H3C S5500-HI Switch Series Скачать руководство пользователя

Страница: 87 / 180

User login control

User login control overview

The device provides the following login control methods:

ACL used

Configuring source IP-based login control over Telnet
users

Basic ACL

Configuring source and destination IP-based login
control over Telnet users

Advanced ACL

Telnet

Configuring source MAC-based login control over
Telnet users

Ethernet frame header ACL

NMS

Configuring source IP-based login control over NMS
users

Basic ACL

Web

Configuring source IP-based login control over web
users

Basic ACL

Configuring login control over Telnet users

Configuration preparation

Before configuration, determine the permitted or denied source IP addresses, source MAC addresses,

and destination IP addresses.

Configuring source IP-based login control over Telnet users

Basic ACLs match the source IP addresses of packets, so you can use basic ACLs to implement source

IP-based login control over Telnet users. Basic ACLs are numbered from 2000 to 2999. For more

information about ACL, see

ACL and QoS Configuration Guide.

Follow these steps to configure source IP-based login control over Telnet users:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Create a basic ACL and enter its
view, or enter the view of an

existing basic ACL

acl

[

ipv6

]

number

acl-number

[

match-order

{

config

auto

} ]

Required
By default, no basic ACL exists.

Configure rules for this ACL

rule

[

rule-id

] {

permit

deny

}

[

source

{

sour-addr sour-wildcard

any

} |

time-range

time-name

fragment

logging

Required

Exit the basic ACL view

quit

—

Содержание S5500-HI Switch Series

Страница 1: ...H3C S5500 HI Switch Series Fundamentals Configuration Guide Hangzhou H3C Technologies Co Ltd http www h3c com Software version Release 5101 Document version 6W100 20111031...

Страница 2: ...re Secware Storware NQA VVG V2 G Vn G PSPT XGbus N Bus TiGem InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the...

Страница 3: ...ical support Documentation feedback Audience This documentation is intended for Network planners Field technical support and servicing engineers Network administrators working with the S5500 HI Switch...

Страница 4: ...alls attention to important information that if not understood or followed can result in data loss data corruption or damage to hardware or software IMPORTANT An alert that calls attention to essentia...

Страница 5: ...e transceiver modules Pluggable SFP SFP XFP Transceiver Modules Installation Guide Describe the installation and replacement of SFP SFP XFP transceiver modules Software configuration Configuration gui...

Страница 6: ...Technical support customer_service h3c com http www h3c com Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...

Страница 7: ...en display 10 Filtering output information 11 Configuring user privilege and command levels 14 Introduction 14 Configuring a user privilege level 14 Switching user privilege level 17 Modifying the lev...

Страница 8: ...68 HTTP login example 68 HTTPS login example 69 NMS login 72 NMS login overview 72 Configuring NMS login 72 NMS login example 73 User login control 76 User login control overview 76 Configuring login...

Страница 9: ...Renaming a file 100 Copying a file 100 Moving a file 100 Deleting a file 100 Restoring a file from the recycle bin 101 Emptying the recycle bin 101 Managing directories 101 Displaying directory infor...

Страница 10: ...19 Hotfix configuration task list 122 Configuration prerequisites 122 Installing a patch in one step 122 Installing a patch step by step 123 Uninstalling a patch step by step 125 Displaying and mainta...

Страница 11: ...the power saving function 156 Enabling the power saving function 156 Configuring power saving status 157 Configuring the port status detection timer 157 Configuring temperature thresholds for a device...

Страница 12: ...ethods Command conventions Command conventions help you understand command meanings Commands in product manuals comply with the conventions listed in Table 1 Table 1 Command conventions Convention Des...

Страница 13: ...cated commands can be understood using Table 1 as a reference Undo form of a command The undo form of a command restores the default disables a function or removes a configuration Almost all configura...

Страница 14: ...you automatically enter user view where Device name is displayed You can perform limited operations in user view for example display operations file operations and Telnet operations To perform further...

Страница 15: ...lp Enter a question mark to access online help See the following examples 1 Enter in any view to display all commands available in this view as well as brief descriptions of the commands For example S...

