HP 5830 series, Configuration Manual

Page 1: ...HP 5830 Switch Series Fundamentals Configuration Guide Part number 5998 2060 Software version Release 1115 Release 1118 Document version 6W101 20130604 ...

Page 2: ...MATERIAL INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE Hewlett Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing performance or use of this material The only warranties for HP products and services are set forth in the express warranty statements accompan...

Page 3: ...vilege and command levels 13 Configuring a user privilege level 13 Switching the user privilege level 16 Changing the level of a command 19 Saving the running configuration 19 Displaying and maintaining CLI 19 Login overview 21 FIPS compliance 21 Login methods at a glance 21 User interfaces 22 User interface assignment 22 User interface identification 22 Logging in to the CLI 23 FIPS compliance 23...

Page 4: ... Telnet logins not supported in FIPS mode 57 Configuring source IP based Telnet login control 57 Configuring source destination IP based Telnet login control 58 Configuring source MAC based Telnet login control 59 Telnet login control configuration example 59 Configuring source IP based SNMP login control 60 Configuration procedure 60 SNMP login control configuration example 61 Configuring Web log...

Page 5: ...mode 82 File system management examples 83 Managing configuration files 84 Overview 84 Configuration types 84 Startup configuration loading process 85 Configuration file format and content 86 FIPS compliance 86 Saving the running configuration 86 Enabling configuration auto update 87 Saving configuration by using different methods 87 Using automatic configuration backup after a software upgrade 88...

Page 6: ...ion compatibility 111 Performing an ISSU for an incompatible version 112 Setting the ISSU version rollback timer 112 Performing a manual version rollback 112 Displaying and maintaining ISSU 113 ISSU upgrade example 113 Network status 113 Network requirements 113 Upgrade procedure 114 Managing the device 121 Configuring the device name 121 Changing the system time 121 Configuration guidelines 121 C...

Page 7: ...ement 135 Using automatic configuration 137 Typical automatic configuration network 137 How automatic configuration operates 138 Automatic configuration work flow 138 Using DHCP to obtain an IP address and other configuration information 139 Obtaining the configuration file from the TFTP server 140 Executing the configuration file 142 Support and other resources 143 Contacting HP 143 Subscription ...

Page 8: ...ts commands and keywords that you enter literally as shown Italic Italic text represents arguments that you replace with actual values Square brackets enclose syntax choices keywords or arguments that are optional x y Braces enclose a set of required syntax choices separated by vertical bars from which you select one x y Square brackets enclose a set of optional syntax choices separated by vertica...

Page 9: ...n the view of VLAN 100 and can configure attributes for the VLAN You are placed in user view immediately after you are logged in to the CLI The user view prompt is Device name where the Device name argument defaults to HP and can be changed by using the sysname command In user view you can perform some basic operations including display debug file management FTP Telnet clock setting and reboot For...

Page 10: ...ction to the device NOTE In public key code view use the public key code end command to return to the upper level view public key view In public key view use the peer public key end command to return to system view Returning to user view from any other view You can return to user view from any other view using the return command instead of using the quit command multiple times Pressing Ctrl Z has ...

Page 11: ... The question mark is in the place of a keyword and the CLI displays all possible keywords with a brief description for each keyword Sysname terminal debugging Send debug information to terminal logging Send log information to terminal monitor Send information output to current terminal trapping Send trap information to terminal Example 2 The question mark is in the place of an argument and the CL...

Page 12: ...ere is no match the system does not modify what you entered but displays it again in the next line Entering a STRING type value for an argument Generally a STRING type argument value can contain any printable character in the ASCII code range of 32 to 126 other than the question mark quotation mark backward slash and space However a specific STRING type argument might have more strict requirements...

Page 13: ... exactly matches a keyword but partially matches an alias the command indicated by the keyword is executed To execute the command indicated by the alias enter the complete alias If you enter a string that partially matches multiple aliases the system gives you a prompt Configuration procedure To configure a command keyword alias Step Command Remarks 1 Enter system view system view N A 2 Enable the...

Page 14: ...the cursor one character to the left Ctrl C Stops the current command Ctrl D Deletes the character at the cursor Ctrl E Moves the cursor to the end of the line Ctrl F Moves the cursor one character to the right Ctrl H Deletes the character to the left of the cursor Ctrl K Aborts the connection request Ctrl N Displays the next command in the command history buffer Ctrl P Displays the previous comma...

Page 15: ...tted commands Step Command Remarks 1 Enter system view system view N A 2 Enable redisplaying entered but not submitted commands info center synchronous By default this feature is disabled For more information about this command see Network Management and Monitoring Command Reference Understanding command line error messages If a command line fails the syntax check the CLI displays error messages T...

Page 16: ... one entry in the buffer By default the command history buffer can save up to 10 commands for each user To set the capacity of the command history buffer for the current user interface use the history command max size command Viewing history commands You can use arrow keys to access history commands in Windows 200x and Windows XP Terminal or Telnet In Windows 9x HyperTerminal the arrow keys are in...

Page 17: ...r a session depends on the setting of the screen length command in user interface view The default of the screen length command is pausing between screens of output and displaying up to 24 lines on a screen This command is executed in user view and takes effect only for the current session When you log in again to the device the default is restored Filtering the output from a display command You c...

Page 18: ...b ab_ only matches a line ending with ab It connects two values the smaller one before it and the bigger one after it to indicate a range together with 1 9 means 1 to 9 inclusive a h means a to h inclusive Matches a single character contained within the brackets 16A matches a string containing any character among 1 6 and A 1 36A matches a string containing any character among 1 2 3 6 and A is a hy...

Page 19: ...ust be a number letter or underline and w equals A Za z0 9_ v w matches vlan v is character1 and l is character2 and service i is character2 W Equals b Wa matches a with being character1 and a being character2 but does not match 2a or ba Escape character If a special character listed in this table follows the specific meaning of the character is removed matches a string containing matches a string...

Page 20: ... level are not saved after being configured After the device is restarted the commands at this level are restored to the default settings Commands at this level include debugging terminal refresh and send 2 System Includes service configuration commands including routing configuration commands and commands for configuring services at different network levels By default commands at this level inclu...

Page 21: ...authorization attribute command to configure the user privilege level To use remote authentication RADIUS or HWTACACS Configure the user privilege level on the authentication server User either method For local authentication if you do not configure the user privilege level the user privilege level is 0 For remote authentication if you do not configure the user privilege level the user privilege l...

Page 22: ...e other user interfaces is 0 To configure the user privilege level directly on a user interface that uses the none or password authentication mode Step Command Remarks 1 Enter system view system view N A 2 Enter user interface view user interface first num1 last num1 aux vty first num2 last num2 N A 3 Configure the authentication mode for any user who uses the current user interface to log in to t...

Page 23: ...n length Specify the lines displayed on one screen send Send information to other user terminal interface ssh2 Establish a secure shell client connection super Set the current user priority level telnet Establish one TELNET connection terminal Set the terminal line characteristics tftp Open TFTP connection tracert Trace route function undo Cancel current setting Configure the device to perform pas...

