A5000 CMW520 R2303 Release Notes
-
Upload
alicia-stevens -
Category
Documents
-
view
257 -
download
0
Transcript of A5000 CMW520 R2303 Release Notes
A5000-CMW520-R2303 Release Notes
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 1
A5000-CMW520-R2303 Release Notes Keywords: WLAN, Version Information, Version Update, Open Problems and Workarounds
Abstract: This release notes describes the A5000-CMW520-R2303 release with respect to hardware and software compatibility, released features and functions, software upgrading, and documentation.
Acronyms:
Acronym Full spelling
AAA Authentication, Authorization and Accounting
AC Access Controller
ACL Access Control List
AP Access Point
ARP Address Resolution Protocol
CCMP Counter mode (CTR) with CBC-MAC Protocol
CLI Command Line Interface
DHCP Dynamic Host Configuration Protocol
MIB Management Information Base
QoS Quality of Service
SNMP Simple Network Management Protocol
STA Station
TKIP Temporal Key Integrity Protocol
WEP Wired Equivalent Privacy
WLAN Wireless LAN
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 2
Contents
Version information······················································································································································ 5 Version number ·································································································································································5 Version history ···································································································································································5 Hardware and software compatibility matrix ················································································································5
FIT AP Compatibility Table ·········································································································································· 7
Restrictions and cautions ············································································································································· 8
Feature list····································································································································································· 8 Hardware features ····························································································································································8 Software features ··························································································································································· 10
Version updates··························································································································································17 Feature updates······························································································································································ 17 Command line updates ················································································································································· 17 MIB updates···································································································································································· 17 Configuration changes ·················································································································································· 18
Open problems and workarounds····························································································································18
List of resolved problems ···········································································································································18 Resolved problems in A5000-CMW520-R2303········································································································ 18
Software upgrading···················································································································································18 Introduction ····································································································································································· 18
Files managed on access controller ···················································································································· 18 Maintaining software ············································································································································ 20 Software Upgrade Flow········································································································································ 21
Boot ROM menu····························································································································································· 22 Main Boot ROM menu·········································································································································· 22 Boot ROM submenus············································································································································· 23
Upgrading Boot ROM through a serial port ··············································································································· 25 Modifying serial port parameters ························································································································ 25 Upgrading the BootWare Through the Management Ethernet Interface························································· 27 Upgrading the BootWare Through a Serial Connection ·················································································· 29
Upgrading application image through a serial port ·································································································· 31 Upgrading application image through an Ethernet interface ··················································································· 32
Configuring Ethernet interface parameters········································································································· 32 Upgrading application image ····························································································································· 33
Maintaining application image and configuration at CLI ························································································· 35 Maintaining the Access Controller with TFTP ····································································································· 35 Maintaining the Access Controller with FTP ······································································································· 36
Maintaining application and configuration file ·········································································································· 39 Dealing with access controller password loss············································································································· 41
Dealing with user password loss ························································································································· 41 Dealing with Boot ROM password loss ·············································································································· 41 Super password loss ············································································································································· 42
Backing up and restoring the Boot ROM image········································································································· 42
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 3
Compatibility for H3C WX Series Access Controller ······························································································43 Hardware and software compatibility matrix for H3C WX Series Access Controller············································ 43 Feature updates relative to WX5004-CMW520-R2107P10···················································································· 43 Command line updates relative to WX5004-CMW520-R2107P10 ······································································· 45 MIB updates relative to WX5004-CMW520-R2107P10·························································································· 92 Configuration changes relative to WX5004-CMW520-R2107P10 ········································································ 92 Resolved problems in A5000-CMW520-R2303 relative to WX5004-CMW520-R2107P10······························ 93
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 4
List of Tables
Table 1 Version history ................................................................................................................... 5
Table 2 Hardware and software compatibility matrix.......................................................................... 5
Table 3 A5000 Series Access Controller Module Compatibility Table................................................... 6
Table 4 Fit AP Compatibility Table ................................................................................................... 7
Table 5 HP A-WX5004 Access Controller Hardware Features.............................................................. 8
Table 6 HP A-WX5002 Access Controller Hardware Features.............................................................. 9
Table 7 HP A5800 Access Controller OAA Module Card Hardware Features ....................................... 9
Table 8 Software features ..............................................................................................................10
Table 9 Performance specifications..................................................................................................15
Table 10 Main Boot ROM menu .....................................................................................................23
Table 11 Ethernet parameters settings description ............................................................................. 33
Table 12 WX Series Access Controller Module Compatibility Table .................................................... 43
Table 13 Feature updates.............................................................................................................. 43
Table 14 Command line updates ................................................................................................... 45
Table 15 MIB updates .................................................................................................................. 92
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 5
Version information
Version number Comware Software, Version 5.20, R2303
Note: This version number can be displayed by command display version under any view. Please see Note①.
Version history Table 1 Version history
Version number Last version Release Date Remarks
A5000-CMW520-R2303 First release 2011-6-27 None
Hardware and software compatibility matrix Table 2 Hardware and software compatibility matrix
Item Specifications
Product family A5000 Series Access Controllers
Hardware platform
HP A-WX5004 Access Controller
HP A-WX5002 Access Controller
HP A5800 Access Controller OAA Module Card
Minimum memory requirements 1G 2G
Minimum Flash requirements 256M CF Card 1G CF Card
Boot ROM version
Basic 1.10 Extend 1.13 (Note:This version number can be displayed by command display version under any view. Please see Note②)
Basic 1.28 Extend 1.37 (Note:This version number can be displayed by command display version under any view. Please see Note②)
Host software A5000-CMW520-R2303.bin (36,640,996Bytes)
CPLD Version 010 004
iMC Version
• iMC PLAT 5.0 SP1 (E0101P05) • iMC UAM 5.0 SP1 (E0101P03) • iMC EAD 5.0 SP1 (E0101P03)
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 6
• iMC QoSM 5.0 SP1 (E0101P01) • iMC WSM 5.0 (E0101)
iNode iNode PC 5.0 (E0103)
AP Version
• WA2100-CMW520-R1118 • WA2200-CMW520-R1120 • WA2600-CMW520-R1115 • WA2600A-CMW520-R1111
Remark None
Table 3 A5000 Series Access Controller Module Compatibility Table
WX Series Access Controller Module
Software Version Frame Software Version
HP A5800 Access Controller OAA Module Card
A5000-CMW520-R2303 and later version HP A5800
A5800_5820X-CMW520-R1211 and later version
The latest version: A5800_5820X-CMW520-R1211
To display the host software and BootWare version of HP A-WX5004 Access Controller and HP A-WX5002 Access Controller, perform the following: <HP>display version
HP Comware Platform Software
Comware Software, Version 5.20, Release 2303 ------ Note①
Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P.
HP A-WX5004 uptime is 0 week, 0 day, 0 hour, 0 minute
HP A-WX5004 with 1 RMI XLR 716 800MHz Processor
1024M bytes DDR2
4M bytes Flash Memory
Config Register points to FLASH
261M bytes CFCard Memory
Hardware Version is Ver.A
CPLD Version is 010
Basic Bootrom Version is 1.10 ------ Note②
Extend Bootrom Version is 1.13 ------ Note②
[Subslot 0]A-WX5004 Hardware Version is Ver.A
To display the host software and BootWare version of HP A5800 Access Controller OAA Module Card, perform the following: <HP>dis version
HP Comware Platform Software
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 7
Comware Software, Version 5.20, Release 2303 ------ Note①
Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P.
HP LSWM1WCM10 uptime is 0 week, 0 day, 0 hour, 1 minute
HP LSWM1WCM10 with 1 RMI XLR 732 1000MHz Processor
2048M bytes DDR2
4M bytes Flash Memory
Config Register points to FLASH
999M bytes CFCard Memory
Hardware Version is Ver.B
CPLD Version is 004
Basic Bootrom Version is 1.28 ------ Note②
Extend Bootrom Version is 1.37 ------ Note②
[Subslot 0]LSWM1WCM10 Hardware Version is Ver.B
FIT AP Compatibility Table Table 4 Fit AP Compatibility Table
AP Type AP Mode File Name Packed with AC Version Remark
H3C WA2110-AG WA2100 None
3COM 7760 7760_2750(Note③) None
3COM 8760 8760_3150 None
3COM 3150 8760_3150
wa2100.bin Yes
None
H3C WA2210-AG WA2210-AG None
H3C WA2220-AG WA2220-AG None
H3C WA2210X-G WA2210X-G None
H3C WA2220X-AG WA2220X-AG
wa2200_fit.bin Yes
None
H3C WA2610E-AGN WA2610E-AGN None
H3C WA2620E-AGN WA2620E-AGN wa2600_fit.bin Yes
None
H3C WA2612-AGN WA2612-AGN None
H3C WA2620-AGN WA2620-AGN w2600a_fit.bin Yes
None
Note③:
Hereby 7760_2750 is only used as a model name in the AC software. 7760 is supported but 2750 is not.
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 8
Restrictions and cautions 1. The size of configure file for Fit AP shouldn’t be more than 3500 bytes.
2. Port security mode “userlogin-secure-ext-or-psk”is not recommended. Some wireless adaptor station can’t connect with this mode.
3. After the register of auto template AP, command line wlan auto-ap persistent is necessary to convert this AP into fixed template AP, otherwise the AC could not refresh the log off status in the case the auto template AP powers off.
4. If there is a Layer3 network between the AC and the AP, either configure the IP bound domain name of the AC on the DNS, or set up the option 43 on the DHCP server hence the AP could reach to the AC.
5. In order to protect the control link between the AC and the AP from the malicious data traffic attack, the AC and AP should be divided into different sub networks as possible, and only permit necessary network access to the WX6103 and the AP from other network terminals.
6. If there are multi IP addresses configured under the same AC interface, the address appointed on the AP should be the main address on the AC interface
7. If the endpoint user use a Vista OS, there would be some constraints, such as the open-system and shared-key authorization modes could not featured on the service template.
8. After the update of the PKI certification, command line : undo local server eap-profile is necessary to refresh the SSL certification cache.
9. The port security mode: userlogin-secure-ext-or-psk is not recommended, for several network cards have some problems to log on under this mode.
Feature list
Hardware features Table 5 HP A-WX5004 Access Controller Hardware Features
Item Description
Dimensions(H × W × D)
(excluding feet and rack-mounting brackets
43.6 × 440 × 430 mm (1.7 × 17.3 × 16.93 in.)
Weight 7.4 kg (16.31 lb.) (with two PSUs installed)
Input voltage rated voltage: 100V~240V AC;50/60Hz
tolerance voltage: 90V~264V AC; 47/63Hz
Max. power consumption 67.7W
Operating temperature 0℃~45℃(32°F to 113°F)
Relative humidity 5%~ 95%
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 9
(noncondensing)
Processor 800MHz
Memory 1024MB
Flash 256MB CF Card
Fixed interfaces
1× Console
4×10/100/1000 BASE-T auto-sensing Ethernet electrical interfaces
4×1000 Base-X SFP optical interfaces, forming Combo ports together with the corresponding Ethernet electrical interfaces
Table 6 HP A-WX5002 Access Controller Hardware Features
Item Description
Dimensions(H × W × D)
(excluding feet and rack-mounting brackets
43.6 × 440 × 430 mm (1.7 × 17.3 × 16.93 in.)
Weight 7.4 kg (16.31 lb.) (with two PSUs installed)
Input voltage rated voltage: 100V~240V AC;50/60Hz
tolerance voltage: 90V~264V AC; 47/63Hz
Max. power consumption 67.7W
Operating temperature 0℃~45℃(32°F to 113°F)
Relative humidity (noncondensing) 5%~ 95%
Processor 800MHz
Memory 1024MB
Flash 256MB CF Card
Fixed interfaces
1× Console
2×10/100/1000 BASE-T auto-sensing Ethernet electrical interfaces
2×1000 Base-X SFP optical interfaces, forming Combo ports together with the corresponding Ethernet electrical interfaces
Table 7 HP A5800 Access Controller OAA Module Card Hardware Features
Item LSWM1WCM10
Dimensions(H × W × D) 35×250 × 243mm (1.4 ×9.8× 9.6 in.)
Weight 1.65kg(3.64 lb)
Input voltage 12V
Max. power consumption 80W
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 10
Operating temperature 0℃~45℃(32°F to 113°F)
Relative humidity (noncondensing) 5%~ 95%
Processor 1GHz
Memory 2048MB
Flash 1GB CF Card
Fixed interfaces 1×10/100BASE-TX out-of-band management interface
Software features Table 8 Software features
Item Description
ARP (gratuitous ARP)
ARP fast-reply
VLAN (port/MAC-based VLANs)
SSID/AP based VLANs
802.1p
802.1q
802.1X
Broadcast/multicast storm suppression
802.3x (not applicable to AC modules
Port loopback (not applicable to AC modules)
802.3 LAN protocols
Port broadcast storm suppression
Ping, Tracert
DHCP server
DHCP client
DHCP relay agent
DHCP snooping
DNS client
NTP
Telnet
TFTP client
FTP client
Network interconnection
IP application
FTP server
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 11
Item Description
IP routing Static routing
IGMP snooping
MLD snooping Multicasting
IPv6 Static Routing
802.11
802.11b
802.11a
802.11g
802.11n
802.11h
802.11d
802.11i
802.11e
802.11
80.211s draft
Transmission rate selection
Transmission rate auto-adjustment
Manual and automatic channel configuration; radar avoidance
Maximum transmission power configuration
Manual and automatic transmission power configuration
Country code configuration
Multiple country codes
20M/40M speed switchover of APs
802.11n protection
RF ping
Wireless packet capture
Wireless location service (A-iMC and AeroScout)
Energy conservation
RF management
Wireless RF interference detection and mitigation
Intra-AC roaming
Inter-AC roaming Roaming
Key cache fast roaming
Layer 2/Layer 3 network topology between AP and AC
WLAN
Tunneling between AC
Automatic AC discovery by APs
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 12
Item Description
AP software version upgrade through the AC
AP configuration file download from the AC
IPv4/v6 networks supported between AP and AC
Traffic and user number based AP load sharing
Centralized and local forwarding modes
and AP
AP provision
Mesh link Mesh
Mesh security
MAC address authentication
802.1X authentication (EAP-TLS, EAP-TTLS, EAP-PEAP, EAP-MD5, EAP-GTC)
Portal authentication
Local authentication methods, including 802.1X authentication (MD5/TLS/PEAP-MSCHAPv2), portal authentication, and MAC address authentication
Portal authentication support for web proxy
Portal authentication support for page redirection
Network security
Security authentication
Wireless EAD
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 13
Item Description
RADIUS
LDAP
HWTACACS
Multi-domain configuration on the authentication server
Backup authentication server
AAA
ESS based authentication server selection
Multi-SSID
SSID hiding
802.11i (including 802.1X authentication and PSK authentication)
WPA, WPA2
WEP (WEP64/WEP128/WEP152)
Dynamic WEP
LEAP
TKIP
802.11 security and privacy
CCMP
User-based bandwidth limit
User-based access control
User-based QACL
Access control based on AP location
Binding between user account and SSID
Binding between user account, VLAN, ACL, and user profile
User and access control
Guest access manager and VIP channel
White list
Static/dynamic blacklist
Detection of and countermeasures against rogue wireless devices WIDS/WIPS
Wireless anti-attack
SSH V1.5/2.0
SSID-based user isolation Others
MAC address-based user isolation
QoS Layer-2 QoS Layer 2 to Layer 4 packet filtering and traffic classification
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 14
Item Description
User-based packet filtering and traffic classification
Ethernet interface/SSID based priority
Mapping between wired priority and wireless priority
Mapping between wireless priority and tunnel priority
CAR/LR Traffic policing
Flow based bandwidth control
Congestion management FIFQ, PQ and CQ
WMM (802.11e)
Wireless service-based bandwidth limit
Intelligent bandwidth guarantee Wireless QoS
SSID-based bandwidth control
Forwarding of IPv6 packets; IPv6 MIB
ICMPv6
Automatic/manual configuration of link-local and multicast addresses
ND protocol
Basic IPv6 functions
IPv6 ACL
RFC 2464
DNS6
TraceR6
Telnet6
FIB6
IPv6
Extended IPv6 functions
DHCPv6 relay agent
1+1 fast backup
N+1 redundancy (up to 4+1 redundancy)
N+N redundancy
DHCP server hot backup
Reliability Redundancy
Portal server hot backup
Maintainability Network management
SNMP V1/V2c/V3
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 15
Item Description
Syslog
RMON
Console port login
Telnet (VTY) login
SSH login
Web based management
User access management
FTP login
File system management
Applications backup (dual image) System management
Hot fix
Table 9 Performance specifications
Performance
Item Sub-item A-WX5004
A5800 Access Controller OAA Module Card
A-WX5002
Switching capacity
Interface switching capacity
4 Gbps 10 Gbps 2 Gbps
Extended configuration 256 64
Standard configuration 64 32
Maximum number of managed APs Size of each
license 32
WEP key Length 40/104/128 bits
TKIP key Length 128 bits
CCMP key Length 128 bits
Rogue AP detection
Maximum number of permitted vendors
64
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 16
Performance
Item Sub-item A-WX5004
A5800 Access Controller OAA Module Card
A-WX5002
Maximum number of permitted SSIDs
128
Maximum number of permitted MAC addresses
256
Maximum number of rogue APs against which countermeasures can be taken concurrently
4
Maximum number of attacking devices
64
Static blacklist capacity 64 entries
Dynamic blacklist capacity
512 entries Blacklist/white list
Static white list capacity 255 entries
Maximum number of SSIDs 256 128
Maximum number of SSIDs per radio
16
Maximum number of BSSs 3072 768
SSID
Maximum number of BSSs per radio
16
Station Maximum number of wireless stations
4096 2048
Roaming Maximum number of ACs in a mobility
8
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 17
Performance
Item Sub-item A-WX5004
A5800 Access Controller OAA Module Card
A-WX5002
domain
QACL Maximum number of ACLs 8192 (By TCAM) 4096
RADIUS Maximum number of online sessions
4096 2048
Layer-3 interface
Maximum number of VLAN interfaces
512 64
Static routes IPv4/IPv6 32/32
ARP ARP table capacity 8192 4096
MAC MAC address table capacity
8192 4096
Layer-2 multicast
Layer-2 multicast table capacity 256
Jumbo frame Size 4096 bytes
Version updates
Feature updates None.
