HP Networking And Cisco CLI Reference Guide [2010]

HP Networking and Cisco CLI Reference Guide

Table of ContentsIntroduction . 7Using This Guide . 7Comware 5 Differences . 8Navigation Differences Among CLIs. 8Configuration Differences Among CLIs . 8Terminology Differences . 8Comparing Frequently Used Commands . 9Chapter 1 Basic Switch Management . 10a) Management Access . 10b) Configuration Access . 11c) Console Access—Baud Rate . 12c) Console Access—Timeout . 13d) Reload . 14e) USB Interface . 15f) System and Environment . 16g) Remote Management Sessions—Viewing . 19g) Remote Management Sessions—Terminating . 21h) Tech Support Information Output Listing . 23i) Filtering Output show running-config and display current-configuration . 24j) Motd . 25k) Source Interface for Management Communications . 26Chapter 2 Switch User ID and Password . 29a) Local User ID and Password . 29b) Recover Lost Password. 36c) Protect Local Password. 37Chapter 3 Image File Management. 40Chapter 4 Configuration File Management . 46Chapter 5 Syslog Services . 553

Chapter 6 Time Service . 60a) TimeP or NTP . 60b) SNTP. 65Chapter 7 SNMP . 66a) SNMP Version 1 and Version 2c . 66b) SNMP Version 3. 75Chapter 8 SSH . 82Chapter 9 SSL (Self-Signed Certificates) . 88Chapter 10 RADIUS Authentication for Switch Management . 92a) Basic Configuration . 92b) Privilege Mode . 104c) Commands Authorization. 105d) RADIUS Accounting . 106Chapter 11 TACACS Authentication for Switch Management . 109a) Basic Configuration . 109b) Privilege Mode . 115c) TACACS Accounting . 116Chapter 12 Discovery Protocols. 117a) LLDP . 117b) CDP . 120Chapter 13 Port Information and Nomenclature . 124Chapter 14 VLANs . 135a) Creating and Naming VLANs . 135b) Assigning Ports or Interfaces to VLANs . 137c) Assigning an IP Address to a VLAN . 143d) IP Helper to Relay / Forward DHCP Requests . 144e) GVRP . 147Chapter 15 VoIP . 148Chapter 16 PoE . 1524

Chapter 17 Link Aggregation . 157a) Link Aggregation Control Protocol (LACP) . 157b) Trunk . 162Chapter 18 RSTP . 166Chapter 19 MSTP . 170Chapter 20 RIP . 181Chapter 21 OSPF . 184a) Single Area . 184b) Multiple Areas . 186c) Stub . 188d) Totally Stubby . 189e) Show or Display OSPF Commands . 190Chapter 22 VRRP . 194Chapter 23 ACLs . 197a) Standard or Basic ACLs and Extended or Advanced ACLs . 197b) ACL Fundamental Configuration Options . 198Standard/Basic. 198Extended/Advanced . 198c) Routed/Layer 3 ACL (RACL) . 204Standard or Basic ACL . 204Extended or Advanced ACL. 204c) VLAN/Layer 2 Based ACL (VACL) . 213Standard or Basic ACL . 213Extended or Advanced ACL. 213d) Port ACL (PACL) . 218Standard or Basic ACL . 218Extended or Advanced ACL. 218Chapter 24 QoS . 220QoS Operational Characteristics . 220a) QoS . 220b) Rate Limiting . 2255

Chapter 25 IP Multicast . 228a) PIM Dense . 228b) PIM Sparse . 231c) IGMP . 234Chapter 26 Spanning Tree Hardening . 235a) UDLD and DLDP. 235b) BPDU Protection and BPDU Guard . 237c) Loop Protection . 238d) Root Guard . 239Chapter 27 DHCP Snooping . 240Chapter 28 ARP Protection , ARP Detection, and Dynamic ARP Inspection . 246Chapter 29 Connection Rate Filtering . 250Chapter 30 802.1X Authentication . 254a) 802.1X Authentication . 254b) MAC Authentication. 264c) Web or Portal Authentication . 267Chapter 31 Port Mirroring or Span . 273a) Local Mirror or SPAN . 273b) Remote Mirror or RSPAN . 278Index . 2846

