Cisco vs Huawei Essential Command Mapping


What I LIKE in Huawei after few weeks using it
-open SFP
that mean you can use any sfp brand, it will not complain, but I don’t know that will void warranty
in Aruba you can use 3rd party sfp but that will void warranty
in Ruckus open SFP as well but won’t void warranty
-1 year warranty
like Cisco
unlike Aruba and Ruckus which is limited lifetime warranty (the best in warranty, you can have 100 years warranty)
-price could be cheaper than anything else
that’s why most countries using it nowadays
-almost all the switches are L3 switch
if you want more feature such as vxlan, just add license
-telco in mind
you can have AC or DC power module in the back. if you want to change AC to DC, just add DC module
if you want more poe power just add two AC power modules
it has anti static port in the back

-save need in User mode
unlike Cisco that you type “do wr me” in config mode
unlike Aruba that you just type “wr me” in any mode
-who answer in forum is not technical enough compare to Cisco and Aruba forum

[no equivalent: shows the files used for startup]display startup (user mode)
bootboot bootrom
clear access-list countersreset acl counter all (user mode)
clear countersreset (user mode)
clear cryptoipsec sa
ike sa
clear interfacereset counters interface
clear ip bgpreset bgp all
clear ip cefreset ip fast-forwarding
clear ip route *reset ip routing-table statistics protocol all
conf tsystem-view
copy running-configsave filename
debug / no debugdebugging / undo debugging
debug pvc negodebug atm all (very dangerous – might crash router)
disablesuper 0 (number is privilege level from 0 to 3, where 3 is default and equivalent to “enable” on Cisco)
enable secret (conf mode)super pass cipher (system mode)
endreturn or ctrl+z
ip tacacshwtacacs nas-ip (this command doesn’t exist !!!)
router bgpbgp
router riprip
sendsend (user mode)
show atm pvcdisplay atm pvc-info
show clockdisplay clock
show controllerdisplay controller (but not relevant for non-modular chassis)
show crypto isakmp keydisplay ike peer
show crypto isakmp policedisplay ike proposal
show crypto isakmp sadisplay ike sa
show dsl int atm 0display dsl status interface atm 2/0
show flashdir flash: (user mode)
show frame-relay pvcdisplay fr pvc-info
show interfacesdisplay interface
show ip bgpdisplay bgp routing-table
show ip interfacedisplay ip interface
show ip nat translationdisplay nat session
show ip routedisplay routing-table
show loggingdisplay logbuffer
show policy-map interfacedisplay qos policy interface
show portdisplay port-mapping
show snmpdisplay snmp-agent statistics
show startupdisplay saved-configuration
show techdisplay diagnostic-information
show usersdisplay users
show versiondisplay version
snmp-servertftp-server (system mode)
tacacs-serverhwtacacs scheme (system mode)
terminal lengthscreen-length disable
undo screen-length disable
terminal monitorterminal debugging (user mode)
terminal no monitorundo terminal debugging (user mode)
write erasereset saved-configuration
write mem (or wr or copy run start)save
write terminal (sh run)display current-configuration

Enabling Portfast




-to enable
interfaces {
interface-range ACCESS {
member-range ge-0/0/6 to ge-0/0/45;
protocols {
rstp {
interface ACCESS {
ethernet-switching-options {
bpdu-block {
disable-timeout 60;

-to check EDGE on/off
# run show spanning-tree interface detail | match “Link type”
Link type : Pt-Pt/NONEDGE
Link type : Pt-Pt/NONEDGE
Link type : Pt-Pt/NONEDGE
Link type : Pt-Pt/NONEDGE
Link type : Pt-Pt/NONEDGE
Link type : Pt-Pt/EDGE

Mac 26s
Win 5s

Mac 28s
Win 9s

RAP-3WNP Basic Config

To factory reset the RAP-3:
-Remove power to RAP
-Insert a small object into the reset hole and press and hold the button
-Continue holding the button in while powering on the RAP-3.

