Comware Based
Showing results for 
Search instead for 
Did you mean: 

How can I pull partial configs off of a TFTP server to an MSR30-20, A6604, or A7500....


How can I pull partial configs off of a TFTP server to an MSR30-20, A6604, or A7500....

So I'm trying to manage ACLs across a large environment. As such, there are lots of comments in these ACLs to explain why they exist, what they affect, who to contact to talk about an ACL, etc.  The problem is that the switch/routers themselves do not hold this many comments. 


What we want to do (and are doing with cisco gear) is maintain large ACL lists off of a TFTP server that we then periodically load into the switch/router/etc on an as needed basis.  For instance, lets assume the following for a short ACL file:



# $Id: twilight.acl,v 1.76 2013/06/17 20:47:40 root Exp root $

# $Source: /var/lib/tftpboot/acl/RCS/twilight.acl,v $


# remove the running ACL prior to installing the replacement

undo acl number 2010

# ACL 2010

#   Author:  person-x-y-z

#   Purpose: This ACL was designed to allow a specific block of addresses to

#            pass through this router chokepoint and onward to the firewall

#            where they will later be NAT'd to the public space.


acl number 2010 name access-public-acl
 rule 50 permit source
 rule 50 comment Addresses allowed to communicate with the Internet
 rule 90 deny


This is a rather simple example, however the point is that we can manage the files under RCS control on a unix box, we can put whatever comments we want in the file, and that only the executable lines are actually loaded by the router.


With Cisco equipment, we use "configure net" and it pulls in this fragment (we replace "undo" with "no", etc) to the router to get our new ACL in place.


We have been unable to figure this one out with COMWARE devices nor have we seen anywhere on the web comments one way or another on how to deal with TFTP configs that are NOT the entire configuration of the file (the point of these ACLs are that we might install the same ACL list on a dozen devices. Its up to the interfaces to use or not use the ACLs, but at least they are common across the entire data center).


Any suggestions? ideas? pointers?


Thanks in advanced!

Honored Contributor

Re: How can I pull partial configs off of a TFTP server to an MSR30-20, A6604, or A7500....



I had been looking for this myself for a while and did not find a cli option to get it done.

Recently I discovered the configfile snmp operations, and through SNMP comware allows a tftp to running config.


This would be the setup:

1/ Install management system with net-snmp

Copy these files to the shared mibs folder of net-snmp:



2/ Configure devices with SNMP write (I used v2c, but v3 should work as well)


3/ Configure tftp server with config file. Sample file acl.cfg :

undo acl number 3001
# testing comments
acl number 3001
 rule 0 permit tcp destination-port eq www
 rule 5 permit ip


4/ on the management system, run this command:

# tell snmpset to use the MIBS folder and load all mibs. Configure snmp community and host ip as required.


# config file management creates "job" rows, which must be unique. In order to be sure the new record is available, delete the record first. In this example, record 1 is deleted (this record may not exist, so just to be safe)


snmpset -v 2c -M C:\usr\share\snmp\mibs -m ALL -c private hh3cCfgOperateRowStatus.1 i destroy


# create new job record, with tftp server ip and filename:


snmpset -v 2c -M C:\usr\share\snmp\mibs -m ALL -c private hh3cCfgOperateType.1 i net2Running hh3cCfgOperateProtocol.1 i tftp hh3cCfgOperateFileName.1 s acl.cfg hh3cCfgOperateServerAddress.1 a   hh3cCfgOperateRowStatus.1 i createAndGo


That is it, this worked for me (download and execute to running config).


To save the running to startup config ( did not lookup the correct MIB naming ...)

snmpset -v 2c -c private i 1 i 4

See attached H3C doc for config file reference,


Hope this helps,

Best regards,Peter.










Re: How can I pull partial configs off of a TFTP server to an MSR30-20, A6604, or A7500....

Yikes, thats way convoluted. Ok, let me get some dinner and plan on an evening of joyous SNMP work to see what I can do... *sigh*


 Looks like the latest MIB is MIBs_V8 built on 05-Nov-2014. I found the latest (for the MSR20-20) at with of course the latest MSR30-20 at


Geesh, 236MB of MIBs... whats in there, the kitchen sink?

Respected Contributor

Re: How can I pull partial configs off of a TFTP server to an MSR30-20, A6604, or A7500....

Hi Mdella,


On the 7500 (comware 5), you can use the "execute" command.


Upload a file "<mycmds>.bat" with the commands you want to execute (yes it MUST have the ".bat" extension ...) , and do a

] execute <mycmds>.bat 





Søren Dideriksen, Network Administrator
Region Midtjylland