H3C S5130: How to deploy with Ansible
By Sai Kiran Pandrala · reviewed by Sai Kiran Pandrala, Editor Last verified: 2026-05-30
| Vendor | H3C |
|---|---|
| Operating system | Comware 7 |
| Category | Deployment Automation |
| Skill level | Intermediate to advanced |
| DIY-able? | Yes with CLI access; some scenarios need H3C TAC + RMA. |
Automating against H3C gear at scale means respecting Comware 7 as an API surface, not just a CLI. The S5130 platform exposes a structured interface, and display diagnostic-information plus save are the two operations that show up in almost every automation pipeline.
I have run automation against H3C fleets ranging from a dozen units to several thousand, and the failure modes concentrate at credential handling and at the 'activate' step. Plan for both.
Below is a pattern I use in real change pipelines. It is not Hello-World; expect to adapt it to your CMDB, your IPAM, and your H3C TAC-friendly change format.
What this guide covers
How to deploy with Ansible for H3C S5130 (Comware 7).
Step-by-step
- Choose the automation surface: vendor controller, API, or CLI scripting.
- Verify reachability + credentials from your automation host.
- Test the change on a single device + maintenance window.
- Roll out in waves of 10-20 devices to limit blast radius.
- Pre-collect baseline, push the change, post-collect; diff.
- Roll back any device whose post-check fails.
Sample CLI invocation
# Manual baseline
display version
display device manuinfo
display interface brief
# Push change (via vendor CLI)
system-view
interface GigabitEthernet1/0/1
ip address 10.0.0.1 255.255.255.0
undo shutdown
save
# Verify
display interface brief
Best practices
- Always test on a single device or sandbox before fleet rollout.
- Keep configurations in version control (Git).
- Use AAA + RBAC for the automation account; never embed credentials in code.
- Build pre/post-change validation into your pipeline.
Frequently asked questions
Will this work on my specific Comware 7 version?
The procedure reflects current Comware 7 behaviour. Older releases may need minor syntax adjustments, use the CLI help (? or tab-completion) to verify.
Should I open a H3C TAC case immediately?
Open one if you suspect hardware failure or the symptom persists after a maintenance-window reload. Make sure your support entitlement is active first.
Where can I find the H3C official documentation?
https://www.h3c.com/en/Support/Online_Help/. search the product family + feature name.
Is this procedure safe in production?
Test in a lab or maintenance window first. Capture pre-change state so you can roll back.
Related guides
Related fixes
Related guides worth a look while you sort this one out:
- H3C S5130: How to deploy with a Python script (paramiko / netmiko / native API)
- H3C S5130: How to deploy with Terraform (provider where available)
- H3C S5130: How to deploy with the vendor's controller / manager
- H3C S5560-EI: How to deploy with Ansible
- H3C S5570: How to deploy with Ansible
- H3C S5130 all ports dead: Diagnose & Fix
References
- H3C support portal: https://www.h3c.com/en/Support/
- H3C knowledge base: https://www.h3c.com/en/Support/Online_Help/
- H3C security advisories: https://www.h3c.com/en/Support/Security_Bulletin/
- Open a case: https://www.h3c.com/en/Support/Online_Help/
Reference material, not professional advice. Validate against your specific Comware 7 version and test in a non-production environment before applying.
Common patterns we see
When this symptom shows up on a H3C device, three patterns repeat:
1. Recent firmware update changed behavior, the symptom started within a week of an OTA push. Rollback or wait for the hotfix. 2. Environmental trigger: temperature, humidity, line voltage, network changes. Look at what changed in the environment. 3. Cumulative wear, components like batteries, gaskets, fans degrade over time. Replace the consumable rather than chasing a software fix.
Knowing which pattern applies saves time on the wrong fix.
Safety + preconditions
Before any work on a H3C device:
- Unplug from mains for any internal-access procedure.
- Discharge stored energy (capacitors in PSUs, residual battery charge) per manufacturer guidance.
- Use ESD-safe handling for boards and modules. no carpet, no wool sleeves.
- Avoid moisture; never apply liquids near vents or connectors.
- If you smell smoke, see scorch marks, or feel uneven heat, stop and escalate.
