Download

Title	Size	Downloads
SECPATH5080DF_MPU-CMW710-R9660P29_IPE.zip	192.88 MB
SECPATH5080DF_MPU-CMW710-R9660P29_BIN.zip	192.87 MB
SECPATH5080DF_LPU-CMW710-R9660P29_IPE.zip	203.04 MB
SECPATH5080DF_LPU-CMW710-R9660P29_BIN.zip	203.04 MB
H3C_SECPATH5080DF-CMW710-R9660P29_Release_Notes.pdf	753.84 KB
H3C_SECPATH5080DF-CMW710-R9660P29_Release_Notes_(Software_Feature_Changes).pdf	524.23 KB


H3C SECPATH5080DF-CMW710-R9660P29
Release Notes

Contents

Introduction· 1

List of severe vulnerabilities· 1

Version information· 2

Version number 2

Version history· 3

Hardware and software compatibility matrix· 4

[SUBSLOT 0]NSQM1MPULA (Hardware)Ver.A, (Driver)1.0 ISSU compatibility list 6

Upgrade restrictions and guidelines· 6

Hardware feature updates· 7

Hardware feature updates in E9620P07· 7

Software feature and command updates· 7

MIB updates· 7

Operation changes· 9

Restrictions and cautions· 9

Open problems and workarounds· 10

List of resolved problems· 10

Resolved problems in R9660P29· 10

Resolved problems in R9660P26· 10

Resolved problems in R9660P18· 10

Resolved problems in F9660P07· 10

Resolved problems in F9660P04· 11

Resolved problems in F9620P16· 11

Resolved problems in R9620P13· 11

Resolved problems in F9620P1201· 11

Resolved problems in F9620P11· 11

Resolved problems in E9620P08· 11

Resolved problems in E9620P07· 11

Resolved problems in E9620P03· 11

Resolved problems in E9619· 11

Introduction

This document describes the features, restrictions and guidelines, open problems, and workarounds for version R9660P29. Before you use this version on a live network, back up the configuration and test the version to avoid software upgrade affecting your live network.

Use this document in conjunction with H3C SECPATH5080DF-CMW710-R9660P29 Release Notes (Software Feature Changes) and the documents listed in "Related documentation."

List of severe vulnerabilities

· [HSVD-201709-002] CVE-2019-3855: An attacker can exploit this vulnerability to execute unauthorized operations.

· [HSVD-201903-017] CVE-2019-3855: An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. libssh2 is a client-side C library implementing the SSH2 protocol. A remote attacker who compromises an SSH server may be able to execute code on the client system when a user connects to the server.

· [HSVD-201904-001] TCP/IP SYN + FIN packet filtering vulnerability: A remote host does not discard TCP SYN packets with the FIN flag set. An attacker might bypass the firewall, depending on the type of firewall used.

· [HSVD-201902-001] A remote host can exploit the TCP timestamp vulnerability to obtain the online time.

· [HSVD-201901-016] CVE-2019-0548: A Linux kernel vulnerability that can cause information revealing.

· [JavaScript library vulnerability]: Internal IP addresses in destination URLs might be revealed.

· [FREAK attack vulnerability]: A vulnerability related to SSL/TLS.

· [CVE-2020-10188]: utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

· [XSS vulnerability]: An XSS vulnerability was found on the SSL VPN Web login interface.

· [Web JavaScript vulnerability]: A medium-risk vulnerability found during Web vulnerability scanning.

· [HTTP method vulnerability]: An attacker can use the OPTIONS method to determine the HTTP methods allowed by each directory.

· [CRLF injection vulnerability]: This vulnerability can be exploited when an HTTP request contains a user-configured domain in the cookies or the request is GET /enterdomain.cgi?domain=%0d%0aSomeCustomInjectedHeader:%0d%0aset-cookie:iamyy HTTP1/1.

· [CNVD-2019-38485] CVE-2019-1547: An attacker can exploit this vulnerability to obtain sensitive information.

· [CNVD-2019-38486] CVE-2019-1563: In situations where an attacker receives automated notification of the success or failure of a decryption attempt, an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key.

· [CNVD-2017-00450] CVE-2016-7056: A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.

· [CNVD-2018-06539] CVE-2018-0739: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack.

· [CNVD-2019-05906] CVE-2019-1559: An attacker can exploit this vulnerability to bypass access controls and obtain sensitive information.

· [CNVD-2018-09649] CVE-2018-0737: An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key.

· [CNVD-2018-12153] CVE-2018-0732: An attacker can exploit this vulnerability to launch a DoS attack.

· [CNVD-2019-27331] CVE-2019-1552: This vulnerability is related to OpenSSL. An attacker can exploit this vulnerability to bypass security controls.

· [CVE-2018-5407]: This vulnerability is related to OpenSSL. An attacker can exploit this vulnerability to obtain sensitive information and launch more attacks.

· [X-Frame-Options vulnerability]: A missing X-Frame-Options header can cause a clickjacking attack.

· [CVE-2011-1473]: SSL does not properly restrict client-initiated renegotiation, and SSL clients can renegotiate successfully.

· [CVE-2015-2808]: The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, also known as the "Bar Mitzvah" issue.

· [CVE-2014-3566]: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, also known as the "POODLE" issue.

Version information

Version number

Comware software, Version 7.1.064, Release 9660P28

Note: You can see the version number with the display version command in any view. Please see Note①.

Version history

IMPORTANT:

The software feature changes listed in the version history table for each version are not complete. To obtain complete information about all software feature changes in each version, see the Software Feature Changes document for this release notes.

Table 1 Version history

Version number	Last version	Release date	Release type	Remarks
R9660P29	F9660P28	2022-11-18	Release version	Release for the use of technical support and production use.
R9660P28	F9660P26	2022-09-28	Release version	Release for the use of technical support and production use.
R9660P26	F9660P25	2022-07-26	Release version	Release for the use of technical support and production use.
R9660P25	F9660P24	2022-06-28	Release version	Release for the use of technical support and production use.
R9660P24	F9660P18	2022-05-30	Release version	Release for the use of technical support and production use.
R9660P18	F9660P07	2021-11-26	Release version	Release for the use of technical support and production use.
F9660P07	F9660P04	2020-12-18	Feature version	Restricted to the use of technical support.
F9660P04	F9620P16	2020-09-29	Feature version	Restricted to the use of technical support.
F9620P16	R9620P13	2020-07-19	Feature version	Restricted to the use of technical support.
R9620P13	F9620P1201	2020-03-21	Release version	Release for technical support.
F9620P1201	F9620P11	2020-02-26	Feature version	Restricted to the use of technical support.
F9620P11	E9620P08	2019-12-30	Feature version	Restricted to the use of technical support.
E9620P08	E9620P07	2019-09-26	ESS version	Restricted to the use of technical support.
E9620P07	E9620P03	2019-08-23	ESS version	Restricted to the use of technical support.
E9620P03	E9619	2019-04-29	ESS version	Restricted to the use of technical support.
E9619	First release	2019-01-29	ESS version	First release for the overseas market.

Hardware and software compatibility matrix

CAUTION:

To avoid an upgrade failure, use Table 2 to verify the hardware and software compatibility before performing an upgrade.

Table 2 Hardware and software compatibility matrix

Item	Specifications
Hardware platform	F5030-D	F5060-D	F5080-D	F5000-AK515	F5000-AK525
Memory	16 GB	32 GB	64 GB	16 GB	32 GB
Flash	SD card: 4 GB NAND flash: N/A
BootWare version	Chassis: 1.09 MPU (NSQM1MPULA/NSQM1MPULA2): 2.00 (Note: Execute the display version command in any view to view the version information. Please see Note②)
Software images and their MD5 checksums	Chassis (LPUs included): SECPATH5080DF_LPU-CMW710-R9660P29.ipe F5080LPU-CMW710-BOOT-R9660P29.bin F5080LPU-CMW710-SYSTEM-R9660P29.bin MPU: SECPATH5080DF_MPU-CMW710-R9660P29.ipe f5080mpu-cmw710-boot-R9660P29.bin f5080mpu-cmw710-system-R9660P29.bin MD5： Chassis (LPUs included): SECPATH5080DF_LPU-CMW710-R9660P29.ipe： b89ff79b62f375c52b7575ac1c87f78a F5080LPU-CMW710-BOOT-R9660P29.bin： 204aca1b34f0be34421ff07e2848eedc F5080LPU-CMW710-SYSTEM-R9660P29.bin： 44492761002cb59d6094fc018021acf4 MPU: SECPATH5080DF_MPU-CMW710-R9660P29.ipe： 53add2003e268a34b49426f1d01f41a0 f5080mpu-cmw710-boot-R9660P29.bin： bcff4bf80d462c95e0fb261bbed24cf83 f5080mpu-cmw710-system-R9660P29.bin： a7494a99f5566e6a1127a5c0d7033bfe
iMC version	iMC PLAT 7.3 (E0705P12） iMC UBA 7.3 (E0707L06) iMC IVM 7.3 (E0506) iMC EIA 7.3 (E0611P13) iMC SHM 7.3 (E0707L06) iMC-DM PLAT 7.3 (E0705P12) iMC-iCC PLAT 7.3 (E0705P12) iMC-ACLM PLAT 7.3 (E0705P12) iMC-VLAN iMC PLAT 7.3 (E0705P12)
CSAP-S version	E1143P0601
H3C SecCenter SMP version	E1112P02
H3C SecCloud OMP version	E1301P01
iNode version	iNode PC 7.3 (E0585)

Sample: To display the host software and BootWare version of F5030-D, perform the following:

<H3C> display version

H3C Comware Software, Version 7.1.064, Release 9660P29 ----Note①

H3C SecPath F5030-D uptime is 0 weeks, 3 days, 22 hours, 7 minutes

Last reboot reason: User reboot

Boot image: flash:/f5080mpu-cmw710-boot-R9660P29.bin

Boot image version: 7.1.064, Release 9660P29

Compiled Jun 14 2022 14:00:00

System image: flash:/f5080mpu-cmw710-system-R9660P29.bin

System image version: 7.1.064, Release 9660P29

Compiled Jun 14 2022 14:00:00

Chassis 1 Slot 0

Uptime is 0 weeks, 0 days, 0 hours, 18 minutes

CPU type: Multi-core CPU

DDR3 SDRAM Memory 4080M bytes

Board PCB Version:Ver.A

CPLD Version: 1.0

Basic BootWare Version: 2.01 -----Note②

Extend BootWare Version: 2.01

Release Version:SecPath F50X0-D MPU Release 9660P29

Chassis 1 Slot 2

Uptime is 0 weeks, 0 days, 0 hours, 18 minutes

CPU type: Multi-core CPU

DDR3 SDRAM Memory: 32752M bytes

SD0: 3728M bytes

NSQ1MPBHA PCB Version: Ver.B

NSQ1MPBBHB PCB Version: Ver.A

NSQ1MPHDBHA PCB Version: Ver.A

NSQ1MPGC4BHA PCB Version: Ver.A

NSQ1MPLEDBHA PCB Version: Ver.A

CPLD_A Version: 2.0

CPLD_B Version: 2.0

Release Version:SecPath F5030-D LPU Release 9660P29

Basic BootWare Version:1.09 -----Note②

Extend BootWare Version:1.09

[SUBCARD 0] NSQ1MPBHA(Hardware)Ver.B, (Driver)1.0, (Cpld)2.0

[SUBCARD 1] NSQM1TG8A(Hardware)Ver.A, (Driver)1.0, (Cpld)2.0

[SUBSLOT 0]NSQM1MPULA (Hardware)Ver.A, (Driver)1.0 ISSU compatibility list

ISSU allows compatible upgrades and incompatible upgrades. Table 3 show the versions released in 18 months that support compatible upgrades to the current version. For more information about ISSU upgrade methods, see Fundamentals Configuration Guide.

