Professional Documents
Culture Documents
No part of this manual may be reproduced or transmitted in any form or by any means without prior
written consent of Hangzhou H3C Technologies Co., Ltd.
Trademarks
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Preface
The H3C SR8800 documentation set includes 13 configuration guides, which describe the software
features for the H3C SR8800 10G Core Routers and guide you through the software configuration
procedures. These configuration guides also provide configuration examples to help you apply software
features to different network scenarios.
The Fundamentals Configuration Guide tells you how to log in to the router, use the command-line
interface (CLI), manage files with FTP and TFTP, upgrade software, and manage the router.
This preface includes:
• Audience
• Conventions
• About the H3C SR8800 documentation set
• Obtaining documentation
• Technical support
• Documentation feedback
Audience
This documentation is intended for:
• Network planners
• Field technical support and servicing engineers
• Network administrators working with the SR8800
Conventions
This section describes the conventions used in this documentation set.
Command conventions
Convention Description
Boldface Bold text represents commands and keywords that you enter literally as shown.
Italic Italic text represents arguments that you replace with actual values.
[] Square brackets enclose syntax choices (keywords or arguments) that are optional.
Braces enclose a set of required syntax choices separated by vertical bars, from which
{ x | y | ... }
you select one.
Square brackets enclose a set of optional syntax choices separated by vertical bars, from
[ x | y | ... ]
which you select one or none.
Asterisk marked braces enclose a set of required syntax choices separated by vertical
{ x | y | ... } *
bars, from which you select at least one.
Asterisk marked square brackets enclose optional syntax choices separated by vertical
[ x | y | ... ] *
bars, from which you select one choice, multiple choices, or none.
Convention Description
The argument or keyword and argument combination before the ampersand (&) sign can
&<1-n>
be entered 1 to n times.
GUI conventions
Convention Description
Window names, button names, field names, and menu items are in Boldface. For
Boldface
example, the New User window appears; click OK.
> Multi-level menus are separated by angle brackets. For example, File > Create > Folder.
Symbols
Convention Description
An alert that calls attention to important information that if not understood or followed can
WARNING result in personal injury.
An alert that calls attention to important information that if not understood or followed can
CAUTION result in data loss, data corruption, or damage to hardware or software.
Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports
Layer 2 forwarding and other Layer 2 features.
Obtaining documentation
You can access the most up-to-date H3C product documentation on the World Wide Web
at http://www.h3c.com.
Click the links on the top navigation bar to obtain different categories of product documentation:
[Technical Support & Documents > Technical Documents] – Provides hardware installation, software
upgrading, and software feature configuration and maintenance documentation.
[Products & Solutions] – Provides information about products and technologies, as well as solutions.
[Technical Support & Documents > Software Download] – Provides the documentation released with the
software version.
Technical support
service@h3c.com
http://www.h3c.com
Documentation feedback
You can e-mail your comments about product documentation to info@h3c.com.
We appreciate your comments.
Contents
i
Configurations on the administrator side ············································································································ 36
Configurations on the router ································································································································ 36
Setting up a configuration environment ·············································································································· 37
ii
Naming rules for a storage medium ··················································································································· 70
Filename formats ··················································································································································· 70
Managing directories ···················································································································································· 71
Displaying directory information ························································································································· 71
Displaying the current working directory ············································································································ 71
Changing the current working directory ············································································································· 71
Creating a directory ·············································································································································· 72
Removing a directory ············································································································································ 72
Managing files ······························································································································································· 72
Displaying file information ··································································································································· 72
Displaying the contents of a file··························································································································· 72
Renaming a file······················································································································································ 73
Copying a file ························································································································································ 73
Moving a file·························································································································································· 73
Deleting a file························································································································································· 73
Restoring a file from the recycle bin ···················································································································· 73
Emptying the recycle bin ······································································································································ 74
Computing the digest of a specified file ············································································································· 74
Performing batch operations ········································································································································· 74
Managing storage media ············································································································································· 74
Naming rules ························································································································································· 75
Memory space management································································································································ 75
Mounting and unmounting a storage medium ··································································································· 76
Partitioning a storage medium ····························································································································· 77
Setting the file system operation mode ························································································································ 77
File system management examples ······························································································································ 78
iii
BootWare submenus ············································································································································· 92
Using TFTP/FTP through Ethernet port ················································································································· 93
Using Xmodem through console port ·················································································································· 94
Upgrading the BootWare program at the CLI ············································································································ 99
Upgrading the system boot file at the CLI ··················································································································· 99
Specifying a boot file to be used at the next boot ····························································································· 99
Upgrading the boot file for the standby MPU ·································································································· 100
Upgrading software through hotfix ···························································································································· 100
Basic concepts in hotfix ······································································································································ 100
Patch state ···························································································································································· 101
Hotfix configuration task list ········································································································································ 104
Configuration prerequisites ································································································································ 104
Installing a patch in one step ····························································································································· 105
Installing a patch step-by-step ···························································································································· 106
Uninstalling all patches in one step ··················································································································· 108
Uninstalling a patch step-by-step ······················································································································· 108
Upgrading clock card·················································································································································· 109
Upgrading card logic ·················································································································································· 109
Displaying and maintaining software upgrade configuration ················································································ 109
Software upgrade configuration examples ··············································································································· 110
Remote upgrade configuration example··········································································································· 110
Hotfix configuration example ····························································································································· 111
iv
Verifying and diagnosing transceiver modules ········································································································ 131
Introduction to transceiver modules ··················································································································· 131
Verifying pluggable transceivers ······················································································································· 131
Diagnosing transceiver modules ························································································································ 132
Displaying and maintaining device management ···································································································· 132
v
Using the CLI
What is CLI?
The command-line interface (CLI) enables you to interact with your device by entering text commands. At
the CLI, you can instruct your device to perform a given task by entering a text command and then
pressing Enter. Compared with the graphical user interface (GUI) where you use a mouse to perform
configurations, the CLI allows you to input more information in one command line.
Figure 1 CLI example
NOTE:
The information on the router may vary with device model.
Command conventions
Command conventions help you understand command meanings. Commands in product manuals
comply with the conventions listed in Table 1.
Table 1 Command conventions
Convention Description
Boldface Bold text represents commands and keywords that you enter literally as shown.
Italic Italic text represents arguments that you replace with actual values.
[] Square brackets enclose syntax choices (keywords or arguments) that are optional.
Braces enclose a set of required syntax choices separated by vertical bars, from which
{ x | y | ... }
you select one.
Square brackets enclose a set of optional syntax choices separated by vertical bars, from
[ x | y | ... ]
which you select one or none.
Asterisk marked braces enclose a set of required syntax choices separated by vertical
{ x | y | ... } *
bars, from which you select at least one.
1
Convention Description
Asterisk marked square brackets enclose optional syntax choices separated by vertical
[ x | y | ... ] *
bars, from which you select one choice, multiple choices, or none.
The argument or keyword and argument combination before the ampersand (&) sign can
&<1-n>
be entered 1 to n times.
NOTE:
The keywords of command lines are case insensitive.
Take the clock datetime time date command as an example to understand the meaning of the command
line parameters according to Table 1.
Figure 2 Understanding command line parameters
For example, you can type the following command line at the CLI of your device and press Enter to set
the device system time to 10 o’clock 30 minutes 20 seconds, February 23, 2010.
<Sysname> clock datetime 10:30:20 2/23/2010
You can read any command that is more complicated according to Table 1.
CLI views
CLI view introduction
Commands are grouped into different classes by function. To use a command, you must enter the class
view of the command.
CLI views adopt a hierarchical structure, as shown in Figure 3.
• After logging in to the switch, you are in user view. The prompt of user view is <device name>. In
user view, you can perform display, debugging, and file management operations, set the system
time, restart your device, and perform FTP and Telnet operations. To change the device name, use
2
the sysname command. For information about this command, see Fundamentals Command
Reference.
• You can enter system view from user view. In system view, you can configure parameters such as
daylight saving time, banners, and short-cut keys.
• From system view, you can enter different function views. For example, enter interface view to
configure interface parameters, create a VLAN and enter its view, enter user interface view to
configure login user attributes, create a local user and enter local user view to configure the
password and level of the local user.
NOTE:
Enter ? in any view to display all the commands that can be executed in this view.
……
3
To exit the current view:
NOTE:
• The quit command in user view terminates the current connection between the terminal and the device.
• In public key code view, use the public-key-code end command to return to the parent view (public key
view). In public key view, use the peer-public-key end command to return to system view.
4
If ? is at the position of an argument, the CLI displays a description about this argument. For
example:
<Sysname> system-view
[Sysname] interface vlan-interface ?
<1-4094> VLAN interface number
[Sysname] interface vlan-interface 1 ?
<cr>
[Sysname] interface vlan-interface 1
The string <cr> indicates that the command is a complete command, and you can execute the
command by pressing Enter.
3. If you enter an incomplete character string followed by a ?, the CLI displays all commands starting
with the typed character(s).
<Sysname> f?
fdisk
fixdisk
format
free
ftp
Entering commands
Editing command lines
Table 2 lists some shortcut keys you can use to edit command lines.
Table 2 Editing functions
Key Function
If the edit buffer is not full, pressing a common key inserts the character at the
Common keys
position of the cursor and moves the cursor to the right.
Deletes the character to the left of the cursor and moves the cursor back one
Backspace
character.
Left arrow key or Ctrl+B The cursor moves one character space to the left.
Right arrow key or Ctrl+F The cursor moves one character space to the right.
5
Key Function
If you press Tab after entering part of a keyword, the system automatically
completes the keyword:
• If finding a unique match, the system substitutes the complete keyword for
the incomplete one and displays it in the next line.
Tab
• If there is more than one match, you can press Tab repeatedly to display
in cycles all the keywords starting with the character string that you typed.
• If there is no match, the system does not modify the incomplete keyword
and displays it again in the next line.
Configuration guide
• When you define a keyword alias, you must enter the cmdkey and alias arguments in their complete
form.
• When you enter a keyword alias, the system displays and saves the keyword instead of its alias.
• When you press Tab after entering part of an alias, the keyword is displayed.
• If you enter a string that partially matches a keyword and an alias, the command indicated by the
alias is executed. To execute the command indicated by the keyword, enter the complete keyword.
• When you enter a string that partially matches multiple aliases, the system gives you prompts.
• You can substitute an alias for only the first keyword of a non-undo command or the second
keyword of an undo command.
Configuration procedure
To configure command keyword aliases:
6
Step Command Remarks
3. Configure a command command-alias mapping cmdkey
keyword alias. Not configured by default.
alias
Optional.
hotkey { CTRL_G | CTRL_L |
5. Configure CLI hotkeys. CTRL_O | CTRL_T | CTRL_U } The Ctrl+G, Ctrl+L and Ctrl+O
command hotkeys are specified at the CLI by
default.
NOTE:
By default, the Ctrl+G, Ctrl+L and Ctrl+O hotkeys are associated with pre-defined commands and the
Ctrl+T and Ctrl+U hotkeys are not.
• Ctrl+G corresponds to the display current-configuration command.
• Ctrl+L corresponds to the display ip routing-table command.
• Ctrl+O corresponds to the undo debugging all command.
Hotkey Function
Ctrl+A Moves the cursor to the beginning of the current line.
Ctrl+W Deletes all the characters in a continuous string to the left of the cursor.
7
Hotkey Function
Ctrl+Y Deletes all the characters to the right of the cursor.
Esc+B Moves the cursor to the leading character of the continuous string to the left.
Deletes all the characters of the continuous string at the current cursor position and
Esc+D
to the right of the cursor.
Esc+F Moves the cursor to the front of the next continuous string to the right.
Esc+N Moves the cursor down by one line (available before you press Enter)
Esc+P Moves the cursor up by one line (available before you press Enter)
NOTE:
The hotkeys in the table above are defined by the switch. If the same hotkeys are defined by the terminal
software that you use to interact with the switch, the hotkeys defined by the terminal software take effect.
NOTE:
For more information about the info-center synchronous command, see Network Management and
Monitoring Command Reference.
8
Table 4 Common command-line error messages
% Unrecognized command found at '^' position. The command was not found.
NOTE:
You can use arrow keys to access history commands in Windows 200X and XP Terminal or Telnet.
However, in Windows 9X HyperTerminal, you need to use Ctrl+P or Ctrl+N, because they are defined
differently and the up and down arrow keys are invalid.
• The commands saved in the history command buffer are in the same format in which you typed the
commands. If you enter an incomplete command, the command saved in the history command
buffer is also incomplete.
• If you execute the same command repeatedly, the switch saves the earliest record. However, if you
execute the same command in different formats, the system saves them as different commands. For
example, if you execute the display cu command repeatedly, the system saves only one command
in the history command buffer. If you execute the command in the format of display cu and display
current-configuration respectively, the system saves them as two commands.
• By default, the CLI can save up to 10 commands for each user. To set the capacity of the history
command buffer for the current user interface, use the history-command max-size command. (For
more information about the history-command max-size command, see Fundamentals Command
Reference.
9
Step Command Remarks
1. Enter system view. system-view N/A
user-interface { first-num1
2. Enter user interface view. [ last-num1 ] | { aux | console | tty N/A
| vty } first-num2 [ last-num2 ] }
NOTE:
For more information about the user-interface and history-command max-size commands, see
Fundamentals Command Reference.
