a5000 cmw520 r2303 release notes

A5000-CMW520-R2303 Release Notes


Hewlett-Packard Development Company, L.P. 1

A5000-CMW520-R2303 Release Notes Keywords: WLAN, Version Information, Version Update, Open Problems and Workarounds

Abstract: This release notes describes the A5000-CMW520-R2303 release with respect to hardware and software compatibility, released features and functions, software upgrading, and documentation.

Acronyms:

Acronym Full spelling

AAA Authentication, Authorization and Accounting

AC Access Controller

ACL Access Control List

AP Access Point

ARP Address Resolution Protocol

CCMP Counter mode (CTR) with CBC-MAC Protocol

CLI Command Line Interface

DHCP Dynamic Host Configuration Protocol

MIB Management Information Base

QoS Quality of Service

SNMP Simple Network Management Protocol

STA Station

TKIP Temporal Key Integrity Protocol

WEP Wired Equivalent Privacy

WLAN Wireless LAN



Contents

Version information······················································································································································ 5 Version number ·································································································································································5 Version history ···································································································································································5 Hardware and software compatibility matrix ················································································································5

FIT AP Compatibility Table ·········································································································································· 7

Restrictions and cautions ············································································································································· 8

Feature list····································································································································································· 8 Hardware features ····························································································································································8 Software features ··························································································································································· 10

Version updates··························································································································································17 Feature updates······························································································································································ 17 Command line updates ················································································································································· 17 MIB updates···································································································································································· 17 Configuration changes ·················································································································································· 18

Open problems and workarounds····························································································································18

List of resolved problems ···········································································································································18 Resolved problems in A5000-CMW520-R2303········································································································ 18

Software upgrading···················································································································································18 Introduction ····································································································································································· 18

Files managed on access controller ···················································································································· 18 Maintaining software ············································································································································ 20 Software Upgrade Flow········································································································································ 21

Boot ROM menu····························································································································································· 22 Main Boot ROM menu·········································································································································· 22 Boot ROM submenus············································································································································· 23

Upgrading Boot ROM through a serial port ··············································································································· 25 Modifying serial port parameters ························································································································ 25 Upgrading the BootWare Through the Management Ethernet Interface························································· 27 Upgrading the BootWare Through a Serial Connection ·················································································· 29

Upgrading application image through a serial port ·································································································· 31 Upgrading application image through an Ethernet interface ··················································································· 32

Configuring Ethernet interface parameters········································································································· 32 Upgrading application image ····························································································································· 33

Maintaining application image and configuration at CLI ························································································· 35 Maintaining the Access Controller with TFTP ····································································································· 35 Maintaining the Access Controller with FTP ······································································································· 36

Maintaining application and configuration file ·········································································································· 39 Dealing with access controller password loss············································································································· 41

Dealing with user password loss ························································································································· 41 Dealing with Boot ROM password loss ·············································································································· 41 Super password loss ············································································································································· 42

Backing up and restoring the Boot ROM image········································································································· 42



Compatibility for H3C WX Series Access Controller ······························································································43 Hardware and software compatibility matrix for H3C WX Series Access Controller············································ 43 Feature updates relative to WX5004-CMW520-R2107P10···················································································· 43 Command line updates relative to WX5004-CMW520-R2107P10 ······································································· 45 MIB updates relative to WX5004-CMW520-R2107P10·························································································· 92 Configuration changes relative to WX5004-CMW520-R2107P10 ········································································ 92 Resolved problems in A5000-CMW520-R2303 relative to WX5004-CMW520-R2107P10······························ 93



List of Tables

Table 1 Version history ................................................................................................................... 5

Table 2 Hardware and software compatibility matrix.......................................................................... 5

Table 3 A5000 Series Access Controller Module Compatibility Table................................................... 6

Table 4 Fit AP Compatibility Table ................................................................................................... 7

Table 5 HP A-WX5004 Access Controller Hardware Features.............................................................. 8

Table 6 HP A-WX5002 Access Controller Hardware Features.............................................................. 9

Table 7 HP A5800 Access Controller OAA Module Card Hardware Features ....................................... 9

Table 8 Software features ..............................................................................................................10

Table 9 Performance specifications..................................................................................................15

Table 10 Main Boot ROM menu .....................................................................................................23

Table 11 Ethernet parameters settings description ............................................................................. 33

Table 12 WX Series Access Controller Module Compatibility Table .................................................... 43

Table 13 Feature updates.............................................................................................................. 43

Table 14 Command line updates ................................................................................................... 45

Table 15 MIB updates .................................................................................................................. 92



Version information

Version number Comware Software, Version 5.20, R2303

Note: This version number can be displayed by command display version under any view. Please see Note①.

Version history Table 1 Version history

Version number Last version Release Date Remarks

A5000-CMW520-R2303 First release 2011-6-27 None

Hardware and software compatibility matrix Table 2 Hardware and software compatibility matrix

Item Specifications

Product family A5000 Series Access Controllers

Hardware platform

HP A-WX5004 Access Controller

HP A-WX5002 Access Controller

HP A5800 Access Controller OAA Module Card

Minimum memory requirements 1G 2G

Minimum Flash requirements 256M CF Card 1G CF Card

Boot ROM version

Basic 1.10 Extend 1.13 (Note:This version number can be displayed by command display version under any view. Please see Note②)

Basic 1.28 Extend 1.37 (Note:This version number can be displayed by command display version under any view. Please see Note②)

Host software A5000-CMW520-R2303.bin (36,640,996Bytes)

CPLD Version 010 004

iMC Version

• iMC PLAT 5.0 SP1 (E0101P05) • iMC UAM 5.0 SP1 (E0101P03) • iMC EAD 5.0 SP1 (E0101P03)



• iMC QoSM 5.0 SP1 (E0101P01) • iMC WSM 5.0 (E0101)

iNode iNode PC 5.0 (E0103)

AP Version

• WA2100-CMW520-R1118 • WA2200-CMW520-R1120 • WA2600-CMW520-R1115 • WA2600A-CMW520-R1111

Remark None

Table 3 A5000 Series Access Controller Module Compatibility Table

WX Series Access Controller Module

Software Version Frame Software Version

HP A5800 Access Controller OAA Module Card

A5000-CMW520-R2303 and later version HP A5800

A5800_5820X-CMW520-R1211 and later version

The latest version: A5800_5820X-CMW520-R1211

To display the host software and BootWare version of HP A-WX5004 Access Controller and HP A-WX5002 Access Controller, perform the following: <HP>display version

HP Comware Platform Software

Comware Software, Version 5.20, Release 2303 ------ Note①

Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P.

HP A-WX5004 uptime is 0 week, 0 day, 0 hour, 0 minute

HP A-WX5004 with 1 RMI XLR 716 800MHz Processor

1024M bytes DDR2

4M bytes Flash Memory

Config Register points to FLASH

261M bytes CFCard Memory

Hardware Version is Ver.A

CPLD Version is 010

Basic Bootrom Version is 1.10 ------ Note②

Extend Bootrom Version is 1.13 ------ Note②

[Subslot 0]A-WX5004 Hardware Version is Ver.A

To display the host software and BootWare version of HP A5800 Access Controller OAA Module Card, perform the following: <HP>dis version

HP Comware Platform Software



Comware Software, Version 5.20, Release 2303 ------ Note①


HP LSWM1WCM10 uptime is 0 week, 0 day, 0 hour, 1 minute

HP LSWM1WCM10 with 1 RMI XLR 732 1000MHz Processor

2048M bytes DDR2

4M bytes Flash Memory

Config Register points to FLASH

999M bytes CFCard Memory

Hardware Version is Ver.B

CPLD Version is 004

Basic Bootrom Version is 1.28 ------ Note②

Extend Bootrom Version is 1.37 ------ Note②

[Subslot 0]LSWM1WCM10 Hardware Version is Ver.B

FIT AP Compatibility Table Table 4 Fit AP Compatibility Table

AP Type AP Mode File Name Packed with AC Version Remark

H3C WA2110-AG WA2100 None

3COM 7760 7760_2750(Note③) None

3COM 8760 8760_3150 None

3COM 3150 8760_3150

wa2100.bin Yes

None

H3C WA2210-AG WA2210-AG None

H3C WA2220-AG WA2220-AG None

H3C WA2210X-G WA2210X-G None

H3C WA2220X-AG WA2220X-AG

wa2200_fit.bin Yes

None

H3C WA2610E-AGN WA2610E-AGN None

H3C WA2620E-AGN WA2620E-AGN wa2600_fit.bin Yes

None

H3C WA2612-AGN WA2612-AGN None

H3C WA2620-AGN WA2620-AGN w2600a_fit.bin Yes

None

Note③:

Hereby 7760_2750 is only used as a model name in the AC software. 7760 is supported but 2750 is not.



Restrictions and cautions 1. The size of configure file for Fit AP shouldn’t be more than 3500 bytes.

2. Port security mode “userlogin-secure-ext-or-psk”is not recommended. Some wireless adaptor station can’t connect with this mode.

3. After the register of auto template AP, command line wlan auto-ap persistent is necessary to convert this AP into fixed template AP, otherwise the AC could not refresh the log off status in the case the auto template AP powers off.

4. If there is a Layer3 network between the AC and the AP, either configure the IP bound domain name of the AC on the DNS, or set up the option 43 on the DHCP server hence the AP could reach to the AC.

5. In order to protect the control link between the AC and the AP from the malicious data traffic attack, the AC and AP should be divided into different sub networks as possible, and only permit necessary network access to the WX6103 and the AP from other network terminals.

6. If there are multi IP addresses configured under the same AC interface, the address appointed on the AP should be the main address on the AC interface

7. If the endpoint user use a Vista OS, there would be some constraints, such as the open-system and shared-key authorization modes could not featured on the service template.

8. After the update of the PKI certification, command line : undo local server eap-profile is necessary to refresh the SSL certification cache.

9. The port security mode: userlogin-secure-ext-or-psk is not recommended, for several network cards have some problems to log on under this mode.

Feature list

Hardware features Table 5 HP A-WX5004 Access Controller Hardware Features

Item Description

Dimensions(H × W × D)

(excluding feet and rack-mounting brackets

43.6 × 440 × 430 mm (1.7 × 17.3 × 16.93 in.)

Weight 7.4 kg (16.31 lb.) (with two PSUs installed)

Input voltage rated voltage: 100V～240V AC；50/60Hz

tolerance voltage: 90V～264V AC； 47/63Hz

Max. power consumption 67.7W

Operating temperature 0℃～45℃(32°F to 113°F)

Relative humidity 5%~ 95%



(noncondensing)

Processor 800MHz

Memory 1024MB

Flash 256MB CF Card

Fixed interfaces

1× Console

4×10/100/1000 BASE-T auto-sensing Ethernet electrical interfaces

4×1000 Base-X SFP optical interfaces, forming Combo ports together with the corresponding Ethernet electrical interfaces

Table 6 HP A-WX5002 Access Controller Hardware Features

Item Description

Dimensions(H × W × D)

(excluding feet and rack-mounting brackets

43.6 × 440 × 430 mm (1.7 × 17.3 × 16.93 in.)

Weight 7.4 kg (16.31 lb.) (with two PSUs installed)

Input voltage rated voltage: 100V～240V AC；50/60Hz

tolerance voltage: 90V～264V AC； 47/63Hz

Max. power consumption 67.7W


Relative humidity (noncondensing) 5%~ 95%

Processor 800MHz

Memory 1024MB

Flash 256MB CF Card

Fixed interfaces

1× Console

2×10/100/1000 BASE-T auto-sensing Ethernet electrical interfaces

2×1000 Base-X SFP optical interfaces, forming Combo ports together with the corresponding Ethernet electrical interfaces

Table 7 HP A5800 Access Controller OAA Module Card Hardware Features

Item LSWM1WCM10

Dimensions(H × W × D) 35×250 × 243mm (1.4 ×9.8× 9.6 in.)

Weight 1.65kg(3.64 lb)

Input voltage 12V

Max. power consumption 80W




Relative humidity (noncondensing) 5%~ 95%

Processor 1GHz

Memory 2048MB

Flash 1GB CF Card

Fixed interfaces 1×10/100BASE-TX out-of-band management interface

Software features Table 8 Software features

Item Description

ARP (gratuitous ARP)

ARP fast-reply

VLAN (port/MAC-based VLANs)

SSID/AP based VLANs

802.1p

802.1q

802.1X

Broadcast/multicast storm suppression

802.3x (not applicable to AC modules

Port loopback (not applicable to AC modules)

802.3 LAN protocols

Port broadcast storm suppression

Ping, Tracert

DHCP server

DHCP client

DHCP relay agent

DHCP snooping

DNS client

NTP

Telnet

TFTP client

FTP client

Network interconnection

IP application

FTP server



Item Description

IP routing Static routing

IGMP snooping

MLD snooping Multicasting

IPv6 Static Routing

802.11

802.11b

802.11a

802.11g

802.11n

802.11h

802.11d

802.11i

802.11e

802.11

80.211s draft

Transmission rate selection

Transmission rate auto-adjustment

Manual and automatic channel configuration; radar avoidance

Maximum transmission power configuration

Manual and automatic transmission power configuration

Country code configuration

Multiple country codes

20M/40M speed switchover of APs

802.11n protection

RF ping

Wireless packet capture

Wireless location service (A-iMC and AeroScout)

Energy conservation

RF management

Wireless RF interference detection and mitigation

Intra-AC roaming

Inter-AC roaming Roaming

Key cache fast roaming

Layer 2/Layer 3 network topology between AP and AC

WLAN

Tunneling between AC

Automatic AC discovery by APs



Item Description

AP software version upgrade through the AC

AP configuration file download from the AC

IPv4/v6 networks supported between AP and AC

Traffic and user number based AP load sharing

Centralized and local forwarding modes

and AP

AP provision

Mesh link Mesh

Mesh security

MAC address authentication

802.1X authentication (EAP-TLS, EAP-TTLS, EAP-PEAP, EAP-MD5, EAP-GTC)

Portal authentication

Local authentication methods, including 802.1X authentication (MD5/TLS/PEAP-MSCHAPv2), portal authentication, and MAC address authentication

Portal authentication support for web proxy

Portal authentication support for page redirection

Network security

Security authentication

Wireless EAD



Item Description

RADIUS

LDAP

HWTACACS

Multi-domain configuration on the authentication server

Backup authentication server

AAA

ESS based authentication server selection

Multi-SSID

SSID hiding

802.11i (including 802.1X authentication and PSK authentication)

WPA, WPA2

WEP (WEP64/WEP128/WEP152)

Dynamic WEP

LEAP

TKIP

802.11 security and privacy

CCMP

User-based bandwidth limit

User-based access control

User-based QACL

Access control based on AP location

Binding between user account and SSID

Binding between user account, VLAN, ACL, and user profile

User and access control

Guest access manager and VIP channel

White list

Static/dynamic blacklist

Detection of and countermeasures against rogue wireless devices WIDS/WIPS

Wireless anti-attack

SSH V1.5/2.0

SSID-based user isolation Others

MAC address-based user isolation

QoS Layer-2 QoS Layer 2 to Layer 4 packet filtering and traffic classification



Item Description

User-based packet filtering and traffic classification

Ethernet interface/SSID based priority

Mapping between wired priority and wireless priority

Mapping between wireless priority and tunnel priority

CAR/LR Traffic policing

Flow based bandwidth control

Congestion management FIFQ, PQ and CQ

WMM (802.11e)

Wireless service-based bandwidth limit

Intelligent bandwidth guarantee Wireless QoS

SSID-based bandwidth control

Forwarding of IPv6 packets; IPv6 MIB

ICMPv6

Automatic/manual configuration of link-local and multicast addresses

ND protocol

Basic IPv6 functions

IPv6 ACL

RFC 2464

DNS6

TraceR6

Telnet6

FIB6

IPv6

Extended IPv6 functions

DHCPv6 relay agent

1+1 fast backup

N+1 redundancy (up to 4+1 redundancy)

N+N redundancy

DHCP server hot backup

Reliability Redundancy

Portal server hot backup

Maintainability Network management

SNMP V1/V2c/V3



Item Description

Syslog

RMON

Console port login

Telnet (VTY) login

SSH login

Web based management

User access management

FTP login

File system management

Applications backup (dual image) System management

Hot fix

Table 9 Performance specifications

Performance

Item Sub-item A-WX5004

A5800 Access Controller OAA Module Card

A-WX5002

Switching capacity

Interface switching capacity

4 Gbps 10 Gbps 2 Gbps

Extended configuration 256 64

Standard configuration 64 32

Maximum number of managed APs Size of each

license 32

WEP key Length 40/104/128 bits

TKIP key Length 128 bits

CCMP key Length 128 bits

Rogue AP detection

Maximum number of permitted vendors

64



Performance



A-WX5002

Maximum number of permitted SSIDs

128

Maximum number of permitted MAC addresses

256

Maximum number of rogue APs against which countermeasures can be taken concurrently

4

Maximum number of attacking devices

64

Static blacklist capacity 64 entries

Dynamic blacklist capacity

512 entries Blacklist/white list

Static white list capacity 255 entries

Maximum number of SSIDs 256 128

Maximum number of SSIDs per radio

16

Maximum number of BSSs 3072 768

SSID

Maximum number of BSSs per radio

16

Station Maximum number of wireless stations

4096 2048

Roaming Maximum number of ACs in a mobility

8



Performance



A-WX5002

domain

QACL Maximum number of ACLs 8192 (By TCAM) 4096

RADIUS Maximum number of online sessions

4096 2048

Layer-3 interface

Maximum number of VLAN interfaces

512 64

Static routes IPv4/IPv6 32/32

ARP ARP table capacity 8192 4096

MAC MAC address table capacity

8192 4096

Layer-2 multicast

Layer-2 multicast table capacity 256

Jumbo frame Size 4096 bytes

Version updates

Feature updates None.

