HP 5130 EI series Configuration Manual

Hide thumbs Also See for 5130 EI series:

Installation manual (70 pages)

Configuration manual (64 pages)

Configuration manual (171 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

Table of Contents

Quick Links

See also: Configuration Manual , Installation Manual

HP 5130 EI Switch Series

Fundamentals

Configuration Guide

Part number: 5998-5473

Software version: Release 3106

Document version: 6W100-20140919

Table of Contents

Troubleshooting

Summary of Contents for HP 5130 EI series

Page 1: Configuration Guide
HP 5130 EI Switch Series Fundamentals Configuration Guide Part number: 5998-5473 Software version: Release 3106 Document version: 6W100-20140919...
Page 2 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
Page 3: Table Of Contents
Contents Using the CLI ································································································································································ 1 CLI views ············································································································································································ 1 Entering system view from user view ······················································································································ 2 Returning to the upper-level view from any view ·································································································· 2 Returning to user view ·············································································································································· 2 Accessing the CLI online help ·········································································································································· 2 ...
Page 4 Accessing the device through SNMP ······················································································································· 37 Controlling user access ·············································································································································· 38 FIPS compliance ····························································································································································· 38 Controlling Telnet/SSH logins ······································································································································ 38 Configuration procedures ····································································································································· 38 Configuration example ········································································································································· 39 Controlling SNMP access·············································································································································· 39 Configuration procedure ······································································································································...
Page 5 Displaying and maintaining the FTP server ········································································································ 75 FTP server configuration example ························································································································ 75 Using the device as an FTP client ································································································································· 77 Establishing an FTP connection ···························································································································· 77 Managing directories on the FTP server ············································································································· 78 ...
Page 6 Enabling automatic configuration archiving ······································································································· 98 Manually archiving the running configuration ··································································································· 98 Rolling back configuration···································································································································· 98 Specifying a next-startup configuration file ················································································································· 99 Backing up the main next-startup configuration file to a TFTP server ····································································· 100 ...
Page 7 HTTP server configuration guidelines ················································································································ 137 TFTP server configuration guidelines ················································································································· 137 Support and other resources ·································································································································· 138 Contacting HP ······························································································································································ 138 Subscription service ············································································································································ 138 Related information ······················································································································································ 138 Documents ···························································································································································· 138 ...
Page 8: Using The Cli
Using the CLI At the command-line interface (CLI), you can enter text commands to configure, manage, and monitor the device. Figure 1 CLI example You can use different methods to log in to the CLI, including through the console port, Telnet, and SSH. For more information about login methods, see "Login overview."...
Page 9: Entering System View From User View
Perform basic operations including display, debug, file management, FTP, Telnet, clock setting, and • reboot. Enter system view. The system view prompt is [Device-name]. • In system view, you can perform the following tasks: Configure global settings (such as the daylight saving time, banners, and hotkeys) and some •...
Page 10: Using The Undo Form Of A Command
archive Archive configuration backup Backup the startup configuration file to a TFTP server boot-loader Set boot loader … Enter a space and a question mark after a command keyword to display all available, subsequent • keywords and arguments. If the question mark is in the place of a keyword, the CLI displays all possible keywords, each with a brief description.
Page 11: Editing A Command Line
Editing a command line To edit a command line, use the keys listed in Table 1 or the hotkeys listed in Table 2. When you are finished, you can press Enter to execute the command. A command line can have up to 512 characters, including keywords, arguments, spaces, and special characters.
Page 12: Configuring And Using Command Keyword Aliases
saved-configuration and system-view. To enter the command system-view, you only need to type sy. To enter the command startup saved-configuration, type st s. You can also press Tab to complete an incomplete keyword. Configuring and using command keyword aliases The command keyword alias function allows you to use your own keywords to replace the following keywords when you execute a command: The first keywords of non-undo commands.
Page 13: Enabling Redisplaying Entered-But-Not-Submitted Commands
Step Command Remarks Enter system view. system-view By default: • Ctrl+G is assigned the display current-configuration command. • Ctrl+L is assigned the display ip Assign a command hotkey { ctrl_g | ctrl_l | ctrl_o | routing-table command. to a hotkey. ctrl_t | ctrl_u } command •...
