====== HP A-Series ======

===== Product Overview =====
  * původně H3C (Huawei+3com)
  * per-port ASIC
  * PoE varianty jsou o pár centimetrů delší

Switche:
  * A12500 - CLOS architektura, velká hustota 10G portů
  * A9500
  * A7500 - umožňuje aplikační karty (wifi controler, fw, ...)
  * A5820 - 24x10Gb, neblokující, neumí MPLS, 2x modulární zdroj
  * A5900 - 48x10Gb, 4x40Gb, neblokující, Comware v7
  * A5800 - Přes SFP+ lze stohovat, má vzadu šachtu na moduly (porty, wifi kontroler)
  * A5500 - L3 (až 1024 L3 int., dynamický routing)
    * 5500si (samostatné SFP, méně fcí)
    * 5500ei (combo porty, více fcí)
    * 5500hi
    * stohování jen přes 10Gb moduly
  * A5120 - levnější (NEJPRODÁVANĚJŠÍ ver. ei) L2+ (až 4 L3 int., statický routing) Gigabit switch (varianta k A5500) (si,ei verze)
  * A3600 - 10/100 L3
  * A3100 - 10/100/1000 L2

Vlastnosti L3 switchů:
  * E-series - routing defaultně vypnutý
  * A-series - routing defaultně zapnutý

Routery:
  * A-MSR8800 - full 10Gb routing, network processor
  * A-MSR6600 - stěží routuje gigabit, umožňuje 10Gb port (poběží ale míň), multicore CPU
  * A-MSR 50(hoswap moduly),30,20 - umí i voice moduly, fw(L2,L3,L4), ASIC
  * A-MSR900 - obdoba cisco 800, ASIC

Wireless:
  * A-series zanikne
  * E-series zustane

===== CLI Priviledge levels: =====
Users:
  * Level 3 - Manager - System (file and user) management commands (read-write)
  * Level 2 - System - Services configuration commands (read-write)
  * Level 1 - Monitor - Basic read-only commands
  * Level 0 - Visitor - Diagnosis commands such as ping and trace route

CLI:
<code>
<HP Switch>          // User-view (restart, update systemu, mazani a ukladani konfiguraci)
[HP Switch]          // System-view (konfiguracni)
[HP Switch-<view>]   // Other command views
</code>

PRIKLAD Promptu:
<code>
<Router>system-view
[Router]ospf
[Router-ospf-1]area 0.0.0.0
[Router-ospf-1-area 0.0.0.0]display this
</code>

> //# Prepnuti do system-view (konfiguracniho modu)//
> <sw>**system-view**
> [sw]

> //# Návrat o jednu úroveň výš//
> **quit**

> //# Navrat do user-view//
> **Ctrl+Z**

> //# zobrazeni konfigurace aktualniho view//
> **display this**

> //# Napověda//
> **?**
> **TAB**

Pozor při vytváření uživatele je nutné nastavit mu nějaký privilege level, jinak bude mít def.0 a nebude mít žádná práva. Záchranou může být heslo "super".

> //# Super password//
> <R>**system-view**
> [R]**super password level 3 cipher secret2**

> //# Změna levelu//
> **super** <level>
> **super 3** <password> 

===== CTRL Keys =====
FIXME

===== Console =====
Console na Routeru:
> [R]**user-interface console 0**
> [R-ui-con0]**authentication-mode password**
> [R-ui-con0]**set authentication password cipher** secret34

Console na switchi, AUX na Routeru:
> [R]**user-interface aux0**
> [R-ui-aux0]**authentication-mode password**
> [R-ui-aux0]**set authentication password cipher** secret34

===== Telnet =====
> <R>**system-view**
>
> //# Enable telnet server//
> [R]**telnet server enable**
>
> //# Set username, password and allowed access//
> [R]**local-user admin1**
> [R-local-user-admin1]**service-type telnet** //- (pozor povoluje i pouziti webu)//
> [R-local-user-admin1]**password cipher 3com**
>
> //# Set user/password auth. to telnet//
> [R]**user-interface vty 0 4**
> [R-ui-vty0-4]**authentication-mode scheme**
> [R-ui-vty0-4]**protocol inbound telnet**
>
> [R-ui-vty0-4]**user priviledge level 3**