Страница 16: ...or back one character Left arrow key or Ctrl B The cursor moves one character space to the left Right arrow key or Ctrl F The cursor moves one character space to the right Tab If you press Tab after e...

Страница 17: ...command aliases When you enter a command alias the system displays and saves the command in its original format instead of its alias In other words you can define and use a command alias but the comma...

Страница 18: ...Hotkeys reserved by the system Hotkey Function Ctrl A Moves the cursor to the beginning of the current line Ctrl B Moves the cursor one character to the left Ctrl C Stops performing a command Ctrl D...

Страница 19: ...ously but not submitted Follow these steps to enable redisplaying of commands previously entered but not submitted To do Use the command Remarks Enter system view system view Enable redisplaying of en...

Страница 20: ...inal you need to use Ctrl P or Ctrl N because they are defined differently and the up and down arrow keys are invalid The commands saved in the history command buffer are in the same format in which y...

Страница 21: ...ch screen pauses after it is displayed Perform one of the following operations to proceed Action Function Press Space Displays the next screen Press Enter Displays the next line Press Ctrl C Stops the...

Страница 22: ...the keyword exclude and equals the keyword include The following definitions apply to the begin exclude and include keywords begin Displays the first line that matches the specified regular expression...

Страница 23: ...x refers to the sequence number starting from 1 from left to right of the character group before If only one character group appears before index can only be 1 if n character groups appear before inde...

Страница 24: ...line containing user interface to the last line in the current configuration the output information depends on the current configuration Sysname display current configuration begin user interface user...

Страница 25: ...this level will be restored to the default settings Commands at this level include debugging terminal refresh and send 2 System Provides service configuration commands including routing configuration...

Страница 26: ...ege level the user privilege level depends on the default configuration of the authentication server Example of configuring a user privilege level by using AAA authentication parameters Authenticate u...

Страница 27: ...level for users logged in through the AUX user interface is 3 and that for users logged in through the VTY interfaces is 0 Follow these steps to configure the user privilege level under a user interf...

Страница 28: ...tion Users can switch to a different user privilege level temporarily without logging out and terminating the current connection After the privilege level switching users can continue to configure the...

Страница 29: ...r by using the local password first and if no password for privilege level switching is set for the user logged in from the AUX user interface the privilege level is switched directly for the user log...

Страница 30: ...e user privilege level the information you need to provide varies with combinations of the user interface authentication mode and the super authentication mode Table 6 Information entered for user pri...

Страница 31: ...password attempts For more information about user interface authentication see the chapter CLI login Modifying the level of a command All the commands in a view default to different levels The admini...

Страница 32: ...Displaying and maintaining CLI To do Use the command Remarks Display defined command aliases and the corresponding commands display command alias begin exclude include regular expression Available in...

Страница 33: ...e through SSH To do so log in to the device through the console port and complete the following configuration Enable the SSH function and configure SSH attributes Configure the IP address of the VLAN...

Страница 34: ...ages and monitors users that log in via the console port The type of the console port is EIA TIA 232 DCE VTY virtual type terminal user interface Used to manage and monitor users that log in via VTY A...

Страница 35: ...ring Relative numbering allows you to specify a user interface or a group of user interfaces of a specific type The number format is user interface type number The following rules of relative numberin...

Страница 36: ...erform configurations to increase device security and manageability Logging in through the console port Logging in through the console port is the most common login method and is also the first step t...

Страница 37: ...ble into your device To disconnect the PC from the device first unplug the RJ 45 connector and then the DB 9 connector 2 Launch a terminal emulation program such as HyperTerminal in Windows XP or Wind...

Страница 38: ...27 Figure 5 Connection description Figure 6 Specify the serial port used to establish the connection...

Страница 39: ...t POST A prompt such as H3C appears after you press Enter as shown in Figure 8 Figure 8 Configuration page 4 Execute commands to configure the device or check the running status of the device To get h...

Страница 40: ...ration Remarks None Configure not to authenticate users For more information see Configuring none authentication for console login Configure to authenticate users by using the local password Password...

