HP SECBLADENSM-CMW520-R3109 Release Notes Part number:
HP SECBLADENSM-CMW520-R3109 Release Notes HP SECBLADENSM-CMW520-R3109 Release Notes Keywords: NetStream Abstract: This release notes describes the SECBLADENSM-CMW520-R3109 release with respect to version information, version changes, restrictions and cautions, feature list, open problems and workarounds, list of solved problems, related documentation, and software upgrading. Acronyms: Acronym Full spelling CMW Comware NS NetStream Hewlett-Packard Development Company, L.P.
HP SECBLADENSM-CMW520-R3109 Release Notes Contents Version information ················································································································ 6 Version number ·························································································································6 Version history ····························································································································6 Hardware and software compatibility matrix···
HP SECBLADENSM-CMW520-R3109 Release Notes Upgrading applications using FTP ······························································································38 Upgrading applications using FTP on the BootWare menu ···················································· 38 Upgrading applications using FTP at the CLI ········································································38 Maintaining files ····························································································
HP SECBLADENSM-CMW520-R3109 Release Notes List of tables Table 1 Version history ................................................................................................................................... 6 Table 2 Hardware and software compatibility matrix ............................................................................ 6 Table 3 Hardware features...........................................................................................................................
HP SECBLADENSM-CMW520-R3109 Release Notes Version information Version number HP SecBlade NS Comware software, Version 5.
HP SECBLADENSM-CMW520-R3109 Release Notes dis version HP Comware Platform Software Comware Software, Version 5.20, Release 3109 Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P. HP SecBlade NS uptime is 0 week, 0 day, 0 hour, 7 minutes CPU type: RMI XLR732 1000MHz CPU 3584M bytes DDR2 SDRAM Memory 4M bytes Flash Memory 247M bytes CF0 Card PCB Version:Ver.A Logic Version: Basic 1.0 BootWare Version: 1.28 Extend BootWare Version: 1.50 [FIXED PORT] CON (Hardware)Ver.
HP SECBLADENSM-CMW520-R3109 Release Notes Feature list Hardware features Table 3 Hardware features Item Description 1 console port (CON) Fixed ports 2 x GE RJ-45 copper ports 2 × GE combo ports DDR2 SDRAM 4 GB (default), 2 GB (compatible) CF card 256 MB (default) Weight 3.3 kg (7.28 lb) Rated power consumption 150 W Operating temperature 0°C to 40°C (32°F to 104°F) Relative humidity (noncondensing) 10% to 90% Hewlett-Packard Development Company, L.P.
HP SECBLADENSM-CMW520-R3109 Release Notes Software features Table 4 Software features Category Features Interface-level NetStream Interface-level sampling Interface-level filtering NetStream aggregation data export Setting the aging time for active flows Setting the aging time for inactive flows Setting the cache size for NetStream entries Adding a data export destination address NetStream (IPv4) Deleting a specified data export destination address Deleting all data export destination addresses Setting t
HP SECBLADENSM-CMW520-R3109 Release Notes Category Features Network protocols LAN protocols IP services Network protocols IP routing Ethernet_II VLAN ARP Static DNS Static routing Policy-based routing Local configuration through console port Local or remote configuration through Telnet or SSH Hierarchical user privileges Debugging information Tracert, Ping Configurati on manageme nt CLI Telnet to another device to manage the device FTP server/client File upload/download through TFTP Logging File sy
HP SECBLADENSM-CMW520-R3109 Release Notes Version number Item Description New features: None Hardware feature updates Added module: None Deleted features: None R3106 New features: Support for HP cards Software feature updates Deleted features: None Modified features: None New features: None Hardware feature updates Added module: None Deleted features: None R3105 New features: ACL Syslog Software feature updates Deleted features: None Modified features: None New features: None Hardware featur
HP SECBLADENSM-CMW520-R3109 Release Notes MIB updates Table 7 MIB updates Version number R3103 Item MIB file Module Description New Modified Configuration changes None Open problems and workarounds None List of resolved problems Resolved problems in R3109 Problem 1 HSD97600 • Condition: Enable DSA-TAG. • Description: The SecBlade NS module distributes a large number of IPv6 packets with different source IP addresses to only several vCPUs.
HP SECBLADENSM-CMW520-R3109 Release Notes Resolved problems in R3105 None Resolved problems in R3104 None Resolved problems in R3103 First release Related documentation New feature documentation Table 8 New feature documentation Feature Document title HP A7500 NetStream Monitoring Card Manual 6P102 HP A9500 NetStream Monitoring Card Manual 6P102 HP A12500 NetStream Monitoring Card Manual 6P102 HP Security Modules Software Upgrade Guide 6PW101 HP NetStream Monitoring Module Configuration Guide
HP SECBLADENSM-CMW520-R3109 Release Notes Software upgrading CAUTION: Upgrade software only when necessary and under the guidance of a technical support engineer.
