Download

Title	Size	Downloads
SECPATH9000EM-CMW710-R9001P39_IPE.zip	167.31 MB
SECPATH9000EM-CMW710-R9001P39_BIN.zip	167.30 MB
H3C_SECPATH9000EM-BLADEFWM9000E-CMW710-R9001P39_Release_Notes.pdf	1.55 MB
H3C_SECPATH9000EM-BLADEFWM9000E-CMW710-R9001P39_Release_Notes_(Software_Feature_Changes).pdf	188.72 KB
BLADEFWM9000E-CMW710-R9001P39_IPE.zip	163.88 MB
BLADEFWM9000E-CMW710-R9001P39_BIN.zip	163.88 MB


H3C SECPATH9000EM-BLADEFWM9000E-CMW710-R9001P39
Release Notes

Contents

Introduction· 1

Version information· 1

Version number 1

Version history· 1

Hardware and software compatibility matrix· 2

Upgrade restrictions and guidelines· 3

Hardware feature updates· 4

R9001P39· 4

Software feature and command updates· 4

MIB updates· 4

Operation changes· 5

R9001P39· 5

Restrictions and cautions· 5

Restrictions· 5

IRF· 5

NAT service and traffic redirecting· 5

User-defined contexts· 7

Attack defense· 7

Policies· 7

DPI services· 8

Redundancy groups and failover groups· 8

Registering and installing licenses· 14

Open problems and workarounds· 14

List of resolved problems· 15

Resolved problems in R9001P39· 15

Troubleshooting resources· 15

Introduction

This document describes the features, restrictions and guidelines, open problems, and workarounds for version R9001P39. Before you use this version on a live network, back up the configuration and test the version to avoid software upgrade affecting your live network.

Use this document in conjunction with H3C SECPATH9000EM-BLADEFWM9000E-CMW710-R9001P39 Release Notes (Software Feature Changes) and the documents listed in "Related documentation."

Version information

Version number

Comware software, Version 7.1.064, Release 9001P39

Note: You can see the version number with the display version command in any view. Please see Note①.

Version history

Table 1 Version history

Version number	Last version	Release date	Release type	Remarks
R9001P39	R9001P3003	2022-06-27	Release	Released as version of the year and for overseas
R9001P3003	R9001P3001	2021-11-26	Release	Released as version of the year
R9001P3001	R9001P30	2021-09-24	Release	Released for the use of Technical Support
R9001P30	R9001P29	2021-08-30	Release	Released for the use of Technical Support
R9001P29	R9001P2411	2021-06-22	Release	Released for production use
R9001P2411	R9001P22	2021-04-22	Release	Released for the use of Technical Support
R9001P22	None	2020-12-12	Release	Released for the use of Technical Support
E9001P1407	E9001P1404	2020-11-30	ESS	Restricted to the use of project 530 in Shanghai
E9001P1404	E9001P1401	2020-07-07	ESS	Restricted to the use of project 530 in Shanghai
E9001P1401	N/A	2020-05-19	ESS	Restricted to the use of project 530 in Shanghai

Hardware and software compatibility matrix

CAUTION:

To avoid an upgrade failure, use Table 2 to verify the hardware and software compatibility before performing an upgrade.

Table 2 Hardware and software compatibility matrix

Item	Specifications
Hardware platform	M9000-AI-E8, M9000-AI-E16
Memory	MPU: 8 GB SecBlade module: 64 GB
Storage	MPU: 1 GB SecBlade module: 8 GB
BootWare version	E8 MPU: 158 E16 MPU: 158 SecBlade module: 1.02 (Note: Execute the display version command in any view to view the version information. Please see Note②)
Software images and their MD5 checksums	IPE files: SECPATH9000EM-CMW710-R9001P39.ipe (MPU): 58ce8a4cad982f975a6761d3824c235f; BLADEFWM9000E-CMW710-R9001P39.ipe (SecBlade module): 0b07bf9c9f556d600b670c1b983e8d9e; BIN files: M9000E-CMW710-BOOT-R9001P39.bin (MPU): 37c03d7d877d23f04fcf34e06368cbff; M9000E-CMW710-SYSTEM-R9001P39.bin (MPU): 7f4b50529684c0058385add36cdb87ff; BLADE4FWM9000-E-CMW710-BOOT-R9001P39.bin (SecBlade module): 850ae53ad3bfc472ec05037561ea1a66; BLADE4FWM9000-E-CMW710-SYSTEM-R9001P39.bin (SecBlade module): 3e5fe4a36b6d5d156253a23e64de2ccc;
iMC version	iMC EIA 7.3 (E0604P01)(openJDK) iMC IVM 7.3 (E0503)(openJDK) iMC MVM 7.3 (E0506)(openJDK) iMC NTA 7.3 (E0506P03)(openJDK) iMC PLAT 7.3 (E0705)(openJDK) iMC QoSM 7.3 (E0504)(openJDK) iMC SHM 7.3 (E0506)(openJDK) iMC SSM 7.3 (E0505P03)(openJDK) iMC UBA 7.3 (E0506P03)(openJDK)
iNode version	iNode PC 7.3 (E0538)(openJDK)
Versions of other companion software components	AD SSO login software: 1.02 City hot spot companion version: BS 5.0 or later Srun software: 2.2 or later
ADE companion version	BLADEADEM9000AD-CMW710-R9001P3003 or later, supported only by M9000-AI-E8 devices
Remarks	N/A

Sample: To display the host software and BootWare version of M9000-AI-E8, perform the following:

RBM_P[M9KE-L] display version

H3C Comware Software, Version 7.1.064, Release 9001P39

H3C SecPath M9000-AI-E8 uptime is 0 weeks, 0 days, 20 hours, 47 minutes

Last reboot reason : User reboot

Boot image: flash:/M9000E-CMW710-BOOT-R9001P39.bin

Boot image version: 7.1.064, Release 9001P39

Compiled Jun 07 2022 14:00:00

System image: flash:/M9000E-CMW710-SYSTEM-R9001P39.bin

System image version: 7.1.064, Release 9001P39

Compiled Jun 07 2022 14:00:00

LPU 2:

Uptime is 0 weeks,0 days,21 hours,47 minutes

H3C SecPath M9000-AI-E8 LPU with 1 ARM Processor

BOARD TYPE: NSQM5MBSHA1

DRAM: 2048M bytes

PCB 1 Version: VER.C

SUBCARD 1 PCB Version:VER.A

Bootrom Version: 312

CPLD 1 Version: 002

SUBCARD 1 CPLD Version:001

Release Version: H3C SecPath M9000-AI-E8-9001P39

Patch Version : None

Reboot Cause : UserReboot

PowChip Version: NONE

Upgrade restrictions and guidelines

· The vCPU monitoring command on an M9KE service module does not monitor the interrupted core vCPU3. After the upgrade, you must reconfigure monitoring the concerned cores.

· Do not save the configuration if the IRF fabric splits during the upgrade process. If you do that, the configuration of the original dual-device IRF fabric will be lost.

· SecPath M9000-AI-E8 and SecPath M9000-AI-E16 devices do not support ISSU.

Hardware feature updates

R9001P39

None.

Software feature and command updates

For more information about the software feature and command update history, see H3C SECPATH9000EM-BLADEFWM9000E-CMW710-R9001P39 Release Notes (Software Feature Changes).

MIB updates

Table 3 MIB updates

Item	MIB file	Module	Description
R9001P39
New	None	None	None
Modified	None	None	None
R9001P3003
New	None	None	None
Modified	None	None	None
R9001P3001
New	None	None	None
Modified	None	None	None
R9001P30
New	None	None	None
Modified	None	None	None
R9001P29
New	None	None	None
Modified	None	None	None
R9001P2411
New	None	None	None
Modified	None	None	None
R9001P22
New	None	None	None
Modified	None	None	None
E9001P1407
New	None	None	None
Modified	None	None	None
E9001P1404
New	None	None	None
Modified	None	None	None

Operation changes

R9001P39

None.

Restrictions and cautions

Before performing an upgrade, see H3C SECPATH9000EM-BLADEFWM9000E-CMW710-R9001P39 Release Notes (Software Feature Changes) and related documentation to see the software feature changes and evaluate the influence on the service.

NOTE:

SecBlade modules refer to NS-FWEMPA1 service modules.

Restrictions

IRF

· You must use transceiver modules and fibers for IRF links. The IRF physical interfaces must operate at 10 Gbps, 40 Gbps, or 100 Gbps.

· You can bind a maximum of 16 physical interfaces to an IRF port.

· In IRF mode, the IRF bridge MAC address of an IRF fabric does not change even after the address owner leaves the IRF fabric.

· The physical interfaces on an interface module are grouped by interface number in order, starting from 1. Each group contains four physical interfaces. When you use the physical interfaces in a group for IRF links, follow these restrictions and guidelines:

¡ If you use one physical interface in a group as an IRF physical interface, the remaining physical interfaces in the group can only act as IRF physical interfaces. You cannot use them for any other purposes. To use a physical interface in a group for any purpose other than IRF physical interfaces, do not bind any of the interfaces in the group to an IRF port.

¡ You must shut down all physical interfaces in a group before you can assign or remove any of the interfaces to or from an IRF port. To bring up the interfaces after the assignment or removal is complete, execute the undo shutdown command.

NAT service and traffic redirecting

· The capacity of flow entry learning is limited on each interface module. When the flow table is full, traffic redirecting goes abnormal. Make sure the flow table will not be full after the configuration is deployed. When the ACL resources are insufficient, a serial interface is not responding for a long time if the device deploys a large number of static NAT settings. Because the service module supports a limited number of flow entries, add address ranges with consecutive addresses in the NAT address pool. For example, specify the start IP address as 10.0.0.16 and the end IP address as 10.0.0.31.

· The number of IP addresses in the NAT address pool cannot be less than the value of multiplying the number of failover groups by 2. A failover group can be automatic or manual. The type of the failover groups across the entire device must be the same.

· If QoS traffic redirecting is used to redirect traffic to a Blade card, for successful traffic redirection, redirect the traffic to the automatic failover group instead of redirecting traffic to the card. The failover group, OpenFlow, and Blade card are in descending order of priority.

· The hardware fast forwarding does not support forwarding based on VPN instance. This is because the switching chips on the interface modules are not VPN-aware, and the VPN instance information in OpenFlow entries is not deployed. If VPN instance information is configured in the QoS traffic redirection rule, the QoS rule cannot take effect. A packet arriving at an access port cannot match the VLAN information in the OpenFlow rules that carry VLAN information.

· If NAT is configured on a Reth interface which is assigned to the user-defined context in shared mode, the device cannot issue OpenFlow entries.

· In the software release, the public IP addresses in the static NAT mappings and the IP addresses in the public NAT address pool cannot overlap.

· The NAT address pool members cannot include local interface address or virtual IP address of a VRRP group. In user context, when configuring VRRP groups for the subinterfaces of the same main interface, specify different VRIDs for the VRRP groups.

· NAT ALG does not support ACG translation for fragments. For NAT ALG to function correctly, do not specify the GRE, ICMP, OSPF, TCP, or UDP protocol matching criteria in the ACL rules that are used to identify packet for NAT processing.

· On an M9000, the interfaces with NAT hairpin configured does not deploy traffic redirection rules, therefore, load sharing among multiple Blade cards is not supported. The status of the interface that connects to the public network does not affect NAT hairpin. This is because the source and destination IP address of the packets are translated on the interface connected to the internal network.

· AFT is not supported on VLAN interfaces, subinterfaces, Reth interfaces where a member interface is a subinterface, or interfaces that are assigned to a context in shared mode. If you configure AFT prefix translation, do not configure VPN instances on the interface. On one device, NAT and AFT cannot process the same packet. AFT does not support the previous hop keeping feature.

· NAT66 prefix translation must be used together with QoS policies.

· The device does not deploy flow entries for SSL VPN IP resources. Therefore, configure NAT or a traffic redirecting policy to enable the device to deploy flow entries for SSL VPN IP resources.