Page 14: Understanding Command-Line Error Messages
To enable redisplaying entered-but-not-submitted commands: Step Command Remarks Enter system view. system-view By default, the system does not redisplay entered-but-not-submitted commands. Enable redisplaying entered-but-not-submit info-center synchronous For more information about this command, see ted commands. Network Management and Monitoring Command Reference. Understanding command-line error messages After you press Enter to submit a command, the command line interpreter examines the command syntax.
Page 15: Controlling The Cli Output
Command history buffer for all Item Command history buffer for a user line user lines How to view buffered Use the display history-command all Use the display history-command command. commands? command. Navigate to the command in the buffer: In Windows 200x or Windows XP HyperTerminal or Telnet, use the up or How to call buffered down arrow key (↑...
Page 16: Numbering Each Output Line From A Display Command
Output controlling keys Keys Function Space Displays the next screen. Enter Displays the next line. Ctrl+C Stops the display and cancels the command execution. <PageUp> Displays the previous page. <PageDown> Displays the next page. Disabling pausing between screens of output To disable pausing between screens of output, execute the following command in user view: Task Command...
Page 17 include—Displays all lines matching the specified regular expression. • • regular-expression—A case-sensitive string of 1 to 256 characters, which can contain the special characters described in Table The amount of time for the filtering operation varies by regular expression. The more complicated the regular expression is, the longer the operation takes.
Page 18 Characters Meaning Examples Matches the preceding character n to m times or more. The numbers n and m " o{1,3}" matches "fod", "food", and "foooood", {n,m} must be nonnegative integers and n but not "fd". cannot be greater than m. Matches a string that starts with the pattern following \<.
Page 19: Saving The Output From A Display Command To A File
ssh server enable return # Use | exclude Direct for the display ip routing-table command to filter out direct routes and display only the non-direct routes. <Sysname> display ip routing-table | exclude Direct Destinations : 12 Routes : 12 Destination/Mask Proto Cost NextHop...
Page 20: Viewing And Managing The Output From A Display Command Effectively
# Verify whether the system time information is appended to the end of file clock.txt. <Sysname> more clock.txt 06:03:58 UTC Sat 01/01/2014 06:04:58 UTC Sat 01/01/2014 Viewing and managing the output from a display command effectively You can use the following measures in combination to filter and manage the output from a display command: Numbering each output line from a display command •...
Page 21: Login Overview
Login overview The first time you access the device, you can log in to the CLI through the console port. After login, you can change console login parameters or configure other access methods, including Telnet, SSH, modem,, and SNMP. Telnet is not supported in FIPS mode. Table 6 Login methods at a glance Login method Default settings and minimum configuration requirements...
Page 22: Logging In Through The Console Port For The First Device Access
Logging in through the console port for the first device access The first time you access the device, you can only log in to the CLI through the console port. To log in through the console port, prepare a console terminal (for example, a PC). Make sure the console terminal has a terminal emulation program, for example, HyperTerminal in Windows XP.
Page 23 Select Manage to open the Computer Management window. Select System Tools > Device Manager from the navigation tree. Select Ports (COM & LPT) from the right pane. Figure 4 Creating a connection Figure 5 Specifying the serial port used to establish the connection...
Page 24 Figure 6 Setting the properties of the serial port Power on the device and press Enter as prompted. Figure 7 Device CLI At the default user view prompt <HP>, enter commands to configure or manage the device. To get help, enter ?.
Page 25: Logging In To The Cli
Logging in to the CLI By default, you can log in to the CLI through the console port. After you log in, you can configure other login methods, including Telnet, SSH, and modem dial-in. To prevent illegal access to the CLI and control user behavior, you can perform the following tasks: Configure login authentication.
Page 26: Login Authentication Modes
An absolute number uniquely identifies a user line among all user lines. The user lines are numbered starting from 0 and incrementing by 1 and in the sequence of AUX, and VTY lines. You can use the display line command without any parameters to view supported user lines and their absolute numbers. A relative number uniquely identifies a user line among all user lines that are the same type.
Page 27: Fips Compliance
FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. Telnet login is not supported in FIPS mode. Logging in through the console port locally You can connect a terminal to the console port of the device to log in and manage the device, as shown Figure...
Page 28: Configuring Password Authentication For Console Login
Step Command Remarks A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. A non-default setting in either view takes precedence over a default setting in the •...
Page 29: Configuring Scheme Authentication For Console Login
The next time you log in through the console port, you must provide the configured login password. Configuring scheme authentication for console login Step Command Remarks Enter system view. system-view A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class.
Page 30 Step Command Remarks A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. A non-default setting in either view takes precedence over a default setting in the •...
Page 31: Logging In Through Telnet
Remarks By default, the terminal display type is ANSI. The device supports two terminal display types: ANSI and VT100. HP recommends Specify the that you set the display type to VT100 on terminal display terminal type { ansi | vt100 } both the device and the configuration type.
Page 32: Configuring Telnet Login On The Device
Configuring Telnet login on the device Task Remarks (Required.) Configuring login authentication: • Disabling authentication for Telnet login Configure one authentication mode as required. • Configuring password authentication for Telnet login • Configuring scheme authentication for Telnet login (Optional.) Setting the maximum number of concurrent Telnet users (Optional.) Setting the DSCP value for outgoing Telnet packets (Optional.)
Page 33: Configuring Password Authentication For Telnet Login
Figure 9 Telnetting to the device without authentication Configuring password authentication for Telnet login Step Command Remarks Enter system view. system-view By default, the Telnet server function is Enable Telnet server. telnet server enable disabled. A setting in user line view is applied only to the user line.
Page 34: Configuring Scheme Authentication For Telnet Login
The next time you Telnet to the device, you must provide the configured login password, as shown Figure 10. If the maximum number of login users has been reached, your login attempt fails and the message "All user lines are used, please try later!" appears. Figure 10 Password authentication interface for Telnet login Configuring scheme authentication for Telnet login Step...
Page 35 To use local authentication, configure a local user and the relevant attributes. • For more information, see Security Configuration Guide. The next time you Telnet to the CLI, you must provide the configured login username and password, as shown in Figure 1 1.