HP Networking and Cisco CLI Reference GuideIntroductionThis CLI Reference Guide is designed to help HP partners and customers who: Manage multi-vendor networks that include HP and Cisco switches Have experience deploying Cisco switches and are now deploying HP switchesThis CLI Reference Guide compares many of the common commands in three switch operating systems:HP ProVision, Comware 5, and Cisco operating systems.The HP ProVision operating system runs on HP 3500, 5400zl, 6200yl, 6600, and 8200zl Switch Series.(Other HP switches use an operating system that is very similar to the ProVision operating system.)Comware 5 runs on H3C and 3Com switches, which are now part of the HP Networking portfolio.The commands included in this guide were tested on the following: HP 3500yl-24G switches running ProVision K.14.41 software 3Com 3CRS48G-24P-91 switches running Comware 5.20 release 2202P15 Cisco WS-C3560-24PS switches running Cisco IOS Release 12.2(46)SEAdditional HP ProVision ASIC, H3C or 3Com, and Cisco switches and routers were used to providesystems connectivity and operational support as necessary. Likewise, various computers and voice over IP(VoIP) phones were used to help test functionality and provide output for commands, such as show ordisplay commands.Although HP Networking conducted extensive testing to create this guide, it is impossible to test everyconceivable configuration and scenario. This document, therefore, cannot be assumed to be complete asit applies to every environment or each manufacturer’s complete product platforms and software versions.For complete and detailed use of all commands and their options, refer to each manufacturer’sdocumentation accordingly.Using This GuideThis CLI Reference Guide provides CLI command comparisons in two different formats: Side-by-side comparison—The basic commands required to execute a given function in each ofthe operating systems are listed in a table. In this side-by-side comparison, each platform’scommands do not always start at the top of the column. Instead, commands that have similarfunctions are aligned side-by-side so that you can easily “translate” the commands on oneplatform with similar commands on another platform.7

Detailed comparison—Beneath the side-by-side comparison, a more in-depth comparison isprovided, displaying the output of the command and options.Occasionally, there are few, if any, similarities among the commands required to execute a function orfeature in each operating system. In these instances, each column has the commands necessary toimplement the specific function or feature, and the side-by-side comparison does not apply.Comware 5 DifferencesIf you are familiar with either the HP ProVision CLI or the Cisco CLI, you will notice that the Comware 5CLI is organized slightly differently. Comware 5 was designed for networks provisioned by InternetService Providers (ISPs). Many features and functions—such as security and quality of service (QoS)—aremulti-tiered to support the different needs for multiple entities accessing the same switch.Navigation Differences Among CLIsBasic CLI navigation on all three platforms is very similar, with one notable difference: With ProVision, you can use the Tab key for command completion; you can also use the Tab keyor the ? key to find more command optionsWith Comware 5, you can use the Tab key for command completion, but you use the ? key tofind more command optionsWith Cisco, you use the Tab key for command completion, but you use the ? key to find morecommand optionsConfiguration Differences Among CLIsMost commands for port-to-VLAN assignments, interface IP addressing, and interface-specific routingprotocol configuration are executed differently on the three platforms: On ProVision, you configure the aforementioned components in a VLAN context.On Comware 5, you configure the aforementioned components in an interface context.On Cisco, you configure the aforementioned components in an interface context.Terminology DifferencesAmong the three operating systems, there are some differences in the terms used to describe features. Thetable on the following page lists three such terms that could be confusing. For example, in the ProVisionoperating system, aggregated interfaces are called trunks. In the Comware 5 operating system, the termis bridge aggregation, while on Cisco it is EtherChannel.The confusion can arise because the term trunk is used differently in Cisco and Comware 5. In theseoperating systems, trunk refers to an interface that is configured to support 802.1Q (VLAN). That is, aninterface that is configured to support multiple VLANs is called a trunk in Cisco and Comware 5. In theProVision operating system, on the other hand, an interface that supports multiple VLANs is tagged.8

