Administering Avaya Virtual Services Platform 7200 Series and 8000 Series Release 5.0 NN47227-600 Issue 07.
© 2014-2016, Avaya, Inc. All Rights Reserved. Notice While reasonable efforts have been made to ensure that the information in this document is complete and accurate at the time of printing, Avaya assumes no liability for any errors. Avaya reserves the right to make changes and corrections to the information in this document without the obligation to notify any person or organization of such changes.
Nortel Products” or such successor site as designated by Avaya. For Heritage Nortel Software, Avaya grants Customer a license to use Heritage Nortel Software provided hereunder solely to the extent of the authorized activation or authorized usage level, solely for the purpose specified in the Documentation, and solely as embedded in, for execution on, or for communication with Avaya equipment.
Marks without prior written consent from Avaya or such third party which may own the Mark. Nothing contained in this site, the Documentation, Hosted Service(s) and product(s) should be construed as granting, by implication, estoppel, or otherwise, any license or right in and to the Marks without the express written permission of Avaya or the applicable third party. Avaya is a registered trademark of Avaya Inc. All non-Avaya trademarks are the property of their respective owners.
Contents Chapter 1: Introduction.......................................................................................................... 10 Purpose................................................................................................................................ 10 Related resources................................................................................................................. 10 Training.........................................................................................
Contents Changing the primary or secondary boot configuration files...................................................... 45 Configuring boot flags using ACLI........................................................................................... 46 Configuring serial port devices................................................................................................ 51 Displaying the boot configuration............................................................................................
Contents Associating a port to a VRF instance................................................................................. 95 Configuring CP Limit........................................................................................................ 95 Configuring an IP address for the management port........................................................... 96 Editing the management port parameters..........................................................................
Contents Time distribution within a subnet..................................................................................... 130 Synchronization............................................................................................................ 130 NTP modes of operation................................................................................................ 130 NTP authentication........................................................................................................
Contents System access security enhancements using ACLI.......................................................... 183 System access configuration using EDM............................................................................... 197 Enabling access levels................................................................................................... 197 Changing passwords.....................................................................................................
Chapter 1: Introduction Purpose This document provides information on features in VSP Operating System Software (VOSS).
Related resources Reference for VSP Operating System Software, NN47227-100 for a list of all the VSP 4000 documents. Training Ongoing product training is available. For more information or to register, you can access the Web site at http://avaya-learning.com/. Viewing Avaya Mentor videos Avaya Mentor videos provide technical content on how to install, configure, and troubleshoot Avaya products.
Introduction types of documentation for a specific product, for example, Application & Technical Notes for Virtual Services Platform 7000. Procedure 1. In an Internet browser, go to https://support.avaya.com. 2. Type your username and password, and then click Login. 3. Under My Information, select SSO login Profile. 4. Click E-NOTIFICATIONS. 5. In the GENERAL NOTIFICATIONS area, select the required documentation types, and then click UPDATE. 6. Click OK. 7.
Support 11. Click Submit. Support Go to the Avaya Support website at http://support.avaya.com for the most up-to-date documentation, product notices, and knowledge articles. You can also search for release notes, downloads, and resolutions to issues. Use the online service request system to create a service request. Chat with live agents to get answers to questions, or request an agent to connect you to a support team if an issue requires additional expertise.
Introduction 3. In the Search dialog box, select the option In the index named .pdx. 4. Enter a search word or phrase. 5. Select any of the following to narrow your search: • Whole Words Only • Case-Sensitive • Include Bookmarks • Include Comments 6. Click Search. The search results show the number of documents and instances found. You can sort the search results by Relevance Ranking, Date Modified, Filename, or Location. The default is Relevance Ranking.
Chapter 2: New in this document The following sections detail what is new in Administering Avaya Virtual Services Platform 7200 Series and 8000 Series, NN47227-600. Release 5.0 Channelization The VSP 8400 supports channelization on one 40G port into four 10G ports for any or all 40G ports on 8418XSQ, 8408QQ, and 8418XTQ. For more information, see Channelization on page 69.
New in this document Switched UNI with channelization The current release supports S-UNI operation on channelized ports. For more information, see Switched UNI with channelization on page 69. January 2016 Administering Avaya VSP 7200 Series and 8000 Series Comments on this document? infodev@avaya.
Chapter 3: Basic administration The following sections describe common procedures to configure and monitor the switch. Basic administration procedures using ACLI The following section describes common procedures that you use while you configure and monitor the switch operations. Note: Unless otherwise stated, to perform the procedures in this section, you must log on to the Privileged EXEC mode in Avaya Command Line Interface (ACLI).
Basic administration Example Switch:1> enable Save the configuration to the default location: Switch:1# save config Identify the file as a backup file and designate a location to save the file: Switch:1# save config backup /usb/PreUpgradeBackup.cfg Variable definitions Use the data in the following table to use the save config command. Variable Value backup WORD<1–99> Saves the specified file name and identifies the file as a backup file. WORD<1–99> uses one of the following format: • a.b.c.
Basic administration procedures using ACLI About this task Restart the switch to implement configuration changes or recover from a system failure. When you restart the system, you can specify the boot config file name. If you do not specify a boot source and file, the boot command uses the configuration files on the primary boot device defined by the boot config choice command. After the switch restarts normally, it sends a cold trap within 45 seconds after the restart. Procedure 1.
Basic administration Resetting the platform About this task Reset the platform to reload system parameters from the most recently saved configuration file. Procedure 1. Enter Privileged EXEC mode: enable 2. Reset the switch: reset [-y] Example Switch:1> enable Reset the switch: Switch:1# reset Are you sure you want to reset the switch? (y/n) y Variable definitions Use the data in the following table to use the reset command.
Basic administration procedures using ACLI sys shutdown 3. Before you unplug the power cord, wait until you see the following message: System Halted, OK to turn off power Example Shut down a running system. Switch:1#sys shutdown Are you sure you want shutdown the system? Y/N (y/n) ? y CP1 [05/08/14 15:47:50.164] 0x00010813 00000000 GlobalRouter HW INFO System shutdown initiated from CLI CP1 [05/08/14 15:47:52.000] LifeCycle: INFO: Stopping all processes CP1 [05/08/14 15:47:53.
Basic administration Example Ping an IP device from a GRT VLAN IP interface: Switch:1# ping 192.0.2.16 192.0.2.16 is alive Variable definitions Use the data in the following table to use the ping command. Variable Value count <1–9999> Specifies the number of times to ping (1–9999). -d Configures the ping debug mode. This variable detects local software failures (ping related threads creation or write to sending socket) and receiving issues (ICMP packet too short or wrong ICMP packet type).
Basic administration procedures using ACLI Variable Value source WORD <1–256> Specifies an IP address to be used as the source IP address in the packet header. -t <1–120> Specifies the no-answer timeout value in seconds (1–120). vrf WORD<0–16> Specifies the virtual routing and forwarding (VRF) name from 1–16 characters. WORD<0–256> Specifies the host name or IPv4 (a.b.c.d) address (string length 0–256). Specifies the address to ping.
Basic administration Table 3: Variable definitions Variable Value -a Adds data to the output file instead of overwriting it. You cannot use the -a option with the -c option. -c Compares the checksum of the specified file by WORD<1–99> with the MD5 checksum present in the checksum file name. You can specify the checksum file name using the -f option. If the checksum filename is not specified, the file / intflash/checksum.md5 is used for comparison.
Basic administration procedures using ACLI Resetting system functions About this task Reset system functions to reset all statistics counters, the console port (10101). Procedure 1. Enter Privileged EXEC mode: enable 2.
Basic administration 2. Source a configuration: source WORD<1–99> [debug] [stop] [syntax] Example Switch:1> enable Debug the script output: Switch:1# source testing.cfg debug Variable definitions Use the data in the following table to use the source command. Table 5: Variable definitions Variable Value debug Debugs the script output. stop Stops the merge after an error occurs. syntax Verifies the script syntax. WORD<1–99> Specifies a filename and location in one of the following format: • a.b.c.
Basic administration procedures using EDM 3. Click Chassis. 4. Click the System tab. 5. Locate ActionGroup4 near the bottom of the screen. 6. Select softReset from ActionGroup4. 7. Click Apply. Showing the MTU for the system About this task Perform this procedure to show the MTU configured for the system. Procedure 1. On the Device Physical View, select the Device. 2. In the navigation tree, open the following folders: Configuration > Edit. 3. Click Chassis. 4. Click on the Chassis tab. 5.
Basic administration Name Description UsbBytesUsed Specifies the number of bytes used in USB device. UsbBytesFree Specifies the number of bytes available for use in USB device. UsbNumFiles Specifies the number of files in USB device. Displaying available storage space About this task Display information about the available space for storage devices on this system. Procedure 1. In the navigation tree, open the following folders: Configuration > Edit. 2. Click Chassis. 3.
Basic administration procedures using EDM Name Description Slot Specifies the slot number of the device. Name Specifies the directory name of the file. Date Specifies the creation or modification date of the file. Size Specifies the size of the file. Displaying internal flash files Display information about the files on the internal flash. Note: Following procedure is supported on VSP 7000 series and VSP 8000 series only. Procedure 1.
Basic administration Name Description Slot Specifies the slot number of the device. Name Specifies the directory name of the file. Date Specifies the creation or modification date of the file. Size Specifies the size of the file. Copying a file About this task Copy files on the internal flash. Procedure 1. In the navigation tree, open the following folders:Configuration > Edit. 2. Click File System. 3. Click the Copy File tab. 4. Edit the fields as required. 5. Click Apply.
Basic administration procedures using EDM Saving the configuration About this task After you change the configuration, you must save the changes on the device. Save the configuration to a file to retain the configuration settings. Note: When you logout of the EDM interface, a dialogue box automatically prompts if you want to save the configuration. If you want to save the configuration, click OK. If you want to close without saving the configuration, click Cancel.
Chapter 4: System startup fundamentals This section provides conceptual material on the boot sequence and boot processes of the switch. Review this content before you make changes to the configurable boot process options. spbm-config-mode boot flag Shortest Path Bridging (SPB) and Protocol Independent Multicast (PIM) cannot interoperate with each other on the switch at the same time. To ensure that SPB and PIM stay mutually exclusive, Avaya implemented a new boot flag called spbm-config-mode.
Boot sequence Figure 1: Boot sequence Stage 1: Loading Linux The port contains a boot flash partition that stores the boot images, which include the boot loader, and the Linux kernel and applications. The boot flash partition contains two versions of the boot January 2016 Administering Avaya VSP 7200 Series and 8000 Series Comments on this document? infodev@avaya.