Command line updates None.

MIB updates None.



Configuration changes None.

Open problems and workarounds Problem WLD29319

• First found-in version: A5000-CMW520-R2303

• Description: Configuring the vlan of mobility-tunnel member’s, vlan range is not checked by system.

• Workaround: Please confirm the vlan correct manually.

Problem WLD29223

• First found-in version: A5000-CMW520-R2303

• Description: The interface WLAN-DBSS can’t inherit the rules of portal free-rule by Interface WLAN-ESS.

• Workaround: Please avoid configure the portal free-rule for SSID.

List of resolved problems

Resolved problems in A5000-CMW520-R2303 First release.

Software upgrading

CAUTION:

Upgrade software only when necessary and under the guidance of a technical support engineer.

Introduction

Files managed on access controller The HP A-WX5004 Access Controller, HP A-WX5002 Access Controller and HP A5800 Access Controller OAA Module Card manage the following three types of files:

• BootWare program file

• Application file



• Configuration file

• Certificate file

Boot ROM image file

The BootWare program file is used by the access controller to boot the applications. The complete BootWare program file consists of basic BootWare and extended BootWare.

• Basic BootWare implements system initialization.

• Extended BootWare provides abundant man-machine interaction functions. It is used for interface initialization for application program and boot system upgrade.

• Full BootWare refers to the combination of the two sections. After the basic BootWare is started, you can load or upgrade the extended BootWare.

WARNING:

Do not power off the device when upgrading the BootWare; otherwise, the BootWare will possibly be damaged.

Application image file

The access controller supports the Dual Image function. By default, three application files are defined for system boot:

• Main application file (main file)

• Backup application file (backup file)

• Secure application file (secure file)

These files are stored in the built-in CF card, with an extension name of .bin.

Typically, the default application file is written into the built-in CF card before the access controller is delivered.

If you have loaded the three application files into the CF card, the system will choose one of these three files to boot the access controller, depending on the boot sequence described below. For how to set the application file types, refer to section Maintaining application and configuration file.

The default names and types of the application files and their loading sequence are as follows:

• Main application file. The default name is main.bin, and the file type is M. It is the default application file to be loaded when the system starts.

• Backup application file. The default name is backup.bin, and the file type is B. If failing to load the main application file, the system will try the backup file.

• Secure application file. The default name is secure.bin, and the file type is S. If the system fails to load the backup application file, the secure application file is the last choice. If it again fails to load the secure application file, the system will give a boot failure message.



NOTE:

• Only the application files of the M, B, and S types can be used to boot the system, while an applicationfile of the N type (an application file other than the M, B, or S type) cannot.

• After the application program is loaded, you can rename the application files through the CLI or changethe types of the M, B and N application files through the BootWare menu or the CLI. However, you cannot change the type of the S application file.

• As the S application file is the last choice for booting the system, you cannot change its type or obtaina secure application file by changing the type of another type of application file. You can only download it using the BootWare menu.

• Only one file of the same type (M, B, or S) can exist in the CF card. For example, if an application fileof type M+B exists in the CF card, another file of type M or B cannot exist. If the type of another file is changed to B, the existing type M+B file changes to a file of type M.

Configuration file

With a file extension of .cfg, the configuration files are to store the configuration information of the access controller. Typically, the default configuration file is written into the built-in CF card before the access controller is delivered.

CAUTION:

• The length of a configuration file name must not exceed 64 characters (including the drive name and thestring terminator). For example, if the drive name is cfa0:/, the maximum length of a file name is [ 64 – 1 – 4 ] = 59 characters.

• If the length of a file name exceeds 59 characters, error will occur in file operations on that file. It is recommended to keep the file name within 16 characters.

• There is a limitation on the length of file name that can be displayed in BootWare. If a file name is shorter than 30 characters, all the characters of the file name can be displayed; if a file name has or exceeds 30 characters, only the first 26 characters of the file name can be displayed, followed by a tilde(~) and a serial number. The serial number identifies position in sequence of the file. For example, if some files, file A, file B and file C, have a file name longer than 30 characters, the name of file A will appear as the first 26 characters plus ~001, that of file B will appear as the first 26 characters plus ~002, and that of file C will appear as the first 26 characters plus ~003.

Certificate file

After startup, system will create two certificate files automatically, wlan_ca_certificate.cer and wlan_local_certificate.pfx for SSH and HTTPS. (For importing certificate, SSH, HTTPS, please refer to Configuration Guide)

Maintaining software • Upgrading the BootWare and application files using the Xmodem protocol through a serial port.

• Upgrading application files by BootWare using TFTP or FTP through an Ethernet port.

• Uploading and downloading the application and configuration files by CLI using TFTP/FTP.



NOTE:

• The BootWare program is upgraded together with the host software version. That is, the system automatically upgrades the BootWare program when you upgrade the host software program.

• The BootWare program is upgraded together with the host software version. That is, the system automatically upgrades the BootWare program when you upgrade the host software program.

Software Upgrade Flow Figure 1 Boot ROM and application images upgrade procedure



Boot ROM menu

Main Boot ROM menu Upon access controller power-on or reboot, the console terminal connected with the access controller first displays the following information: System start booting...

Then, the following information appears: Booting Normal Extend BootWare........

****************************************************************************

* *

* HP LSWM1WCM10 BootWare, Version 1.37 *

* *

****************************************************************************


Compiled Date : Jan 26 2011

CPU Type : XLR732

CPU L1 Cache : 32KB

CPU Clock Speed : 1000MHz

Memory Type : DDR2 SDRAM

Memory Size : 2048MB

Memory Speed : 533MHz

BootWare Size : 1536KB

Flash Size : 4MB

cfa0 Size : 999MB

CPLD Version : 004

PCB Version : Ver.B

BootWare Validating...

Press Ctrl+B to enter extended boot menu...

Please input BootWare password:

NOTE:

The extended boot menu is referred to as BootWare main menu in this manual unless otherwise stated.

At the prompt above, press Ctrl+B. The system prompts you to enter the BootWare password: Please input BootWare password:

You have three chances to enter the BootWare password (the initial password is null). If you fail to enter the correct password three times in a row, the system will be halted and you can only restart the system. After you provide the correct password, the system enters the BootWare main menu:



Note: The current operating device is cfa0

Enter < Storage Device Operation > to select device.

===========================<EXTEND-BOOTWARE MENU>===========================

|<1> Boot System |

|<2> Enter Serial SubMenu |

|<3> Enter Ethernet SubMenu |

|<4> File Control |

|<5> Modify BootWare Password |

|<6> Skip Current System Configuration |

|<7> BootWare Operation Menu |

|<8> Clear Super Password |

|<9> Storage Device Operation |

|<0> Reboot |

============================================================================

Enter your choice(0-9):

The following table describes the menu options.

Table 10 Main Boot ROM menu

Menu option Description

<1> Boot System Boot from the CF card.

<2> Enter Serial SubMenu Refer to section “Enter the serial submenu” for details.

<3> Enter Ethernet SubMenu Refer to section “Enter the Ethernet Interface submenu” for details.

<4> File Control File control submenu. Refer to “File control submenu” for details.

<5> Modify BootRom Password Modify the Boot ROM password.

<6> Ignore System Configuration Ignore system configuration.

<7> Boot Rom Operation Menu Refer to section “Boot ROM operation submenu” for details.

<8> Clear Super Password Remove the super password.

<9> Device Operation Device Operation menu, used for selecting the storage device.

<a> Reboot Reboot the router.

Boot ROM submenus Enter the serial submenu

You may upgrade the application image and modify serial interface speed in this serial submenu.

Enter 2 in the main Boot ROM menu to access the serial submenu: ===========================<Enter Serial SubMenu>===========================

|Note:the operating device is cfa0 |

|<1> Download Application Program To SDRAM And Run |

|<2> Update Main Application File |



|<3> Update Backup Application File |

|<4> Update Secure Application File |

|<5> Modify Serial Interface Parameter |

|<0> Exit To Main Menu |

============================================================================

Enter your choice(0-5:

Enter the Ethernet Interface submenu

Enter 3 in the main Boot ROM menu to access the Ethernet submenu. The console screen displays: ==========================<Enter Ethernet SubMenu>==========================






|<5> Modify Ethernet Parameter |


|<Ensure The Parameter Be Modified Before Downloading!> |

============================================================================


File control submenu

Enter 4 in the main Boot ROM menu to access the file control submenu. In this submenu you may identify types of the application files on the CF card, change file name, or remove files. The menu is as follows: ===============================<File CONTROL>===============================


|<1> Display All File(s) |

|<2> Set Application File type |

|<3> Set Configuration File type |

|<4> Delete File |


============================================================================


Boot ROM operation submenu

Enter 7 in the main Boot ROM menu to access the Boot ROM operation menu: =========================<BootWare Operation Menu>==========================


|<1> Backup Full BootWare |

|<2> Restore Full BootWare |

|<3> Update BootWare By Serial |

|<4> Update BootWare By Ethernet |


============================================================================




Upgrading Boot ROM through a serial port To upgrade the Boot ROM image through a serial port, use Xmodem.

Modifying serial port parameters Sometimes, we need a high serial port baud rate to save the upgrade time, or a lower baud rate to ensure the transmission reliability. This section introduces how to adjust the serial communication baud rate.

Follow these steps to change the serial communication baud rate:

Step1 Enter the BootWare main menu and select 2 to enter the serial interface submenu. Then, select 5 in the submenu to modify the baud rate. The system displays the following: =================================<BAUDRATE SET>===========================

|Note:'*'indicates the current baudrate |

| Change The HyperTerminal's Baudrate Accordingly |

|---------------------------<Baudrate Avaliable>------------------------- |

|<1> 9600(Default)* |

|<2> 19200 |

|<3> 38400 |

|<4> 57600 |

|<5> 115200 |

|<0> Exit |

==========================================================================


Step2 Select an appropriate baud rate. For example, select 5 for 115200 bps. The following information appears: Baudrate has been changed to 115200 bps.

Please change the terminal's baudrate to 115200 bps, press ENTER when ready.

Now that the serial interface baud rate of the access controller has been changed to 115,200 bps while that of the terminal is still 9,600 bps, the access controller and the terminal cannot communicate with each other. Change the baud rate to 115,200 bps in HyperTerminal.

Step3 Disconnect the terminal connection in HyperTerminal, as shown below:

Figure 2 Disconnect the terminal connection

Step4 Choose File > Properties. In the Properties dialog box, click Configure… and select 115,200 in the Bits per second drop-down list box.



Figure 3 Modify the baud rate

Step5 Select Call > Call to reestablish the connection.

Figure 4 Reconnect the call

Step6 Then, press Enter in the serial interface submenu. The system prompts the current baud rate and returns to the parent menu. ==============================<Enter Serial SubMenu>======================








==========================================================================




NOTE:

Restore the baud rate in the HyperTerminal to 9600 bps (the default) after upgrading the Boot ROM. This is to ensure that information can be displayed on the console screen after a system boot or reboot.

Upgrading the BootWare Through the Management Ethernet Interface

Follow these steps to upgrade the BootWare through the management Ethernet interface:

Step1 Enter the BootWare main menu (refer to section Main Boot ROM menu) and select 7 to enter the BootWare operation submenu. For details about this menu, refer to section Boot ROM operation submenu.

Step2 Select 4 in the BootWare operation submenu to enter the BootWare operation Ethernet interface submenu: =====================<BOOTWARE OPERATION ETHERNET SUB-MENU>===============

|<1> Update Full BootWare |

|<2> Update Extend BootWare |

|<3> Update Basic BootWare |



==========================================================================


Step3 Select 4 in the BootWare operation Ethernet interface submenu. The system prompts you to modify the network parameters. ============================<ETHERNET PARAMETER SET>======================

|Note: '.' = Clear field. |

| '-' = Go to previous field. |

| Ctrl+D = Quit. |

==========================================================================

Protocol (FTP or TFTP) :tftp

Load File Name :A5000.bin

Target File Name :A5000.bin

Server IP Address :192.168.0.179

Local IP Address :192.168.0.125

Gateway IP Address :192.168.0.1

NOTE:

The load file name and target file name must not exceed 50 bytes.

After modification of the parameters, the system display returns to the BootWare operation Ethernet interface submenu. =====================<BOOTWARE OPERATION ETHERNET SUB-MENU>===============








==========================================================================


Step4 Select 1 in the BootWare operation Ethernet interface submenu.

Update the BootWare program at the following prompts: Loading...................................................................

..........................................................................

.........................................................Done!

36640996 bytes downloaded!

Updating Basic BootWare? [Y/N]Y

Updating Basic BootWare................Done!

Updating Extend BootWare? [Y/N]Y

Updating Extend BootWare..............Done!

After download of the BootWare program file, the system display returns to the BootWare operation Ethernet interface submenu. ===================<BOOTWARE OPERATION ETHERNET SUB-MENU>=================






==========================================================================


Step5 Select 0 in the BootWare operation Ethernet interface submenu to enter the BootWare operation submenu: =========================<BootWare Operation Menu>========================


|<1> Backup Full BootWare |

|<2> Restore Full BootWare |

|<3> Update BootWare By Serial |

|<4> Update BootWare By Ethernet |


==========================================================================


Step6 Select 0 in the BootWare operation submenu to enter the BootWare main submenu: ===========================<EXTEND-BOOTWARE MENU>=========================

|<1> Boot System |

|<2> Enter Serial SubMenu |

|<3> Enter Ethernet SubMenu |

|<4> File Control |



|<5> Modify BootWare Password |

|<6> Skip Current System Configuration |

|<7> BootWare Operation Menu |

|<8> Clear Super Password |

|<9> Storage Device Operation |

|<0> Reboot |

==========================================================================

Enter your choice(0-9): 0

Step7 Select 0 in the BootWare main menu to reboot the access controller.

