User manual ALCATEL-LUCENT OMNISWITCH 8800-7700-7800 - SWITCH MANAGEMENT GUIDE

Part No. 060159-10, Rev. J April 2006 OmniSwitch 7700/7800 OmniSwitch 8800 Switch Management Guide www.alcatel.com This user guide documents release 5.4 of the OmniSwitch 7700, 7800, and 8800. The functionality described in this guide is subject to change without notice. Copyright © 2006 by Alcatel Internetworking, Inc. All rights reserved. This document may not be reproduced in whole or in part without the express written permission of Alcatel Internetworking, Inc. Alcatel® and the Alcatel logo are registered trademarks of Alcatel. Xylan®, OmniSwitch®, OmniStack®, and Alcatel OmniVista® are registered trademarks of Alcatel Internetworking, Inc. OmniAccessTM, Omni Switch/RouterTM, PolicyViewTM, RouterViewTM, SwitchManagerTM, VoiceViewTM, WebViewTM, X-CellTM, X-VisionTM, and the Xylan logo are trademarks of Alcatel Internetworking, Inc. This OmniSwitch product contains components which may be covered by one or more of the following U.S. Patents: · U.S. Patent No. 6,339,830 · U.S. Patent No. 6,070,243 · U.S. Patent No. 6,061,368 · U.S. Patent No. 5,394,402 · U.S. Patent No. 6,047,024 · U.S. Patent No. 6,314,106 · U.S. Patent No. 6,542,507 · U.S. Patent No. 6,874,090 26801 West Agoura Road Calabasas, CA 91301 (818) 880-3500 FAX (818) 880-3505 info@ind.alcatel.com US Customer Support--(800) 995-2696 International Customer Support--(818) 878-4507 Internet--http://eservice.ind.alcatel.com ii OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 Contents About This Guide .......................................................................................................... xi Supported Platforms .......................................................................................................... xi Who Should Read this Manual? ......................................................................................xiii When Should I Read this Manual? ..................................................................................xiii What is in this Manual? ...................................................................................................xiii What is Not in this Manual? ............................................................................................xiii How is the Information Organized? ................................................................................ xiv Documentation Roadmap ................................................................................................ xiv Related Documentation ................................................................................................... xvi User Manuals Web Site .................................................................................................. xvii Technical Support .......................................................................................................... xvii Chapter 1 Logging Into the Switch ............................................................................................ 1-1 In This Chapter ................................................................................................................1-1 Login Specifications ........................................................................................................1-2 Login Defaults .................................................................................................................1-2 Quick Steps for Logging Into the Switch ........................................................................1-3 Overview of Switch Login Components .........................................................................1-4 Management Interfaces ............................................................................................1-4 Logging Into the CLI .........................................................................................1-4 Using the WebView Management Tool ............................................................1-5 Using SNMP to Manage the Switch ..................................................................1-5 User Accounts ..........................................................................................................1-5 Using Telnet ....................................................................................................................1-6 Logging Into the Switch Via Telnet .........................................................................1-6 Starting a Telnet Session from the Switch ...............................................................1-6 Using FTP .......................................................................................................................1-7 Using FTP to Log Into the Switch ...........................................................................1-7 Using Secure Shell ..........................................................................................................1-8 Secure Shell Components .........................................................................................1-8 Secure Shell Interface ........................................................................................1-8 Secure Shell File Transfer Protocol ...................................................................1-8 Secure Shell Application Overview .........................................................................1-9 Secure Shell Authentication ...................................................................................1-10 Protocol Identification .....................................................................................1-10 Algorithm and Key Exchange .........................................................................1-10 OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 iii Contents Authentication Phase .......................................................................................1-10 Connection Phase ............................................................................................1-11 Starting a Secure Shell Session ..............................................................................1-11 Closing a Secure Shell Session ..............................................................................1-13 Log Into the Switch with Secure Shell FTP ...........................................................1-13 Closing a Secure Shell FTP Session ......................................................................1-14 Modifying the Login Banner .........................................................................................1-15 Modifying the Text Display Before Login .............................................................1-16 Configuring Login Parameters ......................................................................................1-17 Configuring the Inactivity Timer ..................................................................................1-17 Enabling the DNS Resolver ..........................................................................................1-18 Verifying Login Settings ...............................................................................................1-18 Chapter 2 Managing System Files ............................................................................................. 2-1 In This Chapter ................................................................................................................2-1 File Management Specifications .....................................................................................2-2 File Management Overview ............................................................................................2-3 File Transfer .............................................................................................................2-3 Switch Directories ....................................................................................................2-4 File and Directory Management ......................................................................................2-5 Using Wildcards .......................................................................................................2-7 Multiple Characters ...........................................................................................2-7 Single Characters ...............................................................................................2-7 Directory Commands ...............................................................................................2-8 Determining Your Location in the File Structure ..............................................2-8 Changing Directories .........................................................................................2-9 Displaying Directory Contents ........................................................................2-10 Making a New Directory .................................................................................2-11 Displaying Directory Contents Including Subdirectories ................................2-12 Copying an Existing Directory ........................................................................2-12 Removing a Directory and its Contents ...........................................................2-13 File Commands ......................................................................................................2-14 Creating or Modifying Files ............................................................................2-14 Copying an Existing File .................................................................................2-14 Moving a File or Directory ..............................................................................2-15 Changing File Attribute and Permissions ........................................................2-16 Deleting a File .................................................................................................2-16 Utility Commands ..................................................................................................2-16 Displaying Free Memory Space ......................................................................2-16 Performing a File System Check .....................................................................2-16 Deleting the Entire File System .......................................................................2-17 Loading Software onto the Switch ................................................................................2-18 Using the Switch as an FTP Server ........................................................................2-18 Using the Switch as an FTP Client .........................................................................2-20 Using Secure Shell FTP .........................................................................................2-22 Closing a Secure Shell FTP Session ......................................................................2-22 Using Zmodem .......................................................................................................2-23 iv OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 Contents Registering Software Image Files .................................................................................2-24 Directories on the Switch .......................................................................................2-24 Using the Install Command ....................................................................................2-25 Available Image Files .............................................................................................2-26 