System startup fundamentals image: a committed version (the primary release) and a backup version. A committed version is one that is marked as good (if you can start the system using that version). The system automatically uses the backup version if the system fails the first time you start with a new version. Stage 2: Loading the primary release The switch can install a maximum of six releases but can only load one of two—a primary (committed) release or a backup release.
System flags Table 6: Configuration file statements Sample statement # software version Action : 4.0.0.0 Adds clarity to the configuration by identifying the software version. Configures the flag to the false condition, prior to loading the general configuration. #!no boot config flags sshd Boot sequence modification You can change the boot sequence in the following ways: • Change the primary designations for file sources. • Change the file names from the default values.
System startup fundamentals The following table lists parameters you configure in ACLI using the boot config flags command. For information on system flags and their configuration, see Configuring system flags on page 46.
Client and server support Client and server support The client-server model partitions tasks between servers that provide a service and clients that request a service. For active ACLI clients, users initiate a client connection from the VSP switch to another device. For non-active clients, the client exists on the switch and the switch console initiates the request, with no intervention from users after the initial setup. For instance, Network Time Protocol (NTP) is a non active client.
System startup fundamentals The switch supports the following servers using IPv4: • File Transfer Protocol (FTP) • Hypertext Transfer Protocol (HTTP) • Hypertext Transfer Protocol Secure (HTTPS) • remote shell (rsh) • rlogin • Secure Copy (SCP) • Secure File Transfer Protocol (SFTP) • Secure Shell version 2 (SSHv2) • Telnet • Trivial File Transfer Protocol (TFTP) January 2016 Administering Avaya VSP 7200 Series and 8000 Series Comments on this document? infodev@avaya.
Chapter 5: Boot parameter configuration using ACLI Use the procedures in this section to configure and manage the boot process. • To perform the procedures in this section, you must log on to Global Configuration mode in ACLI. For more information about how to use ACLI and how to log on to the software, see Using ACLI and EDM on VSP Operating System Software, NN47227-103.
Boot parameter configuration using ACLI Switch:1# boot config flags factorydefaults Configuring the remote host logon Before you begin • The FTP server must support the FTP passive (PASV) command. If the FTP server does not support the passive command, the file transfer is aborted, and then the system logs an error message that indicates that the FTP server does not support the passive command. About this task Configure the remote host logon to modify parameters for FTP and TFTP access.
Enabling remote access services About this task File Transfer Protocol (FTP), Trivial File Transfer Protocol (TFTP), remote login (rlogin), Secure Shell version 2 (SSHv2), and Telnet server support IPv4 addresses. Procedure 1. Enter Global Configuration mode: enable configure terminal 2. Enable the access service: boot config flags {ftpd|rlogind|sshd|telnetd|tftpd} 3. Save the configuration.
Boot parameter configuration using ACLI Variable Value • debug-config [file]— Logs the line-by-line configuration file processing and result of the execution to the debug file while the device loads the configuration file. The system logs the debug config output to /intflash/debugconfig_primary.txt for the primary configuration file. The system logs the debug config output to /intflash/ debugconfig_backup.txt for the backup configuration, if the backup configuration file loads.
Enabling remote access services Variable Value secure passwords. If you operate the switch in High Secure mode, the switch prompts a password change if you enter invalid-length passwords. logging The logging command is used to activate or disable system logging. The default value is enabled. The system names log files according to the following: • File names appear in 8.3 (log.xxxxxxxx.sss) format. • The first 6 characters of the file name contain the last three bytes of the chassis base MAC address.
Boot parameter configuration using ACLI Variable Value telnetd Activates or disables the Telnet server service. The default is disabled. tftpd Activates or disables Trivial File Transfer Protocol server service. The default value is disabled. trace-logging Activates or disables the creation of trace logs. The default value is disabled. Important: Do not change this parameter unless directed by Avaya. verify-config Activates syntax checking of the configuration file. The default is enabled.
Changing the primary or secondary boot configuration files Changing the primary or secondary boot configuration files About this task Change the primary or secondary boot configuration file to specify which configuration file the system uses to start. Configure the primary boot choices. You have a primary configuration file that specifies the full directory path and a secondary configuration file that also contains the full directory path. Procedure 1.
Boot parameter configuration using ACLI Table 9: Variable definitions Variable Value {backup-config-file|config-file} Specifies that the boot source uses either the configuration file or a backup configuration file. WORD<0–255> Identifies the configuration file. WORD<0–255> is the device and file name, up to 255 characters including the path, in one of the following format: • a.b.c.
Configuring boot flags using ACLI no boot config flags 4. Configure the boot flag to the default value: default boot config flags 5. Save the changed configuration.
Boot parameter configuration using ACLI Variable Value The options are: • debug-config [console]—Displays the line-by-line configuration file processing and result of the execution on the console while the device loads the configuration file. • debug-config [file]— Logs the line-by-line configuration file processing and result of the execution to the debug file while the device loads the configuration file. The system logs the debug config output to /intflash/debugconfig_primary.
Configuring boot flags using ACLI Variable Value • The password must contain a minimum of 2 uppercase characters, 2 lowercase characters, 2 numbers, and 2 special characters. • Aging time • Failed login attempt limitation The default value is disabled. If you enable High Secure mode, you must restart the switch to enforce secure passwords. If you operate the switch in High Secure mode, the switch prompts a password change if you enter invalid-length passwords.
Boot parameter configuration using ACLI Variable Value Use the no operator so that you can configure PIM and IGMP. The boot flag is enabled by default. To set this flag to the default value, use the default operator with the command. sshd Activates or disables the SSHv2 server service. The default value is disabled. telnetd Activates or disables the Telnet server service. The default is disabled. tftpd Activates or disables Trivial File Transfer Protocol server service.
Configuring serial port devices Configuring serial port devices About this task Configure the serial port devices to define connection settings for the console port (10101). Procedure 1. Enter Global Configuration mode: enable configure terminal 2. Optionally, specify 8 data bits: boot config sio console 8databits 3. Optionally, change the baud rate for the port: boot config sio console baud <9600–115200> 4. Save the changed configuration. 5. Restart the switch.
Boot parameter configuration using ACLI Variable Value The default value is 9600. To configure this option to the default value, use the default operator with the command. Displaying the boot configuration About this task Display the configuration to view current or changed settings for the boot parameters. Procedure 1. Enter Privileged EXEC mode: enable 2. View the configuration: show boot config Example Show the current boot configuration.
Displaying the boot configuration Table 12: Variable definitions Variable Value choice Shows the current boot configuration choices. flags Shows the current flag settings. general Shows system information. host Shows the current host configuration. running-config [verbose] Shows the current boot configuration. If you use verbose, the system displays all possible information. If you omit verbose, the system displays only the values that you changed from their default value.
Chapter 6: Run-time process management using ACLI Configure and manage the run-time process using the Avaya Command Line Interface (ACLI). To perform the procedures in this section, you must log on to Global Configuration mode in ACLI. For more information about how to use ACLI, see Using ACLI and EDM on VSP Operating System Software, NN47227-103. Configuring the date About this task Configure the calendar time in the form of month, day, year, hour, minute, and second. Procedure 1.
Configuring the time zone Table 13: Variable definitions Variable Value MMddyyyyhhmmss Specifies the date and time in the format month, day, year, hour, minute, and second. Configuring the time zone About this task Configure the time zone to use an internal system clock to maintain accurate time. The time zone data in Linux includes daylight changes for all time zones up to the year 2038. You do not need to configure daylight savings. The default time zone is Coordinated Universal Time (UTC).
Run-time process management using ACLI Table 14: Variable definitions Variable Value WORD<1–10> Specifies a directory name or a time zone name in /usr/share/zoneinfo, for example, Africa, Australia, Antarctica, or US. To see a list of options, enter clock time-zone at the command prompt without variables. WORD<1–20> WORD<1–20> The first instance of WORD<1–20> is the area within the timezone. The value represents a time zone data file in /usr/share/zoneinfo/ WORD<1–10>/, for example, Shanghai in Asia.
Configuring the run-time environment terminal length <8–64> 8.
Run-time process management using ACLI Variable Value • Use the no operator before this parameter, no loginmessage, to disable the default logon banner and display the new banner. Use the data in the following table to use the passwordprompt command. Table 16: Variable definitions Variable Value WORD<1-1510> Changes the ACLI password prompt. • WORD<1-1510> is an ASCII string from 1–1510 characters.
Configuring the logon banner Table 20: Variable definitions Variable Value <8–64> Configures the number of lines in the output display for the current session. To configure this option to the default value, use thedefault operator with the command. The default is value 23. disable|enable Configures scrolling for the output display. The default is enabled. Use the no operator to remove this configuration. To configure this option to the default value, use the default operator with the command.
Run-time process management using ACLI Table 21: Variable definitions Variable Value custom|static Activates or disables use of the default banner. displaymotd Enables displaymotd. motd Sets the message of the day banner. WORD<1–80> Adds lines of text to the ACLI logon banner. Configuring the message-of-the-day About this task Configure a system login message-of-the-day in the form of a text banner that appears after each successful logon. Procedure 1.
Configuring ACLI logging Table 22: Variable definitions Variable Value WORD<1–1516> Creates a message of the day to display with the logon banner. To provide a string with spaces, include the text in quotation marks ("). To set this option to the default value, use the default operator with the command. Configuring ACLI logging About this task Use ACLI logging to track all ACLI commands executed and for fault management purposes. The ACLI commands are logged to the system log file as CLILOG module.
Run-time process management using ACLI Variable definitions Use the data in the following table to use the clilog commands. Table 23: Variable definitions Variable Value enable Activates ACLI logging. To disable, use the no clilog enable command. Configuring system parameters About this task Configure individual system-level switch parameters to configure global options for the switch. Procedure 1. Enter Global Configuration mode: enable configure terminal 2.
Configuring system message control Variable definitions Use the data in the following table to use the sys command. Table 24: Variable definitions Variable Value mtu <1522|9600> Activates Jumbo frame support for the data path. The value can be either 1522, 1950 (default), or 9600 bytes. 1950 or 9600 bytes activate Jumbo frame support. name WORD<0–255> Configures the system, or root level, prompt name for the switch. WORD<0–255> is an ASCII string from 0–255 characters (for example, LabSC7 or Closet4).
Run-time process management using ACLI sys msg-control control-interval <1-30> 5.
Extending system message control To enable the message control feature, you must specify an action, control interval, and maximum message number. After you enable the feature, the log messages, which get repeated and cross the maximum message number in the control interval, trigger the force message feature. You can either suppress the message or send a trap notification, or both. Procedure 1. Enter Global Configuration mode: enable configure terminal 2.
