HP A3100-24 User Manual

HP A3100 v2 Switch Series Fundamentals Configuration Guide HP A3100-8 v2 SI Switch (JG221A) HP A3100-16 v2 SI Switch (JG222A) HP A3100-24 v2 SI Switc

CLI views adopt a hierarchical structure. See Figure 3. • After logging in to the switch, you are in user view. The user view prompt is <device na

To do… Use the command… Remarks Configure user properties authorization-attribute { acl acl-number | callback-number callback-number | idle-cut min

# Check files on your device. Remove those redundant to ensure adequate space for the system software image file to be uploaded. <Sysname> dir

Displaying and maintaining FTP To do… Use the command… Remarks Display the configuration of the FTP client display ftp client configuration [ | { b

TFTP configuration TFTP overview Introduction to TFTP The Trivial File Transfer Protocol (TFTP) provides functions similar to those provided by FTP,

Table 10 Configuration when the device serves as the TFTP client Device Configuration Remarks Device (TFTP client) • Configure the IP address and r

To do… Use the command… Remarks Configure the source address of the TFTP client tftp client source { interface interface-type interface-number | ip

Configuration procedure 1. Configure the PC (TFTP Server), the configuration procedure is omitted. • On the PC, enable the TFTP server • Configure

100 File management Managing files Files such as host software and configuration files that are necessary for the operation of the device are saved

101 Displaying directory information To do… Use the command… Remarks Display directory or file information dir [ /all ] [ file-url ] Required Avai

102 NOTE: You can create a file by copying, downloading or using the save command. Displaying file information To do… Use the command… Remarks

To do… Use the command… Remarks Return to the parent view from the current view quit Required Available in any view. NOTE: • The quit command in

103 CAUTION: • The files in the recycle bin still occupy storage space. To delete a file in the recycle bin, execute the resetrecycle-bin command

104 Performing storage medium operations Managing the space of a storage medium When the space of a storage medium becomes inaccessible due to abnor

105 1 -rw- 1218 Feb 16 2006 11:46:19 config.cfg 2 drw- - Feb 16 2006 15:20:27 test 3 -rw- 184108 Feb 16 2006 1

Configuration file management Configuration file overview A configuration file contains a set of commands. You can save the current configuration to

Coexistence of multiple configuration files The switch can save multiple configuration files on its storage media. You can save the configurations us

The fast saving mode is suitable for environments where the power supply is stable. The safe mode is preferred in environments where a stable power s

When you enter the configuration replace file command, the system compares the running configuration and the specified replacement configuration file

To do… Use the command… Remarks Set the maximum number of configuration files that can be saved archive configuration max file-number Optional The

To do… Use the command… Remarks Manually save the running configuration archive configuration Required Available in user view NOTE: Specify the

To do… Use the command… Remarks Specify a startup configuration file to be used at the next startup startup saved-configuration cfgfile [ backup |

<1-4094> VLAN interface [sysname] interface vlan-interface 1 ? <cr> [sysname] interface vlan-interface 1 The string <cr> indica

To do… Use the command… Remarks Delete a startup configuration file to be used at the next startup from the storage media reset saved-configuration

To do… Use the command… Remarks Display the configuration files used at this and the next system startup display startup [ | { begin | exclude | in

Software upgrade configuration Switch software overview Switch software includes the Boot ROM and the system software images. After powered on, the d

Upgrade method Upgrade object Description Upgrading system software through a system reboot System software upgrade process, and is not recommended.

Upgrading system software through a system reboot Follow these steps to upgrade system software through a system reboot: To do… Use the command… Re

Common patch and temporary patch • Common patches are those formally released through the version release flow. • Temporary patches are those not

Figure 43 Patches are not loaded to the memory patch area Patch 1 IDLEPatch 2 IDLEPatch 3 IDLEPatch 4 IDLEPatch 5 IDLEPatch 6 IDLEPatch 7 IDLEPatch 8

Figure 45 Patches are activated Patch 1 ACTIVEPatch 2 ACTIVEPatch 3 ACTIVEPatch 4 ACTIVEPatch 5 ACTIVEPatch 6 DEACTIVEPatch 7 DEACTIVEPatch 8 IDLEMem

on the PATCH-FLAG. If there is a match, the system loads patches to or installs them on the memory patch area. The following table describes the def

To do… Use the command… Remarks Activate the specified patches patch active patch-number slot slot-number Required • After you activate a patch, t

• To set the configuration file for next startup, type st s. You can also press Tab to have an incomplete keyword automatically completed. Configuri