HP SECBLADENSM-CMW520-R3109 Release Notes • Secure application file (secure file for short): The file name is secure.bin and the file type is S. When booting with the main and backup application files fails, the SecBlade card uses the secure application file to boot. When booting with the secure application file fails, boot failure will be prompted. These three types of files are stored on the CF card for all SecBlade cards except the SSL VPN cards.
HP SECBLADENSM-CMW520-R3109 Release Notes NOTE: • The configuration file name containing a drive identifier and a string terminator cannot be longer than 64 characters. For example, if the drive identifier is “CF:/”, the file name excluding the drive identifier and string terminator can be at most [ 64 – 1 – 4 ] = 59 characters in length. Typically, a file name excluding drive identifier and string terminator is recommended to contain no more than 16 characters.
HP SECBLADENSM-CMW520-R3109 Release Notes Upgrade flow Figure 1 Software upgrade flow Specifying files Specifying a boot file No matter how you upgrade software, use the boot-loader file file-url { main | backup } command in user view to specify a new boot file for the SecBlade card and then restart the device. In the command, • file file-url: Name of the boot file, consisting of 1 to 64 characters. • main: Main application file. • backup: Backup application file.
HP SECBLADENSM-CMW520-R3109 Release Notes NOTE: • A boot file is an application file used to boot the SecBlade card. When there are multiple application files on the CF card, you can use the boot-loader command to specify an application file for the next boot. The main application file is used to boot the SecBlade card. The backup application file is used to boot the SecBlade card when the main application file is unavailable. • The SSL VPN cards do not support the boot-loader command.
HP SECBLADENSM-CMW520-R3109 Release Notes Figure 2 Establish a HyperTerminal connection. Step3 From the Connect using dropdown list shown in Figure 3, select the serial interface to which the console cable is connected. Figure 3 Select the serial interface for the HyperTerminal connection Step4 Set serial interface parameters. In the COM1 Properties dialog box shown in Figure 4, set the default serial interface properties listed in Table 9. Hewlett-Packard Development Company, L.P.
HP SECBLADENSM-CMW520-R3109 Release Notes Table 9 Default serial interface properties Property Value Bits per second 9600 bps Data bits 8 Parity None Stop bits 1 Flow control None Figure 4 Set serial interface parameters Step5 Click OK to enter the HyperTerminal window shown in Figure 5. Hewlett-Packard Development Company, L.P.
HP SECBLADENSM-CMW520-R3109 Release Notes Figure 5 HyperTerminal window Step6 In the HyperTerminal window, select File > Properties > Settings to enter the dialog box shown in Figure 6. Step7 Set the terminal emulation to VT100 or autodetect and click OK to return to the HyperTerminal window. Hewlett-Packard Development Company, L.P.
HP SECBLADENSM-CMW520-R3109 Release Notes Figure 6 Set the terminal emulation type Introduction to the BootWare menu Main menu After the above configurations are completed and the SecBlade card is powered on, the card first performs system initialization. After system initialization, the following information is displayed on the configuration terminal: System start booting... Booting Normal Extend BootWare........
HP SECBLADENSM-CMW520-R3109 Release Notes CPU L1 Cache : 32KB CPU Clock Speed : 1000MHz Memory Type : DDR2 SDRAM Memory Size : 4096MB Memory Speed : 533MHz BootWare Size : 1536KB Flash Size : 4MB cfa0 Size : 247MB CPLD Version : 3.0 PCB Version : Ver.A BootWare Validating... Press Ctrl+B to enter the extended boot menu. Otherwise, the SecBlade card will enter the application file decompression process.
HP SECBLADENSM-CMW520-R3109 Release Notes | <0> Reboot | ============================================================= Enter your choice(0-9): The main menu is described in Table 10. Table 10 Main menu Menu item Description <1> Boot System Boot an application from the CF card. <2> Enter Serial SubMenu <3> Enter Ethernet SubMenu <4> File Control <5> Modify BootWare Password Enter the serial submenu. For details, refer to “Serial ” on page 24. Enter the Ethernet submenu.
HP SECBLADENSM-CMW520-R3109 Release Notes ============================================================= Enter your choice(0-5): Table 11 describes the serial submenu items. Table 11 Serial submenu Submenu item Description <1> Download Application Program To SDRAM And Run Download an application to the SDRAM through the serial interface and run the application. <2> Update Main Application File Upgrade the main application file. <3> Update Backup Application File Upgrade the backup application file.
