Page 1 Part No. 060215-10, Rev. K September 2009 OmniSwitch AOS Release 6 Switch Management Guide www.alcatel-lucent.com OmniSwitch AOS Release 6 Switch Management Guide September 2009...
Page 2 OmniSwitch 6855 Series, OmniSwitch 9000 Series, and OmniSwitch 9000E Series The functionality described in this guide is subject to change without notice. Copyright © 2009 by Alcatel-Lucent. All rights reserved. This document may not be reproduced in whole or in part without the express written permission of Alcatel-Lucent.
Page 3: Table Of Contents
Contents About This Guide Supported Platforms ...xiii Who Should Read this Manual? ... xiv When Should I Read this Manual? ... xiv What is in this Manual? ... xiv What is Not in this Manual? ... xv How is the Information Organized? ... xv Documentation Roadmap ...
Page 4 Utility Commands ...1-18 Displaying Free Memory Space ...1-18 Performing a File System Check ...1-18 Deleting the Entire File System ...1-19 Loading Software onto the Switch ...1-20 Using the Switch as an FTP Server ...1-20 Using the Switch as an FTP Client ...1-21 Using Secure Shell FTP ...1-23 Closing a Secure Shell FTP Session ...1-24 Using TFTP to Transfer Files ...1-24...
Page 5 Contents Using Secure Shell ...2-11 Secure Shell Components ...2-11 Secure Shell Interface ...2-11 Secure Shell File Transfer Protocol ...2-11 Secure Shell Application Overview ...2-13 Secure Shell Authentication ...2-14 Protocol Identification ...2-14 Algorithm and Key Exchange ...2-14 Authentication Phase ...2-14 Connection Phase ...2-15 Using Secure Shell DSA Public Key Authentication ...2-15 Starting a Secure Shell Session ...2-15 Closing a Secure Shell Session ...2-17...
Page 6 Working with SNMP Traps ...3-49 Trap Filtering ...3-49 Filtering by Trap Families ...3-49 Filtering By Individual Trap ...3-49 Authentication Trap ...3-50 Trap Management ...3-50 Replaying Traps ...3-50 Absorbing Traps ...3-50 Sending Traps to WebView ...3-50 SNMP MIB Information ...3-51 MIB Tables ...3-51 MIB Table Description ...3-51 Industry Standard MIBs ...3-52 Enterprise (Proprietary) MIBs ...3-57...
Page 7 Contents Copying the Working Directory to the Certified Directory ...5-20 Copying the Certified Directory to the Working Directory ...5-21 Show Currently Used Configuration ...5-22 Show Switch Files ...5-23 Managing Redundancy in a Stack and CMM ...5-24 Rebooting the Switch ...5-24 Copying the Working Directory to the Certified Directory ...5-25 Synchronizing the Primary and Secondary CMMs ...5-26 CMM Switching Fabric ...5-27...
Page 8 Filtering Table Information ...6-19 Multiple User Sessions ...6-20 Listing Other User Sessions ...6-20 Listing Your Current Login Session ...6-21 Terminating Another Session ...6-22 Application Example ...6-23 Using a Wildcard to Filter Table Information ...6-23 Verifying CLI Usage ...6-24 Chapter 7 Working With Configuration Files In This Chapter ...7-1 Configuration File Specifications ...7-2...
Page 9 Contents Creating a User ...8-10 Removing a User ...8-10 User-Configured Password ...8-10 Configuring Password Policy Settings ...8-12 Setting a Minimum Password Size ...8-12 Configuring the Username Password Exception ...8-12 Configuring Password Character Requirements ...8-13 Configuring Password Expiration ...8-13 Default Password Expiration ...8-13 Specific User Password Expiration ...8-14 Configuring the Password History ...8-14 Configuring the Minimum Age for a Password ...8-14...
Page 10 Appendix A Software License and Copyright Statements Alcatel-Lucent License Agreement ... A-1 ALCATEL-LUCENT SOFTWARE LICENSE AGREEMENT ... A-1 Third Party Licenses and Notices ... A-4 A. Booting and Debugging Non-Proprietary Software ... A-4 B. The OpenLDAP Public License: Version 2.8, 17 August 2003 ... A-4 C.
Page 11 Contents I. Agranat ... A-11 J. RSA Security Inc..A-11 K. Sun Microsystems, Inc..A-12 L. Wind River Systems, Inc..A-12 M. Network Time Protocol Version 4 ... A-12 N. Remote-ni ... A-13 O. GNU Zip ... A-13 P.
Page 12 Contents OmniSwitch AOS Release 6 Switch Management Guide September 2009...
Page 13: About This Guide
This OmniSwitch AOS Release 6 Switch Management Guide describes basic attributes of your switch and basic switch administration tasks. The software features described in this manual are shipped standard with your OmniSwitch 6400 Series, OmniSwitch 6800 Family, OmniSwitch 6850 Series, OmniSwitch 6855 Series, and OmniSwitch 9000 Series switches.
Page 14: Who Should Read This Manual
Who Should Read this Manual? Who Should Read this Manual? The audience for this user guide are network administrators and IT support personnel who need to config- ure, maintain, and monitor switches and routers in a live network. However, anyone wishing to gain knowledge on how fundamental software features are implemented in the OmniSwitch Series switches will benefit from the material in this configuration guide.
Page 15: What Is Not In This Manual
About This Guide What is Not in this Manual? The configuration procedures in this manual primarily use Command Line Interface (CLI) commands in examples. CLI commands are text-based commands used to manage the switch through serial (console port) connections or via Telnet sessions. This guide does include introductory chapters for alternative methods of managing the switch, such as web-based (WebView) and SNMP management.
Page 16: Documentation Roadmap
Documentation Roadmap Documentation Roadmap The OmniSwitch user documentation suite was designed to supply you with information at several critical junctures of the configuration process. The following section outlines a roadmap of the manuals that will help you at each stage of the configuration process. Under each stage, we point you to the manual or manuals that will be most helpful to you.
Page 17 About This Guide Anytime The OmniSwitch CLI Reference Guide contains comprehensive information on all CLI commands supported by the switch. This guide includes syntax, default, usage, example, related CLI command, and CLI-to-MIB variable mapping information for all CLI commands supported by the switch. This guide can be consulted anytime during the configuration process to find detailed and specific information on each CLI command.
Page 18: Related Documentation
Related Documentation Related Documentation The following are the titles and descriptions of all the related OmniSwitch AOS Release 6 user manuals: • OmniSwitch 6400 Series Getting Started Guide Describes the hardware and software procedures for getting an OmniSwitch 6400 Series switch up and running.
Page 19 About This Guide • OmniSwitch CLI Reference Guide Complete reference to all CLI commands supported on the OmniSwitch. Includes syntax definitions, default values, examples, usage guidelines and CLI-to-MIB variable mappings. • OmniSwitch AOS Release 6 Switch Management Guide Includes procedures for readying an individual switch for integration into a network. Topics include the software directory architecture, image rollback protections, authenticated switch access, managing switch files, system configuration, using SNMP, and using web management software (WebView).
Page 20: User Manual Cd
(open or closed) that you have reported to Alcatel’s technical support, open a new case or access helpful release notes, technical bulletins, and manuals. For more infor- mation on Alcatel’s Service Programs, see our web page at service.esd.alcatel-lucent.com, call us at 1-800-995-2696, or email us at esd.support@alcatel-lucent.com.
Page 21: Chapter 1 Managing System Files
1 Managing System Files This chapter describes the several methods of transferring software files onto the OmniSwitch and how to register those files for use by the switch. This chapter also describes several basic switch management procedures and discusses the Command Line Interface (CLI) commands used. •...
Page 22: File Management Specifications
File Management Specifications File Management Specifications The functionality described in this chapter is supported on the OmniSwitch Series switches unless other- wise stated in the following Specifications table or specifically noted within any section of this chapter. File Transfer Methods Switch Software Utility Configuration Recovery Switch /flash Directory...
Page 23: Switch Administration Overview
Over the life of the switch, it is very likely that your configuration and feature set will change because the needs of your network are likely to expand. Also, software updates become available from Alcatel-Lucent. If you change your configuration to upgrade your network, you must understand how to install switch files and to manage switch directories.
Page 24: Switch Directories
Switch Administration Overview Switch Directories You can create your own directories in the switch flash directory. This allows you to organize your config- uration and text files on the switch. You can also use the how to make, copy, move, and delete both files and directories. Directory: /flash/certified (Files) Directory: /flash/working...
Page 25: File And Directory Management
Managing System Files File and Directory Management A number of CLI commands allow you to manage files on your switch by grouping them into sub- directories within the switch’s flash directory. These commands perform the same functions as file management software applications (such as Microsoft Explorer) perform on a workstation. For documentation purposes, we have categorized the commands into the following three groups.
Page 26 File and Directory Management To list all the files and directories in your current directory, use the of the flash directory. -> ls Listing Directory /flash: 315 Jan 5 09:38 boot.params 2048 Jan 5 09:22 certified/ 2048 Jan 5 09:22 working/ 12 Dec 18 2048 Dec 27 64000 Jan...
Page 27: Using Wildcards
Managing System Files Using Wildcards Wildcards allow you to substitute symbols (* or ?) for text patterns while using file and directory commands. The asterisk (*) takes the place of multiple characters and the question mark character (?) takes the place of single characters. More than one wildcard can be used within a single text string. Multiple Characters An asterisk (*) is used as a wildcard for multiple characters in a text pattern.
Page 28: Directory Commands
File and Directory Management Directory Commands The directory commands are applied to the switch file system and to files contained within the file system. When you first enter the flash directory, your login is located at the top of the directory tree. You may navigate within this directory by using the login within the directory structure is called your current directory.
Page 29: Changing Directories
Managing System Files Changing Directories Use the command to navigate within the file directory structure. The “up” or “down” the directory tree. To go down, you must specify a directory located in your current direc- tory. The following command example presumes your current directory is the /flash file directory as shown in the directory on page 1-8 directory.
Page 30: Displaying Directory Contents
File and Directory Management Displaying Directory Contents commands have the same function. These two commands display the contents of the current directory. If you use the shown on page 1-8, the following will be displayed: -> dir Listing Directory /flash: 512 Oct 25 14:39 certified/ 512 Jul 15 14:59 NETWORK/ 512 Oct 25 14:17 WORKING/...
Page 31: Making A New Directory
Managing System Files If you specify a path as part of the the specified path. -> ls /flash/ Listing Directory /flash: 1024 Nov 8 08:30 WORKING/ 276 Nov 8 09:59 boot.params 4890749 Oct 21 21:43 cs_system.pmd 256 Nov 8 09:57 random-seed 64000 Nov 8 09:59 swlog1.log 1024 Nov...
Page 32: Displaying Directory Contents Including Subdirectories
File and Directory Management Displaying Directory Contents Including Subdirectories -r command displays the contents of your current directory in addition to recursively displaying all subdirectories. The following example shows the result of the directory contains a directory named newdir1. Be sure to include a space between ->...
Page 33: Removing A Directory And Its Contents
Managing System Files To verify the creation of the new directory, use the certified directory. This list will include the files that were originally in the certified directory plus the newly created copy of the working directory and all its contents. ->ls -r /flash/certified Listing Directory /flash/certified 2048 Oct 12 16:22 ./...
Page 34: File Commands
File and Directory Management File Commands The file commands apply to files located in the /flash file directory and its sub-directories. Note. Each file in any directory must have a unique name. If you attempt to create or copy a file into a directory where a file of the same name already exists, you will overwrite or destroy one of the files.
Page 35: Secure Copy An Existing File
Managing System Files Secure Copy an Existing File Use the command to copy an existing file in a secure manner. You can specify the path and filename for the original file being copied as well as the path and filename for a new copy being created. If no path is specified, the command assumes the current directory.
Page 36: Change File Attribute And Permissions
File and Directory Management In this first example, the user’s current directory is the flash directory. The following command syntax moves the testfile2 file from the user created testfiles directory into the working directory as shown in the illustration above. The screen displays a warning that the file is being renamed (or in this case, redirected). ->...
Page 37: Managing Files On Switches
Managing System Files Managing Files on Switches On OmniSwitch stackable switches, you can copy a file from a non-primary switch to the primary switch in a stack using the command. To use this command, enter rcp followed by the slot number of the non-primary switch, the path and file name of the source file on the non-primary switch, and the destina- tion file name on the primary switch.
Page 38: Omniswitch Aos Release 6 Switch Management Guide September 2009
File and Directory Management Utility Commands The utility commands include freespace, fsck, and newfs. These commands are used to check memory and delete groups of files. Displaying Free Memory Space freespace command displays the amount of free memory space available for use in the switch’s file system.
Page 39: Deleting The Entire File System
Managing System Files Deleting the Entire File System newfs command deletes the flash file system and all the files and directories contained in it. This command is used when you want to reload all files in the file system. Caution. This command will delete all of the switch’s system files. All configurations programmed into the switch will be lost.