Command line updates None.
MIB updates None.
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 18
Configuration changes None.
Open problems and workarounds Problem WLD29319
• First found-in version: A5000-CMW520-R2303
• Description: Configuring the vlan of mobility-tunnel member’s, vlan range is not checked by system.
• Workaround: Please confirm the vlan correct manually.
Problem WLD29223
• First found-in version: A5000-CMW520-R2303
• Description: The interface WLAN-DBSS can’t inherit the rules of portal free-rule by Interface WLAN-ESS.
• Workaround: Please avoid configure the portal free-rule for SSID.
List of resolved problems
Resolved problems in A5000-CMW520-R2303 First release.
Software upgrading
CAUTION:
Upgrade software only when necessary and under the guidance of a technical support engineer.
Introduction
Files managed on access controller The HP A-WX5004 Access Controller, HP A-WX5002 Access Controller and HP A5800 Access Controller OAA Module Card manage the following three types of files:
• BootWare program file
• Application file
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 19
• Configuration file
• Certificate file
Boot ROM image file
The BootWare program file is used by the access controller to boot the applications. The complete BootWare program file consists of basic BootWare and extended BootWare.
• Basic BootWare implements system initialization.
• Extended BootWare provides abundant man-machine interaction functions. It is used for interface initialization for application program and boot system upgrade.
• Full BootWare refers to the combination of the two sections. After the basic BootWare is started, you can load or upgrade the extended BootWare.
WARNING:
Do not power off the device when upgrading the BootWare; otherwise, the BootWare will possibly be damaged.
Application image file
The access controller supports the Dual Image function. By default, three application files are defined for system boot:
• Main application file (main file)
• Backup application file (backup file)
• Secure application file (secure file)
These files are stored in the built-in CF card, with an extension name of .bin.
Typically, the default application file is written into the built-in CF card before the access controller is delivered.
If you have loaded the three application files into the CF card, the system will choose one of these three files to boot the access controller, depending on the boot sequence described below. For how to set the application file types, refer to section Maintaining application and configuration file.
The default names and types of the application files and their loading sequence are as follows:
• Main application file. The default name is main.bin, and the file type is M. It is the default application file to be loaded when the system starts.
• Backup application file. The default name is backup.bin, and the file type is B. If failing to load the main application file, the system will try the backup file.
• Secure application file. The default name is secure.bin, and the file type is S. If the system fails to load the backup application file, the secure application file is the last choice. If it again fails to load the secure application file, the system will give a boot failure message.
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 20
NOTE:
• Only the application files of the M, B, and S types can be used to boot the system, while an applicationfile of the N type (an application file other than the M, B, or S type) cannot.
• After the application program is loaded, you can rename the application files through the CLI or changethe types of the M, B and N application files through the BootWare menu or the CLI. However, you cannot change the type of the S application file.
• As the S application file is the last choice for booting the system, you cannot change its type or obtaina secure application file by changing the type of another type of application file. You can only download it using the BootWare menu.
• Only one file of the same type (M, B, or S) can exist in the CF card. For example, if an application fileof type M+B exists in the CF card, another file of type M or B cannot exist. If the type of another file is changed to B, the existing type M+B file changes to a file of type M.
Configuration file
With a file extension of .cfg, the configuration files are to store the configuration information of the access controller. Typically, the default configuration file is written into the built-in CF card before the access controller is delivered.
CAUTION:
• The length of a configuration file name must not exceed 64 characters (including the drive name and thestring terminator). For example, if the drive name is cfa0:/, the maximum length of a file name is [ 64 – 1 – 4 ] = 59 characters.
• If the length of a file name exceeds 59 characters, error will occur in file operations on that file. It is recommended to keep the file name within 16 characters.
• There is a limitation on the length of file name that can be displayed in BootWare. If a file name is shorter than 30 characters, all the characters of the file name can be displayed; if a file name has or exceeds 30 characters, only the first 26 characters of the file name can be displayed, followed by a tilde(~) and a serial number. The serial number identifies position in sequence of the file. For example, if some files, file A, file B and file C, have a file name longer than 30 characters, the name of file A will appear as the first 26 characters plus ~001, that of file B will appear as the first 26 characters plus ~002, and that of file C will appear as the first 26 characters plus ~003.
Certificate file
After startup, system will create two certificate files automatically, wlan_ca_certificate.cer and wlan_local_certificate.pfx for SSH and HTTPS. (For importing certificate, SSH, HTTPS, please refer to Configuration Guide)
Maintaining software • Upgrading the BootWare and application files using the Xmodem protocol through a serial port.
• Upgrading application files by BootWare using TFTP or FTP through an Ethernet port.
• Uploading and downloading the application and configuration files by CLI using TFTP/FTP.
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 21
NOTE:
• The BootWare program is upgraded together with the host software version. That is, the system automatically upgrades the BootWare program when you upgrade the host software program.
• The BootWare program is upgraded together with the host software version. That is, the system automatically upgrades the BootWare program when you upgrade the host software program.
Software Upgrade Flow Figure 1 Boot ROM and application images upgrade procedure
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 22
Boot ROM menu
Main Boot ROM menu Upon access controller power-on or reboot, the console terminal connected with the access controller first displays the following information: System start booting...
Then, the following information appears: Booting Normal Extend BootWare........
****************************************************************************
* *
* HP LSWM1WCM10 BootWare, Version 1.37 *
* *
****************************************************************************
Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P.
Compiled Date : Jan 26 2011
CPU Type : XLR732
CPU L1 Cache : 32KB
CPU Clock Speed : 1000MHz
Memory Type : DDR2 SDRAM
Memory Size : 2048MB
Memory Speed : 533MHz
BootWare Size : 1536KB
Flash Size : 4MB
cfa0 Size : 999MB
CPLD Version : 004
PCB Version : Ver.B
BootWare Validating...
Press Ctrl+B to enter extended boot menu...
Please input BootWare password:
NOTE:
The extended boot menu is referred to as BootWare main menu in this manual unless otherwise stated.
At the prompt above, press Ctrl+B. The system prompts you to enter the BootWare password: Please input BootWare password:
You have three chances to enter the BootWare password (the initial password is null). If you fail to enter the correct password three times in a row, the system will be halted and you can only restart the system. After you provide the correct password, the system enters the BootWare main menu:
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 23
Note: The current operating device is cfa0
Enter < Storage Device Operation > to select device.
===========================<EXTEND-BOOTWARE MENU>===========================
|<1> Boot System |
|<2> Enter Serial SubMenu |
|<3> Enter Ethernet SubMenu |
|<4> File Control |
|<5> Modify BootWare Password |
|<6> Skip Current System Configuration |
|<7> BootWare Operation Menu |
|<8> Clear Super Password |
|<9> Storage Device Operation |
|<0> Reboot |
============================================================================
Enter your choice(0-9):
The following table describes the menu options.
Table 10 Main Boot ROM menu
Menu option Description
<1> Boot System Boot from the CF card.
<2> Enter Serial SubMenu Refer to section “Enter the serial submenu” for details.
<3> Enter Ethernet SubMenu Refer to section “Enter the Ethernet Interface submenu” for details.
<4> File Control File control submenu. Refer to “File control submenu” for details.
<5> Modify BootRom Password Modify the Boot ROM password.
<6> Ignore System Configuration Ignore system configuration.
<7> Boot Rom Operation Menu Refer to section “Boot ROM operation submenu” for details.
<8> Clear Super Password Remove the super password.
<9> Device Operation Device Operation menu, used for selecting the storage device.
<a> Reboot Reboot the router.
Boot ROM submenus Enter the serial submenu
You may upgrade the application image and modify serial interface speed in this serial submenu.
Enter 2 in the main Boot ROM menu to access the serial submenu: ===========================<Enter Serial SubMenu>===========================
|Note:the operating device is cfa0 |
|<1> Download Application Program To SDRAM And Run |
|<2> Update Main Application File |
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 24
|<3> Update Backup Application File |
|<4> Update Secure Application File |
|<5> Modify Serial Interface Parameter |
|<0> Exit To Main Menu |
============================================================================
Enter your choice(0-5:
Enter the Ethernet Interface submenu
Enter 3 in the main Boot ROM menu to access the Ethernet submenu. The console screen displays: ==========================<Enter Ethernet SubMenu>==========================
|Note:the operating device is cfa0 |
|<1> Download Application Program To SDRAM And Run |
|<2> Update Main Application File |
|<3> Update Backup Application File |
|<4> Update Secure Application File |
|<5> Modify Ethernet Parameter |
|<0> Exit To Main Menu |
|<Ensure The Parameter Be Modified Before Downloading!> |
============================================================================
Enter your choice(0-5):
File control submenu
Enter 4 in the main Boot ROM menu to access the file control submenu. In this submenu you may identify types of the application files on the CF card, change file name, or remove files. The menu is as follows: ===============================<File CONTROL>===============================
|Note:the operating device is cfa0 |
|<1> Display All File(s) |
|<2> Set Application File type |
|<3> Set Configuration File type |
|<4> Delete File |
|<0> Exit To Main Menu |
============================================================================
Enter your choice(0-4):
Boot ROM operation submenu
Enter 7 in the main Boot ROM menu to access the Boot ROM operation menu: =========================<BootWare Operation Menu>==========================
|Note:the operating device is cfa0 |
|<1> Backup Full BootWare |
|<2> Restore Full BootWare |
|<3> Update BootWare By Serial |
|<4> Update BootWare By Ethernet |
|<0> Exit To Main Menu |
============================================================================
Enter your choice(0-4):
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 25
Upgrading Boot ROM through a serial port To upgrade the Boot ROM image through a serial port, use Xmodem.
Modifying serial port parameters Sometimes, we need a high serial port baud rate to save the upgrade time, or a lower baud rate to ensure the transmission reliability. This section introduces how to adjust the serial communication baud rate.
Follow these steps to change the serial communication baud rate:
Step1 Enter the BootWare main menu and select 2 to enter the serial interface submenu. Then, select 5 in the submenu to modify the baud rate. The system displays the following: =================================<BAUDRATE SET>===========================
|Note:'*'indicates the current baudrate |
| Change The HyperTerminal's Baudrate Accordingly |
|---------------------------<Baudrate Avaliable>------------------------- |
|<1> 9600(Default)* |
|<2> 19200 |
|<3> 38400 |
|<4> 57600 |
|<5> 115200 |
|<0> Exit |
==========================================================================
Enter your choice(0-5):
Step2 Select an appropriate baud rate. For example, select 5 for 115200 bps. The following information appears: Baudrate has been changed to 115200 bps.
Please change the terminal's baudrate to 115200 bps, press ENTER when ready.
Now that the serial interface baud rate of the access controller has been changed to 115,200 bps while that of the terminal is still 9,600 bps, the access controller and the terminal cannot communicate with each other. Change the baud rate to 115,200 bps in HyperTerminal.
Step3 Disconnect the terminal connection in HyperTerminal, as shown below:
Figure 2 Disconnect the terminal connection
Step4 Choose File > Properties. In the Properties dialog box, click Configure… and select 115,200 in the Bits per second drop-down list box.
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 26
Figure 3 Modify the baud rate
Step5 Select Call > Call to reestablish the connection.
Figure 4 Reconnect the call
Step6 Then, press Enter in the serial interface submenu. The system prompts the current baud rate and returns to the parent menu. ==============================<Enter Serial SubMenu>======================
|Note:the operating device is cfa0 |
|<1> Download Application Program To SDRAM And Run |
|<2> Update Main Application File |
|<3> Update Backup Application File |
|<4> Update Secure Application File |
|<5> Modify Serial Interface Parameter |
|<0> Exit To Main Menu |
==========================================================================
Enter your choice(0-5):
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 27
NOTE:
Restore the baud rate in the HyperTerminal to 9600 bps (the default) after upgrading the Boot ROM. This is to ensure that information can be displayed on the console screen after a system boot or reboot.
Upgrading the BootWare Through the Management Ethernet Interface
Follow these steps to upgrade the BootWare through the management Ethernet interface:
Step1 Enter the BootWare main menu (refer to section Main Boot ROM menu) and select 7 to enter the BootWare operation submenu. For details about this menu, refer to section Boot ROM operation submenu.
Step2 Select 4 in the BootWare operation submenu to enter the BootWare operation Ethernet interface submenu: =====================<BOOTWARE OPERATION ETHERNET SUB-MENU>===============
|<1> Update Full BootWare |
|<2> Update Extend BootWare |
|<3> Update Basic BootWare |
|<4> Modify Ethernet Parameter |
|<0> Exit To Main Menu |
==========================================================================
Enter your choice(0-4):
Step3 Select 4 in the BootWare operation Ethernet interface submenu. The system prompts you to modify the network parameters. ============================<ETHERNET PARAMETER SET>======================
|Note: '.' = Clear field. |
| '-' = Go to previous field. |
| Ctrl+D = Quit. |
==========================================================================
Protocol (FTP or TFTP) :tftp
Load File Name :A5000.bin
Target File Name :A5000.bin
Server IP Address :192.168.0.179
Local IP Address :192.168.0.125
Gateway IP Address :192.168.0.1
NOTE:
The load file name and target file name must not exceed 50 bytes.
After modification of the parameters, the system display returns to the BootWare operation Ethernet interface submenu. =====================<BOOTWARE OPERATION ETHERNET SUB-MENU>===============
|<1> Update Full BootWare |
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 28
|<2> Update Extend BootWare |
|<3> Update Basic BootWare |
|<4> Modify Ethernet Parameter |
|<0> Exit To Main Menu |
==========================================================================
Enter your choice(0-4):
Step4 Select 1 in the BootWare operation Ethernet interface submenu.
Update the BootWare program at the following prompts: Loading...................................................................
..........................................................................
.........................................................Done!
36640996 bytes downloaded!
Updating Basic BootWare? [Y/N]Y
Updating Basic BootWare................Done!
Updating Extend BootWare? [Y/N]Y
Updating Extend BootWare..............Done!
After download of the BootWare program file, the system display returns to the BootWare operation Ethernet interface submenu. ===================<BOOTWARE OPERATION ETHERNET SUB-MENU>=================
|<1> Update Full BootWare |
|<2> Update Extend BootWare |
|<3> Update Basic BootWare |
|<4> Modify Ethernet Parameter |
|<0> Exit To Main Menu |
==========================================================================
Enter your choice(0-4):
Step5 Select 0 in the BootWare operation Ethernet interface submenu to enter the BootWare operation submenu: =========================<BootWare Operation Menu>========================
|Note:the operating device is cfa0 |
|<1> Backup Full BootWare |
|<2> Restore Full BootWare |
|<3> Update BootWare By Serial |
|<4> Update BootWare By Ethernet |
|<0> Exit To Main Menu |
==========================================================================
Enter your choice(0-4):
Step6 Select 0 in the BootWare operation submenu to enter the BootWare main submenu: ===========================<EXTEND-BOOTWARE MENU>=========================
|<1> Boot System |
|<2> Enter Serial SubMenu |
|<3> Enter Ethernet SubMenu |
|<4> File Control |
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 29
|<5> Modify BootWare Password |
|<6> Skip Current System Configuration |
|<7> BootWare Operation Menu |
|<8> Clear Super Password |
|<9> Storage Device Operation |
|<0> Reboot |
==========================================================================
Enter your choice(0-9): 0
Step7 Select 0 in the BootWare main menu to reboot the access controller.