Chapter 7: Chassis operations The following sections provide information for chassis operations such as hardware and software compatibility. Chassis operations fundamentals This section provides conceptual information for chassis operations such as hardware and software compatibility and power management. Read this section before you configure the chassis operations.
Chassis operations fundamentals If you want out-of-band management, Avaya recommends that you define a specific static route in the Management Router VRF to the IP subnet where your management application resides. When you specify a static route in the Management Router VRF, it enables the client management applications originating from the switch to perform out-of-band management without affecting inband management. This enables in-band management applications to operate in the Global Router VRF.
Chassis operations • a software process that enters an infinite loop The software lock-up detect feature monitors processes to ensure that the software functions within expected time limit. The CPU logs detail about suspended tasks in the log file. For additional information about log files, see Managing Faults on Avaya Virtual Services Platform 7200 Series and 8000 Series, NN47227-702. Jumbo frames Jumbo packets and large packets are particularly useful in server and storage over Ethernet applications.
Chassis operations fundamentals Channelization Channelization allows you to configure 40 Gbps QSFP+ ports to operate as four 10 Gigabit Ethernet ports. You can use QSFP+ to four SFP+ breakout cables or QSFP+ transceivers with fiber breakout cables to connect the 10 Gigabit Ethernet ports to other servers, storage, and switches. By default, the ports are not channelized, which means that the 40 Gbps QSFP+ ports operate as 40 Gigabit Ethernet ports. You can enable or disable channelization on a port.
Chassis operations Chassis operations configuration using ACLI This section provides the details to configure basic hardware and system settings. Enabling jumbo frames About this task Enable jumbo frames to increase the size of Ethernet frames the chassis supports. Procedure 1. Enter Global Configuration mode: enable configure terminal 2.
Chassis operations configuration using ACLI Procedure 1. Enter Global Configuration mode: enable configure terminal 2. Enable port lock globally: portlock enable 3. Log on to GigabitEthernet Interface Configuration mode: interface gigabitethernet {slot/port[/sub-port][-slot/port[/subport]][,...]} 4. Lock a port: lock port {slot/port[/sub-port][-slot/port[/sub-port]][,...
Chassis operations Configuring SONMP About this task Configure the SynOptics Network Management Protocol (SONMP) to allow a network management station (NMS) formulate a map that shows the interconnections between Layer 2 devices in a network. The default status is enabled. Procedure 1. Enter Global Configuration mode: enable configure terminal 2. Disable SONMP: no autotopology 3.
Chassis operations configuration using ACLI ========================================================================================== Local Port Rem IpAddress SegmentId MacAddress ChassisType BT LS CS Port -----------------------------------------------------------------------------------------0/0 10.139.43.35 0x000000 b0adaa419c00 VSP8404 12 Yes HtBt 0/0 2/1 10.139.43.20 0x010102 b0adaa404004 VSP8404 12 Yes HtBt 1/2/1 2/2/1 10.139.43.
Chassis operations Associating a port to a VRF instance Associate a port to a Virtual Router Forwarding (VRF) instance so that the port becomes a member of the VRF instance. Before you begin • The VRF instance must exist. For more information about the creation of VRFs, see Configuring IP Routing on Avaya Virtual Services Platform 7200 Series and 8000 Series, NN47227-505. About this task You can assign a VRF instance to a port after you configure the VRF.
Chassis operations configuration using ACLI Before you begin • Do not configure a default route in the Management VRF. • If you want out-of-band management, Avaya recommends that you define a specific static route in the Management Router VRF to the IP subnet where your management application resides. • If you initiate an FTP session from a client device behind a firewall, you should set FTP to passive mode.
Chassis operations Variable Value Specifies the IP address followed by the subnet mask. Use the data in the following table to use the ipv6 interface address command. Variable Value WORD<0-255> Specifies the IPv6 address and prefix length. Configuring Ethernet ports with Autonegotiation Configure Ethernet ports so they operate optimally for your network conditions. These ports use the Small Form Factor Pluggable plus (SFP+) transceivers.
Chassis operations configuration using ACLI 2. Enable Autonegotiation: auto-negotiate [port {slot/port[/sub-port][-slot/port[/sub-port]] [,...]}] enable 3. Disable Autonegotiation: no auto-negotiate [port {slot/port[/sub-port][-slot/port[/sub-port]] [,...]}] enable Example Switch:>enable Switch:1#configure terminal Switch:1(config)#interface gigabitethernet 4/2 Switch:1(config-if)#auto-negotiate enable Variable definitions Use the data in following table to use the auto-negotiate command.
Chassis operations Variable Value port in 1 GbE mode while the 10 GbE transceiver is still installed. The port is ready to go upon the changeover to the 1 GbE transceiver. In addition, you can use a saved configuration file with autonegotiation enabled to boot a system with either 10 GbE or 1 GbE transceivers installed. If you install a 1 GbE transceiver, the system applies autonegotiation.
Chassis operations configuration using ACLI 3. Display the status of the ports: show interfaces gigabitEthernet channelize [{slot/port[-slot/port] [,...]}] To display the details of the sub-ports, use: show interfaces gigabitEthernet channelize detail [{slot/port/subport[-slot/port/sub-port][,...]}] 4. To disable channelization on a port, enter: no channelize [port {slot/port/sub-port[-slot/port/sub-port][,...
Chassis operations Configuring serial management port dropping Configure the serial management ports to drop a connection that is interrupted for any reason. If you enable serial port dropping, the serial management ports drop the connection for the following reasons: • modem power failure • link disconnection • loss of the carrier Serial ports interrupted due to link disconnection, power failure, or other reasons force out the user and end the user session.
Chassis operations configuration using EDM Procedure 1. Enter Global Configuration mode: enable configure terminal 2. Configure slot power: [no] sys power slot {slot[-slot][,...
Chassis operations Procedure 1. In the Device Physical View tab, select the Device. 2. In the navigation tree, open the following folders: Configuration > Edit. 3. Click Chassis. 4. Click the System tab. 5. Type the contact information in the sysContact field. 6. Type the system name in the sysName field. 7. Type the location information in the sysLocation field. 8. Click Apply. System field descriptions Use the data in the following table to use the System tab.
Chassis operations configuration using EDM Name Description • saveRuntimeConfig—saves the current run-time configuration • loadLicense—Loads a software license file to enable features ActionGroup2 Specifies the following action: resetlstStatCounters—Resets the IST statistic counters ActionGroup3 Can be the following action: • flushIpRouteTbl—flushes IP routes from the routing table ActionGroup4 Can be the following action: • softReset—resets the device without running power-on tests • resetConsole—r
Chassis operations Name Description NumSlots Specifies the number of slots available in the chassis: • VSP 7200 Series 2 slots • VSP 8200: 1 slot • VSP 8400: 4 slots NumPorts Specifies the number of ports currently installed in the chassis. BaseMacAddr Specifies the starting point of the block of MAC addresses used by the switch for logical and physical interfaces. MacAddrCapacity Specifies the number of routable MAC addresses based on the BaseMacAddr.
Chassis operations configuration using EDM Procedure 1. In the navigation tree, open the following folders: Configuration > Edit. 2. Click Chassis. 3. Click the System Flags tab. 4. Select the system flags you want to activate. 5. Clear the system flags you want to deactivate. 6. Click Apply. Important: After you change certain configuration parameters, you must save the changes to the configuration file. System Flags field descriptions Use the data in the following table to use the System Flags tab.
Chassis operations Procedure 1. In the Device Physical View tab, select a 40Gbps port. 2. In the navigation tree, expand the following folders: Configuration > Edit > Port. 3. Click General. 4. Click the Channelization tab. 5. To enable channelization on the port, select the enable button. 6. Click the Apply button. Alternatively, you can rignt-click on the port on the physical view, and select Channelization Enable. 7.
Chassis operations configuration using EDM Procedure 1. In the Device Physical View tab, select a port. 2. In the navigation tree, open the following folders: Configuration > Edit > Port. 3. Click General. 4. Click the Interface tab. 5. Configure the fields as required. The 10/100BASE-TX ports do not consistently autonegotiate with older 10/100BASE-TX equipment. You can sometimes upgrade the older devices with new firmware or driver revisions.
Chassis operations Name Description AdminStatus Configures the port as enabled (up) or disabled (down) or testing. The testing state indicates that no operational packets can be passed. OperStatus Displays the current status of the port. The status includes enabled (up) or disabled (down) or testing. The testing state indicates that no operational packets can be passed. ShutdownReason Indicates the reason for a port state change. LastChange Displays the timestamp of the last change.
Chassis operations configuration using EDM Name Description transceivers installed. If you install a 1 GbE transceiver, the system applies autonegotiation. If you install a 10 GbE transceiver, the system does not remove the autonegotiation settings from the configuration, but the system simply ignores the configuration because autonegotiation settings are irrelevant to a 10 GbE transceiver.
Chassis operations Name Description OperRouting Shows the routing status of the port. HighSecureEnable Enables or disables the high secure feature for this port. RmonEnable Enables or disables Remote Monitoring (RMON) on the interface. The default is disabled. IpsecEnable Enables or disables IP security (IPsec) on the interface. The default is disabled. IngressRateLimit Limits the traffic rate accepted by the specified ingress port.
Chassis operations configuration using EDM Boot field descriptions Use the data in the following table to use the Boot Config tab. Name Description SwVersion Specifies the software version that currently runs on the chassis. LastRuntimeConfigSource Specifies the last source for the run-time image. PrimaryConfigSource Specifies the primary configuration source. PrimaryBackupConfigSource Specifies the backup configuration source to use if the primary does not exist.
Chassis operations Name Description EnableSpbmConfigMode Enables you to configure SPB and IS-IS, but you cannot configure PIM and IGMP either globally or on an interface. The boot flag is enabled by default. EnableIpv6Mode Enable this flag to support IPv6 routes with prefixlengths greater than 64 bits. This flag is disabled by default. EnableEnhancedsecureMode Enables or disables enhanced secure mode. The default is disabled.
Chassis operations configuration using EDM Name Description EnableDebugMode Enabling the debugmode will provide the opportunity to allow user to enable TRACE on any port by prompting the selection on the console during boot up. This allows the user start trace for debugging earlier on specified port. It only works on console connection. By default, it is disabled. Important: Do not change this parameter unless directed by Avaya.
Chassis operations Procedure 1. On the Device Physical View, select the Device. 2. In the navigation tree, open the following folders: Configuration > Edit. 3. Click Chassis. 4. Click the Chassis tab. 5. In MTU size, select either 1950, 9600 or 1522. 6. Click Apply. Configuring the date and time About this task Configure the date and time to correctly identify when events occur on the system. Procedure 1. On the Device Physical View, select the Device. 2.
