H3C S10500 Series User manual
H3C S10500 Switch Series
Comware 7 OAA Configuration Guide
New H3C Technologies Co., Ltd.
http://www.h3c.com.hk
Software version: S10500-CMW710-R7536P05
Document version:6W100-20170630
Copyright © 2017, New H3C Technologies Co., Ltd. and its licensors
All rights reserved
No part of this manual may be reproduced or transmitted in any form or by any means without prior written
consent of New H3C Technologies Co., Ltd.
Trademarks
H3C, , H3CS, H3CIE, H3CNE,Aolynk, , H3Care, , IRF, NetPilot, Netflow, SecEngine,
SecPath, SecCenter, SecBlade, Comware, ITCMM and HUASAN are trademarks of New H3C Technologies
Co., Ltd.
All other trademarksthat may be mentioned in this manual are the property of their respective owners
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Preface
This configuration guide describes OAA fundamentals and configuration. It describes how to
configure the H3C open application platform (OAP) module connected to your switch to exchange
information between your switch and the OAP module.
This preface includes the following topics about the documentation:
•Audience.
•Conventions
•Obtaining documentation
•Technical support
•Documentation feedback
Audience
This documentation is intended for:
•Network planners.
•Field technical support and servicing engineers.
•Network administrators working with the routers.
Conventions
The following information describes the conventions used in the documentation.
Command conventions
Convention Description
Boldface Bold text represents commands and keywords that you enter literally as shown.
Italic Italic text represents arguments that you replace with actual values.
[ ] Square brackets enclose syntax choices (keywords or arguments) that are optional.
{ x | y | ... }
Braces enclose a set of required syntax choices separated by vertical bars, from which
you select one.
[ x | y | ... ]
Square brackets enclose a set of optional syntax choices separated by vertical bars,
from which you select one or none.
{ x | y | ... } *
Asterisk marked braces enclose a set of required syntax choices separated by vertical
bars, from which you select a minimum of one.
[ x | y | ... ] *
Asterisk marked square brackets enclose optional syntax choices separated by vertical
bars, from which you select one choice, multiple choices, or none.
&<1-n> The argument or keyword and argument combination before the ampersand (&) sign
can be entered 1 to n times.
# A line that starts with a pound (#) sign is comments.
GUI conventions
Convention Description
Boldface Window names, button names, field names, and menu items are in Boldface. For
Convention Description
example, the New Use
r
window opens; click O
K
.
> Multi-level menus are separated by angle brackets. For example,
File>Create>Folder.
Symbols
Convention Description
WARNING! Analertthatcallsattentiontoimportantinformationthatifnotunderstoodorfollowedcanresu
ltinpersonalinjury.
CAUTION: An alert that calls attention to important information that if not understood or followed
can result in data loss, data corruption, or damage to hardware or software.
IMPORTANT: Analertthatcallsattentiontoessentialinformation.
NOTE: Analertthatcontainsadditionalorsupplementaryinformation.
TIP: An alert that provides helpful information.
Network topology icons
Convention Description
Represents a generic network device, such as a router, switch, or firewall.
Represents a routing-capable device, such as a router or Layer 3 switch.
Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that
supports Layer 2 forwarding and other Layer 2 features.
Represents an access controller, a unified wired-WLAN module, or the access
controller engine on a unified wired-WLAN switch.
Represents an access point.
Wireless terminator unit.
Wireless terminator.
Represents a mesh access point.
Represents omnidirectional signals.
Represents directional signals.
Represents a security product, such as a firewall, UTM, multiservice security
gateway, or loadbalancing device.
Represents a security module, such as a firewall, loadbalancing, NetStream, SSL
VPN, IPS, or ACG module.
T
T
T
T
Examples provided in this document
Examples in this document might use devices that differ from your device in hardware model,
configuration, or software version. It is normal that the port numbers, sample output, screenshots,
and other information in the examples differ from what you have on your device.
Obtaining documentation
To access the most up-to-date H3Cproduct documentation, go to the H3C website at
http://www.h3c.com.hk
To obtain information about installation, configuration, and maintenance, click
http://www.h3c.com.hk/Technical_Documents
To obtain software version information such as release notes, click
http://www.h3c.com.hk/Software_Download
Technical support
service@h3c.com
http://www.h3c.com.hk
Documentation feedback
We appreciate your comments.