Upgrading the BootWare Through a Serial Connection Follow these steps to upgrade the BootWare through a serial connection:
Step1 Enter the BootWare main menu (refer to section Main Boot ROM menu) and select 7 to enter the BootWare operation submenu. For details about this menu, refer to section Boot ROM operation submenu.
Step2 Select 3 in the BootWare operation submenu to enter the BootWare operation serial interface submenu: ======================<BOOTWARE OPERATION SERIAL SUB-MENU>================
|<1> Update Full BootWare |
|<2> Update Extend BootWare |
|<3> Update Basic BootWare |
|<4> Modify Serial Interface Parameter |
|<0> Exit To Main Menu |
==========================================================================
Enter your choice(0-4):
Step3 Select 4 in the BootWare operation serial interface submenu. The system prompts you to modify the baud rate. =================================<BAUDRATE SET>===========================
|Note:'*'indicates the current baudrate |
| Change The HyperTerminal's Baudrate Accordingly |
| Press 'Enter' to exit with things untouched. |
|-----------------------------<Baudrate Avaliable>-----------------------|
|<1> 9600(Default)* |
|<2> 19200 |
|<3> 38400 |
|<4> 57600 |
|<5> 115200 |
|<0> Exit |
==========================================================================
Enter your choice(0-5):
Step4 Change the communication baud rate by referring to section “Modifying serial port parameters”. After the modification, the system displays the following information: Baudrate has been changed to 115200 bps.
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 30
Please change the terminal's baudrate to 115200 bps, press ENTER when ready.
The current baudrate is 115200 bps
=================================<BAUDRATE SET>===========================
|Note:'*'indicates the current baudrate |
| Change The HyperTerminal's Baudrate Accordingly |
|---------------------------<Baudrate Avaliable>-------------------------|
|<1> 9600(Default) |
|<2> 19200 |
|<3> 38400 |
|<4> 57600 |
|<5> 115200* |
|<0> Exit |
==========================================================================
Enter your choice(0-5):
Step5 Select 0 to return to the BootWare operation serial interface submenu. ======================<BOOTWARE OPERATION SERIAL SUB-MENU>================
|<1> Update Full BootWare |
|<2> Update Extend BootWare |
|<3> Update Basic BootWare |
|<4> Modify Serial Interface Parameter |
|<0> Exit To Main Menu |
==========================================================================
Enter your choice(0-4):
Step6 Select 1 in the BootWare operation serial interface submenu. The following prompt appears: Please Start To Transfer File, Press <Ctrl+C> To Exit.
Waiting ...CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
Step7 Select Transfer > Send file… in the HyperTerminal window. The following dialog box appears:
Figure 5 Send File dialog box
Step8 Click Browse… to select the application file to be downloaded, and select Xmodem from the Protocol drop-down list. Then click Send. The following dialog box appears:
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 31
Figure 6 Download the file using Xmodem
Upon successful download, the system displays the following information: Download successfully!
354944 bytes downloaded!
Updating Basic BootWare? [Y/N]Y
Updating Basic BootWare................Done!
Updating Extend BootWare? [Y/N]Y
Updating Extend BootWare..............Done!
Step9 Change the baud rate on the console terminal from 115,200 bps back to 9,600 bps, and reboot the access controller.
NOTE:
• The actual file name, size and path may differ from what are shown in the figure above. Before upgrading the software of your access controller, check the current BootWare version and application program version to make sure that the correct file is used for the upgrade.
• After you download files with a changed baud rate, timely change the baud rate back to 9,600 bps inHyperTerminal to ensure the normal display on the console screen when the system boots or reboots.
Upgrading application image through a serial port The procedure is used to upgrade the three types of application files. This section describes how to upgrade the main application file.
Follow these steps to upgrade the main application file:
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 32
Step1 Select 2 in the BootWare main menu to enter the serial interface submenu. For details about this menu, refer to section Enter the Ethernet Interface submenu.
Step2 To improve the upgrading speed, first modify the serial interface baud rate. For details, refer to section Modifying serial port parameters..
Step3 Select 2 in the serial interface submenu. The following prompt appears: Please Start To Transfer File, Press <Ctrl+C> To Exit.
Waiting ...CCCCCCCCCC
Step4 Select and send the application file in HyperTerminal. The procedure for upgrading an application file is the same as upgrading the BootWare. For details, refer to section Upgrading the BootWare Through a Serial Connection.
NOTE:
In most cases application image files are larger than 10 Mbps. Given the speed of 115200 kbps, upgrading the application image takes about 30 minutes. To make upgrading faster, Ethernet interfaces are used.
Upgrading application image through an Ethernet interface
To upgrade the application image through an Ethernet interface, enter 3 in the main Boot ROM menu to access the Ethernet interface submenu first. (Refer to section “Enter the Ethernet Interface submenu”.)
Configuring Ethernet interface parameters Before upgrading an application program through an Ethernet interface, you need to configure the Ethernet interface of the access controller, as follows.
Select 3 in the BootWare main menu to enter the Ethernet interface submenu. Then, select 5 to enter the Ethernet interface configuration submenu: ============================<ETHERNET PARAMETER SET>======================
|Note: '.' = Clear field. |
| '-' = Go to previous field. |
| Ctrl+D = Quit. |
==========================================================================
Protocol (FTP or TFTP) :tftp
Load File Name :A5000.bin
Target File Name :A5000.bin
Server IP Address :192.168.0.179
Local IP Address :192.168.0.1
Gateway IP Address :192.168.0.10
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 33
Table 11 Ethernet parameters settings description
Parameter Description
Load File Name Name of the file to be downloaded.
Target File Name Name of the file to be stored in CF Card.
Server IP Address The IP address of FTP or TFTP server.
Local IP Address Set it to be in the same network with TFTP/FTP server.
Gateway IP Address The IP address of the Gateway.
NOTE:
• When configuring a parameter, you can enter a new value directly, or press Enter to accept the default value that follows a colon. Type . to clear the current input, - to return to the previous parameter field, and Ctrl+D to quit from the parameter configuration interface.
• The access controller supports only the 10/100/1000Base-TX out-of-band management Ethernet interface for application upgrade.
Upgrading application image The Trivial File Transfer Protocol (TFTP) is a TCP/IP protocol used for file transfer between client and server. It provides a simple and low-overhead file transfer service. TFTP provides unreliable data transfer over UDP and does not provide any access authorization and authentication mechanism. It employs the timeout retransmission method to implement best-effort delivery of data. Compared with FTP, TFTP has a much smaller software size.
Follow these steps to upgrade an application through the management Ethernet interface:
Step1 Set up a software upgrade environment.
For HP A5800 Access Controller OAA Module Card: Connect the 10/100/1000Base-TX management interface to a PC with an Ethernet cable.
For HP A-WX5004 Access Controller or HP A-WX5002 Access Controller: Connect the first Gigabit Ethernet interface to a PC with an Ethernet cable.
Figure 7 Set up a software upgrade environment
Step2 Run TFTP Server on the PC, and set the path of the application file to be downloaded.
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 34
NOTE:
The TFTP server software is not provided with the access controller. You must make sure that it is availableby yourself.
Step3 Modify the Ethernet interface parameters. For details, refer to section Upgrading application image through an Ethernet interface.
Step4 Select 3 in the BootWare main menu to enter the Ethernet interface submenu. The following example shows how to upgrade the main application file. Select 2 in the Ethernet interface submenu. The following information appears: Loading......................................................................................................................................................................................................Done!
20710792 bytes downloaded!
Updating File
cfa0:/A5000.bin..........................................................
.....................................................................................
.....................................................................................
.....................................................................................
.....................................................................................
.....................................................................................
.....................................................................................
.....................................................................................
.....................................................................................
.....................................................................................
.....................................................................................
.....................................................................................
.....................................................................................
.....................................................................................
.....................................................................................
...................................................................................Done!
Step5 Select 0 to return to the BootWare main menu.
Step6 Select 1 in the BootWare main menu to reboot the access controller.
CAUTION:
• If the downloaded file has the same file name with an existing file in the CF card, the system prompts The file is exist, will you recover it? [Y/N]. If you choose Y, the existing file will be overwritten.
• Make sure that sufficient space is available in the CF card. In case of insufficient space, the system willgive a prompt message.
• The new application file directly replaces the existing file of the same type. In this example, the downloaded file A5000.bin replaces the existing application file of the type M and becomes the only main application file.
• For details about the application file types, refer to section Application image file.
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 35
Maintaining application image and configuration at CLI
After the access controller boots, you can perform operations at the CLI to upgrade/back up the application image or to backup/restore configuration.
Maintaining the Access Controller with TFTP Using the access controller as a TFTP client and a file server as the TFTP server, you can use commands on the console terminal, which can be the same file server, to upload the configuration and application files from the access controller to the file server or download the files from the file server to the access controller.
Setting up a configuration environment
Step1 Set up a network environment by referring to section Upgrading application image through an Ethernet interface. .
Figure 8 Set up an environment for software maintenance through the CLI
Step2 Run TFTP Server on the file server and set the file path.
Step3 Configure the IP addresses for both sides, which must be on the same subnet. For example, set the IP address of the TFTP server to 192.168.0.1, and that of the access controller’s management Ethernet interface to 192.168.0.2. Then use ping to verify the network connectivity.
Backing up and restoring the application and configuration files
After setting up the environment, perform the following operations on the console terminal:
Step1 View the files in the current file system with the dir command. <HP>dir
Directory of cfa0:/
0 -rw- 617 Jul 26 2011 08:22:56 startup.cfg
1 -rw- 36640996 Jul 28 2011 10:35:38 A5000.bin
2 -rw- 356124 Jul 27 2011 09:23:54 bootware.app
252904 KB total (198642 KB free)
File system type of cfa0: FAT32
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 36
<HP>
Step2 Perform the file backup or restoration (download) operation.
• To backup startup.cfg on the access controller by saving it as config.bak on the TFTP server, use the following command:
<HP>tftp 192.168.0.1 put startup.cfg config.bak
File will be transferred in binary mode
Sending file to remote TFTP server. Please wait... \
TFTP: 617 bytes sent in 0 second(s).
File uploaded successfully.
• To download config.cfg from the TFTP server to the access controller, do the following: <HP>tftp 192.168.0.1 get config.cfg statup.cfg
The file statu.cfg exists. Overwrite it?[Y/N]:y
Verifying server file...
Deleting the old file, please wait...
File will be transferred in binary mode
Downloading file from remote tftp server, please wait...\
TFTP: 617 bytes received in 0 second(s)
File downloaded successfully.
If a file with the same name already exists on the access controller, the system will ask you whether to replace the existing file. Enter Y to replace it, or N to abort.
CAUTION:
• When you back up a file to the server and if a file with the same name already exists on the server, theexisting file will be replaced.
• The above-mentioned operations are performed in user view.
• The backup configuration file can be modified by using a text editor. You can update the system configuration by downloading a modified configuration file. Your update takes effect after the access controller is restarted. Likewise, you can update the main application file by downloading a new application file from the server and replacing the existing main application file on the access controller.
Maintaining the Access Controller with FTP Maintaining the access controller when it serves as the server
File Transfer Protocol (FTP) is an application layer protocol in the TCP/IP suite. It is mainly used for file transfer between remote hosts. FTP provides a reliable, connection-oriented data transfer service over TCP.
The FTP service provided by the access controller is FTP Server. Using this feature, the access controller serves as the FTP server. You can use your PC as an FTP client to log in to the access controller for file operations.
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 37
Before using FTP, you need to install the FTP client application on your PC. The FTP client software is not provided with the access controller. You must make sure that it is available by yourself. This section describes how to maintain the access controller software using the FTP client application that comes with Microsoft Windows XP.
Follow these steps to maintain the software of your access controller through FTP with the access controller as the FTP server:
Step1 Set up a hardware maintenance environment as follows:
Figure 9 Maintain the router taking it as the FTP server
Step2 Configure the IP addresses for both sides, which must be on the same subnet. For example, set the IP address of the FTP client to 192.168.0.1, and that of the access controller’s management Ethernet interface to 192.168.0.2. Then use ping to verify the network connectivity.
Step3 Enable FTP service.
Configure FTP server authentication and authorization and enable FTP. The FTP server supports multi-client access. When a remote FTP client sends a request to the FTP server, the FTP server executes an action accordingly and returns the execution result to the client. Use the following command to enable the FTP service: [HP]ftp server enable
% Start FTP server
Step4 Add an authorized FTP username and password. [HP]local-user guest Create user account guest
[HP-luser- guest]service-type ftp //Set user type to FTP
[HP-luser- guest]password simple 123456 //Set password for user guest
Step5 Maintain the access controller
After enabling the FTP service and configuring the username and password, start the FTP client application on the PC.
Open a DOS prompt window, and enter ftp at the DOS prompt. C:\Documents and Settings\Administrator>ftp
ftp> //The system prompt changed to ftp>
ftp> open 192.168.0.2 //Connect to the access controller
Connected to 192.168.0.2.
220 FTP service ready.
User (192.168.0.2:(none)): guest //Enter the username guest
331 Password required for guest
Password: Enter the password 123456
230 User logged in. //Successfully connected to the server
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 38
Step6 Maintain the access controller software.
• To backup main.bin on the access controller to the server, do the following: ftp> binary //Set the transfer mode to binary
200 Type set to I.
ftp> lcd c:\temp //Change the local path
Local directory now C:\temp.
ftp> get main.bin main.bin //Backup to PC
200 Port command okay.
150 Opening BINARY mode data connection for main.bin.
226 Transfer complete.
ftp: 14323376 bytes received in 16.81Seconds 851.87Kbytes/sec.
• To restore the backup file to the access controller, do the following: ftp> put main.bin main.bin //Download to the access controller
200 Port command okay.
150 Opening BINARY mode data connection for main.bin.
226 Transfer complete.
ftp: 14323376 bytes sent in 8.29Seconds 1727.37Kbytes/sec.
ftp> quit //Quit FTP
221 Server closing.
Maintaining the access controller when it serves as the client
When the access controller is functioning as an FTP client, you can do the following to maintain it.
Step1 Set up a maintenance environment.
Figure 10 Maintain the router taking it as the FTP client
Step2 Run the FTP server program on the PC, set the file path, and set the username and password for the access controller.
Step3 Configure the IP addresses for both sides, which must be on the same subnet. For example, set the IP address of the FTP server to 192.168.0.1, and that of the access controller’s management Ethernet interface to 192.168.0.2. Then use ping to verify the network connectivity.
Step4 Maintain the access controller using the terminal connected to the console port of the access controller. <HP>ftp 192.168.0.1
Trying 192.168.0.1 ...
Press CTRL+K to abort
Connected to 192.168.0.1.
220 3Com 3CDaemon FTP Server Version 2.0
User(192.168.0.1:(none)):guest //Enter the username set on the server
331 User name ok, need password
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 39
Password: //Enter the password
230 User logged in
[ftp]
Step5 Maintain the access controller software.
Use the get and put commands to download and backup files. [ftp]get main.bin main.bin
cf:/main.bin has been existing. Overwrite it?[Y/N]:y
200 PORT command successful.
150 File status OK ; about to open data connection
226 Closing data connection; File transfer successful.
FTP: 14323376 byte(s) received in 69.256 second(s) 206.00K byte(s)/sec.
[ftp]put main.bin main.bin
200 PORT command successful.
150 File status OK ; about to open data connection
226 Closing data connection; File transfer successful.
FTP: 14323376 byte(s) sent in 15.974 second(s) 896.00Kbyte(s)/sec.
[ftp]quit
221 Service closing control connection
Maintaining application and configuration file You can use the file control submenu to modify and display file types.