Page 36 Configuring common VTY line settings For a VTY line, you can specify a command that is to be automatically executed when a user logs in. After executing the specified command and performing the incurred task, the system automatically disconnects the Telnet session. Before you configure this function and save the configuration, make sure you can access the CLI through a different user line.
Page 37: Using The Device To Log In To A Telnet Server
Step Command Remarks By default, the session idle timeout is 10 minutes for all user lines. If there is no interaction between the device and Set the session idle idle-timeout minutes the user within the idle timeout, the system timeout. [ seconds ] automatically terminates the user connection on the user line.
Page 38: Logging In Through Ssh
Logging in through SSH SSH offers a secure method to remote login. By providing encryption and strong authentication, it protects devices against attacks such as IP spoofing and plain text password interception. For more information, see Security Configuration Guide. You can use an SSH client to log in to the device for remote management, or use the device as an SSH client to log in to an SSH server.
Page 39 Step Command Remarks A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. A non-default setting in either view takes • Enter VTY line view: precedence over a default setting in the other line vty first-number...
Page 40: Using The Device To Log In To An Ssh Server
Using the device to log in to an SSH server You can use the device as an SSH client to log in to an SSH server. If the server is located in a different subnet than the device, make sure the two devices have routes to reach each other. Figure 13 Logging in to an SSH client from the device Perform the following tasks in user view: Task...
Page 41 ATEQ1&W—Disables the modem from returning command responses and execution results, and saves configuration. To verify your configuration, enter AT&V to display the configuration results. NOTE: The configuration commands and output vary by modem. For more information, see the modem user guide.
Page 42 Figure 17 Dialing the number After you hear the dial tone, press Enter as prompted. If the authentication mode is none, the prompt <HP> appears. If the authentication mode is password or scheme, you must enter the correct authentication information as prompted.
Page 43: Displaying And Maintaining Cli Login
Figure 18 Login page IMPORTANT: Do not directly close the HyperTerminal. Doing so can cause some modems to stay in use, and your subsequent dial-in attempts will always fail. To disconnect the PC from the device, execute the appropriate ATH command in the HyperTerminal. If the command cannot be entered, type AT+ + + and press Enter.
Page 44: Accessing The Device Through Snmp
Task Command Remarks Multiple users can log in to the device to simultaneously configure the device. When necessary, you can execute this Release a user line. free line { num1 | { aux | vty } num2 } command to release some connections. You cannot use this command to release the connection you are using.
Page 45: Controlling User Access
Controlling user access Use ACLs to prevent unauthorized access and configure command authorization and accounting to monitor and control user behavior. For more information about ACLs, see ACL and QoS Configuration Guide. FIPS compliance The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode.
Page 46: Configuration Example
Configuration example Network requirements As shown in Figure 20, the device is a Telnet server. Configure the device to permit only Telnet packets sourced from Host A and Host B. Figure 20 Network diagram Configuration procedure # Configure an ACL to permit packets sourced from Host A and Host B. <Sysname>...
Page 47: Configuration Example
Step Command Remarks • (Method 1.) Create an SNMP community and specify ACLs for the community: In VACM mode: snmp-agent community { read | write } [ simple | cipher ] community-name [ mib-view view-name ] [ acl acl-number | acl ipv6 ipv6-acl-number ] * For more In RBAC mode: information about...
Page 48: Configuring Command Authorization
Figure 21 Network diagram Configuration procedure # Create an ACL to permit packets sourced from Host A and Host B. <Sysname> system-view [Sysname] acl number 2000 match-order config [Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [Sysname-acl-basic-2000] quit # Associate the ACL with the SNMP community and the SNMP group.
Page 49: Configuration Example
Step Command Remarks A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class. A non-default setting in either view takes • Enter user line view: precedence over a default setting in the line { first-number1...
Page 50 Figure 22 Network diagram Configuration procedure # Assign IP addresses to relevant interfaces. Make sure the device and the HWTACACS server can reach each other. Make sure the device and Host A can reach each other. (Details not shown.) # Enable the Telnet server. <Device>...
Page 51: Configuring Command Accounting
[Device-luser-manage-admin] password cipher 123 [Device-luser-manage-admin] service-type telnet [Device-luser-manage-admin] authorization-attribute user-role level-1 Configuring command accounting Command accounting allows the HWTACACS server to record all executed commands that are supported by the device, regardless of the command execution result. This function helps control and monitor user behavior on the device.
Page 52: Configuration Example
Step Command Remarks By default, command accounting is disabled, and the accounting server does not record the commands executed by users. If the command accounting command is Enable command command accounting configured in user line class view, accounting. command accounting is enabled on all user lines in the class.
Page 53 [Device-line-aux0] quit # Enable command accounting for user lines VTY 0 through VTY 63. [Device] line vty 0 63 [Device-line-vty0-63] command accounting [Device-line-vty0-63] quit # Create HWTACACS scheme tac. [Device] hwtacacs scheme tac # Configure the scheme to use the HWTACACS server at 192.168.2.20:49 for accounting. [Device-hwtacacs-tac] primary accounting 192.168.2.20 49 # Set the shared key to expert.
Page 54: Configuring Rbac
Configuring RBAC Overview Role based access control (RBAC) controls user access to items and system resources based on user role. Items include commands, XML elements, and MIB nodes. System resources include interfaces and VLANs. On devices that support multiple users, RBAC is used to assign access permissions to user roles that are created for different job functions.
Page 55 XML element rule—Controls access to XML elements used for configuring the device. • • OID rule—Controls SNMP access to a MIB node and its child nodes. The path from the root node to that node is uniquely identified by OID. A user role can access the set of permitted commands, XML elements, and MIB nodes specified in the user role rules.
Page 56: Assigning User Roles
User role name Permissions • level-0—Has access to diagnostic commands, including ping, quit, ssh2, super, system-view, telnet, and tracert. Level-0 access rights are configurable. • level-1—Has access to the display commands of all features and resources in the system except display history-command all. The level-1 user role also has all access rights of the level-0 user role.
Page 57: Fips Compliance
If the user passes local authorization, the device assigns the user roles specified in the local user account. If the user passes remote authorization, the remote AAA server assigns the user roles specified on the server. The AAA server can be a RADIUS or HWTACACS server. Non-AAA authorization—When the user accesses the device without authentication or by passing •...
Page 58: Configuring User Role Rules
Step Command Remarks By default, the system has the following predefined user roles: • network-admin. • network-operator. • level-n (where n equals an integer in Create a user role and role name role-name the range 0 to 15). enter user role view. •...
Page 59: Configuration Procedure
