HP 10500 Series Configuration Manual
  1. Manuals
  2. Brands
  3. HP Manuals
  4. Switch
  5. 10500 series
  6. Configuration manual

HP 10500 Series Configuration Manual

Hide thumbs Also See for 10500 Series:
Table of Contents

Quick Links

See also: Configuration Manual
HP 10500 Switch Series
Fundamentals

Configuration Guide

Part number: 5998-5223a
Software version: Release 2111P01 and later
Document version: 6W102-20141029
Table of Contents
loading

Related Manuals for HP 10500 Series

Summary of Contents for HP 10500 Series

  • Page 1: Configuration Guide

    HP 10500 Switch Series Fundamentals Configuration Guide Part number: 5998-5223a Software version: Release 2111P01 and later Document version: 6W102-20141029...
  • Page 2 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.

  • Page 3: Table Of Contents

    Contents Using the CLI ································································································································································ 1 CLI views ············································································································································································ 1 Entering system view from user view ······················································································································ 2 Returning to the upper-level view from any view ·································································································· 2 Returning to user view ·············································································································································· 2 Accessing the CLI online help ·········································································································································· 2 Using the undo form of a command ·······························································································································...
  • Page 4 Controlling user access ·············································································································································· 43 FIPS compliance ····························································································································································· 43 Controlling Telnet/SSH logins ······································································································································ 43 Configuration procedures ····································································································································· 43 Configuration example ········································································································································· 44 Controlling SNMP access·············································································································································· 44 Configuration procedure ······································································································································ 44 Configuration example ········································································································································· 45 Configuring command authorization ··························································································································· 46 Configuration procedure ······································································································································ 46 Configuration example ·········································································································································...
  • Page 5 Using the device as an FTP client ································································································································· 79 Establishing an FTP connection ···························································································································· 79 Managing directories on the FTP server ············································································································· 81 Working with files on the FTP server ··················································································································· 81 Changing to another user account ······················································································································ 82 Maintaining and troubleshooting the FTP connection ······················································································· 82 Terminating the FTP connection ···························································································································...
  • Page 6 Upgrading software ················································································································································ 105 Overview ······································································································································································· 105 Software types ····················································································································································· 105 Software file naming conventions ······················································································································ 105 Comware image redundancy and loading procedure ··················································································· 106 System startup process ········································································································································ 106 Upgrade methods ························································································································································ 107 Upgrade procedure summary ····································································································································· 107 Preparing for the upgrade ·········································································································································· 108 Preloading the BootWare image to BootWare ········································································································...
  • Page 7 Verifying software images ··········································································································································· 148 Removing inactive software images ··························································································································· 148 Displaying and maintaining ISSU ······························································································································ 148 ISSU examples for using install series commands in standalone mode ································································· 149 Feature upgrade example ·································································································································· 149 Feature rollback example ··································································································································· 151 ISSU examples for using install series commands in IRF mode ··············································································· 152 Feature upgrade example ··································································································································...
  • Page 8 DHCP server configuration guidelines ·············································································································· 202 HTTP server configuration guidelines ················································································································ 202 TFTP server configuration guidelines ················································································································· 202 Support and other resources ·································································································································· 204 Contacting HP ······························································································································································ 204 Subscription service ············································································································································ 204 Related information ······················································································································································ 204 Documents ···························································································································································· 204 Websites ······························································································································································· 204 Conventions ··································································································································································...

  • Page 9: Using The Cli

    Using the CLI At the command-line interface (CLI), you can enter text commands to configure, manage, and monitor your device. Figure 1 CLI example You can use different methods to log in to the CLI, including through the console port, Telnet, and SSH. For more information about login methods, see "Login overview."...

  • Page 10: Entering System View From User View

    You are placed in user view immediately after you log in to the CLI. The user view prompt is , where Device-name indicates the device name. The device name is Sysname by default. You can change it by using the sysname command. In user view, you can do the following: Perform basic operations including display, debug, file management, FTP, Telnet, clock setting, and •...

  • Page 11: Using The Undo Form Of A Command

    Enter a question mark at a view prompt to display the first keyword of every command available in • the view. For example: ? User view commands: archive Archive configuration backup Backup the startup configuration file to a TFTP server boot-loader Set boot loader …...

  • Page 12: Entering A Command

    For example, the info-center enable command enables the information center. The undo info-center enable command disables the information center. Entering a command When you enter a command, you can do the following: Use keys or hotkeys to edit the command line. •...

  • Page 13: Abbreviating Commands

    A specific argument might have more requirements. For more information, see the relevant command reference. To enter a printable character, you can enter the character or its ASCII code (in the range of 32 to 126). Abbreviating commands You can enter a command line quickly by entering incomplete keywords that uniquely identify the complete command.

  • Page 14: Configuring And Using Command Hotkeys

    Configuring and using command hotkeys The system defines the hotkeys shown in Table 2 and provides five configurable command hotkeys. Pressing a command hotkey is the same as entering a command. If a hotkey is also defined by the terminal software you are using to interact with the device, the terminal software definition takes effect.

  • Page 15: Enabling Redisplaying Entered-But-Not-Submitted Commands

    Hotkey Function Esc+F Moves the cursor forward one word. Esc+N Moves the cursor down one line. This hotkey is available before you press Enter. Esc+P Moves the cursor up one line. This hotkey is available before you press Enter. Esc+< Moves the cursor to the beginning of the clipboard.

  • Page 16: Using The Command History Function

    Using the command history function The system automatically saves commands successfully executed by a login user to two command history buffers: • Command history buffer for the user line. Command history buffer for all user lines. • Table 4 Comparison between the two types of command history buffers Command history buffer for all Item Command history buffer for a user line...

  • Page 17: Pausing Between Screens Of Output

    Pausing between screens of output The system automatically pauses after displaying a screen if the output is too long to fit on one screen. You can use the keys described in "Output controlling keys" to display more information or stop the display.

  • Page 18: Filtering The Output From A Display Command

    # Display information about VLAN 999, numbering each output line. display vlan 999 | by-linenum VLAN ID: 999 VLAN type: Static Route interface: Configured IP address: 192.168.2.1 Subnet mask: 255.255.255.0 Description: For LAN Access Name: VLAN 0999 Tagged ports: None Untagged ports: Ten-GigabitEthernet1/0/1...
  • Page 19 Characters Meaning Examples "(string)\1" matches a string containing "stringstring". Matches the preceding strings in "(string1)(string2)\2" matches a string containing parentheses, with the Nth string "string1string2string2". repeated once. "(string1)(string2)\1\2" matches a string containing " string1string2string1string2". "[16A]" matches a string containing 1, 6, or A; "[1-36A]"...

  • Page 20: Saving The Output From A Display Command To A File

    Characters Meaning Examples Escape character. If a special "\\" matches a string containing "\", "\^" character listed in this table follows \, matches a string containing "^", and "\\b" the specific meaning of the character is matches a string containing "\b". removed.
  • Page 21 Use one of the following methods to save the output from a display command: • Save the output to a separate file. Use this method if you want to use one file for a single display command. Append the output to the end of a file. Use this method if you want to use one file for multiple •...

  • Page 22: Viewing And Managing The Output From A Display Command Effectively

    Untagged ports: Ten-GigabitEthernet1/0/1 Viewing and managing the output from a display command effectively You can use the following measures in combination to filter and manage the output from a display command: Numbering each output line from a display command • Filtering the output from a display command •...

  • Page 23: Login Overview

    Login overview The first time you access the device, you can log in to the CLI of the default MDC through the console port. After login, you can create non-default MDCs, change console login parameters, or configure other access methods, including Telnet, SSH, modem, and SNMP. Non-default MDCs have no console port.
  • Page 24 Login method Default settings and minimum configuration requirements By default, SNMP access is disabled. To access the device through SNMP, complete the following configuration tasks: Accessing the device through SNMP • Assign an IP address to a Layer 3 interface, and make sure the interface and the NMS can reach each other.

  • Page 25: Logging In Through The Console Port For The First Device Access

    Logging in through the console port for the first device access The first time you access the device, you can only log in to the CLI through the console port. To log in through the console port, prepare a console terminal (for example, a PC) and make sure the console terminal has a terminal emulation program, for example, HyperTerminal in Windows XP.
  • Page 26 Select System Tools > Device Manager from the navigation tree. Select Ports (COM & LPT) from the right pane. Figure 4 Creating a connection Figure 5 Specifying the serial port used to establish the connection...
  • Page 27 Power on the device and press Enter as prompted. Figure 7 Device CLI At the default user view prompt , enter commands to configure the device or to view the running status of the device. To get help, enter ?.

  • Page 28: Logging In To The Cli

    Logging in to the CLI By default, you can log in to the CLI through the console port. After you log in, you can configure other login methods, including Telnet, SSH, and modem dial-in. To prevent illegal access to the CLI and control user behavior, you can configure login authentication, assign user roles, configure command authorization and command accounting, and use ACLs to filter unauthorized logins.

  • Page 29: Login Authentication Modes

    A relative number uniquely identifies a user line among all user lines that are the same type. The number format is user line type + number. Both the types of user lines are numbered starting from 0 and incrementing by 1. For example, the first VTY line is VTY 0. Login authentication modes You can configure login authentication to prevent illegal access to the device CLI.

  • Page 30: Logging In Through The Console Port Locally

    Telnet login is not supported in FIPS mode. Logging in through the console port locally You can connect a terminal to the console port of the device to log in and manage the device, as shown Figure 8. For the login procedure, see "Logging in through the console port for the first device access."...