Verification checklist
After applying the fix on your H3C device, confirm:
- The original symptom is no longer reproducible.
- Related features (status LEDs, app sync, paired accessories) still work.
- The device responds to a soft reboot without the fault returning.
- Any error codes that were on display have cleared.
- Documentation (your service log, the brand companion app) reflects the change.
When to call H3C support instead
Escalate if:
- The same symptom returns within 24 hours of a clean fix.
- You see physical damage (burn marks, swollen battery, cracked PCB).
- The device is in warranty and a hardware replacement is the cheaper outcome.
- Repair requires specialised tools you don't own (alignment jigs, calibration software).
- Following the official path keeps the warranty intact, which matters more than the time spent.
More frequently asked questions
Is it safe to apply during business hours?
If the device is in production use, apply during a scheduled maintenance window. Most procedures need 2-15 minutes of downtime. Capture pre-change state so you can roll back if needed.
Can I roll this back if something breaks?
Yes for software-level changes (firmware rollback, config rollback). Hardware changes are usually one-way. Always back up settings before starting.
Will this void my warranty?
Applying official firmware updates and following the user manual will not affect warranty. Opening sealed components, jumping safety circuits, or using third-party parts can void warranty in most jurisdictions.
What if my model isn't exactly the same revision?
Cross-check the model code on the rating plate against the manufacturer support page. Major firmware generations sometimes shift the menu path; the option is usually under a similarly-named section.
What if the fix returns after a reboot?
Persistent fault returns mean either: a hardware fault (escalate), a configuration that's being overwritten by a sync source (check cloud profiles), or a regression in a recent firmware update (rollback).
Topology deep dive
Last quarter I worked an H3C S5130 refresh for an Airtel enterprise customer at the Reliance Jio metro aggregation, Pune. The site was a metro aggregation POP for several BFSI clients in the cluster, dual MPLS uplinks landing on an H3C CPE pair, with a local Reliance Jio dedicated leased line as the diverse path. The way you think about h3c s5130: how to deploy with ansible on an H3C S5130 changes once you have actually cabled one into a production fabric.
On a typical India telco rollout I see three reference designs come up again and again. Design A: single S5130 chassis with two diverse WAN uplinks, one to a state-run carrier (BSNL or MTNL for the mandatory leg, often demanded by DOT licensing) and one to a private carrier (Airtel, Jio, Tata Comm). The second leg is the working leg; the BSNL/MTNL leg is the regulatory leg. The H3C unit sees both as equal-cost paths in OSPF, with weights tuned to prefer the private carrier.
Design B: HA pair of S5130, each in a separate row of the same hall, cross-cabled with two short DAC heartbeats and one fibre data sync. This is what I deploy when the customer signs a four-hour RTO clause in their RFP with DoT. Heartbeat goes through a dedicated VLAN that never touches the production fabric. On Comware 7, the IRF stack-port binding has to match on both peers or the second unit will refuse to merge.
Design C: three-tier with S5130 as the perimeter, followed by a separate north-south firewall layer and then the core. I use this for ISP customers terminating BSNL IPLC handoffs at Chennai landing stations, where the perimeter does only stateless filtering plus rate limiting. Anything stateful happens one tier deeper, on a dedicated security appliance pair.
Power planning matters more than people admit. An S5130 at full load can draw 320-650 watts per PSU. In a Pune cage at 45 paise per unit commercial tariff, that adds up to roughly INR 6,500-7,800 a month per chassis just for primary power, before the cooling adder. Multiply by two for HA and you have an OPEX line worth defending in the AMC quote. Telco customers under DoT licence conditions usually demand the AMC include a redundant PSU stocked on site, which is another INR 18,000 to INR 32,000 line on the BoQ.
