Documente Academic
Documente Profesional
Documente Cultură
313189-F Rev 00
May 2006
4655 Great America Parkway
Santa Clara, CA 95054
Getting Started
Ethernet Routing Switch 8600 Software
Release 4.1
Trademarks
Nortel, Nortel Networks, the Nortel logo, and the Globemark are trademarks of Nortel.
Adobe and Acrobat Reader are trademarks of Adobe Systems Incorporated.
Microsoft, Windows, and Windows NT are trademarks of Microsoft Corporation.
UNIX is a trademark of X/Open Company Limited.
The asterisk after a name denotes a trademarked item.
Statement of conditions
In the interest of improving internal design, operational function, and/or reliability, Nortel reserves the right to make
changes to the products described in this document without notice.
Nortel does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s)
described herein.
Portions of the code in this software product may be Copyright 1988, Regents of the University of California. All
rights reserved. Redistribution and use in source and binary forms of such portions are permitted, provided that the above
copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials,
and other materials related to such distribution and use acknowledge that such portions of the software were developed
by the University of California, Berkeley. The name of the University may not be used to endorse or promote products
derived from such portions of the software without specific prior written permission.
SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
In addition, the program and information contained herein are licensed only pursuant to a license agreement that contains
restrictions on use and disclosure (that may incorporate by reference certain limitations and notices imposed by third
parties).
313189-F Rev 00
General
a.
If Customer is the United States Government, the following paragraph shall apply: All Nortel Software
available under this License Agreement is commercial computer software and commercial computer software
documentation and, in the event Software is licensed for or on behalf of the United States Government, the
respective rights to the software and software documentation are governed by Nortel standard commercial
Getting Started
4
license in accordance with U.S. Federal Regulations at 48 C.F.R. Sections 12.212 (for non-DoD entities) and
48 C.F.R. 227.7202 (for DoD entities).
b.
Customer may terminate the license at any time. Nortel may terminate the license if Customer fails to comply
with the terms and conditions of this license. In either event, upon termination, Customer must either return
the Software to Nortel or certify its destruction.
c.
Customer is responsible for payment of any taxes, including personal property taxes, resulting from
Customers use of the Software. Customer agrees to comply with all applicable laws including all applicable
export and import laws and regulations.
d.
Neither party may bring an action, regardless of form, more than two years after the cause of the action arose.
e.
The terms and conditions of this License Agreement form the complete and exclusive agreement between
Customer and Nortel.
f.
This License Agreement is governed by the laws of the country in which Customer acquires the Software. If
the Software is acquired in the United States, then this License Agreement is governed by the laws of the state
of New York.
313189-F Rev 00
Contents
How to get help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Finding the latest updates on the Nortel Web site . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Getting help from the Nortel Web site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Getting help over the phone from a Nortel Solutions Center . . . . . . . . . . . . . . . . . . . . 14
Getting help from a specialist by using an Express Routing Code . . . . . . . . . . . . . . . 14
Getting help through a Nortel distributor or reseller . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Text conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Printed technical manuals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Chapter 1
Using Ethernet Routing Switch documentation . . . . . . . . . . . . . . . . . . . . . 23
Reliability/Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
IP Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Serviceability/Manageability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Accessing Ethernet Routing Switch documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Using Ethernet Routing Switch documents during installation . . . . . . . . . . . . . . . . . . . 26
Preparing for initial configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Installing the Ethernet Routing Switch software and hardware . . . . . . . . . . . . . . . 26
Configuring the firewall iSDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Installing CheckPoint Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Chapter 2
Setting up the switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Connecting a terminal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Getting Started
Contents
Connecting a modem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Password encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Resetting and modifying passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Boot monitor CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Run time CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Logging on to the system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
