A5000 CMW520 R2303 Release Notes

A5000-CMW520-R2303 Release Notes

Keywords: WLAN, Version Information, Version Update, Open Problems and Workarounds Abstract: This release notes describes the A5000-CMW520-R2303 release with respect to hardware and software compatibility, released features and functions, software upgrading, and documentation. Acronyms:
Acronym
AAA AC ACL AP ARP CCMP CLI DHCP MIB QoS SNMP STA TKIP WEP WLAN
Full spelling
Authentication, Authorization and Accounting Access Controller Access Control List Access Point Address Resolution Protocol Counter mode (CTR) with CBC-MAC Protocol Command Line Interface Dynamic Host Configuration Protocol Management Information Base Quality of Service Simple Network Management Protocol Station Temporal Key Integrity Protocol Wired Equivalent Privacy Wireless LAN
Hewlett-Packard Development Company, L.P.
Contents
Version information 5
Version number 5 Version history 5 Hardware and software compatibility matrix 5
FIT AP Compatibility Table 7 Restrictions and cautions 8 Feature list 8

Hardware features 8 Software features 10 Feature updates 17 Command line updates 17 MIB updates 17 Configuration changes 18
Version updates17
Open problems and workarounds18 List of resolved problems 18 Software upgrading 18

Resolved problems in A5000-CMW520-R2303 18 Introduction 18 Files managed on access controller 18 Maintaining software 20 Software Upgrade Flow 21 Boot ROM menu 22 Main Boot ROM menu 22 Boot ROM submenus 23 Upgrading Boot ROM through a serial port 25 Modifying serial port parameters 25 Upgrading the BootWare Through the Management Ethernet Interface 27 Upgrading the BootWare Through a Serial Connection 29 Upgrading application image through a serial port 31 Upgrading application image through an Ethernet interface 32 Configuring Ethernet interface parameters 32 Upgrading application image 33 Maintaining application image and configuration at CLI 35 Maintaining the Access Controller with TFTP 35 Maintaining the Access Controller with FTP 36 Maintaining application and configuration file 39 Dealing with access controller password loss 41 Dealing with user password loss 41 Dealing with Boot ROM password loss 41 Super password loss 42 Backing up and restoring the Boot ROM image 42
2
Compatibility for H3C WX Series Access Controller 43
Hardware and software compatibility matrix for H3C WX Series Access Controller 43 Feature updates relative to WX5004-CMW520-R2107P10 43 Command line updates relative to WX5004-CMW520-R2107P10 45 MIB updates relative to WX5004-CMW520-R2107P10 92 Configuration changes relative to WX5004-CMW520-R2107P10 92 Resolved problems in A5000-CMW520-R2303 relative to WX5004-CMW520-R2107P10 93
List of Tables
Table 1 Version history ................................................................................................................... 5 Table 2 Hardware and software compatibility matrix.......................................................................... 5 Table 3 A5000 Series Access Controller Module Compatibility Table................................................... 6 Table 4 Fit AP Compatibility Table ................................................................................................... 7 Table 5 HP A-WX5004 Access Controller Hardware Features.............................................................. 8 Table 6 HP A-WX5002 Access Controller Hardware Features.............................................................. 9 Table 7 HP A5800 Access Controller OAA Module Card Hardware Features ....................................... 9 Table 8 Software features ..............................................................................................................10 Table 9 Performance specifications.................................................................................................. 15 Table 10 Main Boot ROM menu .....................................................................................................23 Table 1 Ethernet parameters settings description ............................................................................. 33 1 Table 12 WX Series Access Controller Module Compatibility Table .................................................... 43 Table 13 Feature updates.............................................................................................................. 43 Table 14 Command line updates ................................................................................................... 45 Table 15 MIB updates .................................................................................................................. 92
Version information
Version number
Comware Software, Version 5.20, R2303
Note: This version number can be displayed by command display version under any view. Please see Note.
Version history
Table 1 Version history Version number
A5000-CMW520-R2303
Last version
First release
Release Date
2011-6-27
Remarks
None
Hardware and software compatibility matrix

Table 2 Hardware and software compatibility matrix Item
Product family
Specifications
A5000 Series Access Controllers HP A-WX5004 Access Controller HP A-WX5002 Access Controller 1G 256M CF Card Basic 1.10 Extend 1.13 (Note:This version number can be displayed by command display version under any view. Please see Note) HP A5800 Access Controller OAA Module Card 2G 1G CF Card Basic 1.28 Extend 1.37 (Note:This version number can be displayed by command display version under any view. Please see Note)
Hardware platform
Minimum memory requirements Minimum Flash requirements
Boot ROM version
Host software CPLD Version iMC Version Hewlett-Packard Development Company, L.P.
A5000-CMW520-R2303.bin (36,640,996Bytes) 010 004
iMC PLAT 5.0 SP1 (E0101P05) iMC UAM 5.0 SP1 (E0101P03) iMC EAD 5.0 SP1 (E0101P03)
5
iMC QoSM 5.0 SP1 (E0101P01) iMC WSM 5.0 (E0101)

iNode iNode PC 5.0 (E0103)
AP Version
WA2100-CMW520-R1 18 1 WA2200-CMW520-R1 120 WA2600-CMW520-R1 15 1 WA2600A-CMW520-R1 1 11
Remark
None
Table 3 A5000 Series Access Controller Module Compatibility Table WX Series Access Controller Module
HP A5800 Access Controller OAA Module Card
Software Version
Frame
Software Version
A5000-CMW520-R2303 and later version
HP A5800
A5800_5820X-CMW520-R1211 and later version The latest version: A5800_5820X-CMW520-R1211
To display the host software and BootWare version of HP A-WX5004 Access Controller and HP A-WX5002 Access Controller, perform the following:
<HP>display version HP Comware Platform Software Comware Software, Version 5.20, Release 2303 Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P. HP A-WX5004 uptime is 0 week, 0 day, 0 hour, 0 minute ------ Note
HP A-WX5004 with 1 RMI XLR 716 800MHz Processor 1024M bytes DDR2 4M bytes Flash Memory Config Register points to FLASH 261M bytes CFCard Memory
Hardware Version is Ver.A CPLD Version is 010 Basic Bootrom Version is 1.10 Extend Bootrom Version is 1.13 [Subslot 0]A-WX5004 Hardware Version is Ver.A ------ Note ------ Note
To display the host software and BootWare version of HP A5800 Access Controller OAA Module Card, perform the following:
<HP>dis version HP Comware Platform Software

Comware Software, Version 5.20, Release 2303 Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P. HP LSWM1WCM10 uptime is 0 week, 0 day, 0 hour, 1 minute ------ Note
HP LSWM1WCM10 with 1 RMI XLR 732 1000MHz Processor 2048M bytes DDR2 4M bytes Flash Memory Config Register points to FLASH 999M bytes CFCard Memory
Hardware Version is Ver.B CPLD Version is 004 Basic Bootrom Version is 1.28 Extend Bootrom Version is 1.37 [Subslot 0]LSWM1WCM10 Hardware Version is Ver.B ------ Note ------ Note
FIT AP Compatibility Table

Table 4 Fit AP Compatibility Table AP Type
H3C WA2110-AG 3COM 7760 3COM 8760 3COM 3150 H3C WA2210-AG H3C WA2220-AG H3C WA2210X-G H3C WA2220X-AG H3C WA2610E-AGN H3C WA2620E-AGN H3C WA2612-AGN H3C WA2620-AGN
AP Mode
WA2100 7760_2750(Note) 8760_3150 8760_3150 WA2210-AG WA2220-AG WA2210X-G WA2220X-AG WA2610E-AGN WA2620E-AGN WA2612-AGN WA2620-AGN
File Name
Packed with AC Version
Remark
None
wa2100.bin
Yes
None None None None
wa2200_fit.bin
Yes
None None None
wa2600_fit.bin
Yes
None None None None
w2600a_fit.bin
Yes
Note: Hereby 7760_2750 is only used as a model name in the AC software. 7760 is supported but 2750 is not.
Restrictions and cautions

1. 2. 3.
The size of configure file for Fit AP shouldnt be more than 3500 bytes. Port security mode userlogin-secure-ext-or-pskis not recommended. Some wireless adaptor station cant connect with this mode. After the register of auto template AP, command line wlan auto-ap persistent is necessary to convert this AP into fixed template AP, otherwise the AC could not refresh the log off status in the case the auto template AP powers off. If there is a Layer3 network between the AC and the AP, either configure the IP bound domain name of the AC on the DNS, or set up the option 43 on the DHCP server hence the AP could reach to the AC. In order to protect the control link between the AC and the AP from the malicious data traffic attack, the AC and AP should be divided into different sub networks as possible, and only permit necessary network access to the WX6103 and the AP from other network terminals. If there are multi IP addresses configured under the same AC interface, the address appointed on the AP should be the main address on the AC interface If the endpoint user use a Vista OS, there would be some constraints, such as the open-system and shared-key authorization modes could not featured on the service template. After the update of the PKI certification, command line : undo local server eap-profile is necessary to refresh the SSL certification cache. The port security mode: userlogin-secure-ext-or-psk is not recommended, for several network cards have some problems to log on under this mode.
4.
5.
6. 7. 8. 9.
Feature list
Hardware features
Table 5 HP A-WX5004 Access Controller Hardware Features Item
Dimensions(H W D) (excluding feet and rack-mounting brackets Weight Input voltage Max. power consumption Operating temperature Relative humidity 43.6 440 430 mm (1.7 17.3 16.93 in.) 7.4 kg (16.31 lb.) (with two PSUs installed) rated voltage: 100V240V AC50/60Hz tolerance voltage: 90V264V AC 47/63Hz 67.7W 045(32F to 113F) 5%~ 95% 8
Description
A5000-CMW520-R2303 Release Notes (noncondensing) Processor Memory Flash 800MHz 1024MB 256MB CF Card 1 Console Fixed interfaces 410/100/1000 BASE-T auto-sensing Ethernet electrical interfaces 41000 Base-X SFP optical interfaces, forming Combo ports together with the corresponding Ethernet electrical interfaces
Table 6 HP A-WX5002 Access Controller Hardware Features Item

Dimensions(H W D) (excluding feet and rack-mounting brackets Weight Input voltage Max. power consumption Operating temperature Relative humidity (noncondensing) Processor Memory Flash 43.6 440 430 mm (1.7 17.3 16.93 in.) 7.4 kg (16.31 lb.) (with two PSUs installed) rated voltage: 100V240V AC50/60Hz tolerance voltage: 90V264V AC 47/63Hz 67.7W 045(32F to 113F) 5%~ 95% 800MHz 1024MB 256MB CF Card 1 Console Fixed interfaces 210/100/1000 BASE-T auto-sensing Ethernet electrical interfaces 21000 Base-X SFP optical interfaces, forming Combo ports together with the corresponding Ethernet electrical interfaces
Description
Table 7 HP A5800 Access Controller OAA Module Card Hardware Features Item
Dimensions(H W D) Weight Input voltage Max. power consumption
LSWM1WCM10
35250 243mm (1.4 9.8 9.6 in.) 1.65kg(3.64 lb) 12V 80W 9
Operating temperature Relative humidity (noncondensing) Processor Memory Flash Fixed interfaces
045(32F to 113F) 5%~ 95% 1GHz 2048MB 1GB CF Card 110/100BASE-TX out-of-band management interface
Software features
Table 8 Software features Item
Network interconnection
Description
ARP (gratuitous ARP) ARP fast-reply VLAN (port/MAC-based VLANs) SSID/AP based VLANs 802.3 LAN protocols 802.1p 802.1q 802.1X Broadcast/multicast storm suppression 802.3x (not applicable to AC modules Port loopback (not applicable to AC modules) Port broadcast storm suppression Ping, Tracert DHCP server DHCP client DHCP relay agent DHCP snooping IP application DNS client NTP Telnet TFTP client FTP client FTP server
10
Item
Description
IP routing Static routing IGMP snooping Multicasting MLD snooping IPv6 Static Routing
WLAN
802.11 802.11b 802.11a 802.11g 802.11 802.11n 802.11h 802.11d 802.11i 802.11e 80.211s draft Transmission rate selection Transmission rate auto-adjustment Manual and automatic channel configuration; radar avoidance Maximum transmission power configuration Manual and automatic transmission power configuration Country code configuration RF management Multiple country codes 20M/40M speed switchover of APs 802.11n protection RF ping Wireless packet capture Wireless location service (A-iMC and AeroScout) Energy conservation Wireless RF interference detection and mitigation Intra-AC roaming Roaming Inter-AC roaming Key cache fast roaming Tunneling between AC Layer 2/Layer 3 network topology between AP and AC Automatic AC discovery by APs 11
Item
Description
and AP AP software version upgrade through the AC AP configuration file download from the AC IPv4/v6 networks supported between AP and AC Traffic and user number based AP load sharing Centralized and local forwarding modes AP provision Mesh Mesh link Mesh security MAC address authentication 802.1X authentication (EAP-TLS, EAP-TTLS, EAP-PEAP, EAP-MD5, EAP-GTC) Portal authentication Security authentication Local authentication methods, including 802.1X authentication (MD5/TLS/PEAP-MSCHAPv2), portal authentication, and MAC address authentication Portal authentication support for web proxy Portal authentication support for page redirection Wireless EAD
Network security
12
Item
Description
RADIUS LDAP AAA HWTACACS Multi-domain configuration on the authentication server Backup authentication server ESS based authentication server selection Multi-SSID SSID hiding 802.11i (including 802.1X authentication and PSK authentication) WPA, WPA2 802.11 security and privacy WEP (WEP64/WEP128/WEP152) Dynamic WEP LEAP TKIP CCMP User-based bandwidth limit User-based access control User-based QACL User and access control Access control based on AP location Binding between user account and SSID Binding between user account, VLAN, ACL, and user profile Guest access manager and VIP channel White list WIDS/WIPS Static/dynamic blacklist Detection of and countermeasures against rogue wireless devices Wireless anti-attack SSH V1.5/2.0 Others SSID-based user isolation MAC address-based user isolation
QoS
Layer-2 QoS
Layer 2 to Layer 4 packet filtering and traffic classification
13
Item
Description
User-based packet filtering and traffic classification Ethernet interface/SSID based priority Mapping between wired priority and wireless priority Mapping between wireless priority and tunnel priority Traffic policing Congestion management CAR/LR Flow based bandwidth control FIFQ, PQ and CQ WMM (802.11e) Wireless QoS Wireless service-based bandwidth limit Intelligent bandwidth guarantee SSID-based bandwidth control Forwarding of IPv6 packets; IPv6 MIB ICMPv6 Basic IPv6 functions Automatic/manual configuration of link-local and multicast addresses ND protocol IPv6 ACL
IPv6
RFC 2464 DNS6 Extended IPv6 functions TraceR6 Telnet6 FIB6 DHCPv6 relay agent 1+1 fast backup N+1 redundancy (up to 4+1 redundancy)
Reliability
Redundancy
N+N redundancy DHCP server hot backup Portal server hot backup
Maintainability Network management
SNMP V1/V2c/V3
14
Item
Description
Syslog RMON Console port login Telnet (VTY) login User access management SSH login Web based management FTP login File system management System management Applications backup (dual image) Hot fix
Table 9 Performance specifications Performance Item Sub-item A-WX5004 A5800 Access Controller OAA Module Card
10 Gbps
A-WX5002
Switchin g capacity Maximu m number of managed APs WEP key TKIP key CCMP key Rogue AP detection
Interface switching capacity Extended configuration Standard configuration Size of each license Length Length Length Maximum number of permitted vendors
4 Gbps
2 Gbps
256 64 32 40/104/128 bits 128 bits 128 bits
64 32
64
15
Performance Item Sub-item A-WX5004 A5800 Access Controller OAA Module Card A-WX5002
Maximum number of permitted SSIDs Maximum number of permitted MAC addresses Maximum number of rogue APs against which countermeasure s can be taken concurrently Maximum number of attacking devices Static blacklist capacity Blacklist/ white list Dynamic blacklist capacity Static white list capacity Maximum number of SSIDs Maximum number of SSIDs per radio Maximum number of BSSs Maximum number of BSSs per radio Station Maximum number of wireless stations Maximum number of ACs in a mobility
128
256
64
64 entries
512 entries
255 entries 256 128
16
SSID
3072
768
16
4096
2048
Roaming
8 16
Performance Item Sub-item

domain QACL Maximum number of ACLs Maximum number of online sessions Maximum number of VLAN interfaces IPv4/IPv6 ARP table capacity MAC address table capacity Layer-2 multicast table capacity Size 8192 (By TCAM) 4096
A-WX5004
A5800 Access Controller OAA Module Card
A-WX5002
RADIUS
4096
2048
Layer-3 interface Static routes ARP MAC Layer-2 multicast Jumbo frame
512
64
32/32 8192 8192 256 4096 bytes 4096 4096
Version updates
Feature updates
None.
Command line updates