Page 24: ... authentication only local only local The device uses the locally configured passwords for privilege level switching authentication To use this mode you must set the password for privilege level switching using the super password command Remote AAA authentication through HWTACACS or RADIUS scheme The device sends the username and password for privilege level switching to the HWTACACS or RADIUS ser...

Page 25: ...e 9 The privilege level switching fails after three consecutive unsuccessful password attempts To switch the user privilege level perform the following task in user view Task Command Remarks Switch the user privilege level super level When logging in to the device a user has a user privilege level which depends on user interface or authentication user level Table 9 Information required for user pr...

Page 26: ...ging in as the privilege level switching username Password configured on the device with the super password command for the privilege level Changing the level of a command Every command in a view has a default command level The default command level scheme is sufficient for the security and ease of maintenance requirements of most networks If you want to change the level of a command make sure the...

Page 27: ...he command keyword alias configuration display command alias begin exclude include regular expression Available in any view Display data in the clipboard display clipboard begin exclude include regular expression Available in any view ...

Page 28: ...e level is 3 Logging in through Telnet not supported in FIPS mode By default Telnet service is enabled To use Telnet service complete the following configuration tasks Enable the Telnet server Assign an IP address to a Layer 3 interface and make sure the interface and the Telnet client can reach each other Configure the authentication mode for VTY login users password by default Configure the user...

Page 29: ...assigns user interfaces to CLI login users depending on their login methods Each user interface can be assigned to only one user at a time If no user interface is available a CLI login attempt will be rejected The device provides 1 AUX user interfaces and 16 VTY user interfaces For a CLI login the device always picks the lowest numbered user interface from the idle user interfaces available for th...

Page 30: ...ngs of the terminal emulation program must be the same as the default settings of the console port in Table 12 Table 12 Default console port properties Parameter Default Bits per second 9600 bps Flow control None Parity None Stop bits 1 Data bits 8 To log in through the console port from a console terminal for example a PC 1 Connect the DB 9 female connector of the console cable to the serial port...

Page 31: ...as listed in Table 12 NOTE On Windows Server 2003 add the HyperTerminal program first and then log in to and manage the device as described in this document On Windows Server 2008 Windows 7 Windows Vista or some other operating system obtain a third party terminal control program first and then follow the user guide or online help to log in to the device Figure 4 Connection description Figure 5 Sp...

Page 32: ... user view prompt HP enter commands to configure the device or view the running status of the device To get help enter Configuring console login control settings The following authentication modes are available for controlling console logins None Requires no authentication This mode is insecure Password Requires password authentication ...

Page 33: ...Set a password Configuring password authentication for console login not supported in FIPS mode Scheme Enable scheme authentication on the AUX user interface Configure local or remote authentication settings To configure local authentication 1 Configure a local user and specify the password 2 Configure the device to use local authentication To configure remote authentication 1 Configure the RADIUS...

Page 34: ...ew user interface aux first number last number N A 3 Enable password authentication authentication mode password By default you can log in to the device through the console port without authentication and have user privilege level 3 after login 4 Set a password set authentication password cipher simple password By default no password is set 5 Configure common settings for console login See Configu...

Page 35: ...ecify the IP address of the authorization server and other authorization parameters If the local authentication scheme is used use the authorization attribute level level command in local user view to set the user privilege level on the device If a RADIUS or HWTACACS authentication scheme is used set the user privilege level on the RADIUS or HWTACACS server To configure scheme authentication for c...

Page 36: ...ble for a user only depend on the user privilege level If command authorization is enabled a command is available only if the user has the commensurate user privilege level and is authorized to use the command by the AAA scheme 5 Enable command accounting command accounting Optional By default command accounting is disabled The accounting server does not record the commands executed by users Comma...

Page 37: ...nfiguration see Security Configuration Guide 8 Create a local user and enter local user view local user user name By default no local user exists 9 Set an authentication password for the local user password cipher simple password In non FIPS mode password hash cipher simple password In FIPS mode password By default no password is set 10 Specifies a command level of the local user authorization att...

Page 38: ...erminal settings on the configuration terminal and make sure they are the same as the settings on the device To configure common settings for an AUX user interface Step Command Remarks 1 Enter system view system view N A 2 Enter AUX user interface view user interface aux first number last number N A 3 Set the baud rate speed speed value By default the transmission rate is 9600 bps 4 Specify the pa...

Page 39: ... terminal display types ANSI and VT100 HP recommends that you set the display type to VT100 on both the device and the configuration terminal If either side uses the ANSI type a display problem such as cursor positioning error might occur when a command line has more than 80 characters 11 Configure the user privilege level for login users user privilege level level By default the default command l...

Page 40: ...or Telnet users By default password authentication applies to Telnet login but no login password is configured To allow Telnet access to the device after you enable the Telnet server you must configure a password The following are authentication modes available for controlling Telnet logins None Requires no authentication and is insecure Password Requires a password for accessing the CLI If your p...

Page 41: ...in Step Command Remarks 1 Enter system view system view N A 2 Enable Telnet server telnet server enable By default the Telnet server is enabled 3 Enter one or multiple VTY user interface views user interface vty first number last number N A 4 Disable authentication authentication mode none By default password authentication is enabled for VTY user interfaces 5 Configure the command level for login...

Page 42: ... interfaces 5 Set a password set authentication password cipher simple password By default no password is set 6 Configure the user privilege level for login users user privilege level level The default level is 0 7 Configure common settings for VTY user interfaces See Configuring common settings for VTY user interfaces optional Optional The next time you attempt to Telnet to the device you must pr...

Page 43: ...A 2 Enable Telnet telnet server enable By default the Telnet service is enabled 3 Enter one or multiple VTY user interface views user interface vty first number last number N A 4 Enable scheme authentication authentication mode scheme By default local authentication is used If local authentication is used and the password control function is enabled change the password at the first login If NTP is...

Page 44: ... domain domain name b Apply an AAA scheme to the domain authentication default hwtacacs scheme hwtacacs scheme name local local none radius scheme radius scheme name local c Exit to system view quit Optional By default local authentication is used For local authentication configure local user accounts For RADIUS or HWTACACS authentication configure the RADIUS or HWTACACS scheme on the device and c...

Page 45: ...t be unable to access the CLI through a VTY user interface after configuring the auto execute command command on it Before you configure the command and save the configuration make sure you can access the CLI through a different user interface To configure common settings for VTY user interfaces Step Command Remarks 1 Enter system view system view N A 2 Enter one or multiple VTY user interface vie...

Page 46: ... Setting idle timeout to 0 disables the timer 10 Specify a command to be automatically executed when a user logs in to the user interfaces auto execute command command Optional By default no automatically executed command is specified The command auto execute function is typically used for redirecting a Telnet user to a specific host After executing the specified command and performing the incurre...