Chassis operations configuration using EDM Name Description Second Configures the second (integer 0–59). The default is 0. Time Zone Configures the time zone. Associating a port to a VRF instance About this task Associate a port to a Virtual Router Forwarding (VRF) instance so that the port becomes a member of the VRF instance. You can assign a VRF instance to a port after you configure the VRF. The system assigns ports to the GlobalRouter, VRF 0, by default. Procedure 1.
Chassis operations CP Limit field descriptions Use the data in the following table to use the CP Limit tab. Name Description AutoRecoverPort Activates or disables auto recovery of the port from action taken by CP Limit or link flap features. The default value is disabled. Configuring an IP address for the management port Configure an IP address for the management port so that you can remotely access the device using the out-of-band (OOB) management port. The management port runs on a dedicated VRF.
Chassis operations configuration using EDM 2. Click Set VRF Context View. 3. Select MgmtRouter, VRF 512. 4. Click Launch VRF Context View. A new EDM webpage appears for the VRF context. Parameters that you cannot configure for this context appear dim. 5. In the Device Physical view, select the management port. 6. In the navigation tree, expand the following folders: Configuration > Edit. 7. Click Mgmt Port. 8. Click the IP Address tab. 9. Click Insert. 10. Configure the IP address and mask. 11.
Chassis operations Editing the management port parameters About this task The management port on the CP module is a 10/100/1000 Mb/s Ethernet port that you can use for an out-of-band management connection to the switch. If you use EDM to configure the static routes of the management port, you do not receive a warning if you configure a non-natural mask.
Chassis operations configuration using EDM Name Description Note: The 10 GigabitEthernet fiber-based I/O module ports can operate at either 1 Gigabit per second (Gbps) or 10 Gbps, dependent upon the capabilities optical transceiver that you install. This presents an ambiguity with respect to the autonegotiation settings of the port, while 1 Gigabit Ethernet (GbE) ports require autonegotiation; autonegotiation is not defined and is non-existent for 10 GbE ports.
Chassis operations 3. Click Mgmt Port. 4. Click the IPv6 Interface tab. 5. Click Insert. 6. Edit the fields as required. 7. Click Insert. 8. Click Apply. IPv6 Interface field descriptions Use the data in the following table to use the IPv6 Interface tab. Name Description Interface Identifies the unique IPv6 interface. Descr Specifies a textual string containing information about the interface. The network management system also configures the Descr string. Type Specifies the type of interface.
Chassis operations configuration using EDM Avaya supports IPv6 addressing with Ping, Telnet, and SNMP. Procedure 1. In the Device Physical View tab, select the management port. 2. In the navigation tree, expand the following folders: Configuration > Edit. 3. Click Mgmt Port. 4. Click the IPv6 Addresses tab. 5. Click Insert. 6. In the Addr box, type the required IPv6 address for the management port. 7. In the AddrLen box, type the number of bits from the IPv6 address you want to advertise. 8. Click Insert.
Chassis operations Auto reactivating the port of the SLPP shutdown About this task Use the following procedure to auto reactivate the port which is shut down by the SLPP. Procedure 1. In the Device Physical View tab, select a port. 2. In the navigation tree, open the following folders: Configuration > Edit > Port. 3. Click General. 4. Click the CP Limit tab. 5. Select AutoRecoverPort to activate auto recovery of the port from the action taken by SLPP shutdown features. The default value is disabled. 6.
Chassis operations configuration using EDM Enabling port lock About this task Use the port lock feature to administratively lock a port or ports to prevent other users from changing port parameters or modifying port action. You cannot modify locked ports until you first unlock the port. Procedure 1. In the navigation tree, open the following folders: Configuration > Security > Control Path. 2. Click General. 3. Click the Port Lock tab. 4. To enable port lock, select the Enable check box. 5. Click Apply.
Chassis operations 6. Click Ok. 7. In the Port Lock tab, click Apply. Port Lock field descriptions Use the data in the following table to use the Port Lock tab. Name Description Enable Activates the port lock feature. Clear this check box to unlock ports. The default is disabled. LockedPorts Lists the locked ports. Click the ellipsis (...) button to select the ports you want to lock or unlock.
Chassis operations configuration using EDM Procedure 1. For VSP 8400 only, in the navigation tree, expand the following folders: Configuration > Edit. 2. Click Chassis. 3. Click the Power Consumption tab. Power consumption field descriptions Use the data in the following table to use the Power Consumption tab. Name Description Index Displays an index value that identifies the component. PowerStatus Displays the power status. SlotDescription Displays the slot number.
Chassis operations Viewing topology status information About this task View topology status information (which includes Avaya Management MIB status information) to view the configuration status of the SynOptics Network Management Protocol (SONMP) on the system. Procedure 1. In the navigation tree, open the following folders: Configuration > Edit > Diagnostics. 2. Click Topology. 3. Click the Topology tab. Topology field descriptions Use the data in the following table to use the Topology tab.
Chassis operations configuration using EDM Name Description Slot Specifies the slot number in the chassis that received the topology message. Port Specifies the port that received the topology message. SubPort Specifies the channel of a channelized 40 Gbps port that received the topology message. IpAddr Specifies the IP address of the sender of the topology message. SegId (RemPort) Specifies the segment identifier of the segment from which the remote agent sent the topology message.
Chassis operations Name Description PatternId Specifies a pattern identification number in the range 1–32. Pattern Specifies a forced message control pattern of 4 characters. The software and the hardware log messages that use the first four bytes matching one of the patterns in the force-msg table undergo the configured message control action. You can specify up to 32 different patterns in the force-msg table, including a wildcard pattern (****).
Chapter 8: Hardware status using EDM This section provides methods to check the status of basic hardware in the chassis using Enterprise Device Manager (EDM). Configuring polling intervals About this task Enable and configure polling intervals to determine how frequently EDM polls for port and LED status changes or detects the hot swap of installed ports. Procedure 1. In the navigation tree, open the following folders: Configuration > Device. 2. Click Preference Setting. 3.
Hardware status using EDM Viewing module information View the administrative status for modules in the front of the chassis. About this task This procedure applies only to VSP 8400. VSP 8400 provides slots for four Ethernet Switch Modules (ESM). Procedure 1. In the Device Physical View tab, select an ESM. 2. In the navigation tree, expand the following folders: Configuration > Edit. 3. Click Card. 4. Click the Card tab. Card field descriptions Use the data in the following table to use the Card tab.
Viewing temperature on the chassis Detail field descriptions Use the data in the following table to use the Detail tab. Name Description Type Describes the type of power used—AC or DC. Description Provides a description of the power supply. SerialNumber Specifies the power supply serial number. HardwareRevision Specifies the hardware revision number. PartNumber Specifies the power supply part number.
Hardware status using EDM 4. Click the Temperature tab. Temperature field descriptions Use the data in the following table to use the Temperature tab. Name Description CpuTemperature Current CPU temperature in Celsius. MacTemperature Current MAC component temperature in Celsius. Phy1Temperature Current PHY 1 component temperature in Celsius. This field does not apply to VSP 7254XSQ. Phy2Temperature Current PHY 2 component temperature in Celsius. This field does not apply to VSP 7254XSQ.
Chapter 9: Domain Name Service The following sections provide information on the Domain Name Service (DNS) implementation for the switch. DNS fundamentals This section provides conceptual material on the Domain Name Service (DNS) implementation for the switch. Review this content before you make changes to the configurable DNS options. DNS client Every equipment interface connected to a Transmission Control Protocol over IP (TCP/IP) network is identified with a unique IPv4 or IPv6 address.
Domain Name Service IPv6 Support The Domain Name Service (DNS) used by the switch supports both IPv4 and IPv6 addresses with no difference in functionality or configuration. DNS configuration using ACLI This section describes how to configure the Domain Name Service (DNS) client using Avaya command line interface (ACLI). DNS supports IPv4 and IPv6 addresses.
DNS configuration using ACLI Variable definitions Use the data in the following table to use the ip domain-name command. Table 30: Variable definitions Variable Value WORD<0–255> Configures the default domain name. WORD<0–255> is a string 0–255 characters. Use the data in the following table to use the ip name-server command. Table 31: Variable definitions Variable Value primary|secondary|tertiary WORD<0–46> Configures the primary, secondary, or tertiary DNS server address.
Domain Name Service Switch:1(config)# show hosts 10.10.10.1 Variable definitions Use the data in the following table to use the show hosts command. Table 32: Variable definitions Variable Value WORD<0–256> Specifies one of the following: • the name of the host DNS server as a string of 0– 256 characters. • the IP address of the host DNS server in a.b.c.d format. • The IPv6 address of the host DNS server in hexadecimal format (string length 0–46).
DNS configuration using EDM 6. In the DnsServerListAddressType box, select the IP version. 7. In the DnsServerListAddress box, enter the DNS server IP address. 8. Click Insert. DNS Servers field descriptions Use the data in the following table to use the DNS Servers tab. Name Description DnsServerListType Configures the DNS server as primary, secondary, or tertiary. DnsServerListAddressType Configures the DNS server address type as IPv4 or IPv6.
Domain Name Service Name Description HostAddressType Identifies the address type of the host. HostAddress Identifies the host IP address. This variable is a read-only field. HostSource Identifies the DNS server IP or host file. This variable is a read-only field. January 2016 Administering Avaya VSP 7200 Series and 8000 Series Comments on this document? infodev@avaya.
Chapter 10: Licensing The following sections provide information on the Licensing features, activation, and installation on the switch. Licensing fundamentals This section provides conceptual information about feature licensing for the switch. Review this section before you make changes to the license configuration. Feature licensing This product uses the Product Licensing and Delivery System (PLDS) as the license order, delivery and management tool.
Licensing • PLDS Premier Trial License plus MACsec – This license is for MACsec and Layer 3 VSNs including Multicast and Fabric Extend. The PLDS Premier Trial License is generated using the system MAC address of a switch and can only be generated and used once for a given MAC address. After the expiry of the 60 day trial period, you will see messages on the console and in the alarms database that the license has expired.
Licensing fundamentals • OSPF in the GRT with IP Shortcuts • BGP in the GRT and VRF • BGP in the GRT with IP Shortcuts • SPB in the GRT with IP Shortcuts • Multicast using IP-Shortcuts • GRT with IP Shortcuts • Route Policy Virtualization in the GRT and the GRT with IP Shortcuts • IP Multicast Routing parity with IGMP v1, v2, and v3 • IP VRF • IPv6 • SMLT • Switched UNI Premier License The Premier License activates the following features in addition to features covered by the Base License: • Layer 3 Virtu
Licensing The system logs the preceding messages even if you do not use or test license features during the trial period. If you load a valid license on the system, it does not record the preceding messages. License type and part numbers The following table provides the part number for the various licenses supported on the switch.
