Page 1 Part No. 060215-10, Rev. E December 2007 OmniSwitch 6800 Series OmniSwitch 6850 Series OmniSwitch 9000 Series Switch Management Guide www.alcatel-lucent.com...
Page 2 OmniSwitch 9000 Series. The functionality described in this guide is subject to change without notice. Copyright © 2007 by Alcatel-Lucent. All rights reserved. This document may not be reproduced in whole or in part without the express written permission of Alcatel-Lucent.
Page 3: Table Of Contents
Contents About This Guide ......................xiii Supported Platforms ......................xiii Who Should Read this Manual? ..................xiv When Should I Read this Manual? .................. xiv What is in this Manual? ....................xiv What is Not in this Manual? .................... xiv How is the Information Organized? ................. xv Documentation Roadmap ....................
Page 4 Contents Utility Commands ....................1-20 Displaying Free Memory Space ..............1-20 Performing a File System Check ..............1-20 Deleting the Entire File System ...............1-20 Loading Software onto the Switch ................1-21 Using the Switch as an FTP Server ................1-21 Using the Switch as an FTP Client .................1-23 Using Secure Shell FTP ..................1-25 Closing a Secure Shell FTP Session ..............1-26 Using Zmodem .......................1-27...
Page 5 Contents Using Secure Shell ......................2-12 Secure Shell Components ..................2-12 Secure Shell Interface ..................2-12 Secure Shell File Transfer Protocol ..............2-12 Secure Shell Application Overview ...............2-13 Secure Shell Authentication ...................2-14 Protocol Identification ..................2-14 Algorithm and Key Exchange .................2-14 Authentication Phase ..................2-14 Connection Phase ....................2-15 Using Secure Shell DSA Public Key Authentication ..........2-15 Starting a Secure Shell Session ................2-15 Closing a Secure Shell Session ................2-17...
Page 6 Contents Software Rollback Configuration Scenarios for a Single Switch .....4-5 Redundancy ......................4-9 Redundancy Scenarios ..................4-9 Managing the Directory Structure (Non-Redundant) ...........4-13 Rebooting the Switch .....................4-13 Copying the Running Configuration to the Working Directory ......4-16 Rebooting from the Working Directory ..............4-18 Copying the Working Directory to the Certified Directory ........4-21 Copying the Certified Directory to the Working Directory ........4-22 Show Currently Used Configuration ..............4-23...
Page 7 Contents Logging CLI Commands and Entry Results ..............5-15 Enabling Command Logging ................5-15 Disabling Command Logging .................5-15 Viewing the Current Command Logging Status ..........5-16 Viewing Logged CLI Commands and Command Entry Results ....5-16 Customizing the Screen Display ...................5-17 Changing the Screen Size ..................5-17 Changing the CLI Prompt ..................5-17 Displaying Table Information ................5-18 Filtering Table Information ..................5-19...
Page 8 Contents Chapter 7 Managing Switch User Accounts ................7-1 In This Chapter ........................7-1 User Database Specifications ..................7-2 User Account Defaults ....................7-2 Overview of User Accounts ....................7-4 Startup Defaults ......................7-5 Quick Steps for Network Administrator User Accounts ..........7-6 Quick Steps for Creating Customer Login User Accounts ........7-7 Default User Settings ....................7-8 Account and Password Policy Settings ..............7-8 How User Settings Are Saved ..................7-9...
Page 9 Contents Switch Security Overview ....................8-3 Authenticated Switch Access ..................8-4 AAA Servers—RADIUS or LDAP ................8-4 Authentication-only—ACE/Server ................8-4 Interaction With the User Database .................8-5 ASA and Authenticated VLANs ................8-5 Configuring Authenticated Switch Access ..............8-6 Quick Steps for Setting Up ASA ..................8-7 Setting Up Management Interfaces for ASA ..............8-9 Enabling Switch Access ..................8-10 Configuring the Default Setting ................8-10 Using Secure Shell ....................8-11...
Page 10 Contents Chapter 10 Using SNMP ....................... 10-1 In This Chapter ......................10-1 SNMP Specifications ....................10-2 SNMP Defaults ......................10-2 Quick Steps for Setting Up An SNMP Management Station ........10-4 Quick Steps for Setting Up Trap Filters ................10-5 Filtering by Trap Families ..................10-5 Filtering by Individual Traps ..................10-6 SNMP Overview ......................10-7 SNMP Operations ....................10-7...
Page 11 Software License and Copyright Statements ............A-1 Alcatel-Lucent License Agreement ................A-1 ALCATEL-LUCENT SOFTWARE LICENSE AGREEMENT ......A-1 Third Party Licenses and Notices .................. A-4 A. Booting and Debugging Non-Proprietary Software .......... A-4 B. The OpenLDAP Public License: Version 2.4, 8 December 2000 ..... A-4 C.
Page 12 Contents OmniSwitch 6800/6850/9000 Switch Management Guide December 2007...
Page 13: About This Guide
The software features described in this manual are shipped standard with your OmniSwitch 6800 Series, OmniSwitch 6850 Series, and OmniSwitch 9000 Series switches. These features are used when readying a switch for integration into a live network environment.
Page 14: Who Should Read This Manual
You should have already stepped through the first login procedures and read the brief software overviews in the OmniSwitch 6800 Series Getting Started Guide, OmniSwitch 6850 Series Getting Started Guide, or OmniSwitch 9000 Series Getting Started Guide.
Page 15: How Is The Information Organized
This guide does not include documentation for the OmniVista network management system. However, OmniVista includes a complete context-sensitive on-line help system. This guide provides overview material on software features, how-to procedures, and tutorials that will enable you to begin configuring your OmniSwitch. However, it is not intended as a comprehensive refer- ence to all CLI commands available in the OmniSwitch.
Page 16 Stage 2: Gaining Familiarity with Basic Switch Functions Pertinent Documentation: Hardware Users Guide Switch Management Guide Once you have your switch up and running, you will want to begin investigating basic aspects of its hard- ware and software. Information about switch hardware is provided in the Hardware Guide. This guide provide specifications, illustrations, and descriptions of all hardware components, such as chassis, power supplies, Chassis Management Modules (CMMs), Network Interface (NI) modules, and cooling fans.
Page 17: Related Documentation
The following are the titles and descriptions of all the related OmniSwitch 6800/6850/9000 user manuals: OmniSwitch 6800 Series Getting Started Guide • Describes the hardware and software procedures for getting an OmniSwitch 6800 Series switch up and running. Also provides information on fundamental aspects of OmniSwitch software and stacking architecture.
Page 18 Includes information on Small Form Factor Pluggable (SFPs) and 10 Gbps Small Form Factor Plugga- bles (XFPs) transceivers. Technical Tips, Field Notices • Includes information published by Alcatel-Lucent’s Customer Support group. Release Notes • Includes critical Open Problem Reports, feature exceptions, and other important information on the features supported in the current release and any limitations to their support.
Page 19: User Manual Cd
All user guides are included on the User Manual CD that accompanied your switch. This CD also includes user guides for other Alcatel-Lucent data enterprise products. In addition, it contains a stand-alone version of the on-line help system that is embedded in the OmniVista network management application.
Page 20 page -xx OmniSwitch 6800/6850/9000 Switch Management Guide December 2007...
Page 21: Chapter 1 Managing System Files
1 Managing System Files This chapter describes the several methods of transferring software files onto the OmniSwitch and how to register those files for use by the switch. This chapter also describes several basic switch management procedures and discusses the Command Line Interface (CLI) commands used. File Management (copy, secure copy, edit, rename, remove, change, and display file attributes) •...
Page 22: File Management Specifications
File Management Specifications Managing System Files File Management Specifications The following table lists specifications for the OmniSwitch flash directory and file system as well as the system clock. Note. The functionality described in this chapter is supported on the OmniSwitch 6800, 6850, and 9000 switches unless otherwise stated in the following Specifications table or specifically noted within any section of this chapter.
Page 23: Switch Administration Overview
Over the life of the switch, it is very likely that your configuration and feature set will change because the needs of your network are likely to expand. Also, software updates become available from Alcatel-Lucent. If you change your configuration to upgrade your network, you must understand how to install switch files and to manage switch directories.
Page 24: Switch Directories
Switch Administration Overview Managing System Files Switch Directories You can create your own directories in the switch flash directory. This allows you to organize your config- uration and text files on the switch. You can also use the command to create files. This chapter tells you how to make, copy, move, and delete both files and directories.
Page 25: File And Directory Management
Managing System Files File and Directory Management File and Directory Management A number of CLI commands allow you to manage files on your switch by grouping them into sub- directories within the switch’s flash directory. These commands perform the same functions as file management software applications (such as Microsoft Explorer) perform on a workstation.
Page 26 File and Directory Management Managing System Files To list all the files and directories in your current directory, use the command. Here is a sample display of the flash directory. -> ls Listing Directory /flash: 315 Jan 5 09:38 boot.params 2048 Jan 5 09:22 certified/ 2048 Jan...
Page 27: Using Wildcards
Managing System Files File and Directory Management Using Wildcards Wildcards allow you to substitute symbols (* or ?) for text patterns while using file and directory commands. The asterisk (*) takes the place of multiple characters and the question mark character (?) takes the place of single characters.
Page 28: Directory Commands
File and Directory Management Managing System Files Directory Commands The directory commands are applied to the switch file system and to files contained within the file system. When you first enter the flash directory, your login is located at the top of the directory tree. You may navigate within this directory by using the commands (discussed below).
Page 29: Changing Directories
Managing System Files File and Directory Management Changing Directories Use the command to navigate within the file directory structure. The command allows you to move “up” or “down” the directory tree. To go down, you must specify a directory located in your current direc- tory.
Page 30: Displaying Directory Contents
File and Directory Management Managing System Files Displaying Directory Contents commands have the same function. These two commands display the contents of the current directory. If you use the command while logged into the /flash file directory of the switch as shown on page 1-8, the following will be displayed:...
Page 31 Managing System Files File and Directory Management If you specify a path as part of the command, your screen will list the contents of the directory at the specified path. -> ls /flash/ Listing Directory /flash: 1024 Nov 8 08:30 WORKING/ 276 Nov 8 09:59 boot.params 4890749 Oct 21 21:43 cs_system.pmd...
Page 32: Making A New Directory
File and Directory Management Managing System Files Making a New Directory To make a new directory use the mkdir command. You may specify a path for the new directory. Other- wise, the new directory will be created in your current directory. The syntax for this command requires a slash (/) and no space between the path and the new directory name.
Page 33: Displaying Directory Contents Including Subdirectories
Managing System Files File and Directory Management Displaying Directory Contents Including Subdirectories -r command displays the contents of your current directory in addition to recursively displaying all subdirectories. The following example shows the result of the -r command where the /flash/working directory contains a directory named newdir1.
Page 34: Removing A Directory And Its Contents
File and Directory Management Managing System Files To verify the creation of the new directory, use the -r command to produce a list of the contents of the certified directory. This list will include the files that were originally in the certified directory plus the newly created copy of the working directory and all its contents.
Page 35: File Commands
Managing System Files File and Directory Management File Commands The file commands apply to files located in the /flash file directory and its sub-directories. Note. Each file in any directory must have a unique name. If you attempt to create or copy a file into a directory where a file of the same name already exists, you will overwrite or destroy one of the files.
