HP 6600/HSR6600 Routers Fundamentals Configuration Guide Part number: 5998-1493 Software version: A6602-CMW520-R3103 A6600-CMW520-R3102-RPE A6600-CMW520-R3102-RSE HSR6602_MCP-CMW520-R3102 Document version: 6PW103-20130628
Legal and notice information © Copyright 2013 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Using the CLI ································································································································································ 1 Command conventions ····················································································································································· 1 Using the undo form of a command ·························································································································
Configuring the SSH server on the device ·········································································································· 40 Using the device to log in to an SSH server ······································································································· 42 Local login through the AUX port ································································································································· 43 Configuring none authentication for AUX logi
Prerequisites ···································································································································································· 88 Using the router as a TFTP client ·································································································································· 88 Displaying and maintaining the TFTP client ················································································································ 89 TFT
Upgrading software ················································································································································ 113 FIPS compliance ··························································································································································· 113 Software upgrade methods ········································································································································· 113 U
Unmounting the USB device ······························································································································· 148 Disabling all USB interfaces ········································································································································ 149 Displaying and maintaining device management ···································································································· 149 Support and other resources ·····
Using the CLI At the command-line interface (CLI), you can enter text commands to configure, manage, and monitor your device. Figure 1 CLI example You can log in to the CLI in a variety of ways. For example, you can log in through the console port, or using Telnet or SSH. For more information about login methods, see "Logging in to the CLI." Command conventions Command conventions help you understand the syntax of commands. Commands in product manuals comply with the conventions listed in Table 1.
Convention Description &<1-n> The argument or keyword and argument combination before the ampersand (&) sign can be entered 1 to n times. # A line that starts with a pound (#) sign is comments. Command keywords are case insensitive. The following example analyzes the syntax of the clock datetime time date command according to Table 1.
Figure 3 CLI view hierarchy Entering system view from user view Task Command Enter system view from user view. system-view Returning to the upper-level view from any view Task Command Return to the upper-level view from any view. quit Executing the quit command in user view terminates your connection to the device. In public key code view, use the public-key-code end command to return to the upper-level view (public key view).
Accessing the CLI online help The CLI online help is context sensitive. You can enter a question mark at any prompt or in any position of a command to display all available options. To access the CLI online help, use one of the following methods: • Enter a question mark at a view prompt to display the first keyword of every command available in the view.
Entering a command When you enter a command, you can use keys or hotkeys to edit the command line, or use abbreviated keywords or keyword aliases. Editing a command line Use the keys listed in Table 2 or the hotkeys listed in Table 3 to edit a command line. Table 2 Command line editing keys Key Function Common keys If the edit buffer is not full, pressing a common key inserts the character at the position of the cursor and moves the cursor to the right.
Configuring and using command keyword aliases The command keyword alias function allows you to replace the first keyword of a non-undo command or the second keyword of an undo command with your preferred keyword when you execute the command. For example, if you configure show as the alias for the display keyword, you can enter show in place of display to execute a display command.
Step Command Remarks Optional. 3. display hotkey [ | { begin | exclude | include } regular-expression ] Display hotkeys. Available in any view. See Table 3 for hotkeys reserved by the system. The hotkeys in Table 3 are defined by the device. If a hotkey is also defined by the terminal software that you are using to interact with the device, the definition of the terminal software takes effect. Table 3 System-reserved hotkeys Hotkey Function Ctrl+A Moves the cursor to the beginning of a line.
output such as logs. If you have entered nothing, the system does not display the command-line prompt after the output. To enable redisplaying entered-but-not-submitted commands: Step 1. Enter system view. 2. Enable redisplaying entered-but-not-submitted commands. Command Remarks system-view N/A By default, this feature is disabled. info-center synchronous For more information about this command, see Network Management and Monitoring Command Reference.
By default, the command history buffer can save up to 10 commands for each user. To set the capacity of the command history buffer for the current user interface, use the history-command max-size command. Viewing history commands You can use arrow keys to access history commands in Windows 200x and Windows XP Terminal or Telnet. In Windows 9x HyperTerminal, the arrow keys are invalid, and you must use Ctrl+P and Ctrl+N instead.
Keys Function Enter Displays the next line. Ctrl+C Stops the display and cancels the command execution. Displays the previous page. Displays the next page. To display all output at one time and refresh the screen continuously until the last screen is displayed: Task Command Disable pausing between screens of output for the current session. screen-length disable Remarks The default for a session depends on the setting of the screen-length command in user interface view.
Character Meaning Examples + Matches the preceding character or character group one or multiple times "zo+" matches "zo" and "zoo", but not "z". | Matches the preceding or succeeding character string "def|int" only matches a character string containing "def" or "int". _ If it is at the beginning or the end of a regular expression, it equals ^ or $. In other cases, it equals comma, space, round bracket, or curly bracket.
Character Meaning Examples \Bcharacter Matches a string containing character, and no space is allowed before character. "\Bt" matches "t" in "install", but not "t" in "big top". character1\w Matches character1character2. character2 must be a number, letter, or underline, and \w equals [A-Za-z0-9_]. "v\w" matches "vlan" ("v" is character1 and "l" is character2) and "service" ( "i" is character2). \W Equals \b.
Configuring user privilege and command levels To avoid unauthorized access, the device defines the user privilege levels and command levels in Table 7. User privilege levels correspond to command levels. A user logged in with a specific privilege level can use only the commands at that level or lower levels. Table 7 Command levels and user privilege levels Level 0 Privilege Default set of commands Visit Includes commands for network diagnosis and commands for accessing an external device.
Step Command Remarks 3. Specify the scheme authentication mode. authentication-mode scheme By default, the authentication mode for VTY and AUX users is password, and no authentication is needed for console login users. 4. Return to system view. quit N/A 5. Configure the authentication mode for SSH users as password. For more information, see Security Configuration Guide. This task is required only for SSH users who are required to provide their usernames and passwords for authentication.
Step 3. Enter user interface view. 4. Enable the scheme authentication mode. 5. Configure the user privilege level. Command Remarks user-interface { first-num1 [ last-num1 ] | vty first-num2 [ last-num2 ] } N/A authentication-mode scheme By default, the authentication mode for VTY and AUX users is password, and no authentication is needed for console users.
# Configure the device to perform no authentication for Telnet users, and to authorize authenticated Telnet users to use level-0 and level-1 commands. (Use no authentication mode only in a secure network environment.) system-view [Sysname] user-interface vty 0 4 [Sysname-ui-vty0-4] authentication-mode none [Sysname-ui-vty0-4] user privilege level 1 # Display the commands a Telnet user can use after login. Because the user privilege level is 1, a Telnet user can use more commands now.
