HP HSR6800 Routers Fundamentals Configuration Guide Part number: 5998-4486 Software version: HSR6800-CMW520-R3303P05 Document version: 6PW105-20140507
Legal and notice information © Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Using the CLI ································································································································································ 1 Command conventions ····················································································································································· 1 Using the undo form of a command ·························································································································
Configuring the SSH server on the device ·········································································································· 40 Using the device to log in to an SSH server ······································································································· 42 Local login through the AUX port ································································································································· 43 Configuring none authentication for AUX logi
Prerequisites ···································································································································································· 90 Using the router as a TFTP client ·································································································································· 90 Displaying and maintaining the TFTP client ················································································································ 91 TFT
Basic concepts ····················································································································································· 114 Patch states··························································································································································· 114 Patch installation task list ···································································································································· 117 Insta
Index ········································································································································································ 151 v
Using the CLI At the command-line interface (CLI), you can enter text commands to configure, manage, and monitor your device. Figure 1 CLI example You can log in to the CLI in a variety of ways. For example, you can log in through the console port, or using Telnet or SSH. For more information about login methods, see "Logging in to the CLI." Command conventions Command conventions help you understand the syntax of commands. Commands in product manuals comply with the conventions listed in Table 1.
Convention Description &<1-n> The argument or keyword and argument combination before the ampersand (&) sign can be entered 1 to n times. # A line that starts with a pound (#) sign is comments. Command keywords are case insensitive. The following example analyzes the syntax of the clock datetime time date command according to Table 1.
Figure 3 CLI view hierarchy Entering system view from user view Task Command Enter system view from user view. system-view Returning to the upper-level view from any view Task Command Return to the upper-level view from any view. quit Executing the quit command in user view terminates your connection to the device. In public key code view, use the public-key-code end command to return to the upper-level view (public key view).
Accessing the CLI online help The CLI online help is context sensitive. You can enter a question mark at any prompt or in any position of a command to display all available options. To access the CLI online help, use one of the following methods: • Enter a question mark at a view prompt to display the first keyword of every command available in the view.
Entering a command When you enter a command, you can use keys or hotkeys to edit the command line, or use abbreviated keywords or keyword aliases. Editing a command line Use the keys listed in Table 2 or the hotkeys listed in Table 3 to edit a command line. Table 2 Command line editing keys Key Function Common keys If the edit buffer is not full, pressing a common key inserts the character at the position of the cursor and moves the cursor to the right.
Configuring and using command keyword aliases The command keyword alias function allows you to replace the first keyword of a non-undo command or the second keyword of an undo command with your preferred keyword when you execute the command. For example, if you configure show as the alias for the display keyword, you can enter show in place of display to execute a display command.
Step Command Remarks Optional. 3. display hotkey [ | { begin | exclude | include } regular-expression ] Display hotkeys. Available in any view. See Table 3 for hotkeys reserved by the system. The hotkeys in Table 3 are defined by the device. If a hotkey is also defined by the terminal software that you are using to interact with the device, the definition of the terminal software takes effect. Table 3 System-reserved hotkeys Hotkey Function Ctrl+A Moves the cursor to the beginning of a line.
output such as logs. If you have entered nothing, the system does not display the command-line prompt after the output. To enable redisplaying entered-but-not-submitted commands: Step 1. Enter system view. 2. Enable redisplaying entered-but-not-submitted commands. Command Remarks system-view N/A By default, this feature is disabled. info-center synchronous For more information about this command, see Network Management and Monitoring Command Reference.
By default, the command history buffer can save up to 10 commands for each user. To set the capacity of the command history buffer for the current user interface, use the history-command max-size command. Viewing history commands You can use arrow keys to access history commands in Windows 200x and Windows XP Terminal or Telnet. In Windows 9x HyperTerminal, the arrow keys are invalid, and you must use Ctrl+P and Ctrl+N instead.
Keys Function Enter Displays the next line. Ctrl+C Stops the display and cancels the command execution. Displays the previous page. Displays the next page. To display all output at one time and refresh the screen continuously until the last screen is displayed: Task Disable pausing between screens of output for the current session. Command Remarks screen-length disable The default for a session depends on the setting of the screen-length command in user interface view.
Character Meaning Examples * Matches the preceding character or character group zero or multiple times. "zo*" matches "z" and "zoo", and "(zo)*" matches "zo" and "zozo". + Matches the preceding character or character group one or multiple times "zo+" matches "zo" and "zoo", but not "z". | Matches the preceding or succeeding character string "def|int" only matches a character string containing "def" or "int". _ If it is at the beginning or the end of a regular expression, it equals ^ or $.
Character Meaning Examples \bcharacter2 Matches character1character2. character1 can be any character except number, letter or underline, and \b equals [^A-Za-z0-9_]. "\ba" matches "-a" with "-" being character1, and "a" being character2, but it does not match "2a" or "ba". \Bcharacter Matches a string containing character, and no space is allowed before character. "\Bt" matches "t" in "install", but not "t" in "big top". character1\w Matches character1character2.
Configuring user privilege and command levels To avoid unauthorized access, the device defines the user privilege levels and command levels in Table 7. User privilege levels correspond to command levels. A user logged in with a specific privilege level can use only the commands at that level or lower levels. Table 7 Command levels and user privilege levels Level 0 Privilege Default set of commands Visit Includes commands for network diagnosis and commands for accessing an external device.
Step Command Remarks 3. Specify the scheme authentication mode. authentication-mode scheme By default, the authentication mode for VTY and AUX users is password, and no authentication is needed for console login users. 4. Return to system view. quit N/A 5. Configure the authentication mode for SSH users as password. For more information, see Security Configuration Guide. This task is required only for SSH users who are required to provide their usernames and passwords for authentication.
Step 3. Enter user interface view. 4. Enable the scheme authentication mode. 5. Configure the user privilege level. Command Remarks user-interface { first-num1 [ last-num1 ] | vty first-num2 [ last-num2 ] } N/A authentication-mode scheme By default, the authentication mode for VTY and AUX users is password, and no authentication is needed for console users.
# Configure the device to perform no authentication for Telnet users, and to authorize authenticated Telnet users to use level-0 and level-1 commands. (Use no authentication mode only in a secure network environment.) system-view [Sysname] user-interface vty 0 4 [Sysname-ui-vty0-4] authentication-mode none [Sysname-ui-vty0-4] user privilege level 1 # Display the commands a Telnet user can use after login. Because the user privilege level is 1, a Telnet user can use more commands now.
To avoid problems, HP recommends that administrators log in with a lower privilege level to view switch operating parameters, and switch to a higher level temporarily when they must maintain the device. When administrators must leave for a while or ask someone else to manage the device temporarily, they can switch to a lower privilege level before they leave to restrict the operation by others.
