Mers 8600 Commissioning

Nortel Metro Ethernet Routing Switch 8600
Commissioning
ATTENTION Clicking on a PDF hyperlink takes you to the appropriate page. If necessary, scroll up or down the page to see the beginning of the referenced section.
NN46220-309
.
317814-E Rev 01
Document status: Standard Document version: 01.01 Document date: 20 March 2007 Copyright 2005-2007, Nortel Networks All Rights Reserved. The information in this document is subject to change without notice. The statements, congurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full responsibility for their applications of any products specied in this document. The information in this document is proprietary to Nortel Networks Inc. The software described in this document is furnished under a license agreement and may be used only in accordance with the terms of that license. The software license agreement is included in this document. This document is sourced in Canada and the United States of America.
Restricted rights legend

Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013. Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.
Nortel Networks Inc. software license agreement

This Software License Agreement ("License Agreement") is between you, the end-user ("Customer") and Nortel Networks Corporation and its subsidiaries and afliates ("Nortel Networks"). PLEASE READ THE FOLLOWING CAREFULLY. YOU MUST ACCEPT THESE LICENSE TERMS IN ORDER TO DOWNLOAD AND/OR USE THE SOFTWARE. USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OF THIS LICENSE AGREEMENT. If you do not accept these terms and conditions, return the Software, unused and in the original shipping container, within 30 days of purchase to obtain a credit for the full purchase price. "Software" is owned or licensed by Nortel Networks, its parent or one of its subsidiaries or afliates, and is copyrighted and licensed, not sold. Software consists of machine-readable instructions, its components, data, audio-visual content (such as images, text, recordings or pictures) and related licensed materials including all whole or partial copies. Nortel Networks grants you a license to use the Software only in the country where you acquired the Software. You obtain no rights other than those granted to you under this License Agreement. You are responsible for the selection of the Software and for the installation of, use of, and results obtained from the Software. 1. Licensed Use of Software. Nortel Networks grants Customer a nonexclusive license to use a copy of the Software on only one machine at any one time or to the extent of the activation or authorized usage level, whichever is applicable. To the extent Software is furnished for use with designated hardware or Customer furnished equipment ("CFE"), Customer is granted a nonexclusive license to use Software only on such hardware or CFE, as applicable. Software contains trade secrets and Customer agrees to treat Software as condential information using the same care and discretion Customer uses with its own similar information that it does not wish to disclose, publish or disseminate. Customer will ensure that anyone who uses the Software does so only in compliance with the terms of this Agreement. Customer shall not a) use, copy, modify, transfer or distribute the Software except as expressly authorized; b) reverse assemble, reverse compile, reverse engineer or otherwise translate the Software; c) create derivative works or modications unless expressly authorized; or d) sublicense, rent or lease the Software. Licensors of intellectual property to Nortel Networks are beneciaries of this provision. Upon termination or breach of the license by Customer or in the event designated hardware or CFE is no longer in use, Customer will promptly return the Software to Nortel Networks or certify its destruction. Nortel Networks may audit by remote polling or other reasonable means to determine Customers Software activation or usage levels. If suppliers of third party software included in Software require Nortel Networks to include additional or different terms, Customer agrees to abide by such terms provided by Nortel Networks with respect to such third party software. Warranty. Except as may be otherwise expressly agreed to in writing between Nortel Networks and Customer, Software is provided "AS IS" without any warranties (conditions) of any kind. NORTEL NETWORKS DISCLAIMS ALL WARRANTIES (CONDITIONS) FOR THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
2.
PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT. Nortel Networks is not obligated to provide support of any kind for the Software. Some jurisdictions do not allow exclusion of implied warranties, and, in such event, the above exclusions may not apply. 3. Limitation of Remedies. IN NO EVENT SHALL NORTEL NETWORKS OR ITS AGENTS OR SUPPLIERS BE LIABLE FOR ANY OF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTY CLAIM; b) LOSS OF, OR DAMAGE TO, CUSTOMERS RECORDS, FILES OR DATA; OR c) DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS), WHETHER IN CONTRACT, TORT OR OTHERWISE (INCLUDING NEGLIGENCE) ARISING OUT OF YOUR USE OF THE SOFTWARE, EVEN IF NORTEL NETWORKS, ITS AGENTS OR SUPPLIERS HAVE BEEN ADVISED OF THEIR POSSIBILITY. The forgoing limitations of remedies also apply to any developer and/or supplier of the Software. Such developer and/or supplier is an intended beneciary of this Section. Some jurisdictions do not allow these limitations or exclusions and, in such event, they may not apply. General a. If Customer is the United States Government, the following paragraph shall apply: All Nortel Networks Software available under this License Agreement is commercial computer software and commercial computer software documentation and, in the event Software is licensed for or on behalf of the United States Government, the respective rights to the software and software documentation are governed by Nortel Networks standard commercial license in accordance with U.S. Federal Regulations at 48 C.F.R. Sections 12.212 (for non-DoD entities) and 48 C.F.R. 227.7202 (for DoD entities). Customer may terminate the license at any time. Nortel Networks may terminate the license if Customer fails to comply with the terms and conditions of this license. In either event, upon termination, Customer must either return the Software to Nortel Networks or certify its destruction. Customer is responsible for payment of any taxes, including personal property taxes, resulting from Customers use of the Software. Customer agrees to comply with all applicable laws including all applicable export and import laws and regulations. Neither party may bring an action, regardless of form, more than two years after the cause of the action arose. The terms and conditions of this License Agreement form the complete and exclusive agreement between Customer and Nortel Networks. This License Agreement is governed by the laws of the country in which Customer acquires the Software. If the Software is acquired in the United States, then this License Agreement is governed by the laws of the state of New York.
4.
b.
c.
d. e. f.
Contents
New in this release Introduction
Before you begin 9 Acronyms 9
7 9
Setting up the switch