Displaying and maintaining the software upgrade To do… Use the command… Remarks Display information about system software display boot-loader [ slo

[FTP-Server] local-user aaa [FTP-Server-luser-aaa] password cipher hello [FTP-Server-luser-aaa] service-type ftp [FTP-Server-luser-aaa] authorization

Hotfix configuration example Network requirements • As shown in Figure 48, the software running on Device is having problems, and a hotfix is needed

Device management Device management includes monitoring the operating status of devices and configuring their running parameters. NOTE: The config

Command Effective system time Configuration example System time 1, 2 date-time ± zone-offset clock datetime 2:00 2007/2/2 clock timezone zone-time

Command Effective system time Configuration example System time date-time – summer-offset outside the daylight saving time range: date-time – summe

Command Effective system time Configuration example System time date-time in the daylight saving time range, but date-time – summer-offset outside t

To do… Use the command… Remarks Enter system view system-view — Enable displaying the copyright statement copyright-info enable Optional Enabled

Configuration procedure Follow these steps to configure a banner: To do… Use the command… Remarks Enter system view system-view — Configure the i

Rebooting the device You can reboot the device in one of the following ways to recover from an error condition: • Reboot the device immediately at t

NOTE: By default, the Ctrl+G, Ctrl+L and Ctrl+O hotkeys are associated with pre-defined commands as definedbelow, the Ctrl+T and Ctrl+U hotkeys are

Scheduling jobs You can schedule a job to automatically run a command or a set of commands without administrative interference. The commands in a job

Scheduling a job in the non-modular approach Perform one of the following commands in user view to schedule a job: To do… Use the command… Remarks

To view Boot ROM accessibility status, use the display startup command. For more information about the display startup command, see the Fundamentals

To do… Use the command… Remarks Configure temperature alarm thresholds temperature-limit slot slot-number inflow sensor-number lowerlimit warningli

• Display its electronic label. The electronic label is a profile of the transceiver module and contains the permanent configuration including the s

To do… Use the command… Remarks Display the system time and date display clock [ | { begin | exclude | include } regular-expression ] Available in

To do… Use the command… Remarks Display the device reboot setting display schedule reboot [ | { begin | exclude | include } regular-expression ] Av

Automatic configuration Automatic configuration overview Automatic configuration enables a device without any configuration file to automatically obt

How automatic configuration works Automatic configuration works in the following manner: 1. During startup, the device sets the first up interface (

Using DHCP to obtain an IP address and other configuration information Address acquisition process As mentioned before, a device sets the first up in

NOTE: The hotkeys in Table 3 are defined by the switch. If the same hotkeys are defined by the terminal softwarethat you use to interact with the sw

administrator can Telnet to each device to perform specific configurations (for example, configure the IP address of each interface). • If devices u

Obtaining the configuration file Figure 51 Obtain the configuration file Is the configuration file contained in the DHCP response?Obtain the network

NOTE: After broadcasting a TFTP request, the device selects the TFTP server that responds first to obtain the configuration file. If the requested

Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.com/support Before c

Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text repr

Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch

Index A B C D E F H L M N O P R S T U V W A Automatic configuration overview,14 0 B Backing up the startup configuration file,112 C Changing the s

Typing commands,5 Rebooting the device,132 Related information,14 6 U Restoring a startup configuration file,113 Undo form of a command,2 S Upgrad

Accessing history commands Follow a step below to access history commands: To do… Use the key/command… Result Display history commands display hist

Controlling the CLI display Multi-screen display Controlling multi-screen display If the output information spans multiple screens, each screen pauses

• When the system displays the output information in multiple screens, use /, - or + plus a regular expression to filter subsequent output informatio

Character Meaning Remarks \index Repeats the character string specified by the index. A character string refers to the string within () before \. ind

Legal and notice information © Copyright 2011 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitte

user privilege level 3 # return 2. Example of using the exclude keyword # Display the non-direct routes in the routing table (the output depends on

Level Privilege Description 3 Manage Involves commands that influence the basic operation of the system and commands for configuring system support mo

<Sysname> system-view [Sysname] user-interface vty 1 [Sysname-ui-vty1] authentication-mode scheme [Sysname-ui-vty1] quit [Sysname] local-user te

To do… Use the command… Remarks Enter system view system-view — Enter user interface view user-interface { first-num1 [ last-num1 ] | { aux | vty

display commands. The switching operation is effective for the current login. After the user logs back in, the user privilege restores to the original

To do… Use the command… Remarks Configure the password for user privilege level switch super password [ level user-level ] { simple | cipher } passw

