Brocade CLI

Brocade IP Training Courses-CLI EssentialHenry Liang

FOR INTERNAL USE ONLY© 2009 Brocade Communications Systems, Inc. All Rights Reserved.

2

NetIron1

2

3

4

5

67

8

FDXLink/Act

FDXLink/Act

9

10

11

12

13

1415

16

FDXLink/Act

FDXLink/Act

Power

Console

LinkActivity

LinkActivity

Console Port– DB-9 male interface.

– VT-100 terminal - straight-through cable (female to female not a null-modem).

– The VT-100 configuration is:9600 Baud 8 Data Bits Parity = NoneStop Bits = 1 Flow Control = None

– For MODEM Cross-Over cable (typically a DB-9F to DB-25F cable)


3

12

34

56

78

FDX100

Link / Act

FDX100

Link / Act

Stackables Layout

• Link LED blinks when there’s activity on the port

Left halfRight half

Center column and row not used

ServerIron1718

1920

2122

2324

FDX100

Link / Act

FDX100

Link / ActPower

Console

LinkActivity

910

1112

1314

1516

FDX100

Link / Act

FDX100

Link / Act

12

34

56

78

FDX100

Link / Act

FDX100

Link / Act

LinkActivity


4

– Configure via character-based terminal/session• Direct Connect to the Serial Port

• Telnet to the System

• “?” at any prompt shows available commands FastIron>?

• enable Enter Privileged mode

• fastboot Fast-reload option

• ping Ping IP node

• show Display system info

• stop-traceroute Stop current TraceRoute

• traceroute TraceRoute to IP Node

– Commands can be abbreviated FastIron>

Command Line Interface (CLI) Basics


5

•Privileged Level•Enter through the “enable” command •Can be password protected•View detailed information (Show)•Enable/Disable System-wide features

CLI Basics - EXEC levelLevels of CLI commands:– EXEC - Monitor the Switch/Router (Two Levels)

• User Level• View basic information• Verify connectivity (Ping command)

ExecCommands User Level

PrivilegedLevel

enable <password>

ping <ip address>

show

?


6

FastIron>?enable Enter Privileged modefastboot Fast-reload optionping Ping IP nodeshow Display system infostop-traceroute Stop current TraceRoutetraceroute TraceRoute to IP Node

FastIron>

EXEC/User level:

Different prompts indicate the level you are at:

User = “>”Privileged = “#”Config = “(config)#”

CLI Basics - EXEC commands

enablePassword:

EXEC/Privileged level:

access-list Access list arp Arp table chassis Power supply/fan/tempera

clock configuration Configuration data in fl default Print system default set

flash Flash memory contents interfaces Port status ip IP address setting logging System log mac-address MAC address table media Gig port SX/LX/LHA/LHB module Module type and status priority-mapping 802.1p tagged priority s

qos-profiles Configuration of the 4 Q relative-utilization Relative utilization lis

reload Scheduled system reset rmon Rmon status running-config Current running config snmp Snmp statistics span Spanning tree status

FastIron# ?


7

CLI Basics - CONFIG commandsFastIron> enableNo password has been assigned yet...FastIron# configure terminalFastIron(config)# Notice the CONFIG prompt:

Config LEVELFastIron(config)#?endexitnoshowwriteaaabootbroadcast-limitchassisclockdhcp-gateway-listenablehostnameinterfaceipipx

Config LEVEL (contd)l3-ip-switchl3-ipx-switchl3_testlock-addressloggingmac-age-timemacmirror-porttelnet-servertelnet-timeoutserverpassword-changeradius-serverrmonsnmp-serversntp

Config LEVEL (contd)spanning-treestatic-mac-addressvlantag-typeip-protoip-subnetipx-protoipx-networkatalk-protodecnet-protonetbios-protoother-protoweb-managementtrunk


8

CLI BasicsEXEC/Privilege level

NetIron> enable {superuser password}NetIron#

– Executing system-wide commandsShow InformationReload the systemCopy image files or configuration filesSet the system clock

CONFIG LevelBigIron# conf t (stands for “configure terminal”)

BigIron(config)#

– Configure the SystemAssign system IP addressSetup the InterfacesSetup DNS information (DNS server, domain) Indicate IP address of Time Server (NTP) or RADIUS server


9

CLI BasicsInterface Level

ServerIron(config)# int e1 (e1 = ethernet port #1)ServerIron(config-if-1)#

– Port parameters ( type “?” at prompt for options)ServerIron(config-if-1)# ?

enable disable dhcp-gateway-listport-name mac monitorqos-priority speed-duplex ipg10ipg100 ipg1000 ip-policyphy-mode spanning-tree flow-controlauto-gig