Connecting a terminal 12 Connecting a modem 13 Logging on to the system 15 hsecure bootcong ag 16 Modifying the CLI login and passwords 18 Rebooting or resetting the switch 19 Cold boot/warm boot trap messages 19 Setting system identication 19 Managing les 20 File system commands 20 Displaying a directory 21 Copying les 21 Saving the conguration to a le 22 Getting online Help 22 Pinging a device 24 Setting and displaying the date 25 Accessing the standby CPU 26 Exiting and reentering the CLI 26
11
Setting up the switch for remote management

Assigning an IP address to the management port 27 Assigning a default gateway 29 Conguring the management Ethernet port 29 Setting security features 30 Enabling remote access services using the CLI 30 Accessing services from the Boot Monitor CLI 30 Accessing services from the Run-Time CLI 31 Enabling rlogin 31
27
Nortel Metro Ethernet Routing Switch 8600 Commissioning NN46220-309 01.01 Standard 4.1 20 March 2007
Copyright 2005-2007, Nortel Networks
.
Nortel Networks Condential
6 Contents Disabling a service 32 Monitoring the switch using web management 32 Managing the switch using Device Manager 32
Providing switch reliability
33
.
New in this release

No new features are added to the document in this release.
.
8 New in this release
.
Introduction
The Nortel Metro Ethernet Routing Switch 8600 is a exible and multifunctional switch that supports a wide range of network architectures and protocols. This guide provides procedures for setting up and starting the Metro Ethernet Routing Switch 8600.
Before you begin

This guide is intended for network designers and administrators with the following background: Basic knowledge of networks, Ethernet bridging, and IP Familiarity with networking concepts and terminology Basic knowledge of network topologies Experience with windowing systems or graphical user interfaces (GUIs)
Acronyms
This guide uses the following acronyms:
BootP FTP IP MAC MLT PPP SF SNMP SMLT TCP/IP TELNET VRRP Bootstrap Protocol File Transfer Protocol Internet Protocol media access control MultiLink Trunking Point-to-Point Protocol Switch Fabric Simple Network Management Protocol Split MultiLink Trunking Transmission Control Protocol/Internet Protocol Network Virtual Terminal Protocol Virtual Router Redundancy Protocol
.
10 Introduction
.
11
Setting up the switch

