Login
- Table of Contents
-
- 03-System Management Configuration Guide
- 00-Preface
- 01-Basic device management configuration
- 02-Device hardening configuration
- 03-Hardware resource management configuration
- 04-Process monitoring and maintenance configuration
- 05-Fast log output configuration
- 06-Flow log configuration
- 07-Information center configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-Basic device management configuration | 172.66 KB |
Performing basic device management
Restrictions and guidelines for configuring the system time
System time configuration tasks at a glance
Setting the system time at the CLI
Obtaining the UTC time through a time protocol
Setting the daylight saving time
Displaying system time information
Setting the system operating mode
Displaying copyright information
Enabling copyright statement display
Displaying detailed copyright information
Verifying and maintaining task scheduling
Restrictions and guidelines for device reboot
Rebooting the device immediately at the CLI
Restoring the factory-default configuration
Collecting operating statistics for diagnostics and troubleshooting
Performing basic device management
Configuring the device name
About this task
A device name (also called hostname) identifies a device in a network and is used in CLI view prompts. For example, if the device name is Sysname, the user view prompt is <Sysname>.
Procedure
1. Enter system view.
system-view
sysname sysname
By default, the device name is H3C.
Configuring the system time
About the system time
Correct system time is essential to network management and communication. Configure the system time correctly before you run the device on the network.
The device can use the following methods to obtain the system time:
· Uses the locally set system time, and then uses the clock signals generated by its built-in crystal oscillator to maintain the system time.
· Periodically obtains the UTC time from an NTP source, and uses the UTC time, time zone, and daylight saving time to calculate the system time. For more information about NTP, see Network Management and Monitoring Configuration Guide.
The system time calculated by using the UTC time from a time source is more precise.
Restrictions and guidelines for configuring the system time
The system time configured by using the clock datetime command takes effect immediately. The time zone or daylight saving time, whether configured or not, are not taken into account.
If you configure or change the time zone or daylight saving time after the device obtains the system time, the device recalculates the system time. To view the system time, use the display clock command.
You can configure the device to use both methods to obtain the system time. For time consistency, however, configure the device to use only one of the methods to obtain the system time. If you configure the device to use both methods, the device uses the manually set system time or the periodically obtained UTC time, whichever is obtained later.
System time configuration tasks at a glance
To configure the system time, perform the following tasks:
1. Configuring the system time
Choose one of the following tasks:
¡ Setting the system time at the CLI
¡ Obtaining the UTC time through a time protocol
2. (Optional.) Setting the time zone
Make sure each network device uses the time zone of the place where the device resides.
3. (Optional.) Setting the daylight saving time
Make sure each network device uses the daylight saving time parameters of the place where the device resides.
4. (Optional.) Displaying system time information
Setting the system time at the CLI
1. Enter system view.
system-view
2. Configure the device to use the local system time.
clock protocol none
By default, the device uses the NTP time source.
If you execute this command multiple times, the most recent configuration takes effect.
3. Return to user view.
quit
4. Set the local system time.
clock datetime time date
By default, the system time is UTC time 00:00:00 01/01/2011.
|
|
CAUTION: This command changes the system time, which affects execution of system time-related features (for example, scheduled tasks) and collaborative operations of the device with other devices (for example, log reporting and statistics collection). Before executing this command, make sure you fully understand its impact on your live network. |
Obtaining the UTC time through a time protocol
1. Enter system view.
system-view
2. Specify the system time source.
clock protocol { ntp }
By default, the device uses the NTP time source.
If you execute this command multiple times, the most recent configuration takes effect.
3. Configure time protocol parameters.
For more information about NTP configuration, see Network Management and Monitoring Configuration Guide.
Setting the time zone
1. Enter system view.
system-view
2. Set the time zone.
clock timezone zone-name { add | minus } zone-offset
By default, the system uses the UTC time zone.
Setting the daylight saving time
1. Enter system view.
system-view
2. Set the daylight saving time.
clock summer-time name start-time start-date end-time end-date add-time
By default, the daylight saving time is not set.
Displaying system time information
To display system time information, execute the following command in any view:
display clock
This command displays the system time, date, time zone, and daylight saving time.
Setting the system operating mode
About this task
The device can operate in one of the following modes:
· sd-wan—System operating mode for the SD-WAN branch scenario solution (also called SD-WAN mode).
· sdn-wan—System operating mode for the AD-WAN backbone solution (also called SDN-WAN mode).
· standard—Standard mode.
Supported features and feature specifications vary by system operating mode.