Application Examples for File Management ................................................................2-27 Creating a File Directory on the Switch .................................................................2-27 Transferring a File to the Switch Using FTP .........................................................2-28 FTP Client Application Example ....................................................................2-29 Creating a File Directory Using Secure Shell FTP ................................................2-31 Transfer a File Using Secure Shell FTP .................................................................2-32 Closing a Secure Shell FTP Session ......................................................................2-32 Verifying Directory Contents ........................................................................................2-32 Setting the System Clock ..............................................................................................2-33 Setting Date and Time ............................................................................................2-33 Date ..................................................................................................................2-33 Time Zone .......................................................................................................2-33 Time .................................................................................................................2-34 Daylight Savings Time Configuration ...................................................................2-35 Enabling DST ..................................................................................................2-36 Chapter 3 Configuring Network Time Protocol (NTP) .......................................................... 3-1 In This Chapter ................................................................................................................3-1 NTP Specifications ..........................................................................................................3-2 NTP Defaults Table .........................................................................................................3-2 NTP Quick Steps .............................................................................................................3-3 NTP Overview ................................................................................................................3-4 Stratum .....................................................................................................................3-5 Using NTP in a Network ..........................................................................................3-5 Authentication ..........................................................................................................3-7 Configuring NTP .............................................................................................................3-8 Configuring the OmniSwitch as a Client .................................................................3-8 NTP Servers .............................................................................................................3-9 Using Authentication ..............................................................................................3-10 Verifying NTP Configuration .......................................................................................3-11 Chapter 4 Managing CMM Directory Content ....................................................................... 4-1 In This Chapter ................................................................................................................4-1 CMM Specifications .......................................................................................................4-2 CMM Files ......................................................................................................................4-3 CMM Directory Structure ........................................................................................4-3 Where is the Switch Running From? .................................................................4-4 Software Rollback Feature .......................................................................................4-4 Software Rollback Configuration Scenarios .....................................................4-5 CMM Redundancy ...................................................................................................4-8 OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 v Contents Managing the Directory Structure of the CMM (Non-Redundant) ................................4-9 Rebooting the Switch ...............................................................................................4-9 Copying the Running Configuration to the Working Directory ............................4-11 Rebooting from the Working Directory .................................................................4-13 Copying the Working Directory to the Certified Directory ...................................4-15 Copying the Certified Directory to the Working Directory ...................................4-16 Show Currently Used Configuration ......................................................................4-17 Show Switch Files ..................................................................................................4-18 Managing Redundant CMMs ........................................................................................4-19 Rebooting the Switch .............................................................................................4-19 Copying the Working Directory to the Certified Directory ...................................4-20 Synchronizing the Primary and Secondary CMMs ................................................4-21 Swapping the Primary CMM for the Secondary CMM .........................................4-23 Show Currently Used Configuration ......................................................................4-24 NI Module Behavior During Takeover ...........................................................4-24 Emergency Restore of the boot.cfg File ........................................................................4-25 Can I Restore the boot.file While Running from Certified? ..................................4-25 Displaying CMM Conditions ........................................................................................4-26 Chapter 5 Using the CLI ............................................................................................................... 5-1 In This Chapter ................................................................................................................5-1 CLI Specifications ...........................................................................................................5-2 CLI Overview ..................................................................................................................5-2 Online Configuration ................................................................................................5-2 Offline Configuration Using Configuration Files ....................................................5-3 Command Entry Rules and Syntax .................................................................................5-3 Text Conventions .....................................................................................................5-3 Using "Show" Commands .......................................................................................5-4 Using the "No" Form ...............................................................................................5-4 Using "Alias" Commands ........................................................................................5-4 Partial Keyword Completion ....................................................................................5-5 Command Help ...............................................................................................................5-5 Tutorial for Building a Command Using Help .........................................................5-7 CLI Services ....................................................................................................................5-9 Command Line Editing ............................................................................................5-9 Deleting Characters ...........................................................................................5-9 Recalling the Previous Command Line ...........................................................5-10 Inserting Characters .........................................................................................5-10 Syntax Checking ....................................................................................................5-11 Prefix Recognition ..................................................................................................5-11 Example for Using Prefix Recognition ...........................................................5-12 Prefix Prompt ...................................................................................................5-13 Command History ..................................................................................................5-13 vi OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 Contents Logging CLI Commands and Entry Results .................................................................5-15 Enabling Command Logging ..........................................................................5-15 Disabling Command Logging .........................................................................5-15 Viewing the Current Command Logging Status .............................................5-16 Viewing Logged CLI Commands and Command Entry Results ....................5-16 Customizing the Screen Display ...................................................................................5-17 Changing the Screen Size .......................................................................................5-17 Changing the CLI Prompt ......................................................................................5-17 Displaying Table Information ................................................................................5-18 Filtering Table Information ....................................................................................5-19 Multiple User Sessions ..................................................................................................5-20 Listing Other User Sessions ...................................................................................5-20 Listing Your Current Login Session ......................................................................5-21 Application Example .....................................................................................................5-22 Using a Wildcard to Filter Table Information ........................................................5-22 Chapter 6 Working With Configuration Files ......................................................................... 