Page 36: Secure Copy An Existing File
File and Directory Management Managing System Files Secure Copy an Existing File Use the command to copy an existing file in a secure manner. You can specify the path and filename for the original file being copied as well as the path and filename for a new copy being created. If no path is specified, the command assumes the current directory.
Page 37 Managing System Files File and Directory Management Note. Your login account must have write privileges to use the move command. Flash Directory Certified Directory Testfiles Directory (Files) (File) testfile2 Working Directory Network Directory (Files) (File) policy.cfg In this first example, the user’s current directory is the flash directory. The following command syntax moves the testfile2 file from the user created testfiles directory into the working directory as shown in the illustration above.
Page 38: Change File Attribute And Permissions
File and Directory Management Managing System Files Change File Attribute and Permissions chmod attrib commands have the same function and use the same syntax. Use these commands to change read-write privileges for the specified file. The following syntax sets the privilege for the config1.txt file to read-write.
Page 39: Managing Files On Switches
Managing System Files File and Directory Management Managing Files on Switches On OmniSwitch 6800 and 6850 switches, you can copy a file from a non-primary switch to the primary switch in a stack using the command. To use this command, enter rcp followed by the slot number of the non-primary switch, the path and file name of the source file on the non-primary switch, and the desti- nation file name on the primary switch.
Page 40: Utility Commands
File and Directory Management Managing System Files Utility Commands The utility commands include freespace, fsck, and newfs. These commands are used to check memory and delete groups of files. Displaying Free Memory Space freespace command displays the amount of free memory space available for use in the switch’s file system.
Page 41: Loading Software Onto The Switch
Managing System Files Loading Software onto the Switch Loading Software onto the Switch There are three common methods for loading software to and from your switch. The method you use depends on your workstation software, your hardware configuration, and the location and condition of your switch.
Page 42 Loading Software onto the Switch Managing System Files Specify the transfer mode. If you are transferring a switch image file, you must specify the binary transfer mode on your FTP client. If you are transferring a configuration file, you must specify the ASCII transfer mode.
Page 43: Using The Switch As An Ftp Client
Managing System Files Loading Software onto the Switch Using the Switch as an FTP Client Using the switch as an FTP client is useful in cases where you do not have access to a workstation with an FTP client. You can establish an FTP session locally by connecting a terminal to the switch console port. You can also establish an FTP session to a remote switch by using a Telnet session.
Page 44 Loading Software onto the Switch Managing System Files Note. FTPv6 sessions are supported only on the OmniSwitch 6850 or 9000. It is mandatory to specify the name of the particular IPv6 interface, if the FTPv6 server has been specified using its link-local address. Set the client to binary mode with the bin command.
Page 45: Using Secure Shell Ftp
Managing System Files Loading Software onto the Switch Lists the contents (files and directories) of the local directory. Change to a new local directory user Sends new user information. If you lose communications while running FTP, you may receive a message similar to the following: Waiting for reply (Hit ^C to abort)...
Page 46: Closing A Secure Shell Ftp Session
Loading Software onto the Switch Managing System Files lls [path]] Display local directory listing ln oldpath newpath Symlink remote file lmkdir path Create local directory lpwd Print local working directory ls [path] Display remote directory listing mkdir path Create remote directory put local-path [remote-path] Upload file Display remote working directory...
Page 47: Using Zmodem
Managing System Files Loading Software onto the Switch Using Zmodem A Zmodem application has been included with your switch software so that new programs and archives can be uploaded through the switch’s serial console port. There are generally two situations that would require you to use the switch’s console serial port to load software by using Zmodem.
Page 48: Registering Software Image Files
Registering Software Image Files Managing System Files Registering Software Image Files New software transferred to the switch must go through a registration process before it can be used by the switch. The registration process includes two tasks: Transfer the new software file(s) to the switch’s /flash/working directory via remote connection. •...
Page 49: Available Image Files
Registering Software Image Files Available Image Files The following table lists the image files available for the OmniSwitch 6800 Series switches. Most of the files listed here are part of the base switch configuration. Files that support an optional switch feature are noted in the table.
Page 50: Application Examples For File Management
Transferring a File to the Switch Using FTP In this example, the user is adding the AVLAN security feature to an OmniSwitch 6800 Series switch. To do this, the user must load the Ksecu.img image file onto the switch and then register the file by reboot- ing the switch.
Page 51: Creating A File Directory On The Switch
Managing System Files Application Examples for File Management Reboot the switch to register the security file Ksecu.img. The following will be displayed: -> install Ksecu.img renaming file temp.img -> /flash/working/Krelease.img Installation of Ksecu.img was successful. The features and services supported by the Ksecu.img image file are now available on the switch. Creating a File Directory on the Switch In this example, the user wants to store several test files on the switch for use at a later date.
Page 52: Ftp Client Application Example
Application Examples for File Management Managing System Files Use the command to verify that the files are now located in the /flash/resources directory. -> ls /flash/resources Listing Directory /flash/resources: 2048 Jul 5 17:20 ./ 2048 Jul 5 16:25 ../ 6 Jul 5 17:03 test1.txt 6 Jul 5 17:03 test2.txt 6 Jul 5 17:03 test3.txt 17995776 bytes free...
Page 53 Managing System Files Application Examples for File Management Enter the FTP mode by using the command followed by the IP address or the name of the host you are connecting to. (If you enter a host name, please refer to “Using Zmodem”...
Page 54: Creating A File Directory Using Secure Shell Ftp
Application Examples for File Management Managing System Files Creating a File Directory Using Secure Shell FTP The following example describes the steps necessary to create a directory on a remote OmniSwitch and to transfer a file into the new directory by using Secure Shell FTP. Log on to the switch and issue the sftp CLI command with the IP address for the device you are...
Page 55 Managing System Files Application Examples for File Management 287 boot.params 2048 certified 2048 working 64000 swlog1.log 64000 swlog2.log30 policy.cfg 2048 network 206093 cs_system.pmd 2048 LPS 2048 newssdir 256 random-seed OmniSwitch 6800/6850/9000 Switch Management Guide December 2007 page 1-35...
Page 56: Transfer A File Using Secure Shell Ftp
Verifying Directory Contents Managing System Files Transfer a File Using Secure Shell FTP To demonstrate how to transfer a file by using the Secure Shell FTP, this application example continues from the previous example where a new directory named “newssdir” was created on a remote OmniSwitch.
Page 57: Setting The System Clock
Managing System Files Setting the System Clock Setting the System Clock The switch clock displays time by using a 24-hour clock format. It can also be set for use in any time zone. Daylight Savings Time (DST) is supported for a number of standard time zones. DST parameters can be programmed to support non-standard time zones and time off-set applications.
Page 58: Time
Setting the System Clock Managing System Files You may set the switch system clock to a time that is offset from standard UTC time. For example, you can set a time that is offset from UTC by increments of 15, 30, or 45 minutes. You must indicate by a plus (+) or minus (-) character whether the time should be added to or subtracted from the system time.
Page 59: Daylight Savings Time Configuration
Managing System Files Setting the System Clock Daylight Savings Time Configuration The switch can be set to change the system clock automatically to adjust for Daylight Savings Time (DST). There are two situations that apply depending on the time zone selected for your switch. If the time zone set for your switch shows DST parameters in the table on page 1-40, you need to only...
Page 60: Enabling Dst
Setting the System Clock Managing System Files Enabling DST When Daylight Savings Time (DST) is enabled, the switch’s clock will automatically set the default DST parameters for the time zone specified on the switch or for the custom parameters you can specify with the system daylight savings time command.
Page 61 Managing System Files Setting the System Clock Time Zone and DST Information Table (continued) Hours from Abbreviation Name DST Start DST End DST Change Central Europe +01:00 Last Sunday in Mar. Last Sunday in Oct. 1:00 at 2:00 a.m. at 3:00 a.m. Middle Europe +01:00 Last Sunday in Mar.
Page 62 Setting the System Clock Managing System Files page 1-42 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007...
Page 63: Chapter 2 Logging Into The Switch
HTTP client (browser) on a remote workstation; and SNMP, which requires an SNMP manager (such as Alcatel-Lucent’s OmniVista or HP OpenView) on the remote workstation. Secure sessions are available using the Secure Shell interface. File transfers can be done via FTP or Secure Shell FTP.
Page 64: Logging Into The Switch
In This Chapter Logging Into the Switch For more information about... See... Creating user accounts directly on the switch Chapter 7, “Managing Switch User Accounts” Using the CLI Chapter 5, “Using the CLI” Using WebView to manage the switch Chapter 9, “Using WebView” Using SNMP to manage the switch Chapter 10, “Using SNMP”...
Page 65: Login Specifications
Logging Into the Switch Login Specifications Login Specifications Note. The functionality described in this chapter is supported on the OmniSwitch 6800, 6850, and 9000 switches unless otherwise stated in the following Specifications table or specifically noted within any section of this chapter. Telnet clients supported Any standard Telnet client FTP clients supported...
Page 66 Login Defaults Logging Into the Switch The following table describes the maximum number of sessions allowed on an OmniSwitch: Session OS-9000 OS-6850 OS-6800 (supports only Telnet (v4 or v6) FTP (v4 or v6) SSH + SFTP (v4 or v6 secure sessions) HTTP Total Sessions...
Page 67: Quick Steps For Logging Into The Switch
Software Version 6.3.1.733.R01 Development, October 05, 2007. Copyright(c), 1994-2007 Alcatel-Lucent. All Rights reserved. OmniSwitch(TM) is a trademark of Alcatel-Lucent registered in the United States Patent and Trademark Office. You are now logged into the CLI. For information about changing the welcome banner, see “Modifying...
Page 68: Overview Of Switch Login Components
Overview of Switch Login Components Logging Into the Switch Overview of Switch Login Components Switch access components include access methods (or interfaces) and user accounts stored on the local user database in the switch and/or on external authentication servers. Each access method, except the console port, must be enabled or “unlocked”...
Page 69: Using The Webview Management Tool
Logging Into the Switch Overview of Switch Login Components Using the WebView Management Tool HTTP—The switch has a Web browser management interface for users logging in via HTTP. This • management tool is called WebView. For more information about using WebView, see Chapter 9, “Using WebView.”...
Page 70: Using Telnet
Using Telnet Logging Into the Switch Using Telnet Telnet may be used to log into the switch from a remote station. All of the standard Telnet commands are supported by software in the switch. When Telnet is used to log in, the switch acts as a Telnet server. If a Telnet session is initiated from the switch itself during a login session, then the switch acts as a Telnet client.
Page 71 Welcome to the Alcatel-Lucent OmniSwitch 6000 Software Version 6.3.1.733.R01 Development, October 05, 2007. Copyright(c), 1994-2007 Alcatel-Lucent. All Rights reserved. OmniSwitch(TM) is a trademark of Alcatel-Lucent registered in the United States Patent and Trademark Office. OmniSwitch 6800/6850/9000 Switch Management Guide December 2007...
Page 72: Using Ftp
Using FTP Logging Into the Switch Using FTP The OmniSwitch can function as an FTP server. Any standard FTP client may be used. Note. An FTP connection is not secure. Secure Shell is recommended instead of FTP or Telnet as a secure method of accessing the switch.
Page 73 Logging Into the Switch Using FTP You have to enter a valid user name and password for the host you specified with the ftp6 command, after which you will get a screen similar to the following display: Name:Jsmith 331 Password required for Jsmith Password: ***** 230 User Jsmith logged in.
Page 74: Using Secure Shell