Keys Function
Space Displays the next screen.
10
Task Command Remarks
By default, a login user uses the
settings of the screen-length
command. The default settings of the
screen-length command are:
pausing between screens of output
Disable pausing between screens is enabled and up to 24 lines are
screen-length disable displayed on the next screen.
of output for the current session.
This command is executed in user
view, and takes effect for the current
session only. When you relogs into
the switch, the default configuration
is restored.
Ending sign. string appears only at For example, regular expression "user$” only
string$
the end of a line. matches a string ending with “user”, not “userA”.
11
Character Meaning Remarks
Matches the preceding or For example, “def|int” only matches a character
|
succeeding character string string containing “def” or “int”.
Matches a character string starting For example, “\<do” matches word “domain” and
\<string
with string. string “doa”.
Matches a character string ending For example, “do\>” matches word “undo” and
string\>
with string. string “abcdo”.
Matches character1character2.
For example, “\ba” matches “-a” with “-“ being
character1 can be any character
\bcharacter2 character1, and “a” being character2, but it does
except number, letter or underline,
not match “2a” or “ba”.
and \b equals [^A-Za-z0-9_].
12
Character Meaning Remarks
Matches a string containing
For example, “\Bt” matches “t” in “install”, but not
\Bcharacter character, and no space is allowed
“t” in “big top”.
before character.
Matches character1character2.
For example, “v\w” matches “vlan”, with “v” being
character2 must be a number, letter,
character1\w character1, and “l” being character2. v\w also
or underline, and \w equals
matches “service”, with “i” being character2.
[^A-Za-z0-9_].
13
Configuring user privilege and command levels
Introduction
To avoid unauthorized access, the switch defines user privilege levels and command levels. User privilege
levels correspond to command levels. When a user at a specific privilege level logs in, the user can only
use commands at that level, or lower levels.
All the commands are categorized into four levels: visit, monitor, system, and manage, and are identified
from low to high, respectively by 0 through 3. Table 7 describes the command levels.
Table 7 Default command levels
Involves commands that influence the basic operation of the system and
commands for configuring system support modules.
3 Manage By default, commands at this level involve the configuration commands of file
system, FTP, TFTP, Xmodem download, user management, level setting, and
parameter settings within a system (which are not defined by any protocols or
RFCs).
14
Step Command Remarks
user-interface { first-num1
2. Enter user interface view. [ last-num1 ] | { aux | console | N/A
vty } first-num2 [ last-num2 ] }
Example for configuring the user privilege level by using AAA authentication parameters
# You are required to authenticate the users that telnet to the switch through VTY 1, verify their
username and password, and specify the user privilege level as 3.
<Sysname> system-view
[Sysname] user-interface vty 1
[Sysname-ui-vty1] authentication-mode scheme
[Sysname-ui-vty1] quit
[Sysname] local-user test
[Sysname-luser-test] password cipher 12345678
[Sysname-luser-test] service-type telnet
When users telnet to the switch through VTY 1, they must enter username test and password
12345678. After passing the authentication, the users can only use the commands of level 0. If the
users want to use commands of levels 0, 1, 2 and 3, the following configuration is required:
[Sysname-luser-test] authorization-attribute level 3
15
• If the authentication mode of a user interface is none or password, the user privilege level of users
logging into the user interface is the user interface level.
To configure the user privilege level under a user interface (SSH publickey authentication type):
user-interface { first-num1
3. Enter user interface view. [ last-num1 ] | vty first-num2 N/A
[ last-num2 ] }
4. Configure the authentication By default, the authentication
mode for any user that uses mode for VTY and AUX users is
the current user interface to authentication-mode scheme
password, and no authentication is
log in to the switch. needed for console and TTY users.
Optional.
5. Configure the privilege level By default, the user privilege level
for users that log in through user privilege level level for users logged in through the
the current user interface. console user interface is 3, and
that for users logged in through the
other user interfaces is 0.
To configure the user privilege level under a user interface (none or password authentication mode):
user-interface { first-num1
2. Enter user interface view. [ last-num1 ] | { aux | console | tty N/A
| vty } first-num2 [ last-num2 ] }
Optional.
3. Configure the authentication By default, the authentication
mode for any user that uses authentication-mode { none | mode for VTY and AUX user
the current user interface to password } interfaces is password, and no
log in to the switch. authentication is needed for
console and TTY login users.
Optional.
4. Configure the privilege level By default, the user privilege level
of users logged in through the user privilege level level for users logged in through the
current user interface. console user interface is 3, and
that for users logged in through the
other user interfaces is 0.
16
Example for configuring the user privilege level under a user interface
# Display the commands that a Telnet user can use after login by default.
<Sysname> ?
User view commands:
display Display current system information
ping Ping function
quit Exit from current command view
ssh2 Establish a secure shell client connection
super Set the current user priority level
telnet Establish one TELNET connection
# Configure the switch to perform no authentication for Telnet users, and to authorize
authenticated Telnet users to use the commands of privilege levels 0 and 1. (Use no authentication
mode only in a secure network environment.)
<Sysname> system-view
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] authentication-mode none
[Sysname-ui-vty0-4] user privilege level 1
# Display the commands that a Telnet user can use after login. Because the user privilege level is
1, a Telnet user can use more commands now.
<Sysname> ?
User view commands:
debugging Enable system debugging functions
dialer Dialer disconnect
graceful-restart Graceful restart
ipc Interprocess communication
oap Open application platform operation
ping Ping function
quit Exit from current command view
refresh Do soft reset
reset Reset operation
screen-length Specify the lines displayed on one screen
send Send information to other user terminal interface
ssh2 Establish a secure shell client connection
super Set the current user priority level
telnet Establish one TELNET connection
terminal Set the terminal line characteristics
tracert Trace route function
undo Cancel current setting
# Configure the switch to perform password authentication for Telnet users, and to authorize
authenticated Telnet users to use the commands of privilege levels 0, 1. and 2.
<Sysname> system-view
[Sysname] user-interface vty 0 4
[Sysname-ui-vty1] authentication-mode password
[Sysname-ui-vty0-4] set authentication password cipher 12345678
[Sysname-ui-vty0-4] user privilege level 2
After the configuration, when users telnet to the switch, they need to input the password 12345678.
After passing authentication, they can use commands of levels 0, 1, and 2.
17
NOTE:
• For more information about user interfaces, see the chapter “Logging in to the CLI.” For more
information about the user-interface, authentication-mode, and user privilege level commands, see
Fundamentals Command Reference.
• For more information about AAA authentication, see Security Configuration Guide. For more
information about the local-user and authorization-attribute commands, see Security Command
Reference.
• For more information about SSH, see Security Configuration Guide.
Authentication
Meaning Description
mode
The switch authenticates a user by using the privilege level switching
Local password password input by the user.
local
authentication When this mode is applied, you need to set the password for
privilege level switching with the super password command.
The switch sends the username and password for privilege level
switching to the HWTACACS or RADIUS server for remote
authentication.
Remote AAA When this mode is applied, you need to perform the following
authentication configurations:
scheme through
• Configure HWTACACS or RADIUS scheme and reference the
HWTACACS or
created scheme in the ISP domain. For more information, see
RADIUS
Security Configuration Guide.
• Create the corresponding user and configure password on the
HWTACACS or RADIUS server.
18
Authentication
Meaning Description
mode
Performs the local
The switch authenticates a user by using the local password first,
password
and if no password for privilege level switching is set, for the user
authentication first
local scheme logged in from the console port, the privilege level is switched
and then the
directly; for the user logged in from any of the AUX, TTY, or VTY user
remote AAA
interfaces, the AAA authentication is performed.
authentication
Performs remote
AAA AAA authentication is performed first, and if the remote
authentication first HWTACACS or RADIUS server does not respond or AAA
scheme local
and then the local configuration on the switch is invalid, the local password
password authentication is performed.
authentication
CAUTION:
• If no user privilege level is specified when you configure the password for switching the user privilege
level with the super password command, the user privilege level defaults to 3.
• If you specify the simple keyword, the password is saved in the configuration file in plain text, which is
easy to be stolen. If you specify the cipher keyword, the password is saved in the configuration file in
cipher text, which is safer.
• If the user logs in from the console user interface (the console port or the AUX port used as the console
port), the privilege level can be switched to a higher level, although the authentication mode is local,
and no user privilege level password is configured.
19
When you switch the user privilege level, the information you must provide varies with combinations of
the user interface authentication mode and the super authentication mode.
Table 8 Information input for user privilege level switching
CAUTION:
• When the authentication mode is set to local, configure the local password before switching to a higher
user privilege level.
• When the authentication mode is set to scheme, configure AAA related parameters before switching to
a higher user privilege level.
• The privilege level switching fails after three consecutive unsuccessful password attempts.
• For more information about user interface authentication, see the chapter “Configuring user interfaces.”
20
Modifying the level of a command
All the commands in a view default to different levels. The administrator can change the default level of
a command to a lower level or a higher level as needed.
To modify the command level:
CAUTION:
H3C recommends you to use the default command level or modify the command level under the guidance
of professional staff. An improper change of the command level may bring inconvenience to your
maintenance and operation, or even potential security problems.
21
Logging in to the CLI
Login methods
You can enter the CLI of your router in the following ways to configure and manage your router.
Table 9 Login methods
By default, you cannot log in to your router through the AUX port. To
do so, log in to your router through the console port, and complete the
following configurations:
Logging in through the AUX port • Configure the authentication mode of AUX login users (password
by default).
• Configure the user privilege level of AUX login users (0 by default).
By default, you cannot log in to your router through SSH. To do so, log
in to your router through the console port, and complete the following
configurations:
• Enable the SSH server function of your router. By default, the SSH
server function is disabled.
• Configure the IP address of the network management port or VLAN
Logging in through SSH interface of your router, and make sure that your router and the
SSH client can reach each other (by default, your router does not
have an IP address.).
• Configure the authentication mode of VTY login users as scheme
(password by default).
• Configure the user privilege level of VTY login users (0 by default).
22
Login method Default settings
By default, you cannot log in to your router by using modems through
the AUX port. To do so, log in to your router through the console port,
and complete the following configurations:
Logging in through the AUX port by
using modems • Configure the authentication mode of AUX login users (password
by default).
• Configure the user privilege level of AUX login users (0 by default).
Setting Default
Bits per second 9600 bps
Parity None
Stop bits 1
Data bits 8
Configuration procedure
1. As shown in Figure 4, use the console cable shipped with the router to connect the serial port of the
PC or terminal to the console port of your router.
Figure 4 Setting up a configuration environment
23
NOTE:
On Windows 2003 Server operating system, add the HyperTerminal program first, and then log in to and
manage the device as described in this document. On Windows 2008 Server, Windows 7, Windows
Vista, or some other operating system, obtain a third party terminal control program first, and follow the
user guide or online help of that program to log in to the device.
24
Figure 7 Setting the properties of the serial port
3. Power on the router. You are prompted to press Enter if the router successfully completes the
power-on self test (POST). The following prompt appears when you press Enter:
<Sysname>
#May 24 09:27:29:947 2010 R5 SHELL/4/LOGIN:
Trap 1.3.6.1.4.1.25506.2.2.1.1.3.0.1<hh3cLogIn>: login from Console
%May 24 09:27:29:947 2010 R5 SHELL/5/SHELL_LOGIN: Console logged in from con0.
<Sysname>
4. Execute commands to configure the router or check the running status of the router. To get help,
enter ?.
After the steps above, you can enter the CLI to configure and manage your router. By default, users
that log in from the console port are not authenticated. For security, you are recommended to
change the authentication mode of the console port. The following describes how to configure
password authentication.
<Sysname> system-view
[Sysname]user-interface console 0
[Sysname-ui-console0]authentication-mode password
[Sysname-ui-console0]set authentication password cipher 123
After the configuration above, when users log in from the console port, they must enter
authentication password 123 to pass authentication and then log in to the router.
25
NOTE:
• You can set the authentication mode of console login users as to none or scheme (username and
password authentication). For more information about authentication modes, see “Configuring the
authentication mode.”
• When users log in from the console port, you can also set other login parameters besides the
authentication mode. For more information, see “Configuring asynchronous serial interface
attributes“ and “Configuring terminal attributes.”
NOTE:
When users log in to the router through the AUX port, they can only access commands with the command
level 0 by default. For more information about command levels, see “Configuring user privilege level
under a user interface.”
Setting Default
Bits per second 9,600 bps
Parity None
Stop bits 1
Data bits 8
26
Configuration procedure
1. As shown in Figure 8, use a console cable to connect the serial port of your PC (or terminal) to the
AUX port of your router.
Figure 8 Setting up a configuration environment
NOTE:
On Windows 2003 Server operating system, you need to add the HyperTerminal program first, and then
log in to and manage the device as described in this document. On Windows 2008 Server, Windows 7,
Windows Vista, or some other operating system, you need to obtain a third party terminal control
program first, and follow the user guide or online help of that program to log in to the device.
27
Figure 10 Specifying the serial port used to establish the connection
3. Power on the router. You are prompted to press Enter if the router successfully completes POST.
After you press Enter, a prompt, such as <sysname> (assuming that the router name is sysname),
is displayed.
<sysname>
4. Execute commands to configure the router or check the running status of the router. To get help,
enter ?.
28
After the steps above, you can enter the CLI to configure and manage the router.