Page 40: Loading Software Onto The Switch
Loading Software onto the Switch Loading Software onto the Switch There are three common methods for loading software to and from your switch. The method you use depends on your workstation software, your hardware configuration, and the location and condition of your switch.
Page 41: Using The Switch As An Ftp Client
Managing System Files Specify the transfer mode. If you are transferring a switch image file, you must specify the binary transfer mode on your FTP client. If you are transferring a configuration file, you must specify the ASCII transfer mode. Transfer the file.
Page 42 Loading Software onto the Switch -> ftp 198.23.9.101 Connecting to [198.23.9.101]...connected 220 cosmo FTP server (UNIX(r) System V Release 4.1) ready Name : Note. You can only use a host name instead of an IP address if the DNS resolver has been configured and enabled.
Page 43: Using Secure Shell Ftp
Managing System Files help quit remotehelp user lpwd mput mget prompt user If you lose communications while running FTP, you may receive a message similar to the following: Waiting for reply (Hit ^C to abort)... In this case you can press Crtl-C to abort the session or wait until the communication failure is resolved and the FTP transfer can continue.
Page 44: Closing A Secure Shell Ftp Session
Loading Software onto the Switch You must have a login and password that is recognized by the IP address you specify. When you enter your login, the device you are logging in to, will request your password as shown here. ->...
Page 45: Using Zmodem
Managing System Files The following is an example of how to start a TFTP session to download a file from a TFTP server: -> tftp 10.211.17.1 get source-file boot.cfg destination-file /flash/working/ boot.cfg ascii When you enter the above command the following actions are performed: •...
Page 46 Loading Software onto the Switch Connect your terminal emulation device containing the Zmodem protocol to the switch’s console port. Start the Zmodem process on your switch by executing the -> rz A screen similar to the following will appear. Upload directory: /flash rz ready to receive file, please start upload (or send 5 CTRL-X’s to abort).
Page 47: Registering Software Image Files
Managing System Files Registering Software Image Files New software transferred to the switch must go through a registration process before it can be used by the switch. The registration process includes two tasks: • Transfer the new software file(s) to the switch’s /flash/working directory via remote connection. •...
Page 48: Available Image Files
Registering Software Image Files Available Image Files The following table lists the image files for the OmniSwitch 6400 switches. Most of the files listed here are part of the base switch configuration. Files that support an optional switch feature are noted in the table.
Page 49 Managing System Files Archive File Name Base or Optional Software Jqos.img Base Software Jrout.img Base Software Jsecu.img Optional Security Jrelease.img Base Software OmniSwitch AOS Release 6 Switch Management Guide Registering Software Image Files Description CMM Quality of Service CMM Routing (IP and IPX) CMM Security (AVLANS) Release Archive September 2009...
Page 50: Application Examples For File Management
Application Examples for File Management Application Examples for File Management The following sections provide detailed examples of managing files and directories on the switch. Transferring a File to the Switch Using FTP In this example, the user is adding the AVLAN security feature to an OmniSwitch 6850 Series switch. To do this, the user must load the Ksecu.img image file onto the switch and then register the file by reboot- ing the switch.
Page 51: Creating A File Directory On The Switch
Managing System Files Reboot the switch to register the security file Ksecu.img. The following will be displayed: -> install Ksecu.img renaming file temp.img -> /flash/working/Krelease.img Installation of Ksecu.img was successful. The features and services supported by the Ksecu.img image file are now available on the switch. Creating a File Directory on the Switch In this example, the user wants to store several test files on the switch for use at a later date.
Page 52: Ftp Client Application Example
Application Examples for File Management Use the command to verify that the files are now located in the /flash/resources directory. -> ls /flash/resources Listing Directory /flash/resources: 2048 Jul 5 17:20 ./ 2048 Jul 5 16:25 ../ 6 Jul 5 17:03 test1.txt 6 Jul 5 17:03 test2.txt 6 Jul 5 17:03 test3.txt 17995776 bytes free...
Page 53 Managing System Files Enter the FTP mode by using the are connecting to. (If you enter a host name, please refer to ->ftp 10.255.11.101 220 Connecting to [10.255.11.101]...connected. Cosmo Windows FTP server ready Name: Myhost1 Note. You can only use a host name instead of an IP address if the DNS resolver has been configured and enabled.
Page 54: Creating A File Directory Using Secure Shell Ftp
Application Examples for File Management Creating a File Directory Using Secure Shell FTP The following example describes the steps necessary to create a directory on a remote OmniSwitch and to transfer a file into the new directory by using Secure Shell FTP. Log on to the switch and issue the connecting to.
Page 55: Transfer A File Using Secure Shell Ftp
Managing System Files 287 boot.params 2048 certified 2048 working 64000 swlog1.log 64000 swlog2.log30 policy.cfg 2048 network 206093 cs_system.pmd 2048 LPS 2048 newssdir 256 random-seed Transfer a File Using Secure Shell FTP To demonstrate how to transfer a file by using the Secure Shell FTP, this application example continues from the previous example where a new directory named “newssdir”...
Page 56: Verifying Directory Contents
Verifying Directory Contents Verifying Directory Contents To display a list of files, the following CLI commands may be used. For more information about these commands, see the OmniSwitch CLI Reference Guide. page 1-36 Displays the contents of a specified directory or the current working directory.
Page 57: Setting The System Clock
Managing System Files Setting the System Clock The switch clock displays time by using a 24-hour clock format. It can also be set for use in any time zone. Daylight Savings Time (DST) is supported for a number of standard time zones. DST parameters can be programmed to support non-standard time zones and time off-set applications.
Page 58: Time
Setting the System Clock You may set the switch system clock to a time that is offset from standard UTC time. For example, you can set a time that is offset from UTC by increments of 15, 30, or 45 minutes. You must indicate by a plus (+) or minus (-) character whether the time should be added to or subtracted from the system time.
Page 59: Daylight Savings Time Configuration
Managing System Files Daylight Savings Time Configuration The switch can be set to change the system clock automatically to adjust for Daylight Savings Time (DST). There are two situations that apply depending on the time zone selected for your switch. If the time zone set for your switch shows DST parameters in the table on enable DST on your switch by using the following command: ->...
Page 60: Enabling Dst
Setting the System Clock Enabling DST When Daylight Savings Time (DST) is enabled, the switch’s clock will automatically set the default DST parameters for the time zone specified on the switch or for the custom parameters you can specify with the system daylight savings time switch when your time zone changes to and from DST.
Page 61 Managing System Files Time Zone and DST Information Table (continued) Abbreviation Name Central Europe Middle Europe British Standard Time Western Europe Greenwich Mean Time West Africa No standard name No standard name Newfoundland Atlantic Standard Time Eastern Standard Time Central Standard Time Mountain Standard Time...
Page 62 Setting the System Clock Managing System Files page 1-42 OmniSwitch AOS Release 6 Switch Management Guide September 2009...
Page 63: Chapter 2 Logging Into The Switch
HTTP client (browser) on a remote workstation; and SNMP, which requires an SNMP manager (such as Alcatel-Lucent’s OmniVista or HP OpenView) on the remote workstation. Secure sessions are available using the Secure Shell interface; file transfers are done via FTP or Secure Shell FTP.
Page 64: Logging Into The Switch
Login Specifications Login Specifications Platforms Supported IPv6 client Telnet, FTP, SSH, SFTP, and SNMP IPv6 DNS Telnet clients supported FTP clients supported HTTP (WebView) clients supported Secure Shell clients supported Secure Shell DSA public key authentication SNMP clients supported Login Defaults Access to managing the switch is always available for the admin user through the console port, even if management access to the console port is disabled.
Page 65 Logging Into the Switch Session Telnet (v4 or v6) FTP (v4 or v6) SSH + SFTP (v4 or v6 secure sessions) HTTP Total Sessions SNMP OmniSwitch AOS Release 6 Switch Management Guide OS6400/OS6850/ OS9000/9000E OS6855 September 2009 Login Defaults page 2-3...
Page 66: Quick Steps For Logging Into The Switch
Software Version 6.3.1.733.R01 Development, October 05, 2007. Copyright(c), 1994-2007 Alcatel-Lucent. All Rights reserved. OmniSwitch(TM) is a trademark of Alcatel-Lucent registered in the United States Patent and Trademark Office. You are now logged into the CLI. For information about changing the welcome banner, see the Login Banner”...
Page 67: Overview Of Switch Login Components
Logging Into the Switch Overview of Switch Login Components Switch access components include access methods (or interfaces) and user accounts stored on the local user database in the switch and/or on external authentication servers. Each access method, except the console port, must be enabled or “unlocked” on the switch before users can access the switch through that interface.
Page 68: Using The Webview Management Tool
Overview of Switch Login Components Using the WebView Management Tool • HTTP—The switch has a Web browser management interface for users logging in via HTTP. This management tool is called WebView. For more information about using WebView, see “Using WebView.” Using SNMP to Manage the Switch •...
Page 69: Using Telnet
Logging Into the Switch Using Telnet Telnet may be used to log into the switch from a remote station. All of the standard Telnet commands are supported by software in the switch. When Telnet is used to log in, the switch acts as a Telnet server. If a Telnet session is initiated from the switch itself during a login session, then the switch acts as a Telnet client.
Page 70 Welcome to the Alcatel-Lucent OmniSwitch 6000 Software Version 6.3.1.733.R01 Development, October 05, 2007. Copyright(c), 1994-2007 Alcatel-Lucent. All Rights reserved. OmniSwitch(TM) is a trademark of Alcatel-Lucent registered in the United States Patent and Trademark Office. page 2-8 OmniSwitch AOS Release 6 Switch Management Guide...
Page 71: Using Ftp
Logging Into the Switch Using FTP The OmniSwitch can function as an FTP server. Any standard FTP client may be used. Note. An FTP connection is not secure. Secure Shell is recommended instead of FTP or Telnet as a secure method of accessing the switch.
Page 72 Using FTP You have to enter a valid user name and password for the host you specified with the which you will get a screen similar to the following display: Name:Jsmith 331 Password required for Jsmith Password: ***** 230 User Jsmith logged in. Note It is mandatory to specify the name of the particular IPv6 interface, if the target has been specified using the link-local address.
Page 73: Using Secure Shell
Logging Into the Switch Using Secure Shell The OmniSwitch Secure Shell feature provides a secure mechanism that allows you to log in to a remote switch, to execute commands on a remote device, and to move files from one device to another. Secure Shell provides secure, encrypted communications even when your transmission is between two untrusted hosts or over an unsecure network.
Page 74 Using Secure Shell interactive command mode. Refer to information. page 2-12 “Starting a Secure Shell Session” on page 2-15 OmniSwitch AOS Release 6 Switch Management Guide Logging Into the Switch for detailed September 2009...
Page 75: Secure Shell Application Overview
Logging Into the Switch Secure Shell Application Overview Secure Shell is an access protocol used to establish secured access to your OmniSwitch. The Secure Shell protocol can be used to manage an OmniSwitch directly or it can provide a secure mechanism for managing network servers through the OmniSwitch.
Page 76: Secure Shell Authentication
Using Secure Shell Secure Shell Authentication Secure Shell authentication is accomplished in several phases using industry standard algorithms and exchange mechanisms. The authentication phase is identical for Secure Shell and Secure Shell FTP. The following sections describe the process in detail. Protocol Identification When the Secure Shell client in the OmniSwitch connects to a Secure Shell server, the server accepts the connection and responds by sending back an identification string.
Page 77: Connection Phase
Logging Into the Switch Connection Phase After successful authentication, both the client and the server process the Secure Shell connection protocol. The OmniSwitch supports one channel for each Secure Shell connection. This channel can be used for a Secure Shell session or a Secure Shell FTP session. Using Secure Shell DSA Public Key Authentication The following procedure is used to set up Secure Shell (SSH) DSA public key authentication (PKA) between an OmniSwitch and a client device:...
Page 78 Using Secure Shell Note. You can only use a host name instead of an IP address if the DNS resolver has been configured and enabled. If not, you must specify an IP address. See Note. Use of the cmdtool OpenWindows support facility is not recommended over Secure Shell connec- tions with an external server.
Page 79: Closing A Secure Shell Session
Logging Into the Switch Session number = 0 User name = (at login), Access type = console, Access port = Local, IP address = 0.0.0.0, Read-only domains Read-only families Read-Write domains Read-Write families = , End-User profile Session number = 1 User name = rrlogin1, Access type = ssh,...