-Hold this for up to 10 seconds.  The lights on the RAP will flash

-You must connect WAN ethernet cable to E0.
Otherwise you won’t get instant open ssid
-turn on its power and wait 4min
-connect your pc wifi to “instant” open ssid
you will get ip
on the LAN, you will get ip after configuration if DHCP Server is not configured
Username: admin

Password: admin

-click System/General
NTP server:
Timezone: Jakarta UTC+07
-click System/Admin
change password
-click 1 Network/New
WLAN Settings
   Name: aruba
   Privacy usage: Employee
   Client IP assignment: Network assigned
   lient VLAN assignment: Default

   click Finish

Set DHCP Server
-click More/DHCP Server
Domain name:

DNS Server(s):,

Allow all to wired-instant
-click Security/Roles/wired-instant

   set to Allow any to all destinations

To remove Network
-click unwanted Network

   on the right, you will see x, click that

To set Internal user for authentication

-click Security/Users for Internal Server

To set AD for authentication
-click Security/Authentication Servers
-click New
Name: AD1
IP address:
Auth port: 389
Admin-DN: aruba
Admin password:
Retype password:
Base-DN: cn=Users,dc=ngtrain,dc=com
Filter: (objectclass=*)

Key attribute: sAMAccountName

To set Captive portal for Guest users
-click Networks/New
WLAN Settings
  Name: Guest
   Primary usage: Guest
Client IP & VLAN Assignment
   click Network assigned
   click Default
Security Level
   Splash page type: Internal – Authenticated
   Auth server 1: here choose InternalServer or AD1 (can’t choose both)
click Finish

-user need to connect to Guest SSID then authenticate either using InternalServer or AD user first

To convert from IAP to RAP or CAP
-click Maintenance/Convert
Convert one or more Access Points to:
Remote APs managed by a Mobility Controller
Campus APs managed by a Mobility Controller

Standalone AP

To get Tech Support dump

-click More/Support/Run

To backup configuration
-click Maintenance/Configuration tab

-click Backup Configuration

To upgrade firmware
-every time you doing upgrade. You must back up the configuration first, otherwise it will gone after upgrading firmware
-download Conservative firmware from
-click Maintenance/About tab
noted down current firmware version
-click Firmware tab
click Browse and point to the downloaded firmware
click Upgrade Now
Conservative vs Standard difference
Over the years there has been a lot of confusion around the “Early Deployment (ED)” and “General Availability (GA)” tags.  These tags implied incorrect classifications and did not do an effective job indicating which release a customer should choose.  Any customer with a valid support account could download all releases with either tag.  The GA tag implied only the GA code could be freely downloaded and the ED tag gave the perception the releases were Beta code, not fully tested and not supported.
We are updating the names to clarify the differences between the releases and make it easier to know which release to run.  GA is renamed the Conservative release.  Conservative releases are for customers who prioritize stability over new features.  Customers who only run code that has soaked in the field at hundreds of customer sites should run the Conservative release.  Releases will typically take ~3-6 months to earn the Conservative tag.  ED is renamed the Standard release with no tag associated with it.  These releases have gone through full Aruba QA testing including system, scale and regression testing and they are fully supported by Aruba TAC.

Backup Aruba config using Expect

In this test, I am using MC3400 as an example
I install tftp server and expect in Ubuntu, so that I can set cronjob to backup every week

P: Password
Enable password: enable

-set correct timezone
# timedatectl set-timezone Asia/Jakarta

-Install TFTP Server
# apt-get install tftpd-hpa
# mkdir /tftpboot
# chmod -R 777 /tftpboot
# chown -R nobody /tftpboot

# cat /etc/default/tftpd-hpa
TFTP_OPTIONS=”-s -c -l”

# service tftpd-hpa restart

-install tftp client to test upload file is working
# apt-get install tftp
# touch test.txt
# tftp
tftp> put test.txt
# ls /tftpboot
file test.txt should be there

