Hp Virtual Connect Firmware Users Manual Manager Command Line Interface For C Class BladeSystem Version 4.30/4.31 User Guide

2015-01-05

: Hp Hp-Virtual-Connect-Firmware-Users-Manual-201594 hp-virtual-connect-firmware-users-manual-201594 hp pdf

Open the PDF directly: View PDF PDF.
Page Count: 211

DownloadHp Hp-Virtual-Connect-Firmware-Users-Manual- Virtual Connect Manager Command Line Interface For C-Class BladeSystem Version 4.30/4.31 User Guide  Hp-virtual-connect-firmware-users-manual
Open PDF In BrowserView PDF
HP Virtual Connect Manager Command Line
Interface for c-Class BladeSystem Version
4.30/4.31
User Guide

Abstract
This document contains user information for the HP Virtual Connect Manager CLI. This document is for the person who installs, administers, and
troubleshoots servers and storage systems. HP assumes you are qualified in the servicing of computer equipment and trained in recognizing hazards
in products with hazardous energy levels.

Part Number: 762312-003
November 2014
Edition: 3

© Copyright 2014 Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express
warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall
not be liable for technical or editorial errors or omissions contained herein.
Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212,
Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government
under vendor’s standard commercial license.
Microsoft®, Windows®, and Windows Server® are U.S. registered trademarks of the Microsoft group of companies.

Contents
Introduction .................................................................................................................................. 6
What's new .............................................................................................................................................. 6
Changes from VC 4.20 to VC 4.30/4.31 .......................................................................................... 7
Unassigning multiple profiles ...................................................................................................................... 8
Supporting comments and blank lines in CLI scripts ........................................................................................ 8
Virtual Connect overview.......................................................................................................................... 10
Using multiple enclosures ................................................................................................................ 11
CLI command execution modes ................................................................................................................. 12
Remote access to the Virtual Connect Manager ........................................................................................... 13
Command output filtering ......................................................................................................................... 14
Command line overview........................................................................................................................... 14
Virtual Connect FIPS mode of operation............................................................................................ 14
Command line syntax .............................................................................................................................. 15
Options ........................................................................................................................................ 16
Properties ..................................................................................................................................... 16
Command batching ....................................................................................................................... 16

Command line ............................................................................................................................ 18
Subcommands ........................................................................................................................................ 18
Managed elements .................................................................................................................................. 18
activity ......................................................................................................................................... 21
all ............................................................................................................................................... 21
auto-deployment ............................................................................................................................ 21
banner ......................................................................................................................................... 23
cli ................................................................................................................................................ 24
config .......................................................................................................................................... 24
configbackup ................................................................................................................................ 25
connection-map ............................................................................................................................. 27
devicebay .................................................................................................................................... 28
domain ........................................................................................................................................ 28
enclosure ...................................................................................................................................... 31
enet-connection ............................................................................................................................. 33
enet-vlan ...................................................................................................................................... 37
external-manager .......................................................................................................................... 38
fabric ........................................................................................................................................... 40
fc-connection................................................................................................................................. 43
fcoe-connection ............................................................................................................................. 46
firmware ...................................................................................................................................... 50
igmp-group ................................................................................................................................... 50
igmp ............................................................................................................................................ 51
interconnect-mac-table .................................................................................................................... 51
interconnect .................................................................................................................................. 52
iscsi-boot-param ............................................................................................................................ 53
iscsi-connection ............................................................................................................................. 56
lacp-timer ..................................................................................................................................... 59
ldap-certificate .............................................................................................................................. 60
ldap-group.................................................................................................................................... 61