· As a best practice, set the aging time for udp-ready no shorter than 3 seconds in the session aging-time state command.

· When both the nat outbound address-group and bfd enable commands are executed on an interface, you must use the nat outbound acl command to perform NAT for only traffic matching the specified ACL and avoid performing NAT for BFD packets.

· After you configure an IPv6-to-IPv4 source address translation policy in a non-default context and inject SIP-UDP traffic, the reverse packets of subsessions are lost because the relation entries and source port translation have exceptions.

User-defined contexts

· Rebooting a context while a service module is in unstable state might cause exceptions. Before rebooting a context, use the display system stable state command to verify that all service modules are in Stable state.

· The default Blade controller team must contain SecBlade security service modules in normal state. The multicast packets and broadcast packets are redirected to the default controller team. When the default controller team does not contain SecBlade service modules, multicast packets and broadcast packets cannot be processed. When multiple contexts exist on the device, if the security engine group used by contexts have multiple SecBlade service modules, the broadcast and multicast packets will be broadcast among each node, which causes high CPU usage. When contexts use shared interfaces, multicast traffic will be replicated among contexts, which causes high CPU usage.

· When inband management is used, the controller or local manager will be stuck or lose management when the CPU usage is high because the forwarding services are busy.

Attack defense

· For an M9000, the global statistics for a service is collected and displayed on a per-engine basis, and the threshold setting is deployed per engine. For example, if you want to limit the number of connections on the device, the threshold is the total number of connection limit divided by the number of engines.

· If a static blacklist entry uses an object group, only IPv4 or IPv6 address object groups can be used.

Policies

· Some configuration entries of interzone policies do not support policy acceleration, which affects the device forwarding performance. As a best practice, preferentially use security policies.

· A security policy and a packet filter can be configured at the same time, but the former has higher priority over the latter.

· An object policy and a packet filter can be configured at the same time, but the former has higher priority over the latter.

· A security policy and an object policy cannot take effect at the same time. If the security-policy disable command is executed, the object policy takes effect. Otherwise, the security policy takes effect.

· If an object policy is enabled with rule matching acceleration, an object policy rule takes effect even if the specified track entry is in Negative state.

· Fast forwarding entries can be created for the following fields in a rule of an ACL used in a packet filter:

¡ Source/Destination IP address

¡ Source/Destination port number

¡ Protocol number

¡ VPN instance

¡ ICMP type

¡ ICMP code

If other fields that do not support fast forwarding are configured in the rule, the matching packets cannot be fast forwarded.

· When acceleration is enabled for a security policy (acceleration is enabled by default) and object policy and a rule references nested service object groups, all source ports and destination ports are ORed. As a result, all traffic is forwarded.

DPI services

· DPI services do not support stateful failover. DPI services cannot inspect packets correctly in a network that has asymmetric traffic.

· After upgrading the software of a DPI service module, do not downgrade its signature library because earlier signature library versions might not be compatible with the software version. For successful signature library upgrade triggered at the CLI, make sure the device port used for the upgrade is not bound to a VPN instance.

· It takes some time for the log and report data of DPI service modules to be displayed on the Web interface. The total size of the log and report data of a DPI service module is limited. When the limit is reached, new data will overwrite the oldest data by default.

· APR cannot recognize the application layer protocol of packets transmitted across VPN instances. Signatures with regular expression-based match patterns in a user-defined NBAR rule cannot match packet data in the raw-body, raw-header, and raw-content fields that are transmitted in different TCP segments. The device starts APR statistics collection for packets after you configure ARP settings on it. However, the APR settings do not take effect on packets already processed by the device so application statistics collected for such packets might not be accurate.

· Disabling the DPI engine on the default context also disables the DPI engine on all non-default contexts.

· The display inspect status command can display the bypass by CPU busy state only on the default context. The bypass by cpu busy state indicates that the DPI engine is disabled because the device's CPU usage threshold is exceeded.

· Deep packet inspection will be suspended in the following situations:

¡ The memory threshold is reached.

¡ The signature library is being upgraded.

¡ The CPU usage is high.

¡ The inspect active command is executed.

¡ The signature library is loaded during the active/standby switchover process.

Redundancy groups and failover groups

· When you configure redundancy groups and failover groups on a system formed by two M9000-AI-E gateways, make sure the following requirements are met:

¡ The deployment of interface modules and services modules is exactly the same on the gateways, including the module models and slot numbers.

¡ The nodes in a redundancy group each host a member of a failover group, and the failover group member on the high-priority node must be assigned the primary role.

¡ If multiple failover groups exist, their primary members must be on the same chassis.

· If multiple security engine groups exist on a system formed by two M9000-AI-E gateways, configure manual failover groups for all of them or do not configure manual failover groups. If you configure manual failover groups for some of the security engine groups, the NAT configuration of the security engine groups not configured with manual failover groups cannot be issued to the kernel. If you configure manual failure groups, you must assign all security engine groups to the failover groups. Do not use automatic and manual failover groups together. If manual failover groups exist, you must add engine cards to ensure that NAT traffic can be forwarded.

· When a card in a failover group reboots or a new card is installed on a system formed by two M9000 gateways, a batch session backup is performed. During session backup, the number of sessions might be different on the two gateways.

· Connection limits are not available on a stateful failover system.

· SecPath M9000-AI-E8 and SecPath M9000-AI-E16 devices do not support hot plugging or redundancy of switching fabric modules. Make sure both switching fabric modules are in place. You cannot power off a switching fabric module at the CLI. Do not plug switching fabric modules in the last two switching fabric module slots. If a switching fabric module fails during the operating process, the traffic that has been processed on the faulty switching fabric module will be affected.

Forwarding

· When tunneling and PBR are configured together, do not redirect the original packets or encapsulated packets to the tunnel interface through PBR. When packets are forwarded by the tunnel interface, they are considered as local packets after tunnel encapsulation. Therefore, they can match PBR and be redirected to the tunnel interface again. Then, packets will be encapsulated by the tunnel again. No matter how many times the packets enter the tunnel, IP forwarding still sends the packets to the tunnel interface according to PBR, and packets are cyclically processed between PBR and tunnel encapsulation. To avoid stack overflow, the tunnel drops packets after performing encapsulation for these packets six times. Eventually, packets fail to be forwarded.

· After the previous IPv4 hop is kept, the source MAC address in the reverse traffic is the destination MAC address of the forward traffic, rather than the MAC address of the device interface. For multichannel protocols, the previous IPv4 hop keeping feature supports only FTP and RTSP. Keeping previous IPv6 hops is not supported.

· When there are multiple egress interfaces, different egress interfaces must be assigned to different security zones. Otherwise, sessions are not deleted when egress interface switchover occurs, which will interrupt services.

· When the default-next-hop command is used in a routing policy, the traffic will not be forwarded through hardware, and the service performance will degrade. Please use the next-hop command.

Interface modules

· All physical interfaces of the device are Ethernet interfaces. As a best practice, use the default network type (broadcast) for OSPF.

· When adding interfaces to an aggregation group, add these interfaces one by one rather than in bulk through an interface range.

· Mirroring restrictions and cautions

¡ The high-end security products support flow mirroring, and do not support port mirroring.

¡ The mirroring source ports and mirroring egress ports must be all physical ports.

¡ When a QoS policy is applied to an interface, the enhancement keyword must be specified.

¡ Flow mirroring is performed on interface cards, and does not affect service module performance.

¡ If traffic of multiple interfaces is mirrored to the same physical interface, the physical interface might operate at the full speed and generate back-pressure frames, which causes packet loss. No workaround through software is available for this problem in the current software version.

¡ Due to chip restrictions, you can configure up to four port mirroring configurations totally in the inbound and outbound directions on an interface module.

· 40-GE and 100-GE interfaces cannot be split.

· 10-GE interfaces on an interface module do not support autosensing 1000-Mbps transceiver modules or fiber-to-copper converters. When you use 1000-Mbps transceiver modules or fiber-to-copper converters, as a best practice to prevent the interfaces on both ends from failing to come up, execute commands to configure the 1000 Mbps speed and full duplex mode for the directly connected interface. When a fiber-to-copper converter is installed but no cable is installed in a 10-GE interface on an interface module, the local interface is displayed as up.

· When using the port fec mode command on an interface, follow these restrictions and guidelines:

¡ If you need to replace a transceiver module after enabling FEC on an interface, as a best practice, change the FEC mode to autonegotiation unless you must enable FEC to meet the special requirements. This is because enabling RS-FEC by force on an interface will affect installing other transceiver modules in the interface subsequently. For example, after you enable RS-FEC on an interface, if you replace an ER4-100G transceiver module with an LR4-100G transceiver module for the interface, the interface still acts as when RS-FEC is forcibly enabled. As a result, the LR4-100G transceiver module cannot come up.

¡ When RS-FEC is enabled forcibly on an interface, FEC will restore to the default state after the card is cold/hot reset. In autonegotiation mode, you can re-configure FEC as needed.

RBM

· RBM stateful failover requirements:

¡ RBM stateful failover is mutually exclusive with IRF stateful failover.

¡ The two devices forming a stateful failover system must be the same in the model, and the types, numbers, and locations of cards installed.

¡ The two devices must be the same in the following aspects: system software version, system patch version, dynamically loaded component packages, signature library version, hash selection CPU mode, and hash factors.

¡ Firewall interfaces on the two devices must be the same in type, number, and link layer protocol type. If logical interfaces are involved, their interface number and member interface numbers must also be the same.

¡ If the service interfaces of a firewall operate at Layer 2, you must configure the service interfaces to operate in bridge mode as Layer 2 interfaces and assign them to the same VLAN.

¡ If the service interfaces of a firewall operate at Layer 3, the IP addresses of the service interfaces must be fixed. Therefore, the stateful failover feature cannot be used together with features that automatically obtain IP addresses, for example, PPPoE dialup and DHCP client.

· The configuration synchronization function takes effect on the primary device. More specially, the commands executed on the configured primary device can be synchronized to the configured secondary device, and the commands executed on the configured secondary device cannot be synchronized to the configured primary device. Therefore, execute related configuration commands on the configured primary device.

· On an RBM network, for special requirements (the log host or other configurations that are synchronized by default but must be different on the two devices), when the active MPU is rebooted on a chassis or the whole chassis is rebooted, you must manually adjust the configurations.

· During the system software upgrade or rollback process, the two devices can run different system software versions temporarily (D045SP24 and later, D060SP10 and later, and exception branches are completely compatible with only D045SP1214).

· RBM channel requirements:

¡ The HA channel interfaces are only used to transmit stateful failover-related packets, for example, heartbeat packets and backup packets. You cannot configure VRRP on HA channel interfaces, or redirect service packets to HA channel interfaces.

¡ Additionally, as a best practice, bind multiple physical interfaces into an aggregate interface, and use the aggregate interface as the heartbeat interface. In this way, you can improve the link reliability and increase the backup channel bandwidth.

¡ To successfully send the HA configuration backup packets and service entry backup packets, make sure the RBM channel interfaces are directly connected and the MTU of the interfaces must be 1500 (the default value).

¡ RBM management channels cannot be bound to VPN instances.

¡ When you convert an IRF fabric to a dual-active RBM+track interface network, follow these restrictions and guidelines: After you convert the IRF standby device to an RBM device, bring up the RBM channel interfaces, wait for 10 minutes, and then connect uplink and downlink service interfaces.

¡ On a network with symmetric traffic, the RBM data channel bandwidth depends on the number of service modules and the total session setup rate. As a best practice, configure the channel bandwidth as (N+3)*10-GE interfaces, where N is the number of service modules.

¡ On a network with asymmetric dual-host traffic, the RBM data channel bandwidth depends on not only the number of service modules and the total session setup rate, but also the information to be exchanged between the primary and secondary hosts for the service. For example, if the DPI service is enabled, the DPI service needs to synchronize the data of each packet to the secondary host on a network with asymmetric dual-host traffic. In the extreme conditions, make sure the heartbeat interface bandwidth is consistent with the bandwidth for the uplink service traffic and downlink service traffic.