Restrictions and guidelines
Change to the operating mode takes effect after a system reboot.
Procedure
1. Enter system view.
system-view
2. Set the system operating mode.
system-working-mode{ sd-wan | standard | sdn-wan }
By default, the device operates in standard mode.
Displaying the system working mode
To display system working mode information, execute the following command in any view:
display system-working-mode
Displaying copyright information
Enabling copyright statement display
About this task
This feature enables the device to display the copyright statement in the following situations:
· When a Telnet or SSH user logs in.
· When a console dial-in user quits user view. This is because the device automatically tries to restart the user session.
Figure 1 shows the copyright statement.
If you disable displaying the copyright statement, the device does not display the copyright statement in any situations.
Figure 1 Copyright statement at the login page
Procedure
1. Enter system view.
system-view
2. Enable copyright statement display.
copyright-info enable
By default, copyright statement display is enabled.
Displaying detailed copyright information
To display detailed copyright information, execute the following command in any view:
display copyright
Configuring banners
About this task
Banners are messages that the system displays when a user logs in.
The system supports the following banners:
· Legal banner—Appears after the copyright statement.
· Message of the Day (MOTD) banner—Appears after the legal banner and before the login banner.
· Login banner—Appears only when password or scheme authentication is configured.
· Shell banner—Appears for a user when the user accesses user view.
The system displays the banners in the following order: legal banner, MOTD banner, login banner, and incoming or shell banner.
Banner input methods
You can configure a banner by using one of the following methods:
· Input the entire command line in a single line.
The banner cannot contain carriage returns. The entire command line, including the command keywords, the banner, and the delimiters, can have a maximum of 511 characters. The delimiters for the banner can be any printable character but must be the same. You cannot press Enter before you input the end delimiter.
For example, you can configure the shell banner "Have a nice day." as follows:
<System> system-view
[System] header shell %Have a nice day.%
· Input the command line in multiple lines.
The banner can contain carriage returns. A carriage return is counted as two characters.
To input a banner configuration command line in multiple lines, use one of the following methods:
¡ Press Enter after the final command keyword, type the banner, and end the final line with the delimiter character %. The banner plus the delimiter can have a maximum of 1999 characters.
For example, you can configure the banner "Have a nice day." as follows:
<System> system-view
[System] header shell
Please input banner content, and quit with the character '%'.
Have a nice day.%
¡ After you type the final command keyword, type any printable character as the start delimiter for the banner and press Enter. Then, type the banner and end the final line with the same delimiter. The banner plus the end delimiter can have a maximum of 1999 characters.
For example, you can configure the banner "Have a nice day." as follows:
<System> system-view
[System] header shell A
Please input banner content, and quit with the character 'A'.
Have a nice day.A
¡ After you type the final command keyword, type the start delimiter and part of the banner. Make sure the final character of the final string is different from the start delimiter. Then, press Enter, type the rest of the banner, and end the final line with the same delimiter. The banner plus the start and end delimiters can have a maximum of 2002 characters.
For example, you can configure the banner "Have a nice day." as follows:
<System> system-view
[System] header shell AHave a nice day.
Please input banner content, and quit with the character 'A'.
A
Procedure
1. Enter system view.
system-view
2. Configure the legal banner.
header legal text
3. Configure the MOTD banner.
header motd text
4. Configure the login banner.
header login text
5. Configure the shell banner.
header shell text
Scheduling a task
About task scheduling
You can schedule the device to automatically execute a command or a set of commands without administrative interference.
You can configure a periodic schedule or a non-periodic schedule. A non-periodic schedule is not saved to the configuration file and is lost when the device reboots. A periodic schedule is saved to the startup configuration file and is automatically executed periodically.
Restrictions and guidelines
· The default system time is always restored at reboot. To make sure a task schedule can be executed as expected, reconfigure the system time or configure NTP after you reboot the device. For more information about NTP, see Network Management and Monitoring Configuration Guide.
· To assign a command (command A) to a job, you must first assign the job the command or commands for entering the view of command A.
· Make sure all commands in a schedule are compliant to the command syntax. The system does not check the syntax when you assign a command to a job.
· A schedule cannot contain any one of these commands: telnet, ftp, ssh2, and monitor process.
· A schedule does not support user interaction. If a command requires a yes or no answer, the system always assumes that a Y or Yes is entered. If a command requires a character string input, the system assumes that either the default character string (if any) or a null string is entered.
· A schedule is executed in the background, and no output (except for logs, traps, and debug information) is displayed for the schedule.