Page 80 Using Secure Shell The following example describes how a Secure Shell interface is established from the local OmniSwitch to IP address 10.222.30.125 Log on to the OmniSwitch and issue the identify the IP address or hostname for the device to which you are connecting. The following command establishes a Secure Shell FTP interface from the local OmniSwitch to IP address 10.222.30.125.
Page 81: Closing A Secure Shell Ftp Session
Logging Into the Switch Note. Although Secure Shell FTP has commands similar to the industry standard FTP, the underlying protocol is different. See Chapter 1, “Managing System Files,” ple. Closing a Secure Shell FTP Session To terminate the Secure Shell FTP session, issue the ->...
Page 82: Modifying The Login Banner
Welcome to the Alcatel-Lucent OmniSwitch 9000 Software Version 6.4.2.733.R01 Development, August 05, 2009. Copyright(c), 1994-2007 Alcatel-Lucent. All Rights reserved. OmniSwitch(TM) is a trademark of Alcatel-Lucent registered in the United States Patent and Trademark Office. Here is an example of a banner that has been changed:...
Page 83: Modifying The Text Display Before Login
Logging Into the Switch If you want the login banner in the text file to apply to HTTP switch sessions, execute the following CLI command where the text filename is thirdbanner.txt. -> session banner http /flash/switch/thirdbanner.txt The banner files must contain only ASCII characters and should bear the .txt extension. The switch will not reproduce graphics or formatting contained in the file.
Page 84: Configuring Login Parameters
Configuring Login Parameters Configuring Login Parameters You can set the number of times a user may attempt unsuccessfully to log in to the switch’s CLI by using session login-attempt command as follows: -> session login-attempt 5 In this example, the user may attempt to log in to the CLI five (5) times unsuccessfully. If the user attempts to log in the sixth time, the switch will break the TCP connection.
Page 85: Enabling The Dns Resolver
Logging Into the Switch Enabling the DNS Resolver A Domain Name System (DNS) resolver is an optional internet service that translates host names into IP addresses. Every time you enter a host name when logging into the switch, a DNS service must look up the name on a server and resolve the name to an IP address.
Page 86: Verifying Login Settings
Verifying Login Settings Verifying Login Settings To display information about login sessions, use the following CLI commands: whoami show session config show dns For more information about these commands, refer to the OmniSwitch CLI Reference Guide. page 2-24 Displays all active login sessions (e.g., console, Telnet, FTP, HTTP, Secure Shell, Secure Shell FTP).
Page 87: Chapter 3 Using Snmp
The Simple Network Management Protocol (SNMP) is an application-layer protocol that allows communication between SNMP managers and SNMP agents on an IPv4 as well as on an IPv6 network. Network administrators use SNMP to monitor network performance and to manage network resources. In This Chapter This chapter describes SNMP and how to use it through the Command Line Interface (CLI).
Page 88: Snmp Specifications
SNMP Specifications SNMP Specifications The following table lists specifications for the SNMP protocol. RFCs Supported for SNMPv2 RFCs Supported for SNMPv3 Platforms Supported SNMPv1, SNMPv2, SNMPv3 SNMPv1 and SNMPv2 Authentication SNMPv1, SNMPv2 Encryption SNMPv1 and SNMPv2 Security requests accepted by the switch SNMPv3 Authentication SNMPv3 Encryption SNMPv3 Security requests...
Page 89 Using SNMP Parameter Description Enables the forwarding of traps to WebView. Enables or disables SNMP authentication failure trap forwarding. OmniSwitch AOS Release 6 Switch Management Guide Command Default Value/Comments snmp trap to webview Enabled snmp authentication trap Disabled September 2009 SNMP Defaults page 3-3...
Page 90: Quick Steps For Setting Up An Snmp Management Station
Quick Steps for Setting Up An SNMP Management Station Quick Steps for Setting Up An SNMP Management Station An SNMP Network Management Station (NMS) is a workstation configured to receive SNMP traps from the switch. To set up an SNMP NMS by using the switch’s CLI, proceed as follows: Specify the user account name and the authentication type for that user.
Page 91: Quick Steps For Setting Up Trap Filters
Using SNMP Quick Steps for Setting Up Trap Filters You can filter traps by limiting user access to trap command families. You can also filter according to individual traps. Filtering by Trap Families The following example will create a new user account. This account will be granted read-only privileges to three CLI command families (snmp, chassis, and interface).
Page 92: Filtering By Individual Traps
Quick Steps for Setting Up Trap Filters Filtering by Individual Traps The following example enables trap filtering for the coldstart, warmstart, linkup, and linkdown traps. The identification numbers for these traps are 0, 1, 2, and 3. When trap filtering is enabled, these traps will be filtered.
Page 93: Snmp Overview
Using SNMP SNMP Overview SNMP provides an industry standard communications model used by network administrators to manage and monitor their network devices. The SNMP model defines two components, the SNMP Manager and the SNMP Agent. Network Management Station SNMP Manager •...
Page 94: Using Snmp For Switch Management
Although MIB browsers vary depending on which software package is used, they all have a few things in common. The browser must compile the Alcatel-Lucent switch MIBs before it can be used to manage the switch by issuing requests and reading statistics. Each MIB must be checked for dependencies and the MIBs must be compiled in the proper order.
Page 95: Snmpv2
Using SNMP The community string security standard offers minimal security and is generally insufficient for networks where the need for security is high. Although SNMPv1 lacks bulk message retrieval capabilities and secu- rity features, it is widely used and is a de facto standard in the Internet environment. SNMPv2 SNMPv2 is a later version of the SNMP protocol.
Page 96: Snmp Traps Table
SNMP Overview SNMP Traps Table The following table provides information on all SNMP traps supported by the switch. Each row includes the trap name, its ID number, any objects (if applicable), its command family, and a description of the condition the SNMP agent in the switch is reporting to the SNMP management station. You can generate a list of SNMP traps that are supported on your switch by using the No.
Page 97 An entConfigChange notification is generated when a conceptual row is created, modified, or deleted in one of the entity tables. aipAMAPLast- The status of the Alcatel-Lucent TrapReason Mapping Adjacency Protocol aipAMAPLast- (AMAP) port changed. TrapPort aipGMAPLast- Indicates a Group Mobility...
Page 98: Index
SNMP Overview No. Trap Name chassisTrapsStr chassisTrapsStrLevel—An enumerated value that provides the urgency level of the STR. chassisTrapsStrAppID—The application identification number. chassisTrapsStrSnapID—The subapplication identification number. You can have multiple snapIDs per Sub- application (task) but only one is to be used to send STRs. chassisTrapsStrfileName—Name of the source file where the fault was detected.
Page 99 Using SNMP No. Trap Name chassisTrapsStateChange physicalIndex—The physical index of the involved object. chassisTrapsObjectType—An enumerated value that provides the object type involved in the alert trap. chassisTrapsObjectNumber—A number defining the order of the object in the set (e.g., the number of the considered fan or power supply).
Page 100 SNMP Overview No. Trap Name healthMonDeviceTrap healthMonRxStatus—Rx threshold status indicating if threshold was crossed or no change. healthMonRxTxStatus— RxTx threshold status indicating if threshold was crossed or no change. healthMonMemoryStatus—Memory threshold status indicating if threshold was crossed or no change. healthMonCpuStatus—CPU threshold status indicating if threshold was crossed or no change.
Page 101 Using SNMP No. Trap Name bgpEstablished bgpPeerLastError—The last error code and subcode seen by this peer on this connection. If no error has occurred, this field is zero. Otherwise, the first byte of this two byte OCTET STRING contains the error code, and the second byte contains the subcode.
Page 102 SNMP Overview No. Trap Name dvmrpNeighborLoss dvmrpInterfaceLocalAddress—The IP address this system will use as a source address on this interface. On unnumbered interfaces, it must be the same value as dvmrpInterfaceLocalAddress for some interfaces on the system. dvmrpNeighborState—State of the neighbor adjacency. dvmrpNeighborNotPruning dvmrpInterfaceLocalAddress—The IP address this system will use as a source address on this interface.
Page 103 Using SNMP No. Trap Name risingAlarm alarmIndex—An index that uniquely identifies an entry in the alarm table. Each such entry defines a diagnos- tic sample at a particular interval for an object on the device. alarmVariable—The object identifier of the particular variable to be sampled. Only variables that resolve to an ASN.1 primitive type of INTEGER (INTEGER, Integer32, Counter32, Counter64, Gauge, or TimeTicks) may be sampled.
Page 104 SNMP Overview No. Trap Name stpRootPortChange vStpNumber—The Spanning Tree number identifying this instance. vStpRootPortNumber—The port ifindex of the port which offers the lowest cost path from this bridge to the root bridge for this spanning tree instance. mirrorConfigError mirmonPrimarySlot—Slot of mirrored or monitored interface. mirmonPrimaryPort—Port of mirrored or monitored interface.
Page 105 Using SNMP No. Trap Name slbTrapOperStatus slbTrapInfoEntityGroup—The entity group inside SLB management. slbTrapInfoOperStatus—The operational status of an SLB cluster or server. slbTrapInfoClusterName—A change occurred in the operational status of an SLB entity. slbTrapInfoServerIpAddr—The IP address of a server. Note: This trap is not supported. ifMauJabberTrap ifMauJabberState—The value other(1) is returned if the jabber state is not 2, 3, or 4.
Page 106 SNMP Overview No. Trap Name alaStackMgrNeighborChangeTrap alaStackMgrStackStatus—Indicates whether the stack is or is not in a loop. alaStackMgrSlotNINumber—The numbers allocated for the stack NIs are from 1to 8. alaStackMgrTrapLinkNumber—Holds the link number when the stack is not in a loop. Note: This trap is not supported on OmniSwitch 9000 switches.
Page 107 Using SNMP No. Trap Name gmBindRuleViolation gmBindRuleType—Type of binding rule for which trap sent. gmBindRuleVlanId—Binding Rule VLAN Id. gmBindRuleIPAddress—Binding Rule IP address. gmBindRuleMacAddress—Binding Rule Mac Address. gmBindRulePortIfIndex—The ifIndex corresponding to the mobile port on which the binding rule violation occurred. gmBindRuleProtoClass—The encoded protocol number used for binding VLAN classification.
Page 108 SNMP Overview No. Trap Name pethPsePortPowerMaintenanceStatus pethPsePortPowerMaintenanceStatus—The value ok (1) indicates the Power Maintenance Signature is present and the overcurrent condition has not been detected. The value overCurrent (2) indicates an overcurrent condition has been detected. The value mPSAbsent (3) indicates that the Power Maintenance Signature is absent.
Page 109 Using SNMP No. Trap Name httpServerDoSAttackTrap httpConnectionStats—The number of HTTP connection attempts over the past 15 seconds. alaStackMgrDuplicateRoleTrap alaStackMgrSlotNINumber—Numbers allocated for the stack NIs as follows: - 0: invalid slot number - 1..8: valid and assigned slot numbers corresponding to values from the entPhysicalTable - 1001..1008: switches operating in pass through mode - 255: unassigned slot number.
Page 110 SNMP Overview No. Trap Name alaStackMgrOutOfTokensTrap alaStackMgrSlotNINumber—Numbers allocated for the stack NIs as follows: - 0: invalid slot number - 1..8: valid and assigned slot numbers corresponding to values from the entPhysicalTable - 1001..1008: switches operating in pass through mode - 255: unassigned slot number.
Page 111 Using SNMP No. Trap Name lnkaggAggDown traplnkaggId— Index value of the Link Aggregate group. traplnkaggIfIndex —Port of the Link Aggregate group. lnkaggPortJoin traplnkaggId— Index value of the Link Aggregate group. traplnkaggIfIndex —Port of the Link Aggregate group. lnkaggPortLeave traplnkaggId— Index value of the Link Aggregate group. traplnkaggIfIndex —Port of the Link Aggregate group.
Page 112 SNMP Overview No. Trap Name alaVrrp3TrapProtoError alaVrrp3TrapProtoErrReason alaVrrp3TrapNewMaster alaVrrp3OperMasterlpAddrType—This specifies the type of alaVrrp3OperMasterlpAddr in this row. alaVrrp3OperMasterlpAddr—The master switch’s real (primary for vrrp over IPv4) IP address. This is the Ip address listed as the source in the advertisement last received by this virtual switch. For IPv6, a link local address.
Page 113 Using SNMP No. Trap Name vRtrIsisDatabaseOverload vRtrIsisSystemLevel—Identifies the level to which the notification applies.Routing within an area is referred to as Level-1 routing. Routing between two or more areas is referred to as Level 2 routing. Each area runs a sep- arate copy of the basic link-state routing algorithm.
Page 114 SNMP Overview No. Trap Name vRtrIsisIDLenMismatch vRtrIsisFieldLen—The System ID Field length. vRtrIsisIfIndex—The ISIS interface on which the PDU was received. vRtrIsisPDUFragment—The first 64 bytes of a PDU that triggered the trap. vRtrIsisMaxAreaAddrsMismatch vRtrIsisMaxAreaAddress—The maximum number of area addresses in the PDU. vRtrIsisIfIndex—The ISIS interface on which the PDU was received.
Page 115 Using SNMP No. Trap Name vRtrIsisAutTypeFail vRtrIsisSystemLevel—Identifies the level to which the notification applies.Routing within an area is referred. to as Level-1 routing. Routing between two or more areas is referred to as Level 2 routing. Each area runs a sep- arate copy of the basic link-state routing algorithm.
Page 116 SNMP Overview No. Trap Name vRtrIsisLSPSize—The size of the LSP received. vRtrIsisSystemLevel—Identifies the level to which the notification applies.Routing within an area is referred to as Level-1 routing. Routing between two or more areas is referred to as Level 2 routing. Each area runs a sep- arate copy of the basic link-state routing algorithm.
Page 117 Using SNMP No. Trap Name vRtrIsisProtoSuppMismatch vRtrIsisProtocolsSupported—The protocols supported by an adjacent system. This may be empty vRtrIsisSystemLevel—Identifies the level to which the notification applies.Routing within an area is referred to as Level-1 routing. Routing between two or more areas is referred to as Level 2 routing. Each area runs a sep- arate copy of the basic link-state routing algorithm.