Contents

3

ldap ............................................................................................................................................ 62
link-dist-interval .............................................................................................................................. 63
lldp.............................................................................................................................................. 64
local-users .................................................................................................................................... 65
log-target ...................................................................................................................................... 66
loop-protect .................................................................................................................................. 68
mac-cache .................................................................................................................................... 69
mcast-filter-rule .............................................................................................................................. 69
mcast-filter-set ................................................................................................................................ 70
mcast-filter .................................................................................................................................... 72
mfs-filter ....................................................................................................................................... 74
nag-network .................................................................................................................................. 74
name-server .................................................................................................................................. 76
network-access-group ..................................................................................................................... 76
network-range ............................................................................................................................... 77
network ........................................................................................................................................ 80
port-monitor .................................................................................................................................. 85
port-protect ................................................................................................................................... 87
profile .......................................................................................................................................... 88
qos-class ...................................................................................................................................... 94
qos-classifier ................................................................................................................................. 95
qos-map ....................................................................................................................................... 96
qos .............................................................................................................................................. 97
radius-group ................................................................................................................................. 99
radius ........................................................................................................................................ 100
role ........................................................................................................................................... 101
server-port-map-range................................................................................................................... 103
server-port-map ........................................................................................................................... 104
server-port .................................................................................................................................. 105
server ........................................................................................................................................ 106
serverid ...................................................................................................................................... 108
session ....................................................................................................................................... 109
sflow .......................................................................................................................................... 110
sflow-module ............................................................................................................................... 110
sflow-ports .................................................................................................................................. 112
sflow-receiver .............................................................................................................................. 114
snmp ......................................................................................................................................... 116
snmp-access ................................................................................................................................ 117
snmp-trap ................................................................................................................................... 118
snmp-user ................................................................................................................................... 122
ssh............................................................................................................................................. 125
ssl-certificate ............................................................................................................................... 126
ssl-csr ......................................................................................................................................... 127
ssl ............................................................................................................................................. 129
stackinglink................................................................................................................................. 130
statistics...................................................................................................................................... 131
statistics-throughput ...................................................................................................................... 133
status ......................................................................................................................................... 135
storage-management .................................................................................................................... 135
supportinfo ................................................................................................................................. 137
systemlog ................................................................................................................................... 138
tacacs ........................................................................................................................................ 138
uplinkport ................................................................................................................................... 139

Contents

4

uplinkset ..................................................................................................................................... 143
user-security ................................................................................................................................ 145
user-security ................................................................................................................................ 146
user ........................................................................................................................................... 146
vcm ........................................................................................................................................... 148
version ....................................................................................................................................... 149
User roles ............................................................................................................................................. 149
Help subsystem ..................................................................................................................................... 155
Output format ....................................................................................................................................... 157
Interactive user output format ........................................................................................................ 157
Scriptable output format ............................................................................................................... 158
Statistics descriptions ............................................................................................................................. 160
Ethernet modules ......................................................................................................................... 160
Fibre Channel modules................................................................................................................. 170

Configuring the Virtual Connect domain using the CLI ................................................................... 175
Basic configuration ................................................................................................................................ 175
Logging in to the CLI .................................................................................................................... 175
Domain setup .............................................................................................................................. 176
Network setup............................................................................................................................. 181
Server VLAN Tagging Support ...................................................................................................... 185
Fibre Channel setup ..................................................................................................................... 186
Serial number settings .................................................................................................................. 187
Server profile setup ...................................................................................................................... 188
Logging out of the CLI .................................................................................................................. 200
Common management operations ........................................................................................................... 200
Port status conditions ............................................................................................................................. 201
Resetting the Virtual Connect Manager ..................................................................................................... 201

Support and other resources ...................................................................................................... 203
Before you contact HP............................................................................................................................ 203
HP contact information ........................................................................................................................... 203

Acronyms and abbreviations ...................................................................................................... 204
Documentation feedback ........................................................................................................... 208
Index ....................................................................................................................................... 209

Contents

5

Introduction
What's new
The following changes have been implemented for VC 4.30/4.31:

•

Features:
o

Support for FIPS 140-2
For information on a current certification status, see the HP website
(http://government.hp.com/Certifications.aspx).

•
•

o

SNMPv3

o

Configure partially stacked domains

o

Monitor uplink and stacking link ports for pause flood conditions

o

Increased VLAN capacity

o

UEFI support

Added a new snmp-user (on page 122) managed element.
Enhanced the following SNMP commands to support SNMPv3:
o

snmp (on page 116)

o

snmp-trap (on page 118)

•

Enhanced the set stackinglink ("stackinglink" on page 130) command to allow
configuration of partially stacked domains.