To avoid problems, HP recommends that administrators log in with a lower privilege level to view switch operating parameters, and switch to a higher level temporarily when they must maintain the device. When administrators must leave for a while or ask someone else to manage the device temporarily, they can switch to a lower privilege level before they leave to restrict the operation by others.
Step Command Remarks If local authentication is involved, this step is required. By default, a privilege level has no password. 3. Configure the password for the user privilege level. super password [ level user-level ] [ hash ] { cipher | simple } password If no user privilege level is specified when you configure the command, the user privilege level defaults to 3. If you specify the simple keyword for the command, the password is saved in plain text in the configuration file.
User interface authentication mode User privilege level switching authentication mode Information required for the first authentication mode Information required for the second authentication mode scheme local Username and password for the privilege level. Local user privilege level switching password. local Password configured for the privilege level on the device with the super password command.
Displaying and maintaining CLI Task Command Remarks Display the command keyword alias configuration. display command-alias [ | { begin | exclude | include } regular-expression ] Available in any view. Display data in the clipboard. display clipboard [ | { begin | exclude | include } regular-expression ] Available in any view.
Login overview This chapter describes the available login methods and their configuration procedures. Login methods at a glance You can access the device only through the console port at the first login. After login, you can configure other login methods on the device, such as Telnet and SSH for remote access.
CLI user interfaces The device uses user interfaces (also called "lines") to control CLI logins and monitor CLI sessions. You can configure access control settings, including authentication, user privilege, and login redirect on user interfaces. After users are logged in, their actions must be compliant with the settings on the user interfaces assigned to them. Users are assigned different user interfaces, depending on their login methods, as shown in Table 10.
Logging in to the CLI By default, the first time you access the CLI you must log in through the console port. At the CLI, you can configure Telnet, SSH, or modem dial-in (through the AUX port) for remote access. FIPS compliance The router supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.
4. Launch the terminal emulation program and configure the communication properties on the PC. Figure 5 through Figure 7 show the configuration procedure on Windows XP HyperTerminal. Make sure the port settings are the same as listed in Table 11. On Windows Server 2003, add the HyperTerminal program first, and then log in to and manage the device as described in this document.
Figure 7 Setting the properties of the serial port 5. Power on the device and press Enter at the prompt. Figure 8 CLI 6. At the default user view prompt , enter commands to configure the device or view the running status of the device. To get help, enter ?. Configuring console login control settings The following authentication modes are available for controlling console logins: • None—Requires no authentication. This mode is insecure. • Password—Requires password authentication.
By default, console login does not require authentication. Any user can log in through the console port without authentication and have user privilege level 3. To improve device security, configure the password or scheme authentication mode immediately after you log in to the device for the first time. Table 12 Configuration required for different console login authentication modes Authentication mode Configuration tasks Reference None Set the authentication mode to none for the console user interface.
Figure 9 Accessing the CLI through the console port without authentication Configuring password authentication for console login Step Command Remarks 1. Enter system view. system-view N/A 2. Enter console user interface view. user-interface console first-number [ last-number ] N/A 3. Enable password authentication. authentication-mode password By default, you can log in to the device through the console port without authentication and have user privilege level 3 after login. 4.
Figure 10 Password authentication interface for console login Configuring scheme authentication for console login Follow these guidelines when you configure scheme authentication for console login: • To make the command authorization or command accounting function take effect, apply an HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the authorization server and other authorization parameters.
Step Command Remarks Optional. 4. Enable command authorization. By default, command authorization is disabled. The commands available for a user only depend on the user privilege level. command authorization If command authorization is enabled, a command is available only if the user has the commensurate user privilege level and is authorized to use the command by the AAA scheme. Optional.
Step 9. Set an authentication password for the local user. Command Remarks password [ [ hash ] { cipher | simple } password ] By default, no password is set. Optional. 10. Specifies a command level of the local user. authorization-attribute level level 11. Specify terminal service for the local user. service-type terminal By default, no service type is specified. 12. Configure common settings for console login. See "Configuring common console user interface settings (optional)." Optional.
Step Command Remarks 3. Set the baud rate. speed speed-value By default, the baud rate is 9600 bps. 4. Specify the parity check mode. parity { even | mark | none | odd | space } The default setting is none, namely, no parity check. The default is 1. 5. Specify the number of stop bits. stopbits { 1 | 1.5 | 2 } Stop bits indicate the end of a character. The more the stop bits, the slower the transmission. The default is 8. The setting depends on the character coding type.
Step Command Remarks 13. Set the size of command history buffer. history-command max-size size-value By default, the buffer saves 10 history commands at most. 14. Set the idle-timeout timer. idle-timeout minutes [ seconds ] The default idle-timeout is 10 minutes. The system automatically terminates the user's connection if there is no information interaction between the device and the user within the idle-timeout time. Setting idle-timeout to 0 disables the idle-timeout function.
Scheme—Uses the AAA module to provide local or remote authentication. You must provide a username and password for accessing the CLI. If the password configured in the local user database was lost, log in to the device through the console port and configure a new password. If the username or password configured on a remote server was lost, contact the server administrator for help.
The next time you attempt to Telnet to the device, you do not need to provide any username or password, as shown in Figure 13. If the maximum number of login users has been reached, your login attempt fails and the message "All user interfaces are used, please try later!" appears. Figure 13 Telnetting to the device without authentication Configuring password authentication for Telnet login Step Command Remarks 1. Enter system view. system-view N/A 2. Enable Telnet server.
Figure 14 Password authentication interface for Telnet login Configuring scheme authentication for Telnet login Follow these guidelines when you configure scheme authentication for Telnet login: • To make the command authorization or command accounting function take effect, apply an HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the authorization server and other authorization parameters.
Step Command Remarks Optional. 5. Enable command authorization. command authorization By default, command authorization is disabled. The commands available for a user only depend on the user privilege level. If command authorization is enabled, a command is available only if the user has the commensurate user privilege level and is authorized to use the command by the AAA scheme. Optional. By default, command accounting is disabled. The accounting server does not record the commands executed by users.
Step Command Remarks 11. Specify the command level of the local user. authorization-attribute level level Optional. 12. Specify Telnet service for the local user. service-type telnet By default, no service type is specified. 13. Exit to system view. quit N/A 14. Configure common settings for VTY user interfaces. See "Configuring common VTY user interface settings (optional)." Optional. By default, the command level is 0.
Step Command Remarks Optional. 3. Enable the terminal service. shell By default, terminal service is enabled. Optional. 4. 5. Enable the user interfaces to support Telnet, SSH, or both of them. protocol inbound { all | ssh | telnet } Define a shortcut key for terminating tasks. escape-key { default | character } By default, both Telnet and SSH are supported. The configuration takes effect the next time you log in. Optional. By default, pressing Ctrl+C terminates a task. Optional.
