At8000 s configuracao de gerenciamento

transcript

Marvell Confidential

Management & Configuration

AT – 8000S

Agenda

• AT - 8000S CLI– CLI structure

– Displaying System Information

– File Management

• AT - 8000S Telnet

• AT - 8000S Web Server (EWS)

• AT - 8000S SNMP

• AT - 8000S Secure Management

Configuration and Management Tools

• There are several option to connect and manage the AT - 8000S devices:– CLI– Telnet– EWS– SNMP

• Device can be managed:– Either using a local terminal via the serial port of the

device– Or remotely via a management station on the network

(using telnet; EWS or SNMP)

AT - 8000SCLI

AT - 8000S CLI

• The Command-Line Interface (CLI or LCLI) on the AT -8000S device is used to control and define the device’s parameters and configuration.

• The CLI is hierarchically and modularly structured. This way the user has better control and insight into the various commands and levels of configuration

• The CLI module is “Pyramid” shaped in which command interfaces start from the more general configuration/ commands and go down to the more specific ones.

• To achieve this, the commands are divided into several “command blocks” (or command modes).

• Each command mode has its own set of specific commands. The available commands depend on the mode.

Command Modes

• Example of command modes: EXEC; Global Configuration; Ethernet interface; Port channel interface; VLAN database etc…

• Example of the mode access sequence:– User EXEC Mode; – Privileged EXEC Mode, – Global Configuration Mode, – Interface Configuration Mode.

Command Modes access

• To enter a certain Command Mode user must use a specific command or command line.

• To exit a certain command mode user can either type “exit” or press the CTRL+Z.

• To exit the configuration mode completely type “end”.

Command Modes – Command View

• Each mode will allow user to enter only commands relevant for that mode.

• Typing “?” in each mode will list all the commands relevant for that mode.

• Due to the pyramid structure of the CLI, user may have to “move up” the pyramid and then “down again” to navigate from one context to another unrelated context.

• AT - 8000S devices support the “do” command which enables user to enter EXEC mode commands from any configuration mode– Relevant mostly for “show” commands to check configuration

“on the fly”.

Command Mode Access PathEXEC User Mode

Commands: ping; enable; clear; show (limited);

Prompt: console>

EXEC Privileged ModeCommands: disable; show

(extended); copy; delete; reload; boot;

Prompt: console#

Global Configuration Mode

Commands: aaa; bridge; interface; vlan; lacp…

Prompt: console(config)#

enable

configure

User Interfaces – Exampleconsole> “?”clear Reset functionsdisable Disable privileged commandsdot1x 802.1x EXEC commandsenable Enable privileged commands

…..console> enableconsole# configureconsole(config)# interface ethernet 1/e1console(config-if)# exitconsole(config)# interface ethernet 1/e1console(config-if)# endconsole#

CLI - Command Help

• At any stage of the command, user can type the “?’ key and device will display the list of parameters or keywords the user can enter next.

• If error message is received – this is an indication that user entered an invalid keyword or parameterconsole(config)# interfaceethernet IEEE 802.3 Ethernet portport-channel IEEE 802.3 Link Aggregation interfacerange Select range of interfaces to configurevlan Configure an IEEE 802.1 VLAN

console(config)# interface lala% Unrecognized command

CLI - Command Completion

• User can use the “tab” key to complete keywords.• If a keyword is unique – it is enough to type in the first

letters of the keyword instead of typing in the full word.

console(config)# inter [tab]console(config)# interface

CLI – “do” Command

• The “do” command Allows the user to use User EXEC mode from any configuration mode context

• Useful to check device setting while performing configuration

CLI – “do” Command

console# show vlan tag 2

Vlan Name Ports Type Authorization---- ----------------- --------------------------- ------------ -------------2 2 permanent Required

console# conconsole(config)# interface ethernet 1/e1console(config-if)# switchport access vlan 2console(config-if)# show vlan tag 2% Unrecognized commandconsole(config-if)# do show vlan tag 2

Vlan Name Ports Type Authorization---- ----------------- --------------------------- ------------ -------------2 2 1/e1 permanent Required

console(config-if)#

CLI – Cut & Paste

• AT - 8000S devices Support copy / paste of text files. • The number of lines, which can be copied into the CLI, is

1000. • The feature is implemented as support for “fast data entry”.• Commands in the configuration file are entered in

“configuration mode”.