•

Enhanced the VlanCapacity property of the enet-vlan command to support more VLANs:

•

enet-vlan (on page 37)
Enhanced the following commands to display the domain stacking mode or provide warning or notice
when configuring ports that are controlled by the domain stacking mode:
o

show stackinglink ("stackinglink" on page 130)

o

show config ("config" on page 24)

o

add uplinkport ("uplinkport" on page 139)

o

add port-monitor ("port-monitor" on page 85)

o

add sflow-ports ("sflow-ports" on page 112)

•

Enhanced the show uplinkport ("uplinkport" on page 139) command to display ports
controlled by the domain stacking mode as disabled.

•

Enhanced the bootMode property of the profile element to support UEFI:
add profile ("profile" on page 88)

•

Added a pxeBootOrder property to the enet-connection element to allow configuration of the
PXE IP boot order:
enet-connection (on page 33)

Introduction

6

•

Enhanced the following commands to display the configured boot mode or boot order:
o

show profile ("profile" on page 88)

o

show server ("server" on page 106)

o

show enet-connection ("enet-connection" on page 33)

Changes from VC 4.20 to VC 4.30/4.31
Command

Changes

Virtual Connect 4.20

Virtual Connect
4.30/4.31

add snmp-user
set snmp-user
show snmp-user
remove snmp-user
help snmp-user
set stackinglink

The new managed
elements configure
SNMP users.

Not supported

Supported

The element configures
the stacking link mode
for the domain.
The element properties
are enhanced to
support SNMPv3.

Not supported

Supported

SNMPv3 not supported

set snmp-trap
add snmp-trap

The element properties
are enhanced to
support SNMPv3.

SNMPv3 not supported

Added the following
properties:
[EnableV1V2=]
[EnableV3=]

enet-vlan

The element property
VlanCapacity is
enhanced to support
8192 VLANs in the
domain and 4094
networks per SUS.
The commands are
enhanced to display the
status or configuration
of domain stacking
links.
The commands are
enhanced to provide
warning or notice when
configuring ports that
are controlled by the
domain stacking link.

"Expanded" mode
allows up to 1000
VLANs per domain and
162 VLANs per physical
server port.

add snmp
set snmp

show stackinglink
show config

add uplinkport
add port monitor
add sflow-ports

Stacking mode is not
displayed.

Added the following
properties:
[Port=<1-65535>]
[Format=][User
Name=]
[EngineId=][SecurityLevel=
][
Inform=]

"Expanded" mode allows
up to 8192 VLANs per
domain and 162 VLANs
per physical server port.

Stacking mode is Full,
Horizontal, or
Primary-Slice.

Warning or notice is not Warning or notice is
provided.
provided.

Introduction

7

Command

Changes

Virtual Connect 4.20

Virtual Connect
4.30/4.31

show uplinkport

The command is
enhanced to display
port status as disabled
when the port is
controlled by the
domain stacking link.
The commands are
enhanced to configure
the boot mode of the
server profile.

Not available

Port status is displayed as
disabled if controlled by
the domain stacking link.

Not available

Added the following
property:
[bootMode=

]

add profile
set profile

add enet-connection
set enet-connection

Not available
The commands are
enhanced to configure
the PXE IP boot order of
the Ethernet connection.

show profile
show server
show enet-connection

Not available
The commands are
enhanced to display the
boot mode or boot
order.

Added the following
property:
[pxeBootOrder=
]

The show profile
command displays the
configured boot order for
the server profile.
The show server
command displays the
server boot mode and
UEFI capability.
The show
enet-connection
command displays the
configured PXE IP boot
order.

Unassigning multiple profiles
The unassign profile command includes the ability to unassign multiple profiles from device bays with
a single command.
The following example illustrates four server profiles being unassigned from device bays with a single CLI
command. If an operation fails on one of the device bays, an error message appears for that server or device
bay, but the remaining operations continue.
->unassign profile *
SUCCESS: Profile1 unassigned from device bay enc0:1
SUCCESS: MyProfile2 unassigned from device bay enc0:2
SUCCESS: GreenProfile unassigned from device bay enc0:3
SUCCESS: RedProfile unassigned from device bay enc0:4

Supporting comments and blank lines in CLI scripts
The CLI supports command scripts that contain blank lines and comments. Support for comments and blank
lines enables you to maintain descriptive notes within the configuration script.
The following sample script illustrates a CLI script that contains this type of formatting. All comment lines must
begin with "#".
Introduction