  • Page 31: Configuring Password Authentication For Console Login

    Step Command Remarks Disable By default, authentication is disabled for the authentication-mode none authentication. AUX line. By default, an AUX line user of the default Assign a user MDC is assigned the user role user-role role-name role. network-admin, and Non-default MDCs do not support console or AUX login.

  • Page 32: Configuring Scheme Authentication For Console Login

    Configuring scheme authentication for console login Step Command Remarks Enter system view. system-view Use either command. A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. A non-default setting in either view takes •...
  • Page 33 Step Command Remarks Use either command. A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. A non-default setting in either view takes •...

  • Page 34: Logging In Through Telnet

    Remarks By default, the terminal display type is ANSI. The device supports two terminal display types: ANSI and VT100. HP recommends Specify the that you set the display type to VT100 on terminal display terminal type { ansi | vt100 } both the device and the configuration type.
  • Page 35 Task Remarks (Optional.) Setting the maximum number of concurrent Telnet users (Optional.) Setting the DSCP value for outgoing Telnet packets (Optional.) Configuring common VTY line settings The Telnet login configuration is effective only for users who log in after the configuration is completed. Disabling authentication for Telnet login Step Command...

  • Page 36: Configuring Password Authentication For Telnet Login

    Figure 9 Telnetting to the device without authentication Configuring password authentication for Telnet login Step Command Remarks Enter system view. system-view By default, the Telnet server function is Enable Telnet server. telnet server enable disabled. Use either command. A setting in user line view is applied only to the user line.

  • Page 37: Configuring Scheme Authentication For Telnet Login

    Step Command Remarks By default, password authentication is enabled for VTY lines. In VTY line view, this command is associated with the protocol inbound command: • If the setting of either command is Enable password authentication-mode password not the default in VTY line view, the authentication.
  • Page 38 Step Command Remarks Use either command. A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. A non-default setting in either view takes •...
  • Page 39 Figure 11 Scheme authentication interface for Telnet login Setting the maximum number of concurrent Telnet users Step Command Remarks Enter system view. system-view By default, the maximum number of concurrent Telnet users is 16. Changing this setting does not affect online users.
  • Page 40 Typically, you configure the auto-execute command telnet X.X.X.X command on the device so the device redirects a Telnet user to the host at X.X.X.X. In this case, the connection to the current device is closed when the user terminates the Telnet connection to X.X.X.X. To configure common settings for VTY lines: Step Command...

  • Page 41: Using The Device To Log In To A Telnet Server

    Step Command Remarks By default, the session idle timeout is 10 minutes for all user lines. If there is no interaction between the device and Set the session idle idle-timeout minutes the user within the idle timeout, the system timeout. [ seconds ] automatically terminates the user connection on the user line.

  • Page 42: Logging In Through Ssh

    Logging in through SSH SSH offers a secure method to remote login. By providing encryption and strong authentication, it protects devices against attacks such as IP spoofing and plain text password interception. For more information, see Security Configuration Guide. You can use an SSH client to log in to the device for remote management, or use the device as an SSH client to log in to an SSH server.
  • Page 43 Step Command Remarks Use either command. A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. A non-default setting in either view takes •...

  • Page 44: Using The Device To Log In To An Ssh Server

    Step Command Remarks By default, the maximum number of concurrent SSH users is 16. Changing this setting does not affect online Set the maximum users. If the current number of online SSH users aaa session-limit ssh number of concurrent is equal to or greater than the new setting, no max-sessions SSH users.
  • Page 45 By default, modem dial-in is enabled, and does not require a username or password. After login, the user role network-admin is assigned. To use a pair of modems to remotely log in to the device: Connect one modem to the serial port of the PC and another modem to the AUX port of the device. Connect each modem to the PSTN through a telephone cable.
  • Page 46 Figure 15 Creating a connection Figure 16 Configuring the dialing parameters Dial the telephone number to establish a connection to the device.
  • Page 47 Figure 17 Dialing the number After you hear the dial tone, press Enter as prompted: If authentication is disabled, the user view prompt appears, as shown in Figure If password authentication is enabled, the user view prompt appears after you provide the correct password.

  • Page 48: Displaying And Maintaining Cli Login

    ATH command. The connection is terminated if OK is displayed. You can also terminate the connection by clicking in the HyperTerminal window. Displaying and maintaining CLI login Execute display commands in any view and the other commands in user view. Task Command Remarks...

  • Page 49: Accessing The Device Through Snmp

    Accessing the device through SNMP You can run SNMP on an NMS to access the device MIB and perform Get and Set operations to manage and monitor the device. Figure 19 SNMP access diagram Get/Set requests Get/Set responses Agent and Traps The device supports SNMPv1, SNMPv2c, and SNMPv3, and can work with various network management software products, including IMC.

  • Page 50: Configuring Snmpv1 Or Snmpv2C Access

    Step Command Remarks snmp-agent usm-user v3 user-name group-name [ remote { ip-address | ipv6 ipv6-address } [ vpn-instance To send informs to an SNMPv3 Create an vpn-instance-name ] ] [ { cipher | simple } NMS, you must use the remote SNMPv3 user.

  • Page 51: Controlling User Access

    Controlling user access Use ACLs to prevent unauthorized access and configure command authorization and accounting to monitor and control user behavior. For more information about ACLs, see ACL and QoS Configuration Guide. FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode.

  • Page 52: Configuration Example

    Configuration example Network requirements Configure the device in Figure 20 to permit only Telnet packets sourced from Host A and Host B. Figure 20 Network diagram Configuration procedure # Configure an ACL to permit packets sourced from Host A and Host B. ...

  • Page 53: Configuration Example

    Step Command Remarks • SNMP community: snmp-agent community { read | write } [ simple | cipher ] community-name [ mib-view view-name ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * • SNMPv1/v2c group: snmp-agent group { v1 | v2c } group-name [ read-view view-name ] [ write-view view-name ] [ notify-view view-name ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * •...

  • Page 54: Configuring Command Authorization

    [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit # Associate the ACL with the SNMP community and the SNMP group. [Sysname] snmp-agent community read aaa acl 2000 [Sysname] snmp-agent group v2c groupa acl 2000 [Sysname] snmp-agent usm-user v2c usera groupa acl 2000 Configuring command authorization By default, commands are available for a user depending only on that user's user roles.

  • Page 55: Configuration Example

    Step Command Remarks By default, authentication is disabled for the AUX line and password authentication is enabled for the VTY line. In VTY line view, this command is associated with the protocol inbound command: Enable scheme • If the setting of either command is not authentication-mode scheme authentication.

  • Page 56: Configuring Command Accounting

    system-view [Device] telnet server enable # Enable scheme authentication for user lines VTY 0 through VTY 63. [Device] line vty 0 63 [Device-line-vty0-63] authentication-mode scheme # Enable command authorization for the user lines. [Device-line-vty0-63] command authorization [Device-line-vty0-63] quit # Configure an HWTACACS scheme that does the following: Uses the HWTACACS server at 192.168.2.20:49 for authentication and authorization.

  • Page 57: Configuration Procedure

    This section provides only the procedure for configuring command accounting. To make the command accounting function take effect, you must configure a command accounting method in ISP domain view. For more information, see Security Configuration Guide. Configuration procedure To configure command accounting: Step Command Remarks...

  • Page 58: Configuration Example

    Configuration example Network requirements To monitor and control user operations on the device in Figure 23, configure the device to send commands executed by users to the HWTACACS server. Figure 23 Network diagram Configuration procedure # Enable the Telnet server. ...
  • Page 59 [Device-hwtacacs-tac] user-name-format without-domain [Device-hwtacacs-tac] quit # Configure the system-predefined domain system to use the HWTACACS scheme for command accounting. [Device] domain system [Device-isp-system] accounting command hwtacacs-scheme tac [Device-isp-system] quit...

  • Page 60: Configuring Rbac

    Configuring RBAC Role based access control (RBAC) controls user access to commands and resources based on user role. This chapter describes the basic idea of RBAC and guides you through the RBAC configuration procedure. Overview On devices that support multiple users, RBAC is used to assign command and resource access permissions to user roles that are created for different job functions.
  • Page 61 A user role can access the set of permitted commands specified in its rules. The user role rules include predefined (identified by sys-n) and user-defined user role rules. If two user-defined rules of the same type conflict, the one with the higher ID takes effect. For •...
  • Page 62 User role name Permissions Accesses all the features and resources in the administered MDC, except mdc-admin for the display security-logfile summary, info-center security-logfile directory, and security-logfile save commands. • Accesses the display commands for all the features and resources available in the administered MDC, except for commands such as display history-command all and display security-logfile summary.

  • Page 63: Assigning User Roles

    Assigning user roles You assign access rights to users by assigning at least one user role. The users can use the collection of commands and resources accessible to any user role assigned to them. For example, you can access any interface to use the qos apply policy command if you are assigned the following user roles: •...

  • Page 64: Creating User Roles

    Creating user roles In addition to the predefined user roles, you can create up to 64 custom user roles for granular access control. To create a user role: Step Command Remarks Enter system view. system-view By default, the system has 21 predefined user roles: network-admin, network-operator, mdc-admin, mdc-operator, level-n (where n equals an...

  • Page 65: Configuring Feature Groups

    Step Command Remarks Configure at least one command. By default, a user-defined user role • Configure a command rule: has no rules or access to any rule number { deny | permit } command. command command-string Repeat this step to add up to 256 •...

