Login
- Table of Contents
-
- 01 Fundamentals Configuration Guide
- 00-Preface
- 01-CLI configuration
- 02-Login management configuration
- 03-RBAC configuration
- 04-FTP and TFTP configuration
- 05-File system management configuration
- 06-Configuration file management configuration
- 07-Software upgrade configuration
- 08-ISSU configuration
- 09-Device management configuration
- 10-Tcl configuration
- 11-Python configuration
- 12-License management
- 13-Automatic configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 06-Configuration file management configuration | 140.54 KB |
Startup configuration loading process
Startup configuration file selection
Configuration file content organization and format
General configuration restrictions and guidelines
Enabling configuration encryption
Displaying configuration differences between configuration files
Saving the running configuration
Using different methods to save the running configuration
Configuring configuration rollback
Configuring configuration archive parameters
Enabling automatic configuration archiving
Manually archiving the running configuration
Specifying a next-startup configuration file
Backing up the main next-startup configuration file to a TFTP server
Restoring the main next-startup configuration file from a TFTP server
Deleting a next-startup configuration file
Displaying and maintaining configuration files
Overview
A configuration file saves a set of commands for configuring software features on the device. You can save any configuration to a configuration file so they can survive a reboot. You can also back up configuration files to a host for future use.
You can use the CLI or the Boot menus to manage configuration files. This chapter explains how to manage configuration files from the CLI.
Configuration types
The configuration loaded at startup is called "startup configuration" and the configuration that is running on the device is called "running configuration."
Startup configuration
The device uses startup configuration to configure software features during startup.
The following are sources of startup configuration:
· Initial settings—Initial values or states for parameters. If the device starts up with empty configuration, all parameters use their initial settings at startup.
No commands are available to display the initial settings. For more information about these settings, see the Default sections in the command references.
· Factory defaults—Product-specific default settings that are different from initial settings. The factory defaults are included in the .ipe software image file. If you do not configure the device to start up with the initial settings or a startup configuration file, the device loads the factory defaults to configure features at startup. If a parameter is not included in the factory defaults, the device uses its initial settings.
To display the factory defaults, use the display default-configuration command.
· Startup configuration file—Configuration file you specify in the Boot menus or CLI for startup. The file is called the "next-startup configuration file." After the file is loaded at startup, it is also called the "current startup configuration file." For high availability, you can specify two next-startup configuration files, one main and one backup (see "Specifying a next-startup configuration file").
To display the current startup configuration file and the next-startup configuration files, use the display startup command.
To display the contents of the configuration file for the next system startup, use the display saved-configuration command. This command does not display settings that have not been saved to the configuration file.
Running configuration
The running configuration includes unchanged startup settings and new settings. The running configuration is stored in the memory and is cleared at a device reboot or power off. To use the running configuration after a power cycling or reboot, save it to a configuration file.
To display the running configuration, use the display current-configuration command. The displayed configuration does not include parameters that use initial settings.
Startup configuration loading process
Figure 1 shows the configuration loading process during startup.
Figure 1 Configuration loading process during startup
The device uses the following process to select the startup configuration file to load at startup:
1. If you access the Boot menus to select the Skip Current System Configuration option, the device starts up with empty configuration. All parameters use their initial settings.
2. If you do not access the Boot menus to select the Skip Current System Configuration option, the following process applies:
a. If you have specified a main startup configuration file, and this configuration file is available, the device starts up with this startup configuration file.
b. If you have not specified a main startup configuration file, or the specified main startup configuration file is not available, the device searches for the backup startup configuration file.
c. If you have not specified a backup startup configuration file, or the specified file is not available, the device starts up with the factory defaults. If a parameter is not included in the factory defaults, its initial setting is used.
Configuration file formats
Configuration files you specify for saving configuration must use the .cfg extension. A .cfg configuration file is a human-readable text file. When you save configuration to a .cfg file, the device automatically saves the configuration to an .mdb user-inaccessible binary file that has the same name as the .cfg file. The device loads an .mdb file faster than loading a .cfg file.
Startup configuration file selection
At startup, the device uses the following procedure to identify the configuration file to load:
1. The device searches for a valid .cfg next-startup configuration file.
2. If one is found, the device searches for an .mdb file that has the same name and content as the .cfg file.
3. If an .mdb file has the same name and content as the .cfg file, the device starts up with the .mdb file. If none is found, the device starts up with the .cfg file.
Unless otherwise stated, the term "configuration file" in this document refers to a .cfg configuration file.
Configuration file content organization and format
|
|
IMPORTANT: To run on the device, a configuration file must meet the content and format requirements. To ensure a successful configuration load at startup, use a configuration file that was automatically created on the device or created by using the save command. If you edit the configuration file, make sure all edits are compliant with the requirements. |
A configuration file must meet the following requirements:
· All commands are saved in their complete form.