8

#-----------------------------------------------------------------------# This is my sample Virtual Connect Domain Configuration Script
# Revision 1.0.1.2
# February 15, 2014
#-----------------------------------------------------------------------#Report errors but continue processing script commands
set cli ExitOnFailure=False
# Add Users
add user SomeNetworkUser password=pass1 role=network
add user SomeStorageUser password=pass2 role=storage
add user SomeDomainUser password=pass6 role=domain
add user SomeAdminUser password=pass3 role=*
add user DomainNetworkUser password=764dhh role=domain,network
# Add Profiles with Default VC-Enet and VC-FC Connections
add profile MyProfile
add profile AnotherProfile
add profile Profile45
# Add VC-Enet Networks
add network MyNetwork
add network Network2
# Add uplink ports to the networks
add uplinkport enc0:1:1 network=MyNetwork
add uplinkport enc0:1:2 network=Network2
# Create a Shared Uplink Port Set
add uplinkset SharedSet1
# Add a new FCoE SAN fabric connection to a profile
add fcoe-connection MyNewProfile Fabric=SAN_5
# Reset the active QoS configuration type to the factory default settings but
does not change the saved configuration types
reset qos -active

Introduction

9

# Set the domain default LACP timer to the short setting (one second)
set lacp-timer default=Short
# Add a Multicast Filter "filter1" to Filterset "mfs1"
add mfs-filter FilterSet=mfs1 McastFilter =filter1
# Set the global option to enable the loop protection and pause flood protection
set port-protect networkLoop=Enabled PauseFlood=Enabled
# Set idle user sessions to expire after 20 minutes of inactivity
set session Timeout=20
# Create a new Multicast Filter and adds it to the domain
add mcast-filter MyMcastFilter
# Assign a profile to a device bay
assign profile MyProfile enc0:1
# Done!!!

Virtual Connect overview
HP Virtual Connect is a set of interconnect modules and embedded software for HP BladeSystem c-Class
enclosures. VC implements server edge virtualization between the server and the data center infrastructure so
networks can communicate with individual servers or pools of HP BladeSystem server blades. Upgrade,
replace, or move server blades within the enclosures without visible changes to the external LAN and SAN
environments. The external networks connect to a shared resource server pool rather than to individual
servers. VC cleanly separates server enclosure administration from LAN and SAN administration. VC
simplifies the setup and administration of server connections and includes the following components:

•

HP Virtual Connect Manager

•

VC-Enet modules:
o

HP VC Flex-10 10Gb Ethernet Module for BladeSystem c-Class

o

HP VC FlexFabric 10Gb/24-port Module for BladeSystem c-Class

o

HP VC FlexFabric-20/40 F8 Module for BladeSystem c-Class

o

HP VC Flex-10/10D Module for BladeSystem c-Class
NOTE: Using a Flex-10 capable NIC with an HP VC Flex-10 or FlexFabric module provides the
ability to divide a 10Gb NIC into four FlexNICs with configurable bandwidth.

•

VC-FC modules:

Introduction

10

o

HP VC 4Gb Fibre Channel Module for BladeSystem c-Class (enhanced NPIV)

o

HP VC 8Gb 24-Port Fibre Channel Module for BladeSystem c-Class

o

HP VC 8Gb 20-Port Fibre Channel Module for BladeSystem c-Class
NOTE: Beginning with VC 4.10, the HP 4GB Virtual Connect Fibre Channel Module is no longer
supported.

VC modules support HP BladeSystem Enclosures and all server blades and networks contained within the
enclosure:

•

VC-Enet modules enable connectivity to data center Ethernet switches. VC-Enet modules can also be
directly connected to other types of devices, such as printers, laptops, rack servers, and network storage
devices.

•

VC-FC and FlexFabric modules enable connectivity of the enclosure to data center FC switches. Every
FC fabric is limited in the number of switches it can support, but the VC-FC and FlexFabric modules do
not appear as switches to the FC fabric and do not count against FC fabric limits.
For information on module support of enclosures and configurations, see the product QuickSpecs on the
HP website (http://www.hp.com/go/qs).