Select 4 in the BootWare main menu to enter the file control submenu. The following information appears: =================================<File CONTROL>===========================
|Note:the operating device is cfa0 |
|<1> Display All File(s) |
|<2> Set Application File type |
|<3> Delete File |
|<0> Exit To Main Menu |
==========================================================================
Enter your choice(0-3):
Display all files
Select 1 in the file control submenu. The following information appears: Display all file(s) in cfa0:
'M' = MAIN 'B' = BACKUP 'S' = SECURE 'N/A' = NOT ASSIGNED
==========================================================================
|NO. Size(B) Time Type Name |
|1 36640996 Jan/20/2034 10:12:36 M cfa0:/A5000.bin |
|2 795 Jan/20/2006 11:58:50 N/A cfa0:/startup.cfg |
==========================================================================
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 40
Set application file type
Step1 Select 2 in the file control submenu. The following information appears: 'M' = MAIN 'B' = BACKUP 'S' = SECURE 'N/A' = NOT ASSIGNED
==========================================================================
|NO. Size(B) Time Type Name |
|1 36640996 Jan/20/2034 10:12:36 M cfa0:/A5000.bin |
|0 Exit |
==========================================================================
Enter file No:
Step2 Enter the file number at the prompt above. In this example, type 1 for A5000.bin, and press Enter. The system prompts you to specify a new file type: Modify the file attribute:
==========================================================================
|<1> +Main |
|<2> -Main |
|<3> +Backup |
|<4> -Backup |
|<0> Exit |
==========================================================================
Enter your choice(0-4)
Step3 Select 1 for +Main (set to M), 2 for –Main (remove the current M attribute), 3 for +Backup (set to B), or 4 for –Backup (remove the current B attribute). For details about the file types, refer to section Application image file.
Step4 Delete files
Step5 Select 3 in the file control submenu. The following information appears: Deleting the file in cfa0:
'M' = MAIN 'B' = BACKUP 'S' = SECURE 'N/A' = NOT ASSIGNED
==========================================================================
|NO. Size(B) Time Type Name |
|1 36640996 Jan/20/2034 10:12:36 M cfa0:/A5000.bin |
|2 795 Jan/20/2006 11:58:50 N/A cfa0:/startup.cfg |
|0 Exit |
==========================================================================
Enter file No:
Step6 Type a file number and press Enter. The system asks you to confirm your operation. The file you selected is cfa0:/startup.cfg,Delete it? [Y/N]
Step7 Enter Y for confirmation. The following message appears, indicating the file was successfully deleted. Deleting..........Done!
Exit to the main menu
Select 0 to return to the BootWare main menu.
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 41
Dealing with access controller password loss This section tells you how to deal with loss of Boot ROM password, user password or super password.
Dealing with user password loss If you forget your user password, the system will refuse your login. In this case, set a new user password by following the steps below.
Step1 Enter the BootWare main menu and select 6 to bypass the current configuration in system startup.
The following information appears: Flag Set Success.
Step2 When the BootWare main menu appears again, select 0 to restart the system. System starts booting ...
Step3 Set a new user password in system view. [HP]user-interface con 0
[HP-ui-console0]authentication-mode password
[HP-ui-console0]set authentication password simple 123456
This information indicates that password authentication is used for console port login, the password is set to 123456, and it is stored in plain text.
NOTE:
• After reboot, the system runs with the initial default configuration, while the original configuration file isstill kept in the CF card. To restore the original configuration, use the display saved-configuration command to locate the configuration file, and then copy and run it.
• If the password is stored in plain text, you can use the display current-configuration command to view the password in the current configuration. If you use the set authentication password cipher 123456 command to set your password, the password will be stored in cipher text.
Step4 Save your new password. [HP] save
NOTE:
After modifying the user password, use the save command to save it.
Dealing with Boot ROM password loss Contact your agent in the event of Boot ROM password loss for help to log into the access controller to set a new password.
To change the BootWare password, enter the BootWare main menu, select 5, and follow the prompts: please input old password:
Please input new password:
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 42
Please input new password again:
Password Set Successfully.
NOTE:
• Once you enter a wrong old password or different new passwords, the password modification operationfails and the system exits this operation.
• The BootWare password can consist of a maximum of 32 printable characters, including letters, numerals, and symbols.
Super password loss You need a super password to switch among the four privilege levels to perform higher privilege operations. In the event of super password loss, do the following:
1. Enter 8 in the main Boot ROM menu to clear the super password.
2. Quit the menu and reboot. Then, you can directly enter into system view. Note that the operation is a one-time operation. You will be asked to provide the super user password for authentication at the next boot.
Backing up and restoring the Boot ROM image Step1 Select 7 in the BootWare main menu to enter the BootWare operation submenu. For details about this
submenu, refer to section Boot ROM operation submenu.
Step2 Back up or restore the BootWare.
• To back up the entire BootWare to the CF card, select 1 in the BootWare main menu and follow the prompts.
Will you backup the Basic BootWare? [Y/N]Y
Begin to backup the Basic BootWare...................Done!
Will you backup the Extend BootWare? [Y/N]Y
Begin to backup the Extend BootWare...................Done!
• To restore the backup BootWare from the CF card, select 2 in the BootWare main menu and follow the prompts.
Will you restore the Basic BootWare? [Y/N]Y
Begin to restore Normal Basic BootWare.................Done!
Will you restore the Extend BootWare? [Y/N]Y.................Done!
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 43
Compatibility for H3C WX Series Access Controller
Hardware and software compatibility matrix for H3C WX Series Access Controller
Table 12 WX Series Access Controller Module Compatibility Table
WX Series Access Controller Module Software Version Frame Software Version
LSWM1WCM10 WX5004-CMW520-R2105 and later version
H3C S5800-60C-PWR
H3C S5820X-28C
S5800_5820X-CMW520-R1108 and later version
The latest version: S5800_5820X-CMW520-R1110P05
S5800_5820X-CMW520-R1206
Feature updates relative to WX5004-CMW520-R2107P10
Table 13 Feature updates
Item Description
A5000-CMW520-R2303(First release on new branch)
Hardware feature updates
New features: None
Deleted features: None
Modified features: 1. BOOTWARE extend section of HP A5800 Access Controller OAA
Module Card update to version 1.37 2. BOOTWARE extend section of HP A-WX5004 Access Controller and
HP A-WX5002 Access Controller update to version 1.13
Software feature updates
New features: 1. The portal now supports proxy 2. 802.11n MIB has been supported 3. DHCP Snooping dynamic entry storage 4. Defend to the TCP SYN Flood attack 5. The boot APP file could be displayed and modified by the Web
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 44
Item Description interface
6. Security Association of the AC and BAS board card 7. Permit the configuration of permit mac before the user isolation
module(only by command line) 8. Multi-core platform supports WLAN forward 9. Remote AP function is now supported 10. NAT between AC and AP 11. LEAD certification is supported in 802.1X 12. Mesh link information could be inspected via the Web interface 13. Dual DHCP server machines backup is supported 14. Multicast group switch is now supported on the AP equipment 15. Sniffer function is now supported on the AP equipment 16. Smart Bandwidth promise function based on the SSID 17. The SSID would not be broadcasted any more after the user of the AP
reach the maxim limit 18. AP-based user speed constrain policy is now supported 19. RFPing feature is now supported 20. UserProfile is now supported in the local forward 21. 11n AP 20/40M channel switch is now supported 22. 11n Protective mode is now supported 23. (11n)STA side Power Save mode switch is now supported 24. (11n) Aggregative packet upload and statistical feature is now
supported on the WLAN platform 25. Export of the wireless user Authorization log is now supported 26. STA IP information from the ARP snooping is now supported 27. After the local portal server Authorization succeeds, the original
requested URL would be returned 28. CTS to self mode could be launched forcedly 29. Signal channel load rate estimate is now supported 30. Mesh signal channel automate adaption is now supported 31. Under portal Authorization, online user detecting via ARP feature is
supported 32. Power Table modification(Different Country codes support respecting
power table) 33. Work load distribution based on radio interface is now supported now 34. The management VLAN now support tag 35. AC could configure the AP local attributes 36. RRM parameter is now configurable 37. Time Zone could be added on the Web interface 38. DHCPv6 Server、DHCPv6 Client、DHCPv6 Relay are now supported 39. WLAN relevant passwords now could displayed in encrypted format. 40. Default Country code and radio configuration is now supported. 41. Support Mib Node: NAS-ID
Deleted features: None
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 45
Item Description Modified features: 42. The AP name length limit has been promoted to 32 characters from
previous 15 characters 43. The length of device name section in the manufacture information has
been promoted to 120 Bytes 44. ARP Snooping module now ignore the port inspection
Command line updates relative to WX5004-CMW520-R2107P10
Table 14 Command line updates
Item Description
A5000-CMW520-R2303(First release on new branch)
New commands
1. Command 1:
display ipv6 dhcp duid [ | { begin | exclude | include } regular-expression
display ipv6 dhcp client [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression
display ipv6 dhcp client statistics [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression
display ipv6 dhcp relay server-address { all | interface interface-type interface-number } [ | { begin | exclude | include } regular-expression
display ipv6 dhcp relay statistics [ | { begin | exclude | include } regular-expression
display ipv6 dhcp pool [ pool-number ] [ | { begin | exclude | include } regular-expression
display ipv6 dhcp prefix-pool [ prefix-pool-number ] [ | { begin | exclude | include } regular-expression
display ipv6 dhcp server [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression
display ipv6 dhcp server pd-in-use { all | pool pool-number | prefix prefix/prefix-len | prefix-pool prefix-pool-number } [ | { begin | exclude | include } regular-expression
display ipv6 dhcp server statistics [ | { begin | exclude | include } regular-expression
display ipv6 dhcp snooping trust [ | { begin | exclude | include } regular-expression
display ipv6 dhcp snooping user-binding { ipv6-address | dynamic } [ | { begin | exclude | include } regular-expression
reset ipv6 dhcp snooping user-binding { ipv6-address | dynamic }
reset ipv6 dhcp client statistics [ interface interface-type interface-number ]
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 46
Item Description reset ipv6 dhcp relay statistics
reset ipv6 dhcp server pd-in-use { all | pool pool-number | prefix prefix/prefix-len }
reset ipv6 dhcp server statistics
Description: See Layer 3 Command Reference of H3C WX Series Access Controllers Command Reference. 2. Command 2:
display ipv6 adjacent-table { all | physical-interface interface-type interface-number | routing-interface interface-type interface-number | slot slot-id } [ count | verbose ] [ | { begin | exclude | include } regular-expression ] View: Any view
Description: Display IPv6 adjacency table entries, with filter function by specifying a regular expression. 3. Command 3:
display ipv6 fib [ acl6 acl6-number | ipv6-prefix ipv6-prefix-name ] [ | { begin | exclude | include } regular-expression ]
View: Any view
Description: Display IPv6 FIB entries. 4. Command 4:
display mac-forwarding statistics [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display Layer 2 forwarding statistics. 5. Command 5:
display mac-fast-forwarding cache { all | { destination-mac mac-address | source-mac mac-address | vlan vlan-id }* } [ verbose ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display fast Layer 2 forwarding entries. 6. Command 6:
display stp bpdu-statistics [ interface interface-type interface-number [ instance instance-id ] ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display the BPDU statistics on ports. 7. Command 7:
display qos rtpq interface [ interface-type interface-number [ pvc { pvc-name [ vpi/vci ] | vpi/vci } ] ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display the information of the current IP RTP priority queue, including the queue length and the number of dropped packets on an interface/PVC or all interfaces/PVCs. 8. Command 8:
display dns host [ ip | ipv6 | naptr | srv ] [ | { begin | exclude | include }
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 47
Item Description regular-expression View: Any view Description: Display the dynamic DNS cache information. 9. Command 9:
display nqa reaction counters [ admin-name operation-tag [ item-number ] ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display the current monitoring results of reaction entries. 10. Command 10:
display dhcp-snooping binding database [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display the DHCP snooping entry file information. 11. Command 11:
display igmp-snooping host vlan vlan-id group group-address [ source source-address ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display information about the hosts tracked by IGMP snooping. 12. Command 12:
display igmp host port-info vlan vlan-id group group-address [ source source-address ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Information about the hosts tracked by IGMP on the Layer 2 ports. 13. Command 13:
display mld-snooping host vlan vlan-id group ipv6-group-address [ source ipv6-source-address ] [ | { begin | exclude | include } regular-expression View: Any view Description: Display information about the hosts tracked by MLD snooping. 14. Command 14:
display mld host port-info vlan vlan-id group ipv6-group-address [ source ipv6-source-address ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display information about the hosts tracked by MLD on the Layer 2 ports. 15. Command 15:
display interface [ interface-type ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ]
display interface interface-type { interface-number | interface-number.subnumber } [ brief ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display Ethernet interface information. 16. Command 16:
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 48
Item Description display dhbk status [ | { begin | exclude | include } regular-expression ]
View: Any view
Description: Display the stateful failover status information. 17. Command 17:
display forwarding policy [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display the current flow classification policy. 18. Command 18:
display password-control [ super ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display password control configuration information. 19. Command 19:
display password-control blacklist [ user-name name | ip ipv4-address | ipv6 ipv6-address ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display information about users blacklisted due to authentication failure. 20. Command 20:
display current-configuration exclude modules [ by-linenum ] [ | { begin | exclude | include } regular-expression ] ] View: Any view Description: Displays all lines of current configuration that do not match the specified regular expression. 21. Command 21:
reset wlan ap provision { all | name ap-name } View: Any view Description: Remove the wlan_ap_cfg.wcfg file of the specified AP or all APs. 22. Command 22:
save wlan ap provision { all | name ap-name } View: Any view Description: Save the configuration in AP configuration view to the wlan_ap_cfg.wcfg file of the specified AP or all APs. 23. Command 23:
reset password-control blacklist [ user-name name ] View: User view Description: Remove all or one user from the blacklist. 24. Command 24:
reset password-control history-record [ user-name name | super [ level level ] ] View: User view
Description: Delete history password records.
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 49
Item Description 25. Command 25:
license register feature-name serial-number View: User view Description: register the license of a feature. 26. Command 26:
reset mac-forwarding statistics View: User view Description: Clear all Layer 2 forwarding statistics. 27. Command 27:
reset mac-fast-forwarding cache { all | { destination-mac mac-address | source-mac mac-address | vlan vlan-id }* } View: User view
Description: Clear fast Layer 2 forwarding entries. 28. Command 28:
info-center format unicom
undo info-center format View: System view
Description: Set the format of the system information sent to a log host to UNICOM. Restore the default, by default, the format of the system information sent to a log host is H3C. 29. Command 29:
dhbk enable backup-type { dissymmetric-path | symmetric-path }
undo dhbk enable
View: System view
Description: Enable stateful failover in a specified mode. Restore the default, by default, stateful failover is disabled. 30. Command 30:
dhbk vlan vlan-id
undo dhbk vlan
View: System view
Description: Specify a VLAN as a backup VLAN. Restore the default, by default, no backup VLAN is configured on the device. 31. Command 31:
mac-fast-forwarding
undo mac-fast-forwarding View: System view
Description: Enable fast Layer 2 forwarding. Disable fast Layer 2 forwarding. By default, fast Layer 2 forwarding is enabled. 32. Command 32:
shutdown-interval time
undo shutdown-interval View: System view
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 50
Item Description Description: Set a detection interval. Restore the default, by default, the detection interval is 30 seconds. 33. Command 33:
tcp syn-cookie enable
undo tcp syn-cookie enable View: System view
Description: Enable the SYN Cookie feature to protect the device against SYN Flood attacks. Disable the SYN Cookie feature. By default, the SYN Cookie feature is enabled. 34. Command 34:
vrrp ipv6 method { real-mac | virtual-mac }
undo vrrp ipv6 method
View: System view
Description: Specify the type of the MAC addresses mapped to the virtual IPv6 addresses of. Restore the default. By default, the virtual MAC addresses are mapped to the virtual IP addresses of the VRRP. 35. Command 35:
dns spoofing ip-address
undo dns spoofing View: System view
Description: Enable DNS spoofing and specify IP address used to spoof name query requests. Disable DNS spoofing. By default, DNS spoofing is disabled. 36. Command 36:
dot1x domain-delimiter string
undo dot1x domain-delimiter View: System view
Description: Specify a set of domain name delimiters supported by the access device. Restore the default. By default, the access device supports only the at sign (@) delimiter for 802.1X users. 37. Command 37:
port-security timer autolearn aging time-value
undo port-security timer autolearn aging View: System view
Description: Set the sticky MAC aging timer. Restore the default. By default, sticky MAC addresses never age out. 38. Command 38:
dhcp-snooping binding database update now View: System view
Description: Store DHCP snooping entries to the file. 39. Command 39:
dhcp-snooping binding database update interval minutes
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 51
Item Description undo dhcp-snooping binding database update interval View: System view
Description: Set the interval at which the DHCP snooping entry file is refreshed. Restore the default. By default, the DHCP snooping entry file is not refreshed periodically. 40. Command 40:
dhcp-snooping binding database update interval minutes
undo dhcp-snooping binding database update interval View: System view
Description: Specify the name of the file for storing DHCP snooping entries. Restore the default. By default, no file name is specified. 41. Command 41:
wlan ap-provision ac { host-name host-name | ip ip-address | ipv6 ipv6-address }
undo wlan ap-provision ac { host-name | ip { ip-address | all } | ipv6 { ipv6-address | all } } View: System view
Description: Specify a global AC so that all APs can discover the AC. Restore the default. By default, no global AC is specified. 42. Command 42:
portal server server-name server-detect method { http | portal-heartbeat } * action { log | permit-all | trap } * [ interval interval ] [ retry retries ]
undo portal server server-name server-detect View: System view
Description: Configure portal server detection, including the detection method, action, probe interval, and maximum number of probe attempts. cancel the detection of the specified portal server. By default, the portal server detection function is not configured. 43. Command 43:
portal server server-name user-sync [ interval interval ] [ retry retries ]
undo portal server server-name user-sync
View: System view
Description: Configure portal user information synchronization with a specified portal server. cancel the portal user information synchronization configuration with the. By default, the portal user synchronization function is not configured. 44. Command 44:
portal redirect-url url-string [ wait-time period ]
undo portal redirect-url View: System view
Description: Specify the auto redirection URL for authenticated portal users. Restore the default. By default, a user authenticated is redirected to the URL the user typed in the address bar before portal authentication.