License installation using ACLI Note: You can enable FTP or TFTP in the boot config flags and then initiate an FTP or a TFTP session from your workstation to put the file on the server running on the switch. Procedure 1. From a remote station, or PC, use FTP or TFTP to download the license file to the device, and store the license file in the /intflash directory. 2. Enter Global Configuration mode: enable configure terminal 3.
Licensing Log in to the device and load the license. The following example shows a successful operation. Switch:1(config)#load-license Switch:1(config)#CP1 [06/12/15 15:59:57.636:UTC] 0x000005bc 00000000 GlobalRouter SW INFO License Successfully Loaded From License Type -- PREMIER +MACSEC The following example shows an unsuccessful operation. Switch:1(config)#load-license Switch:1(config)#CP1 [06/12/15 15:58:48.
License installation using EDM ************************************************************************ Features requiring a Premier license: - Layer 3 VSNs - MACsec For a Premier with MACsec license: Switch:1>show license l License file name : /intflash/premier_macsec.
Licensing 5. In the Destination box, type the flash device and the name of the license file. The license file name must have a file extension of .xml. 6. Select start. 7. Click Apply. The license file is copied to the flash of the device. The status of the file copy appears in the Result field. 8. In the navigation tree, open the following folders: Configuration > Edit. 9. Click Chassis. 10. Click the System tab. 11. In ActionGroup1, select loadLicense. 12. Click Apply.
License installation using EDM Name Description • inProgress • success • fail • invalidSource • invalidDestination • outOfMemory • outOfSpace • fileNotFound January 2016 Administering Avaya VSP 7200 Series and 8000 Series Comments on this document? infodev@avaya.
Chapter 11: Network Time Protocol The following sections provide information on the Network Time Protocol (NTP). NTP fundamentals This section provides conceptual material on the Network Time Protocol (NTP). Review this content before you make changes to the NTP configuration Overview The Network Time Protocol (NTP) synchronizes the internal clocks of various network devices across large, diverse networks to universal standard time.
NTP fundamentals NTP system implementation model NTP is based on a hierarchical model that consists of a local NTP client that runs on the switch and on remote time servers. The NTP client requests and receives time information from one or more remote time servers. The local NTP client reviews the time information from all available time servers and synchronizes its internal clock to the time server whose time is most accurate. The NTP client does not forward time information to other devices that run NTP.
Network Time Protocol Time distribution within a subnet NTP distributes time through a hierarchy of primary and secondary servers, with each server adopting a stratum, see Figure 2: NTP time servers forming a synchronization subnet on page 129. A stratum defines how many NTP hops away a particular secondary time server is from an authoritative time source (primary time server) in the synchronization subnet.
NTP fundamentals After the NTP client queries the remote time servers, the servers respond with various timestamps, along with information about their clocks, such as stratum, precision, and time reference, see Figure 3: NTP time servers operating in unicast client mode on page 131. The NTP client reviews the list of responses from all available servers and chooses one as the best available time source from which to synchronize its internal clock.
Network Time Protocol NTP configuration using ACLI This section describes how to configure the Network Time Protocol (NTP) using Avaya Command Line Interface (ACLI). Before you configure NTP, you must perform the following tasks: • Configure an IP interface on the switch and ensure that the NTP server is reachable through this interface. For instructions, see Configuring IP Routing on Avaya Virtual Services Platform 7200 Series and 8000 Series, NN47227-505.
NTP configuration using ACLI Figure 4: NTP configuration procedures Enabling NTP globally Enable NTP globally. Default values are in effect for most parameters. You can customize NTP by modifying parameters. Procedure 1. Enter Global Configuration mode: enable configure terminal 2. (Optional) Set the time interval between NTP updates or leave it at the default of 15 minutes: January 2016 Administering Avaya VSP 7200 Series and 8000 Series Comments on this document? infodev@avaya.
Network Time Protocol ntp interval <10-1440> Important: If NTP is already activated, this configuration does not take effect until you disable NTP, and then re-enable it. 3. Enable NTP globally: ntp 4. Create an authentication key: ntp authentication-key <1-2147483647> WORD<0–8> Example Specify the interval between NTP updates to 10 minutes, and then enable NTP globally.
NTP configuration using ACLI Procedure 1. Enter Global Configuration mode: enable configure terminal 2. Add an NTP server: ntp server 3. Configure additional options for the NTP server: ntp server [auth-enable] [authentication-key <0-2147483647>] [source-ip WORD <0-46>] 4. Activate the NTP server: ntp server enable Example Switch:> enable Switch:1 configure terminal Switch:1(config)# ntp server 192.0.2.
Network Time Protocol configure terminal 2. Create an authentication key: ntp authentication-key <1-2147483647> WORD<0–8> 3. Enable MD5 authentication for the server: ntp server auth-enable 4. Assign an authentication key to the server: ntp server
NTP configuration using EDM NTP configuration using EDM This section describes how to configure the Network Time Protocol (NTP) using Enterprise Device Manager (EDM). Before you configure NTP, you must perform the following tasks: • Configure an IP interface on the switch and ensure that the NTP server is reachable through this interface. For instructions, see Configuring IP Routing on Avaya Virtual Services Platform 7200 Series and 8000 Series, NN47227-505.
Network Time Protocol Figure 5: NTP configuration procedures Enabling NTP globally About this task Enable NTP globally. Default values are in effect for most parameters. You can customize NTP by modifying parameters. Procedure 1. In the navigation tree, open the following folders: Configuration > Edit. 2. Click NTP. 3. Click the Globals tab. 4. Select the Enable check box. January 2016 Administering Avaya VSP 7200 Series and 8000 Series Comments on this document? infodev@avaya.
NTP configuration using EDM 5. Click Apply. Globals field descriptions Use the data in the following table to use the Globals tab. Name Description Enable Activates (true) or disables (false) NTP. By default, NTP is disabled. Interval Specifies the time interval (10–1440 minutes) between successive NTP updates. The default interval is 15 minutes. Important: If NTP is already activated, this configuration does not take effect until you disable NTP, and then reenable it.
Network Time Protocol Name Description The default is no MD5 authentication. KeyId Specifies the key ID used to generate the MD5 digest for this NTP server. You must specify a number between 1–214743647. The default is 0, which indicates that authentication is disabled. AccessAttempts Specifies the number of NTP requests sent to this NTP server. AccessSuccess Specifies the number of times this NTP server updated the time.
NTP configuration using EDM Name Description Important: You cannot specify the number sign (#) as a value in the KeySecret field. The NTP server interprets the # as the beginning of a comment and truncates all text entered after the #. January 2016 Administering Avaya VSP 7200 Series and 8000 Series Comments on this document? infodev@avaya.
Chapter 12: Secure Shell The following sections describe how to use Secure Shell (SSH) to enable secure communications support over a network for authentication, encryption, and network integrity. Secure Shell fundamentals Methods of remote access such as Telnet or FTP generate unencrypted traffic. Anyone that can see the network traffic can see all data, including passwords and user names.
Secure Shell fundamentals Figure 6: Overview of the SSHv2 protocol By using a combination of host, server, and session keys, the SSHv2 protocol can provide strong authentication and secure communication over an insecure network, offering protection from the following security risks: • IP spoofing • IP source routing • Domain name server (DNS) spoofing • Man-in-the-middle/TCP hijacking attacks • Eavesdropping and password sniffing Even if network security is compromised, traffic cannot be played back or de
Secure Shell SSH public key encryption clients have to connect to the VSP server with the same access level, such as rwa then the clients must connect to the server one-by-one as the VSP only supports one public key per access level. • Encryption. The SSHv2 server uses encryption algorithms to scramble data and render it unintelligible except to the receiver.
Secure Shell fundamentals • VSP 7200 • VSP 9000 Outbound connections The SSHv2 client supports SSHv2 DSA public key authentication and password authentication. Note: You must enable SSH globally before you can generate SSH DSA user keys. The SSHv2 client is a secure replacement for outbound Telnet. Password authentication is the easiest way to use the SSHv2 client feature. Instead of password authentication, you can use DSA public key authentication between the VSP SSHv2 client and an SSHv2 server.
Secure Shell Figure 7: Separate SSH version 2 protocols The modular approach of SSHv2 improves on the security, performance, and portability of the SSHv1 protocol. Important: The SSHv1 and SSHv2 protocols are not compatible. The VSP switch does not support SSHv1. January 2016 Administering Avaya VSP 7200 Series and 8000 Series Comments on this document? infodev@avaya.
Secure Shell fundamentals User ID log of an SSH session established by SCP client Avaya Virtual Services Platform 8200 logs the user ID of an SSH session initiated by the SCP client. If an SCP client establishes an SSH session, the message appears in the following format: CP1 [08/06/15 09:43:42.230:UTC] 0x000d8602 00000000 GlobalRouter authentication succeeded for user rwa on host 10.68.231.194 CP1 [08/06/15 09:43:42.232:UTC] 0x000d8602 00000000 GlobalRouter start by user rwa on host 10.68.231.
Secure Shell Table 35: DSA user key files SSH server SSH client side SSH server side VOSS switch with enhanced secure mode disabled Private and public keys by access level: Public keys on the server side based on access level: • rwa—/intflash/.ssh/id_dsa_rwa (private key), /intflash/.ssh/ id_dsa_rwa.pub (public key) • rwa—/intflash/.ssh/dsa_key_rwa (public key) • rw—/intflash/.ssh/id_dsa_rw (private key), /intflash/.ssh/id_dsa_rw.pub (public key) • ro—/intflash/.
Secure Shell fundamentals SSH server SSH client side • privilege —/intflash/.ssh/id_dsa_priv (private key), /intflash/.ssh/ id_dsa_priv.pub (public key) SSH server side Linux with Open SSH ~/.ssh/id_dsa (private key) file permission 400 ~/.ssh/authorized_keys (public key) file ~/.ssh/id_dsa.pub (public key) file permission 644 ERS 8600/8800 — /flash/.
Secure Shell Table 36: Third-party SSH and SCP client software SSH Client Secure Shell (SSH) Secure Copy (SCP) Tera Term Pro with TTSSH extension • Supports SSHv2. • Client distribution does not include SCP client. MS Windows • Authentication: - RSA is supported when the switch acts as a server. The VSP switch does not support RSA as a client. - DSA - Password • Provides a keygen tool. • It creates both RSA and DSA keys. Secure Shell Client • Supports SSHv2 client.
Secure Shell fundamentals /intflash/.ssh/dsa_key_rwa The public part of the key must be copied to the SSH server and be named according to the naming requirement of the server. If the server is a VSP device, please consult Table 37: DSA authentication access level and file name on page 151 for proper naming convention. If a DSA key pair does not exist, you can generate the DSA key pair using the ssh dsa-user-key [WORD<1–15>][size <512-1024>] command.