Step Command Remarks If local authentication is involved, this step is required. By default, a privilege level has no password. 3. Configure the password for the user privilege level. super password [ level user-level ] [ hash ] { cipher | simple } password If no user privilege level is specified when you configure the command, the user privilege level defaults to 3. If you specify the simple keyword for the command, the password is saved in plain text in the configuration file.
User interface authentication mode User privilege level switching authentication mode Information required for the first authentication mode Information required for the second authentication mode scheme Username and password for the privilege level. N/A scheme local Username and password for the privilege level. Local user privilege level switching password. local Password configured for the privilege level on the device with the super password command.
Displaying and maintaining CLI Task Command Remarks Display the command keyword alias configuration. display command-alias [ | { begin | exclude | include } regular-expression ] Available in any view. Display data in the clipboard. display clipboard [ | { begin | exclude | include } regular-expression ] Available in any view.
Login overview This chapter describes the available login methods and their configuration procedures. Login methods at a glance You can access the device only through the console port at the first login. After login, you can configure other login methods on the device, such as Telnet and SSH for remote access.
CLI user interfaces The device uses user interfaces (also called "lines") to control CLI logins and monitor CLI sessions. You can configure access control settings, including authentication, user privilege, and login redirect on user interfaces. After users are logged in, their actions must be compliant with the settings on the user interfaces assigned to them. Users are assigned different user interfaces, depending on their login methods, as shown in Table 10.
Logging in to the CLI By default, the first time you access the CLI you must log in through the console port. At the CLI, you can configure Telnet, SSH, or modem dial-in (through the AUX port) for remote access. FIPS compliance The router supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.
Figure 5 through Figure 7 show the configuration procedure on Windows XP HyperTerminal. Make sure the port settings are the same as listed in Table 11. On Windows Server 2003, add the HyperTerminal program first, and then log in to and manage the device as described in this document. On Windows Server 2008, Windows 7, Windows Vista, or some other operating system, obtain a third-party terminal control program first, and then follow the user guide or online help to log in to the device.
Figure 7 Setting the properties of the serial port 5. Power on the device and press Enter at the prompt. Figure 8 CLI 6. At the default user view prompt , enter commands to configure the device or view the running status of the device. To get help, enter ?. Configuring console login control settings The following authentication modes are available for controlling console logins: • None—Requires no authentication. This mode is insecure. • Password—Requires password authentication.
By default, console login does not require authentication. Any user can log in through the console port without authentication and have user privilege level 3. To improve device security, configure the password or scheme authentication mode immediately after you log in to the device for the first time. Table 12 Configuration required for different console login authentication modes Authentication mode Configuration tasks Reference None Set the authentication mode to none for the console user interface.
Figure 9 Accessing the CLI through the console port without authentication Configuring password authentication for console login Step Command Remarks 1. Enter system view. system-view N/A 2. Enter console user interface view. user-interface console first-number [ last-number ] N/A 3. Enable password authentication. authentication-mode password By default, you can log in to the device through the console port without authentication and have user privilege level 3 after login. 4.
Figure 10 Password authentication interface for console login Configuring scheme authentication for console login Follow these guidelines when you configure scheme authentication for console login: • To make the command authorization or command accounting function take effect, apply an HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the authorization server and other authorization parameters.
Step Command Remarks Optional. 4. Enable command authorization. By default, command authorization is disabled. The commands available for a user only depend on the user privilege level. command authorization If command authorization is enabled, a command is available only if the user has the commensurate user privilege level and is authorized to use the command by the AAA scheme. Optional.
Step 9. Set an authentication password for the local user. Command Remarks password [ [ hash ] { cipher | simple } password ] By default, no password is set. Optional. 10. Specifies a command level of the local user. authorization-attribute level level 11. Specify terminal service for the local user. service-type terminal By default, no service type is specified. 12. Configure common settings for console login. See "Configuring common console user interface settings (optional)." Optional.
Step Command Remarks 3. Set the baud rate. speed speed-value By default, the baud rate is 9600 bps. 4. Specify the parity check mode. parity { even | mark | none | odd | space } The default setting is none, namely, no parity check. The default is 1. 5. Specify the number of stop bits. stopbits { 1 | 1.5 | 2 } Stop bits indicate the end of a character. The more the stop bits, the slower the transmission. The default is 8. The setting depends on the character coding type.
Step Command Remarks 13. Set the size of command history buffer. history-command max-size size-value By default, the buffer saves 10 history commands at most. 14. Set the idle-timeout timer. idle-timeout minutes [ seconds ] The default idle-timeout is 10 minutes. The system automatically terminates the user's connection if there is no information interaction between the device and the user within the idle-timeout time. Setting idle-timeout to 0 disables the idle-timeout function.
database was lost, log in to the device through the console port and configure a new password. If the username or password configured on a remote server was lost, contact the server administrator for help. Table 14 Configuration required for different Telnet login authentication modes Authentication mode Configuration tasks Reference None Set the authentication mode to none for the VTY user interface.
The next time you attempt to Telnet to the device, you do not need to provide any username or password, as shown in Figure 13. If the maximum number of login users has been reached, your login attempt fails and the message "All user interfaces are used, please try later!" appears. Figure 13 Telnetting to the device without authentication Configuring password authentication for Telnet login Step Command Remarks 1. Enter system view. system-view N/A 2. Enable Telnet server.
Figure 14 Password authentication interface for Telnet login Configuring scheme authentication for Telnet login Follow these guidelines when you configure scheme authentication for Telnet login: • To make the command authorization or command accounting function take effect, apply an HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the authorization server and other authorization parameters.
Step Command Remarks Optional. 5. Enable command authorization. command authorization By default, command authorization is disabled. The commands available for a user only depend on the user privilege level. If command authorization is enabled, a command is available only if the user has the commensurate user privilege level and is authorized to use the command by the AAA scheme. Optional. By default, command accounting is disabled. The accounting server does not record the commands executed by users.
Step Command Remarks 11. Specify the command level of the local user. authorization-attribute level level Optional. 12. Specify Telnet service for the local user. service-type telnet By default, no service type is specified. 13. Exit to system view. quit N/A 14. Configure common settings for VTY user interfaces. See "Configuring common VTY user interface settings (optional)." Optional. By default, the command level is 0.
Step Command Remarks Optional. 3. Enable the terminal service. shell By default, terminal service is enabled. Optional. 4. 5. Enable the user interfaces to support Telnet, SSH, or both of them. protocol inbound { all | ssh | telnet } Define a shortcut key for terminating tasks. escape-key { default | character } By default, both Telnet and SSH are supported. The configuration takes effect the next time you log in. Optional. By default, pressing Ctrl+C terminates a task. Optional.