AT - 8000SDisplaying System

Information

Display the system information• Use the following EXEC Mode command to display system

information:show system

console# show systemSystem Description: Ethernet SwitchSystem Up Time (days,hour:min:sec): 0,00:03:30System Contact:System Name:System Location:System MAC Address: 00:00:b0:00:00:00

System Object ID: 1.3.6.1.4.1.89.1.1.3955…..Main Power Supply Status: OK

Sensor Temperature (Celsius) Status------------------------ ------------------------ ------------------------

File Management

The Flash

• The file system supports dynamic creation and deletion of files.

• All the files are stored in the device flash memory• All access to the flash will be done through the file system

interface• The flash is divided to two major sections: static and dynamic

Software images

• There are two images that stored in the flash memory, the files are called image-1 and image-2.

• Only one image is used during boot, the user can choose the image that will be used by the command:

Boot system image {number}

• To check what is the active image use the command:Show bootvar

console# show bootvar

Images currently available on the FLASH

image-1 active (selected for next boot)

image-2 not active

The Flash

• The static section includes the booton & boot sectors. This sections is “invisible” to the file system. However, the boot code will allow the file system to use its resources when decompressing the application image file

• The dynamic section will include the rest of the flash:– 2 image files– all other files defined by core module. This section is fully controlled by the

file system (syslog, configuration files etc)

Configuration Files

• AT - 8000S supports 3 types of configuration files.

• Running configuration file – the active configuration, stored in the RAM.

• Startup configuration file – kept in the flash. Used whenever the system reboots.

• Backup configuration file.

• Factory default configuration - if no configuration file is available upon the system boot, this is the default settings of the system– These default setting will not appear when using the

“show running” or “show startup” commands

Copying a File – Basic Command

• Use the following EXEC mode command format to copy a file from a source to a destination:copy source-url destination-url

• The source and destination url parameter can be a valid url or reserved keyword (like boot, image, unit, startup-config, running config etc)

Copy Command - Source Options (1)

Keyword Source

Running-config Copy from the current running configuration file - Only to another configuration file, or to a TFTP server.Example: #copy running-config startup-config

Startup-config Copy from the startup configuration file – only to another configuration file, or to a TFTP server.Example: #copy startup-config tftp://10.0.0.2/saved_cfg

Image Copy from the active software image file – to a TFTP server.Examples: #copy image tftp://10.0.0.6/saved-image

Boot Copy from the device’s BOOT file - Only to a TFTP serverExamples: #copy boot tftp://10.0.0.6/saved-boot-image

Copy Command - Source Options (2)

Keyword Source

Tftp:// Source URL (tftp://ip address/filename) for a file on a TFTP network server from which to download (configuration, image or boot file)Examples:#copy tftp://10.1.2.3/saved-config startup-config#copy tftp://10.4.5.6/file.dos image#copy tftp://10.7.8.9/boot.rfb boot

Xmodem Copy a software image or boot-image file from a serial connection that uses the Xmodem protocolExample: #copy xmodem: image

WORD URL prefixes

Copy Command - Destination Options (1)

Keyword Source

Running-config Copy into (merge with) the current running configuration file from a TFTP server Example: #copy tftp://10.0.0.9/commands-file running-configNote: when copying to running-config, existing running config remains and copied configuration is added. The new running config is a combination of both In case of contradiction in configuration – error will appear.

Startup-config Copy to the startup configuration file - Only from another configuration file, or a TFTP server.Example: #copy running-config startup-configNote: When copying to startup-config The previous startup-config is erased completely and only the new file is the startup -config

Copy Command - Destination Options (2)

Keyword Source

Image Copy to the non-active software image file – from xmodem or a TFTP server.#copy tftp://10.1.2.3/file.ros imageNote when copying to device image – in order to run the new image, active image has to be changed (“show bootvar” and then “boot system image-x” command) and then system rebooted

Boot Copy to the device’s BOOT file - Only from TFTP server or xmodemExamples: #copy tftp://10.1.2.3/boot.rfb boot

Null: Copy to null destination (do the copy, discard any result)Example: #copy tftp://10.0.1.1 null:

Tftp:// Destination URL (tftp://ip address/filename) to upload to a file (config, image or boot) to a TFTP network serverExample: #copy image tftp://10.1.2.3/saved-image-file

WORD URL prefixes

Invalid Combinations

• The source file and destination file cannot be the same file.

• xmodem: can’t be a destination. • tftp: can’t be both source and destination.

