Page 1 Part No. 060306-10, Rev. D June 2013 OmniSwitch 6250/6450 Switch Management Guide www.alcatel-lucent.com...
Page 2 This user guide documents release 6.6.4 of the OmniSwitch 6250, 6450. The functionality described in this guide is subject to change without notice. Copyright © 2013 by Alcatel-Lucent. All rights reserved. This document may not be reproduced in whole or in part without the express written permission of Alcatel-Lucent.
Page 3: Table Of Contents
Contents About This Guide ......................xi Supported Platforms ......................xi Who Should Read this Manual? ..................xii When Should I Read this Manual? ................... xii What is in this Manual? ....................xii What is Not in this Manual? .................... xiii How is the Information Organized? ................xiii Documentation Roadmap ....................
Page 4 Contents Utility Commands ....................1-18 Displaying Free Memory Space ..............1-18 Performing a File System Check ..............1-18 Deleting the Entire File System ...............1-19 Loading Software onto the Switch ................1-20 Using the Switch as an FTP Server ................ 1-20 Using the Switch as an FTP Client .................
Page 5 Contents Using FTP ........................2-10 Using FTP to Log Into the Switch ................. 2-10 Using Secure Shell ......................2-12 Secure Shell Components ..................2-12 Secure Shell Interface ..................2-13 Secure Shell File Transfer Protocol ..............2-13 Secure Shell Application Overview ...............2-14 Secure Shell Authentication ................... 2-15 Protocol Identification ..................
Page 6 Contents Setting SNMP Security ................... 3-12 Working with SNMP Traps ..................3-13 Trap Filtering ......................3-13 Filtering by Trap Families ................3-13 Filtering By Individual Trap ................3-13 Authentication Trap ....................3-14 Trap Management ....................3-14 Replaying Traps ....................3-14 Absorbing Traps ....................3-14 Sending Traps to WebView ................
Page 7 Contents Managing the Directory Structure (Non-Redundant) ........... 5-13 Rebooting the Switch ..................... 5-13 Copying the Running Configuration to the Working Directory ......5-16 Rebooting from the Working Directory ..............5-18 Copying the Working Directory to the Certified Directory ........5-21 Copying the Certified Directory to the Working Directory ........
Page 8 Contents Enabling Command Logging ................6-17 Disabling Command Logging ................. 6-17 Viewing the Current Command Logging Status ..........6-18 Viewing Logged CLI Commands and Command Entry Results ....6-18 Customizing the Screen Display ................... 6-19 Changing the Screen Size ..................6-19 Changing the CLI Prompt ..................6-19 Setting Session Prompt as System Name ............
Page 9 Contents Automatic Remote Configuration Defaults ..............8-3 Quick Steps for Automatic Remote Configuration ............8-4 Overview ......................... 8-5 Basic Operation ......................8-5 Network Components ..................8-6 Information Provided by DHCP Server ............8-6 Information Provided by Instruction File ............8-6 File Servers and Download Process ..............8-7 LED Status ......................
Page 10 Contents Startup Defaults ......................9-6 Quick Steps for Network Administrator User Accounts ..........9-7 Quick Steps for Creating Customer Login User Accounts ........9-8 Default User Settings ....................9-9 Account and Password Policy Settings ..............9-10 How User Settings Are Saved ................9-11 Creating a User ......................9-12 Removing a User ....................
Page 11 Contents Configuring Authenticated Switch Access ..............10-6 Quick Steps for Setting Up ASA .................. 10-7 Setting Up Management Interfaces for ASA ..............10-9 Enabling Switch Access ..................10-10 Configuring the Default Setting ................10-10 Using Secure Shell ....................10-11 Configuring Accounting for ASA ................10-12 Verifying the ASA Configuration ................10-13 Chapter 11 Using WebView ......................
Page 12 Appendix A Software License and Copyright Statements .............A-1 Alcatel-Lucent License Agreement ................A-1 ALCATEL-LUCENT SOFTWARE LICENSE AGREEMENT ......A-1 Third Party Licenses and Notices .................. A-4 A. Booting and Debugging Non-Proprietary Software .......... A-4 B. The OpenLDAP Public License: Version 2.8, 17 August 2003 ......A-4 C.
Page 13: About This Guide
Supported Platforms This information in this guide applies to the following product: • OmniSwitch 6250 Series • OmniSwitch 6450 Series Unsupported Platforms The information in this guide does not apply to the following products: • OmniSwitch 9000 Series •...
Page 14: Who Should Read This Manual
Who Should Read this Manual? About This Guide Who Should Read this Manual? The audience for this user guide are network administrators and IT support personnel who need to config- ure, maintain, and monitor switches and routers in a live network. However, anyone wishing to gain knowledge on how fundamental software features are implemented in the OmniSwitch 6250, 6450 switches benefits from the material in this configuration guide.
Page 15: What Is Not In This Manual
About This Guide What is Not in this Manual? What is Not in this Manual? The configuration procedures in this manual primarily use Command Line Interface (CLI) commands in examples. CLI commands are text-based commands used to manage the switch through serial (console port) connections or through Telnet sessions.
Page 16: Documentation Roadmap
Documentation Roadmap About This Guide Documentation Roadmap The OmniSwitch user documentation suite was designed to supply you with information at several critical junctures of the configuration process. The following section outlines a roadmap of the manuals that will help you at each stage of the configuration process. Under each stage, we point you to the manual or manuals that will be most helpful to you.
Page 17 About This Guide Documentation Roadmap Anytime The CLI Reference Guide contains comprehensive information on all CLI commands supported by the switch. This guide includes syntax, default, usage, example, related CLI command, and CLI-to-MIB vari- able mapping information for all CLI commands supported by the switch. This guide can be consulted anytime during the configuration process to find detailed and specific information on each CLI command.
Page 18: Related Documentation
Also includes comprehensive information on assembling and managing stacked configura- tions. • OmniSwitch 6450 Getting Started Guide Describes the hardware and software procedures for getting an OmniSwitch 6450 switch up and running. Also provides information on fundamental aspects of OmniSwitch software and stacking architecture.
Page 19 About This Guide Related Documentation • AOS Release 6.6.4 Release Notes Includes critical Open Problem Reports, feature exceptions, and other important information on the features supported in the current release and any limitations to their support. OmniSwitch 6250/6450 Switch Management Guide June 2013 page xvii...
Page 20: User Manual Cd
Service and Support web page, you’ll be able to view and update any case (open or closed) that you have reported to Alcatel-Lucent’s technical support, open a new case or access helpful release notes, technical bulletins, and manuals. For more information on Alcatel-Lucent’s Service Programs, see our web page at service.esd.alcatel-lucent.com, call us at 1-800-995-2696, or email us at esd.support@alcatel-lucent.com.
Page 21: Chapter 1 Managing System Files
1 Managing System Files This chapter describes the several methods of transferring software files onto the OmniSwitch and how to register those files for use by the switch. This chapter also describes several basic switch management procedures and discusses the Command Line Interface (CLI) commands used. •...
Page 22: File Management Specifications
File Management Specifications Managing System Files File Management Specifications The functionality described in this chapter is supported unless otherwise stated in the following Specifica- tions table or specifically noted within any section of this chapter. File Transfer Methods FTP, TFTP, Zmodem. Switch Software Utility OmniSwitch as an FTP Client, FTP server or TFTP Client.
Page 23: Switch Administration Overview
Over the life of the switch, it is very likely that your configuration and feature set will change because the needs of your network are likely to expand. Also, software updates become available from Alcatel-Lucent. If you change your configuration to upgrade your network, you must understand how to install switch files and to manage switch directories.
Page 24: Switch Directories
Switch Administration Overview Managing System Files Switch Directories You can create your own directories in the switch flash directory. This allows you to organize your config- uration and text files on the switch. You can also use the command to create files. This chapter tells you how to make, copy, move, and delete both files and directories.
Page 25: File And Directory Management
Managing System Files File and Directory Management File and Directory Management A number of CLI commands allow you to manage files on your switch by grouping them into sub- directories within the switch flash directory. These commands perform the same functions as file manage- ment software applications (such as Microsoft Explorer) perform on a workstation.
Page 26 File and Directory Management Managing System Files To list all the files and directories in your current directory, use the command. Here is a sample display of the flash directory. -> ls Listing Directory /flash: 315 Jan 5 09:38 boot.params 2048 Jan 5 09:22 certified/ 2048 Jan...
Page 27: Using Wildcards
Managing System Files File and Directory Management Using Wildcards Wildcards allow you to substitute symbols (* or ?) for text patterns while using file and directory commands. The asterisk (*) takes the place of multiple characters and the question mark character (?) takes the place of single characters.
Page 28: Directory Commands
File and Directory Management Managing System Files Directory Commands The directory commands are applied to the switch file system and to files contained within the file system. When you first enter the flash directory, your login is located at the top of the directory tree. You may navigate within this directory by using the commands (discussed below).
Page 29: Changing Directories
Managing System Files File and Directory Management Changing Directories Use the command to navigate within the file directory structure. The command allows you to move “up” or “down” the directory tree. To go down, you must specify a directory located in your current direc- tory.
Page 30: Displaying Directory Contents
File and Directory Management Managing System Files Displaying Directory Contents commands have the same function. These two commands display the contents of the current directory. If you use the command while logged into the /flash file directory of the switch as shown on page 1-8, the following will be displayed:...
Page 31: Making A New Directory
Managing System Files File and Directory Management If you specify a path as part of the command, your screen will list the contents of the directory at the specified path. -> ls /flash/ Listing Directory /flash: 1024 Nov 8 08:30 WORKING/ 276 Nov 8 09:59 boot.params 4890749 Oct 21 21:43 cs_system.pmd...
Page 32: Displaying Directory Contents Including Subdirectories
File and Directory Management Managing System Files Displaying Directory Contents Including Subdirectories -r command displays the contents of your current directory in addition to recursively displaying all subdirectories. The following example shows the result of the -r command where the /flash/working directory contains a directory named newdir1.
Page 33: Removing A Directory And Its Contents
Managing System Files File and Directory Management To verify the creation of the new directory, use the -r command to produce a list of the contents of the certified directory. This list will include the files that were originally in the certified directory plus the newly created copy of the working directory and all its contents.
Page 34: File Commands
File and Directory Management Managing System Files File Commands The file commands apply to files located in the /flash file directory and its sub-directories. Note. Each file in any directory must have a unique name. If you attempt to create or copy a file into a directory where a file of the same name already exists, you will overwrite or destroy one of the files.
Page 35: Secure Copy An Existing File
Managing System Files File and Directory Management Secure Copy an Existing File Use the command to copy an existing file in a secure manner. You can specify the path and filename for the original file being copied as well as the path and filename for a new copy being created. If no path is specified, the command assumes the current directory.
Page 36: Change File Attribute And Permissions
File and Directory Management Managing System Files In this first example, the user current directory is the flash directory. The following command syntax moves the testfile2 file from the user created testfiles directory into the working directory as shown in the illustration above.
Page 37: Managing Files On Switches
Managing System Files File and Directory Management Managing Files on Switches On OmniSwitch stackable switches, you can copy a file from a non-primary switch to the primary switch in a stack using the command. To use this command, enter rcp followed by the slot number of the non-primary switch, the path and file name of the source file on the non-primary switch, and the destina- tion file name on the primary switch.
Page 38: Utility Commands
File and Directory Management Managing System Files Utility Commands The utility commands include freespace, fsck, and newfs. These commands are used to check memory and delete groups of files. Displaying Free Memory Space freespace command displays the amount of free memory space available for use in the switch file system.
Page 39: Deleting The Entire File System
Managing System Files File and Directory Management Deleting the Entire File System newfs command deletes the flash file system and all the files and directories contained in it. This command is used when you want to reload all files in the file system. Caution.
Page 40: Loading Software Onto The Switch
“Using the Switch as an FTP Client” on page 1-21. • USB Flash Drive—You can copy files to and from an Alcatel-Lucent certified USB flash drive connected to the CMM. The switch can also boot from the image files stored on the USB drive using the disaster recovery feature.
Page 41: Using The Switch As An Ftp Client
Managing System Files Loading Software onto the Switch Note. If you are using Authenticated Switch Access (ASA), the port interface must be authenticated for FTP use and the username profile must have permission to use FTP. Otherwise the switch will not accept an FTP login.
Page 42 Loading Software onto the Switch Managing System Files 1 Establish a connection to the switch as explained in your appropriate Getting Started Guide. 2 Log on to the switch and enter the command to start the FTP client. Next, enter a valid host name or IP address.
Page 43: Using Secure Shell Ftp
Managing System Files Loading Software onto the Switch delete Delete a file on the remote machine. Obtain a long listing on the remote machine. Retrieve a file from the remote machine. hash Print the hash symbol (#) for every block of data transferred. (This command toggles hash enabling and disabling.) help Displays a list of FTP commands and their definitions.
Page 44: Closing A Secure Shell Ftp Session
Loading Software onto the Switch Managing System Files -> sftp6 fe80::a00:20ff:fea8:8961 int1 login as: Note. SFTPv6 sessions are supported only on the OmniSwitch 6250. It is mandatory to specify the name of the particular IPv6 interface, if the SFTPv6 server has been specified using its link-local address. 2 You must have a login and password that is recognized by the IP address you specify.
Page 45: Using Tftp To Transfer Files
Managing System Files Loading Software onto the Switch Using TFTP to Transfer Files Trivial File Transfer Protocol (TFTP), a client-server protocol, can be used to transfer files between the TFTP server and client. TFTP client functionality on the OmniSwitch is used to download files from or upload files to the TFTP server within a LAN using the tftp command.
Page 46 Loading Software onto the Switch Managing System Files Note. If a file you are transferring already exists in the switch flash memory, you must remove the file before transferring the new file via Zmodem. Workstation OmniSwitch Zmodem is used to transfer a file from a workstation to the OmniSwitch Zmodem...
Page 47: Registering Software Image Files
Managing System Files Registering Software Image Files Registering Software Image Files New software transferred to the switch must go through a registration process before it can be used by the switch. The registration process includes two tasks: • Transfer the new software file(s) to the switch /flash/working directory via remote connection. •...
Page 48: Available Image Files
Available Image Files The following table lists the image files for the OmniSwitch 6450 Series switches. Most of the files listed here are part of the base switch configuration. Files that support an optional switch feature are noted in the table.
Page 49: Application Examples For File Management
Managing System Files Application Examples for File Management Application Examples for File Management The following sections provide detailed examples of managing files and directories on the switch. Transferring a File to the Switch Using FTP In this example, the user is adding a security feature to an OmniSwitch 6250 switch. To do this, the user must load the KFsecu.img image file onto the switch and then register the file by rebooting the switch.
Page 50: Creating A File Directory On The Switch
Application Examples for File Management Managing System Files Creating a File Directory on the Switch In this example, the user wants to store several test files on the switch for use at a later date. The user has loaded the files into the switch /flash/working directory by using FTP. Rather than leaving the files in the working directory, the user may want to create a new directory.
Page 51: Ftp Client Application Example
Managing System Files Application Examples for File Management 5 Use the command to verify that the files are now located in the /flash/resources directory. -> ls /flash/resources Listing Directory /flash/resources: 2048 Jul 5 17:20 ./ 2048 Jul 5 16:25 ../ 6 Jul 5 17:03 test1.txt 6 Jul 5 17:03 test2.txt 6 Jul 5 17:03 test3.txt...
Page 52 Application Examples for File Management Managing System Files 3 Enter the FTP mode by using the command followed by the IP address or the name of the host you are connecting to. (If you enter a host name, please refer to “Using Zmodem”...