Step Command Remarks Optional. By default, no automatically executed command is specified. 10. Specify a command to be automatically executed when a user logs in to the user interfaces. auto-execute command command The command auto-execute function is typically used for redirecting a Telnet user to a specific host. After executing the specified command and performing the incurred task, the system automatically disconnect the Telnet session.
Logging in through SSH SSH offers a secure method for remote login. By providing encryption and strong authentication, it protects devices against attacks such as IP spoofing and plain text password interception. You can use an SSH client to log in to the device operating as an SSH server for remote management, as shown in Figure 17. You can also use the device as an SSH client to log in to an SSH server.
Step Command Remarks 3. Enable SSH server. ssh server enable By default, SSH server is disabled. 4. Enter one or multiple VTY user interface views. user-interface vty first-number [ last-number ] N/A 5. Enable scheme authentication. authentication-mode scheme By default, password authentication is enabled on VTY user interfaces. 6. Enable the user interfaces to support Telnet, SSH, or both of them. protocol inbound { all | ssh } Optional. By default, both Telnet and SSH are supported.
Step Command Remarks a. Enter the ISP domain view: domain domain-name b. Apply the specified AAA scheme to the domain: authentication default { hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none | radius-scheme radius-scheme-name [ local ] } 10. Apply an AAA authentication scheme to the intended domain. c. Exit to system view: quit Optional. For local authentication, configure local user accounts.
Task Command Remarks Log in to an IPv6 SSH server. ssh2 ipv6 server The server argument represents the IPv6 address or host name of the server. To work with the SSH server, you might need to configure the SSH client. For information about configuring the SSH client, see Security Configuration Guide. Local login through the AUX port As shown in Figure 19, to perform local login through the AUX port, use the same cable and login procedures as console login.
Authentication mode Configuration tasks Reference Enable scheme authentication on the AUX user interface. Configure local or remote authentication settings. To configure local authentication: 18. Configure a local user and specify the password. 19. Configure the device to use local authentication. Scheme To configure remote authentication: 20. Configure the RADIUS or HWTACACS scheme on the device. "Configuring scheme authentication for AUX login." 21.
Configuring password authentication for AUX login Step Command Remarks 1. Enter system view. system-view N/A 2. Enter one or more AUX user interface views. user-interface aux first-number [ last-number ] N/A 3. Enable password authentication. authentication-mode password By default, password authentication is enabled but no password is configured. To access the device through the AUX port, you must configure a password for authentication. 4. Set a password.
• If the local authentication scheme is used, use the authorization-attribute level level command in local user view to set the user privilege level on the device. • If a RADIUS or HWTACACS authentication scheme is used, set the user privilege level on the RADIUS or HWTACACS server. To configure scheme authentication for AUX login: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter one or more AUX user interface views. user-interface aux first-number [ last-number ] N/A 3.
Step Command Remarks Optional. 7. Apply an AAA authentication scheme to the intended domain. a. Enter the ISP domain view: domain domain-name By default, local authentication is used. b. Apply the specified AAA scheme to the domain: authentication default { hwtacacs-scheme hwtacacs-scheme-name [ local ] | local | none | radius-scheme radius-scheme-name [ local ] } For local authentication, configure local user accounts. c.
Figure 22 Scheme authentication interface for AUX login Configuring common settings for AUX login (optional) Some common settings configured for an AUX user interface take effect immediately and can interrupt the login session. To save you the trouble of repeated re-logins, use a login method different from AUX login to log in to the device before you change AUX user interface settings.
Step 5. Specify the parity check mode. Command Remarks parity { even | mark | none | odd | space } The default setting is none, namely, no parity check. The default is 1. 6. Specify the number of stop bits. stopbits { 1 | 1.5 | 2 } Stop bits indicate the end of a character. The more the bits, the slower the transmission. By default, the number of data bits in each character is 8. The setting depends on the character coding type.
Step 15. Set the idle-timeout timer. Command Remarks idle-timeout minutes [ seconds ] The default idle-timeout is 10 minutes. The system automatically terminates the user's connection if there is no information interaction between the device and the user in timeout time. Setting idle-timeout to 0 disables the timer. 16. Enable Telnet redirect for the current user interface. redirect enable By default, the redirect function is disabled. 17. Specify a Telnet redirect listening port.
Parameter Default Flow control • Independent AUX port: On • Console and AUX integrated port: Off Parity None Stop bits 1 Data bits 8 Login procedure To log in through the AUX port: • Complete the authentication settings on the AUX user interface. By default, password authentication is enabled, but no password is set. To use password authentication, you must set a password for password authentication.
4. Launch the terminal emulation program and configure the communication properties on the PC. Figure 24 through Figure 26 show the configuration procedure on Windows XP HyperTerminal. Make sure the port settings are the same as the common AUX port settings on the device. If the default settings are used, see Table 17. On Windows Server 2003, add the HyperTerminal program first, and then log in to and manage the device as described in this document.
Figure 26 Setting the properties of the serial port 5. Power on the device and press Enter at the prompt. Figure 27 CLI 6. At the default user view prompt , enter commands to configure the device or check the running status of the device. To get help, enter ?. Modem dial-in through the AUX port The administrator can use a pair of modems to remotely connect to the device through its AUX port over PSTN when the IP network connection is broken.
By default, you can log in to the device through modems without authentication and have user privilege level 0. To improve device security, configure AUX login authentication. The following are authentication modes available for modem dial-in through the AUX port: • None—Requires no authentication and is insecure. • Password—Requires a password for accessing the CLI. If your password was lost, log in to the device through the console port to view or modify the password.
4. Configure the following settings on the modem directly connected to the device: { AT&F—Restores the factory default. { ATS0=1—Configures auto-answer on first ring. { AT&D—Ignores data Terminal Ready signals. { AT&K0—Disables local flow control. { AT&R1—Ignores Data Flow Control signals { AT&S0—Forces DSR to remain on. { ATEQ1&W—Disables the modem from returning command responses and execution results, and saves configuration.
Figure 30 Configuring the dialing parameters 7. Dial the telephone number to establish a connection to the device. Figure 31 Dialing the number Character string CONNECT9600 is displayed on the terminal. 8. Press Enter as prompted.
Figure 32 Login page 9. At the default user view prompt , enter commands to configure the device or check the running status of the device. To get help, enter ?. IMPORTANT: Do not directly close the HyperTerminal. Doing so can cause some modems to stay in use, and your subsequent dial-in attempts will always fail. To disconnect the PC from the device, execute the ATH command in the HyperTerminal. If the command cannot be entered, type AT+ + + and then press Enter.
Figure 33 Dialing in to the device without any authentication Configuring password authentication for modem dial-in Step Command Remarks 1. Enter system view. system-view N/A 2. Enter one or more AUX user interface views. user-interface aux first-number [ last-number ] N/A 3. Enable password authentication. authentication-mode password By default, password authentication is enabled. 4. Set a password.