Upgrading the BootWare Through a Serial Connection Follow these steps to upgrade the BootWare through a serial connection:

Step1 Enter the BootWare main menu (refer to section Main Boot ROM menu) and select 7 to enter the BootWare operation submenu. For details about this menu, refer to section Boot ROM operation submenu.

Step2 Select 3 in the BootWare operation submenu to enter the BootWare operation serial interface submenu: ======================<BOOTWARE OPERATION SERIAL SUB-MENU>================






==========================================================================


Step3 Select 4 in the BootWare operation serial interface submenu. The system prompts you to modify the baud rate. =================================<BAUDRATE SET>===========================



| Press 'Enter' to exit with things untouched. |

|-----------------------------<Baudrate Avaliable>-----------------------|

|<1> 9600(Default)* |

|<2> 19200 |

|<3> 38400 |

|<4> 57600 |

|<5> 115200 |

|<0> Exit |

==========================================================================


Step4 Change the communication baud rate by referring to section “Modifying serial port parameters”. After the modification, the system displays the following information: Baudrate has been changed to 115200 bps.



Please change the terminal's baudrate to 115200 bps, press ENTER when ready.

The current baudrate is 115200 bps

=================================<BAUDRATE SET>===========================



|---------------------------<Baudrate Avaliable>-------------------------|

|<1> 9600(Default) |

|<2> 19200 |

|<3> 38400 |

|<4> 57600 |

|<5> 115200* |

|<0> Exit |

==========================================================================


Step5 Select 0 to return to the BootWare operation serial interface submenu. ======================<BOOTWARE OPERATION SERIAL SUB-MENU>================






==========================================================================


Step6 Select 1 in the BootWare operation serial interface submenu. The following prompt appears: Please Start To Transfer File, Press <Ctrl+C> To Exit.

Waiting ...CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC

Step7 Select Transfer > Send file… in the HyperTerminal window. The following dialog box appears:

Figure 5 Send File dialog box

Step8 Click Browse… to select the application file to be downloaded, and select Xmodem from the Protocol drop-down list. Then click Send. The following dialog box appears:



Figure 6 Download the file using Xmodem

Upon successful download, the system displays the following information: Download successfully!


Updating Basic BootWare? [Y/N]Y

Updating Basic BootWare................Done!

Updating Extend BootWare? [Y/N]Y

Updating Extend BootWare..............Done!

Step9 Change the baud rate on the console terminal from 115,200 bps back to 9,600 bps, and reboot the access controller.

NOTE:

• The actual file name, size and path may differ from what are shown in the figure above. Before upgrading the software of your access controller, check the current BootWare version and application program version to make sure that the correct file is used for the upgrade.

• After you download files with a changed baud rate, timely change the baud rate back to 9,600 bps inHyperTerminal to ensure the normal display on the console screen when the system boots or reboots.

Upgrading application image through a serial port The procedure is used to upgrade the three types of application files. This section describes how to upgrade the main application file.

Follow these steps to upgrade the main application file:



Step1 Select 2 in the BootWare main menu to enter the serial interface submenu. For details about this menu, refer to section Enter the Ethernet Interface submenu.

Step2 To improve the upgrading speed, first modify the serial interface baud rate. For details, refer to section Modifying serial port parameters..

Step3 Select 2 in the serial interface submenu. The following prompt appears: Please Start To Transfer File, Press <Ctrl+C> To Exit.

Waiting ...CCCCCCCCCC

Step4 Select and send the application file in HyperTerminal. The procedure for upgrading an application file is the same as upgrading the BootWare. For details, refer to section Upgrading the BootWare Through a Serial Connection.

NOTE:

In most cases application image files are larger than 10 Mbps. Given the speed of 115200 kbps, upgrading the application image takes about 30 minutes. To make upgrading faster, Ethernet interfaces are used.

Upgrading application image through an Ethernet interface

To upgrade the application image through an Ethernet interface, enter 3 in the main Boot ROM menu to access the Ethernet interface submenu first. (Refer to section “Enter the Ethernet Interface submenu”.)

Configuring Ethernet interface parameters Before upgrading an application program through an Ethernet interface, you need to configure the Ethernet interface of the access controller, as follows.

Select 3 in the BootWare main menu to enter the Ethernet interface submenu. Then, select 5 to enter the Ethernet interface configuration submenu: ============================<ETHERNET PARAMETER SET>======================

|Note: '.' = Clear field. |

| '-' = Go to previous field. |

| Ctrl+D = Quit. |

==========================================================================

Protocol (FTP or TFTP) :tftp

Load File Name :A5000.bin

Target File Name :A5000.bin

Server IP Address :192.168.0.179

Local IP Address :192.168.0.1

Gateway IP Address :192.168.0.10



Table 11 Ethernet parameters settings description

Parameter Description

Load File Name Name of the file to be downloaded.

Target File Name Name of the file to be stored in CF Card.

Server IP Address The IP address of FTP or TFTP server.

Local IP Address Set it to be in the same network with TFTP/FTP server.

Gateway IP Address The IP address of the Gateway.

NOTE:

• When configuring a parameter, you can enter a new value directly, or press Enter to accept the default value that follows a colon. Type . to clear the current input, - to return to the previous parameter field, and Ctrl+D to quit from the parameter configuration interface.

• The access controller supports only the 10/100/1000Base-TX out-of-band management Ethernet interface for application upgrade.

Upgrading application image The Trivial File Transfer Protocol (TFTP) is a TCP/IP protocol used for file transfer between client and server. It provides a simple and low-overhead file transfer service. TFTP provides unreliable data transfer over UDP and does not provide any access authorization and authentication mechanism. It employs the timeout retransmission method to implement best-effort delivery of data. Compared with FTP, TFTP has a much smaller software size.

Follow these steps to upgrade an application through the management Ethernet interface:

Step1 Set up a software upgrade environment.

For HP A5800 Access Controller OAA Module Card: Connect the 10/100/1000Base-TX management interface to a PC with an Ethernet cable.

For HP A-WX5004 Access Controller or HP A-WX5002 Access Controller: Connect the first Gigabit Ethernet interface to a PC with an Ethernet cable.

Figure 7 Set up a software upgrade environment

Step2 Run TFTP Server on the PC, and set the path of the application file to be downloaded.



NOTE:

The TFTP server software is not provided with the access controller. You must make sure that it is availableby yourself.

Step3 Modify the Ethernet interface parameters. For details, refer to section Upgrading application image through an Ethernet interface.

Step4 Select 3 in the BootWare main menu to enter the Ethernet interface submenu. The following example shows how to upgrade the main application file. Select 2 in the Ethernet interface submenu. The following information appears: Loading......................................................................................................................................................................................................Done!


Updating File

cfa0:/A5000.bin..........................................................

.....................................................................................

.....................................................................................

.....................................................................................

.....................................................................................

.....................................................................................

.....................................................................................

.....................................................................................

.....................................................................................

.....................................................................................

.....................................................................................

.....................................................................................

.....................................................................................

.....................................................................................

.....................................................................................

...................................................................................Done!

Step5 Select 0 to return to the BootWare main menu.

Step6 Select 1 in the BootWare main menu to reboot the access controller.

CAUTION:

• If the downloaded file has the same file name with an existing file in the CF card, the system prompts The file is exist, will you recover it? [Y/N]. If you choose Y, the existing file will be overwritten.

• Make sure that sufficient space is available in the CF card. In case of insufficient space, the system willgive a prompt message.

• The new application file directly replaces the existing file of the same type. In this example, the downloaded file A5000.bin replaces the existing application file of the type M and becomes the only main application file.

• For details about the application file types, refer to section Application image file.



Maintaining application image and configuration at CLI

After the access controller boots, you can perform operations at the CLI to upgrade/back up the application image or to backup/restore configuration.

Maintaining the Access Controller with TFTP Using the access controller as a TFTP client and a file server as the TFTP server, you can use commands on the console terminal, which can be the same file server, to upload the configuration and application files from the access controller to the file server or download the files from the file server to the access controller.

Setting up a configuration environment

Step1 Set up a network environment by referring to section Upgrading application image through an Ethernet interface. .

Figure 8 Set up an environment for software maintenance through the CLI

Step2 Run TFTP Server on the file server and set the file path.

Step3 Configure the IP addresses for both sides, which must be on the same subnet. For example, set the IP address of the TFTP server to 192.168.0.1, and that of the access controller’s management Ethernet interface to 192.168.0.2. Then use ping to verify the network connectivity.

Backing up and restoring the application and configuration files

After setting up the environment, perform the following operations on the console terminal:

Step1 View the files in the current file system with the dir command. <HP>dir

Directory of cfa0:/

0 -rw- 617 Jul 26 2011 08:22:56 startup.cfg

1 -rw- 36640996 Jul 28 2011 10:35:38 A5000.bin

2 -rw- 356124 Jul 27 2011 09:23:54 bootware.app

252904 KB total (198642 KB free)

File system type of cfa0: FAT32



<HP>

Step2 Perform the file backup or restoration (download) operation.

• To backup startup.cfg on the access controller by saving it as config.bak on the TFTP server, use the following command:

<HP>tftp 192.168.0.1 put startup.cfg config.bak

File will be transferred in binary mode

Sending file to remote TFTP server. Please wait... \

TFTP: 617 bytes sent in 0 second(s).

File uploaded successfully.

• To download config.cfg from the TFTP server to the access controller, do the following: <HP>tftp 192.168.0.1 get config.cfg statup.cfg

The file statu.cfg exists. Overwrite it?[Y/N]:y

Verifying server file...

Deleting the old file, please wait...

File will be transferred in binary mode

Downloading file from remote tftp server, please wait...\

TFTP: 617 bytes received in 0 second(s)

File downloaded successfully.

If a file with the same name already exists on the access controller, the system will ask you whether to replace the existing file. Enter Y to replace it, or N to abort.

CAUTION:

• When you back up a file to the server and if a file with the same name already exists on the server, theexisting file will be replaced.

• The above-mentioned operations are performed in user view.

• The backup configuration file can be modified by using a text editor. You can update the system configuration by downloading a modified configuration file. Your update takes effect after the access controller is restarted. Likewise, you can update the main application file by downloading a new application file from the server and replacing the existing main application file on the access controller.

Maintaining the Access Controller with FTP Maintaining the access controller when it serves as the server

File Transfer Protocol (FTP) is an application layer protocol in the TCP/IP suite. It is mainly used for file transfer between remote hosts. FTP provides a reliable, connection-oriented data transfer service over TCP.

The FTP service provided by the access controller is FTP Server. Using this feature, the access controller serves as the FTP server. You can use your PC as an FTP client to log in to the access controller for file operations.



Before using FTP, you need to install the FTP client application on your PC. The FTP client software is not provided with the access controller. You must make sure that it is available by yourself. This section describes how to maintain the access controller software using the FTP client application that comes with Microsoft Windows XP.

Follow these steps to maintain the software of your access controller through FTP with the access controller as the FTP server:

Step1 Set up a hardware maintenance environment as follows:

Figure 9 Maintain the router taking it as the FTP server

Step2 Configure the IP addresses for both sides, which must be on the same subnet. For example, set the IP address of the FTP client to 192.168.0.1, and that of the access controller’s management Ethernet interface to 192.168.0.2. Then use ping to verify the network connectivity.

Step3 Enable FTP service.

Configure FTP server authentication and authorization and enable FTP. The FTP server supports multi-client access. When a remote FTP client sends a request to the FTP server, the FTP server executes an action accordingly and returns the execution result to the client. Use the following command to enable the FTP service: [HP]ftp server enable

% Start FTP server

Step4 Add an authorized FTP username and password. [HP]local-user guest Create user account guest

[HP-luser- guest]service-type ftp //Set user type to FTP

[HP-luser- guest]password simple 123456 //Set password for user guest

Step5 Maintain the access controller

After enabling the FTP service and configuring the username and password, start the FTP client application on the PC.

Open a DOS prompt window, and enter ftp at the DOS prompt. C:\Documents and Settings\Administrator>ftp

ftp> //The system prompt changed to ftp>

ftp> open 192.168.0.2 //Connect to the access controller

Connected to 192.168.0.2.

220 FTP service ready.

User (192.168.0.2:(none)): guest //Enter the username guest

331 Password required for guest

Password: Enter the password 123456

230 User logged in. //Successfully connected to the server



Step6 Maintain the access controller software.

• To backup main.bin on the access controller to the server, do the following: ftp> binary //Set the transfer mode to binary

200 Type set to I.

ftp> lcd c:\temp //Change the local path

Local directory now C:\temp.

ftp> get main.bin main.bin //Backup to PC

200 Port command okay.

150 Opening BINARY mode data connection for main.bin.

226 Transfer complete.

ftp: 14323376 bytes received in 16.81Seconds 851.87Kbytes/sec.

• To restore the backup file to the access controller, do the following: ftp> put main.bin main.bin //Download to the access controller

200 Port command okay.

150 Opening BINARY mode data connection for main.bin.

226 Transfer complete.

ftp: 14323376 bytes sent in 8.29Seconds 1727.37Kbytes/sec.

ftp> quit //Quit FTP

221 Server closing.

Maintaining the access controller when it serves as the client

When the access controller is functioning as an FTP client, you can do the following to maintain it.

Step1 Set up a maintenance environment.

Figure 10 Maintain the router taking it as the FTP client

Step2 Run the FTP server program on the PC, set the file path, and set the username and password for the access controller.

Step3 Configure the IP addresses for both sides, which must be on the same subnet. For example, set the IP address of the FTP server to 192.168.0.1, and that of the access controller’s management Ethernet interface to 192.168.0.2. Then use ping to verify the network connectivity.

Step4 Maintain the access controller using the terminal connected to the console port of the access controller. <HP>ftp 192.168.0.1

Trying 192.168.0.1 ...

Press CTRL+K to abort

Connected to 192.168.0.1.

220 3Com 3CDaemon FTP Server Version 2.0

User(192.168.0.1:(none)):guest //Enter the username set on the server

331 User name ok, need password



Password: //Enter the password

230 User logged in

[ftp]

Step5 Maintain the access controller software.

Use the get and put commands to download and backup files. [ftp]get main.bin main.bin

cf:/main.bin has been existing. Overwrite it?[Y/N]:y

200 PORT command successful.

150 File status OK ; about to open data connection

226 Closing data connection; File transfer successful.

FTP: 14323376 byte(s) received in 69.256 second(s) 206.00K byte(s)/sec.

[ftp]put main.bin main.bin

200 PORT command successful.

150 File status OK ; about to open data connection

226 Closing data connection; File transfer successful.

FTP: 14323376 byte(s) sent in 15.974 second(s) 896.00Kbyte(s)/sec.

[ftp]quit

221 Service closing control connection

Maintaining application and configuration file You can use the file control submenu to modify and display file types.

Select 4 in the BootWare main menu to enter the file control submenu. The following information appears: =================================<File CONTROL>===========================


|<1> Display All File(s) |

|<2> Set Application File type |

|<3> Delete File |


==========================================================================


Display all files

Select 1 in the file control submenu. The following information appears: Display all file(s) in cfa0:

'M' = MAIN 'B' = BACKUP 'S' = SECURE 'N/A' = NOT ASSIGNED

==========================================================================

|NO. Size(B) Time Type Name |

|1 36640996 Jan/20/2034 10:12:36 M cfa0:/A5000.bin |

|2 795 Jan/20/2006 11:58:50 N/A cfa0:/startup.cfg |

==========================================================================



Set application file type

Step1 Select 2 in the file control submenu. The following information appears: 'M' = MAIN 'B' = BACKUP 'S' = SECURE 'N/A' = NOT ASSIGNED

==========================================================================


|1 36640996 Jan/20/2034 10:12:36 M cfa0:/A5000.bin |

|0 Exit |

==========================================================================

Enter file No:

Step2 Enter the file number at the prompt above. In this example, type 1 for A5000.bin, and press Enter. The system prompts you to specify a new file type: Modify the file attribute:

==========================================================================

|<1> +Main |

|<2> -Main |

|<3> +Backup |

|<4> -Backup |

|<0> Exit |

==========================================================================

Enter your choice(0-4)

Step3 Select 1 for +Main (set to M), 2 for –Main (remove the current M attribute), 3 for +Backup (set to B), or 4 for –Backup (remove the current B attribute). For details about the file types, refer to section Application image file.