rule 3 permit read write oid 1.3.6.1.4 • If the same OID is specified in multiple rules, the rule with the higher ID takes effect. For example, the user role can access the MIB node with OID 1.3.6.1.4.1.25506.141.3.0.1 if the user role contains rules configured by using the following commands: rule 1 permit read write oid 1.3.6 rule 2 deny read write oid 1.3.6.1.4.1...
Page 60: Changing Resource Access Policies
Step Command Remarks By default, the system has the following predefined feature groups: Create a feature group role feature-group name • L2—Includes all Layer 2 commands. and enter feature group feature-group-name view. • L3—Includes all Layer 3 commands. These two groups are not user configurable. By default, a feature group does not have any features.
Page 61: Assigning User Roles
Step Command Remarks By default, the VLAN policies of user roles permit access to all VLANs. Enter user role VLAN policy vlan policy deny view. This command disables the access of the user role to any VLAN. By default, no accessible VLANs are (Optional.) Specify a list of configured.
Page 62: Assigning User Roles To Local Aaa Authentication Users
NOTE: To be compatible with privilege-based access control, the device automatically converts privilege-based • user levels (0 to 15) assigned by an AAA server to RBAC user roles (level-0 to level-15). If the AAA server assigns a privilege-based user level and a user role to a user, the user can use the •...
Page 63: Configuring Temporary User Role Authorization
Step Command Remarks • Enter user line view: For information about the priority line { first-num1 [ last-num1 ] | order and application scope of the { aux | vty } first-num2 Enter user line view or use configurations in user line view and [ last-num2 ] } line class view.
Page 64 The device does not use the username you enter to request user role authentication, and it uses a username in the $enabn$ format. The variable n represents a user role level, and a domain name is not included in the username. You can always pass user role authentication when the password is correct.
Page 65: Configuring User Role Authentication
Keywords Authentication mode Description Remote AAA authentication is performed first. Remote AAA authentication Local password authentication is performed in either of the first, and then local following situations: scheme local password authentication • The HWTACACS or RADIUS server does not respond. (remote-then-local) •...
Page 66: Displaying Rbac Settings
Displaying RBAC settings Execute display commands in any view. Task Command Display user role information. display role [ name role-name ] Display user role feature display role feature [ name feature-name | verbose ] information. Display user role feature group display role feature-group [ name feature-group-name ] [ verbose ] information.
Page 67 # Enable local authentication and authorization for the ISP domain bbb. [Switch] domain bbb [Switch-isp-bbb] authentication login local [Switch-isp-bbb] authorization login local [Switch-isp-bbb] quit # Create the user role role1. [Switch] role name role1 # Configure rule 1 to permit the user role to access read commands of all features. [Switch-role-role1] rule 1 permit read feature # Configure rule 2 to permit the user role to create VLANs and access commands in VLAN view.
Page 68: Rbac Configuration Example For Radius Authentication Users
Permission denied. <Switch> ping 192.168.1.58 Permission denied. RBAC configuration example for RADIUS authentication users Network requirements As shown in Figure 25, the switch uses the FreeRADIUS server at 10.1.1.1/24 to provide AAA service for login users, including the Telnet user at 192.168.1.58. The Telnet user uses the username hello@bbb and is assigned the user role role2.
Page 69 [Switch] line vty 0 63 [Switch-line-vty0-63] authentication-mode scheme [Switch-line-vty0-63] quit # Create the RADIUS scheme rad and enter RADIUS scheme view. [Switch] radius scheme rad # Specify the primary server address 10.1.1.1 and the service port 1812 in the scheme. [Switch-radius-rad] primary authentication 10.1.1.1 1812 # Set the shared key to expert in the scheme for the switch to authenticate to the server.
Page 70 # Configure the user role interface policy to disable configuration of any interface except GigabitEthernet 1/0/1 to GigabitEthernet 1/0/20. [Switch-role-role2] interface policy deny [Switch-role-role2-ifpolicy] permit interface gigabitethernet 1/0/1 to gigabitethernet 1/0/20 [Switch-role-role2-ifpolicy] quit [Switch-role-role2] quit Configure the RADIUS server: # Add either of the user role attributes to the dictionary file of the FreeRADIUS server. Cisco-AVPair = "shell:roles=\"role2\""...
Page 71: Rbac Temporary User Role Authorization Configuration Example (Hwtacacs Authentication)
RBAC temporary user role authorization configuration example (HWTACACS authentication) Network requirements As shown in Figure 26, the switch uses local authentication for login users, including the Telnet user at 192.168.1.58. The Telnet user uses the username test@bbb and is assigned the user role level-0. Configure the remote-then-local authentication mode for temporary user role authorization.
Page 72 # Specify the primary authentication server address 10.1.1.1 and the service port 49 in the scheme. [Switch-hwtacacs-hwtac] primary authentication 10.1.1.1 49 # Set the shared key to expert in the scheme for the switch to authenticate to the server. [Switch-hwtacacs-hwtac] key authentication simple expert # Exclude the ISP domain name from the username sent to the HWTACACS server.
Page 73 Figure 27 Configuring advanced TACACS+ settings Select Shell (exec) and Custom attributes, and enter allowed-roles="network-admin" in the Custom attributes field. Use a blank space to separate the allowed roles.
Page 74 Figure 28 Configuring custom attributes for the Telnet user Verifying the configuration Telnet to the switch, and enter the username test@bbb and password aabbcc to access the switch. Verify that you have access to diagnostic commands. <Switch> telnet 192.168.1.70 Trying 192.168.1.70 ... Press CTRL+K to abort Connected to 192.168.1.59 ...
Page 75: Rbac Temporary User Role Authorization Configuration Example (Radius Authentication)
<Switch> Verify that you can obtain the level-3 user role: # Use the super password to obtain the level-3 user role. When the system prompts for a username and password, enter the username test@bbb and password enabpass. <Switch> super level-3 Username: test@bbb Password: The following output shows that you have obtained the level-3 user role.
Page 76 # Assign an IP address to VLAN-interface 2, the interface connected to the Telnet user. <Switch> system-view [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.70 255.255.255.0 [Switch-Vlan-interface2] quit # Assign an IP address to VLAN-interface 3, the interface connected to the RADIUS server. [Switch] interface vlan-interface 3 [Switch-Vlan-interface3] ip address 10.1.1.2 255.255.255.0 [Switch-Vlan-interface3] quit...
Page 77 # Set the local authentication password to abcdef654321 for the user role network-admin. [Switch] super password role network-admin simple abcdef654321 [Switch] quit Configure the RADIUS server: This example uses ACSv4.2. Add a user account $enab0$ and set the password to 123456. (Details not shown.) Access the Cisco IOS/PIX 6.x RADIUS Attributes page.
Page 78: Troubleshooting Rbac
To resolve the problem: Use the display local-user command to examine the local user accounts for undesirable user roles, and delete them. If the problem persists, contact HP Support. Login attempts by RADIUS users always fail Symptom Attempts by a RADIUS user to log in to the network access device always fail, even though the following conditions exist: The network access device and the RADIUS server can communicate with one another.
Page 79 Configure the role default-role enable command. A RADIUS user can log in with the default user role when no user role is assigned by the RADIUS server. Add the user role authorization attributes on the RADIUS server. If the problem persists, contact HP Support.
Page 80: Configuring Ftp