Figure 34 Password authentication interface for modem dial-in users Configuring scheme authentication for modem dial-in Follow these guidelines when you configure scheme authentication for AUX login: • To make the command authorization or command accounting function take effect, apply an HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the authorization server and other authorization parameters.
Step Command Remarks Optional. 4. Enable command authorization. By default, command authorization is disabled. The commands available for a user only depend on the user privilege level. command authorization If command authorization is enabled, a command is available only if the user has the commensurate user privilege level and is authorized to use the command by the AAA scheme. Optional. By default, command accounting is disabled. The accounting server does not record the commands executed by users.
Step 8. 9. Command Remarks Create a local user and enter local user view. local-user user-name By default, no local user exists. Set a password for the local user. password [ [ hash ] { cipher | simple } password ] By default, no password is set. Optional. 10. Specify the command level of the local user. authorization-attribute level level 11. Specify terminal service for the local user. service-type terminal By default, no service type is specified. 12.
IMPORTANT: To avoid packet loss, make sure the speed of the AUX port is slower than the transmission rate of the modem. You can connect a device (Device B) to the AUX port of the current device (Device A), and configure the current device to redirect a Telnet login user to that device. If the redirect enable and redirect listen-port port-number commands are configured, a user can use the telnet DeviceA-IP-address port-number command to log in to Device B.
Step Command Remarks flow-control { hardware | none | software } 11. Configure the flow control mode. flow-control hardware flow-control-type1 [ software flow-control-type2 ] The default flow control mode is hardware. flow-control software flow-control-type1 [ hardware flow-control-type2 ] By default, the terminal display type is ANSI. The device supports two terminal display types: ANSI and VT100. HP recommends that you set the display type to VT100 on both the device and the configuration terminal.
Step Command Remarks 21. Specify a Telnet redirect listening port. redirect listen-port port-number The default port number is the absolute user interface number plus 2000. 22. Disable Telnet option negotiation during redirecting a Telnet connection. redirect refuse-negotiation By default, Telnet option negotiation is enabled. redirect refuse-teltransfer By default, the user interface converts the ASCII characters 0xff to 0xff 0xff when redirecting a Telnet connection.
Task Command Remarks Display the configuration of the device when it serves as a Telnet client. display telnet client configuration [ | { begin | exclude | include } regular-expression ] Available in any view. Available in user view. Release a user interface. free user-interface { num1 | { aux | console | vty } num2 } Multiple users can log in to the device to simultaneously configure the device. When necessary, you can execute this command to release some connections.
Logging in through SNMP You can run SNMP on an NMS to access the router MIB and perform GET and SET operations to manage and monitor the router. The router supports SNMPv1, SNMPv2c, and SNMPv3, and can work with various network management software products, including IMC. For more information about SNMP, see Network Management and Monitoring Configuration Guide. By default, SNMP access is disabled. To enable SNMP access, log in to the router through any other method.
Step Command Remarks Optional. 2. 3. 4. By default, the SNMP agent is disabled. Enable the SNMP agent. snmp-agent Configure an SNMP group and specify its access right. snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * By default, no SNMP group is configured. Add a user to the SNMP group.
Step Command Remarks • (Method 1) Specify the SNMP NMS access right directly by configuring an SNMP community: snmp-agent community { read | write } community-name [ mib-view view-name ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * • (Method 2) Configure an SNMP group 4. Configure the SNMP access right. and add a user to the SNMP group: a.
2. Configure the NMS: Make sure the NMS has the same SNMP settings, including the username as the router. If not, the router cannot be discovered or managed by the NMS. 3. Use the network management station to discover, query, and configure the router. For more information, see the NMS manual.
Controlling user logins To harden device security, use ACLs to prevent unauthorized logins. For more information about ACLs, see ACL and QoS Configuration Guide. Controlling Telnet logins Use a basic ACL (2000 to 2999) to filter Telnet traffic by source IP address. Use an advanced ACL (3000 to 3999) to filter Telnet traffic by source and/or destination IP address. Use an Ethernet frame header ACL (4000 to 4999) to filter Telnet traffic by source MAC address.
Step Command Remarks 1. Enter system view. system-view N/A 2. Create an advanced ACL and enter its view, or enter the view of an existing advanced ACL. acl [ ipv6 ] number acl-number [ name name ] [ match-order { config | auto } ] By default, no advanced ACL exists. 3. Configure an ACL rule. rule [ rule-id ] { permit | deny } rule-string N/A 4. Exit advanced ACL view. quit N/A 5. Enter user interface view. user-interface [ type ] first-number [ last-number ] N/A 6.
Figure 38 Network diagram Host A 10.110.100.46 IP network Router Host B 10.110.100.52 Configuration procedure # Configure basic ACL 2000, and configure rule 1 to permit packets sourced from Host B, and rule 2 to permit packets sourced from Host A. system-view [Router] acl number 2000 match-order config [Router-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Router-acl-basic-2000] rule 2 permit source 10.110.100.
Step 4. Exit the basic ACL view. Command Remarks quit N/A • SNMPv1/v2c community: snmp-agent community { read | write } community-name [ mib-view view-name ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * • SNMPv1/v2c group: snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * • SNMPv3 group: 5. Apply the ACL to an SNMP community, group, or user.
system-view [Router] acl number 2000 match-order config [Router-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Router-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Router-acl-basic-2000] quit # Associate the ACL with the SNMP community and the SNMP group.
Configuring FTP File Transfer Protocol (FTP) is an application layer protocol based on the client/server model. It is used to transfer files from one host to another over a TCP/IP network. FTP server uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959. FTP supports the following transfer modes: • Binary mode—Used to transfer image files, such as.bin and .btm files. • ASCII mode—Used to transfer text files, such as .txt, .bat, and .
Establishing an FTP connection Before you can access the FTP server, use the ftp command in user view or use the open command in FTP client view to establish a connection to the FTP server. You can use the ftp client source command to specify a source IP address or source interface for the FTP packets sent by the device. If a source interface (typically, a loopback interface) is specified, its primary IP address is used as the source IP address for the FTP packets sent by the device.
Task Command Log in to the remote FTP server from FTP client view. 5. ftp ipv6 6. open ipv6 server-address [ service-port ] [ -i interface-type interface-number ] Managing directories on the FTP server After the device establishes a connection to an FTP server, you can create or delete folders in the authorized directory on the FTP server. To manage the directories on the FTP server: Task Command Display detailed information about a directory or file on the FTP server.
Task Command Remarks Query a directory or file on the FTP server. ls [ remotefile [ localfile ] ] The ls command displays the name of a directory or file only, while the dir command displays detailed information such as the file size and creation time. Delete the specified file on the FTP server permanently. delete remotefile N/A Set the file transfer mode to ASCII. ascii By default, ASCII mode is used. Set the file transfer mode to binary. binary By default, ASCII mode is used.