Step4 Delete files

Step5 Select 3 in the file control submenu. The following information appears: Deleting the file in cfa0:

'M' = MAIN 'B' = BACKUP 'S' = SECURE 'N/A' = NOT ASSIGNED

==========================================================================


|1 36640996 Jan/20/2034 10:12:36 M cfa0:/A5000.bin |

|2 795 Jan/20/2006 11:58:50 N/A cfa0:/startup.cfg |

|0 Exit |

==========================================================================

Enter file No:

Step6 Type a file number and press Enter. The system asks you to confirm your operation. The file you selected is cfa0:/startup.cfg,Delete it? [Y/N]

Step7 Enter Y for confirmation. The following message appears, indicating the file was successfully deleted. Deleting..........Done!

Exit to the main menu

Select 0 to return to the BootWare main menu.



Dealing with access controller password loss This section tells you how to deal with loss of Boot ROM password, user password or super password.

Dealing with user password loss If you forget your user password, the system will refuse your login. In this case, set a new user password by following the steps below.

Step1 Enter the BootWare main menu and select 6 to bypass the current configuration in system startup.

The following information appears: Flag Set Success.

Step2 When the BootWare main menu appears again, select 0 to restart the system. System starts booting ...

Step3 Set a new user password in system view. [HP]user-interface con 0

[HP-ui-console0]authentication-mode password

[HP-ui-console0]set authentication password simple 123456

This information indicates that password authentication is used for console port login, the password is set to 123456, and it is stored in plain text.

NOTE:

• After reboot, the system runs with the initial default configuration, while the original configuration file isstill kept in the CF card. To restore the original configuration, use the display saved-configuration command to locate the configuration file, and then copy and run it.

• If the password is stored in plain text, you can use the display current-configuration command to view the password in the current configuration. If you use the set authentication password cipher 123456 command to set your password, the password will be stored in cipher text.

Step4 Save your new password. [HP] save

NOTE:

After modifying the user password, use the save command to save it.

Dealing with Boot ROM password loss Contact your agent in the event of Boot ROM password loss for help to log into the access controller to set a new password.

To change the BootWare password, enter the BootWare main menu, select 5, and follow the prompts: please input old password:

Please input new password:



Please input new password again:

Password Set Successfully.

NOTE:

• Once you enter a wrong old password or different new passwords, the password modification operationfails and the system exits this operation.

• The BootWare password can consist of a maximum of 32 printable characters, including letters, numerals, and symbols.

Super password loss You need a super password to switch among the four privilege levels to perform higher privilege operations. In the event of super password loss, do the following:

1. Enter 8 in the main Boot ROM menu to clear the super password.

2. Quit the menu and reboot. Then, you can directly enter into system view. Note that the operation is a one-time operation. You will be asked to provide the super user password for authentication at the next boot.

Backing up and restoring the Boot ROM image Step1 Select 7 in the BootWare main menu to enter the BootWare operation submenu. For details about this

submenu, refer to section Boot ROM operation submenu.

Step2 Back up or restore the BootWare.

• To back up the entire BootWare to the CF card, select 1 in the BootWare main menu and follow the prompts.

Will you backup the Basic BootWare? [Y/N]Y

Begin to backup the Basic BootWare...................Done!

Will you backup the Extend BootWare? [Y/N]Y

Begin to backup the Extend BootWare...................Done!

• To restore the backup BootWare from the CF card, select 2 in the BootWare main menu and follow the prompts.

Will you restore the Basic BootWare? [Y/N]Y

Begin to restore Normal Basic BootWare.................Done!

Will you restore the Extend BootWare? [Y/N]Y.................Done!



Compatibility for H3C WX Series Access Controller

Hardware and software compatibility matrix for H3C WX Series Access Controller

Table 12 WX Series Access Controller Module Compatibility Table

WX Series Access Controller Module Software Version Frame Software Version

LSWM1WCM10 WX5004-CMW520-R2105 and later version

H3C S5800-60C-PWR

H3C S5820X-28C

S5800_5820X-CMW520-R1108 and later version

The latest version: S5800_5820X-CMW520-R1110P05

S5800_5820X-CMW520-R1206

Feature updates relative to WX5004-CMW520-R2107P10

Table 13 Feature updates

Item Description

A5000-CMW520-R2303(First release on new branch)

Hardware feature updates

New features: None

Deleted features: None

Modified features: 1. BOOTWARE extend section of HP A5800 Access Controller OAA

Module Card update to version 1.37 2. BOOTWARE extend section of HP A-WX5004 Access Controller and

HP A-WX5002 Access Controller update to version 1.13

Software feature updates

New features: 1. The portal now supports proxy 2. 802.11n MIB has been supported 3. DHCP Snooping dynamic entry storage 4. Defend to the TCP SYN Flood attack 5. The boot APP file could be displayed and modified by the Web



Item Description interface

6. Security Association of the AC and BAS board card 7. Permit the configuration of permit mac before the user isolation

module(only by command line) 8. Multi-core platform supports WLAN forward 9. Remote AP function is now supported 10. NAT between AC and AP 11. LEAD certification is supported in 802.1X 12. Mesh link information could be inspected via the Web interface 13. Dual DHCP server machines backup is supported 14. Multicast group switch is now supported on the AP equipment 15. Sniffer function is now supported on the AP equipment 16. Smart Bandwidth promise function based on the SSID 17. The SSID would not be broadcasted any more after the user of the AP

reach the maxim limit 18. AP-based user speed constrain policy is now supported 19. RFPing feature is now supported 20. UserProfile is now supported in the local forward 21. 11n AP 20/40M channel switch is now supported 22. 11n Protective mode is now supported 23. (11n)STA side Power Save mode switch is now supported 24. (11n) Aggregative packet upload and statistical feature is now

supported on the WLAN platform 25. Export of the wireless user Authorization log is now supported 26. STA IP information from the ARP snooping is now supported 27. After the local portal server Authorization succeeds, the original

requested URL would be returned 28. CTS to self mode could be launched forcedly 29. Signal channel load rate estimate is now supported 30. Mesh signal channel automate adaption is now supported 31. Under portal Authorization, online user detecting via ARP feature is

supported 32. Power Table modification(Different Country codes support respecting

power table) 33. Work load distribution based on radio interface is now supported now 34. The management VLAN now support tag 35. AC could configure the AP local attributes 36. RRM parameter is now configurable 37. Time Zone could be added on the Web interface 38. DHCPv6 Server、DHCPv6 Client、DHCPv6 Relay are now supported 39. WLAN relevant passwords now could displayed in encrypted format. 40. Default Country code and radio configuration is now supported. 41. Support Mib Node: NAS-ID

Deleted features: None



Item Description Modified features: 42. The AP name length limit has been promoted to 32 characters from

previous 15 characters 43. The length of device name section in the manufacture information has

been promoted to 120 Bytes 44. ARP Snooping module now ignore the port inspection

Command line updates relative to WX5004-CMW520-R2107P10

Table 14 Command line updates

Item Description

A5000-CMW520-R2303(First release on new branch)

New commands

1. Command 1:

display ipv6 dhcp duid [ | { begin | exclude | include } regular-expression

display ipv6 dhcp client [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression

display ipv6 dhcp client statistics [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression

display ipv6 dhcp relay server-address { all | interface interface-type interface-number } [ | { begin | exclude | include } regular-expression

display ipv6 dhcp relay statistics [ | { begin | exclude | include } regular-expression

display ipv6 dhcp pool [ pool-number ] [ | { begin | exclude | include } regular-expression

display ipv6 dhcp prefix-pool [ prefix-pool-number ] [ | { begin | exclude | include } regular-expression

display ipv6 dhcp server [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression

display ipv6 dhcp server pd-in-use { all | pool pool-number | prefix prefix/prefix-len | prefix-pool prefix-pool-number } [ | { begin | exclude | include } regular-expression

display ipv6 dhcp server statistics [ | { begin | exclude | include } regular-expression

display ipv6 dhcp snooping trust [ | { begin | exclude | include } regular-expression

display ipv6 dhcp snooping user-binding { ipv6-address | dynamic } [ | { begin | exclude | include } regular-expression

reset ipv6 dhcp snooping user-binding { ipv6-address | dynamic }

reset ipv6 dhcp client statistics [ interface interface-type interface-number ]



Item Description reset ipv6 dhcp relay statistics

reset ipv6 dhcp server pd-in-use { all | pool pool-number | prefix prefix/prefix-len }

reset ipv6 dhcp server statistics

Description: See Layer 3 Command Reference of H3C WX Series Access Controllers Command Reference. 2. Command 2:

display ipv6 adjacent-table { all | physical-interface interface-type interface-number | routing-interface interface-type interface-number | slot slot-id } [ count | verbose ] [ | { begin | exclude | include } regular-expression ] View: Any view

Description: Display IPv6 adjacency table entries, with filter function by specifying a regular expression. 3. Command 3:

display ipv6 fib [ acl6 acl6-number | ipv6-prefix ipv6-prefix-name ] [ | { begin | exclude | include } regular-expression ]

View: Any view

Description: Display IPv6 FIB entries. 4. Command 4:

display mac-forwarding statistics [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display Layer 2 forwarding statistics. 5. Command 5:

display mac-fast-forwarding cache { all | { destination-mac mac-address | source-mac mac-address | vlan vlan-id }* } [ verbose ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display fast Layer 2 forwarding entries. 6. Command 6:

display stp bpdu-statistics [ interface interface-type interface-number [ instance instance-id ] ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display the BPDU statistics on ports. 7. Command 7:

display qos rtpq interface [ interface-type interface-number [ pvc { pvc-name [ vpi/vci ] | vpi/vci } ] ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display the information of the current IP RTP priority queue, including the queue length and the number of dropped packets on an interface/PVC or all interfaces/PVCs. 8. Command 8:

display dns host [ ip | ipv6 | naptr | srv ] [ | { begin | exclude | include }



Item Description regular-expression View: Any view Description: Display the dynamic DNS cache information. 9. Command 9:

display nqa reaction counters [ admin-name operation-tag [ item-number ] ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display the current monitoring results of reaction entries. 10. Command 10:

display dhcp-snooping binding database [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display the DHCP snooping entry file information. 11. Command 11:

display igmp-snooping host vlan vlan-id group group-address [ source source-address ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display information about the hosts tracked by IGMP snooping. 12. Command 12:

display igmp host port-info vlan vlan-id group group-address [ source source-address ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Information about the hosts tracked by IGMP on the Layer 2 ports. 13. Command 13:

display mld-snooping host vlan vlan-id group ipv6-group-address [ source ipv6-source-address ] [ | { begin | exclude | include } regular-expression View: Any view Description: Display information about the hosts tracked by MLD snooping. 14. Command 14:

display mld host port-info vlan vlan-id group ipv6-group-address [ source ipv6-source-address ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display information about the hosts tracked by MLD on the Layer 2 ports. 15. Command 15:

display interface [ interface-type ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ]

display interface interface-type { interface-number | interface-number.subnumber } [ brief ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display Ethernet interface information. 16. Command 16:



Item Description display dhbk status [ | { begin | exclude | include } regular-expression ]

View: Any view

Description: Display the stateful failover status information. 17. Command 17:

display forwarding policy [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display the current flow classification policy. 18. Command 18:

display password-control [ super ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display password control configuration information. 19. Command 19:

display password-control blacklist [ user-name name | ip ipv4-address | ipv6 ipv6-address ] [ | { begin | exclude | include } regular-expression ] View: Any view Description: Display information about users blacklisted due to authentication failure. 20. Command 20:

display current-configuration exclude modules [ by-linenum ] [ | { begin | exclude | include } regular-expression ] ] View: Any view Description: Displays all lines of current configuration that do not match the specified regular expression. 21. Command 21:

reset wlan ap provision { all | name ap-name } View: Any view Description: Remove the wlan_ap_cfg.wcfg file of the specified AP or all APs. 22. Command 22:

save wlan ap provision { all | name ap-name } View: Any view Description: Save the configuration in AP configuration view to the wlan_ap_cfg.wcfg file of the specified AP or all APs. 23. Command 23:

reset password-control blacklist [ user-name name ] View: User view Description: Remove all or one user from the blacklist. 24. Command 24:

reset password-control history-record [ user-name name | super [ level level ] ] View: User view

Description: Delete history password records.



Item Description 25. Command 25:

license register feature-name serial-number View: User view Description: register the license of a feature. 26. Command 26:

reset mac-forwarding statistics View: User view Description: Clear all Layer 2 forwarding statistics. 27. Command 27:

reset mac-fast-forwarding cache { all | { destination-mac mac-address | source-mac mac-address | vlan vlan-id }* } View: User view

Description: Clear fast Layer 2 forwarding entries. 28. Command 28:

info-center format unicom

undo info-center format View: System view

Description: Set the format of the system information sent to a log host to UNICOM. Restore the default, by default, the format of the system information sent to a log host is H3C. 29. Command 29:

dhbk enable backup-type { dissymmetric-path | symmetric-path }

undo dhbk enable

View: System view

Description: Enable stateful failover in a specified mode. Restore the default, by default, stateful failover is disabled. 30. Command 30:

dhbk vlan vlan-id

undo dhbk vlan

View: System view

Description: Specify a VLAN as a backup VLAN. Restore the default, by default, no backup VLAN is configured on the device. 31. Command 31:

mac-fast-forwarding

undo mac-fast-forwarding View: System view

Description: Enable fast Layer 2 forwarding. Disable fast Layer 2 forwarding. By default, fast Layer 2 forwarding is enabled. 32. Command 32:

shutdown-interval time

undo shutdown-interval View: System view



Item Description Description: Set a detection interval. Restore the default, by default, the detection interval is 30 seconds. 33. Command 33:

tcp syn-cookie enable

undo tcp syn-cookie enable View: System view

Description: Enable the SYN Cookie feature to protect the device against SYN Flood attacks. Disable the SYN Cookie feature. By default, the SYN Cookie feature is enabled. 34. Command 34:

vrrp ipv6 method { real-mac | virtual-mac }

undo vrrp ipv6 method

View: System view

Description: Specify the type of the MAC addresses mapped to the virtual IPv6 addresses of. Restore the default. By default, the virtual MAC addresses are mapped to the virtual IP addresses of the VRRP. 35. Command 35:

dns spoofing ip-address

undo dns spoofing View: System view

Description: Enable DNS spoofing and specify IP address used to spoof name query requests. Disable DNS spoofing. By default, DNS spoofing is disabled. 36. Command 36:

dot1x domain-delimiter string

undo dot1x domain-delimiter View: System view

Description: Specify a set of domain name delimiters supported by the access device. Restore the default. By default, the access device supports only the at sign (@) delimiter for 802.1X users. 37. Command 37:

port-security timer autolearn aging time-value

undo port-security timer autolearn aging View: System view

Description: Set the sticky MAC aging timer. Restore the default. By default, sticky MAC addresses never age out. 38. Command 38:

dhcp-snooping binding database update now View: System view

Description: Store DHCP snooping entries to the file. 39. Command 39:

dhcp-snooping binding database update interval minutes



Item Description undo dhcp-snooping binding database update interval View: System view

