H3C SecBladeII-CMW520-F3169P07 Release Notes Keywords: FW, NAT, ASPF, IPSec, GRE, VPN Abstract: This release notes describes the SecBladeII release with respect to hardware and software compatibility, released features and functions, software upgrading, and documentation.
H3C SECBLADEFW-CMW520-F3169P07 Release Notes Table of Contents Version Information ········································································································································ 5 Version Number ········································································································································· 5 Version History ······················································································································
H3C SECBLADEFW-CMW520-F3169P07 Release Notes Modifying Serial Interface Parameters····························································································· 27 Upgrading Applications ···················································································································· 30 Upgrading the BootWare Program··································································································· 31 Upgrading Applications Using TFTP ······················
H3C SECBLADEFW-CMW520-F3169P07 Release Notes List of Tables Table 1 Version history ............................................................................................................................... 5 Table 2 Hardware and software compatibility matrix.................................................................................. 5 Table 3 SecBlade FW hardware features ..................................................................................................
Version Information Version Number List the version number with the command display version. For example: Comware Software, Version 5.20 , Feature 3169P07 Note: You can see the version number with the command display version in any view. Please see Note①.
Sample:To display the host software and Boot ROM version of the SecBlade FW, perform the following: dis version H3C Comware Platform Software Comware Software, Version 5.20, Feature 3169P07 Copyright (c) 2004-2010 Hangzhou H3C Tech. Co., Ltd. All rights reserved. H3C SecPath F1000-E uptime is 0 week, 0 day, 16 hours, 55 minutes CPU type: RMI XLR732 1000MHz CPU 2048M bytes DDR2 SDRAM Memory 4M bytes Flash Memory 249M bytes CF0 Card PCB Version:Ver.A Logic Version: 3.0 Basic BootWare Version: 1.
Item SecPathF1000E Temperature 0 ~ 40 ℃ Humidity 10 ~ 90% Software Features Table 4 SecBlade FW software features Category Features RADIUS/HWTACACS+ CHAP Authentication AAA PAP Authentication Domain Area Authentication Packet Filter Access control based on security areas Access control based on time-range ASPF Firewall Virtual firewall Anti Dos/DDos URL Filter Static and Dynamic Blacklist P2P Network Security Attack log Black list log Security Managem ent Session log Binary format log Traffic me
Category Features AH, ESP IKE DES, 3DES and AES VPN IPSec/IKE MD5, SHA-1 Aggressive/main exchange-mode DPD NAT traversal Ethernet_II LAN VLAN ARP Static DNS IP address unnumbered IP Service DHCP relay Network protocol DHCP server DHCP client Static route RIP-1/RIP-2 IP Route OSPF BGP Policy Route ICMPv6 TCP6 UDP6 RAWIP6 Ping6 IPv6 Basic Protocol DNS6 TraceRT6 Telnet6 FIB6 DHCPv6 Client DHCPv6 Relay 8
Category Features RIPng OSPFv3 BGP4+ Routing & Multicast Static Route policy Route PIM-SM PIM-DM NAT-PT IPv6 Tunnel Security IPv6 Packet Filter Radius High Availabilit y VRRP Dual Hot Standby Console AUX Support Telnet, SSH, FTP, TFTP Comman d Line Configur ation Manage ment Configure command level Detailed debug information Support tracert, ping Support log and file management User-interface Login and Authentication WEB Web configuration SNMPV3/V1/V2C NTP Version Updates Feature Updates Table 5 Fe
Version number Item Description New features: None Software feature updates Deleted features: None Modified features: None New features: None Hardware feature updates Deleted features: None New features: 1) RSH ALG F3169P04 2) IPv6 Software feature updates 3) Configuration synchronization Deleted features: None Modified features: None Command Line Updates Table 6 Command line updates Version number F3169P07 Item Description New commands None Removed commands None Modified commands None [u
List of Resolved Problems Resolved Problems in F3169P07 Problem 1 l First found-in version: F3169 l Description: If the main-device has flow, start configuration synchronization, and execture RESET SESSION command many times, the device will restart abnormally. l Workaround: stateful failover Resolved Problems in F3169P04 First release.
l The basic segment is used for the basic initialization of the SecBlade card. After the basic initialization, the network interfaces and the CF card are still unavailable. l After the SecBladeII card runs the extended segment, the network interfaces and the CF card are available. The extended segment provides diversified human-computer interaction (HCI) functions to upgrade the applications and the boot system.
l Default configuration file: The file type can be M, B, or N/A, and the file extension is .cfg or .xml. When loading the main and backup configuration files fails, the SecBladeII card uses the default configuration file (startup.cfg or system.xml) to load configuration information. If loading the default configuration file fails, the SecBladeII card boots without any configuration information.