Page 53: Creating A File Directory Using Secure Shell Ftp
Managing System Files Application Examples for File Management Creating a File Directory Using Secure Shell FTP The following example describes the steps necessary to create a directory on a remote OmniSwitch and to transfer a file into the new directory by using Secure Shell FTP. 1 Log on to the switch and issue the sftp CLI command with the IP address for the device you are...
Page 54: Transfer A File Using Secure Shell Ftp
Application Examples for File Management Managing System Files 287 boot.params 2048 certified 2048 working 64000 swlog1.log 64000 swlog2.log30 policy.cfg 2048 network 206093 cs_system.pmd 2048 LPS 2048 newssdir 256 random-seed Transfer a File Using Secure Shell FTP To demonstrate how to transfer a file by using the Secure Shell FTP, this application example continues from the previous example where a new directory named “newssdir”...
Page 55: Verifying Directory Contents
Managing System Files Verifying Directory Contents Verifying Directory Contents To display a list of files, the following CLI commands may be used. Displays the contents of a specified directory or the current working directory. Displays the contents of a specified directory or the current working directory.
Page 56: Installing Software Licenses
Some features require a software license and are restricted only to a licensed user. To activate licensed features, a license serial number must be purchased along with an authorization code from Alcatel-Lucent. The authorization code can then be used to generate a license file.
Page 57: Licensed Features
Managing System Files Installing Software Licenses Licensed Features License Features Installation Notes Metro Ethernet-service Switch/Stack must rebooted after install- OAM (802.1ag, Y-1731, ing licenses. 802.3ah) CPE test head Allows SMB models to run Metro fea- G.8032 tures. IPMC VLAN Dying Gasp Metro licenses are installed on the units in a stack only if the keys for all the units are available;...
Page 58 Installing Software Licenses Managing System Files License Features Installation Notes 10GIG Enables 10-Gigabit non-combo No reboot required. SFP+ ports. Non-combo SFP+ ports will be upgraded to provide 10G capacity. Individual units can be upgraded. Temporary Unlocks any licensed feature for No license file required, can be enabled a period of 15 days.
Page 59: Setting The System Clock
Managing System Files Setting the System Clock Setting the System Clock The switch clock displays time by using a 24-hour clock format. It can also be set for use in any time zone. Daylight Savings Time (DST) is supported for a number of standard time zones. DST parameters can be programmed to support non-standard time zones and time off-set applications.
Page 60: Time
Setting the System Clock Managing System Files You may set the switch system clock to a time that is offset from standard UTC time. For example, you can set a time that is offset from UTC by increments of 15, 30, or 45 minutes. You must indicate by a plus (+) or minus (-) character whether the time should be added to or subtracted from the system time.
Page 61: Daylight Savings Time Configuration
Managing System Files Setting the System Clock Daylight Savings Time Configuration The switch can be set to change the system clock automatically to adjust for Daylight Savings Time (DST). There are two situations that apply depending on the time zone selected for your switch. If the time zone set for your switch shows DST parameters in the table on page 1-42, you need to only...
Page 62: Enabling Dst
Setting the System Clock Managing System Files Enabling DST When Daylight Savings Time (DST) is enabled, the switch clock will automatically set the default DST parameters for the time zone specified on the switch or for the custom parameters you can specify with the system daylight savings time command.
Page 63 Managing System Files Setting the System Clock Time Zone and DST Information Table (continued) Hours from Abbreviation Name DST Start DST End DST Change Central Europe +01:00 Last Sunday in Mar. Last Sunday in Oct. 1:00 at 2:00 a.m. at 3:00 a.m. Middle Europe +01:00 Last Sunday in Mar.
Page 64 Setting the System Clock Managing System Files page 1-44 OmniSwitch 6250/6450 Switch Management Guide June 2013...
Page 65 WebView, which requires an HTTP client (browser) on a remote workstation; and SNMP, which requires an SNMP manager (such as Alcatel-Lucent OmniVista or HP OpenView) on the remote workstation. Secure sessions are available using the Secure Shell interface; file transfers are done through FTP or Secure Shell FTP.
Page 66: Chapter 2 Logging Into The Switch
In This Chapter Logging Into the Switch Management access is disabled (except through the console port) unless specifically enabled by a network administrator. For more information about management access and methods, use the table here as a guide: For more information about... See...
Page 67: Login Specifications
Logging Into the Switch Login Specifications Login Specifications Platforms Supported OmniSwitch 6250, 6450 Telnet clients supported Any standard Telnet client FTP clients supported Any standard FTP client HTTP (WebView) clients supported – Internet Explorer for Windows NT, Windows XP, and Windows 2000, version 6.0 –...
Page 68 Login Defaults Logging Into the Switch The following table describes the maximum number of sessions allowed on an OmniSwitch: OmniSwitch 6250/ Session OmniSwitch 6450 Telnet (v4 or v6) FTP (v4 or v6) SSH + SFTP (v4 or v6 secure sessions)
Page 69: Quick Steps For Logging Into The Switch
(Alternately, you may enter any valid username and password.) The switch’s default welcome banner is displayed, followed by the CLI prompt. Welcome to the Alcatel-Lucent OmniSwitch 6450 Software Version 6.6.1.R01 Development, October 05, 2007. Copyright(c), 1994-2007 Alcatel-Lucent. All Rights reserved.
Page 70: Overview Of Switch Login Components
Overview of Switch Login Components Logging Into the Switch Overview of Switch Login Components Switch access components include access methods (or interfaces) and user accounts stored on the local user database in the switch and/or on external authentication servers. Each access method, except the console port, must be enabled or “unlocked”...
Page 71: Using The Webview Management Tool
Logging Into the Switch Overview of Switch Login Components Using the WebView Management Tool • HTTP—The switch has a Web browser management interface for users logging in through HTTP. This management tool is called WebView. For more information about using WebView, see Chapter 11, “Using WebView.”...
Page 72: Using Telnet
Using Telnet Logging Into the Switch Using Telnet Telnet may be used to log into the switch from a remote station. All of the standard Telnet commands are supported by software in the switch. When Telnet is used to log in, the switch acts as a Telnet server. If a Telnet session is initiated from the switch itself during a login session, then the switch acts as a Telnet client.
Page 73 Here, you must enter a valid username and password. Once login is complete, the OmniSwitch welcome banner is displayed as follows: login : admin password : Welcome to the Alcatel-Lucent OmniSwitch 6450 Software Version 6.6.1.R01 Development, October 05, 2007. Copyright(c), 1994-2007 Alcatel-Lucent. All Rights reserved. OmniSwitch(TM) is a trademark of Alcatel-Lucent registered in the United States Patent and Trademark Office.
Page 74: Using Ftp
Using FTP Logging Into the Switch Using FTP The OmniSwitch can function as an FTP server. Any standard FTP client may be used. Note. An FTP connection is not secure. Secure Shell is recommended instead of FTP or Telnet as a secure method of accessing the switch.
Page 75 Logging Into the Switch Using FTP You have to enter a valid user name and password for the host you specified with the ftp6 command, after which you will get a screen similar to the following display: Name:Jsmith 331 Password required for Jsmith Password: ***** 230 User Jsmith logged in.
Page 76: Using Secure Shell
Using Secure Shell Logging Into the Switch Using Secure Shell The OmniSwitch Secure Shell feature provides a secure mechanism that allows you to log in to a remote switch, to execute commands on a remote device, and to move files from one device to another. Secure Shell provides secure, encrypted communications even when your transmission is between two untrusted hosts or over an unsecure network.
Page 77: Secure Shell Interface
Logging Into the Switch Using Secure Shell Secure Shell Interface The Secure Shell interface is invoked when you enter the command, and the Secure Shellv6 interface is invoked by using the ssh6 command in an IPv6 environment. After the authentication process between the client and the server is complete, the remote Secure Shell interface runs in the same way as Telnet.
Page 78: Secure Shell Application Overview
Using Secure Shell Logging Into the Switch Secure Shell Application Overview Secure Shell is an access protocol used to establish secured access to your OmniSwitch. The Secure Shell protocol can be used to manage an OmniSwitch directly or it can provide a secure mechanism for managing network servers through the OmniSwitch.
Page 79: Secure Shell Authentication
Logging Into the Switch Using Secure Shell Secure Shell Authentication Secure Shell authentication is accomplished in several phases using industry standard algorithms and exchange mechanisms. The authentication phase is identical for Secure Shell and Secure Shell FTP. The following sections describe the process in detail. Protocol Identification When the Secure Shell client in the OmniSwitch connects to a Secure Shell server, the server accepts the connection and responds by sending back an identification string.
Page 80: Connection Phase
Using Secure Shell Logging Into the Switch Connection Phase After successful authentication, both the client and the server process the Secure Shell connection protocol. The OmniSwitch supports one channel for each Secure Shell connection. This channel can be used for a Secure Shell session or a Secure Shell FTP session. Using Secure Shell DSA Public Key Authentication The following procedure is used to set up Secure Shell (SSH) DSA public key authentication (PKA) between an OmniSwitch and a client device:...
Page 81: Starting A Secure Shell Session
Logging Into the Switch Using Secure Shell Starting a Secure Shell Session To start a Secure Shell session, issue the command and identify the IP address or hostname for the device you are connecting to. You can use the ssh6 command to start an SSHv6 session followed by the relevant IPv6 address or the hostname, over an IPv6 environment.
Page 82 Using Secure Shell Logging Into the Switch The following drawing shows an OmniSwitch, using IP address 11.233.10.145, establishing a Secure Shell session across a network to another OmniSwitch, using IP address 11.133.30.135. To establish this session from the console in the figure below, you would use the CLI commands shown in the examples above. Once you issue the correct password, you are logged into the OmniSwitch at IP address 11.133.30.135.
Page 83: Closing A Secure Shell Session
Logging Into the Switch Using Secure Shell Closing a Secure Shell Session To terminate the Secure Shell session, issue the exit command. The following is displayed: -> exit Connection to 11.133.30.135 closed. Using the example shown above, this display indicates the Secure Shell session between the two switches is closed.
Page 84: Closing A Secure Shell Ftp Session
Using Secure Shell Logging Into the Switch sftp>? Available commands: cd path Change remote directory to 'path' lcd path Change local directory to 'path' chmod mode path Change permissions of file 'path' to 'mode' help Display this help text get remote-path [local-path] Download file lls [path]] Display local directory listing...
Page 85: Modifying The Login Banner
Telnet connection. The default login message looks similar to the following: login : user123 password : Welcome to the Alcatel-Lucent OmniSwitch 6450 Software Version 6.6.1.R01 Development, October 05, 2007. Copyright(c), 1994-2007 Alcatel-Lucent. All Rights reserved.
Page 86: Modifying The Text Display Before Login
Modifying the Login Banner Logging Into the Switch If you want the login banner in the text file to apply to HTTP switch sessions, execute the following CLI command where the text filename is thirdbanner.txt. -> session banner http /flash/thirdbanner.txt The banner files must contain only ASCII characters and should bear the .txt extension.
Page 87: Configuring Login Parameters
Logging Into the Switch Configuring Login Parameters Configuring Login Parameters You can set the number of times a user may attempt unsuccessfully to log in to the switch’s CLI by using session login-attempt command as follows: -> session login-attempt 5 In this example, the user may attempt to log in to the CLI five (5) times unsuccessfully.
Page 88: Enabling The Dns Resolver
Enabling the DNS Resolver Logging Into the Switch Enabling the DNS Resolver A Domain Name System (DNS) resolver is an optional internet service that translates host names into IP addresses. Every time you enter a host name when logging into the switch, a DNS service must look up the name on a server and resolve the name to an IP address.
Page 89: Verifying Login Settings
Logging Into the Switch Verifying Login Settings Verifying Login Settings To display information about login sessions, use the following CLI commands: Displays all active login sessions (for example, console, Telnet, FTP, HTTP, Secure Shell, Secure Shell FTP). whoami Displays the current user session. show session config Displays session configuration information (for example, default prompt, banner file name, inactivity timer, login timer, login attempts).
Page 90 Verifying Login Settings Logging Into the Switch page 2-26 OmniSwitch 6250/6450 Switch Management Guide June 2013...
Page 91: Chapter 3 Using Snmp
3 Using SNMP The Simple Network Management Protocol (SNMP) is an application-layer protocol that allows communication between SNMP managers and SNMP agents on an IPv4 as well as on an IPv6 network. Network administrators use SNMP to monitor network performance and to manage network resources. SNMP functionality over IPv6 environment can be configured only on an OmniSwitch 6250.
Page 92: Snmp Specifications
SNMP Specifications Using SNMP SNMP Specifications The following table lists specifications for the SNMP protocol. RFCs Supported for SNMPv2 1902 through 1907 - SNMPv2c Management Framework 1908 - Coexistence and transitions relating to SNMPv1 and SNMPv2c RFCs Supported for SNMPv3 2570 –...
Page 93 Using SNMP SNMP Defaults Parameter Description Command Default Value/Comments Enables the forwarding of traps to snmp trap to webview Enabled WebView. Enables or disables SNMP snmp authentication trap Disabled authentication failure trap forwarding. OmniSwitch 6250/6450 Switch Management Guide June 2013 page 3-3...
Page 94: Quick Steps For Setting Up An Snmp Management Station
Quick Steps for Setting Up An SNMP Management Station Using SNMP Quick Steps for Setting Up An SNMP Management Station An SNMP Network Management Station (NMS) is a workstation configured to receive SNMP traps from the switch. To set up an SNMP NMS by using the switch’s CLI, proceed as follows: 1 Specify the user account name and the authentication type for that user.
Page 95: Quick Steps For Setting Up Trap Filters
Using SNMP Quick Steps for Setting Up Trap Filters Quick Steps for Setting Up Trap Filters You can filter traps by limiting user access to trap command families. You can also filter according to individual traps. Filtering by Trap Families The following example creates a new user account.
Page 96: Filtering By Individual Traps
Quick Steps for Setting Up Trap Filters Using SNMP Filtering by Individual Traps The following example enables trap filtering for the coldstart, warmstart, linkup, and linkdown traps. The identification numbers for these traps are 0, 1, 2, and 3. When trap filtering is enabled, these traps are filtered.
Page 97: Snmp Overview
Using SNMP SNMP Overview SNMP Overview SNMP provides an industry standard communications model used by network administrators to manage and monitor their network devices. The SNMP model defines two components, the SNMP Manager and the SNMP Agent. Network Management Station OmniSwitch OmniSwitch 6648 SNMP Agent...
Page 98: Using Snmp For Switch Management
Although MIB browsers vary depending on which software package is used, they all have a few things in common. The browser must compile the Alcatel-Lucent switch MIBs before it can be used to manage the switch by issuing requests and reading statistics. Each MIB must be checked for dependencies and the MIBs must be compiled in the proper order.
Page 99: Snmpv2
Using SNMP SNMP Overview The community string security standard offers minimal security and is generally insufficient for networks where the need for security is high. Although SNMPv1 lacks bulk message retrieval capabilities and secu- rity features, it is widely used and is a de facto standard in the Internet environment. SNMPv2 SNMPv2 is a later version of the SNMP protocol.
Page 100: Using Snmp For Switch Security
Using SNMP For Switch Security Using SNMP Using SNMP For Switch Security Community Strings (SNMPv1 and SNMPv2) The switch supports the SNMPv1 and SNMPv2c community strings security standard. When a commu- nity string is carried over an incoming SNMP request, the community string must match up with a user account name as listed in the community string database on the switch.
Page 101: Encryption And Authentication (Snmpv3)
Using SNMP Using SNMP For Switch Security Encryption and Authentication (SNMPv3) Two important processes are used to verify that the message contents have not been altered and that the source of the message is authentic. These processes are encryption and authentication. A typical data encryption process requires an encryption algorithm on both ends of the transmission and a secret key (like a code or a password).
Page 102: Setting Snmp Security
Using SNMP For Switch Security Using SNMP Setting SNMP Security By default, the switch is set to “privacy all”, which means the switch accepts only authenticated and encrypted v3 Sets, Gets, and Get-Nexts. You can configure different levels of SNMP security by entering snmp security followed by the command parameter for the desired security level.
Page 103: Working With Snmp Traps
Using SNMP Working with SNMP Traps Working with SNMP Traps The SNMP agent in the switch has the ability to send traps to the management station. It is not required that the management station request them. Traps are messages alerting the SNMP manager to a condition on the network.
Page 104: Authentication Trap
Working with SNMP Traps Using SNMP Authentication Trap The authentication trap is sent when an SNMP authentication failure is detected. This trap is a signal to the management station that the switch received a message from an unauthorized protocol entity. This normally means that a network entity attempted an operation on the switch for which it had insufficient authorization.
Page 105: Checking Configuration File Using Traps