· Collaboration with NAT

¡ On the RBM stateful failover network, NAT address pool probe is not supported.

¡ In the load sharing scenario for the RBM stateful failover network, when the NAT mode is PAT, you must execute the nat remote-backup port-alloc primary command on one host and execute the nat remote-backup port-alloc secondary command on the other host to equally divide the port resources in the address pool for the two devices to avoid port conflicts in the NAT address pool. When the NAT mode is NO_PAT, you must use two address pools. If you use only one address pool, resource allocation conflicts will occur.

¡ In the RBM stateful failover scenario, the NAT address pool cannot contain IP addresses of interfaces on the primary and secondary hosts. If the NAT address pool contains IP addresses of these interfaces, when an uplink device requests the ARP entry of an IP address in the address pool, both the primary host and secondary host respond, causing ARP conflicts. In a NAT policy, make sure the source or destination addresses do not contain the heartbeat interface IP address. Otherwise, the heartbeat link communication will fail because NAT is performed for heartbeat packets. On an RBM stateful failover network, if you use different address pools, the primary host and secondary host select which address pool to use by 5-tuple. If a 5-tuple cannot uniquely identify a host, you must use the interface splitting function.

¡ On an RBM stateful failover network in load sharing mode, address pools do not support the EIM mode. On an RBM stateful failover network, the easy IP mode is not supported.

¡ In the NAT traffic redirection scenario, if an LPU is restarted or installed, bulk configuration backup must be performed on the device configured with the primary RBM role to ensure flow entry consistency on the primary and secondary devices. More specifically, follow these restrictions and guidelines:

- On an RBM primary/secondary network, after an LPU is restarted on the secondary device, you must manually perform bulk configuration backup on the primary device.

- On an RBM primary/secondary network, after an LPU is restarted on the primary device, you must manually perform bulk configuration backup on the primary device before traffic is switched back to the primary device. In this case, some services might be interrupted on the secondary device.

- On an RBM dual-primary network, after an LPU is restarted on the secondary device, you must manually perform bulk configuration backup on the primary device before the secondary device is restored to dual-primary.

- On an RBM dual-primary network, after an LPU is restarted on the primary device, you must manually perform bulk configuration backup on the primary device before the primary device is restored to dual-primary. In this case, some services might be interrupted on the secondary device.

- When LPUs or interface cards are expanded on an RBM primary/secondary network or dual-primary network, you must expand them first on the primary device and then on the secondary device. After the expanded LPUs are restarted on the secondary device, you must manually perform bulk configuration backup on the primary device.

· The RBM stateful failover feature supports vSystems.

¡ In a non-default vSystem, the configuration is inherited from the default vSystem, you can view the RBM state, but you cannot change the configuration.

¡ The VRRP role in a vSystem is the same as that in the default vSystem.

¡ On an RBM stateful network collaborating with VRRP or routing and tracking interfaces, the vSystems share an interface, and the interface is tracked in the default vSystem.

¡ In the RBM+exclusive context environment, creating or deleting contexts and interface on the compatible controller will cause RBM flapping, and this issue is followed and to be resolved. In the RBM+shared context environment, creating or deleting interfaces on the controller will cause RBM flapping, and this issue is to be resolved through optimizing the security controller.

¡ An RBM network cannot collaborate with services in a custom engine group.

· Other restrictions on RBM

¡ Make sure the interval between executing the switchover request command on an RBM network is longer than one minute. Otherwise, the route convergence is slow.

¡ In the DPI scenario, as a best practice, do not deploy the dual-active mode, which will reduce the detection ratio.

¡ The RBM network cannot be used together with the AFT prefix traffic redirection.

- On an RBM network, the transparent fragment forwarding function supports only pure Layer 3 forwarding and inline Layer 2 forwarding.

- An RBM dual-primary network does not support the uplink/downlink per-packet mode.

- Because the primary and secondary state machines are incomplete on an RBM network with asymmetric dual-host traffic, the FIN connection aging time is 30 seconds by default, which increases the concurrent connections by 30*connection setup rate and consumes more memory. If the number of concurrent connections exceeds 20 million, as a best practice, set the FIN connection aging time to 15 seconds on an asymmetric RBM network.

ISSU

SecPath M9000-AI-E8 and SecPath M9000-AI-E16 devices do not support ISSU.

Performance

· The DNS aging time is modified to 30 seconds. You can modify the DNS aging time as needed to meet your special requirements.

· On a Blade IV module, when the usage of a single core is high, the performance of the whole device will decrease suddenly. To resolve this issue, exclude the abnormal traffic and block packets dropped by QoS as soon as possible. If you cannot resolve this issue quickly, you can modify the forwarding mode to per-packet forwarding after evaluating the service.

· The control plane rate-limits protocol packets on the local device. When attack packets appear on the live network or a large number of protocol packets are sent to the local device in the cloud multi-tenant scenario, packets will be dropped after they reach the rate limit. By default, the rate limit is 500 for ARP, each routing protocol, DHCP, management protocol to the local device, ICMP, multicast protocol, RADIUS, and VRRP separately, and the rate limit for all the other protocol packets matching the default rule is 1000.

Cautions

· QinQ packets with two layers of VLAN tags are not supported. To use a VLAN interface, make sure the Layer 2 interfaces in the corresponding VLAN are trunk or hybrid ports and receive VLAN-tagged packets. BFD MAD cannot be configured on VLAN interfaces.

· NTP in multicast mode supports only the network segment address with the multicast address 224.0.1.x.

· To log in to the Web interface by using an IE browser, make sure the IE version is 9.0 or later. A feature module cannot be configured both at the CLI and in the Web interface.

· A management interface on an MPU only supports local management and access. You cannot use a management interface on an MPU to send logs or forward traffic. When the device is configured with NAT/ATK/DPI logs, if neither userlog nor customlog is configured, the logs are sent in the syslog format by default, which will cause low sending performance and high CPU usage. Service logs must be configured as fastlog rather than syslog.

· On an MPLS network, when the device acts as a PE, it supports only popping labels.

· Do not apply interface-level MQC traffic redirecting to the physical interfaces of a logical interface (tunnel interface, VLAN interface, Reth interface, physical subinterface, aggregate subinterface, VT interface, or VP interface) or aggregate interfaces. Otherwise, the second traffic redirection on the logical interface fails. You must apply global MQC traffic redirecting.

· SSL VPN cannot configure IPv6 range-related services.

· On the online MAC authentication user list page of the Web interface, the online user information displayed is inaccurate when you configure the list to display 200 entries per page. As a best practice, do not configure the list to display 200 or more entries per page.

· MAC authentication does not support authorization VLAN, authorization ACL, or user profile.

· The default unicast packet drop threshold is 95% in the vCPU. This feature is enabled by default in R9001P3003 and later.

¡ To fix the CNVD-2019-27331 vulnerability, use the ssl version ssl3.0 tls1.0 disable command to manually disable ssl3.0 and tls1.0.

¡ To fix the CNVD-2019-38486 vulnerability, use the ssl version ssl3.0 tls1.0 disable command to manually disable ssl3.0 and tls1.0.

¡ To fix the CVE-2011-1473 vulnerability, use the ssl renegotiation disable command to manually disable renegotiation and then re-enable renegotiation to make related services take effect.

Licensing

About licensing

To use license-based features, you must purchase licenses from H3C and install the licenses.

For more information about license-based features and supported licenses, see H3C SecPath M9000 Series Products License Matrixes.

Registering and installing licenses

H3C License Management Platform provides product licensing services for H3C customers. You can access this system to obtain an activation file or transfer licenses.

H3C License Management Platform is accessible at http://www.h3c.com/en/License/.

For more information about license registration, activation file installation, and license transfer, see H3C Security Products Licensing Configuration Demonstration Video, H3C Security Products Licensing Configuration Demonstration, H3C Security Products Licensing Configuration Examples, and H3C Security Products Licensing Guide.

H3C provides license-related FAQ. For more information, see H3C Security Products Licensing FAQ.

Open problems and workarounds

201908210900

· Symptom: IKE negotiation fails between the iNode client and the device.

· Condition: The symptom occurs if local extended authentication and address pool authorization is performed.

· Workaround: None.

202102050708

· Symptom: When configuration consistency check is enabled, the device displays that no configuration consistency check has been performed.

· Condition: This symptom occurs after the device reboots if the device performs configuration consistency check at intervals of 24 hours (the default interval).

· Workaround: Change the default interval to another value, execute the undo config sync-check and config sync-check commands in sequence, and then save the configuration.

202206100707

· Symptom: The state of an RBM member device falsely changes from standby to active after the member device becomes the standby device from the master device.

· Condition: This symptom occurs if the following operations are performed:

a. Configure VRRP master and backup devices in an RBM+context network. On the contexts, interfaces assigned to the VRRP group are shared interfaces.

b. Delete the context on the RBM master device. The state of the RBM master device changes from active to standby. A timer is started immediately for master/backup switchover.

· Workaround: Use shared contexts instead of exclusive contexts.

202205240456

· Symptom: QoS policy configuration applied to interfaces is lost on an IRF member device.

· Condition: This symptom might occur on a dual-active IRF fabric after you reboot an IRF member device.

· Workaround: Do not reboot IRF member devices repeatedly. If this symptom has occurred, reconfigure QoS policy settings.

202205190654

· Symptom: The state of an RBM member device falsely changes from standby to active after the member device becomes the standby device.

· Condition: This symptom occurs if the following operations are performed:

a. Configure VRRP on physical interfaces.

b. Reboot the interface module where the VRRP physical interface resides on the RBM master device. The role of the RBM master device becomes backup.

c. Start the switchback timer for switching traffic back to the device.

· Workaround: Configure VRRP on aggregate interfaces.

List of resolved problems

Resolved problems in R9001P39

None.

Troubleshooting resources

To obtain troubleshooting resources for the product:

1. Access Technical Documents at http://www.h3c.com/en/Technical_Documents.

2. Select the device category and model.

3. Select the Maintain or Maintenance menu.

Technical support

To obtain technical assistance, contact H3C by using one of the following methods:

· Email:

h3cts@h3c.com (countries and regions except Hong Kong, China)

service_hk@h3c.com (Hong Kong, China)

· Technical support hotline number. To obtain your local technical support hotline number, go to the H3C Service Hotlines website: https://www.h3c.com/en/Support/Online_Help/Service_Hotlines/

To access documentation, go to the H3C website at http://www.h3c.com/en/.