i
Contents
Configuring the OAP module ······························································1
Internal interfaces for OAP modules·······························································································1
Logging in to an OAP module·······································································································2
Logging in through the console port ontheOAP module ·······························································2
Logging in through the management Ethernet port ontheOAP module by using SSH ·························2
Logging in through the internal Ethernet interface ontheOAP module by using SSH···························3
Logging in to the OAP module from the CLI of the device·····························································3
Resetting OAP modules ··············································································································3
Configuring OAP··············································································5
Overview··································································································································5
OAP functions ····················································································································5
OAPmanager timers ············································································································6
Configuring OAP························································································································6
Enabling OAP·····················································································································6
Setting the clock synchronization timer·····················································································6
Setting the client monitoring timer ···························································································6
Managing OAP clients·················································································································7
Restarting an OAP client·······································································································7
Shutting down an OAP client ·································································································7
Displaying and maintaining OAP ···································································································7
Index·····························································································8
1
Configuring the OAP module
The Open Application Architecture provides an open interface for third-party vendors to develop and
integrate value-added applications into H3C products. The hardware platforms for these applications
can be devices or modules. H3C has developed the application-specific modules called Open
Application Platform (OAP) modules shown in Table 1.
OAP modules have their own operating systems. You can log in to the operating system of an OAP
module to install features. For example, you can install security features and voice features on the
OAP module operating system to provide security and voice services for users.
OAP modules exchange data, status information, and control information with hosting devices
through internal interfaces.
Table 1 OAP modules
OAP module Module type Number of internal interfaces
LSU1FWCEA0
Firewall card
Four 10G Ethernet interfaces
LSU3FWCEA0 Four 10G Ethernet interfaces
LSUM1FWCEAB0 Four 10G Ethernet interfaces
LSUM1FWDEC0 Three 40G Ethernet interfaces
LSQM1FWDSC0 One 40G Ethernet interface
LSQM1IPSDSC0 IPS card One 40G Ethernet interface
LSU1IPSBEA0 Four 10G Ethernet interfaces
LSU1NSCEA0
NetStream card
Four 10G Ethernet interfaces
LSUM1NSDEC0 Three 40G Ethernet interfaces
LSQM1NSDSC0 One 40G Ethernet interface
LSU3WCMD0
High performance access
controller module
Two 10G Ethernet interfaces
LSU1WCME0 Four 10G Ethernet interfaces
LSUM1WCMX20RT Two 10G Ethernet interfaces
LSUM1WCMX40RT Four 10G Ethernet interfaces
LSQM1WCMX40 Four 10G Ethernet interfaces
LSQM1ACGDSC0 Application control gateway
module
One 40G Ethernet interface
LSQM2ACGDSC0 One 40G Ethernet interface
LSUM1ACGDEC0 Three 40G Ethernet interfaces
LSQM1ADEDSC0 Application delivery engine
module One 40G Ethernet interface
LSU1ADECEA0 Four 10G Ethernet interfaces
Internal interfaces for OAP modules
An OAP module integrates a front card and a rear card. The front card provides value-added security
services, such as firewall, intrusion prevention, and application control. The rear card is responsible
for data exchange between the front card and the switch. The rear card communicates with the front
card through the internal interface, as shown in Figure 1.
2
Figure 1 Internal interface diagram
Logging in to an OAP module
Logging in through the console port ontheOAP module
1. Connect one end of the console cable to the serial port of the configuration terminal (for
example, a PC).
2. Connect the other end of the console cable to the console port of the OAP module.
3. Start the PC and run a terminal emulation program, such as HyperTerminal.
4. Select the COM connection mode and set the terminal parameters as follows:
{Bits per second—9600.
{Data bits—8.
{Parity check mode—None.
{Stop bits—1.
{Flow control—None.
5. Follow the OAP module user guide to log in to the operating system of the OAP module through
the terminal emulation program.
Logging in through the management Ethernet port ontheOAP
module by using SSH
1. Connect the management Ethernet port of the OAP module to the network by using a network
cable.
2. Log in to the OAP module through the console port and enable the SSH server function on the
OAP module.
3. Assign an IP address to the management Ethernet port of the OAP module. Make sure the
management Ethernet port and the SSH client (an H3C device or a PC with SSHclient software)
can reach each other.
4. From the SSH client, establish an SSH connection to the IP address of the management
Ethernet port on the OAP module.
After the SSH connection is successfully established, you are logged in to the operating system of
the OAP module.
3
Logging in through the internal Ethernet interface ontheOAP
module by using SSH
When installed in the expansion slot of a device, an OAP module exchanges information with the
device through two internal interfaces:one serial port and one fast Ethernet interface. The fast
Ethernet interface is used for this login method.
To log in to the operating system of an OAP module through the internal Ethernet interface:
1. Connect the SSH client (for example, a PC) to the Ethernet port of the device by using a
network cable.
2. Log in to the OAP module through the console port and enable the SSH server function on the
OAP module.
3. Assign an IP address to the internal Ethernet interface on the OAP module. Make sure the PC
and the fast Ethernet interface on the OAP module can reach each other.
4. From the SSH client, establish an SSH connection to the IP address of the fast Ethernet
interface.
After the SSH connection is successfully established, you are logged in to the operating system of
the OAP module.
