Login
- Table of Contents
-
- 01-Fundamentals Configuration Guide
- 00-Preface
- 01-CLI configuration
- 02-RBAC configuration
- 03-Login management configuration
- 04-FTP and TFTP configuration
- 05-File system management configuration
- 06-Configuration file management configuration
- 07-Software upgrade configuration
- 08-ISSU configuration
- 09-Emergency shell configuration
- 10-Device management configuration
- 11-Tcl configuration
- 12-Python configuration
- 13-License management
- 14-Preprovisioning feature configuration
- 15-Automatic configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 06-Configuration file management configuration | 134.44 KB |
Next-startup configuration file redundancy
Startup configuration file selection
Configuration file content organization and format
Enabling configuration encryption
Comparing configurations for their differences
Saving the running configuration
Configuring configuration rollback
Setting configuration archive parameters
Enabling automatic configuration archiving
Manually archiving the running configuration
Configuring configuration commit delay
Specifying a next-startup configuration file
Backing up the main next-startup configuration file to a TFTP server
Restoring the main next-startup configuration file from a TFTP server
Deleting a next-startup configuration file
Displaying and maintaining configuration files
Managing configuration files
Overview
You can manage configuration files from the CLI or the BootWare menu. The following information explains how to manage configuration files from the CLI.
A configuration file saves a set of commands for configuring software features on the device. You can save any configuration to a configuration file so the configuration can survive a reboot. You can also back up configuration files to a host for future use.
Configuration types
The device has the following types of configurations:
· Factory defaults.
· Startup configuration.
· Running configuration.
Factory defaults
The device is shipped with some basic settings called factory defaults. These default settings ensure that the device can start up and run correctly when it does not have a startup configuration file or when the configuration file is corrupt.
Factory defaults vary by devices and might differ from the default settings of commands.
To display the factory defaults, use the display default-configuration command.
Startup configuration
The device uses startup configuration to configure software features during startup. After the device starts up, you can specify a different configuration file to be loaded at the next startup. This configuration file is called the next-startup configuration file. The configuration file that has been loaded is called the current startup configuration file.
If no next-startup configuration files exist, the device starts up with the factory defaults.
You can display the startup configuration by using one of the following methods:
· Execute the display startup command. To display detailed file contents, use the more command.
· After the device reboots, execute the display current-configuration command before making any configuration changes.
Running configuration
The running configuration includes unchanged startup settings and new settings. The running configuration is stored in memory and is cleared at a device reboot or power off. To use the running configuration after a power cycling or reboot, save it to a configuration file.
To display the running configuration, use the display current-configuration command.
Next-startup configuration file redundancy
You can specify one main next-startup configuration file and one backup next-startup configuration file for redundancy.
At startup, the device tries to select a startup configuration file in the following order:
1. The main next-startup configuration file.
2. The backup next-startup configuration file if the main next-startup configuration file does not exist or is corrupt.
Configuration file formats
Configuration files you specify for saving configuration can use the .cfg or .mdb extension.
A .cfg configuration file is a human-readable text file and its contents can be displayed by using the more command. When you save configuration to a .cfg file, the device automatically saves the configuration to an .mdb user-inaccessible binary file that has the same name as the .cfg file.
When you save configuration only to an .mdb file, the device does not save the configuration to the .cfg file that has the same name as the .mdb file. For information about the binary saving restrictions and guidelines, see "Saving the running configuration."
The device loads an .mdb file faster than loading a .cfg file.
Startup configuration file selection
At startup, the device uses the following procedure to identify the configuration file to load:
1. The device searches for a valid .cfg next-startup configuration file. For more information about the file selection rules, see "Next-startup configuration file redundancy."
2. If one is found, the device searches for an .mdb file that has the same name and checksum as the .cfg file.
3. If a matching .mdb file is found, the device starts up with the .mdb file. If none is found, the device starts up with the .cfg file.
If no next-startup configuration files exist, the device starts up with the factory defaults.