Appendix A Feature list

Hardware features

Table 4 M9000-AI series hardware features

Item	M9000-AI-E16	M9000-AI-E8
Dimensions (H × W × D)	841.7 × 440 × 640 mm (33.14 × 17.32 × 25.20 in)	264 × 440 × 857 mm (31.38 × 17.32 × 33.74 in)
Weight	< 187.2 kg (412.70 lb)	< 87.4 kg (192.68 lb)
Switching fabric module slots	6	2
Service module slots	16	8
Available MPUs	NSQ1SUPB0 Supervisor engine module
Available switching fabric modules	NSQM5FAB16A1, type A	NSQM5FAB08A1, type A
Available service modules	· Firewall modules: ¡ NS-FWEMPA1: H3C SecPath M9000-AI-E SecBlade V next-generation firewall A module (MP) ¡ NS-FWEMPA1: H3C SecPath M9000-AD SecBlade V application delivery engine A module (MP), available only on M9000-AI-E8 devices ¡ NS-ADEEMPC0: H3C SecPath M9000-AD SecBlade V application delivery engine C module (MP) , available only on M9000-AI-E8 devices · Interface modules: ¡ NS-C300-CGQ2TG16A1: H3C SecPath M9000-AI-E 2-port 100GE fiber (QSFP28) + 16-port 10GE fiber (SFP+) interface module ¡ NS-C300-QG4TG16A1: H3C SecPath M9000-AI-E 4-port 40GE fiber (QSFP+) + 16-port 10GE interface module ¡ NS-C300-TG24A1: H3C SecPath M9000-AI-E 24-port 10GE fiber (SFP+) interface module ¡ NS-C600-CGQ6A1: H3C SecPath M9000-AI-E 24-port 100GE fiber (QSFP28) interface module ¡ NSQM5MBSHA1: H3C SecPath M9000-E interface switching A module (SH)
Available transceiver modules and their max transmission distances	· 10-GE transceiver modules: ¡ SFP-XG-SX-MM850-A, 300 m (984.25 ft) ¡ SFP-XG-LH40-SM1550, 40 km (24.86 miles) ¡ SFP-XG-LX-SM1310, 10 km (6.21 miles) · 40 GE transceiver modules: ¡ QSFP-40G-LR4-WDM1300, 10 km (6.21 miles) ¡ QSFP-40G-CSR4-MM850 300 m (984.25 ft) ¡ QSFP-40G-SR4-MM850, 100 m (328.08 ft) · 100-GE transceiver modules: ¡ QSFP-100G-SR4-MM850, 100 m (328.08 ft) ¡ QSFP-100G-LR4-WDM1300, 10 km (6.21 miles) NOTE: This table lists only the most commonly used transceiver modules and their max transmission distances. For more information about the transceiver modules and network cables, see the installation guide for the device.
Available power modules	PSR2400-54D-E: 2400 W DC power module PSR2400-54A-E: 2400 W AC power module PSR3000-54AHD-E: 3000 W AC&240V-380V high-voltage DC power module PSR3000-54A-E: 3000 W AC power module
Temperature	Operating: 0°C to 45°C (32°F to 113°F) Storage: –40°C to +70°C (–40°F to +158°F)
Humidity	Operating: 5% RH to 95% RH, non-condensing Storage: 5% RH to 95% RH, non-condensing

Software features

Table 5 M9000 series software features

Category	Remarks
Network security features	AAA services	RADIUS and HWTACACS+ support. Domain-based authentication, authorization, and accounting.
	Firewall	Packet filtering. Security zone-based access control. Time range-based access control. Advanced Stateful Packet Filter (ASPF). ICMP redirect or destination unreachable message attack detection. Tracert packet attack detection. Record route option attack detection for IP datagrams.
	Security management	Attack real-time log. Blacklist log. Session log. Binary log. Traffic statistics and analysis. Security event statistics.
	NAT	NAT address pool-based address translation. Easy IP. NAT Server. NAT ALG for multiple protocols or applications, such as FTP, DNS, QQ, MSN, H323, NBT, ILS, RTSP, SQLNET, SIP, RSH, and MGCP. NAT444.
Application security features	Application recognition	APR signature library. Port-based application recognition (PBAR). Network-based application recognition (NBAR). Application group.
	Bandwidth management	Traffic profiles. Traffic policies and traffic rules. Interface bandwidth limit. Reports and logs.
	IPS	IPS policies. IPS policy mode. IPS signatures. IPS signature actions. Reports and logs.
Load balancing features	Scheduling algorithms	Round robin algorithm. Weighted least connection algorithm. Random algorithm. Source IP address hash algorithm. Destination IP address hash algorithm. Source IP address and port hash algorithm.
	Sticky entries	Source IP-based sticky entries. Destination IP-based sticky entries. Source port and IP-based sticky entries. Destination port and IP-based sticky entries. Sticky entries generated based on the source port and IP and the destination port and IP. HTTP header-based sticky entries. HTTP cookie-based sticky entries. HTTP content-based sticky entries. HTTP URL-based sticky entries. SSL session ID-based sticky entries.
	Health monitoring	ICMP. TCP. HTTP. FTP.
VPN features	IPsec and IKE	Support for AH and ESP. Support for manual or IKE automatic security association establishment. ESP support for DES, 3DES, and AES encryption algorithms. Support for MD5 and SHA-1 authentication algorithms. Support for IKE main mode and aggressive mode. Support for DPD. Support for NAT traversal.
	L2TP	Support for the L2TP protocol.
	GRE	GRE tunneling.
Network protocols	LAN protocols	Ethernet_II. VLAN.
	IP services	ARP. Static DNS. IP unnumbered. DHCP relay. DHCP server. DHCP client.
	IP routing	Static routing. RIPv1 and RIPv2. OSPF. BGP. Routing policies. Policy-based routing.
IPv6 features	IPv6 basics	Protocol processing. Ethernet link layer implementation. ICMPv6. IPv6 address management. PMTU. Socket. IPv6 TCP. IPv6 UDP. IPv6 RawIP. IPv6 ping. IPv6 DNS. IPv6 tracert. IPv6 Telnet. IPv6 FIB. DHCPv6 client. DHCPv6 server. DHCPv6 relay.
	IPv6 routing and multicast	RIPng. OSPFv3. BGP4+. Static routing. Policy-based routing. PIM-SM. PIM-DM.
	IPv6 security	Network Address Translation-Protocol Translation (NAT-PT). IPv6 packet filtering. RADIUS.
High availability features	VRRP	Support for VRRP to improve the link availability of gateways.
	Stateful failover	Session hot backup. Asymmetric path.
	IRF	Support for IRF. IRF virtualizes multiple physical devices at the same layer into one virtual fabric to provide data center class availability and scalability. IRF virtualization technology offers processing power, interaction, unified management, and uninterrupted maintenance of multiple devices.
Configuration management features	CLI-based configuration	Support for local configuration through the console port. Support for local or remote configuration through Telnet or SSH. Support for command authorization to control access to commands and ensure that only authorized users can configure the device. Support for debugging features to troubleshoot network failures. Support for tools to diagnose the status and connectivity of the network, such as ping and tracert. Support for Telnet commands to Telnet to and manage other network devices. Support for FTP server or client to upload or download files such as configuration files and application files. Support for TFTP to upload or download files. Support for logging features. Support for file system management. Support for user line configuration and multiple authentication and authorization methods for users that log in to the device through user lines.
	SNMP-based configuration	Support for standard SNMPv3. Compatible with SNMPv2c and SNMPv1.
	NTP	Support for NTP clock synchronization.

Appendix B Fixed security vulnerabilities

Vulnerabilities in R9001P39

· [CVE-2022-0778] An attacker can exploit the OpenSSL BN_mod_sqrt DoS vulnerability.

· [CVE-2011-1473] The renegotiation attack vulnerability is still detected even when the ssl renegotiation disable command is used. This command cannot take effect.

· [Web vulnerability] A vulnerability that an attacker can exploit to launch Web-based HTTP slow attacks.

Vulnerabilities in versions earlier than R9001P39

· [HSVD-201709-002] CVE-2019-3855: An attacker can exploit this vulnerability to execute unauthorized operations.

· [HSVD-201903-017] CVE-2019-3855: An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. libssh2 is a client-side C library implementing the SSH2 protocol. A remote attacker who compromises an SSH server may be able to execute code on the client system when a user connects to the server.

· [HSVD-201904-001] TCP/IP SYN + FIN packet filtering vulnerability: A remote host does not discard TCP SYN packets with the FIN flag set. An attacker might bypass the firewall, depending on the type of firewall used.

· [HSVD-201902-001] A remote host can exploit the TCP timestamp vulnerability to obtain the online time.

· [HSVD-201901-016] CVE-2019-0548: A Linux kernel vulnerability that can cause information revealing.

· [JavaScript library vulnerability]: Internal IP addresses in destination URLs might be revealed.

· [CVE-2020-10188]: utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

· [Web JavaScript vulnerability]: A medium-risk vulnerability found during Web vulnerability scanning.

· [Web CSRF vulnerability]: An CSRF vulnerability was found on the SSL VPN Web login interface.

· [HTTP method vulnerability]: An attacker can use the OPTIONS method to determine the HTTP methods allowed by each directory.

· [CRLF injection vulnerability]: This vulnerability can be exploited when an HTTP request contains a user-configured domain in the cookies or the request is GET /enterdomain.cgi?domain=%0d%0aSomeCustomInjectedHeader:%0d%0aset-cookie:iamyy HTTP1/1.

· [CNVD-2019-38485] CVE-2019-1547: An attacker can exploit this vulnerability to obtain sensitive information.

· [CNVD-2019-38486] CVE-2019-1563: In situations where an attacker receives automated notification of the success or failure of a decryption attempt, an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key.

· [CNVD-2017-00450] CVE-2016-7056: A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.

· [CNVD-2018-06539] CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack.

· [CNVD-2019-05906] CVE-2019-1559: An attacker can exploit this vulnerability to bypass access controls and obtain sensitive information.

· [CNVD-2018-09649] CVE-2018-0737: An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key.

· [CNVD-2018-12153] CVE-2018-0732: An attacker can exploit this vulnerability to launch a DoS attack.

· [CVE-2018-5407]: This vulnerability is related to OpenSSL. An attacker can exploit this vulnerability to obtain sensitive information and launch more attacks.

· [X-Frame-Options vulnerability]: A missing X-Frame-Options header can cause a clickjacking attack.

· [CVE-2014-3566]: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, also known as the "POODLE" issue.

· [CVE-2021-23841/CVE-2021-23840/CVE-2020-1971]: This vulnerability is related to OpenSSL. The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp that compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly and NULL pointer dereference might occur when both GENERAL_NAMEs contain an EDIPARTYNAME.

Appendix C Upgrading software

Overview

This chapter describes types of software and how to upgrade software for H3C SecPath M9000-AI-E8 from the CLI and BootWare menu.

Software types

The following software types are available:

· BootWare image—A .btw file that contains a basic segment and an extended segment. The basic segment is the minimum code that bootstraps the system. The extended segment enables hardware initialization and provides system management menus. When the device cannot start up correctly, you can use these menus to load software and the startup configuration file or manage files.

· Comware image—Includes the following image subcategories:

¡ Boot image—A .bin file that contains the Linux operating system kernel. It provides process management, memory management, file system management, and the emergency shell.

¡ System image—A .bin file that contains the Comware kernel and basic software features, including device management, interface management, configuration management, and routing.

¡ Feature image—A .bin file that contains advanced software features for users to purchase as needed.

¡ Patch image—A .bin file irregularly released to fix software bugs without rebooting the device. A patch image does not add new features.

The BootWare image, boot image, and system image are required for the system to operate. These images might be released separately or as a whole in one .ipe package file. If an .ipe file is used, the system decompresses the file automatically to load the software images.

Comware image redundancy

You can specify two sets of startup Comware software images: one main and one backup. The system always attempts to start up with the main images. If any main image does not exist or is invalid, the system tries the backup images.

Upgrade methods

Upgrading method	Software types	Remarks
Upgrading on the Web management interface	Comware images	This method is disruptive. You must reboot the entire device to complete the upgrade.
Upgrading from the CLI without using ISSU	· BootWare image · Comware images (excluding patches)	This method is disruptive. You must reboot the entire device to complete the upgrade.
Installing patches	Patch images	Patches repair software defects without requiring a reboot or causing service outage. Patches do not add new features to software images.

Upgrade restrictions and guidelines

When you upgrade software, follow these restrictions and guidelines:

· Do not power down or reboot the device during the upgrade.

· Make the MPU and the service module use the same software version.

· Typically, you do not need to upgrade LPUs and switching fabric modules separately from MPUs. LPUs and switching fabric modules automatically upgrade when you upgrade the active MPU (in standalone mode) or the global active MPU (in IRF mode). To upgrade the BootWare image of an LPU or switching fabric module separately from MPUs, contact H3C Support.

· You must upgrade service modules separately from MPUs because they use independent BootWare and Comware images. The upgrade procedure is the same except that you must follow these guidelines:

¡ If CPU 1 is in absent state, you must connect to the console port on the service module or Telnet to the service module for an upgrade. To install patches for the service module's switching unit, you must use the CLI of the active MPU (in standalone mode) or global active MPU (in IRF mode).