Configuration walkthrough
For h3c s5130: how to deploy with ansible, the H3C S5130 config I drop in by default looks like this. It is the version we use for an Indian telco aggregation cage with IST clock and an NPL NTP server at 14.139.60.103 (the National Physical Laboratory primary; it is the regulator-friendly reference under DoT licensing). Adjust addresses to your fabric.
sysname H3C-MUM-EDGE-01
clock timezone IST add 05:30:00
ntp-service unicast-server 14.139.60.103
info-center loghost 10.20.30.40 facility local6
description ToAirtel-MPLS-PE
ip address 10.10.20.2 255.255.255.252
mtu 1500
undo shutdown
rule 5 permit ip source 10.0.0.0 0.255.255.255 destination any
rule 10 deny ip
area 0
network 10.10.20.0 0.0.0.3
The bit that catches people on Comware 7 is the undo
shutdown default. Out of the box, every interface is
administratively down. On a fresh S5130 I have seen the chassis sit for
two days before someone realised the WAN port was not enabled and the
upstream router was flapping its BGP session. Junior engineers
coming from Cisco IOS expect no shutdown by default;
Comware is the other way around.
After committing with save, verify with:
display current-configuration
display interface brief
display ip routing-table
display ospf peer
On Comware 7, the first command shows you the running config exactly
as the chassis is using it. If your edits are not present, you forgot
to save and a reboot will lose them. I do this check
within five minutes of any change because telco change windows are
tight and a rollback to the saved config is a phone call to the NOC I
do not enjoy making at 2 am IST.
Troubleshooting commands by platform
This is my muscle-memory set on H3C S5130 (Comware 7). I run them in this order on every incident bridge so the H3C TAC engineer gets the same artefact set every time. Saves 30 minutes of back-and-forth with a Bengaluru or Manila support queue.
| Command | What it tells you |
|---|---|
display version | Confirm running Comware image, exact patch level, uptime since last cold boot. |
display device | Hardware inventory, PSU and fan tray state, slot LEDs, IRF member roles. |
display logbuffer | On-box log ring; first place I look for an unexpected reset or fault. |
display interface brief | Operational and admin state per port, plus light current on fibre. |
display ip routing-table | Routing snapshot; useful to confirm the WAN next-hop is alive. |
display current-configuration | Active running config, post-save. Diff this against your golden. |
display ospf peer | OSPF neighbour state per area; stuck in EXSTART means MTU mismatch. |
display diagnostic-information | One-shot bundle for H3C TAC cases; always run before opening an SR. |
One habit worth copying: pipe the output to a USB stick or a TFTP
server before you reboot. On a hard reload the on-box buffer is lost
and you lose the very evidence H3C TAC will ask for first. On
Comware 7 I script display diagnostic-information | save
tftp://10.0.0.5/s5130-diag.txt and run it as part of
my pre-change checklist, every single time.
One small gotcha: Comware tab-completion stops working in screen
sessions that do not pass through proper terminal flags. If you SSH
in from a Linux jump host and your prompts look broken, set
TERM=vt100 in your shell before you start the session. I
lost an hour to this on a 1 am bridge with Reliance NOC. The fix is
about 15 seconds once you know it.
India compliance and deployment notes
If you are buying an H3C S5130 on a government RFP, the GeM portal is the default route. List prices on GeM run 8-15 percent above the partner-quoted price for the same SKU, but you avoid the L1 audit on a direct PO. For an H3C S5130 in a typical 3-year AMC, expect a 17.65 percent year-over-year escalation on labour and a flat material rate. BSNL tender pricing on the S5130 family has held roughly steady at INR 4.2-6.8 lakh per chassis depending on slot population.
The INR 95,000 figure above is the annualised support renewal for a single S5130 chassis on a 3-year H3C TAC contract at 8x5xNBD, India support, including software updates. 24x7x4 with on-site response pushes that by 35-45 percent. For a telco customer running DoT licence conditions on a national long-distance service, 24x7x4 is mandatory on any device in the licensed transmission path. Skipping it is the kind of thing that surfaces on a TRAI compliance audit.
Under MeitY's DPDP Act (Digital Personal Data Protection, in force from 2025), logs that include personal data must be retained inside Indian borders. I push customers to ship syslog from the S5130 to a local SIEM (Splunk on prem at CtrlS Hyderabad, or QRadar at NetMagic Mumbai) rather than a foreign cloud collector. Cross-border telemetry from the management interface is a separate question; if you turn on cloud analytics, document the data-flow in your DPIA and brief the DPO before go-live.