Task Command Remarks Terminate the FTP connection without exiting FTP client view. • disconnect • close Use either command in FTP client view. Terminate the FTP connection and return to user view. • bye • quit Use either command in FTP client view. FTP client configuration example for standalone mode Network requirements As shown in Figure 41, the router acts as the FTP client and the PC acts as the FTP server. The router and the PC can reach each other.
[ftp] get newest.bin 227 Entering Passive Mode (10,1,1,1,10,68). 125 BINARY mode data connection already open, transfer starting for /newest.bin. 226 Transfer complete. FTP: 23951480 byte(s) received in 95.399 second(s), 251.00K byte(s)/sec. • Download the file newest.bin from the PC to the root directory of the CF card on the standby MPU (in slot 1). [ftp] get newest.bin slot1#cfa0:/newest.bin # Set the file transfer mode to ASCII and upload the configuration file config.
Figure 42 Network diagram IRF (FTP client) IP: 10.2.1.1/16 Master (Member_ID=1) FTP server Subordinate (Member_ID=2) Internet 10.1.1.1/16 PC Note: The orange line represents an IRF link. Configuration procedure # Examine the storage space of the device for insufficiency or impairment. If no sufficient free space is available, use the fixdisk command to fix the storage medium or use the delete/unreserved file-url command to delete unused files. (Details not shown.) # Log in to the server at 10.1.1.
FTP: 23951480 byte(s) received in 95.399 second(s), 251.00K byte(s)/sec. [ftp] get newest.bin chassis2#slot1#cfa0:/newest.bin 227 Entering Passive Mode (10,1,1,1,5,49). 125 BINARY mode data connection already open, transfer starting for chassis2#slot1#cfa0:/newest.bin. 226 Transfer complete. FTP: 23951480 byte(s) received in 95.399 second(s), 251.00K byte(s)/sec. # Upload the configuration file config.cfg from the IRF fabric to the server for backup. [ftp] ascii [ftp] put config.cfg back-config.
• The device and the FTP server can reach each other. • Configure a user account (including the username, password, and authorization) on the device or a remote authentication server for an FTP user. This task is required because the device does not support anonymous FTP for security reasons. By default, authenticated users can access the root directory of the device. • The FTP user provides the correct username and password.
Configuring authentication and authorization Perform this task on the FTP server to authenticate FTP clients and specify the directories that authenticated clients can access. The following authentication modes are available: • Local authentication—The device looks up the client's username and password in the local user account database. If a match is found, authentication succeeds.
newest.bin from the FTP client to the FTP server, and download the configuration file config.cfg from the FTP server to the FTP client for backup. Figure 43 Network diagram Configuration procedure 1. Configure the router (FTP server): # Create a local user account abc, set its password to abc and the user privilege level to level 3 (the manage level), specify the root directory of the active MPU's CF card as the authorized directory, and specify the service type as FTP.
ftp> get config.cfg back-config.cfg # Upload the file newest.bin to the root directory of the active MPU's CF card. ftp> put newest.bin 200 Port command okay. 150 Opening ASCII mode data connection for /newest.bin. 226 Transfer complete. ftp> bye 221 Server closing. c:\> This FTP procedure also applies to upgrading configuration files. NOTE: After you finish upgrading the Boot ROM image through FTP, execute the bootrom update command to upgrade Boot ROM. 3.
Create a local user account with username abc and password abc and enable FTP server on the IRF fabric. Use the user account to log in to the FTP server from the FTP client, upload the file newest.bin from the FTP client to the FTP server, and download the configuration file config.cfg from the FTP server to the FTP client for backup. Figure 44 Network diagram IRF (FTP server) IP: 1.1.1.1/16 Master (Member_ID=1) FTP client 1.2.1.
# Upload the file newest.bin to the CF root directory of the IRF fabric's active MPU. ftp> put newest.bin 200 Port command okay. 150 Opening ASCII mode data connection for /newest.bin. 226 Transfer complete. ftp> bye 221 Server closing. c:\> This FTP procedure also applies to upgrading configuration files. NOTE: After you finish upgrading the Boot ROM image through FTP, execute the bootrom update command to upgrade Boot ROM. 3. Upgrade the FTP server: # Copy the system software image file newest.
Displaying and maintaining FTP Task Command Remarks Display the source IP address configuration of the FTP client. display ftp client configuration [ | { begin | exclude | include } regular-expression ] Available in any view. Display the FTP server configuration. display ftp-server Available in any view. Display detailed information about logged-in FTP users. display ftp-user Available in any view.
Configuring TFTP Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for connection establishment and data receiving and transmitting. In contrast to TCP-based FTP, TFTP requires no authentication or complex message exchanges, and is easier to deploy. TFTP supports the following transfer modes: • Binary mode—Used to transfer image files, such as .bin and .btm files. • ASCII mode—Used to transfer text files, such as .
You can use the tftp client source command to specify a source IP address or source interface for the TFTP packets sent by the router. If a source interface (typically, a loopback interface) is specified, its primary IP address is used as the source IP address for the TFTP packets. The source interface and source IP address settings overwrite each other. The tftp client source command setting applies to all TFTP sessions.
TFTP client configuration examples for standalone mode Network requirements Configure the PC in Figure 46 as a TFTP server, and use TFTP to download the system software image file newest.bin from the PC to the router and upload the configuration file config.cfg from the router to the PC for backup. Figure 46 Network diagram Configuration procedure This configuration procedure assumes that the PC and the router can reach each other. 1. 2. Configure the PC (TFTP server): { Enable the TFTP server.
IMPORTANT: The system software image file used for the next startup must be saved in the root directory of the storage medium. # Reboot the router and the software is upgraded. reboot TFTP client configuration examples for IRF mode Network requirements The IRF fabric in Figure 47 comprises two member devices and can communicate with the PC. The slot numbers of the active MPU and the standby MPU on the master and subordinate device are 0 and 1 respectively.
{ Download the system software image file newest.bin from the PC to the CF root directories of the IRF fabric's standby MPUs. (Suppose the IRF fabric has three standby MPUs: one in slot 1 of member device 1, one in slot 0 of member device 2, and one in slot 1 of member device 2.) tftp 1.2.1.1 get newest.bin chassis1#slot1#cfa0:/newest.bin tftp 1.2.1.1 get newest.bin chassis2#slot0#cfa0:/newest.bin tftp 1.2.1.1 get newest.bin chassis2#slot1#cfa0:/newest.
Managing the file system Overview This chapter describes how to manage the device's file system, including the storage media, directories, and files. Storage medium naming rules The names of the storage media follow these rules: • If a storage medium is the only storage medium of its type on the device, it is named by its type. For example, if the device has only one Flash, the name of the Flash is flash.