hsecure bootconfig flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Modifying the CLI login and passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Enabling or disabling CLI access levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Configuring the switch with the Setup Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Running the Setup Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Configuration example: setup utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Rebooting or resetting the switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Cold boot/warm boot trap messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Setting system identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Managing files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Displaying a directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Copying files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Configuration examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Saving the configuration to a file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Getting Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Pinging a device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Setting and displaying the date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Accessing the standby CPU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Exiting and re-entering the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Chapter 3
Setting up the switch for remote management . . . . . . . . . . . . . . . . . . . . . . 61
Assigning an IP address to the management port . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Assigning static routes to the management interface . . . . . . . . . . . . . . . . . . . . . . 63
Setting security features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Enabling remote access services using CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Configuring access service from the Run-Time CLI . . . . . . . . . . . . . . . . . . . . . . . 66
Enabling Rlogin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Configuration Example: configuring an access policy . . . . . . . . . . . . . . . . . . . 66
313189-F Rev 00
Contents
Disabling a service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Monitoring the switch using Web management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Managing the switch using Device Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Chapter 4
Providing switch reliability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Providing switch reliability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Getting Started
Contents
313189-F Rev 00
Figures
Figure 1
Figure 2
Figure 3
Figure 4
Figure 5
Figure 6
Figure 7
Figure 8
Figure 9
Figure 10
Getting Started
10
Figures
313189-F Rev 00
11
Tables
Table 1
Table 2
Table 3
Table 4
Table 5
Table 6
Table 7
Getting Started
12
Tables
313189-F Rev 00
13
Latest software
Latest documentation
Getting Started
14
This site provides quick access to software, documentation, bulletins, and tools to
address issues with Nortel products. From this site you can:
313189-F Rev 00
Getting Started
16
313189-F Rev 00
17
Preface
This guide provides procedures for setting up and starting the Ethernet Routing
Switch.
Nortels Ethernet Routing Switch 8600 modules deliver a reliable, secure and
intelligent network routing solution for converged applications. Hardware-based
wire speed performance combined with Quality of Service (QoS) mechanisms
enable fast and efficient traffic classification, policy enforcement and filtering.
This combination benefits time-sensitive applications such as video and voice
with better application response times and fewer dropped calls. The Ethernet
Routing Switch 8600 modules deliver a unique solution by combining
performance, intelligence and five nines reliability in one solution.
Getting Started
18
Preface
Text conventions
This guide uses the following text conventions:
angle brackets (< >)
braces ({})
brackets ([ ])
ellipsis points (. . . )
313189-F Rev 00
Preface
19
italic text
plain Courier
text
separator ( > )
vertical line ( | )
Getting Started
20
Preface
Acronyms
This guide uses the following acronyms:
AES
BGP
BootP
Bootstrap Protocol
CTS
Clear To Send
DCE
DES
DHCP
DNS
DSR
DTE
DVMRP
EAPoL
ECMP
FTP
GUI
HA
high availability
hsecure
High Secure
ICMP
I/O
Input/Output
IP
Internet Protocol
iSD
LAN
MAC
MIB
MLT
MultiLink Trunking
313189-F Rev 00
Preface
OSPF
PIM-SM
PIM-SSM
PGM
PPP
Point-to-Point Protocol
RIP
Rlogin
remote login
RSMLT
SCP
Secure Copy
SDM
SLIP
SMLT
SNMP
SSH
Secure Shell
SSF
TCP/IP
TFTP
UDP
VLACP
VLAN
VRRP
WAN
21
Getting Started
22
Preface
313189-F Rev 00
23
Chapter 1
Using Ethernet Routing Switch documentation
Ethernet Routing Switch 8600 Software Release 4.1 offers the following features:
Reliability/Resiliency
IP Services
Security
CLI Logging
Advanced Encryption Standard (AES) support for SNMPv3
Serviceability/Manageability
313189-F Rev 00
Description
Part Number
Getting Started
316340-E
316674-C
217315-B
316341-D
315015-E
Getting Started
313189-F Rev 00
Check that the installed version of Ethernet Routing Switch 8600 software is
release 4.1 or later. Refer to Upgrading to Ethernet Routing Switch 8600
Switch Series Software Release 4.1 (316674-C) if you need to upgrade the
existing software release.
Install and configure Device Manager software version 5.8.8.0 or later if you
plan to use the Device Manager to access the Ethernet Routing Switch. Refer
to Installing and Using Device Manager (316341-D) for details.
Install the Ethernet Routing Switch 8660 Service Delivery Module into the
8600 chassis using the instructions in Installing the 8660 Service Delivery
Module (SDM) (217314-B).
Configure the Ethernet Routing Switch 8660 SDM using the CLI or Device
Manager using the following steps. Refer to the Firewall and Intrusion Sensor
Users Guide (217315-B) for detailed instructions.