Страница 41: ...e through the console port without authentication and have user privilege level 3 after login Configure common settings for console login Optional See Configuring common settings for console login opt...

Страница 42: ...nd have user privilege level 3 after login Set the local password set authentication password cipher simple password Required By default no local password is set Configure common settings for console...

Страница 43: ...n the user privilege level A user is authorized a command level not higher than the user privilege level With command authorization enabled the command level for a login user is determined by both the...

Страница 44: ...al user service type terminal Required By default no service type is specified Configure common settings for console login Optional See Configuring common settings for console login optional After you...

Страница 45: ...number Configure the baud rate speed speed value Optional By default the transmission rate is 9600 bps Transmission rate is the number of bits that the device transmits to the terminal per second Conf...

Страница 46: ...e type of terminal display terminal type ansi vt100 Optional By default the terminal display type is ANSI The device supports two types of terminal display ANSI and VT100 H3C recommends you to set the...

Страница 47: ...ing table shows the configuration requirements of Telnet login Object Requirements Configure the IP address of the VLAN interface and make sure the Telnet server and client can reach each other Telnet...

Страница 48: ...lnet login configurations for different authentication modes Authentication mode Configuration Remarks None Configure not to authenticate users For more information see Configuring none authentication...

Страница 49: ...evel for login users on the current user interfaces user privilege level level Required By default the default command level is 0 for VTY user interfaces Configure common settings for VTY user interfa...

Страница 50: ...ntication mode password Required By default authentication mode for VTY user interfaces is password Set the local password set authentication password cipher simple password Required By default no loc...

Страница 51: ...ration requirements Configuration procedure Follow these steps to configure scheme authentication for Telnet login To do Use the command Remarks Enter system view system view Enable Telnet telnet serv...

Страница 52: ...on the HWTACACS server If both command accounting and command authorization are enabled only the authorized and executed commands are recorded on the HWTACACS server Exit to system view quit Enter th...

Страница 53: ...of the commands that the users can access depends on the user privilege level defined in the AAA scheme When the AAA scheme is local the user privilege level is defined by the authorization attribute...

Страница 54: ...lt Enable the current user interface s to support either Telnet SSH or both of them protocol inbound all ssh telnet Optional By default both protocols are supported The configuration takes effect next...

Страница 55: ...the command triggers another task the system does not end the user connection until the task is completed A Telnet command is usually specified to enable the user to automatically telnet to the speci...

Страница 56: ...s or source interface is specified The source IPv4 address is selected by routing Logging in through SSH Secure Shell SSH offers an approach to log into a remote device securely By providing encryptio...

Страница 57: ...authentication and have user privilege level 3 after login For information about logging in to the device with the default configuration see Configuration requirements Configuration procedure Follow...

Страница 58: ...hecks whether the command is authorized If yes the command can be executed Enable command accounting command accounting Optional By default command accounting is disabled The accounting server does no...

Страница 59: ...and level of the local user authorization attribute level level Optional By default the command level is 0 Specify the service type for the local user service type ssh Required By default no service t...

Страница 60: ...ugh the console port without authentication and have user privilege level 3 after login For information about logging in to the device with the default configuration see Configuration requirements Fig...

Страница 61: ...s properly Administrator side The telephone number of the remote modem connected to the console port of the remote switch is obtained The console port is correctly connected to the modem Configuration...

Страница 62: ...r AT V to display the configuration results NOTE The configuration commands and the output for different modems may be different For more information see your modem s user guide 4 Launch a terminal em...

Страница 63: ...52 Figure 20 Connection Description Figure 21 Enter the phone number...

Страница 64: ...and device execute the ATH command on the terminal to terminate the connection between the PC and modem If you cannot execute the command on the terminal enter AT and then press Enter When you are pro...

Страница 65: ...Keep your username and password If you lose your local password log in to the device from the console port to display or modify the password If you lose your remote password contact the administrator...

Страница 66: ...ion for modem login To do Use the command Remarks Enter system view system view Enter one or more AUX user interface views user interface aux first number last number Specify the none authentication m...