None.
MIB updates
None.
17
Configuration changes
None.
Open problems and workarounds

Problem WLD29319
First found-in version: A5000-CMW520-R2303 Description: Configuring the vlan of mobility-tunnel members, vlan range is not checked by system. Workaround: Please confirm the vlan correct manually.
Problem WLD29223
First found-in version: A5000-CMW520-R2303 Description: The interface WLAN-DBSS cant inherit the rules of portal free-rule by Interface WLAN-ESS. Workaround: Please avoid configure the portal free-rule for SSID.
List of resolved problems

Resolved problems in A5000-CMW520-R2303
First release.
Software upgrading
CAUTION: Upgrade software only when necessary and under the guidance of a technical support engineer.
Introduction
Files managed on access controller
The HP A-WX5004 Access Controller, HP A-WX5002 Access Controller and HP A5800 Access Controller OAA Module Card manage the following three types of files: BootWare program file Application file
18
Configuration file Certificate file
Boot ROM image file

The BootWare program file is used by the access controller to boot the applications. The complete BootWare program file consists of basic BootWare and extended BootWare. Basic BootWare implements system initialization. Extended BootWare provides abundant man-machine interaction functions. It is used for interface initialization for application program and boot system upgrade. Full BootWare refers to the combination of the two sections. After the basic BootWare is started, you can load or upgrade the extended BootWare.
WARNING: Do not power off the device when upgrading the BootWare; otherwise, the BootWare will possibly be damaged.
Application image file

The access controller supports the Dual Image function. By default, three application files are defined for system boot: Main application file (main file) Backup application file (backup file) Secure application file (secure file)
These files are stored in the built-in CF card, with an extension name of .bin. Typically, the default application file is written into the built-in CF card before the access controller is delivered. If you have loaded the three application files into the CF card, the system will choose one of these three files to boot the access controller, depending on the boot sequence described below. For how to set the application file types, refer to section Maintaining application and configuration file. The default names and types of the application files and their loading sequence are as follows: Main application file. The default name is main.bin, and the file type is M. It is the default application file to be loaded when the system starts. Backup application file. The default name is backup.bin, and the file type is B. If failing to load the main application file, the system will try the backup file. Secure application file. The default name is secure.bin, and the file type is S. If the system fails to load the backup application file, the secure application file is the last choice. If it again fails to load the secure application file, the system will give a boot failure message.
19
NOTE: Only the application files of the M, B, and S types can be used to boot the system, while an application file of the N type (an application file other than the M, B, or S type) cannot. After the application program is loaded, you can rename the application files through the CLI or change the types of the M, B and N application files through the BootWare menu or the CLI. However, you cannot change the type of the S application file. As the S application file is the last choice for booting the system, you cannot change its type or obtain a secure application file by changing the type of another type of application file. You can only download it using the BootWare menu. Only one file of the same type (M, B, or S) can exist in the CF card. For example, if an application file of type M+B exists in the CF card, another file of type M or B cannot exist. If the type of another file is changed to B, the existing type M+B file changes to a file of type M.
Configuration file
With a file extension of .cfg, the configuration files are to store the configuration information of the access controller. Typically, the default configuration file is written into the built-in CF card before the access controller is delivered. CAUTION: The length of a configuration file name must not exceed 64 characters (including the drive name and the string terminator). For example, if the drive name is cfa0:/, the maximum length of a file name is [ 64 1 4 ] = 59 characters. If the length of a file name exceeds 59 characters, error will occur in file operations on that file. It is recommended to keep the file name within 16 characters. There is a limitation on the length of file name that can be displayed in BootWare. If a file name is shorter than 30 characters, all the characters of the file name can be displayed; if a file name has or exceeds 30 characters, only the first 26 characters of the file name can be displayed, followed by a tilde (~) and a serial number. The serial number identifies position in sequence of the file. For example, if some files, file A, file B and file C, have a file name longer than 30 characters, the name of file A will appear as the first 26 characters plus ~001, that of file B will appear as the first 26 characters plus ~002, and that of file C will appear as the first 26 characters plus ~003.
Certificate file
After startup, system will create two certificate files automatically, wlan_ca_certificate.cer and wlan_local_certificate.pfx for SSH and HTTPS. (For importing certificate, SSH, HTTPS, please refer to Configuration Guide)
Maintaining software
Upgrading the BootWare and application files using the Xmodem protocol through a serial port. Upgrading application files by BootWare using TFTP or FTP through an Ethernet port. Uploading and downloading the application and configuration files by CLI using TFTP/FTP.
20
NOTE: The BootWare program is upgraded together with the host software version. That is, the system automatically upgrades the BootWare program when you upgrade the host software program. The BootWare program is upgraded together with the host software version. That is, the system automatically upgrades the BootWare program when you upgrade the host software program.
Software Upgrade Flow

Figure 1 Boot ROM and application images upgrade procedure
21
Boot ROM menu

Main Boot ROM menu
Upon access controller power-on or reboot, the console terminal connected with the access controller first displays the following information:
System start booting...
Then, the following information appears:

Booting Normal Extend BootWare........
**************************************************************************** * * * HP LSWM1WCM10 BootWare, Version 1.37 * * *
**************************************************************************** Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P.
Compiled Date CPU Type CPU L1 Cache CPU Clock Speed Memory Type Memory Size Memory Speed BootWare Size Flash Size cfa0 Size CPLD Version PCB Version
: Jan 26 2011 : XLR732 : 32KB : 1000MHz : DDR2 SDRAM : 2048MB : 533MHz : 1536KB : 4MB : 999MB : 004 : Ver.B
BootWare Validating... Press Ctrl+B to enter extended boot menu... Please input BootWare password:
NOTE: The extended boot menu is referred to as BootWare main menu in this manual unless otherwise stated. At the prompt above, press Ctrl+B. The system prompts you to enter the BootWare password:
Please input BootWare password:
You have three chances to enter the BootWare password (the initial password is null). If you fail to enter the correct password three times in a row, the system will be halted and you can only restart the system. After you provide the correct password, the system enters the BootWare main menu:
Hewlett-Packard Development Company, L.P. 22

Note: The current operating device is cfa0 Enter < Storage Device Operation > to select device. ===========================<EXTEND-BOOTWARE MENU>=========================== |<1> Boot System |<2> Enter Serial SubMenu |<3> Enter Ethernet SubMenu |<4> File Control |<5> Modify BootWare Password |<6> Skip Current System Configuration |<7> BootWare Operation Menu |<8> Clear Super Password |<9> Storage Device Operation |<0> Reboot Enter your choice(0-9): | | | | | | | | | |
============================================================================
The following table describes the menu options. Table 10 Main Boot ROM menu Menu option
<1> Boot System <2> Enter Serial SubMenu <3> Enter Ethernet SubMenu <4> File Control <5> Modify BootRom Password <6> Ignore System Configuration <7> Boot Rom Operation Menu <8> Clear Super Password <9> Device Operation <a> Reboot
Description
Boot from the CF card. Refer to section Enter the serial submenu for details. Refer to section Enter the Ethernet Interface submenu for details. File control submenu. Refer to File control submenu for details. Modify the Boot ROM password. Ignore system configuration. Refer to section Boot ROM operation submenu for details. Remove the super password. Device Operation menu, used for selecting the storage device. Reboot the router.
Boot ROM submenus

Enter the serial submenu
You may upgrade the application image and modify serial interface speed in this serial submenu. Enter 2 in the main Boot ROM menu to access the serial submenu:
===========================<Enter Serial SubMenu>=========================== |Note:the operating device is cfa0 |<1> Download Application Program To SDRAM And Run |<2> Update Main Application File | | |
23

|<3> Update Backup Application File |<4> Update Secure Application File |<5> Modify Serial Interface Parameter |<0> Exit To Main Menu Enter your choice(0-5: | | | |
============================================================================
Enter the Ethernet Interface submenu

Enter 3 in the main Boot ROM menu to access the Ethernet submenu. The console screen displays:
==========================<Enter Ethernet SubMenu>========================== |Note:the operating device is cfa0 |<1> Download Application Program To SDRAM And Run |<2> Update Main Application File |<3> Update Backup Application File |<4> Update Secure Application File |<5> Modify Ethernet Parameter |<0> Exit To Main Menu |<Ensure The Parameter Be Modified Before Downloading!> Enter your choice(0-5): | | | | | | | |
============================================================================
File control submenu

Enter 4 in the main Boot ROM menu to access the file control submenu. In this submenu you may identify types of the application files on the CF card, change file name, or remove files. The menu is as follows:
===============================<File CONTROL>=============================== |Note:the operating device is cfa0 |<1> Display All File(s) |<2> Set Application File type |<3> Set Configuration File type |<4> Delete File |<0> Exit To Main Menu | | | | | |
============================================================================ Enter your choice(0-4):
Boot ROM operation submenu

Enter 7 in the main Boot ROM menu to access the Boot ROM operation menu:
=========================<BootWare Operation Menu>========================== |Note:the operating device is cfa0 |<1> Backup Full BootWare |<2> Restore Full BootWare |<3> Update BootWare By Serial |<4> Update BootWare By Ethernet |<0> Exit To Main Menu | | | | | |
============================================================================ Enter your choice(0-4):
24
Upgrading Boot ROM through a serial port

To upgrade the Boot ROM image through a serial port, use Xmodem.
Modifying serial port parameters

Sometimes, we need a high serial port baud rate to save the upgrade time, or a lower baud rate to ensure the transmission reliability. This section introduces how to adjust the serial communication baud rate. Follow these steps to change the serial communication baud rate:
Step1
Enter the BootWare main menu and select 2 to enter the serial interface submenu. Then, select 5 in the submenu to modify the baud rate. The system displays the following:
=================================<BAUDRATE SET>=========================== |Note:'*'indicates the current baudrate | Change The HyperTerminal's Baudrate Accordingly | | | | | | | |
|---------------------------<Baudrate Avaliable>------------------------- | |<1> 9600(Default)* |<2> 19200 |<3> 38400 |<4> 57600 |<5> 115200 |<0> Exit
========================================================================== Enter your choice(0-5):
Step2
Select an appropriate baud rate. For example, select 5 for 1 15200 bps. The following information appears:
Baudrate has been changed to 115200 bps. Please change the terminal's baudrate to 115200 bps, press ENTER when ready.
Now that the serial interface baud rate of the access controller has been changed to 1 15,200 bps while that of the terminal is still 9,600 bps, the access controller and the terminal cannot communicate with each other. Change the baud rate to 1 15,200 bps in HyperTerminal.
Step3
Disconnect the terminal connection in HyperTerminal, as shown below: Figure 2 Disconnect the terminal connection
Step4
Choose File > Properties. In the Properties dialog box, click Configure and select 1 15,200 in the Bits per second drop-down list box.
25
Figure 3 Modify the baud rate
Step5
Select Call > Call to reestablish the connection. Figure 4 Reconnect the call
Step6
Then, press Enter in the serial interface submenu. The system prompts the current baud rate and returns to the parent menu.
==============================<Enter Serial SubMenu>====================== |Note:the operating device is cfa0 |<1> Download Application Program To SDRAM And Run |<2> Update Main Application File |<3> Update Backup Application File |<4> Update Secure Application File |<5> Modify Serial Interface Parameter |<0> Exit To Main Menu Enter your choice(0-5): | | | | | | |
==========================================================================
26
NOTE: Restore the baud rate in the HyperTerminal to 9600 bps (the default) after upgrading the Boot ROM. This is to ensure that information can be displayed on the console screen after a system boot or reboot.
Upgrading the BootWare Through the Management Ethernet Interface

Follow these steps to upgrade the BootWare through the management Ethernet interface:
Step1
Enter the BootWare main menu (refer to section Main Boot ROM menu) and select 7 to enter the BootWare operation submenu. For details about this menu, refer to section Boot ROM operation submenu. Select 4 in the BootWare operation submenu to enter the BootWare operation Ethernet interface submenu:
=====================<BOOTWARE OPERATION ETHERNET SUB-MENU>=============== |<1> Update Full BootWare |<2> Update Extend BootWare |<3> Update Basic BootWare |<4> Modify Ethernet Parameter |<0> Exit To Main Menu Enter your choice(0-4): | | | | |
Step2
==========================================================================
Step3
Select 4 in the BootWare operation Ethernet interface submenu. The system prompts you to modify the network parameters.
============================<ETHERNET PARAMETER SET>====================== |Note: | | '.' = Clear field. '-' = Go to previous field. Ctrl+D = Quit. | | |
========================================================================== Protocol (FTP or TFTP) :tftp Load File Name Target File Name Server IP Address Local IP Address Gateway IP Address :A5000.bin :A5000.bin :192.168.0.179 :192.168.0.125 :192.168.0.1
NOTE: The load file name and target file name must not exceed 50 bytes. After modification of the parameters, the system display returns to the BootWare operation Ethernet interface submenu.
=====================<BOOTWARE OPERATION ETHERNET SUB-MENU>=============== |<1> Update Full BootWare |
27

|<2> Update Extend BootWare |<3> Update Basic BootWare |<4> Modify Ethernet Parameter |<0> Exit To Main Menu Enter your choice(0-4): | | | |
==========================================================================
Step4
Select 1 in the BootWare operation Ethernet interface submenu. Update the BootWare program at the following prompts:
Loading................................................................... .......................................................................... .........................................................Done! 36640996 bytes downloaded! Updating Basic BootWare? [Y/N]Y Updating Basic BootWare................Done! Updating Extend BootWare? [Y/N]Y Updating Extend BootWare..............Done!
After download of the BootWare program file, the system display returns to the BootWare operation Ethernet interface submenu.
===================<BOOTWARE OPERATION ETHERNET SUB-MENU>================= |<1> Update Full BootWare |<2> Update Extend BootWare |<3> Update Basic BootWare |<4> Modify Ethernet Parameter |<0> Exit To Main Menu Enter your choice(0-4): | | | | |
==========================================================================
Step5
Select 0 in the BootWare operation Ethernet interface submenu to enter the BootWare operation submenu:
=========================<BootWare Operation Menu>======================== |Note:the operating device is cfa0 |<1> Backup Full BootWare |<2> Restore Full BootWare |<3> Update BootWare By Serial |<4> Update BootWare By Ethernet |<0> Exit To Main Menu | | | | | |
Step6
Select 0 in the BootWare operation submenu to enter the BootWare main submenu:
===========================<EXTEND-BOOTWARE MENU>========================= |<1> Boot System |<2> Enter Serial SubMenu |<3> Enter Ethernet SubMenu |<4> File Control | | | |
28

|<5> Modify BootWare Password |<6> Skip Current System Configuration |<7> BootWare Operation Menu |<8> Clear Super Password |<9> Storage Device Operation |<0> Reboot | | | | | |
========================================================================== Enter your choice(0-9): 0
Step7
Select 0 in the BootWare main menu to reboot the access controller.
Upgrading the BootWare Through a Serial Connection

Follow these steps to upgrade the BootWare through a serial connection:
Step1
Enter the BootWare main menu (refer to section Main Boot ROM menu) and select 7 to enter the BootWare operation submenu. For details about this menu, refer to section Boot ROM operation submenu. Select 3 in the BootWare operation submenu to enter the BootWare operation serial interface submenu:
======================<BOOTWARE OPERATION SERIAL SUB-MENU>================ |<1> Update Full BootWare |<2> Update Extend BootWare |<3> Update Basic BootWare |<4> Modify Serial Interface Parameter |<0> Exit To Main Menu Enter your choice(0-4): | | | | |
Step2
==========================================================================
Step3
Select 4 in the BootWare operation serial interface submenu. The system prompts you to modify the baud rate.
=================================<BAUDRATE SET>=========================== |Note:'*'indicates the current baudrate | | Change The HyperTerminal's Baudrate Accordingly Press 'Enter' to exit with things untouched. | | |
|-----------------------------<Baudrate Avaliable>-----------------------| |<1> 9600(Default)* |<2> 19200 |<3> 38400 |<4> 57600 |<5> 115200 |<0> Exit | | | | | |
Step4
Change the communication baud rate by referring to section Modifying serial port parameters. After the modification, the system displays the following information:
Baudrate has been changed to 115200 bps.
29

Please change the terminal's baudrate to 115200 bps, press ENTER when ready. The current baudrate is 115200 bps =================================<BAUDRATE SET>=========================== |Note:'*'indicates the current baudrate | Change The HyperTerminal's Baudrate Accordingly | |
|---------------------------<Baudrate Avaliable>-------------------------| |<1> 9600(Default) |<2> 19200 |<3> 38400 |<4> 57600 |<5> 115200* |<0> Exit | | | | | |
Step5
Select 0 to return to the BootWare operation serial interface submenu.