Page 118 SNMP Overview No. Trap Name vRtrIsisAdjRestartStatusChange vRtrIsisSystemLevel—Identifies the level to which the notification applies.Routing within an area is referred to as Level-1 routing. Routing between two or more areas is referred to as Level 2 routing. Each area runs a sep- arate copy of the basic link-state routing algorithm.
Page 119 Using SNMP No. Trap Name alaPimNeighborLoss alaPimNeighborUpTime—The time since this PIM neighbor (last) became a neighbor of the local router. alaPimInvalidRegister alaPimGroupMappingPimMode—The PIM mode used for groups in this group prefix. alaPimInvalidRegisterAddressType—The address type stored in alaPimInvalidRegisterOrigin, alaPimInvalid RegisterGroup and alaPimInvalidRegisterRp. If no unexpected Register messages are received, the onject is set to “Unknown”.
Page 120 SNMP Overview No. Trap Name alaPimInvalidJoinPrune alaPimGroupMappingPimMode—The PIM mode used for groups in this group prefix. alaPimInvalidRegisterAddressType—The address type stored in alaPimInvalidRegisterOrigin, alaPimInvalid RegisterGroup and alaPimInvalidRegisterRp. If no unexpected Register messages are received, the onject is set to “Unknown”. alaPimInvalidJoinPruneOrigin—The source address of the last unexpected Join/Prune message received alaPimInvalidJoinPruneGroup—The IP multicast group address carried in the last unexpected Join/Prune message received alaPimInvalidJoinPruneRp—The RP address carried in the last unexpected Join/Prune message received...
Page 121 Using SNMP No. Trap Name 101 lpsLearnTrap lpsLearnTrapThreshold—The number of bridged MAC addresses that can be learned before a trap is sent. 102 gvrpVlanLimitReachedEvent alaGvrpMaxVlanLimit—The maximum number of dynamic VLANs that can be created on the system by GVRP before a trap is sent. 103 alaNetSecPortTrapAnomaly alaNetSecPortTrapInfoIfId—The interface index of port on which anomaly is detected.
Page 122 SNMP Overview No. Trap Name 108 healthMonCpuShutPortTrap healthModuleSlot—The slot on which anomaly is detected. ifIndex—The port on which anomaly is detected. healthModuleCpuLatest—The average module-level CPU utilization over the latest sample period (percent). 109 arpMaxLimitReached 110 ndpMaxLimitReached 111 ripRouteMaxLimitReached 112 ripngRouteMaxLimitReached 113 aaaHicServerTrap aaaHSvrIpAddress—The HIC/Rem/WebDL server's IP address.
Page 123 Using SNMP No. Trap Name 117 e2eGvrpVlanMatch esmE2EFlowVlan—VLAN configured for The End-to-End Flow Control. 118 e2eStackTopoChange esmE2EFlowVlan—VLAN configured for The End-to-End Flow Control. 119 dot3OamThresholdEvent OmniSwitch AOS Release 6 Switch Management Guide Objects Family Description esmE2EFlowVl gvrp This trap is sent when GVRP recieves a registration for a VLAN that is configured for End-to-End Flow Control.
Page 124 SNMP Overview No. Trap Name dot3OamEventLogTimestamp—The sysUpTime at the time of the logged event. dot3OamEventLogOui—The OUI of the entity defining the object type. All IEEE 802.3 defined events (as appearing in [802.3ah] except for the Organizationally Unique Event TLVs) use the IEEE 802.3 OUI of 0x0180C2.
Page 125 Using SNMP No. Trap Name 121 alaDot3OamThresholdEventClear dot3OamEventLogTimestamp—The sysUpTime at the time of the logged event. dot3OamEventLogOui—The OUI of the entity defining the object type. All IEEE 802.3 defined events (as appearing in [802.3ah] except for the Organizationally Unique Event TLVs) use the IEEE 802.3 OUI of 0x0180C2.
Page 126 SNMP Overview No. Trap Name 122 alaDot3OamNonThresholdEventClear dot3OamEvent dot3OamEventLogTimestamp—The value of sysUpTime at the time of the logged event. dot3OamEventLogOui—The OUI of the entity defining the object type. All IEEE 802.3 defined events (as appearing in [802.3ah] except for the Organizationally Unique Event TLVs) use the IEEE 802.3 OUI of 0x0180C2.
Page 127 Using SNMP No. Trap Name 126 vRtrLdpGroupIdMismatch vRtrLdpNotifyLocalGroupID—The local Group ID. vRtrLdpNotifyRemoteGroupID—The remote Group ID. 127 mplsXCup mplsXCIndex—The MPLS Index. mplsInSegmentIfIndex—The interface index for the incoming MPLS interface. mplsInSegmentLabel—The incoming label for the segment. mplsOutSegmentIndex—The outgoing label for the segment. mplsXCAdminStatus—The desired operational status of the segment (Up/Down/Testing).
Page 128 SNMP Overview No. Trap Name vRtrID—The LDP interface name. vRtrMplsGeneralAdminState—MPLS administrative state of the router (“In Service” - the agent attempts to enable the MPLS protocol instance for the router. “Out of Service” - the agent attempts to disable the MPLS protocol instance on router).
Page 129 Using SNMP No. Trap Name custId—The customer identifier. svcId—The service identifier. svcVpnId—The the VPN ID assigned to this service. svcAdminStatus—The desired state of the service. svcOperStatus—The the operational state of the service. 134 sapStatusChanged custId—The customer identifier. svcId—The service identifier. svcVpnId—The the VPN ID assigned to this service.
Page 130 SNMP Overview No. Trap Name 138 sdpBindSdpStateChangeProcessed sdpNotifySdpId—The SDP that experienced the state change. 139 unused 140 unused 141 unused 142 ddmTemperatureThresholdViolated ifIndex—The interface index. ddmNotificationType—The trap type for monitored DDM parameters (clearViolation(1), highAlarm(2), highWarning(3), lowWarning(4), lowAlarm(5). ddmTemperature—The temperature, in tenths of a degree celcius. 143 ddmVoltageThresholdViolated ifIndex—The interface index.
Page 131 Using SNMP No. Trap Name ifIndex—The interface index. ddmNotificationType—The trap type for monitored DDM parameters (clearViolation(1), highAlarm(2), highWarning(3), lowWarning(4), lowAlarm(5). ddmTxBiasCurrent—The current Transmit Bias Current of the SFP/XFP in 10s of milli-Amperes (mA). 145 ddmTxPowerThresholdViolated ifIndex—The interface index. ddmNotificationType—The trap type for monitored DDM parameters (clearViolation(1), highAlarm(2), highWarning(3), lowWarning(4), lowAlarm(5).
Page 132: Using Snmp For Switch Security
Using SNMP For Switch Security Using SNMP For Switch Security Community Strings (SNMPv1 and SNMPv2) The switch supports the SNMPv1 and SNMPv2c community strings security standard. When a commu- nity string is carried over an incoming SNMP request, the community string must match up with a user account name as listed in the community string database on the switch.
Page 133: Encryption And Authentication (Snmpv3)
Using SNMP Encryption and Authentication (SNMPv3) Two important processes are used to verify that the message contents have not been altered and that the source of the message is authentic. These processes are encryption and authentication. A typical data encryption process requires an encryption algorithm on both ends of the transmission and a secret key (like a code or a password).
Page 134: Setting Snmp Security
Using SNMP For Switch Security Setting SNMP Security By default, the switch is set to “privacy all”, which means the switch accepts only authenticated and encrypted v3 Sets, Gets, and Get-Nexts. You can configure different levels of SNMP security by entering snmp security followed by the command parameter for the desired security level.
Page 135: Working With Snmp Traps
Using SNMP Working with SNMP Traps The SNMP agent in the switch has the ability to send traps to the management station. It is not required that the management station request them. Traps are messages alerting the SNMP manager to a condition on the network.
Page 136: Authentication Trap
Working with SNMP Traps Authentication Trap The authentication trap is sent when an SNMP authentication failure is detected. This trap is a signal to the management station that the switch received a message from an unauthorized protocol entity. This normally means that a network entity attempted an operation on the switch for which it had insufficient authorization.
Page 137: Snmp Mib Information
Using SNMP SNMP MIB Information MIB Tables You can display MIB tables and their corresponding command families by using the family command. The MIB table identifies the MIP identification number, the MIB table name and the command family. If a command family is not valid for the entire MIB table, the command family will be displayed on a per-object basis.
Page 138: Industry Standard Mibs
SNMP MIB Information Industry Standard MIBs The following table lists the supported industry standard MIBs. MIB Name Description BGP4-MIB, RFC 1657 Definitions of Managed Objects for the Fourth Version of the Border Gateway Protocol (BGP-4) by using SMIv2. BRIDGE-MIB, The Bridge MIB for managing MAC bridges based on RFC 1493 the IEEE 802.1D standard between Local Area Net- work (LAN) segments.
Page 139 Using SNMP MIB Name Description IEEE8021-PAE-MIB This MIB modules defines 802.1X ports used for port- based access control. IF-MIB, RFC 2863 The Interfaces Group MIB. Contains generic information about the physical interfaces of the entity. IGMP-STD-MIB, Internet Group Management Protocol MIB. RFC 2933 INET-ADDRESS-MIB, Textual Conventions for Internet Network Addresses.
Page 140 SNMP MIB Information MIB Name Description Novell RIPSAP MIB This MIB defines the management information for the Routing Information Protocol (RIP) and Service Advertising Protocol (SAP) protocols running in a Novell Internetwork Packet Exchange (IPX) protocol environment. It provides information in addition to that contained in the IPX MIB itself.
Page 141 Using SNMP MIB Name Description SNMP-FRAMEWORK An Architecture for Describing SNMP Management MIB, RFC 2571 Frameworks. SNMP-MPD-MIB, Message Processing And Dispatching For The Simple RFC 2572 Network Management Protocol (SNMP). SNMP-NOTIFICATION SNMP Applications, Notifications SNMP Entity MIB, RFC 2573 Remote Configuration. SNMP-PROXY-MIB, SNMP Applications, Proxy SNMP Entity Remote RFC 2573...
Page 142 SNMP MIB Information MIB Name Description TUNNEL-MIB, IP Tunnel MIB RFC 2667 UDP-MIB, RFC 2013 SNMPv2 Management Information Base for the User Datagram Protocol by using SMIv2. VRRP-MIB, RFC 2787 Definitions of Managed Objects for the Virtual Router Redundancy Protocol (VRRP). page 3-56 OmniSwitch AOS Release 6 Switch Management Guide Using SNMP...
Page 143: Enterprise (Proprietary) Mibs
Definitions of managed objects for the Authentication, AAA-MIB Authorization, and Accounting (AAA) subsystem. ALCATEL-IND1-BASE This module provides base definitions for modules developed to manage Alcatel-Lucent Internetworking networking infrastructure products. ALCATEL-IND1- Definitions of managed objects for the Border Gate- BGP-MIB way Protocol (BGP) subsystem.
Page 144 SNMP MIB Information MIB Name Description ALCATEL-IND1-IGMP- Definitions of managed objects for the IPv4 Multicast MIB. ALCATEL-IND1- Definitions of managed objects for the Interswitch INTERSWITCH- Protocol (i.e., GMAP, XMAP) subsystem. PROTOCOL-MIB ALCATEL-IND1- Definitions of managed objects for the IP Stack sub- IP-MIB system.
Page 145 Using SNMP MIB Name Description ALCATEL-IND1- Definitions of managed objects for the Source Learn- MAC-ADDRESS-MIB ing MAC Address subsystem. ALCATEL-IND1- Definitions of managed objects for the Chassis Super- MAC-SERVER-MIB vision MAC Server subsystem. ALCATEL-IND1- Definitions of the Multicast Listener Discovery MLD-MIB (MLD) subsystem.
Page 146 SNMP MIB Information MIB Name Description ALCATEL-IND1- Definitions of managed objects for the Port Mirroring PORT-MIRRORING- and Monitoring subsystem. MONITORING-MIB ALCATEL-IND1- Definitions of managed objects for the Quality of Ser- QOS-MIB vice (QoS) subsystem. ALCATEL-IND1- Definitions of managed objects for the Router Discov- RDP-MIB ery Protocol (RDP) subsystem.
Page 147 Using SNMP MIB Name Description ALCATEL-IND1-VRRP- Definitions of managed objects for the Virtual Router Redundancy Protocol (VRRP) subsystem. ALCATEL-IND1- Definitions of managed objects for the Virtual Router VRRP3-MIB Redundancy Protocol 3 (VRRP3) subsystem. ALCATEL-IND1-WEB- Definitions of managed objects for the Web Based MGT-MIB Management subsystem.
Page 148: Verifying The Snmp Configuration
Verifying the SNMP Configuration Verifying the SNMP Configuration To display information about SNMP management stations, trap management, community strings, and security, use the show commands listed in the following table. show snmp station show snmp community map show snmp security show snmp statistics show snmp mib family show snmp trap replay...
Page 149: In This Chapter
4 Configuring Network Time Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source, such as a radio or satellite receiver. It provides client time accuracies within a millisecond on LANs, and up to a few tens of milliseconds on WANs relative to a primary server synchronized to Universal Coordinated Time (UTC) (via a Global Positioning Service receiver, for exam- ple).
Page 150: Chapter 4 Configuring Network Time Protocol (Ntp)
NTP Specifications NTP Specifications RFCs supported Platforms Supported Maximum number of NTP servers per client 3 NTP Defaults Table The following table shows the default settings of the configurable NTP parameters: NTP Defaults Parameter Description Specifies an NTP server from which this switch will receive updates Used to activate client Used to activate NTP client...
Page 151: Ntp Quick Steps
Configuring Network Time Protocol (NTP) NTP Quick Steps The following steps are designed to show the user the necessary commands to set up NTP on an OmniSwitch: Designate an NTP server for the switch using the switch with its NTP time information. For example: ->...
Page 152 NTP Quick Steps You can check the client configuration using the -> show ntp client Current time: Last NTP update: Client mode: Broadcast client mode: Broadcast delay (microseconds): page 4-4 Configuring Network Time Protocol (NTP) show ntp status command, as shown: THU SEP 15 2005 17:44:54 (UTC) THU SEP 15 2005 17:30:54 enabled...
Page 153: Ntp Overview
Configuring Network Time Protocol (NTP) NTP Overview Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source, such as a radio or satellite receiver. It provides client time accuracies within a millisecond on LANs, and up to a few tens of milliseconds on WANs relative to a primary server synchronized to Universal Coordinated Time (UTC) (via a Global Positioning Service receiver, for exam- ple).
Page 154: Stratum