Table 3 ISSU compatibility list

Current version	Earlier version	ISSU compatibility
SECPATH5080DF-CMW710-R9660P29	SECPATH5080DF-CMW710-F9660P28	Compatible
	SECPATH5080DF-CMW710-F9660P26	Compatible
	SECPATH5080DF-CMW710-F9660P25	Compatible
	SECPATH5080DF-CMW710-F9660P24	Compatible
	SECPATH5080DF-CMW710-F9660P18	Compatible
	SECPATH5080DF-CMW710-F9660P07	Compatible
	SECPATH5080DF-CMW710-F9660P04	Incompatible
	SECPATH5080DF-CMW710-F9620P16	Incompatible
	SECPATH5080DF-CMW710-R9620P13	Incompatible
	SECPATH5080DF-CMW710-F9620P1201	Incompatible
	SECPATH5080DF-CMW710-F9620P11	Incompatible
	SECPATH5080DF-CMW710-E9620P08	Incompatible
	SECPATH5080DF-CMW710-E9620P07	Incompatible
	SECPATH5080DF-CMW710-E9620P03	Incompatible

Upgrade restrictions and guidelines

To ensure hardware compatibility, do not downgrade the factory software version.

For the signature databases for anti-virus and URL filtering, the official website provides two sizes for different device storage spaces. The letter H in the name indicates a large signature database. For example, the V7-AV-H-1.0.68.dat is a large signature database and the V7-AV-1.0.68.dat is a small one. When you perform a manual update, examine your device storage capacity to determine which signature database should be downloaded. The large signature databases are supported when the memory is larger than 8 GB, and the capacity of the storage medium (flash memory, SD card, or CF card) is larger than 1 GB. Otherwise, only the small signature databases are supported.

MPUs and LPUs must start at the same time. For the device to work correctly, the software versions of the host device and MPUs must be consistent. In the case of an inconsistency, download the correct software version from the H3C website.

You can upgrade an IRF fabric from a security policy-incapable version to a security-policy-capable version through an ISSU. To use security policies after the upgrade, you must reboot the IRF fabric.

To ensure a successful upgrade, make sure the current Boot ROM version is consistent with the system version before an ISSU.

After an ISSU, clear the browser cache for the Web interface to correctly display the configuration information of modified features.

You can check the Upgrade Way field in the output from the display version comp-matrix command for recommended ISSU methods.

Table 4 ISSU compatibility list

Version description	Version identifier	Version number	ISSU compatibility
Base line version	V0	E9620P03	Compatible
Last software version	Vn-1	R9660P28	/
Last Release version	Vk	R9660P28	/

Hardware feature updates

Hardware feature updates in E9620P07

The hardware platform F5000-AK525 was added.

For more information about the hardware features, see "Hardware features" in the appendix.

Software feature and command updates

For more information about the software feature and command update history, see H3C SECPATH5080DF-CMW710-R9660P29 Release Notes (Software Feature Changes).

MIB updates

Table 5 MIB updates

Item	MIB file	Module	Description
R9660P29
New	None	None	None
Modified	None	None	None
R9660P28
New	None	None	None
Modified	None	None	None
R9660P26
New	None	None	None
Modified	None	None	None
R9660P25
New	None	None	None
Modified	None	None	None
R9660P24
New	None	None	None
Modified	None	None	None
R9660P18
New	None	None	None
Modified	None	None	None
F9660P07
New	None	None	None
Modified	None	None	None
F9660P04
New	None	None	None
Modified	None	None	None
F9620P16
New	None	None	None
Modified	None	None	None
R9620P13
New	None	None	None
Modified	None	None	None
F9620P1201
New	None	None	None
Modified	None	None	None
F9620P11
New	None	None	None
Modified	None	None	None
E9620P08
New	None	None	None
Modified	None	None	None
E9620P07
New	None	None	None
Modified	None	None	None
E9620P03
New	None	None	None
Modified	None	None	None
E9619
New	None	None	None
Modified	None	None	None

Operation changes

None.

Restrictions and cautions

Before performing a software upgrade, it is important to refer to the Software Feature Changes document for any feature changes in the new version. Also check the most recent version of the related documents (see "Related documentation") available on the H3C website for more information about feature configuration and commands.

To avoid abnormality and configuration failure, follow these restrictions:

· Use the following browsers:

¡ Chrome 31 or higher.

¡ Firefox v19 or higher.

¡ Safari 5 or higher.

¡ Internet Explorer 9 or higher.

· When two power modules are installed, do not repeatedly re-install them within a short period. To avoid the CPU errors caused by frequent power module re-installation, install power modules correctly in one operation.

· The Web interface and CLI cannot be used together. Do not configure a feature through both the Web interface and CLI.

· Only devices of the same model can form an IRF fabric.

· For 4SFP&4SFP+ and 8SFP+ interface modules, the following restrictions apply:

¡ 10 GE ports on the interface modules support GE/10GE autosensing, but they do not support copper transceiver modules.

¡ The interface modules can be installed only in slot 2/3.

¡ For GE ports on a 4SFP&4SFP+ interface module, speed or duplex autonegotiation is disabled by default. As a best practice for a GE port on the interface module to come up, make sure the speed or duplex mode on the interface is the same as that on the peer interface.

· IRF physical interfaces must be the same type. You can use only the following ports as IRF physical interfaces:

¡ Fiber ports on the rear panel.

¡ Ports on subslot 1 of slot 2.

¡ Ports on subslot 2 of slot 2.

· 10-Gigabit fiber ports do not support Gigabit transceiver modules.

· Fiber ports cannot be split.

· The MPU has only one management interface and one serial port. As a result, the MPU can only download software images by default. The major functions of an MPU are to perform device management for interface modules through the Web interface, Telnet, or SNMP.

· The main process is on the MPU, and the processing performance for protocol packets of services (for example, IPsec and L2TP) is low. To view the processes running on an MPU, execute the display placement location chassis X slot X command.

· To create and use virtual firewalls properly, you must add the virtual firewalls to the default security engine group, and make sure no user-defined security engine groups exist on the device.

· To perform session backup for two devices, you must configure hot backup for them.

Open problems and workarounds

None.

List of resolved problems

Resolved problems in R9660P29

None.

Resolved problems in R9660P26

None.

Resolved problems in R9660P18

202105060373

· Symptom: In an IRF fabric, memory leaks occur on the subordinate device after the input interface of the forward flow is changed.

· Condition: This symptom occurs if you have enabled last hop holding and last hop backup.

202108020312

· Symptom: In an IRF fabric, a domain-name-based security policy does not take effect after the subordinate device is rebooted.

· Condition: This symptom occurs if a large number of address object groups containing domain names exist.

202109130126

· Symptom: The Web interface cannot be accessed and the XMLSOAP/3/THREAD: Maximum number of NETCONF threads already reached. message is printed.

· Condition: This symptom occurs if the device is installed with a software version earlier than R9660P18.

202109150027

· Symptom: The memory cannot be released.

· Condition: This symptom occurs if the dpid process uses the glibc memory management library instead of the tcmalloc memory management library.

202108280156

· Symptom: The device reboots.

· Condition: This symptom occurs when the packet accessing the SSL VPN gateway carries the svnp_rewrite_code field.

Resolved problems in F9660P07

202012010116

· Symptom: The DNS audit function does not take effect.

· Condition: This symptom occurs if the indirect networking mode is used.

Resolved problems in F9660P04

None.

Resolved problems in F9620P16

· Symptom: The device accesses the Oracle database slowly.

· Condition: This symptom occurs if the device is managed by the VCFC.

Resolved problems in R9620P13

None.

Resolved problems in F9620P1201

None.

Resolved problems in F9620P11

None.

Resolved problems in E9620P08

None.

Resolved problems in E9620P07

None.

Resolved problems in E9620P03

None.

Resolved problems in E9619

First release for the overseas market.

Obtaining documentation

To obtain the related documents from the H3C website at http://www.h3c.com/en:

1. Click http://www.h3c.com/en/Support/Resource_Center/Technical_Documents.

2. Choose the desired product category and model.

Technical support

service@h3c.com

http://www.h3c.com/en

Appendix A Feature list

Hardware features

Table 6 Firewall specifications

Item	Specifications
Hardware platform	F5030-D	F5060-D	F5080-D	F5000-AK515	F5000-AK525
Compatible MPU	NSQM1MPULA	NSQM1MPULA	NSQM1MPULA	NSQM1MPULA2	NSQM1MPULA2
Ports	· 1 × console port · 2 × USB host mode ports · 4 × GE combo ports · 8-port GE copper interface module · 8-port 10-GE fiber interface module	· 1 × console port · 2 × USB host mode ports · 4 × GE combo ports · 8-port GE copper interface module · 8-port GE fiber interface module · 8-port 10-GE fiber interface module	· 1 × console port · 2 × USB host mode ports · 4 × GE combo ports · 8-port GE copper interface module · 8-port GE fiber interface module · 8-port 10-GE fiber interface module	· 1 × console port · 2 × USB host mode ports · 4 × GE combo ports · 8-port GE copper interface module · 4-port GE & 4-port 10-GE fiber interface module	· 1 × console port · 2 × USB host mode ports · 4 × GE combo ports · 8-port GE copper interface module · 4-port GE & 4-port 10-GE fiber interface module
Memory	16 GB DDR3 SDRAM	32 GB DDR3 SDRAM	64 GB DDR3 SDRAM	16 GB DDR3 SDRAM	32 GB DDR3 SDRAM
Flash	SD card: 4 GB
Expansion slots	8 expansion slots.
Hard disk slots	2 hard disk slots that support SATA hard disks.
Power modules	2 × 650 W AC or DC power modules. AC and DC power modules cannot be used together.
Dimensions (H × W × D)	88.1 × 440 × 660 mm (3.47 × 17.32 × 25.98 in)
Operating temperature	· Operating: ¡ Without hard disks: 0°C to 45°C (32°F to 113°F) ¡ With hard disks: 5°C to 40°C (41°F to 104°F) · Storage: –40°C to 70°C (–47.2°F to 158°F)
Relative humidity	· Operating: 10% RH to 90% RH, noncondensing · Storage: 5% RH to 90% RH, noncondensing

