Category Archives: HP Networking

Permanently delete files on HP/H3C devices

It has come to my attention that a lot of users are visiting this site looking for info on how to permanently delete files on an HP/H3C router or switch.

This is a very easy task, though it may not be as obvious as it seems.

The delete file command moves a file to the recycle bin. To restore the file, use the undelete command. If you delete two files with the same file name in different directories, only the last one is retained in the recycle bin.

The dir /all command displays the files moved to the recycle bin. These files are enclosed in pairs of square brackets [ ]. To permanently delete these files, use the reset recycle-bin command.

To permanently delete a file and (finally) free some space for that dreaded firmware upgrade, use the delete /unreserved file command. Of course, it goes without saying that the deleted file cannot be restored.

Voice VLANs on HP Networking

In order to configure voice vlans, we need to play around with trunks and vlan tags. However, one may be surprised to find that on H3C HP hardware, there are three port link types:

  • Access
  • Trunk
  • Hybrid

So what on earth is a hybrid port? In order to answer that question, it is necessary to point out that VLAN classification of frames/packets can be based on the following:

  • Port-based
  • MAC address-based
  • Protocol-based
  • IP-subnet-based
  • Policy-based
  • Other types

Normally, everything happens on port level – depending on the VLAN access port setup, traffic entering a certain port will get classified into the correct VLAN.

A Hybrid port is  a port that can belong to multiple VLANs, can receive or send packets for multiple VLANs, used to connect either user or network devices.

That basically means that a hybrid port can do almost whatever you want it to do. For example, you can assign the port to appear as an access port to a specific MAC address, while still functioning as a trunk, while having a native vlan for untagged traffic. Also, a hybrid port can function as a trunk port with a native vlan.

So, in a nutshell, in order to configure your regular port with tagged vlan for VoIP phones + access vlan for the PC, you can either choose the classic method, or use a hybrid port. Since I presume everybody knows how to do it the old-fashioned way, let us configure it using a hybrid port.

So, what do we need for an IP phone and a PC? A tagged vlan for the Voice packets and an access vlan for the PC. Let us assume that vlan 102 is the Voice vlan, and vlan 7 is the PC vlan.

[HP-KC51-V] interface GigabitEthernet1/0/1
[HP-KC51-V-GigabitEthernet1/0/1] port link-type hybrid
[HP-KC51-V-GigabitEthernet1/0/1] port hybrid pvid vlan 7
[HP-KC51-V-GigabitEthernet1/0/1] port hybrid vlan 102 tagged
Please wait... Done.

[HP-KC51-V-GigabitEthernet1/0/1] stp edged-port enable
Warning: Edge port should only be connected to terminal. It will cause temporary loops if port GigabitEthernet1/0/1 is connected to bridges. Please use it carefully!

[HP-KC51-V-GigabitEthernet1/0/1] poe enable
#May 11 13:38:28:863 2000 HP-KC51-V POE/1/PSE_PORT_ON_OFF_CHANGE:
Trap PSE ID 4, IfIndex 9437185, Detection Status 3.
#May 11 13:38:30:978 2000 HP-KC51-V IFNET/4/INTERFACE UPDOWN:
Trap Interface 9437185 is Up, ifAdminStatus is 1, ifOperStatus is 1
#May 11 13:38:31:169 2000 HP-KC51-V MSTP/1/PFWD: hwPortMstiStateForwarding: Instance 0's Port 0.9437185 has been set to forwarding state!
%May 11 13:38:31:525 2000 HP-KC51-V IFNET/3/LINK_UPDOWN: GigabitEthernet1/0/1 link status is UP.
%May 11 13:38:31:650 2000 HP-KC51-V MSTP/6/MSTP_FORWARDING: Instance 0's GigabitEthernet1/0/1 has been set to forwarding state.

Of course, we enable stp edged-port (the portfast equivalent), as well as the PoE power for the IP phone. Let us inspect the configuration so far:

[HP-KC51-V-GigabitEthernet1/0/1]display this
interface GigabitEthernet1/0/1
port link-type hybrid
port hybrid vlan 102 tagged
port hybrid vlan 1 untagged
port hybrid pvid vlan 7
poe enable
stp edged-port enable

After inspecting the configuration we can observe that VLAN 1 is still permitted as an untagged vlan. However, the PVID (port vlan id), is set to 7. This may be confusing, so let’s elaborate. The untagged 1 VLAN means that the switch will pass traffic (e.g. broadcasts) from VLAN 1 down this port. The PVID of 7 means that when the switch receives untagged traffic, it will place in in VLAN 7.

Because most device management interfaces are assigned to VLAN 1, it is not a good idea to keep the port a part of this VLAN. So, let us remove the untagged VLAN 1 from the hybrid port.