Description: Set the interval at which the DHCP snooping entry file is refreshed. Restore the default. By default, the DHCP snooping entry file is not refreshed periodically. 40. Command 40:

dhcp-snooping binding database update interval minutes

undo dhcp-snooping binding database update interval View: System view

Description: Specify the name of the file for storing DHCP snooping entries. Restore the default. By default, no file name is specified. 41. Command 41:

wlan ap-provision ac { host-name host-name | ip ip-address | ipv6 ipv6-address }

undo wlan ap-provision ac { host-name | ip { ip-address | all } | ipv6 { ipv6-address | all } } View: System view

Description: Specify a global AC so that all APs can discover the AC. Restore the default. By default, no global AC is specified. 42. Command 42:

portal server server-name server-detect method { http | portal-heartbeat } * action { log | permit-all | trap } * [ interval interval ] [ retry retries ]

undo portal server server-name server-detect View: System view

Description: Configure portal server detection, including the detection method, action, probe interval, and maximum number of probe attempts. cancel the detection of the specified portal server. By default, the portal server detection function is not configured. 43. Command 43:

portal server server-name user-sync [ interval interval ] [ retry retries ]

undo portal server server-name user-sync

View: System view

Description: Configure portal user information synchronization with a specified portal server. cancel the portal user information synchronization configuration with the. By default, the portal user synchronization function is not configured. 44. Command 44:

portal redirect-url url-string [ wait-time period ]

undo portal redirect-url View: System view

Description: Specify the auto redirection URL for authenticated portal users. Restore the default. By default, a user authenticated is redirected to the URL the user typed in the address bar before portal authentication.




ipv6 unreachables enable

undo ipv6 unreachables

ipv6 dhcp pool pool-number

undo ipv6 dhcp pool pool-number

ipv6 dhcp prefix-pool prefix-pool-number prefix prefix/prefix-len assign-len assign-len

undo ipv6 dhcp prefix-pool prefix-pool-number

ipv6 dhcp server enable

undo ipv6 dhcp server enable

ipv6 dhcp snooping enable

undo ipv6 dhcp snooping enable


qos pql pql-index protocol ip [ queue-key key-value ] queue { bottom | middle | normal | top }

undo qos pql pql-index protocol ip [ queue-key key-value ] View: System view Description: Specify a queue for the IP packets that match a certain match criterion. Delete the match criterion. By default, no match criterion is configured. 47. Command 47:

qos cql cql-index protocol ip [ queue-key key-value ] queue queue-number

undo qos cql cql-index protocol ip [ queue-key key-value ] View: System view

Description: Assign a custom queue for IP packets that match a certain criterion. Delete the match criterion. By default, no match criterion is configured. 48. Command 48:

password-control history max-record-num

undo password-control history

password-control alert-before-expire alert-time

undo password-control alert-before-expire

password-control composition type-number type-number [ type-length type-length ]

undo password-control composition

password-control authentication-timeout authentication-timeout

undo password-control authentication-timeout

password-control login-attempt login-times [ exceed { lock | lock-time time | unlock } ]



Item Description undo password-control login-attempt

password-control aging aging-time

undo password-control aging

password-control length length

undo password-control length

password-control history max-record-num

undo password-control history

password-control enable

undo password-control enable

password-control password update interval interval

undo password-control password update interval

password-control login idle-time idle-time

undo password-control login idle-time

password-control expired-user-login delay delay times times

undo password-control expired-user-login

password-control complexity { same-character | user-name } check

undo password-control complexity { same-character | user-name } check

Description: See Security Command Reference of H3C WX Series Access Controllers Command Reference. 49. Command 49:

password-control aging aging-time

undo password-control aging

password-control length length

undo password-control length

password-control composition type-number type-number [ type-length type-length ]

undo password-control composition

group-attribute allow-guest

undo group-attribute allow-guest View: User group view

Description: Use the password-control command to set the password aging time, the minimum password length and the password composition policy. Use the command to set the guest attribute for a user group. 50. Command 50:

state secondary { accounting | authentication } [ ip ipv4-address | ipv6 ipv6-address ] { active | block } View: User group view Description: Use the state secondary command to set the status of a secondary RADIUS server. 51. Command 51:

user-credentials { ldap-scheme ldap-scheme-name [ local ] | local }



Item Description undo user-credentials View: EAP profile view

Description: Use the user-credentials command to specify the database to be used for user credential verification in local EAP authentication. 52. Command 52:

client-verify weaken

undo client-verify weaken View: SSL server policy view

Description: Use the client-verify weaken command to enable SSL client weak authentication. 53. Command 53:

host-tracking

undo host-tracking View: MLD-snooping / IGMP-Snooping view Description: Use the host-tracking command to enable the MLD snooping or IGMP snooping host tracking function globally. 54. Command 54:

dot11a calibrate-power threshold value

undo dot11a calibrate-power threshold

dot11a calibrate-power min tx-power

undo dot11a calibrate-power min

dot11bg calibrate-power threshold value

undo dot11bg calibrate-power threshold

dot11bg calibrate-power min tx-power

undo dot11bg calibrate-power min View: RRM view

Description: Use the calibrate-power threshold command to configure the power adjustment threshold for radios. Use the calibrate-power min command to configure the minimum radio transmission power. 55. Command 55:

dot11a calibrate-channel pronto ap { all | name apname radio radio-num }

dot11a calibrate-power pronto ap { all | name apname radio radio-num }

dot11bg calibrate-channel pronto ap { all | name apname radio radio-num }

dot11bg calibrate-power pronto ap { all | name apname radio radio-num } View: RRM view Description: Use the command to configure one-time DFS or TPC for AP. 56. Command 56:

undo preamble View: Radio view Description: Use the undo preamble command to specify the preamble type to be the default value. 57. Command 57:



Item Description provision

undo provision View: AP template view Description: Use the provision command to create and enter AP configuration view. 58. Command 58:

ac { host-name host-name | ip ip-address | ipv6 ipv6-address }

undo ac { host-name | ip { ip-address | all } | ipv6 { ipv6-address | all } }

dns domain domain-name

undo dns domain

gateway { ip ip- address | ipv6 ipv6-address }

undo gateway { ip | ipv6 | all }

ip address ip-address { mask | mask-length }

undo ip address

ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

undo ipv6 address

vlan pvid vlan-id

undo vlan pvid

vlan tagged vlan-id-list

undo vlan tagged vlan-id-list

vlan untagged vlan-id-list

undo vlan untagged vlan-id-list View: AP configuration view

Description: See WLAN Command Reference of H3C WX Series Access Controllers Command Reference. 59. Command 59:

default View: Interface view Description: Use the default command to restore the default settings for the interface. 60. Command 60:

mtu size

undo mtu View: Vlan interface view Description: Use the mtu command to set the MTU for a VLAN interface. Use the undo mtu command to restore the default. By default, the MTU of a VLAN interface is 1500 bytes.

Related commands: display interface vlan-interface. 61. Command 61:

portal nas-port-type { ethernet | wireless }

undo portal nas-port-type



Item Description View: Vlan Interface view Description: Use the portal nas-port-type command to specify the access port type (indicated by the NAS-Port-Type value) on the current interface. The specified NAS-Port-Type value will be carried in the RADIUS requests sent from the device to the RADIUS server. Use the undo portal nas-port-type command to restore the default.

By default, the access port type of an interface is not specified, and the NAS-Port-Type value carried in RADIUS requests is the user access port type obtained by the access device. 62. Command 62: access-user detect type arp retransmit number interval interval

undo access-user detect View: Vlan Interface view Description: Use the access-user detect command to configure the online portal user detection function.Use the undo access-user detect command to restore the default. By default, the portal user detection function is not configured on an interface. With this function configured on an interface, the device periodically sends ARP requests to portal users on the interface to check whether the portal users are still online.

This function is available only for the direct and re-DHCP portal authentication configured on a Layer 3 interface. 63. Command 63:

ipv6 dhcp relay server-address ipv6-address [ interface interface-type interface-number ]

undo ipv6 dhcp relay server-address ipv6-address [ interface interface-type interface-number ]

ipv6 dhcp server apply pool pool-number [ allow-hint | preference preference-value | rapid-commit ]

undo ipv6 dhcp server apply pool

ipv6 nd ra no-advlinkmtu

undo ipv6 nd ra no-advlinkmtu View: Vlan interface view


dhcp relay client-detect enable

dhcp relay check mac-address

dhcp server client-detect enable

undo dhcp relay address-check enable

undo dhcp relay client-detect enable

undo dhcp relay check mac-address

undo dhcp server client-detect enable



Item Description View: Vlan interface view


dhcp-snooping trust [ no-user-binding ]

undo dhcp-snooping trust

dhcp-snooping check mac-address

undo dhcp-snooping check mac-address

dhcp-snooping check request-message

undo dhcp-snooping check request-message View:Wlan-ess interface view Description: See Layer 3 Command Reference of H3C WX Series Access Controllrs Command Reference. 66. Command 66: ipv6 neighbors max-learning-num number

undo ipv6 neighbors max-learning-num View:Wlan-ess interface view Description: Use the ipv6 neighbors max-learning-num command to configure the maximum number of neighbors that can be dynamically learned on the interface.

Use the undo ipv6 neighbors max-learning-num command to restore the default. 67. Command 67:

dot1x handshake secure

undo dot1x handshake secure View:Wlan-ess interface view Description: Use the dot1x handshake secure command to enable the online user handshake security function. The function enables the device to prevent users from using illegal client software. Use the undo dot1x handshake secure command to disable the function. 68. Command 68:

igmp-snooping router-port-deny [ vlan vlan-list ]

undo igmp-snooping router-port-deny [ vlan vlan-list ]

mld-snooping router-port-deny [ vlan vlan-list ]

undo mld-snooping router-port-deny [ vlan vlan-list ]

shutdown

undo shutdown View: Port-group view

Description: See IP Multicast Command Reference of H3C WX Series Access Controllers Command Reference. 69. Command 69: undo protocol inbound



Item Description View: VTY interface view Description: Restore the default. 70. Command 70:

qos fifo queue-length queue-length

undo qos fifo queue-length

View: Interface view, PVC view

Description: Use the qos fifo queue-length command to set the FIFO queue length. Use the undo qos fifo queue-length command to restore the default. 71. Command 71:

qos rtpq start-port first-rtp-port-number end-port last-rtp-port-number bandwidth bandwidth [ cbs burst ]

undo qos rtpq

View: Interface view, PVC view

Description: Use the qos rtpq command to enable RTP queuing for RTP packets with even UDP destination port numbers in the specified range on the interface/PVC.

Use the undo qos rtpq command to disable RTP queuing on the interface/PVC.

By default, RTP queuing is disabled on an interface/PVC.

This command provides preferential services for delay-sensitive applications, such as real-time voice transmission.

Set the bandwidth argument to a value greater than the total bandwidth that the real-time application requires to allow bursty traffic. 72. Command 72:



View: Layer 2 Ethernet interface view, Layer 2 aggregate interface view, WLAN-BSS interface view, WLAN-ESS interface view

Description: Use the dhcp-snooping check mac-address command to enable MAC address check on a DHCP snooping device.

Use the undo dhcp-snooping check mac-address command to disable MAC address check of DHCP snooping.

By default, this function is disabled.

With this function enabled, the DHCP snooping device compares the chaddr field of a received DHCP request with the source MAC address field in the frame. If they are the same, the DHCP snooping device decides this request valid and forwards it to the DHCP server. If not, the DHCP request is discarded. 73. Command 73:


undo dhcp-snooping check request-message

View: Layer 2 Ethernet interface view, Layer 2 aggregate interface view, WLAN-BSS interface view, WLAN-ESS interface view



Item Description Description: Use the dhcp-snooping check request-message command to enable DHCP-REQUEST message check of DHCP snooping.

Use the undo dhcp-snooping check request-message command to disable DHCP-REQUEST message check of the DHCP snooping.

By default, this function is disabled.

With this function enabled, upon receiving a DHCP-REQUEST message, a DHCP snooping device searches local DHCP snooping entries for the corresponding entry of the message. If an entry is found, the DHCP snooping device compares the entry with the message information. If they are consistent, the DHCP-REQUEST message is considered as valid lease renewal request and forwarded to the DHCP server. If they are not consistent, the messages is considered as forged lease renewal request and discarded. If no corresponding entry is found locally, the message is considered valid and forwarded to the DHCP server 74. Command 74:

ipv6 dhcp snooping trust

undo ipv6 dhcp snooping trust

View: Layer 2 Ethernet interface view, Layer 2 aggregate interface view

Description: Use the ipv6 dhcp snooping trust command to configure a DHCPv6 trusted port.

Use the undo ipv6 dhcp snooping trust command to restore the default.

By default, all interfaces of a device with DHCPv6 snooping enabled globally are untrusted ports.

After DHCPv6 snooping is enabled, to ensure that DHCPv6 clients can obtain IPv6 addresses from an authorized DHCPv6 server, you need to configure the port that connects to the authorized DHCPv6 server as a trusted port. 75. Command 75:

ipv6 dhcp snooping max-learning-num number

undo ipv6 dhcp snooping max-learning-num

View: Layer 2 Ethernet interface view, Layer 2 aggregate interface view

Description: Use the ipv6 dhcp snooping max-learning-num command to configure the maximum number of DHCPv6 snooping entries an interface can learn.

Use the undo ipv6 dhcp snooping max-learning-num command to restore the default.

By default, the number of DHCPv6 snooping entries learned by an interface is not limited. 76. Command 76:

ipv6 neighbors max-learning-num number

undo ipv6 neighbors max-learning-num

View: interface view

Description: Use the ipv6 neighbors max-learning-num command to configure the maximum number of neighbors that can be dynamically



Item Description learned on the interface.

Use the undo ipv6 neighbors max-learning-num command to restore the default.

By default, a Layer 2 interface does not limit the number of neighbors dynamically learned. The maximum number of neighbors that a Layer 3 interface can learn depends on the device model. 77. Command 77:

dot1x unicast-trigger

undo dot1x unicast-trigger

View: Ethernet interface view

Description: Use the dot1x unicast-trigger command to enable the 802.1X unicast trigger function.

Use the undo dot1x unicast-trigger command to disable the function.

By default, the unicast trigger function is disabled.

The unicast trigger function enables the network access device to initiate 802.1X authentication when it receives a data frame from an unknown source MAC address. The device sends a unicast Identity EAP/Request packet to the unknown source MAC address, and retransmits the packet if it has received no response within a period of time (set with the dot1x timer tx-period command). This process continues until the maximum number of request attempts (set with the dot1x retry command) is reached.

Related commands: Display dot1x, dot1x timer tx-period, and dot1x retry. 78. Command 78:


undo dot1x handshake secure


Description: Use the dot1x handshake secure command to enable the online user handshake security function. The function enables the device to prevent users from using illegal client software.

Use the undo dot1x handshake secure command to disable the function.

By default, the function is disabled.

The online user handshake security function is implemented based on the online user handshake function. To bring the security function into effect, make sure the online user handshake function is enabled.

H3C recommends you use the iNode client software and iMC server to ensure the normal operation of the online user handshake security function.

Related commands: dot1x handshake. 79. Command 79:



View: Layer 2 Ethernet interface view, Layer 2 aggregate interface view, port group view

Description: Use the igmp-snooping router-port-deny command to disable a



Item Description port or a group of ports from changing into dynamic router ports.

Use the undo igmp-snooping router-port-deny command to restore the default.

By default, a port can change into a dynamic router port.

For a switch that supports both IGMP snooping and IGMP, this command works on both IGMP snooping–enabled VLANs and VLANs with IGMP enabled on their VLAN interfaces.

If you do not specify any VLAN when using this command in Layer 2 Ethernet interface view or Layer 2 aggregate interface view, the command takes effect for all VLANs the interface belongs to. If you specify one or more VLANs, the command takes effect for the specified VLAN or VLANs that the interface belongs to.

If you do not specify any VLAN when using this command in port group view, the command takes effect on all the ports in this group. If you specify one or more VLANs, the command takes effect only on those ports in this group that belong to the specified VLAN or VLANs. 80. Command 80:



View: Layer 2 Ethernet interface view, Layer 2 aggregate interface view, port group view

Description: Use the mld-snooping router-port-deny command to disable a port or a group of ports from changing into dynamic router ports.