1
Create the Sync VLAN. (This step is necessary only if more than one iSD
exists in a cluster.)
Create Firewall VLANs for each Firewall interface, and add the Firewall
VLANs to the appropriate clusters.
Create Firewall Peering VLANs, and add them to the appropriate clusters.
Create the NAAP VLAN for communication between the Ethernet Routing
Switch 8600 and the Firewall iSD.
10 Enable NAAP.
11 Identify the firewall iSD by setting the console slot/port.
Getting Started
Create the Firewall Interface, matching the VLAN IDs to those created in
Install the Ethernet Routing Switch 8660 Service Delivery Module into the
8600 chassis using the instructions in Installing the 8660 Service Delivery
Module (SDM) (217314-B). on page 27.
Configure static routes for the iSD firewalls and SmartCenter server.
313189-F Rev 00
29
Chapter 2
Setting up the switch
This chapter describes how to connect a terminal and a modem to the switch, how
to log on to the switch software, how to configure the switch using the Setup
Utility, how to reboot the switch using the command line interface (CLI), and how
to perform basic tasks. This section includes the following topics:
Getting Started
Use the Boot Monitor CLI to configure and manage the boot process. You initiate
a Boot Monitor CLI session only through a direct serial-port connection to the
switch. After the Boot Monitor CLI is active, you can access it only through a
console session. Within the Boot Monitor CLI, you can change the boot
configuration, including boot choices and boot flags.
You access the Run-Time CLI through a direct serial-port connection to the switch
or through a Telnet, SSH (Secure Shell), or remote login (Rlogin) session (if the
flags for Telnet and Rlogin are set to allow remote access). Ethernet Routing
Switch modules support one CLI session at the console serial port or up to eight
Telnet/SSH sessions. You can open a Telnet session from Device Manager by
clicking on the Telnet button on the toolbar or choosing Device > Telnet from the
menu bar.
Caution: Telnet, File transfer Protocol (FTP), Trivial File Transfer
Protocol (TFTP), Simple Network Management Protocol (SNMP)
version 1 (v1)/version2 (v2), and Rlogin are nonsecure protocols whose
content can be easily read and modified by using some well known tools.
Nortel strongly recommends that you use secure protocols and features
such as SSH version 2 (SSHv2) (using 3 Data Encryption Standard
[DES]), SNMP version 3 (v3) (using Advanced Encryption Standard
[AES] or DES) and Secure CoPy (SCP) to transfer files between the
switch and a remote station.
For more information about the Boot Monitor and Run-Time CLIs, see Managing
Platform Operations (315545-E). For more information about Device Manager,
see Installing and Using Device Manager (316341-D).
You can use any terminal or personal computer (PC) with a terminal emulator as
the CLI console station. For instructions to connect the computer or terminal, see
the next section, Connecting a terminal on page 31.
313189-F Rev 00
Connecting a terminal
The serial console interface is an RS-232 port that connects to a PC or terminal for
monitoring and configuring the switch. The port is implemented as a DB-9
connector that can operate as either data terminal equipment (DTE) or data
communication equipment (DCE). The default communication protocol settings
for the console port are:
9600 baud
8 data bits
1 stop bit
No parity
9600 baud
8 data bits
1 stop bit
No parity
Connect the other end of the cable to the terminal or computer serial port.
Connecting a modem
You can access the CLI through a modem connection to the Ethernet Routing
Switch 8690SF, 8691SF, or 8692SF modules. This section describes how to
connect a modem to the modem port on the module.
To set up modem access, you need a DTE-to-DCE cable (straight or transmit
cable) to connect the Ethernet Routing Switch to the modem. Table 2 shows the
DTE-to-DCE pin assignments.
Table 2 DTE-to-DCE straight-through pin assignments
Switch
Modem
Signal
Pin
number
DCE DB-9
pin number
DCE DB-25
pin number
RXD
TXD
DTR
20
GND
DSR
RTS
CTS
The modem port is a DTE device operating at 9600 baud, 8 data bits, no parity,
and one stop bit. Because the modem port expects to receive Data Set Ready
(DSR) and Clear To Send (CTS) signals before transmitting, these control lines
are required in the cables. The modem port supports no inbound flow control; that
is, the port does not turn on and turn off control lines to indicate the input buffer is
full.