Unless otherwise stated, the term "configuration file" in this document refers to a .cfg configuration file.
Configuration file content organization and format
|
|
IMPORTANT: To run on the device, a configuration file must meet the content and format requirements. To ensure a successful configuration load at startup, use a configuration file created on the device. If you edit the configuration file, make sure all edits are compliant with the requirements. |
A configuration file must meet the following requirements:
· All commands are saved in their complete form.
· Commands are sorted into sections by different command views, including system view, interface views, protocol views, and user line views.
· Two adjacent sections are separated by a pound sign (#).
· The configuration file ends with the word return.
The following is a sample configuration file excerpt:
#
local-user root class manage
password hash $h$6$Twd73mLrN8O2vvD5$Cz1vgdpR4KoTiRQNE9pg33gU14Br2p1VguczLSVyJLO2huV5Syx/LfDIf8ROLtVErJ/C31oq2rFtmNuyZf4STw==
service-type ssh telnet terminal
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
interface Vlan-interface1
ip address 192.168.1.84 255.255.255.0
#
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.
Enabling configuration encryption
|
|
IMPORTANT: Any devices running Comware 7 software can decrypt the encrypted configuration files. To prevent an encrypted file from being decoded by unauthorized users, make sure the file is accessible only to authorized users. |
Configuration encryption enables the device to encrypt a startup configuration file automatically when it saves the running configuration. All devices running Comware 7 software use the same private key or public key to encrypt configuration files.
You cannot use the more command to view the contents of an encrypted configuration file.
You cannot compare an encrypted configuration file with any configuration for their differences.
To enable configuration encryption:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable configuration encryption. |
configuration encrypt { private-key | public-key } |
By default, configuration encryption is disabled. Configuration is saved unencrypted. |
Comparing configurations for their differences
You can compare configuration files or compare a configuration file with the running configuration for their differences.
If you specify a configuration file for a comparison, the configuration file must be a .cfg configuration file.
If you specify the next-startup configuration for a comparison, the system selects the next-startup configuration file to be compared with in the following order:
1. The .cfg main next-startup configuration file.
|
|
NOTE: If you executed the save binary-only command before the comparison, this command cannot display the settings saved only in the binary main next-startup configuration file. |
2. The .cfg backup next-startup configuration file if the .cfg main next-startup configuration file is unavailable, for example, the configuration file does not exist or is corrupt.
If both the .cfg main and backup next-startup configuration files are unavailable, the system displays a message indicating that no next-startup configuration files exist.
To compare configurations for their differences in any view:
|
Task |
Command |
|
Display the differences that a configuration file, the running configuration, or the next-startup configuration has as compared with the specified source configuration file. |
display diff configfile file-name-s { configfile file-name-d | current-configuration | startup-configuration } |
|
Display the differences that a configuration file or the next-startup configuration has as compared with the running configuration. |
display diff current-configuration { configfile file-name-d | startup-configuration } |
|
Display the differences that a configuration file has as compared with the next-startup configuration. |
display diff startup-configuration configfile file-name-d |
|
Display the differences that the running configuration has as compared with the next-startup configuration. |
· Method 1: · Method 2: |
Saving the running configuration
Configuration saving methods
When you save the running configuration to a configuration file, you can specify the file as a next-startup configuration file.
If you are specifying the file as a next-startup configuration file, use one of the following methods to save the configuration:
· Fast mode—Use the save command without the safely keyword. In this mode, the device directly overwrites the target next-startup configuration file. If a reboot or power failure occurs during this process, the next-startup configuration file is lost. You must specify a new startup configuration file after the device reboots (see "Specifying a next-startup configuration file").
· Safe mode—Use the save command with the safely keyword. Safe mode is slower than fast mode, but more secure. In safe mode, the system saves the configuration in a temporary file and starts overwriting the target next-startup configuration file after the save operation is complete. If a reboot or power failure occurs during the save operation, the next-startup configuration file is still retained. Use the safe mode if the power source is not reliable or you are remotely configuring the device.