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 52
Item Description 45. Command 45:
ipv6 unreachables enable
undo ipv6 unreachables
ipv6 dhcp pool pool-number
undo ipv6 dhcp pool pool-number
ipv6 dhcp prefix-pool prefix-pool-number prefix prefix/prefix-len assign-len assign-len
undo ipv6 dhcp prefix-pool prefix-pool-number
ipv6 dhcp server enable
undo ipv6 dhcp server enable
ipv6 dhcp snooping enable
undo ipv6 dhcp snooping enable
Description: See Layer 3 Command Reference of H3C WX Series Access Controllers Command Reference. 46. Command 46:
qos pql pql-index protocol ip [ queue-key key-value ] queue { bottom | middle | normal | top }
undo qos pql pql-index protocol ip [ queue-key key-value ] View: System view Description: Specify a queue for the IP packets that match a certain match criterion. Delete the match criterion. By default, no match criterion is configured. 47. Command 47:
qos cql cql-index protocol ip [ queue-key key-value ] queue queue-number
undo qos cql cql-index protocol ip [ queue-key key-value ] View: System view
Description: Assign a custom queue for IP packets that match a certain criterion. Delete the match criterion. By default, no match criterion is configured. 48. Command 48:
password-control history max-record-num
undo password-control history
password-control alert-before-expire alert-time
undo password-control alert-before-expire
password-control composition type-number type-number [ type-length type-length ]
undo password-control composition
password-control authentication-timeout authentication-timeout
undo password-control authentication-timeout
password-control login-attempt login-times [ exceed { lock | lock-time time | unlock } ]
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 53
Item Description undo password-control login-attempt
password-control aging aging-time
undo password-control aging
password-control length length
undo password-control length
password-control history max-record-num
undo password-control history
password-control enable
undo password-control enable
password-control password update interval interval
undo password-control password update interval
password-control login idle-time idle-time
undo password-control login idle-time
password-control expired-user-login delay delay times times
undo password-control expired-user-login
password-control complexity { same-character | user-name } check
undo password-control complexity { same-character | user-name } check
Description: See Security Command Reference of H3C WX Series Access Controllers Command Reference. 49. Command 49:
password-control aging aging-time
undo password-control aging
password-control length length
undo password-control length
password-control composition type-number type-number [ type-length type-length ]
undo password-control composition
group-attribute allow-guest
undo group-attribute allow-guest View: User group view
Description: Use the password-control command to set the password aging time, the minimum password length and the password composition policy. Use the command to set the guest attribute for a user group. 50. Command 50:
state secondary { accounting | authentication } [ ip ipv4-address | ipv6 ipv6-address ] { active | block } View: User group view Description: Use the state secondary command to set the status of a secondary RADIUS server. 51. Command 51:
user-credentials { ldap-scheme ldap-scheme-name [ local ] | local }
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 54
Item Description undo user-credentials View: EAP profile view
Description: Use the user-credentials command to specify the database to be used for user credential verification in local EAP authentication. 52. Command 52:
client-verify weaken
undo client-verify weaken View: SSL server policy view
Description: Use the client-verify weaken command to enable SSL client weak authentication. 53. Command 53:
host-tracking
undo host-tracking View: MLD-snooping / IGMP-Snooping view Description: Use the host-tracking command to enable the MLD snooping or IGMP snooping host tracking function globally. 54. Command 54:
dot11a calibrate-power threshold value
undo dot11a calibrate-power threshold
dot11a calibrate-power min tx-power
undo dot11a calibrate-power min
dot11bg calibrate-power threshold value
undo dot11bg calibrate-power threshold
dot11bg calibrate-power min tx-power
undo dot11bg calibrate-power min View: RRM view
Description: Use the calibrate-power threshold command to configure the power adjustment threshold for radios. Use the calibrate-power min command to configure the minimum radio transmission power. 55. Command 55:
dot11a calibrate-channel pronto ap { all | name apname radio radio-num }
dot11a calibrate-power pronto ap { all | name apname radio radio-num }
dot11bg calibrate-channel pronto ap { all | name apname radio radio-num }
dot11bg calibrate-power pronto ap { all | name apname radio radio-num } View: RRM view Description: Use the command to configure one-time DFS or TPC for AP. 56. Command 56:
undo preamble View: Radio view Description: Use the undo preamble command to specify the preamble type to be the default value. 57. Command 57:
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 55
Item Description provision
undo provision View: AP template view Description: Use the provision command to create and enter AP configuration view. 58. Command 58:
ac { host-name host-name | ip ip-address | ipv6 ipv6-address }
undo ac { host-name | ip { ip-address | all } | ipv6 { ipv6-address | all } }
dns domain domain-name
undo dns domain
gateway { ip ip- address | ipv6 ipv6-address }
undo gateway { ip | ipv6 | all }
ip address ip-address { mask | mask-length }
undo ip address
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }
undo ipv6 address
vlan pvid vlan-id
undo vlan pvid
vlan tagged vlan-id-list
undo vlan tagged vlan-id-list
vlan untagged vlan-id-list
undo vlan untagged vlan-id-list View: AP configuration view
Description: See WLAN Command Reference of H3C WX Series Access Controllers Command Reference. 59. Command 59:
default View: Interface view Description: Use the default command to restore the default settings for the interface. 60. Command 60:
mtu size
undo mtu View: Vlan interface view Description: Use the mtu command to set the MTU for a VLAN interface. Use the undo mtu command to restore the default. By default, the MTU of a VLAN interface is 1500 bytes.
Related commands: display interface vlan-interface. 61. Command 61:
portal nas-port-type { ethernet | wireless }
undo portal nas-port-type
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 56
Item Description View: Vlan Interface view Description: Use the portal nas-port-type command to specify the access port type (indicated by the NAS-Port-Type value) on the current interface. The specified NAS-Port-Type value will be carried in the RADIUS requests sent from the device to the RADIUS server. Use the undo portal nas-port-type command to restore the default.
By default, the access port type of an interface is not specified, and the NAS-Port-Type value carried in RADIUS requests is the user access port type obtained by the access device. 62. Command 62: access-user detect type arp retransmit number interval interval
undo access-user detect View: Vlan Interface view Description: Use the access-user detect command to configure the online portal user detection function.Use the undo access-user detect command to restore the default. By default, the portal user detection function is not configured on an interface. With this function configured on an interface, the device periodically sends ARP requests to portal users on the interface to check whether the portal users are still online.
This function is available only for the direct and re-DHCP portal authentication configured on a Layer 3 interface. 63. Command 63:
ipv6 dhcp relay server-address ipv6-address [ interface interface-type interface-number ]
undo ipv6 dhcp relay server-address ipv6-address [ interface interface-type interface-number ]
ipv6 dhcp server apply pool pool-number [ allow-hint | preference preference-value | rapid-commit ]
undo ipv6 dhcp server apply pool
ipv6 nd ra no-advlinkmtu
undo ipv6 nd ra no-advlinkmtu View: Vlan interface view
Description: See Layer 3 Command Reference of H3C WX Series Access Controllers Command Reference. 64. Command 64:
dhcp relay client-detect enable
dhcp relay check mac-address
dhcp server client-detect enable
undo dhcp relay address-check enable
undo dhcp relay client-detect enable
undo dhcp relay check mac-address
undo dhcp server client-detect enable
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 57
Item Description View: Vlan interface view
Description: See Layer 3 Command Reference of H3C WX Series Access Controllers Command Reference. 65. Command 65:
dhcp-snooping trust [ no-user-binding ]
undo dhcp-snooping trust
dhcp-snooping check mac-address
undo dhcp-snooping check mac-address
dhcp-snooping check request-message
undo dhcp-snooping check request-message View:Wlan-ess interface view Description: See Layer 3 Command Reference of H3C WX Series Access Controllrs Command Reference. 66. Command 66: ipv6 neighbors max-learning-num number
undo ipv6 neighbors max-learning-num View:Wlan-ess interface view Description: Use the ipv6 neighbors max-learning-num command to configure the maximum number of neighbors that can be dynamically learned on the interface.
Use the undo ipv6 neighbors max-learning-num command to restore the default. 67. Command 67:
dot1x handshake secure
undo dot1x handshake secure View:Wlan-ess interface view Description: Use the dot1x handshake secure command to enable the online user handshake security function. The function enables the device to prevent users from using illegal client software. Use the undo dot1x handshake secure command to disable the function. 68. Command 68:
igmp-snooping router-port-deny [ vlan vlan-list ]
undo igmp-snooping router-port-deny [ vlan vlan-list ]
mld-snooping router-port-deny [ vlan vlan-list ]
undo mld-snooping router-port-deny [ vlan vlan-list ]
shutdown
undo shutdown View: Port-group view
Description: See IP Multicast Command Reference of H3C WX Series Access Controllers Command Reference. 69. Command 69: undo protocol inbound
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 58
Item Description View: VTY interface view Description: Restore the default. 70. Command 70:
qos fifo queue-length queue-length
undo qos fifo queue-length
View: Interface view, PVC view
Description: Use the qos fifo queue-length command to set the FIFO queue length. Use the undo qos fifo queue-length command to restore the default. 71. Command 71:
qos rtpq start-port first-rtp-port-number end-port last-rtp-port-number bandwidth bandwidth [ cbs burst ]
undo qos rtpq
View: Interface view, PVC view
Description: Use the qos rtpq command to enable RTP queuing for RTP packets with even UDP destination port numbers in the specified range on the interface/PVC.
Use the undo qos rtpq command to disable RTP queuing on the interface/PVC.
By default, RTP queuing is disabled on an interface/PVC.
This command provides preferential services for delay-sensitive applications, such as real-time voice transmission.
Set the bandwidth argument to a value greater than the total bandwidth that the real-time application requires to allow bursty traffic. 72. Command 72:
dhcp-snooping check mac-address
undo dhcp-snooping check mac-address
View: Layer 2 Ethernet interface view, Layer 2 aggregate interface view, WLAN-BSS interface view, WLAN-ESS interface view
Description: Use the dhcp-snooping check mac-address command to enable MAC address check on a DHCP snooping device.
Use the undo dhcp-snooping check mac-address command to disable MAC address check of DHCP snooping.
By default, this function is disabled.
With this function enabled, the DHCP snooping device compares the chaddr field of a received DHCP request with the source MAC address field in the frame. If they are the same, the DHCP snooping device decides this request valid and forwards it to the DHCP server. If not, the DHCP request is discarded. 73. Command 73:
dhcp-snooping check request-message
undo dhcp-snooping check request-message
View: Layer 2 Ethernet interface view, Layer 2 aggregate interface view, WLAN-BSS interface view, WLAN-ESS interface view
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 59
Item Description Description: Use the dhcp-snooping check request-message command to enable DHCP-REQUEST message check of DHCP snooping.
Use the undo dhcp-snooping check request-message command to disable DHCP-REQUEST message check of the DHCP snooping.
By default, this function is disabled.
With this function enabled, upon receiving a DHCP-REQUEST message, a DHCP snooping device searches local DHCP snooping entries for the corresponding entry of the message. If an entry is found, the DHCP snooping device compares the entry with the message information. If they are consistent, the DHCP-REQUEST message is considered as valid lease renewal request and forwarded to the DHCP server. If they are not consistent, the messages is considered as forged lease renewal request and discarded. If no corresponding entry is found locally, the message is considered valid and forwarded to the DHCP server 74. Command 74:
ipv6 dhcp snooping trust
undo ipv6 dhcp snooping trust
View: Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Description: Use the ipv6 dhcp snooping trust command to configure a DHCPv6 trusted port.
Use the undo ipv6 dhcp snooping trust command to restore the default.
By default, all interfaces of a device with DHCPv6 snooping enabled globally are untrusted ports.
After DHCPv6 snooping is enabled, to ensure that DHCPv6 clients can obtain IPv6 addresses from an authorized DHCPv6 server, you need to configure the port that connects to the authorized DHCPv6 server as a trusted port. 75. Command 75:
ipv6 dhcp snooping max-learning-num number
undo ipv6 dhcp snooping max-learning-num
View: Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Description: Use the ipv6 dhcp snooping max-learning-num command to configure the maximum number of DHCPv6 snooping entries an interface can learn.
Use the undo ipv6 dhcp snooping max-learning-num command to restore the default.
By default, the number of DHCPv6 snooping entries learned by an interface is not limited. 76. Command 76:
ipv6 neighbors max-learning-num number
undo ipv6 neighbors max-learning-num
View: interface view
Description: Use the ipv6 neighbors max-learning-num command to configure the maximum number of neighbors that can be dynamically
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 60
Item Description learned on the interface.
Use the undo ipv6 neighbors max-learning-num command to restore the default.
By default, a Layer 2 interface does not limit the number of neighbors dynamically learned. The maximum number of neighbors that a Layer 3 interface can learn depends on the device model. 77. Command 77:
dot1x unicast-trigger
undo dot1x unicast-trigger
View: Ethernet interface view
Description: Use the dot1x unicast-trigger command to enable the 802.1X unicast trigger function.
Use the undo dot1x unicast-trigger command to disable the function.
By default, the unicast trigger function is disabled.
The unicast trigger function enables the network access device to initiate 802.1X authentication when it receives a data frame from an unknown source MAC address. The device sends a unicast Identity EAP/Request packet to the unknown source MAC address, and retransmits the packet if it has received no response within a period of time (set with the dot1x timer tx-period command). This process continues until the maximum number of request attempts (set with the dot1x retry command) is reached.
Related commands: Display dot1x, dot1x timer tx-period, and dot1x retry. 78. Command 78:
dot1x handshake secure
undo dot1x handshake secure
View: Ethernet interface view
Description: Use the dot1x handshake secure command to enable the online user handshake security function. The function enables the device to prevent users from using illegal client software.
Use the undo dot1x handshake secure command to disable the function.
By default, the function is disabled.
The online user handshake security function is implemented based on the online user handshake function. To bring the security function into effect, make sure the online user handshake function is enabled.
H3C recommends you use the iNode client software and iMC server to ensure the normal operation of the online user handshake security function.
Related commands: dot1x handshake. 79. Command 79:
igmp-snooping router-port-deny [ vlan vlan-list ]
undo igmp-snooping router-port-deny [ vlan vlan-list ]
View: Layer 2 Ethernet interface view, Layer 2 aggregate interface view, port group view
Description: Use the igmp-snooping router-port-deny command to disable a
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 61
Item Description port or a group of ports from changing into dynamic router ports.
Use the undo igmp-snooping router-port-deny command to restore the default.
By default, a port can change into a dynamic router port.
For a switch that supports both IGMP snooping and IGMP, this command works on both IGMP snooping–enabled VLANs and VLANs with IGMP enabled on their VLAN interfaces.
If you do not specify any VLAN when using this command in Layer 2 Ethernet interface view or Layer 2 aggregate interface view, the command takes effect for all VLANs the interface belongs to. If you specify one or more VLANs, the command takes effect for the specified VLAN or VLANs that the interface belongs to.
If you do not specify any VLAN when using this command in port group view, the command takes effect on all the ports in this group. If you specify one or more VLANs, the command takes effect only on those ports in this group that belong to the specified VLAN or VLANs. 80. Command 80:
mld-snooping router-port-deny [ vlan vlan-list ]
undo mld-snooping router-port-deny [ vlan vlan-list ]
View: Layer 2 Ethernet interface view, Layer 2 aggregate interface view, port group view
Description: Use the mld-snooping router-port-deny command to disable a port or a group of ports from changing into dynamic router ports.