313189-F Rev 00
To connect a modem to an Ethernet Routing Switch you might need to set up the
modem port first using another type of connection to the CLI.
Note: Nortel recommends that you use the default settings for the
Modem port for most modem installations.
To set up the modem port using the Ethernet Routing Switch CLI:
1
Now you can enter options for this command level without retyping the first
part of the command.
2
Use the following commands to set port parameters based on the requirements
of the modem:
baud <rate>
where:
rate is the baud rate for the modem. The default is 9600.
8databits <true|false>
where:
false sets the number of data bits per byte to 8. This setting is the
default.
true sets the number of data bits per byte to 7.
mode <ascii|slip|ppp>
where:
ascii is the default setting. This setting is recommended for most
modem connections.
slip sets the port for serial line IP (SLIP) operation.
ppp sets the port for point-to-point protocol (PPP) operation.
Getting Started
If you set the port mode to slip, use the following commands to set other
SLIP parameters:
If you set the port mode to ppp, use the following commands to set other PPP
parameters:
On the modem, turn off echo mode and return code messaging.
Connect the modem to the modem port using a cable with the connector
described in Table 2 on page 32.
313189-F Rev 00
Password encryption
In the Ethernet Routing Switch 8600 Software Release 4.1, passwords are stored
in encrypted format and are no longer stored in the configuration file.
Caution: If you load a configuration file saved prior to Software
Release 3.7.6, saved passwords from the configuration file are not
recognized. If you boot the switch for the first time with the Software
Release 3.7.6 or higher image, the password is reset to default values and
a log is generated, indicating any changes.
Getting Started
Access level
Description
Read-only
ro
Layer 1read/write
l1
Layer 2 read/write
l2
Layer 3 read/write
(8600 switches only)
l3
313189-F Rev 00
Access level
Description
Read/write
rw
Read/write/all
rwa
Permits all the rights of Read-Write
access and the ability to change security
settings, including the CLI and Web-based
management user names and passwords
and the SNMP community strings.
rwa
A warning message appears, prompting you to reboot the switch for the change to
take effect:
Warning: Please save boot configuration and reboot the switch for
this to take effect.
Getting Started
rwa
rwarwarrwar
rw
rwrwrwrwrw
ro
rororororo
l3
l3l3l3l3l3
l2
l2l2l2l2l2
l1
l1l1l1l1l1
l4admin
l4adminl4a
slbadmin
slbadminsl
oper
operoperop
l4oper
l4operl4op
slboper
slboperslb
ssladmin
ssladminss
313189-F Rev 00
publiconly
l1
privateonly
l2
privateonly
l3
privateonly
rw
privateonly
rwa
secretonly
Aging enforcement
When you enable the hsecure flag, after a certain duration (configurable,
default = 90 days), you are asked to change your password, as described
previously.
The aging parameter is configurable by executing the CLI command shown in the
following display:
ERS-8610:5# config cli password aging <days>
Set age-out time for passwords
Required parameters: <days>
= age-out time for passwords/
community strings {1..365}
Command syntax: aging <days>
Note: For SNMP and FTP, when a password expires, access is denied.
Community strings must be changed to a new string made up of more than
8 characters before accessing the system.
Consider the following when the hsecure flag is enabled:
Getting Started
Filtering mechanism
In this release, incorrect IP source addresses as network or broadcast addresses are
now filtered at the virtual router interface. For example:
V1 has the network address 192.168.168.0/24
Note: Note that this change is valid for all IP subnets, not only for /24 as
mentioned in the example. Source addresses 192.168.168.0 and
192.168.168.255 are discarded.
This filtering is performed only if the hsecure mode is enabled.
313189-F Rev 00
The message logged to the log file for console/modem port is:
User <user-name> tried to connect with blocked access level
<access-level> from <console/modem> port.
where:
parameter is enable.
Note: Only the RWA user can disable any particular access level on the
switch. The RWA access level cannot be disabled on the switch.
These configurations are preserved across reboots.
Device Manager support is available for this feature under Security > Control Path
> CLI.
Getting Started
Note: After running the Setup Utility, remember to reboot the switch. See
the following section,Rebooting or resetting the switch on page 49 for
instructions.