Router Requirement
• Configure the IP address of the network management or Ethernet interface
of the router, make sure that the router and the Telnet client can reach each
other.
Router • Enable the Telnet server by executing the telnet server enable command in
system view.
Configure the authentication mode for Telnet login. (For more information, see
“Configuring the authentication mode.”
IMPORTANT:
You can also telnet to your router through a service port.
a. Set up a configuration environment through the console port. As shown in Figure 12, use a
console cable to connect the serial port of the PC to the console port of your router.
Figure 12 Setting up a configuration environment
29
a. Launch a terminal emulation program, such as HyperTerminal in Windows XP or Windows
2000. Set the terminal parameters in this way: set Bits per second to 9600, Data bits to 8,
Parity to None, Stop bits to 1, and Flow control to None.
b. Power on the router. You are prompted to press Enter if the router successfully completes POST.
A prompt appears after you press Enter, as shown in Figure 13.
Figure 13 Configuration page
a. To configure the network management port of the router as 202.38.160.92/24, execute the
following commands on the hyper terminal:
<Sysname> system-view
[Sysname] interface M-Ethernet 0/0/0
[Sysname-M-Ethernet0/0/0] ip address 202.38.160.92 255.255.255.0
IMPORTANT:
If you Telnet to your router through its service port, configure the IP address of VLAN-interface 1 as
202.38.160.92/24 because the service port belongs to VLAN 1 by default.
2. Before telnetting to your router, perform necessary configurations on your router according to
different authentication modes. For more information, see “Configuring the authentication mode.”
3. Set up a configuration environment as shown in Figure 14: Connect the Ethernet port of the PC to
the network management port of your router. Make sure that the PC and router can reach each
other.
30
Figure 14 Setting up a configuration environment
4. Run the Telnet program on the PC, and enter the IP address of the management port of the router,
as shown in Figure 15.
Figure 15 Running the Telnet program
5. If the authentication mode is password, the terminal displays “Login authentication”, and prompts
you to enter the configured login password. If your password is correct, a command line prompt
(for example, <Sysname>) is displayed. If “All user interfaces are used, please try later!” appears,
try again later.
6. Execute commands to configure the router, or check the running status of the router. To get help,
enter ?.
NOTE:
• When configuring your router through Telnet, do not delete or change the IP address of the network
management port or VLAN interface corresponding to the Telnet connection. Otherwise, the Telnet
connection may be terminated.
• Users that Telnet to the router can only execute command with level 0 by default. For more information
about command levels, see “Configuring user privilege level under a user interface.”
31
configure their IP addresses to be in the same segment, or make sure that the two routers can reach each
other.
Set up a configuration environment as shown in Figure 16. After you log in to the Telnet client, you can
execute the telnet command to log in to the Telnet server to configure and manage the server.
Figure 16 Telnetting from a router to another router
4. After login, a prompt appears (for example, <Sysname>). If the “All user interfaces are used,
please try later!” message is displayed, try again later.
5. Execute corresponding commands to configure the router, or check the running status of the router.
To get help, enter ?.
32
Logging in through SSH
Introduction
Secure Shell (SSH) offers an approach to log in to a remote device securely. By providing encryption and
strong authentication, SSH protects devices against malicious attacks such as IP spoofing and plain text
password interception. The router supports SSH, and you can log in to the switch through SSH to remotely
manage and maintain the router, as shown in Figure 17.
Figure 17 SSH login diagram
Object Requirements
Configure the IP address of the SSH server, and make sure the SSH server and
SSH server client can reach each other.
Configuration procedure
To configure the router that serves as an SSH server:
33
Step Command Remarks
10. Set the local password. password { cipher | simple } By default, no local password is
password set.
Optional.
15. Configure common settings
for VTY user interfaces. N/A See “Configuring terminal
attributes.”
NOTE:
• Login procedures from an SSH client to the router (SSH server) depend on the model of the device that
serves as the SSH client. For more information, see the user guide of the device that serves as the SSH
client.
• For more information about SSH, see Security Configuration Guide.
34
Figure 18 Logging in to another device from the current device
NOTE:
If the Telnet client and the Telnet server are not in the same subnet, make sure that the two devices can
reach each other.
Configuration procedure
To configure the SSH client to log in to the SSH server:
NOTE:
You can configure other settings for the router (SSH client) to work with the SSH server. For more
information, see Security Configuration Guide.
35
To ensure a successful remote login to a router through the AUX port, perform necessary configurations
at both the router side and administrator side.
Table 13 Requirements on remote login through AUX port by using modem
Router Requirement
The PC is correctly connected to the modem.
Authentication modes are configured on the remote router. For more information,
see “Configuring the authentication mode.”
NOTE:
The configuration commands and the output for different modems may be different. For more information,
see the user guide of your modem.
36
• The transmission speed on the AUX port is lower than that of the modem. Otherwise, packets may
be lost.
• Other attributes, such as parity check, stop bits, and data bits, of the AUX port are set to the default
values.
Modem
Telephone cable
IP network
Remote telephone
number: 12345678
4. On the PC, dial a number of the modem that is connected to the router to establish a connection
with the router, as shown in Figure 20 through Figure 22.
37
Figure 20 Connection Description
38
Figure 22 Dialing the number on the remote PC
5. If the authentication mode is password, a prompt (for example, sysname) appears when you enter
the configured password on the remote terminal. Then you can configure or manage the router. To
get help, enter ?.
39
Configuring user interfaces
40
automatically assigns an idle user interface with the smallest number to the user based on the login
method. During login, the configuration in the user interface view takes effect. The user interface varies
depending on the login method and login time.
Absolute numbering
Absolute numbering identifies a user interface or a group of different types of user interfaces. The
specified user interfaces are numbered from 0 with a step of 1 in this sequence: console, AUX, and VTY
user interfaces. You can use the display user-interface command without any parameters to view
supported user interfaces and their absolute numbers.
Relative numbering
Relative numbering enables you to specify a user interface or a group of user interfaces of a specific type.
The number is valid only when used under that type of user interface. It is invalid when used under any
other type of user interface.
Relative numbering numbers a user interface in the form of “user interface type + number”. The rules of
relative numbering are as follows:
• Console ports are numbered from 0 in the ascending order, with a step of 1.
• AUX ports are numbered from 0 in the ascending order, with a step of 1.
• VTYs are numbered from 0 in the ascending order, with a step of 1.
Task Remarks
Configuring asynchronous serial interface attributes Optional
41
Configuring asynchronous serial interface attributes
A serial interface contains the following key attributes:
• Transmission rate—Number of bits that the router transmits to the terminal per second. It measures
the transmission speed. Typically a higher transmission rate is used between closer distances for
communication.
• Data bits—Number of bits representing one character. The setting depends on the contexts to be
transmitted, For example, you can set it to 7 if standard ASCII characters are to be sent; set it to 8
if extended ASCII characters are to be sent.
• Parity check—An error checking technique to detect whether errors occurred in the data
transmission.
• Stop bits—The last bits transmitted in data transmission to unequivocally indicate the end of a
character. The more the bits are, the slower the transmission is.
These attribute settings must be consistent on two user interfaces for communication.
To configure asynchronous attributes of a serial interface:
user-interface { first-num1
2. Enter user interface view. [ last-num1 ] | { aux | console } N/A
first-num2 [ last-num2 ] }
Optional.
4. Configure the data bits for 8 by default.
each character. databits { 5 | 6 | 7 | 8 }
The router does not support data
bits 5 and 6.
Optional.
42
Step Command Remarks
user-interface { first-num1
2. Enter user interface view. [ last-num1 ] | { aux | console | N/A
vty } first-num2 [ last-num2 ] }
Optional.
3. Start the terminal service. shell The terminal service is enabled on
all user interfaces by default.
4. Set the idle-timeout
Optional.
disconnection function for idle-timeout minutes [ seconds ]
terminal users. 10 minutes by default.
Optional.
NOTE:
The system supports two types of terminal display: ANSI and VT100. If the terminal display of the router
and the client (for example, hyper terminal or Telnet terminal) is inconsistent or is set to ANSI, and if the
total number of the characters of the command line that is being used exceeds 80, anomalies such as
cursor corruption or abnormal display of the terminal display may occur on the client. Therefore, you are
recommended to set the display type of both the router and the client to VT100.
43
Step Command Remarks
1. Enter system view. system-view N/A
user-interface { first-num1
2. Enter user interface view. [ last-num1 ] | { aux | vty } N/A
first-num2 [ last-num2 ] }
3. Configure the command to be By default, no command is set to be
automatically executed. auto-execute command command
automatically executed.
The auto-execute command command is not supported by the console port, or the AUX port when the
router has only one AUX port and no console port.
CAUTION:
The auto-execute command command may disable you from configuring the system through the user
interface to which the command is applied. Therefore, before configuring the command and saving the
configuration (by using the save command), make sure that you can access the router by other VTY,
console, or AUX user interfaces to remove the configuration in case a problem occurs.
user-interface { first-num1
2. Enter user interface view. [ last-num1 ] | { aux | console | N/A
vty } first-num2 [ last-num2 ] }
Optional.
3. Configure user’s privilege By default, users logging in
level under the current user user privilege level level through console port have a
interface. privilege level of 3; users logging
in through other user interfaces
have a privilege level of 0.
NOTE:
• For more information about user levels, see the chapter “Using the CLI.”
• The user privilege level can be configured under a user interface or by setting AAA authentication
parameters, and which configuration mode takes effect depends on the authentication mode at user
login. For more information, see the chapter “Using the CLI.”
44
Configuring access control on VTY user interfaces
You can configure access control on the VTY user interface by referencing an ACL. For more information
about ACL, see ACL and QoS Configuration Guide.
To control access to VTY user interfaces:
user-interface { first-num1
2. Enter VTY user interface view. [ last-num1 ] | vty first-num2 N/A
[ last-num2 ] }
• Reference a basic/advanced
ACL:
acl [ ipv6 ] acl-number Use either command.
3. Control access to the VTY user { inbound | outbound }
interface. No access control is set by
• Reference a WLAN/Ethernet default.
frame header ACL:
acl acl-number inbound
user-interface { first-num1
2. Enter VTY user interface view. [ last-num1 ] | vty first-num2 N/A
[ last-num2 ] }
Optional.
3. Configure the supported Support for the pad keyword
protocols on the current user protocol inbound { all | pad | ssh
depends on the router model.
interface. | telnet }
By default, both Telnet and SSH
are supported.
CAUTION:
• If SSH is configured, you must set the authentication mode to scheme by using the authentication-mode
scheme command to guarantee a successful login. The protocol inbound ssh command fails if the
authentication mode is password or none.
• The protocols configured through the protocol inbound command take effect next time you log in
through that user interface.
45
Configuring the authentication mode
Authentication mode under a user interface determines whether to authenticate users that are logging in
through the user interface. The method enhances the security of the router. The router supports
authentication modes of none, password, and scheme.
• none—Requires no username and password when users log in through the specified user interface.
This mode is insecure.
• password—Requires password authentication on users that are logging in through the user
interface. Always set the password for this mode before terminating your current connection. Next
time when a user attempts to use the user interface to log in, an empty or wrong password fails the
login. If no authentication password is set for this mode on the AUX or VTY user interface, no user
can log in, and the system displays "Login password has not been set!" If no password is set on the
console user interface, login without a password is allowed.
• scheme—Requires username and password authentication on users that are logging in through the
user interface. Always set the username and password for this mode before terminating your current
connection. Next time when a user attempts to use the user interface to log in, an empty or wrong
username or password fails the login.
User authentication falls into local authentication and remote authentication. If local authentication is
adopted, configure a local user and the related parameters as shown in the table for configuring
authentication mode as scheme. If remote authentication is adopted, configure username and password
on the remote authentication server. For more information about the user authentication modes and
parameters, see Security Configuration Guide. By default, the router performs local authentication on
users. If you log in to the router through SSH, the rules apply to password authentication only. For more
information about SSH, see Security Configuration Guide.
To configure the authentication mode as none:
user-interface { first-num1
2. Enter user interface view. [ last-num1 ] | { aux | console | N/A
vty } first-num2 [ last-num2 ] }
3. Configure not to authenticate
users that are logging in By default, password is for VTY
through the current user authentication-mode none and AUX logins, and none is for
interface. console logins.
user-interface { first-num1
2. Enter user interface view. [ last-num1 ] | { aux | console | N/A
vty } first-num2 [ last-num2 ] }
46
Step Command Remarks
3. Configure to perform
password authentication on By default, password is for VTY
users that are logging in authentication-mode password and AUX logins, and none is for
through the current user console logins.
interface.
4. Set the local authentication set authentication password No local authentication password
password. { cipher | simple } password is set by default.
user-interface { first-num1
2. Enter user interface view. [ last-num1 ] | { aux | console | N/A
vty } first-num2 [ last-num2 ] }
3. Configure to perform AAA
authentication on users that By default, password is for VTY
are logging in through the authentication-mode scheme and AUX logins, and none is for
current user interface. console logins.
Optional.
By default, users logging in
4. Set the user privilege level. See “Configuring user privilege through the console port have a
level under a user interface.” privilege level of 3; users logging
in through other user interfaces
have a privilege level of 0.
5. Return to system view. quit N/A
6. Set the authentication
username and enter local user No local user is set on the router by
local-user user-name
view. default.
authorization-attribute { acl
acl-number | callback-number Optional.