Using Secure Shell Logging Into the Switch Using Secure Shell The OmniSwitch Secure Shell feature provides a secure mechanism that allows you to log in to a remote switch, to execute commands on a remote device, and to move files from one device to another. Secure Shell provides secure, encrypted communications even when your transmission is between two untrusted hosts or over an unsecure network.
Page 75: Secure Shell Application Overview
Logging Into the Switch Using Secure Shell Secure Shell Application Overview Secure Shell is an access protocol used to establish secured access to your OmniSwitch. The Secure Shell protocol can be used to manage an OmniSwitch directly or it can provide a secure mechanism for managing network servers through the OmniSwitch.
Page 76: Secure Shell Authentication
Using Secure Shell Logging Into the Switch Secure Shell Authentication Secure Shell authentication is accomplished in several phases using industry standard algorithms and exchange mechanisms. The authentication phase is identical for Secure Shell and Secure Shell FTP. The following sections describe the process in detail. Protocol Identification When the Secure Shell client in the OmniSwitch connects to a Secure Shell server, the server accepts the connection and responds by sending back an identification string.
Page 77: Connection Phase
Logging Into the Switch Using Secure Shell Connection Phase After successful authentication, both the client and the server process the Secure Shell connection protocol. The OmniSwitch supports one channel for each Secure Shell connection. This channel can be used for a Secure Shell session or a Secure Shell FTP session. Using Secure Shell DSA Public Key Authentication The following procedure is used to set up Secure Shell (SSH) DSA public key authentication between an OmniSwitch and a client device:...
Page 78 Using Secure Shell Logging Into the Switch Note. Use of the cmdtool OpenWindows support facility is not recommended over Secure Shell connec- tions with an external server. The following command establishes a Secure Shell interface from the local OmniSwitch to IP address 11.133.30.135: ->...
Page 79: Closing A Secure Shell Session
Logging Into the Switch Using Secure Shell IP address = 0.0.0.0, Read-only domains = None, Read-only families Read-Write domains = None, Read-Write families = , End-User profile Session number = 1 User name = rrlogin1, Access type = ssh, Access port = NI, IP address = 11.233.10.145, Read-only domains...
Page 80 Using Secure Shell Logging Into the Switch identify the IP address or hostname for the device to which you are connecting. The following command establishes a Secure Shell FTP interface from the local OmniSwitch to IP address 10.222.30.125. -> sftp 10.222.30.125 login as: Note.
Page 81: Closing A Secure Shell Ftp Session
Logging Into the Switch Using Secure Shell Closing a Secure Shell FTP Session To terminate the Secure Shell FTP session, issue the exit command. The following will display: -> exit Connection to 11.133.30.135 closed. This display indicates the Secure Shell FTP session with IP address 11.133.20.135 is closed. The user is now logged into the OmniSwitch as a local device with no active remote connection.
Page 82: Modifying The Login Banner
Welcome to the Alcatel-Lucent OmniSwitch 6000 Software Version 6.3.1.733.R01 Development, October 05, 2007. Copyright(c), 1994-2007 Alcatel-Lucent. All Rights reserved. OmniSwitch(TM) is a trademark of Alcatel-Lucent registered in the United States Patent and Trademark Office. Here is an example of a banner that has been changed:...
Page 83: Modifying The Text Display Before Login
Logging Into the Switch Modifying the Login Banner If you want the login banner in the text file to apply to HTTP switch sessions, execute the following CLI command where the text filename is thirdbanner.txt. -> session banner http /flash/thirdbanner.txt The banner files must contain only ASCII characters and should bear the .txt extension.
Page 84: Configuring Login Parameters
Configuring Login Parameters Logging Into the Switch Configuring Login Parameters You can set the number of times a user may attempt unsuccessfully to log in to the switch’s CLI by using session login-attempt command as follows: -> session login-attempt 5 In this example, the user may attempt to log in to the CLI five (5) times unsuccessfully.
Page 85: Enabling The Dns Resolver
Logging Into the Switch Enabling the DNS Resolver Enabling the DNS Resolver A Domain Name System (DNS) resolver is an optional internet service that translates host names into IP addresses. Every time you enter a host name when logging into the switch, a DNS service must look up the name on a server and resolve the name to an IP address.
Page 86: Verifying Login Settings
Verifying Login Settings Logging Into the Switch Verifying Login Settings To display information about login sessions, use the following CLI commands: Displays all active login sessions (e.g., console, Telnet, FTP, HTTP, Secure Shell, Secure Shell FTP). whoami Displays the current user session. show session config Displays session configuration information (e.g., default prompt, ban- ner file name, inactivity timer, login timer, login attempts).
Page 87: Configuring Network Time Protocol (Ntp)
3 Configuring Network Time Protocol (NTP) Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source, such as a radio or satellite receiver. It provides client time accuracies within a millisecond on LANs, and up to a few tens of milliseconds on WANs relative to a primary server synchronized to Universal Coordinated Time (UTC) (via a Global Positioning Service receiver, for exam- ple).
Page 88: Chapter 3 Configuring Network Time Protocol (Ntp)
NTP Specifications Configuring Network Time Protocol (NTP) NTP Specifications RFCs supported 1305–Network Time Protocol Maximum number of NTP servers per client 3 NTP Defaults Table The following table shows the default settings of the configurable NTP parameters: NTP Defaults Parameter Description Command Default Value/Comments Specifies an NTP server from which...
Page 89: Ntp Quick Steps
Configuring Network Time Protocol (NTP) NTP Quick Steps NTP Quick Steps The following steps are designed to show the user the necessary commands to set up NTP on an OmniSwitch: Designate an NTP server for the switch using the ntp server command.
Page 90 NTP Quick Steps Configuring Network Time Protocol (NTP) You can check the client configuration using the show ntp client command, as shown: -> show ntp client Current time: THU SEP 15 2005 17:44:54 (UTC) Last NTP update: THU SEP 15 2005 17:30:54 Client mode: enabled Broadcast client mode:...
Page 91: Ntp Overview
Configuring Network Time Protocol (NTP) NTP Overview NTP Overview Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source, such as a radio or satellite receiver. It provides client time accuracies within a millisecond on LANs, and up to a few tens of milliseconds on WANs relative to a primary server synchronized to Universal Coordinated Time (UTC) (via a Global Positioning Service receiver, for exam- ple).
Page 92: Stratum
NTP Overview Configuring Network Time Protocol (NTP) Stratum Stratum is the term used to define the relative proximity of a node in a network to a time source (such as a radio clock). Stratum 1 is the server connected to the time source itself. (In most cases the time source and the stratum 1 server are in the same physical location.) An NTP client or server connected to a stratum 1 source would be stratum 2.
Page 93 Note. Alcatel-Lucent’s current implementation of NTP only allows the OmniSwitch to act as a passive client, not as a server. A passive client only receives NTP information and adjusts its time accordingly. In the above example, an OmniSwitch could be either Server 3a or 3b.
Page 94: Authentication
NTP Overview Configuring Network Time Protocol (NTP) When planning your network, it is helpful to use the following general rules: It is usually not a good idea to synchronize a local time server with a peer (in other words, a server at •...
Page 95: Configuring Ntp
Configuring Network Time Protocol (NTP) Configuring NTP Configuring NTP The following sections detail the various commands used to configure and view the NTP client software in an OmniSwitch. Configuring the OmniSwitch as a Client The NTP software is disabled on the switch by default. To activate the switch as an NTP client, enter the ntp client command as shown: ->...
Page 96: Ntp Servers
Configuring NTP Configuring Network Time Protocol (NTP) NTP Servers An NTP client needs to receive NTP updates from an NTP server. Each client must have at least one server with which it synchronizes (unless it is operating in broadcast mode). There are also adjustable server options.
Page 97 Configuring Network Time Protocol (NTP) Configuring NTP Setting the Version Number There are currently four versions of NTP available (numbered one through four). The version that the NTP server uses must be specified on the client side. To specify the NTP version on the server from which the switch receives updates, use the ntp server command with the server IP address (or domain name), version keyword, and version number, as shown: ->...
Page 98: Using Authentication
Configuring NTP Configuring Network Time Protocol (NTP) Using Authentication Authentication is used to encrypt the NTP messages sent between the client and server. The NTP server and the NTP client must both have a text file containing the public and secret keys. (This file should be obtained from the server administrator.
Page 99: Verifying Ntp Configuration
Configuring Network Time Protocol (NTP) Verifying NTP Configuration Verifying NTP Configuration To display information about the NTP client, use the show commands listed in the following table: show ntp client Displays information about the current client NTP configuration. show ntp server status Displays the basic server information for a specific NTP server or a list of NTP servers.
Page 100 Verifying NTP Configuration Configuring Network Time Protocol (NTP) page 3-14 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007...
Page 101: Chapter 4 Managing Cmm Directory Content
For example, you could have a stack of four 6800-24 models, a stack of three 6800-48 models, or a combination of the two modules. An OmniSwitch 6800 Series stack can provide CMM redundancy; one switch is designated as the primary CMM, and one is designated as the secondary CMM.
Page 102: Cmm Specifications
CMM Specifications Managing CMM Directory Content CMM Specifications Size of Flash Memory 64 Megabytes (OmniSwitch 6800 and 6850) 128 Megabytes (OmniSwitch 9000) Size of RAM Memory 256 Megabytes Maximum Length of File Names 32 Characters Maximum Length of Directory Names 32 Characters Default Boot Directory Certified...
Page 103: Cmm Files
CMM Files The management of a stack or single switch is controlled by three types of files: Image files, which are proprietary code developed by Alcatel-Lucent to run the hardware. These files • are not configurable by the user, but may be upgraded from one release to the next. These files are also known as archive files as they are really the repository of several smaller files grouped together under a common heading.
Page 104: Where Is The Switch Running From
CMM Files Managing CMM Directory Content Where is the Switch Running From? When a switch has booted and is running, the software used will come either from the certified directory or the working directory. In most instances, the switch boots from the certified directory. (A switch can be specifically booted from the working directory by using the reload working config command described in “Rebooting from the Working Directory”...
Page 105: Software Rollback Configuration Scenarios For A Single Switch
Managing CMM Directory Content CMM Files Software Rollback Configuration Scenarios for a Single Switch The examples below illustrate a few likely scenarios and explain how the running configuration, working directory, and certified directory interoperate to facilitate the software rollback on a single switch. Note.
Page 106 CMM Files Managing CMM Directory Content Scenario 2: Running Configuration Saved to Working Directory The network administrator recreates Switch X’s running configuration and immediately saves the running configuration to the working directory. In another mishap, the power to the switch is again interrupted. The switch reboots from certified direc- tory, overwrites all of the changes in the running configuration, and rolls back to the certified directory (which in this case is the factory settings).
Page 107 Managing CMM Directory Content CMM Files Scenario 3: Saving the Working Directory to the Certified Directory After running the modified configuration settings and checking that there are no problems, the network administrator decides that the modified configuration settings (stored in the working directory) are completely reliable.
Page 108 Scenario 4: Rollback to Previous Version of Switch Software Later that year, an upgraded image file is released from Alcatel-Lucent. The network administrator loads the new file via FTP to the working directory of the switch and reboots the switch from the working direc- tory.
Page 109: Redundancy
Managing CMM Directory Content CMM Files Redundancy CMM software redundancy is one of the switch’s most important fail over features. For CMM software redundancy, at least two fully-operational OmniSwitch 6800 or OmniSwitch 6850 switches must be linked together as a stack. However, with an OmniSwitch 9000, two fully-operational CMM modules must be installed in the chassis at all times.