-Install AutoExpect
# apt-get install expect-dev -y

-create backup script
# cat
#!/usr/bin/expect -f
set DATE [exec date +%Y%m%d%H%M]
spawn ssh admin@
expect “password:”
send — “Password\r”
expect “>”
send — “enable\r”
expect “Password:”
send — “enable\r”
expect “#”
send — “copy running-config tftp: $DATE-config.cfg\r”
send — “tar logs tech-support\r”
send — “copy flash: logs.tar tftp: $DATE-logs.tar\r”
send — “backup flash\r”
send — “copy flash: flashbackup.tar.gz tftp: $DATE-flashbackup.tar.gz\r”
send — “copy flash: local-userdb-export tftp: $DATE-local-userdb.bin\r”
send — “exit\r”
send — “exit\r”
expect eof
1. How to get Aruba hostname (show hostname) and put into Expect variable
2. Need to find out what files need to back up in CPPM and VMC, and what are the commands

Reuse evaluation key

Using the trial/eval keys, you can re-use them 3 times for up to 90 days.
After 90 days or before, you will have to backup the config (NOT a flash backup), wr erase all, and then either re-configured (great practice) or paste in the new config.
You cannot use the flash backup as it will restore the old key timers and will show expired upon reboot.
Backup Config Only
In the WebUI
1.Navigate to the Maintenance > File > Copy Files page.
2.Select the source where the file or image exists.
3.Select the destination to where the file or image is to be copied.
4.Click Apply.
In the CLI
copy startup-config flash: <filename>
copy startup-config tftp: <tftphost> <filename>
copy running-config flash: <filename>
copy running-config ftp: <ftphost> <user> <password> <filename> [<remote-dir>]
copy running-config startup-config
copy running-config tftp: <tftphost> <filename>
The default.cfg cannot be overwritten at runtime through tftp/ftp.
Copy the file into the controller under a different name, then set boot boot config-file to that file.
After a reboot, if you would like this to be your default.cfg, set the boot config-file back to default.cfg
then issue a write mem.

Upgrade Aruba Mobility Controller Firmware

1. Backup config
#backup flash
-click Maintenance/File/Backup Flash/Create Backup
-list backup file
-rw-r–r–    1 root     root          446 Jan 11 06:35 AUDITTRAIL-HISTORY.log
-rw-r–r–    1 root     root          230 Jan 11 06:35 AUDITTRAIL-LOGIN_OUT-HISTORY.log
-rw-r–r–    1 root     root        14136 Jan 11 06:34 default.cfg
-rw-r–r–    1 root     root         7617 Jan 11 06:16 default.cfg.2016-01-11_06-16-50
-rw-r–r–    2 root     root         7698 Jan 11 06:24 default.cfg.2016-01-11_06-24-03
-rw-r–r–    1 root     root        10621 Jan 11 06:34 default.cfg_writemem_2016-01-11_06-34-53
drwxr-xr-x    3 root     root         1024 Jan 11 06:26 fieldCerts
-rw-r–r–    1 root     root        23327 Jan 12 00:29 flashbackup.tar.gz
-rw-r–r–    1 root     root         1324 Nov  8 17:22 lic
-rw-r–r–    2 root     root         7698 Jan 11 06:24 original.cfg
drwx——    2 root     root         1024 Nov  8 10:02 tpm
-copy backup somewhere else
#copy flash: flashbackup.tar.gz ftp: ftp Password
Maintenance/File/Backup Flash/Copy Backup
-export license
#license export license
-rw-r–r–    1 root     root          446 Jan 11 06:35 AUDITTRAIL-HISTORY.log
-rw-r–r–    1 root     root          230 Jan 11 06:35 AUDITTRAIL-LOGIN_OUT-HISTORY.log
-rw-r–r–    1 root     root        14136 Jan 11 06:34 default.cfg
-rw-r–r–    1 root     root         7617 Jan 11 06:16 default.cfg.2016-01-11_06-16-50
-rw-r–r–    2 root     root         7698 Jan 11 06:24 default.cfg.2016-01-11_06-24-03
-rw-r–r–    1 root     root        10621 Jan 11 06:34 default.cfg_writemem_2016-01-11_06-34-53
drwxr-xr-x    3 root     root         1024 Jan 11 06:26 fieldCerts
-rw-r–r–    1 root     root        23327 Jan 12 00:29 flashbackup.tar.gz
-rw-r–r–    1 root     root         1324 Nov  8 17:22 lic
-rw-r–r–    1 root     root         1469 Jan 12 00:48 license
-rw-r–r–    2 root     root         7698 Jan 11 06:24 original.cfg

