Download Print this page

HP 6125XLG Configuration Manual

Blade switch fundamentals configuration guide
Hide thumbs


HP 6125XLG Blade Switch

Configuration Guide

Part number: 5998-3715
Software version: Release 2306
Document version: 6W100-20130912



  Related Manuals for HP 6125XLG

  Summary of Contents for HP 6125XLG

  • Page 1: Configuration Guide

    HP 6125XLG Blade Switch Fundamentals Configuration Guide Part number: 5998-3715 Software version: Release 2306 Document version: 6W100-20130912...
  • Page 2 HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
  • Page 3: Table Of Contents

    Contents Using the CLI ································································································································································ 1   CLI views ············································································································································································ 1   Entering system view from user view ······················································································································ 2   Returning to the upper-level view from any view ·································································································· 2   Returning to user view ·············································································································································· 3   Accessing the CLI online help ·········································································································································· 3  ...
  • Page 4 Configuring SNMPv1 or SNMPv2c access ················································································································· 35   Controlling user access ·············································································································································· 36   FIPS compliance ····························································································································································· 36   Controlling Telnet/SSH logins ······································································································································ 36   Controlling Telnet logins (not supported in FIPS mode) ····················································································· 36   Controlling SSH logins ·········································································································································· 36  ...
  • Page 5 Establishing an FTP connection ···························································································································· 66   Managing directories on the FTP server ············································································································· 67   Working with files on the FTP server ··················································································································· 68   Switching to another user account ······················································································································ 69   Maintaining and troubleshooting the FTP connection ······················································································· 69  ...
  • Page 6 Deleting a next-startup configuration file ····················································································································· 89   Displaying and maintaining configuration files ·········································································································· 90   Upgrading software ··················································································································································· 91   Overview ········································································································································································· 91   Software types ······················································································································································· 91   Comware image redundancy and loading procedure ····················································································· 91   System startup process ·········································································································································· 92  ...
  • Page 7 Using automatic configuration ······························································································································· 120   Understanding automatic configuration ···················································································································· 120   Overall automatic configuration process ·········································································································· 120   Automatic-configuration parameter acquisition process ················································································· 122   Configuration file acquisition process ··············································································································· 123   Deploying and configuring servers for automatic configuration ············································································· 124  ...
  • Page 8: Using The Cli

    Using the CLI At the command-line interface (CLI), you can enter text commands to configure, manage, and monitor your device. Figure 1 CLI example You can use a variety of methods to log in to the CLI. For example, you can log in through the console port, or by using Telnet or SSH.
  • Page 9: Entering System View From User View

    Figure 2 CLI views You are placed in user view immediately after you are logged in to the CLI. The user view prompt is <Device-name>, where Device-name indicates the device name, defaults to Sysname, and can be changed by using the sysname command. In user view, you can perform basic operations including display, debug, file management, FTP, Telnet, clock setting, and reboot.
  • Page 10: Returning To User View

    Returning to user view You can return directly to user view from any other view by using the return command or pressing Ctrl+Z, instead of using the quit command multiple times. To return directly to user view from any other view: Task Command Return directly to user view.
  • Page 11: Using The Undo Form Of A Command

    format free <Sysname> display ftp? ftp-server ftp-user Using the undo form of a command Most configuration commands have an undo form for canceling a configuration, restoring the default, or disabling a feature. For example, the info-center enable command enables the information center, and the undo info-center enable command disables the information center.
  • Page 12: Entering A String Or Text Type Value For An Argument

    Entering a string or text type value for an argument Generally, a string type argument value can contain any printable character (in the ASCII code range of 32 to 126) other than the question mark (?), quotation mark ("), backward slash (\), and space, and a text type argument value can contain any printable character other than the question mark.
  • Page 13: Configuring And Using Command Hotkeys

    Step Command Remarks (Optional.) Display command This command is available in any display command-alias keyword alias information. view. Configuring and using command hotkeys The system defines the hotkeys shown in Table 2 and provides five configurable command hotkeys. Pressing a command hotkey is the same as entering a command. If a hotkey is also defined by the terminal software you are using to interact with the device, the terminal software definition takes effect.
  • Page 14: Enabling Redisplaying Entered-But-Not-Submitted Commands

    Hotkey Function Ctrl+Z Returns to user view. Ctrl+] Terminates the current connection. Esc+B Moves the cursor back one word. Esc+D Deletes all characters from the cursor to the end of the word. Esc+F Moves the cursor forward one word. Esc+N Moves the cursor down one line.
  • Page 15: Using The Command History Function

    Error message Cause The entered character sequence contains excessive % Too many parameters. keywords or arguments. % Wrong parameter found at '^' position. The argument in the marked position is invalid. Using the command history function The system automatically saves commands successfully executed by a login user to two command history buffers: the command history buffer for the user interface and the command history buffer for all user interfaces.
  • Page 16: Controlling The Cli Output

    Controlling the CLI output This section describes the CLI output control features that help you identify the desired output. Pausing between screens of output The system automatically pauses after displaying a screen if the output is too long to fit on one screen. You can use the keys described in "Output controlling keys"...
  • Page 17: Filtering The Output From A Display Command

    For example: # Display information about VLAN 999, numbering each output line. <Sysname> display vlan 999 | by-linenum VLAN ID: 999 VLAN type: Static Route interface: Configured IP address: Subnet mask: Description: For LAN Access Name: VLAN 0999 Tagged ports: None Untagged ports:...
  • Page 18 Characters Meaning Examples "(string)\1" matches a string containing "stringstring". Matches the preceding strings in "(string1)(string2)\2" matches a string parentheses, with the Nth string containing "string1string2string2". repeated once. "(string1)(string2)\1\2" matches a string containing " string1string2string1string2". "[16A]" matches a string containing 1, 6, or A; "[1-36A]"...
  • Page 19: Saving The Output From A Display Command To A File

