wiki.lkaplan.cz

User Tools

Site Tools

Trace: a-series
wiki:site:hp:ais:a-series

Table of Contents

HP A-Series

Product Overview

  • původně H3C (Huawei+3com)
  • per-port ASIC
  • PoE varianty jsou o pár centimetrů delší

Switche:

  • A12500 - CLOS architektura, velká hustota 10G portů
  • A9500
  • A7500 - umožňuje aplikační karty (wifi controler, fw, …)
  • A5820 - 24x10Gb, neblokující, neumí MPLS, 2x modulární zdroj
  • A5900 - 48x10Gb, 4x40Gb, neblokující, Comware v7
  • A5800 - Přes SFP+ lze stohovat, má vzadu šachtu na moduly (porty, wifi kontroler)
  • A5500 - L3 (až 1024 L3 int., dynamický routing)
    • 5500si (samostatné SFP, méně fcí)
    • 5500ei (combo porty, více fcí)
    • 5500hi
    • stohování jen přes 10Gb moduly
  • A5120 - levnější (NEJPRODÁVANĚJŠÍ ver. ei) L2+ (až 4 L3 int., statický routing) Gigabit switch (varianta k A5500) (si,ei verze)
  • A3600 - 10/100 L3
  • A3100 - 10/100/1000 L2

Vlastnosti L3 switchů:

  • E-series - routing defaultně vypnutý
  • A-series - routing defaultně zapnutý

Routery:

  • A-MSR8800 - full 10Gb routing, network processor
  • A-MSR6600 - stěží routuje gigabit, umožňuje 10Gb port (poběží ale míň), multicore CPU
  • A-MSR 50(hoswap moduly),30,20 - umí i voice moduly, fw(L2,L3,L4), ASIC
  • A-MSR900 - obdoba cisco 800, ASIC

Wireless:

  • A-series zanikne
  • E-series zustane

CLI Priviledge levels:

Users:

  • Level 3 - Manager - System (file and user) management commands (read-write)
  • Level 2 - System - Services configuration commands (read-write)
  • Level 1 - Monitor - Basic read-only commands
  • Level 0 - Visitor - Diagnosis commands such as ping and trace route

CLI: 

<HP Switch>          // User-view (restart, update systemu, mazani a ukladani konfiguraci)
[HP Switch]          // System-view (konfiguracni)
[HP Switch-<view>]   // Other command views

PRIKLAD Promptu: 

<Router>system-view
[Router]ospf
[Router-ospf-1]area 0.0.0.0
[Router-ospf-1-area 0.0.0.0]display this
# Prepnuti do system-view (konfiguracniho modu)
<sw>system-view
[sw]
# Návrat o jednu úroveň výš
quit
# Navrat do user-view
Ctrl+Z
# zobrazeni konfigurace aktualniho view
display this
# Napověda
?
TAB

Pozor při vytváření uživatele je nutné nastavit mu nějaký privilege level, jinak bude mít def.0 a nebude mít žádná práva. Záchranou může být heslo “super”.

# Super password
<R>system-view
[R]super password level 3 cipher secret2
# Změna levelu
super <level>
super 3 <password>

CTRL Keys

FIXME

Console

Console na Routeru:

[R]user-interface console 0
[R-ui-con0]authentication-mode password
[R-ui-con0]set authentication password cipher secret34

Console na switchi, AUX na Routeru:

[R]user-interface aux0
[R-ui-aux0]authentication-mode password
[R-ui-aux0]set authentication password cipher secret34

Telnet

<R>system-view

# Enable telnet server
[R]telnet server enable

# Set username, password and allowed access
[R]local-user admin1
[R-local-user-admin1]service-type telnet - (pozor povoluje i pouziti webu)
[R-local-user-admin1]password cipher 3com

# Set user/password auth. to telnet
[R]user-interface vty 0 4
[R-ui-vty0-4]authentication-mode scheme
[R-ui-vty0-4]protocol inbound telnet

[R-ui-vty0-4]user priviledge level 3

SSH

# Enable ssh server
[R]ssh server enable

# Generate public key for SSH
[R]public-key local create dsa
[R]public-key local create rsa

# Set username, password and allowed access
[R]local-user admin1
[R-local-user-admin1]service-type ssh
[R-local-user-admin1]password cipher 3com

# Set user/password auth. to telnet
[R]user-interface vty 0 4
[R-ui-vty0-4]authentication-mode scheme
[R-ui-vty0-4]protocol inbound ssh

[R-ui-vty0-4]user priviledge level 3

Save / Delete Config

# Uložení konfigurace
<Router>save
# Smazání aktivní konfigurace
<Router>reset saved-configuration
<Router>reset saved-configuration <filename>
# Nastavení defaultní startovací konfigurace
<Router>startup saved-configuration <filename> main
display startup
backup
restore