313189-F Rev 00
Getting Started
(false)->false
(10)->10
(false)->false
(false)->false
(false)->false
(false)->false
(false)->false
(false)->false
Syncing autoneg
HA-CPU change will be applied at the end of this session only if you choose to
save configuration
#################
System Services
#################
#
Do you want to enable FTP [n] (y/n) ? y
Do you want to enable RLOGIN [n] (y/n) ? y
Do you want to enable TELNET [n] (y/n) ? y
Do you want to enable TFTP [n] (y/n) ? y
Do you want to enable WEB server service [n] (y/n) ? y
#
1 - FTP server service
(true)->true
2 - RLOGIN server service
(false)->true
3 - TELNET server service
(true)->true
4 - TFTP server service
(true)->true
5 - WEB server service
(false)->true
#
Please type the line-number you want to change
OR "0" to save & quit at this stage
OR hit return to continue [-1]:
#######################
IP Network connectivity
#######################
313189-F Rev 00
Getting Started
Description/Action
Master CPU mgmt port: autonegotiation [n] Description: Specifies whether you want the master CPU to
(y/n)?
use autonegotiation.
Action: Enter n to accept the default, or enter y to indicate
that you want the master CPU management port to use
autonegotiation.
speed (10/100) [10]:
313189-F Rev 00
Description/Action
Do you want to enable CPU High Availability Description: Specifies whether you want to enable CPU high
mode [n] (y/n)?
availability (HA) mode. CPU HA mode enables switches with
two CPUs to recover quickly from a failure of one of the CPUs.
In HA mode, also called hot standby, the two CPUs are
synchronized, meaning that the CPUs are compatible and
configured in the same mode.
Action: Specify y if you want to enable CPU high availability
(HA) mode. Accept the default (n), if you do not want to enable
CPU HA mode.
Do you want to enable
vlan-optimization-mode support [n] (y/n) ?
Getting Started
Description/Action
313189-F Rev 00
Description/Action
where:
file is the software image device and file name in the format:
Getting Started
omit this parameter, you are asked to confirm the action before the switch
reboots.
To boot the switch using the BootStrap Protocol (BootP), use the following
command:
boot 0.0.0.0
Note: Entering the boot command with no arguments causes the switch
to boot using the current boot choices defined by the choice command
(next).
You can reset the switch by using the following command:
reset
When you reset the switch, the most recently saved configuration file is used to
reload the system parameters.
313189-F Rev 00
where:
prompt is an ASCII string specifying the system name.
Specify the name of the contact person for the switch by entering:
config sys set contact <contact>
where:
contact is an ASCII string specifying the name of the person.
where:
location is an ASCII string specifying the system location.
Managing files
The CLI includes file management commands for working with the switch files.
Use these commands for all the basic operations of any file system. The
commands take the general form of command [arguments]. Both the
commands and the arguments can be abbreviated as long as the abbreviation is not
ambiguous. Table 7 summarizes the file system commands.
Table 7 File system commands
Command
Description
directory
copy
Copies a file.
rename
Renames a file.
save
Getting Started
Displaying a directory
To display the contents of the flash and PCMCIA memory, use the following
command:
directory [<dir>] [-l>]
where:
When you invoke the directory command with no arguments, the contents of
all flash devices appear. When you specify flash or PCMCIA, directory only
the contents of that device appear.
Note: When you use the dir command, the CLI displays all file names
under the parent directory, rather than under the subdirectory.
Copying files
To copy a file, use the following command:
copy <srcfile> <dstfile>
where:
source file.
dstfile is the destination file, that is, the copy in the format {a.b.c.d:|peer:|/
pcmcia/xxx|/flash/xxx}<file> and file is the filename of the destination
file.
You can use the copy command to copy a run-time image to flash memory from a
remote TFTP server. The command format for this operation is:
copy <ip_address>:<filename> <destination>
313189-F Rev 00
where:
of the remote TFTP server and the name of the file to be copied.
destination specifies the name of the copied file in its new location.
Configuration examples
Copying a runtime image from a TFTP server to a local flash:
ERS-8610:5# copy 192.168.249.10:p80a4100.img /flash/
p80a4100.img
Getting Started
where:
verbose saves default and current configuration. If you omit the [verbose]
parameter, only the current configuration is saved.
standby <value> saves the specified file name to the standby CPU.
backup <value> saves the specified file name and identifies the file as a
backup file.