Table 7 MPU specifications

Item	Specifications
MPU model	NSQM1MPULA	NSQM1MPULA2
Compatible firewalls	F5030-D/F5060-D/F5080-D	F5000-AK515/F5000-AK525
Ports	· 1 × console port · 1 × GE copper port · 2 × USB host mode ports
Memory	4 GB
Flash	1 GB NAND flash
Dimensions (H × W × D)	19.8 × 189 × 212.4 mm (0.78 × 7.44 × 8.36 in)
Operating temperature	· Operating: 0°C to 45°C (32°F to 113°F) · Storage: –40°C to 70°C (–47.2°F to 158°F)
Relative humidity	· Operating: 10% RH to 90% RH, noncondensing · Storage: 5% RH to 95% RH, noncondensing

Software features

Table 8 Firewall software features

Category	Features
AAA		RADIUS/HWTACACS+ authentication. CHAP authentication. PAP authentication. Domain authentication.
Firewall		Packet filtering. Security zone-based access control. Time-based access control. ASPF. Virtual firewall. Attack protection against malicious attacks, such as land, smurf, fraggle, WinNuke, ping of death, teardrop, IP spoofing, IP fragmentation, invalid TCP flag, large ICMP packet, address/port scanning, SYN flood, and ICMP flood. Control of ICMP redirection and destination unreachable messages. Tracert message control. Control of IP packets with the RR option. Static blacklist and dynamic blacklist.
Security management		Real-time attack protection logs. Blacklist logs. Session logs. Binary logs. Traffic statistic collection and analysis. Security event statistics.
NAT		NAT support for address pools. NAT support for ACLs. Easy IP. NAT server. Effective period of NAT. NAT ALGs, including FTP, DNS, QQ, MSN, H323, NBT, ILS, RTSP, SQLNET, SIP, RSH, and MGCP. NAT444.
Email filtering		Email sender/recipient-based filtering. Email subject/content/attachment filtering. Uploaded/downloaded FTP file filtering. Support for matching Chinese character codes.
Bandwidth management		Setting the maximum upstream bandwidth and the maximum downstream bandwidth. Setting the guaranteed upstream bandwidth and the guaranteed downstream bandwidth. Specifying traffic profiles based on parameters such as source security zone, destination security zone, source address, destination address, application, application group, time range, and user. Child traffic profiles. Interface-specific bandwidth configuration. AVC reports and logs, including user logs, local logs, and local reports. Traffic blocking and rate-limiting.
IPSec/IKE		AH and ESP. Manual SA setup and IKE SA setup. ESP support for DES, 3DES, and AES encryption algorithms. Support for MD5 and SHA-1 authentication algorithms. Support for IKE main mode and aggressive mode. DPD. NAT traversal.
L2TP		L2TP.
GRE		GRE tunnel.
SSL VPN		SSL VPN features.
LAN		Ethernet_II. VLAN.
IP services		ARP. Static domain name resolution. IP address borrowing. DHCP relay. DHCP server. DHCP client.
IP routing		Static route management. RIP-1/RIP-2. OSPF. BGP. Routing policy. PBR.
Basic IPv6 protocols.		Protocol processing. Ethernet link layer. ICMPv6. IPv6 address management. PMTU. Socket. TCP6. UDP6. RAWIP6. Ping6. DNS6. Tracert6. Telnet6. FIB6. DHCPv6 client. DHCPv6 relay.
IPv6 routing and multicast		RIPng. OSPFv3. BGP4+. Static routes. PBR. PIM-SM. PIM-DM.
IPv6 security		NAT-PT. Manual tunnel. IPv6 over IPv4 GRE tunnel (RFC 2784). 6to4 tunnel (RFC 3056). ISATAP tunnel. IPv6 packet filtering. RADIUS. DS-Lite.
VRRP		VRRP.
IRF		IRF fabric.
Hot backup		Session hot backup. Configuration synchronization.
CLI		Local configuration through a console port. Local or remote configuration through Telnet or SSH. Control of user access to commands. Debugging. Network diagnostic tools, including tracert and ping. Telnetting from the device to other devices. FTP server/client, and file and application upload and download. TFTP file transmission. Logging. File system management. User line configuration.
Web interface		Automatic logout of timed out administrators. Web user login and authentication. Device management, device monitoring, and firewall policy configuration through the Web interface.
Network management		Support for SNMPv3 and compatibility with SNMPv2C and SNMPv1. NTP time synchronization.

Appendix B Upgrading software

This chapter describes types of software and how to upgrade software for H3C F5000-D from the CLI, Web interface, and BootWare menu.

Software images

Software images types

The following software types are available:

· BootWare image—A .btw file that contains a basic segment and an extended segment. The basic segment is the minimum code that bootstraps the system. The extended segment enables hardware initialization and provides system management menus. You can use these menus to load software and the startup configuration file or manage files when the device cannot start up correctly.

An MPU and a service module have their own BootWare images. You must upgrade them separately.

· System software image—Includes the following image subcategories:

¡ Boot image—A .bin file that contains the Linux operating system kernel. It provides process management, memory management, file system management, and the emergency shell.

¡ System image—A .bin file that contains the Comware kernel and standard features, including device management, interface management, configuration management, and routing.

¡ Feature image—A .bin file that contains advanced software features for users to purchase as needed.

¡ Patch image—A .bin file that is released for fixing bugs without rebooting the device. A patch image does not add or remove features.

An MPU and a service module have their own system software images. You must upgrade them separately.

Software release forms

Software images are released in one of the following forms:

· Separate .bin files. You must verify compatibility between software images.

· As a whole in one .ipe package file. The images in an .ipe package file are compatible. The system decompresses the file automatically, loads the .bin images and sets them as startup software images.

Comware image redundancy

You can specify two sets of startup Comware software images: one main and one backup. The system always attempts to start up with the main images. If any main image does not exist or is invalid, the system tries the backup images.

Upgrade methods

To upgrade system software, use one of the following methods:

· Upgrading system software from the Web interface

· Upgrading system software from the CLI

· Upgrading system software from BootWare menus

To upgrade the BootWare, use either of the following methods:

· Upgrading the BootWare from the CLI

· Upgrading BootWare from BootWare menus

You must reboot the device after a system software or BootWare upgrade. A device reboot interrupts services.

Before a software upgrade, read the release notes to identify the command changes. Some commands in the configuration file might not be supported after a software upgrade.

Upgrade restrictions and guidelines

When you upgrade software, follow these restrictions and guidelines:

· Do not power down or reboot the device during the upgrade.

· You must upgrade service modules separately from MPUs because they use independent BootWare and Comware images. The upgrade procedure is the same except that you must store upgrade images to the root directory of a storage medium on the service module:

· You can use the boot-loader file ipe-filename all main command to upgrade all service modules in normal state and all MPUs. Make sure each MPU and each service module have sufficient storage space for the upgrade files.

· As a best practice, back up the main startup files of the MPU and service module and set them as the backup startup files for them.

· Make sure the upgrade files for the MPU and service module are the same version. Otherwise, the upgrade fails or the device becomes faulty.

NOTE:

This document uses the active MPU on an F5000-D device in standalone mode to describe software upgrade procedures.

Preparing for the upgrade

The device can function as the TFTP client, FTP client, or FTP server. In the following examples that use TFTP or FTP, the device functions as the TFTP or FTP client.

To use a PC as the TFTP or FTP server, prepare the TFTP or FTP server software by yourself. The device is not shipped with the software.

Before you upgrade system software, complete the following tasks:

· Run a TFTP or FTP server on the file server. (Skip this task if you upgrade software from the Web interface.)

· Assign an IP address to the file server. Make sure the management Ethernet port on the device and the file server can reach each other.

By default, the IP address of the management Ethernet port MGE 1/0/0/0 is 192.168.0.1/24 and the management Ethernet port belongs to the Management security zone. The Management security zone and the Local security zone can communicate with each other.

You can also change the IP address of the management Ethernet port from its default and add it to a security zone other than Management. Then, you configure a zone pair to make sure the security zone and the Local security zone can communicate with each other. For more information about security zones and zone pairs, see the security zone configuration in the fundamentals configuration guide.

· Transfer the software upgrade file to the file server and set the working directory on the TFTP or FTP server.

· Log in to the CLI of the device through the console port. (Skip this task if you upgrade software from the Web interface.)

· Make sure the upgrade has minimal impact on the network services. During the upgrade, the device cannot provide any services.

Upgrading system software

Upgrading system software from the Web interface

CAUTION:

· You can use the default account settings or create a new account to log in to the Web interface for the first time. This section uses the default account settings. For security purposes, if you use the default account settings, modify the default password or create a new account and delete the default account after the first login.

· Do not perform any operation on the Web interface while the system is upgrading software.

Table 9 describes the default settings for you to log in to the Web interface.

Table 9 Default login information

Login information	Default setting
Username	admin
Password	admin
IP address of MGE 1/0/0/0	192.168.0.1/24

NOTE:

The default management Ethernet port varies by device model. In this example, the default management Ethernet port is MGE 1/0/0/0.

To upgrade the system software from the Web interface:

1. Use an Ethernet cable to connect the PC to an Ethernet port on the device. As a best practice, connect the PC to the management Ethernet port on the device.

2. Assign an IP address on the same subnet as the management port MGE 1/0/0/0 to the PC.

In this example, assign 192.168.0.2 to the PC.

3. Launch the Web browser, and enter 192.168.0.1 in the address bar.

The Web login page appears.

4. Type the default username and password, and click Login.

5. Select System > Upgrade Center > Software Upgrade from the navigation tree.

6. Click Upgrade immediately on the Software Upgrade page.

7. Select the files f5080_mpu.ipe and f5080_lpu.ipe for the MPU and service card, respectively, and click OK.

Figure 1 Upgrade Immediately page

Upgrading system software from the CLI

Verifying that the free storage space is sufficient for the upgrade file

1. Telnet to the MPU or log in through the console port. (Details not shown.)

2. Display device information.

<Sysname> display device

Chassis Slot Cpu Brd Type Brd Status Subslot Sft Ver Patch Ver

1 0 0 NONE Absent 0 None None

1 1 0 NSQM1MPULA Master 0 F5080D-9609 None

1 2 0 NSQ1MPBHA Normal 0 F5080D-9609 None

The output shows that the device has one MPU in slot 1 and one service module in slot 2. The service module is in normal state.

3. Verify that the MPU has sufficient free storage space for the upgrade images:

If the service module is in normal state, you can use the dir slotx.1#sda0:/ command to verify that the service module has sufficient storage space. The x represents the slot number of the service module.