User interface authentication mode User privilege level switch authentication mode Information input for the first authentication mode Information inp

CAUTION: HP recommends that you use the default command level or modify the command level under the guidanceof professional staff. An improper change

Login methods Login methods You can log in to the switch by using the following methods. Table 7 Login methods Login method Default state Logging in

Login method Default state NMS login By default, you cannot log in to a device through a network management system (NMS). To do so, log in to the de

Contents CLI configuration····························································································································

VTY user interfaces. You can use the display user-interface command without any parameters to view supported user interfaces and their absolute numbe

CLI login Overview The CLI enables you to interact with a device by typing text commands. At the CLI, you can instruct your device to perform a given

The port properties of the hyper terminal must be the same as the default settings of the console port shown in the following table. Setting Default

Figure 5 Connection description Figure 6 Specify the serial port used to establish the connection 26

Figure 7 Set the properties of the serial port Step3 Turn on the device. You are prompted to press Enter if the device successfully completes the

• none—Requires no username and password at the next login through the console port. This mode is insecure. • password—Requires password authentica

By default, you can log in to the device through the console port without authentication and have user privilege level 3 after login. For information

By default, you can log in to the device through the console port without authentication and have user privilege level 3 after login. For information

Configuring scheme authentication for console login Configuration prerequisites You have logged in to the device. By default, you can log in to the d

To do… Use the command… Remarks Enable command accounting command accounting Optional • By default, command accounting is disabled. The accountin

Telnet login authentication modes ····················································································································

To do… Use the command… Remarks Specify the service type for the local user service-type terminal Required By default, no service type is specifie

Figure 11 Configuration page Configuring common settings for console login (optional) Follow these steps to configure common settings for console p

To do… Use the command… Remarks Configure the data bits databits { 5 | 6 | 7 | 8 } Optional By default, the data bits of the console port is 8. Dat

To do… Use the command… Remarks Set the idle-timeout timer idle-timeout minutes [ seconds ] Optional The default idle-timeout is 10 minutes. The sy

This section includes these topics: • Telnet login authentication modes • Configuring none authentication for Telnet login • Configuring password

Authentication mode Configuration Remarks Configure the authentication scheme Configure a RADIUS/HWTACACS scheme Configure the AAA scheme used by the

To do… Use the command… Remarks Configure common settings for VTY user interfaces — Optional See “Configuring common settings for VTY user interfac

To do… Use the command… Remarks Enter one or multiple VTY user interface views user-interface vty first-number [ last-number ] — Specify the passwo

Configuring scheme authentication for Telnet login Configuration prerequisites You have logged in to the device. By default, you can log in to the de

To do… Use the command… Remarks Enable command authorization command authorization Optional • By default, command authorization is not enabled. •

FTP operation·········································································································································

To do… Use the command… Remarks Enable command accounting command accounting Optional • By default, command accounting is disabled. The accountin

To do… Use the command… Remarks Specify the command level of the local user authorization-attribute level level Optional By default, the command le

Figure 15 Configuration page Configuring common settings for VTY user interfaces (optional) Follow these steps to configure common settings for VTY

To do… Use the command… Remarks Set the maximum number of lines on the next screen screen-length screen-length Optional By default, the next screen

By default, you can log in to the device through the console port without authentication and have user privilege level 3 after login. For information

Object Requirements Configure the IP address of the VLAN interface, and make sure the SSH server and client can reach each other. SSH server Configur

To do… Use the command… Remarks Enable the current user interface to support SSH protocol inbound { all | ssh } Optional By default, Telnet and SSH

To do… Use the command… Remarks Enter the deISP domain view fault e domain domain-namApply the specified AAA scheme to the domain hwtacacs-scheme-n

• Reference the created HWTACACS scheme in the ISP domain. For more information, see the Security Configuration Guide. When users adopt the scheme m

Logging in through modems Introduction The administrator can use two modems to remotely maintain a switch through its Console port over the Public Sw

Setting configuration rollback························································································································

Step2 Configuration on the administrator side The PC and the modem are correctly connected, the modem is connected to a telephone cable, and the tele

Figure 20 Connection description Figure 21 Enter the phone number Figure 22 Dial the number 54

Step6 Character string CONNECT9600 is displayed on the terminal. Then a prompt appears when you press Enter. Figure 23 Configuration page Step7 If

and password on the remote authentication server. For more information about authentication modes and parameters, see the Security Configuration Guid

To do… Use the command… Remarks Enter system view system-view — Enter one or more AUX user interface views user-interface aux first-number [ last