This chapter describes how to connect a terminal and modem to the switch, log on to the switch software, congure the switch using the Setup Utility, reboot the switch using the command line interface (CLI), and perform basic tasks. This section includes the following topics:
Topic "Connecting a terminal" (page 12) "Connecting a modem" (page 13) "Logging on to the system" (page 15) "Modifying the CLI login and passwords" (page 18) "Rebooting or resetting the switch" (page 19) "Setting system identification" (page 19) "Managing files" (page 20) "Getting online Help" (page 22) "Pinging a device" (page 24) "Setting and displaying the date" (page 25) "Accessing the standby CPU" (page 26) "Exiting and reentering the CLI" (page 26)
The Metro Ethernet Routing Switch 8600 supports two Command Line Interfaces (CLIs): Boot Monitor CLI Run-Time CLI
The Boot Monitor CLI allows you to congure and manage the boot process. You initiate a Boot Monitor CLI session only through a direct serial-port connection to the switch. After the Boot Monitor CLI is active, you can access it only through a console session. Within the Boot Monitor CLI, you can change the boot conguration, including boot choices and boot ags.
.
12 Setting up the switch
You access the Run-Time CLI through a direct serial-port connection to the switch or through a Telnet, SSH (Secure Shell), or rlogin session (if the ags for Telnet and rlogin are set to allow remote access). Metro Ethernet Routing Switch 8600 modules support one CLI session at the console serial port or up to eight Telnet/SSH sessions. You can open a Telnet session from Device Manager by clicking the Telnet button on the toolbar or by choosing Device > Telnet from the menu bar. For more information about the Boot Monitor and Run-Time CLIs, see Managing Platform Operations (315545-E). For more information about Device Manager, see Nortel Metro Ethernet Routing Switch 8600 Fundamentals Using Device Manager (NN46225-300). You can use any terminal or personal computer (PC) with a terminal emulator as the CLI console station. For instructions to connect the computer or terminal, see the section, "Connecting a terminal" (page 12).
Connecting a terminal
The serial console interface is an RS-232 port that enables a connection to a PC or terminal for monitoring and conguring the switch. The port is implemented as a DB-9 connector that can operate as either data terminal equipment (DTE) or data communication equipment (DCE). The default communication protocol settings for the console port are: 9600 baud 8 data bits 1 stop bit No parity
To use the console port, you need the following equipment: A terminal or TTY-compatible terminal, or a portable computer with a serial port and terminal-emulation software A UL-listed straight-through RS-232 cable with a female DB-9 connector for the console port on the switch The other end of the cable must have a connector appropriate to the serial port on your computer or terminal. (Most computers or terminals use a male DB-25 connector.) Any cable connected to the console port must be shielded to comply with emissions regulations and requirements. To connect a computer or terminal to the Console port:
.
Connecting a modem
13
Step 1
Action Set the terminal protocol as follows: 9600 baud 8 data bits 1 stop bit No parity
2 3 4 5
Connect the RS-232 cable to the console port. Connect the other end of the cable to the terminal or computer serial port. Turn on the terminal. Log on to the CLI (see "Logging on to the system" (page 15)). End
Connecting a modem
You can access the CLI through a modem connection to the 8691omSF or 8692omSF module. This section describes how to connect a modem to the modem port on the module. To set up modem access, you need a DTE-to-DCE cable (straight or transmit cable) to connect the Metro Ethernet Routing Switch 8600 to the modem. "DTE-to-DCE straight-through pin assignments" (page 13) shows the DTE-to-DCE pin assignments.
DTE-to-DCE straight-through pin assignments Switch Signal RXD TXD DTR GND DSR RTS CTS Pin number 2 3 4 5 6 7 8 Modem DCE DB-9 pin number 2 3 4 5 6 7 8 DCE DB-25 pin number 3 2 20 7 6 4 5
.
The modem port is a data terminal equipment (DTE) device operating at 9600 baud, 8 data bits, no parity, and one stop bit. Because the modem port expects to receive Data Set Ready (DSR) and Clear To Send (CTS) signals before transmitting, these control lines are required in the cables. The modem port does not support any inbound ow control; that is, the port does not toggle control lines to indicate the input buffer is full. To connect a modem to a Metro Ethernet Routing Switch 8600, rst set up the modem port using another type of connection to the CLI. Nortel recommends that you use the default settings for the Modem port for most modem installations. To set up the modem port using Metro Ethernet Routing Switch 8600 CLI: Step 1 Action In the Run-Time CLI, enter the following command:
config bootconfig sio modem
Now you can enter options for this command level without retyping the rst part of the command. 2 Use the following commands to set port parameters, based on the requirements of the modem: baud <rate> where rate is the baud rate for the modem. The default is 9600. 8databits {true|false} where
false sets the number of data bits per byte to 8. This setting is the default. true sets the number of data bits per byte to 7. mode < ascii | slip | ppp > where
ascii is the default setting. This setting is recommended for most modem connections. slip sets the port for serial line IP (SLIP) operation.
.
Logging on to the system
15
ppp sets the port for point-to-point protocol (PPP) operation.
For information about the conguration requirements of your modem, refer to the documentation that was shipped with the modem.
ATTENTION
Nortel recommends that you do not set the modem port for SLIP or PPP operation unless you are thoroughly familiar with the operation of these protocols.
If you set the port mode to slip, use the following commands to set other SLIP parameters: slip-compression {true|false} to enable or disable TCP/IP header compression. The default is false. slip-rx-compression {true|false} to enable or disable TCP/IP header compression on the receive packet. The default is false.
If you set the port mode to ppp, use the following commands to set other PPP parameters: mtu <bytes> to set the maximum transmission unit for the point-to-point link. The default is zero (0). my-ip <ipaddr> to set the near-end IP address on the point-to-point link. The default is 0.0.0.0. peer-ip <ipaddr> to set the peer IP address on the point-to-point link. The default is 0.0.0.0. pppfile <file> to identify the le to use for PPP initialization parameters.
5 6
On the modem, turn off echo mode and return code messaging. Connect the modem to the modem port using a cable with the connector described in "DTE-to-DCE straight-through pin assignments" (page 13). End