¡ Store upgrade images to the root directory of a storage medium on the service module.

· You can use the boot-loader file ipe-filename all main command to upgrade all firewall modules whose CPUs (CPU 1) are in normal state. To upgrade a firewall module whose CPU 1 is in absent state, you must Telnet to the firewall module or log in to the firewall module through its console port.

NOTE:

This document uses MPUs and management Ethernet port M-GigabitEthernet 0/0/0 (the copper port) on an M9006 device in standalone mode to describe software upgrade procedures. As a best practice, connect to the copper port instead of the fiber port for configuration.

Network setup

All upgrade examples use the network setup shown in Figure 1:

· Connect the PC to M-GigabitEthernet 0/0/0 on the device by using an Ethernet cable.

· Connect the PC to the console port on the device by using a console (RS-232) cable:

a. Connect the DB-9 connector of the RS-232 cable to the serial port on a USB to serial cable.

b. Connect the RJ-45 connector of the RS-232 cable to the console port on the device.

c. Plug the USB connector on the USB to serial cable to the USB port on the PC.

· Use the factory default settings for software upgrade.

Figure 1 Network setup

Upgrading on the Web management interface

The administrator can access the Web management interface of the device for convenient device management, maintenance, and upgrade.

NOTE:

When you log in to the Web management interface of the device for the first time, the following factory default settings are used:

· User name: admin.

· Password: admin.

· IP address of MGE1/0/0/0: 192.168.0.1/24.

To ensure device security, create a new admin account and delete the default account after you log in to the Web management interface.

1. Connect the PC to the MPU's management Ethernet port of the device.

2. Assign a random IP address in subnet 192.168.0.0/24 (except 192.168.0.1) to the PC so that the PC and the device can reach each other.

3. Access the Web management interface of the device.

a. Open the browser on the PC, enter https://192.168.0.1, and then press the Enter key.

b. Enter the default username and password, and then click Log in.

4. Select System > Upgrade Center > Software Upgrade to access the software upgrade page.

5. Select the upgrade location. In this example, the MPU is installed on slot 0.

Figure 2 Selecting the upgrade location

6. Click Upgrade immediately. You are placed in the upgrade configuration page.

7. Select the target .ipe or .bin startup file for the service module and the MPU separately.

Figure 3 Selecting startup files

8. Click OK to start the software upgrade.

CAUTION:

To avoid upgrade interruption, do not have any operations on the Web management interface before the software upgrade completes.

9. V erify the software upgrade result.

a. Access the Web management interface of the device again after the device finishes restarting.

b. Verify that the current software images and the main startup software images are upgraded as expected.

Figure 4 Verifying the software upgrade result

Upgrading from the CLI without using ISSU

This example describes how to upgrade an M9000, M9000-S, M9000-AI, or M9000-X device in standalone mode.

Preparing for the upgrade

Assigning an IP address to M-GigabitEthernet 0/0/0 and configuring the file server

· Assign IP address 192.168.0.1/24 to M-GigabitEthernet 0/0/0.

· Assign an IP address to the file server and make sure the device can access the file server. For more information about route configuration, see Layer 3—IP Routing Configuration Guide.

· Enable the file server to act as the TFTP or FTP server.

· Open the command shell of the device.

· Copy the upgrade Comware images to the file server and set a correct access path to the file server.

Verifying that the free storage space is sufficient for the upgrade file

1. Telnet to the MPU or log in through the console port. (Details not shown.)

2. Display device information.

<Sysname> display device

Slot No. Brd Type Brd Status Subslot Sft Ver Patch Ver

0 NSQM1SUPC0 Master 0 M9006-9120 None

1 NONE Absent 0 NONE None

2 NSQ1GT48EA0 Normal 0 M9006-9120 None

3 NONE Absent 0 NONE None

4 NSQM1FWDFG0 Normal 0 M9006-9120 None

CPU 1 Normal 0 M9006-9120

5 NONE Absent 0 NONE None

6 NSQ1FAB04B0 Normal 0 M9006-9120 None

7 NONE Absent 0 NONE None

8 NONE Absent 0 NONE None

9 NONE Absent 0 NONE None

The output shows that the device has one MPU in slot 0 and one firewall module in slot 4. CPU 1 of the firewall module is in normal state.

NOTE:

Support for the number of CPUs for firewall modules depends on the device model. For the M9000-AI series, the two subslots in slot 0 are for firewall modules, and each firewall module has two CPUs.

3. Verify that the MPU has sufficient free storage space for the upgrade images:

If CPU 1 of the firewall module is in normal state, you can use the dir slotx.1#sda0:/ command to verify that the firewall module has sufficient storage space. The x represents the slot number of the firewall module.

NOTE:

In the dir slotx.1#sda0:/ command, sda0 represents the storage medium used on the firewall module. Support for storage medium types depends on the device model.

<Sysname> dir

Directory of flash:

0 -rw- 5447680 Apr 22 2016 08:50:25 BLADE4FWM9000-CMW710-BOOT-E9120.bin

1 -rw- 58275840 Apr 22 2016 08:51:42 BLADE4FWM9000-CMW710-SYSTEM-E9120.bin

2 -rw- 21125120 Apr 20 2016 10:27:16 M9000-CMW710-BOOT-E9117.bin

3 -rw- 13556736 Apr 22 2016 08:41:34 M9000-CMW710-BOOT-E9120.bin

4 -rw- 252928 Apr 20 2016 10:40:39 M9000-CMW710-DEVKIT-E9117.bin

5 -rw- 77824 Apr 20 2016 10:40:40 M9000-CMW710-MANUFACTURE-E9117.bin

6 -rw- 202685440 Apr 20 2016 10:40:37 M9000-CMW710-SYSTEM-E9117.bin

7 -rw- 128371712 Apr 22 2016 08:43:32 M9000-CMW710-SYSTEM-E9120.bin

8 drw- - Apr 14 2015 16:46:41 av

9 -rw- 880 Dec 24 2015 19:12:45 certnew20150202.cer

10 drw- - Feb 29 2016 07:55:03 core

11 drw- - Oct 21 2015 15:45:27 diagfile

12 drw- - May 21 2015 15:44:14 dpi

13 -rw- 223 Apr 16 2015 16:28:29 ecdsakey

14 -rw- 735 Dec 13 2015 22:05:55 hostkey

15 -rw- 1716 Apr 27 2016 09:52:24 ifindex.dat

16 drw- - Apr 14 2015 16:46:46 ips

17 -rw- 0 Jun 11 2015 18:33:38 lauth.dat

18 drw- - Sep 07 2015 11:17:43 license

19 -rw- 2316 Dec 24 2015 19:14:26 local20150202.pfx

20 drw- - Mar 23 2016 09:10:50 logfile

21 -rw- 418156 Aug 27 2015 17:21:35 m9000_fw4_v2.03.btw

22 -rw- 642452 Aug 27 2015 16:47:49 m9000_v1.32.btw

23 -rw- 385 Apr 01 2016 13:32:41 manuinfo.dat

24 drw- - Dec 24 2015 19:14:27 pkey

25 drw- - Dec 24 2015 19:14:27 pki

26 drw- - Oct 17 2014 16:30:41 seclog

27 -rw- 591 Dec 13 2015 22:05:55 serverkey

28 -rw- 6416 May 04 2016 10:06:18 startup.cfg

29 -rw- 124425 Apr 27 2016 09:52:24 startup.mdb

30 -rw- 119071 Jul 23 2015 15:21:46 test.cfg

31 drw- - May 21 2015 15:44:21 versionInfo

503808 KB total (51316 KB free)

4. If the free storage space is not sufficient, delete unused files:

# Delete unused files from the MPU.

<Sysname> delete /unreserved flash:/test.cfg

The file cannot be restored. Delete flash:/test.cfg?[Y/N]:y

Deleting the file permanently will take a long time. Please wait...

Deleting file flash:/test.cfg... Done.

NOTE:

To delete a file permanently, use the delete /unreserved file-url command. If you use the delete file-url command, the file is moved to the recycle bin and still occupies the storage space. To release the storage space, you must execute the reset recycle-bin command in the file's original directory.

Transferring the upgrade file to the device

NOTE:

You must store the upgrade file to the root directory of the MPU's storage medium.

The device can function as the TFTP client, FTP client, or FTP server. This procedure uses the device as an FTP client to download files from an FTP server. For more information about FTP and TFTP configuration and operations, see H3C SecPath M9000 Multi Service Security Gateway Fundamentals Configuration Guide.

To download the upgrade software files from the FTP server:

1. Run the FTP server program on the PC. Set the username, password, and working directory, and save the upgrade file to the directory. (Details not shown.)

2. Verify that the device and the FTP server can ping each other. (Details not shown.)

3. Download the MPU’s upgrade file to the MPU:

# Log in to the FTP server.

<Sysname> ftp 192.168.0.2 vpn-instance management

Press CTRL+C to abort.

Connected to 192.168.0.2 (192.168.0.2).

220 Browser Ftp Server.

User (192.168.0.2:(none)): admin

331 Password required for this user.

Password:******

230 User logged in

Remote system type is UNIX.

Using binary mode to transfer files.

ftp>

# Set the file transfer mode to binary.

ftp> binary

200 Binary transfer mode active.

# Download the upgrade file M9000.ipe to the root directory of a storage medium on the MPU.

ftp> get M9000.ipe

227 Entering Passive Mode (192,168,0,2,6,173)

150 Opening data connection.

226 Transfer complete.

96260096 bytes received in 191.335 seconds (491.31 Kbytes/s)

ftp> bye

221 Goodbye.

4. Download the firewall module’s upgrade file to the MPU:

IMPORTANT:

Make sure the upgrade files for the MPU and service module are the same version. Otherwise, the upgrade fails or the device becomes faulty.

# Log in to the FTP server.

<Sysname> ftp 192.168.0.2 vpn-instance management

Press CTRL+C to abort.

Connected to 192.168.0.2 (192.168.0.2).

220 Browser Ftp Server.

User (192.168.0.2:(none)): admin

331 Password required for this user.

Password:******

230 User logged in

Remote system type is UNIX.

Using binary mode to transfer files.

ftp>

# Set the file transfer mode to binary.

ftp> binary

200 Binary transfer mode active.

# Download the upgrade file M9000_fw4.ipe to the root directory of the storage medium on the MPU.

ftp> get M9000_fw4.ipe

227 Entering Passive Mode (192,168,0,2,6,173)

150 Opening data connection.

226 Transfer complete.

65297408 bytes received in 72.395 seconds (880.82 Kbytes/s)

Upgrading the BootWare image

This procedure uses M9000_v1.32.btw to upgrade the BootWare image.

# Specify the BootWare image for the MPU in slot 0.

<Sysname> bootrom update file flash:/M9000_v1.32.btw slot 0

This command will update the Boot ROM file on the specified board(s), Continue? [Y/N]:y

Now updating the Boot ROM, please wait........... ...........Done

# To prevent configuration loss at reboot, save the running configuration.

<Sysname> save

# Reboot the device to complete the upgrade.

<Sysname> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

Current configuration may be lost after the reboot, save current configuration? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

flash:/startup.cfg exists, overwrite? [Y/N]:y

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

Upgrading the Comware images

This procedure uses M9000.ipe and M9000_fw4.ipe to upgrade the Comware images.

# Specify the M9000.ipe file as the main startup file for the MPU.

<Sysname> boot-loader file flash:/M9000.ipe all main

Verifying the IPE file flash:/m9000.ipe on slot 0.................Done.

H3C SecPath M9006 images in IPE:

M9000-CMW710-BOOT-E9120.bin

M9000-CMW710-SYSTEM-E9120.bin

This command will set the main startup software images. Continue? [Y/N]:y

Add images to slot 0.