Страница 67: ...ystem view Enter one or more AUX user interface views user interface aux first number last number Specify the password authentication mode authentication mode password Required By default the modem lo...

Страница 68: ...the default configuration see Configuration requirements Configuration procedure Follow these steps to configure scheme authentication for modem login To do Use the command Remarks Enter system view...

Страница 69: ...e command accounting command accounting Optional By default command accounting is disabled The accounting server does not record the commands executed by users Command accounting allows the HWTACACS s...

Страница 70: ...ng you need to perform the following configuration to make the function take effect Create a HWTACACS scheme and specify the IP address of the authorization server and other authorization parameters R...

Страница 71: ...te speed speed value Optional By default the baud rate is 9600 bps Transmission rate is the number of bits that the device transmits to the terminal per second Configure the parity check mode parity e...

Страница 72: ...he value is none The switch supports the none flow control mode only Configure the type of terminal display terminal type ansi vt100 Optional By default the terminal display type is ANSI The device su...

Страница 73: ...be lower than the transmission rate of the modem Otherwise packets may be lost Displaying and maintaining CLI login To do Use the command Remarks Display information about the user interfaces that ar...

Страница 74: ...and Remarks Lock the current user interface lock Available in user view By default the current user interface is not locked Send messages to the specified user interfaces send all num1 aux vty num2 Av...

Страница 75: ...u can define a certificate attribute based access control policy to allow legal clients to access the device securely and prohibit unauthorized clients To log in to the device through the web interfac...

Страница 76: ...word Required By default no password is configured for the local user Specify the command level of the local user authorization attribute level level Required No command level is configured for the lo...

Страница 77: ...L negotiation Because the application process takes much time the SSL negotiation often fails and the HTTPS service cannot be started normally In that case you need to execute the ip https enable comm...

Страница 78: ...Specify the web service type for the local user service type web Required By default no service type is configured for the local user Exit to system view quit Create a VLAN interface and enter its vi...

Страница 79: ...192 168 0 58 and the subnet mask as 255 255 255 0 Sysname interface vlan interface 999 Sysname VLAN interface999 ip address 192 168 0 58 255 255 255 0 Sysname VLAN interface999 quit Create a local us...

Страница 80: ...ugh the web interface HTTPS login example Network requirements As shown in Figure 29 to prevent unauthorized users from accessing the device configure the device as the HTTPS server and the host as th...

Страница 81: ...Create RSA local key pairs Device public key loc al create rsa Retrieve the CA certificate from the certificate issuing server Device pki retrieval certificate ca domain 1 Request a local certificate...

Страница 82: ...sera service type web Device luser usera authorization attribute level 3 2 Configure the host to act as the HTTPS client On the host run the IE browser and then enter http 10 1 2 2 certsrv in the addr...

Страница 83: ...figure the IP address of the VLAN interface Make sure the device and the NMS can reach each other Device Configure SNMP settings NMS Configure the NMS For more information see your NMS manual Configur...

Страница 84: ...SNMP community snmp agent community read write community name acl acl number mib view view name Configure an SNMP group snmp agent group v1 v2c group name read view read view write view write view not...

Страница 85: ...a user to the SNMP group Sysname snmp agent usm user v3 managev3user managev3group 2 Configure the NMS a On the PC launch the browser and enter http 192 168 3 104 8080 imc in the address bar suppose t...

Страница 86: ...e device through the iMC For example query device information or configure device parameters NOTE The SNMP settings on the iMC must be the same as those configured on the device If not the device cann...

Страница 87: ...denied source IP addresses source MAC addresses and destination IP addresses Configuring source IP based login control over Telnet users Basic ACLs match the source IP addresses of packets so you can...

Страница 88: ...L and enter its view or enter the view of an existing advanced ACL acl ipv6 number acl number match order config auto Required By default no advanced ACL exists Configure rules for the ACL rule rule i...

Страница 89: ...lnet client and server are not in the same subnet Source MAC based login control configuration example Network requirements As shown in Figure 33 configure an ACL on the Device to permit only incoming...