[HP-KC51-V-GigabitEthernet1/0/1]undo port hybrid vlan 1
Please wait... Done.

[HP-KC51-V-GigabitEthernet1/0/1]display this
interface GigabitEthernet1/0/1
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 102 tagged
port hybrid pvid vlan 7
poe enable
stp edged-port enable

Now the port is configured. There, wasn’t that difficult, right? 🙂

Upgrade firmware and bootrom on HP A5120

A simple software upgrade of an HP A5120 EI switch is explained in the following post.

The device software includes the Boot ROM program and the system boot file. After powered on, the device runs the Boot ROM program, initializes the hardware, and displays the hardware information. Then the device runs the boot file. The boot file provides drivers and adaption for hardware, and implements service features. The Boot ROM program and system boot file are required for the startup and running of a device.

NOTE: Regarding commands on the device, the BootROM is called bootrom, while the boot file is called boot-loader. So boot-loader and boot file are interchangeable in context, but not in syntax.

The Boot ROM program and system boot file can both be upgraded at the Boot ROM menu or at the command line interface (CLI). We will perform this upgrade by the command line this time.

dis ver
HP Comware Platform Software
Comware Software, Version 5.20, Release 2208
Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P.
HP A5120-48G EI Switch with 2 Interface Slots uptime is 0 week, 0 day, 17 hours, 56 minutes
HP A5120-48G EI Switch with 2 Interface Slots with 1 Processor
128M bytes SDRAM
16384K bytes Flash Memory
Hardware Version is REV.B
CPLD Version is 007
Bootrom Version is 607
[SubSlot 0] 48GE+4SFP Hardware Version is REV.B

This is the output of the “display version” command before the updates take place. Now, on to the real update – first, enable the bootrom security check. This should help you in case you try to update your device with a wrong boot file, but do not rely too much on it. After all, we should know what we’re doing in the first place 🙂

[HP]bootrom-update security check enable

tftp [tftp server IP] get A5120EI-BTM-610.btm
File will be transferred in binary mode
Downloading file from remote TFTP server, please wait...\
TFTP: 0 bytes received in 0 second(s)
File downloaded successfully.

bootrom update file flash:/a5120ei-btm-610.btm slot 1
This command will update bootrom file on the specified board(s), Continue? [Y/N]:y
Now updating bootrom, please wait...
Succeeded to update bootrom of Board 1.

We have successfully updated the bootrom, by downloading the new file from a TFTP server. I will cover more on TFTP servers in a future blogpost.

Due to the insufficient space on the device, the current boot loader file needs to be deleted before the new one is uploaded. That is an interesting situation, where the device is left running with its boot loader in the RAM. Do not reboot the device before setting up the new boot loader or recovery steps will need to be taken.

The /unreserved parameter deletes the file from memory, as opposed to only moving it to the “Recycle Bin”. While in the Bin, the file will still take up space, hence the need for the complete removal.

delete /unreserved flash:/a5120ei-cmw520-r2208-s168.bin
The contents cannot be restored!!! Delete flash:/a5120ei-cmw520-r2208-s168.bin?[Y/N]:y
Deleting a file permanently will take a long time. Please wait...
%Delete file flash:/a5120ei-cmw520-r2208-s168.bin...Done.

tftp get A5120EI-CMW520-R2215.bin
File will be transferred in binary mode
Downloading file from remote TFTP server, please wait......................................................................................................................................................................................................
TFTP: 12625865 bytes received in 198 second(s)
File downloaded successfully.

We are successful so far. Now, instruct the device to select the new boot-loader file. After that, verify that the new boot-loader will get loaded on the next reboot with the command “display boot-loader”. Do not forget to save the configuration before reloading, as missing that may make your device unbootable, and you may have to manually point to the new boot-loader again, from the bootrom (which means that you will incur downtime and would need physical access to the device – a nasty situation if you’re doing this from afar).

boot-loader file flash:/a5120ei-cmw520-r2215.bin slot 1 main
This command will set the boot file of the specified board. Continue? [Y/N]:y
The specified file will be used as the main boot file at the next reboot on slot 1!
display boot-loader
Slot 1
The current boot app is: flash:/a5120ei-cmw520-r2208-s168.bin
The main boot app is: flash:/a5120ei-cmw520-r2215.bin
The backup boot app is: flash:/
save main force
Validating file. Please wait......................
Saved the current configuration to mainboard device successfully.
Configuration is saved to device successfully.
Start to check configuration with next startup configuration file, please wait.........DONE!
This command will reboot the device. Continue? [Y/N]:y

After the reboot, check out the new version of both the bootrom and the boot-loader.

dis ver
HP Comware Platform Software
Comware Software, Version 5.20.99, Release 2215
Copyright (c) 2010-2012 Hewlett-Packard Development Company, L.P.
HP A5120-48G EI Switch with 2 Interface Slots uptime is 0 week, 0 day, 0 hour, 2 minutes
HP A5120-48G EI Switch with 2 Interface Slots with 1 Processor
128M bytes SDRAM
16384K bytes Flash Memory
Hardware Version is REV.B
CPLD Version is 007
Bootrom Version is 610
[SubSlot 0] 48GE+4SFP Hardware Version is REV.B

Always be very careful if doing this procedure remotely, backup both bootroms and bootloaders, as well as configuration files.
Never update the device during non-maintenance windows, and always be ready for the worst – which may very well be the need to physically access the device.