Use the undo mld-snooping router-port-deny command to restore the default.

By default, a port can change into a dynamic router port.

For a switch that supports both MLD snooping and MLD, this command works on both MLD snooping–enabled VLANs and VLANs with MLD enabled on their VLAN interfaces.

If you do not specify any VLAN when using this command in Layer 2 Ethernet interface view or Layer 2 aggregate interface view, the command will take effect for all VLANs the interface belongs to. If you specify a VLAN or multiple VLANs, the command will take effect for the specified VLAN or VLANs that the interface belongs to.

If you do not specify any VLAN when using this command in port group view, the command will take effect on all the ports in this group. If you specify a VLAN or multiple VLANs, the command will take effect only on those ports in this group that belong to the specified VLAN or VLANs. 81. Command 81:

port-security mac-address security [ sticky ] mac-address vlan vlan-id

undo port-security mac-address security [ sticky ] mac-address vlan vlan-id

View: Layer 2 Ethernet interface view

Description: Use the undo port-security mac-address security command to remove a secure MAC address in system view. 82. Command 82:



Item Description igmp-snooping host-tracking

undo igmp-snooping host-tracking

mld-snooping host-tracking

undo mld-snooping host-tracking

ipv6 dhcp snooping vlan enable

undo ipv6 dhcp snooping vlan enable View: VLAN

Description: See Layer 3 Command Reference and IP Multicast Command Reference of H3C WX Series Access Controllers Command Reference. 83. Command 83: if-match [ not ] local-precedence local-precedence-list undo if-match [ not ] local-precedence local-precedence-list

View: QoS

Description: Matches local precedence. The local-precedence-list argument is a list of up to eight local precedence values. A local precedence ranges from 0 to 7. 84. Command 84: reaction item-number checked-element icpif threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ] reaction item-number checked-element mos threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ] reaction item-number checked-element packet-loss threshold-type accumulate accumulate-occurrences [ action-type { none | trap-only } ] reaction item-number checked-element { owd-ds | owd-sd } threshold-value upper-threshold lower-threshold reaction item-number checked-element { jitter-ds | jitter-sd } threshold-type { accumulate accumulate-occurrences | average } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ] reaction item-number checked-element rtt threshold-type { accumulate accumulate-occurrences | average } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ] reaction item-number checked-element probe-duration threshold-type { accumulate accumulate-occurrences | average | consecutive consecutive-occurrences } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]

mode { active | passive } undo mode View: UDP jitter, voice test type view

Description: See Network Management and Monitoring Command Reference of H3C WX Series Access Controller Command Reference. 85. Command 85: vendor-class-identifier hex-string&<1-255> ip range min-address max-address undo vendor-class-identifier hex-string&<1-255> View: DHCP



Item Description Description: Use the vendor-class-identifier command to specify an IP address range for the DHCP clients of a specified vendor. Use the undo vendor-class-identifier command to restore the default. 86. Command 86: dns-server ipv6-address undo dns-server ipv6-address dns-server ipv6-address undo dns-server ipv6-address prefix-pool prefix-pool-number [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ]

undo prefix-pool sip-server { address ipv6-address | domain-name domain-name } undo sip-server { address ipv6-address | domain-name domain-name } static-bind prefix prefix/prefix-len duid duid [ iaid iaid ] [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo static-bind prefix prefix/prefix-len ds-lite address ipv6-address

undo ds-lite address View: DHCPv6 address pool

Description: See Layer 3 Command Reference of H3C WX Series Access Controllers Command Reference. 87. Command 87: password-control aging aging-time

undo password-control aging password-control composition type-number type-number [ type-length type-length ]

undo password-control composition password-control length length

undo password-control length validity-date time

undo validity-date reset wlan ap provision { all | name ap-name } crypto-digest sha256 file filename View: Local user

Description: See Security Command Reference, WLAN Command Reference and Fundamentals Command Reference of H3C WX Series Access Controllers Command Reference. 88. Command 88: wlan ap-provision dns domain domain-name

undo wlan ap-provision dns domain View: System view

Description: Use the wlan ap-provision dns domain command to specify a domain name suffix for the global DNS server of the AP.

Use the undo wlan ap-provision dns domain command to remove the



Item Description configuration.

By default, no domain name suffix is specified for the global DNS server of the AP.

You can specify at most one domain name suffix for the global DNS server.

The wlan ap-provision dns domain command takes effect on all APs, and the dns domain command in AP configuration view takes effect on the specified AP. If you configure both commands, the configuration in AP configuration view applies to the specified AP.

Related commands: dns domain. 89. Command 89:

wlan ap-provision dns server { ip ip-address | ipv6 ipv6-address } undo wlan ap-provision dns server { ip | ipv6 }

View: System view

Description: Use the wlan ap-provision dns server command to specify a global DNS server for the AP.

Use the undo wlan ap-provision dns server command to remove the configuration.

By default, no global DNS server is specified for the AP.

You can specify at most one global IPv4 DNS server and one global IPv6 DNS server.

The wlan ap-provision dns server command takes effect on all APs, and the dns server command in AP configuration view takes effect on the specified AP. If you configure both commands, the configuration in AP configuration view applies to the specified AP.

Related commands: dns server. 90. Command 90:

undo dns domain

View: AP configuration view

Description: Use the undo dns domain command to remove the configuration.

By default, no domain name suffix is specified for the DNS server of the AP. 91. Command 91:

hybrid-remote-ap enable

undo hybrid-remote-ap enable View: AP template view

Description: Use the hybrid-remote-ap enable command to enable the AP to work in hybrid mode. When the connection between an AP in hybrid mode and the AC is terminated, the AP automatically enables local forwarding mode (disregarding whether local forwarding is configured on the AC) to forward packets for associated clients, but it does not accept new association requests from clients. When the AP re-establishes a CAPWAP connection with the AC, the AP automatically switches back to centralized forwarding mode, and logs out all clients associated with it.

Use the hybrid-remote-ap enable command to restore the default.



Item Description By default, hybrid mode is disabled. 92. Command 92:

undo dns server ipv6 View: AP configuration view

Description: Use the undo dns server command to remove the DNS server for the AP.

By default, no DNS server is specified for the AP. 93. Command 93: display wlan country-code ap { all | name ap-name } [ | { begin | exclude | include } regular-expression ]

View: Any view

Description: name ap-name: Specifies the name of the AP, a case insensitive string of 1 to 32 characters that can contain letters, digits, and underlines, square brackets, slashes, and hyphens, but not spaces.

all: Displays the country code information of all APs.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see the FundamentalsCommand Reference..

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters. 94. Command 94:

country-code code

undo country-code

View: AP template view

Description: Use the country-code command to specify the country code of the AP.

Use the undo country-code command to remove the configuration.

By default, no country code is configured for the AP, and the AP uses the global country code.

An AP configured with a country code uses its own country code.

Related commands: wlan country-code, display wlan country-code. 95. Command 95:

trap-send times interval

undo trap-send times View: System view Description: Use the trap-send times interval set the trap send collection interval.

Use the undo trap-send times command to restore the default.



Item Description 96. Command 96: tcp mss val

undo tcp mss View: Interface view Description: Use the tcp mss command to configure the TCP MSS

Use the undo tcp mss command to restore the default 97. Command97:

undo fips mode enable

fips mode enable

display fips status crypto-diges sha256 file filename

Description: See Security Command Reference of H3C WX Series Access Controllers Command Reference. 98. Command 98:

display mirroring-group all

View: Any view

Description: displays all mirroring groups. 99. Command 2:

undo mirroring-group all

View: System view

Description: remove all mirroring groups. 100. Command 3:

transceiver phony-alarm-disable

undo transceiver phony-alarm-disable

View: System view

Description: disable alarm of the phony modules. 101. Command 4:

link-aggregation port-priority port-priority

undo link-aggregation port-priority


Description: Use the command to set the aggregation priority of a port. 102. Command 5:

qos fifo queue-length queue-length

undo qos fifo queue-length

qos rtpq start-port first-rtp-port-number end-port last-rtp-port-number bandwidth bandwidth [ cbs burst ]

undo qos rtpq


Description: Use the qos fifo queue-length command to set the FIFO queue length. Use the qos rtpq command to enable RTP queuing for RTP packets with even UDP destination port numbers in the specified range on the



Item Description interface. 103. Command 6:




undo dhcp-snooping check request-message

View: Ethernet interface or Layer2 aggregate interface view

Description: Use the command to enable MAC address check or DHCP-REQUEST message check on a DHCP snooping device. 104. Command 7:

ipv6 dhcp snooping trust

undo ipv6 dhcp snooping trust

ipv6 dhcp snooping max-learning-num number

undo ipv6 dhcp snooping max-learning-num


Description: Use the ipv6 dhcp snooping trust command to configure a DHCPv6 trusted port. Use the ipv6 dhcp snooping max-learning-num command to configure the maximum number of DHCPv6 snooping entries an interface can learn. 105. Command 8:

ipv6 neighbors max-learning-num number

undo ipv6 neighbors max-learning-num


Description: Use the command to configure the maximum number of neighbors that can be dynamically learned on the interface. 106. Command 9:


undo dot1x handshake secure

dot1x unicast-trigger

undo dot1x unicast-trigger


Description: Use the dot1x handshake secure command to enable the online user handshake security function. Use the dot1x unicast-trigger command to enable the 802.1X unicast trigger function. 107. Command 10:






Description: Use the command to disable a port or a group of ports from



Item Description changing into dynamic router ports. 108. Command 11:

ipv6 address ipv6-address/prefix-length anycast

undo ipv6 address ipv6-address/prefix-length anycast

View: VLAN interface or management interface view

Description: Use the command to configure an IPv6 anycast address for an interface.

Removed commands

1. Command 1:

display pppoe-server session packet

Module of the command: PPPoE

Description: Specification modified. 2. Command 2:

display ipv6 fibcache Module of the command: IPv6

Description: Specification modified. 3. Command 3: display dldp [ interface-type interface-number ]

Module of the command: DLDP

Description: Specification modified. 4. Command 4: display dldp statistics [ interface-type interface-number ]


Description: Specification modified. 5. Command 5: display dns [ ipv6 ] dynamic-host Module of the command: DNS Description: Specification modified. 6. Command 6: display anti-attack { protocol protocol | all } Module of the command: Security Description: Specification modified. 7. Command 7:

reset anti-attack statistics Module of the command: Security


snmp-agent trap enable ip address

snmp-agent trap enable dhcp server

undo snmp-agent trap enable ip address

undo snmp-agent trap enable dhcp server Module of the command: SNMP



Item Description Description: Specification modified. 9. Command 9:

dldp enable

undo dldp enable dldp interval time

undo dldp interval dldp delaydown-timer time

undo dldp delaydown-timer

dldp reset



portal trap server-down

undo portal trap server-down Module of the command: Portal


anti-attack [ protocol protocol-name | all } ] enable

undo anti-attack [ protocol protocol-name | all } ] enable

anti-attack protocol protocol-name threshold max maxrate min minrate undo anti-attack protocol protocol-name threshold Module of the command: Security


ipv6 fibcache

undo ipv6 fibcache Module of the command: IPv6


wlan specific-mode mode-number enable

undo wlan specific-mode mode-number enable Module of the command: WLAN


dldp reset

dldp enable

undo dldp enable





Item Description accounting

undo accounting

redirect cpu

undo redirect cpu Module of the command: QoS

Description: Specification modified.

Modified commands

1. Command 1:

Original command: display ipv6 fib ipv6-address

Modified command: display ipv6 fib ipv6-address [ prefix-length ] [ | { begin | exclude | include } regular-expression ]

Module of the command: IPv6

Description: add parameter prefix-length, with filter function by specifying a regular expression. 2. Command 2: Original command:

display license Modified command: display license feature-name [ | { begin | exclude | include } regular-expression ] Module of the command: License Management

Description: Add parameter feature-name to specify the feature, with filter function by specifying a regular expression. 3. Command 3: Original command: display acl name acl-name Modified command: display acl name acl-name [ | { begin | exclude | include } regular-expression ] Module of the command: ACL

Description: The string length of parameter acl-name is modified from 1 to 32 to 1 to 63, with filter function by specifying a regular expression. 4. Command 4: Original command: display acl ipv6 name acl-name Modified command: display acl ipv6 name acl-name [ | { begin | exclude | include } regular-expression ] Module of the command: ACL

Description: The string length of parameter acl-name is modified from 1 to 32 to 1 to 63, with filter function by specifying a regular expression. 5. Command 5:



Item Description Original command: display ip socket [ socktype sock-type ] [ task-id socket-id ] Modified command: display ip socket [ socktype sock-type ] [ task-id socket-id ] [ | { begin | exclude | include } regular-expression ] Module of the command: IP Services

Description: The range of parameter task-id is modified from 1 to 150 to 1 to 180, with filter function by specifying a regular expression. 6. Command 6: Original command: display ip interface brief [ interface-type [ interface-number ] ] Modified command: display ip interface [ interface-type [ interface-number ] ] brief [ | { begin | exclude | include } regular-expression ] Module of the command: IP Services

Description: The key word of brief is moved behind the parameters of interface, with filter function by specifying a regular expression. 7. Command 7: Original command: display local-user [ idle-cut { disable | enable } | service-type { dvpn | ftp | lan-access | pad | portal | ppp | ssh | telnet | terminal } | state { active | block } | user-name user-name | vlan vlan-id ] Modified command: display local-user [ idle-cut { disable | enable } | service-type { dvpn | ftp | lan-access | pad | portal | ppp | ssh | telnet | terminal | web } | state { active | block } | user-name user-name | vlan vlan-id ] [ | { begin | exclude | include } regular-expression ] Module of the command: AAA

Description: Add service-type of ‘web’, with filter function by specifying a regular expression. 8. Command 8: Original command: display wlan client [ ap ap-name [ radio radio-number ] | mac-address mac-address | service-template service-template-number ] [ verbose ] Modified command: display wlan client [ ap ap-name [ radio radio-number ] | mac-address mac-address | service-template service-template-number ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Module of the command: WLAN Service

Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32, with filter function by specifying a regular expression. 9. Command 9: Original command: display wlan statistics radio [ap-name] Modified command:



Item Description display wlan statistics radio [ap-name] [ | { begin | exclude | include } regular-expression ] Module of the command: WLAN Service

Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32, with filter function by specifying a regular expression. 10. Command 10: Original command: display wlan ap { all | name ap-name } display wlan ap reboot-log name ap-name [ | { begin | exclude | include } regular-expression ]

display wlan ap { all | name ap-name } rrm-history

display wlan ap { all | name ap-name } rrm-status Modified command: display wlan ap { all | name ap-name } [ verbose ] [ | { begin | exclude | include } regular-expression ] display wlan ap reboot-log name ap-name [ | { begin | exclude | include } regular-expression ] display wlan ap { all | name ap-name } rrm-history [ | { begin | exclude | include } regular-expression ] display wlan ap { all | name ap-name } rrm-status [ | { begin | exclude | include } regular-expression Module of the command: WLAN-RRM

Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32, with filter function by specifying a regular expression. 11. Command 11: Original command: display wlan wmm { radio { all | ap ap-name } | client { all | ap ap-name | mac-address mac-address } } Modified command: display wlan wmm { radio { all | ap ap-name } | client { all | ap ap-name | mac-address mac-address } } [ | { begin | exclude | include } regular-expression ] Module of the command: WLAN QoS Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32, with filter function by specifying a regular expression. 12. Command 12: Original command: display interface brief [ interface-type [interface-number]] [ | { begin | exclude | include } regular-expression ] Modified command: display interface [ interface-type [interface-number]] brief [ | { begin | exclude | include } regular-expression ] Module of the command: Interface Management

Description: The key word of brief is moved behind the parameters of interface.