    Characters Meaning Examples Same as [^A-Za-z0-9_], matches a character that is not a digit, letter, or "\Wa" matches "-a", but not "2a" or "ba". underscore. Escape character. If a special "\\" matches a string containing "\", "\^" character listed in this table follows matches a string containing "^", and "\\b"...
  • Page 20 Use one of the following methods to save the output from a display command: • Save the output to a separate file. Use this method if you want to use one file for a single display command. Append the output to the end of a file. Use this method if you want to use one file for multiple •...
  • Page 21: Viewing And Managing The Output From A Display Command Effectively

    Untagged ports: Ten-GigabitEthernet1/1/6 Viewing and managing the output from a display command effectively You can use the following measures in combination to filter and manage the output from a display command: Numbering each output line from a display command • Filtering the output from a display command •...
  • Page 22: Login Overview

    Login overview At the first startup, the device uses the default configuration file. The first time you access the device, you can only log in to the CLI through the console or AUX port. After login, you can change console or AUX login parameters or configure other access methods, including Telnet, SSH, and SNMP.
  • Page 23 Login method Default settings and minimum configuration requirements By default, SNMP access is disabled. To access the device through SNMP, complete the following configuration tasks: Accessing the device through SNMP • Assign an IP address to a Layer 3 interface, and make sure the interface and the NMS can reach each other.
  • Page 24: Logging In Through The Console Port For The First Device Access

    Logging in through the console port for the first device access The first time you access the device, you can log in to the CLI through the console port. To log in through the console port, prepare a console terminal (for example, a PC) and make sure the console terminal has a terminal emulation program, for example, HyperTerminal in Windows XP.
  • Page 25 Figure 4 Creating a connection Figure 5 Specifying the serial port used to establish the connection...
  • Page 26 Figure 6 Setting the properties of the serial port Power on the device and press Enter as prompted. Figure 7 Device CLI At the default user view prompt <HP>, enter commands to configure the device or view the running status of the device. To get help, enter ?.
  • Page 27: Logging In To The Cli

    Logging in to the CLI By default, you can log in to the CLI only through the console or AUX port. After you log in, you can configure other login methods, including Telnet and SSH. To prevent illegal access to the CLI and control user behaviors, you can configure login authentication, assign user roles, configure command authorization and command accounting, and use ACLs to filter unauthorized logins.
  • Page 28: Login Authentication Modes

    A relative number uniquely identifies a user interface among all user interfaces that are the same type. The number format is user interface type + number. Both types of user interfaces are numbered starting from 0 and incrementing by 1. For example, the first VTY user interface is VTY 0. Login authentication modes You can configure login authentication to prevent illegal access to the device CLI.
  • Page 29: Fips Compliance

    FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. In FIPS mode, the device does not support Telnet login. Logging in through the console/AUX port locally To configure console/AUX login, complete the following tasks: Task...
  • Page 30: Configuring Password Authentication For Console/Aux Login (Not Supported In Fips Mode)

    The next time you attempt to log in through the console or AUX port, you do not need to provide any username or password. Configuring password authentication for console/AUX login (not supported in FIPS mode) Step Command Remarks Enter system view. system-view Enter console/AUX user user-interface { aux | console }...
  • Page 31: Configuring Common Console/Aux User Interface Settings

    Step Command Remarks The defaults are as follows: • Console user interface—Authentication is disabled. • AUX user interface—Authentication is disabled if the device started up with the Enable scheme authentication-mode scheme default configuration file, and password authentication. authentication is enabled if the device started up with empty configuration.
  • Page 32: Logging In Through Telnet (Not Supported In Fips Mode)

    Step Command Remarks The default is 8. The setting depends on the character Specify the number of coding type. For example, you can set it data bits for each databits { 5 | 6 | 7 | 8 } to 7 if standard ASCII characters are to character.
  • Page 33: Configuring Telnet Login On The Device

    By default, Telnet login is disabled on the device. To log in to the device through Telnet, you must first log in to the device through the console or AUX port, enable the Telnet server, and configure Telnet login authentication on the device. Configuring Telnet login on the device Task Remarks...
  • Page 34 Figure 8 Telnetting to the device without authentication Configuring password authentication for Telnet login Step Command Remarks Enter system view. system-view The defaults are as follows: • Telnet server is disabled if the device started up with empty configuration. • Telnet server is enabled if the device started up with the default Enable Telnet server.
  • Page 35 Figure 9 Password authentication interface for Telnet login Configuring scheme authentication for Telnet login Step Command Remarks Enter system view. system-view The defaults are as follows: • Telnet server is disabled if the device started up with empty configuration. • Telnet server is enabled if the device Enable Telnet server.
  • Page 36 Figure 10 Scheme authentication interface for Telnet login Configuring common VTY user interface settings For a VTY user interface, you can specify a command that is to be automatically executed when a user logs in. After executing the specified command and performing the incurred task, the system automatically disconnects the Telnet session.
  • Page 37: Using The Device To Log In To A Telnet Server

    Step Command Remarks By default, the idle timeout is 10 minutes for all user interfaces. If there is no interaction between the device and idle-timeout minutes the user within the idle timeout, the system Set the idle timeout. [ seconds ] automatically terminates the user connection on the user interface.
  • Page 38: Logging In Through Ssh

    Logging in through SSH SSH offers a secure method for remote login. By providing encryption and strong authentication, it protects devices against attacks such as IP spoofing and plain text password interception. For more information, see Security Configuration Guide. You can use an SSH client to log in to the device for remote management, or use the device as an SSH client to log in to an SSH server.
  • Page 39: Using The Device To Log In To An Ssh Server

    Step Command Remarks In non-FIPS mode, Telnet and SSH are • In non-FIPS mode: supported by default. In FIPS mode, (Optional.) Specify protocol inbound { all | ssh | SSH is supported by default. the protocols for the telnet } user interfaces to This configuration is effective only for •...
  • Page 40 Task Command Remarks Display the source IPv4 address or interface configured for the device display telnet client to use for outgoing Telnet packets when serving as a Telnet client. Multiple users can log in to the device to simultaneously configure the device. When necessary, you can execute this free user-interface { num1 | { aux | Release a user interface.
  • Page 41: Accessing The Device Through Snmp