  • Page 66: Changing The Interface Policy Of A User Role

    Changing the interface policy of a user role Step Command Remarks Enter system view. system-view Enter user role view. role name role-name By default, the interface policies of user roles permit access to all Enter user role interface interfaces. interface policy deny policy view.

  • Page 67: Assigning User Roles

    Assigning user roles To control user access to the system, you must assign at least one user role. Make sure at least one user role among the user roles assigned by the server exists on the device. User role assignment procedure varies with remote AAA authentication users, local AAA authentication users, and non-AAA authentication users (see "Assigning user...

  • Page 68: Assigning User Roles To Local Aaa Authentication Users

    Assigning user roles to local AAA authentication users Configure user roles for local AAA authentication users in their local user accounts. Every local user has a default user role. If this default user role is not suitable, delete it. If a local user is the only one with the security-audit user role, this local user cannot be deleted. The security-audit user role is mutually exclusive with other user roles.

  • Page 69: Configuring Temporary User Role Authorization

    Step Command Remarks • To enter user line view: For information about the priority line { first-num1 [ last-num1 ] | order and application scope of the { aux | vty } first-num2 Enter user line view or user configurations in user line view and [ last-num2 ] } line class view.

  • Page 70: Configuring User Role Authentication

    If RADIUS authentication is used, you must create a user account for each level-n user role in the $enabn$ format or the $enabn$@domain-name format, where n represents the user role level. When you use this method, the username you enter is ignored. You can pass authentication as long as the password is correct.

  • Page 71: Obtaining Temporary User Role Authorization

    Step Command Remarks Use this step for local password authentication. • In non-FIPS mode: By default, no password is configured. super password [ role If you log in to the default MDC and do not Set a local rolename ] [ { hash | specify a user role for the command, the authentication simple } password ]...

  • Page 72: Rbac Configuration Examples

    RBAC configuration examples RBAC configuration example for local AAA authentication users Network requirements The switch in Figure 24 performs local AAA authentication for the Telnet user at 192.168.1.58. This Telnet user has the username user1@bbb and is assigned the user role role1. Configure role1 to have the following permissions: •...

  • Page 73: Rbac Configuration Example For Radius Authentication Users

    [Switch-role-role1] vlan policy deny [Switch-role-role1-vlanpolicy] permit vlan 10 to 20 [Switch-role-role1-vlanpolicy] quit [Switch-role-role1] quit # Create a device management user named user1 and enter its view. [Switch] local-user user1 class manage # Set a plaintext password aabbcc for the user. [Switch-luser-manage-user1] password simple aabbcc # Set the service type to Telnet.
  • Page 74 Performs read and write commands of the features arp and radius. • • Has no access to read commands of the feature acl. Configures VLANs 1 to 20 and interfaces Ten-GigabitEthernet 1/0/1 to Ten-GigabitEthernet • 1/0/24. The switch and the FreeRADIUS server use the shared key expert and authentication port 1812. The switch delivers usernames with their domain names to the server.
  • Page 75 IMPORTANT: Because RADIUS user authorization information is piggybacked in authentication responses, the authentication and authorization methods must use the same RADIUS scheme. [Switch] domain bbb [Switch-isp-bbb] authentication login radius-scheme rad [Switch-isp-bbb] authorization login radius-scheme rad [Switch-isp-bbb] quit # Create the feature group fgroup1. [Switch] role feature-group name fgroup1 # Add the features arp and radius to the feature group.

  • Page 76: Rbac Configuration Example For Hwtacacs Authentication Users

    # Configure the settings required for the FreeRADIUS server to communicate with the switch. (Details not shown.) Verifying the configuration # Telnet to the switch, and enter the username and password to access the switch. (Details not shown.) # Verify that you can use all commands available in ISP view. ...
  • Page 77 Figure 26 Network diagram Configuration procedure Configure the switch: # Assign an IP address to VLAN-interface 2, the interface connected to the Telnet user. system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Assign an IP address to VLAN-interface 3, the interface connected to the HWTACACS server. [Switch] interface vlan-interface 3 [Switch-Vlan-interface3] ip address 10.1.1.2 255.255.255.0 [Switch-Vlan-interface3] quit...
  • Page 78 # Configure ISP domain bbb to use local authorization for login users. [Switch-isp-bbb] authorization login local # Apply the HWTACACS scheme hwtac to the ISP domain. [Switch-isp-bbb] authentication super hwtacacs-scheme hwtac [Switch-isp-bbb] quit # Create a device management user named test and enter its view. Set the service type to Telnet, and set the password to aabbcc.
  • Page 79 Figure 27 Configuring advanced TACACS+ settings Verifying the configuration Telnet to the switch, and enter the username test@bbb and password aabbcc to access the switch. Verify that you have access to diagnostic commands. telnet 192.168.1.70 Trying 192.168.1.70 ... Press CTRL+K to abort Connected to 192.168.1.59 ...

  • Page 80: Troubleshooting Rbac

    ssh2 Establish a secure shell client connection super Switch to a user role system-view Enter the System View telnet Establish a telnet connection tracert Tracert function Obtain the level-3 user role: # Use the super password to obtain the level-3 user role. When the system prompts for a username and password, enter the username test@bbb and password enabpass.

  • Page 81: Login Attempts By Radius Users Always Fail

    Login attempts by RADIUS users always fail Symptom Attempts by a RADIUS user to log in to the network access device always fail, even though the network access device and the RADIUS server can communicate with one another and all AAA settings are correct.

  • Page 82: Configuring Ftp

    Configuring FTP File Transfer Protocol (FTP) is an application layer protocol based on the client/server model. It is used to transfer files from one host to another over an IP network. FTP server uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959.

  • Page 83: Configuring Authentication And Authorization

    Step Command Remarks Enable the FTP server. ftp server enable By default, the FTP server is disabled. (Optional.) Use an ACL to ftp server acl { acl-number | By default, no ACL is used for access control access to the FTP ipv6 acl-number6 } control.

  • Page 84: Manually Releasing Ftp Connections

    Manually releasing FTP connections Task Command • Release the FTP connection established using a specific user account: free ftp user username Manually release FTP connections. • Release the FTP connection to a specific IP address: free ftp user-ip [ ipv6 ] client-address [ port port-num ] Displaying and maintaining the FTP server Execute display commands in any view.
  • Page 85 [Sysname-luser-abc] service-type ftp [Sysname-luser-abc] quit NOTE: If the password control feature is configured, the password must meet the password requirements Security Configuration Guide defined by the feature. For more information, see # Enable the FTP server. [Sysname] ftp server enable [Sysname] quit # Examine the storage space for space insufficiency and delete unused files for more free space.

  • Page 86: Ftp Server Configuration Example In Irf Mode

    FTP server configuration example in IRF mode Network requirements An IRF fabric that has two member devices acts as the FTP server. On each member, the active and standby MPUs reside in slot 0 and slot 1, respectively. Create a local user account with username abc and password 123456 on the FTP server. Use the user account to log in to the FTP server from the FTP client, upload the file temp.bin from the FTP client to the FTP server, and download the configuration file config.cfg from the FTP server to the FTP client for backup.

  • Page 87: Using The Device As An Ftp Client

    # Log in to the FTP server at 1.1.1.1 using the username abc and password 123456. c:\> ftp 1.1.1.1 Connected to 1.1.1.1. 220 FTP service ready. User(1.1.1.1:(none)):abc 331 Password required for abc. Password: 230 User logged in. # Use the ASCII mode to download the configuration file config.cfg from the server to the client for backup.
  • Page 88 Step Command Remarks • (Method 1) Log in to the FTP server directly in user view: ftp [ ftp-server [ service-port ] [ vpn-instance vpn-instance-name ] Use either method. [ dscp dscp-value | source { interface The source IP address interface-type interface-number | ip specified in the ftp command Log in to the FTP server.

  • Page 89: Managing Directories On The Ftp Server

    Managing directories on the FTP server Task Command • Display the detailed information of a directory or file on the FTP server: dir [ remotefile [ localfile ] ] Display directory and file information on the FTP server. • Display the name of a directory or file on the FTP server: ls [ remotefile [ localfile ] ] Change the working directory on the FTP server.

  • Page 90: Changing To Another User Account

    Task Command Remarks Set the FTP operation mode to passive The default mode is passive. passive. Display or change the local working directory of the FTP lcd [ directory | / ] client. Upload a file to the FTP server. put localfile [ remotefile ] Download a file from the FTP get remotefile [ localfile ]...

  • Page 91: Terminating The Ftp Connection

    Task Command Remarks Enable or disable FTP operation verbose By default, this function is enabled. information display. By default, FTP client debugging is Enable or disable FTP client debugging. debug disabled. Clear the reply information in the buffer. reset Terminating the FTP connection Task Command Remarks...
  • Page 92 Download the file temp.bin from the PC to the device, and upload the configuration file startup.cfg • from the device to the PC for backup. Figure 31 Network diagram Configuration procedure # Configure IP addresses as shown in Figure 31 and make sure the device and PC can reach each other.

  • Page 93: Ftp Client Configuration Example In Irf Mode

    221 Logout. FTP client configuration example in IRF mode Network requirements Use the IRF fabric that has two member devices as the FTP client and the PC as the FTP server. • • Log in to the FTP server from the FTP client using the user account with username abc and password 123456 (which has been created on the PC).
  • Page 94 # Download the file temp.bin from the PC to the Flash root directory of the global standby MPUs. (In this example, the IRF fabric has three standby MPUs: one in slot 1 of member device 1, one in slot 0 of member device 2, and one in slot 1 of member device 2.) ftp>...