6-1 In This Chapter ................................................................................................................6-1 Configuration File Specifications ...................................................................................6-2 Tutorial for Creating a Configuration File ......................................................................6-2 Quick Steps for Applying Configuration Files ...............................................................6-4 Setting a File for Immediate Application .................................................................6-4 Setting an Application Session for a Date and Time ...............................................6-4 Setting an Application Session for a Specified Time Period ...................................6-5 Configuration Files Overview .........................................................................................6-6 Applying Configuration Files to the Switch ............................................................6-6 Verifying a Timed Session ................................................................................6-7 Cancelling a Timed Session ..............................................................................6-7 Configuration File Error Reporting ...................................................................6-7 Setting the Error File Limit ...............................................................................6-8 Verbose Mode ...................................................................................................6-8 Displaying a Text File ..............................................................................................6-9 Text Editing on the Switch .......................................................................................6-9 Invoke the "Vi" Editor .......................................................................................6-9 Creating Snapshot Configuration Files .........................................................................6-10 Snapshot Feature List .............................................................................................6-10 User-Defined Naming Options ........................................................................6-11 Editing Snapshot Files .....................................................................................6-11 Verifying File Configuration .........................................................................................6-13 Chapter 7 Managing Switch User Accounts ............................................................................ 7-1 In This Chapter ................................................................................................................7-1 User Database Specifications ..........................................................................................7-2 User Account Defaults ....................................................................................................7-2 OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 vii Contents Overview of User Accounts ............................................................................................7-3 Startup Defaults ........................................................................................................7-4 Quick Steps for Creating Network Administrator User Accounts ...........................7-5 Quick Steps for Creating Customer Login User Accounts ......................................7-6 Default User Settings ...............................................................................................7-7 How User Settings Are Saved ..................................................................................7-7 Creating a User ................................................................................................................7-8 Removing a User ......................................................................................................7-8 User-Configured Password ......................................................................................7-8 Setting a Minimum Password Size ...........................................................................7-9 Configuring Password Expiration ............................................................................7-9 Default Password Expiration .............................................................................7-9 Specific User Password Expiration .................................................................7-10 Configuring Privileges for a User .................................................................................7-11 Setting Up SNMP Access for a User Account ..............................................................7-13 SNMP Access Without Authentication/Encryption ...............................................7-13 SNMP Access With Authentication/Encryption ....................................................7-14 Removing SNMP Access From a User ..................................................................7-14 Setting Up End-User Profiles ........................................................................................7-15 Creating End-User Profiles ....................................................................................7-16 Setting Up Port Ranges in a Profile .......................................................................7-16 Setting Up VLAN Ranges in a Profile ...................................................................7-16 Associating a Profile With a User ..........................................................................7-17 Removing a Profile From the Configuration ..........................................................7-17 Verifying the User Configuration .................................................................................7-17 Chapter 8 Managing Switch Security ........................................................................................ 8-1 In This Chapter ................................................................................................................8-1 Switch Security Specifications ........................................................................................8-2 Switch Security Defaults .................................................................................................8-2 Switch Security Overview ...............................................................................................8-3 Authenticated Switch Access ..........................................................................................8-4 AAA Servers--RADIUS or LDAP ..........................................................................8-4 Authentication-only--ACE/Server ..........................................................................8-4 Interaction With the User Database .........................................................................8-5 ASA and Authenticated VLANs ..............................................................................8-5 Configuring Authenticated Switch Access .....................................................................8-6 Quick Steps for Setting Up ASA ....................................................................................8-7 Setting Up Management Interfaces .................................................................................8-9 Enabling Switch Access .........................................................................................8-10 Configuring the Default Setting .............................................................................8-10 Using Secure Shell .................................................................................................8-11 Configuring Accounting for ASA .................................................................................8-12 Verifying Switch Security Configuration .....................................................................8-13 viii OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 Contents Chapter 9 Using WebView ........................................................................................................... 9-1 In This Chapter ................................................................................................................9-1 WebView CLI Defaults ...................................................................................................9-2 Browser Setup .................................................................................................................9-2 WebView CLI Commands ..............................................................................................9-3 Enabling/Disabling WebView ..................................................................................9-3 Enabling/Disabling SSL ...........................................................................................9-3 Quick Steps for Setting Up WebView ............................................................................9-4 WebView Overview ........................................................................................................9-4 WebView Page Layout .............................................................................................9-4 Banner ................................................................................................................9-5 Toolbar ..............................................................................................................9-5 Feature Options .................................................................................................9-6 View/Configuration Area ..................................................................................9-6 Configuring the Switch With WebView .........................................................................9-7 Accessing WebView ................................................................................................9-7 Home Page ...............................................................................................................9-8 Configuration Page ...................................................................................................9-9 Global Configuration Page ................................................................................9-9 Table Configuration Page ................................................................................9-10 Table Features .................................................................................................9-13 Adjacencies ............................................................................................................9-17 WebView Help ..............................................................................................................9-18 General WebView Help .........................................................................................9-18 Specific-page Help .................................................................................................9-18 Chapter 10 Using SNMP ............................................................................................................... 