Interface useProVisionComware 5CiscoNon-802.1Q interfaces (such ascomputers or printers)802.1Q interfaces (such as switch-toswitch, switch-to-server, and switchto-VoIP phones)Aggregated kbridge aggregationetherchannelComparing Frequently Used CommandsThe table below lists frequently used commands for each operating system.*ProVision*UU/PU/PPenableshow flashshow versionshow runUUU/SU/SPshow /PPPshow interface brieferase startshow config filename reloadwrite memoryshow P/CU/P/CCU/P/CP/CP/CCCCCCCChistoryloggingip routeiphostnameloggingrouter riprouter ospfip routeaccess-listredistributeUU/SU/SSSSSSSSComware 5*Ciscosystem-viewDirdisplay versiondisplay currentconfigurationdisplay savedconfigurationdisplay historydisplay info-centerdisplay ip routing-tabledisplay ip interfacebriefdisplay brief interfacesreset savedmore filename UU/PU/PPU/PPPshow historyshow loggingshow ip routeshow ip interfacebriefshow interfaces statuserase startmore flash:/ filename RebootSavedisplay py/tftpPPU/Preloadwrite memoryshow tech-supportSysnameinfo-centerRipOspfip PPCCCCCCCenableshow flashshow versionshow runshow startshownoendexiterasecopyhostnameloggingrouter riprouter ospfip routeaccess-listredistribute* Context LegendProVisionComware 5CiscoUPSCProVision ProVision# Comware5 Cisco Cisco# User Exec / User ViewPrivileged ExecSystem (config)#9

Chapter 1 Basic Switch ManagementThis chapter compares commands for: Management access Configuration access Console access Switch reload USB interface (ProVision only) System and environment Remote management sessions (viewing and terminating) Tech support output Filtering output of show running-config and display current-configuration commands Motd Source interface for management communicationsa) Management AccessProVisionComware 5CiscoProVision enable Comware5 system-viewSystem View: return to UserView with Ctrl Z.[Comware5]Cisco enableProVision#Cisco#ProVisionProVision enableProVision#Comware 5 Comware5 system-viewSystem View: return to User View with Ctrl Z.[Comware5]CiscoCisco enableCisco#10

b) Configuration AccessProVisionComware 5CiscoProVision# configureNo command, see note belowCisco# configure terminalEnter configuration commands,one per line. End onProVision# configure ?terminalOptional keyword of the configure command. cr ProVision# configureProVision(config)#Comware 5Comware 5 does not have a specific configuration mode, when at “System View” context,configuration commands are entered directly at that prompt.When configuring interfaces, protocols, etc, the prompt will change to indicate that sublevel.CiscoCisco# configure tterminal cr Confirm replacement of running-config with a new configfileConfigure from NV memoryConfigure from a TFTP network hostOverwrite NV memory from TFTP network hostReplace the running-config with a new config fileParameters for reverting the configurationConfigure from the terminalCisco #configure terminalEnter configuration commands, one per line.End with CNTL/Z.Cisco(config)#11

c) Console Access—Baud RateProVisionComware 5CiscoProVision(config)# consolebaud-rate ?[Comware5]user-interface aux0Cisco(config-line)#lineconsole 0[Comware5-ui-aux0]speed ?Cisco(config-line)#speed ?ProVisionProVision(config)# console baud-rate roVision(config)# console baud-rate speed-sense(default)ProVision(config)# console baud-rate 9600Comware 5[Comware5]user-interface aux 0[Comware5-ui-aux0]speed ?300Only async serial600Only async serial1200Only async serial2400Only async serial4800Only async serial9600Only async serial19200Only async serial38400Only async serial57600Only async serial115200 Only async iguredconfigured[Comware5-ui-aux0]speed 19200 ? cr [Comware5-ui-aux0]speed 19200(default)CiscoCisco(config)#line console 0Cisco(config-line)#speed ? 0-4294967295 Transmit and receive speedsCisco(config-line)#speed 9600(default)12