===== SSH =====
> //# Enable ssh server//
> [R]**ssh server enable**
>
> //# Generate public key for SSH//
> [R]**public-key local create dsa**
> [R]**public-key local create rsa**
>
> //# Set username, password and allowed access//
> [R]**local-user admin1**
> [R-local-user-admin1]**service-type ssh**
> [R-local-user-admin1]**password cipher 3com**
>
> //# Set user/password auth. to telnet//
> [R]**user-interface vty 0 4**
> [R-ui-vty0-4]**authentication-mode scheme**
> [R-ui-vty0-4]**protocol inbound ssh**
>
> [R-ui-vty0-4]**user priviledge level 3**

===== Save / Delete Config =====
> //# Uložení konfigurace//
> <Router>**save**

> //# Smazání aktivní konfigurace//
> <Router>**reset saved-configuration**
> <Router>**reset saved-configuration** <filename>

> //# Nastavení defaultní startovací konfigurace//
> <Router>**startup saved-configuration** <filename> **main**
> **display startup**

> **backup** ...
> **restore** ...

===== Flash (dir,delete) =====
> //Vypis obsahu flash:/ vcetne souboru v kosi//
> <sw>**dir /all**

> //# Smazani souboru z flash bez kose//
> <sw>**delete /unreserved** <filename>
>
> //# Smazani souboru do kose//
> <sw>**delete** <filename>

===== System Upgrade: =====
  * z USB
  * Jako client z TFTP/FTP
  * TFTP/FTP server na boxu
  * XModem - z konzole

> //# Nastavení def. boot souboru//
> <Router>**boot-loader file** CF:/filename.bin **main**
> **display boot-loader**

> //# Nastaveni def.konfigurace//
> <Router> **startup saved-configuration** config.cfg **main**

> //# Vypis verze systemu (HW,SW)//
> [sw]**display version**

> //# Zobrazí aktuální startovací informace systému//
> [sw]**display reboot-type**

> //# Zobrazení diagnostických informací//
> [sw]**display diagnostic-information**

> [sw]**reboot**

===== Password recovery =====
  * při bootu **Ctrl+b**
  * V BootROM nastavit - ignorovat konfiguraci
  * provést editaci konfigurace a uložit
  * restart
  * při bootu **Ctrl+b**
  * V BootROM nastavit - použít konfiguraci

Boot menu:
<code>
   BOOT MENU

1. Download application file to flash
2. Select application file to boot
3. Display all files in flash
4. Delete file from flash
5. Modify BootRom password
6. Enter BootRom upgrade menu
7. Skip current system configuration
8. Set BootRom password recovery
9. Set switch startup mode
0. Reboot

Enter your choice(0-9): 
</code>

===== Time =====
  * switche nemají realtime hodiny (routery ano), po restartu se musí znovu nastavit čas (rucne nebo NTP)

> [Router]**clock datetime HH:MM:SS** {**YYYY/MM/DD** | **MM/DD/YYYY**}
> [Router]**clock timezone** //zone-name// {**add** | **minus**} //HH:MM:SS//

===== Hostname =====
> [Router]**sysname** //sysname//

===== Interface IP =====
Port-ID:
1/0/1 - unit-id ve stohu **/** id backplane(0=front,1=back) **/** module-id

> [Router]**interface** GigabitEthernet 0/0
> [Router-GigabitEthernet0/0]**ip address** x.x.x.x yy

===== Debuging =====
> <router>**debuging** //module-name// [//debugung-option//]
>
> //# Zapnuti vypisovani debugu do session//
> <router>**terminal debuging**
> <router>**terminal monitor** //- telnet,ssh//
> <router>**undo terminal monitor** //- vypnuti vypisu logu//

===== Troubleshooting tools =====
> [router]**ping** [**-a** //ip-address//]
> [router]**tracert** [**-a** //source-ip//]