· Commands are sorted in sections by different command views, including system view, interface view, protocol view, and user line view.
· Two adjacent sections are separated by a comment line that starts with a pound sign (#).
· The configuration file ends with the word return.
The following is a sample configuration file excerpt:
#
local-user root class manage
password hash $h$6$Twd73mLrN8O2vvD5$Cz1vgdpR4KoTiRQNE9pg33gU14Br2p1VguczLSVyJLO2huV5Syx/LfDIf8ROLtVErJ/C31oq2rFtmNuyZf4STw==
service-type ssh telnet terminal
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
interface FortyGigE1/1/1
port link-mode route
ip address 1.1.1.1 255.255.255.0
#
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.
General configuration restrictions and guidelines
When you manage the next-startup configuration files, follow these restrictions and guidelines:
· Save the next-startup configuration files to the root directory of the default storage medium. The device loads startup configuration files only from the default storage medium. You can access the Boot menus to specify the built-in flash memory or the USB disk as the default storage medium.
· In a multichassis IRF fabric, make sure all member devices use the same type of storage medium as the default storage medium.
· If the USB disk is used to store the startup configuration files, do not remove the USB disk during the startup process. If you remove the USB disk on a device, one of the following consequences occurs:
¡ In a single-chassis IRF fabric, the device starts up with the factory defaults.
¡ In a multichassis IRF fabric, the device leaves the IRF fabric at startup and runs the factory defaults.
Enabling configuration encryption
Configuration encryption enables the device to encrypt a startup configuration file automatically when it saves the running configuration. All H3C devices running Comware V7 software use the same private key or public key to encrypt configuration files.
|
|
NOTE: Only H3C devices running Comware V7 software can decrypt the encrypted configuration files. |
To enable configuration encryption:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable configuration encryption. |
configuration encrypt { private-key | public-key } |
By default, configuration encryption is disabled. Configuration is saved unencrypted. |
Displaying configuration differences between configuration files
You can use the commands in this section to display the configuration differences between two configuration files.
If you specify the next-startup configuration file for comparison, the system searches the next-startup configuration file in the following order:
1. The main next-startup configuration file.
2. The backup next-startup configuration file if the main next-startup configuration file is unavailable or corrupt.
If both the main and backup next-startup configuration files are unavailable or corrupt, the system prompts that the next-startup configuration file does not exist.
To display the configuration differences between two configuration files in any view:
|
Task |
Command |
|
Display the configuration differences between two specified configuration files. |
display diff configfile file-name-s configfile file-name-d |
|
Display the configuration differences between the specified configuration file and the current startup configuration file. |
· Method 1: ·
Method 2: |
|
Display the configuration differences between the specified configuration file and the next-startup configuration file. |
· Method 1: ·
Method 2: |
|
Display the configuration differences between the next-startup configuration file and the current startup configuration file. |
·
Method 1: ·
Method 2: · Method 3: |
Saving the running configuration
Restrictions and guidelines
On a multichassis IRF fabric, use the display irf command to verify that the IRF topology is correct before you save the running configuration. After a member device leaves because of an IRF split, the member device's settings are still retained in the running configuration and the next-startup configuration file. However, saving the running configuration before recovering the IRF fabric removes the member device's settings from the next-startup configuration file.
If you have saved the running configuration to the next-startup configuration file after an IRF split occurs, use the following method to restore the next-startup configuration file:
1. Fix the split problem.
2. Reboot the member device after the device rejoins the fabric.
3. Execute the display current-configuration command to verify that the member device's settings are retained in the running configuration on the IRF fabric.
¡ If the settings are retained, you can directly save the running configuration to the next-startup configuration file on the IRF fabric.
¡ If the settings are lost, you must reconfigure the member device on the IRF fabric and then save the running configuration to the next-startup configuration file.
Using different methods to save the running configuration
When saving the running configuration to a configuration file, you can specify the file as the next-startup configuration file.
If you are specifying the file as the next-startup configuration file, use one of the following methods for saving the configuration:
· Fast mode—Use the save command without the safely keyword. In this mode, the device directly overwrites the target next-startup configuration file. If a reboot or power failure occurs during this process, the next-startup configuration file is lost. You must specify a new startup configuration file after the device reboots (see "Specifying a next-startup configuration file").
· Safe mode—Use the save command with the safely keyword. Safe mode is slower than fast mode, but more secure. In safe mode, the system saves configuration in a temporary file and starts overwriting the target next-startup configuration file after the save operation is complete. If a reboot or power failure occurs during the save operation, the next-startup configuration file is still retained.
Use the safe mode if the power source is not reliable or you are remotely configuring the device.