VCM is embedded on VC-Enet modules and is accessed through a web-based GUI or CLI. These interfaces
are also accessible from Onboard Administrator.
A basic VC domain includes a single HP c-Class BladeSystem c7000 Enclosure for a total of 16 servers (or
up to 32 servers if the double-dense option is enabled), or a single HP c-Class BladeSystem c3000 Enclosure
for a total of 8 servers (or up to 16 servers if the double-dense option is enabled). For more information on
the double-dense option, see "Double-dense server bay option." Within the domain, any server blade with
the requisite LAN or SAN devices can access any LAN or SAN connected to a VC module, and a server
blade of a given processor type (Integrity or X86) can be used as a spare for any server blade of the same
processor type within the same enclosure, as long as the server has the requisite number and type of
connections. Using the network access groups feature, the network administrator can clearly define a
separation of networks based on their allowed functionality and prevent the server administrator from
assigning specific network combinations in the same server profile.
By stacking (cabling) the VC-Enet modules together within the domain and connecting the VC-FC or
FlexFabric module FC uplinks on the same bay of all enclosures to the same FC switch, every server blade in
the domain can be configured to access any external network or fabric connection. With this configuration,
you can use VCM to deploy and migrate a server blade profile to any server in the Virtual Connect domain
without changing external LAN or SAN configurations.
Beginning with VC 4.10, the FTP service on VC-Enet modules is disabled by default. The VCSU software
temporarily enables and disables the FTP service during firmware upgrades of VC-FC modules as needed.
More recent versions of VC use SFTP instead of FTP for firmware upgrades.
Each version of VC is tested and supported with one or more SPPs. For a list of supported SPPs that must be
installed, see the VC release notes.

Using multiple enclosures
Observe the following information:

•

A single domain supports up to four c7000 enclosures.
c3000 enclosures are not supported in multiple enclosure domains.

Introduction

11

•

If double-dense mode is enabled in the Domain Setup Wizard, each enclosure can support a total of
128 servers.

•

Stacking cables are used to connect multiple enclosures. This allows all VC-Enet modules to be
interconnected and redundantly stacked.

•

When the domain stacking mode is configured, stacking cables connect the primary slice of each
enclosure. The primary slice is the primary and standby interconnect modules for the enclosure.

•

All enclosures must have the same FC, FlexFabric, or Flex-10/10D module configuration.
For example, if bays 1 and 2 of the Primary Enclosure contain FlexFabric-20/40 F8 modules, then bays
1 and 2 of Remote Enclosures 1, 2, and 3 must also contain FlexFabric-20/40 F8 modules.

•

A total of 16 Ethernet and 16 VC-FC type modules can be installed in a multi-enclosure domain.
Each FlexFabric module counts as one Ethernet and one VC-FC module. Combinations of FlexFabric,
VC-Enet and VC-FC modules are allowed as long as the 16-module limit for each module type (Ethernet
and FC) is not exceeded in the domain.

•

VC-FC or FlexFabric modules must be in the same bay of all enclosures and connected to the same FC
switch to enable profile mobility.

•

All FC-capable modules in the same horizontally adjacent bay pair (bays 1-2, 3-4, and so on) must be
of the same type and position in all enclosures.

•

Multi-enclosure double-dense domains require similar and compatible VC-FC modules in bays 5, 6, 7,
and 8 in all enclosures when FC connectivity is required. If a multi-enclosure double-dense configuration
contains incompatible VC-FC modules in bays 5, 6, 7, or 8 in any of the enclosures, some or all of the
compatible VC-FC modules in the remote enclosures might be designated INCOMPATIBLE after import.

•

Be sure all Onboard Administrator and VC module management interfaces within the same VC domain
are on the same lightly loaded subnet and highly reliable network.
If the management network is overloaded, configuration attempts may be disabled until the connectivity
is re-established and synchronized with the domain.

•

HP recommends using a static IP address for Onboard Administrator.

•

Be sure all Onboard Administrators use the same user credentials. VCSU uses the primary credentials
for the remote enclosures to propagate firmware updates to all VC modules in each enclosure.

•

When both Primary and Standby modules in the base enclosure are taken down for maintenance or
lose power and are no longer present in the domain, the management capabilities in the VC domain
are lost. Both the Primary and Standby modules in the base enclosure must be recovered to regain
management access to the VC domain.
If network and fabric uplinks are defined on the remaining enclosures, the servers continue to have
network and storage access.