    Accessing the device through SNMP You can run SNMP on an NMS to access the device MIB and perform get and set operations to manage and monitor the device. Figure 13 SNMP access diagram Get/Set requests Get/Set responses Agent and Traps The device supports SNMPv1, SNMPv2c, and SNMPv3, and can work with various network management software products, including IMC.
  • Page 42: Configuring Snmpv1 Or Snmpv2C Access

    Step Command Remarks snmp-agent usm-user v3 user-name group-name [ remote { ip-address | ipv6 ipv6-address } [ vpn-instance To send informs to an SNMPv3 Create an vpn-instance-name ] ] [ { cipher | simple } NMS, you must use the remote SNMPv3 user.
  • Page 43: Controlling User Access

    Controlling user access Use ACLs to prevent unauthorized access and configure command authorization and accounting to monitor and control user behaviors. For more information about ACLs, see ACL and QoS Configuration Guide. FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode.
  • Page 44: Configuration Example

    Configuration example Network requirements Configure the device in Figure 14 to permit only Telnet packets sourced from Host A and Host B. Figure 14 Network diagram Configuration procedure # Configure an ACL to permit packets sourced from Host A and Host B. <Sysname>...
  • Page 45: Configuration Example

    Step Command Remarks • SNMP community: snmp-agent community { read | write } community-name [ mib-view view-name ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * • SNMPv1/v2c group: snmp-agent group { v1 | v2c } group-name [ read-view view-name ] [ write-view view-name ] [ notify-view view-name ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * •...
  • Page 46: Configuring Command Authorization

    [Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 0 [Sysname-acl-basic-2000] rule 2 permit source 0 [Sysname-acl-basic-2000] quit # Associate the ACL with the SNMP community and the SNMP group. [Sysname] snmp-agent community read aaa acl 2000 [Sysname] snmp-agent group v2c groupa acl 2000 [Sysname] snmp-agent usm-user v2c usera groupa acl 2000 Configuring command authorization...
  • Page 47: Configuring Command Accounting

    Step Command Remarks By default, command authorization is disabled, and the commands available for a user only depend on the user role. Enable command This command takes effect immediately command authorization authorization. after it is configured. Configure the command authorization method in ISP domain view before configuring this command.
  • Page 48 Step Command Remarks The defaults are as follows: • Console user interface—Authentication is disabled. • AUX user interface—Authentication is disabled if the device started up with the default configuration file, and Enable scheme password authentication is enabled if authentication-mode scheme authentication.
  • Page 49: Configuring Rbac

    Configuring RBAC Role based access control (RBAC) controls user access to commands and resources based on user role. This chapter describes the basic idea of RBAC and guides you through the RBAC configuration procedure. Overview On devices that support multiple users, RBAC is used to assign command and resource access permissions to user roles that are created for different job functions.
  • Page 50 A user role can have multiple rules uniquely identified by rule numbers. The set of permitted commands in these rules are accessible to the user role. If two rules conflict, the one with higher number takes effect. For example, if rule 1 permits the ping command, rule 2 permits the tracert command, and rule 3 denies the ping command, the user role can use the tracert command but not the ping command.
  • Page 51: Assigning User Roles

    User role name Permissions • level-0—Has access to the commands of ping, quit, ssh2, super, system-view, telnet, and tracert. Level-0 access rights are configurable. • level-1—Has access to the display commands (except display history-command all) of all features and resources in the system, in addition to all access rights of the user role level-0.
  • Page 52: Fips Compliance

    For more information about AAA and SSH, see Security Configuration Guide. For more information about user interfaces, see "Login overview" and "Logging in to the CLI." FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode.
  • Page 53: Configuring User Role Rules

    Configuring user role rules Configure command, feature, and feature group rules to permit or deny the access of a user role to specific commands. You can configure up to 256 rules for a user role, but the total number of user role rules in the system cannot exceed 1024.
  • Page 54: Changing Resource Access Policies

    Step Command Remarks By default, the system has the following predefined feature groups: • L2—Includes all Layer 2 Create a feature group role feature-group name commands. and enter feature group feature-group-name view. • L3—Includes all Layer 3 commands. These two groups are not user configurable.
  • Page 55: Changing The Vlan Policy Of A User Role

    Changing the VLAN policy of a user role Step Command Remarks Enter system view. system-view Enter user role view. role name role-name By default, the VLAN policies of user roles permit access to all VLANs. Enter user role VLAN policy vlan policy deny view.
  • Page 56: Assigning User Roles To Remote Aaa Authentication Users

    Step Command Remarks Enter system view. system-view The default user role function is disabled. Enable the default user role role default-role enable If the none authorization method is function. used for local users, you must enable the default user role function. Assigning user roles to remote AAA authentication users For remote AAA authentication users, user roles are configured on the remote authentication server.
  • Page 57: Assigning User Roles To Non-Aaa Authentication Users On User Interfaces

    Step Command Remarks Repeat this step to assign the user to up to 64 user roles. Authorize the user to have a authorization-attribute user-role By default, network-operator is user role. role-name assigned to local users created by a network-admin user or level-15 user. Assigning user roles to non-AAA authentication users on user interfaces Specify user roles for the following two types of login users on the user interfaces:...
  • Page 58: Configuration Guidelines

    Configuration guidelines When you configure temporary user role authorization, follow these guidelines: • To enable users to obtain temporary user roles, you must configure user role authentication. Table describes the available authentication modes and configuration requirements. Local password authentication is available for all user roles, but remote AAA authentication is •...
  • Page 59: Configuring User Role Authentication

    Configuring user role authentication Step Command Remarks Enter system view. system-view Set an authentication super authentication-mode { local | By default, local-only authentication mode. scheme } * applies. Use this step for local password authentication. • In non-FIPS mode: Set a local super password [ role rolename ] authentication By default, no password is...
  • Page 60: Rbac Configuration Examples

    RBAC configuration examples RBAC configuration example for local AAA authentication users Unless otherwise noted, devices in the configuration example are operating in non-FIPS mode. Network requirements The switch in Figure 16 performs local AAA authentication for the Telnet user at This Telnet user has the username user1@bbb and is assigned the user role role1.
  • Page 61: Rbac Configuration Example For Radius Authentication Users