The basic switch conguration procedures in this chapter use the Run-Time CLI. When the switch completes its boot sequence, the login prompt appears. Enter a login and password that correspond to the level of access
.
needed. The default values for login and password for the console and Telnet sessions are shown in "Access levels and default login values" (page 16).
Access levels and default login values Access level Read-only Description Allows only viewing configuration and status information. Is equivalent to SNMP read-only community access. Allows viewing most switch configuration and status information and changing physical port settings. Allows viewing and changing configuration and status information for layer 2 (bridging/switching) functions. Allows viewing and changing configuration and status information for layer 2 and layer 3 (routing) functions. Allows viewing and changing configuration and status information across the switch; does not allow changing security and password settings. Is equivalent to SNMP read-write community access. Allows all the rights of read/write access and the ability to change security settings, including the CLI and web-based management user names and passwords and the SNMP community strings. Default login ro Default password ro
Layer 1 read/write
l1
l1
Layer 2 read/write
l2
l2
Layer 3 read/write (8600 switches only) Read/write
l3
l3
rw
rw
Read/write/all
rwa
rwa
hsecure bootcong ag
The Metro Ethernet Routing Switch 8600 supports a high secure (hsecure) mode that you can set with the hsecure boot conguration ag. High secure mode introduces the following restrictions on passwords: 10-character enforcement, aging time; and a protection mechanism to lter certain IP addresses.
.
17
When the hsecure ag is enabled, the software enforces the 10-character rule for all passwords. When upgrading from a previous release, if the password does not have at least 10 characters, you are prompted to change your password to the mandatory character length. This password must contain a minimum of two uppercase characters, two lowercase characters, two numbers, and two special characters, such as !@#$%^*(). When the switch boots in hsecure mode after default factory settings without any password previously congured, you can use a default password to log on, but will be prompted to change the password. The new password must follow the rules mandated by high secure mode. Enabling or disabling hsecure To enable or disable hsecure, execute the CLI command: config bootconfig flag hsecure {true|false} A warning message appears prompting you to reboot the switch for the change to take effect:
Warning: Please save boot configuration and reboot the switch for this to take effect.
Changing an invalid-length password When you enable hsecure and reboot the switch, any user with an invalid-length password is prompted to change their password:
Login: rwa Password: *** Your password is valid but less than mandatory 10 characters. Please change the password to continue. Enter the New password : ********** Re-enter the New password : ********** Password changed successfully
Aging enforcement When the hsecure ag is enabled, after a certain duration you are asked to change your password. If not congured, the aging parameter defaults to 90 days. You can congure the aging parameter by executing the following CLI command: MERS-8610:5# config cli password aging <days>
Set age-out time for passwords Required parameters: <days> passwords/community strings {1..365} Command syntax: aging <days> = age-out time for
.
For SNMP and FTP, access is denied when a password expires. Community strings must be changed to a new string made up of more than eight characters before accessing the system. Note that when the hsecure ag is enabled: The Webserver cannot be enabled at any time. The SSH password-authentication cannot be enabled at any time.
Filtering mechanism When the hsecure ag is enabled, incorrect IP source addresses as network or broadcast addresses are ltered at the virtual router interface. For example:
V1 has the network address 192.168.168.0/24
Source addresses 192.168.168.0 and 192.168.168.255 are discarded. Note that this occurs for all IP subnets, not only for /24 as mentioned in the example.
Modifying and Resetting Passwords

The boot monitor command reset-passwd is used to reset the passwords to the factory defaults. To reset all passwords to the factory defaults, enter the following command at the boot monitor prompt:
reset-passwd
To change a password, enter the following command. All passwords are case-sensitive.
config cli password <access-level> <username>
The config cli password command prompts you to enter your old and new password. The following shows the command prompts:
Enter the old password: <password> Enter the new password: <password> Re-enter the new password: <password>
Modifying the CLI login and passwords

If you have read/write/all access permission, you can modify the CLI login and passwords using the config cli password command. You can also change the CLI login and passwords using Device Manager. For information about how to change the CLI login and passwords using the Metro Ethernet Routing Switch 8600 CLI or Device Manager, see Conguring and Managing Security (314724-E).
.
Setting system identication
19
Rebooting or resetting the switch

When you reboot the system, you can specify the boot source (ash, PCMCIA card, or TFTP server) and le name. If you do not specify a device and le, the Run-Time CLI uses the software and conguration les on the primary boot device that is dened by the Boot Monitor choice command. To reboot the system, use the following system command: boot [<file>] [config <value>] [-y] where file is the software image device and le name in the format [a.b.c.d:]<le> | /pcmcia/<le> | /ash/<le>. The le name, including the directory structure, can be up to 1024 characters. config <value> is the software conguration device and le name in the format [a.b.c.d:]<le> | /pcmcia/<le> | /ash/<le>. The le name, including the directory structure, can be up to 1024 characters. -y suppresses the conrmation message before the switch reboots. If you omit this parameter, you are asked to conrm the action before the switch reboots.
To boot the switch using the BootStrap Protocol (BootP), use the following command:
boot 0.0.0.0
Entering the boot command with no arguments causes the switch to boot using the current boot choices dened by the choice command. You can reset the switch by using the following command:
reset
When you reset the switch, the most recently saved conguration le is used to reload the system parameters.
Cold boot/warm boot trap messages