Configuring FTP File Transfer Protocol (FTP) is an application layer protocol based on the client/server model. It is used to transfer files from one host to another over an IP network. FTP server uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959.
Page 81: Configuring Basic Parameters
Configuring basic parameters Step Command Remarks Enter system view. system-view Enable the FTP server. ftp server enable By default, the FTP server is disabled. (Optional.) Use an ACL to ftp server acl { acl-number | By default, no ACL is used for access control access to the FTP ipv6 acl-number6 } control.
Page 82: Manually Releasing Ftp Connections
Remote authorization—A remote authorization server assigns authorized directories on the device • to FTP clients. For information about configuring authentication and authorization, see Security Configuration Guide. Manually releasing FTP connections Task Command • Release the FTP connection established using a specific user account: free ftp user username Manually release FTP connections.
Page 83 Configuration procedure Configure IP addresses as shown in Figure 32. Make sure the IRF fabric and the PC can reach each other. (Details not shown.) Configure the FTP server: # Examine the storage space on the member devices. If the free space is insufficient, use the delete/unreserved file-url command to delete unused files.
Page 84: Using The Device As An Ftp Client
Using the device as an FTP client Establishing an FTP connection To access the FTP server, you must establish a connection from the FTP client to the FTP server. To establish an IPv4 FTP connection: Step Command Remarks Enter system view. system-view By default, no source IP (Optional.) Specify a source...
Page 85: Managing Directories On The Ftp Server
Step Command Remarks • (Method 1.) Log in to the FTP server from user view: ftp ipv6 ftp-server [ service-port ] [ dscp dscp-value | source { interface interface-type interface-number | ipv6 The source IP address specified in source-ipv6-address } ] * [ -i the ftp ipv6 command takes Log in to the FTP server.
Page 86: Changing To Another User Account
Task Command Remarks • Display detailed information about a directory or file on the FTP server: dir [ remotefile [ localfile ] ] Display directory or file information on the FTP server. • Display the name of a directory or file on the FTP server: ls [ remotefile [ localfile ] ] Delete the specified file on the...
Page 87: Maintaining And Troubleshooting The Ftp Connection
Maintaining and troubleshooting the FTP connection Task Command Remarks Display FTP commands on the FTP rhelp server. Display FTP commands help information rhelp protocol-command on the FTP server. Display FTP server status. rstatus Display detailed information about a rstatus remotefile directory or file on the FTP server.
Page 88: Ftp Client Configuration Example
Task Command Display source IP address information on the FTP client display ftp client source FTP client configuration example Network requirements As shown in Figure 33, the PC is acting as an FTP server. A user account with the username abc and password 123456 has been created on the PC.
Page 89 150 Connecting to port 47457 226 File successfully transferred 23951480 bytes received in 95.399 seconds (251.0 kbyte/s) # Download the file temp.bin from the PC to the Flash root directory of the subordinate member (with member ID of 2). ftp> get temp.bin slot2#flash:/temp.bin # Use the ASCII mode to upload the configuration file config.cfg from the IRF fabric to the PC for backup.
Page 90: Configuring Tftp
Configuring TFTP Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for data transmission. In contrast to TCP-based FTP, TFTP does not require authentication or complex message exchanges, and is easier to deploy. TFTP is suited for reliable network environments.
Page 91: Configuring The Device As An Ipv6 Tftp Client
Step Command Remarks The source IP address specified in this command tftp tftp-server { get | put | sget } takes precedence over the Download or upload a file source-filename [ destination-filename ] [ dscp one set by the tftp client in an IPv4 network.
Page 92: Managing The File System
Managing the file system This chapter describes how to manage the device's file system, including the storage media, directories, and files. IMPORTANT: Before managing storage media, files, and directories, make sure you know the possible impacts. • A file or directory whose name starts with a period (.) is considered a hidden file or directory. Do not •...
Page 93: Managing Files
Format Description Example Specifies a file in a storage medium on the device. The drive argument represents the flash:/test/a.cfg indicates a file named storage medium name. Typically, the drive:/[path/]file-name a.cfg in the test folder in the root directory storage medium name is flash or cfa0. of the flash memory.
Page 94: Copying A File
Copying a file Perform this task in user view. Task Command • In non-FIPS mode: copy fileurl-source fileurl-dest [ source interface interface-type interface-number ] Copy a file. • In FIPS mode: copy fileurl-source fileurl-dest Moving a file Perform this task in user view. Task Command Move a file.
Page 95: Deleting Files From The Recycle Bin
Files in the recycle bin occupy storage space. To save storage space, periodically empty the recycle bin with the reset recycle-bin command. Perform the following tasks in user view: Task Command Delete a file by moving it to the recycle bin. delete file-url Restore a file from the recycle bin.
Page 96: Managing Directories
Managing directories CAUTION: To avoid file system corruption, do not perform master/subordinate switchover during directory operations. You can create, display, or remove a directory, and display or change the current working directory. Displaying directory information Perform this task in user view. Task Command Display directory or file information.
Page 97: Managing Storage Media
Perform this task in user view. Task Command Remove a directory. rmdir directory Managing storage media CAUTION: To avoid file system corruption: Do not perform master/subordinate switchover while the system is repairing, formatting, partitioning, • mounting, or unmounting a storage medium. Repairing a storage medium If part of a storage medium is inaccessible, use the fixdisk command to examine and repair the medium.
Page 98 Step Command Remarks Enter system view. system-view Set the operation mode for file prompt { alert | quiet } The default mode is alert. files and folders.
Page 99: Managing Configuration Files
Managing configuration files Overview A configuration file saves a set of commands for configuring software features on the device. You can save any configuration to a configuration file so they can survive a reboot. You can also back up configuration files to a host for future use. You can use the CLI or the Boot menu to manage configuration files.
Page 100: Startup Configuration Loading Process
To display the running configuration, use the display current-configuration command. The displayed configuration does not include parameters that use initial settings. Startup configuration loading process Figure 35 shows the configuration loading process during startup. Figure 35 Configuration loading process during startup Start Boot ROM runs Enter Boot menu?
Page 101: Configuration File Formats
Configuration file formats Configuration files you specify for saving configuration must use the .cfg extension. A .cfg configuration file is a human-readable text file. When you save configuration to a .cfg file, the device automatically saves the configuration to an .mdb user-inaccessible binary file that has the same name as the .cfg file. The device loads an .mdb file faster than loading a .cfg file.
Page 102: Fips Compliance
Configuration encryption enables the device to encrypt a startup configuration file automatically when it saves the running configuration. All HP devices running Comware V7 software use the same private key or public key to encrypt configuration files. Only HP devices running Comware V7 software can decrypt the encrypted configuration files.