drwx——    2 root     root         1024 Nov  8 10:02 tpm

2. Download firmware

A. Go the the Aruba support site.
(Login with your partner account)
Read the release notes for upgrade order i.e
Upgrading From an Older version of ArubaOS Before you begin, verify the version of ArubaOS currently running on your controller. If you are running one of the following versions of ArubaOS, you must download and upgrade to an interim version of ArubaOS before upgrading to ArubaOS
For ArubaOS 3.x.versions earlier than ArubaOS, download the latest version of ArubaOS 3.4.5.x.
For ArubaOS 3.x or ArubaOS 5.0.x versions earlier than ArubaOS, download and install the latest version of ArubaOS 5.0.4.x.
For ArubaOS or versions, download and install the latest version of ArubaOS 6.0.1.x
Go to download software.
B. Choose the relevant ArubaOS that fit your controller model.
C. Read the release notes (upgrade notes)
D. Download the firmware to your pc.
E. Login to the the controller as admin
Go the maintenance

Choose the right method (I prefer ftp)

Use ftp much faster than tftp
3CDaemon (old..but working when needed – found some download links for u)
TFTPd (my favorite *There is also 64bit bersion)

Note: If you are planning to upgrade a 3200 to 6.2 that one requires that you upgrade the memory

3. upgrade non default boot

4. it will automatically reboot and choose partition that we upgrade (partition 1) as default boot

5. because current default boot is partition 1 and we want to upgrade all the latest firmware into partition 1.

We need to boot from partition 0 first then upgrade partition 1

boot from partition 1
You have to reboot the controller and enter in the cpboot mode.
You do it by when you reboot the controller just press mm enter enter until you get this mode…
It will tell press any key to enter in the cpboot but it just like 3 secs… so i just press enter until i get into it
After that
For Partition 0
cpboot> bootf 0
For Partition 1
cpboot> bootf 1
click Maintenance/Controller/Boot Parameters
6. Once partition 1 upgraded to latest version then we can do the same thing to partition 0

7. I encounter this error “write Device: No such file or directory” when I upgrade from

Log in to the WebUI from the PC or workstation.
Navigate to the Maintenance > Controller > Image Management page. Select the Upload Local File option, and click the Browse button to navigate to the image file on your PC or workstation.
To see the current boot partition, navigate to the Maintenance > Controller> Boot Parameters page.
Select No for Reboot Controller After Upgrade. Reboot manually after the upgrade.
Click Upgrade. Ignore the following error message when the upgrade is complete: “write Device: No such file or directory”
Navigate to Controller > Boot Parameters. Make sure that the partition you upgraded to is the boot partition.
Navigate to Controller > Reboot Controller. Select Yes next to Save Current Configuration Before Reboot?
When the boot process is complete, log in to the WebUI and navigate to the Monitoring > Controller > Controller Summary page to verify the upgrade, including country code. The Country field displays the country code configured on the controller

3400 Basic Config

L: admin
# clock set 2016 january 10 20 35 00
(config) # ip name-server
(config) #clock timezone GMT +7
(config) #ntp server
-adding license
(config) #license add Qk2xOyvN-+35poVEz-5fHDA7fS-UzoWBNB9-ifi5jF0F-eC8
The limit for Access Points has been constrained to the platform limit [256]
#show license
License Table
Key                                               Installed    Expires     Flags  Service Type
—                                               ———    ——-     —–  ————
Qk2xOyvN-+35poVEz-5fHDA7fS-UzoWBNB9-ifi5jF0F-eC8  2016-01-10   2016-02-09         Access Points: 512
                                                  21:12:03[1]  21:12:03
License Entries: 1
Flags: A – auto-generated; E – enabled; R – reboot required to activate
click Configuration/Network/Controller/License Management/Licenses
copy and paste the license into “Add New License Key”
(config) #interface vlan 1
(config-subif)#ip address
Switch IP Address is Modified. Switch should be rebooted now
(config) #ip default-gateway
(config) #write memory