When the switch reboots normally, a cold trap is sent within 45 seconds after a reboot. In the event of a SF switchover, a warm-start management trap is sent within 45 seconds of a reboot.
Setting system identication

System identication parameters specify the system name, contact person, and location. To set the system identication:
.
Step 1
Action Specify the system name by entering: config sys set name <sysname> where sysname is an ASCII string specifying the system name.
Specify the name of the contact person for the switch by entering: config sys set contact <name> where name is an ASCII string specifying the name of the person.
Dene the location for the system with the command: config sys set location <system_location> where system_location is an ASCII string specifying the system location. End
Managing les
This section describes CLI commands you can use to manage your les. This section includes the following topics: "File system commands" (page 20) " "Displaying a directory" (page 21) "Copying les" (page 21) "Saving the conguration to a le" (page 22)
File system commands

The CLI includes le management commands for working with the switch les. These commands allow all the basic operations of any le system. The commands take the general form of command <arguments>.
.
Managing les
21
Both the commands and the arguments can be abbreviated, provided the abbreviation is not ambiguous. "File system commands" (page 21) summarizes the le system commands.
File system commands Command directory copy rename Renames a file. save Saves the running configuration to a file. Description Lists contents of onboard flash memory or a PCMCIA card. Copies a file.
Displaying a directory
To display the contents of the ash and PCMCIA memory, use the following command: directory [<dir>] [<-l>] where dir species either ash or PCMCIA, in the form /ash or /pcmcia. -l displays le details if you specify a path name.
When you invoke the directory command with no arguments, this command displays the contents of all ash devices. When you specify ash or PCMCIA, directory displays only the contents of that device. When using the dir command, the CLI displays all lenames under the parent directory, rather than the subdirectory.
Copying les
To copy a le, use the following command: copy <srcfile> <dstfile> where srcfile is the source le. dstfile is the destination le, that is, the name of the copied le. For the copy command, the source and destination are specic le names in the form: [<ipaddr>:]<filename>
.
where ipaddr can specify a remote server location for the le. filename is the name of the le in the form /ash/xxx or /pcmcia/xxx.
You can use the copy command to copy a run-time image to ash memory from a remote server. The command format for this operation is: copy <ip_address>:<filename> <destination> where ip_address:filename is the source argument that species the IP address of the remote server and the name of the le to be copied. destination species the name of the copied le in its new location.
Saving the conguration to a le

To save the running conguration to a le, use the following command: save <savetype> [file <value>] [verbose] [standby <value>] [backup <value>] where savetype species the type of le to save; options are config, bootconfig, log, trace, or clilog. file <value> is the le name. value is a string from 1 to 99 characters long. verbose saves the default and current conguration. If you omit the verbose parameter, only the current conguration is saved. standby <value> saves the specied le name to the standby CPU. value is a string from 1 to 99 characters long. backup <value> saves the specied le name and identies the le as a backup le. value is a string from 1 to 99 characters long.
Getting online Help

When you navigate through the Boot Monitor and Run-Time CLI, online Help is available at all levels. You can access Help in one of the following ways: Typing help <command> explains what the command does and gives its syntax (see "help clear command sample output" (page 23)).
.
Getting online Help help clear command sample output
23
Typing the word help at the system prompt provides an explanation of the available help ("help command sample output" (page 23)).
help command sample output
.
Typing <command> syntax displays a list of commands and parameters available for that command (see "clear syntax command sample output" (page 24)).
clear syntax command sample output
Typing a question mark (?) at the prompt results in a list of all commands in that command context and the subcontext of that command.
Pinging a device
When you ping a device, an Internet Control Message Protocol (ICMP) packet is sent from the switch to the target device. If the device receives the packet, it sends a ping reply. When the switch receives the reply, it displays a message indicating that the specied IP address is alive. If no reply is received, a message indicates that the address is not responding. To test the connection between the Metro Ethernet Routing Switch 8600 and another network device, use the following command: ping <ipaddr> [datasize <value>] [count <value>] [-s] [-I <value>] [-t <value>] [-d] where ipaddr is the IP address of the other network device. datasize <value> is the size of ping data sent in bytes. value is a number from 16 to 4076. count <value> is the number of times to ping. value is a number from 1 to 9999. -s sets the continuous ping at the interval rate dened by the -I parameter.
.
Setting and displaying the date
25
-I <value> is the interval between transmissions in seconds. value is a number from 1 to 60. -t <value> is the no-answer time-out value in seconds. value is a number from 1 to 120. -d sets ping debug mode.
To specify a count for the ping operation, you must also specify a size. For example:
ping 10.5.5.5 datasize 1600 count 5
"ping command sample output" (page 25) shows output from the ping command.
ping command sample output
Setting and displaying the date