9. Configure user attributes. callback-number | idle-cut minute By default, FTP/SFTP users can
| level level | user-profile access the router's root directory
profile-name | vlan vlan-id | with the user level 0.
work-directory directory-name } *
NOTE:
For more information about the local-user, password, service-type, and authorization-attribute
commands, see Security Command Reference.
47
Configuring command authorization
By default, command level for a login user depends on the user level. The user is authorized to execute
commands whose default level is not higher than the user level.
If you configure command authorization, the command level for a login user is determined by both the
user level and AAA authorization. If a user executes a command of the corresponding user level, the
authorization server checks whether the command is authorized. If yes, the command can be executed.
To configure command authorization, you must:
1. Configure the authentication mode as scheme, which requires both the username and password
for login authentication.
2. Enable command authorization.
3. Configure an HWTACACS scheme. Specify the IP addresses of the HWTACACS authorization
servers and other related parameters.
4. Configure the ISP domain to use the HWTACACS scheme for command line users. For more
information about HWTACACS configuration, see Security Configuration Guide.
To enable command authorization:
user-interface { first-num1
2. Enter user interface view. [ last-num1 ] | { aux | console | N/A
vty } first-num2 [ last-num2 ] }
48
Step Command Remarks
1. Enter system view. system-view N/A
user-interface { first-num1
2. Enter user interface view. [ last-num1 ] | { aux | console | N/A
vty } first-num2 [ last-num2 ] }
user-interface { first-num1
2. Enter user interface view. [ last-num1 ] | { aux | console | N/A
vty } first-num2 [ last-num2 ] }
Optional.
3. Define a shortcut key for
starting a terminal session. activation-key character Pressing Enter starts the terminal
session by default.
Optional.
4. Define a shortcut key for
aborting a task. escape-key { default | character } By default, the escape key
sequence Ctrl+C is to abort a task.
NOTE:
The activation-key command is not supported on the VTY user interface.
49
Releasing the connection established on user
interfaces
Multiple users can log in to the system to simultaneously configure the router. In some circumstances,
when the administrator wants to make configurations without interruption from the users that have logged
in through other user interfaces, the administrator can execute the following commands to release the
connection established on the specified user interfaces.
To release the connection established on the user interfaces:
NOTE:
You cannot use this command to release the connection that you are using.
50
• Use the RADIUS server to authenticate users who log in through the PSTN, and use local
authentication as the backup.
• Assign different command levels to different types of users.
Figure 23 Network diagram
Configuration procedure
# Assign IP addresses to the interfaces on Device so that Device and Host B can reach each other and
Device and the RADIUS server can reach each other. (Details not shown)
# Enable the Telnet service on Device.
<Sysname> system-view
[Sysname] telnet server enable
# Configure Device to perform no authentication for users logging in through the console port and to
allow the users to use commands of privilege level 3 (all commands).
[Sysname] user-interface console 0
[Sysname-ui-console0] authentication-mode none
[Sysname-ui-console0] user privilege level 3
[Sysname-ui-console0] quit
# Configure Device to perform password authentication for users logging in to VTY user interfaces 0
through 4. Set the password to 123, and set the privilege level of the users to 2.
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] authentication-mode password
[Sysname-ui-vty0-4] set authentication password cipher 123
[Sysname-ui-vty0-4] user privilege level 2
[Sysname-ui-vty0-4] quit
# Configure Device to use AAA to authenticate users logging in to user interface VTY 5.
[Sysname] user-interface vty 5
[Sysname-ui-vty5] authentication-mode scheme
[Sysname-ui-vty5] quit
51
# Create a RADIUS scheme and configure the IP address and UDP port for the primary authentication
server for the scheme. Make sure that the port number is consistent with that on the RADIUS server. Set
the shared key for authentication packets to expert for the scheme and the RADIUS server type of the
scheme to extended. Configure Device to remove the domain name in the username sent to the RADIUS
server.
[Sysname] radius scheme rad
[Sysname-radius-rad] primary authentication 192.168.2.20 1812
[Sysname-radius-rad] key authentication expert
[Sysname-radius-rad] server-type extended
[Sysname-radius-rad] user-name-format without-domain
[Sysname-radius-rad] quit
# Configure the default ISP domain system to use RADIUS scheme rad for login users and use local
authentication as the backup.
[Sysname] domain system
[Sysname-isp-system] authentication login radius-scheme rad local
[Sysname-isp-system] authorization login radius-scheme rad local
[Sysname-isp-system] quit
# Add a local user named monitor, set the user password to 123, and specify to display the password
in cipher text. Authorize user monitor to use the Telnet service and specify the level of the user as 1, the
monitor level.
[Sysname] local-user monitor
[Sysname-luser-admin] password cipher 123
[Sysname-luser-admin] service-type telnet
[Sysname-luser-admin] authorization-attribute level 1
HWTACACS server
192.168.2.20/24
IP network
Device
Host A
Configuration procedure
# Assign an IP address to Device so that Device and Host A, and Device and the HWTACACS server can
reach each other. (Details not shown)
# Enable the Telnet service on Device.
<Sysname> system-view
52
[Sysname] telnet server enable
# Configure Device to use AAA to control user access to VTY interfaces 0 through 4.
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] authentication-mode scheme
# Enable command authorization to restrict the command level for login users.
[Sysname-ui-vty0-4] command authorization
[Sysname-ui-vty0-4] quit
# Create an HWTACACS scheme named tac and configure the IP address and TCP port for the primary
authorization server for the scheme. Make sure that the port number is consistent with that on the
HWTACACS server. Set the shared key for authentication packets to expert for the scheme and the
HWTACACS server type of the scheme to standard. Specify Device to remove the domain name in the
username that is sent to the HWTACACS server.
[Sysname] hwtacacs scheme tac
[Sysname-hwtacacs-tac] primary authentication 192.168.2.20 49
[Sysname-hwtacacs-tac] primary authorization 192.168.2.20 49
[Sysname-hwtacacs-tac] key authentication expert
[Sysname-hwtacacs-tac] key authorization expert
[Sysname-hwtacacs-tac] server-type standard
[Sysname-hwtacacs-tac] user-name-format without-domain
[Sysname-hwtacacs-tac] quit
# Configure the default ISP domain system to use HWTACACS scheme tac for login users and use local
authorization as the backup.
[Sysname] domain system
[Sysname-isp-system] authentication login hwtacacs-scheme tac local
[Sysname-isp-system] authorization command hwtacacs-scheme tac local
[Sysname-isp-system] quit
# Add a local user named monitor, set the user password to 123, and specify to display the password
in cipher text. Authorize user monitor to use the Telnet service and specify the level of the user as 1, that
is, the monitor level.
[Sysname] local-user monitor
[Sysname-luser-admin] password cipher 123
[Sysname-luser-admin] service-type telnet
[Sysname-luser-admin] authorization-attribute level 1
53
Figure 25 Network diagram
Configuration procedure
# Enable the Telnet service on Device.
<Sysname> system-view
[Sysname] telnet server enable
# Enable command accounting for users logging in through the console port.
[Sysname] user-interface console 0
[Sysname-ui-console0] command accounting
[Sysname-ui-console0] quit
# Create an HWTACACS scheme named tac and configure the IP address and TCP port for the primary
authorization server for the scheme. Make sure that the port number is consistent with that on the
HWTACACS server. Set the shared key for authentication packets to expert for the scheme. Specify
Device to remove the domain name in the username that is sent to the HWTACACS server.
[Sysname] hwtacacs scheme tac
[Sysname-hwtacacs-tac] primary accounting 192.168.2.20 49
[Sysname-hwtacacs-tac] key accounting expert
[Sysname-hwtacacs-tac] user-name-format without-domain
[Sysname-hwtacacs-tac] quit
# Create ISP domain system, and configure the ISP domain to use HWTACACS scheme tac for
accounting of command line users
[Sysname] domain system
[Sysname-isp-system] accounting command hwtacacs-scheme tac
[Sysname-isp-system] quit
54
Configuring FTP
FTP overview
Introduction to FTP
The File Transfer Protocol (FTP) is an application layer protocol for sharing files between server and client
over a TCP/IP network.
FTP uses TCP ports 20 and 21 for file transfer. Port 20 is used to transmit data, and port 21 to transmit
control commands. For more information about basic FTP operation, see RFC 959.
FTP transfers files in two modes:
• Binary mode—Transfers files as raw data, such as .app, .bin, and .btm files.
• ASCII mode—Transfers files as text, such as .txt, .bat, and .cfg files.
FTP operation
FTP adopts the client/server model. A device can function either as the client or as the server (as shown
in Figure 26).
• When the device serves as the FTP client, a user can telnet to it from a PC, and execute the ftp
command to establish a connection to the remote FTP server on the PC to upload/download files
to/from the PC.
• When the device serves as the FTP server, a user can FTP to the device from a PC that runs the FTP
client and upload/download files to/from the device.
Figure 26 Network diagram
When the device serves as the FTP client, perform the following configuration:
Table 14 Configuration when the device serves as the FTP client
When the device serves as the FTP server, perform the following configuration:
55
Table 15 Configuration when the device serves as the FTP server
Use the FTP client program to log You can log in to the FTP server only after you input the
PC (FTP client)
in to the FTP server. correct FTP username and password.
CAUTION:
• Make sure that the FTP server and the FTP client can reach each other before establishing the FTP
connection.
• When you use IE to log in to the device serving as the FTP server, some FTP functions is not available. This
is because multiple connections are established during the login process but the device supports only
one connection at a time.
56
The source IP address specified with the ftp client source command applies to all FTP connections while
the one specified with the ftp command applies to the current FTP connection only.
To establish an IPv4 FTP connection:
Optional.
2. Specify the source IP address ftp client source { interface interface-type By default, the source IP
of sent FTP packets. interface-number | ip source-ip-address } address is determined
by the route from the FTP
client to the FTP server.
NOTE:
• If no primary IP address is configured on the specified source interface, no FTP connection can be
established.
• If you use the ftp client source command to configure a source interface and then use it to configure a
source IP address, the source IP address overwrites the source interface, and vice versa.
57
To manage the directories on an FTP server:
Task Command
Display detailed information about a directory or file on the
dir [ remotefile [ localfile ] ]
remote FTP server.
Return to the upper level directory of the remote FTP server. cdup
58
Task Command Remarks
Set the data transmission mode
passive Passive by default.
to passive.
Task Command
Use another username to re-log in after successfully
user username [ password ]
logging in to the FTP server.
59
Task Command Remarks
Terminate the connection to the FTP server
disconnect Equal to the close command.
without exiting FTP client view.
Terminate the connection to the FTP server Equal to the quit command in
bye
and return to user view. FTP client view.
Terminate the connection to the FTP server Available in FTP client view,
quit
and return to user view. equal to the bye command.
Configuration procedure
CAUTION:
If the memory space available of the device is insufficient, use the fixdisk command to clear the memory
or use the delete /unreserved file-url command to delete the files not in use and then perform the following
operations.
60
2540 KB total (2511 KB free)
<Sysname> delete /unreserved flash:/backup.cfg
# Upload the configuration file config.cfg of the device to the server for backup.
[ftp] ascii
[ftp] put config.cfg back-config.cfg
227 Entering Passive Mode (10,1,1,1,4,2).
125 ASCII mode data connection already open, transfer starting for /config.cfg.
226 Transfer complete.
FTP: 3494 byte(s) sent in 5.646 second(s), 618.00 byte(s)/sec.
[ftp] bye
# Reboot the device, and the boot file is updated at the system reboot.
<Sysname> reboot
61
CAUTION:
The boot file used for next startup must be saved on the first partition under the root directory of the storage
medium. You can copy or move a file to the root directory of the storage medium. For more information
about the boot-loader command, see Fundamentals Command Reference.
Optional.
3. Use an ACL to control FTP
ftp server acl acl-number By default, no ACL is used to control
clients’ access to the router.
FTP clients’ access to the router.
Optional.
30 minutes by default.
4. Configure the idle-timeout Within the idle-timeout time, if there is
ftp timeout minutes no information interaction between
timer.
the FTP server and client, the
connection between them is
terminated.
62
Make the following configuration to perform authentication and authorization on a local FTP user. To
authenticate remote FTP users, you must configure authentication, authorization and accounting (AAA).
For detailed configuration about AAA, see Security Command Reference.
To configure authentication and authorization for FTP server:
NOTE:
• For more information about the local-user, password, service-type ftp, and authorization-attribute
commands, see Security Command Reference.
• When the device serves as the FTP server, to perform write operations (upload, delete, create, and delete
for example) on the device’s file system, the FTP login users must be level 3 users; to perform other
operations, for example, read operation, users of any level from 0 to 3 are allowed.
63
Configuration procedure
1. Configure the device (FTP server)
# Create an FTP user account abc, set its password to abc and the user privilege level to level 3 (the
manage level). Allow user abc to access the root directory of the flash, and specify abc to use FTP.
<Sysname> system-view
[Sysname] local-user abc
[Sysname-luser-abc] password simple abc
[Sysname-luser-abc] authorization-attribute level 3
[Sysname-luser-abc] authorization-attribute work-directory flash:/
To access the root directory of the flash on the standby MPU (in slot 1), replace flash:/ with
slot1#flash:/.