Страница 90: ...match the source IP addresses of packets so you can use basic ACLs to implement source IP based login control over NMS users Basic ACLs are numbered from 2000 to 2999 For more information about ACL s...

Страница 91: ...up name acl acl number snmp agent usm user v3 user name group name cipher authentication mode md5 sha auth password privacy mode 3des aes128 des56 priv password acl acl number Required You can associa...

Страница 92: ...login control over web users Basic ACLs match the source IP addresses of packets so you can use basic ACLs to implement source IP based login control over web users Basic ACLs are numbered from 2000...

Страница 93: ...igure 35 configure the device to allow only web users from Host B to access Figure 35 Network diagram Configuration procedure Create ACL 2000 and configure rule 1 to permit packets sourced from Host B...

Страница 94: ...en the FTP client is behind a firewall PASV mode Passive mode in which the FTP client initiates a data connection request This mode is unavailable when the server side does not allow the client to con...

Страница 95: ...ry for an FTP user The device does not support anonymous FTP for security reasons You must set a valid username and password By default authenticated users can access the root directory of the device...

Страница 96: ...t source command applies to all FTP connections while the one specified with the ftp command applies to the current FTP connection only Follow these steps to establish an IPv4 FTP connection To do Use...

Страница 97: ...ir remotefile localfile Optional Query a directory or file on the remote FTP server ls remotefile localfile Optional Change the working directory of the remote FTP server cd directory Optional Return...

Страница 98: ...ied file on the remote FTP server permanently delete remotefile Optional Set the file transfer mode to ASCII ascii Optional ASCII by default Set the file transfer mode to binary binary Optional ASCII...

Страница 99: ...onnection see Establishing an FTP connection To do Use the command Remarks Terminate the connection to the FTP server without exiting FTP client view disconnect Optional Equal to the close command Ter...

Страница 100: ...nary ftp binary 200 Type set to I Download the system software image file newest bin from the PC to the device Download the system software image file newest bin from the PC to the root directory of t...

Страница 101: ...g data to the storage medium after a file is transferred to the memory This prevents the existing file on the FTP server from being corrupted in the event that an anomaly such as a power failure occur...

Страница 102: ...name Required No local user exists by default and the system does not support FTP anonymous user access Assign a password to the user password simple cipher password Required Assign the FTP service t...

Страница 103: ...clear the memory or use the delete unreserved file url command to delete the files not in use and then perform the following operations 1 Configure the IRF fabric FTP server Create an FTP user accoun...

Страница 104: ...in system software image file for next startup of all the member switches Sysname boot loader file newest bin slot all main This command will set the boot file of the specified board Continue Y N y Th...

Страница 105: ...94 To do Use the command Remarks Display detailed information about logged in FTP users display ftp user begin exclude include regular expression Available in any view...

Страница 106: ...receives data from the server and then sends the acknowledgement to the server In a normal file uploading process the client sends a write request to the TFTP server sends data to the server and rece...

Страница 107: ...filename destination filename that exists in the target directory the original file is not overwritten If file download fails due to network disconnection or other reasons the original file still exi...

Страница 108: ...me vpn instance vpn instance name Optional Available in user view NOTE If there is not primary IP address configured on the source interface no TFTP connection can be established If you use the tftp c...

Страница 109: ...irectory of the storage medium on a slave device with the member ID 2 Sysname tftp 1 2 1 1 get newest bin slot2 flash newest bin Upload a configuration file config cfg to the TFTP server Sysname tftp...

Страница 110: ...er in the current working directory path represents the folder name You can specify multiple folders indicating a file under a multi level folder 1 to 135 characters test a cfg indicates a file named...

Страница 111: ...s can be displayed Available in user view Renaming a file To do Use the command Remarks Rename a file rename fileurl source fileurl dest Required Available in user view Copying a file To do Use the co...

Страница 112: ...view Emptying the recycle bin To do Use the command Remarks Enter the original working directory of the file to be deleted cd directory Optional If the original directory of the file to be deleted is...