HP SECBLADENSM-CMW520-R3109 Release Notes File control submenu Select 4 on the main menu to enter the file control submenu, where you can view, modify, and delete application files stored in a storage device.
HP SECBLADENSM-CMW520-R3109 Release Notes Submenu items Description <0> Exit To Main Menu Return to the main menu. Storage device operation submenu Select 9 on the main menu to enter the storage device operation submenu.
HP SECBLADENSM-CMW520-R3109 Release Notes Modifying serial interface parameters In practice, on the one hand, you need to improve the baud rate of the serial interface to save the upgrade time, and on the other hand, you need to lower it to guarantee the transmission reliability. This section introduces how to modify the baud rate of the serial interface. Step1 Select 2 on the main menu to enter the serial submenu.
HP SECBLADENSM-CMW520-R3109 Release Notes Figure 7 Disconnect the HyperTerminal connection Step5 Select File > Properties. Click Configure (F)… in the test Properties dialog box and change the bits per second to 115200. Figure 8 Modify the baud rate on the HyperTerminal Hewlett-Packard Development Company, L.P.
HP SECBLADENSM-CMW520-R3109 Release Notes Step6 Select Call > Call to re-establish a call connection. Figure 9 Re-establish a call connection Step7 Press Enter. You can see the current baud rate and return to the upper level menu.
HP SECBLADENSM-CMW520-R3109 Release Notes Figure 10 Send File dialog box Step4 Click Browse… to select the application file to be downloaded, and select Xmodem from the Protocol dropdown list. Then click Send and the following dialog box appears: Figure 11 Sending file dialog box After the file is downloaded, the following information is displayed on the configuration terminal: Download successfully! 10129792 bytes downloaded! Hewlett-Packard Development Company, L.P.
HP SECBLADENSM-CMW520-R3109 Release Notes NOTE: • The size of an application is often over 10 MB. Even if the baud rate is set to 115200 bps, it usually takes about 30 minutes to upgrade the application through the serial interface. Therefore, you are recommended to upgrade applications through an Ethernet interface. • If you want the SecBlade card to use the downloaded file, you need to specify the file for the next boot. For related information, refer to “Specifying ” on page 17.
HP SECBLADENSM-CMW520-R3109 Release Notes Figure 13 Sending file dialog box After the file is downloaded, the following information is displayed on the configuration terminal: Download successfully! 10129792 bytes downloaded! NOTE: • The BootWare program is automatically upgraded when applications are upgraded, that is, you do not need to upgrade the BootWare program separately. • The file name, size, and path in the above figures may vary.
HP SECBLADENSM-CMW520-R3109 Release Notes You can upgrade application files using TFTP in the following two ways: • On the BootWare menu • At the CLI Upgrading applications using TFTP on the BootWare menu Step1 Set up a TFTP upgrade environment. • The SecBlade card serves as the TFTP client while the PC serves as the TFTP server.
HP SECBLADENSM-CMW520-R3109 Release Notes Field Description '-' = Go to previous field To go to the previous field, input a hyphen (-) and then press Enter. Ctrl+D = Quit The shortcut key combination for quitting the Ethernet parameter setting interface is Ctrl+D. Protocol (FTP or TFTP) Select TFTP or FTP to upgrade applications. Select the file to be downloaded. Set the path where the file is stored on the TFTP server. NOTE: Load File Name • The first “main.
HP SECBLADENSM-CMW520-R3109 Release Notes ......... Update Success! CAUTION: • If the application file name you entered already exists on the CF card, “The file exists, will you overwrite it? [Y/N]” will be prompted. If you enter Y, the application file on the CF card will be directly overwritten. The upgraded application file will become the only main application file. • Make sure that the available space on the CF card is enough. Otherwise, “The free space isn’t enough” will be prompted.
HP SECBLADENSM-CMW520-R3109 Release Notes Table 17 dir command output information Field Description Directory of cfa0:/ Name of the current directory 62472 KB total (41855.5 KB free) Used space on the CF card (available space on the CF card) File system type of cfa0 File system type that the CF card supports Step2 Upgrade applications. Using TFTP, you can download application files from the TFTP server to overwrite existing application files on the SecBlade card to implement application upgrade.
HP SECBLADENSM-CMW520-R3109 Release Notes File uploaded successfully. NOTE: • When you back up an application file, if the file name already exists on the TFTP server, the existing file will directly be overwritten. • You can back up configuration files in the way you back up application files. Upgrading applications using FTP When application files are large, you can also upgrade them using the File Transfer Protocol (FTP) to greatly shorten the upgrade and maintenance time.