Flash (dir,delete)

Vypis obsahu flash:/ vcetne souboru v kosi
<sw>dir /all
# Smazani souboru z flash bez kose
<sw>delete /unreserved <filename>

# Smazani souboru do kose
<sw>delete <filename>

System Upgrade:

  • z USB
  • Jako client z TFTP/FTP
  • TFTP/FTP server na boxu
  • XModem - z konzole
# Nastavení def. boot souboru
<Router>boot-loader file CF:/filename.bin main
display boot-loader
# Nastaveni def.konfigurace
<Router> startup saved-configuration config.cfg main
# Vypis verze systemu (HW,SW)
[sw]display version
# Zobrazí aktuální startovací informace systému
[sw]display reboot-type
# Zobrazení diagnostických informací
[sw]display diagnostic-information
[sw]reboot

Password recovery

  • při bootu Ctrl+b
  • V BootROM nastavit - ignorovat konfiguraci
  • provést editaci konfigurace a uložit
  • restart
  • při bootu Ctrl+b
  • V BootROM nastavit - použít konfiguraci

Boot menu: 

   BOOT MENU

1. Download application file to flash
2. Select application file to boot
3. Display all files in flash
4. Delete file from flash
5. Modify BootRom password
6. Enter BootRom upgrade menu
7. Skip current system configuration
8. Set BootRom password recovery
9. Set switch startup mode
0. Reboot

Enter your choice(0-9):

Time

  • switche nemají realtime hodiny (routery ano), po restartu se musí znovu nastavit čas (rucne nebo NTP)
[Router]clock datetime HH:MM:SS {YYYY/MM/DD | MM/DD/YYYY}
[Router]clock timezone zone-name {add | minus} HH:MM:SS

Hostname

[Router]sysname sysname

Interface IP

Port-ID: 1/0/1 - unit-id ve stohu / id backplane(0=front,1=back) / module-id

[Router]interface GigabitEthernet 0/0
[Router-GigabitEthernet0/0]ip address x.x.x.x yy

Debuging

<router>debuging module-name [debugung-option]

# Zapnuti vypisovani debugu do session
<router>terminal debuging
<router>terminal monitor - telnet,ssh
<router>undo terminal monitor - vypnuti vypisu logu

Troubleshooting tools

[router]ping [-a ip-address]
[router]tracert [-a source-ip]

Switch port config

[sw]interface gigabitethernet 0/1
[sw-gigabitethernet0/1]description descr
[sw-gigabitethernet0/1]undo shutdown
[sw-gigabitethernet0/1]mdi [normal | across | auto]
[sw-gigabitethernet0/1]duplex {auto | full | half}
[sw-gigabitethernet0/1]speed {10 | 100 | 1000 | 10000 | auto}
[sw-gigabitethernet0/1]undo jumboframe emable
[sw-gigabitethernet0/1]virtual-cable-test

# Omezeni broadcastového provozu na portu (% | PPS | BPS)
[sw-gigabitethernet0/1]broadcast-suppresion 5
[sw-gigabitethernet0/1]display this
[sw]display interface brief
[sw]display interface brief | include up
[sw]display interface brief | include trunk
[sw]display interface brief | exclude auto
[sw]display interface brief | begin 2/0/1
[sw]display counters [*inbound* | *outbound*] interface <int-type>

VLANy

  • Port-based VLANy (vlan urcena dle portu)
  • MAC address-based VLANy (ramec spadne do vlan dle MAC, uni jen hybridni port)
  • Protocol-based VLANy (L3 switche, rozhozeni do vlan dle protokolu např. IPv4,IPv6,IPX)
  • IP-subnet-based (L3 switche, rozhazovani do vlan na zaklade ip aresy paketu)
  • Policy-based VLANy (L3 switche, jen Comware 5, rozlisovani paketu dle lib.parametru v hlavicce)

Port-types:

  • access = klasicky port, který je členem jedné vlan
  • trunk = klasika 802.1Q
  • hybrid-porty = umí pracovat s více netagovanýma vlanama, které pak správně rozhodí na základě MAC,IP apod.