Step Command Remarks Optional. By default, no automatically executed command is specified. 10. Specify a command to be automatically executed when a user logs in to the user interfaces. auto-execute command command The command auto-execute function is typically used for redirecting a Telnet user to a specific host. After executing the specified command and performing the incurred task, the system automatically disconnect the Telnet session.
Logging in through SSH SSH offers a secure method for remote login. By providing encryption and strong authentication, it protects devices against attacks such as IP spoofing and plain text password interception. You can use an SSH client to log in to the device operating as an SSH server for remote management, as shown in Figure 17. You can also use the device as an SSH client to log in to an SSH server.
Step Command Remarks 3. Enable SSH server. ssh server enable By default, SSH server is disabled. 4. Enter one or multiple VTY user interface views. user-interface vty first-number [ last-number ] N/A 5. Enable scheme authentication. authentication-mode scheme By default, password authentication is enabled on VTY user interfaces. 6. Enable the user interfaces to support Telnet, SSH, or both of them. protocol inbound { all | ssh } Optional. By default, both Telnet and SSH are supported.
Step Command Remarks a. Enter the ISP domain view: domain domain-name b. Apply the specified AAA scheme to the domain: authentication default { hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none | radius-scheme radius-scheme-name [ local ] } 10. Apply an AAA authentication scheme to the intended domain. c. Exit to system view: quit Optional. For local authentication, configure local user accounts.
Task Command Remarks Log in to an IPv6 SSH server. ssh2 ipv6 server The server argument represents the IPv6 address or host name of the server. To work with the SSH server, you might need to configure the SSH client. For information about configuring the SSH client, see Security Configuration Guide. Local login through the AUX port As shown in Figure 19, to perform local login through the AUX port, use the same cable and login procedures as console login.
Authentication mode Configuration tasks Reference Enable scheme authentication on the AUX user interface. Configure local or remote authentication settings. To configure local authentication: 18. Configure a local user and specify the password. 19. Configure the device to use local authentication. Scheme To configure remote authentication: 20. Configure the RADIUS or HWTACACS scheme on the device. "Configuring scheme authentication for AUX login." 21.
Configuring password authentication for AUX login Step Command Remarks 1. Enter system view. system-view N/A 2. Enter one or more AUX user interface views. user-interface aux first-number [ last-number ] N/A 3. Enable password authentication. authentication-mode password By default, password authentication is enabled but no password is configured. To access the device through the AUX port, you must configure a password for authentication. 4. Set a password.
• If the local authentication scheme is used, use the authorization-attribute level level command in local user view to set the user privilege level on the device. • If a RADIUS or HWTACACS authentication scheme is used, set the user privilege level on the RADIUS or HWTACACS server. To configure scheme authentication for AUX login: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter one or more AUX user interface views. user-interface aux first-number [ last-number ] N/A 3.
Step Command Remarks Optional. 7. Apply an AAA authentication scheme to the intended domain. a. Enter the ISP domain view: domain domain-name By default, local authentication is used. b. Apply the specified AAA scheme to the domain: authentication default { hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none | radius-scheme radius-scheme-name [ local ] } For local authentication, configure local user accounts. c.
Figure 22 Scheme authentication interface for AUX login Configuring common settings for AUX login (optional) Some common settings configured for an AUX user interface take effect immediately and can interrupt the login session. To save you the trouble of repeated re-logins, use a login method different from AUX login to log in to the device before you change AUX user interface settings.
Step 5. Specify the parity check mode. Command Remarks parity { even | mark | none | odd | space } The default setting is none, namely, no parity check. The default is 1. 6. Specify the number of stop bits. stopbits { 1 | 1.5 | 2 } Stop bits indicate the end of a character. The more the bits, the slower the transmission. By default, the number of data bits in each character is 8. The setting depends on the character coding type.
Step 15. Set the idle-timeout timer. Command Remarks idle-timeout minutes [ seconds ] The default idle-timeout is 10 minutes. The system automatically terminates the user's connection if there is no information interaction between the device and the user in timeout time. Setting idle-timeout to 0 disables the timer. 16. Enable Telnet redirect for the current user interface. redirect enable By default, the redirect function is disabled. 17. Specify a Telnet redirect listening port.
Parameter Default Parity None Stop bits 1 Data bits 8 Login procedure To log in through the AUX port: • Complete the authentication settings on the AUX user interface. By default, password authentication is enabled, but no password is set. To use password authentication, you must set a password for password authentication. • Make sure the configuration terminal has a terminal emulation program (for example, HyperTerminal in Windows XP).
Make sure the port settings are the same as the common AUX port settings on the device. If the default settings are used, see Table 17. On Windows Server 2003, add the HyperTerminal program first, and then log in to and manage the device as described in this document. On Windows Server 2008, Windows 7, Windows Vista, or some other operating system, obtain a third-party terminal control program first, and then follow the user guide or online help of that program to log in to the device.
Figure 26 Setting the properties of the serial port 5. Power on the device and press Enter at the prompt. Figure 27 CLI 6. At the default user view prompt , enter commands to configure the device or check the running status of the device. To get help, enter ?. Modem dial-in through the AUX port The administrator can use a pair of modems to remotely connect to the device through its AUX port over PSTN when the IP network connection is broken.
By default, you can log in to the device through modems without authentication and have user privilege level 0. To improve device security, configure AUX login authentication. The following are authentication modes available for modem dial-in through the AUX port: • None—Requires no authentication and is insecure. • Password—Requires a password for accessing the CLI. If your password was lost, log in to the device through the console port to view or modify the password.
4. Configure the following settings on the modem directly connected to the device: { AT&F—Restores the factory default. { ATS0=1—Configures auto-answer on first ring. { AT&D—Ignores data Terminal Ready signals. { AT&K0—Disables local flow control. { AT&R1—Ignores Data Flow Control signals { AT&S0—Forces DSR to remain on. { ATEQ1&W—Disables the modem from returning command responses and execution results, and saves configuration.
Figure 30 Configuring the dialing parameters 7. Dial the telephone number to establish a connection to the device. Figure 31 Dialing the number Character string CONNECT9600 is displayed on the terminal. 8. Press Enter as prompted.
Figure 32 Login page 9. At the default user view prompt , enter commands to configure the device or check the running status of the device. To get help, enter ?. IMPORTANT: Do not directly close the HyperTerminal. Doing so can cause some modems to stay in use, and your subsequent dial-in attempts will always fail. To disconnect the PC from the device, execute the ATH command in the HyperTerminal. If the command cannot be entered, type AT+ + + and then press Enter.
Figure 33 Dialing in to the device without any authentication Configuring password authentication for modem dial-in Step Command Remarks 1. Enter system view. system-view N/A 2. Enter one or more AUX user interface views. user-interface aux first-number [ last-number ] N/A 3. Enable password authentication. authentication-mode password By default, password authentication is enabled. 4. Set a password.