10-1 In This Chapter ..............................................................................................................10-1 SNMP Specifications ....................................................................................................10-2 SNMP Defaults .............................................................................................................10-2 Quick Steps for Setting Up An SNMP Management Station .......................................10-3 Quick Steps for Setting Up Trap Filters ........................................................................10-4 Filtering by Trap Families ......................................................................................10-4 Filtering by Individual Traps ..................................................................................10-5 SNMP Overview ...........................................................................................................10-6 SNMP Operations ..................................................................................................10-6 Using SNMP for Switch Management ...................................................................10-7 Setting Up an SNMP Management Station .....................................................10-7 SNMP Versions ......................................................................................................10-7 SNMPv1 ..........................................................................................................10-7 SNMPv2 ..........................................................................................................10-8 SNMPv3 ..........................................................................................................10-8 SNMP Traps Table .................................................................................................10-9 OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 ix Contents Using SNMP For Switch Security ..............................................................................10-26 Community Strings (SNMPv1 and SNMPv2) .....................................................10-26 Configuring Community Strings ...................................................................10-26 Encryption and Authentication (SNMPv3) ..........................................................10-27 Configuring Encryption and Authentication .................................................10-27 Setting SNMP Security .................................................................................10-28 Working with SNMP Traps ........................................................................................10-29 Trap Filtering ........................................................................................................10-29 Filtering by Trap Families .............................................................................10-29 Filtering By Individual Trap ..........................................................................10-29 Authentication Trap ..............................................................................................10-30 Trap Management ................................................................................................10-30 Replaying Traps .............................................................................................10-30 Absorbing Traps ............................................................................................10-30 Sending Traps to WebView ...........................................................................10-30 SNMP MIB Information .............................................................................................10-31 MIB Tables ...........................................................................................................10-31 MIB Table Description ..................................................................................10-31 Industry Standard MIBs .......................................................................................10-32 Enterprise (Proprietary) MIBs ..............................................................................10-37 Verifying the SNMP Configuration ............................................................................10-41 Appendix A Software License and Copyright Statements A-1 Alcatel License Agreement ............................................................................................ A-1 ALCATEL INTERNETWORKING, INC. ("AII") SOFTWARE LICENSE AGREEMENT ................................................................ A-1 Third Party Licenses and Notices .................................................................................. A-4 A. Booting and Debugging Non-Proprietary Software .......................................... A-4 B. The OpenLDAP Public License: Version 2.4, 8 December 2000 ..................... A-4 C. Linux .................................................................................................................. A-5 D. GNU GENERAL PUBLIC LICENSE: Version 2, June 1991 .......................... A-5 E. University of California ................................................................................... A-10 F. Carnegie-Mellon University ............................................................................ A-10 G. Random.c ......................................................................................................... A-10 H. Apptitude, Inc. ................................................................................................. A-11 I. Agranat ............................................................................................................. A-11 J. RSA Security Inc. ............................................................................................ A-11 K. Sun Microsystems, Inc. .................................................................................... A-11 L. Wind River Systems, Inc. ................................................................................ A-12 M. Network Time Protocol Version 4 ................................................................... A-12 Index ...................................................................................................................... Index-1 x OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 About This Guide This OmniSwitch 7700/7800/8800 Switch Management Guide describes basic attributes of your switch and basic switch administration tasks. The software features described in this manual are shipped standard with your OmniSwitch 7700, 7800, or 8800. These features are used when readying a switch for integration into a live network environment. Supported Platforms The information in this guide applies to the following products: · OmniSwitch 7700 · OmniSwitch 7800 · OmniSwitch 8800 The OmniSwitch 7700 includes 10 slots for high performance 10/100 Ethernet and Gigabit Ethernet Network Interface (NI) modules. The OmniSwitch 7800 includes 18 slots for high performance 10/100 Ethernet and Gigabit Ethernet NI modules. The OmniSwitch 8800 includes 18 slots for high performance 10/100 Ethernet and Gigabit Ethernet NI modules. Unsupported Platforms The information in this guide does not apply to the following products: · OmniSwitch (original version with no numeric model name) · OmniSwitch 6624 · OmniSwitch 6648 · OmniSwitch 6600-U24 · OmniSwitch 6600-P24 · OmniSwitch 6602-24 · OmniSwitch 6602-48 · OmniSwitch 6800-24 · OmniSwitch 6800-48 · OmniSwitch 6800-U24 · OmniSwitch 6800-24L · OmniSwitch 6800-48L OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 page xi Supported Platforms About This Guide · OmniSwitch 6850 · OmniSwitch 9700 · Omni Switch/Router · OmniStack · OmniAccess page xii OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 About This Guide Who Should Read this Manual? Who Should Read this Manual? The audience for this user guide is network administrators and IT support personnel who need to configure, maintain, and monitor switches and routers in a live network. However, anyone wishing to gain knowledge on how fundamental software features are implemented in the OmniSwitch 7700, 7800, or 8800 will benefit from the material in this configuration guide. When Should I Read this Manual? Read this guide as soon as your switch is up and running and you are ready to familiarize yourself with basic software functions. You should have already stepped through the first login procedures and read the brief software overviews in your OmniSwitch Getting Started Guide. You should have already set up a switch password and be familiar with the very basics of the switch software. This manual will help you understand the switch's directory structure, the Command Line Interface (CLI), configuration files, basic security features, and basic administrative functions. The features and procedures in this guide will help form a foundation that will allow you to configure more advanced switching and routing features later. What is in this Manual? This configuration guide includes information about the following features: · Basic switch administrative features, such as file editing utilities, procedures for loading new software, and setting up system information (name of switch, date, time). · Configurations files, including snapshots, off-line configuration, time-activated file download. · The CLI, including on-line configuration, command-building help, syntax error checking, and line edit- ing. · Basic security features, such as switch access control and customized user accounts. · SNMP · Web-based management (WebView) What is Not in this Manual? The configuration procedures in this manual primarily use Command Line Interface (CLI) commands in examples. CLI commands are text-based commands used to manage the switch through serial (console port) connections or via Telnet sessions. This guide does include introductory chapters for alternative methods of managing the switch, such as web-based (WebView) and SNMP management. However the primary focus of this guide is managing the switch through the CLI. Further information on WebView can be found in the context-sensitive on-line help available with that application. This guide does not include documentation for the OmniVista network management system. However, OmniVista includes a complete context-sensitive on-line help system. OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 page xiii How is the Information Organized? About This Guide This guide provides overview material on software features, how-to procedures, and tutorials that will enable you to begin configuring your OmniSwitch. However, it is not intended as a comprehensive reference to all CLI commands available in the OmniSwitch. For such a reference to all OmniSwitch 7700/ 7800/8800 CLI commands, consult the OmniSwitch CLI Reference Guide. How is the Information Organized? Chapters in this guide are broken down by software feature. The titles of each chapter include protocol or features names (e.g., 802.1Q, RIP, server load balancing) with which most network professionals will be familiar. Each software feature chapter includes sections that will satisfy the information requirements of casual readers, rushed readers, serious detail-oriented readers, advanced users, and beginning users. Quick Information. Most chapters include a specifications table that lists RFCs and IEEE specifications supported by the software feature. In addition, this table includes other pertinent information such as minimum and maximum values and sub-feature support. Most chapters also include a defaults table that lists the default values for important parameters along with the CLI command used to configure the parameter. Many chapters include a Quick Steps section, which is a procedure covering the basic steps required to get a software feature up and running. In-Depth Information. All chapters include overview sections on the software feature as well as on selected topics of that software feature. Topical sections may often lead into procedure sections that describe how to configure the feature just described. Serious readers and advanced users will also find the many application examples, located near the end of chapters, helpful. Application examples include diagrams of real networks