[Sysname-luser-abc] service-type ftp
[Sysname-luser-abc] quit
# Enable FTP.
[Sysname] ftp server enable
[Sysname] quit
# Check files on your device. Remove those redundant to ensure adequate space for the boot file
to be uploaded.
<Sysname> dir
Directory of flash:/
64
NOTE:
• You can take the same steps to upgrade configuration file with FTP. When upgrading the configuration
file with FTP, put the new file under the root directory of the storage medium (For a router that has been
partitioned, the configuration file must be saved on the first partition.).
• After you finish upgrading the Bootware program through FTP, you must execute the bootrom update
command to upgrade the Bootware.
# You can use the boot-loader command to specify the device to download the main boot file at
the next startup (suppose the device supports main/backup boot files). The boot file is upgraded
at the system reboot.
<Sysname> boot-loader file bbb.app slot 0 main
<Sysname> reboot
CAUTION:
The boot file used for next startup must be saved on the first partition under the root directory of the storage
medium. You can copy or move a file to the root directory of the storage medium. For more information
about the boot-loader command, see Fundamentals Command Reference.
65
Configuring TFTP
TFTP overview
Introduction to TFTP
The Trivial File Transfer Protocol (TFTP) provides functions similar to those provided by FTP, but it is less
complex than FTP in interactive access interface and authentication. Therefore, it is more suitable in
environments where complex interaction is not needed between client and server.
TFTP uses the UDP port 69 for data transmission. For information about basic TFTP operation, see RFC
1350.
In TFTP, file transfer is initiated by the client.
• In a normal file downloading process, the client sends a read request to the TFTP server, receives
data from the server, and then sends the acknowledgement to the server.
• In a normal file uploading process, the client sends a write request to the TFTP server, sends data to
the server, and receives the acknowledgement from the server.
TFTP transfers files in two modes:
• Binary mode—Transfers files as raw data, such as .app, .bin, and .btm files.
• ASCII mode—Transfers files as text, such as .txt, .bat, and .cfg files.
TFTP operation
NOTE:
Only the TFTP client service is available with your router.
Before using TFTP, the administrator needs to configure IP addresses for the TFTP client and server, and
make sure that there is a reachable route between the TFTP client and server.
When the device serves as the TFTP client, perform the following configuration:
66
Table 16 Configuration when the device serves as the TFTP client
67
Step Command Remarks
Optional.
2. Use an ACL to control the
router’s access to TFTP tftp-server [ ipv6 ] acl acl-number By default, no ACL is used
servers. to control the device’s
access to TFTP servers.
Optional.
3. Specify the source IP address tftp client source { interface interface-type By default, the source IP
of sent TFTP packets. interface-number | ip source-ip-address } address is determined by
the route from the TFTP
client to the TFTP server.
NOTE:
• If no primary IP address is configured on the source interface, no TFTP connection can be established.
• If you use the ftp client source command to first configure the source interface and then the source IP
address of the packets of the TFTP client, the new source IP address overwrites the current one, and vice
versa.
68
Figure 30 Network diagram
Configuration procedure
1. Configure the PC (TFTP server):
a. On the PC, enable the TFTP server. (Details not shown)
b. Configure a TFTP working directory. (Details not shown)
2. Configure the device (TFTP client):
CAUTION:
If the memory available of the device is insufficient, use the fixdisk command to clear the memory or use
the delete /unreserved file-url command to delete the files not in use and then perform the following
operations.
CAUTION:
The boot file used for next startup must be saved on the first partition under the root directory of the storage
medium. You can copy or move a file to the root directory of the storage medium. For more information
about the boot-loader command, see Fundamentals Command Reference.
69
Managing the file system
NOTE:
Throughout this document, a filename can be entered as either of the following:
• A fully qualified filename with the path included to indicate a file under a specific path. The filename can
be 1 to 135 characters in length.
• A short filename with the path excluded to indicate a file in the current path. The filename can be 1 to
91 characters in length.
Filename formats
When you specify a file, you must enter the filename in one of the following formats.
70
Format Description Length Example
Specifies a file in the specified
folder in the current working
test/a.cfg indicates a file named
directory. path represents the 1 to 135
path/file-name a.cfg in the test folder in the current
folder name. You can specify characters
working directory.
multiple folders, indicating a file
under a multi-level folder.
Managing directories
You can perform an extensive set of directory operations, such creating or removing a directory,
displaying the current working directory, displaying a specific directory, or displaying file information.
71
Creating a directory
Task Command Remarks
Create a directory. mkdir directory Available in user view
Removing a directory
Task Command Remarks
Remove a directory. rmdir directory Available in user view
NOTE:
• The directory to be removed must be empty. Before you remove a directory, you must delete all the files
and the subdirectory in the directory. For more information about file deletion, see the delete command;
for more information about subdirectory deletion, see the rmdir command.
• The rmdir command automatically deletes the files in the recycle bin in the current directory.
Managing files
You can display the specified directory or file information; display file contents; rename, copy, move,
remove, restore, and delete files.
NOTE:
You can create a file by copying, downloading or using the save command.
CAUTION:
When the system is reading, writing, or deleting contents on the storage medium, power-off of the router
may result in space loss and file corruption of the storage medium. In this case, you can try to restore the
storage medium in the following steps:
• Copy the remaining files on the storage medium to another storage medium for backup.
• Format the storage medium using the format command.
For a partition device, you can just format the partition corresponding to the corrupted file.
72
Task Command Remarks
Currently only a .txt file can be
Display the contents of a file. more file-url displayed.
Available in user view
Renaming a file
Task Command Remarks
Rename a file. rename fileurl-source fileurl-dest Available in user view
Copying a file
Task Command Remarks
Copy a file. copy fileurl-source fileurl-dest Available in user view
Moving a file
Task Command Remarks
Move a file. move fileurl-source fileurl-dest Available in user view
Deleting a file
Task Command Remarks
Move a file to the recycle bin or
delete [ /unreserved ] file-url Available in user view
delete it permanently.
CAUTION:
• The files in the recycle bin still occupy storage space. To delete a file in the recycle bin, execute the reset
recycle-bin command in the directory to which the file originally belongs. H3C recommends you to
empty the recycle bin timely with the reset recycle-bin command to save storage space.
• The delete /unreserved file-url command deletes a file permanently and the action cannot be undone.
Execution of this command equals execution of the delete file-url command and then the reset
recycle-bin command in the same directory.
73
Emptying the recycle bin
Step Command Remarks
Optional.
If the original directory of the file to
1. Enter the original working
be deleted is not the current
directory of the file to be cd { directory | .. | / }
working directory, this command is
deleted.
required.
Available in user view.
2. Delete the file in the current
directory and in the recycle reset recycle-bin [ /force ] Available in user view.
bin.
Task Command
Compute the digest of a specified file. crypto-digest sha256 file-url
Step Command
1. Enter system view. system-view
CAUTION:
Execution of a batch file does not guarantee successful execution of every command in the batch file. If a
command has error settings or the conditions for executing the command are not satisfied, this command
fails to be executed, and the system skips to the next one.
74
• Built-in flash memory
• USB disk
• CF card
When a storage medium is recognized, the router manages and manipulates the files in the storage
medium, for example, reading and writing the files.
NOTE:
• The MPU of the router has two USB interfaces, and only the upper one supports USB disk.
• The router supports FAT16 and FAT32 file systems for storage media.
• The router does not support such USB devices as movable disks, USB HUB, MP3 or MP4. Kingston 1G
USB disk is recommended.
Naming rules
Naming rules of the storage media are as follows:
• The name of the partition device includes the physical device name and partition number. The
sequence numbers of partitions are displayed in numbers such as 0, 1 and 2. For example, the
second partition of the CF card is cf1. If there is only one partition on the CF card, the partition
name is the physical device name followed by 0.
• The name of the router not supporting partitioning (like USB disk) is composed of the physical
device name and sequence number. The sequence numbers of partitions are displayed in letters
such as a, b, and c, for example, usba.
CAUTION:
• When you format a storage medium, all the files stored on it are erased and cannot be restored. In
particular, if there is a startup configuration file on the storage medium, formatting the storage medium
results in loss of the startup configuration file.
• For a partition device, you can only format a partition rather than the whole storage medium.
• You can execute the fixdisk command for a storage medium on the active MPU, but you cannot execute
the command for a storage medium on the standby MPU.
75
Mounting and unmounting a storage medium
For a hot swappable storage medium (excluding flash), such as a CF card, you can use the mount and
umount command to mount or unmount it. When a storage medium is connected to a lower version
system, the system cannot recognize the storage medium. To perform read and write operations to the
storage medium, you must mount it.
When a router is unmounted, it is in a logically disconnected state, and you can then safely remove the
storage medium from the system. To mount a router, you are reconnecting the logically disconnected
router to the system.
To mount or unmount a storage medium:
CAUTION:
• Do not remove the storage medium or swap a card when mounting or unmounting the router, or when
you are processing files on the storage medium. Otherwise, the file system could be damaged.
• When a storage medium is connected to a low version system, the system may not be able to recognize
the router automatically; you need to use the mount command for the storage medium to function
normally.
• Before removing a mounted storage medium from the system, you should first unmount it by using the
umount command. If the unmount operation fails, its means the files in the storage medium are still
being accessed. You need to wait until the file reading/writing operation ends and execute the umount
command again to unmount the storage medium.
• If one or more partitions of a CF card are not unmounted through the umount command, the CF card
will still be powered on. Therefore, make sure you have unmounted all the partitions before removing the
CF card from the system to avoid storage medium damage caused by charged operations.
• For a USB disk inserted into the USB interface, you must not unplug it before the system recognizes it.
Otherwise, the USB interface or the USB disk may work abnormally. To unplug a USB disk, make sure
that the system has recognized it and the USB disk LED does not blink, use the umount command to
unmount it, and unplug it.
• Before removing a partitioned CF card or a USB disk, unmount all the partitions of the CF card or a USB
disk. Otherwise, the file system on the CF card or a USB disk may be damaged.
• Before partitioning a USB disk, make sure that the disk is not write protected; otherwise, the partition
operation fails, and you need to remount or re-plug the disk to restore normal access to the USB disk.
76
Partitioning a storage medium
The storage medium partitioning function enables you to divide a storage medium into several different
logical devices called partitions and you can perform file operations on each partition respectively. This
prevents interaction of files on each partition.
The following two partitioning modes are supported on a storage medium:
• Simple—In this mode, you should specify the number of partitions. The system divides the storage
medium into the specified number of partitions with the same size.
• Interactive—In this mode, you need not specify the number of partitions. The system partitions the
storage medium according to user input. Each partition, however, must be 32 MB at least.
To partition a storage medium:
CAUTION:
• The fdisk device [ partition-number ] command clears all data in a storage medium. Save the files in the
CF card before partitioning it.
• The fdisk device [ partition-number ] command adds or reduces partition devices. You should reset the
path of the application program as needed.
• If the router starts from the CF card, the startup file and the configuration file must be in the first partition
of the CF card.
• To prevent log file from affecting the startup file and configuration file, you are recommended to set the
path of the log file to partitions other than the first partition if you partition the CF card. By default, the
system automatically sets the path of the log file to the second partition. If the path does not exist on the
CF card, you can use the info-center logfile switch-directory command to change the path to avoid loss
of the log files. For more information about this command, see Network Management and Monitoring
Command Reference.
• After partitioning is completed, the sizes of the partitions are not necessarily consistent with those
specified in an interactive way. The dispersion, however, is smaller than 5% of the total memory of the CF
card.
• Before removing a partitioned storage medium, unmount all the partitions of the storage medium.
Otherwise, the file system on the storage medium may be damaged.
• Before partitioning a USB disk, make sure that the disk is not write protected; otherwise, the partition
operation fails, and you need to remount or re-plug the disk to restore normal access to the USB disk.
77
Step Command Remarks
3. Enter system view. system-view N/A
78
4 -rw- 39067474 Jan 23 2008 17:23:02 debug.app
# Copy the file test.app in the USB disk to the flash, and overwrite the file with the same name in the flash.
<Sysname> copy usba:/test.app flash:/
Copy usba:/test.app to flash:/test.app?[Y/N]:y
The file flash:/test.app exists. Overwrite it?[Y/N]:y
......
%Copy file usba:/test.app to flash:/test.app...Done.
79
Managing configuration files
The router provides the configuration file management function. You can manage configuration files at
the command-line interface (CLI).
Types of configuration
The router maintains the following types of configurations: startup configuration and running
configuration.
Startup configuration
Use startup configuration for initialization when the router boots. If this file does not exist, the system
boots using the factory defaults.
You can view the startup configuration in either of the following ways:
• Use the display startup command to view the currently using startup configuration file, and use the
more command to view the content of the configuration file.
• After the reboot of the device and before configuring the router, use the display
current-configuration command to view the startup configuration.
Running configuration
The currently running configuration may include the startup configuration if the startup configuration is
not modified during system operation. It also includes any new configurations performed by users during
router operation.
The running configuration is stored in a temporary storage media of the router. You must save a setting
you have made so it can survive a reboot.
You can use the display current-configuration command to view the current configuration.
80
Startup with the configuration file
If a router supports only one startup configuration file, at startup:
1. If the startup configuration file you specify exists, the router starts up with this configuration file.
2. If the specified startup configuration file does not exist, the router boots using factory defaults.
NOTE:
If you execute the save filename command and press Enter, the system saves the current configuration to
the specified path, but the standby MPU does not save the configuration.