Страница 113: ...s in the recycle bin in the current directory Managing storage media Managing the space of a storage medium When the space of a storage medium becomes inaccessible you can use the fixdisk command to r...

Страница 114: ...Repair bad blocks fixdisk device Required Available in user view Checking files After files are written to the NAND flash memory use the following commands together to check the content of these files...

Страница 115: ...marks Enter system view system view Set the file system operation mode file prompt alert quiet Optional The default is alert File system management examples Display the files and the subdirectories in...

Страница 116: ...105 Sysname cd Display the current working directory Sysname pwd flash...

Страница 117: ...iguration of the device you can use the display default configuration command NOTE Factory default configuration may differ from the default settings of commands and vary with switch models Startup co...

Страница 118: ...sing the main startup configuration file If the main startup configuration file is corrupted or lost the devices starts up using the backup startup configuration file Devices supporting main and backu...

Страница 119: ...w these steps to configure the configuration file auto save function To do Use the command Remarks Enter system view system view Enable configuration file auto save slave auto update config Optional E...

Страница 120: ...e file must comply with the format of the configuration file on the current device H3C recommends that you use the configuration file generated by using the backup function You can apply configuration...

Страница 121: ...0080620archive_2 cfg The saved configuration files are numbered automatically from 1 to 1 000 with an increment of 1 If the serial number reaches 1 000 it restarts from 1 If you change the file path o...

Страница 122: ...u set a comparatively small value for the file number argument if the available memory space is small Enabling automatic saving of the running configuration You can configure the system to save the ru...

Страница 123: ...n rollback configuration replace file filename Required CAUTION Configuration rollback may fail if one of the following situations is present if a command cannot be rolled back the system skips it and...

Страница 124: ...TFTP server Follow the step below to back up the startup configuration file To do Use the command Remarks Back up the startup configuration file to the specified TFTP server backup startup configurat...

Страница 125: ...oring a configuration file make sure that the server is reachable the server is enabled with TFTP service and the client has read and write permission After execution of the command use the display st...

Страница 126: ...s used at this and the next system startup display startup begin exclude include regular expression Available in any view Display the valid configuration under the current view display this by linenum...

Страница 127: ...hip Figure 41 Relationship between the Boot ROM and the system software images Software upgrade methods You can upgrade both Boot ROM and system software at the Boot menu or at the command line interf...

Страница 128: ...irectory of the device s storage media by using FTP or TFTP 2 Specify the Boot ROM image to be used at the next boot at the CLI 3 Reboot the device to make the specified Boot ROM image take effect The...

Страница 129: ...used at the next boot of the master and slaves may be different but the versions of the files must be the same otherwise a slave will reboot by using the master s system software image and join the I...

Страница 130: ...ommon patches always include the functions of the previous temporary patches The patch type only affects the patch loading process The system deletes all of the temporary patches before it loads the c...

Страница 131: ...p between patch state changes and command actions NOTE Information about patch states is saved in file patchstate on the Flash H3C recommends that you do not operate this file IDLE state Patches in ID...

Страница 132: ...te Patches in ACTIVE state have run temporarily in the system and become DEACTIVE after system reboot For the seven patches in Figure 44 if you activate the first five patches their states change from...

Страница 133: ...e system cannot locate the patch file and the hotfixing operation fails The name is in the format of patch_PATCH FLAG suffix bin The PATCH FLAG is pre defined The value of the version field using the...

Страница 134: ...tion Specifies the name of the patch package file Provide this option when you install a patch package file NOTE The patch matches the software version If you install a patch file by specifying the di...

Страница 135: ...atch install yyy command the patch file location automatically changes from xxx to yyy Loading a patch file Loading the correct patch files is the basis of other hotfixing operations If you install a...

Страница 136: ...lling a patch step by step Step by step patch uninstallation task list Task Remarks Stopping running patches Required Deleting patches Required Stopping running patches When you stop running a patch t...

Страница 137: ...you uninstall all patches by using the undo patch install command in one operation Software upgrade configuration examples Immediate upgrade configuration example Network requirement As shown in Figu...