Page 47: ...ed as the source IPv4 address 3 Exit to user view quit N A 4 Use the device to log in to a Telnet server Log in to an IPv4 Telnet server telnet remote host service port vpn instance vpn instance name source interface interface type interface number ip ip address Log in to an IPv6 Telnet server telnet ipv6 remote host i interface type interface number port number vpn instance vpn instance name Use ...

Page 48: ... server configure authentication and user privilege level for SSH users By default password authentication is adopted for SSH login but no login password is configured To allow SSH access to the device after you enable the SSH server you must configure a password Configuring the SSH server on the device Follow these guidelines when you configure the SSH server To make the command authorization or ...

Page 49: ...n is enabled on VTY user interfaces by default 6 Enable the user interfaces to support Telnet SSH or both of them In non FIPS mode protocol inbound all ssh telnet In FIPS mode protocol inbound all ssh Optional In non FIPS mode both Telnet and SSH are supported by default In FIPS mode SSH is supported by default 7 Enable command authorization command authorization Optional By default command author...

Page 50: ... ISP domain view domain domain name b Apply the specified AAA scheme to the domain authentication default hwtacacs scheme hwtacacs scheme name local local none radius scheme radius scheme name local c Exit to system view quit Optional For local authentication configure local user accounts For RADIUS or HWTACACS authentication configure the RADIUS or HWTACACS scheme on the device and configure auth...

Page 51: ...f the server is located in a different subnet than the device make sure the two devices have routes to reach each other Figure 17 Logging in to an SSH server from the device To use the device as an SSH client to log in to an SSH server perform the following tasks in user view Task Command Remarks Log in to an IPv4 SSH server ssh2 server The server argument represents the IPv4 address or host name ...

Page 52: ...n and HTTPS login are separate login methods To use HTTPS login you do not need to configure HTTP login Table 17 shows the basic Web login configuration requirements Table 17 Basic Web login configuration requirements Object Requirements Device Configure an IP address for a Layer 3 interface Configuring routes to make sure the interface and the PC can reach each other Perform either or both of the...

Page 53: ... clients permitted by the ACL to access the device 6 Set the Web connection timeout time web idle timeout minutes Optional By default the Web connection timeout time is 10 minutes 7 Set the size of the buffer for Web login logging web logbuffer size pieces Optional By default the buffer can store up to 512 logs 8 Create a local user and enter local user view local user user name By default no loca...

Page 54: ...ks Secure mode To make the device operate in this mode you must enable HTTPS service on the device specify an SSL server policy for the service and configure PKI domain related parameters This mode is complicated to configure but provides higher security For more information about SSL and PKI see Security Configuration Guide Follow these guidelines when you configure HTTPS login If the HTTPS servi...

Page 55: ...d correctly If no local certificate exists a certificate application process will be triggered by the SSL negotiation Because the application process takes much time the SSL negotiation often fails and the HTTPS service cannot be started correctly In that case execute the ip https enable command multiple times to start the HTTPS service 5 Associate the HTTPS service with a certificate attribute ba...

Page 56: ...the device If the user s PKI certificate is correct and not expired but the AAA authentication fails the device shows the Web login page The user can log in to the device after entering correct username and password 9 Set the Web user connection timeout time web idle timeout minutes Optional By default the Web connection timeout time is 10 minutes 10 Set the size of the buffer for Web login loggin...

Page 57: ...exclude include regular expression Available in any view Display HTTP state information display ip http begin exclude include regular expression Available in any view Display HTTPS state information display ip https begin exclude include regular expression Available in any view Web login configuration examples HTTP login configuration example Network requirements As shown in Figure 18 configure th...

Page 58: ...n authorization attribute level 3 Sysname luser admin password simple admin 2 Verify the configuration On the PC run the Web browser Enter the IP address of the device in the address bar The Web login page appears as shown in Figure 19 Figure 19 Web login page Enter the user name password verify code select English and click Login The homepage appears After login you can configure device settings ...

Page 59: ... 1 ca identifier new ca Device pki domain 1 certificate request url http 10 1 2 2 certsrv mscep mscep dll Device pki domain 1 certificate request from ra Device pki domain 1 certificate request entity en Device pki domain 1 quit Create RSA local key pairs Device public key loc al create rsa Retrieve the CA certificate from the certificate issuing server Device pki retrieval certificate ca domain 1...

Page 60: ...nable the HTTPS service Device ip https enable Create a local user named usera set the password to 123 specify the Web service type and specify the user privilege level 3 A level 3 user can perform all operations supported by the device Device local user usera Device luser usera password simple 123 Device luser usera service type web Device luser usera authorization attribute level 3 2 Configure t...

Page 61: ...e network making sure they can reach each other as shown in Figure 21 Figure 21 Network diagram IMPORTANT This document describes only the basic SNMP configuration procedures on the device To make SNMP work correctly make sure the SNMP settings including the SNMP version on the NMS are consistent with those on the device Prerequisites Assign an IP address to a Layer 3 interface on the device Confi...

Page 62: ...th snmp agent 3 Create or update MIB view information snmp agent mib view excluded included view name oid tree mask mask value Optional By default the MIB view name is ViewDefault and OID is 1 4 Configure SNMP NMS access right Method 1 Specify the SNMP NMS access right directly by configuring an SNMP community snmp agent community read write community name mib view view name acl acl number acl ipv...

Page 63: ...t shown Enter system view Sysname system view Enable the SNMP agent Sysname snmp agent Configure an SNMP group Sysname snmp agent group v3 managev3group Add a user to the SNMP group Sysname snmp agent usm user v3 managev3user managev3group 2 Configure the NMS Make sure the NMS has the same SNMP settings including the username as the device If not the device cannot be discovered or managed by the N...

Page 64: ...n FIPS mode in the following configuration examples Controlling Telnet logins not supported in FIPS mode Use a basic ACL 2000 to 2999 to filter Telnet traffic by source IP address Use an advanced ACL 3000 to 3999 to filter Telnet traffic by source and or destination IP address Use an Ethernet frame header ACL 4000 to 4999 to filter Telnet traffic by source MAC address To access the device a Telnet...

Page 65: ... interface type first number last number N A 6 Use the ACL to control user logins by source IP address acl ipv6 acl number inbound outbound inbound Filters incoming packets outbound Filters outgoing packets Configuring source destination IP based Telnet login control Step Command Remarks 1 Enter system view system view N A 2 Create an advanced ACL and enter its view or enter the view of an existin...

Page 66: ...net frame header ACL view quit N A 5 Enter user interface view user interface type first number last number N A 6 Use the ACL to control user logins by source MAC address acl acl number inbound inbound Filters incoming packets Telnet login control configuration example Network requirements As shown in Figure 23 configure an ACL on the device to permit only incoming Telnet packets sourced from Host...