Using SNMP Working with SNMP Traps Checking Configuration File Using Traps If there are any configuration changes, a trap is sent to Service Aware Manager (SAM) to enforce a poll when configuration file is saved. The running configuration is not saved in the configuration file (boot.cfg) until the user commits the changes using the write memory command or copy running-config working command.
Page 106: Snmp Mib Information
SNMP MIB Information Using SNMP SNMP MIB Information MIB Tables You can display MIB tables and their corresponding command families by using the show snmp mib family command. The MIB table identifies the MIP identification number, the MIB table name and the command family.
Page 107: Industry Standard Mibs
Using SNMP SNMP MIB Information Industry Standard MIBs The following table lists the supported industry standard MIBs. MIB Name Description Dependencies BRIDGE-MIB, The Bridge MIB for managing MAC bridges based on SNMPv2-SMI, RFC 1493 the IEEE 802.1D standard between Local Area Net- RFC1215-MIB work (LAN) segments.
Page 108 SNMP MIB Information Using SNMP MIB Name Description Dependencies IGMP-STD-MIB, Internet Group Management Protocol MIB. SNMPv2-SMI, RFC 2933 SNMPv2-TC, SNMPv2-CONF, IF-MIB INET-ADDRESS-MIB, Textual Conventions for Internet Network Addresses. SNMPv2-SMI, RFC 2851 SNMPv2-TC IP-BRIDGE-MIB, The Bridge MIB Extension module for managing SNMPv2-SMI, RFC 2674 Priority and Multicast Filtering, defined by IEEE...
Page 109 Using SNMP SNMP MIB Information MIB Name Description Dependencies RIPv2-MIB, Routing Information Protocol (RIP) Version 2 MIB SNMPv2-SMI, RFC 1724 Extension. SNMPv2-TC, SNMPv2-CONF RMON-MIB, RFC 2819 Remote Network Monitoring (RMON) Management SNMPv2-SMI, Information Base. SNMPv2-TC, SNMPv2-CONF RS-232-MIB, RFC 1659 Definitions of Managed Objects for RS-232-like SNMPv2-SMI, Hardware Devices by using SMIv2.
Page 110 SNMP MIB Information Using SNMP MIB Name Description Dependencies SNMP-USER-BASED- User-based Security Model (USM) for version 3 of the SNMPv2-SMI, SM-MIB, RFC 2574 Simple Network Management Protocol (SNMPv3). SNMPv2-TC, SNMPv2-CONF, SNMP- FRAMEWORK- SNMPv2-MIB, Management Information Base for Version 2 of the SNMPv2-SMI, RFC 1907 Simple Network Management Protocol (SNMPv2).
Page 111: Enterprise (Proprietary) Mibs
SNMPv2-SMI, AAA-MIB Authorization, and Accounting (AAA) subsystem. SNMPv2-TC, SNMP-v2-CONF ALCATEL-IND1-BASE This module provides base definitions for modules SNMPv2-SMI developed to manage Alcatel-Lucent Internetworking networking infrastructure products. ALCATEL-IND1- Definitions of managed objects for the Chassis Man- SNMPv2-SMI, CHASSIS-MIB agement subsystem. SNMPv2-TC,...
Page 112 SNMP MIB Information Using SNMP MIB Name Description Dependencies* ALCATEL-IND1- Definitions of managed objects for the Interswitch SNMPv2-SMI, INTERSWITCH- Protocol (that is, GMAP, XMAP) subsystem. SNMPv2-TC, PROTOCOL-MIB SNMPv2-CONF IF-MIB ALCATEL-IND1- Definitions of managed objects for the IP Stack sub- SNMPv2-SMI, IP-MIB system.
Page 113 Using SNMP SNMP MIB Information MIB Name Description Dependencies* ALCATEL-IND1- Definitions of managed objects for the Chassis Super- SNMPv2-SMI, MAC-SERVER-MIB vision MAC Server subsystem. SNMPv2-TC, SNMPv2-CONF, ENTITY-MIB, ALCATEL-IND1- CHASSIS-MIB ALCATEL-IND1- Definitions of the Multicast Listener Discovery SNMPv2-SMI, MLD-MIB (MLD) subsystem. SNMPv2-TC, SNMPv2-CONF, INET-ADDRESS-...
Page 114 SNMP MIB Information Using SNMP MIB Name Description Dependencies* ALCATEL-IND1- Definitions of managed objects for the Routing Infor- SNMPv2-SMI, RIP-MIB mation Protocol (RIP) subsystem. SNMPv2-TC, SNMPv2-CONF ALCATEL-IND1- Definitions of managed objects for the Routing Infor- SNMPv2-SMI, RIPNG-MIB mation Protocol (RIPng) subsystem. SNMPv2-TC, SNMPv2-CONF IPv6-TC...
Page 115: Verifying The Snmp Configuration
Using SNMP Verifying the SNMP Configuration Verifying the SNMP Configuration To display information about SNMP management stations, trap management, community strings, and security, use the show commands listed in the following table. show snmp station Displays current SNMP station information including IP address, UDP Port number, Enabled/Disabled status, SNMP version, and user account names.
Page 116 Verifying the SNMP Configuration Using SNMP page 3-26 OmniSwitch 6250/6450 Switch Management Guide June 2013...
Page 117: Configuring Network Time Protocol (Ntp)
4 Configuring Network Time Protocol (NTP) Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source, such as a radio or satellite receiver. It provides client time accuracies within a millisecond on LANs, and up to a few tens of milliseconds on WANs relative to a primary server synchronized to Universal Coordinated Time (UTC) (via a Global Positioning Service receiver, for exam- ple).
Page 118: Ntp Specifications
NTP Specifications Configuring Network Time Protocol (NTP) NTP Specifications RFCs supported 1305–Network Time Protocol Platforms Supported OmniSwitch 6250, 6450 Maximum number of NTP servers per client 3 NTP Defaults Table The following table shows the default settings of the configurable NTP parameters: NTP Defaults Parameter Description Command...
Page 119: Ntp Quick Steps
Configuring Network Time Protocol (NTP) NTP Quick Steps NTP Quick Steps The following steps are designed to show the user the necessary commands to set up NTP on an OmniSwitch: 1 Designate an NTP server for the switch using the ntp server command.
Page 120 NTP Quick Steps Configuring Network Time Protocol (NTP) 5 You can check the client configuration using the show ntp client command, as shown: -> show ntp client Current time: THU SEP 15 2005 17:44:54 (UTC) Last NTP update: THU SEP 15 2005 17:30:54 Client mode: enabled Broadcast client mode:...
Page 121: Ntp Overview
Configuring Network Time Protocol (NTP) NTP Overview NTP Overview Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source, such as a radio or satellite receiver. It provides client time accuracies within a millisecond on LANs, and up to a few tens of milliseconds on WANs relative to a primary server synchronized to Universal Coordinated Time (UTC) (via a Global Positioning Service receiver, for exam- ple).
Page 122: Stratum
NTP Overview Configuring Network Time Protocol (NTP) Stratum Stratum is the term used to define the relative proximity of a node in a network to a time source (such as a radio clock). Stratum 1 is the server connected to the time source itself. (In most cases the time source and the stratum 1 server are in the same physical location.) An NTP client or server connected to a stratum 1 source would be stratum 2.
Page 123 Note. Alcatel-Lucent current implementation of NTP only allows the OmniSwitch to act as a passive client, not as a server. A passive client only receives NTP information and adjusts its time accordingly. In the above example, an OmniSwitch could be either Server 3a or 3b.
Page 124: Authentication
NTP Overview Configuring Network Time Protocol (NTP) When planning your network, it is helpful to use the following general rules: • It is usually not a good idea to synchronize a local time server with a peer (in other words, a server at the same stratum), unless the latter is receiving time updates from a source that has a lower stratum than from where the former is receiving time updates.
Page 125: Configuring Ntp
Configuring Network Time Protocol (NTP) Configuring NTP Configuring NTP The following sections detail the various commands used to configure and view the NTP client software in an OmniSwitch. Configuring the OmniSwitch as a Client The NTP software is disabled on the switch by default. To activate the switch as an NTP client, enter the ntp client command as shown: ->...
Page 126: Ntp Servers
Configuring NTP Configuring Network Time Protocol (NTP) NTP Servers An NTP client needs to receive NTP updates from an NTP server. Each client must have at least one server with which it synchronizes (unless it is operating in broadcast mode). There are also adjustable server options.
Page 127 Configuring Network Time Protocol (NTP) Configuring NTP Setting the Version Number There are currently four versions of NTP available (numbered one through four). The version that the NTP server uses must be specified on the client side. To specify the NTP version on the server from which the switch receives updates, use the ntp server command with the server IP address (or domain name), version keyword, and version number, as shown: ->...
Page 128: Using Authentication
Configuring NTP Configuring Network Time Protocol (NTP) Using Authentication Authentication is used to encrypt the NTP messages sent between the client and server. The NTP server and the NTP client must both have a text file containing the public and secret keys. (This file should be obtained from the server administrator.
Page 129: Verifying Ntp Configuration
Configuring Network Time Protocol (NTP) Verifying NTP Configuration Verifying NTP Configuration To display information about the NTP client, use the show commands listed in the following table: show ntp client Displays information about the current client NTP configuration. show ntp server status Displays the basic server information for a specific NTP server or a list of NTP servers.
Page 130 Verifying NTP Configuration Configuring Network Time Protocol (NTP) page 4-14 OmniSwitch 6250/6450 Switch Management Guide June 2013...
Page 131: Chapter 5 Managing Cmm Directory Content
“idle” for the purposes of CMM control. Note. Mixing OmniSwitch 6250 and OmniSwitch 6450 models in the same stack is not supported. Management of the stack is run by the stack configuration software. A detailed description of the stack configuration software and how it works is provided in the “Managing Stacks”...
Page 132: Cmm Specifications
Disaster Recovery Supported Note: The format of the Alcatel-Lucent Certified USB Flash Drive must be FAT16. To avoid file corruption issues the USB Drive must be stopped before removing from a PC. Directory names are case sensitive and must be lower case.
Page 133: Cmm Files
The management of a stack or single switch is controlled by three types of files: • Image files, which are proprietary code developed by Alcatel-Lucent to run the hardware. These files are not configurable by the user, but can be upgraded from one release to the next. These files are also known as archive files as they are really the repository of several smaller files grouped under a common heading.
Page 134: Where Is The Switch Running From
CMM Files Managing CMM Directory Content Where is the Switch Running From? When a switch has booted and is running, the software used comes either from the certified directory or the working directory. In most instances, the switch boots from the certified directory. (A switch can be booted from the working directory by using the reload working command described in “Rebooting from the Working Directory”...
Page 135: Software Rollback Configuration Scenarios For A Single Switch
Managing CMM Directory Content CMM Files Software Rollback Configuration Scenarios for a Single Switch The following examples illustrate a few likely scenarios and explain how the running configuration, work- ing directory, and certified directory interoperate to facilitate the software rollback on a single switch. Note.
Page 136 CMM Files Managing CMM Directory Content Scenario 2: Running Configuration Saved to Working Directory The network administrator recreates the running configuration of Switch X and immediately saves the running configuration to the working directory. In another mishap, the power to the switch is again interrupted. The switch reboots from certified direc- tory, overwrites all of the changes in the running configuration, and rolls back to the certified directory (which in this case is the factory settings).
Page 137 Managing CMM Directory Content CMM Files Scenario 3: Saving the Working Directory to the Certified Directory After running the modified configuration settings and checking that there are no problems, the network administrator decides that the modified configuration settings (stored in the working directory) are reli- able.
Page 138 Scenario 4: Roll back to Previous Version of Switch Software Later that year, an upgraded image file is released from Alcatel-Lucent. The network administrator loads the new file through FTP to the working directory of the switch and reboots the switch from the working directory.
Page 139: Redundancy
Managing CMM Directory Content CMM Files Redundancy CMM software redundancy is one of the switch’s most important fail over features. For CMM software redundancy, at least two fully-operational switches must be linked together as a stack. In addition, the CMM software must be synchronized. (Refer to “Synchronizing the Primary and Secondary CMMs”...
Page 140 CMM Files Managing CMM Directory Content This process occurs automatically when the switch boots. The working and certified directory relationship described in the preceding figure in “Software Rollback Feature” on page 5-4 continues to apply to the primary CMM switch. Generally speaking, the switch assigned the lowest stack number is the primary CMM switch;...
Page 141 Managing CMM Directory Content CMM Files Scenario 3: Synchronizing Switches in a Stack When changes have been made to the primary CMM switch certified directory, these changes have to be propagated to the other switches in the stack. This could be done by rebooting the stack. However, a loss of switch functionality is to be avoided, a copy flash-synchro command can be issued.
Page 142 CMM Files Managing CMM Directory Content Scenario 4: Adding a New Switch to a Stack Since the OmniSwitch is designed to be expandable, it is likely that new switches are added to stacks. The stack automatically detects new switches added to the stack, and new switches can pass traffic without a complete reboot of the stack.
Page 143: Managing The Directory Structure (Non-Redundant)
Managing CMM Directory Content Managing the Directory Structure (Non-Redundant) Managing the Directory Structure (Non-Redundant) The following sections define commands that allow the user to manipulate the files in the directory struc- ture of a single CMM. Note. All of the commands described in the following sections work on switches in a stack with redun- dancy enabled.
Page 144 Managing the Directory Structure (Non-Redundant) Managing CMM Directory Content To reboot the switch from the certified directory, enter the reload command at the prompt: -> reload This command loads the image and configuration files in the certified directory into the RAM memory. These files control the operation of the switch.
Page 145 Managing CMM Directory Content Managing the Directory Structure (Non-Redundant) Checking the Status of a Scheduled Reboot You can check the status of a reboot set for a later time by entering the following command: -> show reload -> show reload status reload command is described in detail in the OmniSwitch 6250/6450 CLI Reference Guide.
Page 146: Copying The Running Configuration To The Working Directory
Managing the Directory Structure (Non-Redundant) Managing CMM Directory Content Copying the Running Configuration to the Working Directory Once the switch has booted and is running, a user can modify various parameters of switch functionality. These changes are stored temporarily in the running configuration in the RAM of the switch. In order to save these changes, the running configuration must be saved to the working directory as shown: Working Certified...
Page 147 Managing CMM Directory Content Managing the Directory Structure (Non-Redundant) To save the running configuration to the working directory, enter the copy running-config working write memory, or copy flash-syncro command at the prompt. A trap is raised to enforce a poll whenever a configuration file is saved.
Page 148: Rebooting From The Working Directory
Managing the Directory Structure (Non-Redundant) Managing CMM Directory Content Rebooting from the Working Directory Besides a regular boot of the switch (from the certified directory), you can also force the switch to boot from the working directory. This is useful for checking whether a new configuration or image file boots up the switch correctly, before committing it to the certified directory.
Page 149 Managing CMM Directory Content Managing the Directory Structure (Non-Redundant) Note. If the switch is rebooted before using the copy certified working command, the switch runs from the certified directory as the working and certified directories are not the same. This behavior is described “Where is the Switch Running From?”...
Page 150 Managing the Directory Structure (Non-Redundant) Managing CMM Directory Content Cancelling a Rollback Timeout To cancel a rollback time-out, enter the reload cancel command as shown: -> reload primary cancel -> reload cancel reload working command is described in detail in the OmniSwitch 6250/6450 CLI Reference Guide. page 5-20 OmniSwitch 6250/6450 Switch Management Guide June 2013...
Page 151: Copying The Working Directory To The Certified Directory
Managing CMM Directory Content Managing the Directory Structure (Non-Redundant) Copying the Working Directory to the Certified Directory When the running configuration is saved to the working directory, the working and certified directories of the switch are now different. This difference, if the CMM reboots, causes the switch to boot and run from the certified directory.
Page 152: Copying The Certified Directory To The Working Directory
Managing the Directory Structure (Non-Redundant) Managing CMM Directory Content When the software on the working directory of a switch has proven to be effective and reliable, eventually the contents of the working directory should be copied into the certified directory. To copy the contents of the working directory to the certified directory, enter the following command at the prompt: ->...
Page 153: Show Currently Used Configuration
Managing CMM Directory Content Managing the Directory Structure (Non-Redundant) Show Currently Used Configuration When a switch is booted, the certified and working directories are compared. If they are the same, the switch runs from the working directory. If they are different, the switch runs from the certified directory. A switch running from the certified directory cannot modify directory contents.
Page 154: Show Switch Files
To display files on a switch, enter the show microcode command with a directory, as shown: -> show microcode certified Package Release Size Description -----------------+---------------+--------+----------------------------------- KFbase.img 6.6.4.311.R01 7372509 Alcatel-Lucent Base Software KFeni.img 6.6.4.311.R01 2486643 Alcatel-Lucent NI Software KFos.img 6.6.4.311.R01 941331 Alcatel-Lucent OS KFsecu.img 6.6.4.311.R01 371661 Alcatel-Lucent Security Management If no directory is specified, the files that have been loaded into the running configuration are shown.
Page 155: Managing Redundancy In A Stack And Cmm
Managing CMM Directory Content Managing Redundancy in a Stack and CMM Managing Redundancy in a Stack and CMM The following section describe circumstances that the user should be aware of when managing the CMM directory structure on a stack with redundant CMMs. It also includes descriptions of the CLI commands designed to synchronize software between the primary and secondary CMMs.
Page 156: Copying The Working Directory To The Certified Directory