NTP Overview Stratum Stratum is the term used to define the relative proximity of a node in a network to a time source (such as a radio clock). Stratum 1 is the server connected to the time source itself. (In most cases the time source and the stratum 1 server are in the same physical location.) An NTP client or server connected to a stratum 1 source would be stratum 2.
Page 155 Configuring Network Time Protocol (NTP) Examples of these are shown in the simple network diagram below: Servers Server/Clients Clients Servers 1a and 1b receive time information from, or synchronize with, a UTC time source such as a radio clock. (In most cases, these servers would not be connected to the same UTC source, though it is shown this way for simplicity.) Servers 1a and 1b become stratum 1 NTP servers and are peered with each other, allowing them to check UTC time information against each other.
Page 156: Authentication
NTP Overview • Peer associations should only be configured between servers at the same stratum level. Higher Strata should configure lower Strata, not the reverse. • It is inadvisable to configure time servers in a domain to a single time source. Doing so invites common points of failure.
Page 157: Configuring Ntp
Configuring Network Time Protocol (NTP) Configuring NTP The following sections detail the various commands used to configure and view the NTP client software in an OmniSwitch. Configuring the OmniSwitch as a Client The NTP software is disabled on the switch by default. To activate the switch as an NTP client, enter the ntp client command as shown: ->...
Page 158: Ntp Servers
Configuring NTP NTP Servers An NTP client needs to receive NTP updates from an NTP server. Each client must have at least one server with which it synchronizes (unless it is operating in broadcast mode). There are also adjustable server options. Designating an NTP Server To configure an NTP client to receive updates from an NTP server, enter the the server IP address or domain name, as shown:...
Page 159 Configuring Network Time Protocol (NTP) Setting the Version Number There are currently four versions of NTP available (numbered one through four). The version that the NTP server uses must be specified on the client side. To specify the NTP version on the server from which the switch receives updates, use the command with the server IP address (or domain name), version keyword, and version number, as shown: ->...
Page 160: Using Authentication
Configuring NTP Using Authentication Authentication is used to encrypt the NTP messages sent between the client and server. The NTP server and the NTP client must both have a text file containing the public and secret keys. (This file should be obtained from the server administrator.
Page 161 Configuring Network Time Protocol (NTP) A file similar to ntpkey_MD5key_moe.3449863517 should be listed. Rename or copy the file to ntp.keys. Transfer the ntp.keys file using FTP, to the /flash/network/ directory on the OmniSwitch. To load the file into the switch memory issue the command ->...
Page 162: Verifying Ntp Configuration
Verifying NTP Configuration Verifying NTP Configuration To display information about the NTP client, use the show commands listed in the following table: show ntp status show ntp server client-list show ntp client server-list show ntp keys For more information about the resulting displays from these commands, see the “NTP Commands” chap- ter in the OmniSwitch CLI Reference Guide.
Page 163: Chapter 5 Managing Cmm Directory Content
The CMM (Chassis Management Module) software runs the OmniSwitch Series switches. Each OmniSwitch chassis can run with two CMMs to provide redundancy also full traffic throughput; one CMM is designated as the primary CMM, and the other is designated as the secondary CMM. One CMM or the other runs the switch, or both at the same time to provide full traffic throughput.The directory struc- ture of the CMM software is designed to prevent corrupting or losing switch files.
Page 164: Cmm Specifications
CMM Specifications CMM Specifications Size of Flash Memory Size of RAM Memory Maximum Length of File Names Maximum Length of Directory Names Default Boot Directory page 5-2 64 Megabytes (OmniSwitch 6850) 128 Megabytes (OmniSwitch 6400, 6855,9000, and 9000E) 256 Megabytes 32 Characters 32 Characters Certified...
Page 165: Cmm Files
The management of a stack or single switch is controlled by three types of files: • Image files, which are proprietary code developed by Alcatel-Lucent to run the hardware. These files are not configurable by the user, but may be upgraded from one release to the next. These files are also known as archive files as they are really the repository of several smaller files grouped together under a common heading.
Page 166: Where Is The Switch Running From?
CMM Files Where is the Switch Running From? When a switch has booted and is running, the software used will come either from the certified directory or the working directory. In most instances, the switch boots from the certified directory. (A switch can be specifically booted from the working directory by using the reload working config command described in “Rebooting from the Working Directory”...
Page 167: Software Rollback Configuration Scenarios For A Single Switch
Managing CMM Directory Content Software Rollback Configuration Scenarios for a Single Switch The examples below illustrate a few likely scenarios and explain how the running configuration, working directory, and certified directory interoperate to facilitate the software rollback on a single switch. Note.
Page 168 CMM Files Scenario 2: Running Configuration Saved to Working Directory The network administrator recreates Switch X’s running configuration and immediately saves the running configuration to the working directory. In another mishap, the power to the switch is again interrupted. The switch reboots from certified direc- tory, overwrites all of the changes in the running configuration, and rolls back to the certified directory (which in this case is the factory settings).
Page 169 Managing CMM Directory Content Scenario 3: Saving the Working Directory to the Certified Directory After running the modified configuration settings and checking that there are no problems, the network administrator decides that the modified configuration settings (stored in the working directory) are completely reliable.
Page 170 Scenario 4: Rollback to Previous Version of Switch Software Later that year, an upgraded image file is released from Alcatel-Lucent. The network administrator loads the new file via FTP to the working directory of the switch and reboots the switch from the working direc- tory.
Page 171: Redundancy
Managing CMM Directory Content Redundancy CMM software redundancy is one of the switch’s most important fail over features. For CMM software redundancy, at least two fully-operational OmniSwitch Stackable Series switches must be linked together as a stack or two fully-operational CMM modules must be installed in the chassis at all times. In addition, the CMM software must be synchronized.
Page 172 CMM Files This process occurs automatically when the switch boots. The working and certified directory relationship described above in “Software Rollback Feature” on page 5-4 Generally speaking, the switch assigned the lowest stack number is the primary CMM switch; the switch with the next lowest stack number is the secondary CMM switch, and all other switches are idle.
Page 173 Managing CMM Directory Content Scenario 3: Synchronizing Switches in a Stack When changes have been made to the primary CMM switch certified directory, these changes need to be propagated to the other switches in the stack. This could be done by completely rebooting the stack. However, a loss of switch functionality is to be avoided, a The following diagram illustrates the process that occurs when using a copy flash-synchro command.
Page 174 CMM Files Scenario 4: Adding a New Switch to a Stack Since the OmniSwitch Stackable Series switches are designed to be expandable, it is very likely that new switches will be added to stacks. The stack automatically detects new switches added to the stack, and new switches can pass traffic without a complete reboot of the stack.
Page 175: Managing The Directory Structure (Non-Redundant)
Managing CMM Directory Content Managing the Directory Structure (Non-Redundant) The following sections define commands that allow the user to manipulate the files in the directory struc- ture of a single CMM in an OmniSwitch Chassis-based switch or of a single OmniSwitch Stackable Series switch.
Page 176 Managing the Directory Structure (Non-Redundant) To reboot the switch from the certified directory, enter the -> reload This command loads the image and configuration files in the certified directory into the RAM memory. These files control the operation of the switch. Note.
Page 177: Copying The Running Configuration To The Working Directory
Managing CMM Directory Content Copying the Running Configuration to the Working Directory Once the switch has booted and is running, a user can modify various parameters of switch functionality. These changes are stored temporarily in the running configuration in the RAM of the switch. In order to save these changes, the running configuration must be saved to the working directory as shown: Working Primary CMM...
Page 178 Managing the Directory Structure (Non-Redundant) To save the running configuration to the working directory, enter the prompt, as shown: -> copy running-config working -> write memory The above commands perform the same function. When these commands are issued the running configura- tion with all modifications made is saved to a file called boot.cfg in the working directory.
Page 179: Rebooting From The Working Directory
Managing CMM Directory Content Rebooting from the Working Directory Besides a regular boot of the switch (from the certified directory), you can also force the switch to boot from the working directory. This is useful for checking whether a new configuration or image file will boot the switch correctly, before committing it to the certified directory.
Page 180 Managing the Directory Structure (Non-Redundant) Note. If the switch is rebooted before using the running from the certified directory as the working and certified directories are not the same. This behav- ior is described in “Where is the Switch Running From?” on page To reboot the switch from the working directory, enter the following command at the prompt, along with a timeout period (in minutes), as shown: ->...
Page 181 Managing CMM Directory Content Cancelling a Rollback Timeout To cancel a rollback time-out, enter the reload cancel command as shown: -> reload primary cancel -> reload cancel reload working command is described in detail in the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 6 Switch Management Guide Managing the Directory Structure (Non-Redundant) September 2009...
Page 182: Copying The Working Directory To The Certified Directory
Managing the Directory Structure (Non-Redundant) Copying the Working Directory to the Certified Directory When the running configuration is saved to the working directory, the switch’s working and certified directories are now different. This difference, if the CMM reboots, causes the switch to boot and run from the certified directory.
Page 183: Copying The Certified Directory To The Working Directory
Managing CMM Directory Content When the software on the working directory of a switch has proven to be effective and reliable, eventu- ally the contents of the working directory should be copied into the certified directory. To copy the contents of the working directory to the certified directory, enter the following command at the prompt: ->...
Page 184: Show Currently Used Configuration
Managing the Directory Structure (Non-Redundant) Show Currently Used Configuration When a switch is booted, the certified and working directories are compared. If they are the same, the switch runs from the working directory. If they are different, the switch runs from the certified directory. A switch running from the certified directory cannot modify directory contents.
Page 185: Show Switch Files
Managing CMM Directory Content Show Switch Files The files currently installed on a switch can be viewed using the command displays the files currently in the specified directory. To display files on a switch, enter the show microcode command with a directory, as shown: ->...
Page 186: Managing Redundancy In A Stack And Cmm
Managing Redundancy in a Stack and CMM Managing Redundancy in a Stack and CMM The following section describe circumstances that the user should be aware of when managing the CMM directory structure on a switch with redundant CMMs. It also includes descriptions of the CLI commands designed to synchronize software between the primary and secondary CMMs.
Page 187: Copying The Working Directory To The Certified Directory
Managing CMM Directory Content Synchronizing the primary and secondary CMMs is done using the described in “Synchronizing the Primary and Secondary CMMs” on page Note. If a switch fails over to the secondary CMM, it is necessary to have a management interface connec- tion to the secondary CMM (such as an Ethernet port or a console port).
Page 188: Synchronizing The Primary And Secondary Cmms
Managing Redundancy in a Stack and CMM Synchronizing the Primary and Secondary CMMs If you have a secondary CMM in your switch, it will be necessary to synchronize the software between the primary and secondary CMMs. If the primary CMM goes down (for example, during a reboot), then the switch fails over to the secondary CMM.
Page 189: Cmm Switching Fabric
Managing CMM Directory Content To synchronize the secondary CMM to the primary CMM, enter the following command at the prompt: -> copy flash-synchro copy flash-synchro command is described in detail in the OmniSwitch CLI Reference Guide. Note. When synchronizing the primary and secondary CMMs, it is important to remember that the boot.params file and the switch date and time are not automatically synchronized.
Page 190: Swapping The Primary Cmm For The Secondary Cmm
Managing Redundancy in a Stack and CMM Swapping the Primary CMM for the Secondary CMM If the primary CMM is having problems, or if it needs to be shut down, then the secondary CMM can be instructed to “take over” the switch operation as the primary CMM is shut down. Note.
Page 191: Show Currently Used Configuration
Managing CMM Directory Content Show Currently Used Configuration In a chassis with a redundant CMM, the display for the currently running configuration tells the user if the primary and secondary CMMs are synchronized. To check the directory from where the switch is currently running and if the primary and secondary CMMs are synchronized, enter the following command on a stack: ->...