and then provide solutions using the CLI to configure a particular feature, or more than one feature, within the illustrated network. Documentation Roadmap The OmniSwitch user documentation suite was designed to supply you with information at several critical junctures of the configuration process. The following section outlines a roadmap of the manuals that will help you at each stage of the configuration process. Under each stage, we point you to the manual or manuals that will be most helpful to you. Stage 1: Using the Switch for the First Time Pertinent Documentation: OmniSwitch 7700/7800 Getting Started Guide OmniSwitch 8800 Getting Started Guide Release Notes A hard-copy OmniSwitch 7700/7800 Getting Started Guide is included with OmniSwitch 7700/7800 switches and a hard-copy OmniSwitch 8800 Getting Started Guide is included with OmniSwitch 8800 switches; these guides provide all the information you need to get your switch up and running the first time. These guides provide information on unpacking the switch, rack mounting the switch, installing NI modules, unlocking access control, setting the switch's IP address, and setting up a password. They also include succinct overview information on fundamental aspects of the switch, such as hardware LEDs, the software directory structure, CLI conventions, and web-based management. At this time you should also familiarize yourself with the Release Notes that accompanied your switch. This document includes important information on feature limitations that are not included in other user guides. page xiv OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 About This Guide Documentation Roadmap Stage 2: Gaining Familiarity with Basic Switch Functions Pertinent Documentation: OmniSwitch 7700/7800 Hardware Users Guide OmniSwitch 8800 Hardware Users Guide OmniSwitch 7700/7800/8800 Switch Management Guide Once you have your switch up and running, you will want to begin investigating basic aspects of its hard ware and software. Information about OmniSwitch 7700/7800 hardware is provided in the OmniSwitch 7700/7800 Hardware Users Guide. Information about OmniSwitch 8800 hardware is provided in the OmniSwitch 8800 Hardware Users Guide. These guides provide specifications, illustrations, and descriptions of all hardware components--chassis, power supplies, Chassis Management Modules (CMMs), Network Interface (NI) modules, and cooling fans. They also include steps for common procedures, such as removing and installing switch components. The OmniSwitch 7700/7800/8800 Switch Management Guide is the primary user guide for the basic software features on a single switch. This guide contains information on the switch directory structure, basic file and directory utilities, switch access security, SNMP, and web-based management. It is recommended that you read this guide before connecting your switch to the network. Stage 3: Integrating the Switch Into a Network Pertinent Documentation: OmniSwitch 7700/7800/8800 Network Configuration Guide OmniSwitch 7700/7800/8800 Advanced Routing Configuration Guide When you are ready to connect your switch to the network, you will need to learn how the OmniSwitch implements fundamental software features, such as 802.1Q, VLANs, Spanning Tree, and network routing protocols. The OmniSwitch 7700/7800/8800 Network Configuration Guide contains overview information, procedures, and examples on how standard networking technologies are configured in the OmniSwitch 7700, 7800, and 8800. The OmniSwitch 7700/7800/8800 Advanced Routing Configuration Guide includes configuration information for networks using advanced routing technologies, such as OSPF, BGP, and multicast routing protocols (DVMRP and PIM-SM). Anytime The OmniSwitch CLI Reference Guide contains comprehensive information on all CLI commands supported by the switch. This guide includes syntax, default, usage, example, related CLI command, and CLI-to-MIB variable mapping information for all CLI commands supported by the switch. This guide can be consulted anytime during the configuration process to find detailed and specific information on each CLI command. OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 page xv Related Documentation About This Guide Related Documentation The following are the titles and descriptions of all the OmniSwitch 7700/7800/8800 user manuals: · OmniSwitch 7700/7800 Getting Started Guide Describes the hardware and software procedures for getting an OmniSwitch 7700/7800 up and running. Also provides information on fundamental aspects of OmniSwitch software architecture. · OmniSwitch 8800 Getting Started Guide Describes the hardware and software procedures for getting an OmniSwitch 8800 up and running. Also provides information on fundamental aspects of OmniSwitch software architecture. · OmniSwitch 7700/7800 Hardware Users Guide Complete technical specifications and procedures for all OmniSwitch 7700/7800 chassis, power supplies, Chassis Management Modules (CMMs), fans, and Network Interface (NI) modules. · OmniSwitch 8800 Hardware Users Guide Complete technical specifications and procedures for all OmniSwitch 8800 chassis, power supplies, Chassis Management Modules (CMMs), Switch Fabric Modules (SFMs), fans, and Network Interface (NI) modules. · OmniSwitch CLI Reference Guide Complete reference to all CLI commands supported on the OmniSwitch 6624, 6648, 7700, 7800, and 8800. Includes syntax definitions, default values, examples, usage guidelines, and CLI-to-MIB variable mappings. · OmniSwitch 7700/7800/8800 Switch Management Guide Includes procedures for readying an individual switch for integration into a network. Topics include the software directory architecture, image rollback protections, authenticated switch access, managing switch files, system configuration, using SNMP, and using web management software (WebView). · OmniSwitch 7700/7800/8800 Network Configuration Guide Includes network configuration procedures and descriptive information on all the major software features and protocols included in the base software package. Chapters cover Layer 2 information (Ethernet and VLAN configuration), Layer 3 information (routing protocols, such as RIP and IPX), security options (authenticated VLANs), Quality of Service (QoS), link aggregation, and server load balancing. · OmniSwitch 7700/7800/8800 Advanced Routing Configuration Guide Includes network configuration procedures and descriptive information on all the software features and protocols included in the advanced routing software package. Chapters cover multicast routing (DVMRP and PIM-SM), OSPF, and BGP. · Technical Tips, Field Notices Includes information published by Alcatel's Customer Support group. · Release Notes Includes critical Open Problem Reports, feature exceptions, and other important information on the features supported in the current release and any limitations to their support. page xvi OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 About This Guide User Manuals Web Site User Manuals Web Site All related user guides for the OmniSwitch 7700, 7800, and 8800 can be found on our web site at http://www.alcatel.com/enterprise/en/resource_library/user_manuals.html All documentation on the User Manual web site is in PDF format and requires the Adobe Acrobat Reader program for viewing. Acrobat Reader freeware is available at www.adobe.com. Note. When printing pages from the documentation PDFs, de-select Fit to Page if it is selected in your print dialog. Otherwise pages may print with slightly smaller margins. Technical Support An Alcatel service agreement brings your company the assurance of 7x24 no-excuses technical support. You'll also receive regular software updates to maintain and maximize your Alcatel product's features and functionality and on-site hardware replacement through our global network of highly qualified service delivery partners. Additionally, with 24-hour-a-day access to Alcatel's Service and Support web page, you'll be able to view and update any case (open or closed) that you have reported to Alcatel's technical support, open a new case or access helpful release notes, technical bulletins, and manuals. For more information on Alcatel's Service Programs, see our web page at eservice.ind.alcatel.com, call us at 1-800-9952696, or email us at support@ind.alcatel.com. OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 page xvii Technical Support About This Guide page xviii OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 Logging Into the Switch In This Chapter 1 Logging Into the Switch Logging into the switch may be done locally or remotely. Management tools include: the Command Line Interface (CLI), which may be accessed locally via the console port, or remotely via Telnet; WebView, which requires an HTTP client (browser) on a remote workstation; and SNMP, which requires an SNMP manager (such as Alcatel's OmniVista or HP OpenView) on the remote workstation. Secure sessions are available using the Secure Shell interface. File transfers can be done via FTP or Secure Shell FTP. In This Chapter This chapter describes the basics of logging into the switch to manage the switch through the CLI. It includes information about using Telnet, FTP, and Secure Shell for logging into the switch as well as information about using the switch to start a Telnet or Secure Shell session on another device. It also includes information about managing sessions and specifying a DNS resolver. For more details about the syntax of referenced commands, see the OmniSwitch CLI Reference Guide. Configuration procedures described in this chapter include: · "Quick Steps for Logging Into the Switch" on page 1-3 · "Using Telnet" on page 1-6 · "Using FTP" on page 1-7 · "Using Secure Shell" on page 1-8 · "Modifying the Login Banner" on page 1-15 · "Configuring Login Parameters" on page 1-17 · "Enabling the DNS Resolver" on page 1-18 Management access is disabled (except through the console port) unless specifically enabled by a network administrator. For more information about management access and methods, use the table here as a guide: For more information about... Enabling or "unlocking" management interfaces on the switch Authenticating users to manage the switch Creating user accounts directly on the switch Using the CLI Using WebView to manage the switch Using SNMP to manage the switch See... Getting Started Guide or Chapter 8, "Managing Switch Security" Chapter 8, "Managing Switch Security" Chapter 7, "Managing Switch User Accounts" Chapter 5, "Using the CLI" Chapter 9, "Using WebView" Chapter 10, "Using SNMP" OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 page 1-1 Login Specifications Logging Into the Switch Login Specifications Telnet clients supported FTP clients supported HTTP (WebView) clients supported Any standard Telnet client. Any standard FTP client. ­ Internet Explorer for Windows NT, Windows XP, and Windows 2000, version 5.5 ­ Netscape for Windows NT, Windows XP, and Windows 2000, version 4.7 ­ Netscape for Sun OS 2.8, version 4.7 ­ Netscape for HP-UX 11.0, version 4.7. Any standard Secure Shell client (Secure Shell Version 2). Any standard SNMP manager (such as HP OpenView). Secure Shell clients supported SNMP clients supported Login Defaults Access to managing the switch is always available for the admin user through the console port, even if management access to the console port is disabled Parameter Description Session login attempts allowed before the TCP connection is closed. Timeout period allowed for session login before the TCP connection is closed. Inactivity timeout period. The length of time the switch can remain idle during a login session before the switch will close the session. Command session login-attempt Default 3 attempts session login-timeout 55 seconds session timeout 4 minutes page 1-2 OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 Logging Into the Switch Quick Steps for Logging Into the Switch Quick Steps for Logging Into the Switch The following procedure assumes that you have set up the switch as described in your OmniSwitch Getting Started Guide and Hardware Users Guide. Setup includes: · Connecting to the switch via the console port. · Setting up the Ethernet Management Port (EMP) through the switch's boot prompt. · Enabling (or "unlocking") management interfaces types (Telnet, FTP, HTTP, SNMP, and Secure Shell) through the aaa authentication command for the interface you are using. Note that Telnet, FTP, and Secure Shell are used to log into the switch's Command Line Interface (CLI). For detailed information about enabling session types, see Chapter 8, "Managing Switch Security." 