Figure 34 Password authentication interface for modem dial-in users Configuring scheme authentication for modem dial-in Follow these guidelines when you configure scheme authentication for AUX login: • To make the command authorization or command accounting function take effect, apply an HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the authorization server and other authorization parameters.
Step Command Remarks Optional. 4. Enable command authorization. By default, command authorization is disabled. The commands available for a user only depend on the user privilege level. command authorization If command authorization is enabled, a command is available only if the user has the commensurate user privilege level and is authorized to use the command by the AAA scheme. Optional. By default, command accounting is disabled. The accounting server does not record the commands executed by users.
Step 8. 9. Command Remarks Create a local user and enter local user view. local-user user-name By default, no local user exists. Set a password for the local user. password [ [ hash ] { cipher | simple } password ] By default, no password is set. Optional. 10. Specify the command level of the local user. authorization-attribute level level 11. Specify terminal service for the local user. service-type terminal By default, no service type is specified. 12.
IMPORTANT: To avoid packet loss, make sure the speed of the AUX port is slower than the transmission rate of the modem. You can connect a device (Device B) to the AUX port of the current device (Device A), and configure the current device to redirect a Telnet login user to that device. If the redirect enable and redirect listen-port port-number commands are configured, a user can use the telnet DeviceA-IP-address port-number command to log in to Device B.
Step Command Remarks flow-control { hardware | none | software } 11. Configure the flow control mode. flow-control hardware flow-control-type1 [ software flow-control-type2 ] The default flow control mode is hardware. flow-control software flow-control-type1 [ hardware flow-control-type2 ] By default, the terminal display type is ANSI. The device supports two terminal display types: ANSI and VT100. HP recommends that you set the display type to VT100 on both the device and the configuration terminal.
Step Command Remarks 21. Specify a Telnet redirect listening port. redirect listen-port port-number The default port number is the absolute user interface number plus 2000. 22. Disable Telnet option negotiation during redirecting a Telnet connection. redirect refuse-negotiation By default, Telnet option negotiation is enabled. redirect refuse-teltransfer By default, the user interface converts the ASCII characters 0xff to 0xff 0xff when redirecting a Telnet connection.
Task Command Remarks Display the configuration of the device when it serves as a Telnet client. display telnet client configuration [ | { begin | exclude | include } regular-expression ] Available in any view. Available in user view. Release a user interface. free user-interface { num1 | { aux | console | vty } num2 } Multiple users can log in to the device to simultaneously configure the device. When necessary, you can execute this command to release some connections.
Logging in through SNMP You can run SNMP on an NMS to access the router MIB and perform GET and SET operations to manage and monitor the router. The router supports SNMPv1, SNMPv2c, and SNMPv3, and can work with various network management software products, including IMC. For more information about SNMP, see Network Management and Monitoring Configuration Guide. By default, SNMP access is disabled. To enable SNMP access, log in to the router through any other method.
Step Command Remarks Optional. 2. 3. 4. By default, the SNMP agent is disabled. Enable the SNMP agent. snmp-agent Configure an SNMP group and specify its access right. snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * By default, no SNMP group is configured. Add a user to the SNMP group.
Step Command Remarks • (Method 1) Specify the SNMP NMS access right directly by configuring an SNMP community: snmp-agent community { read | write } community-name [ mib-view view-name ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * • (Method 2) Configure an SNMP group 4. Configure the SNMP access right. and add a user to the SNMP group: a.
2. Configure the NMS: Make sure the NMS has the same SNMP settings, including the username as the router. If not, the router cannot be discovered or managed by the NMS. 3. Use the network management station to discover, query, and configure the router. For more information, see the NMS manual.
Controlling user logins To harden device security, use ACLs to prevent unauthorized logins. For more information about ACLs, see ACL and QoS Configuration Guide. Controlling Telnet logins Use a basic ACL (2000 to 2999) to filter Telnet traffic by source IP address. Use an advanced ACL (3000 to 3999) to filter Telnet traffic by source and/or destination IP address. Use an Ethernet frame header ACL (4000 to 4999) to filter Telnet traffic by source MAC address.
Configuring source/destination IP-based Telnet login control Step Command Remarks 1. Enter system view. system-view N/A 2. Create an advanced ACL and enter its view, or enter the view of an existing advanced ACL. acl [ ipv6 ] number acl-number [ name name ] [ match-order { config | auto } ] By default, no advanced ACL exists. 3. Configure an ACL rule. rule [ rule-id ] { permit | deny } rule-string N/A 4. Exit advanced ACL view. quit N/A 5. Enter user interface view.
Telnet login control configuration example Network requirements Configure the router in Figure 38 to permit only incoming Telnet packets sourced from Host A and Host B. Figure 38 Network diagram Host A 10.110.100.46 IP network Router Host B 10.110.100.52 Configuration procedure # Configure basic ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit packets sourced from Host A.
Step Command Remarks Create a basic ACL and enter its view, or enter the view of an existing basic ACL. acl [ ipv6 ] number acl-number [ name name ] [ match-order { config | auto } ] By default, no basic ACL exists. 3. Configure an ACL rule. rule [ rule-id ] { deny | permit } [ counting | fragment | logging | source { sour-addr sour-wildcard | any } | time-range time-range-name | vpn-instance vpn-instance-name ] * N/A 4. Exit the basic ACL view. quit N/A 2.
Figure 39 Network diagram Host A 10.110.100.46 IP network Router Host B 10.110.100.52 Configuration procedure # Create ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit packets sourced from Host A. system-view [Router] acl number 2000 match-order config [Router-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Router-acl-basic-2000] rule 2 permit source 10.110.100.
Configuring FTP File Transfer Protocol (FTP) is an application layer protocol based on the client/server model. It is used to transfer files from one host to another over a TCP/IP network. FTP server uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959. FTP supports the following transfer modes: • Binary mode—Used to transfer image files, such as.bin and .btm files. • ASCII mode—Used to transfer text files, such as .txt, .bat, and .
Establishing an FTP connection Before you can access the FTP server, use the ftp command in user view or use the open command in FTP client view to establish a connection to the FTP server. You can use the ftp client source command to specify a source IP address or source interface for the FTP packets sent by the device. If a source interface (typically, a loopback interface) is specified, its primary IP address is used as the source IP address for the FTP packets sent by the device.
Managing directories on the FTP server After the device establishes a connection to an FTP server, you can create or delete folders in the authorized directory on the FTP server. To manage the directories on the FTP server: Task Command Display detailed information about a directory or file on the FTP server. dir [ remotefile [ localfile ] ] Query a directory or file on the FTP server. ls [ remotefile [ localfile ] ] Change the working directory on the FTP server. cd { directory | ..