===== Switch port config =====
> [sw]**interface** gigabitethernet 0/1
> [sw-gigabitethernet0/1]**description** //descr//
> [sw-gigabitethernet0/1]**undo shutdown**
> [sw-gigabitethernet0/1]**mdi** [**normal** | **across** | **auto**]
> [sw-gigabitethernet0/1]**duplex** {**auto** | **full** | **half**}
> [sw-gigabitethernet0/1]**speed** {**10** | **100** | **1000** | **10000** | **auto**}
> [sw-gigabitethernet0/1]**undo jumboframe emable**
> [sw-gigabitethernet0/1]**virtual-cable-test**
>
> //# Omezeni broadcastového provozu na portu (% | PPS | BPS)//
> [sw-gigabitethernet0/1]**broadcast-suppresion** 5

> [sw-gigabitethernet0/1]**display this**

> [sw]**display interface brief**
> [sw]**display interface brief | include up**
> [sw]**display interface brief | include trunk**
> [sw]**display interface brief | exclude auto**
> [sw]**display interface brief | begin 2/0/1**

>[sw]**display counters** [*inbound* | *outbound*] **interface** <int-type>

===== VLANy =====
  * Port-based VLANy (vlan urcena dle portu)
  * MAC address-based VLANy (ramec spadne do vlan dle MAC, uni jen hybridni port)
  * Protocol-based VLANy (L3 switche, rozhozeni do vlan dle protokolu např. IPv4,IPv6,IPX)
  * IP-subnet-based (L3 switche, rozhazovani do vlan na zaklade ip aresy paketu)
  * Policy-based VLANy (L3 switche, jen Comware 5, rozlisovani paketu dle lib.parametru v hlavicce)

Port-types:
  * access = klasicky port, který je členem jedné vlan
  * trunk = klasika 802.1Q
  * hybrid-porty = umí pracovat s více netagovanýma vlanama, které pak správně rozhodí na základě MAC,IP apod.

==== VLAN config ====
> [sw]**vlan** 100
> [sw-vlan100]**description** <desc>
> [sw-vlan100]**name** <name>

> //# založení více VLAN najednou//
> [sw]**vlan** 100 **to** 110

> [sw]**display vlan**
> [sw]**display vlan 100**
> [sw]**display vlan all**

==== Access Porty ====
> //# Přiřazení více access portů do VLAN najednou//
> [sw]**vlan 100**
> [sw-vlan100]**port gig 1/0/1 to gig 1/0/20**

> //# Přiřazení access portu do VLAN//
> [sw]**interface gi 1/0/0**
> [sw-gigabitethernet1/0/1]**port link-type access**
> [sw-gigabitethernet1/0/1]**port access vlan 100**

> //# Editace skupiny portů//
> [sw]**port-group manual** edge-1
> [sw-port-group-manual-edge-1]**group-member gi 1/0/1 to gi 1/0/10**
> [sw-port-group-manual-edge-1]**port link-type access**
> [sw-port-group-manual-edge-1]**port access vlan 100**
>
> [sw]**display port-group manual** <name>

==== Trunk ====
> [sw]**interface gi 1/0/0**
> [sw-gigabitethernet1/0/1]**port link-type trunk**

> //# povolení vlan //
> [sw-gigabitethernet1/0/1]**port trunk permit vlan all**
> //   nebo//
> [sw-gigabitethernet1/0/1]**port trunk permit vlan 100 200**

> //# zakázání vlan//
> [sw-gigabitethernet1/0/1]**undo port trunk permit vlan 1**

> //# nativní vlan//
> [sw-gigabitethernet1/0/1]**port trunk PVID 99**

> [sw]**display port trunk**

==== Hybrid ports ====
FIXME

===== L3 VLAN interface =====
> [sw]**interface vlan-interface 1**
> [sw-vlan-interface1]**ip address** a.a.a.a yy
> [sw-vlan-interface1]**ip address** b.b.b.b yy **sub**

> [sw]**display ip int bref**

===== Link aggregation =====
  * static (default) = bez protokolu
  * dynamic = LACP