If the update takes place on an IRF system stack, you may speed up the procedure by enabling automatic boot-loader update during the stack formation, then updating only the master of the stack, and then rebooting the slave members.

By having the auto-update enabled, the slave members will download the new boot-loader from the master right after they have formed their neighborship. This way, you will only have to update a single device.

IRF on HP 5800

This is a quick primer on running IRF on a couple of HP 5800.

IRFv2 systems are connected using any 10GbE interface:

  • CX4
  • SFP+
  • XFP

A best practice of connecting IRF members is connecting them in a ring-like fashion. This guarantees that one link failure will not disrupt the stack. For example, if you have four devices, you should connect them like this: 1) – 2 – 3 – 4 – (1, with the first being connected to both the second and the fourth. Should the link between members 2 and 3 fail, what you’ll get is this 3-4-1-2.

Ok, enough of the theory. Let’s plug a couple of 10G SFP+ modules now.

%Apr 26 13:25:30:548 2000 HP OPTMOD/4/MODULE_IN: -Slot=2;
Ten-GigabitEthernet2/0/54: The transceiver is STACK_SFP_PLUS.


Now we proceed to configure basic stuff about the IRF stack:

System View: return to User View with Ctrl+Z.

irf domain [ID]

The domain ID is not necessary to match on the other members of the stack, but you should keep it the same for the sake of clarity later on.


Now we should renumber the IRF member ID if needed. To make more sense of this step, one should know that every IRF-enabled HP device assumes it is member number 1. That means that you should renumber every switch after the first one for the current stack. If two members have the same ID, they cannot form an IRF stack.

irf member 1 renumber [X]

In order for the renumbering to take place, the device should be reloaded. It is not necessary to save the configuration for the renumbering to take effect, but we should save it anyway. Issue a save, followed by a reboot and the device shall be renumbered.

Now it’s time we configured the logical IRF ports. Remember, an IRF port can be either a physical 10G port, or an aggregation group. In order to assign such a port to a logical IRF port, we should prepare the former first, by shutting it down. For example, we will use two physical 10G ports, namely Ten1/0/53 and Ten1/0/54.

interface Ten 1/0/53
interface Ten 1/0/54

Now the ports are ready to be assigned to the logical IRF ports. Remember, the logical IRF ports on a device are only 2, and they connect in a cross-link fashion, namely Port 1 on a device connects to Port 2 on the other and vice versa.

irf-port 1/1
port group interface Ten 1/0/53

irf-port 1/2
port group interface Ten 1/0/54

By now you should have noticed the bolded prefix 1 in front of some of the interface commands. This is the current chassis number, and by default it is one (1). The time you will notice its significance is when you move on to configuring the second, third and so-on device from the stack. Remember, changing the IRF Member ID will change the whole internal addressing of the current device. The port Ten 1/0/53 would become Ten 2/0/53 on the second member of the stack, the IRF logical ports would become irf-port 2/1 and irf-port 2/2, and so on.

The same principle applies backwards, when you have an operating stack, and you renumber a device/chassis. Say, you renumber 2 to 3 and 3 to 2. What would happen is that when they get rebooted, they would download the configuration from the master switch, and end up with “exchanged” configurations from each other.

This seems like a good time to introduce the Master/Slave concepts of IRF. Basically, there is a priority value that plays an important role in the election, but there are a couple of pitfalls too. Let’s see what the process is:

Master election is held each time the topology changes, for example, when the IRF virtual device is established, a new member switch is plugged in, the master switch fails or is removed, or the partitioned IRF virtual devices merge. The master is elected based on the following rules in descending order:

  1. The current master, even if a new member has a higher priority. (When an IRF virtual device is being formed, all member switches consider themselves as the master, and this rule is skipped). If an election is held, and the current topology has 2 masters and N slaves, election is heldonly between the current 2 masters.
  2. The switch with a higher priority.
  3. The switch with the longest system up-time. (The member switches exchange system up-time in the IRF hello packets)
  4. The switch with the lowest bridge MAC address.

After a master election, all slave member switches initialize and reboot with the configuration on the master, and their original configuration, even if has been saved, will be lost.