Decompressing file M9000-CMW710-BOOT-E9120.bin to flash:/M9000-CMW710-BOOT-E9120.bin..............Done.

Decompressing file M9000-CMW710-SYSTEM-E9120.bin to flash:/M9000-CMW710-SYSTEM-E9120.bin

..................................................................

...................................................Done.

Verifying the file flash:/M9000-CMW710-BOOT-E9120.bin on slot 0...Done.

Verifying the file flash:/M9000-CMW710-SYSTEM-E9120.bin on slot 0.........Done.

The images that have passed all examinations will be used as the main startup software images at the next reboot on slot 0.

Decompression completed.

Do you want to delete flash:/M9000.ipe now? [Y/N]:N

# Specify the M9000_fw4.ipe file as the main startup file for the firewall module.

<Sysname> boot-loader file flash:/M9000_fw4.ipe all main

Verifying the file flash:/M9000_fw4.ipe on slot 0.....Done.

Blade4fw-m9000 images in IPE:

BLADE4FWM9000-CMW710-BOOT-E9120.bin

BLADE4FWM9000-CMW710-SYSTEM-E9120.bin

This command will set the main startup software images. Continue? [Y/N]:y

Add images to slot 0.

File flash:/BLADE4FWM9000-CMW710-BOOT-E9120.bin already exists on slot 0.

File flash:/BLADE4FWM9000-CMW710-SYSTEM-E9120.bin already exists on slot 0.

Overwrite the existing files? [Y/N]:y

Decompressing file BLADE4FWM9000-CMW710-BOOT-E9120.bin to flash:/BLADE4FWM9000-CMW710-BOOT-E9120.bin.......Done.

Decompressing file BLADE4FWM9000-CMW710-SYSTEM-E9120.bin to flash:/BLADE4FWM9000-CMW710-SYSTEM-E9120.bin....................................Done.

The images that have passed all examinations will be used as the main startup software images at the next reboot on slot 4.1.

Specify the startup software image files for Blade4fw to load from the parent device? [Y/N]:y

Decompressing file BLADE4FWM9000-CMW710-BOOT-E9120.bin to flash:/BLADE4FWM9000-CMW710-BOOT-E9120.bin......Done.

Decompressing file BLADE4FWM9000-CMW710-SYSTEM-E9120.bin to flash:/BLADE4FWM9000-CMW710-SYSTEM-E9120.bin................................Done.

The images that have passed all examinations will be used as the load software image files for Blade4fw.

Decompression completed.

Do you want to delete flash:/M9000_fw4.ipe now? [Y/N]:N

For more information about the boot-loader command, see H3C SecPath M9000 Multi Service Security Gateway Fundamentals Command Reference.

# To prevent configuration loss at reboot, save the running configuration.

<Sysname> save

# Reboot the device.

<Sysname> reboot

Start to check configuration with next startup configuration file, please wait..

.......DONE!

Current configuration may be lost after the reboot, save current configuration?

[Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

flash:/startup.cfg exists, overwrite? [Y/N]:y

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

Installing patches

This procedure uses the patch image file M9000-CMW710-SYSTEM-E9120.bin.

# Verify the patch status of the device.

<Sysname> display install active

# If the device has patches on any slots, uninstall the patches. (Details not shown.)

NOTE:

· To uninstall patches from the active MPU, LPUs, or service modules' switching units, specify the slot number of the active MPU.

To uninstall patches from the standby MPU, specify the slot number of the standby MPU.

# Install the patch image on the MPU.

<Sysname> install activate patch flash:/M9000-CMW710-SYSTEM-E9120.bin slot 0

NOTE:

A patch image is automatically installed on LPUs and service modules' switching units when you install it on the active MPU.

# For the patches to run after a reboot, commit the installed patches.

<Sysname> install commit

# Verify that the patch image has been installed on all cards except for service modules' security engines.

<Sysname> display install active

Active packages on slot 0:

flash:/M9000-CMW710-BOOT-E9120.bin

flash:/M9000-CMW710-SYSTEM-E9120.bin

Active packages on slot 2:

flash:/M9000-CMW710-BOOT-E9120.bin

flash:/M9000-CMW710-SYSTEM-E9120.bin

Active packages on slot 4:

flash:/M9000-CMW710-BOOT-E9120.bin

flash:/M9000-CMW710-SYSTEM-E9120.bin

Active packages on slot 4.1:

sda0:/BLADE4FWM9000-CMW710-BOOT-E9120.bin

sda0:/BLADE4FWM9000-CMW710-SYSTEM-E9120.bin

Active packages on slot 6:

flash:/M9000-CMW710-BOOT-E9120.bin

flash:/M9000-CMW710-SYSTEM-E9120.bin

Handling software upgrade failures

If a software upgrade fails, the system runs the old software version. To handle a software failure:

1. Check the physical ports for a loose or incorrect connection, and verify that the LEDs are reflecting the correct port status.

2. If you are using the console port for file transfer, check the HyperTerminal settings (including the baud rate and data bits) for any incorrect setting.

3. Check the file transfer settings:

¡ If TFTP is used, you must enter the same server IP addresses, file name, and working directory as those set on the TFTP server.

¡ If FTP is used, you must enter the same FTP server IP address, file name, working directory, and FTP username and password as those set on the FTP server.

4. Check the FTP or TFTP server for incorrect settings.

5. Verify that the MPU and service modules have enough storage space for the upgrade file.

6. Verify that the upgrade file is available for the device and has correct file type.

7. Verify that the BootWare image and software image are compatible. For more information, see the release notes.

Appendix D Using BootWare menus

Overview

BootWare provides a menu method to perform basic file operations, software upgrade, and system management when the Comware CLI is inaccessible because of image corruption.

BootWare is stored in each MPU's built-in flash. It has one basic segment and one extended segment. The basic segment enables the system to complete basic initialization, and the extended segment bootstraps the Comware images.

BootWare menus

Table 6 lists the menus that each segment provides and the major tasks you can perform using these menus. You can access these menus only during system startup.

Table 6 BootWare menus

BootWare segment	Menu	Tasks	Reference
Basic	BASIC-BOOTWARE	· Modify serial port parameters. · Upgrade BootWare. · Start the primary or backup BootWare extended segment.	Using the BASIC-BOOTWARE menu
Basic	BASIC ASSISTANT	Perform RAM test.	Accessing the BASIC-BOOTWARE menu
Extended	EXTEND-BOOTWARE	· Upgrade Comware software. · Manage files. · Access the system when the console login password is lost. · Clear user privilege passwords.	Using the EXTENDED-BOOTWARE menu
Extended	EXTEND-ASSISTANT	· Examine system memory. · Search system memory.	Accessing the EXTEND ASSISTANT submenu

NOTE:

Availability of some menu options depends on the password recovery capability state. For more information about the feature and its relevant menu options, see "Controlling the password recovery capability."

BootWare shortcut keys

BootWare provides the shortcut keys listed in Table 7.

Table 7 BootWare shortcut keys

Shortcut keys	Prompt message	Function
Ctrl+B	access EXTENDED-BOOTWARE MENU	Accesses the EXTENDED-BOOTWARE menu while the device is starting up.
Ctrl+C	Please Start To Transfer File, Press <Ctrl+C> To Exit.	Stops the ongoing file transfer and exits the current operation interface.
Ctrl+C	Info: Press Ctrl+C to abort or return to EXTENDED ASSISTANT MENU.	Returns to the EXTENDED ASSISTANT menu. If the system is outputting the result of an operation, this shortcut key combination aborts the display first.
Ctrl+D	Press Ctrl+D to access BASIC-BOOTWARE MENU	Accesses the BASIC-BOOTWARE menu while the device is starting up.
Ctrl+D	Ctrl+D = Quit	Exits the parameter settings menu.
Ctrl+E	Memory Test(press Ctrl+C to skip it,press Ctrl+E to ECHO INFO)	Prints information during the memory test.
Ctrl+F	Ctrl+F: Format File System	Formats the current storage medium.
Ctrl+T	Press Ctrl+T to start memory test	Performs a memory test.
Ctrl+U	Access BASIC ASSISTANT MENU	Accesses the BASIC ASSISTANT menu from the BASIC-BOOTWARE menu.
Ctrl+Z	Ctrl+Z: Access EXTENDED ASSISTANT MENU	Accesses the EXTENDED ASSISTANT menu from the EXTENDED-BOOTWARE menu.

Using the BASIC-BOOTWARE menu

Accessing the BASIC-BOOTWARE menu

1. Power on the device.

2. Press Ctrl+D within 4 seconds after the "Press Ctrl+D to access BASIC-BOOTWARE MENU" prompt message appears. If you fail to do this within the time limit, the system starts to run the extended BootWare segment.

======================<BASIC-BOOTWARE MENU(Ver 1.19)>=======================

|<1> Modify Serial Interface Parameter |

|<2> Update Extended BootWare |

|<3> Update Full BootWare |

|<4> Boot Extended BootWare |

|<5> Boot Backup Extended BootWare |

|<0> Reboot |

============================================================================

Ctrl+U: Access BASIC ASSISTANT MENU

Enter your choice(0-5):

Table 8 BASIC-BOOTWARE menu options

Option	Task	Reference
<1> Modify Serial Interface Parameter	Change the baud rate of the console port. Perform this task before downloading an image through the console port for software upgrade.	Modifying serial port parameters
<2> Update Extended BootWare	Upgrade the extended BootWare segment. If the extended segment is corrupt, choose this option to repair it.	Upgrading the extended BootWare segment
<3> Update Full BootWare	Upgrade the entire BootWare, including the basic segment and the extended segment.	Upgrading the entire BootWare
<4> Boot Extended BootWare	Run the primary extended BootWare segment.	Running the primary extended BootWare segment
<5> Boot Backup Extend BootWare	Run the backup extended BootWare segment.	Running the backup extended BootWare segment
<0> Reboot	Reboot the device.	N/A
Ctrl+U: Access BASIC ASSISTANT MENU	Press Ctrl+U to access the BASIC ASSISTANT menu.	Accessing the BASIC ASSISTANT menu

Modifying serial port parameters

To change the baud rate of the console port:

1. Enter 1 in the BASIC-BOOTWARE menu.

Enter your choice(0-5): 1

===============================<BAUDRATE SET>===============================

|Note:'*'indicates the current baudrate |

| Change The HyperTerminal's Baudrate Accordingly |

|---------------------------<Baudrate Available>---------------- ----------|

|<1> 9600(Default)* |

|<2> 19200 |

|<3> 38400 |

|<4> 57600 |

|<5> 115200 |

|<0> Exit |

============================================================================

Enter your choice(0-5):

2. Enter the number that represents the baud rate you want to choose. For example, enter 5 to set the baud rate to 115200 bps.

NOTE:

Baud rate change is a one-time operation. The baud rate will restore to the default (9600 bps) at reboot. To set up a console session with the device after a reboot, you must change the baud rate of the configuration terminal back to 9600 bps.

Upgrading the extended BootWare segment

Enter 2 in the BASIC-BOOTWARE menu.

Enter your choice(0-5): 2

Please Start To Transfer File, Press <Ctrl+C> To Exit.

Waiting ...CCC

Upgrading the entire BootWare

Enter 3 in the BASIC-BOOTWARE menu.

Enter your choice(0-5): 3

Please Start To Transfer File, Press <Ctrl+C> To Exit.

Waiting ...CCC

Running the primary extended BootWare segment

Enter 4 in the BASIC-BOOTWARE menu.

Enter your choice(0-5): 4

Booting Normal Extended BootWare.

The Extended BootWare is self-decompressing.............Done!

****************************************************************************

* *

* BootWare, Version 1.32 *

* *

****************************************************************************

Compiled Date : Mar 11 2014

CPU Type : XLP316

CPU Clock Speed : 1200MHz

Memory Type : DDR3 SDRAM

Memory Size : 8192MB

Memory Speed : 667MHz

BootWare Size : 1536KB

Flash Size : 500MB

BASIC CPLD Version : 3.0

EXTENDED CPLD Version : 3.0

PCB Version : Ver.A

BootWare Validating...