Secure Shell RSA authentication access level and file name The following table lists the access levels and file names you can use for storing the SSH client authentication information using RSA. Table 38: RSA authentication access level and file name Client key format or WSM Client key in IETF format with enhanced secure mode disabled. Client key with enhanced secure mode enabled Access level File name RWA /flash/.ssh/rsa_key_rwa RW /flash/.ssh/rsa_key_rw RO /flash/.ssh/rsa_key_ro L3 /flash/.
Secure Shell configuration using ACLI SSH rekeying SSH rekeying is an SSHv2 feature that allows the SSH server/client to force a key exchange between server and client, changing the encryption and integrity keys. Once you enable SSH rekeying, key exchanges occur after a pre-determined time interval or after the data transmitted in the session reaches the data-limit threshold. SSH rekeying occurs when either the time-interval or data-limit value is met.
Secure Shell Procedure 1. From an Internet browser, browse to https://support.avaya.com. 2. Under Support by Product, select Downloads. 3. In the product search field, type the product name. 4. In the Choose Release field, click a release number. 5. Click the download title to view the selected information. 6. Click the file you want to download. 7. Login to download the required software file. 8. Use an FTP client in binary mode to transfer the file to the VSP switch.
Secure Shell configuration using ACLI About this task If you enable keyboard-interactive authentication mode, the server uses that mode over other authentication methods, except for public-key authentication, if the SSH client supports it. If you enable keyboard-interactive authentication mode, the server generates the password prompts to display to the client rather than the client generating the prompts automatically like with password-authentication.
Secure Shell ssh pass-auth 7. Configure the SSH connection port: ssh port <22,1024..49151> 8. Enable RSA authentication: ssh rsa-auth 9. Generate a new RSA host key: ssh rsa-host-key [<1024–2048>] 10. Enable SSH secure mode: ssh secure 11. Configure the authentication timeout: ssh timeout <1-120> 12. Configure the SSH version: ssh version 13.
Secure Shell configuration using ACLI Variable Value If enhanced secure mode is disabled, the valid user access levels for the switch are: • rwa — Specifies read-write-all. • rw — Specifies read-write. • ro — Specifies read-only. • rwl1 — Specifies read-write for Layer 1. • rwl2 — Specifies read-write for Layer 2. • rwl3 — Specifies read-write for Layer 3. If you enable enhanced secure mode, the switch uses role-based authentication.
Secure Shell Variable Value rsa-auth Enables RSA authentication. The default is enabled. Use the no operator before this parameter, no ssh rsa-auth, to disable RSA authentication. rsa-host-key [<1024–2048>] Generates a new SSH RSA host key. Specify an optional key size from 1024 to 2048. The default is 2048. Use the no operator before this parameter, no ssh rsa-host-key, to disable SSH RSA host key.
Secure Shell configuration using ACLI Variable definitions Use the data in the following table to use the show ssh command. Table 40: Variable definitions Variable Value global Display global system SSH information. session Display the current session SSH information. Connecting to a remote host using the SSH client Configure the SSHv2 parameters to connect to a remote host.
Secure Shell Generating user key files Configure the SSH parameters to generate DSA user key files. Procedure 1. Enter Global Configuration mode: enable configure terminal 2. Enable SSH server. 3. Create the DSA user key file: ssh dsa-user-key [WORD<1–15>][size <512–1024>] 4. Enter the encryption password to protect the key file. 5. Copy the user public key file to the remote SSH servers. 6. If you are generating the compatible keys on the Linux system, use the following steps: a.
Secure Shell configuration using ACLI Variable Value • rwl3—Specifies read-write for Layer 3. • rwl2—Specifies rread-write for Layer 2. • rwl1—Specifies read-write for Layer 1. size <512–1024> Specifies the size of the DSA user key. The default is 1024 bits. Managing an SSL certificate Perform this procedure to manage an SSL certificate on the switch. About this task If a certificate is already present, you must confirm that it can be deleted before a new one is created.
Secure Shell Note: The certificate loaded in memory remains valid until you use the ssl reset command or reboot the system. Variable definitions Use the data in the following table to use the ssl certificate command. Variable Value validity-period-in-days <30-3650> Specifies an expiration time for the certificate. The default is 365 days. Disabling SFTP without disabling SSH Disable SFTP while allowing SSH to remain active. Before you begin Enhanced secure mode must be enabled.
Secure Shell configuration using Enterprise Device Manager For information about downloading and enabling security encryption, see Downloading the software on page 153. Downloading the software Download new software to upgrade the VSP switch. Software downloads can include encryption modules and software images. Before you begin • You must have access to the new software from the Avaya support site: https:// support.avaya.com. You need a valid user or site ID and password.
Secure Shell 2. Click SSH. 3. In the Enable options, choose the type of SSH service you want to enable. 4. In the Version options, choose a version. 5. In the Port field, type a port. 6. In the MaxSession field, type the maximum number of sessions allowed. 7. In the Timeout field, type the timeout. 8. From the KeyAction options, choose a key action. 9. In the RsaKeySize box, type the RSA key size. 10. In the DSAKeySize field, type the DSA key size. 11.
Secure Shell configuration using Enterprise Device Manager Name Description MaxSession Configures the maximum number of SSHv2 sessions allowed. The value can be from 0 to 8. The default is 4. Timeout Configures the SSHv2 authentication connection timeout in seconds. The default is 60 seconds. KeyAction Configures the SSHv2 key action. The options are: • none • generateDsa • generateRsa • deleteDsa • deleteRsa RsaKeySize Configures SSHv2 RSA key size. The value can be from 1024 to 2048.
Chapter 13: System access The following sections describe how to access the switch, create users, and user passwords. System access fundamentals This section contains conceptual information about how to access the switch and create users and user passwords for access. Logging on to the system After the startup sequence is complete, the login prompt appears.
System access fundamentals Access level Description Default logon Default password Layer 1 read-write View most switch configuration and status l1 information and change physical port settings. l1 Layer 2 read-write View and change configuration and status l2 information for Layer 2 (bridging and switching) functions. l2 Layer 3 read-write View and change configuration and status l3 information for Layer 2 and Layer 3 (routing) functions.
System access Important: Only the RWA user can disable an access level on the switch. You cannot disable the RWA access level on the switch. The system preserves these configurations across restarts. hsecure bootconfig flag The switch supports a configurable flag called high secure (hsecure).
System access fundamentals • Using a VRF context other than the GlobalRouter (VRF 0), you have limited functionality to manage the system. For instance you can only manage the ports assigned to the specified VRF instance Specify the VRF instance name on the EDM screen when you launch a VRF context view. You can use the context names (SNMPv3) and community strings (SNMPv1/v2) to assign different VRFs to manage selected components, such as ports and VLANs.
System access You can define network stations that can access the switch or stations that cannot access the switch. For each service you can also specify the level of access, such as read-only or read-writeall. When you configure access policies, you can perform either of the following actions: • Globally enable the access policy feature, and then create and enable individual policies. Each policy takes effect immediately after you enable it.
System access fundamentals • Security Each username is associated with a certain role in the product and appropriate authorization rights for viewing and executing commands are available for that role. With enhanced secure mode enabled, the person in the role-based authentication level of administrator configures the login and password values for the other role-based authentication levels. The administrator initially logs on to the switch using the default login of admin and the default password of admin.
System access Access level Description access level is also known as emergency-admin. Login location Operator The operator access level can view most switch configurations and status information. The operator access level can change physical port settings at layer 2 and layer 3. The operator access level cannot access audit logs or security settings. SSH/Telnet(in band/mgmt)/ console/ Auditor The auditor access level can view configuration information, status information, and audit logs.
System access fundamentals change interval, length, complexity, no consecutive repeating characters or history requirements of the domain. Password change interval rule The system enforces a minimum password change interval, which defines the minimum amount of time before you can change to a new password. By default, the minimum change interval is 24 hours between changing from one password to a new password.
System access Password pre-notification interval and post-notification interval rule After enhanced secure mode is enabled, the switch enforces password expiry. To ensure a user does not lose access, the switch offers pre- and post-notification messages explaining when the password will expire. The administrator can define pre- and post-notification intervals to between one to 99 days. The system maintains the password with a time stamp for when the password expiration.
System access configuration using ACLI Procedure 1. Enter Global Configuration mode: enable configure terminal 2. Enable an access level: password access-level WORD<2–8> Example Switch:1> enable Switch:1# configure terminal Block ACLI access to Layer 1 to control the configuration actions of various users: Switch:1(config)# no password access-level l1 Variable definitions Use the data in the following table to use the password access-level command.
System access Before you begin • You must use an account with read-write-all privileges to change passwords. For security, the switch saves passwords to a hidden file. About this task If you enable the hsecure flag, after the aging time expires, the system prompts you to change your password. If you do not configure the aging time, the default is 90 days. Procedure 1. Enter Global Configuration mode: enable configure terminal 2.
System access configuration using ACLI Variable definitions Use the data in the following table to use the cli password command. Table 44: Variable definitions Variable Value layer1|layer2|layer3|read-only|read-write|read-writeall Changes the password for the specific access level. WORD<1–20> Specifies the user logon name. Use the data in the following table to use the password command. Table 45: Variable definitions Variable Value access level WORD<2–8> Permits or blocks this access level.
System access Variable Value password-history <3-32> Specifies the number of previous passwords the switch stores. You cannot reuse a password that is stored in the password history. The default is 3. To configure this option to the default value, use the default operator with the command. Configuring an access policy About this task Configure an access policy to control access to the switch. You can permit network stations to access the switch or forbid network stations to access the switch.
System access configuration using ACLI access-policy <1-65535> host WORD<0–46> [username WORD<0–30>] 8. Configure optional SNMP parameters for an access policy: access-policy <1-65535> [snmp-group WORD<1–32> ] OR access-policy <1-65535> [snmpv3] 9. Enable the access policy: access-policy <1-65535> enable 10.
System access Variable Value ftp Activates or disables FTP for the specified policy. Because FTP derives its login and password from the ACLI management filters, FTP works for readwrite-all (rwa) and read-write (rw) access, but not for the read-only (ro) access. Use the no operator to remove this configuration. host WORD<0–46> For remote login access, specifies the trusted host address as an IP address.
System access configuration using ACLI Variable Value is the security model; either snmpv1, snmpv2c, or usm. Use the no operator to remove this configuration. snmpv3 Activates SNMP version 3 for the access policy. Use the no operator to remove this configuration. ssh Activates SSH for the access policy. Use the no operator to remove this configuration. telnet Activates Telnet for the access policy. Use the no operator to remove this configuration.