Task Command Remarks Set the FTP operation mode to passive. passive By default, passive mode is used. Display the local working directory of the FTP client. lcd N/A Upload a file to the FTP server. put localfile [ remotefile ] N/A Download a file from the FTP server.
FTP client configuration example (6602/HSR6602) Network requirements As shown in Figure 41, the router acts as the FTP client and the PC acts as the FTP server. The router and the PC can reach each other. An account with the username abc and password abc is already configured on the FTP server. Log in to the FTP server from the FTP client, download the system software image file newest.bin from the PC to the router, and upload the configuration file config.cfg from the router to the PC for backup.
FTP: 3494 byte(s) sent in 5.646 second(s), 618.00 byte(s)/sec. [ftp] bye 221 Server closing. # Specify newest.bin as the main system software image file for the next startup. boot-loader file newest.bin main IMPORTANT: The system software image file used for the next startup must be saved in the root directory of the storage medium. # Reboot the device, and the system software image file is updated at the system reboot.
# Download the system software image file newest.bin from the PC to the router: • Download the file newest.bin from the PC to the root directory of the active MPU's storage medium. [ftp] get newest.bin 227 Entering Passive Mode (10,1,1,1,10,68). 125 BINARY mode data connection already open, transfer starting for /newest.bin. 226 Transfer complete. FTP: 23951480 byte(s) received in 95.399 second(s), 251.00K byte(s)/sec. • Download the file newest.
• Configure a user account (including the username, password, and authorization) on the device or a remote authentication server for an FTP user. This task is required because the device does not support anonymous FTP for security reasons. By default, authenticated users can access the root directory of the device. • The FTP user provides the correct username and password.
Configuring authentication and authorization Perform this task on the FTP server to authenticate FTP clients and specify the directories that authenticated clients can access. The following authentication modes are available: • Local authentication—The device looks up the client's username and password in the local user account database. If a match is found, authentication succeeds.
Figure 43 Network diagram Configuration procedure 1. Configure the router (FTP server): # Create a local user account abc, set its password to abc and the user privilege level to level 3 (the manage level), specify the root directory of the storage medium as the authorized directory, and specify the service type as FTP.
150 Opening ASCII mode data connection for /newest.bin. 226 Transfer complete. ftp> bye 221 Server closing. c:\> This FTP procedure also applies to upgrading configuration files. NOTE: After you finish transferring the Boot ROM image through FTP, execute the bootrom update command to upgrade Boot ROM. 3. Upgrade the router: # Specify newest.bin as the main system software image file for the next startup. boot-loader file newest.
[Router-luser-abc] service-type ftp [Router-luser-abc] quit To access the CF card root directory of the standby MPU in slot 1, replace cfa0:/ in the command authorization-attribute work-directory cfa0:/ with slot1#cfa0:/. # Enable the FTP server. [Router] ftp server enable [Router] quit # Examine the storage space for space insufficiency and delete unused files for more free space.
copy newest.bin slot1#cfa0:/ # Specify newest.bin as the main system software image file for the next startup: { Specify newest.bin as the main system software image file for the next startup of the active MPU. boot-loader file newest.bin slot 0 main This command will set the boot file of the specified board. Continue? [Y/N]:y The specified file will be used as the main boot file at the next reboot on slot 0! { Specify newest.
Configuring TFTP Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for connection establishment and data receiving and transmitting. In contrast to TCP-based FTP, TFTP requires no authentication or complex message exchanges, and is easier to deploy. TFTP supports the following transfer modes: • Binary mode—Used to transfer image files, such as .bin and .btm files. • ASCII mode—Used to transfer text files, such as .
You can use the tftp client source command to specify a source IP address or source interface for the TFTP packets sent by the router. If a source interface (typically, a loopback interface) is specified, its primary IP address is used as the source IP address for the TFTP packets. The source interface and source IP address settings overwrite each other. The tftp client source command setting applies to all TFTP sessions.
TFTP client configuration example (6602/HSR6602) Network requirements Configure the PC in Figure 46 as a TFTP server, and use TFTP to download the system software image file newest.bin from the PC to the router and upload the configuration file config.cfg from the router to the PC for backup. Figure 46 Network diagram Configuration procedure This configuration procedure assumes that the PC and the router can reach each other. 1. 2. Configure the PC (TFTP server): { Enable the TFTP server.
TFTP client configuration example (6604/6608/6616) Network requirements Configure the PC in Figure 47 as a TFTP server, and use TFTP to download the system software image file newest.bin from the PC to the router and upload the configuration file config.cfg from the router to the PC for backup. Figure 47 Network diagram Configuration procedure This configuration procedure assumes that the PC and the router can reach each other. 1. 2. Configure the PC (TFTP server): { Enable the TFTP server.
The specified file will be used as the main boot file at the next reboot on slot 1! IMPORTANT: The system software image file used for the next startup must be saved in the root directory of the storage medium. # Reboot the router and the software is upgraded.
Managing the file system Overview This chapter describes how to manage the device's file system, including the storage media, directories, and files. Storage medium naming rules Only HSR6602 routers support the NAND Flash memory. The names of the storage media follow these rules: • If a storage medium is the only storage medium of its type on the device, it is named by its type. For example, if the device has only one Flash, the name of the Flash is flash.
Format Description Length Example 1 to 135 characters flash:/test/a.cfg indicates a file named a.cfg in the test folder in the root directory of the Flash memory. Specifies a file in a specific storage medium on the device. drive:/[path]/filename The drive argument represents the storage medium name, typically flash or cf. If the device has only one storage medium, you do not need to specify the storage medium. If the device has multiple storage media, you must provide the storage medium name.
Managing files CAUTION: To avoid file system corruption, do not plug in or unplug storage media or perform active/standby switchover while the system is processing a file operation. You can display directory and file information; display file contents; rename, copy, move, remove, restore, and delete files. The copy operation enables you to create a file. You can also create a file by performing the download operation or using the save command. Displaying file information Perform this task in user view.
Moving a file Perform this task in user view. Task Command Move a file. move fileurl-source fileurl-dest Deleting/restoring a file You can delete a file permanently or move it to the recycle bin. A file moved to the recycle bin can be restored, but a permanently deleted file cannot. A file in the recycle bin occupies storage space. To release the occupied space, execute the reset recycle-bin command in the directory that holds the file.
Managing directories You can create or remove a directory, display or change the current working directory, and display a specific directory. Displaying directory information Perform this task in user view. Task Command Display directory or file information. dir [ /all ] [ file-url | /all-filesystems ] Displaying the current working directory Perform this task in user view. Task Command Display the current working directory. pwd Changing the current working directory Perform this task in user view.
Task Command Remove a directory. rmdir directory Managing storage media Storage media management includes space assignment, storage medium mounting, and storage medium unmounting. Managing storage medium space CAUTION: After a storage medium is formatted, all files on it are erased and cannot be restored. If a startup configuration file exists on the storage medium, formatting the storage medium results in loss of the startup configuration file.