  • Page 95: Configuring Tftp

    Configuring TFTP Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for data transmission. In contrast to TCP-based FTP, TFTP does not require authentication or complex message exchanges, and is easier to deploy. TFTP is suited for reliable network environments.

  • Page 96: Configuring The Device As An Ipv6 Tftp Client

    Step Command Remarks The source IP address specified in this command tftp tftp-server { get | put | sget } takes precedence over the source-filename [ destination-filename ] Download or upload a file one set by the tftp client [ vpn-instance vpn-instance-name ] [ dscp in an IPv4 network.

  • Page 97: Managing The File System

    Managing the file system This chapter describes how to manage the device's file system, including the storage media, directories, and files. IMPORTANT: Before managing storage media, files, and directories, make sure you know the possible impacts. • A file or directory whose name starts with a period (.) is considered a hidden file or directory. Do not •...
  • Page 98 Format Description Example Specifies a file in a specific storage medium. The drive argument represents the storage medium name. • flash:/test/a.cfg indicates a file named The storage medium on the active a.cfg in the test folder in the root MPU is typically flash. directory of the Flash on the active MPU.

  • Page 99: Managing Files

    Managing files CAUTION: To avoid file system corruption: In standalone mode, do not install or remove storage media or perform active/standby switchover • during file operations. In IRF mode, do not install or remove storage media or perform a switchover between the active MPU of •...

  • Page 100: Copying A File

    Copying a file Perform this task in user view. Task Command Copy a file. copy fileurl-source fileurl-dest Moving a file Perform this task in user view. Task Command Move a file. move fileurl-source fileurl-dest Compressing/decompressing a file Perform the following tasks in user view: Task Command Compress a file.

  • Page 101: Deleting Files From The Recycle Bin

    The digest of a file can be used to verify file integrity. For example, you can calculate the digest of a software image file and compare it with that provided on the HP website to verify whether the file has been tampered with.

  • Page 102: Displaying Directory Information

    Create or remove a directory. • • Display or change the current working directory. Display a specific directory. • Displaying directory information Perform this task in user view. Task Command Display directory or file information. dir [ /all ] [ file-url | /all-filesystems ] Displaying the current working directory Perform this task in user view.

  • Page 103: Managing Storage Media

    Managing storage media CAUTION: To avoid file system corruption: In standalone mode, do not install or remove storage media or cards or perform active/standby • switchover while the system is repairing or formatting a storage medium. In IRF mode, do not install or remove storage media or perform a switchover between the active MPU of •...

  • Page 104: Setting The Operation Mode For Files And Folders

    Setting the operation mode for files and folders The device supports the following file and folder operation modes: • alert—The system prompts for confirmation when your operation might cause problems such as file corruption and data loss. This mode provides an opportunity to cancel a disruptive operation. quiet—The system does not prompt for confirmation.

  • Page 105: Managing Configuration Files

    Managing configuration files You can use the CLI or the BootWare menus to manage configuration files. This chapter explains how to manage configuration files from the CLI. Overview A configuration file saves a set of commands for configuring software features on the device. You can save any configuration to a configuration file so they can survive a reboot.

  • Page 106: Configuration File Formats

    Figure 34 Configuration loading process during startup Start BootWare runs Enter BootWare menus? Main configuration file available? Backup configuration file available? Select "Skip Current System Configuration" Load initial Load backup Load main Load initial settings configuration file configuration file settings Software runs with Software runs with Software runs with...

  • Page 107: Startup Configuration File Selection

    Startup configuration file selection At startup, the device uses the following procedure to identify the configuration file to load: The device searches for a valid .cfg next-startup configuration file. If one is found, the device searches for an .mdb file that has the same name and content as the .cfg file.

  • Page 108: Enabling Configuration Encryption

    If a reboot or power failure occurs during the save operation, the next-startup configuration file is still retained. HP recommends that you use the safe mode if the power source is not reliable or you are remotely configuring the device.

  • Page 109: Specifying A Next-Startup Configuration File

    Task Command Remarks If you execute the save [ safely ] command without specifying any other keyword, the command saves the configuration to the main startup configuration file for the MDC where Save the running configuration to you are logged in. a configuration file in the root save [ safely ] [ backup | If the force keyword is specified, the...

  • Page 110: Backing Up The Main Next-Startup Configuration File To A Tftp Server

    Task Command Remarks By default, no configuration file is specified for the next startup. Use the display startup command Specify the next-startup startup saved-configuration cfgfile and the display configuration file. [ backup | main ] saved-configuration command in any view to verify the configuration.

  • Page 111: Deleting A Next-Startup Configuration File

    Step Command Remarks Restore the main next-startup restore startup-configuration from This command is not supported in configuration file from a TFTP src-addr src-filename FIPS mode. server in user view. (Optional.) Verify that the display startup specified configuration file has been set as the main display saved-configuration next-startup configuration file.
  • Page 112 Task Command Display the contents of the configuration display saved-configuration file for the next system startup. Display names of the configuration files display startup used at this startup and the next startup. Display the valid configuration in the display this current view.

  • Page 113: Upgrading Software

    Upgrading software This chapter describes types of software and how to upgrade software from the CLI. For a comparison of all software upgrade methods, see "Upgrade methods." Overview Software upgrade enables you to have new features and fix bugs. Before performing an upgrade, use the release notes for the new software version to verify software and hardware compatibility and evaluate upgrade impacts.

  • Page 114: Comware Image Redundancy And Loading Procedure

    Comware image redundancy and loading procedure You can specify two sets of Comware software images: one main and one backup. The system always attempts to start up with the main images. If any main image does not exist or is invalid, the system tries the backup images.

  • Page 115: Upgrade Methods

    Figure 36 System startup process Upgrade methods Upgrading method Software types Remarks • BootWare image This method is disruptive. You must reboot the Upgrading from the CLI • Comware images entire device to complete the upgrade. (excluding patches) Use this method when the device cannot start up correctly.

  • Page 116: Preparing For The Upgrade

    By default, this function is enabled. This function examines the image (Optional.) Enable BootWare bootrom-update security-check for wrong file type, file corruption, image validity check. enable and hardware incompatibility. HP recommends enabling it to ensure a successful upgrade. Return to user view. quit...

  • Page 117: Specifying The Startup Image File And Completing The Upgrade (In Standalone Mode)

    Step Command Remarks • In standalone mode: Use one of the commands to back bootrom backup slot (Optional.) Back up the up the BootWare image for a slot-number-list current BootWare image in future version rollback or image the Normal area of •...

  • Page 118: Specifying The Startup Image File And Completing The Upgrade (In Irf Mode)

    Step Command Remarks When you use method 3, make sure you understand the following requirements and upgrade results: • If the active MPU started up with • Method 1: main startup images, its main boot-loader file ipe-filename slot startup images are synchronized to slot-number { backup | main } the standby MPU.
  • Page 119 Step Command Remarks Upgrade files must be saved in the root directory of the storage medium on the global active MPU. If the storage medium is partitioned, • Method 1: save the files to the root directory of the boot-loader file ipe-filename first partition.

  • Page 120: Restoring Or Downgrading The Bootware Image

    Restoring or downgrading the BootWare image To restore or downgrade the BootWare image for a card, make sure you have used the bootrom backup command or the bootrom read command to back up the image to the Backup area of BootWare or the storage media.

  • Page 121: Displaying And Maintaining Software Image Settings

    Copies the current software images of the active MPU. Specifies them as startup software images. Reboots with these images. IMPORTANT: To ensure a successful synchronization in a multi-user environment, prevent users from rebooting or swapping MPUs during the software synchronization process. You can configure the information center to Network Management and Monitoring output the synchronization status to configuration terminals (see Configuration Guide...

  • Page 122: Configuration Procedure

    Figure 37 Network diagram TFTP server TFTP client 2.2.2.2/24 1.1.1.1/24 Internet Device Configuration procedure # Configure IP addresses and routes to make sure the device and the TFTP server can reach each other. (Details not shown.) # Complete TFTP settings on both the device and the TFTP server. (Details not shown.) # Display information about the current software images.

  • Page 123: Configuration Procedure

    Figure 38 Network diagram Master Subordinate (Member ID = 1) (Member ID = 2) IRF link Internet 1.1.1.1/24 2.2.2.2/24 TFTP server Configuration procedure # Configure IP addresses and routes to make sure the device and the TFTP server can reach each other. (Details not shown.) # Complete TFTP settings on both the device and the TFTP server.

  • Page 124: Issu Overview

    ISSU overview The In-Service Software Upgrade (ISSU) function enables software upgrade with the least amount of downtime. ISSU is implemented on the basis of the following design advantages: Separation of service features from basic functions. The Comware software is packaged into •...

  • Page 125: Issu Methods For A Compatible Version

    ISSU method indicated by the ISSU method Application scenario display version comp-matrix file command Incompatible upgrade Upgrade to an incompatible version Incompatible upgrade ISSU methods for a compatible version The following are ISSU methods for a compatible version: Incremental upgrade: •...

