- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Re: How can I pull partial configs off of a TFTP s...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-03-2013 03:47 AM
07-03-2013 03:47 AM
How can I pull partial configs off of a TFTP server to an MSR30-20, A6604, or A7500....
So I'm trying to manage ACLs across a large environment. As such, there are lots of comments in these ACLs to explain why they exist, what they affect, who to contact to talk about an ACL, etc. The problem is that the switch/routers themselves do not hold this many comments.
What we want to do (and are doing with cisco gear) is maintain large ACL lists off of a TFTP server that we then periodically load into the switch/router/etc on an as needed basis. For instance, lets assume the following for a short ACL file:
# FILE UNDER RCS CONTROL (aclmgmt.domainname.com)
# $Id: twilight.acl,v 1.76 2013/06/17 20:47:40 root Exp root $
# $Source: /var/lib/tftpboot/acl/RCS/twilight.acl,v $
#
# remove the running ACL prior to installing the replacement
undo acl number 2010
# ACL 2010
# Author: person-x-y-z +1.xxx.xxx.xxxx
# Purpose: This ACL was designed to allow a specific block of addresses to
# pass through this router chokepoint and onward to the firewall
# where they will later be NAT'd to the public space.
#
acl number 2010 name access-public-acl
rule 50 permit source 172.24.192.0 0.0.3.255
rule 50 comment Addresses allowed to communicate with the Internet
rule 90 deny
This is a rather simple example, however the point is that we can manage the files under RCS control on a unix box, we can put whatever comments we want in the file, and that only the executable lines are actually loaded by the router.
With Cisco equipment, we use "configure net" and it pulls in this fragment (we replace "undo" with "no", etc) to the router to get our new ACL in place.
We have been unable to figure this one out with COMWARE devices nor have we seen anywhere on the web comments one way or another on how to deal with TFTP configs that are NOT the entire configuration of the file (the point of these ACLs are that we might install the same ACL list on a dozen devices. Its up to the interfaces to use or not use the ACLs, but at least they are common across the entire data center).
Any suggestions? ideas? pointers?
Thanks in advanced!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2013 03:56 PM
07-22-2013 03:56 PM
Re: How can I pull partial configs off of a TFTP server to an MSR30-20, A6604, or A7500....
Hi,
I had been looking for this myself for a while and did not find a cli option to get it done.
Recently I discovered the configfile snmp operations, and through SNMP comware allows a tftp to running config.
This would be the setup:
1/ Install management system with net-snmp
Copy these files to the shared mibs folder of net-snmp:
hh3c-oid.mib
hh3c-common-system.mib
hh3c-config-man.mib
hh3c-sys-man.mib
rfc2578.sm2
rfc2579.sm2
rfc2580.sm2
2/ Configure devices with SNMP write (I used v2c, but v3 should work as well)
3/ Configure tftp server with config file. Sample file acl.cfg :
undo acl number 3001
# testing comments
acl number 3001
rule 0 permit tcp destination-port eq www
rule 5 permit ip
return
4/ on the management system, run this command:
# tell snmpset to use the MIBS folder and load all mibs. Configure snmp community and host ip as required.
# config file management creates "job" rows, which must be unique. In order to be sure the new record is available, delete the record first. In this example, record 1 is deleted (this record may not exist, so just to be safe)
snmpset -v 2c -M C:\usr\share\snmp\mibs -m ALL -c private 10.0.0.1 hh3cCfgOperateRowStatus.1 i destroy
# create new job record, with tftp server ip and filename:
snmpset -v 2c -M C:\usr\share\snmp\mibs -m ALL -c private 10.0.0.1 hh3cCfgOperateType.1 i net2Running hh3cCfgOperateProtocol.1 i tftp hh3cCfgOperateFileName.1 s acl.cfg hh3cCfgOperateServerAddress.1 a 10.0.1.100 hh3cCfgOperateRowStatus.1 i createAndGo
That is it, this worked for me (download and execute to running config).
To save the running to startup config ( did not lookup the correct MIB naming ...)
snmpset -v 2c -c private 10.0.0.1 1.3.6.1.4.1.25506.2.4.1.2.4.1.2.1 i 1 1.3.6.1.4.1.25506.2.4.1.2.4.1.9.1 i 4
See attached H3C doc for config file reference,
Hope this helps,
Best regards,Peter.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2015 07:49 PM - edited 03-15-2015 07:57 PM
03-15-2015 07:49 PM - edited 03-15-2015 07:57 PM
Re: How can I pull partial configs off of a TFTP server to an MSR30-20, A6604, or A7500....
Yikes, thats way convoluted. Ok, let me get some dinner and plan on an evening of joyous SNMP work to see what I can do... *sigh*
Looks like the latest MIB is MIBs_V8 built on 05-Nov-2014. I found the latest (for the MSR20-20) at https://h10145.www1.hp.com/downloads/SoftwareReleases.aspx?ProductNumber=JF283A with of course the latest MSR30-20 at https://h10145.www1.hp.com/downloads/SoftwareReleases.aspx?ProductNumber=JF284A
Geesh, 236MB of MIBs... whats in there, the kitchen sink?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2015 12:35 PM
03-16-2015 12:35 PM
Re: How can I pull partial configs off of a TFTP server to an MSR30-20, A6604, or A7500....
Hi Mdella,
On the 7500 (comware 5), you can use the "execute" command.
Upload a file "<mycmds>.bat" with the commands you want to execute (yes it MUST have the ".bat" extension ...) , and do a
] execute <mycmds>.bat
Regards.
Region Midtjylland