Page 67: ...cess the requested MIB view an NMS must use a source IP address permitted by the ACL Configuration procedure To configure source IP based SNMP login control Step Command Remarks 1 Enter system view system view N A 2 Create a basic ACL and enter its view or enter the view of an existing basic ACL acl ipv6 number acl number name name match order config auto By default no basic ACL exists 3 Create an...

Page 68: ...e view write view notify view notify view acl acl number acl ipv6 ipv6 acl number SNMPv1 v2c user snmp agent usm user v1 v2c user name group name acl acl number acl ipv6 ipv6 acl number SNMPv3 user snmp agent usm user v3 user name group name cipher authentication mode md5 sha auth password privacy mode 3des aes128 des56 priv password acl acl number acl ipv6 ipv6 acl number For more information abo...

Page 69: ...e an IP address permitted by the ACL You can also log off suspicious Web users who have been logged in HTTP is not supported in FIPS mode Configuring source IP based Web login control Step Command Remarks 1 Enter system view system view N A 2 Create a basic ACL and enter its view or enter the view of an existing basic ACL acl ipv6 number acl number name name match order config auto By default no b...

Page 70: ...the device to allow only Web users from Host B to access Figure 25 Network diagram Configuration procedure Create ACL 2000 and configure rule 1 to permit packets sourced from Host B Sysname system view Sysname acl number 2030 match order config Sysname acl basic 2030 rule 1 permit source 10 110 100 52 0 Associate the ACL with the HTTP service so only Web users from Host B are allowed to access the...

Page 71: ...ged port greater than 1024 The FTP operation mode varies depending on the FTP client program The device can act as the FTP client or FTP server Figure 26 FTP application scenario FIPS compliance In Release 1 1 18 and later versions the device supports the FIPS mode that complies with NIST FIPS 140 2 requirements Support for features commands and parameters might differ in FIPS mode and non FIPS mo...

Page 72: ... interface for FTP packets make sure the interface has been assigned a primary IP address To establish an IPv4 FTP connection Step Command Remarks 1 Enter system view system view N A 2 Specify a source IP address for outgoing FTP packets ftp client source interface interface type interface number ip source ip address Optional By default the primary IP address of the output interface is used as the...

Page 73: ...nnection to an FTP server you can create or delete folders in the authorized directory on the FTP server To manage the directories on the FTP server Task Command Display detailed information about files and directories under the current directory on the FTP server dir remotefile localfile Query a directory or file on the FTP server ls remotefile localfile Change the working directory on the FTP se...

Page 74: ...formation such as the file size and creation time Delete the specified file on the FTP server permanently delete remotefile N A Set the file transfer mode to ASCII ascii By default ASCII mode is used Set the file transfer mode to binary binary By default ASCII mode is used Set the FTP operation mode to passive passive By default passive mode is used Display the local working directory of the FTP c...

Page 75: ...w FTP client configuration example Network requirements As shown in Figure 27 the IRF fabric that comprises two member devices acts as the FTP client and the PC acts as the FTP server The IRF fabric and the PC can reach each other An account with the username abc and password abc is already configured on the FTP server Log in to the FTP server from the FTP client download the file newest bin from ...

Page 76: ...lash newest bin 226 Transfer complete FTP 23951480 byte s received in 95 399 second s 251 00K byte s sec Set the transfer mode to ASCII and upload the configuration file config cfg from the IRF fabric to the PC for backup ftp ascii ftp put config cfg back config cfg 227 Entering Passive Mode 10 1 1 1 4 2 125 ASCII mode data connection already open transfer starting for config cfg 226 Transfer comp...

Page 77: ...P server starts writing data to the Flash after a file is transferred to the memory This prevents the existing file on the FTP server from being corrupted in the event that anomaly such as a power failure occurs during a file transfer Normal mode The FTP server writes data to the Flash while receiving data This means that any anomaly such as a power failure during file transfer might result in fil...

Page 78: ... is OK For more information see Security Configuration Guide To configure authentication and authorization for the FTP server Step Command Remarks 1 Enter system view system view N A 2 Create a local user account and enter its view local user user name By default no authorized local user account exists and the system does not support FTP anonymous user access 3 Set a password for the user account ...

Page 79: ...et its password to abc and the user privilege level to level 3 the manage level specify the Flash root directory of the master device as the authorized directory and specify the service type as FTP Sysname system view Sysname local user abc Sysname luser abc password simple abc Sysname luser abc authorization attribute level 3 Sysname luser abc authorization attribute work directory flash Sysname ...

Page 80: ... next startup of all member devices Sysname boot loader file newest bin slot all main This command will set the boot file of the specified board Continue Y N y The specified file will be used as the main boot file at the next reboot on slot 1 The specified file will be used as the main boot file at the next reboot on slot 2 IMPORTANT The system software image file used for the next startup and the...

Page 81: ...ram on the file host and set a TFTP working directory Configure IP addresses and routes to make that the device and the TFTP server can reach each other Using the device as a TFTP client The device provides the following modes for downloading a new file from a TFTP server Normal download The new file is written directly to Flash and overwrites the old file that has the same name as it If file down...

Page 82: ...By default the primary IP address of the output interface is used as the source IP address 4 Set the DSCP value for IP to use for outgoing TFTP packets For IPv4 tftp client dscp dscp value For IPv6 tftp client ipv6 dscp dscp value Optional The default is 0 whether the TFTP client is running IPv4 or IPv6 5 Return to user view quit N A 6 Download or upload a file For IPv4 tftp server address get put...

Page 83: ...unused files Details not shown Download system software image file newest bin from the PC to the master and subordinate devices Download system software image file newest bin from the PC to the root directory of the Flash on the master Sysname tftp 1 2 1 1 get newest bin Download system software image file newest bin from the PC to the root directory of the Flash on a subordinate device with the m...

Page 84: ... system software image file used for the next startup must be saved in the Flash root directory You can copy or move a file to the Flash root directory Reboot the IRF fabric and the software is upgraded Sysname reboot ...

Page 85: ...urrent working directory The path argument represents the path to the file If the file is in a single level folder specify the folder name for the argument If the file is in a nested folder separate each folder name by a forward slash 1 to 135 characters test a cfg indicates a file named a cfg in the test folder in the current working directory drive path file name Specifies a file in a specific s...

Page 86: ...nload operation or using the save command Displaying file information Perform this task in user view Task Command Display file or directory information dir all file url all filesystems Displaying file contents Perform this task in user view Task Command Remarks Display the contents of a file more file url Only text files can be displayed Renaming a file Perform this task in user view Task Command ...

Page 87: ...manently delete unreserved file url Emptying the recycle bin Step Command Remarks 1 Enter the original working directory of the file to be deleted in user view cd directory Skip this step if the original directory of the file to be deleted is the current working directory 2 Empty the recycle bin reset recycle bin force N A Calculating the file digest The digest of a file can be used to verify the ...

Page 88: ...t working directory cd directory Creating a directory Perform this task in user view Task Command Create a directory mkdir directory Removing a directory Before you remove a directory you must delete all files and subdirectories in this directory To delete a file use the delete command to delete a subdirectory use the rmdir command The rmdir command automatically deletes the files in the recycle b...