Managing Redundancy in a Stack and CMM Managing CMM Directory Content Note. If a switch fails over to the secondary CMM, it is necessary to have a management interface connec- tion to the secondary CMM (such as an Ethernet port or a console port). Copying the Working Directory to the Certified Directory Synchronizing the Primary and Secondary CMMs At the same time that you copy the working directory to the certified directory, you can synchronize the...
Page 157: Synchronizing The Primary And Secondary Cmms
Managing CMM Directory Content Managing Redundancy in a Stack and CMM Synchronizing the Primary and Secondary CMMs If you have a secondary CMM in your switch, it is necessary to synchronize the software between the primary and secondary CMMs. If the primary CMM goes down (for example, during a reboot), then the switch fails over to the secondary CMM.
Page 158 Managing Redundancy in a Stack and CMM Managing CMM Directory Content To synchronize the secondary CMM to the primary CMM, enter the following command at the prompt: -> copy flash-synchro copy flash-synchro command is described in detail in the OmniSwitch 6250/6450 CLI Reference Guide.
Page 159: Swapping The Primary Cmm For The Secondary Cmm
Managing CMM Directory Content Managing Redundancy in a Stack and CMM Swapping the Primary CMM for the Secondary CMM If the primary CMM is having problems, or if it needs to be shut down, then the secondary CMM can be instructed to “take over”...
Page 160: Show Currently Used Configuration
Managing Redundancy in a Stack and CMM Managing CMM Directory Content Show Currently Used Configuration In a chassis with a redundant CMM, the display for the currently running configuration tells the user if the primary and secondary CMMs are synchronized. To check the directory from where the switch is currently running and if the primary and secondary CMMs are synchronized, enter the following command: ->show running-directory...
Page 161: Ni Module Behavior During Takeover
Managing CMM Directory Content Managing Redundancy in a Stack and CMM NI Module Behavior During Takeover If there are no unsaved configuration changes and the flash directories on both the primary and secondary management modules have been synchronized through the copy flash-synchro command, no NIs is reloaded if a management module takeover occurs.
Page 162: Using The Usb Flash Drive
Using the USB Flash Drive An Alcatel-Lucent certified USB flash drive can be connected the CMM and used to transfer images to and from the flash memory on the switch. This can be used for upgrading switch code or backing up files.
Page 163: Disaster Recovery Using Usb
Managing CMM Directory Content Using the USB Flash Drive Disaster Recovery Using USB The switch can be configured to boot from the USB flash drive. This can be used if the image files on the CMM become corrupted, deleted, or the switch is unable to boot from the CMM for other reasons. The following is an example for an OmniSwitch 6250: 1 It is recommended to prepare the USB flash drive prior to needing it for disaster recovery.
Page 164: Emergency Restore Of The Boot.cfg File
Emergency Restore of the boot.cfg File Managing CMM Directory Content Emergency Restore of the boot.cfg File If all copies of the boot.cfg file have been deleted and a system boot has occurred, network configuration information is permanently lost. However, if the files have been deleted and no boot has occurred you can issue a write memory command to regenerate the boot.cfg file.
Page 165: Displaying Cmm Conditions
Managing CMM Directory Content Displaying CMM Conditions Displaying CMM Conditions To show various conditions, such as where the switch is running from and which files are installed, use the following CLI show commands: show running-directory Shows the directory from where the switch was booted. show reload Shows the status of any time delayed reboot(s) that are pending on the switch.
Page 166 Displaying CMM Conditions Managing CMM Directory Content page 5-36 OmniSwitch 6250/6450 Switch Management Guide June 2013...
Page 167 6 Using the CLI Command Line Interface (CLI) is a text-based configuration interface that allows you to configure switch applications and to view switch statistics. Each CLI command applicable to the switch is defined in the OmniSwitch 6250/6450 CLI Reference Guide. All command descriptions listed in the Reference Guide include command syntax definitions, defaults, usage guidelines, example screen output, and release history.
Page 168: Chapter 6 Using The Cli
Using the CLI CLI Specifications CLI Specifications The following table lists specifications for the Command Line Interface. Platforms Supported OmniSwitch 6250, 6450 Configuration Methods Online configuration through real-time sessions using CLI • commands. Offline configuration using text file holding CLI commands. •...
Page 169: Cli Overview
However, the Alcatel-Lucent CLI is different from industry standard interfaces in that the Alcatel-Lucent uses a single level command hierarchy. Unlike other switch interfaces, the Alcatel-Lucent CLI has no concept of command modes. Other CLIs require you to step your way down a tree-type hierarchy to access commands. Once you enter a command mode, go back to the top of the hierarchy before you enter a command in a different mode.
Page 170: Command Entry Rules And Syntax
Using the CLI Command Entry Rules and Syntax Command Entry Rules and Syntax When you start a session on the switch, you can execute CLI commands as soon as you are logged in. The following rules apply: • Enter only one command per line. •...
Page 171: Using "Show" Commands
Command Entry Rules and Syntax Using the CLI Using “Show” Commands The CLI contains show commands that allow you to view configuration and switch status on your console screen. The show syntax is used with other command keywords to display information pertaining to those keywords.
Page 172: Partial Keyword Completion
Using the CLI Command Entry Rules and Syntax Partial Keyword Completion The CLI has a partial keyword recognition feature that allows the switch to recognize partial keywords to CLI command syntax. Instead of typing the entire keyword, type only as many characters as is necessary to identify the keyword uniquely, then press the Tab key.
Page 173: Command Help
Command Help Using the CLI Command Help The CLI has an internal help feature you can invoke by using the question mark (?) character as a command. The CLI help feature provides progressive information on how to build your command syntax, one keyword at a time.
Page 174 Using the CLI Command Help Command Set Name Commands IP Routing & Multicast DEBUG, TRACEROUTE6, SHOW, PING6, NO, IPV6, IP, CLEAR SHOW, QOS, POLICY, NO, DEBUG Debug UPDATE, SHOW, NO, DEBUG OmniSwitch 6250/6450 Switch Management Guide June 2013 page 6-8...
Page 175: Tutorial For Building A Command Using Help
Command Help Using the CLI Tutorial for Building a Command Using Help The Help feature allows you to figure out syntax for a CLI command by using a series of command line inquiries together with some educated guesses. If you do not know the correct CLI command you can use the Help feature to determine the syntax.
Page 176 Using the CLI Command Help 3 At the command prompt, enter name followed by a space and a question mark. This step either gives you more choices or an error message. -> vlan 33 name ? <hex> <"string"> <string> (Vlan Manager Command Set) There is a smaller set of keywords available for use with the vlan 33 name syntax.
Page 177: Cli Services
CLI Services Using the CLI CLI Services There are several services built into the CLI that help you use the interface. The Command Line Editing service makes it easy for you to enter and edit repetitive commands. Other CLI services, such as syntax checking, command help, prefix prompt, and history assist you in selecting and using the correct command syntax for the task you are performing.
Page 178: Recalling The Previous Command Line
Using the CLI CLI Services Recalling the Previous Command Line To recall the last command executed by the switch, press either the Up Arrow key or the (bang, bang) command at the prompt and the previous command is displayed on your screen. You can execute the command again by pressing Enter or you can edit it first by deleting or inserting characters.
Page 179: Syntax Checking
CLI Services Using the CLI Syntax Checking If you make a mistake while entering command syntax, the CLI gives you clues about how to correct your error. Whenever you enter an invalid command, two indicators are displayed. • The Error message tells you what the error is. •...
Page 180: Example For Using Prefix Recognition
Using the CLI CLI Services Example for Using Prefix Recognition This example shows how the Prefix Recognition feature is used for entering multiple commands that have the same prefix. This table lists the tasks to be accomplished in this example and the CLI syntax required for each task.
Page 181: Prefix Prompt
CLI Services Using the CLI Prefix Prompt You can set the CLI so that your screen prompt displays the stored prefix. To display the stored prefix as part of the screen prompt for the VLAN example above, enter the prompt prefix CLI command as follows: ->...
Page 182 Using the CLI CLI Services You can recall commands shown in the history list by using the exclamation point character (!) also called “bang”. To recall the command shown in the history list at number 4, enter !4 (bang, 4). The CLI responds by printing the number four command at the prompt.
Page 183: Logging Cli Commands And Entry Results
Logging CLI Commands and Entry Results Using the CLI Logging CLI Commands and Entry Results The switch provides command logging through the command-log command. This feature allows users to record up to 100 of the most recent commands entered through Telnet, Secure Shell, and console sessions. In addition to a list of commands entered, the results of each command entry are recorded.
Page 184: Viewing The Current Command Logging Status
Using the CLI Logging CLI Commands and Entry Results Viewing the Current Command Logging Status As mentioned above, the command logging feature is disabled by default. To view whether the feature is currently enabled or disabled on the switch, use the show command-log status command.
Page 185: Customizing The Screen Display
Customizing the Screen Display Using the CLI Customizing the Screen Display The CLI has several commands that allow you to customize the way switch information is displayed to your screen. You can make the screen display smaller or larger. You can also adjust the size of the table displays and the number of lines shown on the screen.
Page 186: Setting Session Prompt As System Name
Using the CLI Customizing the Screen Display Setting Session Prompt as System Name CLI prompt can be configured as the current system name of the switch. By default, the system name is set to ‘VxTarget’. This can be configured using the command session prompt default system-name.
Page 187: Filtering Table Information
Customizing the Screen Display Using the CLI To exit the more mode, use the no more CLI command. Note. The value set with the more size command applies to the screen display when the CLI is in the more mode or when you are using the Vi text editor of the switch. Filtering Table Information The CLI allows you to define filters for displaying table information.
Page 188: Multiple User Sessions
Using the CLI Multiple User Sessions Multiple User Sessions Several CLI commands give you information about user sessions that are currently operating on the OmniSwitch, including your own session. These commands allow you to list the number and types of sessions that are currently running on the switch.
Page 189: Listing Your Current Login Session
Multiple User Sessions Using the CLI Listing Your Current Login Session To list information about your current login session, use the who command and identify your login by your IP address or enter the whoami command. The following is displayed: ->...
Page 190: Terminating Another Session
Using the CLI Multiple User Sessions Possible values for command domains and families are listed here: domain families domain-admin file telnet debug domain-system system aip snmp rmon webmgt config domain-physical chassis module interface pmm health domain-network ip rip ip-routing ipmr ipms rdp ipv6 domain-layer2 vlan bridge stp 802.1q linkagg ip-helper domain-service...
Page 191: Application Example
Using the CLI Application Example Application Example Using a Wildcard to Filter Table Information The wildcard character allows you to substitute the asterisk (*) character for text patterns while using the filter mode. Note. Type the wildcard character in front of and after the filter text pattern unless the text pattern appears alone on a table row.
Page 192 More? [next screen <sp>*, next line <cr>*, filter pattern </>*, quit <q>] The screen displays ten table rows, each of which contain the text pattern “vlan”. Alcatel-Lucent CLI uses a single level command hierarchy. (The screen rows shown above and below the table are not counted as part of the 10 rows.) If you want to display the rows one line at a time, press Enter instead of the space bar...
Page 193: Verifying Cli Usage
Using the CLI Verifying CLI Usage Verifying CLI Usage To display information about CLI commands and the configuration status of your switch, use the show commands listed here: show session config Displays session manager configuration information (for example, default prompt, banner file name, and inactivity timer). show alias Lists all current commands defined by the use of the alias...
Page 194 Verifying CLI Usage Using the CLI page 6-28 OmniSwitch 6250/6450 Switch Management Guide June 2013...
Page 195 7 Working With Configuration Files Commands and settings needed for the OmniSwitch can be contained in an ASCII-based configuration text file. Configuration files can be created in several ways and are useful in network environments where multiple switches must be managed and monitored. This chapter describes how configuration files are created, how they are applied to the switch, and how they can be used to enhance OmniSwitch usability.
Page 196: Chapter 7 Working With Configuration Files
Configuration File Specifications Working With Configuration Files Configuration File Specifications The following table lists specifications applicable to Configuration Files. Creation Methods for Create a text file on a word processor and upload it to the switch. • Configuration Files • Invoke the switch’s snapshot feature to create a text file.
Page 197 Working With Configuration Files Tutorial for Creating a Configuration File 4 Use the show configuration status command to verify that the dhcp_relay.txt configuration file was applied to the switch. The display is similar to the one shown here: -> show configuration status File configuration <dhcp_relay.txt>: completed with no errors File configuration: none scheduled Running configuration and saved configuration are different...
Page 198: Quick Steps For Applying Configuration Files
Quick Steps for Applying Configuration Files Working With Configuration Files Quick Steps for Applying Configuration Files Setting a File for Immediate Application In this example, the configuration file configfile_1 exists on the switch in the /flash directory. When these steps are followed, the file will be immediately applied to the switch. 1 Verify that there are no timer sessions pending on the switch.
Page 199: Setting An Application Session For A Specified Time Period
Working With Configuration Files Quick Steps for Applying Configuration Files Note. Optional. To verify that the switch received this configuration apply request, enter the show configuration status command. The display is similar to the one shown here. -> show configuration status File configuration </flash/working/bncom_cfg.txt>: scheduled at 07/04/02 09:00 For more information about this display see “Configuration File Manager Commands”...
Page 200: Configuration Files Overview
Configuration Files Overview Working With Configuration Files Configuration Files Overview Instead of using CLI commands entered at a workstation, you can configure the switch using an ASCII- based text file. You may type CLI commands directly into a text document to create a configuration file that will reside in your switch’s /flash directory.
Page 201: Cancelling A Timed Session
Working With Configuration Files Configuration Files Overview Cancelling a Timed Session You may cancel a pending timed session by using the configuration cancel command. To confirm that your timer session has been cancelled, use the show configuration status command. The following will display.
Page 202: Setting The Error File Limit
Configuration Files Overview Working With Configuration Files Setting the Error File Limit The number of files ending with the .err extension present in the switch’s /flash directory is set with the configuration error-file limit command. You can set the switch to allow up to 25 error files in the /flash directory.
Page 203: Displaying A Text File
Working With Configuration Files Configuration Files Overview Verbose Mode Syntax Checking When verbose is specified in the command line, all syntax contained in the configuration file is printed to the console, even if no error is detected. (When verbose is not specified in the command line, cursory information—number of errors and error log file name—will be printed to the console only if a syntax or configuration error is detected.) To specify verbose mode, enter the verbose keyword at the end of the command line.
Page 204: Creating Snapshot Configuration Files
Creating Snapshot Configuration Files Working With Configuration Files Creating Snapshot Configuration Files You can generate a list of configurations currently running on the switch by using the configuration snapshot command. A snapshot is a text file that lists commands issued to the switch during the current login session.
Page 205: User-Defined Naming Options
Working With Configuration Files Creating Snapshot Configuration Files User-Defined Naming Options When the snapshot syntax does not include a file name, the snapshot file is created using the default file name asc.n.snap. Here, the n character holds the place of a number indicating the order in which the snapshot file name is generated.
Page 206 Creating Snapshot Configuration Files Working With Configuration Files Example Snapshot File Text The following is the text of a sample snapshot file created with the configuration snapshot all command. !========================================! ! File: asc.1.snap !========================================! ! Chassis : system name FujiCmm mac alloc 91 0 1 00:d0:95:6b:09:41 ! Configuration: ! VLAN :...
Page 207 Working With Configuration Files Creating Snapshot Configuration Files This file shows configuration settings for the Chassis, IP, AAA, SNMP, IP route manager, Spanning tree, and Bridging services. Each of these services have configuration commands listed under their heading. All other switch services and applications are either not being using or are using default settings. OmniSwitch 6250/6450 Switch Management Guide June 2013 page 7-13...
Page 208: Verifying File Configuration