Procedure
1. Enter system view.
system-view
2. Create a job.
scheduler job job-name
3. Assign a command to the job.
command id command
By default, no command is assigned to a job.
You can assign multiple commands to a job. A command with a smaller ID is executed first.
4. Exit to system view.
quit
5. Create a schedule.
scheduler schedule schedule-name
6. Assign a job to the schedule.
job job-name
By default, no job is assigned to a schedule.
You can assign multiple jobs to a schedule. The jobs will be executed concurrently.
7. Assign user roles to the schedule.
user-role role-name
By default, a schedule has the user role of the schedule creator.
You can assign a maximum of 64 user roles to a schedule. A command in a schedule can be executed if it is permitted by one or more user roles of the schedule.
8. Specify the execution time for the schedule.
Choose one option as needed:
¡ Execute the schedule at specific points of time.
time at time date
time once at time [ month-date month-day | week-day week-day&<1-7> ]
¡ Execute the schedule after a period of time.
time once delay time
¡ Execute the schedule at the specified time on every specified day in a month or week.
time repeating at time [ month-date [ month-day | last ] | week-day week-day&<1-7> ]
¡ Execute the schedule periodically from the specified time on.
time repeating [ at time [date ] ] interval interval
By default, no execution time is specified for a schedule.
The time commands overwrite each other. The most recently executed command takes effect.
9. (Optional.) Set the schedule log file size limit.
scheduler logfile size value
By default, the schedule log file size limit is 16 KB.
The schedule log file stores log messages for execution results of commands in jobs. After the limit is reached, the system deletes the oldest log messages to store the new log messages. If the remaining space of the log file is not enough for a single log message, the system truncates the message and does not store the extra part.
Verifying and maintaining task scheduling
Displaying task scheduling and execution information
Perform display tasks in any view.
· Display the automatic reboot schedule.
display scheduler reboot
· Display schedule information.
display scheduler schedule [ schedule-name ]
· Display schedule job configuration information.
display scheduler job [ job-name ]
· Display schedule job execution log information.
display scheduler logfile
Clearing schedule job execution log information
To clear schedule job execution log information, execute the following command in user view:
reset scheduler logfile
Example: Scheduling a task
Network configuration
As shown in Figure 2, two interfaces of the device are connected to users.
To save energy, configure the device to perform the following operations:
· Enable the interfaces at 8:00 a.m. every Monday through Friday.
· Disable the interfaces at 18:00 every Monday through Friday.
Procedure
# Enter system view.
<Sysname> system-view
# Configure a job for disabling interface Ten-GigabitEthernet 0/0/6.
[Sysname] scheduler job shutdown-Ten-GigabitEthernet0/0/6
[Sysname-job-shutdown-Ten-GigabitEthernet0/0/6] command 1 system-view
[Sysname-job-shutdown-Ten-GigabitEthernet0/0/6] command 2 interface ten-gigabitethernet 0/0/6
[Sysname-job-shutdown-Ten-GigabitEthernet0/0/6] command 3 shutdown
[Sysname-job-shutdown-Ten-GigabitEthernet0/0/6] quit
# Configure a job for enabling interface Ten-GigabitEthernet 0/0/6.
[Sysname] scheduler job start-Ten-GigabitEthernet0/0/6
[Sysname-job-start-Ten-GigabitEthernet0/0/6] command 1 system-view
[Sysname-job-start-Ten-GigabitEthernet0/0/6] command 2 interface ten-gigabitethernet 0/0/6
[Sysname-job-start-Ten-GigabitEthernet0/0/6] command 3 undo shutdown
[Sysname-job-start-Ten-GigabitEthernet0/0/6] quit
# Configure a job for disabling interface Ten-GigabitEthernet 0/0/7.
[Sysname] scheduler job shutdown-Ten-GigabitEthernet0/0/7
[Sysname-job-shutdown-Ten-GigabitEthernet0/0/7] command 1 system-view
[Sysname-job-shutdown-Ten-GigabitEthernet0/0/7] command 2 interface ten-gigabitethernet 0/0/7