Phew, I got carried away. Now that we have set up the logical IRF ports, we can bring back up the physical ports they comprise.

interface Ten 1/0/53
undo shutdown
%Apr 26 13:28:46:723 2000 HP IFNET/3/LINK_UPDOWN: Ten-GigabitEthernet1/0/53 link status is UP.

interface Ten 1/0/54
undo shutdown
%Apr 26 13:28:46:723 2000 HP IFNET/3/LINK_UPDOWN: Ten-GigabitEthernet1/0/54 link status is UP.

Save the configuration now! The next command will cause the device to reboot, and lose all unsaved changes.

Just to illustrate a point, issue a display irf topology. If you have any ports in the DISABLED or DOWN state (and you most probably will), you need to activate the irf-port configuration with the following command

irf-port-configuration active

The device should now activate its interfaces, send/receive IRF hello packets, form adjacencies and then if not the master, proceed to reboot itself and join the stack. You can also just reboot instead of activating the irf-port configuration, and the result would still be the same, though don’t forget to save the configuration either way.

Another pitfall you need to watch out for is if you configure all the ports, issue irf-port-config active, and then plug-in the SFP+. If not the master, the device will catch you off-guard and reboot 🙂

If you plug out one/all SFP+ transceivers and sever the IRF member from the stack, the irf-port configuration is not erased. Thus if you replug it later, the device will join the stack and reboot itself.

There you have it, a crash-course in IRF configuration. It was a lengthy post, but non-exhaustive nonetheless. For more info, check out the documentation for your specific device, as a couple of things depend on it, e.g. the maximum number of devices you’re able to join to the stack.

Airflow Direction for HP 5800 AF Switch

In case you get the following warning error on your terminal monitor, do not be troubled.

Fan 2 airflow direction is not preferred on slot 1, please check it.
Fan 1 airflow direction is not preferred on slot 1, please check it.

The reason is the following configuration item from the switch

fan prefer-direction slot slot-number {power-to-port | port-to-power }

Either change the configuration, or get a new reverse fan tray for your switch.

BGP Path Selection on Cisco, HP and Juniper

I was curious to see whether Cisco and HP shared the same BGP path selection algorhythms.

Cisco HP

  1. Path with highest WEIGHT
  2. Path with highest LOCAL_PREF.
  3. Path originated by the local router1
  4. Path with shortest AS_PATH.
  5. Path with lowest origin type2
  6. Path with lowest MED
  7. Prefer eBGP over iBGP paths
  8. Path with lowest IGP metric to the BGP next hop.
  9. Determine if BGP multipath is needed
  10. Path that was received first (the oldest one)3
  11. Path that comes from the BGP router with the lowest router ID
  12. Path with the minimum cluster list length4
  13. Path that comes from the lowest IP address

  1. Path with highest Preferred_value (WEIGHT)
  2. Path with highest LOCAL_PREF
  3. Path originated by the local router1
  4. Path with shortest AS-PATH
  5. Path with lowest origin type2
  6. Path with lowest MED
  7. Prefer eBGP over iBGP paths
  8. Path with lowest IGP metric to the BGP next hop.
  9. Path with shortest CLUSTER_LIST
  10. Path with smallest ORIGINATOR_ID
  11. Path that comes from the BGP router with the lowest router ID
  12. N/A
  13. Path that comes from the lowest IP address


  1. Via a network or aggregate BGP subcommand or through redistribution from an IGP
  2. Origin types: IGP < EGP < Incomplete
  3. Only when the compared paths are external
  4. Only when the originator or router ID is the same for multiple paths

As you can expect, Juniper is a whole lot different, so I didn’t even put it in the comparison table.

  • Juniper Networking

  1. Prefer the path with highest local preference
  2. Prefer the path with shortest AS path
  3. Prefer the path with lowest origin
  4. Prefer the path with lowest MED value
  5. Strictly prefer external paths
  6. Prefer the path with lowest IGP route metric
  7. Prefer the path with maximum IGP next hops
  8. Prefer the path with shortest route reflection cluster list
  9. Prefer the path with lowest router ID
  10. Prefer the path with lowest peer IP address

HP ExpertONE Certifications Update

Since the 1st of November, HP did a couple of changes to its ExpertONE certifications portfolio.

The big change consists of two tracks of certifications, namely Carrer and Affiliate, with the latter being mainly about sales.

There are also changes to the certificate titles. Here’s a map:

  • Master level -> HP Master ASE
  • Expert level -> HP ASE (CSE)
  • Professional level -> HP ATP (CSA, AIS)
  • Associate level -> HP ATA

Not much to be excited about, except for the fact that these certifications will expire, unlike their old counterparts. Even the old certifications will expire, but HP will shed more light on this matter in 2012.

More information here.

Don’t forget to check out the pdf brochure as well.