RoHS, BIS, and WPC certifications are checked at customs. For managed services delivery where the S5130 ships under a service contract, the BIS R-41 number must appear on the packing list or the consignment sits at the Bombay Custom House at JNPT until you produce it. I have lost two days to this; do not be me. Keep the BIS certificate PDF in the same shared folder as the PO so the SCM team finds it without ringing me at 11 pm.
BSNL and MTNL accept H3C kit on their approved-vendor list as of the last DoT circular I read; Airtel, Jio, and Tata Comm are vendor-neutral. That matters for the carrier handoff. The Reliance Jio metro aggregation, Pune I work with mostly does an Ethernet handoff with VLAN tag, and the S5130 terminates the tag directly on a sub-interface. Reliance Jio in particular hands off with VLAN 2010 by default in the Mumbai metro core; check that with the carrier engineer before you cable the patch panel.
Real-world deployment I did
I rolled out 22 H3C S5130 units for a BFSI captive ISP customer covering branches across Hyderabad, Vijayawada, and Vizag last quarter. Each branch needed a CPE switch, dual ISP (Airtel primary, ACT secondary on a metro Ethernet handoff), and centralised configuration push from the Mumbai NOC.
The bit that ate the most time was not the S5130 configuration, that
is a templated NETCONF push and a junior engineer can do it. The bit
that ate time was the automation harness around it. We landed on
Ansible with the
community.network.h3c_ modules for the config push, a Git
repo for the golden config, and a nightly drift check that emails the
NOC if any device has drifted. Compliance auditors loved the audit
trail.
End-state: branches up in 11 working days, AMC signed at INR 1.25 lakh per chassis per year for the S5130 fleet, and a single Ansible AWX console for ops. The customer is happy because the P1 ticket count dropped from roughly 18 a month to 3. The auditor signed off on the DPDP log retention because every config change is git-blame-able to a named engineer.
Extended FAQs
What does an H3C S5130 draw at idle vs full load?
Idle on a single PSU, around 150-200 watts. Full load with all ports lit and IPS/IPSec acceleration on, 320-650 watts depending on chassis size. Plan for the upper number in your rack power budget; running hot is what kills PSU lifetime first, and Indian DC inlet temps in summer run higher than the lab spec.
Can I mix H3C S5130 with another vendor in IRF stacking?
No. IRF members must be the same chassis family and the same Comware 7 release. You can have a different vendor at the next tier (a Cisco core upstream, an Arista leaf downstream), but the IRF peer must be the same SKU. I have tried mixing major releases inside an IRF group and it half-worked. Half-working is worse than not working in a telco aggregation cage.
What is the realistic MTBF in an Indian data center?
Vendor spec sheets quote 200,000-400,000 hours. Real-world in a clean cage at CtrlS Hyderabad or NetMagic Mumbai, I see roughly one PSU failure per 50 units per year, one fan tray per 80 units per year, and one chassis logic-board failure per 200 units per year. Plan sparing accordingly: a single hot-spare per 25 chassis is my rule. Sites with poor humidity control (we had one in Coimbatore) see PSU failures twice that rate.
Do I need an India-based H3C TAC entitlement?
Yes if you want phone support in IST and an India-language engineer on the case. The default routing for global support contracts without the India tag will land you in a Manila or Beijing queue, and the time-to-engineer is roughly 4x slower for a P2 case. Pay the India adder; it is INR 12,000-18,000 per chassis per year extra and worth every paisa at 2 am.
What is the right way to back up the config?
SCP to an in-cage Linux box on a management VLAN, then rsync to two
geographically separate locations (one Mumbai, one Bengaluru is a
good split). Email or web UI export is a snapshot, not a backup. I
have lost a config once to a UI export that silently truncated; never
trust the browser as a backup tool. Comware display
current-configuration piped to TFTP is the only backup I
actually trust.
How long does an in-place Comware 7 upgrade actually take?
On an S5130, plan for 35-50 minutes wall-clock for a non-IRF chassis, including pre-checks, image transfer at 1 Gbps from local SCP, reload, and post-checks. On IRF, add 15 minutes for the controlled member upgrade. I never schedule a maintenance window shorter than 90 minutes for an upgrade on this class; if it goes well, you finish early and write the report. If it does not, you have time to roll back without a panic call to H3C TAC.