Original command: display ipc performance { node node-id | self-node } [ channel channel-id ] ipc performance enable { node node-id | self-node } [ channel channel-id ] undo ipc performance enable [ node node-id | self-node ] [ channel channel-id ] reset ipc performance [ node node-id | self-node ] [ channel channel-id ]

Modified command: display ipc performance { node node-id | self-node } [ channel channel-id ] [ | { begin | exclude | include } regular-expression ] ipc performance enable { node node-id | self-node } [ channel channel-id ] undo ipc performance enable [ node node-id | self-node ] [ channel channel-id ] reset ipc performance [ node node-id | self-node ] [ channel channel-id ]

Module of the command: Network Management and Monitoring

Description: The range of parameter node-id is modified from 0 to 179 to 0 to 255. 14. Command 14: Original command: save [ safely ] Modified command: save [ safely ] [ force ] Module of the command: Configuration File Management Description: Add key word force to save the current configuration to the configuration file for the next startup of the device, and the system does not output any interaction information. 15. Command 15: Original command: ping ipv6 [ -a source-ipv6 | -c count | -m interval | -s packet-size | -t timeout ] * host [ -i interface-type interface-number ] tracert ipv6 [ -f first-ttl | -m max-ttl | -p port | -q packet-number | -w timeout ] * host Modified command: ping ipv6 [ -a source-ipv6 | -c count | -m interval | -s packet-size | -t timeout ] * host [ -i interface-type interface-number ] tracert ipv6 [ -f first-ttl | -m max-ttl | -p port | -q packet-number | -w timeout ] * host Module of the command: Network Management and Monitoring Description: The string length of parameter host is modified from 1 to 46 to 1 to 255. 16. Command 16: Original command: reset acl counter name acl-name reset acl ipv6 counter name acl6-name Modified command:



Item Description reset acl counter name acl-name reset acl ipv6 counter name acl6-name Module of the command: ACL Description: The string length of parameter acl-name or acl6-name is modified from 1 to 32 to 1 to 63. 17. Command 17: Original command: reset dns [ ipv6 ] dynamic-host Modified command: reset dns host [ ip | ipv6 | naptr | srv ] Module of the command: DNS Description: Add subtype of the dynamic DNS cache to be cleared. 18. Command 18: Original command: reset wlan statistics { client { all | mac-address mac-address } | radio [ ap-name ] } reset wlan ap { all | name ap-name } reset wlan ap reboot-log { all | name ap-name } Modified command: reset wlan statistics { client { all | mac-address mac-address } | radio [ ap-name ] } reset wlan ap { all | name ap-name } reset wlan ap reboot-log { all | name ap-name } Module of the command: WLAN Services Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32. 19. Command 19: Original command: reset wlan wmm { radio { all | ap ap-name } | client { all | ap ap-name | mac-address mac-address } } Modified command: reset wlan wmm { radio { all | ap ap-name } | client { all | ap ap-name | mac-address mac-address } } Module of the command: WLAN QoS

Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32. 20. Command 20: Original command: primary authentication { ipv4-address | ipv6 ipv6-address } [ port-number | key key ] secondary authentication { ipv4-address | ipv6 ipv6-address } [ port-number | key key ] primary accounting { ipv4-address | ipv6 ipv6-address } [ port-number | key key ] secondary accounting { ipv4-address | ipv6 ipv6-address } [ port-number |



Item Description key key] key { accounting | authentication } key Modified command: primary authentication { ipv4-address | ipv6 ipv6-address } [ port-number | key [ cipher | simple ] key ] secondary authentication { ipv4-address | ipv6 ipv6-address } [ port-number | key [ cipher | simple ] key ] primary accounting { ipv4-address | ipv6 ipv6-address } [ port-number | key [ cipher | simple ] key ] secondary accounting { ipv4-address | ipv6 ipv6-address } [ port-number | key [ cipher | simple ] key] key { accounting | authentication } [ cipher | simple ] key Module of the command: AAA

Description: The display of keyword could be selected as cipher text or plaint text. 21. Command 21: Original command: undo secondary accounting undo secondary authentication Modified command: undo secondary accounting [ ipv4-address | ipv6 ipv6-address ] undo secondary authentication [ ipv4-address | ipv6 ipv6-address ] Module of the command: AAA

Description: Remove the specified secondary RADIUS server. 22. Command 22: Original command: authentication lan-access radius-scheme radius-scheme-name [ local ] authorization lan-access radius-scheme radius-scheme-name [ local ] accounting lan-access radius-scheme radius-scheme-name [ local] Modified command: authentication lan-access radius-scheme radius-scheme-name [ local | none ]} authorization lan-access radius-scheme radius-scheme-name [ local | none ] accounting lan-access radius-scheme radius-scheme-name [ local | none] Module of the command: AAA

Description: Authentication, authorization or accounting could be ignored after RADIUS scheme failed. 23. Command 23: Original command: idle-cut enable minute [ flow ] Modified command: idle-cut enable minute [ flow ] Module of the command: AAA Description: The max value of minute is modified to 600.



Item Description 24. Command 24: Original command: method { md5 | peap-mschapv2 | tls } undo method { md5 | peap-mschapv2 | tls } Modified command: method { md5 | peap-gtc | peap-mschapv2 | tls } undo method { md5 | peap-gtc | peap-mschapv2 | tls } Module of the command: AAA Description: Support a new EAP authentication method that PEAP together with the GTC for authentication in TLS tunnels. 25. Command 25: Original command: ap ap-name radio radio-number undo ap { ap-name [ radio radio-number ] | all } Modified command: ap ap-name radio radio-number undo ap { ap-name [ radio radio-number ] | all } Module of the command: WLAN

Description: In Radio group view or Load balancing group view , the max number of characters in ap-name is extended to 32. 26. Command 26: Original command: echo-interval interval Modified command: echo-interval interval Module of the command: WLAN Description: The min value of interval is modified to 5. 27. Command 27: Original command: cir committed-information-rate [ cbs committed-burst-size ] Modified command: cir committed-information-rate [ cbs committed-burst-size ] Module of the command: AAA Description: The max value of committed-information-rate is modified to 1000000, the max value of committed-burst-size is modified to 62500000. 28. Command 28: Original command: ap template-name-list undo ap template-name-list Modified command: ap template-name-list undo ap template-name-list Module of the command: WALN Description:In AP group view, the max number of characters in AP name is



Item Description extended to 32. 29. Command 29: Original command: mlsp-proxy mac-address mac-address Modified command: mlsp-proxy mac-address mac-address [ vlan vlan-id ] Module of the command: WALN

Description: Support to configure VLAN of MLSP proxy. 30. Command 30:

Original command:

ipv6 address { ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 ] }

undo ipv6 address [ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 ]]

Modified command:

ipv6 address { ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 | anycast ] }

undo ipv6 address [ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 | anycast ] ]

Module of the command: IPv6

Description: Add parameter anycast, Use the ipv6 address anycast command to configure an IPv6 anycast address for an interface.

Use the undo ipv6 address anycast command to remove the IPv6 anycast address from the interface. 31. Command 31 Original command:

undo qos apply policy { inbound | outbound } Modified command: undo qos apply policy [policy-name ] { inbound | outbound }

Module of the command: QoS Description: Add parameter policy-name. 32. Command 32 Original command:

ipv6 address { ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 ] }

undo ipv6 address [ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 ]]

Modified command:

ipv6 address { ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 | anycast ] }

undo ipv6 address [ipv6-address { prefix-length | link-local } | ipv6-address/prefix-length [ eui-64 | anycast ] ] Module of the command: IPv6



Item Description Description: Add parameter anycast; Use the ipv6 address anycast command to configure an IPv6 anycast address for an interface.

Use the undo ipv6 address anycast command to remove the IPv6 anycast address from the interface. 33. Command 33 Original command: undo ipv6 nd ra prefix { ipv6-prefix } Modified command: undo ipv6 nd ra prefix { ipv6-prefix | ipv6-prefix/prefix-length } Module of the command: IPv6 Description: Add parameter prefix-length 34. Command 34 Original command: portal backup-group group-id Modified command: portal backup-group group-id Module of the command: Portal

Description:The range of group-id is modified from 1 to 16 to 1 to 256 35. Command 35 Original command: dhcp relay address-check { enable | disable } Modified command: dhcp relay address-check enable

undo dhcp relay address-check enable Module of the command: DHCP View: Vlan interface view

Description:The disable command is replaced by undo command. 36. Command 36 Original command:

ppp account-statistics enable Modified command: ppp account-statistics enable [ acl { acl-number | name acl-name } ] Module of the command: PPP View: Virtual template interface view Description: Add parameter acl for traffic that matches the configured ACL . 37. Command 37

Original command:

ppp authentication-mode { chap | pap } * [ [ call-in ] domain isp-name ] Modified command: ppp authentication-mode { chap | ms-chap | ms-chap-v2 | pap } * [ [ call-in ] domain isp-name ] Module of the command: PPP View: Virtual template interface view



Item Description Description: Add parameter ms-chap and ms-chap-v2. 38. Command 38

Original command:

undo qos apply policy { inbound | outbound } Modified command: undo qos apply policy [ policy-name ] { inbound | outbound } Module of the command: QoS Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually. View: Wlan-ess interface view

Description: Add parameter policy-name. 39. Command 39 Original command: snmp-agent target-host trap address udp-domain { ip-address | ipv6 ipv6-address } [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string [ v1 | v2c | v3 [ authentication | privacy ] ] undo snmp-agent target-host trap address udp-domain { ip-address | ipv6 ipv6-address } params securityname security-string [ vpn-instance vpn-instance-name ] Modified command: snmp-agent target-host trap address udp-domain { ip-address | ipv6 ipv6-address } [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string [ v1 | v2c | v3 [ authentication | privacy ] ] undo snmp-agent target-host trap address udp-domain { ip-address | ipv6 ipv6-address } params securityname security-string [ vpn-instance vpn-instance-name ] Module of the command: Network Management and Monitoring Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually. View: System view Description: The parameter ip-address is modified from IPv4 address to IPv4 address or name of the trap target host. 40. Command 40

Original command: info-center loghost { host-ipv4-address | ipv6 host-ipv6-address } [ port port-number ] [ channel { channel-number | channel-name } | facility local-number ] * undo info-center loghost{ host-ipv4-address | ipv6 host-ipv6-address } Modified command: info-center loghost { host-ipv4-address | ipv6 host-ipv6-address } [ port port-number ] [ channel { channel-number | channel-name } | facility local-number ] * undo info-center loghost{ host-ipv4-address | ipv6 host-ipv6-address } Module of the command: Network Management and Monitoring



Item Description Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually. View: System view

Description: The parameter host-ipv4-address is modified from IPv4 address to IPv4 address or name of the trap target host，add parameter IPv6. 41. Command 41: Original command: ipv6 host hostname ipv6-address undo ipv6 host hostname [ ipv6-address ] ip host hostname ip-address undo ip host hostname [ ip-address ] Modified command: ipv6 host hostname ipv6-address undo ipv6 host hostname [ ipv6-address ] ip host hostname ip-address undo ip host hostname [ ip-address ] Module of the command: IP Services Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually. View: System view Description: The range of hostname is modified from 1 to 20 to 1 to 255 characters. 42. Command 42 Original command: stp port-log { instance instance-id | all } undo stp port-log { instance instance-id | all } Modified command: stp port-log instance { instance-id | all } undo stp port-log instance { instance-id | all } Module of the command: LAN Switching Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually. View: System view Description: The parameter is modified from all to instance all. 43. Command 43

Original command: undo local-user { user-name | all [ service-type { ftp | lan-access | portal | ppp | ssh | telnet | terminal } ] }

Modified command: undo local-user { user-name | all [ service-type { ftp | lan-access | portal | ppp | ssh | telnet | terminal | web } ] } Module of the command: AAA Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually. View: System view



Item Description Description: Add parameter web 44. Command 44

Original command:

undo radius nas-ip

undo hwtacacs nas-ip

Modified command: undo radius nas-ip { ipv4-address | ipv6 ipv6-address } undo hwtacacs nas-ip ip-address Module of the command: AAA Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually. View: System view

Description: Add parameter ip address. 45. Command 45

Original command: wlan ap ap-name [ model model-name [ id ap-id ] ] undo wlan ap ap-name Modified command: wlan ap ap-name [ model model-name [ id ap-id ] ] undo wlan ap ap-name Module of the command: WLAN Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually.View: System view

Description: The range of ap-name is modified from 1 to 15 to 1 to 32 characters . 46. Command 46

Original command: info-center timestamp loghost { date | no-year-date | none }

Modified command: info-center timestamp loghost { date | no-year-date | none | iso } Module of the command: Network Management and Monitoring Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually.View: System view Description: Add parameter iso. 47. Command 47

Original command:

patch load patch install patch-location patch { active | deactive | run | delete } patch-number

Modified command: patch load [ file filename ] patch install { patch-location | file filename } patch { active | deactive | run | delete } [ patch-number ]



Item Description Module of the command: Fundamentals Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually.View: System view

Description: Add parameter file，modify parameter patch-number. 48. Command 48

Original command: acl name acl-name undo acl name acl-name acl number acl-number [ name acl-name ] [ match-order { auto | config } ] acl copy { source-acl-number | name source-acl-name } to { dest-acl-number | name dest-acl-name } acl ipv6 name acl-name undo acl ipv6 name acl-name acl ipv6 number acl6-number [ name acl6-name ] [ match-order { auto | config } ] acl ipv6 copy { source-acl6-number | name source-acl6-name } to { dest-acl6-number | name dest-acl6-name }

Modified command: acl name acl-name undo acl name acl-name acl number acl-number [ name acl-name ] [ match-order { auto | config } ] acl copy { source-acl-number | name source-acl-name } to { dest-acl-number | name dest-acl-name } acl ipv6 name acl-name undo acl ipv6 name acl-name acl ipv6 number acl6-number [ name acl6-name ] [ match-order { auto | config } ] acl ipv6 copy { source-acl6-number | name source-acl6-name } to { dest-acl6-number | name dest-acl6-name }

Module of the command: ACL Description: Adding parameter vlan to support adding wlan-tunnel to vlan manually.View: System view

Description: The range of acl-name is modified from 1 to 32 to 1 to 63 characters. 49. Command 49: Original command: Ip route-static dest-address { mask | mask-length } { next-hop-address [track track-entry-number ] | interface-type interface-number [ next-hop-address ] } [ preference preference-value ] [ description description-text ] Modified command: Ip route-static dest-address { mask | mask-length } { next-hop-address [track track-entry-number ] | interface-type interface-number [ next-hop-address ] } [ preference preference-value ] [ permanent ] [ description description-text ] Module of the command: IP-Routing

Description: Adding parameter permanent.