Configuration procedure Perform one of the following tasks in user view as appropriate: Task Command Remarks Mount a storage medium. mount device By default, a storage medium is automatically mounted and in mounted state when connected to the system. Unmount a storage medium. umount device By default, a storage medium is automatically mounted and in mounted state when connected to the system. Displaying and maintaining the NAND Flash memory Only HSR6602 routers support the NAND Flash memory.
every command in the batch file. If a command has error settings or the conditions for executing the command are not met, the system skips this command. You can edit a batch file on your PC, and then upload or download it to the device. If the extension of the file is not .bat, use the rename command to change it to .bat. To execute a batch file: Step Command 1. Enter system view. system-view 2. Execute a batch file.
# Create new folder mytest in the logfile directory. cd logfile mkdir mytest %Created dir cfa0:/logfile/mytest. # Display the current working directory. pwd cfa0:/logfile # Display the files and the subdirectories in the logfile directory. dir Directory of cfa0:/logfile/ 0 -rw- 1250094 Jul 01 2007 16:09:50 logfile.log 1 drw- - Jan 12 2030 00:35:20 mytest 506336 KB total (461296 KB free) File system type of cfa0: FAT16 # Return to the upper directory.
Managing configuration files You can manage configuration files at the CLI or by using the Boot menu of the device. This chapter explains how to manage configuration files from the CLI. Overview A configuration file saves configurations as a set of text commands. You can save the running configuration to a configuration file so the configuration takes effect after you reboot the device. You can also back up the configuration file on to a host and download the file to the device as needed.
Configuration file content organization and format IMPORTANT: To run on the device, a configuration file must meet the content and format requirements of the device. To ensure a successful configuration load at startup, use a configuration file created on the device at startup. If you edit the configuration file, make sure all edits are compliant with the requirements of the device. A configuration file is saved as a text file according to the following rules: • Commands are saved in their complete form.
FIPS compliance The router supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. Saving the running configuration To make configuration changes take effect at the next startup, save the running configuration to the startup configuration file to be used at the next startup before the device reboots.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enable configuration auto-update. slave auto-update config By default, this function is enabled. Saving configuration by using different methods When saving the running configuration to a configuration file, you can specify the file as a next-startup configuration file.
6604/6608/6616 router To save the running configuration, perform either of the following tasks in any view: Task Command Remarks Save the running configuration to a configuration file without specifying the file as a startup configuration file for the next startup. save file-url [ all | slot slot-number ] The save file-url [ slot slot-number ] command saves the configuration only to the specified path, regardless of whether the configuration auto-update function has been enabled.
To ensure a successful backup, verify that the router has enough space for the backup configuration file and the new next-startup configuration file. To load the backup configuration file after a software downgrade, specify the backup file as the next-startup configuration file. 6604/6608/6616 The file overwrite and backup operations are performed on both active MPU and standby MPU, regardless of whether configuration auto-update is enabled.
Task Remarks Rolling back configuration Required. Configuring configuration archive parameters Before archiving the running configuration, either manually or automatically, you must configure a file directory and file name prefix for configuration archives. Configuration archives are saved with the file name format prefix_serial number.cfg, for example, 20080620archive_1.cfg and 20080620archive_2.cfg. The serial number is automatically assigned from 1 to 1000, increasing by 1.
Step Command Remarks Optional. Set the maximum number of configuration archives. 4. archive configuration max file-number The default number is 5. Change the setting depending on the amount of available storage space. Enabling automatic configuration archiving To ensure system performance, follow these guidelines when you configure automatic configuration archiving: • If the device configuration does not change frequently, manually archive the running configuration as needed.
• On the 6604/6608/6616 router, do not remove or install a card while the system is executing the configuration replace file command. • Make sure the replacement configuration file is created by using the configuration archive function or the save command on the current device. • If the configuration file is not created on the current device, make sure the configuration file content format is fully compatible with the current device. • The replacement configuration file is not encrypted.
• The server is reachable and enabled with TFTP service. • You have read and write permissions. This task backs up only the main next-startup configuration file. To back up the main next-startup configuration file to a TFTP server: Step 1. 2. Command Remarks Optional. Verify that a next-startup configuration file has been specified in user view. display startup If no next-startup configuration file has been specified, the backup operation will fail.
Deleting the next-startup configuration file CAUTION: • On the 6602/HSR6602 router, this task permanently deletes the next-startup configuration file from the device. Before performing this task, back up the file as needed. • On the 6604/6608/6616 router, this task permanently deletes the next-startup configuration file from each MPU. Before performing this task, back up the file as needed. You can delete the main, the backup, or both.
Upgrading software You can use the CLI or Boot menu to upgrade software. This chapter only describes upgrading software from the CLI. Upgrading software includes upgrading the BootWare (called "bootrom" in the CLI) and system software. Each time the device is powered on, it runs the BootWare image to initialize hardware and display hardware information, and then runs the system software image (called the "boot file" in software code) so you can access the software features, as shown in Figure 48.
Upgrading method Software types Remarks Upgrading system software System software image (excluding patches) This method is disruptive. You must reboot the device to complete the upgrade. System software image Hotfixes (called "patches" in this document) repair software defects without requiring a reboot or service disruption. Installing hotfixes Hotfixes do not add new features to system software images.
Step Command Remarks See "Configuring FTP" or "Configuring TFTP." The image file must be saved in the storage medium's root directory for a successful upgrade. Copy the system software image to the root directory of a storage medium on the standby MPU. copy fileurl-source fileurl-dest You can assign different names to the image files for the active MPU and the standby MPU, but you must make sure the image versions are the same. 3.
Basic concepts This section describes the basic patch concepts. Patch, patch file, and patch package file A patch fixes certain software defects. A patch file contains one or more patches. After being loaded from a storage medium to the patch memory area, each patch is assigned a unique number, which starts from 1. For example, if a patch file has three patches, they are numbered 1, 2, and 3. A patch package file contains patch files for multiple features or cards.
Figure 49 Impact of patch manipulation commands on patch state IDLE state Patches that have not been loaded are in IDLE state. You cannot install or run these patches. As shown in Figure 50, the patch memory area can load up to eight patches. The patch memory area supports up to 200 patches. Figure 50 Patches that are not loaded to the patch memory area DEACTIVE state Patches in DEACTIVE state have been loaded to the patch memory area but have not yet run in the system.
Figure 51 Patch states in the patch memory area after a patch file is loaded ACTIVE state Patches in ACTIVE state run temporarily in the system and become DEACTIVE after system reboot. For the seven patches in Figure 51, if you activate the first five patches, their states change from DEACTIVE to ACTIVE. The patch states in the system are as shown in Figure 52. The patches that are in ACTIVE state change to the DEACTIVE state after a system reboot.