81
The fast saving mode is suitable for environments where the power supply is stable. The safe mode,
however, is preferred in environments where stable power supply is unavailable or remote maintenance
is required.
CAUTION:
A router reboot or power failure while the configuration file is being saved may result in loss of the
configuration file for next startup. In this case, the router should be started with factory defaults and after
the router starts, you need to re-specify a configuration file to be used at the next startup.
NOTE:
• The configuration file must have the .cfg extension.
• If you press Enter after entering the save command, you save the configuration file in an interactive way.
In this way, you can use the default path or enter a filename to specify a new path, but the suffix of the
filename must be .cfg and the path must be the path of the storage media on the active MPU.
• If you use the save file-name command, even if the configuration file saving synchronization for the
active MPU and standby MPU function is enabled, the standby MPU does not automatically save the
current configuration to its own configuration file. If you do not specify the file-name argument, the
standby MPU automatically saves the current configuration when the active MPU executes the save
command.
• In interactive mode, if you use the non-default path, which means you enter a new filename, the system
automatically sets the file as the configuration file to be used at the next startup of the router.
82
Task Command Remarks
Erase the startup configuration file
reset saved-configuration Available in user view
from the storage media.
CAUTION:
The reset saved-configuration command permanently deletes the configuration file from the router. Use it
with caution.
NOTE:
The running configuration is only saved to the active MPU. Only the configuration on the active MPU can
be rolled back. However, the related configuration is synchronized to the standby MPU to ensure the
rollback of the configuration after an active/standby switchover.
83
Task Remarks
Configuring parameters for saving the running configuration Required.
84
NOTE:
• You can perform the save and rollback operations only on the active MPU. To make the configuration
rollback take effect on the new active MPU after an active/standby switchover, execute the archive
configuration location command to specify the path and filename prefix of the saved configuration file
on both the active MPU and standby MPU. Therefore, before the execution of this command, make sure
that the specified path is available on both the active MPU and standby MPU, and that the path cannot
include any slot number.
• If you execute the undo archive configuration location command, the running configuration cannot be
saved either manually or automatically. The configuration performed by executing the archive
configuration interval and archive configuration max commands is restored to the default, and the
saved configuration files are cleared.
• The value of the file-number argument is determined by memory space. H3C recommends that you set
a comparatively small value for the file-number argument if the available memory space is small.
NOTE:
You must specify the path and filename prefix for saving configuration files before configuring the
automatic saving period.
85
While automatic saving of the running configuration is performed periodically, manual saving can
immediately save the running configuration. Therefore, before performing any complicated configuration,
manually save the running configuration so that the router can revert to the previous state if the
configuration fails.
To manually save the running configuration:
NOTE:
Specify the path and filename prefix of a save configuration file before you manually save the running
configuration; otherwise, the operation fails.
Step Command
1. Enter system view. system-view
CAUTION:
If a command cannot be rolled back, the system skips it and processes the next one.
Configuration rollback may fail if:
• A card is unplugged or plugged during configuration rollback, that is, when the system is executing the
configuration replace file command.
• The complete undo form of a command is not supported, namely, you cannot get the actual undo form
of the command by simply putting the keyword undo in front of the command, so the complete undo
form of the command cannot be recognized by the router.
• The configuration cannot be removed, such as hardware-related commands.
• Commands in different views are dependent on each other.
• The replacement configuration file is not a complete file generated by using the save or archive
configuration command, or the file is copied from a different type of router. Make sure that the
replacement configuration file is correct, complete, and compatible with the current router.
• The configuration file specified is not in simple text. The configuration file specified with the
configuration replace file filename command can only be a configuration file in simple text. Otherwise,
errors may occur in configuration rollback.
86
at the next system startup. For a router supporting main/backup startup configuration file, the
system sets the file as the main startup configuration file to be used at the next system startup.
• Use the command dedicated to specify a startup configuration file, which is described in the
following table:
To specify a configuration file as the startup configuration file to be used at the next system startup:
CAUTION:
• A configuration file must use .cfg as its extension name. The startup configuration file must be saved in
the root directory of the first partition.
• During the router boot process, the router cannot read data from the USB disk. Therefore, do not save the
boot file on the USB disk.
NOTE:
The backup/restore operation applies to the configuration file to be used at the next startup.
87
NOTE:
Before the backup operation:
• Make sure that the router and the server can reach each other, the server is enabled with TFTP service,
and the client has the read and write permission.
• Use the display startup command (in user view) to see if you have set the startup configuration file, and
use the dir command to verify if this file exists. If the file is set as NULL or does not exist, the backup
operation fails.
NOTE:
• Before restoring a configuration file, make sure that the router and the server can reach each other, the
server is enabled with TFTP service, and the client has read and write permission.
• When the command is successfully executed, you can use the display startup command (in user view)
to verify if the filename of the startup configuration file is the same as the filename argument, and use the
dir command to verify if the restored file exists.
88
Task Command Remarks
display current-configuration
[ [ configuration [ configuration ] |
interface [ interface-type ]
Display the current configuration. [ interface-number ] ] [ by-linenum ] Available in any view
[ | { begin | exclude | include }
text ] ] [ | { begin | exclude |
include } regular-expression ]
NOTE:
For more information about the display this and display current-configuration commands, see
Fundamentals Command Reference.
89
Upgrading software
You can upgrade both the BootWare program and system boot file using the BootWare menu or at the
command-line interface (CLI). The following sections cover how to upgrade software at the CLI. For more
information about how to upgrade software using the BootWare menu, see the H3C SR8800 10G Core
Routers Installation Guide.
90
Task Remarks
Upgrading software through hotfix Optional
****************************************************************************
* *
* H3C SR8800 BootWare, Version 203 *
* *
****************************************************************************
Copyright (c) 2004-2010 Hangzhou H3C Technologies Co., Ltd.
91
The switch's Mac address... [00:0F:E2:DE:86:00]
BootWare Validating...
Press Ctrl+B to enter extended boot menu...
NOTE:
The output varies with router models.
Press Ctrl+B when "Press Ctrl+B to enter extended BootWare menu..." appears.
Please input BootWare password:
Input the correct password to enter the BootWare main menu. (By default, no password is set, and press
Enter to enter the menu. When a password is set, if you fail to input the correct password three times, the
system hangs up, and you have to reboot the router.)
Note: The current operating device is cfa0
Enter < Storage Device Operation > to select device.
===========================<EXTEND-BOOTWARE MENU>===========================
|<1> Boot System |
|<2> Enter Serial SubMenu |
|<3> Enter Ethernet SubMenu |
|<4> File Control |
|<5> Modify BootWare Password |
|<6> BootWare Operation Menu |
|<7> Storage Device Operation |
|<0> Reboot |
============================================================================
Enter your choice(0-7):
BootWare submenus
Accessing the serial submenu
You can upgrade the system software and modify serial port parameters from the serial submenu.
Enter 2 in the BootWare main menu to access the serial submenu.
===========================<Enter Serial SubMenu>===========================
|Note:the operating device is cfa0 |
|<1> Download Application Program To SDRAM And Run |
|<2> Update Main Application File |
|<3> Update Backup Application File |
|<4> Update User Private File |
|<5> Modify Serial Interface Parameter |
|<0> Exit To Main Menu |
============================================================================
Enter your choice(0-5):
92
|<1> Download Application Program To SDRAM And Run |
|<2> Update Main Application File |
|<3> Update Backup Application File |
|<4> Update User Private File |
|<5> Modify Ethernet Parameter |
|<0> Exit To Main Menu |
|<Ensure The Parameter Be Modified Before Downloading!> |
============================================================================
Enter your choice(0-5):
Item Description
<1> Display All File(s) Display all files.
93
Load File Name :
:main.bin
Target File Name :
:main.bin
Server IP Address :192.168.1.1
Local IP Address :192.168.1.2
Gateway IP Address :
FTP User Name :user
FTP User Password :password
Field Description
Load File Name Name for the downloaded file.
Name of the target file, identical with the name of the file on the
Target File Name
server.
94
|Note:the operating device is cfa0 |
|<1> Download Application Program To SDRAM And Run |
|<2> Update Main Application File |
|<3> Update Backup Application File |
|<4> Update User Private File |
|<5> Modify Serial Interface Parameter |
|<0> Exit To Main Menu |
============================================================================
Enter your choice(0-5):
2. Enter 5 in the serial submenu to change the baud rate.
===============================<BAUDRATE SET>===============================
|Note:'*'indicates the current baudrate |
| Change The HyperTerminal's Baudrate Accordingly |
|---------------------------<Baudrate Available>---------------------------|
|<1> 9600(Default)* |
|<2> 19200 |
|<3> 38400 |
|<4> 57600 |
|<5> 115200 |
|<0> Exit |
============================================================================
Enter your choice(0-5):5
Select the baud rate that you want to use. For example, enter 5 to select 115200 bps. The
following information appears:
Baudrate has been changed to 115200 bps.
Please change the terminal's baudrate to 115200 bps, press ENTER when ready.
NOTE:
If you use the default baud rate 9600 bps, go to Step 7.
3. Disconnect the HyperTerminal from the router by selecting Call/Disconnect in the HyperTerminal
window.
Figure 32 Disconnecting the terminal
4. Select File > Properties in the HyperTerminal window, click Configure in the popup dialog box,
and select the baud rate of 115200 bps in the console port properties dialog box.
95
Figure 33 Router Properties dialog box
96
Figure 35 Connecting to the router
97
Figure 36 Send File dialog box
8. Click Send.
The following dialog box appears:
Figure 37 Sending the file by using XMODEM
98
Enter your choice(0-5):
9. Enter 0 to return to the BootWare main menu, and then enter 1 to boot the system.
NOTE:
• After the startup, change the baud rate of the HyperTerminal back to 9600 bps by following Step 3
through Step 5.
• For higher speed, use the Ethernet port instead of the console port to download the system software
image.
3. Reboot the router to make the specified BootWare program take effect.
NOTE:
The system boot file (with the file extension.bin) comprises the BootWare program, which is automatically
upgraded when the system boot file is upgraded. You can also manually upgrade the BootWare program
by executing the bootrom update file command.
99
Task Command Remarks
Specify a file to be used at the next boot-loader file file-url slot
Available in user view.
router boot on a card. slot-number { main | backup }
CAUTION:
• The file for the next router boot must be saved in the root directory of the router. For a router with a
partitioned storage media, the file must be saved on the first partition. You can copy or move a file to
change the path of it to the root directory.
• The names of the files for the next boot of the active MPU and the standby MPU may be different, but the
versions of the files must be the same. Otherwise, the router may not boot normally.
100
Incremental patch
Patches in a patch file are all incremental patches. An incremental patch means that the patch is
dependent on the previous patch units. For example, if a patch file has three patch units, patch 3 can be
running only after patch 1 and 2 take effect. You cannot run patch 3 separately.
Patch package
A patch package contains patches of the same version but for various types of cards. You can install a
patch package on a distributed device or an IRF virtual device to upgrade the software of multiple cards
at a time. When you execute a patch package, the system automatically finds out the proper patch for
each card, and loads them to the cards, simplifying patch operation and patch version management.
Patch state
Each patch has a state, which can be switched only by commands. The relationship between patch state
changes and command actions is shown in Figure 38. The patch can be in IDLE, DEACTIVE, ACTIVE, or
RUNNING state. Load, run temporarily, confirm running, stop running, delete, install, and uninstall
represent operations, corresponding to commands of patch load, patch active, patch run, patch deactive,
patch delete, patch install, and undo patch install.
For example, if you execute the patch active command for the patches in DEACTIVE state, the patches
switch to ACTIVE state.
IMPORTANT:
Patch state information is saved in Flash memory in the file patchstate. To make sure that the device can
correctly find the patches, do not edit, delete, move the file, or change the file name.
101
Figure 38 Relationship between patch state changes and command actions
IDLE state
Patches in IDLE state are not loaded. You cannot activate or run the patches, as shown in Figure 39
(suppose the memory patch area can load up to eight patches). The patches that are in IDLE state are still
in IDLE state after system reboot.
Figure 39 Patches are not loaded to the memory patch area
Patch 1 IDLE
Patch 2 IDLE
Patch 3 IDLE
Patch 4 IDLE
Patch 5 IDLE
NOTE:
Currently, the system patch area supports up to 200 patches.
DEACTIVE state
Patches in DEACTIVE state have been loaded to the memory patch area but have not run in the system
yet. Assume that there are seven patches in the patch file to be loaded. After the seven patches pass the
version check and CRC check, they are loaded to the memory patch area and are in DEACTIVE state.
The patch states in the system are as shown in Figure 40.
102
The patches that are in DEACTIVE state are still in DEACTIVE state after system reboot.
Figure 40 A patch file is loaded to the memory patch area
ACTIVE state
Patches in ACTIVE state are those that have run temporarily in the system and become DEACTIVE after
system reboot. For the seven patches in Figure 40, if you activate the first five patches, their patch states
change from DEACTIVE to ACTIVE. The patch states in the system are as shown in Figure 41.
The patches that are in ACTIVE state are in DEACTIVE state after system reboot.