    # Change the VLAN policy to permit the user role to configure only VLANs 10 to 20. [Switch-role-role1] vlan policy deny [Switch-role-role1-vlanpolicy] permit vlan 10 to 20 [Switch-role-role1-vlanpolicy] quit [Switch-role-role1] quit # Create a device management user named user1 and enter its view. [Switch] local-user user1 class manage # Set a plaintext password aabbcc for the user.
  • Page 62 Network requirements The switch in Figure 17 uses the FreeRADIUS server at to provide AAA service for login users, including the Telnet user at This Telnet user uses the username hello@bbb and is assigned the user role role2. This user role has the following permissions: Performs all the commands in ISP view.
  • Page 63 # Specify the primary server address and the service port 1812 in the scheme. [Switch-radius-rad] primary authentication 1812 # Set the shared key to expert in the scheme for the switch to authenticate to the server. [Switch-radius-rad] key authentication simple expert [Switch-radius-rad] quit # Specify the scheme rad as the authentication and authorization schemes for the ISP domain bbb.
  • Page 64: Rbac Configuration Example For Hwtacacs Authentication Users

    [Switch-role-role2-ifpolicy] quit [Switch-role-role2] quit Configure the RADIUS server: # Add either of the user role attributes to the dictionary file of the FreeRADIUS server. Cisco-AVPair = "shell:roles=\"role2\"" Cisco-AVPair = "shell:roles*\"role2\"" # Configure the settings required for the FreeRADIUS server to communicate with the switch. (Details not shown.) Verifying the configuration # Telnet to the switch, and enter the username and password to access the user interface.
  • Page 65 Configure the remote-then-local authentication mode for temporary user role. The switch uses the HWTACACS server to provide authentication for obtaining the level-3 user role. If the AAA configuration is invalid or the HWTACACS server does not respond, the switch performs local authentication. Figure 18 Network diagram Configuration procedure Configure the switch:...
  • Page 66 [Switch] domain bbb # Configure ISP domain bbb to use local authentication for login users. [Switch-isp-bbb] authentication login local # Configure ISP domain bbb to use local authorization for login users. [Switch-isp-bbb] authorization login local # Apply the HWTACACS scheme hwtac to the ISP domain. [Switch-isp-bbb] authentication super hwtacacs-scheme hwtac [Switch-isp-bbb] quit # Create a device management user named test and enter its view.
  • Page 67: Verifying The Configuration

    <Switch> telnet Trying ... Press CTRL+K to abort Connected to ... ****************************************************************************** * Copyright (c) 2004-2013 Hewlett-Packard Development Company, L.P. * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ****************************************************************************** login: test@bbb Password: <Switch>?
  • Page 68: Troubleshooting Rbac

    ssh2 Establish a secure shell client connection super Switch to a user role system-view Enter the System View telnet Establish a telnet connection tracert Tracert function Obtain the level-3 user role: # Use the super password to obtain the level-3 user role. When the system prompts for a username and password, enter the username test@bbb and password enabpass.
  • Page 69 Analysis RBAC requires that a login user have at least one user role. If the RADIUS server does not authorize the login user to use any user role, the user cannot log in to the device. Solution Resolve the problem in one of the following ways: Configure the role default-role enable command so a RADIUS user can log in with the default user •...
  • Page 70: Configuring Ftp

    Configuring FTP File Transfer Protocol (FTP) is an application layer protocol based on the client/server model. It is used to transfer files from one host to another over an IP network. FTP server uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959.
  • Page 71: Configuring Basic Parameters

    Configuring basic parameters Step Command Remarks Enter system view. system-view Enable the FTP server. ftp server enable By default, the FTP server is disabled. (Optional.) Use an ACL to ftp server acl { acl-number | By default, no ACL is used for access control access to the FTP ipv6 acl-number6 } control.
  • Page 72: Displaying And Maintaining The Ftp Server

    Displaying and maintaining the FTP server Execute display commands in any view. Task Command Display FTP server configuration and status information. display ftp-server Display detailed information about online FTP users. display ftp-user FTP server configuration example Network requirements Create a local user account with username abc and password 123456 on the FTP server. Use the user account to log in to the FTP server from the FTP client, upload the file temp.bin from the FTP client to the FTP server, and download the configuration file config.cfg from the FTP server to the FTP client for backup.
  • Page 73: Using The Device As An Ftp Client

    [Sysname] quit Perform FTP operations from the FTP client: # Log in to the FTP server at using the username abc and password 123456. c:\> ftp Connected to ( 220 FTP service ready. User( 331 Password required for abc. Password: 230 User logged in.
  • Page 74: Managing Directories On The Ftp Server

    Step Command Remarks • (Method 1) Log in to the FTP server directly in user view: ftp ftp-server [ service-port ] [ vpn-instance vpn-instance-name ] Use either method. [ source { interface { interface-name The source IP address | interface-type interface-number } | specified in the ftp command Log in to the FTP server.
  • Page 75: Working With Files On The Ftp Server

    Task Command Change the working directory on the FTP server. cd { directory | .. | / } Return to the upper level directory on the FTP cdup server. Display the working directory that is being accessed. Create a directory on the FTP server. mkdir directory Remove the specified working directory on the rmdir directory...
  • Page 76: Switching To Another User Account

    Task Command Remarks Download a file from the FTP get remotefile [ localfile ] server. Add the content of a file on the FTP client to a file on the FTP append localfile [ remotefile ] server. Use this command together with the put, Specify the retransmit marker.
  • Page 77: Terminating The Ftp Connection

    Terminating the FTP connection Task Command Remarks • disconnect Terminate the connection to the FTP server Use either command in FTP client without exiting FTP client view. • view. close • Terminate the connection to the FTP server Use either command in FTP client and return to user view.
  • Page 78 Figure 22 Network diagram Configuration procedure # Configure IP addresses as shown in Figure 22 and make sure the IRF fabric and PC can reach each other. (Details not shown.) # Examine the storage space on the member devices for insufficiency. If the free space is insufficient, use the delete/unreserved file-url command to delete unused files.
  • Page 79 226 File successfully transferred 3494 bytes sent in 5.646 seconds (618.00 kbyte/s) ftp> bye 221-Goodbye. You uploaded 2 and downloaded 2 kbytes. 221 Logout. <Sysname>...
  • Page 80: Configuring Tftp