======================<BOOTWARE OPERATION SERIAL SUB-MENU>================ |<1> Update Full BootWare |<2> Update Extend BootWare |<3> Update Basic BootWare |<4> Modify Serial Interface Parameter |<0> Exit To Main Menu | | | | |
Step6
Select 1 in the BootWare operation serial interface submenu. The following prompt appears:
Please Start To Transfer File, Press <Ctrl+C> To Exit. Waiting ...CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
Step7
Select Transfer > Send file in the HyperTerminal window. The following dialog box appears: Figure 5 Send File dialog box
Step8
Click Browse to select the application file to be downloaded, and select Xmodem from the Protocol drop-down list. Then click Send. The following dialog box appears:
30
Figure 6 Download the file using Xmodem
Upon successful download, the system displays the following information:

Download successfully! 354944 bytes downloaded! Updating Basic BootWare? [Y/N]Y Updating Basic BootWare................Done! Updating Extend BootWare? [Y/N]Y Updating Extend BootWare..............Done!
Step9
Change the baud rate on the console terminal from 1 15,200 bps back to 9,600 bps, and reboot the access controller. NOTE: The actual file name, size and path may differ from what are shown in the figure above. Before upgrading the software of your access controller, check the current BootWare version and application program version to make sure that the correct file is used for the upgrade. After you download files with a changed baud rate, timely change the baud rate back to 9,600 bps in HyperTerminal to ensure the normal display on the console screen when the system boots or reboots.
Upgrading application image through a serial port

The procedure is used to upgrade the three types of application files. This section describes how to upgrade the main application file. Follow these steps to upgrade the main application file:
A5000-CMW520-R2303 Release Notes Step1 Step2 Step3
Select 2 in the BootWare main menu to enter the serial interface submenu. For details about this menu, refer to section Enter the Ethernet Interface submenu. To improve the upgrading speed, first modify the serial interface baud rate. For details, refer to section Modifying serial port parameters.. Select 2 in the serial interface submenu. The following prompt appears:
Please Start To Transfer File, Press <Ctrl+C> To Exit. Waiting ...CCCCCCCCCC
Step4
Select and send the application file in HyperTerminal. The procedure for upgrading an application file is the same as upgrading the BootWare. For details, refer to section Upgrading the BootWare Through a Serial Connection. NOTE: In most cases application image files are larger than 10 Mbps. Given the speed of 115200 kbps, upgrading the application image takes about 30 minutes. To make upgrading faster, Ethernet interfaces are used.
Upgrading application image through an Ethernet interface

To upgrade the application image through an Ethernet interface, enter 3 in the main Boot ROM menu to access the Ethernet interface submenu first. (Refer to section Enter the Ethernet Interface submenu.)
Configuring Ethernet interface parameters

Before upgrading an application program through an Ethernet interface, you need to configure the Ethernet interface of the access controller, as follows. Select 3 in the BootWare main menu to enter the Ethernet interface submenu. Then, select 5 to enter the Ethernet interface configuration submenu:
============================<ETHERNET PARAMETER SET>====================== |Note: | | '.' = Clear field. '-' = Go to previous field. Ctrl+D = Quit. | | |
========================================================================== Protocol (FTP or TFTP) :tftp Load File Name Target File Name Server IP Address Local IP Address Gateway IP Address :A5000.bin :A5000.bin :192.168.0.179 :192.168.0.1 :192.168.0.10
32
Table 11 Ethernet parameters settings description Parameter

Load File Name Target File Name Server IP Address Local IP Address Gateway IP Address
Description
Name of the file to be downloaded. Name of the file to be stored in CF Card. The IP address of FTP or TFTP server. Set it to be in the same network with TFTP/FTP server. The IP address of the Gateway.
NOTE: When configuring a parameter, you can enter a new value directly, or press Enter to accept the default value that follows a colon. Type . to clear the current input, - to return to the previous parameter field, and Ctrl+D to quit from the parameter configuration interface. The access controller supports only the 10/100/1000Base-TX out-of-band management Ethernet interface for application upgrade.
Upgrading application image

The Trivial File Transfer Protocol (TFTP) is a TCP/IP protocol used for file transfer between client and server. It provides a simple and low-overhead file transfer service. TFTP provides unreliable data transfer over UDP and does not provide any access authorization and authentication mechanism. It employs the timeout retransmission method to implement best-effort delivery of data. Compared with FTP, TFTP has a much smaller software size. Follow these steps to upgrade an application through the management Ethernet interface:
Step1
Set up a software upgrade environment. For HP A5800 Access Controller OAA Module Card: Connect the 10/100/1000Base-TX management interface to a PC with an Ethernet cable. For HP A-WX5004 Access Controller or HP A-WX5002 Access Controller: Connect the first Gigabit Ethernet interface to a PC with an Ethernet cable. Figure 7 Set up a software upgrade environment
Step2
Run TFTP Server on the PC, and set the path of the application file to be downloaded.
33
NOTE: The TFTP server software is not provided with the access controller. You must make sure that it is available by yourself.
Step3 Step4
Modify the Ethernet interface parameters. For details, refer to section Upgrading application image through an Ethernet interface. Select 3 in the BootWare main menu to enter the Ethernet interface submenu. The following example shows how to upgrade the main application file. Select 2 in the Ethernet interface submenu. The following information appears:
Loading.............................................................................. ..................................................................................... ...................................Done! 20710792 bytes downloaded! Updating File cfa0:/A5000.bin.......................................................... ..................................................................................... ..................................................................................... ..................................................................................... ..................................................................................... ..................................................................................... ..................................................................................... ..................................................................................... ..................................................................................... ..................................................................................... ..................................................................................... ..................................................................................... ..................................................................................... ..................................................................................... ..................................................................................... ...................................................................................Do ne!
Step5 Step6
Select 0 to return to the BootWare main menu. Select 1 in the BootWare main menu to reboot the access controller. CAUTION: If the downloaded file has the same file name with an existing file in the CF card, the system prompts The file is exist, will you recover it? [Y/N]. If you choose Y, the existing file will be overwritten. Make sure that sufficient space is available in the CF card. In case of insufficient space, the system will give a prompt message. The new application file directly replaces the existing file of the same type. In this example, the downloaded file A5000.bin replaces the existing application file of the type M and becomes the only main application file. For details about the application file types, refer to section Application image file.
34
Maintaining application image and configuration at CLI

After the access controller boots, you can perform operations at the CLI to upgrade/back up the application image or to backup/restore configuration.
Maintaining the Access Controller with TFTP

Using the access controller as a TFTP client and a file server as the TFTP server, you can use commands on the console terminal, which can be the same file server, to upload the configuration and application files from the access controller to the file server or download the files from the file server to the access controller.
Setting up a configuration environment

Step1
Set up a network environment by referring to section Upgrading application image through an Ethernet interface. . Figure 8 Set up an environment for software maintenance through the CLI
Step2 Step3
Run TFTP Server on the file server and set the file path. Configure the IP addresses for both sides, which must be on the same subnet. For example, set the IP address of the TFTP server to 192.168.0.1, and that of the access controllers management Ethernet interface to 192.168.0.2. Then use ping to verify the network connectivity.
Backing up and restoring the application and configuration files

After setting up the environment, perform the following operations on the console terminal:
Step1
View the files in the current file system with the dir command.
<HP>dir Directory of cfa0:/ 0 1 2 -rw-rw-rw617 36640996 356124 Jul 26 2011 08:22:56 Jul 28 2011 10:35:38 Jul 27 2011 09:23:54 startup.cfg A5000.bin bootware.app
252904 KB total (198642 KB free) File system type of cfa0: FAT32
35

<HP>
Step2
Perform the file backup or restoration (download) operation. To backup startup.cfg on the access controller by saving it as config.bak on the TFTP server, use the following command:
<HP>tftp 192.168.0.1 put startup.cfg config.bak
File will be transferred in binary mode Sending file to remote TFTP server. Please wait... \ TFTP: 617 bytes sent in 0 second(s).
File uploaded successfully.
To download config.cfg from the TFTP server to the access controller, do the following:
<HP>tftp 192.168.0.1 get config.cfg statup.cfg The file statu.cfg exists. Overwrite it?[Y/N]:y Verifying server file... Deleting the old file, please wait... File will be transferred in binary mode Downloading file from remote tftp server, please wait...\ TFTP: 617 bytes received in 0 second(s) File downloaded successfully.
If a file with the same name already exists on the access controller, the system will ask you whether to replace the existing file. Enter Y to replace it, or N to abort. CAUTION: When you back up a file to the server and if a file with the same name already exists on the server, the existing file will be replaced. The above-mentioned operations are performed in user view. The backup configuration file can be modified by using a text editor. You can update the system configuration by downloading a modified configuration file. Your update takes effect after the access controller is restarted. Likewise, you can update the main application file by downloading a new application file from the server and replacing the existing main application file on the access controller.
Maintaining the Access Controller with FTP

Maintaining the access controller when it serves as the server
File Transfer Protocol (FTP) is an application layer protocol in the TCP/IP suite. It is mainly used for file transfer between remote hosts. FTP provides a reliable, connection-oriented data transfer service over TCP. The FTP service provided by the access controller is FTP Server. Using this feature, the access controller serves as the FTP server. You can use your PC as an FTP client to log in to the access controller for file operations.
Before using FTP, you need to install the FTP client application on your PC. The FTP client software is not provided with the access controller. You must make sure that it is available by yourself. This section describes how to maintain the access controller software using the FTP client application that comes with Microsoft Windows XP. Follow these steps to maintain the software of your access controller through FTP with the access controller as the FTP server:
Step1
Set up a hardware maintenance environment as follows: Figure 9 Maintain the router taking it as the FTP server
Step2
Configure the IP addresses for both sides, which must be on the same subnet. For example, set the IP address of the FTP client to 192.168.0.1, and that of the access controllers management Ethernet interface to 192.168.0.2. Then use ping to verify the network connectivity. Enable FTP service. Configure FTP server authentication and authorization and enable FTP. The FTP server supports multi-client access. When a remote FTP client sends a request to the FTP server, the FTP server executes an action accordingly and returns the execution result to the client. Use the following command to enable the FTP service:
[HP]ftp server enable % Start FTP server
Step3
Step4
Add an authorized FTP username and password.

[HP]local-user guest Create user account guest [HP-luser- guest]service-type ftp [HP-luser- guest]password simple 123456 //Set user type to FTP //Set password for user guest
Step5
Maintain the access controller After enabling the FTP service and configuring the username and password, start the FTP client application on the PC. Open a DOS prompt window, and enter ftp at the DOS prompt.
C:\Documents and Settings\Administrator>ftp ftp> ftp> open 192.168.0.2 Connected to 192.168.0.2. 220 FTP service ready. User (192.168.0.2:(none)): guest 331 Password required for guest Password: Enter the password 123456 //Successfully connected to the server 230 User logged in. //Enter the username guest //The system prompt changed to ftp> //Connect to the access controller
37
A5000-CMW520-R2303 Release Notes Step6
Maintain the access controller software. To backup main.bin on the access controller to the server, do the following:
//Set the transfer mode to binary ftp> binary 200 Type set to I. ftp> lcd c:\temp Local directory now C:\temp. ftp> get main.bin main.bin 200 Port command okay. 150 Opening BINARY mode data connection for main.bin. 226 Transfer complete. ftp: 14323376 bytes received in 16.81Seconds 851.87Kbytes/sec. //Backup to PC //Change the local path
To restore the backup file to the access controller, do the following:

//Download to the access controller
ftp> put main.bin main.bin 200 Port command okay.
150 Opening BINARY mode data connection for main.bin. 226 Transfer complete. ftp: 14323376 bytes sent in 8.29Seconds 1727.37Kbytes/sec. ftp> quit 221 Server closing. //Quit FTP
Maintaining the access controller when it serves as the client

When the access controller is functioning as an FTP client, you can do the following to maintain it.
Step1
Set up a maintenance environment. Figure 10 Maintain the router taking it as the FTP client
Step2 Step3
Run the FTP server program on the PC, set the file path, and set the username and password for the access controller. Configure the IP addresses for both sides, which must be on the same subnet. For example, set the IP address of the FTP server to 192.168.0.1, and that of the access controllers management Ethernet interface to 192.168.0.2. Then use ping to verify the network connectivity. Maintain the access controller using the terminal connected to the console port of the access controller.
<HP>ftp 192.168.0.1 Trying 192.168.0.1 ... Press CTRL+K to abort Connected to 192.168.0.1. 220 3Com 3CDaemon FTP Server Version 2.0 User(192.168.0.1:(none)):guest 331 User name ok, need password //Enter the username set on the server
Step4
38

Password: 230 User logged in [ftp] //Enter the password
Step5
Maintain the access controller software. Use the get and put commands to download and backup files.
[ftp]get main.bin main.bin cf:/main.bin has been existing. Overwrite it?[Y/N]:y 200 PORT command successful. 150 File status OK ; about to open data connection 226 Closing data connection; File transfer successful. FTP: 14323376 byte(s) received in 69.256 second(s) 206.00K byte(s)/sec. [ftp]put main.bin main.bin 200 PORT command successful. 150 File status OK ; about to open data connection 226 Closing data connection; File transfer successful. FTP: 14323376 byte(s) sent in 15.974 second(s) 896.00Kbyte(s)/sec. [ftp]quit 221 Service closing control connection
Maintaining application and configuration file

You can use the file control submenu to modify and display file types. Select 4 in the BootWare main menu to enter the file control submenu. The following information appears:
=================================<File CONTROL>=========================== |Note:the operating device is cfa0 |<1> Display All File(s) |<2> Set Application File type |<3> Delete File |<0> Exit To Main Menu Enter your choice(0-3): | | | | |
==========================================================================
Display all files

Select 1 in the file control submenu. The following information appears:
Display all file(s) in cfa0: 'M' = MAIN 'B' = BACKUP 'S' = SECURE 'N/A' = NOT ASSIGNED
========================================================================== |NO. Size(B) |1 |2 36640996 795 Time Type Name cfa0:/A5000.bin cfa0:/startup.cfg | | | Jan/20/2034 10:12:36 M Jan/20/2006 11:58:50 N/A
==========================================================================
39
Set application file type

Step1
Select 2 in the file control submenu. The following information appears:

'M' = MAIN 'B' = BACKUP 'S' = SECURE 'N/A' = NOT ASSIGNED ========================================================================== |NO. Size(B) |1 |0 36640996 Exit Time Type Name cfa0:/A5000.bin | | | Jan/20/2034 10:12:36 M
========================================================================== Enter file No:
Step2
Enter the file number at the prompt above. In this example, type 1 for A5000.bin, and press Enter. The system prompts you to specify a new file type:
Modify the file attribute: ========================================================================== |<1> +Main |<2> -Main |<3> +Backup |<4> -Backup |<0> Exit | | | | |
========================================================================== Enter your choice(0-4)
Step3
Select 1 for +Main (set to M), 2 for Main (remove the current M attribute), 3 for +Backup (set to B), or 4 for Backup (remove the current B attribute). For details about the file types, refer to section Application image file. Delete files Select 3 in the file control submenu. The following information appears:
Deleting the file in cfa0: 'M' = MAIN 'B' = BACKUP 'S' = SECURE 'N/A' = NOT ASSIGNED
Step4 Step5
========================================================================== |NO. Size(B) |1 |2 |0 36640996 795 Exit Time Type Name cfa0:/A5000.bin cfa0:/startup.cfg | | | |
Jan/20/2034 10:12:36 M Jan/20/2006 11:58:50 N/A
========================================================================== Enter file No:
Step6 Step7
Type a file number and press Enter. The system asks you to confirm your operation.
The file you selected is cfa0:/startup.cfg,Delete it? [Y/N]
Enter Y for confirmation. The following message appears, indicating the file was successfully deleted.
Deleting..........Done!
Exit to the main menu

Select 0 to return to the BootWare main menu.
40
Dealing with access controller password loss

This section tells you how to deal with loss of Boot ROM password, user password or super password.
Dealing with user password loss

If you forget your user password, the system will refuse your login. In this case, set a new user password by following the steps below.
Step1
Enter the BootWare main menu and select 6 to bypass the current configuration in system startup. The following information appears:
Flag Set Success.
Step2 Step3
When the BootWare main menu appears again, select 0 to restart the system.
System starts booting ...
Set a new user password in system view.