Format Description Length Example Specifies a file in a specific storage medium on the device. The drive argument represents the storage medium name. drive:/[path]/filename The storage medium on the active MPU is cf. The storage medium on the standby MPU is slotX#cf, where X represents the number of the slot that hosts the standby MPU. For example, slot1#cf. To view the correspondence between an MPU and its slot number, use the display device command. 1 to 135 characters cfa0:/test/a.
Managing files CAUTION: To avoid file system corruption, do not plug in or unplug storage media or perform active/standby switchover while the system is processing a file operation. You can display directory and file information; display file contents; rename, copy, move, remove, restore, and delete files. The copy operation enables you to create a file. You can also create a file by performing the download operation or using the save command. Displaying file information Perform this task in user view.
Moving a file Perform this task in user view. Task Command Move a file. move fileurl-source fileurl-dest Deleting/restoring a file You can delete a file permanently or move it to the recycle bin. A file moved to the recycle bin can be restored, but a permanently deleted file cannot. A file in the recycle bin occupies storage space. To release the occupied space, execute the reset recycle-bin command in the directory that holds the file.
Managing directories You can create or remove a directory, display or change the current working directory, and display a specific directory. Displaying directory information Perform this task in user view. Task Command Display directory or file information. dir [ /all ] [ file-url | /all-filesystems ] Displaying the current working directory Perform this task in user view. Task Command Display the current working directory. pwd Changing the current working directory Perform this task in user view.
Task Command Remove a directory. rmdir directory Managing storage media Storage media management includes space assignment, storage medium mounting, and storage medium unmounting. Managing storage medium space CAUTION: After a storage medium is formatted, all files on it are erased and cannot be restored. If a startup configuration file exists on the storage medium, formatting the storage medium results in loss of the startup configuration file.
Configuration procedure Perform one of the following tasks in user view as appropriate: Task Command Remarks Mount a storage medium. mount device By default, a storage medium is automatically mounted and in mounted state when connected to the system. Unmount a storage medium. umount device By default, a storage medium is automatically mounted and in mounted state when connected to the system. Performing batch operations A batch file comprises a set of executable commands.
0 1 2 3 4 5 6 7 8 drw- Feb 18 2009 10:40:40 -rw- 17262936 Aug 28 2012 17:08:50 -rw3910 Nov 29 2012 13:45:50 drw- Sep 26 2010 11:42:34 -rw41950 Aug 21 2007 15:02:06 -rw1245 Nov 29 2012 13:45:52 -rw- 19386224 May 07 2011 11:21:38 -rw108 Mar 31 2012 16:25:50 drw- Aug 28 2012 17:04:30 logfile backup.bin system.xml domain1 default.diag startup.cfg main.bin patchstate seclog 36696 KB total (725624 KB free) File system type of cfa0: FAT16 # Create new folder mytest in the logfile directory.
Managing configuration files You can manage configuration files at the CLI or by using the Boot menu of the device. This chapter explains how to manage configuration files from the CLI. Overview A configuration file saves configurations as a set of text commands. You can save the running configuration to a configuration file so the configuration takes effect after you reboot the device. You can also back up the configuration file on to a host and download the file to the device as needed.
IMPORTANT: To run on the device, a configuration file must meet the content and format requirements. To ensure a successful configuration load at startup, use a configuration file created on the device at startup. If you edit the configuration file, make sure all edits are compliant with the requirements. A configuration file is saved as a text file according to the following rules: • Commands are saved in their complete form.
Saving the running configuration To make configuration changes take effect at the next startup, save the running configuration to the startup configuration file to be used at the next startup before the device reboots. Complete the following tasks to save the running configuration: Task Remarks Optional. Enabling configuration auto-update Perform this task to ensure configuration consistency across MPUs. Saving the running configuration Required.
If you are specifying the file as a next-startup configuration file, use one of the following methods to save the configuration: • Fast mode—Use the save command without the safely keyword. In this mode, the router directly overwrites the target next-startup configuration file. If a reboot or power failure occurs during this process, the next-startup configuration file is lost.
Using automatic configuration backup after a software upgrade After a software upgrade, the system by default starts up with the next-startup configuration file created on the old software version, but the system does not load settings that are incompatible with the new software version to the current configuration.
Task Command Remarks The setting applies to both active MPU and standby MPU. Specify a next-startup configuration file. startup saved-configuration cfgfile [ backup | main ] On an IRF fabric, the setting applies to all MPUs. IMPORTANT: The configuration file must use the .cfg extension and be saved in the root directory of a storage medium.
Step 1. 2. Command Remarks Restore the main next-startup configuration file from a TFTP server in user view. restore startup-configuration from src-addr src-filename Verify that the specified configuration file has been set as the main next-startup configuration file. display startup This command is not supported in FIPS mode. File destination: cfa0:/ on each MPU. Optional.
Task Command Remarks Display the next-startup configuration files saved on the storage media of the device. display saved-configuration [ by-linenum ] [ | { begin | exclude | include } regular-expression ] Available in any view. Display names of the configuration files used at this startup and the next startup. display startup [ | { begin | exclude | include } regular-expression ] Available in any view. Display the valid configuration in the current view.
Upgrading software You can use the CLI or Boot menu to upgrade software. This chapter only describes upgrading software from the CLI. Upgrading software includes upgrading the BootWare (called "bootrom" in the CLI) and system software. Each time the device is powered on, it runs the BootWare image to initialize hardware and display hardware information, and then runs the system software image (called the "boot file" in software code) so you can access the software features, as shown in Figure 48.
Upgrading method Software types Remarks Upgrading system software System software image (excluding patches) This method is disruptive. You must reboot the device to complete the upgrade. System software image Hotfixes (called "patches" in this document) repair software defects without requiring a reboot or service disruption. Installing hotfixes Hotfixes do not add new features to system software images.
Upgrading the system software (for IRF mode) Step Command Remarks See "Configuring FTP" or "Configuring TFTP." The image file must be saved in the storage medium's root directory for a successful upgrade. Copy the system software image to the root directory of a storage medium on the standby MPUs. copy fileurl-source fileurl-dest You can assign different names to the image files for the active MPU and the standby MPUs, but you must make sure the image versions are the same. 3.
Basic concepts This section describes the basic patch concepts. Patch, patch file, and patch package file A patch fixes certain software defects. A patch file contains one or more patches. After being loaded from a storage medium to the patch memory area, each patch is assigned a unique number, which starts from 1. For example, if a patch file has three patches, they are numbered 1, 2, and 3. A patch package file contains patch files for multiple features or cards.