Page 103: Configuring Configuration Rollback
Task Command Remarks For reliable configuration saving, HP recommends that you specify the safely keyword. If you specify only the safely keyword, the command saves the configuration to the main startup configuration file Save the running configuration to a configuration file and specify...
Page 104: Configuring Configuration Archive Parameters
Configuring configuration archive parameters Before archiving the running configuration, either manually or automatically, you must configure a file directory and file name prefix for configuration archives. Configuration archives are saved with the file name format prefix_serial number.cfg, for example, 20080620archive_1.cfg and 20080620archive_2.cfg. The serial number is automatically assigned from 1 to 1000, increasing by 1.
Page 105: Enabling Automatic Configuration Archiving
Enabling automatic configuration archiving To ensure system performance, follow these guidelines when you configure automatic configuration archiving: • If the device configuration does not change frequently, manually archive the running configuration as needed. If the device configuration changes frequently, configure automatic archiving with an interval longer •...
Page 106: Specifying A Next-Startup Configuration File
Step Command Remarks Enter system view. system-view Roll the running configuration back to the configuration The specified configuration file configuration replace file filename defined by a configuration must not be encrypted. file. The configuration rollback function might fail to reconfigure some commands in the running configuration for one of the following reasons: A command cannot be undone because prefixing the undo keyword to the command does not •...
Page 107: Backing Up The Main Next-Startup Configuration File To A Tftp Server
Task Command Remarks The default for this command varies by device model. Use the display startup command Specify the next-startup startup saved-configuration cfgfile and the display configuration file. [ backup | main ] saved-configuration command in any view to verify the configuration.
Page 108: Deleting A Next-Startup Configuration File
Step Command Remarks Restore the main next-startup restore startup-configuration from This command is not supported in configuration file from a TFTP src-addr src-filename FIPS mode. server in user view. (Optional.) Verify that the display startup specified configuration file has been set as the main display saved-configuration next-startup configuration file.
Page 109 Task Command Display the factory defaults. display default-configuration Display the contents of the configuration file for display saved-configuration the next system startup. Display the names of the configuration files for display startup this startup and the next startup. Display the valid configuration in the current display this view.
Page 110: Upgrading Software
Upgrading software This chapter describes types of software and how to upgrade software from the CLI without using ISSU. For a comparison of all software upgrade methods, see "Upgrade methods." Overview Software upgrade enables you to add new features and fix bugs. Before performing an upgrade, use the release notes for the new software version to verify software and hardware compatibility and evaluate upgrade impacts.
Page 111: Comware Image Redundancy And Loading Procedure
Comware image redundancy and loading procedure You can specify two sets of Comware software images: one main and one backup. The system always attempts to start up with the main images. If any main image does not exist or is invalid, the system tries the backup images.
Page 112: Upgrade Methods
Figure 37 System startup process Start Boot ROM runs Enter Boot menus to Press Ctrl+B upgrade Boot ROM or promptly? startup software images Startup software images System starts up and CLI appears Finish Upgrade methods Upgrading method Software types Remarks Upgrading from the CLI: •...
Page 113: Preparing For The Upgrade
(Optional.) Enable Boot ROM bootrom-update security-check corruption, and hardware image validity check. enable incompatibility. HP recommends enabling it to ensure a successful upgrade. Return to user view. quit • Back up the image to the (Optional.) Back up the...
Page 114: Specifying The Startup Image File And Completing The Upgrade
Step Command Remarks Specify the downloaded software image file for the file-url argument. Load the upgrade Boot ROM bootrom update file file-url slot image to the Boot ROM. slot-number-list The new Boot ROM image takes effect at a reboot. Specifying the startup image file and completing the upgrade Perform this task in user view.
Page 115: Displaying And Maintaining Software Image Settings
Step Command Remarks Skip this step if you have only one device. When you use method 3, make sure you understand the following requirements and upgrade results: • If the master device started up with • Method 1: main startup images, its main boot-loader file ipe-filename startup images are synchronized to {slot slot-number } { backup |...
Page 116: Non-Issu Software Upgrade Examples
Non-ISSU software upgrade examples Example of software upgrade through a reboot Network requirements Use the file startup-a2105.ipe to upgrade software images for the IRF fabric in Figure Figure 38 Network diagram Master Subordinate (Member ID = 1) (Member ID = 2) IRF link Internet 1.1.1.1/24...
Page 117 <Sysname> display version...
Page 118: Managing The Device
CLI. For example, if the device name is Sysname, the user view prompt is <Sysname>. To configure the device name: Step Command Remarks Enter system view. system-view Configure the device name. sysname sysname The default device name is HP.
Page 119: Configuring The System Time
If you configure the clock protocol none command together with the clock protocol ntp command, the device uses the NTP time source. Power cycling or using the reboot command to reboot an HP 5130 EI restores the default system time settings. Reconfigure the settings after the switch starts up.
Page 120: Enabling Displaying The Copyright Statement
Enabling displaying the copyright statement When displaying the copyright statement is enabled, the device displays the copyright statement in the following situations: • When a Telnet or SSH user logs in. After a console or modem dial-in user quits user view. This is because the device automatically tries •...
Page 121: Configuration Procedure
<System> system-view [System] header shell %Have a nice day.% Multiline banner. • A multiline banner can be up to 2000 characters. To input a multiline banner, use one of the following methods: Method 1—Press Enter after the last command keyword. At the system prompt, enter the banner and end the last line with the delimiter character %.
Page 122: Rebooting The Device
Step Command Remarks By default, the device does not have a Configure the shell banner. header shell text banner. Rebooting the device CAUTION: • A device reboot might interrupt network services. To avoid configuration loss, use the save command to save the running configuration before a reboot. •...
Page 123: Scheduling A Task
Task Command Remarks Specify the reboot date scheduler reboot at time [ date ] By default, no reboot date or time is specified. and time. Specify the reboot delay scheduler reboot delay time By default, no reboot delay time is specified. time.
Page 124 Step Command Remarks By default, no job is assigned to a schedule. Assign a job to a job job-name You can assign multiple jobs to a schedule. schedule. The jobs will be executed concurrently. By default, a schedule has the user role of the schedule creator.
Page 125: Schedule Configuration Example
Step Command Remarks • Execute the schedule at an interval Configure either command. from the specified time on: time repeating at time By default, no execution time is [ month-date [ month-day | last ] | specified for a schedule. Specify an execution week-day week-day&<1-7>...