[HP]user-interface con 0 [HP-ui-console0]authentication-mode password [HP-ui-console0]set authentication password simple 123456
This information indicates that password authentication is used for console port login, the password is set to 123456, and it is stored in plain text. NOTE: After reboot, the system runs with the initial default configuration, while the original configuration file is still kept in the CF card. To restore the original configuration, use the display saved-configuration command to locate the configuration file, and then copy and run it. If the password is stored in plain text, you can use the display current-configuration command to view the password in the current configuration. If you use the set authentication password cipher 123456 command to set your password, the password will be stored in cipher text.
Step4
Save your new password.

[HP] save
NOTE: After modifying the user password, use the save command to save it.
Dealing with Boot ROM password loss

Contact your agent in the event of Boot ROM password loss for help to log into the access controller to set a new password. To change the BootWare password, enter the BootWare main menu, select 5, and follow the prompts:
please input old password: Please input new password:
41

Please input new password again: Password Set Successfully.
NOTE: Once you enter a wrong old password or different new passwords, the password modification operation fails and the system exits this operation. The BootWare password can consist of a maximum of 32 printable characters, including letters, numerals, and symbols.
Super password loss

You need a super password to switch among the four privilege levels to perform higher privilege operations. In the event of super password loss, do the following:
1. 2.
Enter 8 in the main Boot ROM menu to clear the super password. Quit the menu and reboot. Then, you can directly enter into system view. Note that the operation is a one-time operation. You will be asked to provide the super user password for authentication at the next boot.
Backing up and restoring the Boot ROM image

Step1 Step2
Select 7 in the BootWare main menu to enter the BootWare operation submenu. For details about this submenu, refer to section Boot ROM operation submenu. Back up or restore the BootWare. To back up the entire BootWare to the CF card, select 1 in the BootWare main menu and follow the prompts.
Will you backup the Basic BootWare? [Y/N]Y Begin to backup the Basic BootWare...................Done! Will you backup the Extend BootWare? [Y/N]Y Begin to backup the Extend BootWare...................Done!
To restore the backup BootWare from the CF card, select 2 in the BootWare main menu and follow the prompts.
Will you restore the Basic BootWare? [Y/N]Y Begin to restore Normal Basic BootWare.................Done! Will you restore the Extend BootWare? [Y/N]Y.................Done!
42
Compatibility for H3C WX Series Access Controller

Hardware and software compatibility matrix for H3C WX Series Access Controller
Table 12 WX Series Access Controller Module Compatibility Table WX Series Access Controller Module Software Version Frame Software Version
S5800_5820X-CMW520-R11 08 and later version LSWM1WCM10 WX5004-CMW520R2105 and later version H3C S5800-60C-PWR H3C S5820X-28C The latest version: S5800_5820X-CMW520-R11 10P05 S5800_5820X-CMW520-R12 06
Feature updates relative to WX5004-CMW520-R2107P10

Table 13 Feature updates Item Description
A5000-CMW520-R2303(First release on new branch)

New features: None Deleted features: None Hardware feature updates Modified features: 1. BOOTWARE extend section of HP A5800 Access Controller OAA Module Card update to version 1.37 2. BOOTWARE extend section of HP A-WX5004 Access Controller and HP A-WX5002 Access Controller update to version 1.13 New features: 1. The portal now supports proxy Software feature updates 2. 802.1 MIB has been supported 1n 3. DHCP Snooping dynamic entry storage 4. Defend to the TCP SYN Flood attack 5. The boot APP file could be displayed and modified by the Web Hewlett-Packard Development Company, L.P. 43
Item
Description
interface 6. Security Association of the AC and BAS board card 7. Permit the configuration of permit mac before the user isolation module(only by command line) 8. Multi-core platform supports WLAN forward 9. Remote AP function is now supported 10. NAT between AC and AP 11. LEAD certification is supported in 802.1X 12. Mesh link information could be inspected via the Web interface 13. Dual DHCP server machines backup is supported 14. Multicast group switch is now supported on the AP equipment 15. Sniffer function is now supported on the AP equipment 16. Smart Bandwidth promise function based on the SSID 17. The SSID would not be broadcasted any more after the user of the AP reach the maxim limit 18. AP-based user speed constrain policy is now supported 19. RFPing feature is now supported 20. UserProfile is now supported in the local forward 21. 1 AP 20/40M channel switch is now supported 1n 22. 1 Protective mode is now supported 1n 23. (1 1n)STA side Power Save mode switch is now supported 24. (1 1n) Aggregative packet upload and statistical feature is now supported on the WLAN platform 25. Export of the wireless user Authorization log is now supported 26. STA IP information from the ARP snooping is now supported 27. After the local portal server Authorization succeeds, the original requested URL would be returned 28. CTS to self mode could be launched forcedly 29. Signal channel load rate estimate is now supported 30. Mesh signal channel automate adaption is now supported 31. Under portal Authorization, online user detecting via ARP feature is supported 32. Power Table modification(Different Country codes support respecting power table) 33. Work load distribution based on radio interface is now supported now 34. The management VLAN now support tag 35. AC could configure the AP local attributes 36. RRM parameter is now configurable 37. Time Zone could be added on the Web interface 38. DHCPv6 ServerDHCPv6 ClientDHCPv6 Relay are now supported 39. WLAN relevant passwords now could displayed in encrypted format. 40. Default Country code and radio configuration is now supported. 41. Support Mib Node: NAS-ID Deleted features: None
44
Item
Description
Modified features: 42. The AP name length limit has been promoted to 32 characters from previous 15 characters 43. The length of device name section in the manufacture information has been promoted to 120 Bytes 44. ARP Snooping module now ignore the port inspection
Command line updates relative to WX5004-CMW520-R2107P10