Use the undo mld-snooping router-port-deny command to restore the default.
By default, a port can change into a dynamic router port.
For a switch that supports both MLD snooping and MLD, this command works on both MLD snooping–enabled VLANs and VLANs with MLD enabled on their VLAN interfaces.
If you do not specify any VLAN when using this command in Layer 2 Ethernet interface view or Layer 2 aggregate interface view, the command will take effect for all VLANs the interface belongs to. If you specify a VLAN or multiple VLANs, the command will take effect for the specified VLAN or VLANs that the interface belongs to.
If you do not specify any VLAN when using this command in port group view, the command will take effect on all the ports in this group. If you specify a VLAN or multiple VLANs, the command will take effect only on those ports in this group that belong to the specified VLAN or VLANs. 81. Command 81:
port-security mac-address security [ sticky ] mac-address vlan vlan-id
undo port-security mac-address security [ sticky ] mac-address vlan vlan-id
View: Layer 2 Ethernet interface view
Description: Use the undo port-security mac-address security command to remove a secure MAC address in system view. 82. Command 82:
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 62
Item Description igmp-snooping host-tracking
undo igmp-snooping host-tracking
mld-snooping host-tracking
undo mld-snooping host-tracking
ipv6 dhcp snooping vlan enable
undo ipv6 dhcp snooping vlan enable View: VLAN
Description: See Layer 3 Command Reference and IP Multicast Command Reference of H3C WX Series Access Controllers Command Reference. 83. Command 83: if-match [ not ] local-precedence local-precedence-list undo if-match [ not ] local-precedence local-precedence-list
View: QoS
Description: Matches local precedence. The local-precedence-list argument is a list of up to eight local precedence values. A local precedence ranges from 0 to 7. 84. Command 84: reaction item-number checked-element icpif threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ] reaction item-number checked-element mos threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ] reaction item-number checked-element packet-loss threshold-type accumulate accumulate-occurrences [ action-type { none | trap-only } ] reaction item-number checked-element { owd-ds | owd-sd } threshold-value upper-threshold lower-threshold reaction item-number checked-element { jitter-ds | jitter-sd } threshold-type { accumulate accumulate-occurrences | average } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ] reaction item-number checked-element rtt threshold-type { accumulate accumulate-occurrences | average } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ] reaction item-number checked-element probe-duration threshold-type { accumulate accumulate-occurrences | average | consecutive consecutive-occurrences } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]
mode { active | passive } undo mode View: UDP jitter, voice test type view
Description: See Network Management and Monitoring Command Reference of H3C WX Series Access Controller Command Reference. 85. Command 85: vendor-class-identifier hex-string&<1-255> ip range min-address max-address undo vendor-class-identifier hex-string&<1-255> View: DHCP
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 63
Item Description Description: Use the vendor-class-identifier command to specify an IP address range for the DHCP clients of a specified vendor. Use the undo vendor-class-identifier command to restore the default. 86. Command 86: dns-server ipv6-address undo dns-server ipv6-address dns-server ipv6-address undo dns-server ipv6-address prefix-pool prefix-pool-number [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ]
undo prefix-pool sip-server { address ipv6-address | domain-name domain-name } undo sip-server { address ipv6-address | domain-name domain-name } static-bind prefix prefix/prefix-len duid duid [ iaid iaid ] [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo static-bind prefix prefix/prefix-len ds-lite address ipv6-address
undo ds-lite address View: DHCPv6 address pool
Description: See Layer 3 Command Reference of H3C WX Series Access Controllers Command Reference. 87. Command 87: password-control aging aging-time
undo password-control aging password-control composition type-number type-number [ type-length type-length ]
undo password-control composition password-control length length
undo password-control length validity-date time
undo validity-date reset wlan ap provision { all | name ap-name } crypto-digest sha256 file filename View: Local user
Description: See Security Command Reference, WLAN Command Reference and Fundamentals Command Reference of H3C WX Series Access Controllers Command Reference. 88. Command 88: wlan ap-provision dns domain domain-name
undo wlan ap-provision dns domain View: System view
Description: Use the wlan ap-provision dns domain command to specify a domain name suffix for the global DNS server of the AP.
Use the undo wlan ap-provision dns domain command to remove the
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 64
Item Description configuration.
By default, no domain name suffix is specified for the global DNS server of the AP.
You can specify at most one domain name suffix for the global DNS server.
The wlan ap-provision dns domain command takes effect on all APs, and the dns domain command in AP configuration view takes effect on the specified AP. If you configure both commands, the configuration in AP configuration view applies to the specified AP.
Related commands: dns domain. 89. Command 89:
wlan ap-provision dns server { ip ip-address | ipv6 ipv6-address } undo wlan ap-provision dns server { ip | ipv6 }
View: System view
Description: Use the wlan ap-provision dns server command to specify a global DNS server for the AP.
Use the undo wlan ap-provision dns server command to remove the configuration.
By default, no global DNS server is specified for the AP.
You can specify at most one global IPv4 DNS server and one global IPv6 DNS server.
The wlan ap-provision dns server command takes effect on all APs, and the dns server command in AP configuration view takes effect on the specified AP. If you configure both commands, the configuration in AP configuration view applies to the specified AP.
Related commands: dns server. 90. Command 90:
undo dns domain
View: AP configuration view
Description: Use the undo dns domain command to remove the configuration.
By default, no domain name suffix is specified for the DNS server of the AP. 91. Command 91:
hybrid-remote-ap enable
undo hybrid-remote-ap enable View: AP template view
Description: Use the hybrid-remote-ap enable command to enable the AP to work in hybrid mode. When the connection between an AP in hybrid mode and the AC is terminated, the AP automatically enables local forwarding mode (disregarding whether local forwarding is configured on the AC) to forward packets for associated clients, but it does not accept new association requests from clients. When the AP re-establishes a CAPWAP connection with the AC, the AP automatically switches back to centralized forwarding mode, and logs out all clients associated with it.
Use the hybrid-remote-ap enable command to restore the default.
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 65
Item Description By default, hybrid mode is disabled. 92. Command 92:
undo dns server ipv6 View: AP configuration view
Description: Use the undo dns server command to remove the DNS server for the AP.
By default, no DNS server is specified for the AP. 93. Command 93: display wlan country-code ap { all | name ap-name } [ | { begin | exclude | include } regular-expression ]
View: Any view
Description: name ap-name: Specifies the name of the AP, a case insensitive string of 1 to 32 characters that can contain letters, digits, and underlines, square brackets, slashes, and hyphens, but not spaces.
all: Displays the country code information of all APs.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see the FundamentalsCommand Reference..
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters. 94. Command 94:
country-code code
undo country-code
View: AP template view
Description: Use the country-code command to specify the country code of the AP.
Use the undo country-code command to remove the configuration.
By default, no country code is configured for the AP, and the AP uses the global country code.
An AP configured with a country code uses its own country code.
Related commands: wlan country-code, display wlan country-code. 95. Command 95:
trap-send times interval
undo trap-send times View: System view Description: Use the trap-send times interval set the trap send collection interval.
Use the undo trap-send times command to restore the default.
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 66
Item Description 96. Command 96: tcp mss val
undo tcp mss View: Interface view Description: Use the tcp mss command to configure the TCP MSS
Use the undo tcp mss command to restore the default 97. Command97:
undo fips mode enable
fips mode enable
display fips status crypto-diges sha256 file filename
Description: See Security Command Reference of H3C WX Series Access Controllers Command Reference. 98. Command 98:
display mirroring-group all
View: Any view
Description: displays all mirroring groups. 99. Command 2:
undo mirroring-group all
View: System view
Description: remove all mirroring groups. 100. Command 3:
transceiver phony-alarm-disable
undo transceiver phony-alarm-disable
View: System view
Description: disable alarm of the phony modules. 101. Command 4:
link-aggregation port-priority port-priority
undo link-aggregation port-priority
View: Ethernet interface view
Description: Use the command to set the aggregation priority of a port. 102. Command 5:
qos fifo queue-length queue-length
undo qos fifo queue-length
qos rtpq start-port first-rtp-port-number end-port last-rtp-port-number bandwidth bandwidth [ cbs burst ]
undo qos rtpq
View: Ethernet interface view
Description: Use the qos fifo queue-length command to set the FIFO queue length. Use the qos rtpq command to enable RTP queuing for RTP packets with even UDP destination port numbers in the specified range on the
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 67
Item Description interface. 103. Command 6:
dhcp-snooping check mac-address
undo dhcp-snooping check mac-address
dhcp-snooping check request-message
undo dhcp-snooping check request-message
View: Ethernet interface or Layer2 aggregate interface view
Description: Use the command to enable MAC address check or DHCP-REQUEST message check on a DHCP snooping device. 104. Command 7:
ipv6 dhcp snooping trust
undo ipv6 dhcp snooping trust
ipv6 dhcp snooping max-learning-num number
undo ipv6 dhcp snooping max-learning-num
View: Ethernet interface or Layer2 aggregate interface view
Description: Use the ipv6 dhcp snooping trust command to configure a DHCPv6 trusted port. Use the ipv6 dhcp snooping max-learning-num command to configure the maximum number of DHCPv6 snooping entries an interface can learn. 105. Command 8:
ipv6 neighbors max-learning-num number
undo ipv6 neighbors max-learning-num
View: Ethernet interface or Layer2 aggregate interface view
Description: Use the command to configure the maximum number of neighbors that can be dynamically learned on the interface. 106. Command 9:
dot1x handshake secure
undo dot1x handshake secure
dot1x unicast-trigger
undo dot1x unicast-trigger
View: Ethernet interface view
Description: Use the dot1x handshake secure command to enable the online user handshake security function. Use the dot1x unicast-trigger command to enable the 802.1X unicast trigger function. 107. Command 10:
igmp-snooping router-port-deny [ vlan vlan-list ]
undo igmp-snooping router-port-deny [ vlan vlan-list ]
mld-snooping router-port-deny [ vlan vlan-list ]
undo mld-snooping router-port-deny [ vlan vlan-list ]
View: Ethernet interface or Layer2 aggregate interface view
Description: Use the command to disable a port or a group of ports from
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 68
Item Description changing into dynamic router ports. 108. Command 11:
ipv6 address ipv6-address/prefix-length anycast
undo ipv6 address ipv6-address/prefix-length anycast
View: VLAN interface or management interface view
Description: Use the command to configure an IPv6 anycast address for an interface.
Removed commands
1. Command 1:
display pppoe-server session packet
Module of the command: PPPoE
Description: Specification modified. 2. Command 2:
display ipv6 fibcache Module of the command: IPv6
Description: Specification modified. 3. Command 3: display dldp [ interface-type interface-number ]
Module of the command: DLDP
Description: Specification modified. 4. Command 4: display dldp statistics [ interface-type interface-number ]
Module of the command: DLDP
Description: Specification modified. 5. Command 5: display dns [ ipv6 ] dynamic-host Module of the command: DNS Description: Specification modified. 6. Command 6: display anti-attack { protocol protocol | all } Module of the command: Security Description: Specification modified. 7. Command 7:
reset anti-attack statistics Module of the command: Security
Description: Specification modified. 8. Command 8:
snmp-agent trap enable ip address
snmp-agent trap enable dhcp server
undo snmp-agent trap enable ip address
undo snmp-agent trap enable dhcp server Module of the command: SNMP
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 69
Item Description Description: Specification modified. 9. Command 9:
dldp enable
undo dldp enable dldp interval time
undo dldp interval dldp delaydown-timer time
undo dldp delaydown-timer
dldp reset
Module of the command: DLDP
Description: Specification modified. 10. Command 10:
portal trap server-down
undo portal trap server-down Module of the command: Portal
Description: Specification modified. 11. Command 11:
anti-attack [ protocol protocol-name | all } ] enable
undo anti-attack [ protocol protocol-name | all } ] enable
anti-attack protocol protocol-name threshold max maxrate min minrate undo anti-attack protocol protocol-name threshold Module of the command: Security
Description: Specification modified. 12. Command 12:
ipv6 fibcache
undo ipv6 fibcache Module of the command: IPv6
Description: Specification modified. 13. Command 13:
wlan specific-mode mode-number enable
undo wlan specific-mode mode-number enable Module of the command: WLAN
Description: Specification modified. 14. Command 14:
dldp reset
dldp enable
undo dldp enable
Module of the command: DLDP
Description: Specification modified. 15. Command 15:
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 70
Item Description accounting
undo accounting
redirect cpu
undo redirect cpu Module of the command: QoS
Description: Specification modified.
Modified commands
1. Command 1:
Original command: display ipv6 fib ipv6-address
Modified command: display ipv6 fib ipv6-address [ prefix-length ] [ | { begin | exclude | include } regular-expression ]
Module of the command: IPv6
Description: add parameter prefix-length, with filter function by specifying a regular expression. 2. Command 2: Original command:
display license Modified command: display license feature-name [ | { begin | exclude | include } regular-expression ] Module of the command: License Management
Description: Add parameter feature-name to specify the feature, with filter function by specifying a regular expression. 3. Command 3: Original command: display acl name acl-name Modified command: display acl name acl-name [ | { begin | exclude | include } regular-expression ] Module of the command: ACL
Description: The string length of parameter acl-name is modified from 1 to 32 to 1 to 63, with filter function by specifying a regular expression. 4. Command 4: Original command: display acl ipv6 name acl-name Modified command: display acl ipv6 name acl-name [ | { begin | exclude | include } regular-expression ] Module of the command: ACL
Description: The string length of parameter acl-name is modified from 1 to 32 to 1 to 63, with filter function by specifying a regular expression. 5. Command 5:
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 71
Item Description Original command: display ip socket [ socktype sock-type ] [ task-id socket-id ] Modified command: display ip socket [ socktype sock-type ] [ task-id socket-id ] [ | { begin | exclude | include } regular-expression ] Module of the command: IP Services
Description: The range of parameter task-id is modified from 1 to 150 to 1 to 180, with filter function by specifying a regular expression. 6. Command 6: Original command: display ip interface brief [ interface-type [ interface-number ] ] Modified command: display ip interface [ interface-type [ interface-number ] ] brief [ | { begin | exclude | include } regular-expression ] Module of the command: IP Services
Description: The key word of brief is moved behind the parameters of interface, with filter function by specifying a regular expression. 7. Command 7: Original command: display local-user [ idle-cut { disable | enable } | service-type { dvpn | ftp | lan-access | pad | portal | ppp | ssh | telnet | terminal } | state { active | block } | user-name user-name | vlan vlan-id ] Modified command: display local-user [ idle-cut { disable | enable } | service-type { dvpn | ftp | lan-access | pad | portal | ppp | ssh | telnet | terminal | web } | state { active | block } | user-name user-name | vlan vlan-id ] [ | { begin | exclude | include } regular-expression ] Module of the command: AAA
Description: Add service-type of ‘web’, with filter function by specifying a regular expression. 8. Command 8: Original command: display wlan client [ ap ap-name [ radio radio-number ] | mac-address mac-address | service-template service-template-number ] [ verbose ] Modified command: display wlan client [ ap ap-name [ radio radio-number ] | mac-address mac-address | service-template service-template-number ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Module of the command: WLAN Service
Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32, with filter function by specifying a regular expression. 9. Command 9: Original command: display wlan statistics radio [ap-name] Modified command:
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 72
Item Description display wlan statistics radio [ap-name] [ | { begin | exclude | include } regular-expression ] Module of the command: WLAN Service
Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32, with filter function by specifying a regular expression. 10. Command 10: Original command: display wlan ap { all | name ap-name } display wlan ap reboot-log name ap-name [ | { begin | exclude | include } regular-expression ]
display wlan ap { all | name ap-name } rrm-history
display wlan ap { all | name ap-name } rrm-status Modified command: display wlan ap { all | name ap-name } [ verbose ] [ | { begin | exclude | include } regular-expression ] display wlan ap reboot-log name ap-name [ | { begin | exclude | include } regular-expression ] display wlan ap { all | name ap-name } rrm-history [ | { begin | exclude | include } regular-expression ] display wlan ap { all | name ap-name } rrm-status [ | { begin | exclude | include } regular-expression Module of the command: WLAN-RRM
Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32, with filter function by specifying a regular expression. 11. Command 11: Original command: display wlan wmm { radio { all | ap ap-name } | client { all | ap ap-name | mac-address mac-address } } Modified command: display wlan wmm { radio { all | ap ap-name } | client { all | ap ap-name | mac-address mac-address } } [ | { begin | exclude | include } regular-expression ] Module of the command: WLAN QoS Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32, with filter function by specifying a regular expression. 12. Command 12: Original command: display interface brief [ interface-type [interface-number]] [ | { begin | exclude | include } regular-expression ] Modified command: display interface [ interface-type [interface-number]] brief [ | { begin | exclude | include } regular-expression ] Module of the command: Interface Management
Description: The key word of brief is moved behind the parameters of interface.