Page 110 CMM Files Managing CMM Directory Content This process occurs automatically when the switch boots. The working and certified directory relationship described above in “Software Rollback Feature” on page 4-4 still applies to the primary CMM switch. Generally speaking, the switch assigned the lowest stack number is the primary CMM switch; the switch with the next lowest stack number is the secondary CMM switch, and all other switches are idle.
Page 111 Managing CMM Directory Content CMM Files Scenario 3: Synchronizing Switches in a Stack When changes have been made to the primary CMM switch certified directory, these changes need to be propagated to the other switches in the stack. This could be done by completely rebooting the stack. However, a loss of switch functionality is to be avoided, a copy flash-synchro command can be issued.
Page 112 CMM Files Managing CMM Directory Content Scenario 4: Adding a New Switch to a Stack Since the OmniSwitch 6800 and 6850 switches are designed to be expandable, it is very likely that new switches will be added to stacks. The OmniSwitch 6800 and 6850 automatically detects new switches added to the stack, and new switches can pass traffic without a complete reboot of the stack.
Page 113: Managing The Directory Structure (Non-Redundant)
Managing CMM Directory Content Managing the Directory Structure (Non-Redundant) Managing the Directory Structure (Non-Redundant) The following sections define commands that allow the user to manipulate the files in the directory struc- ture of a single CMM in an OmniSwitch 9000 or of a single OmniSwitch 6800/6850 switch. Note.
Page 114 Managing the Directory Structure (Non-Redundant) Managing CMM Directory Content To reboot the switch from the certified directory, enter the reload command at the prompt: -> reload This command loads the image and configuration files in the certified directory into the RAM memory. These files control the operation of the switch.
Page 115 Managing CMM Directory Content Managing the Directory Structure (Non-Redundant) Checking the Status of a Scheduled Reboot You can check the status of a reboot set for a later time by entering the following command: -> show reload -> show reload status reload command is described in detail in the OmniSwitch CLI Reference Guide.
Page 116: Copying The Running Configuration To The Working Directory
Managing the Directory Structure (Non-Redundant) Managing CMM Directory Content Copying the Running Configuration to the Working Directory Once the switch has booted and is running, a user can modify various parameters of switch functionality. These changes are stored temporarily in the running configuration in the RAM of the switch. In order to save these changes, the running configuration must be saved to the working directory as shown: Working Certified...
Page 117 Managing CMM Directory Content Managing the Directory Structure (Non-Redundant) To save the running configuration to the working directory, enter the copy running-config working write memory command at the prompt, as shown: -> copy running-config working -> write memory The above commands perform the same function. When these commands are issued the running configu- ration with all modifications made is saved to a file called boot.cfg in the working directory.
Page 118: Rebooting From The Working Directory
Managing the Directory Structure (Non-Redundant) Managing CMM Directory Content Rebooting from the Working Directory Besides a regular boot of the switch (from the certified directory), you can also force the switch to boot from the working directory. This is useful for checking whether a new configuration or image file will boot the switch correctly, before committing it to the certified directory.
Page 119 Managing CMM Directory Content Managing the Directory Structure (Non-Redundant) Note. If the switch is rebooted before using the copy certified working command, the switch will be running from the certified directory as the working and certified directories are not the same. This behav- ior is described in “Where is the Switch Running From?”...
Page 120 Managing the Directory Structure (Non-Redundant) Managing CMM Directory Content Cancelling a Rollback Timeout To cancel a rollback time-out, enter the reload cancel command as shown: -> reload primary cancel -> reload cancel reload working command is described in detail in the OmniSwitch CLI Reference Guide. page 4-20 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007...
Page 121: Copying The Working Directory To The Certified Directory
Managing CMM Directory Content Managing the Directory Structure (Non-Redundant) Copying the Working Directory to the Certified Directory When the running configuration is saved to the working directory, the switch’s working and certified directories are now different. This difference, if the CMM reboots, causes the switch to boot and run from the certified directory.
Page 122: Copying The Certified Directory To The Working Directory
Managing the Directory Structure (Non-Redundant) Managing CMM Directory Content When the software on the working directory of a switch has proven to be effective and reliable, eventually the contents of the working directory should be copied into the certified directory. To copy the contents of the working directory to the certified directory, enter the following command at the prompt: ->...
Page 123: Show Currently Used Configuration
Managing CMM Directory Content Managing the Directory Structure (Non-Redundant) Show Currently Used Configuration When a switch is booted, the certified and working directories are compared. If they are the same, the switch runs from the working directory. If they are different, the switch runs from the certified directory. A switch running from the certified directory cannot modify directory contents.
Page 124: Show Switch Files
Managing the Directory Structure (Non-Redundant) Managing CMM Directory Content Show Switch Files The files currently installed on a switch can be viewed using the show microcode command. This command displays the files currently in the specified directory. To display files on a switch, enter the show microcode command with a directory, as shown: ->...
Page 125: Managing Redundancy In A Stack And Cmm
Managing CMM Directory Content Managing Redundancy in a Stack and CMM Managing Redundancy in a Stack and CMM The following section describe circumstances that the user should be aware of when managing the CMM directory structure on a switch with redundant CMMs. It also includes descriptions of the CLI commands designed to synchronize software between the primary and secondary CMMs.
Page 126: Copying The Working Directory To The Certified Directory
Managing Redundancy in a Stack and CMM Managing CMM Directory Content Synchronizing the primary and secondary CMMs is done using the copy flash-synchro command described in “Synchronizing the Primary and Secondary CMMs” on page 4-27. Note. If a switch fails over to the secondary CMM, it is necessary to have a management interface connec- tion to the secondary CMM (such as an Ethernet port or a console port).
Page 127: Synchronizing The Primary And Secondary Cmms
Managing CMM Directory Content Managing Redundancy in a Stack and CMM Synchronizing the Primary and Secondary CMMs If you have a secondary CMM in your switch, it will be necessary to synchronize the software between the primary and secondary CMMs. If the primary CMM goes down (for example, during a reboot), then the switch fails over to the secondary CMM.
Page 128: Cmm Switching Fabric
Managing Redundancy in a Stack and CMM Managing CMM Directory Content To synchronize the secondary CMM to the primary CMM, enter the following command at the prompt: -> copy flash-synchro copy flash-synchro command is described in detail in the OmniSwitch CLI Reference Guide. Note.
Page 129: Swapping The Primary Cmm For The Secondary Cmm
Managing CMM Directory Content Managing Redundancy in a Stack and CMM Swapping the Primary CMM for the Secondary CMM If the primary CMM is having problems, or if it needs to be shut down, then the secondary CMM can be instructed to “take over”...
Page 130: Show Currently Used Configuration
Managing Redundancy in a Stack and CMM Managing CMM Directory Content Show Currently Used Configuration In a chassis with a redundant CMM, the display for the currently running configuration tells the user if the primary and secondary CMMs are synchronized. To check the directory from where the switch is currently running and if the primary and secondary CMMs are synchronized, enter the following command on OmniSwitch 6800 and 6850 switches: ->show running-directory...
Page 131: Ni Module Behavior During Takeover
Managing CMM Directory Content Managing Redundancy in a Stack and CMM NI Module Behavior During Takeover In OmniSwitch 9000 switches only, if there are no unsaved configuration changes and the flash directo- ries on both the primary and secondary management modules have been synchronized via the copy flash-synchro command, no NIs will be reloaded if a management module takeover occurs.
Page 132: Emergency Restore Of The Boot.cfg File
Emergency Restore of the boot.cfg File Managing CMM Directory Content Emergency Restore of the boot.cfg File If all copies of the boot.cfg file have been deleted and a system boot has occurred, network configuration information is permanently lost. However, if the files have been deleted and no boot has occurred you can issue a write memory command to regenerate the boot.cfg file.
Page 133: Displaying Cmm Conditions
Managing CMM Directory Content Displaying CMM Conditions Displaying CMM Conditions To show various CMM conditions, such as where the switch is running from and which files are installed, use the following CLI show commands: show running-directory Shows the directory from where the switch was booted. show reload Shows the status of any time delayed reboot(s) that are pending on the switch.
Page 134 Displaying CMM Conditions Managing CMM Directory Content page 4-34 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007...
Page 135: Chapter 5 Using The Cli
5 Using the CLI Alcatel-Lucent’s Command Line Interface (CLI) is a text-based configuration interface that allows you to configure switch applications and to view switch statistics. Each CLI command applicable to the switch is defined in the OmniSwitch CLI Reference Guide. All command descriptions listed in the Reference Guide include command syntax definitions, defaults, usage guidelines, example screen output, and release history.
Page 136: Cli Specifications
Once you enter a command mode, you must step your way back to the top of the hierarchy before you can enter a command in a different mode. The Alcatel-Lucent switch will answer any CLI command at any time because there is no hierarchy.
Page 137: Offline Configuration Using Configuration Files
Using the CLI Command Entry Rules and Syntax Offline Configuration Using Configuration Files CLI configuration commands can be typed into a generic text file. When the text file is placed in the switch /flash/working directory, its commands are applied to the switch when the configuration apply command is issued.
Page 138: Using "Show" Commands
Command Entry Rules and Syntax Using the CLI Using “Show” Commands The CLI contains show commands that allow you to view configuration and switch status on your console screen. The show syntax is used with other command keywords to display information pertaining to those keywords.
Page 139: Partial Keyword Completion
Using the CLI Command Help Partial Keyword Completion The CLI has a partial keyword recognition feature that allows the switch to recognize partial keywords to CLI command syntax. Instead of typing the entire keyword, you may type only as many characters as is necessary to uniquely identify the keyword, then press the Tab key.
Page 140 Command Help Using the CLI The following table contains the first-level commands and their set names as they are listed on the display screen when you enter a single question mark and press Enter. Command Set Name Commands System Service & WHOAMI, WHO, VIEW, VI, VERBOSE, USER, UPDATE, TTY, File Management TELNET6, TELNET, SYSTEM, SWLOG, SSH6, SSH, SHOW,...
Page 141: Tutorial For Building A Command Using Help
Using the CLI Command Help Tutorial for Building a Command Using Help The Help feature allows you to figure out syntax for a CLI command by using a series of command line inquiries together with some educated guesses. If you do not know the correct CLI command you can use the Help feature to determine the syntax.
Page 142 Command Help Using the CLI At the command prompt, enter name followed by a space and a question mark. This step will either give you more choices or an error message. -> vlan 33 name ? <hex> <"string"> <string> (Vlan Manager Command Set) There is a smaller set of keywords available for use with the vlan 33 name syntax.
Page 143: Cli Services
Using the CLI CLI Services CLI Services There are several services built into the CLI that help you use the interface. The Command Line Editing service makes it easy for you to enter and edit repetitive commands. Other CLI services, such as syntax checking, command help, prefix prompt, and history assist you in selecting and using the correct command syntax for the task you are performing.
Page 144: Recalling The Previous Command Line
CLI Services Using the CLI Recalling the Previous Command Line To recall the last command executed by the switch, press either the Up Arrow key or the (bang, bang) command at the prompt and the previous command will display on your screen. You can execute the command again by pressing Enter or you can edit it first by deleting or inserting characters.
Page 145: Syntax Checking
Using the CLI CLI Services Syntax Checking If you make a mistake while entering command syntax, the CLI gives you clues about how to correct your error. Whenever you enter an invalid command, two indicators are displayed. The Error message tells you what the error is. •...
Page 146: Example For Using Prefix Recognition
CLI Services Using the CLI Example for Using Prefix Recognition This example shows how the Prefix Recognition feature is used for entering multiple commands that have the same prefix. This table lists the tasks to be accomplished in this example and the CLI syntax required for each task.
Page 147: Prefix Prompt
Using the CLI CLI Services Prefix Prompt You may set the CLI so that your screen prompt displays the stored prefix. To display the stored prefix as part of the screen prompt for the VLAN example above, enter the prompt prefix CLI command as follows: ->...
Page 148 CLI Services Using the CLI You can recall commands shown in the history list by using the exclamation point character (!) also called “bang”. To recall the command shown in the history list at number 4, enter !4 (bang, 4). The CLI will respond by printing the number four command at the prompt.
Page 149: Logging Cli Commands And Entry Results
Using the CLI Logging CLI Commands and Entry Results Logging CLI Commands and Entry Results OmniSwitch 6800/6850/9000 switches provide command logging via the command-log command. This feature allows users to record up to 100 of the most recent commands entered via Telnet, Secure Shell, and console sessions.
Page 150: Viewing The Current Command Logging Status
Logging CLI Commands and Entry Results Using the CLI Viewing the Current Command Logging Status As mentioned above, the command logging feature is disabled by default. To view whether the feature is currently enabled or disabled on the switch, use the show command-log status command.
Page 151: Customizing The Screen Display
Using the CLI Customizing the Screen Display Customizing the Screen Display The CLI has several commands that allow you to customize the way switch information is displayed to your screen. You can make the screen display smaller or larger. You can also adjust the size of the table displays and the number of lines shown on the screen.
Page 152: Displaying Table Information
Customizing the Screen Display Using the CLI Displaying Table Information The amount of information displayed on your console screen can be extensive, especially for certain show commands. By default, the CLI will immediately scroll all information to the screen. The more mode can be used to limit the number of lines displayed to your screen.
Page 153: Filtering Table Information
Using the CLI Customizing the Screen Display Filtering Table Information The CLI allows you to define filters for displaying table information. This is useful in cases where a vast amount of display data exists but you are interested in only a small subset of that data. Commands show- ing routing tables are a good example for when you might want to filter information.
Page 154: Multiple User Sessions
Multiple User Sessions Using the CLI Multiple User Sessions Several CLI commands give you information about user sessions that are currently operating on the OmniSwitch, including your own session. These commands allow you to list the number and types of sessions that are currently running on the switch.
Page 155: Listing Your Current Login Session
Using the CLI Multiple User Sessions Listing Your Current Login Session In order to list information about your current login session, you may either use the who command and identify your login by your IP address or you may enter the whoami command. The following will display: ->...
Page 156: Terminating Another Session
Multiple User Sessions Using the CLI Possible values for command domains and families are listed here: domain families domain-admin file telnet debug domain-system system aip snmp rmon webmgt config domain-physical chassis module interface pmm health domain-network ip rip ospf bgp vrrp ip-routing ipx ipmr ipms rdp ospf3 ipv6 domain-layer2 vlan bridge stp 802.1q linkagg ip-helper...
Page 157: Application Example
Using the CLI Application Example Application Example Using a Wildcard to Filter Table Information The wildcard character allows you to substitute the asterisk (*) character for text patterns while using the filter mode. Note. You must type the wildcard character in front of and after the filter text pattern unless the text pattern appears alone on a table row.
Page 158: Verifying Cli Usage
More? [next screen <sp>*, next line <cr>*, filter pattern </>*, quit <q>] The screen displays 10 table rows, each of which contain the text pattern “vlan” Alcatel-Lucent’s CLI uses a single level command hierarchy. (The screen rows shown above and below the table are not counted as part of the 10 rows.) If you want to display the rows one line at a time, press Enter instead of the space bar...
Page 159: Chapter 6 Working With Configuration Files
6 Working With Configuration Files Commands and settings needed for the OmniSwitch 6800/6850/9000 can be contained in an ASCII-based configuration text file. Configuration files can be created in several ways and are useful in network environments where multiple switches must be managed and monitored. This chapter describes how configuration files are created, how they are applied to the switch, and how they can be used to enhance OmniSwitch usability.
Page 160: Working With Configuration Files
Configuration File Specifications Working With Configuration Files Configuration File Specifications The following table lists specifications applicable to Configuration Files. Creation Methods for Create a text file on a word processor and upload it to the switch. • Configuration Files Invoke the switch’s snapshot feature to create a text file. •...
Page 161 Working With Configuration Files Tutorial for Creating a Configuration File Use the show configuration status command to verify that the dhcp_relay.txt configuration file was applied to the switch. The display is similar to the one shown here: -> show configuration status File configuration <dhcp_relay.txt>: completed with no errors File configuration: none scheduled Running configuration and saved configuration are different...
Page 162: Quick Steps For Applying Configuration Files
Quick Steps for Applying Configuration Files Working With Configuration Files Quick Steps for Applying Configuration Files Setting a File for Immediate Application In this example, the configuration file configfile_1 exists on the switch in the /flash directory. When these steps are followed, the file will be immediately applied to the switch. Verify that there are no timer sessions pending on the switch.
Page 163: Setting An Application Session For A Specified Time Period
Working With Configuration Files Quick Steps for Applying Configuration Files Note. Optional. To verify that the switch received this configuration apply request, enter the show configuration status command. The display is similar to the one shown here. -> show configuration status File configuration </flash/working/bncom_cfg.txt>: scheduled at 07/04/02 09:00 For more information about this display see “Configuration File Manager Commands”...
Page 164: Configuration Files Overview
Configuration Files Overview Working With Configuration Files Configuration Files Overview Instead of using CLI commands entered at a workstation, you can configure the switch using an ASCII- based text file. You may type CLI commands directly into a text document to create a configuration file that will reside in your switch’s /flash directory.
Page 165: Cancelling A Timed Session
Working With Configuration Files Configuration Files Overview Cancelling a Timed Session You may cancel a pending timed session by using the configuration cancel command. To confirm that your timer session has been cancelled, use the show configuration status command. The following will display.
Page 166: Setting The Error File Limit
Configuration Files Overview Working With Configuration Files Setting the Error File Limit The number of files ending with the .err extension present in the switch’s /flash directory is set with the configuration error-file limit command. You can set the switch to allow up to 25 error files in the /flash directory.
Page 167: Displaying A Text File
Working With Configuration Files Configuration Files Overview Verbose Mode Syntax Checking When verbose is specified in the command line, all syntax contained in the configuration file is printed to the console, even if no error is detected. (When verbose is not specified in the command line, cursory information—number of errors and error log file name—will be printed to the console only if a syntax or configuration error is detected.) To specify verbose mode, enter the verbose keyword at the end of the command line.
Page 168: Creating Snapshot Configuration Files
Creating Snapshot Configuration Files Working With Configuration Files Creating Snapshot Configuration Files You can generate a list of configurations currently running on the switch by using the configuration snapshot command. A snapshot is a text file that lists commands issued to the switch during the current login session.
Page 169: User-Defined Naming Options
Working With Configuration Files Creating Snapshot Configuration Files User-Defined Naming Options When the snapshot syntax does not include a file name, the snapshot file is created using the default file name asc.n.snap. Here, the n character holds the place of a number indicating the order in which the snapshot file name is generated.
Page 170 Creating Snapshot Configuration Files Working With Configuration Files Example Snapshot File Text The following is the text of a sample snapshot file created with the configuration snapshot all command. !========================================! ! File: asc.1.snap !========================================! ! Chassis : system name FujiCmm mac alloc 91 0 1 00:d0:95:6b:09:41 ! Configuration: ! VLAN :...
Page 171 Working With Configuration Files Creating Snapshot Configuration Files ! Lan Power : ! NTP : ! RDP : This file shows configuration settings for the Chassis, IP, AAA, SNMP, IP route manager, Spanning tree, and Bridging services. Each of these services have configuration commands listed under their heading. All other switch services and applications are either not being using or are using default settings.
Page 172: Verifying File Configuration
Verifying File Configuration Working With Configuration Files Verifying File Configuration You can verify the content and the status of the switch’s configuration files with commands listed in the following table. show configuration status Displays whether there is a pending timer session scheduled for a con- figuration file and indicates whether the running configuration and the saved configuration files are identical or different.
Page 173: Managing Switch User Accounts
7 Managing Switch User Accounts Switch user accounts may be set up locally on the switch for users to log into and manage the switch. The accounts specify login information (combinations of usernames and passwords) and privilege or profile information depending on the type of user. The switch has several interfaces (console, Telnet, HTTP, FTP, Secure Shell, and SNMP) through which users may access the switch.
Page 174: User Database Specifications
User Database Specifications Managing Switch User Accounts User Database Specifications Maximum number of alphanumeric characters in a username Maximum number of alphanumeric characters in a user password Maximum number of alphanumeric characters in an end-user profile name Maximum number of user accounts Maximum number of end-user profiles User Account Defaults Two user accounts are available on the switch by default: admin and default.
Page 175 Managing Switch User Accounts User Account Defaults Global user account lockout defaults are as follows: • Parameter Description Command Default Length of time during which failed user lockout-window 0—all attempts are login attempts are counted. counted Length of time a user account user lockout-duration 0—account remains remains locked out of the switch...
Page 176: Overview Of User Accounts
Overview of User Accounts Managing Switch User Accounts Overview of User Accounts A user account includes a login name, password, and user privileges. The account also includes privilege or profile information, depending on the type of user account. There are two types of accounts: network administrator accounts and end-user or customer login accounts.
Page 177: Startup Defaults
Managing Switch User Accounts Overview of User Accounts Secure Shell—Any standard Secure Shell client may be used for logging into the switch. • SNMP—Any standard SNMP browser may be used for logging into the switch. • For more information about connecting to the switch through one of these methods, see Chapter 2, “Logging Into the Switch,”and the appropriate Getting Started Guide.
Page 178: Quick Steps For Network Administrator User Accounts
Overview of User Accounts Managing Switch User Accounts Quick Steps for Network Administrator User Accounts Configure the user with the relevant username and password. For example, to create a user called thomas with a password of techpubs, enter the following: ->...
Page 179: Quick Steps For Creating Customer Login User Accounts
Managing Switch User Accounts Overview of User Accounts Quick Steps for Creating Customer Login User Accounts Set up a user profile through the end-user profile command. For example, configure a profile called Profile1 that specifies read-write access to the physical and basic-ip-routing command areas: ->...
Page 180: Default User Settings
Overview of User Accounts Managing Switch User Accounts Default User Settings The default user account on the switch is used for storing new user defaults for privileges and profile information. This account does not include a password and cannot be used to log into the switch. At the first switch startup, the default user account is configured for: No read or write access.
Page 181: How User Settings Are Saved
Managing Switch User Accounts Overview of User Accounts How User Settings Are Saved Unlike other settings on the switch, user settings configured through the user password commands are saved to the switch configuration automatically. These settings are saved in real time in the local user database.
Page 182: Creating A User
Creating a User Managing Switch User Accounts Creating a User To create a new user, enter the user command with the desired username and password. Use the password keyword. For example: -> user thomas password techpubs In this example, a user account with a user name of thomas and a password of techpubs is stored in the local user database.
Page 183 Managing Switch User Accounts Creating a User Enter the desired password. The system then displays a prompt to verify the password. -> password enter old password:******** enter new password: ********* reenter new password: Enter the password again. -> password enter old password:******** enter new password: ********* reenter new password: ********* ->...
Page 184: Configuring Password Policy Settings
Configuring Password Policy Settings Managing Switch User Accounts Configuring Password Policy Settings The global password policy settings for the switch define the following requirements that are applied to all user accounts: Minimum password size. • Whether or not the password can contain the username. •...
Page 185: Configuring Password Character Requirements
Managing Switch User Accounts Configuring Password Policy Settings Configuring Password Character Requirements The character requirements specified in the global password policy determine the minimum number of uppercase, lowercase, non-alphanumeric, and 10-base digit characters required in all passwords. These requirements are configured using the following user password-policy commands: Command Configures ...
Page 186: Specific User Password Expiration
Configuring Password Policy Settings Managing Switch User Accounts Specific User Password Expiration To set password expiration for an individual user, use the user command with the expiration keyword and the desired number of days or an expiration date. For example: ->...
Page 187: Configuring Global User Lockout Settings
Managing Switch User Accounts Configuring Global User Lockout Settings Configuring Global User Lockout Settings The following user lockout settings configured for the switch apply to all user accounts: Lockout window—the length of time a failed login attempt is aged before it is no longer counted as a •...
Page 188: Configuring The User Lockout Duration Time
Configuring Global User Lockout Settings Managing Switch User Accounts By default, the lockout threshold number is set to 0; this means that there is no limit to the number of failed login attempts allowed, even if a lockout window time period exists. To configure a lockout thresh- old number, use the user lockout-threshold command.
Page 189: Configuring Privileges For A User
Managing Switch User Accounts Configuring Privileges for a User Configuring Privileges for a User To configure privileges for a user, enter the user command with the read-only or read-write option and the desired CLI command domain names or command family names. The read-only option provides access to show commands;...
Page 190: Setting Up Snmp Access For A User Account
Setting Up SNMP Access for a User Account Managing Switch User Accounts Setting Up SNMP Access for a User Account By default, users can access the switch based on the SNMP setting specified for the default user account. The user command, however, may be used to configure SNMP access for a particular user. SNMP access may be configured without authentication and encryption required (supported by SNMPv1, SNMPv2, or SNMPv3).
Page 191: Snmp Access With Authentication/Encryption
Managing Switch User Accounts Setting Up SNMP Access for a User Account For this user, if the SNMP community map mode is enabled (the default), the SNMP community map must include a mapping for this user to a community string. In this example, the community string is our_group: ->...
Page 192: Setting Up End-User Profiles
Setting Up End-User Profiles Managing Switch User Accounts Setting Up End-User Profiles End-user profiles are designed for user accounts in the carrier market. With end-user profiles, a network administrator can configure customer login accounts that restrict users to particular command areas over particular ports and/or VLANs.
Page 193: Creating End-User Profiles
Managing Switch User Accounts Setting Up End-User Profiles Creating End-User Profiles To set up an end-user profile, use the end-user profile command and enter a name for the profile. Specify read-only or read-write access to particular command areas. The profile can also specify port ranges and/ or VLAN ranges.
Page 194: Associating A Profile With A User
Setting Up End-User Profiles Managing Switch User Accounts Associating a Profile With a User To associate a profile with a user, enter the user command with the end-user profile keywords and the relevant profile name. For example: -> user Customer2 end-user profile Profile3 Profile3 is now associated with Customer2.
Page 195: Verifying The User Configuration
Managing Switch User Accounts Verifying the User Configuration Verifying the User Configuration To display information about user accounts configured locally in the user database, use the show commands listed here: show user Displays information about all users or a particular user configured in the local user database on the switch.
Page 196 Verifying the User Configuration Managing Switch User Accounts page 7-24 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007...
Page 197: Chapter 8 Managing Switch Security
8 Managing Switch Security Switch security is provided on the switch for all available management interfaces (console, Telnet, HTTP, FTP, Secure Shell, and SNMP). The switch may be set up to allow or deny access through any of these interfaces. (Note that users attempting to access the switch must have a valid username and password.) In This Chapter This chapter describes how to set up switch management interfaces through the Command Line Interface (CLI).
Page 198: Switch Security Specifications
Switch Security Specifications Managing Switch Security Switch Security Specifications The following table describes the maximum number of sessions allowed on an OmniSwitch: Session OS-9000 OS-6850 OS-6800 (supports only Telnet (v4 or v6) FTP (v4 or v6) SSH + SFTP (v4 or v6 secure sessions) HTTP Total Sessions...
Page 199: Switch Security Overview
Managing Switch Security Switch Security Overview Switch Security Overview Switch security features increase the security of the basic switch login process by allowing management only through particular interfaces for users with particular privileges. Login information and privileges may be stored on the switch and/or an external server, depending on the type of external server you are using and how you configure switch access.
Page 200: Authenticated Switch Access
Authenticated Switch Access Managing Switch Security Authenticated Switch Access Authenticated Switch Access (ASA) is a way of authenticating users who want to manage the switch. With authenticated access, all switch login attempts using the console or modem port, Telnet, FTP, SNMP, or HTTP require authentication via the local user database or via a third-party server.
Page 201: Interaction With The User Database
Managing Switch Security Authenticated Switch Access The following illustration shows the two different user types attempting to authenticate with an ACE/ Server: Network Administrator Customer login request login request ACE/Server ACE/Server user end-user privilege profiles The switch polls the server The switch polls the server for login information;...
Page 202: Configuring Authenticated Switch Access
Configuring Authenticated Switch Access Managing Switch Security Configuring Authenticated Switch Access Setting up Authenticated Switch Access involves the following general steps: Set Up the Authentication Servers. This procedure is described briefly in this chapter. See the “Managing Authentication Servers” chapter of the OmniSwitch 6800/6850/9000 Network Configuration Guide for complete details.
Page 203: Quick Steps For Setting Up Asa
Managing Switch Security Quick Steps for Setting Up ASA Quick Steps for Setting Up ASA If the local user database is used for user login information, set up user accounts through the user command. User accounts may include user privileges or an end-user profile. In this example, user privi- leges are configured: ->...
Page 204 Quick Steps for Setting Up ASA Managing Switch Security The order of the server names is important here as well. In this example, the switch will use ldap2 for logging switch access sessions. If ldap2 becomes unavailable, the switch will use the local Switch Logging facility.
Page 205: Setting Up Management Interfaces For Asa
Managing Switch Security Setting Up Management Interfaces for ASA Setting Up Management Interfaces for ASA By default, authenticated access is available through the console port. Access through other management interfaces is disabled. Other management interfaces include Telnet, FTP, HTTP, Secure Shell, and SNMP. This chapter describes how to set up access for management interfaces.
Page 206: Enabling Switch Access
Setting Up Management Interfaces for ASA Managing Switch Security Enabling Switch Access Enter the aaa authentication command with the relevant keyword that indicates the management inter- face and specify the servers to be used for authentication. In this example, Telnet access for switch management is enabled.
Page 207: Using Secure Shell
Managing Switch Security Setting Up Management Interfaces for ASA In this scenario, SNMP access is not enabled because only RADIUS servers have been included in the default setting. If servers of different types are configured and include LDAP or local, SNMP will be enabled through those servers.
Page 208: Configuring Accounting For Asa
Configuring Accounting for ASA Managing Switch Security Configuring Accounting for ASA Accounting servers track network resources such as time, packets, bytes, etc., and user activity (when a user logs in and out, how many login attempts were made, session length, etc.). The accounting servers may be located anywhere in the network.
Page 209: Verifying The Asa Configuration
Managing Switch Security Verifying the ASA Configuration Verifying the ASA Configuration To display information about management interfaces used for Authenticated Switch Access, use the show commands listed here: show aaa authentication Displays information about the current authenticated switch session. show aaa accounting Displays information about accounting servers configured for Authenti- cated Switch Access or Authenticated VLANs.
Page 210 Verifying the ASA Configuration Managing Switch Security page 8-14 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007...
Page 211: Chapter 9 Using Webview
9 Using WebView The switch can be monitored and configured using WebView, Alcatel-Lucent’s web-based device management tool. The WebView application is embedded in the switch and is accessible via the following web browsers: Internet Explorer 6.0 and later for Windows NT, 2000, XP, 2003 •...
Page 212: Webview Cli Defaults
WebView CLI Defaults Using WebView WebView CLI Defaults Web Management Command Line Interface (CLI) commands allow you to enable/disable WebView, enable/disable Secure Socket Layer (SSL), and view basic WebView parameters. These configuration options are also available in WebView. The following table lists the defaults for WebView configuration through the http and https commands Description Command...
Page 213: Webview Cli Commands
Using WebView WebView CLI Commands WebView CLI Commands The following configuration options can be performed using the CLI. These configuration options are also available in WebView; but changing the web server port or secured port may only be done through the CLI (or SNMP).
Page 214: Changing The Https Port
WebView CLI Commands Using WebView As an alternative you can use the https keyword instead of the http keyword to enable Force SSL. For example: -> https ssl When using this format of the command use the no https server command to disable Force SSL on the switch.
Page 215: Quick Steps For Setting Up Webview
Using WebView Quick Steps for Setting Up WebView Quick Steps for Setting Up WebView Make sure you have an Ethernet connection to the switch. Configure switch management for HTTP using the aaa authentication command. Enter the command, the port type that you are authenticating (http), and the name of the LDAP, RADIUS, ACE, or local server that is being used for authentication.
Page 216: Banner
WebView Overview Using WebView Banner Configuration Group Feature Options Toolbar View/Configuration Area Configuration Feature WebView Chassis Home Page Banner The following features are available in the WebView Banner: Options—Brings up the User Options Page, which is used to change the user login password. •...
Page 217: Feature Options
Using WebView WebView Overview Feature Options Feature configuration options are displayed as drop-down menus at the top of each feature page. For more information on using the drop-down menus, see “Configuration Page” on page 9-10. View/Configuration Area The View/Configuration area is where switch configuration information is displayed and where configura- tion pages appear.