  • Page 126: Issu Method For An Incompatible Version

    switching fabric card upgrade when the device has multiple switching fabric cards that support this method. ISSU method for an incompatible version Only one method is available for an ISSU to an incompatible version: incompatible upgrade. This method reboots the device to load the new software. To reduce service interruption during the upgrade, implement hardware redundancy.

  • Page 127: Issu Prerequisites

    ISSU prerequisites Read the software release notes to determine which software images need to be upgraded, • whether these software images are compatible with one another, and whether these software images are compatible with the software images running on the device. Then, based on the compatibility, determine the command series to use.
  • Page 128 At reboot, a subordinate device automatically synchronizes the master device's configuration and status data. This process takes time. You must wait for the synchronization to complete before using the issu load command on the subordinate device. To verify that the synchronization has completed successfully, do the following: Use the display device command to verify that all cards of the subordinate device are in normal state.

  • Page 129: Performing An Issu By Using Issu Series Commands

    Performing an ISSU by using issu series commands Performing an ISSU in standalone mode When you use the issu series commands to install or upgrade the software of MPUs, the device automatically install or upgrade the software of the service cards and switching fabric cards as needed. You do not need to install or upgrade the software of the service cards and switching fabric cards separately.

  • Page 130: Performing An Issu For A Single-Mpu Device

    Step Command Remarks Perform an active/standby switchover and upgrade issu run switchover the service cards and switching fabric cards. (Optional.) Accept the upgrade and delete the issu accept automatic-rollback timer. Specify the slot number of the original active MPU for the slot slot-number option.

  • Page 131: Performing An Issu In Irf Mode

    on the Version compatibility list and the value of the Upgrade Way field is Service Upgrade or File Upgrade, the new and old images are compatible and an incremental upgrade applies. To perform an incremental upgrade to a compatible version, execute the following commands in user view: Step Command...

  • Page 132: Performing An Issu For A Multichassis Irf Fabric

    Performing an ISSU for a multichassis IRF fabric ISSU for a multichassis IRF fabric should be performed as per member in two steps: first upgrade a subordinate member, and then upgrade the master and the other subordinate members. Before upgrade, use the display version comp-matrix file { boot filename | system filename | feature filename&<1-30>...

  • Page 133: Performing An Issu For A Dual-Mpu Single-Chassis Irf Fabric

    If the member devices of the IRF system filename | feature configure the fabric are connected into a ring filename&<1-30> } * chassis upgrade images as topology, HP recommends that you chassis-number&<1-3> the main startup specify half of the subordinate software images for •...
  • Page 134 Step Command Remarks By default, the automatic-rollback interval is 45 minutes. This timer starts when you execute the (Optional.) Set the issu run switchover command. If you automatic rollback issu rollback-timer minutes do not execute the issu accept or issu timer.

  • Page 135: Performing An Issu For A Single-Mpu Single-Chassis Irf Fabric

    Step Command Remarks • Method 1: Upgrade the global issu load file { boot filename | standby MPU and Specify the member ID and slot system filename | feature configure the upgrade number of the global standby MPU filename&<1-30> } * chassis images as the startup for the chassis chassis-number slot chassis-number slot slot-number...

  • Page 136: Displaying And Maintaining Issu

    Step Command Remarks Specify the member ID and slot number of the only MPU for the chassis chassis-number slot slot-number option. • To complete the ISSU process: After the issu commit command is issu commit chassis completed, the ISSU process ends chassis-number slot Complete the ISSU process and the ISSU status changes to Init.
  • Page 137 Task Command Display the software images display install ipe-info ipe-filename included in an .ipe file. Display ongoing ISSU activate, deactivate, and rollback display install job operations. Display ISSU logs. display install log [ verbose ] Display software image file display install package { filename | all } [ verbose ] information.

  • Page 138: Issu Examples For Using Issu Series Commands In Standalone Mode

    Task Command Display all software image files display install which [ chassis chassis-number slot slot-number] that include a specific component { component name | file filename } or file. Display automatic-rollback timer display issu rollback-timer information. Display ISSU status information. display issu state Display version compatibility display version comp-matrix...
  • Page 139 flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2110.bin # Identify the ISSU method and possible impacts of the upgrade on the device. display version comp-matrix file feature flash:/feature1-r2111.bin Feature image: flash:/feature1-r2111.bin Version: V700R001B45D002 Version Compatibility List: V700R001B45D001 V700R001B45D002 Version Dependency System List: V700R001B45D001 V700R001B45D002 Slot Upgrade Way Service Upgrade...

  • Page 140: Feature Upgrade To An Incompatible Version

    issu commit slot 0 Upgrade summary according to following table: flash:/feature1-r2111.bin Running Version New Version Release 2110 Release 2111 Slot Upgrade Way Service Upgrade Upgrading software images to compatible versions. Continue? [Y/N]: y # Verify that both MPUs are running the new image. ...
  • Page 141 flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2110.bin # Identify the ISSU method and possible impacts of the upgrade on the device. display version comp-matrix file feature flash:/feature1-r2111.bin Feature image: flash:/feature1-r2111.bin Version: V700R001B45D002 Version Compatibility List: V700R001B45D002 Version Dependency System List: V700R001B45D001 V700R001B45D002 incompatible upgrade. The output shows that the two versions are incompatible.

  • Page 142: Feature Rollback Example

    Feature rollback example Rollback requirement As shown in Figure 41, the device has two MPUs: one in slot 0 (active MPU) and the other in slot 1 (standby MPU). R21 1 1 and R21 10 are compatible. Roll back the feature1 feature from R21 1 1 to R21 10 after upgrading it from R21 10 to R21 1 1. Figure 41 Network diagram Rollback procedure # Download the upgrade image from the TFTP server.
  • Page 143 flash:/feature1-r2111.bin feature1 Influenced service according to following table on slot 1: flash:/feature1-r2111.bin feature1 The output shows that an incremental upgrade is recommended and the feature1 feature module will be rebooted during the upgrade process. # Upgrade feature1 on the standby MPU. ...

  • Page 144: Issu Examples For Using Issu Series Commands In Irf Mode

    # Verify that both MPUs are running the old image. Active packages on slot 0: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2110.bin Active packages on slot 1: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2110.bin ISSU examples for using issu series commands in IRF mode Feature upgrade to a compatible version Upgrade requirement As shown in Figure...
  • Page 145 flash:/feature1-r2110.bin Active packages on chassis 1 slot 1: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2110.bin Active packages on chassis 2 slot 0: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2110.bin Active packages on chassis 2 slot 1: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2110.bin # Identify the ISSU method and possible impacts of the upgrade on the IRF fabric. ...
  • Page 146 This operation will delete the rollback point information for the previous upgrade and maybe get unsaved configuration lost. Continue? [Y/N]:y Upgrade summary according to following table: flash:/feature1-r2111.bin Running Version New Version Release 2110 Release 2111 Chassis Slot Upgrade Way Service Upgrade Service Upgrade Upgrading software images to compatible versions.

  • Page 147: Feature Upgrade To An Incompatible Version

    flash:/system-r2110.bin flash:/feature1-r2111.bin Active packages on chassis 2 slot 1: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2111.bin Feature upgrade to an incompatible version Upgrade requirement As shown in Figure 43, each member in the IRF fabric has one MPU in slot 0 (the active MPU) and one MPU in slot 1 (the standby MPU).
  • Page 148 flash:/feature1-r2110.bin Active packages on chassis 2 slot 1: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2110.bin # Identify the ISSU method and possible impacts of the upgrade on the IRF fabric. display version comp-matrix file feature flash:/feature1-r2111.bin Feature image: flash:/feature1-r2111.bin Version: V700R001B45D002 Version Compatibility List: V700R001B45D002 Version Dependency System List: V700R001B45D001...

  • Page 149: Feature Rollback Example

    flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2111.bin Active packages on chassis 1 slot 1: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2111.bin Active packages on chassis 2 slot 0: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2111.bin Active packages on chassis 2 slot 1: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2111.bin Feature rollback example Rollback requirement As shown in Figure 44, each member in the IRF fabric has one MPU in slot 0 (the active MPU) and one MPU in slot 1 (the standby MPU).
  • Page 150 flash:/system-r2110.bin flash:/feature1-r2110.bin Active packages on chassis 1 slot 1: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2110.bin Active packages on chassis 2 slot 0: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2110.bin Active packages on chassis 2 slot 1: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2110.bin # Identify the ISSU method and possible impacts of the upgrade on the IRF fabric. ...
  • Page 151 issu load file feature flash:/feature1-r2111.bin chassis 2 This operation will delete the rollback point information for the previous upgrade and maybe get unsaved configuration lost. Continue? [Y/N]:y Upgrade summary according to following table: flash:/feature1-r2111.bin Running Version New Version Release 2110 Release 2111 Chassis Slot...
  • Page 152 display install active Active packages on chassis 1 slot 0: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2110.bin Active packages on chassis 1 slot 1: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2110.bin Active packages on chassis 2 slot 0: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2110.bin Active packages on chassis 2 slot 1: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2110.bin...

  • Page 153: Performing An Issu By Using Install Series Commands

    Performing an ISSU by using install series commands Performing an ISSU Obtaining and decompressing an .ipe file If the software images are contained in an .ipe file, you must obtain and decompress the .ipe file before starting the ISSU. To obtain and decompress an .ipe file: Step Command Transfer the .ipe file to the root directory of...