Flash File – Additional CLI Commands

• Use the following Privileged EXEC mode command to copy from a backup file on flash to destination file:

Copy flash://filename destination-file

• Use the following Privileged EXEC mode command to copy from a source file to backup file on flash:

Copy source-file flash://filename

Flash Files – CLI Examples

console# copy running-config flash://backup01-Jan-2000 01:31:20 %COPY-I-FILECPY: Files Copy - source URL

running-config destination URL flash://backup01-Jan-2000 01:31:22 %COPY-W-TRAP: The copy operation was

completed successfully!Copy: 60 bytes copied in 00:00:02 [hh:mm:ss]

Copy character description

• ! For transfers, an exclamation mark indicates that the copy process is taking place. Each exclamation mark indicates the successful transfer of ten packets (512 bytes each).

• . For network transfers, a period indicates that the copy process is timed out. Many periods in a row typically mean that the copy process may fail.

• E An uppercase E indicates an error. The copy process may fail.

Examples

• Copying an Image from a Server to Device• The following example copies a system image named image-10022.ros

from the TFTP server with an IP address of 172.16.101.101 to non active image file.

console# copy tftp://172.16.101.101/image-10022.ros image!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Copy: XXXXX bytes copied in XX:XX:XX [hh:mm:ss]

Running Device with New Image

• Note!!! To run a device (or unit) using the new downloaded image -select the non-active image (the one to which the image was downloaded) as the image for next boot – and then reboot.

• To view which image is currently inactive use command:show bootvar

Console# show bootvarImages currently available on the FLASHimage-1 active (selected for next boot)image-2 not active

Running Device with New Image

• To specify the system image for the device to load at next startup, use the boot system Privileged EXEC command:

boot system { image-1 | image-2 }

Console# boot system image-2

Other Commands

• To delete the startup-config file, use the following privileged EXEC command:

delete startup-config• Show commands

– show running-config– show startup-config

AT - 8000STelnet

Telnet

• The user can connect to the device via telnet and work as if working via the terminal.

• The user must configure a user name and password in order to be able to connect via telnet

• To allow full configuration capabilities, level must be set to 15. • Level 1 allows only limited device view and configuration.

console> enable

console# configure

console(config)# username myuser password mypassword level 15

console(config)#

AT - 8000SWeb Server

Embedded Web Server (EWS)• The user can connect and mange the device via the

Embedded Web Server.

• The EWS allows the user to control and monitor the device using a GUI interface.

• To allow EWS management an IP has to be configured on one of the devices interfaces (Ethernet port or VLAN).

• User must verify that HTTP server is enabled on the device (default is enabled)

• In addition, a username and password must be created with access level of 15

EWS Configuration Example

console(config)# ip http server

console(config)# username George password Washington level 15

console(config)# interface vlan 1

console(config-if)# ip address 10.8.7.9 /24

console(config-if)# exit

console(config)# ip default-gateway 10.8.7.10

console(config)#

Default gateway is needed if management station is located in a remote network

AT - 8000SSNMP

Defining SNMP Settings

• Simple Network Management Protocol (SNMP) provides a method for managing network devices. Devices supporting SNMP run a local agent.

• The SNMP agents maintain a list of variables, which are used to manage the device. The variables are defined in the Management Information Base (MIB).

• The MIB presents the variables controlled by the agent. The SNMP agent defines the MIB specification format, as well as the format used to access the information over the network.

AT - 8000SSecure Management

Secure Management Options• The Secure Shell (SSH) protocol provides encrypted and

strongly authenticated remote login sessions, similar to the Telnet protocol, between a device running a Secure Shell server and a host (PC) with a Secure Shell client.

• The Secure Socket Layer (SSL) has been universally accepted on the World Wide Web for authenticated and encrypted communication between clients and servers applications. Therefore, SSL allows secure management of the networking devices via the standard WEB browser.

How does SSH Tunneling work?

This telnet connection is transmitted in the clear – data and passwords are insecure!

Set up SSH port forwarding from the client to the server

The result – a secure connection!

Network I/F

Router

Loopback I/F

Client

Network I/F

23AppTelnetdTelnet

Insecure

Network I/F

Router

Loopback I/F

Client

Network I/F

22App SSHdSSHSecure App

Network I/F

Router

Loopback I/F

Client

Network I/F22App SSHdSSH

Secure

TelnetdTelnet

NeverTrnam

itted!

SSL/TLS

HTTP TLS

Not secure

Secure

At8000 s configuracao de gerenciamento

Technology