Page 89: ...ing a batch file is the same as executing the commands one by one However execution of a batch file does not guarantee successful execution of every command in the batch file If a command has error settings or the conditions for executing the command are not met the system skips this command You can edit a batch file on your PC and then upload or download it to the device If the extension of the f...

Page 90: ... Feb 16 2012 15 20 27 test 3 rw 184108 Feb 16 2012 15 30 20 aaa bin 60833 KB total 2521 KB free Create new folder mytest in the test directory Sysname cd test Sysname mkdir mytest Created dir flash test mytest Display the current working directory Sysname pwd flash test Display the files and the subdirectories in the test directory Sysname dir Directory of flash test 0 drw Feb 16 2012 15 28 14 myt...

Page 91: ... the device loads the default configuration file to configure features at startup If a parameter is not included in the file the device loads its initial setting Startup configuration file Configuration file you specify in the Boot menu or CLI for startup The file is called the next startup configuration file After the file is loaded at startup it is also called the current startup configuration f...

Page 92: ...2 If you do not start the device with empty configuration the following process applies a If you have specified a main startup configuration file and this configuration file is available the device starts up with this startup configuration file b If you have not specified a main startup configuration file or the specified main startup configuration file is not available the device starts up with t...

Page 93: ...urn You can execute the save command to save the running configuration to a configuration file To make sure the configuration file can be loaded HP recommends that you not edit the content and format of the configuration file FIPS compliance In Release 1 1 18 and later versions the device supports the FIPS mode that complies with NIST FIPS 140 2 requirements Support for features commands and param...

Page 94: ...taking any data loss prevention measure If a reboot or power failure occurs during this process the next startup configuration file is lost You must re specify a new startup configuration file after the device reboots see Specifying a configuration file for the next startup Safe mode Use the save command with the safely keyword Safe mode is slower than fast mode but more secure In safe mode the sy...

Page 95: ...to the current configuration In case a future downgrade is needed the system automatically checks for configuration incompatibility and backs up the old next startup configuration file the first time you use the save command to save the running configuration to the file The backup file is named in the _old filename_bak cfg format For example if the old configuration file is named config cfg the ba...

Page 96: ...c configuration archiving Manually archiving running configuration Required Use either method Performing configuration rollback Required Configuring configuration archive parameters Before archiving the running configuration either manually or automatically you must configure a file directory and file name prefix for configuration archives Configuration archives are saved with the file name format...

Page 97: ...archives archive configuration max file number Optional The default number is 5 Change the setting depending on the amount of available storage space Enabling automatic configuration archiving To avoid decreasing system performance follow these guidelines when you configure automatic configuration archiving If the device configuration does not change frequently manually archive the running configu...

Page 98: ...ent configuration file is not encrypted To perform configuration rollback Step Command 1 Enter system view system view 2 Perform configuration rollback configuration replace file filename The configuration rollback function might fail to reconfigure some commands in the running configuration for one of the following reasons A command cannot be undone because prefixing the undo keyword to the comma...

Page 99: ...artup Optional If no next startup configuration file has been specified the backup operation will fail 2 Back up the next startup configuration file to a TFTP server in user view backup startup configuration to dest addr dest filename This command is not supported in FIPS mode Deleting the next startup configuration file CAUTION This task permanently deletes the next startup configuration file fro...

Page 100: ...in user view restore startup configuration from src addr src filename This command is not supported in FIPS mode 2 Verify that the specified configuration file has been set as the main next startup configuration file display startup Optional Displaying and maintaining configuration files Task Command Remarks Display information about configuration rollback display archive configuration begin exclu...

Page 101: ...les used at this startup and the next startup display startup begin exclude include regular expression Available in any view Display the valid configuration in the current view display this by linenum begin exclude include regular expression Available in any view ...

Page 102: ...re features as shown in Figure 32 Figure 32 System startup process FIPS compliance In Release 1 1 18 and later versions the device supports the FIPS mode that complies with NIST FIPS 140 2 requirements Support for features commands and parameters might differ in FIPS mode and non FIPS mode For more information about FIPS mode see Security Configuration Guide Software upgrade methods You can upgrad...

Page 103: ...g from the Boot menu BootWare image System software images Use this method when the device cannot correctly start up For information about this upgrading method see the release notes for your switch IMPORTANT Upgrading an IRF fabric from the CLI rather than the Boot menu The Boot menu method increases the service downtime because it requires that you upgrade the member devices one by one This chap...

Page 104: ...y fileurl source fileurl dest You can assign different names to the image files on different member switches but must make sure the image versions are the same 3 Specify the file as the startup software image for each member switch in user view boot loader file file url slot all slot number main backup In FIPS mode the specified file must pass authenticity verification before it can be set as a st...

Page 105: ... more patches After being loaded from the flash to the patch memory area each patch is assigned a unique number which starts from 1 For example if a patch file has three patches they are numbered 1 2 and 3 A patch package file contains patch files for multiple modules It enables you to use one command to bulk fix bugs for multiple modules Incremental patch Incremental patches are dependent on prev...

Page 106: ... change to the ACTIVE state Figure 33 shows the patch manipulation commands and how they affect the patch state IMPORTANT Patch state information is saved in a file named patchstate on the flash To make sure the switch can correctly find the patches do not edit delete move the file or change the file name Figure 33 Impact of patch manipulation commands on patch state IDLE state Patches that have n...

Page 107: ...loaded to the patch memory area and are in DEACTIVE state In the patch area patch states are as shown in Figure 35 Figure 35 Patch states in the patch memory area after a patch file is loaded ACTIVE state Patches in ACTIVE state run temporarily in the system and become DEACTIVE at a reboot For the seven patches in Figure 35 if you activate the first five patches their states change from DEACTIVE t...

Page 108: ...boot The patch states of the system are shown in Figure 37 Figure 37 Patches in RUNNING state Hotfix configuration task list Task Remarks Installing patches Installing and running patches in one step Installing a patch step by step Use either method Step by step patch installation allows you to control the patch status Uninstalling a patch step by step Optional Installation prerequisites To ensure...

Page 109: ...r a reboot If you choose to not continue to run installed patches after a reboot the installed patches are set in ACTIVE state and change to the DEACTIVE state at a reboot In FIPS mode the patch file or the patch package file must pass authenticity verification before the patch install command can be executed To install and run patches in one step Step Command Remarks 1 Enter system view system vi...

Page 110: ...ocation patch location By default the patch file location is flash All patch files must be stored in the root directory of the flash The patch file location must be flash or a patch file path for example flash new bin NOTE If you execute the patch install patch location command the directory specified for the patch location argument replaces the directory specified with the patch location command ...