Verifying File Configuration Working With Configuration Files Verifying File Configuration You can verify the content and the status of the switch’s configuration files with commands listed in the following table. show configuration status Displays whether there is a pending timer session scheduled for a con- figuration file and indicates whether the running configuration and the saved configuration files are identical or different.
Page 209: Managing Automatic Remote Configuration Download
8 Managing Automatic Remote Configuration Download The Automatic Remote Configuration feature enables: • The automatic upgrade of firmware and/or configuration of an OmniSwitch without user intervention. • The automated configuration of the switch on bootup, when the switch is connected to the network for the first time.
Page 210: Automatic Remote Configuration Specifications
Automatic Remote Configuration Specifications Managing Automatic Remote Configuration Download Automatic Remote Configuration Specifications Platforms Supported OmniSwitch 6250, 6450 DHCP Specifications DHCP Server required Temporary DHCP Client on VLAN 1 or VLAN 127 (DHCP client on VLAN 127 only works on combo and uplink ports) File Servers TFTP...
Page 211: Automatic Remote Configuration Defaults
Managing Automatic Remote Configuration Download Automatic Remote Configuration Defaults Automatic Remote Configuration Defaults Description Default Management VLAN VLAN 1 Untagged Management VLAN DHCP broadcast VLAN VLAN 127 802.1q tagged VLAN Default Auto Link Aggregate Creation Between VLAN 1 and VLAN 127 Instruction file Location: TFTP Server File name: *.alu...
Page 212: Quick Steps For Automatic Remote Configuration
Quick Steps for Automatic Remote Configuration Managing Automatic Remote Configuration Download Quick Steps for Automatic Remote Configuration 1 Configure the DHCP server in the network to provide IP address, gateway, and TFTP server addresses to the OmniSwitch DHCP client. 2 Store the instruction file on the TFTP server. 3 Store the configuration, image, and script files on the primary and/or secondary FTP/SFTP servers.
Page 213: Overview
Provides Switch IP, TFTP server IP and instruction file name DHCP Server VLAN 1 Network with Router or Gateway Alcatel-Lucent OmniSwitch TFTP Server Stores the instruction file. the config file and firmware. FTP/SFTP Server Stores the firmware and configuration for secure access...
Page 214: Network Components
Overview Managing Automatic Remote Configuration Download Network Components The network components required for the Automatic Remote Configuration download process are: • DHCP server (mandatory) • TFTP file server (mandatory) • Primary FTP/SFTP server (mandatory) • Secondary FTP/SFTP server (optional) • Management Switch (only required for Nearest-Edge Mode) Information Provided by DHCP Server When the network interfaces or ports on the switch are ready, a DHCP client is automatically configured on any available tagged or untagged VLAN.
Page 215: File Servers And Download Process
Managing Automatic Remote Configuration Download Overview File Servers and Download Process The download process from the file servers is as follows: 1 The username required to connect to the FTP/SFTP enabled servers is provided in the instruction file. The password required to connect to the servers is same as the username. 2 The required files mentioned in the instruction file are downloaded from the primary FTP/SFTP file server.
Page 216: Interaction With Other Features
Interaction With Other Features Managing Automatic Remote Configuration Download Interaction With Other Features This section contains important information about how other OmniSwitch features interact with Automatic Remote Configuration. Refer to the specific sections if required, to get detailed information about the feature interaction process. UDP/DHCP Relay Interaction with UDP/DHCP Relay is required for the following processes, to support Automatic Remote Configuration:...
Page 217: Automatic Remote Configuration Download Process
Managing Automatic Remote Configuration Download Automatic Remote Configuration Download Process Automatic Remote Configuration Download Process The automatic remote configuration process is initialized when an OmniSwitch is integrated in to the network as a new device or when a firmware and configuration upgrade is required. If the automatic configuration download process is not performed completely on the switch, manual intervention is required.
Page 218 Automatic Remote Configuration Download Process Managing Automatic Remote Configuration Download Note. The Remote Configuration Load (RCL) process may be delayed for 30 secs if no OXO DHCP response is found within 30 secs. page 8-10 OmniSwitch 6250/6450 Switch Management Guide June 2013...
Page 219: Process Illustration
Managing Automatic Remote Configuration Download Automatic Remote Configuration Download Process Process Illustration The following flowchart represents the automatic remote configuration download process in detail. Power Normal Is boot.cfg Switch present? Bootup Start Automatic Configuration LACP Auto Detection and Link Aggregate Association DHCP client configuration on VLAN 1 Management VLAN127 or LLDP tagged management VLAN...
Page 220: Additional Process Notes
Automatic Remote Configuration Download Process Managing Automatic Remote Configuration Download Additional Process Notes 1 Once the switch obtains an IP interface from the DHCP server, remote access through SSH is automatically configured to allow remote access in case of any download errors during the Auto Configuration process.
Page 221: Download Component Files
Managing Automatic Remote Configuration Download Download Component Files Download Component Files This section provides the details of the files downloaded and how they are utilized during the automatic configuration process. The main component files are: • Instruction file -The instruction file is the initial file required for the automatic remote configuration process to occur.
Page 222: Instruction File Syntax
The specified protocol and username are used for the download. Example The instruction file has the Keyword:Value format as shown below: ! Alcatel-Lucent OmniSwitch OS6250 – Instruction file version 1.2.1 ! Firmware version Firmware version:OS_6_6_3_355_R01 Firmware location:/home/ftpboot/firmware ! Configuration file Config filename:boot_OS6250.cfg...
Page 223: Instruction File Usage Guidelines
Managing Automatic Remote Configuration Download Download Component Files Instruction File Usage Guidelines • The instruction file is case sensitive and can contain only the keywords provided in the instruction file output example. • The keywords can be placed in any order. •...
Page 224: Debug Configuration File
Download Component Files Managing Automatic Remote Configuration Download Debug Configuration File The debug configuration file is used for setting specific OmniSwitch settings and must only be used as directed by Service and Support. During the automatic remote configuration process, the debug configuration file is downloaded with the filename AlcatelDebug.cfg.
Page 225: Lacp Auto Detection And Automatic Link Aggregate Association
Handshake and Auto Link Aggregate Association DHCP Server Network with Router or Gateway Peer Device Alcatel-Lucent OmniSwitch TFTP Server Stores the instruction file. optionally the config file and firmware FTP/SFTP Server Stores the firmware and configuration for secure access Network Components for LACP Auto Detection and Link Aggregate Association...
Page 226: Dhcp Client Auto-Configuration Process
DHCP Client Auto-Configuration Process Managing Automatic Remote Configuration Download LACP auto detection is enabled by default and operates only on the combo ports and uplink ports on OmniSwitch during the Automatic Remote Configuration stage. 1 When an OmniSwitch detects LACP PDUs from a remote peer connected through a combo or an uplink port, it configures that port as a LACP port and starts LACP handshake with the peer device.
Page 227: Dhcp Client Preference To Oxo Dhcp Server
Managing Automatic Remote Configuration Download DHCP Client Preference to OXO DHCP Server If OmniSwitch receives LLDP PDUs with VLAN and port information from a Management switch in nearest edge mode, then the DHCP client interface is moved to user defined LLDP management VLAN on the network.
Page 228 DHCP Client Preference to OXO DHCP Server Managing Automatic Remote Configuration Download • If the first DHCPACK is received after 30 secs window, i.e. DHCPACK is received while DHCP client is created on VLAN 127, this response gets applied immediately without waiting for OXO DHCP response.
Page 229: Nearest-Edge Mode Operation
Managing Automatic Remote Configuration Download Nearest-Edge Mode Operation Nearest-Edge Mode Operation In order for the network to propagate Nearest-Edge mode LLDP PDUs a Management Switch must be configured to send the LLDP PDUs with the Management VLAN information. Additionally, the peer switches are automatically configured to process the Nearest-Edge Mode LLDP PDU frames by the Automatic Configuration Download feature.
Page 230 Nearest-Edge Mode Operation Managing Automatic Remote Configuration Download Access Switch When used in conjunction with the Automatic Remote Configuraton feature no configuration is necessary on the Access OmniSwitches. Newly connected switches without a boot.cfg file receive the Nearest-Edge LLDP PDUs, discover the Management VLAN, tag the port with that VLAN ID, and create a DHCP client interface on the Managment VLAN.
Page 231: Zero Touch License Upgrade
Some features like OmniSwitch-Metro features require a software license for activation and are restricted only to a licensed user. To activate licensed features, a license serial number must be purchased along with an authorization code from Alcatel-Lucent. The authorization code can then be used to generate a license file.
Page 232: Troubleshooting
Troubleshooting Managing Automatic Remote Configuration Download Troubleshooting Due to errors during download, the automatic configuration process can halt, or the file download process can be incomplete. The errors that occur during the automatic remote configuration download process are displayed on the switch command prompt and also stored in switch log or the swlog.log file. The following section provides information on some of the common errors that can occur during the configuration download process and troubleshooting techniques to resolve these errors.
Page 233: Error Description Table
Managing Automatic Remote Configuration Download Troubleshooting Error Description Table The following table provides information on the common server connection failures and file download errors that can occur during Automatic Remote Configuration: Error Type Error Description User Login DHCP client is automatically stopped only if User logged in via console, Auto- Auto-Config matic Remote configuration is...
Page 234: Error Description Table
Troubleshooting Managing Automatic Remote Configuration Download Error Description Table The following error description table provides information about some of the common script file errors that occur during Automatic Remote Configuration: Error Type Error Description Script File Script file cannot be downloaded from the Download of Script file from Download Primary Server Failed...
Page 235: Managing Switch User Accounts
9 Managing Switch User Accounts Switch user accounts can be set up locally on the switch for users to log into and manage the switch. The accounts specify login information (combinations of usernames and passwords) and privilege or profile information depending on the type of user. The switch has several interfaces (console, Telnet, HTTP, FTP, Secure Shell, and SNMP) through which users can access the switch.
Page 236: User Database Specifications
User Database Specifications Managing Switch User Accounts User Database Specifications Platforms Supported OmniSwitch 6250, 6450 Maximum number of alphanumeric characters in a username Maximum number of alphanumeric characters in a user password Maximum number of alphanumeric characters in an end-user profile name Maximum number of user accounts Maximum number of end-user profiles User Account Defaults...
Page 237 Managing Switch User Accounts User Account Defaults • Global user account lockout defaults are as follows: Parameter Description Command Default Length of time during which failed user lockout-window 0—all attempts are login attempts are counted. counted Length of time a user account user lockout-duration 0—account remains remains locked out of the switch...
Page 238: Overview Of User Accounts
Overview of User Accounts Managing Switch User Accounts Overview of User Accounts A user account includes a login name, password, and user privileges. The account also includes privilege or profile information, depending on the type of user account. There are two types of accounts: network administrator accounts and end-user or customer login accounts.
Page 239 Managing Switch User Accounts Overview of User Accounts For more information about connecting to the switch through one of these methods, see Chapter 2, “Logging Into the Switch,”and the OmniSwitch 6250/6450 Getting Started Guide. For information about setting up the switch to allow user access through these interfaces, see Chapter 10, “Managing Switch Security.”...
Page 240: Startup Defaults
Overview of User Accounts Managing Switch User Accounts Startup Defaults By default, a single user management account is available at the first bootup of the switch. This account has the following user name and password: • user name—admin • password—switch Initially, the admin user can only be authorized on the switch through the console port.
Page 241: Quick Steps For Network Administrator User Accounts
Managing Switch User Accounts Overview of User Accounts Quick Steps for Network Administrator User Accounts 1 Configure the user with the relevant username and password. For example, to create a user called thomas with a password of techpubs, enter the following: ->...
Page 242: Quick Steps For Creating Customer Login User Accounts
Overview of User Accounts Managing Switch User Accounts Quick Steps for Creating Customer Login User Accounts 1 Set up a user profile through the aaa admin-logout command. For example, configure a profile called Profile1 that specifies read-write access to the physical and basic-ip-routing command areas: ->...
Page 243: Default User Settings
Managing Switch User Accounts Overview of User Accounts Default User Settings The default user account on the switch is used for storing new user defaults for privileges and profile information. This account does not include a password and cannot be used to log into the switch. At the first switch startup, the default user account is configured for: •...
Page 244: Account And Password Policy Settings
Overview of User Accounts Managing Switch User Accounts Account and Password Policy Settings The switch includes global password settings that are used to implement and enforce password complex- ity when a password is created, modified, and used. These user-configurable settings apply the following password requirements to all user accounts configured for the switch: •...
Page 245: How User Settings Are Saved
Managing Switch User Accounts Overview of User Accounts How User Settings Are Saved Unlike other settings on the switch, user settings configured through the password command are saved to the switch configuration automatically. These settings are saved in real time in the local user database. At bootup, the switch reads the database file for user information (rather than the boot.cfg file).
Page 246: Creating A User
Creating a User Managing Switch User Accounts Creating a User To create a new user, enter the user command with the desired username and password. Use the password keyword. For example: -> user thomas password techpubs In this example, a user account with a user name of thomas and a password of techpubs is stored in the local user database.
Page 247: Removing A User
Managing Switch User Accounts Creating a User Removing a User To remove a user from the local database, use the no form of the command: -> no user thomas The user account for thomas is removed from the local user database. OmniSwitch 6250/6450 Switch Management Guide June 2013 page 9-13...
Page 248: User-Configured Password
Creating a User Managing Switch User Accounts User-Configured Password Users can change their own passwords by using the password command. In this example, the current user wants to change her password to my_passwd. Follow these steps to change the password: 1 Enter the password command.
Page 249 Managing Switch User Accounts Creating a User 3 Enter the desired password. The system then displays a prompt to verify the password. -> password enter old password:******** enter new password: ********* reenter new password: 4 Enter the password again. -> password enter old password:******** enter new password: ********* reenter new password: *********...
Page 250: Configuring Password Policy Settings
Configuring Password Policy Settings Managing Switch User Accounts Configuring Password Policy Settings The global password policy settings for the switch define the following requirements that are applied to all user accounts: • Minimum password size. • Whether or not the password can contain the username. •...
Page 251: Setting A Minimum Password Size
Managing Switch User Accounts Configuring Password Policy Settings Setting a Minimum Password Size The default minimum password length (or size) is 8 characters. To configure a minimum password size, enter the user password-size min command. For example: -> user password-size min 10 The minimum length for any passwords configured for users is now 10 characters.
Page 252: Configuring The Username Password Exception
Configuring Password Policy Settings Managing Switch User Accounts Configuring the Username Password Exception By default, specifying the username as all or part of a password is allowed. Use the user password-policy cannot-contain-username command to block the ability to configure a password that contains the user- name.
Page 253: Configuring Password Character Requirements
Managing Switch User Accounts Configuring Password Policy Settings Configuring Password Character Requirements The character requirements specified in the global password policy determine the minimum number of uppercase, lowercase, non-alphanumeric, and 10-base digit characters required in all passwords. These requirements are configured using the following user password-policy commands: Command Configures ...
Page 254: Configuring Password Expiration
Configuring Password Policy Settings Managing Switch User Accounts Configuring Password Expiration By default, password expiration is disabled on the switch. A global default password expiration can be specified for all users or password expiration can be set for an individual user. Note.
Page 255: Configuring The Password History
Managing Switch User Accounts Configuring Password Policy Settings Configuring the Password History The password history refers to the number of old passwords for each user account that are saved by the switch. This functionality prevents the user from using the same password each time their account pass- word is changed.
Page 256: Configuring The Minimum Age For A Password