To set the calendar time in the form of month, day, year, hour, minute, and second, use the following command: config setdate <MMddyyyyhhmmss> You must be logged in as rwa to use this command. Conguration example: setting system date "cong setdate command sample output" (page 25) is sample output using the setdate command to set the system date.
cong setdate command sample output
To view the current date settings for the switch, use one of the following commands:
date
or
.
show date
"date command sample output" (page 26) shows sample output for the date command.
date command sample output
Accessing the standby CPU

To use Telnet or rlogin to access the standby CPU, use the following command: peer <operation> where operation is telnet or rlogin. Use the peer command to make changes to the standby CPU without reconnecting to the console port on that module. Note that before attempting to telnet to the standby CPU, the telnet daemon must be enabled, otherwise the action cannot be executed.
ATTENTION
You must set an rlogin access policy on the standby CPU before you can use the peer command to access it from the master CPU using rlogin. To set an access policy on the standby CPU, connect a terminal to the console port on the standby CPU. For more information about the access policy commands, see Conguring and Managing Security (314724-E).
Exiting and reentering the CLI

To end your CLI session, enter one of the following commands:
quit logout exit
To log back in to the CLI, use the login command.
.
27
Setting up the switch for remote management

This chapter describes how to assign an IP address to the management port, congure the management Ethernet port, and enable remote management services. It includes the following topics:
Topic "Assigning an IP address to the management port" (page 27) "Configuring the management Ethernet port" (page 29) "Setting security features" (page 30) "Enabling remote access services using the CLI" (page 30) "Monitoring the switch using web management" (page 32) "Managing the switch using Device Manager" (page 32)
Assigning an IP address to the management port

You must assign an IP address to the management port (or ports, for a redundant CPU conguration) before you can use the port for out-of-band management. For example, if your switch has redundant 8691omSF or 8692omSF CPU modules, each CPU management port has a specic IP address. Note that when using a redundant CPU chassis conguration, the 8692omSF is not supported in combination with 8691omSF, except when rst upgrading the chassis from the 869x to the 8692omSF. In addition, you can create a virtual management port with an IP address that is available to either management module. The master management module replies to all management requests sent to the virtual IP address, as well as to requests sent to its management port IP address. If the master management module fails, and the backup management module takes over, the virtual management port IP address continues to provide management access to the switch.
.
28 Setting up the switch for remote management
To assign an IP address to the management port, use the following command: config bootconfig net mgmt ip <ipaddr/mask> [cpu-slot <value>] where ipaddr/mask species the IP address and subnet mask of the management port (for example, 10.10.10.1/24). cpu-slot <value> species the position of the 8691omSF or 8692omSF CPU (either slot 5 or slot 6). If you do not specify a slot number for the IP address, the address is assigned to the currently active management module.
To assign an IP address to the virtual management port, use the following command: config sys set mgmt-virtual-ip <ipaddr/mask> where ipaddr/mask is the IP address and subnet mask you are assigning. Any time you change the boot conguration, you must save the changes to both the master and standby management modules. To save the boot conguration: Step 1 Action Save the command to the master and standby management module by entering: save bootconfig standby <boot.cfg> where boot.cfg is the name of the conguration le. 2 Telnet to the standby management module and reset it by entering: telnet <ipaddr>
reset
where ipaddr is the IP address of the standby management module End
.
Conguring the management Ethernet port 29
Assigning a default gateway

When conguring IP on most layer 2 switches, you need to specify the IP address of the default gateway, as well as the IP address of the device. You can specify up to four separate static routes. For more information about static routes, see Conguring IP Routing Operations (314720-F). To specify a default gateway address/default route from the Boot Monitor CLI, use the following command: net mgmt route net <netaddr> <gateway> To specify a default gateway address/default route from the Run-Time CLI, use the following command: config bootconfig net mgmt route net <netaddr> <gateway> In each of these commands, the parameters are dened as follows: netaddr is the IP address of the destination network. gateway is the IP address of the default gateway.
As an example, if the IP address of the management port is 10.125.2.11 and its next hop is 10.125.2.1, enter the following command to set up the management port correctly:
config bootconfig net mgmt route net 13.177.76.0 10.125.2.1
The value 13.177.76.0 represents the target subnet; the value 10.125.2.1 represents the gateway used to point to the target subnet. To save the conguration, use the following command:
save config
Conguring the management Ethernet port