Page 111: ...VE patch its state changes to RUNNING and persists after a reboot To confirm ACTIVE patches Step Command 1 Enter system view system view 2 Confirm ACTIVE patches patch run patch number slot slot number Uninstalling a patch step by step To uninstall a patch step by step you must first stop running the patch and then remove it from the patch memory area Stopping running patches When you stop running...

Page 112: ...tch begin exclude include regular expression Available in any view Display patch information display patch information begin exclude include regular expression Available in any view Software upgrade examples Non ISSU software upgrade example Network requirement The IRF fabric in Figure 38 has one master device member ID 1 and one subordinate device member ID 2 The current software version of the I...

Page 113: ...server please wait TFTP 10058752 bytes received in 141 second s File downloaded successfully IRF tftp 2 2 2 2 get soft version2 bin slot2 flash soft version2 bin Specify soft version2 bin as the startup system software image for all IRF members IRF boot loader file soft version2 bin slot all main This command will set the boot file of the specified board Continue Y N y The specified file will be u...

Page 114: ...ot shown Load the patch file patch_xxx bin from the TFTP server to the root directory of the flash on the master Device tftp 2 2 2 2 get patch_xxx bin Load the patch file patch_xxx bin from the TFTP server to the root directory of the flash on the subordinate switch Device tftp 2 2 2 2 get patch_xxx bin slot2 flash patch_xxx bin Install patches Device system view Device patch install flash Patches...

Page 115: ...egated as one logical link In this scenario you can use ISSU to upgrade system software of each IRF member switch to ensure non stop forwarding or reduce down time for users connected to Switch A Switch B and Switch C Figure 40 IRF network diagram ISSU upgrade procedure ISSU follows a strict procedure as shown in Figure 41 IRF SwitchA SwitchB SwitchC SwitchD SwitchE 1 2 3 4 5 6 7 8 1 GE1 0 1 2 GE1...

Page 116: ...ise the upgrade might fail To upgrade system software of IRF member switches through ISSU make sure the member switches form a ring topology ISSU states During the ISSU process you can use the display issu state command to display the ISSU state of the IRF fabric including whether the new system software image is incompatible with the current system software image and the adopted ISSU method ...

Page 117: ...r During ISSU for an incompatible version if you do not execute the issu run switchover command to upgrade all the IRF member switches that have not been upgraded in one operation before the rollback timer expires the system automatically rolls back the system software image of all upgraded IRF member switches to the previous version For information about incompatible ISSU methods see Displaying v...

Page 118: ...rent system software images exist in the Flash of each IRF member switch and they are saved in the same directory Displaying version compatibility Before performing an ISSU upgrade check the version compatibility between the new and current system software images to determine whether ISSU can be performed and which ISSU method is adopted After downloading and saving the new system software image s...

Page 119: ... argument provided in this command must be the same as that specified in the issu load command When this command is executed all IRF member switches except the specified subordinate switch the new master are upgraded to the new version and the ISSU process completes after reboot If you do not execute the issu run switchover command before the rollback timer expires the ISSU upgrade automatically e...

Page 120: ... To ensure high availability configure cross device link aggregation using the following guidelines so every three physical links with the same color between the IRF member switches and access switches are aggregated as one logical link On the IRF fabric create three dynamic aggregation groups Ports in aggregation group 1 connect to Switch A ports in aggregation group 2 connect to Switch B and por...

Page 121: ...on mode dynamic IRF Bridge Aggregation3 quit Add ports GigabitEthernet 1 0 1 GigabitEthernet 2 0 1 and GigabitEthernet 3 0 1 that connect to Switch A to aggregation group 1 IRF interface GigabitEthernet 1 0 1 IRF GigabitEthernet1 0 1 port link aggregation group 1 IRF GigabitEthernet1 0 1 quit IRF interface GigabitEthernet 2 0 1 IRF SwitchA SwitchB SwitchC SwitchD SwitchE 1 2 3 4 5 6 7 8 1 GE1 0 1 ...

Page 122: ...gabitEthernet1 0 3 quit IRF interface GigabitEthernet 2 0 3 IRF GigabitEthernet2 0 3 port link aggregation group 3 IRF GigabitEthernet2 0 3 quit IRF interface GigabitEthernet 3 0 3 IRF GigabitEthernet3 0 3 port link aggregation group 3 IRF GigabitEthernet3 0 3 quit 2 Configure Switch A Create dynamic aggregate interface 1 SwitchA system view SwitchA interface bridge aggregation 1 SwitchA Bridge Ag...

Page 123: ...hernet 1 0 3 that connect to IRF member switches to aggregation group 3 corresponding to aggregate interface 3 SwitchC interface GigabitEthernet 1 0 1 SwitchC GigabitEthernet1 0 1 port link aggregation group 3 SwitchC GigabitEthernet1 0 1 quit SwitchC interface GigabitEthernet 1 0 2 SwitchC GigabitEthernet1 0 2 port link aggregation group 3 SwitchC GigabitEthernet1 0 2 quit SwitchC interface Gigab...

Page 124: ...m software images on IRF member switches are the same If not the ISSU upgrade cannot be performed IRF display boot loader Slot 1 The current boot app is flash soft version1 bin The main boot app is flash soft version1 bin The backup boot app is NULL Slot 2 The current boot app is flash soft version1 bin The main boot app is flash soft version1 bin The backup boot app is NULL Slot 3 The current boo...

Page 125: ...7 Apr 26 2011 12 19 52 system xml 60833 KB total 26734 KB free The output shows that the new system software image has been saved to the Flash of the master Verify whether the new system software image soft version2 bin has been saved to the Flash of subordinate switch 2 IRF dir slot2 flash Directory of slot2 flash 0 rw 6085 May 29 2010 11 38 45 config cfg 1 rw 10518 Apr 26 2011 12 45 05 logfile l...

Page 126: ...ate switch the new master after the upgrade which is subordinate switch 2 in this example IRF system view IRF issu load file soft version2 bin slot 2 This command will begin ISSU and the specified board will reboot and be upgraded Please save the current running configuration first otherwise the configuration may be lost Continue Y N y After the reboot of subordinate switch 2 reboot and upgrade al...

Page 127: ...120 The current boot app is flash soft version2 bin The main boot app is flash soft version2 bin The backup boot app is NULL ...

Page 128: ...s use the system time For NTP configuration see Network Management and Monitoring Configuration Guide In a small sized network you can manually set the system time of each device Configuration guidelines You can change the system time by configuring the relative time time zone and daylight saving time The configuration result depends on their configuration order see Table 20 In the first column of...

Page 129: ... summer offset 1 3 date time outside the daylight saving time range date time clock datetime 1 00 2007 1 1 clock summer time ss one off 1 00 2006 1 1 1 00 2006 8 8 2 01 00 00 UTC Mon 01 01 2007 date time in the daylight saving time range date time summer offset clock datetime 8 00 2007 1 1 clock summer time ss one off 1 00 2007 1 1 1 00 2007 8 8 2 10 00 00 ss Mon 01 01 2007 If the date time plus s...