The second and third are called conventional software upgrade methods. l The BootWare program is automatically upgraded when applications are upgraded, that is, you do not need to upgrade the BootWare separately. l Before software upgrade, check the current versions of the BootWare program and applications so as to use the correct files for upgrading.
l file file-url: Name of the boot file, consisting of 1 to 64 characters. l main: Main application file. l backup: Backup application file. l A boot file is an application file used to boot the SecBladeII card. When there are multiple application files on the CF card, you can use the boot-loader command to specify an application file for the next boot. The main application file is used to boot the SecBladeII card.
Figure 2 Web user login interface Software Upgrade After login, select System Management > Software Upgrade from the navigation tree to enter the page shown in Figure 3 Software upgrade page Make settings as described in Table 9 to upgrade software. Table 9 Make settings for upgrading software Field File Action Click Browse to select the application file saved locally Enter a file name to save the downloaded file to the SecpathF1000E. The file extension must be .bin or .app.
Field Reboot after the upgrade is finished Action Select this option if you want the SecpathF1000E to reboot immediately after the software is upgraded. Software Upgrade in Conventional Methods SecpathF1000E provide the BootWare menu and a CLI, through either of which you can configure, manage, and upgrade the cards. The upgrade procedures of SecpathF1000E are similar unless otherwise specified in this chapter.
Figure 4 Establish a HyperTerminal connection. Step3 From the Connect using dropdown list shown in Figure 5, select the serial interface to which the console cable is connected. Figure 5 Select the serial interface for the HyperTerminal connection Step4 Set serial interface parameters. In the COM1 Properties dialog box shown in Figure 6, set the default serial interface properties listed in Table 10.
Property Value Data bits 8 Parity None Stop bits 1 Flow control None Figure 6 Set serial interface parameters Step5 Click OK to enter the HyperTerminal window shown in Figure 7.
Figure 7 HyperTerminal window Step6 In the HyperTerminal window, select File > Properties > Settings to enter the dialog box shown in Figure 8. Step7 Set the terminal emulation to VT100 or autodetect and click OK to return to the HyperTerminal window.
Step8 Log in to the SecpathF1000E at the switch side Introduction to the BootWare Menu Main Menu After the above configurations are completed and the SecpathF1000E is powered on, the card first performs system initialization. After system initialization, the following information is displayed on the configuration terminal: For different SecBlade cards or different versions of BootWare programs, the information displayed on the configuration terminal may slightly differ. System start booting...
l You must press Ctrl+B in four seconds after “Press Ctrl+B to enter extended boot menu” appears. Otherwise, the SecpathF1000E card will enter the application file decompression process. l After the SecpathF1000E card enters the application decompression process, if you want to enter the extended boot menu, you need to reboot the SecpathF1000E card. l The extended boot menu is referred to as the main menu unless otherwise specified. Press Ctrl+B when “Press Ctrl+B to enter extended boot menu...
Menu item <3> Enter Ethernet SubMenu Description Enter the Ethernet submenu. For details, refer to “Ethernet Submenu” on page 24. Enter the file control submenu. <4> File Control <5> Modify BootWare Password For details, refer to “File Control Submenu” on page 25. Modify the BootWare password. Ignore the current system configuration. <6> Skip Current System Configuration The operation is one-off valid for the current boot.
Table 12 Serial submenu Submenu item Description <1> Download Application Program To SDRAM And Run Download an application to the SDRAM through the serial interface and run the application. <2> Update Main Application File Upgrade the main application file. <3> Update Backup Application File Upgrade the backup application file. <4> Update Secure Application File Upgrade the secure application file. <5> Modify Serial Interface Parameter Modify the serial interface parameters.