  • Page 154: Uninstalling Feature Or Patch Images

    When you install or upgrade a feature or patch image on the active MPU, the system automatically installs or upgrades the image on the service cards and switching fabric cards as needed. You do not need to install or upgrade the image for the cards separately. (In standalone mode–In IRF mode.) For an incremental upgrade, you must confirm the software changes to keep activated images effective after a reboot.

  • Page 155: Rolling Back The Software Configuration

    Uninstalling feature images Perform this task in user view. Task Command • In standalone mode: install deactivate feature filename&<1-30> slot slot-number Deactivate feature images. • In IRF mode: install deactivate feature filename&<1-30> chassis chassis-number slot slot-number Uninstalling patch images Perform this task in user view. Step Command •...

  • Page 156: Aborting A Software Activate/Deactivate Operation

    Aborting a software activate/deactivate operation When the system is activating or deactivating a software image for an incremental upgrade, you can press Ctrl+C or use the install abort command in user view to abort the operation. After you abort a software activate or deactivate operation, the system runs with the software images that it used before the activate or deactivate operation.

  • Page 157: Issu Examples For Using Install Series Commands In Standalone Mode

    ISSU examples for using install series commands in standalone mode Feature upgrade example Upgrade requirement As shown in Figure 45, the device has two MPUs: one in slot 0 (active MPU) and the other in slot 1 (standby MPU). Upgrade the feature1 feature from R21 1 1 to R21 10. The two versions are ISSU-compatible versions. Figure 45 Network diagram Upgrade procedure # Download the upgrade .ipe file from the TFTP server.
  • Page 158 Service Upgrade Influenced service according to following table on slot 1: flash:/feature1-r2111.bin feature1 install activate feature flash:/feature1-r2111.bin slot 0 test Upgrade summary according to following table: flash:/feature1-r2111.bin Running Version New Version Release 2110 Release 2111 Slot Upgrade Way Service Upgrade Service Upgrade Influenced service according to following table on slot 0: flash:/feature1-r2111.bin...

  • Page 159: Feature Rollback Example

    flash:/system-r2110.bin flash:/feature1-r2111.bin Active packages on slot 1: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2111.bin # Confirm the software change. install commit Feature rollback example Rollback requirement As shown in Figure 45, Device has two MPUs: one in slot 0 (active MPU) and the other in slot 1 (standby MPU).

  • Page 160: Issu Examples For Using Install Series Commands In Irf Mode

    flash:/feature1-r2110.bin # Confirm the software change. install commit ISSU examples for using install series commands in IRF mode Feature upgrade example Upgrade requirement As shown in Figure 46, the IRF fabric has two members: the master member with the member ID 1 and the subordinate member with the member ID 2.
  • Page 161 flash:/system-r2110.bin flash:/feature1-r2110.bin Active packages on chassis 2 slot 0: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2110.bin Active packages on chassis 2 slot 1: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2110.bin # Identify the ISSU method and possible impacts of the upgrade on the IRF fabric. install activate feature flash:/feature1-r2111.bin chassis 2 slot 1 test Upgrade summary according to following table: flash:/feature1-r2111.bin Running Version...
  • Page 162 Chassis Slot Upgrade Way Service Upgrade Service Upgrade Influenced service according to following table on chassis 1 slot 1: flash:/feature1-r2111.bin feature1 Influenced service according to following table on chassis 1 slot 2: flash:/feature1-r2111.bin feature1 install activate feature flash:/feature1-r2111.bin chassis 1 slot 0 test Upgrade summary according to following table: flash:/feature1-r2111.bin Running Version...

  • Page 163: Feature Rollback Example

    Upgrade summary according to following table: flash:/feature1-r2111.bin Running Version New Version Release 2110 Release 2111 Chassis Slot Upgrade Way Service Upgrade Service Upgrade Upgrading software images to compatible versions. Continue? [Y/N]: y install activate feature flash:/feature1-r2111.bin chassis 1 slot 0 Upgrade summary according to following table: flash:/feature1-r2111.bin Running Version...
  • Page 164 Roll back the feature1 feature from R21 1 1 to R21 10. Rollback procedure # Display active software images. display install active Active packages on chassis 1 slot 0: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2111.bin Active packages on chassis 1 slot 1: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2111.bin...
  • Page 165 Active packages on chassis 2 slot 0: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2110.bin Active packages on chassis 2 slot 1: flash:/boot-r2110.bin flash:/system-r2110.bin flash:/feature1-r2110.bin # Confirm the software change. install commit...

  • Page 166: Managing The Device

    Configure the device name. sysname sysname By default, the device name is HP. Setting the system time The system time is determined by the UTC time, local time zone, and daylight saving time. You can use the display clock command to view the system time.

  • Page 167: Specifying The System Time Source

    Specifying the system time source The entire device uses one clock. All MDCs on the device use the same system time. You can do either of the following: Configure the system time on the device, and perform this task to configure the device to use the •...

  • Page 168: Configuring Banners

    Configuring banners Banners are messages that the system displays when a user logs in. Banner types The system supports the following banners: Legal banner—Appears after the copyright statement. To continue login, the user must enter Y or • press Enter. To quit the process, the user must enter N. Y and N are case insensitive. Message of the Day (MOTD) banner—Appears after the legal banner and before the login banner.

  • Page 169: Configuration Procedure

    Please input the password.A Method 3—After you type the last command keyword, type the start delimiter and part of the banner and press Enter. At the system prompt, enter the rest of the banner and end the last line with the same delimiter. For example, you can configure the banner "Have a nice day. Please input the password."...

  • Page 170: Rebooting The Device

    Rebooting the device CAUTION: A reboot can interrupt network services. • To avoid configuration loss, use the save command to save the running configuration before a reboot. • Fundamentals Command Reference For more information about the save command, see • Before a reboot, use the display startup and display boot-loader commands to verify that you have correctly specified the startup configuration file and startup software images.

  • Page 171: Scheduling A Device Reboot

    Scheduling a device reboot The device supports only one device reboot schedule. If you configure the scheduler reboot at or scheduler reboot delay command multiple times or configure both commands, the most recent configuration takes effect. To schedule a reboot, execute either of the following commands in user view: Task Command Remarks...
  • Page 172 Step Command Remarks By default, no command is assigned to a job. Assign a command to command id command You can assign multiple commands the job. to a job. A command with a smaller ID will be executed first. Exit to system view. quit Create a schedule.

  • Page 173: Schedule Configuration Example

    Step Command Remarks • Execute the schedule at an interval Configure either command. from the specified time on: time repeating at time By default, no execution time is [ month-date [ month-day | last ] | specified for a schedule. Specify an execution week-day week-day&<1-7>...
  • Page 174 [Sysname-job-start-Ten-GigabitEthernet1/0/1] command 2 interface ten-gigabitethernet 1/0/1 [Sysname-job-start-Ten-GigabitEthernet1/0/1] command 3 undo shutdown [Sysname-job-start-Ten-GigabitEthernet1/0/1] quit # Configure a job for disabling interface Ten-GigabitEthernet 1/0/2. [Sysname] scheduler job shutdown-Ten-GigabitEthernet1/0/2 [Sysname-job-shutdown-Ten-GigabitEthernet1/0/2] command 1 system-view [Sysname-job-shutdown-Ten-GigabitEthernet1/0/2] command 2 interface ten-gigabitethernet 1/0/2 [Sysname-job-shutdown-Ten-GigabitEthernet1/0/2] command 3 shutdown [Sysname-job-shutdown-Ten-GigabitEthernet1/0/2] quit # Configure a job for enabling interface Ten-GigabitEthernet 1/0/2.
  • Page 175 Job name: start-Ten-GigabitEthernet1/0/2 system-view interface ten-gigabitethernet 1/0/2 undo shutdown # Display the schedule information. [Sysname] display scheduler schedule Schedule name : START-pc1/pc2 Schedule type : Run on every Mon Tue Wed Thu Fri at 08:00:00 Start time : Wed Sep 28 08:00:00 2011 Last execution time : Wed Sep 28 08:00:00 2011 Last completion time : Wed Sep 28 08:00:03 2011...

  • Page 176: Disabling Password Recovery Capability

    [Sysname-Ten-GigabitEthernet1/0/2]undo shutdown Job name : shutdown-Ten-GigabitEthernet1/0/1 Schedule name : STOP-pc1/pc2 Execution time : Wed Sep 28 18:00:00 2011 Completion time : Wed Sep 28 18:00:01 2011 --------------------------------- Job output ----------------------------------- system-view System View: return to User View with Ctrl+Z. [Sysname]interface ten-gigabitethernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1]shutdown Job name : shutdown-Ten-GigabitEthernet1/0/2...

  • Page 177: Setting The Port Status Detection Timer

    Setting the port status detection timer The device starts a detection timer when a port is shut down by a protocol. If the port is still down when the detection timer expires, the device automatically brings up the port so the port status reflects the port's actual physical status.

  • Page 178: Setting Memory Usage Thresholds

    Step Command Remarks • In standalone mode: display cpu-usage configuration [ slot slot-number [ cpu cpu-number ] ] Display CPU usage • Available in any view. In IRF mode: monitoring configuration. display cpu-usage configuration [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] •...

  • Page 179: Configuring The Temperature Alarm Thresholds

    Notification Triggering condition Remarks The amount of free memory space Severe alarm-removed increases to or above the minor notification alarm threshold. The amount of free memory space Minor alarm-removed increases to or above the normal notification state threshold. Figure 48 Memory alarm notification and alarm-removed notification Free memory space Minor alarm-removed Normal...
  • Page 180 When the temperature of a card reaches the shutdown threshold, the device logs the event, notifies users by repeatedly sending log messages, and shuts down the card. The shutdown threshold is not configurable. To configure the temperature alarm thresholds: Step Command Remarks Enter system view.