Configuring Global User Lockout Settings Managing Switch User Accounts Configuring the Minimum Age for a Password The password minimum age setting specifies the number of days during which a user is not allowed to change their password. It is necessary to configure a password minimum age value that is less than the password expiration value.
Page 257: Configuring The User Lockout Window
Managing Switch User Accounts Configuring Global User Lockout Settings Configuring the User Lockout Window The lockout window is basically a moving observation window of time in which failed login attempts are counted. If the number of failed login attempts exceeds the lockout threshold setting (see “Configuring the User Lockout Threshold Number”...
Page 258: Configuring The User Lockout Threshold Number
Configuring Global User Lockout Settings Managing Switch User Accounts Configuring the User Lockout Threshold Number The lockout threshold number specifies the number of failed login attempts allowed during any given lockout window period of time (see “Configuring the User Lockout Window” on page 9-23).
Page 259: Configuring The User Lockout Duration Time
Managing Switch User Accounts Configuring Global User Lockout Settings Configuring the User Lockout Duration Time The user lockout duration time specifies the number of minutes a user account remains locked until it is automatically unlocked by the switch. This period of time starts when the user account is locked out of the switch.
Page 260: Manually Locking And Unlocking User Accounts
Configuring Global User Lockout Settings Managing Switch User Accounts Manually Locking and Unlocking User Accounts user lockout unlock command is used to manually lock or unlock a user account. This command is only available to the admin user or a user who has read/write access privileges to the switch. To lock a user account, enter user lockout and the username for the account.
Page 261: Configuring Privileges For A User
Managing Switch User Accounts Configuring Privileges for a User Configuring Privileges for a User To configure privileges for a user, enter the user command with the read-only or read-write option and the desired CLI command domain names or command family names. The read-only option provides access to show commands;...
Page 262: Setting Up Snmp Access For A User Account
Setting Up SNMP Access for a User Account Managing Switch User Accounts Setting Up SNMP Access for a User Account By default, users can access the switch based on the SNMP setting specified for the default user account. The user command, however, can be used to configure SNMP access for a particular user. SNMP access can be configured without authentication and encryption required (supported by SNMPv1, SNMPv2, or SNMPv3).
Page 263: Snmp Access Without Authentication/Encryption
Managing Switch User Accounts Setting Up SNMP Access for a User Account SNMP Access Without Authentication/Encryption To give a user SNMP access without SNMP authentication required, enter the user command with the no auth option. For example, to give existing user thomas SNMP access without SNMP authentication, enter the following: ->...
Page 264: Snmp Access With Authentication/Encryption
Setting Up SNMP Access for a User Account Managing Switch User Accounts SNMP Access With Authentication/Encryption To configure a user with SNMP access and authentication, enter the user command with the desired authentication type (sha, md5, sha+des, and md5+des). -> user thomas password techpubs sha+des When SNMP authentication is specified, an SNMP authentication key is computed from the user pass- word based on the authentication/encryption setting.
Page 265: Removing Snmp Access From A User
Managing Switch User Accounts Setting Up SNMP Access for a User Account Removing SNMP Access From a User To deny SNMP access, enter the user command with the no snmp option: -> user thomas no snmp This command results in thomas no longer having SNMP access to manage the switch. OmniSwitch 6250/6450 Switch Management Guide June 2013 page 9-31...
Page 266: Setting Up End-User Profiles
Setting Up End-User Profiles Managing Switch User Accounts Setting Up End-User Profiles End-user profiles are designed for user accounts in the carrier market. With end-user profiles, a network administrator can configure customer login accounts that restrict users to particular command areas over particular ports and/or VLANs.
Page 267: Creating End-User Profiles
Managing Switch User Accounts Setting Up End-User Profiles Creating End-User Profiles To set up an end-user profile, use the aaa admin-logout command and enter a name for the profile. Spec- ify read-only or read-write access to particular command areas. The profile can also specify port ranges and/or VLAN ranges.
Page 268: Setting Up Port Ranges In A Profile
Setting Up End-User Profiles Managing Switch User Accounts Setting Up Port Ranges in a Profile To set up port ranges for a profile, enter the end-user profile port-list command with the relevant profile name and the desired slots/ports. For example: ->...
Page 269: Setting Up Vlan Ranges In A Profile
Managing Switch User Accounts Setting Up End-User Profiles Setting Up VLAN Ranges in a Profile To set up VLAN ranges for a profile, enter the end-user profile vlan-range command with the relevant profile name and the desired VLAN range. For example: ->...
Page 270: Associating A Profile With A User
Setting Up End-User Profiles Managing Switch User Accounts Associating a Profile With a User To associate a profile with a user, enter the user command with the end-user profile keywords and the relevant profile name. For example: -> user Customer2 end-user profile Profile3 Profile3 is now associated with Customer2.
Page 271: Removing A Profile From The Configuration
Managing Switch User Accounts Setting Up End-User Profiles Removing a Profile From the Configuration To delete a profile from the configuration, enter the no form of the end-user profile command with the name of the profile you want to delete. For example: ->...
Page 272: Verifying The User Configuration
Verifying the User Configuration Managing Switch User Accounts Verifying the User Configuration To display information about user accounts configured locally in the user database, use the show commands listed here: show user Displays information about all users or a particular user configured in the local user database on the switch.
Page 273: Chapter 10 Managing Switch Security
10 Managing Switch Security Switch security is provided on the switch for all available management interfaces (console, Telnet, HTTP, FTP, Secure Shell, and SNMP). The switch can be set up to allow or deny access through any of these interfaces. (Users attempting to access the switch must have a valid username and password.) In This Chapter This chapter describes how to set up switch management interfaces through the Command Line Interface (CLI).
Page 274: Switch Security Specifications
Switch Security Specifications Managing Switch Security Switch Security Specifications The following table describes the maximum number of sessions allowed on an OmniSwitch: Session OmniSwitch 6250, 6450 Telnet (v4 or v6) FTP (v4 or v6) SSH + SFTP (v4 or v6 secure sessions) HTTP Total Sessions...
Page 275: Switch Security Overview
Managing Switch Security Switch Security Overview Switch Security Overview Switch security features increase the security of the basic switch login process by allowing management only through particular interfaces for users with particular privileges. Login information and privileges can be stored on the switch and/or an external server, depending on the type of external server you are using and how you configure switch access.
Page 276: Authenticated Switch Access
Authenticated Switch Access Managing Switch Security Authenticated Switch Access Authenticated Switch Access (ASA) is a way of authenticating users who want to manage the switch. With authenticated access, all switch login attempts using the console or modem port, Telnet, FTP, SNMP, or HTTP require authentication via the local user database or via a third-party server.
Page 277: Interaction With The User Database
Managing Switch Security Authenticated Switch Access The following illustration shows the two different user types attempting to authenticate with an ACE/ Server: Network Administrator Customer login request login request ACE/Server ACE/Server user end-user privilege profiles The switch polls the server The switch polls the server for login information;...
Page 278: Configuring Authenticated Switch Access
Configuring Authenticated Switch Access Managing Switch Security Configuring Authenticated Switch Access Setting up Authenticated Switch Access involves the following general steps: 1 Set Up the Authentication Servers. This procedure is described briefly in this chapter. See the “Managing Authentication Servers” chapter of the OmniSwitch 6250/6450 Network Configuration Guide for complete details.
Page 279: Quick Steps For Setting Up Asa
Managing Switch Security Quick Steps for Setting Up ASA Quick Steps for Setting Up ASA 1 If the local user database is used for user login information, set up user accounts through the user command. User accounts includes user privileges or an end-user profile. In this example, user privileges are configured: ->...
Page 280 Quick Steps for Setting Up ASA Managing Switch Security The order of the server names is important here as well. In this example, the switch will use ldap2 for logging switch access sessions. If ldap2 becomes unavailable, the switch will use the local Switch Logging facility.
Page 281: Setting Up Management Interfaces For Asa
Managing Switch Security Setting Up Management Interfaces for ASA Setting Up Management Interfaces for ASA By default, authenticated access is available through the console port. Access through other management interfaces is disabled. Other management interfaces include Telnet, FTP, HTTP, Secure Shell, and SNMP. This chapter describes how to set up access for management interfaces.
Page 282: Enabling Switch Access
Setting Up Management Interfaces for ASA Managing Switch Security Enabling Switch Access Enter the aaa authentication command with the relevant keyword that indicates the management inter- face and specify the servers to be used for authentication. In this example, Telnet access for switch management is enabled.
Page 283: Using Secure Shell
Managing Switch Security Setting Up Management Interfaces for ASA In this scenario, SNMP access is not enabled because only RADIUS servers have been included in the default setting. If servers of different types are configured and include LDAP or local, SNMP will be enabled through those servers.
Page 284: Configuring Accounting For Asa
Configuring Accounting for ASA Managing Switch Security Configuring Accounting for ASA Accounting servers track network resources such as time, packets, bytes, and user activity (when a user logs in and out, how many login attempts were made, session length, and so on.). The accounting servers can be located anywhere in the network.
Page 285: Verifying The Asa Configuration
Managing Switch Security Verifying the ASA Configuration Verifying the ASA Configuration To display information about management interfaces used for Authenticated Switch Access, use the show commands listed here: show aaa authentication Displays information about the current authenticated switch session. show aaa accounting mac Displays information about accounting servers configured for Authenti- cated Switch Access or Authenticated VLANs.
Page 286 Verifying the ASA Configuration Managing Switch Security page 10-14 OmniSwitch 6250/6450 Switch Management Guide June 2013...
Page 287: Chapter 11 Using Webview
11 Using WebView The switch can be monitored and configured using WebView, Alcatel-Lucent web-based device management tool. The WebView application is embedded in the switch and is accessible through the following web browsers: • Internet Explorer 6 or later • Firefox2 or later Note.
Page 288: Webview Cli Defaults
WebView CLI Defaults Using WebView WebView CLI Defaults Web Management Command Line Interface (CLI) commands allow you to enable/disable WebView, enable/disable Secure Socket Layer (SSL), and view basic WebView parameters. These configuration options are also available in WebView. The following table lists the defaults for WebView configuration through the http and https commands Description Command...
Page 289: Webview Cli Commands
Using WebView WebView CLI Commands WebView CLI Commands The following configuration options can be performed using the CLI. These configuration options are also available in WebView; but changing the web server port or secured port can only be done through the CLI (or SNMP).
Page 290: Enabling/Disabling Ssl
WebView CLI Commands Using WebView Enabling/Disabling SSL Force SSL is disabled by default. Use the http ssl command to enable Force SSL on the switch. For exam- ple: -> http ssl Use the no http ssl command to disable Force SSL on the switch. Use the show http command to view WebView status.
Page 291: Quick Steps For Setting Up Webview
Using WebView Quick Steps for Setting Up WebView Quick Steps for Setting Up WebView 1 Make sure you have an Ethernet connection to the switch. 2 Configure switch management for HTTP using the aaa authentication command. Enter the command, the port type that you are authenticating (http), and the name of the LDAP, RADIUS, ACE, or local server that is being used for authentication.
Page 292: Banner
WebView Overview Using WebView Banner Configura- tion Feature Group options Toolbar View/Configuration Area Configura- tion Feature WebView Chassis Home Page Banner The following features are available in the WebView Banner: • Options—Brings up the User Options Page, which is used to change the user login password. •...
Page 293: Feature Options
Using WebView WebView Overview Feature Options Feature configuration options are displayed as drop-down menus at the top of each feature page. For more information on using the drop-down menus, see “Configuration Page” on page 11-12. View/Configuration Area The View/Configuration area is where switch configuration information is displayed and where configura- tion pages appear.
Page 294: Configuring The Switch With Webview
Configuring the Switch With WebView Using WebView Configuring the Switch With WebView The following sections provide an overview of WebView functionality. For detailed configuration proce- dures, see other chapters in this guide, the OmniSwitch 6250/6450 Network Configuration Guide. Accessing WebView WebView is accessed using any of the browsers listed on page 11-1.
Page 295: Accessing Webview With Internet Explorer Version 7
• Ignore the certificate error message and log into WebView. By doing so, the certificate error message always appears at the top of every WebView browser window; or, • Follow the steps below to install the Alcatel-Lucent self-signed certificate in the Trusted Root Certifi- cation Authorities store. This clears the certificate error message.
Page 296: Home Page
Configuring the Switch With WebView Using WebView 6 Select “Trusted Root Certification Authorities” from the list of stores and continue with the wizard installation process. A “Security Warning” window is displayed containing a warning about installing the certificate. 7 Click the “Yes” button in the “Security Warning” window to finish installing the certificate. After the certificate is installed, the browser window no longer displays the certificate error message.
Page 297 Using WebView Configuring the Switch With WebView Click on a configuration option to display the configuration page. Click browser Back button to return to the Home Page. IP Site Map OmniSwitch 6250/6450 Switch Management Guide June 2013 page 11-11...
Page 298: Configuration Page
Configuring the Switch With WebView Using WebView Configuration Page Feature configuration options are displayed in the drop-down menus at the top of each page. The same menus are displayed on every configuration page within a feature. To configure a feature on the switch, select a configuration option from the drop down menu.
Page 299: Table Configuration Page
Using WebView Configuring the Switch With WebView Table Configuration Page Table configuration pages show current configurations in tabular form. Entries can be added, modified, or deleted. You can delete multiple entries, but you can only modify one entry at a time. Click to select item to modify or...
Page 300 Configuring the Switch With WebView Using WebView Adding a New Entry To add a new entry to the table: 1 Click Add on the Configuration page. The Add window appears (e.g., Add IP Static Route). 2 Complete the fields, then click Apply. The new configuration takes effect immediately and the new entry appears in the table.
Page 301 Using WebView Configuring the Switch With WebView Modifying an Existing Entry To modify an existing entry: 1 Click on the checkbox to the left of the entry on the Configuration page and click Modify. The Modify window appears (e.g., Modify IP Static Route). The current configuration is displayed in each field. 2 Modify the applicable field(s), then click Apply.
Page 302 Configuring the Switch With WebView Using WebView Deleting an Existing Entry To delete an existing entry: 1 Click on the checkbox to the left of the entry on the Configuration page. 2 Click Delete. The entry is immediately deleted from the table. Note.
Page 303: Table Features
Using WebView Configuring the Switch With WebView Table Features Table Views Some table configuration pages can be expanded to view additional configuration information. If this option is available, a toggle switch appears at the bottom left corner of the table. To change views, click on the toggle switch (e.g., Expanded View).
Page 304 Configuring the Switch With WebView Using WebView Click to return to Summary view. Table View Feature—Expanded View Table Sorting Basic Sort Table entries can be sorted by column in ascending or descending order. Initially, tables are sorted on the first column in ascending order (the number 1 appears in the first column). To sort in descending order, click on the column heading.
Page 305 Using WebView Configuring the Switch With WebView Click to toggle between ascending descend- ing order. “Flip” icon Table Sort Feature—Initial Sort OmniSwitch 6250/6450 Switch Management Guide June 2013 page 11-19...
Page 306 Configuring the Switch With WebView Using WebView Sort on a different column. Table Sort Feature—Modified Sort page 11-20 OmniSwitch 6250/6450 Switch Management Guide June 2013...
Page 307 Using WebView Configuring the Switch With WebView Advanced Sorting You can also customize a sort by defining primary and secondary sort criteria. To define primary and secondary column sorts, click on the “Sort” icon in the upper-right corner of the table (the column head- ings are highlighted).
Page 308 Configuring the Switch With WebView Using WebView Table Paging Certain potentially large tables (e.g., VLANs) have a paging feature that loads the table data in increments of 50 or 100 entries. If the table reaches this threshold, the first group of entries is displayed and a “Next” button appears at the bottom of the page.
Page 309: Adjacencies
