remote configuring temporary RBAC user role authentication, authorization, configuring FTP server remote authorization, controlling CLI output, 9, configuring login management CLI controlling login management SNMP access, console/AUX common user interface...
Page 150
establishing FTP client connection, setting system operating mode, filtering CLI display command output, setting system time, formatting file system storage media, specifying next-startup configuration file, logging in to SSH server (device login), specifying startup image file, logging in to Telnet server (device login), switching FTP user accounts, maintaining CLI login, terminating FTP connection,...
Page 151
user role local AAA authentication, RBAC feature group rule, user role non-AAA authentication, RBAC feature read rule, user role remote AAA authentication, RBAC feature write rule, user role rule configuration, RBAC user role rule configuration, user role rules, running configuration user role VLAN policy, archiving, user role VPN instance policy,...
Page 152
RBAC RADIUS authentication user completing upgrade, configuration, Comware Boot image type, RBAC resource access policies, 43, Comware image loading, RBAC user role assignment, 44, Comware image redundancy, RBAC user role authentication, Comware image type, RBAC user role creation, Comware patch package, RBAC user role interface policy, Comware system image type, RBAC user role local AAA authentication,...
Page 153
system DHCP automatic configuration server configuration, Comware image loading, emergency shell file system management, 1 13 Comware image redundancy, emergency shell server connectivity check, 1 15 Comware patch package, emergency shell system software image Comware system software image type, retrieval, 1 14 startup process, emergency shell use,...
Page 154
login management Telnet login password login none authentication, authentication, login password authentication, login management Telnet login scheme login scheme authentication, authentication, server login, login management Telnet server login, VTY common user interface settings, login management user access control, terminating login management VTY common user interface FTP connection, settings, text file content display,...
Page 155
software upgrade procedure, login management CLI user interfaces, specifying startup image file, login management VTY common user interface settings, user using interface login management CLI console/AUX common user interface settings, CLI, interface login management VTY common user command history function, interface settings, command hotkey, user access...