Figure 41 Patches are activated
Patch 1 ACTIVE
Patch 2 ACTIVE
Patch 3 ACTIVE
Patch 4 ACTIVE
Patch 5 ACTIVE
Patch 6 DEACTIVE
Memory Patch Area
Patch 7 DEACTIVE
Patch 8 IDLE
RUNNING state
After you confirm the running of the ACTIVE patches, the state of the patches changes to RUNNING and
the patches are in RUNNING state after system reboot. For the five patches in Figure 41, if you confirm
running the first three patches, their states change from ACTIVE to RUNNING. The patch states of the
system are as shown in Figure 42.
The patches that are in RUNNING state are still in RUNNING state after system reboot.
103
Figure 42 Patches are running
Patch 1 RUNNING
Patch 2 RUNNING
Patch 3 RUNNING
Patch 4 ACTIVE
Patch 5 ACTIVE
Patch 6 DEACTIVE
Memory Patch Area
Patch 7 DEACTIVE
Patch 8 IDLE
CAUTION:
Make sure the version of the patch files consistent with that of the current software before loading,
activating, and running the patches.
Configuration prerequisites
Before patching the system, save the appropriate patch files to the storage media of the router with FTP
or TFTP.
Patches are released according to card type. Make sure the patch files match the router model and card
type.
Save the patch files to the active MPU and standby MPU so that the patches on the original standby MPU
can run after an active and standby switchover. During patching, the system first searches the root
directory of the storage media on the active MPU for patch files. Then it compares the patch files with the
card type by the patch flag. If they match, the patches are loaded to or installed on the board.
The flag suffix is the first three characters of the version item (with the display patch information
command). Table 19 describes the default patch for some card types.
Table 19 Default patches for different card types
104
Product Cart type Flag Default patch name
SR02SRP1E3
SR02SRP1M3
SR02SRP1F3
PATCH-M2F patch_m2f.bin
SR02SRP2F3
SPE-1010
PATCH-LPA patch_lpa.bin
SPE-1020
SPE-1010-E
IM-FW
SPE-1010-II
SPE-1020-II
PATCH-LPL patch_lpl.bin
SPE-1010-E-II
SPE-1020-E-II
SPC-XP4L
SPC-XP2L
SPC-GP48L
SPC-GT48L
105
Step Command
1. Enter system view. system-view
2. Install the patches in one step. patch install { patch-location | file patch-package }
NOTE:
• The patch matches the card type and software version.
• If you install a patch file by specifying the directory where the patch file locates, the patch install
command will change the patch file location specified with the patch location command to the directory
specified by the patch-location argument of the patch install command.
• If you install a patch file by specifying the filename of the patch package, the patch install command will
not change the patch file location specified with the patch location command.
• To uninstall all patches in one operation, use the undo patch install command, which is the same as
performing Uninstalling a patch step-by-step.
Task Remarks
Optional.
Configuring the patch file location
To install a patch package, skip this step.
106
NOTE:
• The directory specified by the patch-file argument must exist on both the active MPU and standby MPU.
If the standby MPU does not have such directory, the system cannot locate the patch files on the original
standby MPU after an active and standby switchover.
• If you install a patch file by specifying the directory where the patch file locates, after the patch install
command is executed, the system automatically changes patch file location specified with the patch
location command to the directory specified by the patch-location argument of the patch install
command. For example, if you execute the patch location xxx command and then the patch install yyy
command, the patch file location automatically changes from xxx to yyy.
CAUTION:
• Set the file transfer mode to binary mode before using FTP or TFTP to upload or download patch files to
or from the flash of the router. Otherwise, patch file cannot be parsed properly.
• To hotfix a router with active MPU and standby MPU s, make sure that the patch files on the two boards
are the same. Otherwise, the router cannot backup the patch states, resulting in patch state loss.
Step Command
1. Enter system view. system-view
2. Load the patch file on the storage medium
patch load slot slot-number [ file patch-package ]
to the memory patch area.
Activating patches
After you activate a patch, the patch takes effect and is in the test-run stage. After the router is reset or
rebooted, the patch becomes invalid.
If you find that an ACTIVE patch is of some problem, you can reboot the router to deactivate the patch,
so as to avoid a series of running faults resulting from patch error.
To activate patches:
Step Command
1. Enter system view. system-view
107
Step Command
1. Enter system view. system-view
2. Confirm the running of the specified
patch run [ patch-number ] [ slot slot-number ]
patches.
NOTE:
This operation is applicable to patches in ACTIVE state only.
Task Remarks
Stopping patches Required
Stopping patches
When you deactivate a patch, the patch state becomes DEACTIVE, and the system runs in the way before
it is installed with the patch.
To deactivate patches:
Step Command
1. Enter system view. system-view
2. Stop running the specified patches. patch deactive [ patch-number ] slot slot-number
Deleting patches
When a patch is deleted, the system runs in the way before it is installed with the patch.
To delete patches:
108
Step Command
1. Enter system view. system-view
2. Delete the specified patches from the
patch delete [ patch-number ] slot slot-number
memory patch area.
NOTE:
If you plug in a line card during upgrading of a logic, you have to wait a comparatively long time for the
router to power on this line card.
109
Software upgrade configuration examples
Remote upgrade configuration example
Network requirements
As shown in Figure 43, the router (Device) serves as the FTP client. The SR8800.app application program
and the LPUBTR.app BootWare program are both saved in the SR8800 directory of the FTP server. The
device and the FTP server can reach each other, and the PC and device can reach each other.
Upgrade the software version and Boot ROM version of the device through remote operations.
Figure 43 Network diagram
Configuration procedure
1. Configure FTP server (the configurations may vary with different types of servers)
# Enable the FTP server.
<FTP-Server> system-view
[FTP-Server] ftp server enable
# Set the FTP username to aaa and the password to hello.
[FTP-Server] local-user aaa
[FTP-Server-luser-aaa] password cipher hello
# Configure the user to have read-write permissions on the aaa directory.
[FTP-Server-luser-aaa] service-type ftp
[FTP-Server-luser-aaa] level 3
[FTP-Server-luser-aaa] authorization-attribute work-directory flash:/
2. Configure Device
CAUTION:
If the size of the Flash memory on the router is not large enough, delete the original application programs
from the Flash before downloading.
# Enter the following command in the user view to log in to the FTP server.
<Device> ftp 2.2.2.2
Trying ...
110
Press CTRL+K to abort
Connected to 2.2.2.2.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(2.2.2.2:(none)): aaa
331 Give me your password, please
Password:
230 Logged in successfully
[ftp]
# Download the SR8800.app and LPUBTR.app files from the FTP server to the Flash memory of
Device.
[ftp] get SR8800.app
[ftp] get LPUBTR.app
# Clear the FTP connection and return to the user view.
[ftp] bye
<Device>
# Upgrade the BootWare file of the MPU using the file downloaded through FTP.
<Device> bootrom update file LPUBTR.app slot 0
# Specify the application program for the next boot on MPU 0.
<Device> boot-loader file SR8800.app slot 0 main
# When the MPUs of the router work in the active/standby mode, you need to upgrade the
program of the standby MPU and specify it as the application program for the next boot. If the
standby MPU is in slot 1, the command is as follows:
<Device> boot-loader file slot1#flash:/SR8800.app slot 1 main
# Reboot the router. The application program is upgraded now.
<Device> reboot
111
Figure 44 Network diagram
Configuration procedure
1. Configure FTP server (the configuration varies depending on server type)
# Enable FTP server.
<FTP-Server> system-view
[FTP-Server] ftp server enable
# Configure an FTP user with the name aaa and password hello.
[FTP-Server] local-user aaa
[FTP-Server-luser-aaa] password cipher hello
# Assign read-write rights for the FTP user aaa.
[FTP-Server-luser-aaa] service-type ftp
[FTP-Server-luser-aaa] authorization-attribute work-directory flash:/aaa
2. Configure Device
CAUTION:
Make sure the free flash space of the device is big enough to store the patches.
# Before upgrading the software, use the save command to save the current system configuration.
(Details not shown)
# Log in to the FTP server. Note that the command output varies depending on server type.
<Device> ftp 2.2.2.2
Trying 2.2.2.2 ...
Press CTRL+K to abort
Connected to 2.2.2.2.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(2.2.2.2:(none)):aaa
331 Give me your password, please
Password:
230 Logged in successfully
[ftp]
# Download the patch_m2e.bin and patch_lpe.bin files from FTP Server.
[ftp] binary
[ftp] get patch_m2e.bin
112
[ftp] get patch_lpe.bin
[ftp] bye
<Device>
# Copy the patch files to the root directory of the standby MPU in slot 1.
<Device> copy patch_m2e.bin slot1#flash:/
<Device> copy patch_lpe.bin slot1#flash:/
# Install the patch.
<Device> system-view
[Device] patch install flash:
Patches will be installed. Continue? [Y/N]:y
Do you want to continue running patches after reboot? [Y/N]:y
Installing patches........
%Aug 8 11:15:30:607 2008 Sysname MEM/4/WARNING:
Patch load completed for slot 0.
%Aug 8 11:15:30:707 2008 Sysname MEM/4/WARNING:
Patch load completed for slot 1.
%Aug 8 11:15:30:807 2008 Sysname MEM/4/WARNING:
Patch load completed for slot 3.
%Aug 8 11:15:30:817 2008 Sysname MEM/4/WARNING:
Patch load completed for slot 3.1
Installation completed, and patches will continue to run after reboot.
113
Managing the device
NOTE:
Storage media include Flash and compact Flash (CF). Flash is exemplified in this document.
In this document, SPC cards refer to the cards with silkscreen staring with SPC, for example, SPC-GT48L,
and SPE cards refer to the cards with silkscreen staring with SPE, for example, SPE-1020-E-II.
File names in this document comply with the following rules:
• Path + file name (namely, a full file name): File on a specified path. A full file name consists of 1 to 135
characters.
• “File name” (namely, only a file name without a path): File on the current working path. The file name
without a path consists of 1 to 91 characters.
display current-configuration
[ [ configuration [ configuration ] |
interface [ interface-type ]
Display the current configuration of [ interface-number ] ] [ by-linenum ]
Available in any view
the router. [ | { begin | exclude | include }
regular-expression ] ] [ | { begin |
exclude | include }
regular-expression ]
114
Task Command Remarks
more file-url
To display the configuration file The more command is available in
Display the saved configuration, user view.
used at the next startup, use this
or, in other words, the content of
command: The display saved-configuration
the configuration file.
display saved-configuration command is available in any view.
[ by-linenum ]
NOTE:
For more information about the more, display default-configuration, display current-configuration, and
display saved-configuration commands, see the chapters “Managing files” and “Managing
configuration files.”
Optional
2. Configure the device name. sysname sysname
H3C by default
Configuration guidelines
You can change the system time by configuring the relative time, time zone, and daylight saving time. The
configuration result depends on their configuration order (see Table 20). In the first column of this table,
1 represents the clock datetime command, 2 represents the clock timezone command, and 3 represents
the clock summer-time command. To verify the system time setting, use the display clock command. This
table assumes that the original system time is 2005/1/1 1:00:00.
115
Table 20 System time configuration results
03:00:00 ss Sat
01/01/2005
3 NOTE:
If the original system time
The original system time
plus summer-offset is
in the daylight saving time clock summer-time ss
one-off 00:30 beyond the daylight saving
range:
2005/1/1 1:00 time range, the original
The system time increases 2005/8/8 2 system time does not
by summer-offset. change. After you disable
the daylight saving setting,
the system time
automatically decreases by
summer-offset.
clock datetime 1:00
date-time outside the 2007/1/1
daylight saving time 01:00:00 UTC Mon
clock summer-time ss
range: one-off 1:00 01/01/2007
date-time 2006/1/1 1:00
2006/8/8 2
10:00:00 ss Mon
01/01/2007
NOTE:
1, 3
clock datetime 8:00 If the date-time plus
date-time in the daylight 2007/1/1 summer-offset is outside the
saving time range: clock summer-time ss daylight saving time range,
one-off 1:00 the system time equals
date-time + summer-offset 2007/1/1 1:00
2007/8/8 2
date-time. After you disable
the daylight saving setting,
the system time
automatically decreases by
summer-offset.
116
Command Effective system time Configuration example System time
clock summer-time ss
3, 1 one-off 1:00
(date-time outside the 2007/1/1 1:00 01:00:00 UTC Tue
date-time 2007/8/8 2
daylight saving time 01/01/2008
range) clock datetime 1:00
2008/1/1
clock summer-time ss
date-time – summer-offset one-off 1:00
outside the daylight 2007/1/1 1:00 23:30:00 UTC Sun
saving time range: 2007/8/8 2 12/31/2006
3, 1 clock datetime 1:30
date-time – summer-offset
(date-time in the 2007/1/1
daylight saving time clock summer-time ss
date-time – summer-offset one-off 1:00
range)
in the daylight saving time 2007/1/1 1:00 03:00:00 ss Mon
range: 2007/8/8 2 01/01/2007
date-time clock datetime 3:00
2007/1/1
117
Command Effective system time Configuration example System time
clock timezone
date-time in the daylight zone-time add 1
saving time range, but
clock summer-time ss
date-time – summer-offset one-off 1:00 23:30:00 zone-time Mon
outside the summer-time 2008/1/1 1:00 12/31/2007
range: 2008/8/8 2
Configuration procedure
To configure the system time:
Optional.
clock timezone zone-name { add |
3. Set the time zone. Universal time coordinated (UTC)
minus } zone-offset
time zone by default.