System access Table 46: Variable definitions Variable Value name WORD<0–15> Specifies a name expressed as a string from 0–15 characters. Allowing a network access to the switch About this task Specify the network to which you want to allow access. Procedure 1. Enter Global Configuration mode: enable configure terminal 2. Specify the network: access-policy <1-65535> [mode ] [network
System access configuration using ACLI Configuring access policies by MAC address About this task Configure access-policies by MAC address to allow or deny local MAC addresses on the network management port after an access policy is activated. If the source MAC does not match a configured entry, the default action is taken. A log message is generated to record the denial of access. For connections coming in from a different subnet, the source mac of the last hop is used in decision making.
System access Displaying the boot config flags status Use the following procedure to display boot config flag status. If enhanced secure mode is enabled, the status displays as true. If enhanced secure mode is disabled, the status displays as false. Procedure 1. Enter Global Configuration mode: enable configure terminal 2. View the boot flag status: show boot config flags Example Display if enhanced secure mode is enabled.
System access configuration using ACLI After you enable enhanced secure mode, the system can provide role-based access levels, stronger password requirements, and stronger rules on password length, password complexity, password change intervals, password reuse, and password maximum age use. After you disable enhanced secure mode, the authentication, access-level, and password requirements work similarly to any of the existing commercial releases. Procedure 1.
System access Creating accounts for different access levels Use the following procedure to create accounts for different access levels in enhanced secure mode. You must be the administrator to configure the different access levels. Before you begin • You must enable enhanced secure mode. Procedure 1. Enter Global Configuration mode: enable configure terminal 2. Create accounts on the VSP switch for different access levels: password create–user {auditor|operator|privilege|security} WORD<1– 255> 3.
System access configuration using ACLI Procedure 1. Enter Global Configuration mode: enable configure terminal 2. Delete an account on the VSP switch: password delete–user username WORD<1–255> 3. Save the configuration: save config Note: The save config command saves the configuration file with the filename configured as the primary configuration filename in boot config. Use the command show boot config choice to view the current primary and backup configuration filenames.
System access save config Note: The save config command saves the configuration file with the filename configured as the primary configuration filename in boot config. Use the command show boot config choice to view the current primary and backup configuration filenames.
System access configuration using ACLI configure terminal 2. Return the system to the factory defaults: sys system-default 3. Restart the switch: reset 4. Save the configuration: save config Example Return the system to the factory defaults: Switch:1>enable Switch:1#configure terminal Switch:1(config)#sys system-default WARNING: Executing this command returns the system to factory defaults and deletes all local configured user accounts.
System access save config Note: The save config command saves the configuration file with the filename configured as the primary configuration filename in boot config. Use the command show boot config choice to view the current primary and backup configuration filenames.
System access configuration using ACLI 4. Save the configuration: save config Note: The save config command saves the configuration file with the filename configured as the primary configuration filename in boot config. Use the command show boot config choice to view the current primary and backup configuration filenames.
System access Note: The save config command saves the configuration file with the filename configured as the primary configuration filename in boot config. Use the command show boot config choice to view the current primary and backup configuration filenames.
System access configuration using ACLI Example Configure the reuse rule to 88: Switch:1>enable Switch:1#configure terminal Switch:1(config)#password password-history 30 Switch:1(config)#save config Variable definitions Use the data in the following table to use the password password-history command. Variable Value <3–32> Configures the minimum number of previous passwords to remember. The default is 3.
System access Example Configure the reuse rule to 5: Switch:1>enable Switch:1#configure terminal Switch:1(config)#password max-sessions 5 user-name jsmith Switch:1(config)#save config Variable definitions Use the data in the following table to use the password max-sessions command. Variable Value <1–8> Specifies the maximum number of sessions. The default is 3. user-name WORD<1–255> Specifies the user-name.
System access configuration using ACLI Example Configure the maximum age rule option to 100 days for user jsmith: Switch:1>enable Switch:1#configure terminal Switch:1(config)#password aging-time day 100 user jsmith Switch:1(config)#save config Variable definitions Use the data in the following table to use the password aging-time command. Variable Value day <1–365> Configures the password aging time in days. The default is 90 days. user WORD<1–255> Specifies a particular user.
System access password pre-expiry-notification-interval <1–99> <1–99> <1–99> 3. Configure post-notification rule option: password post-expiry-notification-interval <1–99> <1–99> <1–99> 4. Configure the pre-notification rule to the default: default password pre-expiry-notification-interval 5. Configure the post-notification rule to the default: default password post-expiry-notification-interval 6.
System access configuration using EDM Variable Value The first <1–99> variable specifies the first notification, the second <1–99> specifies the second notification, and the third <1–99> variable specifies the third interval. By default, the first interval is 1 day, the second interval is 7 days, and the third interval is 30 days. System access configuration using EDM The section provides procedures you can use to manage system access by using Enterprise Device Manager (EDM).
System access Name Description RWUserName Specifies the user name for the read-write CLI account. RWPassword Specifies the password for the read-write CLI account. RWL3Enable Activates the read-write Layer 3 access. The default is enabled. RWL3UserName Specifies the user name for the Layer 3 read-write CLI account. RWL3Password Specifies the password for the Layer 3 read-write CLI account. RWL2Enable Activates the read-write Layer 2 access. The default is enabled.
System access configuration using EDM 5. Click Apply. CLI field descriptions Use the data in the following table to use the CLI tab. Name Description RWAUserName Specifies the user name for the read-write-all CLI account. RWAPassword Specifies the password for the read-write-all CLI account. RWEnable Activates the read-write access. The default is enabled. RWUserName Specifies the user name for the read-write CLI account. RWPassword Specifies the password for the read-write CLI account.
System access You can allow network stations access the switch or forbid network stations to access the switch. For each service, you can also specify the level of access, such as read-only or read-write-all. HTTP and HTTPS support IPv4 and IPv6 addresses. On IPv6 networks, the switch supports SSH server, remote login (rlogin) server and Remote Shell (rsh) server only. The switch does not support outbound SSH client over IPv6, rlogin client over IPv6 or rsh client over IPv6.
System access configuration using EDM Important: If you select the AccessStrict option, you specify that a user must use an access level identical to the one you select. 18. Click Insert. Access Policies field descriptions Use the data in the following table to use the Access Policies tab. Name Description Id Specifies the policy ID. Name Specifies the name of the policy. PolicyEnable Activates the access policy. The default is enabled.
System access Name Description length. If the type is IPv6, you must enter an IPv6 address and prefix length. You do not need to provide this information if you select the NetInetAddrType of any. TrustedHostInetAddr Indicates the trusted Inet address of a host performing a remote login to the device. You do not need to provide this information if you select the NetInetAddrType of any. TrustedHostInetAddr applies only to rlogin and rsh.
System access configuration using EDM Name Description with an rw access level specified for a policy ID in the policy table is allowed rw access, and ro is denied access. The default is false. Enabling an access policy About this task Enable the access policy feature globally to control access across the switch. You can create an access policy to control access to the switch.
System access Note: You can use EDM to enable or disable enhanced secure mode. To configure the security enhancements this feature provides, you must use ACLI. Procedure 1. On the Device Physical View, select the device. 2. In the navigation pane, open the following folders: Configuration > Edit 3. Click Chassis. 4. Click the Boot Config tab. 5. Select the EnableEnhancedsecureMode check box. 6. Click Apply. 7. Save the configuration, and restart the switch.
Chapter 14: ACLI show command reference This reference information provides show commands to view the operational status of the switch. Access, logon names, and passwords Use the show cli password command to display the access, logon name, and password combinations. The syntax for this command is as follows. show cli password The following example shows output from the show cli password command.
ACLI show command reference min-passwd-len 8 password-history 3 password-rule 1 1 1 1 pre-expiry-notification-interval 1 7 30 post-expiry-notification-interval 1 7 30 access-level ACCESS LOGIN AGING MAX-SSH-SESSIONS admin rwa 90 3 privilege 90 3 operator oper1 90 3 security security 90 3 auditor auditor 90 3 Default Lockout Time 60 Lockout-Time: STATE ena dis ena ena ena Basic switch configuration Use the show basic config command to display the basic switch configuration.
CLI settings If you make a change to the switch, it appears under the specific configuration heading. The following example shows a subset of the output of this command. Switch:1#show running-config Preparing to Display Configuration... # # Sun Jan 04 14:04:23 1970 UTC # box type : VSP-8284XSQ # software version : vsp8k_4.0_B017 (PRIVATE) # cli mode : ACLI # --More-- (q = quit) Note: The output from the show running-config command displays an "end statement" near the end of the config file.
ACLI show command reference Ftp-access sessions Use the show ftp-access command to display the total sessions allowed. The syntax for this command is as follows. show ftp-access The following example shows output from the show ftp-access command. Switch:1#show ftp-access max ipv4 sessions : 4 Hardware information Use the show sys-info command to display system status and technical information about the switch hardware components.
Hardware information Serial# H/W Revision H/W Config NumSlots NumPorts BaseMacAddr MacAddrCapacity MgmtMacAddr System MTU : : : : : : : : : SDNIV84Q2002 1 2 85 b0:ad:aa:41:34:00 1024 b0:ad:aa:41:34:81 1950 Card Info : Slot# CardType Serial# Part# Oper Admin Power Status Status State 1 8242XSQ SDNIV84Q2002 -- up up on 2 8242XSQ SDNIV84Q2002 -- up up on Temperature Info : CPU Temperature MAC Temperature PHY1 Temperature PHY2 Temperature 31 35 27 30 Power Supply Info : Ps#1
ACLI show command reference LED#3 Label : Rps LED#3 Status : Off LED#4 Label : Fan LED#4 Status : GreenSteady System Error Info : Send Login Success Trap : false Send Authentication Trap : false Error Code : 0 Error Severity : 0 Port Lock Info : Status LockedPorts : off : Message Control Info : Action Control-Interval Max-msg-num Status : : : : suppress-msg 30 5 enable Configuration Operation Info : Last Change: 0 day(s), 10:37:22 Last Vlan Change: 0 day(s), 06:42:58 Last Statistic Reset: 0 day(s), 00
NTP server statistics NTP server statistics Use the show ntp statistics command to view the following information: • number of NTP requests sent to this NTP server • number of times this NTP server updated the time • number of times the client rejected this NTP server while attempting to update the time • stratum • version • sync status • reachability • root delay • precision The syntax for this command is as follows. show ntp statistics The following example shows sample command output.
ACLI show command reference Total Required Max Chassis Chassis Redundant Allocated Available Type Power Power Power Power -------------------------------------------------------------------------------8284XSQ 800 0 145 655 -------------------------------------------------------------------------------- Power information for power supplies Use the show sys power power-supply command to view detailed power information for each power supply. The syntax for this command is as follows.