Page 192: Emergency Restore Of The Boot.cfg File
Emergency Restore of the boot.cfg File Emergency Restore of the boot.cfg File If all copies of the boot.cfg file have been deleted and a system boot has occurred, network configuration information is permanently lost. However, if the files have been deleted and no boot has occurred you can issue a write memory command to regenerate the boot.cfg file.
Page 193: Displaying Cmm Conditions
Managing CMM Directory Content Displaying CMM Conditions To show various CMM conditions, such as where the switch is running from and which files are installed, use the following CLI show commands: show running-directory show reload show microcode show microcode history For more information on the resulting displays from these commands, see the OmniSwitch CLI Reference Guide.
Page 194 Displaying CMM Conditions Managing CMM Directory Content page 5-32 OmniSwitch AOS Release 6 Switch Management Guide September 2009...
Page 195: Chapter 6 Using The Cli
Alcatel-Lucent’s Command Line Interface (CLI) is a text-based configuration interface that allows you to configure switch applications and to view switch statistics. Each CLI command applicable to the switch is defined in the OmniSwitch CLI Reference Guide. All command descriptions listed in the Reference Guide include command syntax definitions, defaults, usage guidelines, example screen output, and release history.
Page 196: Cli Specifications
Once you enter a command mode, you must step your way back to the top of the hierarchy before you can enter a command in a different mode. The Alcatel-Lucent switch will answer any CLI command at any time because there is no hierarchy.
Page 197: Offline Configuration Using Configuration Files
Using the CLI Offline Configuration Using Configuration Files CLI configuration commands can be typed into a generic text file. When the text file is placed in the switch /flash/working directory, its commands are applied to the switch when the command is issued. Files used in this manner are called configuration files. A configuration file can be viewed or edited offline using a standard text editor.
Page 198: Using "Show" Commands
Command Entry Rules and Syntax Using “Show” Commands The CLI contains show commands that allow you to view configuration and switch status on your console screen. The show syntax is used with other command keywords to display information pertaining to those keywords.
Page 199: Partial Keyword Completion
Using the CLI Partial Keyword Completion The CLI has a partial keyword recognition feature that allows the switch to recognize partial keywords to CLI command syntax. Instead of typing the entire keyword, you may type only as many characters as is necessary to uniquely identify the keyword, then press the Tab key.
Page 200 Command Help The following table contains the first-level commands and their set names as they are listed on the display screen when you enter a single question mark and press Enter. Command Set Name System Service & File Management CMM Chassis Supervision COPY, WRITE, POWER, TEMP-THRESHOLD, TAKEOVER, Source Learning Spanning Tree VLAN...
Page 201: Tutorial For Building A Command Using Help
Using the CLI Tutorial for Building a Command Using Help The Help feature allows you to figure out syntax for a CLI command by using a series of command line inquiries together with some educated guesses. If you do not know the correct CLI command you can use the Help feature to determine the syntax.
Page 202 Command Help At the command prompt, enter name followed by a space and a question mark. This step will either give you more choices or an error message. -> vlan 33 name ? <hex> <"string"> <string> (Vlan Manager Command Set) There is a smaller set of keywords available for use with the vlan 33 name syntax.
Page 203: Cli Services
Using the CLI CLI Services There are several services built into the CLI that help you use the interface. The Command Line Editing service makes it easy for you to enter and edit repetitive commands. Other CLI services, such as syntax checking, command help, prefix prompt, and history assist you in selecting and using the correct command syntax for the task you are performing.
Page 204: Recalling The Previous Command Line
CLI Services Recalling the Previous Command Line To recall the last command executed by the switch, press either the Up Arrow key or the command at the prompt and the previous command will display on your screen. You can execute the command again by pressing Enter or you can edit it first by deleting or inserting characters.
Page 205: Syntax Checking
Using the CLI Syntax Checking If you make a mistake while entering command syntax, the CLI gives you clues about how to correct your error. Whenever you enter an invalid command, two indicators are displayed. • The Error message tells you what the error is. •...
Page 206: Example For Using Prefix Recognition
CLI Services Example for Using Prefix Recognition This example shows how the Prefix Recognition feature is used for entering multiple commands that have the same prefix. This table lists the tasks to be accomplished in this example and the CLI syntax required for each task.
Page 207: Prefix Prompt
Using the CLI Prefix Prompt You may set the CLI so that your screen prompt displays the stored prefix. To display the stored prefix as part of the screen prompt for the VLAN example above, enter the follows: -> prompt prefix The following will display: ->...
Page 208 CLI Services You can recall commands shown in the history list by using the exclamation point character (!) also called “bang”. To recall the command shown in the history list at number 4, enter !4 (bang, 4). The CLI will respond by printing the number four command at the prompt.
Page 209: Logging Cli Commands And Entry Results
Using the CLI Logging CLI Commands and Entry Results The switch provides command logging via the record up to 100 of the most recent commands entered via Telnet, Secure Shell, and console sessions. In addition to a list of commands entered, the results of each command entry are recorded. Results include information such as whether a command was executed successfully, or whether a syntax or configuration error occurred.
Page 210: Viewing The Current Command Logging Status
Logging CLI Commands and Entry Results Viewing the Current Command Logging Status As mentioned above, the command logging feature is disabled by default. To view whether the feature is currently enabled or disabled on the switch, use the -> show command-log status CLI command logging: Enable In this case, the feature has been enabled by the user via the command-log command.
Page 211: Customizing The Screen Display
Using the CLI Customizing the Screen Display The CLI has several commands that allow you to customize the way switch information is displayed to your screen. You can make the screen display smaller or larger. You can also adjust the size of the table displays and the number of lines shown on the screen.
Page 212: Displaying Table Information
Customizing the Screen Display Displaying Table Information The amount of information displayed on your console screen can be extensive, especially for certain show commands. By default, the CLI will immediately scroll all information to the screen. The more mode can be used to limit the number of lines displayed to your screen.
Page 213: Filtering Table Information
Using the CLI Filtering Table Information The CLI allows you to define filters for displaying table information. This is useful in cases where a vast amount of display data exists but you are interested in only a small subset of that data. Commands show- ing routing tables are a good example for when you might want to filter information.
Page 214: Multiple User Sessions
Multiple User Sessions Multiple User Sessions Several CLI commands give you information about user sessions that are currently operating on the OmniSwitch, including your own session. These commands allow you to list the number and types of sessions that are currently running on the switch. You can also terminate another session, provided you have administrative privileges.
Page 215: Listing Your Current Login Session
Using the CLI Listing Your Current Login Session In order to list information about your current login session, you may either use the who command and identify your login by your IP address or you may enter the whoami command. The following will display: ->...
Page 216: Terminating Another Session
Multiple User Sessions Possible values for command domains and families are listed here: domain domain-admin domain-system domain-physical domain-network domain-layer2 domain-service domain-policy domain-security domain-mpls Terminating Another Session If you are logged in with administrative privileges, you can terminate the session of another user by using the kill command.
Page 217: Application Example
Using the CLI Application Example Using a Wildcard to Filter Table Information The wildcard character allows you to substitute the asterisk (*) character for text patterns while using the filter mode. Note. You must type the wildcard character in front of and after the filter text pattern unless the text pattern appears alone on a table row.
Page 218: Verifying Cli Usage
More? [next screen <sp>*, next line <cr>*, filter pattern </>*, quit <q>] The screen displays 10 table rows, each of which contain the text pattern “vlan” Alcatel-Lucent’s CLI uses a single level command hierarchy. (The screen rows shown above and below the table are not counted as part of the 10 rows.) If you want to display the rows one line at a time, press Enter instead of the space bar...
Page 219: Chapter 7 Working With Configuration Files
Commands and settings needed for the OmniSwitch can be contained in an ASCII-based configuration text file. Configuration files can be created in several ways and are useful in network environments where multiple switches must be managed and monitored. This chapter describes how configuration files are created, how they are applied to the switch, and how they can be used to enhance OmniSwitch usability.
Page 220: Configuration File Specifications
Configuration File Specifications Configuration File Specifications The following table lists specifications applicable to Configuration Files. Creation Methods for Configuration Files Timer Functions Command Capture Feature Error Reporting Text Editing on the Switch Tutorial for Creating a Configuration File This example creates a configuration file that includes CLI commands to configure the DHCP Relay appli- cation on the switch.
Page 221 Working With Configuration Files Use the show configuration status applied to the switch. The display is similar to the one shown here: -> show configuration status File configuration <dhcp_relay.txt>: completed with no errors File configuration: none scheduled Running configuration and saved configuration are different Note.
Page 222: Quick Steps For Applying Configuration Files
Quick Steps for Applying Configuration Files Quick Steps for Applying Configuration Files Setting a File for Immediate Application In this example, the configuration file configfile_1 exists on the switch in the /flash directory. When these steps are followed, the file will be immediately applied to the switch. Verify that there are no timer sessions pending on the switch.
Page 223: Setting An Application Session For A Specified Time Period
Working With Configuration Files Note. Optional. To verify that the switch received this show configuration status command. The display is similar to the one shown here. -> show configuration status File configuration </flash/working/bncom_cfg.txt>: scheduled at 07/04/02 09:00 For more information about this display see “Configuration File Manager Commands” in the OmniSwitch CLI Reference Guide.
Page 224: Configuration Files Overview
Configuration Files Overview Configuration Files Overview Instead of using CLI commands entered at a workstation, you can configure the switch using an ASCII- based text file. You may type CLI commands directly into a text document to create a configuration file that will reside in your switch’s /flash directory.
Page 225: Cancelling A Timed Session
Working With Configuration Files Cancelling a Timed Session You may cancel a pending timed session by using the your timer session has been cancelled, use the display. -> configuration cancel -> show configuration status File configuration: none scheduled For more details about the CLI commands used to apply configuration files or to use timer sessions, refer to “Configuration File Manager Commands”...
Page 226: Setting The Error File Limit
Configuration Files Overview Setting the Error File Limit The number of files ending with the .err extension present in the switch’s /flash directory is set with the configuration error-file limit directory. Once the error file limit has been reached, the next error file generated will cause the error file with the oldest time stamp to be deleted.
Page 227: Displaying A Text File
Working With Configuration Files Verbose Mode Syntax Checking When verbose is specified in the command line, all syntax contained in the configuration file is printed to the console, even if no error is detected. (When verbose is not specified in the command line, cursory information—number of errors and error log file name—will be printed to the console only if a syntax or configuration error is detected.) To specify verbose mode, enter the verbose keyword at the end of the command line.
Page 228: Creating Snapshot Configuration Files
Creating Snapshot Configuration Files Creating Snapshot Configuration Files You can generate a list of configurations currently running on the switch by using the snapshot command. A snapshot is a text file that lists commands issued to the switch during the current login session.
Page 229: User-Defined Naming Options
Working With Configuration Files User-Defined Naming Options When the snapshot syntax does not include a file name, the snapshot file is created using the default file name asc.n.snap. Here, the n character holds the place of a number indicating the order in which the snapshot file name is generated.
Page 230 Creating Snapshot Configuration Files Example Snapshot File Text The following is the text of a sample snapshot file created with the !========================================! ! File: asc.1.snap !========================================! ! Chassis : system name FujiCmm mac alloc 91 0 1 00:d0:95:6b:09:41 ! Configuration: ! VLAN : ! VLAN SL: ! IP :...