Press Ctrl+B to access EXTENDED-BOOTWARE MENU...

Loading the main image files...

Loading file flash:/M9000-CMW710-SYSTEM-E9120.bin. ......................

............................................................................

...........................Done.

Image file flash:/M9000-CMW710-BOOT-E9120.bin is self-decompressing......

.................................................Done.

System image is starting...

Running the backup extended BootWare segment

Enter 5 in the BASIC-BOOTWARE menu.

For information about backing up the extended BootWare segment, see "Accessing the BootWare Operation submenu."

Enter your choice(0-5): 5

Booting Backup Extended BootWare.

The Extended BootWare is self-decompressing............................Done!

Accessing the BASIC ASSISTANT menu

NOTE:

This task is supported only on the M9000, M9000-AI, and M9000-X devices.

Press Ctrl+U in the BASIC-BOOTWARE menu.

===========================<BASIC-ASSISTANT MENU>===========================

|<1> RAM Test |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-1):

Table 9 BASIC ASSISTANT menu options

Option	Description
<1> RAM Test	Test the memory.
<2> Exit To Main Menu	Return to the BASIC-BOOTWARE menu.

Testing the memory

IMPORTANT:

To avoid unexpected exceptions, perform this task under the guidance of H3C Support.

To test the memory, use one of the following methods:

· In the BASIC-BOOTWARE menu, press Ctrl+T within 4 seconds after the "Press Ctrl+T to start memory test" prompt message appears.

· In the BASIC-BOOTWARE menu, press Ctrl+U to access the BASIC ASSISTANT menu.

Using the EXTENDED-BOOTWARE menu

Accessing the EXTENDED-BOOTWARE menu

1. Power on the device.

2. Press Ctrl+B within 5 seconds after the "Press Ctrl+B to access EXTENDED-BOOTWARE MENU..." prompt message appears. If you fail to do this within the time limit, the system starts up.

Password recovery capability is enabled.

Note: The current operating device is flash

Enter < Storage Device Operation > to select device.

3. Press Enter to access the EXTENDED-BOOTWARE menu.

===========================<EXTENDED-BOOTWARE MENU>=========================

|<1> Boot System |

|<2> Enter Serial SubMenu |

|<3> Enter Ethernet SubMenu |

|<4> File Control |

|<5> Restore to Factory Default Configuration |

|<6> Skip Current System Configuration |

|<7> BootWare Operation Menu |

|<8> Skip Authentication for Console Login |

|<9> Storage Device Operation |

|<0> Reboot |

============================================================================

Ctrl+Z: Access EXTENDED ASSISTANT MENU

Ctrl+F: Format File System

Enter your choice(0-9):

Availability of some options in this menu depends on the password recovery capability state (displayed on top of the EXTEND-BOOTWARE menu). For more information about the feature, see "Controlling the password recovery capability."

Table 10 EXTENDED-BOOTWARE menu options

Option	Tasks	Reference
<1> Boot System	Run the Comware software without rebooting the device. Choose this option after completing operations in the EXTENDED-BOOTWARE menu.	N/A
<2> Enter Serial SubMenu	Accessing the Serial submenu.	Accessing the Serial submenu
<3> Enter Ethernet SubMenu	Use FTP or TFTP to upgrade Comware images through the management Ethernet port.	Accessing the Ethernet submenu
<4> File Control	· Display files on the current storage medium. · Set a Comware image file as the main or backup startup software image file. · Delete files to release storage space.	Managing files
<5> Restore to Factory Default Configuration	Restore the factory-default configuration. This option is available only if password recovery capability is disabled.	Restoring the factory-default configuration
<6> Skip Current System Configuration	Start the device with the factory-default configuration without loading any configuration file. This option is available only if password recovery capability is enabled.	Skipping the configuration file
<7> BootWare Operation Menu	Back up, recover, and upgrade the BootWare image.	Accessing the BootWare Operation submenu
<8> Skip Authentication for Console Login	Skip console login authentication. This option is available only if password recovery capability is enabled. This is a one-time operation and takes effect only for the first system boot or reboot after you choose this option.	Skipping console login authentication
<9> Storage Device Operation	Set the storage medium from which the device will start up. Set the storage medium where file operations are performed. This storage medium is referred to as the "current storage medium."	Managing storage media
Ctrl+F: Format File System	Format the file system.	Formatting the file system
Ctrl+Z: Access EXTENDED ASSISTANT MENU	Access the EXTENDED ASSISTANT menu.	Accessing the EXTEND ASSISTANT submenu
<0> Reboot	Reboot the device.	N/A

Controlling the password recovery capability

Password recovery capability controls console user access to the device configuration from BootWare menus. This feature decides the method to handle a password loss situation.

· If password recovery capability is enabled, a console user can handle a password loss situation as follows:

¡ If the console login password is lost, the user can skip console login authentication, and then access the CLI to configure a new password.

¡ If a user role password is lost, the user can skip the configuration file, and then access the CLI to configure a new password.

· If password recovery capability is disabled, console users must restore the factory-default configuration before they can configure new passwords.

To enhance system security, disable password recovery capability.

To enable or disable password recovery capability:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enable or disabled password recovery capability.	· Enable the feature: password-recovery enable · Disable the feature: undo password-recovery enable	By default, password recovery capability is enabled.

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enable or disabled password recovery capability.

· Enable the feature:
password-recovery enable

· Disable the feature:
undo password-recovery enable

By default, password recovery capability is enabled.

Running Comware images

Enter 1 in the EXTEND-BOOTWARE menu.

Enter your choice(0-9): 1

Loading the main image files...

Loading file flash:/M9000-CMW710-SYSTEM-E9120.bin...........................

............................................................................

............Done.

Loading file flash:/M9000-CMW710-BOOT-E9120.bin.............................

.......................................................................Done.

Image file flash:/M9000-CMW710-BOOT-E9120.bin is self-decompressing.........

....................................................................Done.

System image is starting...

Line con0 is available.

Press ENTER to get started.

Accessing the Serial submenu

Enter 2 in the EXTEND-BOOTWARE menu.

Enter your choice(0-9): 2

===========================<Enter Serial SubMenu>===========================

|Note:the operating device is flash |

|<1> Download Image Program To SDRAM And Run |

|<2> Update Main Image File |

|<3> Update Backup Image File |

|<4> Modify Serial Interface Parameter |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-4):

Table 11 Serial submenu options

Option	Tasks
<1> Download Image Program To SDRAM And Run	Load and run Comware images in SDRAM. This option is available only if password recovery capability is enabled.
<2> Update Main Image File	Download Comware images to the current storage medium as the main images (the file attribute is set to M). As a result, the M file attribute of the original main images is removed.
<3> Update Backup Image File	Download Comware images to the current storage medium as backup images (the file attribute is set to B). As a result, the B file attribute of the original backup images is removed.
<4> Modify Serial Interface Parameter	Change the baud rate of the console port. The baud rate change is a one-time operation. The baud rate will restore to the default (9600 bps) at reboot. To set up a console session with the device after a reboot, you must change the baud rate setting on the configuration terminal to 9600 bps.
<0> Exit To Main Menu	Return to the EXTENDED-BOOTWARE menu.

NOTE:

To set the current storage medium, see "Managing storage media."

Accessing the Ethernet submenu

You can upgrade the Comware software through the management Ethernet port from the Ethernet submenu and configure file transfer settings.

1. Enter 3 in the EXTENDED-BOOTWARE menu and press Enter to access the Ethernet submenu.

Enter your choice(0-9):3

==========================<Enter Ethernet SubMenu>==========================

|Note:the operating device is flash |

|<1> Download Image Program To SDRAM And Run |

|<2> Update Main Image File |

|<3> Update Backup Image File |

|<4> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

|<Ensure The Parameter Be Modified Before Downloading!> |

============================================================================

Enter your choice(0-4):

Table 12 Ethernet submenu options

Option	Description
<1> Download Image Program To SDRAM And Run	Load and run software images in SDRAM. If password recovery capability is enabled, this option is not available.
<2> Update Main Image File	Download software images to the current storage medium as main images (the file attribute is set to M). As a result, the M file attribute of the original main images is removed.
<3> Update Backup Image File	Download software images to the current storage medium as backup images (the file attribute is set to B). As a result, the B file attribute of the original backup images is removed.
<4> Modify Ethernet Parameter	Configure FTP or TFTP file transfer settings.
<0> Exit To Main Menu	Return to the EXTENDED-BOOTWARE menu.

2. Enter 4 in the Ethernet submenu to configure file transfer settings on the MPU.

3. Enter your choice(0-4):4

======================<ETHERNET PARAMETER SET>=============================

|Note: '.' = Clear field. |

| '-' = Go to previous field. |

| Ctrl+D = Quit. |

===========================================================================

Protocol (FTP or TFTP) :ftp

Load File Name :M9000.ipe

Target File Name :M9000.ipe

Server IP Address :192.168.0.2

Local IP Address :192.168.0.1

Subnet Mask :255.255.255.0

Gateway IP Address :0.0.0.0

FTP User Name :admin

FTP User Password :******

Table 13 Setting Ethernet parameters for file transfer

Field	Description
'.' = Clear field	Press the dot (.), and then press Enter to clear the setting for a field.
'-' = Go to previous field	Press the hyphen (-), and then press Enter to return to the previous field.
Ctrl+D = Quit	Press Ctrl + D to exit the Ethernet parameter settings menu.
Protocol (FTP or TFTP)	Set the file transfer protocol to FTP or TFTP.
Load File Name	Set the name of the file to be downloaded.
Target File Name	Set a file name for saving the file in the current storage medium on the device. By default, the target file name is the same as the source file name.
Server IP Address	Set the IP address of the FTP or TFTP server.
Local IP Address	Set the IP address of the device.
Subnet Mask	Set the IP address mask.
Gateway IP Address	Set a gateway IP address if the device is on a different network than the server.
FTP User Name	Set the username for accessing the FTP server. This username must be the same as configured on the FTP server. This field is not available for TFTP.
FTP User Password	Set the password for accessing the FTP server. This password must be the same as configured on the FTP server. This field is not available for TFTP.

Managing files

You can display all files, set the attribute for a file, and delete a file from the File Control submenu.

Enter 4 in the EXTEND-BOOTWARE menu and then press Enter to access the File Control submenu.

Enter your choice(0-9):4

===============================<File CONTROL>===============================

|Note:the operating device is flash |

|<1> Display All File(s) |

|<2> Set Image File type |

|<3> Set Bin File type |

|<4> Delete File |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-4):

Table 14 File Control submenu options

Option	Description
<1> Display All File(s)	Display all files.
<2> Set Image File type	Set the attribute for a software image file.
<3> Set Bin File type	Set the attribute for a .bin file.
<4> Delete File	Delete a file.
<0> Exit To Main Menu	Return to the EXTEND-BOOTWARE menu.

Displaying all files

Enter 1 in the File Control submenu.