Logging in to the OAP module from the CLI of the device
IMPORTANT:
LSU1IPSBEA0, LSUM1ACGDEC0,and LSQM1ACGDSC0modules do not support this login
method.
From the CLI of the device, you can log in to the CLI of the OAP module. To return to the CLI of the
device, pressCtrl+K.
Perform the following task in user view:
Task Command
Log in to the CLI of the OAP module from the
device.
In standalone mode:
oapconnectslotslot-number
In IRF mode:
oap connect chassis chassis-number slotslot-number
Resetting OAP modules
CAUTION:
Resetting an OAP module might cause a service outage.
IMPORTANT:
•To avoid service data loss, close the operating system of an OAP module before resetting the
module.
•LSU1IPSBEA0, LSU1WCME0, LSUM1WCMX20RT, and LSUM1WCMX40RT modules do not
support this operation.
You can reset an OAP module to restore it to normal operation in the following situations:
•The OAP modulefails.
4
•The OAP module is not operating correctly. For example, the OAP module does not respond to
your operation.
Pressing the reset button of the OAP module has the same effect. The device can still identify and
control the OAP module after the module starts up again.
Perform the following task in user view:
Task Command
Reset the OAP module.
In standalone mode:
oaprebootslotslot-number
In IRF mode:
oaprebootchassischassis-numberslotslot-number
5
Configuring OAP
Overview
The Open Application Platform (OAP) is an open application protocol that is based on the Open
Application Architecture (OAA). OAA allows products from different vendors to operate together to
meet service requirements.
Figure 2 OAA diagram
As shown in Figure 2, OAA includes the following components:
•Routing/switching component—Provides routing and switching services. This component is
the control center of the entire architecture.
•Standalone service component—Provides services to meet specific requirements.
•Interfacing component—Connects the standalone service component to the
routing/switching component.
OAP is used for communication and cooperation between the routing/switching component and the
standalone service component. The routing/switching component is the OAP manager, and the
standalone service component is the OAP client.
The device can act as the OAP manager. The OAP manager software is integrated in the Comware
system.
The OAP client can be a third-party product or an OAP module. OAP modules provide value-added
services, such as security and wireless control. OAP modules have their own CPUs and storage
media. The OAP client software is integrated in the operating system of the OAP module as a
function.
You can install an OAP module in the device. For example, you can install an IDS/IPS OAP module
in the device to provide intrusion detection and protection services.
OAP functions
OAP provides the following functions:
•OAP clients register with and deregister from the OAP manager.
•The OAP manager assigns IDs to OAP clients to uniquely identify the clients.
•The OAP manager and an OAPclient exchange information to, for example, monitor each other
and synchronize the clock.
From the OAP manager, you can perform the following tasks:
•Restart OAP clients.
•Shut down OAP clients.
•Display OAP client information.
An OAP manager can manage up to 255 OAP clients.
6
OAPmanager timers
The OAP manager uses the following timers:
•Clock synchronization timer—Regularly triggers the OAP manager to send clock and time
zone synchronization notifications to OAP clients. This mechanism keeps the clients' clocks
synchronized with the manager's clock.
•Client monitoring timer—Regularly triggers the OAP manager to send client monitoring
packets to OAP clients.
Configuring OAP
IMPORTANT:
This feature is available on the following modules:
•LSU1FWCEA0
•LSUM1WCMX20RT
•LSUM1WCMX40RT
Enabling OAP
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter interface view. interface interface-type
interface-number N/A
3. Enable OAP. oap enable By default, OAP is disabled on an
interface.
Setting the clock synchronization timer
Step Command Remarks
1. Enter system view. system-view N/A
2. Set the clock synchronization
timer. oap timer clock-syncminutes By default, the clock
synchronization timer is set to 5
minutes.
Setting the client monitoring timer
Step Command Remarks
1. Enter system view. system-view N/A
2. Set the client monitoring timer. oap timer monitor seconds By default, the client monitoring
timer is set to 5 seconds.
7
Managing OAP clients
IMPORTANT:
This feature is available on the following modules:
•LSU1FWCEA0
•LSUM1WCMX20RT
•LSUM1WCMX40RT
You can restart or shut down an OAP client.
Restarting an OAP client
Step Command
1. Enter system view. system-view
2. Restart an OAP client. oap client rebootclient-id
Shutting down an OAP client
This feature applies only to OAP clients on Linux.
To shut down an OAP client:
Step Command
1. Enter system view. system-view
2. Shut down an OAP client. oap client closeclient-id
Displaying and maintaining OAP
IMPORTANT:
This feature is available on the following modules:
•LSU1FWCEA0
•LSUM1WCMX20RT
•LSUM1WCMX40RT
Execute displaycommands in any view.