<Sysname> dir

Directory of sda0: (YAFFS2)

0 -rw- 6129664 Apr 26 2018 14:30:20 F5080LPU-CMW710-BOOT-E9608P06.bin

1 -rw- 133905408 Apr 26 2018 14:31:20 F5080LPU-CMW710-SYSTEM-E9608P06.bin

2 -rw- 3926 Nov 07 2017 19:40:32 NGFirewall2017110719390546864.ak

3 drw- - Nov 15 2017 20:19:54 diagfile

4 drw- - Apr 28 2018 10:40:10 dpi

5 -rw- 567 Nov 09 2017 15:39:59 dsakey

6 -rw- 247 Nov 09 2017 15:40:31 ecdsakey

7 -rw- 6230016 Jan 06 2019 18:00:37 f5080mpu-cmw710-boot-A9615.bin

8 -rw- 6098944 Nov 20 2018 11:17:40 f5080mpu-cmw710-boot-E9608P09.bin

9 -rw- 130451456 Jan 06 2019 18:01:35 f5080mpu-cmw710-system-A9615.bin

10 -rw- 131323904 Nov 20 2018 11:19:09 f5080mpu-cmw710-system-E9608P09.bin

11 -rw- 735 Nov 09 2017 15:39:37 hostkey

12 -rw- 857 Jan 06 2019 18:01:45 ifindex.dat

13 drw- - Nov 07 2017 19:41:26 license

14 drw- - Apr 28 2018 11:41:54 logfile

15 drw- - Sep 09 2017 21:22:19 pki

16 drw- - Sep 09 2017 21:21:52 seclog

17 -rw- 591 Nov 09 2017 15:39:37 serverkey

18 -rw- 7984 Jan 06 2019 18:01:45 startup.cfg

19 -rw- 105150 Jan 06 2019 18:01:45 startup.mdb

20 -rw- 57852 Nov 12 2017 17:02:53 test.tar.gz

21 drw- - Jan 06 2019 18:03:21 versionInfo

1048576 KB total (635688 KB free)

4. If the free storage space is not sufficient, delete unused files:

# Delete unused files from the MPU.

<Sysname> delete /unreserved sda0:/test.cfg

The file cannot be restored. Delete sda0:/test.cfg?[Y/N]:y

Deleting the file permanently will take a long time. Please wait...

Deleting file sda0:/test.cfg... Done.

NOTE:

To delete a file permanently, use the delete /unreserved file-url command. If you use the delete file-url command, the file is moved to the recycle bin and still occupies the storage space. To release the storage space, you must execute the reset recycle-bin command in the file's original directory.

Transferring the upgrade file to the device

IMPORTANT:

You must store the upgrade file to the root directory of the MPU's storage medium.

The device can function as the TFTP client, FTP client, or FTP server. This procedure uses the device as an FTP client to download files from an FTP server.

To download the upgrade software files from the FTP server:

1. Run the FTP server program on the PC. Set the username, password, and working directory, and save the upgrade file to the directory. (Details not shown.)

2. Verify that the device and the FTP server can ping each other. (Details not shown.)

3. Download the MPU’s upgrade file to the MPU:

# Log in to the FTP server.

<Sysname> ftp 192.168.0.2

Press CTRL+C to abort.

Connected to 192.168.0.2 (192.168.0.2).

220 Browser Ftp Server.

User (192.168.0.2:(none)): admin

331 Password required for this user.

Password:******

230 User logged in

Remote system type is UNIX.

Using binary mode to transfer files.

ftp>

# Set the file transfer mode to binary.

ftp> binary

200 Binary transfer mode active.

# Download the upgrade file f5080_mpu.ipe to the root directory of a storage medium on the MPU.

ftp> get f5080_mpu.ipe

227 Entering Passive Mode (192,168,0,2,6,173)

150 Opening data connection.

226 Transfer complete.

94786560 bytes received in 191.335 seconds (491.31 Kbytes/s)

ftp> bye

221 Goodbye.

4. Download the service module’s upgrade file to the MPU:

# Log in to the FTP server.

<Sysname> ftp 192.168.0.2

Press CTRL+C to abort.

Connected to 192.168.0.2 (192.168.0.2).

220 Browser Ftp Server.

User (192.168.0.2:(none)): admin

331 Password required for this user.

Password:******

230 User logged in

Remote system type is UNIX.

Using binary mode to transfer files.

ftp>

# Set the file transfer mode to binary.

ftp> binary

200 Binary transfer mode active.

# Download the upgrade file f5080_lpu.ipe to the root directory of the storage medium on the MPU.

ftp> get f5080_lpu.ipe

227 Entering Passive Mode (192,168,0,2,6,173)

150 Opening data connection.

226 Transfer complete.

112465920 bytes received in 72.395 seconds (880.82 Kbytes/s)

Upgrading the system software

# Specify the f5080_mpu.ipe file as the main startup file for the MPU.

<Sysname> boot-loader file sda0:/f5080_mpu.ipe all main

Verifying the file sda0:/f5080_mpu.ipe on chassis 1 slot 1.......Done.

H3C SecPath F5060-D images in IPE:

f5080mpu-cmw710-boot-A9615.bin

f5080mpu-cmw710-system-A9615.bin

This command will set the main startup software images. Please do not reboot any

MPU during the upgrade. Continue? [Y/N]:y

Add images to chassis 1 slot 1.

Add images to slotFile sda0:/f5080mpu-cmw710-boot-A9615.bin already exists on chassis 1 slot 1.

File sda0:/f5080mpu-cmw710-system-A9615.bin already exists on chassis 1 slot 1.

Overwrite the existing files? [Y/N]:y

Decompressing file f5080mpu-cmw710-boot-A9615.bin to sda0:/f5080mpu-cmw710-boot

-A9615.bin....Done.

Decompressing file f5080mpu-cmw710-system-A9615.bin to sda0:/f5080mpu-cmw710-system-A9615.bin........................................Done.

Verifying the file sda0:/f5080mpu-cmw710-boot-A9615.bin on chassis 1 slot 1...Done.

Verifying the file sda0:/f5080mpu-cmw710-system-A9615.bin on chassis 1 slot 1..

....Done.

The images that have passed all examinations will be used as the main startup software images at the next reboot on chassis 1 slot 1.

Decompression completed.

Do you want to delete sda0:/f5080_mpu.ipe now? [Y/N]:n

# Specify the f5080_lpu.ipe file as the main startup file for the service module.

<Sysname> boot-loader file sda0:/f5080_lpu.ipe all main

Verifying the file sda0:/f5080_lpu.ipe on chassis 1 slot 1........Done.

Blade4fw images in IPE:

F5080LPU-CMW710-BOOT-A9615.bin

F5080LPU-CMW710-SYSTEM-A9615.bin

This command will set the main startup software images. Please do not reboot any

MPU during the upgrade. Continue? [Y/N]:y

Add images to chassis 1 slot 1.

Decompressing file F5080LPU-CMW710-BOOT-A9615.bin to sda0:/F5080LPU-CMW710-BOOT-A9615.bin....Done.

Decompressing file F5080LPU-CMW710-SYSTEM-A9615.bin to sda0:/F5080LPU-CMW710-SYSTEM-A9615.bin................................................Done.

File sda0:/F5080LPU-CMW710-BOOT-A9615.bin already exists on chassis 1 slot 2.

Do you want to overwrite the file?

Y: Overwrite the file.

N: Not overwrite the file.

A: From now on, overwrite or not overwrite without prompt.

Please make a choice. [Y/N/A]:y

Loading.....................%Sep 19 07:02:30:781 2085 H3C DEV/4/BOARD_LOADING: Board in chassis 1 slot 2 is loading software images.

...........%Sep 19 07:02:42:531 2085 H3C DEV/5/LOAD_FINISHED: Board in chassis 1

slot 2 has finished loading software images.

..Done.

File sda0:/F5080LPU-CMW710-SYSTEM-A9615.bin already exists on chassis 1 slot 2.

Do you want to overwrite the file?

Y: Overwrite the file.

N: Not overwrite the file.

A: From now on, overwrite or not overwrite without prompt.

Please make a choice. [Y/N/A]:y

Loading.....................%Sep 19 07:03:06:766 2085 H3C DEV/4/BOARD_LOADING: Board in chassis 1 slot 2 is loading software images.

................................................................................

..........................................................................%Sep 1

9 07:05:41:479 2085 H3C DEV/5/LOAD_FINISHED: Board in chassis 1 slot 2 has finis

hed loading software images.

....................Done.

Verifying the file sda0:/F5080LPU-CMW710-BOOT-A9615.bin on chassis 1 slot 2...Done.

Verifying the file sda0:/F5080LPU-CMW710-SYSTEM-A9615.bin on chassis 1 slot 2...

......Done.

The images that have passed all examinations will be used as the main startup software images at the next reboot on chassis 1 slot 2.

Specify the startup software image files for Blade4fw to load from the parent device? [Y/N]:y

The images that have passed all examinations will be used as the load software image files for Blade4fw.

Decompression completed.

Do you want to delete sda0:/f5080_lpu.ipe now? [Y/N]:n

# To prevent configuration loss at reboot, save the running configuration.

<Sysname> save

# Reboot the device to complete the upgrade.

<Sysname> reboot

Current configuration may be lost after the reboot, save current configuration? [Y/N]:y

Please input the file name(*.cfg)[sda0:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

sda0:/startup.cfg exists, overwrite? [Y/N]:y

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

Upgrading system software from BootWare menus

To upgrade Comware images from BootWare menus, use one of the following methods:

· Using TFTP to upgrade system software through the management Ethernet port

· Using FTP to upgrade system software through the management Ethernet port

Preparing for the upgrade

1. Connect the configuration terminal to the MPU's console port.

2. Connect the MPU's management Ethernet port to the TFTP or FTP file server.

The TFTP or FTP server can be co-located with the configuration terminal (typically, a PC).

3. Prepare the upgrade file:

¡ If you are using TFTP, store the upgrade file on the TFTP server, and specify the directory.

¡ If you are using FTP, store the upgrade file on the FTP server, and specify the directory, FTP username, and password.

4. Run the terminal emulation program on the configuration terminal.

5. Power on the device, and then press Ctrl+B within 5 seconds at prompt to access the EXTEND-BOOTWARE menu (see "Using the EXTENDED-BOOTWARE menu").

Using TFTP to upgrade system software through the management Ethernet port

1. Enter 3 in the EXTEND-BOOTWARE menu to access the Ethernet submenu.

==========================<Enter Ethernet SubMenu>==========================

|Note:the operating device is sda0 |

|<1> Download Image Program To SDRAM And Run |

|<2> Update Main Image File |

|<3> Update Backup Image File |

|<4> Download Files(*.*) |

|<5> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

|<Ensure The Parameter Be Modified Before Downloading!> |

============================================================================

Enter your choice(0-5):

2. Enter 5 in the Ethernet submenu to configure the network settings.

NOTE:

To use the existing setting for a field, press Enter without modifying the setting.