Page 130: ...e add 1 clock summer time ss one off 1 00 2005 1 1 1 00 2005 8 8 2 System clock configured 04 00 00 ss Sat 01 01 2005 1 2 3 or 1 3 2 date time zone offset outside the daylight saving time range date time zone offset clock datetime 1 00 2007 1 1 clock timezone zone time add 1 clock summer time ss one off 1 00 2008 1 1 1 00 2008 8 8 2 02 00 00 zone time Mon 01 01 2007 date time zone offset outside t...

Page 131: ... system view N A 3 Set the time zone clock timezone zone name add minus zone offset Optional Coordinated UTC time zone by default 4 Set a daylight saving time scheme Set a non recurring scheme clock summer time zone name one off start time start date end time end date add time Set a recurring scheme clock summer time zone name repeating start time start date end time end date add time Optional Use...

Page 132: ...uding the command keywords and the delimiters cannot exceed 510 characters Do not press Enter before you input the end delimiter For example you can configure the shell banner Have a nice day as follows System system view System header shell Have a nice day Multi line banner A multi line banner can be up to 2000 characters To input a multi line banner use one of the following methods Method 1 Pres...

Page 133: ...re the legal banner header legal text Optional 4 Configure the shell banner header shell text Optional 5 Configure the MOTD banner header motd text Optional Configuring the exception handling method In an IRF fabric the exception handling method applies to only the master switch The following exception handling methods are available reboot The device reboots the failed master switch to recover fro...

Page 134: ... Rebooting devices immediately at the CLI To reboot a device execute the following command in user view Task Command Remarks Reboot an IRF member device or all the IRF member devices immediately reboot slot slot number On the master device in an IRF fabric if no IRF member device is specified the command reboots all IRF member devices Scheduling a device reboot The switch supports only one device ...

Page 135: ...the schedule job command multiple times the most recent configuration takes effect Yes You can use the time command in job view to configure commands to be executed at different time points Supported views User view and system view In the schedule job command shell represents user view and system represents system view All views In the time command monitor represents user view Supported commands C...

Page 136: ...in user view Task Command Remarks Schedule a job Schedule a job to run a command at a specific time schedule job at time date view view command Schedule a job to run a command after a delay schedule job delay time view view command Use either command NOTE If you execute the schedule job command multiple times the most recent configuration takes effect Changing any clock setting can cancel the job ...

Page 137: ...y command Scheduled job configuration example Network requirements Configure scheduled jobs on the device to enable interfaces GigabitEthernet 1 0 1 GigabitEthernet 1 0 2 and GigabitEthernet 1 0 3 at 8 00 and disabled them at 18 00 on working days every week to control the access of the PCs connected to these interfaces Figure 43 Network diagram Configuration procedure Enter system view Sysname sy...

Page 138: ... 0 3 Sysname job pc3 view gigabitethernet1 0 3 Configure the device to enable GigabitEthernet 1 0 3 at 8 00 on working days every week Sysname job pc3 time 1 repeating at 8 00 week day mon tue wed thu fri command undo shutdown Configure the device to shut down GigabitEthernet 1 0 3 at 18 00 on working days every week Sysname job pc3 time 2 repeating at 18 00 week day mon tue wed thu fri command sh...

Page 139: ...down a BPDU guard enabled port when the port receives a BPDU In this case you can set the port status detection timer If the port is still down when the detection timer expires the protocol module automatically cancels the shutdown action and restores the port to its original physical status To set the port status detection timer Step Command Remarks 1 Enter system view system view N A 2 Set the p...

Page 140: ...70 6 F N A port to power 1 4 0 C 32 F 62 C 143 6 F 77 C 170 6 F N A Clearing unused 16 bit interface indexes The device must maintain persistent 16 bit interface indexes and keep one interface index match one interface name for network management After deleting a logical interface the device retains its 16 bit interface index so the same index can be assigned to the interface at interface re creat...

Page 141: ...covery capability is enabled Verifying and diagnosing transceiver modules This section describes how to verify and diagnose transceiver modules NOTE Support for the transceiver modules and the transceiver module type depends on your device model Verifying transceiver modules You can verify the genuineness of a transceiver module in the following ways Display the key parameters of a transceiver mod...

Page 142: ...e by module or use the display diagnostic information command to bulk collect running data for multiple modules Task Command Remarks Display system version information display version begin exclude include regular expression Available in any view Display the system time and date display clock begin exclude include regular expression Available in any view Display the software and hardware copyright...

Page 143: ... Available in any view Display the power supply information display power slot slot number power id begin exclude include regular expression Available in any view Display the mode of the last reboot display reboot type slot slot number begin exclude include regular expression Available in any view Display the configuration of the job configured by using the schedule job command display schedule jo...

Page 144: ... TFTP server IP address and DNS server IP address TFTP server Saves files needed in automatic configuration The device gets the files needed from the TFTP server such as the host name file that saves mappings between host IP addresses and host names and the configuration file DNS server Resolves between IP addresses and host names In some cases the device resolves its IP address to the correspondi...

Page 145: ...er getting related parameters the device sends a TFTP request to obtain the configuration file from the specified TFTP server and executes the configuration file If the client cannot get such parameters it uses factory default configuration To implement automatic configuration you must configure the DHCP server DNS server and TFTP server but you do not need to perform any configuration on the devi...

Page 146: ... ip host command see Layer 3 IP Services Command Reference Principles for selecting an address pool on the DHCP server The DHCP server selects IP addresses and other network configuration parameters from an address pool for clients DHCP supports the following types of address pools Dynamic address pool A dynamic address pool contains a range of IP addresses and other parameters that the DHCP serve...

Page 147: ...ile stores mappings between IP addresses and host names For example the host name file can include the following ip host host1 101 101 101 101 ip host host2 101 101 101 102 ip host client1 101 101 101 103 ip host client2 101 101 101 104 IMPORTANT There must be a space before the keyword ip and keyword host The host name of a device saved in the host name file must be the same as the configuration ...

Page 148: ...s its host name it requests the configuration file with the same name from the TFTP server If all the previous operations fail the device requests the default configuration file from the TFTP server TFTP request sending mode The device selects to unicast or broadcast a TFTP request using the following flow If a legitimate TFTP server IP address is contained in the DHCP response the device unicasts...

Page 149: ...on for the gateway to change the broadcast TFTP request from the device to a unicast packet and forward the unicast packet to the specified TFTP server For more information about UDP Helper see Layer 3 IP Services Configuration Guide Executing the configuration file After obtaining the configuration file the device removes the temporary configuration and executes the configuration file If no confi...

Page 150: ...ing you will receive email notification of product enhancements new driver versions firmware updates and other product resources Related information Documents To find related documents browse to the Manuals page of the HP Business Support Center website http www hp com support manuals For related documentation navigate to the Networking section and select a networking category For a complete list ...