System information Parameter Description mgid-usage Shows the multicast group ID (MGID) usage for VLANs and multicast traffic. msg-control Shows the system message control function status (activated or disabled). mtu Shows system maximum transmission unit (MTU) information. power Shows power information for the chassis. Command options are • power-supply—power information for each power supply • slot—power information for each slot setting Shows system settings.
ACLI show command reference max-msg-num status : 5 : disable The following example shows output from the show sys setting command. Switch:1#show sys setting udp-checksum mroute-stream-limit contact location name portlock sendAuthenticationTrap autotopology ForceTopologyIpFlag clipId-topology-ip mtu data-path-fault-shutdown : : : : : : : : : : : : enable disable http://support.avaya.com/ 211 Mt.
Telnet-access sessions The following example shows representative output from the show tech command. Switch:1#show tech Sys Info: --------------General Info : SysDescr SysName SysUpTime SysContact SysLocation : : : : : VSP-8284XSQ (4.0.0.0) VSP-8284XSQ 3 day(s), 14:22:52 http://support.avaya.com/ 211 Mt.
ACLI show command reference Telnet0 Console rwa rwa none 192.0.2.24 (current) ---------- Port egress COS queue statistics Use the show qos cosq-stats interface to retrieve the port egress COS queue statistics. The syntax for this command is as follows: show qos cosq-stats interface The following example shows output from the show qos cosq-stats interface command.
CPU queue statistics 3 4 5 6 7 8 9 10 11 12 13 14 15 0 0 0 414 0 561 28740 12005 0 0 0 7280 0 January 2016 0 0 0 35714 0 41738 1969460 2006662 0 0 0 495040 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Administering Avaya VSP 7200 Series and 8000 Series Comments on this document? infodev@avaya.
Chapter 15: Port numbering and MAC address assignment reference This section provides information about the port numbering and Media Access Control (MAC) address assignment used on the switch. Port numbering A port number includes the slot location of the port in the chassis, as well as the port position. The following diagrams illustrate the components on the front panels of the switches. For more information on hardware, see Installing the Avaya Virtual Services Platform 8000 Series, NN47227-300.
Port numbering 3. QSFP+ port LEDs are in between the ports on each slot. The up arrows refer to the port above and the down arrows refer to the port below. 4. Four QSFP+ ports: two in Slot 1 and two in Slot 2. 5. USB port 6. Console port (10101) 7. Management port — The LEDs are on the bottom of the port. 8. LEDs for system power (PWR), switch status (Status), redundant power supply (RPS), and fan modules(Fan). The following figure illustrates the front view of the VSP 8400 switch.
Port numbering and MAC address assignment reference The following figure illustrates the front view of the VSP 7200 switch. When looking at the front of the switch: • Slot 1 is the grouping of 48 ports. • Slot 2 is the grouping of 6 40 Gbps ports to the right. 1. LEDs indicating port activity are above the RJ-45 and SFP+ port. The up arrow on the left indicates the top port; the down arrow on the right indicates the bottom port. 2. 48 ports — The VSP 7254XSQ has 48 SFP/SFP+ fiber ports.
MAC address assignment To determine the port interface index through the ACLI, use the following command: show interfaces gigabitEthernet The following example shows an output for this command: Switch:1(config)#show interfaces gigabitEthernet ===================================================================================== Port Interface ===================================================================================== PORT LINK PORT PHYSICAL STATUS NUM INDEX DESCRIPTION TRAP LOCK MTU ADDRESS ADMIN
Port numbering and MAC address assignment reference Virtual MAC addresses Virtual MAC addresses are the addresses assigned to VLANs. The system assigns a virtual MAC address to a VLAN when it creates the VLAN. The MAC address for a VLAN IP address is the virtual MAC address assigned to the VLAN. January 2016 Administering Avaya VSP 7200 Series and 8000 Series Comments on this document? infodev@avaya.
Chapter 16: Supported standards, RFCs, and MIBs This chapter details the standards, request for comments (RFC), and Management Information Bases (MIB) that the switch supports. Supported IEEE standards The following table details the IEEE standards that the switch supports. Table 52: Supported IEEE standards IEEE standard Description 802.1ag Connectivity Fault Management 802.1ah Provider Backbone Bridging 802.1aq Shortest Path Bridging (SPB) 802.1AX Link Aggregation 802.1D MAC Bridges P802.
Supported standards, RFCs, and MIBs IEEE standard Description 802.1AE MAC Security 802.3ae 10Gb/s Operation, implemented as 10GBASE-X SFP+ 802.3x Full Duplex & Flow Control 802.3z 1000Mb/s Operation, implemented as 1000BASE-X SFP Supported RFCs The following table and sections list the RFCs that the switch supports. Table 53: Supported request for comments Request for comment Description draft-grant-tacacs-02.
Supported RFCs Request for comment Description RFC 1258 IPv6 Rlogin server RFC 1305 Network Time Protocol v3 Specification, Implementation and Analysis RFC 1321 MD5 Message-Digest Algorithm RFC 1340 Assigned Numbers RFC 1519 Classless Inter-Domain Routing (CIDR): an Address Assignment and Aggregation Strategy RFC 1541 Dynamic Host Configuration Protocol RFC 1542 Clarifications and Extensions for the Bootstrap Protocol RFC 1583 OSPFv2 RFC 1587 The OSPF NSSA Option RFC 1591 DNS Client R
Supported standards, RFCs, and MIBs Request for comment Description RFC 2463 Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification RFC 2464 Transmission of IPv6 packets over Ethernet networks RFC 2545 Use of BGP-4 multi-protocol extensions for IPv6 inter-domain routing RFC 2548 Microsoft vendor specific RADIUS attributes RFC 2579 Textual Conventions for SMI v2 RFC 2580 Conformance Statements for SMI v2 RFC 2616 Hypertext Transfer Protocol 1.
Quality of service Request for comment Description RFC 3748 Extensible Authentication Protocol RFC 3768 and draft-ietf-vrrp-ipv6-spec-08.
Supported standards, RFCs, and MIBs Network management Table 55: Supported request for comments Request for comment Description RFC1155 SMI RFC1157 SNMP RFC1215 Convention for defining traps for use with the SNMP RFC1271 Remote Network Monitoring Management Information Base RFC1305 Network Time Protocol v3 Specification, Implementation and Analysis3 RFC1350 The TFTP Protocol (Revision 2) RFC1354 IP Forwarding Table MIB RFC1757 Remote Network Monitoring Management Information Base RFC1907
MIBs MIBs Table 56: Supported request for comments Request for comment Description RFC1156 MIB for network management of TCP/IP RFC1212 Concise MIB definitions RFC1213 TCP/IP Management Information Base RFC1354 IP Forwarding Table MIB RFC1398 Ethernet MIB RFC1442 Structure of Management Information for version 2 of the Simple Network Management Protocol (SNMPv2) RFC1450 Management Information Base for v2 of the Simple Network Management Protocol (SNMPv2) RFC1573 Interface MIB RFC1650 Def
Supported standards, RFCs, and MIBs Standard MIBs The following table details the standard MIBs that the switch supports. Table 57: Supported MIBs Standard MIB name Institute of Electrical and Electronics Engineers/Request for Comments (IEEE/RFC) File name STDMIB2— Link Aggregation 802.3ad Control Protocol (LACP) (802.3ad) ieee802-lag.mib STDMIB3—Exensible 802.1x Authentication Protocol Over Local Area Networks (EAPoL) (802.1x) ieee8021x.
Standard MIBs Standard MIB name Institute of Electrical and Electronics Engineers/Request for Comments (IEEE/RFC) File name STDMIB26b—Message Processing and Dispatching for the SNMP RFC2572 rfc2572.mib STDMIB26c—SNMP Applications RFC2573 rfc2573.mib STDMIB26d—User-based Security Model (USM) for version 3 of the SNMP RFC2574 rfc2574.mib STDMIB26e—View-based Access Control Model (VACM) for the SNMP RFC2575 rfc2575.
Supported standards, RFCs, and MIBs Standard MIB name Institute of Electrical and Electronics Engineers/Request for Comments (IEEE/RFC) File name STDMIB43—Management Information Base for the User Datagram Protocol (UDP) RFC4113 rfc4113.mib Q-BRIDGE-MIB —Management Information Base for managing Virtual Bridged LANs RFC4363 rfc4363-q.mib Transmission Control protocol (TCP) Proprietary MIBs The following table details the proprietary MIBs that the switch supports.
Glossary Advanced Encryption Standard (AES) A privacy protocol the U.S. government organizations use AES as the current encryption standard (FIPS-197) to protect sensitive information. American Standard Code for Information Interchange (ASCII) A code to represent characters in computers. ASCII uses uppercase and lowercase alphabetic letters, numeric digits, and special symbols.
Glossary Dynamic Host Configuration Protocol (DHCP) A standard Internet protocol that dynamically configures hosts on an Internet Protocol (IP) network for either IPv4 or IPv6. DHCP extends the Bootstrap Protocol (BOOTP). Dynamic Random Access Memory (DRAM) A read-write random-access memory, in which the digital information is represented by charges stored on the capacitors and must be repeatedly replenished to retain the information.
Local Area Network (LAN) Local Area Network (LAN) A data communications system that lies within a limited spatial area, uses a specific user group and topology, and can connect to a public switched telecommunications network (but is not one). management information base (MIB) The MIB defines system operations and parameters used for the Simple Network Management Protocol (SNMP).
Glossary NonVolatile Random Access Memory (NVRAM) Random Access Memory that retains its contents after electrical power turns off. out of band (OOB) Network dedicated for management access to chassis. Packet Capture Tool (PCAP) A data packet capture tool that captures ingress and egress (on Ethernet modules only) packets on selected ports. You can analyze captured packets for troubleshooting purposes. port A physical interface that transmits and receives data.
Secure Shell (SSH) Secure Shell (SSH) SSH uses encryption to provide security for remote logons and data transfer over the Internet. Simple Loop Prevention Protocol (SLPP) Simple Hello Protocol that prevents loops in a Layer 2 network (VLAN). Simple Network Management Protocol (SNMP) SNMP administratively monitors network performance through agents and management stations. single-mode fiber (SMF) One of the various light waves transmitted in an optical fiber.
Glossary user-based security model (USM) A security model that uses a defined set of user identities for authorized users on a particular Simple Network Management Protocol (SNMP) engine. virtual router forwarding (VRF) Provides traffic isolation between customers operating over the same node. Each virtual router emulates the behavior of a dedicated hardware router by providing separate routing functionality, and the network treats each VRF as a separate physical router.