======================<ETHERNET PARAMETER SET>==============================

|Note: '.' = Clear field. |

| '-' = Go to previous field. |

| Ctrl+D = Quit. |

============================================================================

Protocol (FTP or TFTP):tftp

Load File Name :f5080_mpu.ipe

Target File Name :f5080_mpu.ipe

Server IP Address :192.168.0.2

Local IP Address :192.168.0.1

Subnet Mask :255.255.255.0

Gateway IP Address :0.0.0.0

Table 10 Network parameter fields and shortcut keys

Field	Description
'.' = Clear field	Press a dot (.) and then press Enter to clear the setting for a field.
'-' = Go to previous field	Press a hyphen (-) and then press Enter to return to the previous field.
Ctrl+D = Quit	Press Ctrl+D to exit the ETHERNET PARAMETER SET menu.
Protocol (FTP or TFTP)	Set the file transfer protocol to TFTP.
Load File Name	Set the name of the file to be downloaded.
Target File Name	Set a file name for saving the file on the device. The target file name must have the same extension as the source file. By default, the target file name is the same as the source file name.
Server IP Address	Set the IP address of the TFTP server.
Local IP Address	Set the IP address of the Ethernet interface that connects to the TFTP server.
Subnet Mask	Set the IP address mask.
Gateway IP Address	Set a gateway IP address if the device is on a different network than the server.

After you finish setting the TFTP parameters, the system returns to the Ethernet submenu.

==========================<Enter Ethernet SubMenu>==========================

|Note:the operating device is sda0 |

|<1> Download Image Program To SDRAM And Run |

|<2> Update Main Image File |

|<3> Update Backup Image File |

|<4> Download Files(*.*) |

|<5> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

|<Ensure The Parameter Be Modified Before Downloading!> |

============================================================================

Enter your choice(0-5):

3. Enter 2 or 3 in the Ethernet submenu to upgrade the main or backup software images. For example, enter 2 to upgrade the main software images.

Loading.....................................................................

............................................................................

.........................Done!

94786560 bytes downloaded!

Image file f5080mpu-cmw710-boot-A9615.bin is self-decompressing...

Saving file sda0:/f5080mpu-cmw710-boot-A9615.bin ......Done.

Image file f5080mpu-cmw710-system-A9615.bin is self-decompressing...

Saving file sda0:/f5080mpu-cmw710-system-A9615.bin .......................

............................................................................

..................Done. .

==========================<Enter Ethernet SubMenu>==========================

|Note:the operating device is sda0 |

|<1> Download Image Program To SDRAM And Run |

|<2> Update Main Image File |

|<3> Update Backup Image File |

|<4> Download Files(*.*) |

|<5> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

|<Ensure The Parameter Be Modified Before Downloading!> |

============================================================================

Enter your choice(0-5):

4. Enter 0 in the Ethernet submenu to return to the EXTEND-BOOTWARE menu.

5. Enter 1 in the EXTEND-BOOTWARE menu to run the new Comware images.

Using FTP to upgrade system software through the management Ethernet port

1. Enter 3 in the EXTEND-BOOTWARE menu to access the Ethernet submenu.

==========================<Enter Ethernet SubMenu>==========================

|Note:the operating device is sda0 |

|<1> Download Image Program To SDRAM And Run |

|<2> Update Main Image File |

|<3> Update Backup Image File |

|<4> Download Files(*.*) |

|<5> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

|<Ensure The Parameter Be Modified Before Downloading!> |

============================================================================

Enter your choice(0-5):

2. Enter 5 in the Ethernet submenu to configure the network settings.

NOTE:

To use the existing setting for a field, press Enter without modifying the setting.

======================<ETHERNET PARAMETER SET>==============================

|Note: '.' = Clear field. |

| '-' = Go to previous field. |

| Ctrl+D = Quit. |

============================================================================

Protocol (FTP or TFTP):ftp

Load File Name :f5080_mpu.ipe

Target File Name :f5080_mpu.ipe

Server IP Address :192.168.0.2

Local IP Address :192.168.0.1

Subnet Mask :255.255.255.0

Gateway IP Address :0.0.0.0

FTP User Name :admin

FTP User Password :******

Table 11 Network parameter fields and shortcut keys

Field	Description
'.' = Clear field	Press a dot (.) and then press Enter to clear the setting for a field.
'-' = Go to previous field	Press a hyphen (-) and then press Enter to return to the previous field.
Ctrl+D = Quit	Press Ctrl+D to exit the ETHERNET PARAMETER SET menu.
Protocol (FTP or TFTP)	Set the file transfer protocol to FTP.
Load File Name	Set the name of the file to be downloaded.
Target File Name	Set a file name for saving the file on the device. The target file name must have the same extension as the source file. By default, the target file name is the same as the source file name.
Server IP Address	Set the IP address of the FTP or TFTP server.
Local IP Address	Set the IP address of the Ethernet interface that connects to the TFTP or FTP server.
Subnet Mask	Set the IP address mask.
Gateway IP Address	Set a gateway IP address if the device is on a different network than the server.
FTP User Name	Set the username for accessing the FTP server. This username must be the same as the username configured on the FTP server.
FTP User Password	Set the password for accessing the FTP server. This password must be the same as the password configured on the FTP server.

After you finish setting the FTP parameters, the system returns to the Ethernet submenu.

==========================<Enter Ethernet SubMenu>==========================

|Note:the operating device is sda0 |

|<1> Download Image Program To SDRAM And Run |

|<2> Update Main Image File |

|<3> Update Backup Image File |

|<4> Download Files(*.*) |

|<5> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

|<Ensure The Parameter Be Modified Before Downloading!> |

============================================================================

Enter your choice(0-5):

3. Enter 2 or 3 in the Ethernet submenu to upgrade the main or backup software images. For example, enter 2 to upgrade the main software images.

Loading.....................................................................

............................................................................

.........................Done!

94786560 bytes downloaded!

Image file f5080mpu-cmw710-boot-A9615.bin is self-decompressing...

Saving file sda0:/f5080mpu-cmw710-boot-A9615.bin ......Done.

Image file f5080mpu-cmw710-system-A9615.bin is self-decompressing...

Saving file sda0:/f5080mpu-cmw710-system-A9615.bin .......................

............................................................................

..................Done.

==========================<Enter Ethernet SubMenu>==========================

|Note:the operating device is sda0 |

|<1> Download Image Program To SDRAM And Run |

|<2> Update Main Image File |

|<3> Update Backup Image File |

|<4> Download Files(*.*) |

|<5> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

|<Ensure The Parameter Be Modified Before Downloading!> |

============================================================================

Enter your choice(0-5):

4. Enter 0 in the Ethernet submenu to return to the EXTEND-BOOTWARE menu.

5. Enter 1 in the EXTEND-BOOTWARE menu to run the new system software.

Upgrading the BootWare

You can upgrade the BootWare from the CLI or BootWare menus.

Upgrading the BootWare from the CLI

To upgrade the BootWare from the CLI:

1. Use FTP or TFTP to download or upload the new BootWare image file to the root directory of the storage medium on the device.

2. Execute the bootrom update command to upgrade the BootWare.

<Sysname> bootrom update file sda0:/F5080D_v1.04.btw chassis 1 slot 1

This command will update the Boot ROM file on the specified board(s), Continue? [Y/N]:y

Now updating the Boot ROM, please wait........... ...........Done

3. Execute the reboot command to reboot the device.

<Sysname> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

Current configuration may be lost after the reboot, save current configuration? [Y/N]:y

Please input the file name(*.cfg)[sda0:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

sda0:/startup.cfg exists, overwrite? [Y/N]:y

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

Upgrading BootWare from BootWare menus

To upgrade the BootWare image from BootWare menus, use one of the following methods:

· Using TFTP to upgrade BootWare through the management Ethernet port

· Using FTP to upgrade BootWare through the management Ethernet port

For more information about BootWare menus, see "Appendix B Using BootWare menus."

NOTE:

This section uses the MPU as an example to describe how to upgrade BootWare.

Preparing for the upgrade

1. Connect the MPU's console port to the configuration terminal.

2. Connect the MPU's management Ethernet port to the TFTP or FTP file server.

The TFTP or FTP server can be co-located with the configuration terminal (typically, a PC).

3. Prepare the upgrade file:

¡ If you are using TFTP, store the upgrade file on the TFTP server, and specify the file directory.

¡ If you are using FTP, store the upgrade file on the FTP server, and specify the file directory, FTP username, and password.

4. Run the terminal emulation program on the configuration terminal.

5. Power on the device, and then press Ctrl+B within 5 seconds at prompt to access the EXTEND-BOOTWARE menu (see "Using the EXTENDED-BOOTWARE menu").

Using TFTP to upgrade BootWare through the management Ethernet port

1. Enter 7 in the BootWare menu to access the BootWare Operation submenu.

=========================<BootWare Operation Menu>==========================

|Note:the operating device is sda0 |

|<1> Backup Full BootWare |

|<2> Restore Full BootWare |

|<3> Update BootWare By Serial |

|<4> Update BootWare By Ethernet |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-4):

2. Enter 4 in the BootWare Operation submenu to enter the Ethernet submenu.

===================<BOOTWARE OPERATION ETHERNET SUB-MENU>===================

|<1> Update Full BootWare |

|<2> Update Extended BootWare |

|<3> Update Basic BootWare |

|<4> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-4):

3. Enter 4 in the Ethernet submenu to configure the network settings.

NOTE:

To use the existing setting for a field, press Enter without modifying the setting.

==========================<ETHERNET PARAMETER SET>==========================

|Note: '.' = Clear field. |

| '-' = Go to previous field. |

| Ctrl+D = Quit. |

============================================================================

Protocol (FTP or TFTP):tftp

Load File Name :F5080D_v1.04.btw

Target File Name :F5080D_v1.04.btw

Server IP Address :192.168.0.2

Local IP Address :192.168.0.1

Subnet Mask :255.255.255.0

Gateway IP Address :0.0.0.0

For more information about the fields, see Table 10.

After you finish setting the TFTP parameters, the system returns to the BOOTWARE OPERATION ETHERNET submenu.

===================<BOOTWARE OPERATION ETHERNET SUB-MENU>===================

|<1> Update Full BootWare |

|<2> Update Extended BootWare |

|<3> Update Basic BootWare |

|<4> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-4):

4. Choose an option from options 1 to 3. For example, enter 1 to upgrade the entire BootWare image.

Loading..............Done.

64245 bytes downloaded!

Updating Basic BootWare? [Y/N]

5. Enter Y to upgrade the basic BootWare segment.

Updating Basic BootWare........Done.

Updating Extended BootWare? [Y/N]

6. Enter Y to upgrade the extended BootWare segment.

Updating Extended BootWare.........Done!

===================<BOOTWARE OPERATION ETHERNET SUB-MENU>===================

|<1> Update Full BootWare |

|<2> Update Extended BootWare |

|<3> Update Basic BootWare |

|<4> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-4):

7. Enter 0 to return to the BootWare Operation menu.

8. Enter 0 in the BootWare Operation menu to return to the EXTEND-BOOTWARE menu.

9. Enter 0 in the EXTEND-BOOTWARE menu to reboot the system.

Using FTP to upgrade BootWare through the management Ethernet port

1. Enter 7 in the BootWare menu to access the BootWare Operation submenu.

=========================<BootWare Operation Menu>==========================

|Note:the operating device is sda0 |

|<1> Backup Full BootWare |

|<2> Restore Full BootWare |

|<3> Update BootWare By Serial |

|<4> Update BootWare By Ethernet |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-4):

2. Enter 4 in the BootWare Operation submenu to enter the Ethernet submenu.

===================<BOOTWARE OPERATION ETHERNET SUB-MENU>===================

|<1> Update Full BootWare |

|<2> Update Extended BootWare |

|<3> Update Basic BootWare |

|<4> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-4):

3. Enter 4 in the Ethernet submenu to configure the network settings.

NOTE:

To use the existing setting for a field, press Enter without modifying the setting.