  • Page 181: Specifying A Traffic Load Sharing Mode For An Lpu

    LSU1QGC4SF) Specifying a traffic load sharing mode for an LPU The HP 10500 switch series supports load sharing for upstream traffic among LPUs. You can specify different traffic load sharing modes for different purposes. Load sharing is available for only unicast traffic.

  • Page 182: Specifying An Operating Mode For An Lpu

    Specifying an operating mode for an LPU LPUs supported by HP 10500 switches include EA, EB, SC, SE, and SF cards. The type of an LPU is identified by the last two characters of its model name. For example, LSU1GP48EA is an EA card.
  • Page 183 Table 18 Sizes of tables on LPUs in different operating modes Operating EA cards EB cards SC cards SE cards SF cards mode MAC: 128 K MAC: 32 K MAC: 32 K MAC: 32 K MAC: 32 K IPv4 FIB: 16 K IPv4 FIB: 16 K IPv4 FIB: 16 K IPv4 FIB: 12 K...

  • Page 184: Configuration Guidelines

    NOTE: 1 K represents 1024 entries. Configuration guidelines When you specify an operating mode for an LPU, follow these restrictions and guidelines: • The LSU1CGC2SE LPU does not support operating mode configuration. The LSU1TGS48SF LPU supports only the normal, standard-ipv6, and port-extender modes. It can •...

  • Page 185: Configuring The Asset Profile Of A Physical Component

    To enable the port-down function globally: Step Command Remarks Enter system view. system-view Enable the port-down function monitor handshake-timeout By default, this function is globally. disable-port enabled. Configuring the asset profile of a physical component You can configure an asset profile for physical components, including chassis, cards, fan trays, and power supplies for easy management.

  • Page 186: Verifying And Diagnosing Transceiver Modules

    Step Command Remarks Enter system view. system-view Disable the switching fabric By default, a switching fabric module from sending removal switch-fabric module sends removal interrupt interrupt signals before it is removal-signal-suppression signals before it is removed. removed. Verifying and diagnosing transceiver modules Verifying transceiver modules You can use one of the following methods to verify the genuineness of a transceiver module: Display the key parameters of a transceiver module, including its transceiver type, connector type,...

  • Page 187: Disabling Alarm Traps For Transceiver Modules

    Disabling alarm traps for transceiver modules If you install a transceiver module that has no vendor name or a vendor name other than HP, the system repeatedly outputs traps and logs to notify the user to replace the module. To continue to use such a transceiver module that is manufactured or customized by HP but has no vendor information, you can disable alarm traps so the system stops outputting alarm traps.
  • Page 188 Task Command display device [ flash ] [ slot slot-number [ subslot Display hardware information. subslot-number ] | verbose ] Display the electronic label information of the device. display device manuinfo [ slot slot-number ] Display the electronic label information of the display device manuinfo chassis-only specified chassis backplane.
  • Page 189 Task Command display asset-info chassis chassis-number { chassis | fan fan-id | power power-id | slot slot-number } [ csn | Display asset information. custom| department | description | location | service-date | state ] Display system version information. display version Display the system time ,date, local time zone, and display clock daylight saving time.
  • Page 190 Task Command Display the startup software image upgrade history display version-update-record records of the global active MPU. reset asset-info chassis chassis-number { chassis | fan fan-id | power power-id | slot slot-number } [ csn | Clear asset information. custom| department | description | location | service-date | state ] Clear the startup software image upgrade history reset version-update-record...

  • Page 191: Configuring Tcl

    Configuring Tcl Comware V7 provides a built-in tool command language (Tcl) interpreter so you can execute Tcl commands on the device. From user view, you can use the tclsh command to enter Tcl configuration view, where you can execute the following commands: All Tcl 8.5 commands.

  • Page 192: Configuring Mdcs

    Configuring MDCs Overview The Multitenant Device Context (MDC) technology can partition a physical device or an IRF fabric into multiple logical switches called "MDCs." Each MDC uses its own hardware and software resources, runs independently of other MDCs, and provides services for its own customer. Creating, starting, rebooting, or deleting an MDC does not affect any other MDC.

  • Page 193: Default Mdc And Non-Default Mdcs

    Figure 49 Network diagram Internet Internet Gateway 1 Gateway 3 Device Equals Device A Device B Device C Gateway 2 LAN 1 LAN 3 LAN 1 LAN 3 LAN 2 LAN 2 Default MDC and non-default MDCs A device supporting MDCs is an MDC itself, and it is called the "default MDC" (for example, Device Figure 49).

  • Page 194: Creating An Mdc

    Starting an MDC (Required.) Accessing an MDC Although you can assign hardware resources to MDCs before or after you start the MDCs, HP recommends assigning MDCs resources before starting them. Creating an MDC Before creating MDCs, make sure the switch does not have LSU1TGS16SC cards.

  • Page 195: Assigning Physical Interfaces To An Mdc

    Step Command Remarks Enter system view. system-view Enter MDC view. mdc mdc-name [ id mdc-id ] • In standalone mode: By default, all interface cards location slot slot-number Assign an interface belong to the default MDC, and a • In IRF mode: card to an MDC.

  • Page 196: Specifying A Cpu Weight For An Mdc

    Step Command Remarks By default, all physical interfaces belong to the default MDC, and a non-default MDC Assign physical allocate interface interface-type has no physical interfaces to interfaces to the interface-number1 to interface-type use. MDC. interface-number2 You can assign multiple physical interfaces to the same MDC.

  • Page 197: Specifying A Memory Space Percentage For An Mdc

    Step Command Remarks Enter system view. system-view Enter MDC view. mdc mdc-name [ id mdc-id ] • In standalone mode: By default, all MDCs share limit-resource disk slot slot-number ratio Specify a disk the disk space on the MPUs limit-ratio space percentage in the system, and an MDC •...

  • Page 198: Displaying And Maintaining Mdcs

    assign an IP address to the interface. Then, administrators of the MDC can log in to the MDC by using Telnet or SSH. To return from an MDC to the default MDC, use the switchback or quit command. To log in to a non-default MDC from the system view of the default MDC: Step Command Remarks...
  • Page 199 Figure 50 Network diagram Internet Switch A Device MDC A MDC B MDC C Server Server Server Department A Department B Department C Configuration procedure Create and configure MDCA for Department A: # Create MDCA. system-view [Device] mdc MDCA Executing this command will create MDC MDCA ID 2 and empty folder /mdc/mdc2 in the root directory of the storage media.
  • Page 200 [Device-mdc-2-MDCA] mdc start It will take some time to start MDC... This MDC was started successfully. [Device-mdc-2-MDCA] quit # Log in to MDCA from the default MDC. Press Ctrl+D as prompted to access the CLI of MDCA. [Device] switchto mdc MDCA ****************************************************************************** * Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P.
  • Page 201 [Device-mdc-3-MDCB] mdc start It will take some time to start MDC... This MDC was started successfully. [Device-mdc-3-MDCB] quit # Log in to MDCB from the default MDC. Press Ctrl+D as prompted to access the CLI of MDCB. [Device] switchto mdc MDCB ****************************************************************************** * Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P.
  • Page 202 [Device-mdc-4-MDCC] limit-resource cpu weight 5 # Start MDCC. [Device-mdc-4-MDCC] mdc start It will take some time to start MDC... This MDC was started successfully. [Device-mdc-4-MDCC] quit # Log in to MDCC from the default MDC. Press Ctrl+D as prompted to access the CLI of MDCC. [Device] switchto mdc MDCC ****************************************************************************** * Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P.
  • Page 203 * Without the owner's prior written consent, * no decompiling or reverse-engineering shall be allowed. ****************************************************************************** display current-configuration …...

  • Page 204: Using Automatic Configuration

    Using automatic configuration With the automatic configuration feature, the device can automatically obtain a set of configuration settings from some servers when it starts up without a configuration file. This feature simplifies network configuration, facilitates centralized management, and reduces maintenance workload. Understanding automatic configuration The automatic configuration feature requires the cooperation of the following servers: a DHCP server, an HTTP server, a TFTP server, and a DNS server, as shown in...
  • Page 205 If the device obtains a configuration file, it deletes its temporary settings to restore the factory defaults and executes the configuration file. If the device does not obtain a configuration file or fails to execute the configuration file, it deletes its temporary settings and stays quiet for 30 seconds.

  • Page 206: Interface Selection Process

    Figure 52 Automatic configuration workflow Device powered on (no configuration file) Select an interface Enable DHCP client and request parameters Restore the default Got parameters? for the interface Y: HTTP method Got a configuration file name and the name is in the form of an HTTP URL? N: TFTP method Got the TFTP server...

  • Page 207: Automatic-Configuration Parameter Acquisition Process

    If the device has no management Ethernet interface in up state at Layer 2 but has one or more Layer 2 Ethernet interfaces in up state, the device selects the VLAN interface of the default VLAN. If no Layer 2 Ethernet interface is in up state, the device sorts all Layer 3 Ethernet interfaces in up state first by the dictionary order of the interface types and then in ascending order of interface numbers, and selects the one with the smallest interface number among the interfaces of the first interface type.
  • Page 208 If the device got a configuration file name during the automatic-configuration parameter acquisition • process, the device examines the form of the configuration file name. If the configuration file name is in the form of a valid HTTP URL, the device tries to download the configuration file from the URL. Figure •...