Table 14 Command line updates Item Description
1. Command 1: display ipv6 dhcp duid [ | { begin | exclude | include } regular-expression display ipv6 dhcp client [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression display ipv6 dhcp client statistics [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression display ipv6 dhcp relay server-address { all | interface interface-type interface-number } [ | { begin | exclude | include } regular-expression display ipv6 dhcp relay statistics [ | { begin | exclude | include } regular-expression display ipv6 dhcp pool [ pool-number ] [ | { begin | exclude | include } regular-expression New commands display ipv6 dhcp prefix-pool [ prefix-pool-number ] [ | { begin | exclude | include } regular-expression display ipv6 dhcp server [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression display ipv6 dhcp server pd-in-use { all | pool pool-number | prefix prefix/prefix-len | prefix-pool prefix-pool-number } [ | { begin | exclude | include } regular-expression display ipv6 dhcp server statistics [ | { begin | exclude | include } regular-expression display ipv6 dhcp snooping trust [ | { begin | exclude | include } regular-expression display ipv6 dhcp snooping user-binding { ipv6-address | dynamic } [ | { begin | exclude | include } regular-expression reset ipv6 dhcp snooping user-binding { ipv6-address | dynamic } reset ipv6 dhcp client statistics [ interface interface-type interface-number ] Hewlett-Packard Development Company, L.P. 45
Item
Description
reset ipv6 dhcp relay statistics reset ipv6 dhcp server pd-in-use { all | pool pool-number | prefix prefix/prefix-len } reset ipv6 dhcp server statistics Description: See Layer 3 Command Reference of H3C WX Series Access Controllers Command Reference. 2. Command 2: display ipv6 adjacent-table { all | physical-interface interface-type interface-number | routing-interface interface-type interface-number | slot slot-id } [ count | verbose ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display IPv6 adjacency table entries, with filter function by specifying a regular expression. 3. Command 3: display ipv6 fib [ acl6 acl6-number | ipv6-prefix ipv6-prefix-name ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display IPv6 FIB entries. 4. Command 4: display mac-forwarding statistics [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display Layer 2 forwarding statistics. 5. Command 5: display mac-fast-forwarding cache { all | { destination-mac mac-address | source-mac mac-address | vlan vlan-id }* } [ verbose ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display fast Layer 2 forwarding entries. 6. Command 6: display stp bpdu-statistics [ interface interface-type interface-number [ instance instance-id ] ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display the BPDU statistics on ports. 7. Command 7: display qos rtpq interface [ interface-type interface-number [ pvc { pvc-name [ vpi/vci ] | vpi/vci } ] ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display the information of the current IP RTP priority queue, including the queue length and the number of dropped packets on an interface/PVC or all interfaces/PVCs. 8. Command 8: display dns host [ ip | ipv6 | naptr | srv ] [ | { begin | exclude | include }
46
Item
Description
regular-expression View: Any view Description: Display the dynamic DNS cache information. 9. Command 9: display nqa reaction counters [ admin-name operation-tag [ item-number ] ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display the current monitoring results of reaction entries. 10. Command 10: display dhcp-snooping binding database [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display the DHCP snooping entry file information. 11. Command 1 1: display igmp-snooping host vlan vlan-id group group-address [ source source-address ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display information about the hosts tracked by IGMP snooping. 12. Command 12: display igmp host port-info vlan vlan-id group group-address [ source source-address ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Information about the hosts tracked by IGMP on the Layer 2 ports. 13. Command 13: display mld-snooping host vlan vlan-id group ipv6-group-address [ source ipv6-source-address ] [ | { begin | exclude | include } regular-expression View: Any view Description: Display information about the hosts tracked by MLD snooping. 14. Command 14: display mld host port-info vlan vlan-id group ipv6-group-address [ source ipv6-source-address ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display information about the hosts tracked by MLD on the Layer 2 ports. 15. Command 15: display interface [ interface-type ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] display interface interface-type { interface-number | interface-number.subnumber } [ brief ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display Ethernet interface information. 16. Command 16:
47
Item
Description
display dhbk status [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display the stateful failover status information. 17. Command 17: display forwarding policy [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display the current flow classification policy. 18. Command 18: display password-control [ super ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display password control configuration information. 19. Command 19: display password-control blacklist [ user-name name | ip ipv4-address | ipv6 ipv6-address ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display information about users blacklisted due to authentication failure. 20. Command 20: display current-configuration exclude modules [ by-linenum ] [ | { begin | exclude | include } regular-expression ] ] View: Any view Description: Displays all lines of current configuration that do not match the specified regular expression. 21. Command 21: reset wlan ap provision { all | name ap-name } View: Any view Description: Remove the wlan_ap_cfg.wcfg file of the specified AP or all APs. 22. Command 22: save wlan ap provision { all | name ap-name } View: Any view Description: Save the configuration in AP configuration view to the wlan_ap_cfg.wcfg file of the specified AP or all APs. 23. Command 23: reset password-control blacklist [ user-name name ] View: User view Description: Remove all or one user from the blacklist. 24. Command 24: reset password-control history-record [ user-name name | super [ level level ] ] View: User view Description: Delete history password records.
48
Item
Description
25. Command 25: license register feature-name serial-number View: User view Description: register the license of a feature. 26. Command 26: reset mac-forwarding statistics View: User view Description: Clear all Layer 2 forwarding statistics. 27. Command 27: reset mac-fast-forwarding cache { all | { destination-mac mac-address | source-mac mac-address | vlan vlan-id }* } View: User view Description: Clear fast Layer 2 forwarding entries. 28. Command 28: info-center format unicom undo info-center format View: System view Description: Set the format of the system information sent to a log host to UNICOM. Restore the default, by default, the format of the system information sent to a log host is H3C. 29. Command 29: dhbk enable backup-type { dissymmetric-path | symmetric-path } undo dhbk enable View: System view Description: Enable stateful failover in a specified mode. Restore the default, by default, stateful failover is disabled. 30. Command 30: dhbk vlan vlan-id undo dhbk vlan View: System view Description: Specify a VLAN as a backup VLAN. Restore the default, by default, no backup VLAN is configured on the device. 31. Command 31: mac-fast-forwarding undo mac-fast-forwarding View: System view Description: Enable fast Layer 2 forwarding. Disable fast Layer 2 forwarding. By default, fast Layer 2 forwarding is enabled. 32. Command 32: shutdown-interval time undo shutdown-interval View: System view
49
Item
Description
Description: Set a detection interval. Restore the default, by default, the detection interval is 30 seconds. 33. Command 33: tcp syn-cookie enable undo tcp syn-cookie enable View: System view Description: Enable the SYN Cookie feature to protect the device against SYN Flood attacks. Disable the SYN Cookie feature. By default, the SYN Cookie feature is enabled. 34. Command 34: vrrp ipv6 method { real-mac | virtual-mac } undo vrrp ipv6 method View: System view Description: Specify the type of the MAC addresses mapped to the virtual IPv6 addresses of. Restore the default. By default, the virtual MAC addresses are mapped to the virtual IP addresses of the VRRP. 35. Command 35: dns spoofing ip-address undo dns spoofing View: System view Description: Enable DNS spoofing and specify IP address used to spoof name query requests. Disable DNS spoofing. By default, DNS spoofing is disabled. 36. Command 36: dot1x domain-delimiter string undo dot1x domain-delimiter View: System view Description: Specify a set of domain name delimiters supported by the access device. Restore the default. By default, the access device supports only the at sign (@) delimiter for 802.1X users. 37. Command 37: port-security timer autolearn aging time-value undo port-security timer autolearn aging View: System view Description: Set the sticky MAC aging timer. Restore the default. By default, sticky MAC addresses never age out. 38. Command 38: dhcp-snooping binding database update now View: System view Description: Store DHCP snooping entries to the file. 39. Command 39: dhcp-snooping binding database update interval minutes
50
Item
Description
undo dhcp-snooping binding database update interval View: System view Description: Set the interval at which the DHCP snooping entry file is refreshed. Restore the default. By default, the DHCP snooping entry file is not refreshed periodically. 40. Command 40: dhcp-snooping binding database update interval minutes undo dhcp-snooping binding database update interval View: System view Description: Specify the name of the file for storing DHCP snooping entries. Restore the default. By default, no file name is specified. 41. Command 41: wlan ap-provision ac { host-name host-name | ip ip-address | ipv6 ipv6-address } undo wlan ap-provision ac { host-name | ip { ip-address | all } | ipv6 { ipv6-address | all } } View: System view Description: Specify a global AC so that all APs can discover the AC. Restore the default. By default, no global AC is specified. 42. Command 42: portal server server-name server-detect method { http | portal-heartbeat } * action { log | permit-all | trap } * [ interval interval ] [ retry retries ] undo portal server server-name server-detect View: System view Description: Configure portal server detection, including the detection method, action, probe interval, and maximum number of probe attempts. cancel the detection of the specified portal server. By default, the portal server detection function is not configured. 43. Command 43: portal server server-name user-sync [ interval interval ] [ retry retries ] undo portal server server-name user-sync View: System view Description: Configure portal user information synchronization with a specified portal server. cancel the portal user information synchronization configuration with the. By default, the portal user synchronization function is not configured. 44. Command 44: portal redirect-url url-string [ wait-time period ] undo portal redirect-url View: System view Description: Specify the auto redirection URL for authenticated portal users. Restore the default. By default, a user authenticated is redirected to the URL the user typed in the address bar before portal authentication.
51
Item
Description
45. Command 45: ipv6 unreachables enable undo ipv6 unreachables ipv6 dhcp pool pool-number undo ipv6 dhcp pool pool-number ipv6 dhcp prefix-pool prefix-pool-number prefix prefix/prefix-len assign-len assign-len undo ipv6 dhcp prefix-pool prefix-pool-number ipv6 dhcp server enable undo ipv6 dhcp server enable ipv6 dhcp snooping enable undo ipv6 dhcp snooping enable Description: See Layer 3 Command Reference of H3C WX Series Access Controllers Command Reference. 46. Command 46: qos pql pql-index protocol ip [ queue-key key-value ] queue { bottom | middle | normal | top } undo qos pql pql-index protocol ip [ queue-key key-value ] View: System view Description: Specify a queue for the IP packets that match a certain match criterion. Delete the match criterion. By default, no match criterion is configured. 47. Command 47: qos cql cql-index protocol ip [ queue-key key-value ] queue queue-number undo qos cql cql-index protocol ip [ queue-key key-value ] View: System view Description: Assign a custom queue for IP packets that match a certain criterion. Delete the match criterion. By default, no match criterion is configured. 48. Command 48: password-control history max-record-num undo password-control history password-control alert-before-expire alert-time undo password-control alert-before-expire password-control composition type-number type-number [ type-length type-length ] undo password-control composition password-control authentication-timeout authentication-timeout undo password-control authentication-timeout password-control login-attempt login-times [ exceed { lock | lock-time time | unlock } ]
52
Item
Description
undo password-control login-attempt password-control aging aging-time undo password-control aging password-control length length undo password-control length password-control history max-record-num undo password-control history password-control enable undo password-control enable password-control password update interval interval undo password-control password update interval password-control login idle-time idle-time undo password-control login idle-time password-control expired-user-login delay delay times times undo password-control expired-user-login password-control complexity { same-character | user-name } check undo password-control complexity { same-character | user-name } check Description: See Security Command Reference of H3C WX Series Access Controllers Command Reference. 49. Command 49: password-control aging aging-time undo password-control aging password-control length length undo password-control length password-control composition type-number type-number [ type-length type-length ] undo password-control composition group-attribute allow-guest undo group-attribute allow-guest View: User group view Description: Use the password-control command to set the password aging time, the minimum password length and the password composition policy. Use the command to set the guest attribute for a user group. 50. Command 50: state secondary { accounting | authentication } [ ip ipv4-address | ipv6 ipv6-address ] { active | block } View: User group view Description: Use the state secondary command to set the status of a secondary RADIUS server. 51. Command 51: user-credentials { ldap-scheme ldap-scheme-name [ local ] | local }
53
Item
Description
undo user-credentials View: EAP profile view Description: Use the user-credentials command to specify the database to be used for user credential verification in local EAP authentication. 52. Command 52: client-verify weaken undo client-verify weaken View: SSL server policy view Description: Use the client-verify weaken command to enable SSL client weak authentication. 53. Command 53: host-tracking undo host-tracking View: MLD-snooping / IGMP-Snooping view Description: Use the host-tracking command to enable the MLD snooping or IGMP snooping host tracking function globally. 54. Command 54: dot11a calibrate-power threshold value undo dot11a calibrate-power threshold dot11a calibrate-power min tx-power undo dot11a calibrate-power min dot11bg calibrate-power threshold value undo dot11bg calibrate-power threshold dot11bg calibrate-power min tx-power undo dot11bg calibrate-power min View: RRM view Description: Use the calibrate-power threshold command to configure the power adjustment threshold for radios. Use the calibrate-power min command to configure the minimum radio transmission power. 55. Command 55: dot11a calibrate-channel pronto ap { all | name apname radio radio-num } dot11a calibrate-power pronto ap { all | name apname radio radio-num } dot11bg calibrate-channel pronto ap { all | name apname radio radio-num } dot11bg calibrate-power pronto ap { all | name apname radio radio-num } View: RRM view Description: Use the command to configure one-time DFS or TPC for AP. 56. Command 56: undo preamble View: Radio view Description: Use the undo preamble command to specify the preamble type to be the default value. 57. Command 57:
54
Item
Description
provision undo provision View: AP template view Description: Use the provision command to create and enter AP configuration view. 58. Command 58: ac { host-name host-name | ip ip-address | ipv6 ipv6-address } undo ac { host-name | ip { ip-address | all } | ipv6 { ipv6-address | all } } dns domain domain-name undo dns domain gateway { ip ip- address | ipv6 ipv6-address } undo gateway { ip | ipv6 | all } ip address ip-address { mask | mask-length } undo ip address ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } undo ipv6 address vlan pvid vlan-id undo vlan pvid vlan tagged vlan-id-list undo vlan tagged vlan-id-list vlan untagged vlan-id-list undo vlan untagged vlan-id-list View: AP configuration view Description: See WLAN Command Reference of H3C WX Series Access Controllers Command Reference. 59. Command 59: default View: Interface view Description: Use the default command to restore the default settings for the interface. 60. Command 60: mtu size undo mtu View: Vlan interface view Description: Use the mtu command to set the MTU for a VLAN interface. Use the undo mtu command to restore the default. By default, the MTU of a VLAN interface is 1500 bytes. Related commands: display interface vlan-interface. 61. Command 61: portal nas-port-type { ethernet | wireless } undo portal nas-port-type
55
Item
Description
View: Vlan Interface view Description: Use the portal nas-port-type command to specify the access port type (indicated by the NAS-Port-Type value) on the current interface. The specified NAS-Port-Type value will be carried in the RADIUS requests sent from the device to the RADIUS server. Use the undo portal nas-port-type command to restore the default. By default, the access port type of an interface is not specified, and the NAS-Port-Type value carried in RADIUS requests is the user access port type obtained by the access device. 62. Command 62: access-user detect type arp retransmit number interval interval undo access-user detect View: Vlan Interface view Description: Use the access-user detect command to configure the online portal user detection function.Use the undo access-user detect command to restore the default. By default, the portal user detection function is not configured on an interface. With this function configured on an interface, the device periodically sends ARP requests to portal users on the interface to check whether the portal users are still online. This function is available only for the direct and re-DHCP portal authentication configured on a Layer 3 interface. 63. Command 63: ipv6 dhcp relay server-address ipv6-address [ interface interface-type interface-number ] undo ipv6 dhcp relay server-address ipv6-address [ interface interface-type interface-number ] ipv6 dhcp server apply pool pool-number [ allow-hint | preference preference-value | rapid-commit ] undo ipv6 dhcp server apply pool ipv6 nd ra no-advlinkmtu undo ipv6 nd ra no-advlinkmtu View: Vlan interface view Description: See Layer 3 Command Reference of H3C WX Series Access Controllers Command Reference. 64. Command 64: dhcp relay client-detect enable dhcp relay check mac-address dhcp server client-detect enable undo dhcp relay address-check enable undo dhcp relay client-detect enable undo dhcp relay check mac-address undo dhcp server client-detect enable
56
Item
Description
View: Vlan interface view Description: See Layer 3 Command Reference of H3C WX Series Access Controllers Command Reference. 65. Command 65: dhcp-snooping trust [ no-user-binding ] undo dhcp-snooping trust dhcp-snooping check mac-address undo dhcp-snooping check mac-address dhcp-snooping check request-message undo dhcp-snooping check request-message View:Wlan-ess interface view Description: See Layer 3 Command Reference of H3C WX Series Access Controllrs Command Reference. 66. Command 66: ipv6 neighbors max-learning-num number undo ipv6 neighbors max-learning-num View:Wlan-ess interface view Description: Use the ipv6 neighbors max-learning-num command to configure the maximum number of neighbors that can be dynamically learned on the interface. Use the undo ipv6 neighbors max-learning-num command to restore the default. 67. Command 67: dot1x handshake secure undo dot1x handshake secure View:Wlan-ess interface view Description: Use the dot1x handshake secure command to enable the online user handshake security function. The function enables the device to prevent users from using illegal client software. Use the undo dot1x handshake secure command to disable the function. 68. Command 68: igmp-snooping router-port-deny [ vlan vlan-list ] undo igmp-snooping router-port-deny [ vlan vlan-list ] mld-snooping router-port-deny [ vlan vlan-list ] undo mld-snooping router-port-deny [ vlan vlan-list ] shutdown undo shutdown View: Port-group view Description: See IP Multicast Command Reference of H3C WX Series Access Controllers Command Reference. 69. Command 69: undo protocol inbound
57
Item
Description
View: VTY interface view Description: Restore the default. 70. Command 70: qos fifo queue-length queue-length undo qos fifo queue-length View: Interface view, PVC view Description: Use the qos fifo queue-length command to set the FIFO queue length. Use the undo qos fifo queue-length command to restore the default. 71. Command 71: qos rtpq start-port first-rtp-port-number end-port last-rtp-port-number bandwidth bandwidth [ cbs burst ] undo qos rtpq View: Interface view, PVC view Description: Use the qos rtpq command to enable RTP queuing for RTP packets with even UDP destination port numbers in the specified range on the interface/PVC. Use the undo qos rtpq command to disable RTP queuing on the interface/PVC. By default, RTP queuing is disabled on an interface/PVC. This command provides preferential services for delay-sensitive applications, such as real-time voice transmission. Set the bandwidth argument to a value greater than the total bandwidth that the real-time application requires to allow bursty traffic. 72. Command 72: dhcp-snooping check mac-address undo dhcp-snooping check mac-address View: Layer 2 Ethernet interface view, Layer 2 aggregate interface view, WLAN-BSS interface view, WLAN-ESS interface view Description: Use the dhcp-snooping check mac-address command to enable MAC address check on a DHCP snooping device. Use the undo dhcp-snooping check mac-address command to disable MAC address check of DHCP snooping. By default, this function is disabled. With this function enabled, the DHCP snooping device compares the chaddr field of a received DHCP request with the source MAC address field in the frame. If they are the same, the DHCP snooping device decides this request valid and forwards it to the DHCP server. If not, the DHCP request is discarded. 73. Command 73: dhcp-snooping check request-message undo dhcp-snooping check request-message View: Layer 2 Ethernet interface view, Layer 2 aggregate interface view, WLAN-BSS interface view, WLAN-ESS interface view
58
Item
Description
Description: Use the dhcp-snooping check request-message command to enable DHCP-REQUEST message check of DHCP snooping. Use the undo dhcp-snooping check request-message command to disable DHCP-REQUEST message check of the DHCP snooping. By default, this function is disabled. With this function enabled, upon receiving a DHCP-REQUEST message, a DHCP snooping device searches local DHCP snooping entries for the corresponding entry of the message. If an entry is found, the DHCP snooping device compares the entry with the message information. If they are consistent, the DHCP-REQUEST message is considered as valid lease renewal request and forwarded to the DHCP server. If they are not consistent, the messages is considered as forged lease renewal request and discarded. If no corresponding entry is found locally, the message is considered valid and forwarded to the DHCP server 74. Command 74: ipv6 dhcp snooping trust undo ipv6 dhcp snooping trust View: Layer 2 Ethernet interface view, Layer 2 aggregate interface view Description: Use the ipv6 dhcp snooping trust command to configure a DHCPv6 trusted port. Use the undo ipv6 dhcp snooping trust command to restore the default. By default, all interfaces of a device with DHCPv6 snooping enabled globally are untrusted ports. After DHCPv6 snooping is enabled, to ensure that DHCPv6 clients can obtain IPv6 addresses from an authorized DHCPv6 server, you need to configure the port that connects to the authorized DHCPv6 server as a trusted port. 75. Command 75: ipv6 dhcp snooping max-learning-num number undo ipv6 dhcp snooping max-learning-num View: Layer 2 Ethernet interface view, Layer 2 aggregate interface view Description: Use the ipv6 dhcp snooping max-learning-num command to configure the maximum number of DHCPv6 snooping entries an interface can learn. Use the undo ipv6 dhcp snooping max-learning-num command to restore the default. By default, the number of DHCPv6 snooping entries learned by an interface is not limited. 76. Command 76: ipv6 neighbors max-learning-num number undo ipv6 neighbors max-learning-num View: interface view Description: Use the ipv6 neighbors max-learning-num command to configure the maximum number of neighbors that can be dynamically
59
Item
Description
learned on the interface. Use the undo ipv6 neighbors max-learning-num command to restore the default. By default, a Layer 2 interface does not limit the number of neighbors dynamically learned. The maximum number of neighbors that a Layer 3 interface can learn depends on the device model. 77. Command 77: dot1x unicast-trigger undo dot1x unicast-trigger View: Ethernet interface view Description: Use the dot1x unicast-trigger command to enable the 802.1X unicast trigger function. Use the undo dot1x unicast-trigger command to disable the function. By default, the unicast trigger function is disabled. The unicast trigger function enables the network access device to initiate 802.1X authentication when it receives a data frame from an unknown source MAC address. The device sends a unicast Identity EAP/Request packet to the unknown source MAC address, and retransmits the packet if it has received no response within a period of time (set with the dot1x timer tx-period command). This process continues until the maximum number of request attempts (set with the dot1x retry command) is reached. Related commands: Display dot1x, dot1x timer tx-period, and dot1x retry. 78. Command 78: dot1x handshake secure undo dot1x handshake secure View: Ethernet interface view Description: Use the dot1x handshake secure command to enable the online user handshake security function. The function enables the device to prevent users from using illegal client software. Use the undo dot1x handshake secure command to disable the function. By default, the function is disabled. The online user handshake security function is implemented based on the online user handshake function. To bring the security function into effect, make sure the online user handshake function is enabled. H3C recommends you use the iNode client software and iMC server to ensure the normal operation of the online user handshake security function. Related commands: dot1x handshake. 79. Command 79: igmp-snooping router-port-deny [ vlan vlan-list ] undo igmp-snooping router-port-deny [ vlan vlan-list ] View: Layer 2 Ethernet interface view, Layer 2 aggregate interface view, port group view Description: Use the igmp-snooping router-port-deny command to disable a
60
Item
Description
port or a group of ports from changing into dynamic router ports. Use the undo igmp-snooping router-port-deny command to restore the default. By default, a port can change into a dynamic router port. For a switch that supports both IGMP snooping and IGMP, this command works on both IGMP snoopingenabled VLANs and VLANs with IGMP enabled on their VLAN interfaces. If you do not specify any VLAN when using this command in Layer 2 Ethernet interface view or Layer 2 aggregate interface view, the command takes effect for all VLANs the interface belongs to. If you specify one or more VLANs, the command takes effect for the specified VLAN or VLANs that the interface belongs to. If you do not specify any VLAN when using this command in port group view, the command takes effect on all the ports in this group. If you specify one or more VLANs, the command takes effect only on those ports in this group that belong to the specified VLAN or VLANs. 80. Command 80: mld-snooping router-port-deny [ vlan vlan-list ] undo mld-snooping router-port-deny [ vlan vlan-list ] View: Layer 2 Ethernet interface view, Layer 2 aggregate interface view, port group view Description: Use the mld-snooping router-port-deny command to disable a port or a group of ports from changing into dynamic router ports. Use the undo mld-snooping router-port-deny command to restore the default. By default, a port can change into a dynamic router port. For a switch that supports both MLD snooping and MLD, this command works on both MLD snoopingenabled VLANs and VLANs with MLD enabled on their VLAN interfaces. If you do not specify any VLAN when using this command in Layer 2 Ethernet interface view or Layer 2 aggregate interface view, the command will take effect for all VLANs the interface belongs to. If you specify a VLAN or multiple VLANs, the command will take effect for the specified VLAN or VLANs that the interface belongs to. If you do not specify any VLAN when using this command in port group view, the command will take effect on all the ports in this group. If you specify a VLAN or multiple VLANs, the command will take effect only on those ports in this group that belong to the specified VLAN or VLANs. 81. Command 81: port-security mac-address security [ sticky ] mac-address vlan vlan-id undo port-security mac-address security [ sticky ] mac-address vlan vlan-id View: Layer 2 Ethernet interface view Description: Use the undo port-security mac-address security command to remove a secure MAC address in system view. 82. Command 82: 61
Item
Description
igmp-snooping host-tracking undo igmp-snooping host-tracking mld-snooping host-tracking undo mld-snooping host-tracking ipv6 dhcp snooping vlan enable undo ipv6 dhcp snooping vlan enable View: VLAN Description: See Layer 3 Command Reference and IP Multicast Command Reference of H3C WX Series Access Controllers Command Reference. 83. Command 83: if-match [ not ] local-precedence local-precedence-list undo if-match [ not ] local-precedence local-precedence-list View: QoS Description: Matches local precedence. The local-precedence-list argument is a list of up to eight local precedence values. A local precedence ranges from 0 to 7. 84. Command 84: reaction item-number checked-element icpif threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ] reaction item-number checked-element mos threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ] reaction item-number checked-element packet-loss threshold-type accumulate accumulate-occurrences [ action-type { none | trap-only } ] reaction item-number checked-element { owd-ds | owd-sd } threshold-value upper-threshold lower-threshold reaction item-number checked-element { jitter-ds | jitter-sd } threshold-type { accumulate accumulate-occurrences | average } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ] reaction item-number checked-element rtt threshold-type { accumulate accumulate-occurrences | average } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ] reaction item-number checked-element probe-duration threshold-type { accumulate accumulate-occurrences | average | consecutive consecutive-occurrences } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ] mode { active | passive } undo mode View: UDP jitter, voice test type view Description: See Network Management and Monitoring Command Reference of H3C WX Series Access Controller Command Reference. 85. Command 85: vendor-class-identifier hex-string&<1-255> ip max-address undo vendor-class-identifier hex-string&<1-255> View: DHCP range min-address
62
Item
Description
Description: Use the vendor-class-identifier command to specify an IP address range for the DHCP clients of a specified vendor. Use the undo vendor-class-identifier command to restore the default. 86. Command 86: dns-server ipv6-address undo dns-server ipv6-address dns-server ipv6-address undo dns-server ipv6-address prefix-pool prefix-pool-number [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo prefix-pool sip-server { address ipv6-address | domain-name domain-name } undo sip-server { address ipv6-address | domain-name domain-name } static-bind prefix prefix/prefix-len duid duid [ iaid iaid ] [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo static-bind prefix prefix/prefix-len ds-lite address ipv6-address undo ds-lite address View: DHCPv6 address pool Description: See Layer 3 Command Reference of H3C WX Series Access Controllers Command Reference. 87. Command 87: password-control aging aging-time undo password-control aging password-control composition type-number type-number [ type-length type-length ] undo password-control composition password-control length length undo password-control length validity-date time undo validity-date reset wlan ap provision { all | name ap-name } crypto-digest sha256 file filename View: Local user Description: See Security Command Reference, WLAN Command Reference and Fundamentals Command Reference of H3C WX Series Access Controllers Command Reference. 88. Command 88: wlan ap-provision dns domain domain-name undo wlan ap-provision dns domain View: System view Description: Use the wlan ap-provision dns domain command to specify a domain name suffix for the global DNS server of the AP. Use the undo wlan ap-provision dns domain command to remove the
63
Item
Description
configuration. By default, no domain name suffix is specified for the global DNS server of the AP. You can specify at most one domain name suffix for the global DNS server. The wlan ap-provision dns domain command takes effect on all APs, and the dns domain command in AP configuration view takes effect on the specified AP. If you configure both commands, the configuration in AP configuration view applies to the specified AP. Related commands: dns domain. 89. Command 89: wlan ap-provision dns server { ip ip-address | ipv6 ipv6-address } undo wlan ap-provision dns server { ip | ipv6 } View: System view Description: Use the wlan ap-provision dns server command to specify a global DNS server for the AP. Use the undo wlan ap-provision dns server command to remove the configuration. By default, no global DNS server is specified for the AP. You can specify at most one global IPv4 DNS server and one global IPv6 DNS server. The wlan ap-provision dns server command takes effect on all APs, and the dns server command in AP configuration view takes effect on the specified AP. If you configure both commands, the configuration in AP configuration view applies to the specified AP. Related commands: dns server. 90. Command 90: undo dns domain View: AP configuration view Description: Use the undo dns domain command to remove the configuration. By default, no domain name suffix is specified for the DNS server of the AP. 91. Command 91: hybrid-remote-ap enable undo hybrid-remote-ap enable View: AP template view Description: Use the hybrid-remote-ap enable command to enable the AP to work in hybrid mode. When the connection between an AP in hybrid mode and the AC is terminated, the AP automatically enables local forwarding mode (disregarding whether local forwarding is configured on the AC) to forward packets for associated clients, but it does not accept new association requests from clients. When the AP re-establishes a CAPWAP connection with the AC, the AP automatically switches back to centralized forwarding mode, and logs out all clients associated with it. Use the hybrid-remote-ap enable command to restore the default.
64
Item
Description
By default, hybrid mode is disabled. 92. Command 92: undo dns server ipv6 View: AP configuration view Description: Use the undo dns server command to remove the DNS server for the AP. By default, no DNS server is specified for the AP. 93. Command 93: display wlan country-code ap { all | name ap-name } [ | { begin | exclude | include } regular-expression ] View: Any view Description: name ap-name: Specifies the name of the AP, a case insensitive string of 1 to 32 characters that can contain letters, digits, and underlines, square brackets, slashes, and hyphens, but not spaces. all: Displays the country code information of all APs. |: Filters command output by specifying a regular expression. For more information about regular expressions, see the FundamentalsCommand Reference.. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters. 94. Command 94: country-code code undo country-code View: AP template view Description: Use the country-code command to specify the country code of the AP. Use the undo country-code command to remove the configuration. By default, no country code is configured for the AP, and the AP uses the global country code. An AP configured with a country code uses its own country code. Related commands: wlan country-code, display wlan country-code. 95. Command 95: trap-send times interval undo trap-send times View: System view Description: Use the trap-send times interval set the trap send collection interval. Use the undo trap-send times command to restore the default.