To save the running configuration, use either of the following command in any view:
|
Task |
Command |
Remarks |
|
Save the running configuration to a configuration file without specifying the file as a next-startup configuration file. |
save file-url [ all | slot slot-number ] |
N/A |
|
Save the running configuration to a configuration file and specify the file as a next-startup configuration file. |
save [ safely ] [ backup | main ] [ force ] |
This command saves the configuration to a file on the default storage medium. For reliable configuration saving, H3C recommends that you specify the safely keyword. If you specify only the safely keyword, the command saves the configuration to the main startup configuration file. If the force keyword is specified, the command saves the configuration to the existing next-startup configuration file. If the force keyword is not specified, the command allows you to specify a new next-startup configuration file. |
Configuring configuration rollback
To replace the running configuration with the configuration in a configuration file without rebooting the device, use the configuration rollback function. This function helps you revert to a previous configuration state or adapt the running configuration to different network environments.
The configuration rollback function compares the running configuration against the specified replacement configuration file and handles configuration differences as follows:
· If a command in the running configuration is not in the replacement file, the rollback function executes the undo form of the command.
· If a command in the replacement file is not in the running configuration, the rollback function adds the command to the running configuration.
· If a command has different settings in the running configuration and the configuration file, the rollback function replaces the running command setting with the setting in the configuration file.
To facilitate configuration rollback, the configuration archive function was developed. This function enables the system to save the running configuration automatically at regular intervals.
Configuration task list
|
Tasks at a glance |
|
(Required.) Configuring configuration archive parameters |
|
(Required.) Perform either task: |
|
(Required.) Rolling back configuration |
Configuring configuration archive parameters
Before archiving the running configuration, either manually or automatically, you must configure a file directory and file name prefix for configuration archives.
Configuration archives are saved with the file name format prefix_serial number.cfg, for example, 20080620archive_1.cfg and 20080620archive_2.cfg. The serial number is automatically assigned from 1 to 1000, increasing by 1. After the serial number reaches 1000, it restarts from 1.
After you change the file directory or file name prefix, or reboot the device, all of the following events occur:
· The old configuration archives are regarded as common configuration files.
· The configuration archive counter is reset.
· The display archive configuration command no longer displays the old configuration archives.
· The serial number for new configuration archives starts at 1.
After the maximum number of configuration archives is reached, the system deletes the oldest archive to make room for the new archive.
Configuration guidelines
In an IRF fabric, the configuration archive function saves the running configuration only on the master device. To ensure that the system can archive the running configuration after a master/subordinate switchover, create the directory on all IRF members.
Configuration procedure
To configure configuration archive parameters:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Configure the directory and file name prefix for archiving the running configuration. |
archive configuration location directory filename-prefix filename-prefix |
Do not include member ID information in the directory name. By default, no path or file name prefix is set for configuration archives, and the system does not regularly save configuration.
The undo form of this command disables both manual and automatic configuration archiving, restores the default settings for the archive configuration interval and archive configuration max commands, and deletes all saved configuration archives. |
|
3. (Optional.) Set the maximum number of configuration archives. |
archive configuration max file-number |
The default number is 5. Change the setting depending on the amount of storage available on the device. |
Enabling automatic configuration archiving
Make sure you have set an archive path and file name prefix before performing this task.
To enable automatic configuration archiving:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable automatic configuration archiving and set the archiving interval. |
archive configuration interval minutes |
By default, this function is disabled. To display configuration archive names and their archiving time, use the display archive configuration command. |
Manually archiving the running configuration
To save system resources, disable automatic configuration archiving and manually archive the configuration if the configuration will not be changed very often. You can also manually archive configuration before performing complicated configuration tasks. Then, you can use the archive for configuration recovery if the configuration attempt fails.
Make sure you have set an archive path and file name prefix before performing this task.
Perform the following task in user view:
|
Task |
Command |
|
Manually archive the running configuration. |
archive configuration |
Rolling back configuration
To avoid a rollback failure, follow these guidelines:
· Make sure the replacement configuration file is created by using the configuration archive function or the save command on the local device.
· If the configuration file is not created on the local device, make sure the command lines in the configuration file are fully compatible with the local device.
· The replacement configuration file is not encrypted.
To perform a configuration rollback:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Roll the running configuration back to the configuration defined by a configuration file. |
configuration replace file filename |
The specified configuration file must not be encrypted. |
The configuration rollback function might fail to reconfigure some commands in the running configuration for one of the following reasons:
· A command cannot be undone because prefixing the undo keyword to the command does not result in a valid undo command. For example, if the undo form designed for the A [B] C command is undo A C, the configuration rollback function cannot undo the A B C command. This is because the system does not recognize the undo A B C command.
· A command (for example, a hardware-dependent command) cannot be deleted, overwritten, or undone due to system restrictions.