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 73
Item Description 13. Command 13:
Original command: display ipc performance { node node-id | self-node } [ channel channel-id ] ipc performance enable { node node-id | self-node } [ channel channel-id ] undo ipc performance enable [ node node-id | self-node ] [ channel channel-id ] reset ipc performance [ node node-id | self-node ] [ channel channel-id ]
Modified command: display ipc performance { node node-id | self-node } [ channel channel-id ] [ | { begin | exclude | include } regular-expression ] ipc performance enable { node node-id | self-node } [ channel channel-id ] undo ipc performance enable [ node node-id | self-node ] [ channel channel-id ] reset ipc performance [ node node-id | self-node ] [ channel channel-id ]
Module of the command: Network Management and Monitoring
Description: The range of parameter node-id is modified from 0 to 179 to 0 to 255. 14. Command 14: Original command: save [ safely ] Modified command: save [ safely ] [ force ] Module of the command: Configuration File Management Description: Add key word force to save the current configuration to the configuration file for the next startup of the device, and the system does not output any interaction information. 15. Command 15: Original command: ping ipv6 [ -a source-ipv6 | -c count | -m interval | -s packet-size | -t timeout ] * host [ -i interface-type interface-number ] tracert ipv6 [ -f first-ttl | -m max-ttl | -p port | -q packet-number | -w timeout ] * host Modified command: ping ipv6 [ -a source-ipv6 | -c count | -m interval | -s packet-size | -t timeout ] * host [ -i interface-type interface-number ] tracert ipv6 [ -f first-ttl | -m max-ttl | -p port | -q packet-number | -w timeout ] * host Module of the command: Network Management and Monitoring Description: The string length of parameter host is modified from 1 to 46 to 1 to 255. 16. Command 16: Original command: reset acl counter name acl-name reset acl ipv6 counter name acl6-name Modified command:
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 74
Item Description reset acl counter name acl-name reset acl ipv6 counter name acl6-name Module of the command: ACL Description: The string length of parameter acl-name or acl6-name is modified from 1 to 32 to 1 to 63. 17. Command 17: Original command: reset dns [ ipv6 ] dynamic-host Modified command: reset dns host [ ip | ipv6 | naptr | srv ] Module of the command: DNS Description: Add subtype of the dynamic DNS cache to be cleared. 18. Command 18: Original command: reset wlan statistics { client { all | mac-address mac-address } | radio [ ap-name ] } reset wlan ap { all | name ap-name } reset wlan ap reboot-log { all | name ap-name } Modified command: reset wlan statistics { client { all | mac-address mac-address } | radio [ ap-name ] } reset wlan ap { all | name ap-name } reset wlan ap reboot-log { all | name ap-name } Module of the command: WLAN Services Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32. 19. Command 19: Original command: reset wlan wmm { radio { all | ap ap-name } | client { all | ap ap-name | mac-address mac-address } } Modified command: reset wlan wmm { radio { all | ap ap-name } | client { all | ap ap-name | mac-address mac-address } } Module of the command: WLAN QoS
Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32. 20. Command 20: Original command: primary authentication { ipv4-address | ipv6 ipv6-address } [ port-number | key key ] secondary authentication { ipv4-address | ipv6 ipv6-address } [ port-number | key key ] primary accounting { ipv4-address | ipv6 ipv6-address } [ port-number | key key ] secondary accounting { ipv4-address | ipv6 ipv6-address } [ port-number |
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 75
Item Description key key] key { accounting | authentication } key Modified command: primary authentication { ipv4-address | ipv6 ipv6-address } [ port-number | key [ cipher | simple ] key ] secondary authentication { ipv4-address | ipv6 ipv6-address } [ port-number | key [ cipher | simple ] key ] primary accounting { ipv4-address | ipv6 ipv6-address } [ port-number | key [ cipher | simple ] key ] secondary accounting { ipv4-address | ipv6 ipv6-address } [ port-number | key [ cipher | simple ] key] key { accounting | authentication } [ cipher | simple ] key Module of the command: AAA
Description: The display of keyword could be selected as cipher text or plaint text. 21. Command 21: Original command: undo secondary accounting undo secondary authentication Modified command: undo secondary accounting [ ipv4-address | ipv6 ipv6-address ] undo secondary authentication [ ipv4-address | ipv6 ipv6-address ] Module of the command: AAA
Description: Remove the specified secondary RADIUS server. 22. Command 22: Original command: authentication lan-access radius-scheme radius-scheme-name [ local ] authorization lan-access radius-scheme radius-scheme-name [ local ] accounting lan-access radius-scheme radius-scheme-name [ local] Modified command: authentication lan-access radius-scheme radius-scheme-name [ local | none ]} authorization lan-access radius-scheme radius-scheme-name [ local | none ] accounting lan-access radius-scheme radius-scheme-name [ local | none] Module of the command: AAA
Description: Authentication, authorization or accounting could be ignored after RADIUS scheme failed. 23. Command 23: Original command: idle-cut enable minute [ flow ] Modified command: idle-cut enable minute [ flow ] Module of the command: AAA Description: The max value of minute is modified to 600.
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 76
Item Description 24. Command 24: Original command: method { md5 | peap-mschapv2 | tls } undo method { md5 | peap-mschapv2 | tls } Modified command: method { md5 | peap-gtc | peap-mschapv2 | tls } undo method { md5 | peap-gtc | peap-mschapv2 | tls } Module of the command: AAA Description: Support a new EAP authentication method that PEAP together with the GTC for authentication in TLS tunnels. 25. Command 25: Original command: ap ap-name radio radio-number undo ap { ap-name [ radio radio-number ] | all } Modified command: ap ap-name radio radio-number undo ap { ap-name [ radio radio-number ] | all } Module of the command: WLAN
Description: In Radio group view or Load balancing group view , the max number of characters in ap-name is extended to 32. 26. Command 26: Original command: echo-interval interval Modified command: echo-interval interval Module of the command: WLAN Description: The min value of interval is modified to 5. 27. Command 27: Original command: cir committed-information-rate [ cbs committed-burst-size ] Modified command: cir committed-information-rate [ cbs committed-burst-size ] Module of the command: AAA Description: The max value of committed-information-rate is modified to 1000000, the max value of committed-burst-size is modified to 62500000. 28. Command 28: Original command: ap template-name-list undo ap template-name-list Modified command: ap template-name-list undo ap template-name-list Module of the command: WALN Description:In AP group view, the max number of characters in AP name is
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 77
Item Description extended to 32. 29. Command 29: Original command: mlsp-proxy mac-address mac-address Modified command: mlsp-proxy mac-address mac-address [ vlan vlan-id ] Module of the command: WALN
Description: Support to configure VLAN of MLSP proxy. 30. Command 30:
Original command:
ipv6 address { ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 ] }
undo ipv6 address [ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 ]]
Modified command:
ipv6 address { ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 | anycast ] }
undo ipv6 address [ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 | anycast ] ]
Module of the command: IPv6
Description: Add parameter anycast, Use the ipv6 address anycast command to configure an IPv6 anycast address for an interface.
Use the undo ipv6 address anycast command to remove the IPv6 anycast address from the interface. 31. Command 31 Original command:
undo qos apply policy { inbound | outbound } Modified command: undo qos apply policy [policy-name ] { inbound | outbound }
Module of the command: QoS Description: Add parameter policy-name. 32. Command 32 Original command:
ipv6 address { ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 ] }
undo ipv6 address [ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 ]]
Modified command:
ipv6 address { ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 | anycast ] }
undo ipv6 address [ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 | anycast ] ] Module of the command: IPv6
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 78
Item Description Description: Add parameter anycast; Use the ipv6 address anycast command to configure an IPv6 anycast address for an interface.
Use the undo ipv6 address anycast command to remove the IPv6 anycast address from the interface. 33. Command 33 Original command: undo ipv6 nd ra prefix { ipv6-prefix } Modified command: undo ipv6 nd ra prefix { ipv6-prefix | ipv6-prefix/prefix-length } Module of the command: IPv6 Description: Add parameter prefix-length 34. Command 34 Original command: portal backup-group group-id Modified command: portal backup-group group-id Module of the command: Portal
Description:The range of group-id is modified from 1 to 16 to 1 to 256 35. Command 35 Original command: dhcp relay address-check { enable | disable } Modified command: dhcp relay address-check enable
undo dhcp relay address-check enable Module of the command: DHCP View: Vlan interface view
Description:The disable command is replaced by undo command. 36. Command 36 Original command:
ppp account-statistics enable Modified command: ppp account-statistics enable [ acl { acl-number | name acl-name } ] Module of the command: PPP View: Virtual template interface view Description: Add parameter acl for traffic that matches the configured ACL . 37. Command 37
Original command:
ppp authentication-mode { chap | pap } * [ [ call-in ] domain isp-name ] Modified command: ppp authentication-mode { chap | ms-chap | ms-chap-v2 | pap } * [ [ call-in ] domain isp-name ] Module of the command: PPP View: Virtual template interface view
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 79
Item Description Description: Add parameter ms-chap and ms-chap-v2. 38. Command 38
Original command:
undo qos apply policy { inbound | outbound } Modified command: undo qos apply policy [ policy-name ] { inbound | outbound } Module of the command: QoS Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually. View: Wlan-ess interface view
Description: Add parameter policy-name. 39. Command 39 Original command: snmp-agent target-host trap address udp-domain { ip-address | ipv6 ipv6-address } [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string [ v1 | v2c | v3 [ authentication | privacy ] ] undo snmp-agent target-host trap address udp-domain { ip-address | ipv6 ipv6-address } params securityname security-string [ vpn-instance vpn-instance-name ] Modified command: snmp-agent target-host trap address udp-domain { ip-address | ipv6 ipv6-address } [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string [ v1 | v2c | v3 [ authentication | privacy ] ] undo snmp-agent target-host trap address udp-domain { ip-address | ipv6 ipv6-address } params securityname security-string [ vpn-instance vpn-instance-name ] Module of the command: Network Management and Monitoring Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually. View: System view Description: The parameter ip-address is modified from IPv4 address to IPv4 address or name of the trap target host. 40. Command 40
Original command: info-center loghost { host-ipv4-address | ipv6 host-ipv6-address } [ port port-number ] [ channel { channel-number | channel-name } | facility local-number ] * undo info-center loghost{ host-ipv4-address | ipv6 host-ipv6-address } Modified command: info-center loghost { host-ipv4-address | ipv6 host-ipv6-address } [ port port-number ] [ channel { channel-number | channel-name } | facility local-number ] * undo info-center loghost{ host-ipv4-address | ipv6 host-ipv6-address } Module of the command: Network Management and Monitoring
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 80
Item Description Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually. View: System view
Description: The parameter host-ipv4-address is modified from IPv4 address to IPv4 address or name of the trap target host,add parameter IPv6. 41. Command 41: Original command: ipv6 host hostname ipv6-address undo ipv6 host hostname [ ipv6-address ] ip host hostname ip-address undo ip host hostname [ ip-address ] Modified command: ipv6 host hostname ipv6-address undo ipv6 host hostname [ ipv6-address ] ip host hostname ip-address undo ip host hostname [ ip-address ] Module of the command: IP Services Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually. View: System view Description: The range of hostname is modified from 1 to 20 to 1 to 255 characters. 42. Command 42 Original command: stp port-log { instance instance-id | all } undo stp port-log { instance instance-id | all } Modified command: stp port-log instance { instance-id | all } undo stp port-log instance { instance-id | all } Module of the command: LAN Switching Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually. View: System view Description: The parameter is modified from all to instance all. 43. Command 43
Original command: undo local-user { user-name | all [ service-type { ftp | lan-access | portal | ppp | ssh | telnet | terminal } ] }
Modified command: undo local-user { user-name | all [ service-type { ftp | lan-access | portal | ppp | ssh | telnet | terminal | web } ] } Module of the command: AAA Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually. View: System view
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 81
Item Description Description: Add parameter web 44. Command 44
Original command:
undo radius nas-ip
undo hwtacacs nas-ip
Modified command: undo radius nas-ip { ipv4-address | ipv6 ipv6-address } undo hwtacacs nas-ip ip-address Module of the command: AAA Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually. View: System view
Description: Add parameter ip address. 45. Command 45
Original command: wlan ap ap-name [ model model-name [ id ap-id ] ] undo wlan ap ap-name Modified command: wlan ap ap-name [ model model-name [ id ap-id ] ] undo wlan ap ap-name Module of the command: WLAN Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually.View: System view
Description: The range of ap-name is modified from 1 to 15 to 1 to 32 characters . 46. Command 46
Original command: info-center timestamp loghost { date | no-year-date | none }
Modified command: info-center timestamp loghost { date | no-year-date | none | iso } Module of the command: Network Management and Monitoring Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually.View: System view Description: Add parameter iso. 47. Command 47
Original command:
patch load patch install patch-location patch { active | deactive | run | delete } patch-number
Modified command: patch load [ file filename ] patch install { patch-location | file filename } patch { active | deactive | run | delete } [ patch-number ]
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 82
Item Description Module of the command: Fundamentals Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually.View: System view
Description: Add parameter file,modify parameter patch-number. 48. Command 48
Original command: acl name acl-name undo acl name acl-name acl number acl-number [ name acl-name ] [ match-order { auto | config } ] acl copy { source-acl-number | name source-acl-name } to { dest-acl-number | name dest-acl-name } acl ipv6 name acl-name undo acl ipv6 name acl-name acl ipv6 number acl6-number [ name acl6-name ] [ match-order { auto | config } ] acl ipv6 copy { source-acl6-number | name source-acl6-name } to { dest-acl6-number | name dest-acl6-name }
Modified command: acl name acl-name undo acl name acl-name acl number acl-number [ name acl-name ] [ match-order { auto | config } ] acl copy { source-acl-number | name source-acl-name } to { dest-acl-number | name dest-acl-name } acl ipv6 name acl-name undo acl ipv6 name acl-name acl ipv6 number acl6-number [ name acl6-name ] [ match-order { auto | config } ] acl ipv6 copy { source-acl6-number | name source-acl6-name } to { dest-acl6-number | name dest-acl6-name }
Module of the command: ACL Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually.View: System view
Description: The range of acl-name is modified from 1 to 32 to 1 to 63 characters. 49. Command 49: Original command: Ip route-static dest-address { mask | mask-length } { next-hop-address [track track-entry-number ] | interface-type interface-number [ next-hop-address ] } [ preference preference-value ] [ description description-text ] Modified command: Ip route-static dest-address { mask | mask-length } { next-hop-address [track track-entry-number ] | interface-type interface-number [ next-hop-address ] } [ preference preference-value ] [ permanent ] [ description description-text ] Module of the command: IP-Routing
Description: Adding parameter permanent.