118
To enable displaying copyright information:
Configuring banners
Introduction to banners
Banners are messages that the system displays when a user connects to the device to perform login
authentication, and start interactive configuration.
Banner types
The system supports the following types of banners:
• Legal banner appears after the system displays the copyright or license statement for a user
attempting to log in. To continue authentication or login, the user must enter Y or press Enter. To quit
the process, the user must enter N. Y and N are case-insensitive.
• Message of the Day (MOTD) banner displays the greeting message, and appears after the legal
banner and before the login banner. Support for this banner depends on the device model.
• Login banner appears only when password or scheme login authentication has been configured.
• Incoming banner appears for Modem dial-in users and the shell banner appears for users that use
any other access method to access the CLI.
119
Please input banner content, and quit with the character '%'.――System prompt
Have a nice day.
Please input the Password!%
{ Method II—Type a character after the command keywords at the first line, and press Enter.
Type the banner information, and finish with the character you typed at the first line. The start
character and the end character are not part of the banner information. For example, to
configure a banner like “Have a nice day. Please input the Password!”, use the following
commands:
<System> system-view
[System] header shell A
Please input banner content, and quit with the character 'A'.――System prompt
Have a nice day.
Please input the Password!A
{ Method III—Type multiple characters after the command keywords at the first line (with the first
and last characters being different), and press the Enter key. Type the banner information, and
finish with the first character you typed at the first line. The first input character at the first line
and the end character are not part of the banner information. For example, to configure a
banner like “Have a nice day. Please input the Password!”, use the following commands:
<System> system-view
[System] header shell AHave a nice day.
Please input banner content, and quit with the character 'A'.――System prompt
Please input the Password!A
Configuring procedure
To configure banners:
120
Step Command Remarks
1. Enter system view. system-view N/A
NOTE:
• With this command configured, both the active MPU and the standby MPU adopt the same method to
handle exceptions. The device always reboots an interface card or the auxiliary CPU system when an
exception occurs to them.
• The exception handling method is effective to the failed card only, and does not influence the functions
of other cards.
CAUTION:
• Device reboot can interrupt network services.
• To avoid data loss, use the save command to save the current configuration before a reboot.
• Use the display startup and display boot-loader commands to check that you have correctly set the
startup configuration file and the main system software image file. If the main system software image file
has been corrupted or does not exist, the device cannot reboot. You must re-specify a main system
software image file, or power off the device and then power it on so the system can reboot with the
backup system software image file.
To reboot the router immediately at the CLI, perform the following command in user view:
Reboot a card or the whole system. reboot [ slot slot-number ] If no card is specified, the
command reboots the whole
device.
To schedule a device reboot, perform one of the following commands in user view :
121
Task Command Remarks
• Schedule a reboot to occur at a
specific time and date: Use either approach.
schedule reboot at hh:mm
The scheduled reboot function is
[ date ]
Schedule a reboot. disabled by default.
• Schedule a reboot to occur
after a delay: Changing any clock setting can
schedule reboot delay { hh:mm cancel the reboot schedule.
| mm }
NOTE:
• If the device has only one MPU, rebooting the MPU causes the device to reboot. If the device has two
MPUs, rebooting the active MPU causes the active MPU to reboot and an active/standby switchover. You
cannot use the reboot command to reboots a standby MPU. To reboot a standby MPU, use the slave
restart command (see High Availability Command Reference).
• For data security, if you are performing file operations at the reboot time, the system does not reboot.
NOTE:
A reboot is required after you change the system working mode to make your changes take effect.
Scheduling jobs
You can schedule a job to automatically run a command or a set of commands without administrative
interference. The commands in a job are polled every minute. When the scheduled time for a command
is reached, the job automatically executes the command. If a confirmation is required while the
command is running, the system automatically enters Y or Yes. If characters are required, the system
automatically enters a default character string or an empty character string when no default character
string is available.
122
Job configuration approaches
You can configure jobs in a non-modular or modular approach. Use the non-modular approach for a
one-time command execution and use non-modular approach for complex maintenance work.
Table 21 A comparison of non-modular and modular approaches
No Yes
Can a job have multiple If you use the schedule job command You can use the time command in job
commands? repeatedly, only the last configuration view to configure commands to be
takes effect. executed at different time points.
Supported commands Commands in user view and system view Commands in all views
Configuration guidelines
• To have a job successfully run a command, check that the specified view and command are valid.
The system does not verify their validity.
• The configuration interface, view, and user status that you have before job execution restores even
if the job has run a command that changes the user interface (for example, telnet, ftp, and ssh2),
the view (for example, system-view and quit), or the user status (for example, super).
• The jobs run in the background without displaying any messages except log, trap and debugging
messages.
• In the modular approach:
{ Every job can have only one view and up to 10 commands. If you specify multiple views, the
one specified last takes effect.
{ Input a view name in its complete form. Most commonly used view names include monitor for
user view, system for system view, GigabitEthernetx/x/x for Ethernet interface view, and
Vlan-interfacex for VLAN interface view.
{ The time ID (time-id) must be unique in a job. If two time and command bindings have the same
time ID, the one configured last takes effect.
123
Scheduling a job in the non-modular approach
To schedule a job, perform one of the following commands in user view:
124
Figure 45 Network diagram
Configuration procedure
# Enter system view.
<Sysname> system-view
# Configure the router to enable GigabitEthernet 3/1/1 at 8:00 on working days every week.
[Sysname-job-pc1] time 1 repeating at 8:00 week-day mon tue wed thu fri command undo
shutdown
# Configure the router to shut down GigabitEthernet 3/1/1 at 18:00 on working days every week.
[Sysname-job-pc1] time 2 repeating at 18:00 week-day mon tue wed thu fri command shutdown
[Sysname-job-pc1] quit
# Configure the router to enable GigabitEthernet 3/1/2 at 8:00 on working days every week.
[Sysname-job-pc2] time 1 repeating at 8:00 week-day mon tue wed thu fri command undo
shutdown
# Configure the router to shut down GigabitEthernet 3/1/2 at 18:00 on working days every week.
[Sysname-job-pc2] time 2 repeating at 18:00 week-day mon tue wed thu fri command shutdown
[Sysname-job-pc2] quit
# Configure the router to enable GigabitEthernet 3/1/3 at 8:00 on working days every week.
[Sysname-job-pc3] time 1 repeating at 8:00 week-day mon tue wed thu fri command undo
shutdown
125
# Configure the router to shut down GigabitEthernet 3/1/3 at 18:00 on working days every week.
[Sysname-job-pc3] time 2 repeating at 18:00 week-day mon tue wed thu fri command shutdown
[Sysname-job-pc3] quit
126
Step Command Remarks
temperature-limit slot slot-number hotspot
2. Configure temperature
sensor-number lowerlimit warninglimit Optional
alarm thresholds for a card.
[ alarmlimit ]
NOTE:
If you enable this function and save the configuration, the ALARM LED on the MPU can display the power
status even after the MPU reboots.
127
Configuring in-service hardware failure diagnosis
A hardware failure may cause traffic forwarding failures and service interruption. To improve the
automatic failure detection and handling capabilities of the router, you can configure in-service
hardware failure diagnosis and failure protection.
The in-service hardware failure diagnosis and failure protection feature covers in-service hardware
failure detection for chips, cards, and the forwarding service, and automatic fix actions taken for the
detected failures.
To configure in-service hardware failure diagnosis and failure protection:
NOTE:
• The router does not support the keywords reset and isolate.
• After configuring in-service diagnosis and failure protection, you can use the display
hardware-failure-detection command to check the running information of the feature.
128
Step Command Remarks
Optional.
2. Configure the load mode for
active MPU and standby xbar { load-balance | load-single } The active MPU and standby MPU
MPU. work in load-single mode by
default.
CAUTION:
The load-balance mode is valid only when both the active MPU and standby MPU are in their slots. If only
the active MPU is available, the active MPU automatically switches to the load-single mode after the
load-balance mode is configured.
129
Task Command
Clear unused 16-bit interface indexes. reset unused porttag
CAUTION:
A confirmation is required when you execute this command. The command will not run if you fail to make
a confirmation within 30 seconds or enter N to cancel the operation.
Above the configuration, if a forwarding exception occurs, the router gives prompts, for example:
%Aug 20 14:55:54:973 2010 H3C DIAG/3/ERROR: -Slot=8; Forwarding fault: slot 5 to slot 8
%Aug 20 14:55:55:084 2010 H3C DIAG/3/ERROR: -Slot=6; Forwarding fault: slot 6 to slot 6
The output shows that a forwarding exception exists between the cards in slot 8 and slot 5, and an
exception in internal data forwarding exists on the card in slot 6.
130
access for non-framed data flows at a speed of 44.736 Mbps and T3 access for framed data flows
at a speed of 44.21 Mbps. All the interfaces on the interface subcard can also receive, send and
process T1 data flows, and provide CT1 access, thus implementing the ISDN PRI function.
To configure the working mode of an interface subcard:
Optional.
2. Set the working mode of an card-mode slot slot-number subslot
interface subcard. subslot-number mode-name The mode-name argument might
take the value of e or t.
CAUTION:
• After a mode switching, you must restart the router to make the newly configured working mode take
effect.
• Only interface subcards PIC-CL1G8L, PIC-CL2G8L, PIC-ET8G8L, PIC-ET32G2L, PIC-CLF4G8L, and
PIC-CLF2G8L support switching of working modes.
131
Task Command
display transceiver { controller [ controller-type controller-number ] |
Display key parameters of the
interface [ interface-type interface-number ] ] } [ | { begin | exclude |
transceiver modules.
include } regular-expression ]
NOTE:
The display transceiver manuinfo command cannot display information for some transceiver modules.
Task Command
display transceiver alarm { controller [ controller-type controller-number ]
Display alarms present on
| interface [ interface-type interface-number ] ] } [ | { begin | exclude |
transceiver modules.
include } regular-expression ]
NOTE:
The display transceiver diagnosis command cannot display information for some transceiver modules.
132
Task Command Remarks
display buffer-manage configuration [ slot
Display shared buffer
slot-number ] [ | { begin | exclude | Available in any view
configuration.
include } regular-expression ]
133
Task Command Remarks
Display the exception handling
display system-failure [ | { begin | exclude
method for the active MPU and Available in any view
| include } regular-expression ]
standby MPU.
134
Index
ABCDEFHLMPRSTUVW
A Configuring user privilege and command levels,14
Configuring user privilege level under a user
Accessing the CLI online help,4
interface,44
B Controlling the CLI output,10
Backing up/restoring the configuration file to be used D
at the next startup,87
Defining shortcut keys for starting terminal
C sessions/aborting tasks,49
Changing the system time,115 Device management overview,114
Clearing unused 16-bit interface indexes,129 Displaying and maintaining a configuration file,88
CLI views,2 Displaying and maintaining CLI,21
Command conventions,1 Displaying and maintaining device management,132
Configuration file overview,80 Displaying and maintaining FTP,65
Configuring a command to be automatically Displaying and maintaining software upgrade
executed,43 configuration,109
Configuring access control on VTY user interfaces,45 Displaying and maintaining the TFTP client,68
Configuring asynchronous serial interface attributes,42 Displaying and maintaining user interfaces,50
Configuring banners,119 Displaying device configuration,114
Configuring command accounting,48 E
Configuring command authorization,48
Enabling automatic forwarding path check,130
Configuring in-service hardware failure diagnosis,128
Enabling displaying copyright information,118
Configuring supported protocols on VTY user
Entering commands,5
interfaces,45
Entering the CLI,1
Configuring system working mode,122
Configuring temperature alarm thresholds for a F
card,126 File system management examples,78
Configuring terminal attributes,42 File system overview,70
Configuring the authentication mode,46 FTP overview,55
Configuring the device name,115
H
Configuring the exception handling method,120
Hotfix configuration task list,104
Configuring the FTP client,56
Configuring the FTP server,62 L
Configuring the load mode for the active MPU and Logging in through SSH,33
standby MPU,128 Logging in through Telnet,29
Configuring the port status detection timer,126 Logging in through the AUX port,26
Configuring the size of the buffer shared by all Logging in through the AUX port by using modems,35
interfaces on an interface card,129
Logging in through the console port,23
Configuring the TFTP client,67
Login methods,22
Configuring the working mode of an interface
subcard,130 M
135
Managing directories,71 T
Managing files,72 TFTP client configuration example,68
Managing storage media,74 TFTP overview,66
Manging power supply,127
U
P
Understanding command-line errors,8
Performing batch operations,74 Upgrading card logic,109
R Upgrading clock card,109
Rebooting the router,121 Upgrading software through hotfix,100
Releasing the connection established on user Upgrading system software from BootWare menu,91
interfaces,50 Upgrading the BootWare program at the CLI,99
Router software overview,90 Upgrading the system boot file at the CLI,99
User interface configuration examples,50
S
User interface configuration task list,41
Saving the current configuration,21
User interface overview,40
Saving the running configuration,81
Using the command history function,9
Scheduling jobs,122
Using the undo form of a command,2
Sending messages to the specified user interfaces,49
V
Setting configuration rollback,83
Setting the file system operation mode,77 Verifying and diagnosing transceiver modules,131
Software upgrade configuration examples,110 W
Software upgrade configuration task list,90
What is CLI?,1
Specifying a configuration file for the next startup,86
136