Figure 53 Patches in RUNNING state Patch installation task list Task Remarks IMPORTANT: Installing patches: • Installing and running patches in one If patches are released in a package, you must use the one-step installation method. • Installing patches step by step If patches are released in separate patch files, you can use either method. One-step installation is fast and easy to use. In contrast, step-by-step patch installation allows you to control the patch status.
Installing and running patches in one step To install and run patches in one step, use the patch install command. This command changes the state of installed patches from IDLE to ACTIVE or RUNNING, depending on your choice. When executing the patch install command, you must choose to run installed patches or disable running them after a reboot. If you choose to have installed patches continue to run after a reboot, the installed patches are set in RUNNING state and remain in this state after a reboot.
Installing patches step by step Step-by-step installation method applies only to patch files. In contrast to the one-step patch installation method, step-by-step patch installation enables you to control patch status during the patch installation process. Step-by-step patch installation task list Task Remarks Configuring the patch loading location Optional. Loading patches Required. Activating patches Required. Confirming ACTIVE patches Optional.
To load patches: Step Command 1. Enter system view. 2. Load a patch file from the patch loading location to the patch memory area. system-view • 6602: patch load [ file patch-package ] • HSR6602 /6604/6608/6616: patch load slot slot-number [ file patch-package ] Activating patches Activating a patch changes its state to ACTIVE. An ACTIVE patch runs in memory until a reboot occurs. To have a patch continue to run after a reboot, you must change its state to RUNNING. To activate patches: Step 1.
Step 1. Command Enter system view. system-view • 6602: 2. Stop running patches. patch deactive [ patch-number ] • HSR6602/6604/6608/6616: patch deactive [ patch-number ] slot slot-number Removing patches from the patch memory area After being removed from the patch memory area, a patch is still retained in IDLE state in the storage medium. The system runs the way it did before it was installed with the patch. To remove patches from the patch memory area: Step Command 1. Enter system view. 2.
Figure 54 Network diagram FTP Server 2.2.2.2/24 Internet Telnet FTP Client User Router 1.1.1.1/24 Configuration procedure 1. Configure the FTP server (the configuration varies with server vendors): # Set the access parameters for the FTP client (including enabling the FTP server function, setting the FTP username to aaa and password to hello, and assign the FTP user the right to access the flash:/aaa directory).
[ftp] bye # Specify new-config.cfg as the main next-startup configuration file. startup saved-configuration new-config.cfg main Please wait... ... Done! # Specify soft-version2.bin as the main startup system software image. boot-loader file soft-version2.bin main # Reboot the router to complete the upgrade. reboot 3. Use the display version command to verify the upgrade. (Details not shown.
Press CTRL+K to abort Connected to 2.2.2.2. 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user User(2.2.2.2:(none)):aaa 331 Give me your password, please Password: 230 Logged in successfully [ftp] # Download soft-version2.bin from the FTP server to the CF card of the router. [ftp] binary [ftp] get soft-version2.bin [ftp] bye # Specify soft-version2.bin as the main startup system software image on the active MPU. In this example, the active MPU is in slot 0.
# Download patch_package.bin from the TFTP server to the root directory of the router's storage media. tftp 2.2.2.2 get patch_package.bin # Install the patches. system-view [Router] patch install file patch_package.bin Patches will be installed. Continue? [Y/N]:y Do you want to continue running patches after reboot? [Y/N]:y Installing patches........ Installation completed, and patches will continue to run after reboot.
Do you want to continue running patches after reboot? [Y/N]:y Installing patches........ Installation completed, and patches will continue to run after reboot.
Managing the device Overview Device management includes monitoring the operating status of devices and configuring their running parameters. The configuration tasks in this document are order independent. You can perform these tasks in any order. Configuring the device name A device name identifies a device in a network and works as the user view prompt at the CLI. For example, if the device name is Sysname, the user view prompt is . To configure the device name: Step Command Remarks N/A 1.
Command Effective system time Configuration example System time 2 Original system time ± zone-offset clock timezone zone-time add 1 02:00:00 zone-time Sat 01/01/2005 1, 2 2, 1 date-time ± zone-offset clock datetime 2:00 2007/2/2 clock timezone zone-time add 1 clock timezone zone-time add 1 date-time clock datetime 3:00 2007/3/3 The original system time outside the daylight saving time range: The system time does not change until it falls into the daylight saving time range.
Command 3, 1 (date-time in the daylight saving time range) Effective system time Configuration example System time date-time – summer-offset outside the daylight saving time range: clock summer-time ss one-off 1:00 2007/1/1 1:00 2007/8/8 2 23:30:00 UTC Sun 12/31/2006 date-time – summer-offset clock datetime 1:30 2007/1/1 date-time – summer-offset in the daylight saving time range: clock summer-time ss one-off 1:00 2007/1/1 1:00 2007/8/8 2 date-time clock datetime 3:00 2007/1/1 Original system
Command Effective system time Configuration example date-time in the daylight saving time range, but date-time – summer-offset outside the summer-time range: clock timezone zone-time add 1 date-time – summer-offset clock datetime 1:30 2008/1/1 Both date-time and date-time – summer-offset in the daylight saving time range: date-time clock summer-time ss one-off 1:00 2008/1/1 1:00 2008/8/8 2 System time 23:30:00 zone-time Mon 12/31/2007 clock timezone zone-time add 1 clock summer-time ss one-off 1:
To enable displaying the copyright statement: Step Command Remarks N/A 1. Enter system view. system-view 2. Enable displaying the copyright statement. copyright-info enable Optional. Enabled by default. Configuring banners Banners are messages that the system displays during user login. The system supports the following banners: • Legal banner—Appears after the copyright or license statement. To continue login, the user must enter Y or press Enter. To quit the process, the user must enter N.
line with a delimiter that is the same as the start delimiter. For example, you can configure the banner "Have a nice day. Please input the password." as follows: system-view [System] header shell A Please input banner content, and quit with the character 'A'. Have a nice day. Please input the password.A { Method 3—After you type the last keyword, type the start delimiter and part of the banner and press Enter.
Disabling password recovery capability Password recovery capability controls console user access to the device configuration and SDRAM from BootWare menus. If password recovery capability is enabled, a console user can access the device configuration without authentication to reconfigure new passwords. If password recovery capability is disabled, a console user must restore the factory-default configuration before configuring new passwords.
Rebooting the device CAUTION: • Device reboot can interrupt network services. • To avoid data loss, use the save command to save the current configuration before a reboot. • Use the display startup and display boot-loader commands to verify that you have correctly set the startup configuration file and the main system software image file. If the main system software image file has been corrupted or does not exist, the device cannot reboot.