The management Ethernet port can communicate only with devices on its local subnet, and on up to four statically congured remote subnets. The management Ethernet port does not support a default gateway or default route. The remote subnet is congured using the following CLI command, which requires knowledge of the next hop address: config bootconfig net mgmt route add <a.b.c.d> <w.x.y.z> For example, if the IP address of the management port is 10.125.2.11, and its next hop is 10.125.2.1, use the following command to set up the management port:
config bootconfig net mgmt route add 13.177.76.0 10.125.2.1
.
CAUTION
This command uses the natural mask of the target subnet. Therefore, using the example above, implement the following command: config bootconfig net mgmt route add 13.0.0.0 10.125.2.1 Additionally, this route does not appear in the routing table of the Metro Ethernet Routing Switch 8600. Therefore, any 13.x.x.x networks that are learned or congured for output by way of the I/O modules can result in connectivity issues .
Setting security features

Use system security parameters to dene login names and passwords for access to the switch management functions and to specify the access methods, such as through a Telnet session or through a web browser. You can use the CLI to set up passwords and community strings for access to all the management functions of the switch. For information about the security features available in the Metro Ethernet Routing Switch 8600 software, see Conguring and Managing Security (314724-E).
Enabling remote access services using the CLI

This section describes how you enable or disable access services by setting ags, either from the Boot Monitor CLI or from the Run-Time CLI. You can access the boot monitor CLI while the switch is booting. This section includes the following topics: "Accessing services from the Boot Monitor CLI" (page 30) " "Accessing services from the Run-Time CLI" (page 31) "Enabling rlogin" (page 31) "Disabling a service" (page 32)
Accessing services from the Boot Monitor CLI

To enable an access service from the Boot Monitor CLI, use the following procedure: Step 1 2 Action While the switch is booting, press any key to interrupt the autoboot process. Enable or disable the access service by using the following command:
.
Enabling remote access services using the CLI 31
flags <access-service> {true|false} where access-service is ftpd, rlogind, telnetd, tftpd, or sshd. true enables the access service. false disables the access service. End
Accessing services from the Run-Time CLI

To set up an access service from the Run-Time CLI, use the following command: config bootconfig flags <access-service> {true|false} where access-service is ftpd, rlogind, telnetd, tftpd, or sshd. true enables the access service. false disables the access service.
To save the state of the access service that you set up, use the following command:
save bootconfig
Enabling rlogin
When you enable remote login using the config bootconfig rlogind true command, you must congure an access policy and specify the name of the user who can have access to the switch. The following sample conguration shows how to congure an access policy for rlogin. For more information about conguring access policies using the CLI and Device Manager, see Conguring and Managing Security (314724-E).
MERS-8610:5# config subnet10" MERS-8610:5# config "netadmin" MERS-8610:5# config 10.0.0.0/255.0.0.0 MERS-8610:5# config enable sys access-policy policy 3 name "from sys access-policy policy 3 username sys access-policy policy 3 network sys access-policy policy 3 service rlogin
.
Disabling a service
To disable one of the services on the switch, enter the following command: config bootconfig flags <access-service> false where access-service is ftpd, rlogind, telnetd, tftpd, or sshd. When you enable or disable the access service ags, daemon behavior is changed immediately. You do not need to save the boot conguration le and reboot the system.
Monitoring the switch using web management

The Metro Ethernet Routing Switch 8600 includes a web management interface that enables you to monitor your switch, through a World Wide Web browser, from anywhere on your network. The web interface provides many of the same monitoring features as the Device Manager software. For conguration requirements and instructions for installing the help les, enabling the web server using Device Manager, and accessing the web interface, see Conguring Network Management (314723-E).
Managing the switch using Device Manager

Device Manager is an SNMP-based graphical user interface (GUI) tool designed to manage single devices. To use Device Manager, you must have network connectivity to a management station running Device Manager in one of the supported environments. For instructions on installing and starting Device Manager, refer to Nortel Metro Ethernet Routing Switch 8600 Fundamentals Using Device Manager (NN46225-300).
.
33
Providing switch reliability