File Control Submenu Select 4 on the main menu to enter the file control submenu, where you can view, modify, and delete application files stored in a storage device.
Submenu items Description <4> Update BootWare By Ethernet Upgrade the BootWare program file through an Ethernet interface. <0> Exit To Main Menu Return to the main menu. Storage Device Operation Submenu Select 9 on the main menu to enter the storage device operation submenu.
Introduction to Xmodem You need to use the Xmodem protocol when upgrading the BootWare program and applications through the serial interface (console interface). XModem is a file transfer protocol widely used for its simplicity and good performance. Modem transfers files through serial interfaces. It supports transmission of packets in 128 bytes and 1024 bytes, error check (checksum and CRC), and error retransmission (generally the maximum number of retransmission attempts is 10).
make it consistent with that of the serial interface on the SecBlade card so that they can communicate with each other. Perform the following operations on the HyperTerminal: Step4 Select Call > Disconnect to disconnect the HyperTerminal connection. Figure 9 Disconnect the HyperTerminal connection Step5 Select File > Properties. Click Configure (F)… in the test Properties dialog box and change the bits per second to 115200.
Figure 10 Modify the baud rate on the HyperTerminal Step6 Select Call > Call to re-establish a call connection. Figure 11 Re-establish a call connection Step7 Press Enter. You can see the current baud rate and return to the upper level menu.
After you download files at the modified baud rate to upgrade applications, restore the baud rate on the HyperTerminal to 9600 bps in time, so as to ensure the normal display on the screen when the SecBlade card boots or reboots. Upgrading Applications You can upgrade applications on the serial submenu when upgrading them through the serial interface. Step1 Select 2 on the main menu to enter the serial submenu. For details about the serial submenu, refer to “Serial Submenu” on page 23.
Figure 13 Sending file dialog box After the file is downloaded, the following information is displayed on the configuration terminal: Download successfully! 10129792 bytes downloaded! l The size of an application is often over 10 MB. Even if the baud rate is set to 115200 bps, it usually takes about 30 minutes to upgrade the application through the serial interface. Therefore, you are recommended to upgrade applications through an Ethernet interface.
| <3> Update Basic BootWare | | <4> Modify Serial Interface Parameter | | <0> Exit To Main Menu | ============================================================= Enter your choice(0-4): Step2 Select 1. The following information is displayed: Waiting ...CCCCCCCCCCCCCCCCCCCCCCCCC... Step3 Select Transfer > Send file in the HyperTerminal window.
l The BootWare program is automatically upgraded when applications are upgraded, that is, you do not need to upgrade the BootWare program separately. l The file name, size, and path in the above figures may vary. Check the current BootWare and application versions before upgrading them. l If you upgraded the extended segment, you only upgrade part of the BootWare program.
2) Configure Ethernet interface parameters on the BootWare menu. Select 3 on the main menu to enter the Ethernet submenu, where you can select 5 to enter the Ethernet parameter setting interface to configure the Ethernet interface parameters. ===================================== Note: '.' = Clear field. '-' = Go to previous field. Ctrl+D = Quit. ============================================================= Protocol (FTP or TFTP):tftp Load File Name :main.bin :main.
Field Description Local IP Address IP address of the interface connecting the TFTP server Gateway IP Address IP address of the gateway. You do not need to configure it. FTP User Name FTP username, which will be used for FTP downloading, but not for TFTP downloading. FTP User Password FTP password, which will be used for FTP downloading, but not for TFTP downloading. l To use the default parameter after a colon, press Enter directly.
l Use a crossover Ethernet cable to connect Ethernet interface GigabitEthernet 0/1 on the SecBlade card to the PC. l Configure IP addresses for the TFTP server and client and ensure that they are on the same network segment. In this example, the IP address of the TFTP server (PC) is 192.168.80.200 and that of the TFTP client (GigabitEthernet 0/1) is 192.168.80.10. Use the ping command to check the connectivity between them. l Enable the terminal emulation program on the PC.