To schedule a reboot for an 6602, execute one of the following commands in user view: Task Schedule a reboot. Command Remarks • Schedule a reboot to occur at a specific time Use either command. and date: schedule reboot at hh:mm [ date ] • Schedule a reboot to occur after a delay: schedule reboot delay { hh:mm | mm } The scheduled reboot function is disabled by default. Changing any clock setting can cancel the reboot schedule.
Comparison item Scheduling a job using the non-modular method Scheduling a job using the modular method Supported views User view and system view. In the schedule job command, shell represents user view, and system represents system view. All views. In the time command, monitor represents user view. Supported commands Commands in user view and system view. Commands in all views. Can a job be executed multiple times? No. Yes. Can a job be saved? No. Yes.
Task Schedule a job. Command Remarks • Schedule a job to run a command at a specific Use either command. time: schedule job at time [ date ] view view-name command • Schedule a job to run a command after a delay: schedule job delay time view view-name command If you execute the schedule job command multiple times, the most recent configuration takes effect. Changing any clock setting can cancel the job set by using the schedule job command.
Figure 58 Network diagram Configuration procedure # Enter system view. system-view # Create a job named pc1, and enter its view. [Sysname] job pc1 # Configure the job to be executed in the view of GigabitEthernet 3/0/1. [Sysname-job-pc1] view gigabitethernet 3/0/1 # Configure the device to enable GigabitEthernet 3/0/1 at 8:00 on working days every week.
# Configure the device to shut down GigabitEthernet 3/0/3 at 18:00 on working days every week. [Sysname-job-pc3] time 2 repeating at 18:00 week-day mon tue wed thu fri command shutdown [Sysname-job-pc3] quit # Display information about scheduled jobs.
Feature 6602 HSR6602 6604/6608/6616 Specifying a poweron priority for a card No. No. Yes on 6604 and 6608 routers that use RSE-X1, MCP-X1, or MCP-X2 MPUs and 6616 routers. 6600 and HSR6600 routers support both AC power supplies and DC power supplies. However, one 6600/HSR6600 router can use only one type of power supplies. The power supplies are hot-swappable. On an 6600/HSR6600, you can specify different poweron priorities for cards.
• CPOS 155 Mbps (E1/T1)—Supports E1 mode and T1 mode. When this interface card operates in E1 mode, its interfaces can receive, send, and process E1 data flows, provide CE1 access, and implement ISDN PRI functions. When this interface card operates in T1 mode, its interfaces can receive, send, and process T1 data flows, provide CT1 access, and implement ISDN PRI functions. • CPOS 155 Mbps (E3/T3)—Supports E3/T3/POS switch.
To avoid index depletion causing interface creation failures, you can clear all 16-bit indexes that have been assigned but not in use. The operation does not affect the interface indexes of the interfaces that have been created but the indexes assigned to re-recreated interfaces might change. A confirmation is required when you execute this command. The command will not run if you fail to make a confirmation within 30 seconds or enter N to cancel the operation.
Step Command Remarks N/A 1. Display alarms present on transceiver modules. display transceiver alarm { controller [ controller-type controller-number ] | interface [ interface-type interface-number ] } [ | { begin | exclude | include } regular-expression ] 2. Display the current values of the digital diagnosis parameters for transceiver modules.
• Standard-A connector—Connects USB devices directly to a host or to the downstream port of a hub. • Standard-B connector—Allows device vendors to provide a standard detachable cable to implement the switch-over between the two types of connectors. Both types of connectors provide plugs and receptacles: • Use an A-type receptacle with an A-type plug. An A-type receptacle is usually on a host or a hub and functions as the output of the host system or hub system.
Figure 62 Windows operating system with the USB mass storage medium mounted The router does not provide the USB mass storage medium driver for the host end. You must install a Windows operating system that supports the USB mass storage medium driver on the host. HP recommends that you use Windows XP. The file system of the router and the Windows operating system on the host cannot operate the internal CF card at the same time. Otherwise, an exception might occur.
Step Command Remarks • On an 6602: 2. Enable the USB device port. usb device-port enable type storage • On an 6604, 6608, or 6616: Disabled by default. usb device-port enable type storage slot slotnumber Unmounting the USB device To ensure the safety of the USB device and data, you must unmount the USB device by using the Windows Safely Remove Hardware feature before disconnecting the router from the host. To disconnect the router from the host, follow the following steps: 1.
2. Click OK in the Stop a Hardware device window. If Windows prompts that the process cannot be stopped, verify whether there is still data being transmitted. If yes, wait for the completion of data transmission or stop the data transmission, and then repeat Step 1 and Step 2. 3. Remove the USB cable after the system notifies you that it is safe to remove the device and the LED of the USB device port turns off. Disabling all USB interfaces You can disable all USB interfaces on the router.
• Task Command Remarks Display the electronic label data for the device. display device manuinfo [ slot slot-number ] [ | { begin | exclude | include } regular-expression ] Available in any view. Display or save running status data for multiple feature modules. display diagnostic-information [ | { begin | exclude | include } regular-expression ] Available in any view. Display device temperature information.
Task Command Remarks Display the software and hardware copyright statements. display copyright [ | { begin | exclude | include } regular-expression ] Available in any view. display cpu-usage [ slot slot-number [ cpu cpu-number ] ] [ | { begin | exclude | include } regular-expression ] Display CPU usage statistics. display cpu-usage entry-number [ offset ] [ verbose ] [ slot slot-number ] [ cpu cpu-number ] [ from-device ] [ | { begin | exclude | include } regular-expression ] Available in any view.
Task Command Remarks Display the configuration of the job configured by using the schedule job command. display schedule job [ | { begin | exclude | include } regular-expression ] Available in any view. Display the reboot schedule. display schedule reboot [ | { begin | exclude | include } regular-expression ] Available in any view. Display the exception handling method. display system-failure [ | { begin | exclude | include } regular-expression ] Available in any view.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index ABCDEFILMNOPRSTUV Enabling the USB device port,145 A Entering a command,5 Accessing the CLI online help,4 F B File system management examples,100 Backing up the next-startup configuration file to a TFTP server,110 FIPS compliance,23 FIPS compliance,113 C FIPS compliance,104 Changing the system time,129 FIPS compliance,75 Clearing unused 16-bit interface indexes,143 FIPS compliance,88 CLI user interfaces,22 FIPS compliance,66 CLI views,2 I Command conventions,1 Installing hotfixes,1
Rebooting the device,136 T Related information,153 TFTP client configuration example (6602/HSR6602),90 Restoring the next-startup configuration file from a TFTP server,111 S TFTP client configuration example (6604/6608/6616),91 Saving the running configuration,19 U Saving the running configuration,104 Understanding command-line error messages,8 Scheduling jobs,137 Unmounting a hot-swappable card or subcard,141 Setting the file system operation mode,100 Upgrading the system software,114 Setting