  • Page 209: Deploying And Configuring Servers For Automatic Configuration

    Figure 54 Configuration file acquisition process Deploying and configuring servers for automatic configuration To implement automatic configuration, you do not need to perform any configuration on the device. However, you must deploy DHCP, TFTP, and DNS servers and configure the servers to cooperate with the device as follows: DHCP server—Assigns the device a set of parameters for automatic configuration, which might •...

  • Page 210: Dhcp Server Configuration Guidelines

    also need to resolve the TFTP server domain name to the TFTP server IP address. For more information about the DNS server, see Layer 3—IP Services Configuration Guide. If the DHCP server, the HTTP server, the TFTP server, the DNS server, and the device are not in the same network segment, configure the DHCP relay agent on the gateway, and configure routing protocols to make sure the servers have routes to the device and vice versa.
  • Page 211 To use the host name file network.cfg, create a configuration file for each device on the TFTP server, name the file in the format host name.cfg, and add a mapping entry in the format ip host host-name ip-address for the host name file. For example: ip host host1 101.101.101.101 ip host host2 101.101.101.102 ip host client1 101.101.101.103...

  • Page 212: Support And Other Resources

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...

  • Page 213: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
  • Page 214 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 215: Index

    Index device transceiver module alarm trap, alias (command keyword), application RBAC AAA authorization, MDC, RBAC default user role function, argument (CLI string/text type), RBAC local AAA authentication user ASCII transfer mode, configuration, assigning RBAC user role local AAA authentication, CLI user line assignment, RBAC user role non-AAA authentication, MDC hardware resources, RBAC user role remote AAA authentication,...
  • Page 216 RBAC user role remote AAA authentication, startup image file specification (in standalone mode), authorizing BootWare FTP basic server authorization, BootWare image preload, login management command authorization, 46, image downgrade, 1 12 login management user access control, image restore, 1 12 MDC interface card use, software image type, 105, RBAC temporary user role authorization,...
  • Page 217 display command output line numbering, line interface. Use display command output management, login management command accounting, 48, display command output save to file, login management command authorization, 46, display command output viewing, Tcl, displaying login, completing enter system view from user view, software upgrade (in IRF mode), 1 10 local console/AUX port login,...
  • Page 218 device banner, 160, RBAC user role authentication, device name, RBAC user role rules, device temperature alarm threshold, Tcl, FTP, TFTP, FTP basic server parameters, console FTP client (IRF mode), login management CLI console/AUX common user line settings, FTP client (standalone mode), login management CLI console/AUX none FTP server (IRF mode), authentication,...
  • Page 219 default FTP server files, MDC, FTP user account change, deleting IPv4 TFTP client configuration, file, IPv6 TFTP client configuration, next-startup configuration file, login management modem login, recycle bin file, login management SNMP device access, detecting login management SSH login configuration on device, device port status detection timer, login management SSH server login,...
  • Page 220 physical component asset profile, device management configuration, port status detection timer, file system current working directory display, port-down function, file system directory information, system operating mode, file system file information, system time set, file system text file content, system time source set, FTP client, task scheduling, 163, FTP server,...
  • Page 221 file storage media formatting, calculating digest, storage media management, compression, 92, storage media repair, configuration file content, text file content display, configuration file format, File Transfer Protocol. Use configuration file formats, filtering configuration file management, CLI display command output, copying, FIPS decompression, 92, configuration file FIPS compliance,...
  • Page 222 ISSU patch image uninstall, ISSU software configuration rollback, hardware ISSU software image installation, MDC physical interface assignment, ISSU software image upgrade, MDC resource assignment, installing, 145, See also install series commands history ISSU software images (install series CLI history function, commands), hotkey (command), interface, 15, See also...
  • Page 223 ISSU methods, 1 16 IPE file software images (install series commands), ISSU methods (compatible), 1 17 IRF mode, ISSU methods (incompatible), 1 18 issu series commands, ISSU overview, 1 16 issu series commands (IRF mode), ISSU performance by issu series commands, issu series commands (standalone mode), ISSU software change confirmation status (install series commands),...
  • Page 224 line login management Telnet login scheme authentication, CLI user line assignment, login management Telnet server login, login management CLI console/AUX common user line settings, login management VTY common line settings, login management CLI user line, login login management CLI user line device banner login type, identification, login management...
  • Page 225 ISSU incompatible, 1 18 main login management SNMP device access, software image set, mode main next-startup configuration file, 102, device system operating mode, maintaining file system file/folder alert operation mode, CLI login, file system file/folder quiet operation mode, device management configuration, FTP active (PORT) operating mode, FTP connection, FTP ASCII transfer mode,...
  • Page 226 automatic configuration server FTP server configuration (standalone mode), configuration, FTP server directory management, automatic configuration server deployment, FTP server files, command help information display, FTP user account change, configuring physical component asset IPv4 TFTP client configuration, profile, IPv6 TFTP client configuration, default MDC, ISSU (IRF mode), device as FTP client,...
  • Page 227 MDC hardware resources assignment, ISSU feature upgrade (install series commands/IRF mode), 152, MDC interface card authorization, ISSU feature upgrade (install series MDC physical interface assignment, commands/standalone mode), 149, MDC start, ISSU install series commands (IRF mode), 152, monitoring CPU usage, ISSU install series commands (standalone non-default MDC, mode), 149,...
  • Page 228 ISSU IPE file software images, Comware patch image, RBAC temporary user role authorization, ISSU patch image, online pausing between CLI output screens, CLI online help access, performing operating mode ISSU (install series commands), specifying operating mode for LPU, ISSU (IRF mode), Option 150 (DHCP) ISSU (standalone mode), automatic configuration parameter acquisition...
  • Page 229 RBAC user role interface policy, configuring CLI command keyword alias, RBAC user role local AAA authentication, configuring device as IPv4 TFTP client, RBAC user role non-AAA authentication, configuring device as IPv6 TFTP client, RBAC user role remote AAA authentication, configuring device banner, 160, RBAC user role VLAN policy, configuring device name, RBAC user role VPN instance policy,...
  • Page 230 configuring MDC, displaying device management configuration, configuring physical component asset displaying directory information, profile, displaying file information, configuring RBAC, 55, displaying FTP client, configuring RBAC feature group, displaying FTP server, configuring RBAC for HWTACACS displaying ISSU, 128, authentication user, displaying MDCs, configuring RBAC for RADIUS authentication displaying RBAC settings, user,...
  • Page 231 numbering CLI display command output lines, preloading BootWare image, obtaining ISSU IPE files software images (install preparing for non-ISSU software upgrade, series commands), rebooting device, obtaining RBAC temporary user role rebooting device (immediate), authorization, rebooting device (scheduled), pausing between CLI output screens, removing directory, performing ISSU (install series commands), removing ISSU inactive software image (install...
  • Page 232 troubleshooting RBAC login attempts by troubleshooting, RADIUS users fail, troubleshooting local user access permissions, understanding CLI command-line error troubleshooting login attempts by RADIUS users message, fail, uninstalling ISSU feature (install series user role assignment, 55, commands), user role authentication, uninstalling ISSU patch images (install series user role creation, commands), user role interface policy,...
  • Page 233 ISSU feature rollback (install series login management command authorization, 46, commands/IRF mode), 155, login management SNMP access control, 44, ISSU feature rollback (install series login management SSH login control, commands/standalone mode), 151, login management Telnet login control, 43, ISSU feature rollback (issu series commands/IRF login management user access control, mode), RBAC configuration, 52, 55,...
  • Page 234 login management SNMPv3 access ISSU feature rollback (issu series configuration, commands/standalone mode), SNMPv1 access configuration, ISSU feature upgrade (install series commands/IRF mode), 152, SNMPv2 access configuration, ISSU feature upgrade (install series SNMPv1 commands/standalone mode), 149, login management access configuration, ISSU inactive software image (install series login management SNMP device access, commands), SNMPv2...
  • Page 235 login control, automatic configuration process, login management overview, CLI command abbreviation, server login, CLI command entry, standby CLI command history function use, software synchronization from active to standby CLI command hotkey configuration, MPU, 1 12 CLI command hotkey use, starting MDC, CLI command keyword alias configuration, starting up CLI command keyword alias use,...
  • Page 236 device system operating mode, ISSU for single-MPU device (standalone mode), device system time set, ISSU for single-MPU single-chassis IRF fabric, device system time source set, ISSU inactive software image removal (install series commands), device temperature alarm threshold, ISSU install series commands (IRF mode), 152, device transceiver module alarm traps, ISSU install series commands (standalone device transceiver module diagnosis,...
  • Page 237 login management Telnet login, FTP client connection establishment, login management Telnet login control, 43, FTP configuration, login management Telnet login device IPv4 TFTP client configuration, configuration, IPv6 TFTP client configuration, login management Telnet login max number TFTP configuration, concurrent users, Telnet login management Telnet login none DSCP value for outgoing packet,...
  • Page 238 troubleshooting RBAC user role assignment, 55, FTP connection, RBAC user role authentication, RBAC, RBAC user role creation, RBAC local user access permissions, RBAC user role interface policy, RBAC login attempts by RADIUS users fail, RBAC user role local AAA authentication, RBAC user role non-AAA authentication, RBAC user role remote AAA authentication, undo command form,...
  • Page 239 FTP server files,...

Table of Contents