· Binary-only mode—Use the save binary-only command. This mode saves the running configuration only to the .mdb main next-startup configuration file. The binary-only mode is designed to reduce the configuration saving time in special scenarios that have a large amount of configuration. As a best practice, use the binary-only mode only when you must save a large number of NAT entries, IP static routes, or VPN instances. The device must read some settings from the .cfg file at startup. Saving the configuration only to the binary file will cause the failure to recover settings that must be read from the .cfg file at the next startup.
Restrictions and guidelines
Configuration saving guidelines
When you save the running configuration, follow these restrictions and guidelines:
· To prevent the loss of the next-startup configuration file, make sure no one reboots or power cycles the device while the device is executing the save or save binary-only command.
· To use the binary-only mode, make sure a .cfg main next-startup configuration file exists on the device. If no .cfg main next-startup configuration file exists, the save operation will fail.
· If the binary main next-startup configuration file is not available at the next startup, the device uses an available .cfg next-startup configuration file. The configuration in the binary startup file will be lost.
· You cannot use the display saved-configuration command to display the settings in the binary main next-startup configuration file.
Next-startup configuration restoration after a card removal or IRF split
When an expansion interface card is removed from the system, its settings are retained in memory but removed from the running configuration on the system. Saving the running configuration before installing the replacement card will remove the card's settings from the next-startup configuration file.
If you have saved the running configuration after removing an expansion interface card, perform the following steps to restore the card settings to the next-startup configuration file:
1. Install the replacement card.
2. After the replacement card comes online, execute the display current-configuration command to verify that the card's settings have been automatically restored from memory to the running configuration.
3. Save the running configuration to the next-startup configuration file.
|
|
IMPORTANT: To ensure a successful configuration restoration, make sure the device has not rebooted after the expansion interface card was removed. |
When an IRF member device splits from the IRF fabric, its settings are retained in memory but removed from the running configuration on the IRF fabric. Saving the running configuration before the IRF fabric recovers will remove the member device's settings from the next-startup configuration file.
If you have saved the running configuration before the member device rejoins the IRF fabric, perform the following steps to restore the member device settings to the next-startup configuration file:
1. Resolve the split issue.
2. Reboot the member device to rejoin the IRF fabric.
3. After the member device rejoins the IRF fabric, execute the display current-configuration command to verify that the member device's settings have been restored from memory to the running configuration.
4. Save the running configuration to the next-startup configuration file on the IRF fabric.
|
|
IMPORTANT: To ensure a successful configuration restoration, make sure the IRF fabric has not rebooted after the member device left. |
Procedure
To save the running configuration, perform one of the following tasks in any view:
|
Task |
Command |
Remarks |
|
Save the running configuration to a configuration file without specifying the file as a next-startup configuration file. |
save file-url [ all | slot slot-number ] |
N/A |
|
Save the running configuration to a configuration file and specify the file as a next-startup configuration file. |
save [ safely ] [ backup | main ] [ force ] [ changed ] |
Make sure you save the configuration to a file in the root directory of the storage medium. This command saves the configuration to all IRF member devices. As a best practice, specify the safely keyword for reliable configuration saving. If you specify only the safely keyword, the command saves the configuration to the main startup configuration file. If the force keyword is specified, the command saves the configuration to the existing next-startup configuration file. If the force keyword is not specified, the command allows you to specify a new next-startup configuration file. |
|
Save the running configuration only to the binary main next-startup configuration file. |
save binary-only |
N/A |
Configuring configuration rollback
To replace the running configuration with the configuration in a configuration file without rebooting the device, use the configuration rollback feature. This feature helps you revert to a previous configuration state or adapt the running configuration to different network environments.
The configuration rollback feature compares the running configuration against the specified replacement configuration file and handles configuration differences as follows:
· If a command in the running configuration is not in the replacement file, the rollback feature executes the undo form of the command.
· If a command in the replacement file is not in the running configuration, the rollback feature adds the command to the running configuration.