To do… Use the command… Remarks Enter system view system-view — Enter one or more AUX user interface views user-interface aux first-number [ last

Configuration procedure Follow these steps to configure scheme authentication for modem login: To do… Use the command… Remarks Enter system view s

To do… Use the command… Remarks Optional • By default, command accounting is disabled. The accounting server does not record the commands executed

To do… Use the command… Remarks Specify the service type for the local user service-type terminal Required By default, no service type is specifie

Figure 26 Configuration page Configuring common settings for modem login (optional) Follow these steps to configure common settings for modem login

Diagnosing transceiver modules························································································································

To do… Use the command… Remarks Configure the data bits databits { 5 | 6 | 7 | 8 } Optional By default, the data bits is 8. Data bits is the number

To do… Use the command… Remarks Set the idle-timeout timer idle-timeout minutes [ seconds ] Optional The default idle-timeout is 10 minutes. The sy

To do… Use the command… Remarks Release a specified user interface free user-interface { num1 | { aux | vty } num2 } Available in user view Multipl

Web login Web login overview The device provides a built-in web server that enables you to log in to the web interface of the device from a PC. Web l

To do… Use the command… Remarks Configure the HTTP service port number ip http port port-number Optional 80 by default. If you execute the command

To do… Use the command… Remarks Configure PKI and SSL related features — Required By default, PKI and SSL are not configured. • For more informati

To do… Use the command… Remarks Associate the HTTPS service with a certificate attribute-based access control policy ip https certificate access-co

Displaying and maintaining web login To do… Use the command… Remarks Display information about web users display web users [ | { begin | exclude |

Figure 28 Web login page # Type the user name, password, verify code, select English, and click Login. The homepage appears. After login, you can c

Configuration procedure 1. Configure the device that acts as the HTTPS server # Configure a PKI entity, configure the common name of the entity as h

CLI configuration What is CLI? The command line interface (CLI) enables you to interact with your device by typing text commands. At the CLI, you can

# Enable the HTTPS service. [Device] ip https enable # Create a local user named usera, set the password to 123 for the user, and specify the Telne

NMS login NMS login overview An NMS runs the SNMP client software. It offers a user-friendly interface to facilitate network management. An agent is

To do… Use the command… Remarks Add a user to the SNMP group snmp-agent usm-user v3 user-name group-name [ [ cipher ] authentication-mode { md5 | s

# Enter system view. <Sysname> system-view # Enable the SNMP agent. [Sysname] snmp-agent # Configure an SNMP group. [Sysname] snmp-agent gro

Figure 32 iMC homepage Log in to the iMC and configure SNMP settings for the iMC to find the device. After the device is found, you can manage and

User login control User login control methods The device provides the following login control methods. Login Through Login control methods ACL use

To do… Use the command… Remarks Enter user interface view user-interface [ type ] first-number [ last-number ] — Use the ACL to control user login

To do… Use the command… Remarks Create an Ethernet frame header ACL and enter its view acl number acl-number [ match-order { config | auto } ] Requ

[Sysname] user-interface vty 0 4 [Sysname-ui-vty0-4] acl 2000 inbound Configuring source IP-based login control over NMS users You can log in to the

To do… Use the command… Remarks Associate the user with the ACL snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ] snmp-agent

Convention Description [ ] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of r

Configuring source IP-based login control over web users You can log in to the web management page of the device through HTTP/HTTPS to remotely manag

Source IP-based login control over web users configuration example Network requirements As shown in Figure 35, configure the device to allow only web

FTP configuration FTP overview Introduction to FTP The File Transfer Protocol (FTP) is an application layer protocol for sharing files between server

Table 9 Configuration when the device serves as the FTP server Device Configuration Remarks Enable the FTP server function Disabled by default. You

• If you use the ftp client source command and the ftp command to specify a source address respectively, the source address specified with the ftp

Follow these steps to operate the directories on an FTP server: To do… Use the command… Remarks Display detailed information about a directory or f

To do… Use the command… Remarks Set the file transfer mode to binary binary Optional ASCII by default. Set the data transmission mode to passive pa

To do… Use the command… Remarks Terminate the connection to the FTP server without exiting FTP client view disconnect Optional Equal to the close c

230 Logged in successfully # Set the file transfer mode to binary to transmit system software image file. [ftp] binary 200 Type set to I. # Download

To do… Use the command… Remarks Use an ACL to control FTP clients’ access to the switch ftp server acl acl-number Optional By default, no ACL is us