Using WebView Configuring the Switch With WebView Adjacencies WebView provides a graphical representation of all AMAP-supported Alcatel-Lucent switches and IP phones adjacent to the switch. The following information for each device is also listed: • IP address • MAC address •...
Page 310: Webview Help
WebView Help Using WebView WebView Help A general help page for using WebView is available from the banner at the top of the page. In addition, on-line help is available on every WebView page. Each help page provides a description of the page and specific instructions for each configurable field.
Page 311 Using WebView WebView Help 2 Click on the field name hyperlink on the Help page to go to the Help page for that field; or use the scroll bar on the right side of the Help page to scroll through help for all fields. (You can also click Print to print a hard copy of the Help page.) 3 Click Close or click the Close Window icon at the top-right corner to close the Help page and return to the configuration or table page.
Page 312 WebView Help Using WebView page 11-26 OmniSwitch 6250/6450 Switch Management Guide June 2013...
Page 313: Appendix A Software License And Copyright Statements
Licensee further acknowledges and agrees that all rights, title, and interest in and to the Licensed Materials are and shall remain with Alcatel-Lucent and its licen- sors and that no such right, license, or interest shall be asserted with respect to such copyrights and trade- marks.
Page 314 Period, a defect in the Licensed Files appears, Licensee may return the Licensed Files to Alcatel-Lucent for either replacement or, if so elected by Alcatel-Lucent, refund of amounts paid by Licensee under this License Agreement. EXCEPT FOR THE WARRANTIES SET FORTH ABOVE, THE LICENSED MATERIALS ARE LICENSED “AS IS”...
Page 315 14.Third Party Materials. Licensee is notified that the Licensed Files contain third party software and materials licensed to Alcatel-Lucent by certain third party licensors. Some third party licensors (e.g., Wind River and their licensors with respect to the Run-Time Module) are third part beneficiaries to this License Agreement with full rights of enforcement.
Page 316: Third Party Licenses And Notices
Alcatel-Lucent for a limited period of time. Alcatel-Lucent will provide a machine-readable copy of the applicable non-proprietary software to any requester for a cost of copying, shipping and handling.
Page 317: Linux
Software License and Copyright Statements Third Party Licenses and Notices C. Linux Linux is written and distributed under the GNU General Public License which means that its source code is freely-distributed and available to the general public. D. GNU GENERAL PUBLIC LICENSE: Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc.
Page 318 Third Party Licenses and Notices Software License and Copyright Statements verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term “modification”.) Each licensee is addressed as “you”. Activities other than copying, distribution and modification are not covered by this License; they are outside its scope.
Page 319 Software License and Copyright Statements Third Party Licenses and Notices b Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange;...
Page 320 Third Party Licenses and Notices Software License and Copyright Statements consistent application of that system; it is up to the author/donor to decide if he or she is willing to distrib- ute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.
Page 321 Software License and Copyright Statements Third Party Licenses and Notices Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms.
Page 322: University Of California
Third Party Licenses and Notices Software License and Copyright Statements Material copyright Linux Online Inc. Design and compilation copyright (c)1994-2002 Linux Online Inc. Linux is a registered trademark of Linus Torvalds Tux the Penguin, featured in our logo, was created by Larry Ewing Consult our privacy statement URLWatch provided by URLWatch Services.
Page 323: Apptitude, Inc
Licensee, Licensee shall immediately return the EMWEB Product and any back-up copy to Alcatel- Lucent, and will certify to Alcatel-Lucent in writing that all EMWEB Product components and any copies of the software have been returned or erased by the memory of Licensee’s computer or made non-read- able.
Page 324: Sun Microsystems, Inc
Time Module other than in connection with operation of the product. In addition, please be advised that: (i) the Run-Time Module is licensed, not sold and that Alcatel-Lucent and its licensors retain ownership of all copies of the Run-Time Module; (ii) WIND RIVER DISCLAIMS ALL IMPLIED WARRANTIES,...
Page 325: Remote-Ni
Software License and Copyright Statements Third Party Licenses and Notices N.Remote-ni Provided with this product is a file (part of GDB), the GNU debugger and is licensed from Free Software Foundation, Inc., whose copyright notice is as follows: Copyright (C) 1989, 1991, 1992 by Free Software Foundation, Inc.
Page 326: Boost C++ Libraries
Third Party Licenses and Notices Software License and Copyright Statements Q.Boost C++ Libraries Provided with this product is free peer-reviewed portable C++ source libraries. Version 1.33.1 Copyright (C) by Beman Dawes, David Abrahams, 1998-2003. All rights reserved. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON- INFRINGEMENT.
Page 327: Curses
Software License and Copyright Statements Third Party Licenses and Notices 4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS “AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE...
Page 328: Bitmap.c
Third Party Licenses and Notices Software License and Copyright Statements This software is not subject to any license of Eindhoven University of Technology.Redistribution and use in source and binary forms are permitted only as authorized by the OpenLDAP Public License. This software is not subject to any license of Silicon Graphics Inc.or Purdue University.
Page 329 B SNMP Trap Information This appendix lists the supported SNMP traps along with their descriptions. OmniSwitch 6250/6450 Switch Management Guide June 2013 page B-1...
Page 330: Snmp Traps Table
SNMP Traps Table SNMP Trap Information SNMP Traps Table The following table provides information on all SNMP traps supported by the switch. Each row includes the trap name, its ID number, any objects (if applicable), its command family, and a description of the condition the SNMP agent in the switch is reporting to the SNMP management station.
Page 331 The status of the Alcatel-Lucent TrapReason Mapping Adjacency Protocol aipAMAPLast- (AMAP) port changed. TrapPort aipAMAPLastTrapReason—Reason for last change of port status. Valid reasons are 1 (port added), 2 (change of information on existing port), 3 (port deleted), and 4 (no trap has been sent).
Page 332 SNMP Traps Table SNMP Trap Information No. Trap Name Objects Family Description chassisTrapsStr chassisTrapsStr- chassis A software trouble report (STR) Level was sent by an application chassis- encountering a problem during TrapsStrAp- its execution. chassisTrapsStr- SnapID chassisTrapsStr- fileName chassisTrapsStr- fileLineNb chassisTrapsStr- ErrorNb chassis-...
Page 333 SNMP Trap Information SNMP Traps Table No. Trap Name Objects Family Description chassisTrapsStateChange physicalIndex chassis An NI status change was chassisTrapsOb- detected. jectType chassisTrapsOb- jectNumber chasEntPhysOp- erStatus physicalIndex—The physical index of the involved object. chassisTrapsObjectType—An enumerated value that provides the object type involved in the alert trap. chassisTrapsObjectNumber—A number defining the order of the object in the set (e.g., the number of the con- sidered fan or power supply).
Page 334 SNMP Traps Table SNMP Trap Information No. Trap Name Objects Family Description healthMonModuleTrap healthModule- health Indicates a module-level thresh- Slot old was crossed. healthMonRx- Status healthMonRxTx- Status healthMonMem- oryStatus healthMonC- puStatus healthModuleSlot—The (one-based) front slot number within the chassis. healthMonRxStatus—Rx threshold status indicating if threshold was crossed or no change. healthMonRxTxStatus—RxTx threshold status indicating if threshold was crossed or no change.
Page 335 SNMP Trap Information SNMP Traps Table No. Trap Name Objects Family Description pimNeighborLoss pimNeigh- ipmr Signifies the loss of adjacency borIfIndex with a neighbor device. This trap is generated when the neighbor time expires and the switch has no other neighbors on the same interface with a lower IP address than itself.
Page 336 SNMP Traps Table SNMP Trap Information No. Trap Name Objects Family Description fallingAlarm alarmIndex rmon An Ethernet statistical variable alarmVariable has dipped below its falling alarmSample- threshold. The variable’s falling Type threshold and whether it will alarmValue issue an SNMP trap for this con- alarmFallingTh- dition are configured by an NMS reshold...
Page 337 SNMP Trap Information SNMP Traps Table No. Trap Name Objects Family Description mirrorUnlikeNi mirmonPrima- The mirroring configuration is rySlot deleted due to the swapping of mirmonPrimary- different NI board type. The Port Port Mirroring session which was mirroringSlot active on a slot cannot continue mirroringPort with the insertion of different NI mirMonErrorNi...
Page 338 SNMP Traps Table SNMP Trap Information No. Trap Name Objects Family Description trapAbsorptionTrap trapAbsorStamp none The absorption trap is sent when trapAbsorTrapId a trap has been absorbed at least trapAbsor- once. Counter trapAbsorTime trapAbsorStamp—The time stamp of the absorbed trap. trapAbsorTrapId—The trap identifier of the absorbed trap.
Page 339 SNMP Trap Information SNMP Traps Table No. Trap Name Objects Family Description lpsViolationTrap lpsTrapSwitch- bridge A Learned Port Security (LPS) Name violation has occurred. lpsTrapSwitchI- pAddr lpsTrapSwitch- Slice lpsTrapSwitch- Port lpsTrapViolat- ingMac lpsTrapViola- tionType systemServices- Date systemServices- Time lpsTrapSwitchName—The name of the switch. lpsTrapSwitchIpAddr—The IP address of switch.
Page 340 SNMP Traps Table SNMP Trap Information No. Trap Name Objects Family Description gmBindRuleViolation gmBindRule- vlan Occurs whenever a binding rule Type which has been configured gets gmBindRuleV- violated. lanId gmBindRuleI- PAddress gmBin- dRuleMacAd- dress gmBindRulePor- tIfIndex gmBindRulePro- toClass gmBindRu- leEthertype gmBindRuleD- sapSsap gmBindRuleType—Type of binding rule for which trap sent.
Page 341 SNMP Trap Information SNMP Traps Table No. Trap Name Objects Family Description pethPsePortPowerMaintenanceStatus pethPsePortPow- module Indicates the status of the power erMainte- maintenance signature for inline nanceStatus power. pethPsePortPowerMaintenanceStatus—The value ok (1) indicates the Power Maintenance Signature is present and the overcurrent condition has not been detected. The value overCurrent (2) indicates an overcurrent condition has been detected.
Page 342 SNMP Traps Table SNMP Trap Information No. Trap Name Objects Family Description alaStackMgrClearedSlotTrap alaStack- chassis The element identified by MgrSlotNI- alaStackMgrSlotNINumber will Number enter the pass through mode because its operational slot was cleared with immediate effect. alaStackMgrSlotNINumber—Numbers allocated for the stack NIs as follows: - 0: invalid slot number - 1..8: valid and assigned slot numbers corresponding to values from the entPhysicalTable - 1001..1008: switches operating in pass through mode...
Page 343 SNMP Trap Information SNMP Traps Table No. Trap Name Objects Family Description lnkaggAggUp traplnkaggId linkaggre- Indicates the link aggregate is traplnkaggPortI- gation active. This trap is sent when any fIndex one port of the link aggregate group goes into the attached state.
Page 344 SNMP Traps Table SNMP Trap Information No. Trap Name Objects Family Description monitorFileWritten mirmonPrima- A File Written Trap is sent when rySlot the amount of data requested by mirmonPrimary- the user has been written by the Port port monitoring instance. monitorFile- Name monitorFileSize...
Page 345 SNMP Trap Information SNMP Traps Table No. Trap Name Objects Family Description lldpRemTablesChange lldptatsRemTa- This trap is sent when the value blesInserts ofthe LLDP Stats Rem Table lldptatsRemTa- Last ChangeTime changes. It blesDeletes can be utilized by an NMS to lldptatsRemTa- trigger LLDP remote systems blesDrops...
Page 346 SNMP Traps Table SNMP Trap Information No. Trap Name Objects Family Description alaPimInvalidRegister alaPimGroup- ipmr This trap is sent when an invalid MappingPim- PIM Register message is Mode received. alaPimInvali- dRegisterAd- The notification is generated dressType whenever the PIM Invalid Regis- alaPimInvali- ter Message Reveived counter is dRegisterOri-...
Page 347 SNMP Trap Information SNMP Traps Table No. Trap Name Objects Family Description alaPimRPMappingChange alaPimGroup- ipmr This trap is sent when a change is MappingPim- detected to the active RP map- Mode ping on the device. alaPimGroup- MappingPre- The notification is generated cedence whenever the PIM RP Mapping Change Count is incremented,...
Page 348 SNMP Traps Table SNMP Trap Information No. Trap Name Objects Family Description 106 healthMonIpcTrap health- health This trap is sent when IPC Pools MonIpcPool- exceed usage. Status healthMonIpcPoolStatus—The IPC Pools usage status. 107 bcmHashCollisionTrap This trap is sent when ? bcmHashCollisionTrap—The ? 108 healthMonCpuShutPortTrap healthModule-...
Page 349 SNMP Trap Information SNMP Traps Table No. Trap Name Objects Family Description 119 dot3OamThresholdEvent dot3OamEventL dot3-oam This trap is sent when a local or ogTimestamp remote threshold crossing event dot3OamEventL is detected. A local threshold ogOui crossing event is detected by the dot3OamEventL local entity, while a remote ogType...
Page 350 SNMP Traps Table SNMP Trap Information No. Trap Name Objects Family Description 120 dot3OamNonThresholdEvent dot3OamEventL dot3-oam This trap is sent when a local or ogTimestamp remote non-threshold crossing dot3OamEventL event is detected. A local event is ogOui detected by the local entity, while dot3OamEventL a remote event is detected by the ogType...
Page 351 SNMP Trap Information SNMP Traps Table No. Trap Name Objects Family Description dot3OamEventLogTimestamp—The sysUpTime at the time of the logged event. dot3OamEventLogOui—The OUI of the entity defining the object type. All IEEE 802.3 defined events (as appearing in [802.3ah] except for the Organizationally Unique Event TLVs) use the IEEE 802.3 OUI of 0x0180C2.
Page 352 SNMP Traps Table SNMP Trap Information No. Trap Name Objects Family Description 147 alaHashCollisionTrap ifIndex, port This trap is sent when an SFP/ ddmNotification- XFP/SFP+ Rx optical power has Type crossed any threshold or reverted ddmRxOpti- from previous threshold violation calPower for a port represented by ifIndex.
Page 353 SNMP Trap Information SNMP Traps Table No. Trap Name Objects Family Description 153 alaErpRingPortStatusChanged alaErpRingId, bridge This trap is sent when the ring alaErpRing- port status is changed. PortIfIndex, alaErpRing- PortStatus alaErpRingId—The Ring identifier that is unique in the bridge. alaErpRingPortIfIndex—The interface index - either a bridge port, or an aggregated link within a bridge port, to which ring port is configured.
Page 354 SNMP Traps Table SNMP Trap Information No. Trap Name Objects Family Description 164 alaTestOamRxReadyTrap alaTestOamCon- bridge This trap is sent to the NMS once figTestId, the switch with Analyzer or alaTestOamCon- Loopback Role is ready to figSourceEnd- receive test traffic. Once this trap point, is received, the Generator is acti- alaTestOamCon-...
Page 355: Index
SNMP Trap Information SNMP Traps Table No. Trap Name Objects Family Description alaSaaCtrlOwnerIndex—An owner name to identify entries in the table. This is currently not supported and its value will always be the string 'USER'. alaSaaCtrlTestIndex—A unique name to identify the entries in the table. The name is unique across various SNMP users.
Page 356 SNMP Traps Table SNMP Trap Information No. Trap Name Objects Family Description agentalreadyexistonport (1)—There is already one trust agent exists on the port. Only one trust agent can be allowed on a port. agentalreadyexistonotherport (2)—The same agent is already present on another port. Any given remote agent shall be part of only on port.
Page 357 SNMP Trap Information SNMP Traps Table No. Trap Name Objects Family Description 180 alaTestOamTxDoneTrap alaTestOamCon- bridge After a configured time interval, figTestId, this trap is sent to the NMS from alaTestOamCon- Generator switch when the test figSourceEnd- duration expires. point, alaTestOamCon- figTestIdStatus alaTestOamConfigTestId—A unique name to identify the entries in the table.
Page 358 SNMP Traps Table SNMP Trap Information No. Trap Name Objects Family Description 188 poePowerBudgetChange Not Supported 189 alaDBChange alaOldDb, port This trap is sent when there is a alaNewDb, change in the expansion module alaMod- presence. Please note that if the uleChang- old module and new module, eString...
Page 359 SNMP Trap Information SNMP Traps Table No. Trap Name Objects Family Description 198 aluLicenseManagerLicenseExpired aluLicensedAp- license This trap is sent when the value plication manager of aluLicenseTimeRemaining aluLicenseTim- becomes 0 (zero) for a demo eRemaining licensed application. This notifi- cation is applicable only for tem- porary licenses.
Page 360 SNMP Traps Table SNMP Trap Information page B-32 OmniSwitch 6250/6450 Switch Management Guide June 2013...
Page 361 Index banner login 2-21 pre-login text 2-22 boot.cfg file 5-3, 5-16 Emergency Restore 5-34 Symbols cd command 1-9 !! command 6-12 certified directory copying to working directory 5-22, 5-27 Chassis Management Module see CMM aaa authentication command 10-7, 10-8, 10-10, 11-5 chmod command 1-16 aaa radius-server command 10-7 accounting...
Page 362 DES encryption 3-11 http port command 11-3 dir command 1-10 http server command 11-3 directories http ssl command 11-4 certified 1-27, 5-3 https flash //service.esd.alcatel-lucent.com/portal/page/portal/ESer- managing 5-13 vice/LicenseGeneration 1-36 network 1-27 https port command 11-4 working 1-27, 5-3 Directory Contents...
Page 363 login banner 2-21 login settings partition management 3-13 verify information about 2-25 password command 9-14 ls command 1-6, 1-10, 6-12 passwords ls-r command 1-13 expiration 9-20 global settings 9-10 minimum length 9-17 user-configured 9-14 Management Information Bases pre_banner.txt file 2-22 see MIBs Prefix Recognition 6-13 application examples 6-14...
Page 364 Secure Socket Layer user database WebView 11-4 ssh command 2-17, 2-19 security SNMP 3-10 HTTPS port 11-4 session banner command 2-21 see Secure Socket Layer session login-attempt command 2-23 startup session login-timeout command 2-23 defaults 9-6 session prompt command 6-19 switch session timeout command 2-23 rebooting 5-13, 5-25...
Page 365 verbose mode 7-9 vi command 1-14 WebView 11-1 accessing WebView 11-8 adjacencies 11-23 application examples 11-5 browser setup 11-2 CLI commands 11-3 configuring the switch 11-8 defaults 11-2 disabling 11-3 enabling 11-3 HTTP port 11-3 on-line help 11-24 Secure Socket Layer 11-4 Webview Configuring the Switch 11-8 who command 2-18, 6-22...
Page 366 Index-6 OmniSwitch 6250/6450 Switch Management Guide June 2013...