· If a command has different settings in the running configuration and the configuration file, the rollback feature replaces the running command setting with the setting in the configuration file.
To facilitate configuration rollback, the configuration archive feature was developed. This feature enables the system to save the running configuration automatically at regular intervals.
Configuration task list
|
Tasks at a glance |
|
(Required.) Setting configuration archive parameters |
|
(Required.) Perform one of the following tasks: |
|
(Required.) Rolling back configuration |
Setting configuration archive parameters
Configuration restrictions and guidelines
Before archiving the running configuration, either manually or automatically, you must set a file directory and file name prefix for configuration archives.
The archive directory can be located on the local device or on a remote SCP server.
Local archiving (the archive configuration location command) and remote archiving (the archive configuration server command) are mutually exclusive. You cannot use the two features at the same time.
|
|
IMPORTANT: In FIPS mode, the device does not support archiving the running configuration to a remote SCP server. |
If you use local archiving, the system handles archives as follows:
· Saves the running configuration only on the IRF master device. Configuration archives are named in the format of prefix_serial number.cfg, for example, archive_1.cfg and archive_2.cfg. The serial number is automatically assigned from 1 to 1000, increasing by 1. After the serial number reaches 1000, it restarts from 1.
· After the maximum number of configuration archives is reached, the system deletes the oldest archive to make room for the new archive.
· If you change the file directory or file name prefix on the local device, or reboot the device, the following events occur:
¡ The old configuration archives change to common configuration files.
¡ The configuration archive counter is reset.
¡ The display archive configuration command no longer displays the old configuration archives.
¡ The serial number for new configuration archives starts at 1.
If you archive the running configuration to a remote SCP server, the system handles archives as follows:
· Configuration archives are named in the format of prefix_YYYYMMDD_HHMMSS.cfg, for example, archive_20170526_203430.cfg.
· The maximum number of configuration archives on a remote SCP server depends on the SCP server setting and is not restricted by the archive configuration max command.
· If you change the file directory or file name prefix on the remote SCP server, the display archive configuration command no longer displays the old configuration archives saved before the change.
Setting local configuration archive parameters
To set the configuration archive parameters for archiving the running configuration to the local device:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Set the directory and file name prefix for archiving the running configuration. |
archive configuration location directory filename-prefix filename-prefix |
By default, no path or file name prefix is set for configuration archives, and the system does not regularly save configuration. The configuration archive directory must already exist on the IRF master device and cannot include a member ID. The undo form of this command performs the following operations: · Disables both the manual and automatic configuration archiving features. · Restores the default settings for the archive configuration interval and archive configuration max commands. · Clears the configuration archive information displayed by using the display archive configuration command. |
|
3. (Optional.) Set the maximum number of configuration archives. |
archive configuration max file-number |
The default number is 5. Change the setting depending on the amount of storage available on the device. |
Setting remote configuration archive parameters
To set the configuration archive parameters for archiving the running configuration to a remote SCP server:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Set the directory and file name prefix for archiving the running configuration to a remote SCP server. |
archive configuration server scp { ipv4-address | ipv6 ipv6-address } [ port port-number ] [ vpn-instance vpn-instance-name ] [ directory directory ] filename-prefix filename-prefix |
By default, no path or file name prefix is set for archiving the running configuration to a remote SCP server. The undo form of this command performs the following operations: · Disables both the manual and automatic configuration archiving features. · Restores the default setting for the archive configuration interval command. · Clears the configuration archive information displayed by using the display archive configuration command. |
|
3. Configure the username for logging in to the SCP server. |
archive configuration server user user-name |
By default, no username is configured for logging in to the SCP server. |
|
4. Configure the password for logging in to the SCP server. |
archive configuration server password { cipher | simple } string |
By default, no password is configured for logging in to the SCP server. |
Enabling automatic configuration archiving
Make sure you have set an archive path and file name prefix before performing this task.