1 If you are connected to the switch via the console port, your terminal will automatically display the switch login prompt. If you are connected remotely, you must enter the switch IP address in your Telnet, FTP, or Secure Shell client (typically the IP address of the EMP). The login prompt then displays. 2 At the login prompt, enter the admin username. At the password prompt, enter the switch password. (Alternately, you may enter any valid username and password.) The switch's default welcome banner will display, followed by the CLI prompt. Welcome to the Alcatel OmniSwitch 7000 Software Version 5.4.1.231.R01 Development April 13, 2006 Copyright(c), 1994-2005 Alcatel Internetworking, Inc. All Rights reserved. OmniSwitch(TM) is a trademark of Alcatel Internetworking, Inc. registered in the United States Patent and Trademark Office. You are now logged into the CLI. For information about changing the welcome banner, see "Modifying the Login Banner" on page 1-15. For information about changing the login prompt, see Chapter 5, "Using the CLI." For information about setting up additional user accounts locally on the switch, see Chapter 7, "Managing Switch User Accounts." OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 page 1-3 Overview of Switch Login Components Logging Into the Switch Overview of Switch Login Components Switch access components include access methods (or interfaces) and user accounts stored on the local user database in the switch and/or on external authentication servers. Each access method, except the console port, must be enabled or "unlocked" on the switch before users can access the switch through that interface. OmniSwitch Authentication Server OmniSwitch 7800 remote user local user database Login via Secure Shell, Telnet, FTP, HTTP, or SNMP. local user Login via the console port. Switch Login Components Management Interfaces Logging into the switch may be done locally or remotely. Remote connections may be secure or insecure, depending on the method. Management interfaces are enabled using the aaa authentication command. This command also requires specifying the external servers and/or local user database that will be used to authenticate users. The process of authenticating users to manage the switch is called Authenticated Switch Access (ASA). Authenticated Switch Access is described in detail in Chapter 8, "Managing Switch Security." An overview of management methods is listed here: Logging Into the CLI · Console port--A direct connection to the switch through the console port. The console port is always enabled for the default user account. For more information about connecting to the console port, see your switch's Hardware Users Guide. · Telnet--Any standard Telnet client may be used for remote login to the switch. This method is not secure. For more information about using Telnet to access the switch, see "Using Telnet" on page 1-6. · FTP--Any standard FTP client may be used for remote login to the switch. This method is not secure. See "Using FTP" on page 1-7. · Secure Shell--Any standard Secure Shell client may be used for remote login to the switch. See "Using Secure Shell" on page 1-8. page 1-4 OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 Logging Into the Switch Overview of Switch Login Components Using the WebView Management Tool · HTTP--The switch has a Web browser management interface for users logging in via HTTP. This management tool is called WebView. For more information about using WebView, see Chapter 9, "Using WebView." Using SNMP to Manage the Switch · SNMP--Any standard SNMP browser may be used for logging into the switch. See Chapter 10, "Using SNMP." User Accounts User accounts may be configured and stored directly on the switch, and user accounts may also be configured and stored on an external authentication server or servers. The accounts include a username and password. In addition, they also specify the user's privileges or enduser profile, depending on the type of user account. In either case, the user is given read-only or read-write access to particular commands. · Local User Database The user command creates accounts directly on the switch. See the Chapter 7, "Managing Switch User Accounts," for information about creating accounts on the switch. · External Authentication Servers The switch may be set up to communicate with external authentication servers that contain user information. The user information includes usernames and passwords; it may also include privilege information or reference an end-user profile name. For information about setting up the switch to communicate with external authentication servers, see the OmniSwitch 7700/7800/8800 Network Configuration Guide. OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 page 1-5 Using Telnet Logging Into the Switch Using Telnet Telnet may be used to log into the switch from a remote station. All of the standard Telnet commands are supported by software in the switch. When Telnet is used to log in, the switch is acting as a Telnet server. A Telnet session may also be initiated from the switch itself during a login session. In this case, the switch is acting as a Telnet client. Logging Into the Switch Via Telnet Before you can log into the OmniSwitch using a Telnet interface, the telnet option of the aaa authentication command must be enabled. Once enabled, any standard Telnet client may be used to log into the switch. To log into the switch, open your Telnet application and enter the switch's IP address (the IP address will typically be the same as the one configured for the EMP). The switch's welcome banner and login prompt display. Note. A Telnet connection is not secure. Secure Shell is recommended instead of Telnet or FTP as a secure method of accessing the switch. Starting a Telnet Session from the Switch At any time during a login session on the switch, you can initiate a Telnet session to another switch (or some other device) by using the telnet CLI command and the relevant IP address. The following shows an example of telnetting to another OmniSwitch with an IP address of 10.255.10.123. -> telnet 10.255.10.123 Trying 10.255.10.123... Connected to 10.255.10.123. Escape character is '^]'. login : Here, you must enter a valid username and password. Once login is completed, the OmniSwitch welcome banner will display as follows: login : admin password : Welcome to the Alcatel OmniSwitch 7000 Software Version 5.4.1.231.R01 Development, April 13, 2006. Copyright(c), 1994-2005 Alcatel Internetworking, Inc. All Rights reserved. OmniSwitch(TM) is a trademark of Alcatel Internetworking, Inc. registered in the United States Patent and Trademark Office. page 1-6 OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 Logging Into the Switch Using FTP Using FTP The OmniSwitch can function as an FTP server. Any standard FTP client may be used. Note. An FTP connection is not secure. Secure Shell is recommended instead of FTP or Telnet as a secure method of accessing the switch. Using FTP to Log Into the Switch You can access the OmniSwitch with a standard FTP application. To login to the switch, start your FTP client. Where the FTP client asks for "Name", enter the IP address of your switch. Where the FTP client asks for "User ID", enter the username of your login account on the switch. Where the FTP client asks for "Password", enter your switch password. Note. If you are using Authenticated Switch Access (ASA), the port interface must be authenticated for FTP use and the username profile must have permission to use FTP. Otherwise the switch will not accept an FTP login. For information about ASA, refer to Chapter 8, "Managing Switch Security." Note. You must use the binary mode (bin) to transfer image files via FTP. OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 page 1-7 Using Secure Shell Logging Into the Switch Using Secure Shell The OmniSwitch Secure Shell feature provides a secure mechanism that allows you to log in to a remote switch, to execute commands on a remote device, and to move files from one device to another. Secure Shell provides secure, encrypted communications even when your transmission is between two untrusted hosts or over an unsecure network. Secure Shell protects against a variety of security risks including the following: · IP spoofing · IP source routing · DNS spoofing · Interception of clear-text passwords and other data by intermediate hosts · Manipulation of data by users on intermediate hosts Note. The OmniSwitch supports Secure Shell Version 2 only. Secure Shell Components The OmniSwitch includes both client and server components of the Secure Shell interface and the Secure Shell FTP file transfer protocol. SFTP is a subsystem of the Secure Shell protocol. All Secure Shell FTP data are encrypted through a Secure Shell channel. Since Secure Shell provides a secure session, the Secure Shell interface and SFTP are recommended instead of the Telnet program or the FTP protocol for communications over TCP/IP for sending file transfers. Both Telnet and FTP are available on the OmniSwitch but they do not support encrypted passwords. Note. Secure Shell may only be used to log into the switch to manage the switch. It cannot be used for Layer 2 authentication through the switch. Secure Shell Interface The Secure Shell interface is invoked when you enter the ssh command. After the authentication process between the client and the server is complete, the remote Secure Shell interface runs in the same way as Telnet. Refer to "Starting a Secure Shell Session" on page 1-11 to for detailed information. Secure Shell File Transfer Protocol Secure Shell FTP is the standard file transfer protocol used with Secure Shell version 2. Secure Shell FTP is an interactive file transfer program (similar to the industry standard FTP) which performs all file transfer operations over a Secure Shell connection. You invoke the Secure Shell FTP protocol by using the sftp command. Once the authentication phase is completed, the Secure Shell FTP subsystem runs. Secure Shell FTP connects and logs into the specified host, then enters an interactive command mode. Refer to "Starting a Secure Shell Session" on page 1-11 for detailed information. page 1-8 OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 Logging Into the Switch Using Secure Shell Secure Shell Application Overview Secure Shell is an access protocol used to establish secured access to your