This manual is also suitable for:

Omniswitch 6350 Omniswitch 6250

Alcatel-Lucent OmniSwitch 6450 Management Manual

About this Guide

Chapter 1 Managing System Files

Chapter 2 Logging into the Switch

Chapter 9 Managing Switch User Accounts

Chapter 3 Using SNMP

Chapter 4 Configuring Network Time Protocol (NTP)

Chapter 5 Managing CMM Directory Content

Chapter 6 Using the CLI

Chapter 7 Working with Configuration Files

Tutorial for Creating a Configuration File

Applying Configuration Files to the Switch

Configuration File Error Reporting

Text Editing on the Switch

Creating Snapshot Configuration Files

Chapter 8 Managing Automatic Remote Configuration Download

Automatic Remote Configuration Specifications

Automatic Remote Configuration Defaults

Quick Steps for Automatic Remote Configuration

Overview

Interaction with Other Features

Automatic Remote Configuration Download Process

Download Component Files

LACP Auto Detection and Automatic Link Aggregate Association

DHCP Client Auto-Configuration Process

DHCP Client Preference to OXO DHCP Server

Nearest-Edge Mode Operation

Zero Touch License Upgrade

Troubleshooting

Quick Links

Related Manuals for Alcatel-Lucent OmniSwitch 6450

Summary of Contents for Alcatel-Lucent OmniSwitch 6450