Figure 49 Impact of patch manipulation commands on patch state IDLE state Patches that have not been loaded are in IDLE state. You cannot install or run these patches. As shown in Figure 50, the patch memory area can load up to eight patches. The patch memory area supports up to 200 patches. Figure 50 Patches that are not loaded to the patch memory area DEACTIVE state Patches in DEACTIVE state have been loaded to the patch memory area but have not yet run in the system.
Figure 51 Patch states in the patch memory area after a patch file is loaded ACTIVE state Patches in ACTIVE state run temporarily in the system and become DEACTIVE after system reboot. For the seven patches in Figure 51, if you activate the first five patches, their states change from DEACTIVE to ACTIVE. The patch states in the system are as shown in Figure 52. The patches that are in ACTIVE state change to the DEACTIVE state after a system reboot.
Figure 53 Patches in RUNNING state Patch installation task list Task Remarks IMPORTANT: Installing patches: • Installing and running patches in one If patches are released in a package, you must use the one-step installation method. • Installing patches step by step If patches are released in separate patch files, you can use either method. One-step installation is fast and easy to use. In contrast, step-by-step patch installation allows you to control the patch status.
Installing and running patches in one step To install and run patches in one step, use the patch install command. This command changes the state of installed patches from IDLE to ACTIVE or RUNNING, depending on your choice. When executing the patch install command, you must choose to run installed patches or disable running them after a reboot. If you choose to have installed patches continue to run after a reboot, the installed patches are set in RUNNING state and remain in this state after a reboot.
Installing patches step by step Step-by-step installation method applies only to patch files. In contrast to the one-step patch installation method, step-by-step patch installation enables you to control patch status during the patch installation process. Step-by-step patch installation task list Task Remarks Configuring the patch loading location Optional. Loading patches Required. Activating patches Required. Confirming ACTIVE patches Optional.
Step Command 1. Enter system view. system-view 2. Load a patch file from the patch loading location to the patch memory area. patch load slot slot-number [ file patch-package ] To load patches in IRF mode: Step Command 1. Enter system view. system-view 2. Load a patch file from the patch loading location to the patch memory area. patch load chassis chassis-number slot slot-number [ file patch-package ] Activating patches Activating a patch changes its state to ACTIVE.
Step 2. Command patch run [ patch-number ] [ chassis chassis-number slot slot-number ] Confirm ACTIVE patches. Uninstalling a patch step by step To uninstall a patch by using the step-by-step method, you must first stop running the patch, and then remove it from the patch memory area. Stopping running patches When you stop running a patch, the patch state becomes DEACTIVE, and the system runs the way it did before it was installed with the patch.
Displaying and maintaining software upgrade Task Command Remarks Display system software image information (in standalone mode). display boot-loader [ slot slot-number ] [ | { begin | exclude | include } regular-expression ] Available in any view. Display system software image information (in IRF mode). display boot-loader [ chassis chassis-number slot slot-number ] [ | { begin | exclude | include } regular-expression ] Available in any view.
2. Configure the router: # Use the save command to save the running configuration. (Details not shown.) # Examine the free space of the CF card on the router for memory insufficiency. If the free space is not sufficient for the new image file, delete unused files from the CF card. (Details not shown.) # Log in to the FTP server. ftp 2.2.2.2 Trying 2.2.2.2 ... Press CTRL+K to abort Connected to 2.2.2.2. 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user User(2.2.2.
Configuration procedure 1. Configure the TFTP server: # Enable the TFTP server function. (Details not shown.) # Save the patch package file patch_package.bin to the directory of the TFTP server. (Details not shown.) 2. Configure the router: # Use the save command to save the running configuration. (Details not shown.) # Examine the CF card on the router for memory insufficiency. If the free space is not sufficient for the patch files, delete unused files. (Details not shown.
Figure 56 Network diagram Configuration procedure 1. Save the system software image and configuration file in the TFTP server's working directory. (Details not shown.) 2. Upgrade the IRF fabric: # Download new-config.cfg from the TFTP server to the MPUs of the master. tftp 2.2.2.2 get new-config.cfg .. File will be transferred in binary mode Downloading file from remote TFTP server, please wait..... TFTP: 917 bytes received in 1 second(s) File downloaded successfully. tftp 2.2.2.
Slot 2: Set next configuration file successfully # Specify soft-version2.bin as the startup system software image for each MPU. boot-loader file soft-version2.bin chassis 1 slot 0 main This command will set the boot file of the specified board. Continue? [Y/N]:y The specified file will be used as the main boot file at the next reboot on chassis 1 slot 0! boot-loader file chassis1#slot1#cfa0:/soft-version2.bin chassis 1 slot 1 main This command will set the boot file of the specified board.
Managing the device Overview Device management includes monitoring the operating status of devices and configuring their running parameters. The configuration tasks in this document are order independent. You can perform these tasks in any order. Configuring the device name A device name identifies a device in a network and works as the user view prompt at the CLI. For example, if the device name is Sysname, the user view prompt is . To configure the device name: Step Command Remarks N/A 1.
Command 2 1, 2 2, 1 Effective system time Original system time ± zone-offset date-time ± zone-offset Configuration example System time clock timezone zone-time add 1 02:00:00 zone-time Sat 01/01/2005 clock datetime 2:00 2007/2/2 clock timezone zone-time add 1 clock timezone zone-time add 1 date-time clock datetime 3:00 2007/3/3 The original system time outside the daylight saving time range: The system time does not change until it falls into the daylight saving time range.
Command 3, 1 (date-time in the daylight saving time range) Effective system time Configuration example System time date-time – summer-offset outside the daylight saving time range: clock summer-time ss one-off 1:00 2007/1/1 1:00 2007/8/8 2 23:30:00 UTC Sun 12/31/2006 date-time – summer-offset clock datetime 1:30 2007/1/1 date-time – summer-offset in the daylight saving time range: clock summer-time ss one-off 1:00 2007/1/1 1:00 2007/8/8 2 date-time clock datetime 3:00 2007/1/1 Original system
Command Effective system time Configuration example date-time in the daylight saving time range, but date-time – summer-offset outside the summer-time range: clock timezone zone-time add 1 date-time – summer-offset clock datetime 1:30 2008/1/1 Both date-time and date-time – summer-offset in the daylight saving time range: date-time clock summer-time ss one-off 1:00 2008/1/1 1:00 2008/8/8 2 System time 23:30:00 zone-time Mon 12/31/2007 clock timezone zone-time add 1 clock summer-time ss one-off 1:
To enable displaying the copyright statement: Step Command Remarks N/A 1. Enter system view. system-view 2. Enable displaying the copyright statement. copyright-info enable Optional. Enabled by default. Configuring banners Banners are messages that the system displays during user login. The system supports the following banners: • Legal banner—Appears after the copyright or license statement. To continue login, the user must enter Y or press Enter. To quit the process, the user must enter N.
line with a delimiter that is the same as the start delimiter. For example, you can configure the banner "Have a nice day. Please input the password." as follows: system-view [System] header shell A Please input banner content, and quit with the character 'A'. Have a nice day. Please input the password.A { Method 3—After you type the last keyword, type the start delimiter and part of the banner and press Enter.