    Configuring TFTP Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for data transmission. In contrast to TCP-based FTP, TFTP does not require authentication or complex message exchanges, and is easier to deploy. TFTP is suited for reliable network environments.
  • Page 81: Configuring The Device As An Ipv6 Tftp Client

    Step Command Remarks The source IP address specified in this command tftp tftp-server { get | put } source-filename takes precedence over the [ destination-filename ] [ vpn-instance Download or upload a file one set by the tftp client vpn-instance-name ] [ source { interface in an IPv4 network.
  • Page 82: Managing The File System

    Managing the file system This chapter describes how to manage the device's file system, including the storage media, directories, and files. IMPORTANT: Before managing storage media, files, and directories, make sure you know the possible impacts. • A file or directory whose name starts with a period (.) is considered a hidden file or directory. Do not •...
  • Page 83: Managing Files

    Managing files CAUTION: To avoid file system corruption, do not install or remove storage media or perform master/subordinate switchover during file operations. You can display directory and file information, display file contents, and rename, copy, move, remove, restore, and delete files. You can create a file by copying, downloading, or using the save command.
  • Page 84: Moving A File

    Moving a file Perform this task in user view. Task Command Move a file. move fileurl-source fileurl-dest Compressing/decompressing a file Perform the following tasks in user view: Task Command Compress a file. gzip filename Decompress a file. gunzip filename Deleting/restoring a file You can delete a file permanently or move it to the recycle bin.
  • Page 85: Calculating The File Digest

    Calculating the file digest The digest of a file can be used to verify the file integrity. For example, you can calculate the digest of a software image file and compare it with that provided on the HP website to verify whether the file has been tampered with.
  • Page 86: Removing A Directory

    Removing a directory To remove a directory, you must delete all files and subdirectories in this directory. To delete a file, use the delete command. To delete a subdirectory, use the rmdir command. Removing a directory permanently deletes all its files in the recycle bin, if any. Perform this task in user view.
  • Page 87 To set the operation mode for files and folders: Step Command Remarks Enter system view. system-view Set the operation mode for file prompt { alert | quiet } The default mode is alert. files and folders.
  • Page 88: Managing Configuration Files

    Managing configuration files You can use the CLI or the BootWare menus to manage configuration files. This chapter explains how to manage configuration files from the CLI. Overview A configuration file saves a set of commands for configuring software features on the device. You can save any configuration to a configuration file so they can survive a reboot.
  • Page 89: Startup Configuration Loading Process

    To view the running configuration, use the display current-configuration command. The displayed configuration does not include parameters that use initial settings. Startup configuration loading process Figure 24 shows the configuration loading process during startup. Figure 24 Configuration loading process during startup The device uses the following process to select the startup configuration file to load at startup: If you access the BootWare menus to select the Skip Current System Configuration option, the device starts up with empty configuration.
  • Page 90: Configuration File Formats

    If you have not specified a backup startup configuration file, or the specified backup startup configuration file is not available, the device starts up with the default configuration file (factory defaults). If a parameter is not included in the default configuration file, its initial setting is used. Configuration file formats Configuration files you specify for saving configuration must use the .cfg extension.
  • Page 91: Fips Compliance

    irf mac-address persistent timer irf auto-update enable irf link-delay 0 irf member 2 priority 1 FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.
  • Page 92: Configuring Configuration Rollback

    overwriting the target next-startup configuration file after the save operation is complete. If a reboot or power failure occurs during the save operation, the next-startup configuration file is still retained. Use the safe mode if the power source is not reliable or you are remotely configuring the device. To save the running configuration, perform either of the following tasks in any view: Task Command...
  • Page 93: Enabling Automatic Configuration Archiving

    Configuration archives are saved with the file name format prefix_serial number.cfg, for example, 20080620archive_1.cfg and 20080620archive_2.cfg. The serial number is automatically assigned from 1 to 1000, increasing by 1. After the serial number reaches 1000, it restarts from 1. After you change the file directory or file name prefix, or reboot the device, the old configuration archives are regarded as common configuration files, the configuration archive counter resets, and the display archive configuration command no longer displays them.
  • Page 94: Manually Archiving The Running Configuration

    If the device configuration changes frequently, configure automatic archiving with an interval longer • than 1440 minutes (24 hours). Make sure you have set an archive path and file name prefix before performing this task. To enable automatic configuration archiving: Step Command Remarks...
  • Page 95: Specifying A Next-Startup Configuration File

    The configuration rollback function might fail to reconfigure some commands in the running configuration for one of the following reasons: A command cannot be undone because prefixing the undo keyword to the command does not • result in a valid undo command. For example, if the undo form designed for the A [B] C command is undo A C, the configuration rollback function cannot undo the A B C command, because the system does not recognize the undo A B C command.
  • Page 96: Backing Up The Main Next-Startup Configuration File To A Tftp Server

    Backing up the main next-startup configuration file to a TFTP server Before performing this task, make sure the following requirements are met: • The server is reachable and enabled with TFTP service. You have read and write permissions. • To back up the main next-startup configuration file to a TFTP server: Step Command Remarks...
  • Page 97: Displaying And Maintaining Configuration Files

    You can delete the main, the backup, or both. To delete a file that is set as both main and backup next-startup configuration files, you must execute both the reset saved-configuration backup command and the reset saved-configuration main command. Using only one of the commands removes the specified file attribute instead of deleting the file. For example, if the reset saved-configuration backup command is executed, the backup next-startup configuration file setting is set to NULL, but the file is still used as the main file.
  • Page 98: Upgrading Software

    Upgrading software This chapter describes types of software and how to upgrade software from the CLI. For a comparison of all software upgrade methods, see "Upgrade methods." Overview Software upgrade enables you to have new features and fix bugs. Before performing an upgrade, use the release notes for the new software version to verify software and hardware compatibility and evaluate upgrade impacts.
  • Page 99: System Startup Process