Current Context is shown by promptFastIron(config-if-e100-1)# (Interface #1)

TurboIron(config-vif-1)# (Virtual Interface #1 - applies to routers only)

NetIron(config-vlan-3)# (Virtual LAN #3)

ServerIron(config-tc-CacheFour)# (Transparent Cache named “CacheFour”)

ServerIron(config-vs-VIP1)# (Virtual Server named “VIP1”)


10

– Move back up the menu tree using “exit”ServerIron(config-rs-c1)# exit

ServerIron(config)# exit

ServerIron# exit

ServerIron>

• Use “end” or Cntl-Z to return to “#” prompt

– Display the running-configServerIron# write terminal

ServerIron# show running-config

– Display the saved startup-configServerIron# show config

– Erase the Startup-ConfigServerIron# erase startup-config

ServerIron(config)#exit

ServerIron#

CLI Basics


11

Flash Memory

Two Image Storage Areas– Primary & Secondary

View the Flash:FastIron>show flashCode Flash Type: AMD 29F016, Size: 32 * 65536 = 2097152, Unit: 1Boot Flash Type: AMD 29F010, Size: 8 * 16384 = 131072Compressed Primary Code size = 583323, Version 05.0.01T10Compressed Secondary Code size = 584847, Version 03.8.11T10Boot Image Version 03.02.50Monitor Image Version 1, for DRAM size 2097152FastIron>


12

Specify where to boot from:• Primary Flash• Secondary Flash• TFTP Server• BootP Server

– Where you enter the command also dictates when to load– EXEC/PRIVILEGED level - IMMEDIATE reboot/reload

FastIron# boot system flash secondary

– CONFIG level - Load at next rebootTurboIron(config)# boot system flash secondaryTurboIron(config)# wri mem

Flash Memory (continued)


13

Flash Copy commands From/To TFTP Servers– From/To Primary or Secondary Flash

Privileged command:NetIron# copy tftp flash 192.22.33.44 ni0200.bin secondary

• Copies from TFTP the file “ni0200.bin” and stores it to the secondary flash area.FastIron# copy flash tftp 192.22.33.44 ni0200.bin secondary

• Copies the system image from the secondary flash area and stores it on the TFTP server as filename “ni0200.bin”.

TurboIron# copy flash flash ?primary Copy secondary to primarysecondary Copy primary to secondary

TurboIron# copy flash flash primary• Copies the system image from the secondary flash area to the primary.

FastIron# copy running-config tftp 192.22.33.44 new.cfg• Copies the currently running config (not the stored config) and writes it to the

TFTP server as filename “new.cfg”. NetIron# copy tftp flash 192.22.33.44 nib06007.bin boot

• Upgrades the boot image via tftp server (“boot” is a hidden parameter)


14

Write/Show Config commands

– Most configuration changes take effect immediately. To make permanent (i.e., persistent after a re-boot) save the changes to flash:

TurboIron# write memory

– To see the running configuration:FastIron# write terminalor

FastIron# show running-config

– To see the stored configuration file:NetIron# show configuration

• Note: The running config and stored config (startup config) may or may not be the same.


15

Show Commands - Switch & Router

Switch and Router show commands:show version Software version and uptime

show interface Interf status (up or down etc.)

show stat Interface statistics

show ip IP info (address, mask etc.)

show span Spanning tree info

show mac-address MAC forwarding table

show mac-address stat # of MACs learned per port

show flash Flash memory images

show vlan Configured VLANs

show telnet IP addr of active telnet sessions

show trunk Config’d and active trunk groups


16

Show Commands - Router only

Router-only show commands: NetIron# show arp ARP cache

NetIron# show ip interface ip interface information

NetIron# show ip cache IP host/MAC table

NetIron# show ip ospf OSPF information

NetIron# show ip route IP routes and their status

NetIron# show ip traffic IP (ICMP, UDP, TCP, RIP) traffic statistics

NetIron# show ip dvmrp DVMRP information

NetIron# show ipx cache Summary of IPX information

NetIron# show ipx interface IPX interface information

NetIron# show ipx routes IPX route information

NetIron# show ipx servers IPX servers defined for the router

NetIron# show ipx traffic IPX traffic statistics


17

Clear Commands

Sometimes it’s helpful to clear forwarding tables and/or route tablesSwitch and Router clear commands:(FastIron, TurboIron, BigIron)

TurboIron# clear arp Clears ARP tableTurboIron# clear mac-address Clears the MAC forwarding tablesTurboIron# clear statistics Clears all statistic counters.