Getting Help
When you navigate the Boot Monitor and Run-Time CLI, online Help is available
at all levels. From any level of the tree, you can access Help in one of these four
ways:
Typing help <command> explains what the command does and gives its
syntax (Figure 4).
313189-F Rev 00
Typing the word help at the system prompt provides an explanation of the
available help (Figure 5).
Getting Started
Typing a question mark (?) at the prompt results in a list of all commands in
that command context and the subcontext of that command.
Pinging a device
When you ping a device, an Internet Control Message Protocol (ICMP) packet is
sent from the switch to the target device. If the device receives the packet, it sends
a ping reply. When the switch receives the reply, the switch displays a message
indicating that the specified IP address is alive. If no reply is received, a message
indicates that the address is not responding.
To test the connection between the Ethernet Routing Switch and another network
device, use the following command:
ping <HostName/ipv4address/ipv6address> [scopeid <value>]
[datasize <value>] [count <value>] [-s] [-I <value>]
[-t <value>] [-d]
313189-F Rev 00
where:
1876).
(for IPv4).
To specify a count for the ping operation, you must also specify a size. For
example:
ping 10.5.5.5 1600 5
You can test an IPX network connection by using the following command:
pingipx <ipxhost> [<count>] [-s] [-q] [-t <value>]
where:
Getting Started
To view the current date settings for the switch, use one of the following
commands:
date
or
show date
313189-F Rev 00
where:
operation is either Telnet or Rlogin.
Note: Before you attempt to use a telnet session to access the backup
CPU, the telnet daemon must be enabled; otherwise, the action cannot be
completed.
You can use this command to make changes to the standby CPU without
reconnecting to the console port on that module.
Note: You must set an Rlogin access policy on the standby CPU before
you can use the peer command to access it from the master CPU using
Rlogin. To set an access policy on the standby CPU, connect a terminal
to the Console port on the standby CPU. For more information about the
access policy commands, see Configuring and Managing Security
(314724-E).
Getting Started
313189-F Rev 00
61
Chapter 3
Setting up the switch for remote management
This chapter describes how to assign an Internet Protocol (IP) address to the
management port, configure Simple Network Management Protocol (SNMP)
settings, and enable remote management services. This section includes the
following topics:
Getting Started
where:
313189-F Rev 00
where:
ipaddr/mask is the IP address and subnet mask you assign.
Any time you change the boot configuration, you must save the changes to both
the master and the standby management modules.
To save the boot configuration:
1
Enter:
save bootconfig standby <boot.cfg>
where:
boot.cfg is the name of the configuration file.
Enter:
save config standby <config.cfg>
where:
config.cfg is the name of the configuration file.
Getting Started
where:
boot.cfg is the name of the configuration file.
Note: If the save-to-standby flag is set to true, and you save a file to the
central processing unit (CPU) flash, the file is also saved to the standby
CPU flash.
For example, if a management station is located on the network of 11.0.0.0/
255.0.0.0, and the next hop to that network from the management interface is
10.127.231.1, enter the following command to set up the management port
correctly:
config bootconfig net mgmt route add 11.0.0.0/255.0.0.0
10.127.231.1
The value 11.0.0.0/255.0.0.0 represents the target subnet; the value 10.127.231.1
represents the gateway used to point to the target subnet.
Caution: This command uses the natural mask of the target subnet.
Therefore, using this example, what you implement is the command:
config bootconfig net mgmt route add 13.0.0.0 10.125.2.1
Additionally, this route does not appear in the routing table of the
Ethernet Routing Switch 8600 switch. If any 13.x.x.x networks are
learned or configured for output using the I/O modules, connectivity
issues can result.
313189-F Rev 00
While the switch is booting, press any key to interrupt the autoboot process.
where:
Enter save.
Getting Started
where:
To save the state of the access services that you set up, use the following
command:
save bootconfig
Enabling Rlogin
When you enable an Rlogin flag using the command config bootconfig
rlogind flag true, you must configure an access policy and specify the name
of the user who can access the switch.