    This procedure assumes that the main image set and the backup image set have feature packages and patch packages. If an image set has neither feature packages nor patch packages, the system can use the image set to start up after the boot image and the system image passes verification. If neither the main boot image nor the backup boot image exists or is valid, connect to the console port and power cycle the device to access the BootWare menus for loading a boot image.
  • Page 100: Upgrade Methods

    Figure 26 System startup process Upgrade methods Upgrading method Software types Remarks • BootWare image This method is disruptive. You must reboot the Upgrading from the CLI • Comware images entire device to complete the upgrade. (excluding patches) Use this method when the device cannot start up correctly.
  • Page 101: Software Upgrade Procedure Summary

    Software upgrade procedure summary To upgrade software from the CLI: Download the upgrade software image file. (Optional.) Preload the BootWare image to the BootWare. If a BootWare upgrade is required, you can perform this task to shorten the subsequent upgrade time.
  • Page 102: Specifying The Startup Image File And Completing The Upgrade

    Specifying the startup image file and completing the upgrade Perform this task in user view. Step Command Remarks You can also specify a backup startup • Method 1: image file. boot-loader file ipe-filename If method 1 is used, the file name must slot slot-number { backup | take the main }...
  • Page 103: Displaying And Maintaining Software Image Settings

    Step Command Remarks Verify that the current software images (Optional.) Verify the display boot-loader [ slot are the same as the startup software software image settings. slot-number ] images. Displaying and maintaining software image settings Execute display commands in any view. Task Command Display current software images and startup...
  • Page 104 # Use TFTP to download the image file startup-a2105.ipe from the TFTP server to the root directory of the flash on the master device. <Sysname> tftp get startup-a2105.ipe # (Optional.) Back up the image file to startup-a2105-backup.ipe. Skip this step if the flash does not have sufficient space.
  • Page 105: Managing The Device

    If you perform both configuration tasks, the device uses the system time of the trusted time source. For more information about NTP, see Network Management and Monitoring Configuration Guide. Powering off or rebooting an HP 6125XLG switch does not affect the system time. To set the system time: Step...
  • Page 106: Enabling Displaying The Copyright Statement

    You can disable or enable the function as needed. The following is a sample copyright statement: ****************************************************************************** * Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P. * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed.
  • Page 107: Configuration Procedure

    A multi-line banner can be up to 2000 characters. To input a multi-line banner, use one of the following methods: Method 1—Press Enter after the last command keyword. At the system prompt, enter the banner and end the last line with the delimiter character %. For example, you can configure the banner "Have a nice day.
  • Page 108: Disabling Password Recovery Capability

    Disabling password recovery capability Password recovery capability controls console user access to the device configuration and SDRAM from BootWare menus. If password recovery capability is enabled, a console user can access the device configuration without authentication to configure new passwords. If password recovery capability is disabled, console users must restore the factory-default configuration before they can configure new passwords.
  • Page 109: Rebooting The Device

    Rebooting the device CAUTION: A reboot can interrupt network services. • To avoid configuration loss, use the save command to save the running configuration before a reboot. • Fundamentals Command Reference For more information about the save command, see Before a reboot, use the display startup and display boot-loader commands to verify that you have •...
  • Page 110: Scheduling A Task

    Task Command Remarks Specify the reboot delay scheduler reboot delay time By default, no reboot delay time is specified. time. Scheduling a task You can schedule the device to automatically execute a command or a set of commands without administrative interference. You can configure a one-time schedule or a periodic schedule.
  • Page 111 Step Command Remarks By default, no job is assigned to a schedule. Assign a job to a job job-name You can assign multiple jobs to a schedule. schedule. The jobs will be executed concurrently. • Specify the execution date and Configure one command as time: required.
  • Page 112: Schedule Configuration Example

    Schedule configuration example Network requirements To save energy, configure the device to enable interfaces Ten-GigabitEthernet 1/1/5 and Ten-GigabitEthernet 1/1/6 at 8:00 a.m. every Monday through Friday and disable the interfaces at 18:00 every Monday through Friday. Figure 28 Network diagram Scheduling procedure # Enter system view.
  • Page 113 [Sysname-job-start-ten-gigabitethernet1/1/6] command 1 system-view [Sysname-job-start-ten-gigabitethernet1/1/6] command 2 interface ten-gigabitethernet1/1/6 [Sysname-job-start-ten-gigabitethernet1/1/6] command 3 undo shutdown [Sysname-job-start-ten-gigabitethernet1/1/6] quit # Configure a periodic schedule for enabling the interfaces at 8:00 a.m. every Monday through Friday. [Sysname] scheduler schedule START-pc1/pc2 [Sysname-schedule-START-pc1/pc2] job start-ten-gigabitethernet1/1/5 [Sysname-schedule-START-pc1/pc2] job start-ten-gigabitethernet1/1/6 [Sysname-schedule-START-pc1/pc2] time repeating at 8:00 week-day mon tue wed thu fri [Sysname-schedule-START-pc1/pc2] quit # Configure a periodic schedule for disabling the interfaces at 18:00 every Monday through Friday.
  • Page 114 ----------------------------------------------------------------------- Job name Last execution status start-ten-gigabitethernet1/1/5 Successful start-ten-gigabitethernet1/1/6 Successful Schedule name : STOP-pc1/pc2 Schedule type : Run on every Mon Tue Wed Thu Fri at 18:00:00 Start time : Wed Sep 28 18:00:00 2011 Last execution time : Wed Sep 28 18:00:00 2011 Last completion time : Wed Sep 28 18:00:01 2011 Execution counts -----------------------------------------------------------------------...
  • Page 115: Configuring The Preferred Airflow Direction