Router-only clear commands:(NetIron, TurboIron, BigIron)

NetIron# clear ip route Clears IP route tables.NetIron# clear ip cache Clears IP host/MAC tablesNetIron# clear ipx route Clears IPX route tables.NetIron# clear ipx cache Clears IPX cache


18

Ping CommandHelpful when trying to verify connectivity

– Cannot be entered when in “configure” mode

– A few sample PING commands:FastIron> ping 192.190.10.10

FastIron# ping 192.190.10.10 count 100

FastIron> ping 192.190.10.10 size 1200

FastIron# ping 192.190.10.10 ttl 5 c 10 s 200

– Issues 10 pings with a time to live of 5 and each ping is 200 bytes

long

– Use “?” after the address for other options• ping <ip addr> [count <num>] [timeout <msec>] [ttl <num>] [size

<byte>] [no-fragment] [quiet] [verify] [data <1-to-4 byte hex#, e.g.

abcdef00>]


19

CLI Basics - Passwords

Factory Default = no passwords

Passwords can be up to 32 characters long

Multiple levels of password access– Access depends on which password you use

• Super User - Unlimited access, can change all parameters• Configure Port - Change interface level parameters • Read Only - View only, no changing allowed

BigIron(config)# enable super-user-password SuPswdBigIron(config)# enable port-config-password PCPswdBigIron(config)# enable read-only-password ROPswd

BigIron> enable PCPswdorBigIron> enable Password:

• If the system password is not yet set, the system warns youBigIron> enableNo password has been assigned yet...


20

Password Examples• Defining the Super-User password

ServerIron(config)#enable super-user-password SuPswdServerIron(config)#quitServerIron> enable SuPswd

• Port Config privilege only shows a limited set of commandsServerIron(config)#enable port-config-password PCPswdServerIron>enable PCPswdServerIron#conf tServerIron(config)#?

• Read Only privilege doesn’t allow you to go to Configuration LevelServerIron(config)#enable read-only-password ROPswdServerIron>enable ROPswd ServerIron#?

exitquitpingshowtelnet


21

CLI Basics - Passwords, recovering

You can recover from a forgotten password

– Requires direct access to the Serial Port and a System Reset

Have terminal session plugged into serial port, then:• Reboot the system

• Within 2 seconds, enter ‘b’ to initiate the boot monitor

BOOT MONITOR> no password (cannot be abbreviated)

BOOT MONITOR> boot system flash primary

This bypasses the system password checkFastIron> enableNo password has been assigned yet…

FastIron#

Reassign Super-User password & save configFastIron(config)#enab super-user NewPassword (assigns a new password)

FastIron(config)#write memory


22

Also specify passwords for:– Telnet Access

FastIron(config)#enable telnet password TelNetPswd

– Where Passwords can be changed fromFastIron(config)#password-change serial-port-only

• options: <any|serial-port-only|telnet-only>

Usernames / Password combinations– Specify Username, Password and Privilege Level

(config)#username BigKahuna priv 0 password BKpswd

• Privilege level: 0=Super-User, 4=Port-Config, 5=Read-only

– A Super-User account (or Super-User enable password) must be set before you can create lower-access accounts

– Passwords are stored in Config File ENCRYPTED (default)• or you can turn off encryption

(config)# no service password-encryption

– See “aaa authentication” command to enable Usernames

CLI Basics - Passwords


23

Passwords - aaa authentication typesAuthentication for the following access types

• Syntax:

• aaa authentication <snmp-server|web-server|enable|login> default<method1> [<method2> <method2> <method3> <method4> <method5> <method6>

<method7> ]

• aaa authentication {what access} default {how to validate}

aaa authentication snmp-server ...– SNMP applications - IronView, HPOV, Spectrum, etc.

aaa authentication web-server ...– Web Browser to Brocade Switches and Routers

aaa authentication enable ...– “enable” command to gain Priviledged EXEC and CONFIG level access

aaa authentication login ...– TELNET access to the Brocade Switch/Router


24

Passwords - aaa authentication methodsAthentication methods

• Syntax:• aaa authentication <snmp-server|web-server|enable|login> default

<method1> [<method2> <method2> <method3> <method4> <method5> <method6> <method7> ]

– If a method is NOT configured, use the next methodNOTE: not if it fails, not configured

tacacs, tacacs+, radius– Query a TACACS, TACACS+ or RADIUS server for

username/password local– Use locally defined username/password combinations

line– Use the TELNET access password

enable– Use the “enable” passwords (super-user, port-config, read-only)