==========================<ETHERNET PARAMETER SET>==========================

|Note: '.' = Clear field. |

| '-' = Go to previous field. |

| Ctrl+D = Quit. |

============================================================================

Protocol (FTP or TFTP) :ftp

Load File Name :F5080D_v1.04.btw

Target File Name :F5080D_v1.04.btw

Server IP Address :192.168.0.2

Local IP Address :192.168.0.1

Subnet Mask :255.255.255.0

Gateway IP Address :0.0.0.0

FTP User Name :admin

FTP User Password :******

For more information about the fields, see Table 11.

After you finish setting the FTP parameters, the system returns to the BOOTWARE OPERATION ETHERNET submenu.

===================<BOOTWARE OPERATION ETHERNET SUB-MENU>===================

|<1> Update Full BootWare |

|<2> Update Extended BootWare |

|<3> Update Basic BootWare |

|<4> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-4):

4. Choose an option from options 1 to 3. For example, enter 1 to upgrade the entire BootWare image.

Loading.......Done.

64245 bytes downloaded!

Updating Basic BootWare? [Y/N]

5. Enter Y to upgrade the basic BootWare segment.

Updating Basic BootWare........Done.

Updating Extended BootWare? [Y/N]

6. Enter Y to upgrade the extended BootWare segment.

Updating Extended BootWare.........Done.

===================<BOOTWARE OPERATION ETHERNET SUB-MENU>===================

|<1> Update Full BootWare |

|<2> Update Extended BootWare |

|<3> Update Basic BootWare |

|<4> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-4):

7. Enter 0 to return to the BootWare Operation menu.

8. Enter 0 in the BootWare Operation menu to return to the EXTEND-BOOTWARE menu.

9. Enter 0 in the EXTEND-BOOTWARE menu to reboot the system.

Handling software upgrade failures

If a software upgrade fails, the system runs the old software version. To handle a software failure:

1. Check the physical ports for a loose or incorrect connection, and verify that the LEDs are reflecting the correct port status.

2. If you are using the console port for file transfer, check the HyperTerminal settings (including the baud rate and data bits) for any wrong setting.

3. Check the file transfer settings:

¡ If TFTP is used, you must enter the same server IP addresses, file name, and working directory as set on the TFTP server.

¡ If FTP is used, you must enter the same FTP server IP address, source file name, working directory, and FTP username and password as set on the FTP server.

4. Check the FTP or TFTP server for incorrect settings.

5. Check that the CF card has sufficient space for the upgrade file.

6. If the message "Something is wrong with the file" appears, check the file for file corruption.

Appendix C Appendix B Using BootWare menus

Overview

BootWare provides a menu method to perform basic file operations, software upgrade, and system management when the Comware CLI is inaccessible because of image corruption.

BootWare is stored in each MPU's built-in the SD card. It has one basic segment and one extended segment. The basic segment enables the system to complete basic initialization, and the extended segment bootstraps the Comware images.

BootWare menus

Table 12 lists the menus that each segment provides and the major tasks you can perform using these menus. You can access these menus only during system startup.

Table 12 BootWare menus

BootWare segment	Menu	Tasks	Reference
Basic	BASIC-BOOTWARE	· Modify serial port parameters. · Upgrade BootWare. · Start the primary or backup BootWare extended segment.	Using the BASIC-BOOTWARE menu
Basic	BASIC ASSISTANT	Perform RAM test.	Accessing the BASIC-BOOTWARE menu
Extended	EXTEND-BOOTWARE	· Upgrade Comware software. · Manage files. · Access the system when the console login password is lost. · Clear user privilege passwords.	Using the EXTENDED-BOOTWARE menu
Extended	EXTEND-ASSISTANT	· Examine system memory. · Search system memory.	Accessing the EXTEND ASSISTANT submenu

BootWare shortcut keys

BootWare provides the shortcut keys listed in Table 13.

Table 13 BootWare shortcut keys

Shortcut keys	Prompt message	Function
Ctrl+B	access EXTENDED-BOOTWARE MENU	Accesses the EXTENDED-BOOTWARE menu while the device is starting up.
Ctrl+C	Please Start To Transfer File, Press <Ctrl+C> To Exit.	Stops the ongoing file transfer and exits the current operation interface.
Ctrl+C	Info: Press Ctrl+C to abort or return to EXTENDED ASSISTANT MENU.	Returns to the EXTENDED ASSISTANT menu. If the system is outputting the result of an operation, this shortcut key combination aborts the display first.
Ctrl+D	Press Ctrl+D to access BASIC-BOOTWARE MENU	Accesses the BASIC-BOOTWARE menu while the device is starting up.
Ctrl+D	Ctrl+D = Quit	Exits the parameter settings menu.
Ctrl+E	Memory Test(press Ctrl+C to skip it,press Ctrl+E to ECHO INFO)	Prints information during the memory test.
Ctrl+F	Ctrl+F: Format File System	Formats the current storage medium.
Ctrl+T	Press Ctrl+T to start memory test	Performs a memory test.
Ctrl+U	Access BASIC ASSISTANT MENU	Accesses the BASIC ASSISTANT menu from the BASIC-BOOTWARE menu.
Ctrl+Z	Ctrl+Z: Access EXTENDED ASSISTANT MENU	Accesses the EXTENDED ASSISTANT menu from the EXTENDED-BOOTWARE menu.

Using the BASIC-BOOTWARE menu

Accessing the BASIC-BOOTWARE menu

1. Power on the device.

2. Press Ctrl+D within 4 seconds after the "Press Ctrl+D to access BASIC-BOOTWARE MENU" prompt message appears. If you fail to do this within the time limit, the system starts to run the extended BootWare segment.

======================<BASIC-BOOTWARE MENU(Ver 1.19)>=======================

|<1> Modify Serial Interface Parameter |

|<2> Update Extended BootWare |

|<3> Update Full BootWare |

|<4> Boot Extended BootWare |

|<5> Boot Backup Extended BootWare |

|<0> Reboot |

============================================================================

Ctrl+U: Access BASIC ASSISTANT MENU

Enter your choice(0-5):

Table 14 BASIC-BOOTWARE menu options

Option	Task	Reference
<1> Modify Serial Interface Parameter	Change the baud rate of the console port. Perform this task before downloading an image through the console port for software upgrade.	Modifying serial port parameters
<2> Update Extended BootWare	Upgrade the extended BootWare segment. If the extended segment is corrupt, choose this option to repair it.	Upgrading the extended BootWare segment
<3> Update Full BootWare	Upgrade the entire BootWare, including the basic segment and the extended segment.	Upgrading the entire BootWare
<4> Boot Extended BootWare	Run the primary extended BootWare segment.	Running the primary extended BootWare segment
<5> Boot Backup Extend BootWare	Run the backup extended BootWare segment.	Running the backup extended BootWare segment
<0> Reboot	Reboot the device.	N/A
Ctrl+U: Access BASIC ASSISTANT MENU	Press Ctrl+U to access the BASIC ASSISTANT menu.	Accessing the BASIC ASSISTANT menu

Modifying serial port parameters

To change the baud rate of the console port:

1. Enter 1 in the BASIC-BOOTWARE menu.

Enter your choice(0-5): 1

===============================<BAUDRATE SET>===============================

|Note:'*'indicates the current baudrate |

| Change The HyperTerminal's Baudrate Accordingly |

|---------------------------<Baudrate Available>---------------- ----------|

|<1> 9600(Default)* |

|<2> 19200 |

|<3> 38400 |

|<4> 57600 |

|<5> 115200 |

|<0> Exit |

============================================================================

Enter your choice(0-5):

2. Enter the number that represents the baud rate you want to choose. For example, enter 5 to set the baud rate to 115200 bps.

NOTE:

Baud rate change is a one-time operation. The baud rate will restore to the default (9600 bps) at reboot. To set up a console session with the device after a reboot, you must change the baud rate of the configuration terminal back to 9600 bps.

Upgrading the extended BootWare segment

Enter 2 in the BASIC-BOOTWARE menu.

Enter your choice(0-5): 2

Please Start To Transfer File, Press <Ctrl+C> To Exit.

Waiting ...CCC

Upgrading the entire BootWare

Enter 3 in the BASIC-BOOTWARE menu.

Enter your choice(0-5): 3

Please Start To Transfer File, Press <Ctrl+C> To Exit.

Waiting ...CCC

Running the primary extended BootWare segment

Enter 4 in the BASIC-BOOTWARE menu.

Enter your choice(0-5): 4

Booting Normal Extended BootWare.

The Extended BootWare is self-decompressing....Done.

****************************************************************************

* *

* H3C SecPath BootWare, Version 1.05 *

* *

****************************************************************************

Compiled Date : Aug 31 2017

Memory Type : DDR3 SDRAM

Memory Size : 16384MB

Sda0 Size : 8MB

sda0 Size : 3728MB

CPLD Version : 1.0

PCB Version : Ver.B

BootWare Validating...

Press Ctrl+B to access EXTENDED-BOOTWARE MENU...

Loading the main image files...

Loading file sda0:/F5080MPU-CMW710-SYSTEM-A9615.bin. ......................

............................................................................

...........................Done.

Image file sda0:/F5080MPU-CMW710-BOOT-A9615.bin is self-decompressing......

.................................................Done.

System image is starting...

Running the backup extended BootWare segment

Enter 5 in the BASIC-BOOTWARE menu.

For information about backing up the extended BootWare segment, see "Accessing the BootWare Operation submenu."

Enter your choice(0-5): 5

Booting Backup Extended BootWare.

The Extended BootWare is self-decompressing............................Done!

NOTE:

This option is not supported if the password recovery capability is enabled. For more information about configuring the password recovery capability at the CLI, see "Controlling the password recovery capability."

Accessing the BASIC ASSISTANT menu

Press Ctrl+U in the BASIC-BOOTWARE menu.

===========================<BASIC-ASSISTANT MENU>===========================

|<1> RAM Test |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-1):

Table 15 BASIC ASSISTANT menu options

Option	Description
<1> RAM Test	Test the memory.
<2> Exit To Main Menu	Return to the BASIC-BOOTWARE menu.

Testing the memory

IMPORTANT:

To avoid unexpected exceptions, perform this task under the guidance of H3C Support.

To test the memory, use one of the following methods:

· In the BASIC-BOOTWARE menu, press Ctrl+T within 4 seconds after the "Press Ctrl+T to start memory test" prompt message appears.

· In the BASIC-BOOTWARE menu, press Ctrl+U to access the BASIC ASSISTANT menu.