    Job name : shutdown-ten-gigabitethernet1/1/6 Schedule name : STOP-pc1/pc2 Execution time : Wed Sep 28 18:00:00 2011 Completion time : Wed Sep 28 18:00:01 2011 --------------------------------- Job output ----------------------------------- <Sysname>system-view System View: return to User View with Ctrl+Z. [Sysname]interface ten-gigabitethernet1/1/6 [Sysname-Ten-GigabitEthernet1/1/6]shutdown Configuring the preferred airflow direction The device supports two air flow directions: •...
  • Page 116: Setting Memory Usage Thresholds

    Setting memory usage thresholds To ensure correct operation and improve memory utilization, the system monitors the following items in real time: • Memory utilization rate. When the threshold is reached or exceeded, the device sends a trap message for notification. Amount of free memory space.
  • Page 117: Verifying And Diagnosing Transceiver Modules

    Figure 29 Memory alarm notification and alarm-removed notification Free memory space Minor alarm-removed Normal Minor Severe alarm-removed alarm Minor Critical alarm-removed Severe alarm Severe Critical alarm Critical Time To set memory usage thresholds: Step Command Remarks Enter system system-view view. The defaults are as follows: •...
  • Page 118: Diagnosing Transceiver Modules

    Task Command Remarks Display key parameters display transceiver interface of transceiver modules. [ interface-type interface-number ] Display transceiver This command cannot display display transceiver manuinfo interface modules' electrical information for some transceiver [ interface-type interface-number ] label information. modules. Diagnosing transceiver modules The device provides the alarm and digital diagnosis functions for transceiver modules.
  • Page 119 Task Command Display memory usage statistics. display memory [ slot slot-number ] Display memory usage thresholds. display memory-threshold [ slot slot-number ] Display job configuration information. display scheduler job [ job-name ] Display job execution log information. display scheduler logfile Display the automatic reboot schedule.
  • Page 120: Using The Emergency Shell

    Using the emergency shell At startup, the device tries to locate and load the Comware startup software images, which includes a boot image, a system image, and some patch images (if any). If the boot image exists and can be used but the system image or a patch image is missing or corrupted, the device enters emergency shell mode.
  • Page 121: Obtaining A System Image From An Ftp/Tftp Server

    Task Command Remarks Permanently delete a delete file-url file. To delete a folder, first delete all files and child folders Delete a folder. rmdir directory in the folder. Format a storage format device medium. Obtaining a system image from an FTP/TFTP server If the required system image is saved on an FTP or TFTP server, configure the management Ethernet interface and obtain the system image as described in the following sections.
  • Page 122: Checking The Connectivity To A Server

    Step Command Remarks By default, the management Assign an IPv6 address ipv6 address ipv6-address prefix-length Ethernet interface has no IPv6 to the port. address. By default, the management Specify an IPv6 gateway ipv6 gateway ipv6-address Ethernet interface has no IPv6 for the port.
  • Page 123: Loading The System Image

    Task Command Use SSH to connect to an IPv4 server. ssh2 server-ipv4-address To access a remote IPv6 server, execute one of the following commands to obtain a system image in user view: Task Command ftp ipv6 server-ipv6-address user username password Use FTP to download a file from or upload a file to password { get remote-file local-file | put local-file an IPv6 server.
  • Page 124: Emergency Shell Usage Example

    # Check the version information of the boot image. <boot> display version HP Comware Software Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P. All rights reserved. HP 6125XLG Blade Switch Software Version V200R001B02D024 HP 6125XLG Blade Switch uptime is 0 weeks, 0 days, 0 hours, 10 minutes...
  • Page 125 Boot image: flash:/6125xlg-cmw710-boot-r2306.bin Boot image version: 7.1.035, Release 2306 HP 6125XLG Blade Switch with 2 Processors 2048M bytes SDRAM bytes Nor Flash Memory 512M bytes Nand Flash Memory Config Register points to Nand Flash # Configure an IP address and a gateway for the management Ethernet interface.
  • Page 126 User interface aux0 is available. Press ENTER to get started.
  • Page 127: Using Automatic Configuration

    Using automatic configuration With the automatic configuration feature, the device can automatically obtain a set of configuration settings from some servers when it starts up without a configuration file. This feature simplifies network configuration, facilitates centralized management, and reduces maintenance workload. Automatic configuration cannot be used for automatic IRF fabric setup.
  • Page 128 After getting automatic configuration parameters, the device tries to download a configuration file from a TFTP server. For more information, see "Configuration file acquisition process." If the device gets a configuration file, it deletes its temporary settings to restore the factory defaults and then executes the configuration file.
  • Page 129: Automatic-Configuration Parameter Acquisition Process

    Figure 32 Automatic configuration workflow Automatic-configuration parameter acquisition process After the device finds an interface for automatic configuration, it enables the DHCP client on the interface. Then, the DHCP client broadcasts a DHCP request to locate a DHCP server and request configuration settings.
  • Page 130: Configuration File Acquisition Process

    After the device obtains an IP address, it resolves the received DHCP reply to examine the following fields: Option 67 or the file field—Carries the configuration file name. The device resolves Option 67 first. • If Option 67 does not contain the configuration file name, the device resolves the file field. Option 12—Carries the host name.
  • Page 131: Deploying And Configuring Servers For Automatic Configuration

    Figure 33 Configuration file acquisition process Deploying and configuring servers for automatic configuration To implement automatic configuration, you do not need to perform any configuration on the device. However, you must deploy DHCP, TFTP, and DNS servers and configure the servers to cooperate with the device as follows: DHCP server—Assigns the device a set of parameters for automatic configuration, which might •...
  • Page 132: Dhcp Server Configuration Guidelines

    TFTP server—Stores files needed for device automatic configuration, including the configuration • files and host name files. For more information about the TFTP server, see "Configuring TFTP." DNS server—Resolves the device's temporary IP address to its host name so the device can request •...
  • Page 133 forwards the unicast packet to the TFTP server. For more information about UDP helper, see Layer 3—IP Services Configuration Guide.
  • Page 134: Configuring Tcl

    Configuring Tcl Comware V7 provides a built-in tool command language (Tcl) interpreter. You can execute Tcl commands on the device. From user view, you can use the tclsh command to enter Tcl configuration view, where you can execute the following commands: All Tcl 8.5 commands.
  • Page 135: Support And Other Resources