25

Passwords - aaa authentication examplesSyntax:– aaa authentication {what access} default {how to validate}

Examples

aaa authentication login default local

• For TELNET access (“login”), use the locally defined usernames

aaa authentication enable default radius local

• To gain privileged EXEC/CONFIG access (“enable” command), query a configured RADIUS server; if not configured, fallback to locally defined usernames

aaa authentication web default radius local enable

• The Web Browser will first look at 1) RADIUS usernames, if not configured, 2) locally defined usernames, if not configured3) use the “enable” super-user, port-config, and read-only passwords


26

SNMP Configuration

SNMP required information:FastIron(config)# ip address 192.22.33.45 255.255.255.0

FastIron(config)# ip default-gateway 192.22.33.1

FastIron(config)# snmp-server contact “Bill Clinton”

FastIron(config)# snmp-server location the_white_house

FastIron(config)# snmp-server host 192.22.33.55 public

FastIron(config)# snmp-server community notsafe ro

FastIron(config)# snmp-server community safe rw

Note:The first two commands are valid for switches only. Routers would assign an IP address at the interface level, not at the global level.

NetIron(config) interface ethernet 9NetIron(config-if-9)# ip address 192.22.33.45 255.255.255.0


27

Web Browser GUI ConfigUse Netscape Navigator or Internet Explorer– Platform Independent (PC, Macintosh, Unix)– Graphical alternative to the CLI– Username & Password Access– Only one session

can be Read/Write– Multiple Read-

only sessions(password protected access)


28

Web Browser GUI Config - Passwords

Web Browser Username/Password– Read-only default Username/Password:

• Username : getPassword : public

– Must set a password via the Command Line Interface (CLI)• The default WEB GUI passwords are the SNMP Community names

BigIron(config)# snmp-server community notsafe ro

BigIron(config)# snmp-server community safe rw

Requires an IP address to “Web” to• Use the Serial Port to configure IP address

• Switches - IP address applies to all ports by default

• Routers - IP address is specific to one port (or group of ports)


29

Controlling Access

You can restrict Web,Telnet and SNMP access to a single management address:– BigIron(config)#web client 209.157.22.39– BigIron(config)#snmp-client 209.157.22.14– BigIron(config)#telnet client 209.157.22.26– BigIron(config)#all-client 209.157.22.69 for all three types

To disable Management completely:– BigIron(config)#no web-management– BigIron(config)#no telnet server– BigIron(config)#no snmp-server


30

Lab #1

Objective: Copy software file from TFTP Server to Switch.

NetIron12

34

56

78

FDXLink/Act

FDXLink/Act

910

1112

1314

1516

FDXLink/Act

FDXLink/Act

Power

Console

LinkActivity

LinkActivity

Serial Cable

Ethernet CablePC1 192.168.1.2

running a TFTP server

FESX-1 192.168.1.1


31

Lab #1a

Objective: Configure the Web interface to manage the switch

NetIron12

34

56

78

FDXLink/Act

FDXLink/Act

910

1112

1314

1516

FDXLink/Act

FDXLink/Act

Power

Console

LinkActivity

LinkActivity

Serial Cable

Ethernet Cable

FESX-1 192.168.1.1

PC1 192.168.1.2


32

Interface Configuration

Specific attributes of each port

– Speed • Auto-negotiate (default)

• Forced to 10 or 100Mbps-Full Duplex/Half Duplex

Examples:NetIron> enable passwordhere

NetIron# config term

NetIron(config)# interface e8

NetIron(config-if-8)# speed-duplex 100-half

NetIron(config-if-8)# speed 10-full

NetIron(config-if-8)# speed auto

NetIron(config-if-8)# interface e12

NetIron(config-if-12)# speed 100-full

NetIron(config-if-12)# end

NetIron# write mem


33

Other attributes assigned to a portNetIron(config-if-8)# show interface brief

Port Link State Duplex Speed Tag Priority MAC Trunk

01 Down None None None No Normal 00e0.5200.0385 1

02 Down None None None No Normal 00e0.5200.0386 1

03 Down None None None No Normal 00e0.5200.0387 None



06 Down None None None No Normal 00e0.5200.038a None

07 Down None None None No Normal 00e0.5200.038b None

08 Down None None None No Normal 00e0.5200.038c None

09 Up Listen Full 100M Yes Normal 00e0.5200.038d None

10 Up Forward Full 100M No Normal 00e0.5200.038e None

11 Down None None None No Normal 00e0.5200.038f None


Interface Configuration

Current Link StateUp or Down

Spanning Tree StateForward, Listen, etc.