Page 231 Working With Configuration Files ! Lan Power : ! NTP : ! RDP : This file shows configuration settings for the Chassis, IP, AAA, SNMP, IP route manager, Spanning tree, and Bridging services. Each of these services have configuration commands listed under their heading. All other switch services and applications are either not being using or are using default settings.
Page 232: Verifying File Configuration
Verifying File Configuration Verifying File Configuration You can verify the content and the status of the switch’s configuration files with commands listed in the following table. show configuration status show configuration snapshot write terminal page 7-14 Displays whether there is a pending timer session scheduled for a con- figuration file and indicates whether the running configuration and the saved configuration files are identical or different.
Page 233: In This Chapter
8 Managing Switch User Switch user accounts may be set up locally on the switch for users to log into and manage the switch. The accounts specify login information (combinations of usernames and passwords) and privilege or profile information depending on the type of user. The switch has several interfaces (console, Telnet, HTTP, FTP, Secure Shell, and SNMP) through which users may access the switch.
Page 234: User Database Specifications
User Database Specifications User Database Specifications Platforms Supported Maximum number of alphanumeric characters in a username Maximum number of alphanumeric characters in a user password Maximum number of alphanumeric characters in an end-user profile name Maximum number of user accounts Maximum number of end-user profiles User Account Defaults •...
Page 235 Managing Switch User Accounts • Global user account lockout defaults are as follows: Parameter Description Length of time during which failed login attempts are counted. Length of time a user account remains locked out of the switch before the account is automatically unlocked.
Page 236: Overview Of User Accounts
Overview of User Accounts Overview of User Accounts A user account includes a login name, password, and user privileges. The account also includes privilege or profile information, depending on the type of user account. There are two types of accounts: network administrator accounts and end-user or customer login accounts.
Page 237: Startup Defaults
Managing Switch User Accounts • Secure Shell—Any standard Secure Shell client may be used for logging into the switch. • SNMP—Any standard SNMP browser may be used for logging into the switch. For more information about connecting to the switch through one of these methods, see “Logging Into the Switch,”and the appropriate Getting Started Guide.
Page 238: Quick Steps For Network Administrator User Accounts
Overview of User Accounts Quick Steps for Network Administrator User Accounts Configure the user with the relevant username and password. For example, to create a user called thomas with a password of techpubs, enter the following: -> user thomas password techpubs For information about creating a user and setting up a password, see Configure the user privileges (and SNMP access) if the user should have privileges that are different than those set up for the default user account.
Page 239: Quick Steps For Creating Customer Login User Accounts
Managing Switch User Accounts Quick Steps for Creating Customer Login User Accounts Set up a user profile through the Profile1 that specifies read-write access to the physical and basic-ip-routing command areas: -> end-user profile Profile1 read-write physical basic-ip-routing Specify ports to which the profile will allow access. In this example, Profile1 will be configured with access to ports on slot 1 and slot 2.
Page 240: Default User Settings
Overview of User Accounts Default User Settings The default user account on the switch is used for storing new user defaults for privileges and profile information. This account does not include a password and cannot be used to log into the switch. At the first switch startup, the default user account is configured for: •...
Page 241: How User Settings Are Saved
Managing Switch User Accounts How User Settings Are Saved Unlike other settings on the switch, user settings configured through the are saved to the switch configuration automatically. These settings are saved in real time in the local user database. At bootup, the switch reads the database file for user information (rather than the boot.cfg file). The memory, copy running-config user or password settings over a reboot.
Page 242: Creating A User
Creating a User Creating a User To create a new user, enter the keyword. For example: -> user thomas password techpubs In this example, a user account with a user name of thomas and a password of techpubs is stored in the local user database.
Page 243 Managing Switch User Accounts Enter the desired password. The system then displays a prompt to verify the password. -> password enter old password:******** enter new password: ********* reenter new password: Enter the password again. -> password enter old password:******** enter new password: ********* reenter new password: ********* ->...
Page 244: Configuring Password Policy Settings
Configuring Password Policy Settings Configuring Password Policy Settings The global password policy settings for the switch define the following requirements that are applied to all user accounts: • Minimum password size. • Whether or not the password can contain the username. •...
Page 245: Configuring Password Character Requirements
Managing Switch User Accounts Configuring Password Character Requirements The character requirements specified in the global password policy determine the minimum number of uppercase, lowercase, non-alphanumeric, and 10-base digit characters required in all passwords. These requirements are configured using the following user password-policy commands: Command user password-policy min-uppercase user password-policy min-lowercase...
Page 246: Specific User Password Expiration
Configuring Password Policy Settings Specific User Password Expiration To set password expiration for an individual user, use the the desired number of days or an expiration date. For example: -> user bert password techpubs expiration 5 This command gives user bert a password expiration of five days. To set a specific date for password expiration, include the date in mm/dd/yyyy hh:mm format.
Page 247: Configuring Global User Lockout Settings
Managing Switch User Accounts Configuring Global User Lockout Settings The following user lockout settings configured for the switch apply to all user accounts: • Lockout window—the length of time a failed login attempt is aged before it is no longer counted as a failed attempt.
Page 248: Configuring The User Lockout Duration Time
Configuring Global User Lockout Settings By default, the lockout threshold number is set to 0; this means that there is no limit to the number of failed login attempts allowed, even if a lockout window time period exists. To configure a lockout thresh- old number, use the user lockout-threshold ->...
Page 249: Configuring Privileges For A User
Managing Switch User Accounts Configuring Privileges for a User To configure privileges for a user, enter the the desired CLI command domain names or command family names. The read-only option provides access to show commands; the read-write option provides access to configuration commands and show commands.
Page 250: Setting Up Snmp Access For A User Account
Setting Up SNMP Access for a User Account Setting Up SNMP Access for a User Account By default, users can access the switch based on the SNMP setting specified for the default user account. user command, however, may be used to configure SNMP access for a particular user. SNMP access may be configured without authentication and encryption required (supported by SNMPv1, SNMPv2, or SNMPv3).
Page 251: Snmp Access With Authentication/Encryption
Managing Switch User Accounts For this user, if the SNMP community map mode is enabled (the default), the SNMP community map must include a mapping for this user to a community string. In this example, the community string is our_group: ->...
Page 252: Setting Up End-User Profiles
Setting Up End-User Profiles Setting Up End-User Profiles End-user profiles are designed for user accounts in the carrier market. With end-user profiles, a network administrator can configure customer login accounts that restrict users to particular command areas over particular ports and/or VLANs. End-user profiles are only managed and stored on the switch;...
Page 253: Creating End-User Profiles
Managing Switch User Accounts Creating End-User Profiles To set up an end-user profile, use the read-only or read-write access to particular command areas. The profile can also specify port ranges and/ or VLAN ranges. The port ranges and VLAN ranges must be configured on separate command lines and are discussed in the next sections.
Page 254: Associating A Profile With A User
Setting Up End-User Profiles Associating a Profile With a User To associate a profile with a user, enter the relevant profile name. For example: -> user Customer2 end-user profile Profile3 Profile3 is now associated with Customer2. When Customer2 logs into the switch, Customer2 will have access to command areas, port ranges, and VLAN ranges specified by Profile3.
Page 255: Verifying The User Configuration
Managing Switch User Accounts Verifying the User Configuration To display information about user accounts configured locally in the user database, use the show commands listed here: show user show user password-size show user password-expiration show user password-policy show user lockout-setting show end-user profile show aaa hic For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer-...
Page 256 Verifying the User Configuration Managing Switch User Accounts page 8-24 OmniSwitch AOS Release 6 Switch Management Guide September 2009...
Page 257: Chapter 9 Managing Switch Security
9 Managing Switch Security Switch security is provided on the switch for all available management interfaces (console, Telnet, HTTP, FTP, Secure Shell, and SNMP). The switch may be set up to allow or deny access through any of these interfaces. (Note that users attempting to access the switch must have a valid username and password.) In This Chapter This chapter describes how to set up switch management interfaces through the Command Line Interface (CLI).
Page 258: Switch Security Specifications
Switch Security Specifications Switch Security Specifications The following table describes the maximum number of sessions allowed on an OmniSwitch: Session Telnet (v4 or v6) FTP (v4 or v6) SSH + SFTP (v4 or v6 secure sessions) HTTP Total Sessions SNMP Switch Security Defaults Access to managing the switch is always available for the admin user through the console port, even if management access to the console port is disabled for other users.
Page 259: Switch Security Overview
Managing Switch Security Switch Security Overview Switch security features increase the security of the basic switch login process by allowing management only through particular interfaces for users with particular privileges. Login information and privileges may be stored on the switch and/or an external server, depending on the type of external server you are using and how you configure switch access.
Page 260: Authenticated Switch Access
Authenticated Switch Access Authenticated Switch Access Authenticated Switch Access (ASA) is a way of authenticating users who want to manage the switch. With authenticated access, all switch login attempts using the console or modem port, Telnet, FTP, SNMP, or HTTP require authentication via the local user database or via a third-party server. This section describes how to configure management interfaces for authenticated access as well as how to specify external servers that the switch can poll for login information.
Page 261: Interaction With The User Database
Managing Switch Security The following illustration shows the two different user types attempting to authenticate with an ACE/ Server: Network Administrator login request ACE/Server The switch polls the server for login information; privi- leges are stored on the switch. Authentication-Only Server (ACE/Server) Note.
Page 262: Configuring Authenticated Switch Access
Configuring Authenticated Switch Access Configuring Authenticated Switch Access Setting up Authenticated Switch Access involves the following general steps: Set Up the Authentication Servers. This procedure is described briefly in this chapter. See the “Managing Authentication Servers” chapter of the OmniSwitch AOS Release 6 Network Configuration Guide for complete details.
Page 263: Quick Steps For Setting Up Asa
Managing Switch Security Quick Steps for Setting Up ASA If the local user database is used for user login information, set up user accounts through the user command. User accounts may include user privileges or an end-user profile. In this example, user privi- leges are configured: ->...
Page 264 Quick Steps for Setting Up ASA The order of the server names is important here as well. In this example, the switch will use ldap2 for logging switch access sessions. If ldap2 becomes unavailable, the switch will use the local Switch Logging facility.
Page 265: Setting Up Management Interfaces For Asa
Managing Switch Security Setting Up Management Interfaces for ASA By default, authenticated access is available through the console port. Access through other management interfaces is disabled. Other management interfaces include Telnet, FTP, HTTP, Secure Shell, and SNMP. This chapter describes how to set up access for management interfaces. For more details about particular management interfaces and how they are used, see To give switch access to management interfaces, use the access to each interface type;...
Page 266: Enabling Switch Access
Setting Up Management Interfaces for ASA Enabling Switch Access Enter the aaa authentication command with the relevant keyword that indicates the management inter- face and specify the servers to be used for authentication. In this example, Telnet access for switch management is enabled.
Page 267: Using Secure Shell
Managing Switch Security In this scenario, SNMP access is not enabled because only RADIUS servers have been included in the default setting. If servers of different types are configured and include LDAP or local, SNMP will be enabled through those servers. For example: ->...
Page 268: Configuring Accounting For Asa