    Support and other resources Contacting HP For worldwide technical support information, see the HP support website: Before contacting HP, collect the following information: Product model names and numbers • Technical support registration number (if applicable) • • Product serial numbers Error messages •...
  • Page 136: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
  • Page 137 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
  • Page 138: Index

    Index CLI user interface assignment, RBAC local AAA authentication user role, RBAC non-AAA authentication user role, default user role function, RBAC remote AAA authentication user role, RBAC AAA authorization, RBAC user role, RBAC local AAA authentication user authenticating configuration, FTP basic server authentication, RBAC user role local AAA authentication, login management CLI console/AUX none RBAC user role non-AAA authentication,...
  • Page 139 automatic configuration file system current working directory, configuration file acquisition process, RBAC resource access policies, DHCP server configuration, RBAC user role interface policy, feature, RBAC user role VLAN policy, parameter acquisition process, RBAC user role VPN instance policy, process, checking server configuration, server connectivity, 1 15...
  • Page 140 running configuration save, FIPS compliance, string/text type argument value, format, undo command form, main next-startup file backup, use, main next-startup file restore, user interfaces, management, user roles, next-startup configuration file, view hierarchy, next-startup file delete, command running configuration archiving (manual), CLI command abbreviation, running configuration save, CLI command entry,...
  • Page 141 login management Telnet login, decompressing login management Telnet login on device, file, login management Telnet login password deleting authentication, file, login management Telnet login scheme next-startup configuration file, authentication, recycle bin file, management Ethernet interface, 1 14 detecting RBAC, 42, 45, port status detection timer, RBAC feature group, device...
  • Page 142 FTP server, TFTP configuration, FTP server authentication, troubleshooting FTP connection, FTP server authorization, device management FTP server configuration, airflow direction configuration, FTP server directory management, banner configuration, 99, FTP server files, banner input methods, FTP user account switch, banner types, IPv4 TFTP client configuration, configuration, IPv6 TFTP client configuration,...
  • Page 143 login management Telnet login CLI entered-but-not-submitted command redisplay, authentication, command, password recovery capability, string/text type argument value, displaying system view from user view, CLI login, error message (command-line), command help information, establishing configuration files, FTP client connection, copyright statement, Ethernet device management configuration, 1 1 1 emergency shell management Ethernet interface...
  • Page 144 file information display, server configuration, file management, server directory management, file move, server files, file name formats, TFTP configuration, file rename, troubleshooting connection, file restoration, user account switch, file/folder operation mode, management, history recycle bin file delete, CLI history function, storage media formatting, hotkey (command), storage media management,...
  • Page 145 emergency shell management Ethernet interface login management SSH login configuration on configuration, 1 14 device, emergency shell server access, 1 15 login management SSH server login, emergency shell server connectivity check, 1 15 login management Telnet login, FTP client connection establishment, login management Telnet login device configuration, management Ethernet interface...
  • Page 146 Telnet login scheme authentication, transceiver module verification, 1 10 Telnet server login, moving user access control, file, VTY common user interface settings, emergency shell device reboot, 1 16 emergency shell use, 1 17 main multiple-line banner input method, software image set, main next-startup configuration file, 89, maintaining naming...
  • Page 147 FTP server authentication, network management FTP server authorization, automatic configuration, FTP server configuration, CLI use, FTP server directory management, configuration file management, FTP server files, device management, FTP user account switch, emergency shell use, 1 17 IPv4 TFTP client configuration, file system management, IPv6 TFTP client configuration, FTP configuration,...
  • Page 148 automatic configuration parameter acquisition RBAC user role interface policy, process, RBAC user role local AAA authentication, Option 66 (DHCP);Option 066 RBAC user role non-AAA authentication, automatic configuration parameter acquisition RBAC user role remote AAA authentication, process, RBAC user role VLAN policy, Option 67 (DHCP);Option 067 RBAC user role VPN instance policy, automatic configuration parameter acquisition...
  • Page 149 configuring FTP server local authentication, configuring RBAC user role authentication, configuring FTP server local authorization, configuring RBAC user role rules, configuring FTP server remote configuring temporary RBAC user role authentication, authorization, configuring FTP server remote authorization, controlling CLI output, 9, configuring login management CLI controlling login management SNMP access, console/AUX common user interface...
  • Page 150 establishing FTP client connection, setting system operating mode, filtering CLI display command output, setting system time, formatting file system storage media, specifying next-startup configuration file, logging in to SSH server (device login), specifying startup image file, logging in to Telnet server (device login), switching FTP user accounts, maintaining CLI login, terminating FTP connection,...
  • Page 151 user role local AAA authentication, RBAC feature group rule, user role non-AAA authentication, RBAC feature read rule, user role remote AAA authentication, RBAC feature write rule, user role rule configuration, RBAC user role rule configuration, user role rules, running configuration user role VLAN policy, archiving, user role VPN instance policy,...
  • Page 152 RBAC RADIUS authentication user completing upgrade, configuration, Comware Boot image type, RBAC resource access policies, 43, Comware image loading, RBAC user role assignment, 44, Comware image redundancy, RBAC user role authentication, Comware image type, RBAC user role creation, Comware patch package, RBAC user role interface policy, Comware system image type, RBAC user role local AAA authentication,...
  • Page 153 system DHCP automatic configuration server configuration, Comware image loading, emergency shell file system management, 1 13 Comware image redundancy, emergency shell server connectivity check, 1 15 Comware patch package, emergency shell system software image Comware system software image type, retrieval, 1 14 startup process, emergency shell use,...
  • Page 154 login management Telnet login password login none authentication, authentication, login password authentication, login management Telnet login scheme login scheme authentication, authentication, server login, login management Telnet server login, VTY common user interface settings, login management user access control, terminating login management VTY common user interface FTP connection, settings, text file content display,...
  • Page 155 software upgrade procedure, login management CLI user interfaces, specifying startup image file, login management VTY common user interface settings, user using interface login management CLI console/AUX common user interface settings, CLI, interface login management VTY common user command history function, interface settings, command hotkey, user access...