65
Item
Description
96. Command 96: tcp mss val undo tcp mss View: Interface view Description: Use the tcp mss command to configure the TCP MSS Use the undo tcp mss command to restore the default 97. Command97: undo fips mode enable fips mode enable display fips status crypto-diges sha256 file filename Description: See Security Command Reference of H3C WX Series Access Controllers Command Reference. 98. Command 98: display mirroring-group all View: Any view Description: displays all mirroring groups. 99. Command 2: undo mirroring-group all View: System view Description: remove all mirroring groups. 100. Command 3: transceiver phony-alarm-disable undo transceiver phony-alarm-disable View: System view Description: disable alarm of the phony modules. 101. Command 4: link-aggregation port-priority port-priority undo link-aggregation port-priority View: Ethernet interface view Description: Use the command to set the aggregation priority of a port. 102. Command 5: qos fifo queue-length queue-length undo qos fifo queue-length qos rtpq start-port first-rtp-port-number end-port last-rtp-port-number bandwidth bandwidth [ cbs burst ] undo qos rtpq View: Ethernet interface view Description: Use the qos fifo queue-length command to set the FIFO queue length. Use the qos rtpq command to enable RTP queuing for RTP packets with even UDP destination port numbers in the specified range on the
66
Item
Description
interface. 103. Command 6: dhcp-snooping check mac-address undo dhcp-snooping check mac-address dhcp-snooping check request-message undo dhcp-snooping check request-message View: Ethernet interface or Layer2 aggregate interface view Description: Use the command to enable MAC address check or DHCP-REQUEST message check on a DHCP snooping device. 104. Command 7: ipv6 dhcp snooping trust undo ipv6 dhcp snooping trust ipv6 dhcp snooping max-learning-num number undo ipv6 dhcp snooping max-learning-num View: Ethernet interface or Layer2 aggregate interface view Description: Use the ipv6 dhcp snooping trust command to configure a DHCPv6 trusted port. Use the ipv6 dhcp snooping max-learning-num command to configure the maximum number of DHCPv6 snooping entries an interface can learn. 105. Command 8: ipv6 neighbors max-learning-num number undo ipv6 neighbors max-learning-num View: Ethernet interface or Layer2 aggregate interface view Description: Use the command to configure the maximum number of neighbors that can be dynamically learned on the interface. 106. Command 9: dot1x handshake secure undo dot1x handshake secure dot1x unicast-trigger undo dot1x unicast-trigger View: Ethernet interface view Description: Use the dot1x handshake secure command to enable the online user handshake security function. Use the dot1x unicast-trigger command to enable the 802.1X unicast trigger function. 107. Command 10: igmp-snooping router-port-deny [ vlan vlan-list ] undo igmp-snooping router-port-deny [ vlan vlan-list ] mld-snooping router-port-deny [ vlan vlan-list ] undo mld-snooping router-port-deny [ vlan vlan-list ] View: Ethernet interface or Layer2 aggregate interface view Description: Use the command to disable a port or a group of ports from
67
Item
Description
changing into dynamic router ports. 108. Command 1 1: ipv6 address ipv6-address/prefix-length anycast undo ipv6 address ipv6-address/prefix-length anycast View: VLAN interface or management interface view Description: Use the command to configure an IPv6 anycast address for an interface. 1. Command 1: display pppoe-server session packet Module of the command: PPPoE Description: Specification modified. 2. Command 2: display ipv6 fibcache Module of the command: IPv6 Description: Specification modified. 3. Command 3: display dldp [ interface-type interface-number ] Module of the command: DLDP Description: Specification modified. 4. Command 4: display dldp statistics [ interface-type interface-number ] Module of the command: DLDP Description: Specification modified. 5. Command 5: display dns [ ipv6 ] dynamic-host Module of the command: DNS Description: Specification modified. 6. Command 6: display anti-attack { protocol protocol | all } Module of the command: Security Description: Specification modified. 7. Command 7: reset anti-attack statistics Module of the command: Security Description: Specification modified. 8. Command 8: snmp-agent trap enable ip address snmp-agent trap enable dhcp server undo snmp-agent trap enable ip address undo snmp-agent trap enable dhcp server Module of the command: SNMP
Removed commands
68
Item
Description
Description: Specification modified. 9. Command 9: dldp enable undo dldp enable dldp interval time undo dldp interval dldp delaydown-timer time undo dldp delaydown-timer dldp reset Module of the command: DLDP Description: Specification modified. 10. Command 10: portal trap server-down undo portal trap server-down Module of the command: Portal Description: Specification modified. 11. Command 1 1: anti-attack [ protocol protocol-name | all } ] enable undo anti-attack [ protocol protocol-name | all } ] enable anti-attack protocol protocol-name threshold max maxrate min minrate undo anti-attack protocol protocol-name threshold Module of the command: Security Description: Specification modified. 12. Command 12: ipv6 fibcache undo ipv6 fibcache Module of the command: IPv6 Description: Specification modified. 13. Command 13: wlan specific-mode mode-number enable undo wlan specific-mode mode-number enable Module of the command: WLAN Description: Specification modified. 14. Command 14: dldp reset dldp enable undo dldp enable Module of the command: DLDP Description: Specification modified. 15. Command 15:
69
Item
Description
accounting undo accounting redirect cpu undo redirect cpu Module of the command: QoS Description: Specification modified. 1. Command 1: Original command: display ipv6 fib ipv6-address Modified command: display ipv6 fib ipv6-address [ prefix-length ] [ | { begin | exclude | include } regular-expression ] Module of the command: IPv6 Description: add parameter prefix-length, with filter function by specifying a regular expression. 2. Command 2: Original command: display license Modified command: display license feature-name [ | { begin | exclude | include } regular-expression ] Module of the command: License Management Description: Add parameter feature-name to specify the feature, with filter function by specifying a regular expression. 3. Command 3: Original command: display acl name acl-name Modified command: display acl name acl-name [ | { begin | exclude | include } regular-expression ] Module of the command: ACL Description: The string length of parameter acl-name is modified from 1 to 32 to 1 to 63, with filter function by specifying a regular expression. 4. Command 4: Original command: display acl ipv6 name acl-name Modified command: display acl ipv6 name acl-name [ | { begin | exclude | include } regular-expression ] Module of the command: ACL Description: The string length of parameter acl-name is modified from 1 to 32 to 1 to 63, with filter function by specifying a regular expression. 5. Command 5:
Modified commands
70
Item
Description
Original command: display ip socket [ socktype sock-type ] [ task-id socket-id ] Modified command: display ip socket [ socktype sock-type ] [ task-id socket-id ] [ | { begin | exclude | include } regular-expression ] Module of the command: IP Services Description: The range of parameter task-id is modified from 1 to 150 to 1 to 180, with filter function by specifying a regular expression. 6. Command 6: Original command: display ip interface brief [ interface-type [ interface-number ] ] Modified command: display ip interface [ interface-type [ interface-number ] ] brief [ | { begin | exclude | include } regular-expression ] Module of the command: IP Services Description: The key word of brief is moved behind the parameters of interface, with filter function by specifying a regular expression. 7. Command 7: Original command: display local-user [ idle-cut { disable | enable } | service-type { dvpn | ftp | lan-access | pad | portal | ppp | ssh | telnet | terminal } | state { active | block } | user-name user-name | vlan vlan-id ] Modified command: display local-user [ idle-cut { disable | enable } | service-type { dvpn | ftp | lan-access | pad | portal | ppp | ssh | telnet | terminal | web } | state { active | block } | user-name user-name | vlan vlan-id ] [ | { begin | exclude | include } regular-expression ] Module of the command: AAA Description: Add service-type of web, with filter function by specifying a regular expression. 8. Command 8: Original command: display wlan client [ ap ap-name [ radio radio-number ] | mac-address mac-address | service-template service-template-number ] [ verbose ] Modified command: display wlan client [ ap ap-name [ radio radio-number ] | mac-address mac-address | service-template service-template-number ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Module of the command: WLAN Service Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32, with filter function by specifying a regular expression. 9. Command 9: Original command: display wlan statistics radio [ap-name] Modified command:
71
Item
Description
display wlan statistics radio [ap-name] [ | { begin | exclude | include } regular-expression ] Module of the command: WLAN Service Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32, with filter function by specifying a regular expression. 10. Command 10: Original command: display wlan ap { all | name ap-name } display wlan ap reboot-log name ap-name [ | { begin | exclude | include } regular-expression ] display wlan ap { all | name ap-name } rrm-history display wlan ap { all | name ap-name } rrm-status Modified command: display wlan ap { all | name ap-name } [ verbose ] [ | { begin | exclude | include } regular-expression ] display wlan ap reboot-log name ap-name [ | { begin | exclude | include } regular-expression ] display wlan ap { all | name ap-name } rrm-history [ | { begin | exclude | include } regular-expression ] display wlan ap { all | name ap-name } rrm-status [ | { begin | exclude | include } regular-expression Module of the command: WLAN-RRM Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32, with filter function by specifying a regular expression. 11. Command 1 1: Original command: display wlan wmm { radio { all | ap ap-name } | client { all | ap ap-name | mac-address mac-address } } Modified command: display wlan wmm { radio { all | ap ap-name } | client { all | ap ap-name | mac-address mac-address } } [ | { begin | exclude | include } regular-expression ] Module of the command: WLAN QoS Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32, with filter function by specifying a regular expression. 12. Command 12: Original command: display interface brief [ interface-type [interface-number]] [ | { begin | exclude | include } regular-expression ] Modified command: display interface [ interface-type [interface-number]] brief [ | { begin | exclude | include } regular-expression ] Module of the command: Interface Management Description: The key word of brief is moved behind the parameters of interface.
72
Item
Description
13. Command 13: Original command: display ipc performance { node node-id | self-node } [ channel channel-id ] ipc performance enable { node node-id | self-node } [ channel channel-id ] undo ipc performance enable [ node node-id | self-node ] [ channel channel-id ] reset ipc performance [ node node-id | self-node ] [ channel channel-id ] Modified command: display ipc performance { node node-id | self-node } [ channel channel-id ] [ | { begin | exclude | include } regular-expression ] ipc performance enable { node node-id | self-node } [ channel channel-id ] undo ipc performance enable [ node node-id | self-node ] [ channel channel-id ] reset ipc performance [ node node-id | self-node ] [ channel channel-id ] Module of the command: Network Management and Monitoring Description: The range of parameter node-id is modified from 0 to 179 to 0 to 255. 14. Command 14: Original command: save [ safely ] Modified command: save [ safely ] [ force ] Module of the command: Configuration File Management Description: Add key word force to save the current configuration to the configuration file for the next startup of the device, and the system does not output any interaction information. 15. Command 15: Original command: ping ipv6 [ -a source-ipv6 | -c count | -m interval | -s packet-size | -t timeout ] * host [ -i interface-type interface-number ] tracert ipv6 [ -f first-ttl | -m max-ttl | -p port | -q packet-number | -w timeout ] * host Modified command: ping ipv6 [ -a source-ipv6 | -c count | -m interval | -s packet-size | -t timeout ] * host [ -i interface-type interface-number ] tracert ipv6 [ -f first-ttl | -m max-ttl | -p port | -q packet-number | -w timeout ] * host Module of the command: Network Management and Monitoring Description: The string length of parameter host is modified from 1 to 46 to 1 to 255. 16. Command 16: Original command: reset acl counter name acl-name reset acl ipv6 counter name acl6-name Modified command:
73
Item
Description
reset acl counter name acl-name reset acl ipv6 counter name acl6-name Module of the command: ACL Description: The string length of parameter acl-name or acl6-name is modified from 1 to 32 to 1 to 63. 17. Command 17: Original command: reset dns [ ipv6 ] dynamic-host Modified command: reset dns host [ ip | ipv6 | naptr | srv ] Module of the command: DNS Description: Add subtype of the dynamic DNS cache to be cleared. 18. Command 18: Original command: reset wlan statistics { client { all | mac-address mac-address } | radio [ ap-name ] } reset wlan ap { all | name ap-name } reset wlan ap reboot-log { all | name ap-name } Modified command: reset wlan statistics { client { all | mac-address mac-address } | radio [ ap-name ] } reset wlan ap { all | name ap-name } reset wlan ap reboot-log { all | name ap-name } Module of the command: WLAN Services Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32. 19. Command 19: Original command: reset wlan wmm { radio { all | ap ap-name } | client { all | ap ap-name | mac-address mac-address } } Modified command: reset wlan wmm { radio { all | ap ap-name } | client { all | ap ap-name | mac-address mac-address } } Module of the command: WLAN QoS Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32. 20. Command 20: Original command: primary authentication { ipv4-address | ipv6 ipv6-address } [ port-number | key key ] secondary authentication [ port-number | key key ] { ipv4-address | ipv6 ipv6-address }
primary accounting { ipv4-address | ipv6 ipv6-address } [ port-number | key key ] secondary accounting { ipv4-address | ipv6 ipv6-address } [ port-number | Hewlett-Packard Development Company, L.P. 74
Item
Description
key key] key { accounting | authentication } key Modified command: primary authentication { ipv4-address | ipv6 ipv6-address } [ port-number | key [ cipher | simple ] key ] secondary authentication { ipv4-address [ port-number | key [ cipher | simple ] key ] | ipv6 ipv6-address }
primary accounting { ipv4-address | ipv6 ipv6-address } [ port-number | key [ cipher | simple ] key ] secondary accounting { ipv4-address | ipv6 ipv6-address } [ port-number | key [ cipher | simple ] key] key { accounting | authentication } [ cipher | simple ] key Module of the command: AAA Description: The display of keyword could be selected as cipher text or plaint text. 21. Command 21: Original command: undo secondary accounting undo secondary authentication Modified command: undo secondary accounting [ ipv4-address | ipv6 ipv6-address ] undo secondary authentication [ ipv4-address | ipv6 ipv6-address ] Module of the command: AAA Description: Remove the specified secondary RADIUS server. 22. Command 22: Original command: authentication lan-access radius-scheme radius-scheme-name [ local ] authorization lan-access radius-scheme radius-scheme-name [ local ] accounting lan-access radius-scheme radius-scheme-name [ local] Modified command: authentication lan-access radius-scheme radius-scheme-name [ local | none ]} authorization lan-access none ] radius-scheme radius-scheme-name [ local |
accounting lan-access radius-scheme radius-scheme-name [ local | none] Module of the command: AAA Description: Authentication, authorization or accounting could be ignored after RADIUS scheme failed. 23. Command 23: Original command: idle-cut enable minute [ flow ] Modified command: idle-cut enable minute [ flow ] Module of the command: AAA Description: The max value of minute is modified to 600. Hewlett-Packard Development Company, L.P. 75
Item
Description
24. Command 24: Original command: method { md5 | peap-mschapv2 | tls } undo method { md5 | peap-mschapv2 | tls } Modified command: method { md5 | peap-gtc | peap-mschapv2 | tls } undo method { md5 | peap-gtc | peap-mschapv2 | tls } Module of the command: AAA Description: Support a new EAP authentication method that PEAP together with the GTC for authentication in TLS tunnels. 25. Command 25: Original command: ap ap-name radio radio-number undo ap { ap-name [ radio radio-number ] | all } Modified command: ap ap-name radio radio-number undo ap { ap-name [ radio radio-number ] | all } Module of the command: WLAN Description: In Radio group view or Load balancing group view , the max number of characters in ap-name is extended to 32. 26. Command 26: Original command: echo-interval interval Modified command: echo-interval interval Module of the command: WLAN Description: The min value of interval is modified to 5. 27. Command 27: Original command: cir committed-information-rate [ cbs committed-burst-size ] Modified command: cir committed-information-rate [ cbs committed-burst-size ] Module of the command: AAA Description: The max value of committed-information-rate is modified to 1000000, the max value of committed-burst-size is modified to 62500000. 28. Command 28: Original command: ap template-name-list undo ap template-name-list Modified command: ap template-name-list undo ap template-name-list Module of the command: WALN Description:In AP group view, the max number of characters in AP name is
76
Item
Description
extended to 32. 29. Command 29: Original command: mlsp-proxy mac-address mac-address Modified command: mlsp-proxy mac-address mac-address [ vlan vlan-id ] Module of the command: WALN Description: Support to configure VLAN of MLSP proxy. 30. Command 30: Original command: ipv6 address { ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 ] } undo ipv6 address [ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 ]] Modified command: ipv6 address { ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 | anycast ] } undo ipv6 address [ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 | anycast ] ] Module of the command: IPv6 Description: Add parameter anycast, Use the ipv6 address anycast command to configure an IPv6 anycast address for an interface. Use the undo ipv6 address anycast command to remove the IPv6 anycast address from the interface. 31. Command 31 Original command: undo qos apply policy { inbound | outbound } Modified command: undo qos apply policy [policy-name ] { inbound | outbound } Module of the command: QoS Description: Add parameter policy-name. 32. Command 32 Original command: ipv6 address { ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 ] } undo ipv6 address [ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 ]] Modified command: ipv6 address { ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 | anycast ] } undo ipv6 address [ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 | anycast ] ] Module of the command: IPv6
77
Item
Description
Description: Add parameter anycast; Use the ipv6 address anycast command to configure an IPv6 anycast address for an interface. Use the undo ipv6 address anycast command to remove the IPv6 anycast address from the interface. 33. Command 33 Original command: undo ipv6 nd ra prefix { ipv6-prefix } Modified command: undo ipv6 nd ra prefix { ipv6-prefix | ipv6-prefix/prefix-length } Module of the command: IPv6 Description: Add parameter prefix-length 34. Command 34 Original command: portal backup-group group-id Modified command: portal backup-group group-id Module of the command: Portal Description:The range of group-id is modified from 1 to 16 to 1 to 256 35. Command 35 Original command: dhcp relay address-check { enable | disable } Modified command: dhcp relay address-check enable undo dhcp relay address-check enable Module of the command: DHCP View: Vlan interface view Description:The disable command is replaced by undo command. 36. Command 36 Original command: ppp account-statistics enable Modified command: ppp account-statistics enable [ acl { acl-number | name acl-name } ] Module of the command: PPP View: Virtual template interface view Description: Add parameter acl for traffic that matches the configured ACL . 37. Command 37 Original command: ppp authentication-mode { chap | pap } * [ [ call-in ] domain isp-name ] Modified command: ppp authentication-mode { chap | ms-chap | ms-chap-v2 | pap } * [ [ call-in ] domain isp-name ] Module of the command: PPP View: Virtual template interface view
78
Item
Description
Description: Add parameter ms-chap and ms-chap-v2. 38. Command 38 Original command: undo qos apply policy { inbound | outbound } Modified command: undo qos apply policy [ policy-name ] { inbound | outbound } Module of the command: QoS Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually. View: Wlan-ess interface view Description: Add parameter policy-name. 39. Command 39 Original command: snmp-agent target-host trap address udp-domain { ip-address | ipv6 ipv6-address } [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string [ v1 | v2c | v3 [ authentication | privacy ] ] undo snmp-agent target-host trap address udp-domain { ip-address | ipv6 ipv6-address } params securityname security-string [ vpn-instance vpn-instance-name ] Modified command: snmp-agent target-host trap address udp-domain { ip-address | ipv6 ipv6-address } [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string [ v1 | v2c | v3 [ authentication | privacy ] ] undo snmp-agent target-host trap address udp-domain { ip-address | ipv6 ipv6-address } params securityname security-string [ vpn-instance vpn-instance-name ] Module of the command: Network Management and Monitoring Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually. View: System view Description: The parameter ip-address is modified from IPv4 address to IPv4 address or name of the trap target host. 40. Command 40 Original command: info-center loghost { host-ipv4-address | ipv6 host-ipv6-address } [ port port-number ] [ channel { channel-number | channel-name } | facility local-number ] * undo info-center loghost{ host-ipv4-address | ipv6 host-ipv6-address } Modified command: info-center loghost { host-ipv4-address | ipv6 host-ipv6-address } [ port port-number ] [ channel { channel-number | channel-name } | facility local-number ] * undo info-center loghost{ host-ipv4-address | ipv6 host-ipv6-address } Module of the command: Network Management and Monitoring
79
Item
Description
Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually. View: System view Description: The parameter host-ipv4-address is modified from IPv4 address to IPv4 address or name of the trap target hostadd parameter IPv6. 41. Command 41: Original command: ipv6 host hostname ipv6-address undo ipv6 host hostname [ ipv6-address ] ip host hostname ip-address undo ip host hostname [ ip-address ] Modified command: ipv6 host hostname ipv6-address undo ipv6 host hostname [ ipv6-address ] ip host hostname ip-address undo ip host hostname [ ip-address ] Module of the command: IP Services Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually. View: System view Description: The range of hostname is modified from 1 to 20 to 1 to 255 characters. 42. Command 42 Original command: stp port-log { instance instance-id | all } undo stp port-log { instance instance-id | all } Modified command: stp port-log instance { instance-id | all } undo stp port-log instance { instance-id | all } Module of the command: LAN Switching Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually. View: System view Description: The parameter is modified from all to instance all. 43. Command 43 Original command: undo local-user { user-name | all [ service-type { ftp | lan-access | portal | ppp | ssh | telnet | terminal } ] } Modified command: undo local-user { user-name | all [ service-type { ftp | lan-access | portal | ppp | ssh | telnet | terminal | web } ] } Module of the command: AAA Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually. View: System view
80
Item
Description
Description: Add parameter web 44. Command 44 Original command: undo radius nas-ip undo hwtacacs nas-ip Modified command: undo radius nas-ip { ipv4-address | ipv6 ipv6-address } undo hwtacacs nas-ip ip-address Module of the command: AAA Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually. View: System view Description: Add parameter ip address. 45. Command 45 Original command: wlan ap ap-name [ model model-name [ id ap-id ] ] undo wlan ap ap-name Modified command: wlan ap ap-name [ model model-name [ id ap-id ] ] undo wlan ap ap-name Module of the command: WLAN Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually.View: System view Description: The range of ap-name is modified from 1 to 15 to 1 to 32 characters . 46. Command 46 Original command: info-center timestamp loghost { date | no-year-date | none } Modified command: info-center timestamp loghost { date | no-year-date | none | iso } Module of the command: Network Management and Monitoring Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually.View: System view Description: Add parameter iso. 47. Command 47 Original command: patch load patch install patch-location patch { active | deactive | run | delete } patch-number Modified command: patch load [ file filename ] patch install { patch-location | file filename } patch { active | deactive | run | delete } [ patch-number ]
81
Item
Description
Module of the command: Fundamentals Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually.View: System view Description: Add parameter filemodify parameter patch-number. 48. Command 48 Original command: acl name acl-name undo acl name acl-name acl number acl-number [ name acl-name ] [ match-order { auto | config } ] acl copy { source-acl-number | name { dest-acl-number | name dest-acl-name } acl ipv6 name acl-name undo acl ipv6 name acl-name acl ipv6 number acl6-number [ name acl6-name ] [ match-order { auto | config } ] acl ipv6 copy { source-acl6-number | name source-acl6-name } to { dest-acl6-number | name dest-acl6-name } Modified command: acl name acl-name undo acl name acl-name acl number acl-number [ name acl-name ] [ match-order { auto | config } ] acl copy { source-acl-number | name { dest-acl-number | name dest-acl-name } acl ipv6 name acl-name undo acl ipv6 name acl-name acl ipv6 number acl6-number [ name acl6-name ] [ match-order { auto | config } ] acl ipv6 copy { source-acl6-number | name source-acl6-name } to { dest-acl6-number | name dest-acl6-name } Module of the command: ACL Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually.View: System view Description: The range of acl-name is modified from 1 to 32 to 1 to 63 characters. 49. Command 49: Original command: Ip route-static dest-address { mask | mask-length } { next-hop-address [track track-entry-number ] | interface-type interface-number [ next-hop-address ] } [ preference preference-value ] [ description description-text ] Modified command: Ip route-static dest-address { mask | mask-length } { next-hop-address [track track-entry-number ] | interface-type interface-number [ next-hop-address ] } [ preference preference-value ] [ permanent ] [ description description-text ] Module of the command: IP-Routing Description: Adding parameter permanent. source-acl-name } to source-acl-name } to
82
Item
Description
50. Command 50: Original command: dhcp server threshold { allocated-ip threshold-value | average-ip-use threshold-value | max-ip-use threshold-value } Modified command: dhcp server threshold { allocated-ip threshold-value | average-ip-use threshold-value | max-ip-use threshold-value } Module of the command: IP Services Description: The range of parameter threshold-value is modified from 0 to 100 to 1 to 100. 51. Command 51: Original command: port-security mac-address security mac-address vlan vlan-id Modified command: port-security mac-address security [ sticky ] mac-address vlan vlan-id Module of the command: Port Security Description: Adding parameter sticky. 52. Command 52: Original command: resend-interval resend-interval collection-interval collection-interval Modified command: resend-interval resend-interval collection-interval collection-interval Module of the command: Device Management Description: The range of parameter resend-interval is modified from 0 to 900 to 0 to 3600the range of parameter collection-interval is modified from 0 to 300 to 0 to 60. 53. Command 53: Original command: ip host hostname ip-address Modified command: ip host hostname ip-address Module of the command: IP Serivces Description: The string length of parameter hostname is modified from 1 to 20 to 1 to 255. 54. Command 54: Original command: wlan ap ap-name [ model model-name [ id ap-id ] ] wlan auto-ap persistent { all | name auto-ap-name [ new-ap-name ]} wlan ap-execute ap-name conversion-to-fatap Modified command: wlan ap ap-name [ model model-name [ id ap-id ] ] wlan auto-ap persistent { all | name auto-ap-name [ new-ap-name ]} wlan ap-execute ap-name conversion-to-fatap
83
Item
Description
Module of the command: WLAN Service Description: The string length of parameters ap-name, auto-ap-name and new-ap-name are modified from 1 to 15 to 1 to 32. 55. Command 55: Original command: undo rule rule-id [fragment | logging | source | time-range | vpn-instance ] * Modified command: undo rule rule-id [ counting | fragment | logging | source | time-range | vpn-instance ] * Module of the command: ACL Description: Add parameter counting, Counts the number of times the IPv4 ACL rule has been matched. 56. Command 56: Original command: rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | destination { dest-addr dest-wildcard | any } | destination-port operator port1 [ port2 ] | dscp dscp | fragment | icmp-type { icmp-type <icmp-code> | icmp-message } | logging | precedence precedence | reflective | source { sour-addr sour-wildcard | any } | source-port operator port1 [ port2 ] | time-range time-range-name | tos tos | vpn-instance vpn-instance-name ] * undo rule rule-id Modified command: rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | counting | destination { dest-addr dest-wildcard | any } | destination-port operator port1 [ port2 ] | dscp dscp | fragment | icmp-type { icmp-type [ icmp-code ] | icmp-message } | logging | precedence precedence | reflective | source { sour-addr sour-wildcard | any } | source-port operator port1 [ port2 ] | time-range time-range-name | tos tos | vpn-instance vpn-instance-name ] * undo rule rule-id [ counting | time-range ] Module of the command: ACL Description: Change parameter of ICMP code to optional parameters. Add parameter counting, Counts the number of times the IPv4 ACL rule has been matched. 57. Command 57: Original command: rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | destination { dest dest-prefix | dest/dest-prefix | any } | destination-port operator port1 [ port2 ] | dscp dscp | fragment | icmp6-type { icmp6-type icmp6-code | icmp6-message } | logging | routing [ type routing-type ] | source { source source-prefix | source/source-prefix | any } | source-port operator port1 [ port2 ] |
84
Item
Description
time-range time-range-name | vpn-instance vpn-instance-name ]* undo rule rule-id [ { { ack | fin | psh | rst | syn | urg } * | established } | destination | destination-port | dscp | fragment | icmp6-type | logging | routing | source | source-port | time-range | vpn-instance ] * Modified command: rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | counting | destination { dest dest-prefix | dest/dest-prefix | any } | destination-port operator port1 [ port2 ] | dscp dscp | flow-label flow-label-value | fragment | icmp6-type { icmp6-type icmp6-code | icmp6-message } | logging | routing [ type routing-type ] | source { source source-prefix | source/source-prefix | any } | source-port operator port1 [ port2 ] | time-range time-range-name | vpn-instance vpn-instance-name ]* undo rule rule-id [ { { ack | fin | psh | rst | syn | urg } * | established } | counting | destination | destination-port | dscp | flow-label | fragment | icmp6-type | logging | routing | source | source-port | time-range | vpn-instance ] * Module of the command: ACL6 Description: Add parameter counting, counts the number of times the IPv6ACL rule has been matched. Add parameter flow-label, Specifies a flow label value in an IPv6 packet header. The flow-label-value argument is in the range 0 to 1048575. 58. Command 58: Original command: car cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peak-information-rate ] [ red action ] [ hierarchy-car hierarchy-car-name [ mode { and | or } ] ] Modified command: car cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peak-information-rate ] [ green action ] [ red action ] [ hierarchy-car hierarchy-car-name [ mode { and | or } ] ] Module of the command: QoS Description: Add parameter green action, green action: Action to take on packets that conform to CIR. The default is pass. Add parameter remark-lp-pass of action: Sets the action to take on the packet, new-local-precedenceSets the local precedence value of the packet to new-local-precedence and permits the packet to pass through. The new-local-precedence argument ranges from 0 to 7. 59. Command 59: Original command: if-match [ not ] acl [ ipv6 ] { acl-number | name acl-name } [ update acl [ ipv6 ] { acl-number | name acl-name } ] undo if-match [ not ] acl [ ipv6 ] { acl-number | name acl-name } [ update acl [ ipv6 ] { acl-number | name acl-name } ] Modified command: if-match [ not ] acl [ ipv6 ] { acl-number | name acl-name } [ update acl
85
Item
Description
[ ipv6 ] { acl-number | name acl-name } ] undo if-match [ not ] acl [ ipv6 ] { acl-number | name acl-name } [ update acl [ ipv6 ] { acl-number | name acl-name } ] Module of the command: QoS Description: The range of acl-name is modified from 1 to 32 to 1 to 63. 60. Command 60: Original command: reaction item-number checked-element probe-fail { consecutive consecutive-occurrences } [ action-type ] Modified command: reaction item-number checked-element probe-fail threshold-type { accumulate accumulate-occurrences | consecutive consecutive-occurrences } [ action-type { none | trap-only } ] Module of the command: UDP jitter, voice test type view Description: Add parameter trap-only, specifies to record events and send SNMP trap messages. 61. Command 61: Original command: static-bind ip-address ip-address [ mask-length | mask mask ] Modified command: static-bind ip-address ip-address [ mask-length | mask mask ] Module of the command: DHCP Description: The range of mask-length is modified from 1 to 32 to 1 to 30. 62. Command 62: Original command: option code { ascii ascii-string | hex hex-string&<1-16> | ip-address ip-address&<1-8> } Modified command: option code { ascii ascii-string | hex hex-string&<1-16> | ip-address ip-address&<1-8> } Module of the command: DHCP Description: The string lenth of ascii-string is modified from 1 to 63 to 1 to 255. 63. Command 63: Original command: expired { day day [ hour hour [ minute minute] ] | unlimited } Modified command: expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited } Module of the command: DHCP Description: Add parameter second second, specifies the number of seconds, in the range of 0 to 59. 64. Command 64 Original command: threshold-type
86
Item
Description
authorization-attribute { acl acl-number | callback-number callback-number | idle-cut minute | level level | user-profile profile-name | vlan vlan-id | work-directory directory-name } * Modified command: authorization-attribute { acl acl-number | callback-number callback-number | idle-cut minute | level level | user-profile profile-name | user-role { guest | guest-manager | security-audit } | vlan vlan-id | work-directory directory-name } * Module of the command: Local user Description: Add parameter user-role, user-role: Specifies the role for the local user. This keyword is available in only local user view. Users playing different roles can access different levels of commands. If you specify no role for a local user, the access right of the user after login depends on other authorization attributes. Supported roles include:
guest: A guest user account is usually created through the web interface. guest-manager: After passing authentication, a guest manager can only
use the web interface to access guest-related pages to, for example, create, modify, or change guest user accounts.
security-audit: A local user playing this role is a security log administrator