Страница 138: ...tftp 2 2 2 2 get soft version2 bin File will be transferred in binary mode Downloading file from remote TFTP server please wait TFTP 10058752 bytes received in 141 second s File downloaded successful...

Страница 139: ...free Flash space of the device is large enough to store the patch files Before upgrading the software use the save command to save the current system configuration Details not shown Load the patch fil...

Страница 140: ...enario you can use ISSU to upgrade system software of each IRF member switch to ensure non stop forwarding or reduce down time for users connected to Switch A Switch B and Switch C Figure 49 IRF netwo...

Страница 141: ...r switches that have not been upgraded with the issu run switchover command Check whether all the IRF member switches have been upgraded Yes No ISSU upgrade cannot be performed Unknown Download the ne...

Страница 142: ...ou reboot the specified slave switch with the issu load command the system automatically creates a configurable version rollback timer When you use the compatible ISSU method If you do not execute the...

Страница 143: ...n saved to the configuration file Display the running status of each IRF member switch display device Required Before performing ISSU make sure that all the member switches of the IRF fabric are in no...

Страница 144: ...ers system view system view Check whether the new system software image is compatible with the current system software image display version comp matrix file upgrading filename Required Configuring IS...

Страница 145: ...ber argument provided in this command must be the same as that specified in the issu load command When this command is executed the rollback timer becomes invalid which means system software cannot be...

Страница 146: ...tion after the reboot process completes Upgrade all the IRF member switches that have not been upgraded in one operation issu run switchover slot slot number Required The slot number argument provided...

Страница 147: ...after executing the issu load command the new rollback timer does not take effect for this ISSU process Displaying and maintaining ISSU To do Use the command Remarks Display information about the roll...

Страница 148: ...oups Ports in aggregation group 1 connect to Switch A ports in aggregation group 2 connect to Switch B and ports in aggregation group 3 connect to Switch C On Switch A create aggregation group 1 that...

Страница 149: ...g link aggregation 1 Configure the IRF fabric Create three dynamic aggregation groups 1 2 and 3 IRF system view IRF interface bridge aggregation 1 IRF Bridge Aggregation1 link aggregation mode dynamic...

Страница 150: ...IRF interface GigabitEthernet 1 0 3 IRF GigabitEthernet1 0 3 port link aggregation group 3 IRF GigabitEthernet1 0 3 quit IRF interface GigabitEthernet 2 0 3 IRF GigabitEthernet2 0 3 port link aggrega...

Страница 151: ...tion mode dynamic SwitchB Bridge Aggregation3 quit Add ports GigabitEthernet 1 0 1 GigabitEthernet 1 0 2 and GigabitEthernet 1 0 3 that connect to IRF member switches to aggregation group 3 correspond...

Страница 152: ...al The output shows that all IRF member switches are in normal state 2 Check whether the current system software images on IRF member switches are the same If not the ISSU upgrade cannot be performed...

Страница 153: ...of each IRF member switch If not the ISSU upgrade cannot be performed Verify whether the new system software image soft version2 bin has been saved to the Flash of the master IRF dir Directory of fla...

Страница 154: ...ved the current configuration to mainboard device successfully Slot 2 Save next configuration file successfully Slot 3 Save next configuration file successfully Configuration is saved to device succes...

Страница 155: ...up boot app is flash Slot 2 The current boot app is flash soft version2 bin The main boot app is flash soft version2 bin The backup boot app is flash Slot 3 The current boot app is flash soft version1...

Страница 156: ...ill coexist after the new master the slave switch specified with the issu load command is rebooted causing network faults Upgrade the specified slave switch the new master after the upgrade which is s...

Страница 157: ...The main boot app is flash soft version2 bin The backup boot app is flash Slot 3 The current boot app is flash soft version2 bin The main boot app is flash soft version2 bin The backup boot app is fl...

Страница 158: ...t on the network Network management depends on an accurate system time setting because the timestamps of system messages and logs use the system time In a small sized network you can manually set the...

Страница 159: ...summer offset is beyond the daylight saving time range the original system time does not change After you disable the daylight saving setting the system time automatically decreases by summer offset d...