Page 126 [Sysname-job-start-GigabitEthernet1/0/1] command 1 system-view [Sysname-job-start-GigabitEthernet1/0/1] command 2 interface gigabitethernet 1/0/1 [Sysname-job-start-GigabitEthernet1/0/1] command 3 undo shutdown [Sysname-job-start-GigabitEthernet1/0/1] quit # Configure a job for disabling interface GigabitEthernet 1/0/2. [Sysname] scheduler job shutdown-GigabitEthernet1/0/2 [Sysname-job-shutdown-GigabitEthernet1/0/2] command 1 system-view [Sysname-job-shutdown-GigabitEthernet1/0/2] command 2 interface gigabitethernet 1/0/2 [Sysname-job-shutdown-GigabitEthernet1/0/2] command 3 shutdown [Sysname-job-shutdown-GigabitEthernet1/0/2] quit # Configure a job for enabling interface GigabitEthernet 1/0/2.
Page 127 Job name: start-GigabitEthernet1/0/2 system-view interface gigabitethernet 1/0/2 undo shutdown # Display the schedule information. [Sysname] display scheduler schedule Schedule name : START-pc1/pc2 Schedule type : Run on every Mon Tue Wed Thu Fri at 08:00:00 Start time : Wed Sep 28 08:00:00 2011 Last execution time : Wed Sep 28 08:00:00 2011 Last completion time : Wed Sep 28 08:00:03 2011...
Page 128: Disabling Password Recovery Capability
[Sysname]interface gigabitethernet 1/0/2. [Sysname-GigabitEthernet1/0/2]undo shutdown Job name : shutdown-GigabitEthernet1/0/1 Schedule name : STOP-pc1/pc2 Execution time : Wed Sep 28 18:00:00 2011 Completion time : Wed Sep 28 18:00:01 2011 --------------------------------- Job output ----------------------------------- <Sysname>system-view System View: return to User View with Ctrl+Z. [Sysname]interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1]shutdown Job name...
Page 129: Setting The Port Status Detection Timer
Setting the port status detection timer The device starts a port status detection timer when a port is shut down by a protocol. Once the detection timer expires, the device brings up the port so the port status reflects the port's physical status. To set the port status detection timer: Step Command...
Page 130 Critical alarm threshold. Table 12 Figure 40 show how the device generates notifications based on the free-memory thresholds. Table 12 Memory alarm notifications and memory alarm-removed notifications Notification Triggering condition Remarks After generating and sending a minor alarm The amount of free memory space notification, the system does not generate Minor alarm notification decreases to or below the minor...
Page 131: Configuring The Temperature Alarm Thresholds
Step Command Remarks Enter system view. system-view The defaults are as follows: • Minor alarm threshold—96 MB. memory-threshold [ slot slot-number [ cpu Set free-memory cpu-number ] ] minor minor-value severe • Severe alarm threshold—64 MB. thresholds. severe-value critical critical-value normal •...
Page 132: Verifying And Diagnosing Transceiver Modules
Step Command Remarks The default settings are shown Table The high-temperature alarming temperature-limit slot slot-number threshold must be higher than the Configure the temperature hotspot sensor-number lowlimit high-temperature warning alarm thresholds. warninglimit [ alarmlimit ] threshold. The high-temperature warning threshold must be higher than the low temperature threshold.
Page 133: Diagnosing Transceiver Modules
Display its electronic label. The electronic label is a profile of the transceiver module and contains • the permanent configuration, including the serial number, manufacturing date, and vendor name. The data is written to the storage component during debugging or testing. To verify transceiver modules, execute the following commands in any view: Task Command...
Page 134: Displaying And Maintaining Device Management Configuration
Display the electronic label information of the display device manuinfo [ slot slot-number ] device. Display the electronic label information of a power supply. (On an HP 5130-24G-SFP-4SFP+ EI display device manuinfo slot slot-number power power-id Switch (JG933A).) Display the operating statistics for multiple feature display diagnostic-information [ hardware | modules.
Page 135 Task Command Display system version information. display version Display the startup software image upgrade display version-update-record history records of the master. Clear job execution log information. reset scheduler logfile...
Page 136: Using Tcl
Using Tcl Comware V7 provides a built-in tool command language (Tcl) interpreter. From user view, you can use the tclsh command to enter Tcl configuration view to execute the following commands: • Tcl 8.5 commands. Comware commands. • The Tcl configuration view is equivalent to the user view. You can use Comware commands in Tcl configuration view in the same way they are used in user view.
Page 137: Using Automatic Configuration
Using automatic configuration With the automatic configuration feature, the device can automatically obtain a set of configuration settings from some servers when it starts up without a configuration file. This feature simplifies network configuration and maintenance. Understanding automatic configuration The automatic configuration feature requires the cooperation of the following servers: a DHCP server, an HTTP server, a TFTP server, and a DNS server, as shown in Figure Figure 41 Typical automatic configuration network diagram...
Page 138 A DNS server IP address. For more information, see "Automatic-configuration parameter acquisition process." After getting automatic configuration parameters, the device tries to download a configuration file from a TFTP server or an HTTP server. For more information, see "Configuration file acquisition process."...
Page 139: Interface Selection Process
Figure 42 Automatic configuration workflow Device powered on (no configuration file) Select an interface Enable DHCP client and request parameters Restore the default Got parameters? for the interface Y: HTTP method Got a configuration file name and the name is in the form of an HTTP URL? N: TFTP method Got the TFTP server...
Page 140: Automatic-Configuration Parameter Acquisition Process
Searches for a Layer 2 Ethernet interfaces in up state. If one or more interfaces are found, the device uses the VLAN interface of the default VLAN for automatic configuration and quits the process. Searches for all Layer 3 Ethernet interfaces in up state. If one or more interfaces are found, the device sorts them in the dictionary order of the interface types and then in ascending order of interface numbers.
Page 141: Configuration File Acquisition Process
Configuration file acquisition process The device requests a configuration file from an HTTP server or a TFTP server: • If the device got a configuration file name during the automatic-configuration parameter acquisition process, the device examines the form of the configuration file name. If the configuration file name is a valid HTTP URL, the device tries to download the configuration file from the URL.
Page 142: Deploying And Configuring Servers For Automatic Configuration
Figure 44 Configuration file acquisition process (from a TFTP server) Deploying and configuring servers for automatic configuration To implement automatic configuration, you do not need to perform any configuration on the device. However, you must deploy DHCP, TFTP, and DNS servers and configure the servers to cooperate with the device as follows: DHCP server—Assigns the device a set of parameters for automatic configuration, which might •...
Page 143: Dhcp Server Configuration Guidelines
HTTP server—Assigns files for automatic configuration to the device, for example, the configuration • file. TFTP server—Stores files required for device automatic configuration, including the configuration • files and host name files. For more information about the TFTP server, see "Configuring TFTP." DNS server—Resolves the device's temporary IP address to its host name so the device can request •...
Page 144: Http Server Configuration Guidelines
HTTP server configuration guidelines Create configuration files required for device automatic configuration on the HTTP server. For simple file name identification, use configuration file names that do not contain spaces. TFTP server configuration guidelines Create configuration files and host name files required for device automatic configuration on the TFTP server, including the default configuration file device.cfg.