· The commands in different views are dependent on each other.
· Commands or command settings that the device does not support cannot be added to the running configuration.
Specifying a next-startup configuration file
|
|
CAUTION: In an IRF fabric, use the undo startup saved-configuration command with caution. This command can cause an IRF split after the IRF fabric or an IRF member reboots. |
You can use the save [ safely ] [ backup | main ] [ force ] command to save the running configuration to a .cfg configuration file. The .cfg configuration file can be specified as both the main and backup next-startup configuration files.
Alternatively, you can use the startup saved-configuration cfgfile [ backup | main ] command to specify a .cfg configuration file as the main or backup next-startup configuration file. Make sure the specified configuration file is valid and saved to the root directory of each member device's default storage medium.
To specify a next-startup configuration file, perform the following task in user view:
|
Task |
Command |
Remarks |
|
Specify the next-startup configuration file. |
startup saved-configuration cfgfile [ backup | main ] |
By default, no next-startup configuration file is specified. Use the display startup command and the display saved-configuration command in any view to verify the configuration. If you specify neither the backup keyword nor the main keyword, this command sets the configuration file as the main next-startup configuration file. Even though the main and backup next-startup configuration files can be the same one, specify them as separate files for high availability. The undo startup saved-configuration command changes the attribute of the main or backup next-startup configuration file to NULL instead of deleting the file. |
Backing up the main next-startup configuration file to a TFTP server
Before performing this task, make sure the following requirements are met:
· The server is reachable.
· The server is enabled with TFTP service.
· You have read and write permissions to the server.
To back up the main next-startup configuration file to a TFTP server:
|
Step |
Command |
Remarks |
|
1. (Optional.) Verify that a next-startup configuration file has been specified in user view. |
display startup |
If no next-startup configuration file has been specified, the backup operation will fail. |
|
2. Back up the next-startup configuration file to a TFTP server in user view. |
backup startup-configuration to dest-addr [dest-filename ] |
This command is not supported in FIPS mode. |
Restoring the main next-startup configuration file from a TFTP server
To restore the main next-startup configuration file from a TFTP server, the device performs the following operations:
· Downloads a configuration file from a TFTP server to the root directory of each member's default storage medium.
· Specifies the file as the main next-startup configuration file.
Before restoring the next-startup configuration file, make sure the following requirements are met:
· The server is reachable.
· The server is enabled with TFTP service.
· You have read and write permissions to the server.
To restore the main next-startup configuration file from a TFTP server:
|
Step |
Command |
Remarks |
|
1. Restore the main next-startup configuration file from a TFTP server in user view. |
restore startup-configuration from src-addr src-filename |
This command is not supported in FIPS mode. |
|
2. (Optional.) Verify that the specified configuration file has been set as the main next-startup configuration file. |
display startup display saved-configuration |
N/A |
Deleting a next-startup configuration file
|
|
CAUTION: This task permanently deletes the next-startup configuration file from all member devices. Before performing this task, back up the file as needed. |
Delete the next-startup configuration file if one of the following events occurs:
· After you upgrade system software, the file no longer matches the new system software.
· The file is corrupt or not fully compatible with the device.
If both the main and backup next-startup configuration files are deleted, the device uses factory defaults at the next startup.
To delete a file that is set as both main and backup next-startup configuration files, you must execute both the reset saved-configuration backup command and the reset saved-configuration main command. Using only one of the commands removes the specified file attribute instead of deleting the file.
For example, if the reset saved-configuration backup command is executed, the backup next-startup configuration file setting is set to NULL. However, the file is still used as the main file. To delete the file, you must also execute the reset saved-configuration main command.
Perform the following task in user view:
|
Task |
Command |
Remarks |
|
Delete next-startup configuration files. |
reset saved-configuration [ backup | main ] |
If neither backup nor main is specified, this command deletes the main next-startup configuration file. |
Displaying and maintaining configuration files
Execute display commands in any view.
|
Task |
Command |
|
Display information about configuration rollback. |
display archive configuration |
|
Display the running configuration. |
display current-configuration [ configuration [ module-name ] | interface [ interface-type [ interface-number ] ] ] |
|
Display the configuration differences between the current startup configuration file and the next-startup configuration file. |
|
|
Display the factory defaults. |
display default-configuration |
|
Display the configuration differences between two configuration files. |
· display diff configfile file-name-s { configfile file-name-d | current-configuration | startup-configuration } · display diff current-configuration { configfile file-name-d | startup-configuration } · display diff startup-configuration { configfile file-name-d | current-configuration } |
|
Display the contents of the configuration file for the next system startup. |
display saved-configuration |
|
Display the names of the configuration files for this startup and the next startup. |
display startup |
|
Display the valid configuration in the current view. |
display this |