Task Command
Display the summary registration information
of OAP clients. display oap client summary [ client-id ]
Display OAP client information. display oap client info [ client-id ]
8
Index
A
ACFP
OAP, 5
OAP function configuration, 5
OAP manager configuration, 6
application control forwarding protocol. SeeACFP
C
CLI OAP module CLI login, 3
client
OAP client management, 7
OAP client monitoring timer, 6, 6
OAP client restart, 7
OAP client shutdown, 7
clock
OAP clock synchronization timer, 6, 6
configuring
OAP, 6
OAP functions, 5
OAP module, 1
console
OAP module console login, 2
D
device
OAP function configuration, 5
OAP manager configuration, 6
OAP module CLI login, 3
OAP module configuration, 1
OAP module console login, 2
OAP module internal Ethernet interface
login, 3
OAP module internal interface, 1
OAP module login, 2
OAP module management Ethernet port
login, 2
OAP module reset, 3
displaying OAP, 7
E
enabling
OAP, 6
Ethernet
OAP module internal Ethernet interface
login, 3
OAP module management Ethernet port
login, 2
F
function
OAP client, 5
OAP manager, 5
I
interface
OAP module internal Ethernet interface login, 3
internal interface
OAP module, 1
L
logging in
OAP module, 2
OAP module CLI login, 3
OAP module console login, 2
OAP module internal Ethernet interface login, 3
OAP module management Ethernet port login, 2
M
managing
OAP client, 7
module
OAP module CLI login, 3
OAP module configuration, 1
OAP module console login, 2
OAP module internal Ethernet interface login, 3
OAP module login, 2
OAP module management Ethernet port login, 2
OAP reset, 3
N
network
enabling OAP, 6
OAP client management, 7
OAP client monitoring timer, 6
OAP client restart, 7
OAP client shutdown, 7
OAP clock synchronization timer, 6
OAP manager configuration, 6
OAP module CLI login, 3
OAP module console login, 2
OAP module internal Ethernet interface login, 3
OAP module login, 2
OAP module management Ethernet port login, 2
OAP module reset, 3
network management
OAP function configuration, 5
9
OAP module configuration, 1
OAP module internal interface, 1
O
OAA
OAP function configuration, 5
OAP manager configuration, 6
OAP module CLI login, 3
OAP module configuration, 1
OAP module console login, 2
OAP module internal Ethernet interface
login, 3
OAP module internal interface, 1
OAP module login, 2
OAP module management Ethernet port
login, 2
OAP module reset, 3
OAP
ACFP, 5
client, 5
client functions, 5
client management, 7
client monitoring timer, 6, 6
client restart, 7
client shutdown, 7
clock synchronization timer, 6, 6
display, 7
enable, 6
function configuration, 5
internal interface, 1
manager, 5, 5
manager configuration, 6
module CLI login, 3
module configuration, 1
module console login, 2
module internal Ethernet interface login, 3
module login, 2
module management Ethernet port login, 2
module reset, 3
Open Application
Architecture. SeeOAA
Platform. SeeOAP
P
port OAP module management Ethernet port
login, 2
procedure
displaying OAP, 7
enabling OAP, 6
logging in to OAP module (CLI login), 3
logging in to OAP module (console login), 2
logging in to OAP module (internal Ethernet
interface login), 3
logging in to OAP module (management Ethernet
port login), 2
managing OAP client, 7
resetting OAP module, 3
restarting OAP client, 7
setting OAP client monitoring timer, 6
setting OAP clock synchronization timer, 6
shutting down OAP client, 7
R
resetting
OAP module, 3
restarting
OAP client, 7
S
setting
OAP client monitoring timer, 6
OAP clock synchronization timer, 6
shutting down
OAP client, 7
SSH
OAP module internal Ethernet interface login, 3
OAP module management Ethernet port login, 2
T
timer
OAP client monitoring, 6, 6
OAP clock synchronization, 6, 6
Other manuals for S10500 Series
5
Table of contents
Other H3C Switch manuals
H3C
H3C S3100 Series User manual
H3C
H3C S10504 User manual
H3C
H3C S6800 Series User manual
H3C
H3C S3100 Series User manual
H3C
H3C S10500X Series User manual
H3C
H3C S3610 Series User manual
H3C
H3C S6800-54QF User manual
H3C
H3C s5800 series User manual
H3C
H3C H3C S5600 Series User manual
H3C
H3C S7500X Series User manual
H3C
H3C S5500-EI series User manual
H3C
H3C S9500 Series User manual
H3C
H3C S7500X Series User manual
H3C
H3C S9500 Series User manual
H3C
H3C S10500 Series User manual
H3C
H3C HSW-2024G User manual
H3C
H3C S7500X Series User manual
H3C
H3C S9500 Series User manual
H3C
H3C s5800 series User manual
H3C
H3C S5500-EI series User manual