To enable automatic configuration archiving:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable automatic configuration archiving and set the archiving interval. |
archive configuration interval interval |
By default, automatic configuration archiving is disabled. To display configuration archive names and their archiving time, use the display archive configuration command. |
Manually archiving the running configuration
To save system resources, disable automatic configuration archiving and manually archive the configuration if the configuration will not be changed very often. You can also manually archive configuration before performing complicated configuration tasks. Then, you can use the archive for configuration recovery if the configuration attempt fails.
Make sure you have set an archive path and file name prefix before performing this task.
Perform the following task in user view:
|
Task |
Command |
|
Manually archive the running configuration. |
archive configuration |
Rolling back configuration
|
|
CAUTION: To ensure a successful rollback, do not perform the following operations while the system is rolling back the configuration: · Install or remove expansion interface cards. · Perform a master/subordinate switchover. |
Make sure the replacement configuration file is created by using the configuration archive feature or the save command on the local device. If the configuration file is not created on the local device, make sure the command lines in the configuration file are fully compatible with the local device.
To perform a configuration rollback:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Roll the running configuration back to the configuration defined by a configuration file. |
configuration replace file filename |
The specified configuration file must not be encrypted and must be saved on the local device. |
The configuration rollback feature might fail to reconfigure some commands in the running configuration for one of the following reasons:
· A command cannot be undone because prefixing the undo keyword to the command does not result in a valid undo command. For example, if the undo form designed for the A [B] C command is undo A C, the configuration rollback feature cannot undo the A B C command. This is because the system does not recognize the undo A B C command.
· A command (for example, a hardware-dependent command) cannot be deleted, overwritten, or undone due to system restrictions.
· The commands in different views are dependent on each other.
· Commands or command settings that the device does not support cannot be added to the running configuration.
Configuring configuration commit delay
This feature enables the system to automatically remove the settings you made during a configuration commit delay interval if you have not manually committed them.
You specify the configuration commit delay interval by using the configuration commit delay timer. Any settings made during the delay interval will be automatically removed if you have not manually committed them before the timer expires.
This feature prevents a misconfiguration from causing the inability to access the device and is especially useful when you configure the device remotely.
When you use this feature, follow these restrictions and guidelines:
· In a multi-user context, make sure no one else is configuring the device.
· You cannot perform any operations during the configuration rollback.
· The configuration commit delay feature is a one-time setting. The feature is disabled when the commit delay timer expires or after a manual commit is performed.
· You can reconfigure the configuration commit delay timer before it expires to shorten or extend the commit delay interval. The settings made during the delay interval will be removed if you have not committed them before the new timer expires.
To configure the configuration commit delay feature:
|
Step |
Command |
|
1. Enter system view. |
system-view |
|
2. Start the commit delay timer. |
configuration commit delay delay-time |
|
3. (Optional.) Commit the settings configured after the commit delay timer started. |
configuration commit |
Specifying a next-startup configuration file
|
|
CAUTION: Using the undo startup saved-configuration command can cause an IRF split after the IRF fabric or an IRF member reboots. |
You can specify a .cfg file as a next-startup configuration file when you execute the save [ safely ] [ backup | main ] [ force ] command.
Alternatively, you can execute the startup saved-configuration cfgfile [ backup | main ] command to specify a .cfg configuration file as the main or backup next-startup configuration file.
When you perform this task, follow these restrictions and guidelines:
· Make sure the specified configuration file is valid and has been saved to the root directory of a storage medium on each IRF member device. In addition, make sure you save the file on the same type of storage medium across all member devices.
· If the startup configuration file is on a USB disk, do not remove the USB disk during the startup process. If you remove the USB disk, one of the following events will occur:
¡ In a single-member IRF fabric, the device will start up with the factory defaults.
¡ In a multimember IRF fabric, the device will leave the IRF fabric at startup and run the factory defaults.
· As a best practice, specify different files as the main and backup next-startup configuration files.
· The undo startup saved-configuration command changes the attribute of the main or backup next-startup configuration file to NULL instead of deleting the file.