VLAN config

[sw]vlan 100
[sw-vlan100]description <desc>
[sw-vlan100]name <name>
# založení více VLAN najednou
[sw]vlan 100 to 110
[sw]display vlan
[sw]display vlan 100
[sw]display vlan all

Access Porty

# Přiřazení více access portů do VLAN najednou
[sw]vlan 100
[sw-vlan100]port gig 1/0/1 to gig 1/0/20
# Přiřazení access portu do VLAN
[sw]interface gi 1/0/0
[sw-gigabitethernet1/0/1]port link-type access
[sw-gigabitethernet1/0/1]port access vlan 100
# Editace skupiny portů
[sw]port-group manual edge-1
[sw-port-group-manual-edge-1]group-member gi 1/0/1 to gi 1/0/10
[sw-port-group-manual-edge-1]port link-type access
[sw-port-group-manual-edge-1]port access vlan 100

[sw]display port-group manual <name>

Trunk

[sw]interface gi 1/0/0
[sw-gigabitethernet1/0/1]port link-type trunk
# povolení vlan
[sw-gigabitethernet1/0/1]port trunk permit vlan all
nebo
[sw-gigabitethernet1/0/1]port trunk permit vlan 100 200
# zakázání vlan
[sw-gigabitethernet1/0/1]undo port trunk permit vlan 1
# nativní vlan
[sw-gigabitethernet1/0/1]port trunk PVID 99
[sw]display port trunk

Hybrid ports

FIXME

L3 VLAN interface

[sw]interface vlan-interface 1
[sw-vlan-interface1]ip address a.a.a.a yy
[sw-vlan-interface1]ip address b.b.b.b yy sub
[sw]display ip int bref
  • static (default) = bez protokolu
  • dynamic = LACP

Static

[sw] interface bridge-aggregation 1
[sw-Bridge-Aggregation1]description <desc>
[sw-Bridge-Aggregation1]quit
[sw] interface gi 1/0/1
[sw-gigabitethernet1/0/1]port link-aggregation group 1
[sw-gigabitethernet1/0/1]quit

[sw]interface gi 1/0/2
[sw-gigabitethernet1/0/2]port link-aggregation group 1
[sw-gigabitethernet1/0/2]quit
[sw]interface bridge-aggregation 1
[sw-Bridge-Aggregation1]port link-type trunk
[sw-Bridge-Aggregation1]port trunk permit vlan all

Dynamic

[sw-Bridge-Aggregation1]link-aggregation mode dynamic

Load-balancing (globalne i per. bundle)

[sw]link-aggregation load-sharing mode {destination-ip|destination-mac|destination-port|ingress-port|source-ip|source-mac|source-port}
display link-aggregation summary
display link-aggregation verbose bridge-aggregation 1

Statistiky na portu: flow-interval <5-300>

STP Spanning Tree Protocol

MSTP

Všechny sw musí mít stejné:

  • region-name
  • revision-level
  • VLAN to instance mapping

Postup konfigurace:

  1. enable STP
  2. nastavit MSTP region na všech switchích
  3. nastavit root a secondary root pro všechny instance
  4. nastavit edge (access) a non-edge (uplinky) porty
  5. aplikovat BPDU protection, root guard a loop protection
[SW] stp enable
[SW] stp region-configuration
[SW-mst-region] region-name name
[SW-mst-region] revision-level 1
[SW-mst-region] instance 1 vlan 1 to 999
[SW-mst-region] instance 2 vlan 1000 to 1999
[SW-mst-region] active region-configuration

Modulo mapping

  • má usnadnit mapování mnoha VLAN
  • udělá to automaticky na základě výpočtu modulo
  • instance_ID = (VLAN_ID - 1) % modulo + 1
<SW> system-view
[SW] stp region-configuration
[SW-mst-region] vlan-mapping modulo [1-32]
[SW-mst-region] display stp region-configuration
[SW-mst-region] display stp region-configuration
Oper configuration
   Format selector   :0
   Region name       :test
   Revision level    :1
   
   Instance   Vlans Mapped
      0       2000 to 4094
      1       1 to 999
      2       1000 to 1999

Root a secondary root:

[CoreSW1] stp instance 1 root primary
[CoreSW2] stp instance 1 root secondary

Priorita pro spolupraci MST s CST:

[CoreSW1] stp instance 1 priority 0
[CoreSW1] display stp inst 1
[CoreSW1] display stp inst 1
-------[MSTI 1 Global Info]-------
MSTI Bridge ID     :0.001c-c5bc-2b11
MSTI RegRoot/IRPC  :0.001c-c5bc-2b11 / 0
MSTI RootPortId    :0.0
MSTI Root Type     :PRIMARY root
Master Bridge      :0.001c-c5bc-2b11
Cost to Master     :0
TC recieved        :4
[SW] display stp brief
[SW] display stp brief
VLAN      Port                         Role  STP State     Protection
   2      GigabitEthernet3/0/1         ALTE  DISCARDING    LOOP
   2      GigabitEthernet3/0/2         DESI  FORWARDING    NONE
   2      GigabitEthernet3/0/3         DESI  FORWARDING    NONE
   2      GigabitEthernet3/0/4         DESI  FORWARDING    NONE

Edge / non-Edge: FIXME

IRF

FIXME

Static Routing

FIXME

RIP Routing

FIXME

wiki/site/hp/ais/a-series.txt · Last modified: 2014/12/26 18:31 (external edit)

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki