Part No. 060159-10, Rev. J April 2006 OmniSwitch 7700/7800 OmniSwitch 8800 Switch Management Guide www.alcatel.
This user guide documents release 5.4 of the OmniSwitch 7700, 7800, and 8800. The functionality described in this guide is subject to change without notice. Copyright © 2006 by Alcatel Internetworking, Inc. All rights reserved. This document may not be reproduced in whole or in part without the express written permission of Alcatel Internetworking, Inc. Alcatel® and the Alcatel logo are registered trademarks of Alcatel.
Contents About This Guide .......................................................................................................... xi Supported Platforms .......................................................................................................... xi Who Should Read this Manual? ......................................................................................xiii When Should I Read this Manual? ..................................................................................
Contents Authentication Phase .......................................................................................1-10 Connection Phase ............................................................................................1-11 Starting a Secure Shell Session ..............................................................................1-11 Closing a Secure Shell Session ..............................................................................1-13 Log Into the Switch with Secure Shell FTP ....
Contents Registering Software Image Files .................................................................................2-24 Directories on the Switch .......................................................................................2-24 Using the Install Command ....................................................................................2-25 Available Image Files .............................................................................................
Contents Managing the Directory Structure of the CMM (Non-Redundant) ................................4-9 Rebooting the Switch ...............................................................................................4-9 Copying the Running Configuration to the Working Directory ............................4-11 Rebooting from the Working Directory .................................................................4-13 Copying the Working Directory to the Certified Directory ..............................
Contents Logging CLI Commands and Entry Results .................................................................5-15 Enabling Command Logging ..........................................................................5-15 Disabling Command Logging .........................................................................5-15 Viewing the Current Command Logging Status .............................................5-16 Viewing Logged CLI Commands and Command Entry Results ....................
Contents Overview of User Accounts ............................................................................................7-3 Startup Defaults ........................................................................................................7-4 Quick Steps for Creating Network Administrator User Accounts ...........................7-5 Quick Steps for Creating Customer Login User Accounts ......................................7-6 Default User Settings .............................................
Contents Chapter 9 Using WebView ........................................................................................................... 9-1 In This Chapter ................................................................................................................9-1 WebView CLI Defaults ...................................................................................................9-2 Browser Setup ..............................................................................................
Contents Using SNMP For Switch Security ..............................................................................10-26 Community Strings (SNMPv1 and SNMPv2) .....................................................10-26 Configuring Community Strings ...................................................................10-26 Encryption and Authentication (SNMPv3) ..........................................................10-27 Configuring Encryption and Authentication ..........................................
About This Guide This OmniSwitch 7700/7800/8800 Switch Management Guide describes basic attributes of your switch and basic switch administration tasks. The software features described in this manual are shipped standard with your OmniSwitch 7700, 7800, or 8800. These features are used when readying a switch for integration into a live network environment.
Supported Platforms About This Guide • OmniSwitch 6850 • OmniSwitch 9700 • Omni Switch/Router • OmniStack • OmniAccess page xii OmniSwitch 7700/7800/8800 Switch Management Guide April 2006
About This Guide Who Should Read this Manual? Who Should Read this Manual? The audience for this user guide is network administrators and IT support personnel who need to configure, maintain, and monitor switches and routers in a live network. However, anyone wishing to gain knowledge on how fundamental software features are implemented in the OmniSwitch 7700, 7800, or 8800 will benefit from the material in this configuration guide.
How is the Information Organized? About This Guide This guide provides overview material on software features, how-to procedures, and tutorials that will enable you to begin configuring your OmniSwitch. However, it is not intended as a comprehensive reference to all CLI commands available in the OmniSwitch. For such a reference to all OmniSwitch 7700/ 7800/8800 CLI commands, consult the OmniSwitch CLI Reference Guide.
About This Guide Documentation Roadmap Stage 2: Gaining Familiarity with Basic Switch Functions Pertinent Documentation: OmniSwitch 7700/7800 Hardware Users Guide OmniSwitch 8800 Hardware Users Guide OmniSwitch 7700/7800/8800 Switch Management Guide Once you have your switch up and running, you will want to begin investigating basic aspects of its hard ware and software. Information about OmniSwitch 7700/7800 hardware is provided in the OmniSwitch 7700/7800 Hardware Users Guide.
Related Documentation About This Guide Related Documentation The following are the titles and descriptions of all the OmniSwitch 7700/7800/8800 user manuals: • OmniSwitch 7700/7800 Getting Started Guide Describes the hardware and software procedures for getting an OmniSwitch 7700/7800 up and running. Also provides information on fundamental aspects of OmniSwitch software architecture.
About This Guide User Manuals Web Site User Manuals Web Site All related user guides for the OmniSwitch 7700, 7800, and 8800 can be found on our web site at http://www.alcatel.com/enterprise/en/resource_library/user_manuals.html All documentation on the User Manual web site is in PDF format and requires the Adobe Acrobat Reader program for viewing. Acrobat Reader freeware is available at www.adobe.com. Note.
Technical Support page xviii About This Guide OmniSwitch 7700/7800/8800 Switch Management Guide April 2006
Logging Into the Switch 1 In This Chapter Logging Into the Switch Logging into the switch may be done locally or remotely. Management tools include: the Command Line Interface (CLI), which may be accessed locally via the console port, or remotely via Telnet; WebView, which requires an HTTP client (browser) on a remote workstation; and SNMP, which requires an SNMP manager (such as Alcatel’s OmniVista or HP OpenView) on the remote workstation.
Login Specifications Logging Into the Switch Login Specifications Telnet clients supported Any standard Telnet client. FTP clients supported Any standard FTP client. HTTP (WebView) clients supported – Internet Explorer for Windows NT, Windows XP, and Windows 2000, version 5.5 – Netscape for Windows NT, Windows XP, and Windows 2000, version 4.7 – Netscape for Sun OS 2.8, version 4.7 – Netscape for HP-UX 11.0, version 4.7.
Logging Into the Switch Quick Steps for Logging Into the Switch Quick Steps for Logging Into the Switch The following procedure assumes that you have set up the switch as described in your OmniSwitch Getting Started Guide and Hardware Users Guide. Setup includes: • Connecting to the switch via the console port. • Setting up the Ethernet Management Port (EMP) through the switch’s boot prompt.
Overview of Switch Login Components Logging Into the Switch Overview of Switch Login Components Switch access components include access methods (or interfaces) and user accounts stored on the local user database in the switch and/or on external authentication servers. Each access method, except the console port, must be enabled or “unlocked” on the switch before users can access the switch through that interface.
Logging Into the Switch Overview of Switch Login Components Using the WebView Management Tool • HTTP—The switch has a Web browser management interface for users logging in via HTTP. This management tool is called WebView. For more information about using WebView, see Chapter 9, “Using WebView.” Using SNMP to Manage the Switch • SNMP—Any standard SNMP browser may be used for logging into the switch. See Chapter 10, “Using SNMP.
Using Telnet Logging Into the Switch Using Telnet Telnet may be used to log into the switch from a remote station. All of the standard Telnet commands are supported by software in the switch. When Telnet is used to log in, the switch is acting as a Telnet server. A Telnet session may also be initiated from the switch itself during a login session. In this case, the switch is acting as a Telnet client.
Logging Into the Switch Using FTP Using FTP The OmniSwitch can function as an FTP server. Any standard FTP client may be used. Note. An FTP connection is not secure. Secure Shell is recommended instead of FTP or Telnet as a secure method of accessing the switch. Using FTP to Log Into the Switch You can access the OmniSwitch with a standard FTP application. To login to the switch, start your FTP client. Where the FTP client asks for “Name”, enter the IP address of your switch.
Using Secure Shell Logging Into the Switch Using Secure Shell The OmniSwitch Secure Shell feature provides a secure mechanism that allows you to log in to a remote switch, to execute commands on a remote device, and to move files from one device to another. Secure Shell provides secure, encrypted communications even when your transmission is between two untrusted hosts or over an unsecure network.
Logging Into the Switch Using Secure Shell Secure Shell Application Overview Secure Shell is an access protocol used to establish secured access to your OmniSwitch. The Secure Shell protocol can be used to manage an OmniSwitch directly or it can provide a secure mechanism for managing network servers through the OmniSwitch. The drawing below illustrates the Secure Shell being used as an access protocol replacing Telnet to manage the OmniSwitch.
Using Secure Shell Logging Into the Switch Secure Shell Authentication Secure Shell authentication is accomplished in several phases using industry standard algorithms and exchange mechanisms. The authentication phase is identical for Secure Shell and Secure Shell SFTP. The following sections describe the process in detail.
Logging Into the Switch Using Secure Shell Connection Phase After successful authentication, both the client and the server process the Secure Shell connection protocol. The OmniSwitch supports one channel for each Secure Shell connection. This channel can be used for a Secure Shell session or a Secure Shell FTP session. Starting a Secure Shell Session To start a Secure Shell session from an OmniSwitch, issue the ssh command and identify the IP address for the device you are connecting to. Note.
Using Secure Shell Logging Into the Switch The following drawing shows an OmniSwitch, using IP address 11.233.10.145, establishing a Secure Shell session across a network to another OmniSwitch, using IP address 11.333.30.135. To establish this session from the console in the figure below, you would use the CLI commands shown in the examples above. Once you issue the correct password, you are logged into the OmniSwitch at IP address 11.333.30.135. Console OmniSwitch 11.233.10.145 OmniSwitch 11.333.30.
Logging Into the Switch Using Secure Shell To view the parameters of the Secure Shell session, issue the who command. The following will display. -> who Session number = 0 User name = (at login), Access type = console, Access port = Local, IP address = 0.0.0.0, Read-only domains = None, Read-only families = , Read-Write domains = None, Read-Write families = , End-User profile = Session number = 1 User name = rrlogin1, Access type = ssh, Access port = NI, IP address = 11.233.10.
Using Secure Shell Logging Into the Switch 3 After logging in, you will receive the sftp> prompt. You may enter a question mark (?) to view available Secure Shell FTP commands and their definitions as shown here.
Logging Into the Switch Modifying the Login Banner Modifying the Login Banner The Login Banner feature allows you to change the banner that displays whenever someone logs into the switch. This feature can be used to display messages about user authorization and security. You can display the same banner for all login sessions or you can implement different banners for different login sessions.
Modifying the Login Banner Logging Into the Switch Modifying the Text Display Before Login By default, the switch does not display any text before the login prompt for any CLI session. At initial bootup, the switch creates a pre_banner.txt file in the /flash directory. The file is empty and may be edited to include text that you want to display before the login prompt. For example: Please supply your user name and password at the prompts. login : user123 password : In this example, the pre_banner.
Logging Into the Switch Configuring Login Parameters Configuring Login Parameters You can set the number of times a user may attempt unsuccessfully to log in to the switch’s CLI by using the session login-attempt command as follows: -> session login-attempt 5 In this example, the user may attempt to log in to the CLI five (5) times unsuccessfully. If the user attempts to log in the sixth time, the switch will break the TCP connection.
Enabling the DNS Resolver Logging Into the Switch Enabling the DNS Resolver A Domain Name System (DNS) resolver is an optional internet service that translates host names into IP addresses. Every time you enter a host name when logging into the switch, a DNS service must look up the name on a server and resolve the name to an IP address. You can configure up to three domain name servers that will be queried in turn to resolve the host name.
2 Managing System Files This chapter describes the several methods of transferring software files onto the OmniSwitch and how to register those files for use by the switch. This chapter also describes several basic switch management procedures and discusses the Command Line Interface (CLI) commands used.
File Management Specifications Managing System Files File Management Specifications The following table lists specifications for the OmniSwitch flash directory and file system as well as the system clock. File Transfer Methods FTP, Zmodem Configuration Recovery The /flash/certified directory holds configurations that are certified as the default start-up files for the switch. They will be used in the event of a non-specified reload.
Managing System Files File Management Overview File Management Overview The OmniSwitch has a variety of software features designed for different networking environments and applications. Over the life of the switch, it is very likely that your configuration and feature set will change because the needs of your network are likely to expand. Also, software updates become available from Alcatel.
File Management Overview Managing System Files Switch Directories You can create your own directories in the switch flash directory. This allows you to organize your configuration and text files on the switch. You can also use the vi command to create files. This chapter tells you how to make, copy, move, and delete both files and directories. Listing Directory: /flash Directory: /flash/certified Directory: /flash/network (Files) (Files) Directory: /flash/working (Files) config.txt swlog2.
Managing System Files File and Directory Management File and Directory Management A number of CLI commands allow you to manage files on your switch by grouping them into subdirectories within the switch’s flash directory. These commands perform the same functions as file management software applications (such as Microsoft’s Explorer) perform on a workstation. For documentation purposes, we have categorized the commands into three groups.
File and Directory Management Managing System Files To list all files and directories in your current directory, use the ls command. Here is a sample display of the flash directory. -> ls Listing Directory /flash: -rw drw drw -rw -rw -rw drw drw drw 290 2048 2048 64000 64000 4885718 2048 2048 2048 Apr Apr Apr Apr Apr Apr Apr Apr Mar 22 19 22 22 22 22 2 22 11 05:23 06:12 08:01 05:22 07:58 05:23 03:13 08:00 00:30 boot.params certified/ working/ swlog2.log swlog1.log cs_system.
Managing System Files File and Directory Management Using Wildcards Wildcards allow you to substitute symbols (* or ?) for text patterns while using file and directory commands. The asterisk (*) takes the place of multiple characters and the question mark character (?) takes the place of single characters. More than one wildcard can be used within a single text string. Multiple Characters An asterisk (*) is used as a wildcard for multiple characters in a text pattern.
File and Directory Management Managing System Files Directory Commands The directory commands are applied to the switch file system and to files contained within the file system. When you first enter the flash directory, your login is located at the top of the directory tree. You may navigate within this directory by using the pwd and cd commands (discussed below). The location of your login within the directory structure is called your current directory.
Managing System Files File and Directory Management Changing Directories Use the cd command to navigate within the file directory structure. The cd command allows you to move “up” or “down” the directory tree. To go down, you must specify a directory located in your current directory. The following command example presumes your current directory is the /flash file directory as shown in the directory on page 2-8 and that you want to move down the directory tree to the certified directory.
File and Directory Management Managing System Files Displaying Directory Contents The ls and dir commands have the same function. These two commands display the contents of the current directory. If you use the ls or dir command while logged into the /flash file directory as shown on page 2-8, the following will display.
Managing System Files File and Directory Management Making a New Directory To make a new directory use the mkdir command. You may specify a path for the new directory, otherwise, the new directory will be created in your current directory. The syntax for this command requires a slash (/) and no space between the path and the new directory name. Also, a slash (/) is required at the beginning of your path specification. The following command makes a new directory in the working directory.
File and Directory Management Managing System Files Displaying Directory Contents Including Subdirectories The ls -r command displays the contents of your current directory and associated subdirectories and files contained therein. The following example shows the result of the ls -r command where the /flash/working directory contains a directory named newdir1. Be sure to include a space between ls and -r.
Managing System Files File and Directory Management To verify the creation of the new directory, use the ls -r command to produce a list of the contents of the certified directory. This list will include the newly created copy of the working directory and all its contents. ->ls -r /flash/certified Listing Directory /flash/certified: drw drw drw 2048 Oct 2 16:22 ./ 2048 Nov 15 10:16 ../ 2048 Jan 31 10:16 ..
File and Directory Management Managing System Files File Commands The file commands apply to files located in the /flash file directory and its sub-directories. Note. Each file in any directory must have a unique name. If you attempt to create or copy a file into a directory where a file of the same name already exists, you will overwrite or destroy one of the files. Creating or Modifying Files The switch has an editor for creating or modifying files.
Managing System Files File and Directory Management Moving a File or Directory The move and mv commands have the same function and use the same syntax. Use these commands to move an existing file or directory to another location. You can specify the path and name for the file or directory being moved. If no path is specified, the command assumes the current path. You can also specify a path and a new name for the file or directory being moved. If no name is specified, the existing name will be used. Note.
File and Directory Management Managing System Files Changing File Attribute and Permissions The chmod and attrib commands have the same function and use the same syntax. Use these commands to change read-write privileges for the specified file. The following syntax sets the privilege for the config1.txt file to read-write. In this example, the user’s current directory is the /flash file directory. Note. You must have read-write privileges to a file to change that file’s privileges.
Managing System Files File and Directory Management Press Enter to skip repairing files, or enter yes to start file repair. If you enter yes, the screen displays similar to the following: /flash/ - disk check in progress ...
Loading Software onto the Switch Managing System Files Loading Software onto the Switch There are three common methods for loading software to and from your switch. The method you use depends on your workstation software, your hardware configuration, and the location and condition of your switch. These methods are listed here. • FTP Server—You can use the switch as an FTP server. If you have FTP client software on your work- station, you can transfer a file to the switch via FTP.
Managing System Files Loading Software onto the Switch 2 Specify the transfer mode. If you are transferring a switch image file, you must specify the binary transfer mode on your FTP client. If you are transferring a configuration file, you must specify the ASCII transfer mode. 3 Transfer the file. Use the FTP “put” command or click the client’s download button to send the file to the switch.
Loading Software onto the Switch Managing System Files Using the Switch as an FTP Client Using the switch as an FTP client is useful in cases where you do not have access to a workstation with an FTP client. You can establish an FTP session locally by connecting a terminal to the switch console port. You can also establish an FTP session to a remote switch by using a Telnet session. Once you are logged into the switch as an FTP client, you can use standard FTP commands. Note.
Managing System Files Loading Software onto the Switch 4 After logging in, you will receive the ftp-> prompt. You may enter a question mark (?) to view available FTP commands as shown here. ftp->? Supported commands: ascii binary dir get put pwd lpwd mput lcd user bye help quit mget cd hash remotehelp prompt delete ls user !ls These are industry standard FTP commands. Their definitions are given in the following table. ascii Set transfer type to ASCII (7-bit).
Loading Software onto the Switch Managing System Files Using Secure Shell FTP 1 Log on to the OmniSwitch and issue the sftp CLI command. The command syntax requires you to identify the IP address for the device you are connecting to. The following command establishes a Secure Shell FTP interface from the local OmniSwitch to IP address 10.222.30.125. -> sftp 10.222.30.125 login as: 2 You must have a login and password that is recognized by the IP address you specify.
Managing System Files Loading Software onto the Switch Using Zmodem A Zmodem application has been included with your switch software so that new programs and archives can be uploaded through the switch’s serial console port. You may want to use the switch’s console port to load software using Zmodem when your system is having problems and the FTP transfer method does not work or when the switch’s Ethernet Management port is either not functioning or not configured.
Registering Software Image Files Managing System Files Registering Software Image Files New software transferred to the switch must go through a registration process before it can be used by the switch. The registration process includes two tasks. • Transfer the new software file(s) to the switch’s /flash/working directory via remote connection. • Register the software by executing the install command. Note.
Managing System Files Registering Software Image Files Using the Install Command The install command verifies that the version number of the new file is compatible with files already on the switch. It will also perform installation procedures required by the new file or the switch. Once these procedures are completed, the install command will update the appropriate switch files so the newly registered file can be used.
Registering Software Image Files Managing System Files Available Image Files The following table lists of image files available for the OmniSwitch 7700/7800. Most of the files listed here are part of the base switch configuration. Files that support optional switch features are noted in the table. Archive File Name Base or Optional Software Description Fadvrout.img Optional Advanced Routing CMM Advanced Routing Fbase.img Base Software CMM Base Fdiag.img Base Software CMM Diagnostics Feni.
Managing System Files Application Examples for File Management Application Examples for File Management The following sections give detailed examples of managing files and directories on the switch. Creating a File Directory on the Switch In this example, the user wants to store several test files on the switch for use at a later date. The user has loaded the files into the switch’s /flash/working directory using FTP.
Application Examples for File Management Managing System Files 5 Use the ls command to verify that the files are now located in the /flash/resources directory. -> ls /flash/resources Listing Directory /flash/resources: drw drw -rw -rw -rw 2048 2048 6 6 6 Feb Feb Feb Feb Feb 5 5 5 5 5 17:20 16:25 17:03 17:03 17:03 ./ ../ test1.txt test2.txt test3.txt 17995776 bytes free Transferring a File to the Switch Using FTP In this example, the user is adding advanced routing functionality to the switch.
Managing System Files Application Examples for File Management 6 To verify that the Fadvrout.img file is in the /flash/working directory on the switch. Log onto the switch and list the files in the /flash/working directory.
Application Examples for File Management Managing System Files 2 Use the cd command to change your current directory to /flash/working. Use the ls or pwd command to verify. -> cd working -> ls Listing Directory /flash/working: drw drw -rw 2048 Nov 3 12:32 ./ 2048 Nov 14 10:58 ../ 450 Nov 13 10:02 rrtest1.txt 3 Enter the FTP mode by using the ftp command followed by the IP address or the name of the host you are connecting to. ->ftp 10.255.11.101 220 Connecting to [10.255.11.101]...connected.
Managing System Files Application Examples for File Management Creating a File Directory Using Secure Shell FTP The following example describes the steps necessary to create a directory on a remote OmniSwitch and to transfer a file into the new directory using Secure Shell FTP. 1 Log on to the switch and issue the sftp CLI command with the IP address for the device you are connecting to.
Verifying Directory Contents Managing System Files Transfer a File Using Secure Shell FTP To demonstrate how to transfer a file using the Secure Shell FTP, this application example continues from the previous example, where a new directory named “newssdir” was created on a remote OmniSwitch. 1 Use the Secure Shell FTP put command to transfer the file “testfile1.rr” from the local OmniSwitch to the “newssdir” directory on the remote OmniSwitch.
Managing System Files Setting the System Clock Setting the System Clock The switch clock displays time using a 24-hour clock format. It can also be set for use in any time zone. Daylight Savings Time (DST) is supported for a number of standard time zones. DST parameters can be programmed to support non-standard time zones and time off-set applications. All switch files and directories listed in the flash directory bear a time stamp. This feature is useful for file management purposes.
Setting the System Clock Managing System Files You may set the switch system clock to a time that is offset from standard UTC time. For example, you can set a time that is offset from UTC by increments of 15, 30 or 45 minutes. You must indicate by a plus (+) or minus (-) character whether the time should be added to or subtracted from the system time.
Managing System Files Setting the System Clock Daylight Savings Time Configuration The switch can be set to automatically change the system clock to adjust for Daylight Savings Time (DST). There are two situations that apply depending on the time zone selected for your switch.
Setting the System Clock Managing System Files Enabling DST When Daylight Savings Time (DST) is enabled, the switch’s clock will automatically set the default DST parameters for the time zone specified on the switch or for the custom parameters you can specify with the system daylight savings time start command. In this case, it is not necessary to change the time setting on the switch when your time zone changes to and from DST.
Managing System Files Setting the System Clock Time Zone and DST Information Table (continued) Abbreviation Name Hours from UTC eet Eastern Europe cet DST Start DST End DST Change +02:00 Last Sunday in Mar. at 2:00 a.m. Last Sunday in Oct. at 3:00 a.m. 1:00 Central Europe +01:00 Last Sunday in Mar. at 2:00 a.m. Last Sunday in Oct. at 3:00 a.m. 1:00 met Middle Europe +01:00 Last Sunday in Mar. at 2:00 a.m. Last Sunday in Oct. at 3:00 a.m.
Setting the System Clock page 2-38 Managing System Files OmniSwitch 7700/7800/8800 Switch Management Guide April 2006
3 Configuring Network Time Protocol (NTP) The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source, such as a radio or satellite receiver. It provides client time accuracies within a millisecond on LANs, and up to a few tens of milliseconds on WANs relative to a primary server synchronized to Universal Coordinated Time (UTC) (via a Global Positioning Service receiver, for example).
NTP Specifications Configuring Network Time Protocol (NTP) NTP Specifications RFCs supported 1305 - Network Time Protocol Maximum number of NTP servers per client 3 NTP Defaults Table The following table shows the default settings of the configurable NTP parameters. NTP Defaults Parameter Description Command Default Value/Comments Specifies an NTP server from which ntp server this switch will receive updates.
Configuring Network Time Protocol (NTP) NTP Quick Steps NTP Quick Steps The following steps are designed to show the user the necessary commands to set up NTP on an OmniSwitch: 1 Designate an NTP server for the switch using the ntp server command. The NTP server provides the switch with its NTP time information. For example: -> ntp server 1.2.5.6 2 Activate the client side of NTP on the switch using the ntp client command.
NTP Overview Configuring Network Time Protocol (NTP) NTP Overview The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source, such as a radio or satellite receiver. It provides client time accuracies within a millisecond on LANs, and up to a few tens of milliseconds on WANs relative to a primary server synchronized to Universal Coordinated Time (UTC) (via a Global Positioning Service receiver, for example).
Configuring Network Time Protocol (NTP) NTP Overview Stratum Stratum is the term used to define the relative proximity of a node in a network to a time source (such as a radio clock). Stratum 1 is the server connected to the time source itself. (In most cases the time source and the stratum 1 server are in the same physical location.) An NTP client or server connected to a stratum 1 source would be stratum 2.
NTP Overview Configuring Network Time Protocol (NTP) Examples of these are shown in the simple network diagram below: UTC Time Source Stratum 1 NTP Servers 1a 1b Stratum 2 NTP Server/Clients 2a 2b Stratum 3 NTP Clients 3a 3b Servers 1a and 1b receive time information from, or synchronize with, a UTC time source such as a radio clock. (In most cases, these servers would not be connected to the same UTC source, though it is shown this way for simplicity.
Configuring Network Time Protocol (NTP) NTP Overview When planning your network, it is helpful to use the following general rules: • It is usually not a good idea to synchronize a local time server with a peer (in other words, a server at the same stratum), unless the latter is receiving time updates from a source that has a lower stratum then from where the former is receiving time updates. This minimizes common points of failure.
Configuring NTP Configuring Network Time Protocol (NTP) Configuring NTP The following sections detail the various commands used to configure and view the NTP client software in an OmniSwitch. Configuring the OmniSwitch as a Client The NTP software is disabled on the switch by default.
Configuring Network Time Protocol (NTP) Configuring NTP NTP Servers An NTP client needs to receive NTP updates from and NTP server. Each client must have at least one server with which it synchronizes (unless it is operating in broadcast mode). There are also adjustable server options. Designating an NTP Server To configure a client to synchronize with an NTP server, enter the ntp server command with the server IP address or domain name, as shown: -> ntp server 1.1.1.
Configuring NTP Configuring Network Time Protocol (NTP) Using Authentication Authentication is used to encrypt the NTP messages sent between the client and server. The NTP server and the NTP client must both have a text file containing the public and secret keys. (This file should be obtained from the server administrator. For more information on the authentication file, see “Authentication” on page 3-7.
Configuring Network Time Protocol (NTP) Verifying NTP Configuration Verifying NTP Configuration To display information about the NTP client, use the show commands listed in the following table: show ntp client Displays information about the current client NTP configuration. show ntp server status Displays the basic server information for a specific NTP server or a list of NTP servers. show ntp client server-list Displays a list of the servers with which the NTP client synchronizes.
Verifying NTP Configuration page 3-12 Configuring Network Time Protocol (NTP) OmniSwitch 7700/7800/8800 Switch Management Guide April 2006
4 Managing CMM Directory Content The CMM, Chassis Management Module, is the management unit for the OmniSwitch 7700/7800/8800 system. Each OmniSwitch 7700/7800/8800 chassis can run with two CMMs to provide redundancy; one CMM is designated as the primary CMM, and one is designated as the secondary CMM. One or the other runs the switch, but never at the same time. The directory structure of the CMM is designed to prevent corrupting or losing switch files.
CMM Specifications Managing CMM Directory Content CMM Specifications Size of Flash Memory 32 Megabytes Size of RAM Memory 128 Megabytes Maximum Length of File Names 32 Characters Maximum Length of Directory Names 32 Characters Default Boot Directory Certified page 4-2 OmniSwitch 7700/7800/8800 Switch Management Guide April 2006
Managing CMM Directory Content CMM Files CMM Files The management of the switch is controlled by three types of files: • Image files, which are proprietary code developed by Alcatel to run the hardware. These files are not configurable by the user, but may be upgraded from one release to the next. These files are also known as archive files, as they are really the repository of several smaller files grouped together under a common heading. • A configuration file, named boot.
CMM Files Managing CMM Directory Content Where is the Switch Running From? When a switch has booted and is running, the software used will come either from the certified directory or the working directory. In most instances, the switch boots from the certified directory. (A switch can be specifically booted from the working directory by using the reload working config command described in “Rebooting from the Working Directory” on page 4-13.
Managing CMM Directory Content CMM Files Software Rollback Configuration Scenarios The examples below illustrate a few likely scenarios and explain how the running configuration, working directory, and certified directory interoperate to facilitate the software rollback. In the examples below, R represents the running configuration, W represents the working directory, and C represents the certified directory. Note.
CMM Files Managing CMM Directory Content Scenario 2: Running Configuration Saved to Working Directory The network administrator recreates Switch X’s running configuration and immediately saves the running configuration to the working directory. In another mishap, the power to the switch is again interrupted. The switch reboots from certified directory, overwriting all of the changes in the running configuration, and rolls back to the certified directory (which in this case is the factory settings).
Managing CMM Directory Content CMM Files Scenario 3: Saving the Working Directory to the Certified Directory After running the modified configuration settings, and seeing no problems, the network administrator decides that the modified configuration settings (stored in the working directory) are completely reliable. The administrator then decides to save the contents of the working directory to the certified directory.
CMM Files Managing CMM Directory Content Scenario 4: Rollback to Previous Version of Switch Software Later that year, an upgraded image file for the ENI module is released from Alcatel. The network administrator loads the new file via FTP to the working directory of the switch and reboots the switch from the working directory. Since the switch is specifically booted from the working directory, the switch is running from the working directory.
Managing CMM Directory Content Managing the Directory Structure of the CMM (Non-Redundant) Managing the Directory Structure of the CMM (Non-Redundant) The following sections define commands that allow the user to manipulate the files in the directory structure of a non-redundant CMM. Note. All of the commands described in the following sections work on a switch with a redundant CMM.
Managing the Directory Structure of the CMM (Non-Redundant) Managing CMM Directory Content To reboot the switch from the certified directory, enter the reload command at the prompt: -> reload This command loads the image and configuration files in the certified directory into RAM memory. These files control the operation of the switch. Note. When the switch reboots using the reload command, it will boot from the certified directory.
Managing CMM Directory Content Managing the Directory Structure of the CMM (Non-Redundant) Copying the Running Configuration to the Working Directory Once the switch has booted and is running, a user can modify various parameters of switch functionality. These changes are stored temporarily in the running configuration in RAM memory of the switch.
Managing the Directory Structure of the CMM (Non-Redundant) Managing CMM Directory Content To save the running configuration to the working directory, enter the copy running-config working or write memory command at the prompt, as shown: -> copy running-config working or -> write memory The above commands perform the same function. When these commands are issued the running configuration, with all modifications made, is saved to a file called boot.cfg in the working directory. Note.
Managing CMM Directory Content Managing the Directory Structure of the CMM (Non-Redundant) Rebooting from the Working Directory Besides a regular boot of the switch (from the certified directory), you can also force the switch to boot from the working directory. This is useful for checking whether a new configuration or image file will boot the switch correctly, before committing it to the certified directory.
Managing the Directory Structure of the CMM (Non-Redundant) Managing CMM Directory Content To reboot the switch from the working directory, enter the following command at the prompt, along with a time out period (in minutes), as shown: -> reload working rollback-timeout 5 At the end of the timeout period, the switch will reboot again normally, as if a reload command had been issued.
Managing CMM Directory Content Managing the Directory Structure of the CMM (Non-Redundant) Copying the Working Directory to the Certified Directory When the running configuration is saved to the working directory, the switch’s working and certified directories are now different. This difference, if the CMM reboots, causes the switch to boot and run from the certified directory.
Managing the Directory Structure of the CMM (Non-Redundant) Managing CMM Directory Content When the software on the working directory of a switch has proven to be effective and reliable, eventually the contents of the working directory should be copied into the certified directory.
Managing CMM Directory Content Managing the Directory Structure of the CMM (Non-Redundant) Show Currently Used Configuration When a switch is booted, the certified and working directories are compared. If they are the same, the switch runs from the working directory. If they are different, the switch runs from the certified directory. A switch running from the certified directory cannot modify directory contents. (This topic is covered in “Where is the Switch Running From?” on page 4-4.
Managing the Directory Structure of the CMM (Non-Redundant) Managing CMM Directory Content Show Switch Files The files currently installed on a switch can be viewed using the show microcode command. This command displays the files currently in the specified directory. To display files, enter the command with a directory, as shown: -> show microcode certified Package Release Size Description -----------------+---------------+--------+----------------------------------Fadvrout.img 5.4.1.231.
Managing CMM Directory Content Managing Redundant CMMs Managing Redundant CMMs The following section describe circumstances that the user should be aware of when managing the CMM directory structure on a switch with redundant CMMs. It also includes descriptions of CLI commands designed to synchronize software between the primary and secondary CMMs. Rebooting the Switch You can specify a reboot of the secondary CMM by using the secondary keyword in conjunction with the reload command.
Managing Redundant CMMs Managing CMM Directory Content Copying the Working Directory to the Certified Directory Synchronizing the Primary and Secondary CMMs At the same time that you copy the working directory to the certified directory, you can synchronize the secondary CMM with the primary CMM. In the case of redundant CMMs, this ensures that the two modules are booting from the same software.
Managing CMM Directory Content Managing Redundant CMMs Synchronizing the Primary and Secondary CMMs If you have a secondary CMM in your switch, it will be necessary to synchronize the software between the primary and secondary CMM. If the primary CMM goes down (for example, during a reboot), then the switch fails over to the secondary CMM. If the software in the secondary CMM is not synchronized with the software in the primary CMM, the switch will not function as configured by the administrator.
Managing Redundant CMMs Managing CMM Directory Content To synchronize the secondary CMM to the primary CMM, enter the following command at the prompt: -> copy flash-synchro The copy flash-synchro command is described in detail in the OmniSwitch CLI Reference Guide. Note. When synchronizing the primary and secondary CMMs, it is important to remember that the boot.params file and the switch date and time are not automatically synchronized. See the your Getting Started Guide for information on the boot.
Managing CMM Directory Content Managing Redundant CMMs Swapping the Primary CMM for the Secondary CMM If the primary CMM is having problems, or if it needs to be shut down, then the secondary CMM can be instructed to “take over” switch operation as the primary CMM is shut down. Note. It is important that the software for the secondary CMM has been synchronized with the primary CMM before you initiate a secondary CMM takeover.
Managing Redundant CMMs Managing CMM Directory Content Show Currently Used Configuration In a chassis with a redundant CMM, the display for the currently running configuration tells the user if the primary and secondary CMM is synchronized.
Managing CMM Directory Content Emergency Restore of the boot.cfg File Emergency Restore of the boot.cfg File If all copies of the boot.cfg file have been deleted and a system boot has occurred, network configuration information is permanently lost. However, if the files have been deleted and no boot has occurred you can issue a write memory command to regenerate the boot.cfg file. Can I Restore the boot.file While Running from Certified? Yes.
Displaying CMM Conditions Managing CMM Directory Content Displaying CMM Conditions To show various CMM conditions, such as where the switch is running from and which files are installed, use the following CLI show commands: show running-directory Shows the directory from where the switch was booted. show reload Shows the status of any time delayed reboot(s) that are pending on the switch. show microcode Displays microcode versions installed on the switch.
5 Using the CLI Alcatel’s Command line interface (CLI) is a text-based configuration interface that allows you to configure switch applications and to view switch statistics. Each CLI command applicable to the switch is defined in the OmniSwitch CLI Reference Guide. All command descriptions listed in the Reference Guide include command syntax definitions, defaults, usage guidelines, example screen output and release history.
CLI Specifications Using the CLI CLI Specifications The following table lists specifications for the Command Line Interface. Configuration Methods • Online configuration via real-time sessions using CLI commands. • Offline configuration using text file holding CLI commands. Command Capture Feature Snapshot feature captures switch configurations in a text file.
Using the CLI Command Entry Rules and Syntax Offline Configuration Using Configuration Files CLI configuration commands can be typed into a generic text file. When the text file is placed in the switch /flash/working directory, its commands are applied to the switch when the configuration apply command is issued. Files used in this manner are called configuration files. A configuration file can be viewed or edited offline using a standard text editor.
Command Entry Rules and Syntax Using the CLI Using “Show” Commands The CLI contains show commands that allow you to view configuration and switch status on your console screen. The show syntax is used with other command keywords to display information pertaining to those keywords. For example, the show vlan command displays a table of all VLANs currently configured, along with pertinent information about each VLAN.
Using the CLI Command Help Partial Keyword Completion The CLI has a partial keyword recognition feature that allows the switch to recognize partial keywords to CLI command syntax. Instead of typing the entire keyword, you may type only as many characters as is necessary to uniquely identify the keyword, then press the Tab key. The CLI will complete the keyword and place the cursor at the end of the keyword.
Command Help Using the CLI The following table contains the first-level commands and their set names as they are listed on the display screen when you enter a single question mark and press Enter.
Using the CLI Command Help Tutorial for Building a Command Using Help The Help feature allows you to figure out syntax for a CLI command by using a series of command line inquiries together with some educated guesses. If you do not know the correct CLI command you can use the Help feature to determine the syntax. This tutorial shows you how to use help to find the CLI syntax to create a VLAN. This VLAN will be given the ID number 33 and will be named “test vlan 2.
Command Help Using the CLI 3 At the command prompt, enter name followed by a space and a question mark. This step will either give you more choices or an error message. -> vlan 33 name ? ^ <"string"> (Vlan Manager Command Set) There is a smaller set of keywords available for use with the vlan 33 name syntax. This is because the command becomes more specialized as more keywords are added.
Using the CLI CLI Services CLI Services There are several services built into the CLI that help you use the interface. The Command Line Editing service makes it easy for you to enter and edit repetitive commands. Other CLI services, such as syntax checking, command help, prefix prompt, and history assist you in selecting and using the correct command syntax for the task you are performing. Command Line Editing CLI commands are entered from your keyboard and are executed when you press Enter.
CLI Services Using the CLI Recalling the Previous Command Line To recall the last command executed by the switch, press either the Up Arrow key or the !! (bang, bang) command at the prompt and the previous command will display on your screen. You can execute the command again by pressing Enter or you can edit it first by deleting or inserting characters. In the following example, the ls command is used to list the contents of the switch’s /flash/switch directory.
Using the CLI CLI Services Syntax Checking If you make a mistake while entering command syntax, the CLI gives you clues about how to correct your error. Whenever you enter an invalid command, two indicators are displayed. • The Error message tells you what the error is. • The caret (^) character tells you where the error is in your syntax. The following example of the syntax checking feature shows an attempt to set IP routing.
CLI Services Using the CLI Example for Using Prefix Recognition This example shows how the Prefix Recognition feature is used for entering multiple commands that have the same prefix. This table lists the tasks to be accomplished in this example and the CLI syntax required for each task. Task CLI Syntax 1. Create a VLAN with an identification number of 501. vlan 501 enable 2. Enable the spanning tree protocol for VLAN 501. vlan 501 stp enable 3. Enable authentication for VLAN 501.
Using the CLI CLI Services Prefix Prompt You may set the CLI so that your screen prompt displays the stored prefix. To display the stored prefix as part of the screen prompt for the VLAN example above, enter the prompt prefix CLI command as follows: -> prompt prefix The following will display. -> vlan 501 Your screen prompt will include your stored prefix until a new prompt is specified. To set the prompt back to the arrow (->) enter the prompt string -> (prompt string arrow) syntax as follows.
CLI Services Using the CLI You can recall commands shown in the history list by using the exclamation point character (!) also called “bang”. To recall the command shown in the history list at number 4, enter !4 (bang, 4). The CLI will respond by printing the number four command at the prompt. Using the history list of commands above, the following would display: -> !4 -> show temp You can recall the last command in the history list by issuing the !! (bang bang) syntax.
Using the CLI Logging CLI Commands and Entry Results Logging CLI Commands and Entry Results OmniSwitch 7700, 7800, and 8800 switches provide command logging via the command-log command. This feature allows users to record up to 100 of the most recent commands entered via Telnet, Secure Shell, and console sessions. In addition to a list of commands entered, the results of each command entry are recorded.
Logging CLI Commands and Entry Results Using the CLI Viewing the Current Command Logging Status As mentioned above, the command logging feature is disabled by default. To view whether the feature is currently enabled or disabled on the switch, use the show command-log status command. For example: -> show command-log status CLI command logging : Enable In this case, the feature has been enabled by the user via the command-log command.
Using the CLI Customizing the Screen Display Customizing the Screen Display The CLI has several commands that allow you to customize the way switch information is displayed to your screen. You can make the screen display smaller or larger. You can also adjust the size of the table displays and the number of lines shown on the screen. Note. Screen display examples in this chapter assume the use of a VT-100/ASCII emulator.
Customizing the Screen Display Using the CLI Displaying Table Information The amount of information displayed on your console screen can be extensive, especially for certain show commands. By default, the CLI will immediately scroll all information to the screen. The more mode can be used to limit the number of lines displayed to your screen. To use the more mode requires two steps as follows: • Specify the number of lines displayed while in the more mode. • Enter the more mode.
Using the CLI Customizing the Screen Display Filtering Table Information The CLI allows you to define filters for displaying table information. This is useful in cases where a vast amount of display data exists but you are interested in only a small subset of that data. Commands showing routing tables are a good example for when you might want to filter information. You can specify a filter that identifies the data that are relevant to your search.
Multiple User Sessions Using the CLI Multiple User Sessions Several CLI commands give you information about user sessions that are currently operating on the OmniSwitch, including your own session. These commands allow you to list the number and types of sessions that are currently running on the switch. You can also terminate another session, provided you have administrative privileges. Listing Other User Sessions The who command displays all users currently logged into the OmniSwitch.
Using the CLI Multiple User Sessions Listing Your Current Login Session In order to list information about your current login session, you may either use the who command and identify your login by your IP address or you may enter the whoami command. The following will display. -> whoami Session number = 17 User name = admin, Access type = telnet, Access port = NI, IP address = 123.33.101.
Application Example Using the CLI Application Example Using a Wildcard to Filter Table Information The wildcard character allows you to substitute the asterisk (*) character for text patterns while using the filter mode. Note. You must type the wildcard character in front of and after the filter text pattern unless the text pattern appears alone on a table row. In this example, the show snmp mib family command is used because it displays a long table of MIB information.
Using the CLI Application Example 4 Press the spacebar key to execute the filter option. The following will display.
Application Example page 5-24 Using the CLI OmniSwitch 7700/7800/8800 Switch Management Guide April 2006
6 Working With Configuration Files Commands and settings needed for the OmniSwitch can be contained in an ASCII-based configuration text file. Configuration files can be created in several ways and are useful in network environments where multiple switches must be managed and monitored. This chapter describes how configuration files are created, how they are applied to the switch, and how they can be used to enhance OmniSwitch usability.
Configuration File Specifications Working With Configuration Files Configuration File Specifications The following table lists specifications applicable to Configuration Files. Creation Methods for Configuration Files • Create a text file on a word processor and upload it to the switch. • Invoke the switch’s snapshot feature to create a text file. • Create a text file using one of the switch’s text editors. Timer Functions Files can be applied immediately or by setting a timer on the switch.
Working With Configuration Files Tutorial for Creating a Configuration File 4 Use the show configuration status command to verify that the dhcp_relay.txt configuration file was applied to the switch. The display is similar to the one shown here: -> show configuration status File configuration : completed with no errors File configuration: none scheduled Running configuration and saved configuration are different Note.
Quick Steps for Applying Configuration Files Working With Configuration Files Quick Steps for Applying Configuration Files Setting a File for Immediate Application In this example, the configuration file configfile_1 exists on the switch in the /flash directory. When these steps are followed, the file will be immediately applied to the switch. 1 Check to verify that there are no timer sessions pending on the switch.
Working With Configuration Files Quick Steps for Applying Configuration Files Setting an Application Session for a Specified Time Period You can set a future timed session to apply a configuration file after a specified period of time has elapsed. In the following example, the amzncom_cfg.txt will be applied after 6 hours and 15 minutes have elapsed. 1 Check to verify that there are no current timer sessions pending on the switch.
Configuration Files Overview Working With Configuration Files Configuration Files Overview Instead of using CLI commands entered at a workstation, you can configure the switch using an ASCIIbased text file. You may type CLI commands directly into a text document to create a configuration file that will reside in your switch’s /flash directory.
Working With Configuration Files Configuration Files Overview Verifying a Timed Session To verify that a timed session is running, use the show configuration status command. The following displays where the timed session was set using the configuration apply qos_pol at 11:30 october 31 syntax. -> show configuration status File configuration : scheduled at 01/10/31 11:30 Note. Only one session at a time can be scheduled on the switch.
Configuration Files Overview Working With Configuration Files Setting the Error File Limit The number of files ending with the .err extension present in the switch’s /flash directory is set with the configuration error-file limit command. You can set the switch to allow up to 25 error files in the /flash directory. Once the error file limit has been reached, the next error file generated will cause the error file with the oldest time stamp to be deleted.
Working With Configuration Files Configuration Files Overview Displaying a Text File The more command allows you to view a text file one screen at a time. Use this command with the desired filename. Specifying a path is optional. The following command will display the textfile.rtf text file located in the /flash/working directory. -> more /flash/working/textfile.rtf The switch will display the file text on your terminal screen until the entire screen is full.
Creating Snapshot Configuration Files Working With Configuration Files Creating Snapshot Configuration Files You can generate a list of configurations currently running on the switch by using the configuration snapshot command. A snapshot is a text file that lists commands issued to the switch during the current login session. Note. A user must have read and write permission for the configuration family of commands to generate a snapshot file for those commands.
Working With Configuration Files Creating Snapshot Configuration Files User-Defined Naming Options When the snapshot syntax does not include a file name, the snapshot file is created using the default file name asc.n.snap. Here, the n character holds the place of a number indicating the order in which the snapshot file name is generated. For example, the following syntax may generate a file named asc.1.snap.
Creating Snapshot Configuration Files Working With Configuration Files (Example Snapshot File - Continued) session timeout http 99999 command-log enable ! SNMP : snmp security no security snmp community map mode off ! IP route manager : ip static-route 0.0.0.0 mask 0.0.0.0 gateway 10.255.11.254 metric 1 ! RIP : ! OSPF : ! BGP : ! IP multicast : ! IPv6 : ! RIPng : ! Health monitor : ! Interface : interfaces 1/23 speed 100 interfaces 1/23 alias "ip_phone" ! Link Aggregate : ! VLAN AGG: ! 802.
Working With Configuration Files Verifying File Configuration Verifying File Configuration You can verify the content and the status of the switch’s configuration files with commands listed in the following table. show configuration status Displays whether there is a pending timer session scheduled for a configuration file and indicates whether the running configuration and the saved configuration files are identical or different.
Verifying File Configuration page 6-14 Working With Configuration Files OmniSwitch 7700/7800/8800 Switch Management Guide April 2006
7 Managing Switch User Accounts Switch user accounts may be set up locally on the switch for users to log into and manage the switch. The accounts specify login information (combinations of usernames and passwords) and privilege or profile information, depending on the type of user. The switch has several interfaces (console, Telnet, HTTP, FTP, Secure Shell, and SNMP) through which users may access the switch. The switch may be set up to allow or deny access through any of these interfaces.
User Database Specifications Managing Switch User Accounts User Database Specifications Maximum number of alphanumeric characters in a username 47 Maximum number of alphanumeric characters in a user password 47 Maximum number of alphanumeric characters in an end-user profile name 32 Maximum number of user accounts 64 Maximum number of end-user profiles 128 User Account Defaults • Two user accounts are available on the switch by default: admin and default.
Managing Switch User Accounts Overview of User Accounts Overview of User Accounts A user account includes a login name and password. The account also includes privilege or profile information, depending on the type of user account. There are two types of accounts: network administrator accounts, and end-user or customer login accounts. Network administrator accounts are configured with user (sometimes called functional) privileges.
Overview of User Accounts Managing Switch User Accounts • Secure Shell—Any standard Secure Shell client may be used for logging into the switch. • SNMP—Any standard SNMP browser may be used for logging into the switch. For more information about connecting to the switch through one of these methods, see Chapter 1, “Logging Into the Switch,” and the OmniSwitch 7700/7800 Getting Started Guide or OmniSwitch 8800 Getting Started Guide.
Managing Switch User Accounts Overview of User Accounts Quick Steps for Creating Network Administrator User Accounts 1 Configure the user with the relevant username and password. For example, to create a user called thomas with a password of pubs, enter the following: -> user thomas password pubs For information about creating a user and setting up a password, see “Creating a User” on page 7-8.
Overview of User Accounts Managing Switch User Accounts Quick Steps for Creating Customer Login User Accounts 1 Set up a user profile through the end-user profile command. For example, configure a profile called Profile1 that specifies read-write access to the physical and basic-ip-routing command areas: -> end-user profile Profile1 read-write physical basic-ip-routing 2 Specify ports to which the profile will allow access.
Managing Switch User Accounts Overview of User Accounts Default User Settings The default user account on the switch is used for storing new user defaults for privileges or profile information. This account does not include a password and cannot be used to log into the switch. At the first switch startup, the default user account is configured for: • No read or write access. • No SNMP access. • No end-user profile.
Creating a User Managing Switch User Accounts Creating a User To create a new user, enter the user command with the desired username and password. Use the password keyword. For example: -> user thomas password techpubs In this example, a user account with a user name of thomas and a password of techpubs is stored in the local user database. Note. Typically the password should be a string of non-repeating characters.
Managing Switch User Accounts Creating a User 4 Enter the password again. -> password enter old password:******** enter new password: ********* reenter new password: ********* -> The password is now reset for the current user. At the next switch login, the user must enter the new password. Note. A new password cannot be identical to the current password; it cannot be identical to any of the three passwords that preceded the current password.
Creating a User Managing Switch User Accounts To disable the default password expiration, use the user password-expiration command with the disable option: -> user password-expiration disable Default password expiration is disabled on the switch. Specific User Password Expiration To set password expiration for an individual user’s current password, use the user command with the expiration keyword and the desired number of days or an expiration date.
Managing Switch User Accounts Configuring Privileges for a User Configuring Privileges for a User To configure privileges for a network administrator account, enter the user command with the read-only or read-write option and the desired CLI command domain names or command family names. The readonly option provides access to show commands; the read-write option provides access to configuration commands and show commands. Command families are subsets of command domains.
Configuring Privileges for a User Managing Switch User Accounts In addition to command families, the keywords all or none may be used to set privileges for all command families or no command families respectively. An example of setting up user privileges: -> user thomas read-write domain-network ip-helper telnet User thomas will have write access to all the configuration commands and show commands in the network domain, as well as Telnet and IP helper (DHCP relay) commands.
Managing Switch User Accounts Setting Up SNMP Access for a User Account Setting Up SNMP Access for a User Account By default, users can access the switch based on the SNMP setting specified for the default user account. The user command, however, may be used to configure SNMP access for a particular user. SNMP access may be configured without authentication and encryption required (supported by SNMPv1, SNMPv2, or SNMPv3).
Setting Up SNMP Access for a User Account Managing Switch User Accounts For this user, if the SNMP community map mode is enabled (the default), the SNMP community map must include a mapping for this user to a community string. In this example, the community string is our_group: -> snmp community map our_group user thomas In addition, the global SNMP security level on the switch must allow non-authenticated SNMP frames through the switch.
Managing Switch User Accounts Setting Up End-User Profiles Setting Up End-User Profiles End-user profiles are designed for user accounts in the carrier market. With end-user profiles, a network administrator can configure customer login accounts that restrict users to particular command areas over particular ports and/or VLANs. End-user profiles are only managed and stored on the switch; profiles are not stored on external servers. Note.
Setting Up End-User Profiles Managing Switch User Accounts Creating End-User Profiles To set up an end-user profile, use the end-user profile command and enter a name for the profile. Specify read-only or read-write access to particular command areas. The profile can also specify port ranges and/or VLAN ranges. The port ranges and VLAN ranges must be configured on separate command lines and are discussed in the next sections.
Managing Switch User Accounts Verifying the User Configuration Associating a Profile With a User To associate a profile with a user, enter the user command with the end-user profile keywords and the relevant profile name. For example: -> user Customer2 end-user profile Profile3 Profile3 is now associated with Customer2. When Customer2 logs into the switch, Customer2 will have access to command areas, port ranges, and VLAN ranges specified by Profile3.
Verifying the User Configuration page 7-18 Managing Switch User Accounts OmniSwitch 7700/7800/8800 Switch Management Guide April 2006
8 Managing Switch Security Switch security is provided on the switch for all available management interfaces (console, Telnet, HTTP, FTP, Secure Shell, and SNMP). The switch may be set up to allow or deny access through any of these interfaces. (Note that users attempting to access the switch must have a valid username and password.) In This Chapter This chapter describes how to set up switch management interfaces through the Command Line Interface (CLI).
Switch Security Specifications Managing Switch Security Switch Security Specifications Telnet sessions allowed 4 concurrent sessions FTP sessions allowed 4 concurrent sessions HTTP (Web browser) sessions allowed 4 concurrent sessions Secure Shell sessions (including SFTP) allowed 8 concurrent sessions Total sessions (Secure Shell, Telnet, FTP, HTTP, and console) 21 concurrent sessions SNMP sessions allowed 50 concurrent sessions Switch Security Defaults Access to managing the switch is always
Managing Switch Security Switch Security Overview Switch Security Overview Switch security features increase the security of the basic switch login process by allowing management only through particular interfaces for users with particular privileges. Login information and privileges may be stored on the switch and/or an external server, depending on the type of external server you are using and how you configure switch access.
Authenticated Switch Access Managing Switch Security Authenticated Switch Access Authenticated Switch Access (ASA) is a way of authenticating users who want to manage the switch. With authenticated access, all switch login attempts using the console or modem port, Telnet, FTP, SNMP, Secure Shell, or HTTP require authentication via the local user database or via a third-party server.
Managing Switch Security Authenticated Switch Access Network Administrator Customer login request ACE/Server login request ACE/Server The switch polls the server for login information; privileges are stored on the switch. user privileges The switch polls the server for login information; enduser profiles are stored on the switch. OmniSwitch end-user profiles OmniSwitch Authentication-Only Server (ACE/Server) Note.
Configuring Authenticated Switch Access Managing Switch Security Configuring Authenticated Switch Access Setting up Authenticated Switch Access involves the following general steps: 1 Set Up the Authentication Servers. This procedure is described briefly in this chapter. See the “Managing Authentication Servers” chapter of the OmniSwitch 7700/7800/8800 Network Configuration Guide for complete details. 2 Set Up the Local User Database.
Managing Switch Security Quick Steps for Setting Up ASA Quick Steps for Setting Up ASA 1 If the local user database will be used for user login information, set up user accounts through the user command. User accounts may include user privileges or an end-user profile.
Quick Steps for Setting Up ASA Managing Switch Security Logging facility. For more information about Switch Logging, see the OmniSwitch 7700/7800/8800 Network Configuration Guide. Note. To verify the switch access setup, enter the show aaa authentication command.
Managing Switch Security Setting Up Management Interfaces Setting Up Management Interfaces By default, authenticated access is available through the console port. Access through other management interfaces is disabled. Other management interfaces include Telnet, FTP, HTTP, Secure Shell, and SNMP. This chapter describes how to set up access for management interfaces. For more details about particular management interfaces and how they are used, see Chapter 1, “Logging Into the Switch.
Setting Up Management Interfaces Managing Switch Security Enabling Switch Access Enter the aaa authentication command with the relevant keyword that indicates the management interface and specify the servers to be used for authentication. In this example, Telnet access for switch management is enabled.
Managing Switch Security Setting Up Management Interfaces In this scenario, SNMP access is not enabled because only RADIUS servers have been included in the default setting. If servers of different types are configured and include LDAP or local, SNMP will be enabled through those servers. For example: -> aaa authentication default rad1 ldap2 local In this case, SNMP access is enabled, and users will be authenticated through ldap2 and the local database.
Configuring Accounting for ASA Managing Switch Security Configuring Accounting for ASA Accounting servers track network resources such as time, packets, bytes, etc., and user activity (when a user logs in and out, how many login attempts were made, session length, etc.). The accounting servers may be located anywhere in the network. Note the following: • Up to 4 servers may be configured. • The servers may be different types. • ACE cannot be used as an accounting server.
Managing Switch Security Verifying Switch Security Configuration Verifying Switch Security Configuration To display information about management interfaces used for Authenticated Switch Access, use the show commands listed here: show aaa authentication Displays information about the current authenticated switch session. show aaa accounting Displays information about accounting servers configured for Authenticated Switch Access or Authenticated VLANs.
Verifying Switch Security Configuration page 8-14 Managing Switch Security OmniSwitch 7700/7800/8800 Switch Management Guide April 2006
9 Using WebView The switch can be monitored and configured using WebView, Alcatel’s web-based device management tool. The WebView application is embedded in the switch and is accessible via the following web browsers: • Internet Explorer 6.0 and later for Windows NT, 2000, XP, 2003 • Netscape 7.1 for Windows NT, 2000, XP • Netscape 7.0 for Solaris SunOS 5.8 Note.
WebView CLI Defaults Using WebView WebView CLI Defaults Web Management Command Line Interface (CLI) commands allow you to enable/disable WebView, enable/disable Secure Socket Layer (SSL), and view basic WebView parameters. These configuration options are also available in WebView. The following table lists the defaults for WebView configuration through the http command.
Using WebView WebView CLI Commands WebView CLI Commands The following WebView configuration options are typically managed through the CLI. However, enabling WebView and enabling SSL may also be set up through WebView itself. Enabling/Disabling WebView WebView is enabled on the switch by default. If necessary, use the http server command to enable WebView. For example: -> http server Use the no http server command to disable WebView on the switch.
Quick Steps for Setting Up WebView Using WebView Quick Steps for Setting Up WebView 1 Make sure you have an Ethernet connection to the switch (through the Ethernet Management Port or a network interface). 2 Configure switch management for HTTP using the aaa authentication command. Enter the command, the port type that you are authenticating (http), and the name of the LDAP, RADIUS, ACE, or local server that is being used for authentication.
Using WebView WebView Overview View/Configuration Area Banner Configuration Group Feature Options Toolbar Configuration Feature WebView Chassis Home Page Banner The following features are available in the WebView Banner: • Options—Brings up the User Options Page, which is used to change the user login password. • Save Config—Brings up the Save Configuration Screen. Click Apply to save the switch’s running configuration for the next startup. • Help—Brings up general WebView Help.
WebView Overview Using WebView Feature Options Feature configuration options are displayed as drop-down menus at the top of each feature page. For more information on using the drop-down menus, see “Configuration Page” on page 9-9. View/Configuration Area The View/Configuration area is where switch configuration information is displayed and where configuration pages appear. After logging into WebView, a real-time graphical representation of the switch displays all of the switch’s current components.
Using WebView Configuring the Switch With WebView Configuring the Switch With WebView The following sections provide an overview of WebView functionality. For detailed configuration procedures, see other chapters in this guide, the OmniSwitch 7700/7800/8800 Network Configuration Guide, or the OmniSwitch 7700/7800/8800 Advanced Routing Configuration Guide. Accessing WebView WebView is accessed using any of the browsers listed on page 9-1. All of the necessary WebView files are stored on the switch.
Configuring the Switch With WebView Using WebView Home Page The first page displayed for each feature is the Home Page (e.g., IP Home). The Home Page describes the feature and provides an overview of that feature’s current configuration. If applicable, home pages display the feature’s current configuration and can also be used to configure global parameters. Each Home Page also provides a Site Map (shown below), which displays all of the configuration options available for that feature.
Using WebView Configuring the Switch With WebView Configuration Page Feature configuration options are displayed in the drop-down menus at the top of each page. The same menus are displayed on every configuration page within a feature. To configure a feature on the switch, select a configuration option from the drop down menu. There are two types of configuration pages in WebView—Global configuration pages and Table configuration pages.
Configuring the Switch With WebView Using WebView Table Configuration Page Table configuration pages show current configurations in tabular form. Entries may be added, modified, or deleted. You can delete multiple entries, but you can only modify one entry at a time. Click to select item to modify or delete. Table Configuration Page Adding a New Entry To add a new entry to the table: 1 Click Add on the Configuration page. The Add window appears (e.g., Add IP Static Route).
Using WebView Configuring the Switch With WebView 2 Complete the fields, then click Apply. The new configuration takes effect immediately and the new entry appears in the table. 3 Repeat steps 1 and 2 to add additional entries. Add Window Modifying an Existing Entry To modify an existing entry: 1 Click on the checkbox to the left of the entry on the Configuration page and click Modify. The Modify window appears (e.g., Modify IP Static Route). The current configuration is displayed in each field.
Configuring the Switch With WebView Using WebView 2 Modify the applicable field(s), then click Apply. If successful, the Modify window disappears. The new configuration takes effect immediately and the modified entry appears in the table. If there is an error, the window will remain and an error message is displayed. 3 Repeat the procedure to modify additional entries.
Using WebView Configuring the Switch With WebView Table Features Table Views Some table configuration pages can be expanded to view additional configuration information. If this option is available, a toggle switch appears at the bottom left corner of the table. To change views, click on the toggle switch (e.g., Expanded View). For example, if the table is in summary view, click on “Expanded View” to change to the expanded view.
Configuring the Switch With WebView Using WebView Table Sorting Basic Sort Table entries can be sorted by column in ascending or descending order. Initially, tables are sorted on the first column in ascending order (the number 1 appears in the first column). To sort in descending order, click on the column heading. Click again to return to ascending order. To sort on a different column, click on the column heading (the number 1 appears at the top of the column).
Using WebView Configuring the Switch With WebView Sort on a different column. Table Sort Feature—Modified Sort Advanced Sorting You can also customize the sorting display by defining primary and secondary sort criteria. To define primary and secondary column sorts, click on the “Sort” icon in the upper right corner of the table (the column headings are highlighted). Next, click on the primary and secondary column headings (the numbers 1 and 2 appear in the primary and secondary columns).
Configuring the Switch With WebView Using WebView Table Paging Some large tables (e.g., VLANs) have a paging feature that loads the table data in increments of 50 or 100 entries. If the table reaches this threshold, the first group of entries is displayed and a “Next” button appears at the bottom of the page. Click Next to view the next group of entries. Click Previous to view the previous group of entries. Click Previous to view the previous group of entries.
Using WebView Configuring the Switch With WebView Adjacencies WebView provides a graphical representation of all AMAP-supported Alcatel switches and IP phones adjacent to the switch. The following information for each device is also listed: • IP address • MAC address • Remote slot/port By clicking on a device, the Web-based device manager (if available) is displayed for that device. If a Web-based device manager is not available, a Telnet session may be launched.
WebView Help Using WebView WebView Help A general help page for using WebView is available from the banner at the top of the page. In addition, on-line help is available on every WebView page. Each help page provides a description of the page and specific instructions for each configurable field. General WebView Help To display general help for WebView, click the Help option in the WebView banner. (For information about the banner, see “WebView Page Layout” on page 9-4.
Using SNMP In This Chapter 10 Using SNMP The Simple Network Management Protocol (SNMP) is an application-layer protocol that allows communication between SNMP managers and SNMP agents on an IP network. Network administrators use SNMP to monitor network performance and to manage network resources. In This Chapter This chapter describes SNMP and how to use it through the Command Line Interface (CLI).
SNMP Specifications Using SNMP SNMP Specifications The following table lists specifications for the SNMP protocol.
Using SNMP Quick Steps for Setting Up An SNMP Management Station Quick Steps for Setting Up An SNMP Management Station An SNMP Network Management Station (NMS) is a workstation configured to receive SNMP traps from the switch. To set up an SNMP NMS using the switch’s CLI, proceed as follows: 1 Specify the user account name and the authentication type for that user.
Quick Steps for Setting Up Trap Filters Using SNMP Quick Steps for Setting Up Trap Filters You can filter traps by limiting user access to trap command families. You can also filter according to individual traps. Filtering by Trap Families The following example will create a new user account. This account will be granted read-only privileges to three CLI command families (snmp, chassis, and interface). Read-only privileges will be withheld from all other command families.
Using SNMP Quick Steps for Setting Up Trap Filters Filtering by Individual Traps The following example enables trap filtering for the coldstart, warmstart, linkup, and linkdown traps. The identification numbers for these traps are 0, 1, 2, and 3. When trap filtering is enabled, these traps will be filtered. This means that the switch will not pass them through to the SNMP management station. All other traps will be passed through.
SNMP Overview Using SNMP SNMP Overview SNMP provides an industry standard communications model used by network administrators to manage and monitor their network devices. The SNMP model defines two components: the SNMP Manager and the SNMP Agent. Network Management Station OmniSwitch SNMP Agent SNMP Manager SNMP Network Model • The SNMP Manager resides on a workstation hosting the management application. It can query agents using SNMP operations.
Using SNMP SNMP Overview Using SNMP for Switch Management The Alcatel switch can be configured using the Command Line Interface (CLI), SNMP or the WebView device management tool. When configuring the switch using SNMP, an NMS application (such as HP OpenView) is used. Although MIB browsers vary depending on which software package is used, they all have a few things in common.
SNMP Overview Using SNMP The community string security standard offers minimal security and is generally insufficient for networks where need for security is high. Although SNMPv1 lacks bulk message retrieval capabilities and security features, it is widely used and is a de facto standard in the Internet environment. SNMPv2 SNMPv2 is a later version of the SNMP protocol. It uses the same Get, Set, GetNext and Trap operations as SNMPv1 and supports the same community-based security standard.
Using SNMP SNMP Overview SNMP Traps Table The following table provides information on all SNMP traps supported by the switch. Each row includes the trap name, its ID number, any objects (if applicable), its command family, and a description of the condition the SNMP agent in the switch is reporting to the SNMP management station. You can generate a list of SNMP traps that are supported on your switch by using the show snmp trap config command. No.
SNMP Overview Using SNMP No. Trap Name Objects Family Description 5 entConfigChange none module An entConfigChange notification is generated when a conceptual row is created, modified, or deleted in one of the entity tables. 6 aipAMAPStatusTrap aipAMAPLastTrapReason aipAMAPLastTrapPort aip The status of the Alcatel Mapping Adjacency Protocol (AMAP) port changed. aipAMAPLastTrapReason—Reason for last change of port status.
Using SNMP SNMP Overview No. Trap Name Objects 9 chassisTrapsStr- chassis Level chassisTrapsStrAppID chassisTrapsStrSnapID chassisTrapsStrfileName chassisTrapsStrfileLineNb chassisTrapsStrErrorNb chassisTrapsStrcomments chassisTrapsStrdataInfo chassisTrapsStr Family Description A software trouble report (STR) was sent by an application encountering a problem during its execution. chassisTrapsStrLevel—An enumerated value that provides the urgency level of the STR.
SNMP Overview Using SNMP No. Trap Name Objects 11 chassis physicalIndex chassisTrapsObjectType chassisTrapsObjectNumber chasEntPhysOperStatus chassisTrapsStateChange Family Description An NI status change was detected. physicalIndex—The physical index of the involved object. chassisTrapsObjectType—An enumerated value that provides the object type involved in the alert trap. chassisTrapsObjectNumber—A number defining the order of the object in the set (e.g.
Using SNMP SNMP Overview No. Trap Name Objects 15 healthMonRx- health Status healthMonRxTxStatus healthMonMemoryStatus healthMonCpuStatus healthMonCmmTempStatus healthMonCmmCpuTempStatus healthMonDeviceTrap Family Description Indicates a device-level threshold was crossed. healthMonRxStatus—Rx threshold status indicating if threshold was crossed or no change. healthMonRxTxStatus— RxTx threshold status indicating if threshold was crossed or no change.
SNMP Overview Using SNMP No. Trap Name Objects 18 bgpPeerLastEr- bgp ror bgpPeerState bgpEstablished Family Description The BGP routing protocol has entered the established state. bgpPeerLastError—The last error code and subcode seen by this peer on this connection. If no error has occurred, this field is zero. Otherwise, the first byte of this two byte OCTET STRING contains the error code, and the second byte contains the subcode. bgpPeerState—The BGP peer connection state.
Using SNMP SNMP Overview No. Trap Name Objects 22 dvmrpInterface- ipmr LocalAddress dvmrpNeighborState dvmrpNeighborLoss Family Description A 2-way adjacency relationship with a neighbor has been lost. This trap is generated when the neighbor state changes from “active” to “one-way,” “ignoring” or “down.” The trap is sent only when the switch has no other neighbors on the same interface with a lower IP address than itself.
SNMP Overview Using SNMP No. Trap Name Objects 24 rmon alarmIndex alarmVariable alarmSampleType alarmValue alarmRisingThreshold risingAlarm Family Description An Ethernet statistical variable has exceeded its rising threshold. The variable’s rising threshold and whether it will issue an SNMP trap for this condition are configured by an NMS station running RMON. alarmIndex—An index that uniquely identifies an entry in the alarm table.
Using SNMP SNMP Overview No. Trap Name Objects Family Description 27 vStpNumber vStpRootPortNumber stp A root port has changed for a spanning tree bridge. The root port is the port that offers the lowest cost path from this bridge to the root bridge. stpRootPortChange vStpNumber—The Spanning Tree number identifying this instance. vStpRootPortNumber—The port ifindex of the port which offers the lowest cost path from this bridge to the root bridge for this spanning tree instance.
SNMP Overview Using SNMP No. Trap Name Objects 33 slbTrapInfoEn- load balancing tityGroup slbTrapInfoOperStatus slbTrapInfoClusterName slbTrapInfoServerIpAddr slbTrapOperStatus Family Description A change occurred in the operational status of the server load balancing entity. slbTrapInfoEntityGroup—The entity group inside SLB management. slbTrapInfoOperStatus—The operational status of an SLB cluster or server. slbTrapInfoClusterName—A change occurred in the operational status of an SLB entity.
Using SNMP SNMP Overview No. Trap Name Objects 38 stack alaStackMgrStackSta- manager tus alaStackMgrSlotNINumber alaStackMgrTrapLinkNumber alaStackMgrNeighborChangeTrap Family Description Indicates whether or not the stack is in loop. alaStackMgrStackStatus—Indicates whether the stack is or is not in a loop. alaStackMgrSlotNINumber—The numbers allocated for the stack NIs are from 1to 8. alaStackMgrTrapLinkNumber—Holds the link number when the stack is not in a loop.
SNMP Overview Using SNMP No. Trap Name Objects Family Description 42 gmBindRuleType gmBindRuleVlanId gmBindRuleIPAddress gmBindRuleMacAddress gmBindRulePortIfIndex gmBindRuleProtoClass gmBindRuleEthertype gmBindRuleDsapSsap vlan Occurs whenever a binding rule which has been configured gets violated. gmBindRuleViolation gmBindRuleType—Type of binding rule for which trap sent. gmBindRuleVlanId—Binding Rule VLAN Id. gmBindRuleIPAddress—Binding Rule IP address.
Using SNMP SNMP Overview No. Trap Name Objects 47 pethPsePortDe- module tectionStatus pethPsePortOnOffNotification Family Description Indicates if power inline port is or is not delivering power to the a power inline device. pethPsePortDetectionStatus—Describes the operational status of the port PD detection. A value of disabled(1)- indicates that the PSE State diagram is in the state IDLE.
SNMP Overview Using SNMP No. Trap Name Objects Family Description 52 ospfRouterId ospfVirtNbrArea ospfVirtNbrRtrId ospfVirtNbrState ospf Indicates a state change of the virtual neighbor relationship. ospfVirtNbrStateChange ospfRouterId—A 32-bit integer uniquely identifying the router in the Autonomous System. By convention, to ensure uniqueness, this should default to the value of one of the router’s IP interface addresses. ospfVirtNbrArea—The Transit Area Identifier.
Using SNMP SNMP Overview No. Trap Name Objects Family Description 55 alaStackMgrSlotNINumber chassis The element identified by alaStackMgrSlotNINumber will enter the pass through mode because its operational slot was cleared with immediate effect. alaStackMgrClearedSlotTrap alaStackMgrSlotNINumber—Numbers allocated for the stack NIs as follows: - 0: invalid slot number - 1..8: valid and assigned slot numbers corresponding to values from the entPhysicalTable - 1001..
SNMP Overview Using SNMP No. Trap Name Objects 59 gmOverloadRu- vlan leTable gmOverloadRuleType gmOverloadRuleVlanId gmOverloadRuleMacAddress gmOverloadRuleIpAddress gmOverloadRuleProtocol gmOverloadRuleIpxNetwork gmHwVlanRuleTableOverloadAlert Family Description An overload trap occurs whenever a new entry to the hardware VLAN rule table gets dropped due to the overload of the table. gmOverloadRuleTable—Overloaded hardware VLAN rule table.
Using SNMP SNMP Overview No. Trap Name Objects Family Description 64 traplnkaggId traplnkaggPortIfIndex linkaggregation This trap is sent when any given port of the link aggregate group is removed due to an invalid configuration. lnkaggPortRemove traplnkaggId—Index value of the Link Aggregate group. traplnkaggIfIndex—Port of the Link Aggregate group.
Using SNMP For Switch Security Using SNMP Using SNMP For Switch Security Community Strings (SNMPv1 and SNMPv2) The switch supports the SNMPv1 and SNMPv2c community strings security standard. When a community string is carried over an incoming SNMP request, that community string must match up with a user account name as listed in the community string database on the switch. Otherwise, the SNMP request will not be processed by the SNMP agent in the switch.
Using SNMP Using SNMP For Switch Security Encryption and Authentication (SNMPv3) Two important processes are used to verify that the message contents have not been altered and that the source of the message is authentic. These processes are encryption and authentication. A typical data encryption process requires an encryption algorithm on both ends of the transmission and a secret key (like a code or a password).
Using SNMP For Switch Security Using SNMP Setting SNMP Security By default, the switch is set to “privacy all” which means the switch accepts only authenticated and encrypted v3 Sets, Gets, and Get-Nexts. You can configure different levels of SNMP security by entering snmp security followed by the command parameter for the desired security level.
Using SNMP Working with SNMP Traps Working with SNMP Traps The SNMP agent in the switch has the ability to send traps to the management station. It is not required that the management station requests them. Traps are messages alerting the SNMP manager to a condition on the network. A trap message is sent via a PDU issued from the switch’s network management agent. It is sent to alert the management station to some event or condition on the switch.
Working with SNMP Traps Using SNMP Authentication Trap The authentication trap is sent when an SNMP authentication failure is detected. This trap is a signal to the management station that the switch received a message from an unauthorized protocol entity. This normally means that a network entity attempted an operation on the switch for which it had insufficient authorization. When the SNMP authentication trap is enabled, the switch will forward a trap to the management station.
Using SNMP SNMP MIB Information SNMP MIB Information MIB Tables You can display MIB tables and their corresponding command families by using the show snmp mib family command. The MIB table identifies the MIP identification number, the MIB table name and the command family. If a command family is not valid for the entire MIB table, the command family will be displayed on a per-object basis.
SNMP MIB Information Using SNMP Industry Standard MIBs The following table lists industry standard MIBs supported by the OmniSwitch 7700/7800/8800. MIB Name Description Dependencies BGP4-MIB, RFC 1657 Definitions of Managed Objects for the Fourth Version SNMPv2-SMI of the Border Gateway Protocol (BGP-4) using SMIv2. BRIDGE-MIB, RFC 1493: The Bridge MIB for managing MAC bridges based on SNMPv2-SMI, the IEEE 802.1D standard between Local Area NetRFC1215-MIB work (LAN) segments.
Using SNMP SNMP MIB Information MIB Name Description IEEE8021-PAE-MIB This MIB modules defines 802.1X ports used for port- SNMPv2-SMI, based access control. SNMPv2-TC, SNMPv2-CONF, SNMPFRAMEWORKMIB IF-MIB IF-MIB, RFC 2863 The Interfaces Group MIB. Contains generic SNMPv2-SMI, information about the physical interfaces of the entity. SNMPv2-TC, SNMPv2-CONF, SNMPv2-MIB, IANAifType-MIB IGMP-STD-MIB, RFC 2933 Internet Group Management Protocol MIB.
SNMP MIB Information Using SNMP MIB Name Description Novell RIPSAP MIB This MIB defines the management information for the SNMPv2-SMI Routing Information Protocol (RIP) and Service Advertising Protocol (SAP) protocols running in a Novell Internetwork Packet Exchange (IPX) protocol environment. It provides information in addition to that contained in the IPX MIB itself. All tables in this MIB are linked to an instance of IPX via the system instance identifier as defined in the IPX MIB.
Using SNMP SNMP MIB Information MIB Name Description Dependencies SNMP-FRAMEWORK MIB, RFC 2571 An Architecture for Describing SNMP Management Frameworks. SNMPv2-SMI, SNMPv2-TC, SNMPv2-CONF SNMP-MPD-MIB, RFC 2572 Message Processing And Dispatching For The Simple SNMPv2-SMI, Network Management Protocol (SNMP). SNMPv2-CONF SNMP-NOTIFICATION MIB, RFC 2573 SNMP Applications, Notifications SNMP Entity Remote Configuration.
SNMP MIB Information Using SNMP MIB Name Description Dependencies TUNNEL-MIB, RFC 2667 IP Tunnel MIB SNMPv2-SMI, SNMPv2-TC, SNMPv2-CONF, IF-MIB UDP-MIB, RFC 2013 SNMPv2 Management Information Base for the User Datagram Protocol using SMIv2. SNMPv2-SMI, SNMPv2-CONF VRRP-MIB, RFC 2787 Definitions of Managed Objects for the Virtual Router SNMPv2-SMI, Redundancy Protocol (VRRP).
Using SNMP SNMP MIB Information Enterprise (Proprietary) MIBs The following table lists the enterprise proprietary MIBs supported by the OmniSwitch 7700/7800/8800. Note. The ALCATEL-IND1-BASE* MIB is required for all MIBs listed in this table. MIB Name Description ALCATEL-IND1AAA-MIB Definitions of managed objects for the Authentication, SNMPv2-SMI, Authorization, and Accounting (AAA) subsystem.
SNMP MIB Information Using SNMP MIB Name Description Dependencies* ALCATEL-IND1INTERSWITCHPROTOCOL-MIB Definitions of managed objects for the Interswitch Protocol (i.e., GMAP, XMAP) subsystem. SNMPv2-SMI, SNMPv2-TC, SNMPv2-CONF ALCATEL-IND1IP-MIB Definitions of managed objects for the IP Stack subsystem. SNMPv2-SMI, SNMPv2-TC, SNMPv2-CONF, IP-MIB ALCATEL-IND1IPMRM-MIB Definitions of managed objects for the IP Multicast Routing Manager (IPMRM) subsystem.
Using SNMP SNMP MIB Information MIB Name Description Dependencies* ALCATEL-IND1OSPF-MIB Definitions of managed objects for the Open Shortest Path First (OSPF) subsystem. SNMPv2-SMI, SNMPv2-TC, SNMPv2-CONF ALCATEL-IND1PARTITIONED-MGRMIB Definitions of the user Partitioned Manager subsystem. SNMPv2-SMI, SNMPv2-TC, SNMPv2-CONF, Q-BRIDGE-MIB, SNMPFRAMEWORKMIB, SNMPv2-TC ALCATEL-IND1PCAM-MIB Definitions of managed objects for the Coronado L3HRE Manager subsystem.
SNMP MIB Information Using SNMP MIB Name Description Dependencies* ALCATEL-IND1TRAP-MGR-MIB Definitions of managed objects for the SNMP Notification (i.e., Trap) Manager subsystem. SNMPv2-SMI, SNMP-v2-TC, SNMPv2-CONF ALCATEL-IND1UDP-RELAY-MIB Definitions of managed objects for the User Datagram SNMPv2-SMI, Protocol (UDP) Relay subsystem. SNMPv2-TC, SNMPv2-CONF ALCATEL-IND1VLAN-MGR-MIB Definitions of managed objects for the VLAN Manager subsystem.
Using SNMP Verifying the SNMP Configuration Verifying the SNMP Configuration To display information about SNMP management stations, trap management, community strings, and security, use the show commands listed in the following table. show snmp station Displays current SNMP station information including IP address, UDP Port number, Enabled/Disabled status, SNMP version and user account names.
Verifying the SNMP Configuration page 10-42 Using SNMP OmniSwitch 7700/7800/8800 Switch Management Guide April 2006
A Software License and Copyright Statements This appendix contains Alcatel and third-party software vendor license and copyright statements. Alcatel License Agreement ALCATEL INTERNETWORKING, INC. (“AII”) SOFTWARE LICENSE AGREEMENT IMPORTANT. Please read the terms and conditions of this license agreement carefully before opening this package. By opening this package, you accept and agree to the terms of this license agreement.
Alcatel License Agreement Software License and Copyright Statements 3. Confidentiality. AII considers the Licensed Files to contain valuable trade secrets of AII, the unauthorized disclosure of which could cause irreparable harm to AII. Except as expressly set forth herein, Licensee agrees to use reasonable efforts not to disclose the Licensed Files to any third party and not to use the Licensed Files other than for the purpose authorized by this License Agreement.
Software License and Copyright Statements Alcatel License Agreement 10. Governing Law. This License Agreement shall be construed and governed in accordance with the laws of the State of California. 11. Severability. Should any term of this License Agreement be declared void or unenforceable by any court of competent jurisdiction, such declaration shall have no effect on the remaining terms herein. 12. No Waiver.
Third Party Licenses and Notices Software License and Copyright Statements Third Party Licenses and Notices The licenses and notices related only to such third party software are set forth below: A.
Software License and Copyright Statements Third Party Licenses and Notices C. Linux Linux is written and distributed under the GNU General Public License which means that its source code is freely-distributed and available to the general public. D. GNU GENERAL PUBLIC LICENSE: Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc.
Third Party Licenses and Notices Software License and Copyright Statements verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term “modification”.) Each licensee is addressed as “you”. Activities other than copying, distribution and modification are not covered by this License; they are outside its scope.
Software License and Copyright Statements Third Party Licenses and Notices b Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c Accompany it with the information you received as to the offer to distr
Third Party Licenses and Notices Software License and Copyright Statements consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.
Software License and Copyright Statements Third Party Licenses and Notices Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program.
Third Party Licenses and Notices Software License and Copyright Statements Material copyright Linux Online Inc. Design and compilation copyright (c)1994-2002 Linux Online Inc. Linux is a registered trademark of Linus Torvalds Tux the Penguin, featured in our logo, was created by Larry Ewing Consult our privacy statement URLWatch provided by URLWatch Services. All rights reserved. E.
Software License and Copyright Statements Third Party Licenses and Notices H. Apptitude, Inc. Provided with this product is certain network monitoring software (“MeterWorks/RMON”) licensed from Apptitude, Inc., whose copyright notice is as follows: Copyright (C) 1997-1999 by Apptitude, Inc. All Rights Reserved. Licensee is notified that Apptitude, Inc. (formerly, Technically Elite, Inc.
Third Party Licenses and Notices Software License and Copyright Statements L. Wind River Systems, Inc. Provided with this product is certain software (“Run-Time Module”) licensed from Wind River Systems, Inc.
Index B banner login 1-15 pre-login text 1-16 boot.
Index application examples 6-2 errors 6-7 specifications 6-2 configuration files 4-3, 5-3 configuration snapshot command 6-6, 6-11 configuration syntax check command 6-8 console port 1-4 copy certified working command 4-16 copy flash-synchro command 4-22 copy running-config working command 4-12 copy working certified command 4-16 copy working certified flash-synchro command cp command 2-12, 2-14, 4-25 customer login user accounts application examples 7-6 D date 2-33, 6-4 Daylight Savings Time see DST defa
Index L LDAP accounting servers Authenticated Switch Access 8-12 LDAP servers for switch security 8-4 logging into the switch application examples 1-3 login banner 1-15 defaults 1-2 specifications 1-2 login settings verify information about 1-18 ls command 2-6, 5-10 ls -r command 2-12 M Management Information Bases see MIBs MD5 authentication 10-27 memory 2-16 MIBs enterprise 10-37 industry standard 10-32 mkdir command 2-11 more command 5-18, 6-9 move command 2-15 mv command 2-15 N network administrator
Index S screen display 5-17 prompt 5-13, 5-17 secondary CMM swapping with the primary 4-23 synchronizing with primary 4-21 Secure Shell 1-4, 1-8, 8-9 algorithms 1-10 DSA key 8-11 key exchange 1-10 managing the switch 8-11 Secure Socket Layer see SSL WebView 9-3 security SNMP 10-26 session banner command 1-15 session login-attempt command 1-17 session login-timeout command 1-17 session prompt command 5-17 session timeout command 1-17 sftp command 1-8, 1-13, 2-22, 2-31 SHA authentication 10-27 show alias com
Index T W tables displays 5-18 filters 5-22 takeover command 2-33, 4-23 Telnet 1-4, 1-6 telnet command 1-6 time 2-34, 6-4 time zone 2-33 timed sessions 6-7 Trap Filters application examples 10-4 traps authentication 10-30 families 10-29 filters 10-4, 10-29 management 10-30 tty command 5-17 WebView 9-1 accessing WebView 9-7 adjacencies 9-17 application example 9-4 browser setup 9-2 CLI commands 9-3 configuring the switch with 9-7 defaults 9-2 disabling 9-3 enabling 9-3 on-line help 9-18 SSL 9-3 who comma
Index Index-6 OmniSwitch 7700/7800/8800 Switch Management Guide April 2006