Page 218: Configuring The Switch With Webview
Configuring the Switch With WebView Using WebView Configuring the Switch With WebView The following sections provide an overview of WebView functionality. For detailed configuration proce- dures, see other chapters in this guide, the OmniSwitch 6800/6850/9000 Network Configuration Guide, or the OmniSwitch 6800/6850/9000 Advanced Routing Configuration Guide. Accessing WebView WebView is accessed using any of the browsers listed on page...
Page 219: Accessing Webview With Internet Explorer Version 7
• message will always appear at the top of every WebView browser window; or, Follow the steps below to install the Alcatel-Lucent self-signed certificate in the Trusted Root Certifi- • cation Authorities store. Doing so will clear the certificate error message.
Page 220: Home Page
Configuring the Switch With WebView Using WebView Home Page The first page displayed for each feature is the Home Page (e.g., IP Home). The Home Page describes the feature and provides an overview of that feature’s current configuration. If applicable, home pages display the feature’s current configuration and can also be used to configure global parameters.
Page 221: Configuration Page
Using WebView Configuring the Switch With WebView Configuration Page Feature configuration options are displayed in the drop-down menus at the top of each page. The same menus are displayed on every configuration page within a feature. To configure a feature on the switch, select a configuration option from the drop down menu.
Page 222: Table Configuration Page
Configuring the Switch With WebView Using WebView Table Configuration Page Table configuration pages show current configurations in tabular form. Entries may be added, modified, or deleted. You can delete multiple entries, but you can only modify one entry at a time. Click to select item to modify or delete.
Page 223 Using WebView Configuring the Switch With WebView Modifying an Existing Entry To modify an existing entry: Click on the checkbox to the left of the entry on the Configuration page and click Modify. The Modify window appears (e.g., Modify IP Static Route). The current configuration is displayed in each field. Modify the applicable field(s), then click Apply.
Page 224: Table Features
Configuring the Switch With WebView Using WebView Table Features Table Views Some table configuration pages can be expanded to view additional configuration information. If this option is available, a toggle switch appears at the bottom left corner of the table. To change views, click on the toggle switch (e.g., Expanded View).
Page 225 Using WebView Configuring the Switch With WebView Table Sorting Basic Sort Table entries can be sorted by column in ascending or descending order. Initially, tables are sorted on the first column in ascending order (the number 1 appears in the first column). To sort in descending order, click on the column heading.
Page 226 Configuring the Switch With WebView Using WebView Sort on a different column. Table Sort Feature—Modified Sort Advanced Sorting You can also customize a sort by defining primary and secondary sort criteria. To define primary and secondary column sorts, click on the “Sort” icon in the upper-right corner of the table (the column head- ings are highlighted).
Page 227 Using WebView Configuring the Switch With WebView Table Paging Certain potentially large tables (e.g., VLANs) have a paging feature that loads the table data in increments of 50 or 100 entries. If the table reaches this threshold, the first group of entries is displayed and a “Next” button appears at the bottom of the page.
Page 228: Adjacencies
Configuring the Switch With WebView Using WebView Adjacencies WebView provides a graphical representation of all AMAP-supported Alcatel-Lucent switches and IP phones adjacent to the switch. The following information for each device is also listed: IP address • MAC address •...
Page 229: Webview Help
Using WebView WebView Help WebView Help A general help page for using WebView is available from the banner at the top of the page. In addition, on-line help is available on every WebView page. Each help page provides a description of the page and specific instructions for each configurable field.
Page 230 WebView Help Using WebView page 9-20 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007...
Page 231: Chapter 10 Using Snmp
10 Using SNMP The Simple Network Management Protocol (SNMP) is an application-layer protocol that allows communication between SNMP managers and SNMP agents on an IPv4 as well as on an IPv6 network. Network administrators use SNMP to monitor network performance and to manage network resources. SNMP functionality over IPv6 environment can be configured only on an OmniSwitch 6850 and 9000.
Page 232: Snmp Specifications
SNMP Specifications Using SNMP SNMP Specifications The following table lists specifications for the SNMP protocol. RFCs Supported for SNMPv2 1902 through 1907 - SNMPv2c Management Framework 1908 - Coexistence and transitions relating to SNMPv1 and SNMPv2c RFCs Supported for SNMPv3 2570 –...
Page 233 Using SNMP SNMP Defaults Parameter Description Command Default Value/Comments Enables or disables SNMP snmp authentication trap Disabled authentication failure trap forwarding. OmniSwitch 6800/6850/9000 Switch Management Guide December 2007 page 10-3...
Page 234: Quick Steps For Setting Up An Snmp Management Station
Quick Steps for Setting Up An SNMP Management Station Using SNMP Quick Steps for Setting Up An SNMP Management Station An SNMP Network Management Station (NMS) is a workstation configured to receive SNMP traps from the switch. To set up an SNMP NMS by using the switch’s CLI, proceed as follows: Specify the user account name and the authentication type for that user.
Page 235: Quick Steps For Setting Up Trap Filters
Using SNMP Quick Steps for Setting Up Trap Filters Quick Steps for Setting Up Trap Filters You can filter traps by limiting user access to trap command families. You can also filter according to individual traps. Filtering by Trap Families The following example will create a new user account.
Page 236: Filtering By Individual Traps
Quick Steps for Setting Up Trap Filters Using SNMP Filtering by Individual Traps The following example enables trap filtering for the coldstart, warmstart, linkup, and linkdown traps. The identification numbers for these traps are 0, 1, 2, and 3. When trap filtering is enabled, these traps will be filtered.
Page 237: Snmp Overview
Using SNMP SNMP Overview SNMP Overview SNMP provides an industry standard communications model used by network administrators to manage and monitor their network devices. The SNMP model defines two components, the SNMP Manager and the SNMP Agent. Network Management Station OmniSwitch OmniSwitch 6648 SNMP Agent...
Page 238: Using Snmp For Switch Management
Although MIB browsers vary depending on which software package is used, they all have a few things in common. The browser must compile the Alcatel-Lucent switch MIBs before it can be used to manage the switch by issuing requests and reading statistics. Each MIB must be checked for dependencies and the MIBs must be compiled in the proper order.
Page 239: Snmpv2
Using SNMP SNMP Overview The community string security standard offers minimal security and is generally insufficient for networks where the need for security is high. Although SNMPv1 lacks bulk message retrieval capabilities and secu- rity features, it is widely used and is a de facto standard in the Internet environment. SNMPv2 SNMPv2 is a later version of the SNMP protocol.
Page 240: Snmp Traps Table
SNMP Overview Using SNMP SNMP Traps Table The following table provides information on all SNMP traps supported by the switch. Each row includes the trap name, its ID number, any objects (if applicable), its command family, and a description of the condition the SNMP agent in the switch is reporting to the SNMP management station.
Page 241 The status of the Alcatel-Lucent TrapReason Mapping Adjacency Protocol aipAMAPLast- (AMAP) port changed. TrapPort aipAMAPLastTrapReason—Reason for last change of port status. Valid reasons are 1 (port added), 2 (change of information on existing port), 3 (port deleted), and 4 (no trap has been sent).
Page 242 SNMP Overview Using SNMP No. Trap Name Objects Family Description chassisTrapsStr chassisTrapsStr- chassis A software trouble report (STR) Level was sent by an application chassis- encountering a problem during TrapsStrAp- its execution. chassisTrapsStr- SnapID chassisTrapsStr- fileName chassisTrapsStr- fileLineNb chassisTrapsStr- ErrorNb chassis- TrapsStrcom- ments...
Page 243 Using SNMP SNMP Overview No. Trap Name Objects Family Description chassisTrapsStateChange physicalIndex chassis An NI status change was chassisTrap- detected. sObjectType chassisTrap- sObjectNum- chasEntPhys- OperStatus physicalIndex—The physical index of the involved object. chassisTrapsObjectType—An enumerated value that provides the object type involved in the alert trap. chassisTrapsObjectNumber—A number defining the order of the object in the set (e.g., the number of the considered fan or power supply).
Page 244 SNMP Overview Using SNMP No. Trap Name Objects Family Description healthMonDeviceTrap healthMonRx- health Indicates a device-level threshold Status was crossed. healthMonRx- TxStatus healthMon- MemorySta- healthMonC- puStatus healthMonCm- mTempStatus healthMonCm- mCpuTemp- Status healthMonRxStatus—Rx threshold status indicating if threshold was crossed or no change. healthMonRxTxStatus—...
Page 245 Using SNMP SNMP Overview No. Trap Name Objects Family Description bgpEstablished bgpPeerLastEr- The BGP routing protocol has entered the established state. bgpPeerState bgpPeerLastError—The last error code and subcode seen by this peer on this connection. If no error has occurred, this field is zero. Otherwise, the first byte of this two byte OCTET STRING contains the error code, and the second byte contains the subcode.
Page 246 SNMP Overview Using SNMP No. Trap Name Objects Family Description dvmrpNeighborLoss dvmrpInterface- ipmr A 2-way adjacency relationship LocalAddress with a neighbor has been lost. dvmrpNeigh- This trap is generated when the borState neighbor state changes from “active” to “one-way,” “ignor- ing”...
Page 247 Using SNMP SNMP Overview No. Trap Name Objects Family Description risingAlarm alarmIndex rmon An Ethernet statistical variable alarmVariable has exceeded its rising thresh- alarmSample- old. The variable’s rising thresh- Type old and whether it will issue an alarmValue SNMP trap for this condition are alarmRisingTh- configured by an NMS station reshold...
Page 248 SNMP Overview Using SNMP No. Trap Name Objects Family Description stpRootPortChange vStpNumber A root port has changed for a vStpRootPort- spanning tree bridge. The root Number port is the port that offers the lowest cost path from this bridge to the root bridge. vStpNumber—The Spanning Tree number identifying this instance.
Page 249 Using SNMP SNMP Overview No. Trap Name Objects Family Description slbTrapOperStatus slbTrapInfoEn- load A change occurred in the opera- tityGroup balancing tional status of the server load slbTrapInfoOp- balancing entity. erStatus slbTrapInfo- ClusterName slbTrapInfoS- erverIpAddr slbTrapInfoEntityGroup—The entity group inside SLB management. slbTrapInfoOperStatus—The operational status of an SLB cluster or server.
Page 250 SNMP Overview Using SNMP No. Trap Name Objects Family Description alaStackMgrNeighborChangeTrap alaStack- chassis Indicates whether or not the stack MgrStackSta- is in loop. alaStack- MgrSlotNI- Number alaStackMgr- Tra- pLinkNumber alaStackMgrStackStatus—Indicates whether the stack is or is not in a loop. alaStackMgrSlotNINumber—The numbers allocated for the stack NIs are from 1to 8.
Page 251 Using SNMP SNMP Overview No. Trap Name Objects Family Description gmBindRuleViolation gmBindRule- vlan Occurs whenever a binding rule Type which has been configured gets gmBindRuleV- violated. lanId gmBindRuleI- PAddress gmBin- dRuleMac- Address gmBindRule- PortIfIndex gmBin- dRuleProto- Class gmBindRu- leEthertype gmBindRuleD- sapSsap gmBindRuleType—Type of binding rule for which trap sent.
Page 252 SNMP Overview Using SNMP No. Trap Name Objects Family Description pethPsePortPowerMaintenanceStatus pethPsePort- module Indicates the status of the power PowerMain- maintenance signature for inline tenanceStatus power. pethPsePortPowerMaintenanceStatus—The value ok (1) indicates the Power Maintenance Signature is present and the overcurrent condition has not been detected. The value overCurrent (2) indicates an overcurrent condition has been detected.
Page 253 Using SNMP SNMP Overview No. Trap Name Objects Family Description httpServerDoSAttackTrap httpConnection- webmgt This trap is sent to management Stats station(s) when the HTTP server httpsConnec- is under Denial of Service attack. tionStats The HTTP and HTTPS connec- tions are sampled at a 15 second interval.
Page 254 SNMP Overview Using SNMP No. Trap Name Objects Family Description alaStackMgrOutOfTokensTrap alaStack- chassis The element identified by MgrSlotNI- alaStackMgrSlotNINumber will Number enter the pass through mode because there are no tokens available to be assigned to this element. alaStackMgrSlotNINumber—Numbers allocated for the stack NIs as follows: - 0: invalid slot number - 1..8: valid and assigned slot numbers corresponding to values from the entPhysicalTable - 1001..1008: switches operating in pass through mode...
Page 255 Using SNMP SNMP Overview No. Trap Name Objects Family Description lnkaggAggDown traplnkaggId linkaggre- Indicates the link aggregate is not traplnkaggPor- gation active. This trap is sent when all tIfIndex ports of the link aggregate group are no longer in the attached state.