TFTP: 10867848 bytes received in 512.615 second(s) File downloaded successfully. l When you download an application file, if the file name already exists on the SecBlade card, you will be prompted whether to overwrite the existing file. You need to enter Y or N to make a confirmation. l You can upgrade configuration files in the way you upgrade application files. You can use a text editor to modify a configuration file.
You can upgrade application files using FTP on the BootWare menu or at the CLI. No matter how you upgrade applications, a SecBlade card can serve as the FTP server or FTP client. Upgrading Applications Using FTP on the BootWare Menu 1) Set up an upgrade environment. l The SecBlade card serves as the FTP client and the PC serves as the FTP server.
User(192.168.80.200:(none)):guest 331 User name ok, need password Password: 230 User logged in [ftp] 4) Upgrade applications. Using FTP, you can download application files from the FTP server to overwrite existing application files on the SecBlade card to implement application upgrade. The upgraded application files take effect at the next boot. # Download the main.bin file from the FTP server to the SecBlade card. [ftp] get main.bin main.bin cfa0:/main.bin has been existing.
l When you back up an application file, if the file name already exists on the FTP server, the existing file will directly be overwritten. l You can back up configuration files in the way you back up application files. The SecBlade card serving as the FTP server and the PC serving as the FTP client 1) Set up an upgrade environment. Connect the PC to an Ethernet interface (for example, GigabitEthernet 0/1) on the SecBlade card and ensure the connectivity between them.
ftp> ftp> open 192.168.80.10 Connected to 192.168.80.10. 220 FTP service ready. User (192.168.80.10:(none)): guest 331 Password required for guest Password: 230 User logged in. 4) Upgrade applications. Using FTP, you can upload application files from the client to overwrite the existing application files on the server (SecBlade card) to implement application upgrade. The upgraded application files take effect at the next boot. # Upload the main_bac.
l When you download an application file, if the file name already exists on the PC, you will be prompted whether to overwrite the existing file. You need to enter Y or N to make a confirmation. l You can back up configuration files in the way you back up application files. Maintaining Files You can maintain files on the file control submenu or at the CLI.
1 10129712 0 Exit Jun/11/2007 05:39:50 B cfa0:/main.bin ============================================================= Enter file no: Step2 Enter a file number (for example, 1) and press Enter. The following information is displayed. Modify the file attribute: | <1> +Main | | <2> -Main | | <3> +Backup | | <4> -Backup | | <0> Exit | Enter your choice(0-4): You can add/remove a type attribute, M (main) or B (backup), to/from a file by selecting a choice 1 to 4.
3 -rw- 558 Jun 11 2007 20:20:38 config.cfg 4 -rw- 558 Jun 11 2007 20:23:10 config_bac.cfg 506336 KB total (506272 KB free) File system type of cfa0: FAT16 Modifying a file type # Change the main.bin file from type B to type M+B. boot-loader file main.bin main This command will set the boot file. Continue? [Y/N]:y The specified file will be used as the main boot file at the next reboot! By now, the original main.
The following information is displayed: Flag Set Successfully. Step2 When the main menu appears again, select 0 to reboot the SecBlade card. System is rebooting now. System start booting... Booting Normal Extend BootWare.... Step3 Set a new user password in system view.
Step1 Select 5 on the main menu to modify the BootWare password as prompted. The following information is displayed: please input old password: Step2 Enter the old BootWare password: please input old password: ****** l If you enter the old BootWare password incorrectly, “Wrong password, Please input password again:” appears. l After three attempts to enter the correct old BootWare password, “Wrong password, system halt.” appears and the SecBlade card halts.
Step2 Exit from the main menu and reboot the SecBlade card to directly enter the system view. This setting works only once. The super password will be restored when the SecBlade card is rebooted for a second time. Backing Up and Restoring the BootWare Program File Select 7 on the main menu to enter the BootWare operation submenu. For details, refer to “BootWare Operation Submenu” on page 25.
Read normal extend bootrom completed! Backup normal extend bootrom completed! Backup bootrom completed! Restoring the BootWare Program File Restoring the entire BootWare program file on the BootWare menu To restore the entire BootWare program file, first restore the basic segment and then the extended segment. Step1 Select 2 on the BootWare operation menu to restore the backup BootWare program file on the Flash to the CF card.