[Sysname-job-shutdown-Ten-GigabitEthernet0/0/7] command 3 shutdown
[Sysname-job-shutdown-Ten-GigabitEthernet0/0/7] quit
# Configure a job for enabling interface Ten-GigabitEthernet 0/0/7.
[Sysname] scheduler job start-Ten-GigabitEthernet0/0/7
[Sysname-job-start-Ten-GigabitEthernet0/0/7] command 1 system-view
[Sysname-job-start-Ten-GigabitEthernet0/0/7] command 2 interface ten-gigabitethernet 0/0/7
[Sysname-job-start-Ten-GigabitEthernet0/0/7] command 3 undo shutdown
[Sysname-job-start-Ten-GigabitEthernet0/0/7] quit
# Configure a periodic schedule for enabling the interfaces at 8:00 a.m. every Monday through Friday.
[Sysname] scheduler schedule START-pc1/pc2
[Sysname-schedule-START-pc1/pc2] job start-Ten-GigabitEthernet0/0/6
[Sysname-schedule-START-pc1/pc2] job start-Ten-GigabitEthernet0/0/7
[Sysname-schedule-START-pc1/pc2] time repeating at 8:00 week-day mon tue wed thu fri
[Sysname-schedule-START-pc1/pc2] quit
# Configure a periodic schedule for disabling the interfaces at 18:00 every Monday through Friday.
[Sysname] scheduler schedule STOP-pc1/pc2
[Sysname-schedule-STOP-pc1/pc2] job shutdown-Ten-GigabitEthernet0/0/6
[Sysname-schedule-STOP-pc1/pc2] job shutdown-Ten-GigabitEthernet0/0/7
[Sysname-schedule-STOP-pc1/pc2] time repeating at 18:00 week-day mon tue wed thu fri
[Sysname-schedule-STOP-pc1/pc2] quit
Verifying the configuration
# Display the configuration information of all jobs.
[Sysname] display scheduler job
Job name: shutdown-Ten-GigabitEthernet0/0/6
system-view
interface ten-gigabitethernet 0/0/6
shutdown
Job name: shutdown-Ten-GigabitEthernet0/0/7
system-view
interface ten-gigabitethernet 0/0/7
shutdown
Job name: start-Ten-GigabitEthernet0/0/6
system-view
interface ten-gigabitethernet 0/0/6
undo shutdown
Job name: start-Ten-GigabitEthernet0/0/7
system-view
interface ten-gigabitethernet 0/0/7
undo shutdown
# Display the schedule information.
[Sysname] display scheduler schedule
Schedule name : START-pc1/pc2
Schedule type : Run on every Mon Tue Wed Thu Fri at 08:00:00
Start time : Wed Sep 28 08:00:00 2019
Last execution time : Wed Sep 28 08:00:00 2019
Last completion time : Wed Sep 28 08:00:03 2019
Execution counts : 1
-----------------------------------------------------------------------
Job name Last execution status
start-Ten-GigabitEthernet0/0/6 Successful
start-Ten-GigabitEthernet0/0/7 Successful
Schedule name : STOP-pc1/pc2
Schedule type : Run on every Mon Tue Wed Thu Fri at 18:00:00
Start time : Wed Sep 28 18:00:00 2019
Last execution time : Wed Sep 28 18:00:00 2019
Last completion time : Wed Sep 28 18:00:01 2019
Execution counts : 1
-----------------------------------------------------------------------
Job name Last execution status
shutdown-Ten-GigabitEthernet0/0/6 Successful
shutdown-Ten-GigabitEthernet0/0/7 Successful
# Display schedule log information.
[Sysname] display scheduler logfile
Job name : start-Ten-GigabitEthernet0/0/6
Schedule name : START-pc1/pc2
Execution time : Wed Sep 28 08:00:00 2019
Completion time : Wed Sep 28 08:00:02 2019
--------------------------------- Job output -----------------------------------
<Sysname>system-view
System View: return to User View with Ctrl+Z.
[Sysname]interface ten-gigabitethernet 0/0/6
[Sysname-Ten-GigabitEthernet0/0/6]undo shutdown
Job name : start-Ten-GigabitEthernet0/0/7
Schedule name : START-pc1/pc2
Execution time : Wed Sep 28 08:00:00 2019
Completion time : Wed Sep 28 08:00:02 2019
--------------------------------- Job output -----------------------------------
<Sysname>system-view
System View: return to User View with Ctrl+Z.
[Sysname]interface ten-gigabitethernet 0/0/7
[Sysname-Ten-GigabitEthernet0/0/7]undo shutdown
Job name : shutdown-Ten-GigabitEthernet0/0/6
Schedule name : STOP-pc1/pc2
Execution time : Wed Sep 28 18:00:00 2019
Completion time : Wed Sep 28 18:00:01 2019
--------------------------------- Job output -----------------------------------
<Sysname>system-view
System View: return to User View with Ctrl+Z.