Page 256 SNMP Overview Using SNMP No. Trap Name Objects Family Description alaVrrp3TrapProtoError alaVrrp3TrapPr vrrp The error trap indicates that the otoErrReason sending agent has encountered the protocol error. —This indicates the reason for protocol error trap alaVrrp3TrapProtoErrReason alaVrrp3TrapNewMaster alaVrrp3OperM vrrp The newMaster trap indicates asterlpAd- that the sending agent has transi- drType...
Page 257: Using Snmp For Switch Security
Using SNMP Using SNMP For Switch Security Using SNMP For Switch Security Community Strings (SNMPv1 and SNMPv2) The switch supports the SNMPv1 and SNMPv2c community strings security standard. When a commu- nity string is carried over an incoming SNMP request, the community string must match up with a user account name as listed in the community string database on the switch.
Page 258: Encryption And Authentication (Snmpv3)
Using SNMP For Switch Security Using SNMP Encryption and Authentication (SNMPv3) Two important processes are used to verify that the message contents have not been altered and that the source of the message is authentic. These processes are encryption and authentication. A typical data encryption process requires an encryption algorithm on both ends of the transmission and a secret key (like a code or a password).
Page 259: Setting Snmp Security
Using SNMP Using SNMP For Switch Security Setting SNMP Security By default, the switch is set to “privacy all”, which means the switch accepts only authenticated and encrypted v3 Sets, Gets, and Get-Nexts. You can configure different levels of SNMP security by entering snmp security followed by the command parameter for the desired security level.
Page 260: Working With Snmp Traps
Working with SNMP Traps Using SNMP Working with SNMP Traps The SNMP agent in the switch has the ability to send traps to the management station. It is not required that the management station request them. Traps are messages alerting the SNMP manager to a condition on the network.
Page 261: Authentication Trap
Using SNMP Working with SNMP Traps Authentication Trap The authentication trap is sent when an SNMP authentication failure is detected. This trap is a signal to the management station that the switch received a message from an unauthorized protocol entity. This normally means that a network entity attempted an operation on the switch for which it had insufficient authorization.
Page 262: Snmp Mib Information
SNMP MIB Information Using SNMP SNMP MIB Information MIB Tables You can display MIB tables and their corresponding command families by using the show snmp mib family command. The MIB table identifies the MIP identification number, the MIB table name and the command family.
Page 263: Industry Standard Mibs
Using SNMP SNMP MIB Information Industry Standard MIBs The following table lists industry standard MIBs supported by the OmniSwitch 6800/6850/9000 switches. MIB Name Description Dependencies BGP4-MIB, RFC 1657 Definitions of Managed Objects for the Fourth Version SNMPv2-SMI of the Border Gateway Protocol (BGP-4) by using SMIv2.
Page 264 SNMP MIB Information Using SNMP MIB Name Description Dependencies IEEE8021-PAE-MIB This MIB modules defines 802.1X ports used for port- SNMPv2-SMI, based access control. SNMPv2-TC, SNMPv2-CONF, SNMP- FRAMEWORK- IF-MIB IF-MIB, RFC 2863 The Interfaces Group MIB. Contains generic SNMPv2-SMI, information about the physical interfaces of the entity. SNMPv2-TC, SNMPv2-CONF, SNMPv2-MIB,...
Page 265 Using SNMP SNMP MIB Information MIB Name Description Dependencies Novell RIPSAP MIB This MIB defines the management information for the SNMPv2-SMI Routing Information Protocol (RIP) and Service Advertising Protocol (SAP) protocols running in a Novell Internetwork Packet Exchange (IPX) protocol environment.
Page 266 SNMP MIB Information Using SNMP MIB Name Description Dependencies SNMP-FRAMEWORK An Architecture for Describing SNMP Management SNMPv2-SMI, MIB, RFC 2571 Frameworks. SNMPv2-TC, SNMPv2-CONF SNMP-MPD-MIB, Message Processing And Dispatching For The Simple SNMPv2-SMI, RFC 2572 Network Management Protocol (SNMP). SNMPv2-CONF SNMP-NOTIFICATION SNMP Applications, Notifications SNMP Entity SNMPv2-SMI, MIB, RFC 2573...
Page 267 Using SNMP SNMP MIB Information MIB Name Description Dependencies TUNNEL-MIB, IP Tunnel MIB SNMPv2-SMI, RFC 2667 SNMPv2-TC, SNMPv2-CONF, IF-MIB UDP-MIB, RFC 2013 SNMPv2 Management Information Base for the User SNMPv2-SMI, Datagram Protocol by using SMIv2. SNMPv2-CONF VRRP-MIB, RFC 2787 Definitions of Managed Objects for the Virtual Router SNMPv2-SMI, Redundancy Protocol (VRRP).
Page 268: Enterprise (Proprietary) Mibs
AAA-MIB Authorization, and Accounting (AAA) subsystem. SNMPv2-TC, SNMP-v2-CONF ALCATEL-IND1-BASE This module provides base definitions for modules SNMPv2-SMI developed to manage Alcatel-Lucent Internetworking networking infrastructure products. ALCATEL-IND1- Definitions of managed objects for the Border Gate- SNMPv2-SMI, BGP-MIB way Protocol (BGP) subsystem.
Page 269 Using SNMP SNMP MIB Information MIB Name Description Dependencies* ALCATEL-IND1-IGMP- Definitions of managed objects for the IPv4 Multicast SNMPv2-TC, MIB. SNMPv2-SMI, SNMPv2-CONF, INET-ADDRESS- MIB, IF-MIB ALCATEL-IND1- Definitions of managed objects for the Interswitch SNMPv2-SMI, INTERSWITCH- Protocol (i.e., GMAP, XMAP) subsystem. SNMPv2-TC, PROTOCOL-MIB SNMPv2-CONF...
Page 270 SNMP MIB Information Using SNMP MIB Name Description Dependencies* ALCATEL-IND1- Definitions of managed objects for the Source Learn- SNMPv2-SMI, MAC-ADDRESS-MIB ing MAC Address subsystem. SNMPv2-TC, SNMPv2-CONF, IF-MIB, Q-Bridge-MIB ALCATEL-IND1- Definitions of managed objects for the Chassis Super- SNMPv2-SMI, MAC-SERVER-MIB vision MAC Server subsystem. SNMPv2-TC, SNMPv2-CONF, ENTITY-MIB,...
Page 271 Using SNMP SNMP MIB Information MIB Name Description Dependencies* ALCATEL-IND1- Definitions of managed objects for the Port Mirroring SNMPv2-SMI, PORT-MIRRORING- and Monitoring subsystem. SNMPv2-TC, MONITORING-MIB SNMPv2-CONF ALCATEL-IND1- Definitions of managed objects for the Quality of Ser- SNMPv2-SMI, QOS-MIB vice (QoS) subsystem. SNMPv2-TC ALCATEL-IND1- Definitions of managed objects for the Router Discov-...
Page 272 SNMP MIB Information Using SNMP MIB Name Description Dependencies* ALCATEL-IND1-VRRP- Definitions of managed objects for the Virtual Router SNMPv2-SMI, Redundancy Protocol (VRRP) subsystem. SNMPv2-TC, SNMPv2-CONF, INET-ADDRESS- MIB, IF-MIB ALCATEL-IND1- Definitions of managed objects for the Virtual Router SNMPv2-SMI, VRRP3-MIB Redundancy Protocol 3 (VRRP3) subsystem. SNMPv2-TC, SNMPv2-CONF, INET-ADDRESS-...
Page 273: Verifying The Snmp Configuration
Using SNMP Verifying the SNMP Configuration Verifying the SNMP Configuration To display information about SNMP management stations, trap management, community strings, and security, use the show commands listed in the following table. show snmp station Displays current SNMP station information including IP address, UDP Port number, Enabled/Disabled status, SNMP version, and user account names.
Page 274 Verifying the SNMP Configuration Using SNMP page 10-44 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007...
Page 275: Appendix A Software License And Copyright Statements
Licensee further acknowledges and agrees that all rights, title, and interest in and to the Licensed Materials are and shall remain with Alcatel-Lucent and its licen- sors and that no such right, license, or interest shall be asserted with respect to such copyrights and trade- marks.
Page 276 Period, a defect in the Licensed Files appears, Licensee may return the Licensed Files to Alcatel-Lucent for either replacement or, if so elected by Alcatel-Lucent, refund of amounts paid by Licensee under this License Agreement. EXCEPT FOR THE WARRANTIES SET FORTH ABOVE, THE LICENSED MATERIALS ARE LICENSED “AS IS”...
Page 277 14.Third Party Materials. Licensee is notified that the Licensed Files contain third party software and materials licensed to Alcatel-Lucent by certain third party licensors. Some third party licensors (e.g., Wind River and their licensors with respect to the Run-Time Module) are third part beneficiaries to this License Agreement with full rights of enforcement.
Page 278: Third Party Licenses And Notices
Alcatel-Lucent for a limited period of time. Alcatel-Lucent will provide a machine-readable copy of the applicable non-proprietary software to any requester for a cost of copying, shipping and handling.
Page 279: Linux
Software License and Copyright Statements Third Party Licenses and Notices C. Linux Linux is written and distributed under the GNU General Public License which means that its source code is freely-distributed and available to the general public. D. GNU GENERAL PUBLIC LICENSE: Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc.
Page 280 Third Party Licenses and Notices Software License and Copyright Statements verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term “modification”.) Each licensee is addressed as “you”. Activities other than copying, distribution and modification are not covered by this License; they are outside its scope.
Page 281 Software License and Copyright Statements Third Party Licenses and Notices b Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange;...
Page 282 Third Party Licenses and Notices Software License and Copyright Statements consistent application of that system; it is up to the author/donor to decide if he or she is willing to distrib- ute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.
Page 283 Software License and Copyright Statements Third Party Licenses and Notices Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms.
Page 284: University Of California
Third Party Licenses and Notices Software License and Copyright Statements Material copyright Linux Online Inc. Design and compilation copyright (c)1994-2002 Linux Online Inc. Linux is a registered trademark of Linus Torvalds Tux the Penguin, featured in our logo, was created by Larry Ewing Consult our privacy statement URLWatch provided by URLWatch Services.
Page 285: Apptitude, Inc
Licensee, Licensee shall immediately return the EMWEB Product and any back-up copy to Alcatel- Lucent, and will certify to Alcatel-Lucent in writing that all EMWEB Product components and any copies of the software have been returned or erased by the memory of Licensee’s computer or made non-read- able.
Page 286: Wind River Systems, Inc
Time Module other than in connection with operation of the product. In addition, please be advised that: (i) the Run-Time Module is licensed, not sold and that Alcatel-Lucent and its licensors retain ownership of all copies of the Run-Time Module; (ii) WIND RIVER DISCLAIMS ALL IMPLIED WARRANTIES,...
Page 287 Index cd command certified directory copying to working directory 4-22, 4-27 Chassis Management Module see CMM chmod command 1-18 Symbols application examples 5-7, 5-23 domains and families 7-17 !! command 5-10 logging commands 5-15–5-16 specifications CLI usage aaa authentication command 8-7, 8-8, 8-10, 9-5 verify information about 5-24...
Page 288 Index console port specifications copy certified working command 4-22 files copy flash-synchro command 4-28 attributes 1-18 copy running-config working command 4-17 boot.cfg copy working certified flash-synchro command 4-26 configuration cp command 4-32 image 1-29, 4-3 customer login user accounts names 6-11 application examples permissions...
Page 289 Index user-configured 7-10 pre_banner.txt file 2-21 Management Information Bases Prefix Recognition 5-11 see MIBs application examples 5-12 prefixes 5-11 authentication 10-28 primary CMM memory 1-20 swapping with the secondary 4-29 MIBs synchronizing with secondary 4-27 enterprise 10-38 prompt 5-13, 5-17 industry standard 10-33 prompt prefix command...
Page 290 Index session timeout command 2-22 switch sftp command 1-25, 2-17 rebooting 4-13, 4-25 sftp6 command 1-25, 1-34 switch security defaults authentication 10-28 specifications show command-log command 5-16 syntax show command-log status command 5-16 syntax checking 5-11 show configuration status command 6-3, 6-7 System Clock 1-37...
Page 291 Index WebView accessing WebView adjacencies 9-17 application examples browser setup CLI commands configuring the switch defaults disabling enabling HTTP port on-line help 9-18 Secure Socket Layer Webview Configuring the Switch who command 2-16, 5-20 whoami command 5-21 wildcards 5-23 working directory copying to certified directory 4-21, 4-26 write memory command...
Page 292: Index
Index Index-6 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007...

This manual is also suitable for:

Omniswitch 6850 series Omniswitch 9000 series

Alcatel-Lucent OmniSwitch 6800 Series Management Manual

About this Guide

Chapter 1 Managing System Files

Chapter 2 Logging into the Switch

Chapter 7 Managing Switch User Accounts

Quick Steps for Logging into the Switch

Using Telnet

Using FTP

Using Secure Shell

Modifying the Login Banner

Configuring Login Parameters

Enabling the DNS Resolver

Chapter 3 Configuring Network Time Protocol (NTP)

Chapter 4 Managing CMM Directory Content

Chapter 5 Using the CLI

Chapter 6 Working with Configuration Files

Tutorial for Creating a Configuration File

Applying Configuration Files to the Switch

Configuration File Error Reporting

Text Editing on the Switch

Creating Snapshot Configuration Files

Managing Switch User Accounts

Chapter 8 Managing Switch Security

Chapter 9 Using Webview

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Alcatel-Lucent OmniSwitch 6800 Series

Summary of Contents for Alcatel-Lucent OmniSwitch 6800 Series