Using the EXTENDED-BOOTWARE menu

Accessing the EXTENDED-BOOTWARE menu

1. Power on the device.

2. Press Ctrl+B within 5 seconds after the "Press Ctrl+B to access EXTENDED-BOOTWARE MENU..." prompt message appears. If you fail to do this within the time limit, the system starts up.

System is starting...

Press Ctrl+D to access BASIC-BOOTWARE MENU...

Press Ctrl+T to start heavy memory test..

Booting Normal Extended BootWare

The Extended BootWare is self-decompressing....Done.

****************************************************************************

* *

* H3C SecPath BootWare, Version 1.05 *

* *

****************************************************************************

Compiled Date : Aug 31 2017

Memory Type : DDR3 SDRAM

Memory Size : 16384MB

Sda0 Size : 8MB

sda0 Size : 3728MB

CPLD Version : 1.0

PCB Version : Ver.B

BootWare Validating...

Press Ctrl+B to access EXTENDED-BOOTWARE MENU...

Password recovery capability is enabled.

Note: The current operating device is sda0

Enter < Storage Device Operation > to select device.

3. Press Enter to access the EXTENDED-BOOTWARE menu.

===========================<EXTENDED-BOOTWARE MENU>=========================

|<1> Boot System |

|<2> Enter Serial SubMenu |

|<3> Enter Ethernet SubMenu |

|<4> File Control |

|<5> Restore to Factory Default Configuration |

|<6> Skip Current System Configuration |

|<7> BootWare Operation Menu |

|<8> Skip Authentication for Console Login |

|<9> Storage Device Operation |

|<0> Reboot |

============================================================================

Ctrl+Z: Access EXTENDED ASSISTANT MENU

Ctrl+C: Display Copyright

Ctrl+F: Format File System

Enter your choice(0-9):

Availability of some options in this menu depends on the password recovery capability state (displayed on top of the EXTEND-BOOTWARE menu). For more information about the feature, see "Controlling the password recovery capability."

Table 16 EXTENDED-BOOTWARE menu options

Option	Tasks	Reference
<1> Boot System	Run the Comware software without rebooting the device. Choose this option after completing operations in the EXTENDED-BOOTWARE menu.	N/A
<2> Enter Serial SubMenu	Accessing the Serial submenu.	Accessing the Serial submenu
<3> Enter Ethernet SubMenu	Use FTP or TFTP to upgrade Comware images through the management Ethernet port.	Accessing the Ethernet submenu
<4> File Control	· Display files on the current storage medium. · Set a Comware image file as the main or backup startup software image file. · Delete files to release storage space.	Managing files
<5> Restore to Factory Default Configuration	Restore the factory-default configuration. This option is available only if password recovery capability is disabled.	Restoring the factory-default configuration
<6> Skip Current System Configuration	Start the device with the factory-default configuration without loading any configuration file. This option is available only if password recovery capability is enabled.	Skipping the configuration file
<7> BootWare Operation Menu	Back up, recover, and upgrade the BootWare image.	Accessing the BootWare Operation submenu
<8> Skip Authentication for Console Login	Skip console login authentication. This option is available only if password recovery capability is enabled. This is a one-time operation and takes effect only for the first system boot or reboot after you choose this option.	Skipping console login authentication
<9> Storage Device Operation	Set the storage medium from which the device will start up. Set the storage medium where file operations are performed. This storage medium is referred to as the "current storage medium."	Managing storage media
Ctrl+F: Format File System	Format the file system.	Formatting the file system
Ctrl+Z: Access EXTENDED ASSISTANT MENU	Access the EXTENDED ASSISTANT menu.	Accessing the EXTEND ASSISTANT submenu
Ctrl+C: Display Copyright	Display copyright information.	N/A
<0> Reboot	Reboot the device.	N/A

Controlling the password recovery capability

Password recovery capability controls console user access to the device configuration from BootWare menus. This feature decides the method to handle a password loss situation.

· If password recovery capability is enabled, a console user can handle a password loss situation as follows:

¡ If the console login password is lost, the user can skip console login authentication, and then access the CLI to configure a new password.

¡ If a user role password is lost, the user can skip the configuration file, and then access the CLI to configure a new password.

· If password recovery capability is disabled, console users must restore the factory-default configuration before they can configure new passwords.

To enhance system security, disable password recovery capability.

To enable or disable password recovery capability:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enable or disabled password recovery capability.	· Enable the feature: password-recovery enable · Disable the feature: undo password-recovery enable	By default, password recovery capability is enabled.

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enable or disabled password recovery capability.

· Enable the feature:
password-recovery enable

· Disable the feature:
undo password-recovery enable

By default, password recovery capability is enabled.

Running Comware images

Enter 1 in the EXTEND-BOOTWARE menu.

Enter your choice(0-9): 1

Loading the main image files...

Loading file sda0:/F5080MPU-CMW710-SYSTEM-A9615.bin...........................

............................................................................

............Done.

Loading file sda0:/F5080MPU-CMW710-BOOT-A9615.bin.............................

.......................................................................Done.

Image file sda0:/F5080MPU-CMW710-BOOT-A9615.bin is self-decompressing

....................................................................Done.

System image is starting...

Line con0 is available.

Press ENTER to get started.

Accessing the Serial submenu

Enter 2 in the EXTEND-BOOTWARE menu.

Enter your choice(0-9): 2

===========================<Enter Serial SubMenu>===========================

|Note:the operating device is sda0 |

|<1> Download Image Program To SDRAM And Run |

|<2> Update Main Image File |

|<3> Update Backup Image File |

|<4> Download Files(*.*) |

|<5> Modify Serial Interface Parameter |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-5):

Table 17 Serial submenu options

Option	Tasks
<1> Download Image Program To SDRAM And Run	Load and run Comware images in SDRAM. This option is available only if password recovery capability is enabled.
<2> Update Main Image File	Download Comware images to the current storage medium as the main images (the file attribute is set to M). As a result, the M file attribute of the original main images is removed.
<3> Update Backup Image File	Download Comware images to the current storage medium as backup images (the file attribute is set to B). As a result, the B file attribute of the original backup images is removed.
<4> Download Files(.)	Download files from the server to the device.
<5> Modify Serial Interface Parameter	Change the baud rate of the console port. The baud rate change is a one-time operation. The baud rate will restore to the default (9600 bps) at reboot. To set up a console session with the device after a reboot, you must change the baud rate setting on the configuration terminal to 9600 bps.
<0> Exit To Main Menu	Return to the EXTENDED-BOOTWARE menu.

NOTE:

To set the current storage medium, see "Managing storage media."

Accessing the Ethernet submenu

You can upgrade the Comware software through the management Ethernet port from the Ethernet submenu and configure file transfer settings.

1. Enter 3 in the EXTENDED-BOOTWARE menu and press Enter to access the Ethernet submenu.

Enter your choice(0-9):3

==========================<Enter Ethernet SubMenu>==========================

|Note:the operating device is sda0 |

|<1> Download Image Program To SDRAM And Run |

|<2> Update Main Image File |

|<3> Update Backup Image File |

|<4> Download Files(*.*) |

|<5> Modify Ethernet Parameter |

|<0> Exit To Main Menu |

|<Ensure The Parameter Be Modified Before Downloading!> |

============================================================================

Enter your choice(0-4):

Table 18 Ethernet submenu options

Option	Description
<1> Download Image Program To SDRAM And Run	Load and run software images in SDRAM. If password recovery capability is enabled, this option is not available.
<2> Update Main Image File	Download software images to the current storage medium as main images (the file attribute is set to M). As a result, the M file attribute of the original main images is removed.
<3> Update Backup Image File	Download software images to the current storage medium as backup images (the file attribute is set to B). As a result, the B file attribute of the original backup images is removed.
<4> Download Files(.)	Download files from the server to the device.
<5> Modify Ethernet Parameter	Configure FTP or TFTP file transfer settings.
<0> Exit To Main Menu	Return to the EXTENDED-BOOTWARE menu.

2. Enter 4 in the Ethernet submenu to configure file transfer settings on the MPU.

Enter your choice(0-4):4

======================<ETHERNET PARAMETER SET>=============================

|Note: '.' = Clear field. |

| '-' = Go to previous field. |

| Ctrl+D = Quit. |

===========================================================================

Protocol (FTP or TFTP) :ftp

Load File Name :f5080_mpu.ipe

Target File Name :f5080_mpu.ipe

Server IP Address :192.168.0.2

Local IP Address :192.168.0.1

Subnet Mask :255.255.255.0

Gateway IP Address :0.0.0.0

FTP User Name :admin

FTP User Password :******

Table 19 Setting Ethernet parameters for file transfer

Field	Description
'.' = Clear field	Press the dot (.), and then press Enter to clear the setting for a field.
'-' = Go to previous field	Press the hyphen (-), and then press Enter to return to the previous field.
Ctrl+D = Quit	Press Ctrl + D to exit the Ethernet parameter settings menu.
Protocol (FTP or TFTP)	Set the file transfer protocol to FTP or TFTP.
Load File Name	Set the name of the file to be downloaded.
Target File Name	Set a file name for saving the file in the current storage medium on the device. By default, the target file name is the same as the source file name.
Server IP Address	Set the IP address of the FTP or TFTP server.
Local IP Address	Set the IP address of the device.
Subnet Mask	Set the IP address mask.
Gateway IP Address	Set a gateway IP address if the device is on a different network than the server.
FTP User Name	Set the username for accessing the FTP server. This username must be the same as configured on the FTP server. This field is not available for TFTP.
FTP User Password	Set the password for accessing the FTP server. This password must be the same as configured on the FTP server. This field is not available for TFTP.

Managing files

You can display all files, set the attribute for a file, and delete a file from the File Control submenu.

Enter 4 in the EXTEND-BOOTWARE menu and then press Enter to access the File Control submenu.

Enter your choice(0-9):4

===============================<File CONTROL>===============================

|Note:the operating device is sda0 |

|<1> Display All File(s) |

|<2> Set Image File type |

|<3> Set Bin File type |

|<4> Set Configuration File type |

|<5> Delete File |

|<6> Copy File |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-6):

Table 20 File Control submenu options

Option	Description
<1> Display All File(s)	Display all files.
<2> Set Image File type	Set the attribute for a software image file.
<3> Set Bin File type	Set the attribute for a .bin file.
<4> Set Configuration File type	Set the type for a configuration file.
<5> Delete File	Delete a file.
<6> Copy File	Copy a file.
<0> Exit To Main Menu	Return to the EXTEND-BOOTWARE menu.

Displaying all files

Enter 1 in the File Control submenu.