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 83
Item Description 50. Command 50: Original command: dhcp server threshold { allocated-ip threshold-value | average-ip-use threshold-value | max-ip-use threshold-value } Modified command: dhcp server threshold { allocated-ip threshold-value | average-ip-use threshold-value | max-ip-use threshold-value } Module of the command: IP Services Description: The range of parameter threshold-value is modified from 0 to 100 to 1 to 100. 51. Command 51: Original command: port-security mac-address security mac-address vlan vlan-id Modified command: port-security mac-address security [ sticky ] mac-address vlan vlan-id Module of the command: Port Security Description: Adding parameter sticky. 52. Command 52: Original command: resend-interval resend-interval collection-interval collection-interval Modified command: resend-interval resend-interval collection-interval collection-interval Module of the command: Device Management Description: The range of parameter resend-interval is modified from 0 to 900 to 0 to 3600;the range of parameter collection-interval is modified from 0 to 300 to 0 to 60. 53. Command 53: Original command: ip host hostname ip-address Modified command: ip host hostname ip-address Module of the command: IP Serivces Description: The string length of parameter hostname is modified from 1 to 20 to 1 to 255. 54. Command 54: Original command: wlan ap ap-name [ model model-name [ id ap-id ] ] wlan auto-ap persistent { all | name auto-ap-name [ new-ap-name ]} wlan ap-execute ap-name conversion-to-fatap Modified command: wlan ap ap-name [ model model-name [ id ap-id ] ] wlan auto-ap persistent { all | name auto-ap-name [ new-ap-name ]} wlan ap-execute ap-name conversion-to-fatap
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 84
Item Description Module of the command: WLAN Service Description: The string length of parameters ap-name, auto-ap-name and new-ap-name are modified from 1 to 15 to 1 to 32. 55. Command 55: Original command: undo rule rule-id [fragment | logging | source | time-range | vpn-instance ] * Modified command: undo rule rule-id [ counting | fragment | logging | source | time-range | vpn-instance ] * Module of the command: ACL
Description: Add parameter counting, Counts the number of times the IPv4 ACL rule has been matched. 56. Command 56: Original command: rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | destination { dest-addr dest-wildcard | any } | destination-port operator port1 [ port2 ] | dscp dscp | fragment | icmp-type { icmp-type <icmp-code> | icmp-message } | logging | precedence precedence | reflective | source { sour-addr sour-wildcard | any } | source-port operator port1 [ port2 ] | time-range time-range-name | tos tos | vpn-instance vpn-instance-name ] * undo rule rule-id Modified command: rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | counting | destination { dest-addr dest-wildcard | any } | destination-port operator port1 [ port2 ] | dscp dscp | fragment | icmp-type { icmp-type [ icmp-code ] | icmp-message } | logging | precedence precedence | reflective | source { sour-addr sour-wildcard | any } | source-port operator port1 [ port2 ] | time-range time-range-name | tos tos | vpn-instance vpn-instance-name ] * undo rule rule-id [ counting | time-range ] Module of the command: ACL
Description: Change parameter of ICMP code to optional parameters. Add parameter counting, Counts the number of times the IPv4 ACL rule has been matched. 57. Command 57: Original command: rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | destination { dest dest-prefix | dest/dest-prefix | any } | destination-port operator port1 [ port2 ] | dscp dscp | fragment | icmp6-type { icmp6-type icmp6-code | icmp6-message } | logging | routing [ type routing-type ] | source { source source-prefix | source/source-prefix | any } | source-port operator port1 [ port2 ] |
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 85
Item Description time-range time-range-name | vpn-instance vpn-instance-name ]* undo rule rule-id [ { { ack | fin | psh | rst | syn | urg } * | established } | destination | destination-port | dscp | fragment | icmp6-type | logging | routing | source | source-port | time-range | vpn-instance ] * Modified command: rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | counting | destination { dest dest-prefix | dest/dest-prefix | any } | destination-port operator port1 [ port2 ] | dscp dscp | flow-label flow-label-value | fragment | icmp6-type { icmp6-type icmp6-code | icmp6-message } | logging | routing [ type routing-type ] | source { source source-prefix | source/source-prefix | any } | source-port operator port1 [ port2 ] | time-range time-range-name | vpn-instance vpn-instance-name ]* undo rule rule-id [ { { ack | fin | psh | rst | syn | urg } * | established } | counting | destination | destination-port | dscp | flow-label | fragment | icmp6-type | logging | routing | source | source-port | time-range | vpn-instance ] * Module of the command: ACL6
Description: Add parameter counting, counts the number of times the IPv6ACL rule has been matched. Add parameter flow-label, Specifies a flow label value in an IPv6 packet header. The flow-label-value argument is in the range 0 to 1048575. 58. Command 58:
Original command: car cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peak-information-rate ] [ red action ] [ hierarchy-car hierarchy-car-name [ mode { and | or } ] ] Modified command: car cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peak-information-rate ] [ green action ] [ red action ] [ hierarchy-car hierarchy-car-name [ mode { and | or } ] ] Module of the command: QoS
Description: Add parameter green action, green action: Action to take on packets that conform to CIR. The default is pass. Add parameter remark-lp-pass of action: Sets the action to take on the packet, new-local-precedence—Sets the local precedence value of the packet to new-local-precedence and permits the packet to pass through. The new-local-precedence argument ranges from 0 to 7. 59. Command 59:
Original command: if-match [ not ] acl [ ipv6 ] { acl-number | name acl-name } [ update acl [ ipv6 ] { acl-number | name acl-name } ] undo if-match [ not ] acl [ ipv6 ] { acl-number | name acl-name } [ update acl [ ipv6 ] { acl-number | name acl-name } ] Modified command: if-match [ not ] acl [ ipv6 ] { acl-number | name acl-name } [ update acl
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 86
Item Description [ ipv6 ] { acl-number | name acl-name } ] undo if-match [ not ] acl [ ipv6 ] { acl-number | name acl-name } [ update acl [ ipv6 ] { acl-number | name acl-name } ] Module of the command: QoS
Description: The range of acl-name is modified from 1 to 32 to 1 to 63. 60. Command 60:
Original command: reaction item-number checked-element probe-fail threshold-type { consecutive consecutive-occurrences } [ action-type ] Modified command: reaction item-number checked-element probe-fail threshold-type { accumulate accumulate-occurrences | consecutive consecutive-occurrences } [ action-type { none | trap-only } ] Module of the command: UDP jitter, voice test type view
Description: Add parameter trap-only, specifies to record events and send SNMP trap messages. 61. Command 61:
Original command: static-bind ip-address ip-address [ mask-length | mask mask ] Modified command: static-bind ip-address ip-address [ mask-length | mask mask ] Module of the command: DHCP Description: The range of mask-length is modified from 1 to 32 to 1 to 30. 62. Command 62:
Original command: option code { ascii ascii-string | hex hex-string&<1-16> | ip-address ip-address&<1-8> } Modified command: option code { ascii ascii-string | hex hex-string&<1-16> | ip-address ip-address&<1-8> } Module of the command: DHCP
Description: The string lenth of ascii-string is modified from 1 to 63 to 1 to 255. 63. Command 63:
Original command: expired { day day [ hour hour [ minute minute] ] | unlimited } Modified command: expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited } Module of the command: DHCP
Description: Add parameter second second, specifies the number of seconds, in the range of 0 to 59. 64. Command 64 Original command:
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 87
Item Description authorization-attribute { acl acl-number | callback-number callback-number | idle-cut minute | level level | user-profile profile-name | vlan vlan-id | work-directory directory-name } * Modified command: authorization-attribute { acl acl-number | callback-number callback-number | idle-cut minute | level level | user-profile profile-name | user-role { guest | guest-manager | security-audit } | vlan vlan-id | work-directory directory-name } * Module of the command: Local user Description: Add parameter user-role, user-role: Specifies the role for the local user. This keyword is available in only local user view. Users playing different roles can access different levels of commands. If you specify no role for a local user, the access right of the user after login depends on other authorization attributes. Supported roles include: • guest: A guest user account is usually created through the web interface. • guest-manager: After passing authentication, a guest manager can only
use the web interface to access guest-related pages to, for example, create, modify, or change guest user accounts.
• security-audit: A local user playing this role is a security log administrator After passing authentication, a security log administrator can manage security log files, for example, save security log files. For more information about the commands that a security log administrator can use, see the Network Management and Monitoring Command Reference.
65. Command 65 Original command: bind-attribute { call-number call-number [ : subcall-number ] | ip ip-address | location port slot-number subslot-number port-number | mac mac-address | vlan vlan-id } * Modified command: bind-attribute { call-number call-number [ : subcall-number ] | ip ip-address | location port slot-number subslot-number port-number | mac mac-address | vlan vlan-id } * Module of the command: Local user Description: The range of slot-number is modified from 1 to 1024 to 1 to 255. 66. Command 66: Original command: undo authorization-attribute { acl | callback-number | idle-cut | level | user-profile | vlan | work-directory } * Modified command: undo authorization-attribute { acl | callback-number | idle-cut | level | user-profile | user-role | vlan | work-directory } * Module of the command: Local user
Description: Add parameter user-role, Specifies the role for the local user. This keyword is available in only local user view. Users playing different roles can access different levels of commands. 67. Command 67: Original command:
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 88
Item Description display wlan ids attack-list { config | all | ap ap-name } Modified command: display wlan ids attack-list { config | all | ap ap-name } Module of the command: WLAN IDS
Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32. 68. Command 68: Original command: wlan ap ap-name [ model model-name [ id ap-id ] ] undo wlan ap ap-name Modified command: wlan ap ap-name [ model model-name [ id ap-id ] ] undo wlan ap ap-name Module of the command: WLAN IDS
Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32. 69. Command 69: Original command: portal free-rule rule-number { destination { any | ip { ip-address mask { mask-length | mask } | any } [ tcp tcp-port-number | udp udp-port-number ] } | source { any | [ interface interface-type interface-number | ip { ip-address mask { mask-length | mask } | any } [ tcp tcp-port-number | udp udp-port-number ] | mac mac-address | vlan vlan-id ]| * } } * Modified command: portal free-rule rule-number { destination { any | ip { ip-address mask { mask-length | mask } | any } [ tcp tcp-port-number | udp udp-port-number ] } | source { any | [ interface interface-type interface-number | ip { ip-address mask { mask-length | mask } | any } [ tcp tcp-port-number | udp udp-port-number ] | mac mac-address | vlan vlan-id ] | hostname hostname * } } * Module of the command: Portal Description: Add parameter hostname. Specifies an PC host name 70. Command 70: Original command: service-template service-template-number [ vlan vlan-id ] Modified command: service-template service-template-number [ vlan vlan-id ] [nas-port-id portid] Module of the command:WLAN Description: Add parameter nas-port-id. 71. Command 71: Original command: ssh2 server [ port-number ] [ vpn-instance vpn-instance-name ] [prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 89
Item Description | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Modified command: ssh2 server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key dentity-key| prefer-ctos-cipher prefer-ctos-cipher | prefer-ctos-hmac prefer-ctos-hmac | prefer-kex prefer-kex | prefer-stoc-cipher prefer-stoc-cipher | prefer-stoc-hmac prefer-stoc-hmac] *
Module of the command: SSH
Description: Add parameter identity-key, Specifies the algorithm for publickey authentication, either dsa or rsa. The default is dsa.
Change parameter prefer-kex/prefer-ctos-cipher/prefer-stoc-cipher/prefer-ctos-hmac/prefer-stoc-hmac to string, the length is form 1 to 128;
Use the ssh2 command to establish a connection to an IPv4 SSH server and specify the public key algorithm, the preferred key exchange algorithm, and the preferred encryption algorithms and preferred HMAC algorithms between the client and server. 72. Command 72:
Original command: ssh2 ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Modified command: ssh2 ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key dentity-key| prefer-ctos-cipher prefer-ctos-cipher | prefer-ctos-hmac prefer-ctos-hmac | prefer-kex prefer-kex | prefer-stoc-cipher prefer-stoc-cipher | prefer-stoc-hmac prefer-stoc-hmac] * Module of the command: ssh
Description: Add parameter identity-key, Specifies the algorithm for publickey authentication, either dsa or rsa. The default is dsa.
Change parameter prefer-kex/prefer-ctos-cipher/prefer-stoc-cipher/prefer-ctos-hmac/prefer-stoc-hmac to string, the length is form 1 to 128;
Use the ssh2 ipv6 command to establish a connection to an IPv6 SSH server and specify public key algorithm, the preferred key exchange algorithm, and the preferred encryption algorithms and preferred HMAC algorithms between the client and server 73. Command 73: Original command: sftp server [ port-number ] [ vpn-instance vpn-instance-name ] [ prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } |
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 90
Item Description prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Modified command: sftp server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key dentity-key| prefer-ctos-cipher prefer-ctos-cipher | prefer-ctos-hmac prefer-ctos-hmac | prefer-kex prefer-kex | prefer-stoc-cipher prefer-stoc-cipher | prefer-stoc-hmac prefer-stoc-hmac] * Module of the command: ftp/tftp
Description: Add parameter identity-key, Specifies the algorithm for publickey authentication, either dsa or rsa. The default is dsa.
Change parameter prefer-kex/prefer-ctos-cipher/prefer-stoc-cipher/prefer-ctos-hmac/prefer-stoc-hmac to string, the length is form 1 to 128;
Use the sftp command to establish a connection to a remote SFTP server and enter SFTP client view 74. Command 74: Original command: sftp ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [ prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Modified command: sftp ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key dentity-key| prefer-ctos-cipher prefer-ctos-cipher | prefer-ctos-hmac prefer-ctos-hmac | prefer-kex prefer-kex | prefer-stoc-cipher prefer-stoc-cipher | prefer-stoc-hmac prefer-stoc-hmac] * Module of the command: ftp/tftp
Description: Add parameter identity-key, Specifies the algorithm for publickey authentication, either dsa or rsa. The default is dsa.
Change parameter prefer-kex/prefer-ctos-cipher/prefer-stoc-cipher/prefer-ctos-hmac/prefer-stoc-hmac to string, the length is form 1 to 128;
Use the sftp ipv6 command to establish a connection to a remote IPv6 SFTP server and enter SFTP client view. 75. Command 75: Original command: super password [ level user-level ] { simple | cipher } password Modified command: super password [ level user-level ] { simple | cipher } password Module of the command:CLI
Description: The string length of password is modified from 1 to 16/24 to 1 to 256. 76. Command 76 Original command:
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 91
Item Description sftp server [ port-number ] [prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Modified command: sftp server [ port-number ] [ identity-key rsa| prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Module of the command: Security Description: Add parameter identity-key rsa. 77. Command 77: Original command: sftp ipv6 server [ port-number ] [ prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Modified command: sftp ipv6 server [ port-number ] [ identity-key rsa | prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] *
Module of the command: Security Description: Add parameter identity-key rsa. 78. Command 78: Original command:
display device manuinfo
display reboot-type Modified command:
display device manuinfo [ subslot subslot-number ] [ | { begin | exclude | include } regular-expression ]
display reboot-type [ subslot subslot-number ] [ | { begin | exclude | include } regular-expression ] Module of the command: Device management Description:The slot number of a card can be specified . 79. Command 79: Original command:
undo dhcp-snooping information format [ verbose node-identifier] Modified command:
undo dhcp-snooping information format Module of the command: DHCP
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 92
Item Description Description: verbose node-identifier can not specified in this command. 80. Command 80: Original command:
port-security mac-address security mac-address vlan vlan-id
undo port-security mac-address security mac-address vlan vlan-id Modified command:
port-security mac-address security [ sticky ] mac-address vlan vlan-id
undo port-security mac-address security [ sticky ] mac-address vlan vlan-id Module of the command: DHCP Description: A sticky MAC address can be configured by the command. 81. Command 81: Original command:
undo qos apply policy { inbound | outbound } Modified command:
undo qos apply policy [ policy-name ] { inbound | outbound } Module of the command: QoS Description: QoS policy of the specified name can be removed.
MIB updates relative to WX5004-CMW520-R2107P10
Table 15 MIB updates
Item MIB file Module Description
A5000-CMW520-R2303(First release on new branch) New None None None
Modified None None None
Configuration changes relative to WX5004-CMW520-R2107P10
None.
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 93
Resolved problems in A5000-CMW520-R2303 relative to WX5004-CMW520-R2107P10
Problem WLD29956
• First Found-in Version: CMW520-R2107P10
• Condition: None
• Description: AC works in US country-code, RRM adjusts radio power to 19dbm, but radio can only support maximum power as 13dbm in regulatory domain.
Problem WLD29957
• First Found-in Version: CMW520-R2107P10
• Condition: None
• Description: WA2620-AGN should increase 2dbm on channel 1 and channel 11, when country-code is “US”.
Problem WLD30273
• First Found-in Version: CMW520-R2107P10
• Condition: None
• Description: When ARP-Snooping is enabled, AC will periodically send one special ARP request frame. This is not correct.
Problem WLD30289
• First Found-in Version: CMW520-D2302
• Condition: None
• Description: ARP-Snooping is only enabled. When AC receives one unicast arp frame, system should drop it but currently forwards it out.
Problem WLD30313
• First Found-in Version: CMW520- D2302
• Condition: None
• Description: When AC works in AU country-code, 11a supports 120, 124 and 128 channel. That doesn’t comply with Australia regulatory.
Problem WLD29566
• First Found-in Version: CMW520-R2107P10
• Condition: None
• Description: WX5004 in Australia finds the MIB node of h3cDot11MaxBandwidth,can’t be get by IMC.
Problem WLD30047
• First Found-in Version: CMW520-R2107P10
A5000-CMW520-R2303 Release Notes
Hewlett-Packard Development Company, L.P. 94
• Condition: None
• Description: In 3M network, when RRM changes the channel, the radio’s power can’t be adjusted as the same time which will keep as one invalid power.
Problem WLD28836
• First Found-in Version: CMW520-R2107P10
• Condition: None
• Description: WX5004 in Australia uses RRM. After power calibration, “power-lock” can lock radio power and avoid new calibration. But if the device is rebooted, the max-power of radio will be restored as default value.
© Copyright 2011Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.