Comware

January 28, 2022

HPE Comware: Essential Commands and Configurations

Updated: December 21, 2024

If you work with HPE Comware switches, you know how handy they are for managing networks. But getting the most out of them means knowing the right commands. This guide pulls together some of the most useful commands to help you handle everyday tasks and more advanced configurations.

---

Getting Started: Key Commands

Display Interface Status

To quickly view interface details:

display interface brief

Retrieve Serial Number

For hardware verification or support:

display device manuinfo

---

VLAN and Backup Configurations

Tag VLAN 1

To enable VLAN 1 on trunk ports:

port trunk permit vlan 1

Backup Switch Configuration

Create a backup of your switch configuration:

backup startup-configuration to <backup server IP>

Reset and Wipe Configuration

To reset the configuration for troubleshooting or repurposing:

reset saved-configuration main
reset saved-configuration backup
reboot
n
y

---

Secure Access Setup: SSH, SFTP, and TACACS

Setting up secure remote management is critical. Below are the steps to enable SSH, SFTP, and TACACS on Comware switches.

Generate RSA Keys

public-key local create rsa

Enable SSH and SFTP

ssh server enable
undo ssh server compatible-ssh1x
sftp server enable

Configure SSH User

ssh user admin service-type all authentication-type password

Set Up Local User

local-user admin
service-type ssh telnet terminal

Configure TACACS Servers

Replace <ip> and <tacacspassword> with your TACACS server details.

tacacs-server host <primary IP> key <password>
tacacs-server host <secondary IP> key <password>

Define AAA Authentication and Accounting

aaa authentication login privilege-mode
aaa authentication ssh login tacacs local
aaa authentication console login tacacs local
aaa accounting exec start-stop tacacs
aaa accounting commands stop-only tacacs

---

Advanced TACACS Configuration

Set Up HWTACACS Scheme

hwtacacs scheme CPPM
primary authentication <primary IP>
primary authorization <primary IP>
primary accounting <primary IP>
key authentication simple <password>
key authorization simple <password>
key accounting simple <password>
user-name-format without-domain

Configure Domain

domain domain.com
authentication login hwtacacs-scheme CPPM local
authorization login hwtacacs-scheme CPPM local
accounting login hwtacacs-scheme CPPM
accounting command hwtacacs-scheme CPPM
authorization command hwtacacs-scheme CPPM

Set Default Domain and Roles

domain default enable domain.com
role default-role enable

Configure User Interface Access

line vty 0 63
authentication-mode scheme
user-role network-operator
command authorization
command accounting