Page 145: Support And Other Resources
Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...
Page 146: Conventions
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 147 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Page 148 Index running configuration (manual), argument (CLI string/text type), ASCII transfer mode, RBAC AAA authorization, assigning RBAC default user role, CLI user line assignment, RBAC local AAA authentication user RBAC local AAA authentication user role, configuration, RBAC non-AAA authentication user role, RBAC non-AAA authorization, RBAC permission assignment, RBAC user role local AAA authentication,...
Page 149 FTP basic server authorization, startup image file specification, login management command system startup, authorization, 41, upgrade methods, login management user access control, RBAC temporary user role authorization, calculating auto file digest, automatic configuration archiving, changing configuration. See automatic configuration file system current working directory, automatic configuration FTP user account, configuration file acquisition process,...
Page 150 output control keys, system software image type, return to upper-level view from any view, configuration return to user view, startup configuration loading, running configuration save, configuration file software upgrade, automatic acquisition process, string/text type argument value, configuration archive, undo command form, configuration archive parameters, use, configuration archiving (automatic),...
Page 151 login management CLI console/AUX none login management console port login authentication, procedure, login management CLI console/AUX password login management overview, authentication, controlling login management CLI console/AUX scheme CLI output, authentication, CLI output control keys, login management CLI local console/AUX port login management SNMP access, login, login management SSH logins,...
Page 152 enter system view from user view, configuration, 1 1 1 file system management, copyright statement display, 1 13 file system storage media formatting, CPU usage monitoring, 122, file system storage media management, device name configuration, 1 1 1 file system storage media repair, device reboot, 1 15 FTP basic server parameters configuration,...
Page 153 configuration files, calculating digest, device copyright statement, 1 13 compression, 87, device management configuration, 127, configuration file content, file system current working directory display, configuration file format, file system directory information, configuration file formats, file system file information, configuration file management, file system text file content, copying, FTP client,...
Page 154 storage media repair, hotkey (command), text file content display, HWTACACS File Transfer Protocol. Use login management command accounting, 44, filtering RBAC temporary user role authorization, CLI display command output, FIPS identifying configuration file FIPS compliance, CLI user line, FIPS compliance image RBAC, Boot ROM software image type,...
Page 155 login management Telnet login password authentication, login management Telnet login scheme device management, 1 1 1 authentication, legal banner type, 1 13 login management Telnet server login, line login management VTY common line settings, CLI user line assignment, login login management CLI console/AUX common device banner login type, 1 13 user line settings,...
Page 156 software image set, device transceiver module verification, 125, 125, 125, main next-startup configuration file, 100, monitoring maintaining device CPU usage, CLI login, moving device management configuration, 127, file, FTP connection, multiple-line banner input mode, 1 13 managing CLI display command output, configuration files, naming device.
Page 157 device transceiver module CLI use, verification, 125, 125, 125, configuration file management, file system directory management, device management, 1 1 1 file system file management, file system management, file system storage media management, FTP configuration, FTP basic server parameters configuration, login management SNMP device access, FTP client configuration (centralized IRF login management user access control,...
Page 158 automatic configuration parameter acquisition RBAC user role remote AAA authentication, process, RBAC user role VLAN policy, Option 67 (DHCP);Option 067 RBAC VLAN access policy, automatic configuration parameter acquisition port process, device status detection timer, 122, outputting preloading CLI display command output filtering, Boot ROM image, CLI display command output management, preparing...
Page 159 configuring FTP server local authorization, controlling login management Telnet logins, 38, configuring FTP server remote authentication, copying file, configuring FTP server remote authorization, creating directory, configuring login management CLI creating RBAC user role, console/AUX common user line settings, decompressing file, 87, configuring login management CLI deleting file, console/AUX password authentication,...
Page 160 logging in to Telnet server (device login), setting login management Telnet login max number concurrent users, maintaining CLI login, specifying device system time source, 1 12 maintaining device management configuration, 127, specifying next-startup configuration file, maintaining FTP connection, specifying startup image file, managing CLI display command output, terminating FTP connection, managing file system directories,...
Page 161 temporary user role authorization RBAC user role assignment, 49, configuration, RBAC user role authentication, troubleshooting, RBAC user role creation, troubleshooting local user access RBAC user role interface policy, permissions, RBAC user role local AAA authentication, troubleshooting login attempts by RADIUS users RBAC user role non-AAA authentication, fail, RBAC user role remote AAA authentication,...
Page 162 login management CLI console/AUX common DSCP value for outgoing Telnet packet, user line settings, file/folder operation mode, login management CLI console/AUX scheme login management Telnet login max number authentication, concurrent users, security shell banner type, 1 13 configuration encryption, single-line banner input mode, 1 13 login management command SNMP...
Page 163 login control, CLI display command output save to file, login management overview, CLI display command output viewing, server login, CLI online help access, starting up CLI output control, 8, Boot ROM image preload, CLI running configuration save, software upgrade procedure (non-ISSU), CLI string/text type argument value, software upgrade with non-ISSU method, CLI undo command form,...
Page 164 file system directory management, login management Telnet login scheme authentication, file system file management, login management Telnet packet DSCP value, file system file name formats, login management Telnet server login, file system management, login management user access control, file system storage media management, login management VTY common line settings, FTP configuration, next-startup configuration file specification,...
Page 165 VTY common line settings, RBAC feature group configuration, temperature RBAC local AAA authentication user configuration, device temperature alarm threshold, 124, RBAC permission assignment, terminating RBAC predefined user roles, FTP connection, RBAC RADIUS authentication user configuration, text file content display, RBAC resource access policies, text type argument value, RBAC temporary user role authorization, 56, TFTP, 83, See also...
Page 166 RBAC VLAN access policy, working with VTY line settings, FTP server files,...

HP 5130 EI series Configuration Manual

Quick Links

Configuration Guide

Troubleshooting

Related Manuals for HP 5130 EI series

Summary of Contents for HP 5130 EI series

Table of Contents