Item Description 50. Command 50: Original command: dhcp server threshold { allocated-ip threshold-value | average-ip-use threshold-value | max-ip-use threshold-value } Modified command: dhcp server threshold { allocated-ip threshold-value | average-ip-use threshold-value | max-ip-use threshold-value } Module of the command: IP Services Description: The range of parameter threshold-value is modified from 0 to 100 to 1 to 100. 51. Command 51: Original command: port-security mac-address security mac-address vlan vlan-id Modified command: port-security mac-address security [ sticky ] mac-address vlan vlan-id Module of the command: Port Security Description: Adding parameter sticky. 52. Command 52: Original command: resend-interval resend-interval collection-interval collection-interval Modified command: resend-interval resend-interval collection-interval collection-interval Module of the command: Device Management Description: The range of parameter resend-interval is modified from 0 to 900 to 0 to 3600；the range of parameter collection-interval is modified from 0 to 300 to 0 to 60. 53. Command 53: Original command: ip host hostname ip-address Modified command: ip host hostname ip-address Module of the command: IP Serivces Description: The string length of parameter hostname is modified from 1 to 20 to 1 to 255. 54. Command 54: Original command: wlan ap ap-name [ model model-name [ id ap-id ] ] wlan auto-ap persistent { all | name auto-ap-name [ new-ap-name ]} wlan ap-execute ap-name conversion-to-fatap Modified command: wlan ap ap-name [ model model-name [ id ap-id ] ] wlan auto-ap persistent { all | name auto-ap-name [ new-ap-name ]} wlan ap-execute ap-name conversion-to-fatap



Item Description Module of the command: WLAN Service Description: The string length of parameters ap-name, auto-ap-name and new-ap-name are modified from 1 to 15 to 1 to 32. 55. Command 55: Original command: undo rule rule-id [fragment | logging | source | time-range | vpn-instance ] * Modified command: undo rule rule-id [ counting | fragment | logging | source | time-range | vpn-instance ] * Module of the command: ACL

Description: Add parameter counting, Counts the number of times the IPv4 ACL rule has been matched. 56. Command 56: Original command: rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | destination { dest-addr dest-wildcard | any } | destination-port operator port1 [ port2 ] | dscp dscp | fragment | icmp-type { icmp-type <icmp-code> | icmp-message } | logging | precedence precedence | reflective | source { sour-addr sour-wildcard | any } | source-port operator port1 [ port2 ] | time-range time-range-name | tos tos | vpn-instance vpn-instance-name ] * undo rule rule-id Modified command: rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | counting | destination { dest-addr dest-wildcard | any } | destination-port operator port1 [ port2 ] | dscp dscp | fragment | icmp-type { icmp-type [ icmp-code ] | icmp-message } | logging | precedence precedence | reflective | source { sour-addr sour-wildcard | any } | source-port operator port1 [ port2 ] | time-range time-range-name | tos tos | vpn-instance vpn-instance-name ] * undo rule rule-id [ counting | time-range ] Module of the command: ACL

Description: Change parameter of ICMP code to optional parameters. Add parameter counting, Counts the number of times the IPv4 ACL rule has been matched. 57. Command 57: Original command: rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | destination { dest dest-prefix | dest/dest-prefix | any } | destination-port operator port1 [ port2 ] | dscp dscp | fragment | icmp6-type { icmp6-type icmp6-code | icmp6-message } | logging | routing [ type routing-type ] | source { source source-prefix | source/source-prefix | any } | source-port operator port1 [ port2 ] |



Item Description time-range time-range-name | vpn-instance vpn-instance-name ]* undo rule rule-id [ { { ack | fin | psh | rst | syn | urg } * | established } | destination | destination-port | dscp | fragment | icmp6-type | logging | routing | source | source-port | time-range | vpn-instance ] * Modified command: rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * | established } | counting | destination { dest dest-prefix | dest/dest-prefix | any } | destination-port operator port1 [ port2 ] | dscp dscp | flow-label flow-label-value | fragment | icmp6-type { icmp6-type icmp6-code | icmp6-message } | logging | routing [ type routing-type ] | source { source source-prefix | source/source-prefix | any } | source-port operator port1 [ port2 ] | time-range time-range-name | vpn-instance vpn-instance-name ]* undo rule rule-id [ { { ack | fin | psh | rst | syn | urg } * | established } | counting | destination | destination-port | dscp | flow-label | fragment | icmp6-type | logging | routing | source | source-port | time-range | vpn-instance ] * Module of the command: ACL6

Description: Add parameter counting, counts the number of times the IPv6ACL rule has been matched. Add parameter flow-label, Specifies a flow label value in an IPv6 packet header. The flow-label-value argument is in the range 0 to 1048575. 58. Command 58:

Original command: car cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peak-information-rate ] [ red action ] [ hierarchy-car hierarchy-car-name [ mode { and | or } ] ] Modified command: car cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peak-information-rate ] [ green action ] [ red action ] [ hierarchy-car hierarchy-car-name [ mode { and | or } ] ] Module of the command: QoS

Description: Add parameter green action, green action: Action to take on packets that conform to CIR. The default is pass. Add parameter remark-lp-pass of action: Sets the action to take on the packet, new-local-precedence—Sets the local precedence value of the packet to new-local-precedence and permits the packet to pass through. The new-local-precedence argument ranges from 0 to 7. 59. Command 59:

Original command: if-match [ not ] acl [ ipv6 ] { acl-number | name acl-name } [ update acl [ ipv6 ] { acl-number | name acl-name } ] undo if-match [ not ] acl [ ipv6 ] { acl-number | name acl-name } [ update acl [ ipv6 ] { acl-number | name acl-name } ] Modified command: if-match [ not ] acl [ ipv6 ] { acl-number | name acl-name } [ update acl



Item Description [ ipv6 ] { acl-number | name acl-name } ] undo if-match [ not ] acl [ ipv6 ] { acl-number | name acl-name } [ update acl [ ipv6 ] { acl-number | name acl-name } ] Module of the command: QoS

Description: The range of acl-name is modified from 1 to 32 to 1 to 63. 60. Command 60:

Original command: reaction item-number checked-element probe-fail threshold-type { consecutive consecutive-occurrences } [ action-type ] Modified command: reaction item-number checked-element probe-fail threshold-type { accumulate accumulate-occurrences | consecutive consecutive-occurrences } [ action-type { none | trap-only } ] Module of the command: UDP jitter, voice test type view

Description: Add parameter trap-only, specifies to record events and send SNMP trap messages. 61. Command 61:

Original command: static-bind ip-address ip-address [ mask-length | mask mask ] Modified command: static-bind ip-address ip-address [ mask-length | mask mask ] Module of the command: DHCP Description: The range of mask-length is modified from 1 to 32 to 1 to 30. 62. Command 62:

Original command: option code { ascii ascii-string | hex hex-string&<1-16> | ip-address ip-address&<1-8> } Modified command: option code { ascii ascii-string | hex hex-string&<1-16> | ip-address ip-address&<1-8> } Module of the command: DHCP

Description: The string lenth of ascii-string is modified from 1 to 63 to 1 to 255. 63. Command 63:

Original command: expired { day day [ hour hour [ minute minute] ] | unlimited } Modified command: expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited } Module of the command: DHCP

Description: Add parameter second second, specifies the number of seconds, in the range of 0 to 59. 64. Command 64 Original command:



Item Description authorization-attribute { acl acl-number | callback-number callback-number | idle-cut minute | level level | user-profile profile-name | vlan vlan-id | work-directory directory-name } * Modified command: authorization-attribute { acl acl-number | callback-number callback-number | idle-cut minute | level level | user-profile profile-name | user-role { guest | guest-manager | security-audit } | vlan vlan-id | work-directory directory-name } * Module of the command: Local user Description: Add parameter user-role, user-role: Specifies the role for the local user. This keyword is available in only local user view. Users playing different roles can access different levels of commands. If you specify no role for a local user, the access right of the user after login depends on other authorization attributes. Supported roles include: • guest: A guest user account is usually created through the web interface. • guest-manager: After passing authentication, a guest manager can only

use the web interface to access guest-related pages to, for example, create, modify, or change guest user accounts.

• security-audit: A local user playing this role is a security log administrator After passing authentication, a security log administrator can manage security log files, for example, save security log files. For more information about the commands that a security log administrator can use, see the Network Management and Monitoring Command Reference.

65. Command 65 Original command: bind-attribute { call-number call-number [ : subcall-number ] | ip ip-address | location port slot-number subslot-number port-number | mac mac-address | vlan vlan-id } * Modified command: bind-attribute { call-number call-number [ : subcall-number ] | ip ip-address | location port slot-number subslot-number port-number | mac mac-address | vlan vlan-id } * Module of the command: Local user Description: The range of slot-number is modified from 1 to 1024 to 1 to 255. 66. Command 66: Original command: undo authorization-attribute { acl | callback-number | idle-cut | level | user-profile | vlan | work-directory } * Modified command: undo authorization-attribute { acl | callback-number | idle-cut | level | user-profile | user-role | vlan | work-directory } * Module of the command: Local user

Description: Add parameter user-role, Specifies the role for the local user. This keyword is available in only local user view. Users playing different roles can access different levels of commands. 67. Command 67: Original command:



Item Description display wlan ids attack-list { config | all | ap ap-name } Modified command: display wlan ids attack-list { config | all | ap ap-name } Module of the command: WLAN IDS

Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32. 68. Command 68: Original command: wlan ap ap-name [ model model-name [ id ap-id ] ] undo wlan ap ap-name Modified command: wlan ap ap-name [ model model-name [ id ap-id ] ] undo wlan ap ap-name Module of the command: WLAN IDS

Description: The string length of parameter ap-name is modified from 1 to 15 to 1 to 32. 69. Command 69: Original command: portal free-rule rule-number { destination { any | ip { ip-address mask { mask-length | mask } | any } [ tcp tcp-port-number | udp udp-port-number ] } | source { any | [ interface interface-type interface-number | ip { ip-address mask { mask-length | mask } | any } [ tcp tcp-port-number | udp udp-port-number ] | mac mac-address | vlan vlan-id ]| * } } * Modified command: portal free-rule rule-number { destination { any | ip { ip-address mask { mask-length | mask } | any } [ tcp tcp-port-number | udp udp-port-number ] } | source { any | [ interface interface-type interface-number | ip { ip-address mask { mask-length | mask } | any } [ tcp tcp-port-number | udp udp-port-number ] | mac mac-address | vlan vlan-id ] | hostname hostname * } } * Module of the command: Portal Description: Add parameter hostname. Specifies an PC host name 70. Command 70: Original command: service-template service-template-number [ vlan vlan-id ] Modified command: service-template service-template-number [ vlan vlan-id ] [nas-port-id portid] Module of the command:WLAN Description: Add parameter nas-port-id. 71. Command 71: Original command: ssh2 server [ port-number ] [ vpn-instance vpn-instance-name ] [prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1



Item Description | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Modified command: ssh2 server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key dentity-key| prefer-ctos-cipher prefer-ctos-cipher | prefer-ctos-hmac prefer-ctos-hmac | prefer-kex prefer-kex | prefer-stoc-cipher prefer-stoc-cipher | prefer-stoc-hmac prefer-stoc-hmac] *

Module of the command: SSH

Description: Add parameter identity-key, Specifies the algorithm for publickey authentication, either dsa or rsa. The default is dsa.

Change parameter prefer-kex/prefer-ctos-cipher/prefer-stoc-cipher/prefer-ctos-hmac/prefer-stoc-hmac to string, the length is form 1 to 128;

Use the ssh2 command to establish a connection to an IPv4 SSH server and specify the public key algorithm, the preferred key exchange algorithm, and the preferred encryption algorithms and preferred HMAC algorithms between the client and server. 72. Command 72:

Original command: ssh2 ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Modified command: ssh2 ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key dentity-key| prefer-ctos-cipher prefer-ctos-cipher | prefer-ctos-hmac prefer-ctos-hmac | prefer-kex prefer-kex | prefer-stoc-cipher prefer-stoc-cipher | prefer-stoc-hmac prefer-stoc-hmac] * Module of the command: ssh



Use the ssh2 ipv6 command to establish a connection to an IPv6 SSH server and specify public key algorithm, the preferred key exchange algorithm, and the preferred encryption algorithms and preferred HMAC algorithms between the client and server 73. Command 73: Original command: sftp server [ port-number ] [ vpn-instance vpn-instance-name ] [ prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } |



Item Description prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Modified command: sftp server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key dentity-key| prefer-ctos-cipher prefer-ctos-cipher | prefer-ctos-hmac prefer-ctos-hmac | prefer-kex prefer-kex | prefer-stoc-cipher prefer-stoc-cipher | prefer-stoc-hmac prefer-stoc-hmac] * Module of the command: ftp/tftp



Use the sftp command to establish a connection to a remote SFTP server and enter SFTP client view 74. Command 74: Original command: sftp ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [ prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Modified command: sftp ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key dentity-key| prefer-ctos-cipher prefer-ctos-cipher | prefer-ctos-hmac prefer-ctos-hmac | prefer-kex prefer-kex | prefer-stoc-cipher prefer-stoc-cipher | prefer-stoc-hmac prefer-stoc-hmac] * Module of the command: ftp/tftp



Use the sftp ipv6 command to establish a connection to a remote IPv6 SFTP server and enter SFTP client view. 75. Command 75: Original command: super password [ level user-level ] { simple | cipher } password Modified command: super password [ level user-level ] { simple | cipher } password Module of the command:CLI

Description: The string length of password is modified from 1 to 16/24 to 1 to 256. 76. Command 76 Original command:



Item Description sftp server [ port-number ] [prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Modified command: sftp server [ port-number ] [ identity-key rsa| prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Module of the command: Security Description: Add parameter identity-key rsa. 77. Command 77: Original command: sftp ipv6 server [ port-number ] [ prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * Modified command: sftp ipv6 server [ port-number ] [ identity-key rsa | prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] *

Module of the command: Security Description: Add parameter identity-key rsa. 78. Command 78: Original command:

display device manuinfo

display reboot-type Modified command:

display device manuinfo [ subslot subslot-number ] [ | { begin | exclude | include } regular-expression ]

display reboot-type [ subslot subslot-number ] [ | { begin | exclude | include } regular-expression ] Module of the command: Device management Description:The slot number of a card can be specified . 79. Command 79: Original command:

undo dhcp-snooping information format [ verbose node-identifier] Modified command:

undo dhcp-snooping information format Module of the command: DHCP



Item Description Description: verbose node-identifier can not specified in this command. 80. Command 80: Original command:

port-security mac-address security mac-address vlan vlan-id

undo port-security mac-address security mac-address vlan vlan-id Modified command:

port-security mac-address security [ sticky ] mac-address vlan vlan-id

undo port-security mac-address security [ sticky ] mac-address vlan vlan-id Module of the command: DHCP Description: A sticky MAC address can be configured by the command. 81. Command 81: Original command:

undo qos apply policy { inbound | outbound } Modified command:

undo qos apply policy [ policy-name ] { inbound | outbound } Module of the command: QoS Description: QoS policy of the specified name can be removed.

MIB updates relative to WX5004-CMW520-R2107P10

Table 15 MIB updates

Item MIB file Module Description

A5000-CMW520-R2303(First release on new branch) New None None None

Modified None None None

Configuration changes relative to WX5004-CMW520-R2107P10

None.



Resolved problems in A5000-CMW520-R2303 relative to WX5004-CMW520-R2107P10

Problem WLD29956

• First Found-in Version: CMW520-R2107P10

• Condition: None

• Description: AC works in US country-code, RRM adjusts radio power to 19dbm, but radio can only support maximum power as 13dbm in regulatory domain.

Problem WLD29957


• Condition: None

• Description: WA2620-AGN should increase 2dbm on channel 1 and channel 11, when country-code is “US”.

Problem WLD30273


• Condition: None

• Description: When ARP-Snooping is enabled, AC will periodically send one special ARP request frame. This is not correct.

Problem WLD30289

• First Found-in Version: CMW520-D2302

• Condition: None

• Description: ARP-Snooping is only enabled. When AC receives one unicast arp frame, system should drop it but currently forwards it out.

Problem WLD30313

• First Found-in Version: CMW520- D2302

• Condition: None

• Description: When AC works in AU country-code, 11a supports 120, 124 and 128 channel. That doesn’t comply with Australia regulatory.

Problem WLD29566


• Condition: None

• Description: WX5004 in Australia finds the MIB node of h3cDot11MaxBandwidth,can’t be get by IMC.

Problem WLD30047




• Condition: None

• Description: In 3M network, when RRM changes the channel, the radio’s power can’t be adjusted as the same time which will keep as one invalid power.

Problem WLD28836


• Condition: None

• Description: WX5004 in Australia uses RRM. After power calibration, “power-lock” can lock radio power and avoid new calibration. But if the device is rebooted, the max-power of radio will be restored as default value.

© Copyright 2011Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.