Configuring Accounting for ASA Configuring Accounting for ASA Accounting servers track network resources such as time, packets, bytes, etc., and user activity (when a user logs in and out, how many login attempts were made, session length, etc.). The accounting servers may be located anywhere in the network.
Page 269: Verifying The Asa Configuration
Managing Switch Security Verifying the ASA Configuration To display information about management interfaces used for Authenticated Switch Access, use the show commands listed here: show aaa authentication show aaa accounting aaa hic allowed-name For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer- ence Guide.
Page 270 Verifying the ASA Configuration Managing Switch Security page 9-14 OmniSwitch AOS Release 6 Switch Management Guide September 2009...
Page 271: Chapter 10 Using Webview
The switch can be monitored and configured using WebView, Alcatel-Lucent’s web-based device management tool. The WebView application is embedded in the switch and is accessible via the following web browsers: • IE6, IE7, FireFox 2, Firefox 3 for Windows NT, 2000, 2003, XP, Vista •...
Page 272: Webview Cli Defaults
WebView CLI Defaults WebView CLI Defaults Web Management Command Line Interface (CLI) commands allow you to enable/disable WebView, enable/disable Secure Socket Layer (SSL), and view basic WebView parameters. These configuration options are also available in WebView. The following table lists the defaults for WebView configuration through the http and https commands Description WebView Status...
Page 273: Webview Cli Commands
Using WebView WebView CLI Commands The following configuration options can be performed using the CLI. These configuration options are also available in WebView; but changing the web server port or secured port may only be done through the CLI (or SNMP). Enabling/Disabling WebView WebView is enabled on the switch by default.
Page 274: Changing The Https Port
WebView CLI Commands As an alternative you can use the https keyword instead of the http keyword to enable Force SSL. For example: -> https ssl When using this format of the command use the no https server command to disable Force SSL on the switch.
Page 275: Quick Steps For Setting Up Webview
Using WebView Quick Steps for Setting Up WebView Make sure you have an Ethernet connection to the switch. Configure switch management for HTTP using the the port type that you are authenticating (http), and the name of the LDAP, RADIUS, ACE, or local server that is being used for authentication.
Page 276: Banner
WebView Overview Configuration Group Toolbar Configuration Feature Banner The following features are available in the WebView Banner: • Options—Brings up the User Options Page, which is used to change the user login password. • Save Config—Brings up the Save Configuration Screen. Click Apply to save the switch’s running configuration for the next startup.
Page 277: Feature Options
Using WebView Feature Options Feature configuration options are displayed as drop-down menus at the top of each feature page. For more information on using the drop-down menus, see View/Configuration Area The View/Configuration area is where switch configuration information is displayed and where configura- tion pages appear.
Page 278: Accessing Webview
Configuring the Switch With WebView Configuring the Switch With WebView The following sections provide an overview of WebView functionality. For detailed configuration proce- dures, see other chapters in this guide, the OmniSwitch AOS Release 6 Network Configuration Guide, or the OmniSwitch AOS Release 6 Advanced Routing Configuration Guide. Accessing WebView WebView is accessed using any of the browsers listed on are stored on the switch.
Page 279: Accessing Webview With Internet Explorer Version 7
WebView browser window; or, • Follow the steps below to install the Alcatel-Lucent self-signed certificate in the Trusted Root Certifi- cation Authorities store. Doing so will clear the certificate error message.
Page 280: Home Page
Configuring the Switch With WebView Home Page The first page displayed for each feature is the Home Page (e.g., IP Home). The Home Page describes the feature and provides an overview of that feature’s current configuration. If applicable, home pages display the feature’s current configuration and can also be used to configure global parameters.
Page 281: Configuration Page
Using WebView Configuration Page Feature configuration options are displayed in the drop-down menus at the top of each page. The same menus are displayed on every configuration page within a feature. To configure a feature on the switch, select a configuration option from the drop down menu. There are two types of configuration pages in WebView—a Global configuration page and a Table configuration page.
Page 282: Table Configuration Page
Configuring the Switch With WebView Table Configuration Page Table configuration pages show current configurations in tabular form. Entries may be added, modified, or deleted. You can delete multiple entries, but you can only modify one entry at a time. Click to select item to modify or delete.
Page 283 Using WebView Modifying an Existing Entry To modify an existing entry: Click on the checkbox to the left of the entry on the Configuration page and click Modify. The Modify window appears (e.g., Modify IP Static Route). The current configuration is displayed in each field. Modify the applicable field(s), then click Apply.
Page 284: Table Features
Configuring the Switch With WebView Table Features Table Views Some table configuration pages can be expanded to view additional configuration information. If this option is available, a toggle switch appears at the bottom left corner of the table. To change views, click on the toggle switch (e.g., Expanded View).
Page 285 Using WebView Table Sorting Basic Sort Table entries can be sorted by column in ascending or descending order. Initially, tables are sorted on the first column in ascending order (the number 1 appears in the first column). To sort in descending order, click on the column heading.
Page 286 Configuring the Switch With WebView Sort on a different column. Advanced Sorting You can also customize a sort by defining primary and secondary sort criteria. To define primary and secondary column sorts, click on the “Sort” icon in the upper-right corner of the table (the column head- ings are highlighted).
Page 287 Using WebView Table Paging Certain potentially large tables (e.g., VLANs) have a paging feature that loads the table data in increments of 50 or 100 entries. If the table reaches this threshold, the first group of entries is displayed and a “Next” button appears at the bottom of the page.
Page 288: Adjacencies
Configuring the Switch With WebView Adjacencies WebView provides a graphical representation of all AMAP-supported Alcatel-Lucent switches and IP phones adjacent to the switch. The following information for each device is also listed: • IP address • MAC address • Remote slot/port By clicking on a device, the Web-based device manager (if available) is displayed for that device.
Page 289: Webview Help
Using WebView WebView Help A general help page for using WebView is available from the banner at the top of the page. In addition, on-line help is available on every WebView page. Each help page provides a description of the page and specific instructions for each configurable field.
Page 290 WebView Help page 10-20 OmniSwitch AOS Release 6 Switch Management Guide Using WebView September 2009...
Page 291: Alcatel-Lucent License Agreement
Licensee further acknowledges and agrees that all rights, title, and interest in and to the Licensed Materials are and shall remain with Alcatel-Lucent and its licen- sors and that no such right, license, or interest shall be asserted with respect to such copyrights and trade- marks.
Page 292 Period, a defect in the Licensed Files appears, Licensee may return the Licensed Files to Alcatel-Lucent for either replacement or, if so elected by Alcatel-Lucent, refund of amounts paid by Licensee under this License Agreement. EXCEPT FOR THE WARRANTIES SET FORTH ABOVE, THE LICENSED MATERIALS ARE LICENSED “AS IS”...
Page 293 14.Third Party Materials. Licensee is notified that the Licensed Files contain third party software and materials licensed to Alcatel-Lucent by certain third party licensors. Some third party licensors (e.g., Wind River and their licensors with respect to the Run-Time Module) are third part beneficiaries to this License Agreement with full rights of enforcement.
Page 294: Third Party Licenses And Notices
Alcatel-Lucent for a limited period of time. Alcatel-Lucent will provide a machine-readable copy of the applicable non-proprietary software to any requester for a cost of copying, shipping and handling.
Page 295: C. Linux
C. Linux Linux is written and distributed under the GNU General Public License which means that its source code is freely-distributed and available to the general public. D. GNU GENERAL PUBLIC LICENSE: Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 675 Mass Ave, Cambridge, MA 02139, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
Page 296 Third Party Licenses and Notices verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term “modification”.) Each licensee is addressed as “you”. Activities other than copying, distribution and modification are not covered by this License; they are outside its scope.
Page 297 b Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange;...
Page 298 Third Party Licenses and Notices consistent application of that system; it is up to the author/donor to decide if he or she is willing to distrib- ute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.
Page 299 Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program.
Page 300: E. University Of California
Third Party Licenses and Notices Material copyright Linux Online Inc. Design and compilation copyright (c)1994-2002 Linux Online Inc. Linux is a registered trademark of Linus Torvalds Tux the Penguin, featured in our logo, was created by Larry Ewing Consult our privacy statement URLWatch provided by URLWatch Services.
Page 301: H. Apptitude, Inc
Licensee, Licensee shall immediately return the EMWEB Product and any back-up copy to Alcatel- Lucent, and will certify to Alcatel-Lucent in writing that all EMWEB Product components and any copies of the software have been returned or erased by the memory of Licensee’s computer or made non-read- able.
Page 302: K. Sun Microsystems, Inc
Time Module other than in connection with operation of the product. In addition, please be advised that: (i) the Run-Time Module is licensed, not sold and that Alcatel-Lucent and its licensors retain ownership of all copies of the Run-Time Module; (ii) WIND RIVER DISCLAIMS ALL IMPLIED WARRANTIES,...
Page 303: N. Remote-Ni
N.Remote-ni Provided with this product is a file (part of GDB), the GNU debugger and is licensed from Free Software Foundation, Inc., whose copyright notice is as follows: Copyright (C) 1989, 1991, 1992 by Free Software Foundation, Inc. Licensee can redistribute this software and modify it under the terms of General Public License as published by Free Software Foundation Inc.
Page 304: Q. Boost C++ Libraries
Third Party Licenses and Notices Q.Boost C++ Libraries Provided with this product is free peer-reviewed portable C++ source libraries. Version 1.33.1 Copyright (C) by Beman Dawes, David Abrahams, 1998-2003. All rights reserved. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON- INFRINGEMENT.
Page 305: U. Curses
4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS “AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
Page 306: Y. Bitmap.c
Third Party Licenses and Notices This software is not subject to any license of Eindhoven University of Technology.Redistribution and use in source and binary forms are permitted only as authorized by the OpenLDAP Public License. This software is not subject to any license of Silicon Graphics Inc.or Purdue University. Redistribution and use in source and binary forms are permitted without restriction or fee of any kind as long as this notice is preserved.
Page 307 Index Symbols !! command 6-10 aaa authentication command 9-7, 9-8, 9-10, 10-5 aaa radius-server command accounting for Authenticated Switch Access 9-12 ACE/Servers application examples applying configuration files Authenticated Switch Access 6-7, 6-23 configuration file customer login user accounts Emergency Restore 5-30 file management 1-30...
Page 308 configuration files 5-3, 6-3 errors configuration snapshot all command configuration syntax check console port copy certified working command 5-21 copy flash-synchro command 5-27 copy running-config working command copy working certified flash-synchro command cp command 5-30 customer login user accounts application examples date 1-37, 7-4 Daylight Savings Time...
Page 309 Index ls command 1-6, 1-10, 6-10 ls-r command 1-13 Management Information Bases see MIBs authentication 3-47 memory 1-18 MIBs enterprise 3-57 industry standard 3-52 mkdir command 1-11 more command 6-18, 7-9 mv command 1-31 network administrator user accounts application examples Network Management Station see NMS Network Time Protocol...
Page 310 session prompt command 6-17 session timeout command 2-22 sftp command 1-23, 2-18 sftp6 command 1-23, 1-34 authentication 3-47 show command-log command 6-16 show command-log status command show configuration status command show history command 6-13 show ip helper command show microcode command 5-23, 6-10 show microcode history command 5-23...
Page 311 Index verbose mode vi command 1-14 WebView 10-1 accessing WebView 10-8 adjacencies 10-18 application examples 10-5 browser setup 10-2 CLI commands 10-3 configuring the switch 10-8 defaults 10-2 disabling 10-3 enabling 10-3 HTTP port 10-3 on-line help 10-19 Secure Socket Layer 10-3 Webview Configuring the Switch...
Page 312 Index Index-6 OmniSwitch AOS Release 6 Switch Management Guide September 2009...

This manual is also suitable for:

Omniswitch aos Omniswitch 9600 Omniswitch 9700 Omniswitch 9800 Omniswitch 9700e Omniswitch 9800e ... Show all

Alcatel-Lucent OmniSwitch 6850-48 Management Manual

About this Guide

Chapter 1 Managing System Files

Chapter 2 Logging into the Switch

Chapter 8 Managing Switch User Accounts

Chapter 3 Using SNMP

Index

Chapter 4 Configuring Network Time Protocol (NTP)

Chapter 5 Managing CMM Directory Content

Chapter 6 Using the CLI

Chapter 7 Working with Configuration Files

Chapter 9 Managing Switch Security

Quick Links

Related Manuals for Alcatel-Lucent OmniSwitch 6850-48

Summary of Contents for Alcatel-Lucent OmniSwitch 6850-48