Page 151: ...eparated by vertical bars from which you select one choice multiple choices or none 1 n The argument or keyword and argument combination before the ampersand sign can be entered 1 to n times A line that starts with a pound sign is comments GUI conventions Convention Description Boldface Window names button names field names and menu items are in bold text For example the New User window appears cl...

Page 152: ... 2 features Represents an access controller a unified wired WLAN module or the switching engine on a unified wired WLAN switch Represents an access point Represents a security product such as a firewall a UTM or a load balancing or security card that is installed in a device Represents a security card such as a firewall card a load balancing card or a NetStream card Port numbering in examples The ...

Page 153: ...login management Telnet login none authentication 34 login management Telnet login password authentication 35 login management Telnet login scheme authentication 36 authentication configuring FTP server 71 console login modes 25 authorization FTP server 71 auto configuration See automatic configuration automatic configuration archiving 90 automatic configuration executing configuration file 142 fe...

Page 154: ...s 10 client configuring device login as Telnet client 40 configuring FTP client 64 configuring TFTP 74 FTP client configuration 68 TFTP client configuration 76 command abbreviating CLI 5 changing level 19 configuring hotkeys 6 configuring keyword aliases 6 configuring user level 13 conventions 1 editing command lines 5 entering 5 entering STRING type values CLI 5 filtering output display 10 ISSU t...

Page 155: ...rface settings 31 login management CLI console none authentication 26 login management CLI console password authentication 27 login management CLI console scheme authentication 28 login management HTTP login 46 50 login management HTTPS login 47 51 login management source IP based Web login control 62 login management Telnet login 33 login management Telnet login password authentication 35 login m...

Page 156: ...ng 137 automatic configuration work flow 138 BootWare upgrade without ISSU 96 changing system time 121 clearing unused interface 133 CLI configuration 1 configuration file format and content 86 configuration types 84 configuring banner 125 configuring exception handling 126 configuring FTP client 64 configuring FTP server 70 configuring FTP server basic parameters 70 configuring login as Telnet cl...

Page 157: ...ry 81 creating 81 displaying current working directory 81 displaying information 81 FTP server 66 management 80 removing 81 disabling login management Telnet login authentication 34 password recovery capability 133 disconnecting FTP connection 68 disk space managing storage media 82 displaying CLI output options 10 configuration files 93 copyright 124 current working directory 81 device management...

Page 158: ...mmand output 10 format file name 78 FTP client configuration 68 configuration 64 configuring client 64 configuring server 70 configuring server authentication 71 configuring server authorization 71 configuring server basic parameters 70 connection maintenance 67 displaying 73 DSCP for outgoing packets client side 66 establishing connection 65 maintaining 73 managing server directories 66 server co...

Page 159: ...amining members for ISSU 1 1 1 maintaining 1 13 manual version rollback 1 10 non ISSU software upgrade 105 overview 108 preparing members for ISSU 1 1 1 software configuration rollback 1 12 software configuration rollback timer 1 12 states 109 to an incompatible version 1 12 upgrade procedure 108 version rollback 1 10 J job modular scheduling 129 non modular scheduling 129 scheduling 128 schedulin...

Page 160: ...H server 41 switching to another user account FTP 67 login management CLI access 23 CLI console common user interface settings 31 CLI console none authentication 26 CLI console password authentication 27 CLI console scheme authentication 28 FTP packet DSCP client side 66 overview 21 SNMP device access 54 source IP based Web login control 62 SSH login control 57 Telnet login 33 Telnet login control...

Page 161: ...ule verification 134 134 disabling password recovery capability 133 examining members for ISSU 1 1 1 file system file management 79 FTP client configuration 68 FTP connection troubleshooting 67 FTP server configuration 72 ISSU software configuration rollback 1 12 ISSU software configuration rollback timer 1 12 ISSU to an incompatible version 1 12 ISSU version compatibility display 1 1 1 login mana...

Page 162: ... 55 configuring settings SNMPv2c 55 configuring settings SNMPv3 54 configuring source IP based user login control 60 61 login management SNMP device access 54 none login management CLI console none authentication 26 login management Telnet login none authentication 34 non ISSU software upgrade 105 non modular job scheduling 129 numbering user interfaces 22 O online help CLI 4 output filtering disp...

Page 163: ...me 121 configuring device temperature alarm threshold 132 configuring exception handling 126 configuring FTP 64 configuring FTP client 64 68 configuring FTP server 70 72 configuring FTP server authentication 71 configuring FTP server authorization 71 configuring FTP server basic parameters 70 configuring hotkeys 6 configuring login management CLI console common user interface settings 31 configuri...

Page 164: ...on 79 displaying FTP 73 displaying ISSU 1 13 displaying login management Web login 50 displaying software upgrade 105 displaying text file content 79 displaying TFTP client 75 displaying version compatibility 1 1 1 editing command lines 5 emptying recycle bin 80 enabling automatic configuration archiving 90 enabling configuration auto update 87 enabling copyright display 124 entering commands 5 en...

Page 165: ...ware configuration rollback timer 1 12 setting login management Telnet login max number concurrent users 38 setting prompt modes 82 software hotfix 106 specifying next startup configuration file 91 stopping running patch 104 switching to higher user privilege level 18 switching to another user account FTP 67 switching user privilege level 16 terminating FTP connection 68 troubleshooting FTP connec...

Page 166: ...gin management Web login control 62 63 login management Web user logoff 62 server configuring authentication FTP 71 configuring authorization FTP 71 configuring FTP server 70 configuring FTP server basic parameters 70 configuring SSH server 41 FTP server configuration 72 managing FTP directories 66 switching to another user account FTP 67 working with FTP files 66 setting command history buffer si...

Page 167: ...a management 81 managing space 82 naming rules 78 STRING CLI entering STRING type values 5 switching user privilege level 16 user privilege level higher 18 system patch 98 patch file 98 patch state 99 system administration automatic configuration 137 automatic configuration networking 137 automatic configuration work flow 138 BootWare upgrade without ISSU 96 changing system time 121 configuration ...

Page 168: ...ent Telnet server login 44 login management Web interface HTTP login 46 50 login management Web interface HTTPS login 47 51 login management Web interface login 45 50 login management Web login control 62 63 login management Web user logoff 62 obtaining configuration file from TFTP server for automatic configuration 140 obtaining configuration through DHCP for automatic configuration 139 patch act...

Page 169: ...g BootWare without ISSU 96 non ISSU software upgrade 105 software upgrade 95 105 software upgrade methods 95 software without ISSU 97 97 upper level view returning to 3 user configuring command levels 13 configuring privilege level on user interface 15 configuring privilege levels 13 configuring source IP based SNMP login control 60 61 configuring source IP based Telnet login control 57 configurin...

Page 170: ...y buffer 9 history commands 9 VLAN view 2 W Web displaying login management Web login 50 login management Web interface HTTP login 46 50 login management Web interface HTTPS login 47 51 login management Web interface login 45 50 maintaining login management Web login 50 working directory changing current working directory 81 displaying current working directory 81 ...