Страница 160: ...ck zone offset outside the daylight saving time range Original system clock zone offset summer offset clock timezone zone time add 1 clock summer time ss one off 1 00 2005 1 1 1 00 2005 8 8 2 System c...

Страница 161: ...em view Set the time zone clock timezone zone name add minus zone offset Optional Universal time coordinated UTC time zone by default Set a daylight saving time scheme Set a non recurring scheme clock...

Страница 162: ...CLI Message input modes The system supports single line input and multiple line input for configuring a banner 1 Single line input In single line input mode all banner information is input in the sam...

Страница 163: ...ollowing commands System system view System header shell AHave a nice day Please input banner content and quit with the character A System prompt Please input the Password A Configuration procedure Fo...

Страница 164: ...the startup configuration file and the main system software image file If the main system software image file has been corrupted or does not exist the device cannot reboot You must re specify a main s...

Страница 165: ...uts an empty character string when there is no default character string Job configuration approaches You can configure jobs in a non modular or modular approach Use the non modular approach for a one...

Страница 166: ...nterface view and Vlan interfacex for VLAN interface view The time ID time id must be unique in a job If two time and command bindings have the same time ID the one configured last takes effect Schedu...

Страница 167: ...u can disable Boot ROM access so the users can access only the CLI You can also set a Boot ROM password the first time you access the Boot menu to protect the Boot ROM To view Boot ROM accessibility s...

Страница 168: ...ort or you press the Mode button the device automatically switches to the wake up status so that you can check the LED statuses When the device is in wake up status if no data is being exchanged on th...

Страница 169: ...the event and outputs a log message and a trap When the device temperature reaches the alarming threshold the device logs the event and outputs a log message and a trap repeatedly Follow these steps...

Страница 170: ...l to make a confirmation within 30 seconds or enter N to cancel the operation Verifying and diagnosing transceiver modules NOTE Support for the pluggable transceivers and the transceiver type depends...

Страница 171: ...unning data for multiple modules The display diagnostic information command equals this set of commands display clock display version display device and display current configuration To do Use the com...

Страница 172: ...xpression Available in any view Display power module information display power slot slot number power id begin exclude include regular expression Available in any view Display the mode of the last reb...

Страница 173: ...tion file name TFTP server IP address and DNS server IP address to the device TFTP server Saves files needed in automatic configuration The device gets the files needed from the TFTP server such as th...

Страница 174: ...erver and the configuration file name 2 After getting related parameters the device sends a TFTP request to obtain the configuration file from the specified TFTP server and executes the configuration...

Страница 175: ...mmand Reference The temporary configuration is removed by executing the corresponding undo commands For more information about DHCP see Layer 3 IP Services Configuration Guide Principles for selecting...

Страница 176: ...iguration The configuration file specified by the Option 67 or file field in the DHCP response The host name file which is named network cfg The host name file stores mappings between IP addresses and...

Страница 177: ...ts host name it requests the configuration file with the same name from the TFTP server If all the above operations fail the device requests the default configuration file from the TFTP server TFTP re...

Страница 178: ...ce to a unicast packet and forward the unicast packet to the specified TFTP server For more information about UDP Helper see Layer 3 IP Services Configuration Guide Executing the configuration file Af...

Страница 179: ...vilege and command levels 14 Controlling the CLI display 10 Current network status and requirements analysis 137 D Deleting a startup configuration file 1 13 Device management overview 147 Device soft...

Страница 180: ...grade configuration examples 126 Software upgrade methods 1 16 Software upgrade through a system reboot 1 17 Specifying a startup configuration file 1 13 T TFTP client configuration example 97 TFTP ov...

Результаты поиска

Содержание S5500-HI Switch Series

Отзывы:

Похожие инструкции для S5500-HI Switch Series

Бренды по названию

Популярные бренды

H3C S5500-HI Switch Series, Руководство по базовой конфигурации

Результаты поиска

Содержание S5500-HI Switch Series

Отзывы:

Похожие инструкции для S5500-HI Switch Series

Бренды по названию

Популярные бренды