HP SECBLADENSM-CMW520-R3109 Release Notes Connect the PC to an Ethernet interface (for example, GigabitEthernet 0/1) on the SecBlade card and ensure the connectivity between them. • Use a crossover Ethernet cable to connect Ethernet interface GigabitEthernet 0/1 on the SecBlade card to the PC. • Configure IP addresses for the FTP server and client and ensure that they are on the same network segment. In this example, the IP address of the FTP server (PC) is 192.168.80.
HP SECBLADENSM-CMW520-R3109 Release Notes Step5 Back up application files. Using FTP, you can upload application files from the SecBlade card to the FTP server for the backup purpose. # Upload the main.bin file from the SecBlade card to the FTP server and save it as main.bin. [ftp] put main.bin main.bin 227 Entering passive mode (192,168,80,200,5,34) 125 Using existing data connection 226 Closing data connection; File transfer successful. FTP: 10867848 byte(s) sent in 172.505 second(s), 63.
HP SECBLADENSM-CMW520-R3109 Release Notes NOTE: • You can use the FTP service after you have configured authorization and authentication on the FTP server. Multiple clients can simultaneously access the FTP server. A remote FTP client sends a request to the FTP server. The FTP server executes an action accordingly and returns the execution result to the FTP client. • After you have configured authentication and authorization on the FTP server, you need to set the user level to 3.
HP SECBLADENSM-CMW520-R3109 Release Notes Step5 Back up application files. Using FTP, you can download application files from the FTP server (SecBlade card) to the FTP client (the PC) for the backup purpose. # Download the main.bin file from the SecBlade card to the PC and save it as main_bac.bin. ftp> get main.bin main_bac.bin 200 Port command okay. 150 Opening BINARY mode data connection for main.bin. 226 Transfer complete. FTP: 11673608 byte(s) received in 12.735 second(s), 916.
HP SECBLADENSM-CMW520-R3109 Release Notes 2 1227 May/11/2007 16:25:52 N/A cfa0:/startup.cfg 3 2294 May/11/2007 14:47:32 N/A cfa0:/~/startup.cfg 4 2094 May/11/2007 13:47:34 N/A cfa0:/~/startup_bac.cfg Modifying a file type You can modify the type of application files of type M, B or N/A except type S on the file control submenu, or at the CLI after the SecBlade card boots. Step1 Select 2 on the file control submenu.
HP SECBLADENSM-CMW520-R3109 Release Notes Deleting......... Done! Maintaining files at the CLI Displaying all files Use the dir command to display all files on a SecBlade card. dir Directory of cfa0:/ 0 drw- - Jun 11 2007 19:09:42 logfile 1 -rw- 10867848 Jun 13 2007 13:21:20 main.bin 2 -rw- 1128 Jun 27 2007 11:07:24 startup.cfg 3 -rw- 558 Jun 11 2007 20:20:38 config.cfg 4 -rw- 558 Jun 11 2007 20:23:10 config_bac.
HP SECBLADENSM-CMW520-R3109 Release Notes Dealing with password loss This section tells you what to do if you forget the BootWare password, user password, or super password of a SecBlade card. User password loss If you forget your user password, you will be refused to log in to the SecBlade card. In this case, you can ignore the current configuration to boot the SecBlade card and set a new user password as follows: Step1 Select 6 on the main menu to ignore the current configuration in SecBlade card boot.
HP SECBLADENSM-CMW520-R3109 Release Notes BootWare password loss Contact your local dealer if you forget the BootWare password of the SecBlade card. You can modify the BootWare password on the main menu. Step1 Select 5 on the main menu to modify the BootWare password as prompted.
HP SECBLADENSM-CMW520-R3109 Release Notes Clear Application Password Success Step2 Exit from the main menu and reboot the SecBlade card to directly enter the system view. NOTE: This setting works only once. The super password will be restored when the SecBlade card is rebooted for a second time. Backing up and restoring the BootWare program file Select 7 on the main menu to enter the BootWare operation submenu. For details, refer to “BootWare operation ” on page 26.
HP SECBLADENSM-CMW520-R3109 Release Notes Backup normal extend bootrom completed! Backup bootrom completed! Restoring the BootWare program file Restoring the entire BootWare program file on the BootWare menu To restore the entire BootWare program file, first restore the basic segment and then the extended segment. Step1 Select 2 on the BootWare operation menu to restore the backup BootWare program file on the Flash to the CF card.