CLI command execution modes
The Virtual Connect Manager CLI provides two different methods for executing commands: interactive shell
mode and script mode. Script mode is the same as non-interactive mode.
Interactive Shell Mode
This mode is used to invoke CLI command operations with the dedicated management shell. The shell is
provided after you log in with valid credentials, and only accepts known VCM CLI commands as input.

Introduction

12

Press the Tab key to auto complete subcommands and managed-elements. You can also type characters and
then press the Tab key to see a narrowed-down list of command options.
You can quit the shell by using the exit command. See the example of logging in to the interactive
management shell below. In the example, the primary VCM is located at IP address 192.168.0.120.
>ssh 192.168.0.120
login as: michael
password: ***********
-------------------------------------------------------------------HP Virtual Connect Management CLI v4.31
(C) Copyright 2006-2014 Hewlett-Packard Development Company, L.P.
All Rights Reserved
-------------------------------------------------------------------GETTING STARTED:
help
: displays a list of available subcommands
exit
: quits the command shell
 ? : displays a list of managed elements for a subcommand
  ? : displays detailed help for a command
->
Script Mode
In some cases, you might want to write automated scripts that execute a single command at a time. These
scripts can be used to batch several commands in a single script file from the SSH client. See the example of
how to use the script mode for CLI command execution below. In the example, the primary VCM is located
at IP address 192.168.0.120.
->ssh Administrator@192.160.0.120 show enclosure

IMPORTANT: To suppress prompting for a password during login, you must first setup the SSH
encryption keys using the VCM Web GUI, and configure your SSH client properly with the keys.
For more information on configuring the SSH keys, see the HP Virtual Connect for c-Class
BladeSystem User Guide on the HP website (http://www.hp.com/go/vc/manuals).

Remote access to the Virtual Connect Manager
To access the VCM CLI remotely through any SSH session:
1.

Using any SSH client application, start an SSH session to the Virtual Connect Manager.

2.

When prompted, enter the assigned IP address or DNS name of the Virtual Connect Manager.

3.

Enter a valid user name.

4.

Enter a valid password. The CLI command prompt appears.

5.

Enter commands for the Virtual Connect Manager.

6.

To terminate the remote access SSH session, close the communication software or enter exit at the CLI
command prompt.

To access the VCM CLI remotely through the Onboard Administrator CLI, run the connect interconnect
command from the Onboard Administrator CLI.

Introduction

13

Command output filtering
The CLI provides output filtering capabilities that enable you to display only properties of interest. This feature
is useful for filtering large amounts of output data for specific information. One or more properties can be
specified in the output filtering rules.
The following examples illustrate some common usage scenarios for output filtering:
Example 1: Displaying all enabled users
->show user enabled=true
Example 2: Displaying all VC Ethernet modules
->show interconnect type=VC-ENET
Example 3: Displaying all external uplinks that have a link established
->show uplinkport status=linked
Example 4: Displaying all uplink ports with connector type of RJ-45 and speed configured to Auto
->show uplinkport type=RJ45 Speed=Auto
Example 5: Displaying all servers currently powered on
->show server power=On

Command line overview
The VCM Command Line Interface can be used as an alternative method for administering the VCM. Using
the CLI can be useful in the following scenarios:

•

You can develop tools that utilize VCM functions for data collection and for executing provisioning and
configuration tasks.

•

When no browser is available or you prefer to use a command line interface, you can access
management data and perform configuration tasks.

•

You can batch commands using script files. These script files can be run manually or scheduled to run
automatically.

Virtual Connect FIPS mode of operation
Beginning with version 4.30, Virtual Connect supports FIPS 140-2 Level 1 security requirements. Enabling
FIPS mode requires the use of secure protocols, standards, and procedures within the VC domain. The Virtual
Connect FIPS certification is currently based on the standards described in Federal Information Processing
Standards Publication 140-2 (http://csrc.nist.gov/publications/PubsFIPS.html).
The term FIPS mode is used throughout this document to describe the feature, not the validation status. For
information about current FIPS status of this or any other firmware version, see the following documents:

•

Cryptographic Module Validation Program FIPS 140-1 and FIPS 140-2 Modules In Process List
(http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf)

•

FIPS 140-1 and FIPS 140-2 Vendor List
(http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm)

For more information about Virtual Connect FIPS mode of operation, see the latest HP Virtual Connect for
c-Class BladeSystem User Guide in the Virtual Connect Information Library
(http://www.hp.com/go/vc/manuals).