OmniSwitch. The Secure Shell protocol can be used to manage an OmniSwitch directly or it can provide a secure mechanism for managing network servers through the OmniSwitch. The drawing below illustrates the Secure Shell being used as an access protocol replacing Telnet to manage the OmniSwitch. Here, the user terminal is connected through the network to the switch. Secure Shell Network Terminal OmniSwitch Secure Shell Used as an Access Protocol The drawing below shows a slightly different application. Here, a terminal connected to a single OmniSwitch acting as a Secure Shell client as an entry point into the network. In this scenario, the client portion of the Secure Shell software is used on the connecting OmniSwitch and the server portion of Secure Shell is used on the switches or servers being managed. Secure Shell Access Protocol Network Secure Shell Terminal OmniSwitch Secure Shell Client Secure Shell Server OmniSwitch as a Secure Shell Client OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 page 1-9 Using Secure Shell Logging Into the Switch Secure Shell Authentication Secure Shell authentication is accomplished in several phases using industry standard algorithms and exchange mechanisms. The authentication phase is identical for Secure Shell and Secure Shell SFTP. The following sections describe the process in detail. Protocol Identification When the Secure Shell client in the OmniSwitch connects to a Secure Shell server, the server accepts the connection and responds by sending back an identification string. The client will parse the server's identification string and send an identification string of its own. The purpose of the identification strings is to validate that the attempted connection was made to the correct port number. The strings also declare the protocol and software version numbers. This information is needed on both the client and server sides for debugging purposes. At this point, the protocol identification strings are in human-readable form. Later in the authentication process, the client and the server switch to a packet-based binary protocol, which is machine readable only. Algorithm and Key Exchange The OmniSwitch Secure Shell server is identified by one or several host-specific DSA keys. Both the client and server process the key exchange to choose a common algorithm for encryption, signature, and compression. This key exchange is included in the Secure Shell transport layer protocol. It uses a key agreement to produce a shared secret that cannot be determined by either the client or the server alone. The key exchange is combined with a signature and the host key to provide host authentication. Once the exchange is completed, the client and the server turn encryption on using the selected algorithm and key. The following elements are supported: Host Key Type Cipher Algorithms Signature Algorithms Compression Algorithms Key Exchange Algorithms DSA AES, Blowfish, Cast, 3DES, Arcfour, Rijndael MD5, SHA1 None Supported diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1 Note. The OmniSwitch generates a 512 bit DSA host key at initial startup. The DSA key on the switch is made up of two files contained in the /flash/network directory; the public key is called ssh_host_dsa_key.pub, and the private key is called ssh_host_dsa_key. To generate a different DSA key, use the Secure Shell tools available on your Unix or Windows system and copy the files to the /flash/ network directory on your switch. The new DSA key will take effect after the OmniSwitch is rebooted. Authentication Phase When the client tries to authenticate, the server determines the process used by telling the client which authentication methods can be used. The client has the freedom to attempt several methods listed by the server. The server will disconnect itself from the client if a certain number of failed authentications are attempted or if a timeout period expires. Authentication is performed independent of whether the Secure Shell interface or the SFTP file transfer protocol will be implemented. page 1-10 OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 Logging Into the Switch Using Secure Shell Connection Phase After successful authentication, both the client and the server process the Secure Shell connection protocol. The OmniSwitch supports one channel for each Secure Shell connection. This channel can be used for a Secure Shell session or a Secure Shell FTP session. Starting a Secure Shell Session To start a Secure Shell session from an OmniSwitch, issue the ssh command and identify the IP address for the device you are connecting to. Note. You can only use a host name instead of an IP address if the DNS resolver has been configured and enabled. If not, you must specify an IP address. See "Enabling the DNS Resolver" on page 1-18 for details. Note. Use of the cmdtool OpenWindows support facility is not recommended over Secure Shell connections with an external server. The following command establishes a Secure Shell interface from the local OmniSwitch to IP address 11.333.30.135. -> ssh 11.333.30.135 login as: You must have a login and password that is recognized by the IP address you specify. When you enter your login, the device you are logging into will request your password as shown here. -> ssh 11.333.10.135 login as: rrlogin1 rrlogin1's password for keyboard-interactive method: Once the Secure Shell session is established, you can use the remote device specified by the IP address on a secure connection from your OmniSwitch. Note. The login parameters for Secure Shell session login parameters can be affected by the session loginattempt and session login-timeout CLI commands. OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 page 1-11 Using Secure Shell Logging Into the Switch The following drawing shows an OmniSwitch, using IP address 11.233.10.145, establishing a Secure Shell session across a network to another OmniSwitch, using IP address 11.333.30.135. To establish this session from the console in the figure below, you would use the CLI commands shown in the examples above. Once you issue the correct password, you are logged into the OmniSwitch at IP address 11.333.30.135. Console OmniSwitch 11.233.10.145 OmniSwitch 11.333.30.135 Secure Shell Session between Two Switches page 1-12 OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 Logging Into the Switch Using Secure Shell To view the parameters of the Secure Shell session, issue the who command. The following will display. -> who Session number = 0 User name = (at login), Access type = console, Access port = Local, IP address = 0.0.0.0, Read-only domains = None, Read-only families = , Read-Write domains = None, Read-Write families = , End-User profile = Session number = 1 User name = rrlogin1, Access type = ssh, Access port = NI, IP address = 11.233.10.145, Read-only domains = None, Read-only families = , Read-Write domains = All , Read-Write families = , End-User profile = This display shows two sessions currently running on the remote OmniSwitch at IP address 11.333.30.135. Session number 0 is identified as the console session. Session number 1 indicates the User name is rrlogin1, the IP address is 11.233.10.145, and the Access type is "ssh" which indicates a Secure Shell session. Closing a Secure Shell Session To terminate the Secure Shell session, issue the exit command. The following will display: -> exit Connection to 11.333.30.135 closed. Using the example shown above, this display indicates the Secure Shell session between the two switches is closed. At this point, the user is logged into the local OmniSwitch at IP address 11.233.10.145. Log Into the Switch with Secure Shell FTP To open a Secure Shell FTP session from a local OmniSwitch to a remote device, proceed as follows: 1 Log on to the OmniSwitch and issue the sftp CLI command. The command syntax requires you to identify the IP address for the device to which you are connecting. The following command establishes a Secure Shell FTP interface from the local OmniSwitch to IP address 10.222.30.125. -> sftp 10.222.30.125 login as: 2 You must have a login and password that is recognized by the IP address you specify. When you enter your login, the device you are logging in to will request your password as shown here. -> sftp 10.222.30.125 login as: rrlogin2 rrlogin2's password for keyboard-interactive method: OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 page 1-13 Using Secure Shell Logging Into the Switch 3 After logging in, you will receive the sftp> prompt. You may enter a question mark (?) to view available Secure Shell FTP commands and their definitions as shown here. sftp>? Available commands: cd path lcd path chmod mode path help get remote-path [local-path] lls [path]] ln oldpath newpath lmkdir path lpwd ls [path] mkdir path put local-path [remote-path] pwd exit quit rename oldpath newpath rmdir path rm path symlink oldpath newpath version ? Change remote directory to 'path' Change local directory to 'path' Change permissions of file 'path' to 'mode' Display this help text Download file Display local directory listing Symlink remote file Create local directory Print local working directory Display remote directory listing Create remote directory Upload file Display remote working directory Quit sftp Quit sftp Rename remote file Remove remote directory Delete remote file Symlink remote file Show SFTP version Synonym for help Note. Although Secure Shell FTP has commands similar to the industry standard FTP, the underlying protocol is different. See Chapter 2, "Managing System Files" for a Secure Shell FTP application example. Closing a Secure Shell FTP Session To terminate the Secure Shell FTP session, issue the exit command. The following will display: -> exit Connection to 11.333.30.135 closed. This display indicates the Secure Shell FTP session with IP address 11.333.20.135 is closed. The user is now logged into the OmniSwitch as a local device with no active remote connection. page 1-14 OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 Logging Into the Switch Modifying the Login Banner Modifying the Login Banner The Login Banner feature allows you to change the banner that displays whenever someone logs into the switch. This feature can be used to display messages about user authorization and security. You can display the same banner for all login sessions or you can implement different banners for different login sessions. You can display a different banner for logins initiated by FTP sessions than for logins initiated by a direct console or a Telnet connection. The default login message looks similar to the following: login : user123 password : Welcome to the Alcatel OmniSwitch 7000 Software Version 5.4.1.231.R01 Development, April 13, 2006. Copyright(c), 1994-2005 Alcatel Internetworking, Inc. All Rights reserved. OmniSwitch(TM) is a trademark of Alcatel Internetworking, Inc. registered in the United States Patent and Trademark Office. Here is an example of a banner that has been changed: login : user123 password : Welcome to the Alcatel OmniSwitch 7000 Software Version 5.4.1.231.R01 Development, April 13, 2006. Copyright(c), 1994-2005 Alcatel Internetworking, Inc. All Rights reserved. OmniSwitch(TM) is a trademark of Alcatel Internetworking, Inc. registered in the United States Patent and Trademark Office. ********** LOGIN ALERT ************************ This switch is a secure device. Unauthorized use of this switch will go on your permanent record. Two steps are required to change the login banner. These