Static
> [sw] **interface bridge-aggregation 1**
> [sw-Bridge-Aggregation1]**description** <desc>
> [sw-Bridge-Aggregation1]**quit**

> [sw] **interface gi 1/0/1**
> [sw-gigabitethernet1/0/1]**port link-aggregation group 1**
> [sw-gigabitethernet1/0/1]**quit**
>
> [sw]**interface gi 1/0/2**
> [sw-gigabitethernet1/0/2]**port link-aggregation group 1**
> [sw-gigabitethernet1/0/2]**quit**

> [sw]**interface bridge-aggregation 1**
> [sw-Bridge-Aggregation1]**port link-type trunk**
> [sw-Bridge-Aggregation1]**port trunk permit vlan all**

Dynamic
> [sw-Bridge-Aggregation1]**link-aggregation mode dynamic**

Load-balancing (globalne i per. bundle)
> [sw]**link-aggregation load-sharing mode** {destination-ip|destination-mac|destination-port|ingress-port|source-ip|source-mac|source-port}

> **display link-aggregation summary**
> **display link-aggregation verbose bridge-aggregation 1**

Statistiky na portu:
flow-interval <5-300>

===== STP Spanning Tree Protocol =====
==== MSTP ====
Všechny sw musí mít stejné:
  * region-name
  * revision-level
  * VLAN to instance mapping

Postup konfigurace:
  - enable STP
  - nastavit MSTP region na všech switchích
  - nastavit root a secondary root pro všechny instance
  - nastavit edge (access) a non-edge (uplinky) porty
  - aplikovat BPDU protection, root guard a loop protection


>[SW] **stp enable**
>[SW] **stp region-configuration**
>[SW-mst-region] **region-name** //name//
>[SW-mst-region] **revision-level** //1//
>[SW-mst-region] **instance** //1// **vlan** //1// **to** //999//
>[SW-mst-region] **instance** //2// **vlan** //1000// **to** //1999//
>[SW-mst-region] **active region-configuration**

Modulo mapping
  * má usnadnit mapování mnoha VLAN
  * udělá to automaticky na základě výpočtu modulo
  * instance_ID = (VLAN_ID - 1) % modulo + 1

><SW> **system-view**
>[SW] **stp region-configuration**
>[SW-mst-region] **vlan-mapping modulo** //[1-32]//

>[SW-mst-region] **display stp region-configuration**
<code>
[SW-mst-region] display stp region-configuration
Oper configuration
   Format selector   :0
   Region name       :test
   Revision level    :1
   
   Instance   Vlans Mapped
      0       2000 to 4094
      1       1 to 999
      2       1000 to 1999
</code>

Root a secondary root:
>[CoreSW1] **stp instance** //1// **root primary**
>[CoreSW2] **stp instance** //1// **root secondary**

Priorita pro spolupraci MST s CST:
>[CoreSW1] **stp instance** //1// **priority** //0//

>[CoreSW1] **display stp inst 1**
<code>
[CoreSW1] display stp inst 1
-------[MSTI 1 Global Info]-------
MSTI Bridge ID     :0.001c-c5bc-2b11
MSTI RegRoot/IRPC  :0.001c-c5bc-2b11 / 0
MSTI RootPortId    :0.0
MSTI Root Type     :PRIMARY root
Master Bridge      :0.001c-c5bc-2b11
Cost to Master     :0
TC recieved        :4
</code>

>[SW] **display stp brief**
<code>
[SW] display stp brief
VLAN      Port                         Role  STP State     Protection
   2      GigabitEthernet3/0/1         ALTE  DISCARDING    LOOP
   2      GigabitEthernet3/0/2         DESI  FORWARDING    NONE
   2      GigabitEthernet3/0/3         DESI  FORWARDING    NONE
   2      GigabitEthernet3/0/4         DESI  FORWARDING    NONE
</code>

Edge / non-Edge:
FIXME
===== IRF =====
FIXME
===== Static Routing =====
FIXME
===== RIP Routing =====
FIXME