Disabling password recovery capability Password recovery capability controls console user access to the device configuration and SDRAM from BootWare menus. If password recovery capability is enabled, a console user can access the device configuration without authentication to reconfigure new passwords. If password recovery capability is disabled, a console user must restore the factory-default configuration before configuring new passwords.
Step Command Remarks By default, the system uses the reboot method when an exception occurs. 2. Configure the exception handling method for the system. system-failure { maintain | reboot } The system always reboots an interface card or the auxiliary CPU system when an exception occurs to them. In an IRF fabric, the exception handling method applies to all MPUs, but the MPUs handle system exceptions independently without affecting one another or the IRF fabric.
Task Command Remarks Reboot a card, a subcard, or the device immediately. reboot [ slot slot-number [ subslot subslot-number ] ] If no card is specified, the command reboots the device. To reboot a device in IRF mode, execute the following command in user view: Task Reboot a subcard, an IRF member device, or all IRF member devices.
Task Command Remarks • Schedule a reboot to occur at a specific time and date: schedule reboot at hh:mm [ date ] Schedule a reboot. • Schedule a reboot to occur Use either command. The scheduled reboot function is disabled by default. after a delay: schedule reboot delay { hh:mm | mm } Changing any clock setting cancels the reboot schedule. Scheduling jobs You can schedule a job to automatically run a command or a set of commands without administrative interference.
Configuration guidelines • To have a job successfully run a command, make sure the specified view and command are valid. The system does not verify their validity. • After job execution, the configuration interface, view, and user status that you have before job execution are restored even if the job ran a command to change the user interface (for example, telnet, ftp, and ssh2), the view (for example, system-view and quit), or the user status (for example, super).
Step 3. Specify the view in which the commands in the job run. Command Remarks view view-name You can specify only one view for a job. The job executes all commands in the specified view. • Configure a command to run at a specific time and date: time time-id at time date command command • Configure a command to run at a 4. Add commands to the job. specific time: time time-id { one-off | repeating } at time [ month-date month-day | week-day week-daylist ] command command Use any of the commands.
[Sysname-job-pc1] view gigabitethernet 3/0/1 # Configure the device to enable GigabitEthernet 3/0/1 at 8:00 on working days every week. [Sysname-job-pc1] time 1 repeating at 8:00 week-day mon tue wed thu fri command undo shutdown # Configure the device to shut down GigabitEthernet 3/0/1 at 18:00 on working days every week. [Sysname-job-pc1] time 2 repeating at 18:00 week-day mon tue wed thu fri command shutdown [Sysname-job-pc1] quit # Create a job named pc2, and enter its view.
Unmounting a hot-swappable card or subcard IMPORTANT: • Unmounting a card or subcard causes service interruption. • You can use this feature to unmount only hot-swappable card or subcard. To install or remove a non-hot-swappable card, you must power off the device. To install a hot-swappable card or subcard, you only need to insert it to a slot in the device. To remove a hot-swappable card or subcard, however, you must first unmount the card.
Setting the port status detection timer Some protocols might shut down ports under specific circumstances. For example, MSTP shuts down a BPDU guard–enabled port when the port receives a BPDU. To make these protocols automatically cancel the shutdown action and restore a port to its original physical status after a specific period of time, you can set the port status detection timer. To set the port status detection timer: Step Command Remarks N/A 1. Enter system view. system-view 2.
Step Command Remarks Optional. 2. Set the operating mode of an interface card. card-mode slot slot-number subslot subslot-number mode-name The mode-name argument might take the value of e, t, e1, t1, e3, t3, pos, e-cpos, oc-3, oc-12, ipsec, ssl, atm, auto, or efm, but the actual value depends on the interface card type. To configure the operating mode of an interface card in IRF mode: Step Command Remarks 1. Enter system view. system-view N/A 2. Set the operating mode of an interface card.
Verifying transceiver modules You can verify the genuineness of a transceiver module in the following ways: • Display the key parameters of a transceiver module, including its transceiver type, connector type, central wavelength of the transmit laser, transfer distance and vendor name. • Display its electronic label. The electronic label is a profile of the transceiver module and contains the permanent configuration including the serial number, manufacturing date, and vendor name.
Disabling all USB interfaces You can disable all USB interfaces on the router. Disabling all USB interfaces also disables the USB device port. Before you disable USB interfaces, make sure no one is accessing the USB devices. To disable all USB interfaces: Step Command Remarks 1. Enter system view. system-view N/A 2. Disable all USB interfaces. usb disable By default, all USB interfaces are disabled.
Task Command Remarks Display device information. display device [ cf-card | usb ] [ [ chassis chassis-number ] [ slot slot-number [ subslot subslot-number ] ] | verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view. Display the electronic label data for the device. display device manuinfo [ fan fan-id | slot slot-number [ subslot subslot-number ] ] [ | { begin | exclude | include } regular-expression ] Available in any view.
Task Command Remarks Display system version information. display version [ | { begin | exclude | include } regular-expression ] Available in any view. Display the system time and date. display clock [ | { begin | exclude | include } regular-expression ] Available in any view. Display information about the users that have logged in to the device but are not under user view. display configure-user [ | { begin | exclude | include } regular-expression ] Available in any view.
Task Command Remarks Display memory usage statistics. display memory [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] [ | { begin | exclude | include } regular-expression ] Available in any view. Display the power state. display power [ chassis chassis-number [ power-id ] ] [ | { begin | exclude | include } regular-expression ] Available in any view. Display power supply information.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index ABCDEFILMNOPRSTUV A F Accessing the CLI online help,4 File system management examples,101 B FIPS compliance,75 Backing up the next-startup configuration file to a TFTP server,108 FIPS compliance,66 FIPS compliance,111 FIPS compliance,104 C FIPS compliance,23 Changing the system time,127 FIPS compliance,90 Clearing unused 16-bit interface indexes,142 FTP client configuration example for IRF mode,80 CLI user interfaces,22 CLI views,2 FTP client configuration example for standalone mode,7
Performing batch operations,101 Prerequisites,90 Synchronizing the standby MPU with the system software on the active MPU,113 R T Rebooting the device,134 TFTP client configuration examples for IRF mode,93 TFTP client configuration examples for standalone mode,92 Related information,148 Restoring the next-startup configuration file from a TFTP server,108 U S Understanding command-line error messages,8 Saving the running configuration,105 Unmounting a hot-swappable card or subcard,140 Saving the