Enter your choice(0-4):1

Display all file(s) in flash:

'M' = MAIN 'B' = BACKUP 'N/A' = NOT ASSIGNED

============================================================================

|NO. Size(B) Time Type Name |

|1 129912 May/21/2015 15:44:18 N/A flash:/dpi/av/predefined/av_sigp|

|ack_curr.dat |

|2 87160 Jan/09/2016 10:04:46 N/A flash:/dpi/apr/predefined/apr_si|

|gpack_back.dat |

|3 87160 Jan/09/2016 10:04:46 N/A flash:/dpi/apr/predefined/apr_si|

|gpack_curr.dat |

|4 149240 May/21/2015 15:44:17 N/A flash:/dpi/ips/predefined/ips_si|

|gpack_curr.dat |

|5 36152 May/21/2015 15:44:17 N/A flash:/dpi/uflt/predefined/uflt_|

|sigpack_curr.dat |

|6 1249 Dec/24/2015 19:12:48 N/A flash:/pki/ca-44b9464f-7b6f9f0bf|

|2e88336935afb5b7d0364e7.cer |

|7 1796 Dec/24/2015 19:12:48 N/A flash:/pki/1126bfbd706f9d266b5ea|

|43033f0dce7.info |

|8 2398 Oct/17/2014 17:37:37 N/A flash:/pki/https-server.p12 |

|9 1403 Dec/24/2015 19:14:27 N/A flash:/pki/lo-1126bfbd706f9d266b|

|5ea43033f0dce7-0.cer |

|10 94208 Feb/29/2016 07:55:03 N/A flash:/core/node0_licd_249_11_20|

|160229-075502_1456732502.core |

|11 94208 Feb/27/2016 08:42:45 N/A flash:/core/node0_licd_249_11_20|

|160227-084245_1456562565.core |

|12 735 Dec/24/2015 19:14:27 N/A flash:/pkey/rsa/dfe.key |

|13 119071 Jul/23/2015 15:21:46 N/A flash:/test.mdb |

|14 0 Apr/07/2016 15:17:21 N/A flash:/.trash/.trashinfo |

|15 591 Dec/13/2015 22:05:55 N/A flash:/serverkey |

|16 56277 Oct/22/2015 15:45:27 N/A flash:/diagfile/diagfile.log |

|17 223 Apr/16/2015 16:28:29 N/A flash:/ecdsakey |

|18 252928 Apr/20/2016 10:40:39 N/A flash:/M9000-CMW710-DEVKIT-E9117|

|.bin |

|19 418156 Aug/27/2015 17:21:35 N/A flash:/m9000_fw4_v2.03.btw |

|20 880 Dec/24/2015 19:12:45 N/A flash:/certnew20150202.cer |

|21 0 Jun/11/2015 18:33:38 N/A flash:/lauth.dat |

|22 18 Jan/09/2016 17:31:06 N/A flash:/.pathfile |

|23 10471381 May/07/2016 09:58:36 N/A flash:/logfile/logfile.log |

|24 943 Jul/13/2015 13:49:52 N/A flash:/license/.did |

|25 3055 Sep/07/2015 11:17:43 N/A flash:/license/M9000201509071127|

|1930813.ak |

|26 3008 Sep/07/2015 11:16:54 N/A flash:/license/M9000201509071121|

|3604935.ak |

|27 904 Feb/03/2016 08:40:39 N/A flash:/license/history/DeviceID_|

|20160203084039.did |

|28 963 Nov/04/2015 17:40:59 N/A flash:/license/history/DeviceID_|

|20151104174059.did |

|29 963 Jan/06/2016 16:42:32 N/A flash:/license/history/DeviceID_|

|20160106164232.did |

|30 963 Jan/05/2016 21:55:42 N/A flash:/license/history/DeviceID_|

|20160105215542.did |

|31 904 Nov/04/2015 20:08:46 N/A flash:/license/history/DeviceID_|

|20151104200846.did |

|32 963 Jan/06/2016 09:16:21 N/A flash:/license/history/DeviceID_|

|20160106091621.did |

|33 963 Feb/01/2016 17:20:22 N/A flash:/license/history/DeviceID_|

|20160201172022.did |

|34 963 Jun/23/2015 17:20:35 N/A flash:/license/history/DeviceID_|

|20150623172035.did |

|35 963 Mar/01/2016 18:35:15 N/A flash:/license/history/DeviceID_|

|20160301183515.did |

|36 2958 Sep/07/2015 11:17:19 N/A flash:/license/M9000201509071125|

|3150850.ak |

|37 963 Mar/01/2016 18:35:15 N/A flash:/license/210235A1ABX13C000|

|010.did |

|38 3024 Sep/07/2015 11:17:07 N/A flash:/license/M9000201509071124|

|3649147.ak |

|39 2980 Sep/07/2015 11:17:31 N/A flash:/license/M9000201509071126|

|1999412.ak |

|40 735 Dec/13/2015 22:05:55 N/A flash:/hostkey |

|41 202685440 Apr/20/2016 10:40:37 N/A flash:/M9000-CMW710-SYSTEM-E9117|

|.bin |

|42 128371712 Apr/22/2016 08:43:32 M flash:/M9000-CMW710-SYSTEM-E9120|

|.bin |

|43 58275840 Apr/22/2016 08:51:42 N/A flash:/BLADE4FWM9000-CMW710-SYST|

|EM-E9120.bin |

|44 6416 May/04/2016 10:06:18 N/A flash:/startup.cfg |

|45 124425 Apr/27/2016 09:52:24 N/A flash:/startup.mdb |

|46 642452 Aug/27/2015 16:47:49 N/A flash:/m9000_v1.32.btw |

|47 16 Apr/22/2016 08:57:01 N/A flash:/versionInfo/versionCtl.da|

|t |

|48 1056 Apr/01/2016 13:26:30 N/A flash:/versionInfo/version7.dat |

|49 536 Mar/23/2016 10:59:40 N/A flash:/versionInfo/version6.dat |

|50 1056 Mar/23/2016 09:11:05 N/A flash:/versionInfo/version5.dat |

|51 1056 Mar/12/2016 08:24:28 N/A flash:/versionInfo/version4.dat |

|52 536 Mar/11/2016 19:40:17 N/A flash:/versionInfo/version3.dat |

|53 536 Apr/22/2016 08:57:01 N/A flash:/versionInfo/version2.dat |

|54 1056 Apr/20/2016 10:46:55 N/A flash:/versionInfo/version1.dat |

|55 536 Apr/07/2016 15:52:47 N/A flash:/versionInfo/version0.dat |

|56 536 Apr/07/2016 14:43:48 N/A flash:/versionInfo/version9.dat |

|57 536 Apr/07/2016 11:24:44 N/A flash:/versionInfo/version8.dat |

|58 2316 Dec/24/2015 19:14:26 N/A flash:/local20150202.pfx |

|59 1716 Apr/27/2016 09:52:24 N/A flash:/ifindex.dat |

|60 20 Jan/09/2016 10:33:47 N/A flash:/.snmpboots |

|61 21125120 Apr/20/2016 10:27:16 N/A flash:/M9000-CMW710-BOOT-E9117.b|

|in |

|62 13556736 Apr/22/2016 08:41:34 M flash:/M9000-CMW710-BOOT-E9120.b|

|in |

|63 5447680 Apr/22/2016 08:50:25 N/A flash:/BLADE4FWM9000-CMW710-BOOT|

|-E9120.bin |

|64 385 Apr/01/2016 13:32:41 N/A flash:/manuinfo.dat |

|65 384 Apr/22/2016 08:51:43 N/A flash:/.moduleimagemain.data |

|66 77824 Apr/20/2016 10:40:40 N/A flash:/M9000-CMW710-MANUFACTURE-|

|E9117.bin |

============================================================================

Setting the attribute for software images

1. Enter 2 in the File Control submenu.

===============================<File CONTROL>===============================

|Note:the operating device is flash |

|<1> Display All File(s) |

|<2> Set Image File type |

|<3> Set Bin File type |

|<4> Delete File |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-4):2

'M' = MAIN 'B' = BACKUP 'N/A' = NOT ASSIGNED

============================================================================

|NO. Size(B) Time Type Name |

|1 119947264 Feb/27/2013 15:08:22 N/A flash:/M9000.ipe |

|0 Exit |

2. Enter the numbers of the files you are working with. For example, enter 1.

Enter file No.:1

Modify the file attribute:

============================================================================

|<1>+Main |

|<2>+Backup |

|<0> Exit |

============================================================================

Enter your choice(0-2):

3. Enter a number in the range of 0 to 2 to add or delete a file attribute for the files. For example, enter 1 to assign the M attribute to the files.

Enter your choice(0-2):1

This operation may take several minutes. Please wait....

Image file M9000-CMW710-BOOT-E9120.bin is self-decompressing...

Saving file flash:/M9000-CMW710-BOOT-E9120.bin .............................

......................Done.

Image file M9000-CMW710-SYSTEM-E9120.bin is self-decompressing...

Saving file flash:/M9000-CMW710-SYSTEM-E9120.bin ...........................

............................................................................

.....................................................................Done.

Set the file attribute success!

Setting the attribute for .bin files

Enter 3 in the File Control submenu.

Enter your choice(0-4): 3

'M' = MAIN 'B' = BACKUP 'N/A' = NOT ASSIGNED

============================================================================

|NO. Size(B) Time Type Name |

|1 252928 Apr/20/2016 10:40:39 N/A flash:/M9000-CMW710-DEVKIT-E9117|

|.bin |

|2 202685440 Apr/20/2016 10:40:37 N/A flash:/M9000-CMW710-SYSTEM-E9117|

|.bin |

|3 128371712 Apr/22/2016 08:43:32 M flash:/M9000-CMW710-SYSTEM-E9120|

|.bin |

|4 21125120 Apr/20/2016 10:27:16 N/A flash:/M9000-CMW710-BOOT-E9117.b|

|in |

|5 13556736 Apr/22/2016 08:41:34 M flash:/M9000-CMW710-BOOT-E9120.b|

|in |

|6 77824 Apr/20/2016 10:40:40 N/A flash:/M9000-CMW710-MANUFACTURE-|

|E9117.bin |

|0 Exit |

============================================================================

Note:Select .bin files. One but only one boot image and system image must be included.

Enter file No.(Allows multiple selection):1

Enter another file No.(0-Finish choice):2

Enter another file No.(0-Finish choice):0 //Enter 0 to end the selection.

You have selected:

flash:/m9000-cmw710-boot-E9120.bin

flash:/m9000-cmw710-system-E9120.bin

Modify the file attribute:

============================================================================

|<1>+Main |

|<2>+Backup |

|<0> Exit |

============================================================================

Enter your choice(0-2):1

This operation may take several minutes. Please wait....

Set the file attribute success!

Deleting a file

1. Enter 4 in the File Control submenu.

Enter your choice(0-4):4

Deleting the file in flash:

'M' = MAIN 'B' = BACKUP 'N/A' = NOT ASSIGNED

============================================================================

|NO. Size(B) Time Type Name |

|1 129912 May/21/2015 15:44:18 N/A flash:/dpi/av/predefined/av_sigp|

|ack_curr.dat |

|2 87160 Jan/09/2016 10:04:46 N/A flash:/dpi/apr/predefined/apr_si|

|gpack_back.dat |

|3 87160 Jan/09/2016 10:04:46 N/A flash:/dpi/apr/predefined/apr_si|

|gpack_curr.dat |

|4 149240 May/21/2015 15:44:17 N/A flash:/dpi/ips/predefined/ips_si|

|gpack_curr.dat |

|5 36152 May/21/2015 15:44:17 N/A flash:/dpi/uflt/predefined/uflt_|

|sigpack_curr.dat |

|6 1249 Dec/24/2015 19:12:48 N/A flash:/pki/ca-44b9464f-7b6f9f0bf|

|2e88336935afb5b7d0364e7.cer |

|7 1796 Dec/24/2015 19:12:48 N/A flash:/pki/1126bfbd706f9d266b5ea|

|43033f0dce7.info |

|8 2398 Oct/17/2014 17:37:37 N/A flash:/pki/https-server.p12 |

|9 1403 Dec/24/2015 19:14:27 N/A flash:/pki/lo-1126bfbd706f9d266b|

|5ea43033f0dce7-0.cer |

|10 94208 Feb/29/2016 07:55:03 N/A flash:/core/node0_licd_249_11_20|

|160229-075502_1456732502.core |

|11 94208 Feb/27/2016 08:42:45 N/A flash:/core/node0_licd_249_11_20|

|160227-084245_1456562565.core |

|12 735 Dec/24/2015 19:14:27 N/A flash:/pkey/rsa/dfe.key |

|13 119071 Jul/23/2015 15:21:46 N/A flash:/test.cfg |