[Sysname]interface ten-gigabitethernet 0/0/6
[Sysname-Ten-GigabitEthernet0/0/6]shutdown
Job name : shutdown-Ten-GigabitEthernet0/0/7
Schedule name : STOP-pc1/pc2
Execution time : Wed Sep 28 18:00:00 2019
Completion time : Wed Sep 28 18:00:01 2019
--------------------------------- Job output -----------------------------------
<Sysname>system-view
System View: return to User View with Ctrl+Z.
[Sysname]interface ten-gigabitethernet 0/0/7
[Sysname-Ten-GigabitEthernet0/0/7]shutdown
Rebooting the device
About device reboot
The following device reboot methods are available:
· Schedule a reboot at the CLI, so the device automatically reboots at the specified time or after the specified period of time.
· Immediately reboot the device at the CLI.
This method allows you to reboot the device remotely.
· Power off and then power on the device. This method might cause data loss, and is the least-preferred method.
Restrictions and guidelines for device reboot
A device reboot might result in a service outage.
For data security, the device does not reboot while it is performing file operations.
Rebooting the device immediately at the CLI
Prerequisites
Perform the following steps in any view:
1. Verify that the next-startup configuration file is correctly specified.
display startup
For more information about the display startup command, see Fundamentals Command Reference.
2. Verify that the startup image files are correctly specified.
display boot-loader
If one main startup image file is damaged or does not exist, you must specify another main startup image file before rebooting the device.
For more information about the display boot-loader command, see Fundamentals Command Reference.
3. Save the running configuration to the next-startup configuration file.
save
To avoid configuration loss, save the running configuration before a reboot.
For more information about the save command, see Fundamentals Command Reference.
Procedure
To reboot the device immediately at the CLI, execute one of the following commands in user view:
reboot [ slot slot-number [ subslot subslot-number ] ] [ force ]
|
|
CAUTION: · A device reboot might result in service interruption. Before using this command, make sure you fully understand its impact on your live network. · Use the force keyword to reboot the device only when the system is faulty or fails to start up normally. A forced device reboots might cause file system damage. Before using the force keyword to reboot the device, make sure you understand its impact. |
Scheduling a device reboot
Restrictions and guidelines
The automatic reboot configuration is canceled if an active/standby switchover occurs.
The device supports only one device reboot schedule. If you execute the scheduler reboot command multiple times, the most recent configuration takes effect.
Procedure
To schedule a reboot, execute one of the following commands in user view:
· scheduler reboot at time [ date ]
· scheduler reboot delay time
By default, no device reboot time is specified.
|
|
CAUTION: This task enables the device to reboot at a scheduled time, which causes service interruption. Before configuring this task, make sure you fully understand its impact on your live network. |
Restoring the factory-default configuration
About this task
If you want to use the device in a different scenario or you cannot troubleshoot the device by using other methods, use this task to restore the factory-default configuration.
This task does not delete .bin files and reserved directories customized for a product.
Restrictions and guidelines
|
|
CAUTION: This feature will restore the factory defaults for the device. Before using this command, make sure you fully understand its impact on your live network. |
Procedure
Execute the following command in user view to restore the factory-default configuration for the device:
restore factory-default
Collecting operating statistics for diagnostics and troubleshooting
About this task
You can use one of the following methods to collect operating statistics for diagnostics and troubleshooting:
· Use separate display commands to collect operating information feature by feature or module by module.
· Use the display diagnostic-information command to collect operating information for multiple or all features and hardware modules.
Restrictions and guidelines
To save storage space, this feature automatically compresses the information before saving the information to a file. To view the file content:
1. Use the tar extract command to extract the file.
2. Use the gunzip command to decompress the extracted file.
3. Use the more command to view the content of the decompressed file.
While the device is executing this command, do not execute any other commands. Executing other commands might affect the collected operating information.
Procedure
Execute the following command in any view:
display diagnostic-information [ hardware | infrastructure | l2 | l3 | service ] [ key-info ] [ filename ]
Verifying device stability
About this task
The device/card/MDC/context startup process takes some time. If the values of the status fields do not change to Stable, use this feature to identify the devices/cards/MDCs/contexts that are not in Stable state.
Restrictions and guidelines
Procedure
To display system stability and status information, execute the following command in any view:
display system stable state
Troubleshooting
If the system is not in stable state, you can use other commands to identify the faulty components. For example:
· Use the display device command to identify the device operating status.
· Use the display ha service-group command to display the status of HA service groups and identify the groups in batch backup state.
· Use the display system internal process state command in probe view to display service operating status.