After passing authentication, a security log administrator can manage security log files, for example, save security log files. For more information about the commands that a security log administrator can use, see the Network Management and Monitoring Command Reference. 65. Command 65 Original command: bind-attribute { call-number call-number [ : subcall-number ] | ip ip-address | location port slot-number subslot-number port-number | mac mac-address | vlan vlan-id } * Modified command: bind-attribute { call-number call-number [ : subcall-number ] | ip ip-address | location port slot-number subslot-number port-number | mac mac-address | vlan vlan-id } * Module of the command: Local user Description: The range of slot-number is modified from 1 to 1024 to 1 to 255. 66. Command 66: Original command: undo authorization-attribute { acl | callback-number | idle-cut | level | user-profile | vlan | work-directory } * Modified command: undo authorization-attribute { acl | callback-number | idle-cut | level | user-profile | user-role | vlan | work-directory } * Module of the command: Local user Description: Add parameter user-role, Specifies the role for the local user. This keyword is available in only local user view. Users playing different roles can access different levels of commands. 67. Command 67: Original command: Hewlett-Packard Development Company, L.P. 87
Item
Description
display wlan ids attack-list { config | all | ap ap-name } Modified command: display wlan ids attack-list { config | all | ap ap-name } Module of the command: WLAN IDS Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32. 68. Command 68: Original command: wlan ap ap-name [ model model-name [ id ap-id ] ] undo wlan ap ap-name Modified command: wlan ap ap-name [ model model-name [ id ap-id ] ] undo wlan ap ap-name Module of the command: WLAN IDS Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32. 69. Command 69: Original command: portal free-rule rule-number { destination { any | ip { ip-address mask { mask-length | mask } | any } [ tcp tcp-port-number | udp udp-port-number ] } | source { any | [ interface interface-type interface-number | ip { ip-address mask { mask-length | mask } | any } [ tcp tcp-port-number | udp udp-port-number ] | mac mac-address | vlan vlan-id ]| * } } * Modified command: portal free-rule rule-number { destination { any | ip { ip-address mask { mask-length | mask } | any } [ tcp tcp-port-number | udp udp-port-number ] } | source { any | [ interface interface-type interface-number | ip { ip-address mask { mask-length | mask } | any } [ tcp tcp-port-number | udp udp-port-number ] | mac mac-address | vlan vlan-id ] | hostname hostname * } } * Module of the command: Portal Description: Add parameter hostname. Specifies an PC host name 70. Command 70: Original command: service-template service-template-number [ vlan vlan-id ] Modified command: service-template service-template-number [ vlan vlan-id ] [nas-port-id portid] Module of the command:WLAN Description: Add parameter nas-port-id. 71. Command 71: Original command: ssh2 server [ port-number ] [ vpn-instance vpn-instance-name ] [prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1
88
Item
Description
| dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Modified command: ssh2 server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key dentity-key| prefer-ctos-cipher prefer-ctos-cipher | prefer-ctos-hmac prefer-ctos-hmac | prefer-kex prefer-kex | prefer-stoc-cipher prefer-stoc-cipher | prefer-stoc-hmac prefer-stoc-hmac] * Module of the command: SSH Description: Add parameter identity-key, Specifies the algorithm for publickey authentication, either dsa or rsa. The default is dsa. Change parameter prefer-kex/prefer-ctos-cipher/prefer-stoc-cipher/prefer-ctos-hmac/prefer-sto c-hmac to string, the length is form 1 to 128; Use the ssh2 command to establish a connection to an IPv4 SSH server and specify the public key algorithm, the preferred key exchange algorithm, and the preferred encryption algorithms and preferred HMAC algorithms between the client and server. 72. Command 72: Original command: ssh2 ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Modified command: ssh2 ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key dentity-key| prefer-ctos-cipher prefer-ctos-cipher | prefer-ctos-hmac prefer-ctos-hmac | prefer-kex prefer-kex | prefer-stoc-cipher prefer-stoc-cipher | prefer-stoc-hmac prefer-stoc-hmac] * Module of the command: ssh Description: Add parameter identity-key, Specifies the algorithm for publickey authentication, either dsa or rsa. The default is dsa. Change parameter prefer-kex/prefer-ctos-cipher/prefer-stoc-cipher/prefer-ctos-hmac/prefer-sto c-hmac to string, the length is form 1 to 128; Use the ssh2 ipv6 command to establish a connection to an IPv6 SSH server and specify public key algorithm, the preferred key exchange algorithm, and the preferred encryption algorithms and preferred HMAC algorithms between the client and server 73. Command 73: Original command: sftp server [ port-number ] [ vpn-instance vpn-instance-name ] [ prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } |
89
Item
Description
prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Modified command: sftp server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key dentity-key| prefer-ctos-cipher prefer-ctos-cipher | prefer-ctos-hmac prefer-ctos-hmac | prefer-kex prefer-kex | prefer-stoc-cipher prefer-stoc-cipher | prefer-stoc-hmac prefer-stoc-hmac] * Module of the command: ftp/tftp Description: Add parameter identity-key, Specifies the algorithm for publickey authentication, either dsa or rsa. The default is dsa. Change parameter prefer-kex/prefer-ctos-cipher/prefer-stoc-cipher/prefer-ctos-hmac/prefer-sto c-hmac to string, the length is form 1 to 128; Use the sftp command to establish a connection to a remote SFTP server and enter SFTP client view 74. Command 74: Original command: sftp ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [ prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Modified command: sftp ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key dentity-key| prefer-ctos-cipher prefer-ctos-cipher | prefer-ctos-hmac prefer-ctos-hmac | prefer-kex prefer-kex | prefer-stoc-cipher prefer-stoc-cipher | prefer-stoc-hmac prefer-stoc-hmac] * Module of the command: ftp/tftp Description: Add parameter identity-key, Specifies the algorithm for publickey authentication, either dsa or rsa. The default is dsa. Change parameter prefer-kex/prefer-ctos-cipher/prefer-stoc-cipher/prefer-ctos-hmac/prefer-sto c-hmac to string, the length is form 1 to 128; Use the sftp ipv6 command to establish a connection to a remote IPv6 SFTP server and enter SFTP client view. 75. Command 75: Original command: super password [ level user-level ] { simple | cipher } password Modified command: super password [ level user-level ] { simple | cipher } password Module of the command:CLI Description: The string length of password is modified from 1 to 16/24 to 1 to 256. 76. Command 76 Original command:
90
Item
Description
sftp server [ port-number ] [prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Modified command: sftp server [ port-number ] [ identity-key rsa| prefer-ctos-cipher { 3des aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 md5-96 | sha1 | sha1-96 } ] * Module of the command: Security Description: Add parameter identity-key rsa. 77. Command 77: Original command: sftp ipv6 server [ port-number ] [ prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Modified command: sftp ipv6 server [ port-number ] [ identity-key rsa | prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Module of the command: Security Description: Add parameter identity-key rsa. 78. Command 78: Original command: display device manuinfo display reboot-type Modified command: display device manuinfo [ subslot subslot-number ] [ | { begin | exclude | include } regular-expression ] display reboot-type [ subslot subslot-number ] [ | { begin | exclude | include } regular-expression ] Module of the command: Device management Description:The slot number of a card can be specified . 79. Command 79: Original command: undo dhcp-snooping information format [ verbose node-identifier] Modified command: undo dhcp-snooping information format Module of the command: DHCP | | | |
91
Item
Description
Description: verbose node-identifier can not specified in this command. 80. Command 80: Original command: port-security mac-address security mac-address vlan vlan-id undo port-security mac-address security mac-address vlan vlan-id Modified command: port-security mac-address security [ sticky ] mac-address vlan vlan-id undo port-security mac-address security [ sticky ] mac-address vlan vlan-id Module of the command: DHCP Description: A sticky MAC address can be configured by the command. 81. Command 81: Original command: undo qos apply policy { inbound | outbound } Modified command: undo qos apply policy [ policy-name ] { inbound | outbound } Module of the command: QoS Description: QoS policy of the specified name can be removed.
MIB updates relative to WX5004-CMW520-R2107P10