Current Duplex StateFull or Half None = no link state

Current Speed10M, 100M, 1G

802.1q Tagged or not

QoS Priority, Normal, High

Is this port part of a Trunk Group?(Trunk Group #)


34

Trunk Groups - Between Switches & Routers

Combine 2-to-4 physical ports into one logical pipe between Switches and Routers

• Less than one second failover to remaining links

FastIron Backbone12

34

56

78

FDXLink/Act

FDXLink/Act

910

1112

1314

1516

FDXLink/Act

FDXLink/ActPower

Console

LinkActivity

LinkActivity

TurboIron

LinkActivity

1 2

LinkActivity

3 4

Power

Console

LinkActivity

LinkActivity

Two Gigabit ports for 4Gbps (Full Duplex)

FastIron Workgroup12

34

56

78

FDXLink/Act

FDXLink/Act

910

1112

1314

1516

FDXLink/Act

FDXLink/Act

Power

Console

LinkActivity

LinkActivity


35

Trunk Groups - Multi-homed Servers

Multi-Homed Server

– Quad Fast Ethernet NIC– Multiple Fast Ethernet NICs– Configure NIC(s) with same MAC/IP address

Up to Four 100Mb links per server

Link Redundancy

Load balancing based on session counts


34

56

78

FDXLink/Act

FDXLink/Act

910

1112

1314

1516

FDXLink/Act

FDXLink/Act

Power

Console

LinkActivity

LinkActivity


36


34

56

78

FDX100

Link / Act

FDX100

Link / Act

910

1112

1314

1516

FDX100

Link / Act

FDX100

Link / Act

FDX100

Link / Act

FDX100

Link / Act

Console

LinkActivity

• 2-port trunk groups must start on odd #’d ports • 4-port trunk groups must start on ports

1, 5, 9, 13, 17 or 21

• Port assignment must be contiguous•1-2, 1-3, 1-4 or 9-10, 9-12, etc.

• Trunk ports cannot cross above groups• All interface parameters in a group must match

•Port Tag-type (tagged/untagged)•Port Speed and Duplex•QoS priority

Trunk Groups – Rules


37

Configured trunks:Trunk Group Ports

1 1 2 3Operational trunks:Trunk Group Ports Duplex Speed Tag Priority

1 1 2 3 Full 100M No High

•A switch-to-server trunk group•FastIron(config)# trunk server e1 to 3

A switch-to-switch trunk group FastIron(config)# trunk switch e17 to 18

Trunk Groups - Configuration Examples

Fas

Power

Console

LinkActivity

LinkActiv

Fas

Power

Console

LinkActivity

LinkActiv

oup12

34

56

78

FDXLink/Act

FDXLink/Act

•Display all defined trunk groupsFastIron# show trunk


38

SwitchSwitch

Src-Mac-A

Src-Mac-B

Dest-Mac-C

Dest-Mac-A

Dest-Mac-B

Src-Mac-C

Src-Mac-D

Server vs. Switch TrunksSwitch to Switch Trunk Groups distribute load based on destination MAC address


39

Src-Mac-C’

Server1 MAC

address

Server vs. Switch TrunksSwitch to Server Trunk Groups distribute load based on source MAC address(IP traffic uses Source & Dest IP address)

IP traffic load balanced by Src & Dest IP address. All other type of traffic, balance by Src MAC only

Non-IP traffic: If most of the traffic comes in through a single router, the router’s MAC is the source address, not the stations behind it.The Trunk group provides redundancy, but not load balancing

Switch

Router

Src-Mac-C

Src-Mac-D

Src-Mac-A

Src-Mac-B


40

Lab#2 Trunk GroupsObjective: Configure Trunk groups and verify operation:

Useful Commands:

show trunk

show interface brief

192.168.1.2


34

56

78

FDX100

Link / Act

FDX100

Link / Act

910

1112

1314

1516

FDX100

Link / Act

FDX100

Link / Act

1718

1920

2122

2324

FDX100

Link / Act

FDX100

Link / ActPower

Console

LinkActivity

LinkActivity


34

56

78

FDX100

Link / Act

FDX100

Link / Act

910

1112

1314

1516

FDX100

Link / Act

FDX100

Link / Act

1718

1920

2122

2324

FDX100

Link / Act

FDX100

Link / ActPower

Console

LinkActivity

LinkActivity

Trunk Group

PC1

PC2192.168.1.3

FESX-1 192.168.1.1

FESX-2 192.168.1.4

Thank You

Date post:	04-Oct-2014
Category:	Documents
Upload:	dpsguard-buy8922
View:	635 times
Download:	10 times

Brocade CLI

Documents