Introduction

14

The VCM CLI prompt indicates if the domain is in FIPS mode by displaying the following prompt:
FIPS->
The following features are disabled or restricted when the domain is in FIPS mode:

•

FTP and TFTP

•

TACACS+ authentication

•

RADIUS authentication

•

Automated deployment

•

Configurable user roles

•

Administrator password recovery

•

USB firmware updates

•

SNMPv1 and SNMPv2

•

MD5 authentication and DES encryption for SNMPv3

•

Remote logging, except when using stunnel for encryption

•

Short passwords

•

Weak passwords

By default, the password strength is set to strong and the minimum password length must be 8 or more
characters. VCM uses SCP and SFTP protocols instead of FTP and TFTP.
SFTP must be used when the domain is in FIPS mode. Use SFTP when transferring data with the following
commands:

•

save configbackup

•

restore configbackup

•

load ldap-certificate

•

load profile

•

save profile

•

load ssh

•

load ssl-certificate

•

save ssl-csr

•

save supportinfo

Command line syntax
CLI input is case-insensitive, except when otherwise noted. The general CLI syntax format is as follows:
   [] []
Item

Description

subcommand

Operation performed on a managed element

managed element

Target management entity

parameters

Command extensions for a particular management operation

Introduction

15

Item

Description

options

Attributes used to customize or control command execution behavior such as output
format, quiet-mode, and others

properties

One or more name and value pairs that are accessories to the command operation,
mainly for set and add operations

Example: ->add user mark password=asdf89g fullname="Mark Smith" enabled=true
In the example, add is the subcommand, user is the managed element, mark is a required parameter for
the operation, password is a required property, and fullname and enabled are optional properties.
Depending on the specific command being executed, certain parameters or properties might be required.
For example, when adding a new user, both a parameter representing the user name, as well as a password
(in the form of a property) must be specified. All other user properties are optional at the time the user is
added. In general, the properties are in the format name=value. Separate multiple properties with spaces.
Press the Tab key to display auto completion options.

Options
Options enable users to control certain behavior characteristics available during the command execution.
Some examples of options include controlling output format and specifying a quiet mode to suppress
interactive prompts.
Distinguish options from other command line elements by using a preceding hyphen (-). Option arguments
are required or optional, depending on the option being specified. For example, the -output option
requires an argument, which is a list of one or more output format attributes. However, the -quiet option
does not require any arguments to be specified.
The general format of a CLI option is as follows:
-

Source Exif Data:
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.4
Linearized                      : Yes
Page Count                      : 211
Page Mode                       : UseOutlines
Page Layout                     : SinglePage
XMP Toolkit                     : XMP toolkit 2.9.1-13, framework 1.6
About                           : uuid:e607a24b-a35b-4db8-b378-3491becb865f
Producer                        : Adobe PDF Library 9.0
Keywords                        : 762312-003
Source Modified                 : D:20141112145020
Company                         : AuthorIT Software Corporation Ltd.
Comments                        : Copyright © 1996-2002 AuthorIT Software Corporation Ltd., all rights reserved.
Modify Date                     : 2014:11:12 20:43:52+05:30
Create Date                     : 2014:11:12 20:20:54+05:30
Metadata Date                   : 2014:11:12 20:43:52+05:30
Creator Tool                    : Acrobat PDFMaker 9.0 for Word
Document ID                     : uuid:9f57f5c3-6e45-4e61-8f3a-0bdbc408eae7
Instance ID                     : uuid:542eae04-8066-46b0-a8f1-b294d1b7593d
Subject                         : 8
Format                          : application/pdf
Title                           : HP Virtual Connect Manager Command Line Interface for c-Class BladeSystem Version 4.30/4.31 User Guide
Creator                         : Hewlett-Packard Company
Author                          : Hewlett-Packard Company
EXIF Metadata provided by EXIF.tools

Navigation menu