Table 15 MIB updates Item
New Modified
MIB file
None None
Module
None None
Description
None None
Configuration changes relative to WX5004-CMW520-R2107P10

None.
92
Resolved problems in A5000-CMW520-R2303 relative to WX5004-CMW520-R2107P10

Problem WLD29956
First Found-in Version: CMW520-R2107P10 Condition: None Description: AC works in US country-code, RRM adjusts radio power to 19dbm, but radio can only support maximum power as 13dbm in regulatory domain.
Problem WLD29957
First Found-in Version: CMW520-R2107P10 Condition: None Description: WA2620-AGN should increase 2dbm on channel 1 and channel 1 when 1, country-code is US.
Problem WLD30273
First Found-in Version: CMW520-R2107P10 Condition: None Description: When ARP-Snooping is enabled, AC will periodically send one special ARP request frame. This is not correct.
Problem WLD30289
First Found-in Version: CMW520-D2302 Condition: None Description: ARP-Snooping is only enabled. When AC receives one unicast arp frame, system should drop it but currently forwards it out.
Problem WLD30313
First Found-in Version: CMW520- D2302 Condition: None Description: When AC works in AU country-code, 1 supports 120, 124 and 128 channel. That 1a doesnt comply with Australia regulatory.
Problem WLD29566
First Found-in Version: CMW520-R2107P10 Condition: None Description: WX5004 in Australia finds the MIB node of h3cDot1 1MaxBandwidth,cant be get by IMC.
Problem WLD30047
First Found-in Version: CMW520-R2107P10
93
Condition: None Description: In 3M network, when RRM changes the channel, the radios power cant be adjusted as the same time which will keep as one invalid power.
Problem WLD28836
First Found-in Version: CMW520-R2107P10 Condition: None Description: WX5004 in Australia uses RRM. After power calibration, power-lock can lock radio power and avoid new calibration. But if the device is rebooted, the max-power of radio will be restored as default value.
Copyright 201 1Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
94

A5000 CMW520 R2303 Release Notes

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

A5000 CMW520 R2303 Release Notes

Transféré par

Droits d'auteur :

Formats disponibles

A5000-CMW520-R2303 Release Notes