ERS-8606:5#
ERS-8606:5#
ERS-8606:5#
ERS-8606:5#
ERS-8606:5#
ERS-8606:5#
config
config
config
config
config
313189-F Rev 00
sys
sys
sys
sys
sys
access-policy
access-policy
access-policy
access-policy
access-policy
policy
policy
policy
policy
policy
3
3
3
3
3
create
name "from subnet 10"
username "netadmin"
network 10.0.0.0/255.0.0.0
service rlogin enable
Disabling a service
To disable one of the services on the switch, enter the following command:
config bootconfig flags <access-service> false
Note: When you enable or disable the flags, daemon behavior is changed
immediately. You need to save the boot configuration file and reboot the
system.
Getting Started
313189-F Rev 00
69
Chapter 4
Providing switch reliability
This chapter describes the switch reliability in the Ethernet Routing Switch.
Hardware
passive backplane
Silicon Switch Fabric redundancy and load-sharing
redundant fans and power supply units
Software
For more information about Link Aggregation, see Configuring VLANs, Spanning
Tree, and Link Aggregation (314725-E).
If the primary SSF/CPU module fails, the backup SSF/CPU assumes the primary
role.
Note: During a CPU failover, do not hot swap I/O modules until the new
CPU becomes the master CPU.
You can configure CPU redundancy to provide either basic availability or high
availability.
In warm standby redundancy mode, if the primary CPU fails, the backup CPU
must initialize all input/output modules and load switch configurations, causing
delays and disrupting operations. In hot standby redundancy mode, both CPUs
maintain synchronized configuration and operational databases, enabling very
quick recovery and high availability.
If you enable high availability (HA) called Layer 3 redundancy, you
automatically disable all nonHA features, that is features that are not currently
supported by HA. For the 4.1 release, the following main features/protocols are
not supported:
Dynamic multicast routing protocols (Distance Vector Multicast Routing
protocol [DVMRP], Protocol Independent Multicasting-Sparse Mode
[PIM-SM], Protocol Independent Multicasting-Source Specific Multicast
[PIM-SSM], Pragmatic General Multicast Protocol [PGM])
Border Gateway Protocol (BGP)
313189-F Rev 00
When you enable HA, both the primary and backup CPUs synchronize their
database structures following initialization. After this complete table
synchronization, only topology changes are exchanged between the primary and
backup CPU.
Getting Started
313189-F Rev 00
73
Index
A
copy 52
date 58
directory 52
exit 60
help 54
logout 60
peer 59
ping 56
pingipx 57
quit 60
save 54
setdate 58
acronyms 20
B
Boot Monitor CLI
help commands 54
boot parameters, setting 49
BootP (BootStrap Protocol)
using to boot the switch 50
cable, serial 31
CLI
Run-Time 30
configuration
saving 54
CLI commands
config sys 50
copy 52
date 58
directory 52
exit 60
file system 51
logout 60
peer 59
ping 56
pingipx 57
quit 60
setdate 58
connection, testing 56
comands
file system 51
commands
config bootconfig 62
config sys 50
connector, modem 32
Console port
connecting 31
interface description 31
RS-232 port 31
contact person, system 51
conventions, text 18
copy command 52
CPU, accessing standby 59
D
date command 58
defaults
login names and passwords 36
Device Manager
Getting Started
74 Index
requirements 67
directory command 52
E
exit command 60
F
file system commands 51
files, copying 52
N
name, system 50
P
passwords
changing Web interface, using Device Manager
67
default 36
peer command 59
pin assignments, Modem port 32
H
help commands 54
Help, how to get 13
IP address
assigning 62
L
layer 2 CPU redundancy
hot standby 70
warm standby 70
location, system 51
login names
default 36
logout command 60
quit command 60
R
requirements
Device Manager 67
RS-232 Console port 31
Run-Time CLI
accessing 30
S
save command, Run-Time CLI 54
save configuration 54
Management port 62
serial-port connection 30
messages
cold boot 50
warm boot 50
setdate command 58
modem, connecting 32
313189-F Rev 00
Index 75
T
technical publications 22
Telnet access
opening from Device Manager 30
terminal protocol, setting 31
terminal, connecting 31
text conventions 18
V
virtual management port 62
W
Web interface
changing password for, using Device Manager
67
Getting Started
76 Index
313189-F Rev 00