To specify a next-startup configuration file, perform the following task in user view:
|
Task |
Command |
Remarks |
|
Specify a next-startup configuration file. |
startup saved-configuration cfgfile [ backup | main ] |
By default, no next-startup configuration files are specified. If you do not specify the backup or main keyword, this command specifies the configuration file as the main next-startup configuration file. Use the display startup command and the display saved-configuration command in any view to verify the configuration. |
Backing up the main next-startup configuration file to a TFTP server
Before performing this task, make sure the following requirements are met:
· The server is reachable.
· The server is enabled with TFTP service.
· You have read and write permissions to the server.
To back up the main next-startup configuration file to a TFTP server:
|
Step |
Command |
Remarks |
|
1. (Optional.) Verify that a next-startup configuration file has been specified in user view. |
display startup |
If no next-startup configuration file has been specified or the specified configuration file does not exist, the backup operation will fail. |
|
2. Back up the next-startup configuration file to a TFTP server in user view. |
backup startup-configuration to { ipv4-server | ipv6 ipv6-server } [ dest-filename ] [ vpn-instance vpn-instance-name ] |
This command is not supported in FIPS mode. |
Restoring the main next-startup configuration file from a TFTP server
Perform this task to download a configuration file to the device from a TFTP server and specify the file as the main next-startup configuration file.
Before restoring the main next-startup configuration file, make sure the following requirements are met:
· The server is reachable.
· The server is enabled with TFTP service.
· You have read and write permissions to the server.
To restore the main next-startup configuration file from a TFTP server:
|
Step |
Command |
Remarks |
|
1. Restore the main next-startup configuration file from a TFTP server in user view. |
restore startup-configuration from { ipv4-server | ipv6 ipv6-server } src-filename [ vpn-instance vpn-instance-name ] |
This command is not supported in FIPS mode. |
|
2. (Optional.) Verify that the specified configuration file has been set as the main next-startup configuration file. |
display startup display saved-configuration |
N/A |
Deleting a next-startup configuration file
|
|
CAUTION: This task permanently deletes a next-startup configuration file from the device. In an IRF fabric, this task permanently deletes a next-startup configuration file from all IRF member devices. |
You can perform this task to delete a next-startup configuration file.
If both the main and backup next-startup configuration files are deleted, the device uses the factory defaults at the next startup.
To delete a file that is set as both main and backup next-startup configuration files, you must execute both the reset saved-configuration backup command and the reset saved-configuration main command. Using only one of the commands removes the specified file attribute instead of deleting the file.
For example, if the reset saved-configuration backup command is executed, the backup next-startup configuration file setting is set to NULL. However, the file is still used as the main file. To delete the file, you must also execute the reset saved-configuration main command.
Perform the following task in user view:
|
Task |
Command |
Remarks |
|
Delete a next-startup configuration file. |
reset saved-configuration [ backup | main ] |
If you do not specify the backup or main keyword, this command deletes the main next-startup configuration file. |
Displaying and maintaining configuration files
Execute display commands in any view and reset commands in user view.
|
Task |
Command |
|
Display configuration archive information. |
display archive configuration |
|
Display the running configuration. |
display current-configuration [ [ configuration [ module-name ] | interface [ interface-type [ interface-number ] ] ] [ all ] | slot slot-number ] |
|
Display the differences that the running configuration has as compared with the next-startup configuration. |
display current-configuration diff |
|
Display the factory defaults. |
display default-configuration |
|
Display the differences between configurations. |
· display diff configfile file-name-s { configfile file-name-d | current-configuration | startup-configuration } · display diff current-configuration { configfile file-name-d | startup-configuration } · display diff startup-configuration { configfile file-name-d | current-configuration } |
|
Display the contents of the configuration file for the next system startup. |
display saved-configuration |
|
Display the names of the configuration files for this startup and the next startup. |
display startup |
|
Display the valid configuration in the current view. |
display this [ all ] |
|
Delete a next-startup configuration file. |
reset saved-configuration [ backup | main ] |