steps are listed here: · Create a text file that contains the banner you want to display in the switch's /flash/switch directory. · Enable the text file by entering the session banner CLI command followed by the filename. To create the text file containing the banner text, you may use the vi text editor in the switch (See Chapter 2, "Managing System Files," for information about creating files directly on the switch.) This method allows you to create the file in the /flash directory without leaving the CLI console session. You can also create the text file using a text editing software package (such as MS Wordpad) and transfer the file to the switch's /flash directory. For more information about file transfers, see Chapter 2, "Managing System Files." If you want the login banner in the text file to apply to FTP switch sessions, execute the following CLI command where the text filename is firstbanner.txt. -> session banner ftp /flash/firstbanner.txt If you want the login banner in the text file to apply to CLI switch sessions, execute the following CLI command where the text filename is secondbanner.txt. -> session banner cli /flash/secondbanner.txt The banner files must contain only ASCII characters and should bear the .txt extension. The switch will not reproduce graphics or formatting contained in the file. OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 page 1-15 Modifying the Login Banner Logging Into the Switch Modifying the Text Display Before Login By default, the switch does not display any text before the login prompt for any CLI session. At initial bootup, the switch creates a pre_banner.txt file in the /flash directory. The file is empty and may be edited to include text that you want to display before the login prompt. For example: Please supply your user name and password at the prompts. login : user123 password : In this example, the pre_banner.txt file has been modified with a text editor to include the Please supply your user name and password at the prompts message. The pre-banner text cannot be configured for FTP sessions. To remove a text display before the login prompt, delete the pre_banner.txt file (it will be recreated at the next bootup and will be empty), or modify the pre_banner.txt file. page 1-16 OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 Logging Into the Switch Configuring Login Parameters Configuring Login Parameters You can set the number of times a user may attempt unsuccessfully to log in to the switch's CLI by using the session login-attempt command as follows: -> session login-attempt 5 In this example, the user may attempt to log in to the CLI five (5) times unsuccessfully. If the user attempts to log in the sixth time, the switch will break the TCP connection. You may also set the length of time allowed for a successful login by using the session login-timeout command as follows: -> session login-timeout 20 In this example, the user must complete the login process within 20 seconds. This means that the time between a user entering a login name and the switch processing a valid password must not exceed 20 seconds. If the timeout period is exceeded, the switch will break the TCP connection. Configuring the Inactivity Timer You can set the amount of time that a user must be inactive before the session times out. By default, the timeout for each session type is 4 minutes. To change the setting, enter the session timeout command with the type of session (cli, http, or ftp) and the desired number of minutes. In the following example, the CLI timeout is changed from the default to 8 minutes. -> session timeout cli 8 This command changes the inactivity timer for new CLI sessions to 8 minutes. Current CLI sessions are not affected. In this example, current CLI sessions will be timed out after 4 minutes. (CLI sessions are initiated through Telnet, Secure Shell, or through the switch console port.) For information about connecting to the CLI through Telnet or Secure Shell, see "Using Telnet" on page 1-6 and "Using Secure Shell" on page 1-8. For information about connecting to the CLI through the console port, see your Getting Started Guide. For information about using the CLI in general, see Chapter 5, "Using the CLI." The ftp option sets the timeout for FTP sessions. For example, to change the FTP timeout to 5 minutes, enter the following command: -> session timeout ftp 5 This command changes the timeout for new FTP sessions to 5 minutes. Current FTP sessions are not affected. For more information about FTP sessions, see "Using FTP" on page 1-7. The http option sets the timeout for WebView sessions. For example, to change the WebView inactivity timer to 10 minutes, enter the following command: -> session timeout http 10 In this example, any new WebView session will have a timeout of 10 minutes. Current WebView sessions are not affected. For more information about WebView sessions, see Chapter 9, "Using WebView." OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 page 1-17 Enabling the DNS Resolver Logging Into the Switch Enabling the DNS Resolver A Domain Name System (DNS) resolver is an optional internet service that translates host names into IP addresses. Every time you enter a host name when logging into the switch, a DNS service must look up the name on a server and resolve the name to an IP address. You can configure up to three domain name servers that will be queried in turn to resolve the host name. If all servers are queried and none can resolve the host name to an IP address, the DNS fails. If the DNS fails, you must either enter an IP address in place of the host name or specify the necessary lookup tables on one of the specified servers. Note. You do not need to enable the DNS resolver service unless you want to communicate with the switch by using a host name. If you use an IP address rather than a host name, the DNS resolver service is not needed. You must perform three steps on the switch to enable the DNS resolver service. 1 Set the default domain name for DNS lookups with the ip domain-name CLI command. -> ip domain-name mycompany1.com 2 Specify the IP addresses of up to three servers with the ip name-server CLI command. These servers will be queried when a host lookup is requested. -> ip name-server 189.202.191.14 189.202.191.15 189.255.19.1 3 Use the ip domain-lookup CLI command to enable the DNS resolver service. -> ip domain-lookup You can disable the DNS resolver by using the no ip domain-lookup command. For more information, refer to the OmniSwitch CLI Reference Guide. Verifying Login Settings To display information about login sessions, use the following CLI commands. who whoami show session config show dns Displays all active login sessions (e.g., console, Telnet, FTP, HTTP, Secure Shell, Secure Shell FTP). Displays the current user session. Displays session configuration information (e.g., default prompt, banner file name, inactivity timer, login timer, login attempts). Displays the current DNS resolver configuration and status For more information about these commands, refer to the OmniSwitch CLI Reference Guide. page 1-18 OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 2 Managing System Files This chapter describes the several methods of transferring software files onto the OmniSwitch and how to register those files for use by the switch. This chapter also describes several basic switch management procedures and discusses the Command Line Interface (CLI) commands used. · File Management (copy, edit, rename, remove, change, and display file attributes) · Directory Management (create, copy, move, remove, rename, and display directory information) · System Date and Time (set system clock) CLI commands are used in the configuration examples; for more details about the syntax of commands, see the OmniSwitch CLI Reference Guide. In This Chapter Configuration procedures described in this chapter include: · "Loading Software onto the Switch" on page 2-18 · "Creating a File Directory on the Switch" on page 2-27 · "Registering Software Image Files" on page 2-24 · "Setting the System Clock" on page 2-33 For related information about connecting a terminal to the switch, see your Getting Started Guide. For information about switch command privileges, see the Chapter 8, "Managing Switch Security." OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 page 2-1 File Management Specifications Managing System Files File Management Specifications The following table lists specifications for the OmniSwitch flash directory and file system as well as the system clock. File Transfer Methods Configuration Recovery FTP, Zmodem The /flash/certified directory holds configurations that are certified as the default start-up files for the switch. They will be used in the event of a non-specified reload. · 32 MB flash memory available for switch files and directories · Contains the /certified and /working directories · 32 characters maximum for directory and file names · 255 character maximum for a fully qualified path Switch /flash Directory File/Directory Name Metrics File/Directory Name Characters Maximum Number of Files/Directories Sub-Directories Text Editing System Clock System Date Default Value Character types are limited to a-z, A-Z, 0-9, dashes (-), dots (.), and underlines (_) Maximum of 244 files and/or directories allowed in the root (flash) directory. Up to seven sub-directories allowed including /flash. Vi (standard UNIX editor). The Ed standard UNIX editor is available in the debug mode only. Set local date, time and time zone, Universal Time Coordinate (UTC), Daylight Savings (DST or summertime). THU JAN 01 1970 (Thursday, January 1, 1970) page 2-2 OmniSwitch 7700/7800/8800 Switch Management Guide April 2006 Managing System Files File Management Overview File Management Overview The OmniSwitch has a variety of software features designed for different networking environments and applications. Over the life of the switch, it is very likely that your configuration and feature set will change because the needs of your network are likely to expand. Also, software updates become available from Alcatel. If you change your configuration to upgrade your network, you must understand how to install switch files and to manage switch directories. The OmniSwitch switch has 32 MB of usable flash memory. You can use this memory to store files, including executable files (used to operate switch features and applications), configuration files, and log files. You need to understand the various methods of loading files onto the switch for software upgrades and new features. Once the files are on the switch, the CLI has commands that allow you to load, copy, and delete these files. The CLI also has commands for displaying, creating, and editing ASCII files directly on the switch. You may also want to establish a file directory structure to help organize your files on the switch. All of the files and directories on the switch bear a time stamp. This is useful for switch administration because the time stamp allows you to tell at a glance which files are the most recent. You can set the system clock that controls these time stamps as well as other time based switch functions. File Transfer The switch can receive and send files using industry standard local and remote transfer methods. Each of these methods are defined and explained. Because file transfers can involve logging onto the switch from a remote host, security factors, such as DNS resolver and Authenticated Switch Access requirements should be considered.