Enter your choice(0-6): 1

Display all file(s) in sda0:

'M' = MAIN 'B' = BACKUP 'N/A' = NOT ASSIGNED

============================================================================

|NO. Size(B) Time Type Name |

|1 6134784 Oct/10/2017 21:29:58 N/A sda0:/f5080lpu-cmw710-boot-a9604|

|.bin|

|2 106324992 Oct/10/2017 21:29:58 N/A sda0:/f5080lpu-cmw710-system-a96|

|04.bin |

|3 240398 Feb/12/2018 10:01:46 N/A sda0:/logfile/logfile.log |

|4 549 Feb/12/2018 10:01:46 N/A sda0:/logfile/ips.log |

|5 452 Feb/12/2018 10:01:46 N/A sda0:/logfile/uflt.log |

|6 604 Feb/12/2018 10:01:46 N/A sda0:/logfile/anti-vir.log |

|7 1690 Feb/12/2018 10:01:46 N/A sda0:/logfile/sslvpn.log |

|8 16 Jan/06/2019 18:03:50 N/A sda0:/versioninfo/versionctl.dat|

|9 536 Feb/11/2018 16:33:46 N/A sda0:/versioninfo/version0.dat |

|10 536 Apr/10/2018 20:11:46 N/A sda0:/versioninfo/version1.dat |

|11 536 Apr/27/2018 09:09:06 N/A sda0:/versioninfo/version2.dat |

|12 536 Nov/20/2018 11:21:32 N/A sda0:/versioninfo/version3.dat |

|13 536 Jan/06/2019 18:03:50 N/A sda0:/versioninfo/version4.dat |

|14 536 Feb/10/2018 19:17:22 N/A sda0:/versioninfo/version5.dat |

|15 536 Feb/10/2018 19:21:44 N/A sda0:/versioninfo/version6.dat |

|16 536 Feb/11/2018 10:52:16 N/A sda0:/versioninfo/version7.dat |

|17 536 Feb/11/2018 11:15:28 N/A sda0:/versioninfo/version8.dat |

|18 536 Feb/11/2018 11:19:54 N/A sda0:/versioninfo/version9.dat |

|19 0 Feb/10/2018 16:38:08 N/A sda0:/lauth.dat |

|20 591 Jan/06/2019 18:03:56 N/A sda0:/serverkey |

|21 1566 Jan/06/2019 18:03:56 N/A sda0:/pki/https-server.p12 |

|22 1434 Feb/11/2018 16:09:54 N/A sda0:/ifindex.dat |

|23 6141952 Nov/07/2017 10:27:56 N/A sda0:/f5080lpu-cmw710-boot-a9606|

|.bin|

|24 106172416 Nov/07/2017 10:27:56 N/A sda0:/f5080lpu-cmw710-system-a96|

|06.bin |

|25 735 Jan/06/2019 18:03:56 N/A sda0:/hostkey |

|26 69784 Feb/12/2018 10:53:52 N/A sda0:/dpi/ips/predefined/ips_sig|

|pack_curr.dat |

|27 20072 Feb/12/2018 10:53:52 N/A sda0:/dpi/av/predefined/av_sigpa|

|ck_curr.dat |

|28 68040 Jan/06/2019 17:36:46 N/A sda0:/dpi/uflt/predefined/uflt_s|

|igpack_curr.dat |

|29 342232 Jan/06/2019 18:03:50 N/A sda0:/dpi/apr/predefined/apr_sig|

|pack_curr.dat |

|30 2840 Jan/06/2019 17:36:46 N/A sda0:/dpi/filereg/predefined/fil|

|ereg_sigpack_curr.dat |

|31 1240 Jan/06/2019 17:36:46 N/A sda0:/dpi/netshare/predefined/ne|

|tshare_sigpack_curr.dat |

|32 20 Apr/24/2018 15:26:44 N/A sda0:/.snmpboots |

|33 337 Feb/10/2018 17:30:20 N/A sda0:/context/context3/logfile/l|

|ogfile.log |

|34 1453 Nov/14/2017 20:18:20 N/A sda0:/context/context5/logfile/l|

|ogfile.log |

|35 337 Feb/10/2018 17:30:20 N/A sda0:/context/context32/logfile/|

|logfile.log |

|36 1566 Feb/10/2018 16:38:20 N/A sda0:/context/context32/pki/http|

|s-server.p12 |

|37 6123520 Apr/26/2018 11:27:40 B sda0:/f5080lpu-cmw710-boot-e9608|

|p03.bin |

|38 139161600 Apr/26/2018 11:32:40 B sda0:/f5080lpu-cmw710-system-e96|

|08p03.bin |

|39 8592384 Feb/10/2018 14:46:30 N/A sda0:/f5080fw-cmw710-boot-t9601.|

|bin |

|40 199413760 Feb/10/2018 14:46:32 N/A sda0:/f5080fw-cmw710-system-t960|

|1.bin |

|41 94208 Feb/10/2018 14:46:52 N/A sda0:/f5080fw-cmw710-manufacture|

|-t9601.bin |

|42 159744 Feb/10/2018 14:46:54 N/A sda0:/f5080fw-cmw710-devkit-t960|

|1.bin |

|43 5504000 Feb/11/2018 11:14:00 N/A sda0:/f5080fw-cmw710-boot-r9606p|

|1301.bin |

|44 129077248 Feb/11/2018 11:14:30 N/A sda0:/f5080fw-cmw710-system-r960|

|6p1301.bin |

|45 965 Feb/10/2018 15:15:30 N/A sda0:/license/210235a1xyh1790000|

|29.did |

|46 7788 Feb/11/2018 16:09:54 M sda0:/startup.cfg |

|47 124937 Feb/11/2018 16:09:54 N/A sda0:/startup.mdb |

|48 5502976 Feb/10/2018 17:33:46 N/A sda0:/f5080fw-cmw710-boot-e9606p|

|12.bin |

|49 129036288 Feb/10/2018 17:33:48 N/A sda0:/f5080fw-cmw710-system-e960|

|6p12.bin |

|50 140118016 Apr/10/2018 19:56:06 N/A sda0:/f5080_lpu.ipe |

|51 5504000 Feb/11/2018 16:14:00 N/A sda0:/f5080fw-cmw710-boot-r9606p|

|1302.bin |

|52 129080320 Feb/11/2018 16:14:02 N/A sda0:/f5080fw-cmw710-system-r960|

|6p1302.bin |

|53 668672 Feb/11/2018 16:41:36 N/A sda0:/8042f508031069_v1.05.btw |

|54 6128640 Apr/10/2018 20:00:22 N/A sda0:/f5080lpu-cmw710-boot-e9608|

|p05.bin |

|55 133982208 Apr/10/2018 20:00:26 N/A sda0:/f5080lpu-cmw710-system-e96|

|08p05.bin |

|56 567 Jan/06/2019 18:03:56 N/A sda0:/dsakey |

|57 247 Jan/06/2019 18:03:56 N/A sda0:/ecdsakey |

|58 6129664 Apr/26/2018 14:31:54 N/A sda0:/f5080lpu-cmw710-boot-e9608|

|p06.bin |

|59 133905408 Apr/26/2018 14:35:50 N/A sda0:/f5080lpu-cmw710-system-e96|

|08p06.bin |

|60 6129664 Nov/20/2018 11:13:12 N/A sda0:/f5080lpu-cmw710-boot-e9608|

|p09.bin |

|61 141582336 Nov/20/2018 11:17:22 N/A sda0:/f5080lpu-cmw710-system-e96|

|08p09.bin |

|62 6134784 Jan/06/2019 17:58:26 M sda0:/f5080lpu-cmw710-boot-a9615|

|.bin|

|63 140845056 Jan/06/2019 17:58:44 M sda0:/f5080lpu-cmw710-system-a96|

|15.bin |

============================================================================

Setting the attribute for software images

1. Enter 2 in the File Control submenu.

===============================<File CONTROL>===============================

|Note:the operating device is sda0 |

|<1> Display All File(s) |

|<2> Set Image File type |

|<3> Set Bin File type |

|<4> Set Configuration File type |

|<5> Delete File |

|<6> Copy File |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-6): 2

'M' = MAIN 'B' = BACKUP 'N/A' = NOT ASSIGNED

============================================================================

|NO. Size(B) Time Type Name |

|1 140118016 Apr/10/2018 19:56:06 N/A sda0:/f5080_mpu.ipe |

|0 Exit |

============================================================================

2. Enter the numbers of the files you are working with. For example, enter 1.

Enter file No.:1

Modify the file attribute:

============================================================================

|<1>+Main |

|<2>+Backup |

|<0> Exit |

============================================================================

Enter your choice(0-2):

3. Enter a number in the range of 0 to 2 to add or delete a file attribute for the files. For example, enter 1 to assign the M attribute to the files.

Enter your choice(0-2):1

This operation may take several minutes. Please wait....

Image file F5080MPU-CMW710-BOOT-A9615.bin is self-decompressing...

Saving file sda0:/F5080MPU-CMW710-BOOT-A9615.bin .............................

......................Done.

Image file F5080MPU-CMW710-SYSTEM-A9615.bin is self-decompressing...

Saving file sda0:/F5080MPU-CMW710-SYSTEM-A9615.bin ...........................

............................................................................

.....................................................................Done.

Set the file attribute success!

Setting the attribute for .bin files

Enter 3 in the File Control submenu.

Enter your choice(0-6): 3

'M' = MAIN 'B' = BACKUP 'N/A' = NOT ASSIGNED

============================================================================

|NO. Size(B) Time Type Name |

|1 88688640 Jan/237/1970 65513:2 M sda0:/f5080mpu-cmw710-system-A9|

|615.bin |

|2 6090752 Jan/237/1970 65513:2 M sda0:/f5080mpu-cmw710-boot-A962|

|5.bin |

|3 162816 Dec/15/2011 09:00:00 N/A sda0:/f5080mpu-cmw710-devkit-e9|

|507.bin |

|4 95232 Dec/15/2011 09:00:00 N/A sda0:/f5080mpu-cmw710-manufactu|

|re-e9507.bin |

|5 170179584 Dec/15/2011 09:00:00 N/A sda0:/f5080mpu-cmw710-system-e9|

|507.bin |

|6 8558592 Dec/15/2011 09:00:00 N/A sda0:/f5080mpu-cmw710-boot-e950|

|7.bin |

|7 163840 Dec/15/2011 09:00:00 N/A sda0:/f5080mpu-cmw710-devkit-a9|

|603.bin |

|8 96256 Dec/15/2011 09:00:00 N/A sda0:/f5080mpu-cmw710-manufactu|

|re-a9603.bin |

|9 86753280 Dec/15/2011 09:00:00 N/A sda0:/f5080mpu-cmw710-system-a9|

|603.bin |

|10 5723136 Dec/15/2011 09:00:00 N/A sda0:/f5080mpu-cmw710-boot-a960|

|3.bin |

|0 Exit |

============================================================================

Note:Select .bin files. One but only one boot image and system image must be included.

Enter file No.(Allows multiple selection):1

Enter another file No.(0-Finish choice):2

Enter another file No.(0-Finish choice):0 //Enter 0 to end the selection.

You have selected:

sda0:/f5080mpu-cmw710-boot-A9615.bin

sda0:/f5080mpu-cmw710-system-A9615.bin

Modify the file attribute:

============================================================================

|<1>+Main |

|<2>+Backup |

|<0> Exit |

============================================================================

Enter your choice(0-2):1

This operation may take several minutes. Please wait....

Set the file attribute success!

Deleting a file

1. Enter 5 in the File Control submenu.

Enter your choice(0-6):5

Deleting the file in sda0: