HP 5500 Ei 5500 Si Switch Series Configuration Guide
Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 2486
185
# Enable management VLAN auto-negotiation.
[abc_0.SwitchB-cluster] management-vlan synchronization enable
# Configure the holdtime of the member switch information as 100 seconds.
[abc_0.SwitchB-cluster] holdtime 100
# Configure the interval to send handshake packets as 10 seconds.
[abc_0.SwitchB-cluster] timer 10
# Configure the FTP Server, TFTP Server, Log host and SNMP host for the cluster.
[abc_0.SwitchB-cluster] ftp-server 63.172.55.1
[abc_0.SwitchB-cluster] tftp-server 63.172.55.1...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-2485.png "Page 2486
185
# Enable management VLAN auto-negotiation.
[abc_0.SwitchB-cluster] management-vlan synchronization enable
# Configure the holdtime of the member switch information as 100 seconds.
[abc_0.SwitchB-cluster] holdtime 100
# Configure the interval to send handshake packets as 10 seconds.
[abc_0.SwitchB-cluster] timer 10
# Configure the FTP Server, TFTP Server, Log host and SNMP host for the cluster.
[abc_0.SwitchB-cluster] ftp-server 63.172.55.1
[abc_0.SwitchB-cluster] tftp-server 63.172.55.1...")
190 Figure 62 Example of CWMP message interaction The whole process is as follows: 1. Establish a TCP connection. 2. SSL initialization, and establish a security connection. 3. The CPE sends an Inform request message to in itiate a CWMP connection. The Inform message carries the reason for sending this message in the Ev entcode field. In this example, the reason is 6 CONNECTION REQUEST, indicating that the ACS requires the CPE to establish a connection. 4. If the CPE passes the authentication of the ACS, the ACS returns an Inform response, and the connection is established. 5. Receiving the Inform response, the CPE sends an em pty message, if it has no other requests. The CPE does this in order to comply with the re quest/reply interaction model of HTTP, in which CWMP messages are conveyed. 6. The ACS queries the value of the ACS URL set on the CPE. 7. The CPE replies to the ACS with the obtained value of the ACS URL. 8. The ACS finds that its local URL value is the same as the value of the ACS URL on the CPE. Therefore, the ACS sends a Set request to the CPE to modify the ACS URL value of the CPE to the URL of the standby ACS. 9. The setting succeeds and the CPE sends a response. 10. The ACS sends an empty message to notify the CPE that it does not request for any other information from the CPE. 11. The CPE closes the connection. After this, the CPE will initiate a connection to the standby ACS.
191 CWMP configuration tasks Configuring the DHCP server In a CWMP network, the DHCP server is mainly used to notify the ACS location and authentication information to the ACS. DHCP server configuration includes the following tasks: • Configuring a DHCP address pool for allocating IP addresses to CPEs. • Configuring the DNS server. • Configuring the Option 43 field to notify the ACS information to CPEs. The following describes how to configure the option 43 field: You can configure ACS parameters for the CPE on the DHCP server through DHCP Option 43. When accessed by the CPE, the DHCP ser ver sends the ACS parameters in DHCP Option 43 to the CPE. If the DHCP server is an HP switch that supports DHCP Option 43, you can configure the ACS parameters at the CLI with the command option 43 hex 01length URL username password , where: • length is a hexadecimal string that indicates the total length of the URL username password arguments. No space is allowed between the 01 keyword and the length value. • URL is the ACS address. • username is the ACS username. • password is the ACS password. When configuring the ACS URL, username and password, follow these guidelines: • The three arguments take the hexadecimal format and the ACS URL and username must each end with a space (20 in hexadecimal format) for separation. • The three arguments must be input in 2-digit, 4-digi t, 6-digit, or 8-digit segments, each separated by a space. For example, to set the ACS address to http://169.254.76.31:7547/acs, username to 12 3 4, and password to 5678 , you can configure as follows: system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] option 43 hex 0127 68747470 3A2F2F31 36392E32 35342E37 362E3331 3A373534 372F6163 73203132 33342035 3637 38 In the option 43 hex command: • 27 indicates that the length of the subsequent hexadecimal strings is 39 characters. • 68747470 3A2F2F31 36392E32 35342E37 362E3331 3A373534 372F6163 73 corresponds to the ACS address http://169.254.76.31/acs. • 3132 3334 corresponds to the username 12 3 4 . • 35 3637 38 corresponds to the password 5678. • 20 is the end delimiter. For more information about DHCP, DHCP Option 43, the option command, DHCP address pool configuration, and DNS server configuration, see Layer 3—IP Services Configuration Guide.
192 Configuring the DNS server On the DNS server, you need to bind the URL address to the IP address of the ACS server to make sure that CPEs can obtain the IP address of the ACS through the DNS function. Configuring the ACS server An ACS performs auto-configuration of a CPE through remote management. For the primary configurable parameters, see Configuration parameter deployment . F or how to configure the ACS server, see the user manual came with your ACS server. Configuring CPEs You can set CWMP parameters at the CLI. The switches operate as CPEs in a CWMP-enabled network, so the following describes only the configuration on CPEs. Complete these tasks to configure CWMP: Task Remarks Enabling CWMP Required Configuring the ACS server: Configuring the ACS URL Required Configuring the ACS username and password Optional Configuring CPE attributes: Configuring the CPE username and password Optional Configuring the CWMP connection interface Optional Configuring the CWMP connection interface Optional Configuring the maximum number of attempts made to retry a connection Optional Configuring the close-wait timer of the CPE Optional Configuring the CPE working mode Optional Specifying an SSL client policy for HTTPS connection to ACS Optional Enabling CWMP CWMP configurations can take effect only after you enable CWMP. To e n ab l e C W M P : Step Command Remarks 1. Enter system view. system-view N/A 2. Enter CWMP view. cwmp N/A
193 Step Command Remarks 3. Enable CWMP. cwmp enable Optional. By default, CWMP is enabled. Configuring the ACS attributes ACS attributes include ACS URL, username and password. When the CPE initiates a connection to the ACS, the ACS URL, username and password are carried in the connection request. After the ACS receives the request, if the parameter values in the request are consistent with those configured locally, the authentication succeeds, and the connection is allowed to be established. If not, the authentication fails, and the connection is not a llowed to be established. Configuring the ACS URL You can assign only one ACS to a CPE and the ACS URL you configured overwrites the old one, if any. To configure the ACS URL: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter CWMP view. cwmp N/A 3. Configure the ACS URL. cwmp acs url url By default, no ACS URL is configured. Configuring the ACS username and password To pass ACS authentication, make sure that the configured username and password are the same as those configured for the CPE on the ACS. To configure the ACS username and password: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter CWMP view. cwmp N/A 3. Configure the ACS username for connection to the ACS. cwmp acs username username By default, no ACS username is configured for connection to the ACS. 4. Configure the ACS password for connection to the ACS. cwmp acs password [ cipher | simple ] password Optional. You can specify a username without a password that is used in the authentication. If so, the configuration on the ACS and that on the CPE must be the same. By default, no ACS password is configured for connection to the ACS.
194 Configuring CPE attributes CPE attributes include CPE username and password, which are used by a CPE to authenticate an ACS. When an ACS initiates a connection to a CPE, the ACS sends a session request carrying the CPE URL, username, and password. When the switch (CPE) receives the request, it compares the CPE URL, username, and password with those configured locally. If they are the same, the ACS passes the authentication of the CPE, and the connection establishment proceeds. Otherwise, the authentication fails, and the connection establishment is terminated. Configuring the CPE username and password Step Command Remarks 1. Enter system view. system-view N/A 2. Enter CWMP view. cwmp N/A 3. Configure the CPE username for connection to the CPE. cwmp cpe username username By default, no CPE username is configured for connection to the CPE. 4. Configure the CPE password for connection to the CPE. cwmp cpe password [ cipher | simple ] password Optional. You can specify a username without a password that is used in the authentication. If so, the configuration on the ACS and that on the CPE must be the same. By default, no CPE password is configured for connection to the CPE. Configuring the CWMP connection interface The CWMP connection interface is the interface that the CPE uses to communicate with the ACS. The CPE sends the IP address of this interface in the Inform messages and the ACS replies to this IP address for setting up a CWMP connection. If the interface that connects the CPE to the ACS is the only Layer 3 interface that has an IP address on the device, you do not need to specify the CWMP conne ction interface. If multiple Layer 3 interfaces are configured, specify the CWMP connection interface to make sure that the IP address of the interface connects to the ACS is sent to the ACS for setting up CWMP connection. To configure a CWMP connection interface: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter CWMP view. cwmp N/A 3. Set the interface that connects the CPE to the ACS. cwmp cpe connect interface interface-type interface-number By default, the interface for connecting the CPE to the ACS is not configured.
195 Sending Inform messages You must configure the Inform message sending parameter on the CPE to initiate a connection to the ACS. To configure the CPE to periodically send Inform messages: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter CWMP view. cwmp N/A 3. Enable the periodical sending of Inform messages. cwmp cpe inform interval enable By default, this function is disabled. 4. Configure the interval between sending the Inform messages. cwmp cpe inform interval seconds Optional. By default, the CPE sends an Inform message every 600 seconds. To configure the CPE to send an Inform message at a specific time: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter CWMP view. cwmp N/A 3. Configure the CPE to send an Inform message at a specific time. cwmp cpe inform time time By default, no time is set. The CPE is not configured to send an Inform message at a specific time. Configuring the maximum number of attempts made to retry a connection If a CPE fails to establish a connection to an ACS, or the connection is interrupted during the session (the CPE does not receive a message indicating the normal close of the session), the CPE can automatically reinitiate a connection to the ACS. To configure the maximum number of attempts that a CPE can make to retry a connection: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter CWMP view. cwmp N/A 3. Configure the maximum number of attempts that a CPE can make to retry a connection. cwmp cpe connect retry times Optional. By default, a CPE regularly sends connection requests to the ACS until a connection is set up. Configuring the close-wait timer of the CPE The close-wait timeout is used mainly in the following cases:
196
• During the establishment of a connection: If the CPE sends connection requests to the ACS, but the
CPE does not receive a response within the configur ed close-wait timeout, the CPE will consider the
connection failed.
• After a connection is established: If there is no packet interaction between the CPE and ACS within
the configured close-wait timeout, the CPE will consider the connection invalid, and disconnect the
connection.
To configure the close wait timer of a CPE:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter CWMP view. cwmp N/A
3. Configure the timeout value of
the CPE close-wait timer. cwmp cpe wait timeout
seconds Optional.
The default setting is 30 seconds.
Configuring the CPE working mode
Configure the device to operate in one of the follo
wing CPE modes depending on its position in the
network:
• Gateway mode—Enables the ACS to manage the device and any CPE attached to the device. Use
this mode if the device is the egress to the WAN and has lower-level CPEs.
• Device mode —If no CPEs are attached to the device, configure the device to operate in device
mode.
Disable CWMP before you change the CPE working mode.
To configure the working mode of the CPE:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter CWMP view. cwmp N/A
3. Configure the working mode
of the CPE. cwmp device-type
{ device |
gateway } By default, the device operates in
gateway
mode.
Specifying an SSL client policy for HTTPS connection to ACS
CWMP uses HTTP or HTTPS for data transmission. If the ACS uses HTTPS for secure access, its URL
begins with https://. You must configure an SSL client policy for the CPE to authenticate the ACS for
establishing an HTTPS connection. For more information about configuring SSL client policies, see
Security Configuration Guide.
To specify an SSL client policy for the CPE to establish an HTTPS connection to the ACS:
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter CWMP view.
cwmp N/A
197
Step Command Remarks
3. Specify an SSL client policy.
ssl client-policy policy-name By default, SSL client policy is
disabled.
Displaying and maintaining CWMP
Task Command Remarks
Display CWMP configuration.
display cwmp configuration
[ |
{ begin | exclude | include }
regular-expression ] Available in any view
Display the current status of
CWMP.
display cwmp status
[ | { begin |
exclude | include }
regular-expression ] Available in any view
CWMP configuration example
Configuration guidelines
Before configuring the ACS server, make sure that the HP iMC BIMS software is installed on the server.
The BIMS functions and web interface might change al ong with software updates. If your web interface
is different from that in this example, se e the user manual came with your server.
Network requirements
A data center has two equipment rooms A and B. Both rooms require a great number of switches. There
are ACS, DHCP, and DNS servers on the network. To improve deployment efficiency, use CWMP to
deliver different configuration files to the switches in rooms A and B. In this example, each room has three
switches.
198
Figure 63 Network diagram
Table 10 Switches deployed in two equipment rooms
Equipment room Switch Serial ID
A DeviceA 210235AOLNH12000008 DeviceB 210235AOLNH12000010
DeviceC 210235AOLNH12000015
B DeviceD 210235AOLNH12000017 DeviceE 210235AOLNH12000020
DeviceF 210235AOLNH12000022
The network administrator has created two configuration files
sys.a.cfg and sys_b.cfg for the switches in
the two rooms. The username and password for accessing the ACS server is vicky and 12 3 4 5 . The URL
address is http://acs.database:9090/acs.
Configuration procedure
1. Configure the ACS server:
ACS server configuration includes the following tasks:
{ Setting the username and password for accessing the ACS server.
{ Adding information about CPEs and divide CPEs into different groups.
{ Binding configuration files to different CPE groups.
Other configurations on the ACS server keep their default value.
# Set a username and password on the ACS server.
Click the System Management tab, and select CPE Authentication Users from the navigation tree to
enter the CPE authentication user configuration page.
DeviceA DeviceB DeviceC
Room ADeviceD DeviceE DeviceF Room B
ACS
10.185.10.41 DHCP server
10.185.10.52 DNS server
10.185.10.60
199 Figure 64 CPE Authentication User page Click Add to enter the page for adding a CPE authentication user. Figure 65 Add CPE Authentication User page Set the username, password, and description, and then click OK. # Add a device group and a device class. In this example, add DeviceA to the Device_A class of the DB_1 group. Click the Resource tab, and select Group Management > Device Group from the navigation tree to enter the device group page. Click Add to enter the page for adding a device group.