As system resources become more widely distributed, the reliability of network nodes is even more important because it affects connectivity in the entire network. While reliability ensures that the software and hardware components of a node are robust, they are still prone to failures. Protecting the node from failure of any of its components makes the node highly available. Many high availability features are built in at all levels of the Metro Ethernet Routing Switch 8600, including the following: Port-level and slot-level redundancy in the form of MultiLink Trunking (MLT) Switch Fabric (SF) redundancy and load-sharing Split MultiLink Trunking (SMLT) Hot-swappable input/output (I/O) modules Router redundancy through Virtual Router Redundancy Protocol (VRRP) Redundant fans and power supply units Basic CPU availabilitywarm standby High CPU availabilityhot standby (High Availability mode is not supported with Metro ESM 8668 modules)
For more information about MLT, SMLT, and VRRP, see Conguring VLANs, Spanning Tree, and Link Aggregation (314725-E). In the event that the primary CPU fails, the backup CPU assumes the primary role.
ATTENTION
During a CPU failover, do not hot swap I/O modules until the new CPU becomes the master CPU.
You can congure CPU redundancy to provide either basic availability or high availability.
.
34 Providing switch reliability
In warm standby redundancy mode, if the primary CPU fails, the backup CPU must initialize all input/output modules and load switch congurations, causing delays and disrupting operations. In hot standby redundancy mode, both CPUs maintain synchronized conguration and operational databases, enabling very quick recovery and high availability. If you enable layer 2 CPU redundancy, you automatically disable layer 3 routing operations on the switch and cannot congure routing parameters. When you enable layer 2 CPU redundancy, both the primary and backup CPUs synchronize their database structures following initialization. This process is performed only on initialization.
.
35
Index
A
access methods, specifying 30 access services enabling, using the CLI 30 acronyms 9 date 25 directory 21 exit 26 le system 20 help 22 logout 26 peer 26 ping 24 quit 26 save 22 setdate 25 cong sys commands 20 conguration saving 22 connection, testing 24 connector, modem Console port connecting 12 interface description 12 RS-232 port 12 contact person, system 20 copy command 21 CPU, accessing standby 26
B
Boot Monitor CLI help commands 22 boot parameters, setting 19 BootP (BootStrap Protocol) using to boot the switch 19
C
cable, serial 13 CLI Run-Time 12 CLI commands cong sys 20 copy 21 date 25 directory 21 exit 26 le system 20 logout 26 peer 26 ping 24 quit 26 setdate 25 commands cong sys 20 copy 21
D
date command 25 default route, assigning 29 defaults login names and passwords 15 Device Manager requirements 32 directory command 21
.
36 Index
E
exit command 26
F
le system commands 20 les, copying 22
default 15 peer command 26, 26 pin assignments, Modem port ping command, Boot Monitor CLI 24 protocol settings, terminal 13
Q
question mark in the CLI 24 quit command 26
G
gateway address, assigning 29
H
help commands 22
R
requirements Device Manager 32 RS-232 Console port 12 Run-Time CLI accessing 12
I
identication parameters, system 19 IP address assigning 27
S
save command, Run-Time CLI 22 save conguration 22 serial-port connection 12 setdate command 25 standby CPU, accessing 26, 26 standby management module 28 system identication 19 system parameters, setting 20
L
layer 2 CPU redundancy hot standby 34 warm standby 34 location, system 20 login names default 15 setting 30 logout command 26
T
Telnet access opening from Device Manager 12 telnet command 28 terminal protocol, setting 13 terminal, connecting 12
M
Management port 27 master management module 28 messages cold boot 19 warm boot 19 modem, connecting 13
V
virtual management port 28
N
name, system 20
W
Web interface changing password for, using Device Manager 32
P
passwords changing Web interface, using Device Manager 32
.
Nortel Metro Ethernet Routing Switch 8600
Commissioning
Copyright 2005-2007, Nortel Networks All Rights Reserved. Publication: NN46220-309 Document status: Standard Document version: 01.01 Document date: 20 March 2007 To provide feedback or report a problem in this document, go to www.nortel.com/documentfeedback. Nortel, the Nortel logo, and the Globemark are trademarks of Nortel Networks. All other trademarks are the property of their respective owners. This document is sourced in Canada and the United States of America.

Mers 8600 Commissioning

Uploaded by

Copyright:

Available Formats

Mers 8600 Commissioning

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Mers 8600 Commissioning

Uploaded by

Copyright:

Available Formats

Nortel Metro Ethernet Routing Switch 8600

Restricted rights legend

Nortel Networks Inc. software license agreement

Setting up the switch

Setting up the switch for remote management

Nortel Networks Condential

Providing switch reliability

Nortel Networks Condential

New in this release

Nortel Networks Condential

8 New in this release

Nortel Networks Condential

Before you begin

Nortel Networks Condential

Nortel Networks Condential

Setting up the switch

Nortel Networks Condential

12 Setting up the switch

Nortel Networks Condential

Nortel Networks Condential

14 Setting up the switch

Nortel Networks Condential

Logging on to the system

ppp sets the port for point-to-point protocol (PPP) operation.

Logging on to the system

Nortel Networks Condential

16 Setting up the switch

Layer 3 read/write (8600 switches only) Read/write

Nortel Networks Condential

Logging on to the system

Nortel Networks Condential

18 Setting up the switch

Modifying and Resetting Passwords

Modifying the CLI login and passwords

Nortel Networks Condential

Setting system identication

Rebooting or resetting the switch

Cold boot/warm boot trap messages

Setting system identication

Nortel Networks Condential

20 Setting up the switch

File system commands

Nortel Networks Condential

Nortel Networks Condential

22 Setting up the switch

Saving the conguration to a le

Getting online Help

Nortel Networks Condential

Getting online Help help clear command sample output

Nortel Networks Condential

24 Setting up the switch

Nortel Networks Condential

Setting and displaying the date

Setting and displaying the date

Nortel Networks Condential

26 Setting up the switch

Accessing the standby CPU

Exiting and reentering the CLI

To log back in to the CLI, use the login command.

Nortel Networks Condential