At8000 s configuracao de gerenciamento
-
Upload
netplus -
Category
Technology
-
view
624 -
download
5
Transcript of At8000 s configuracao de gerenciamento
Marvell Confidential
Management & Configuration
AT – 8000S
Marvell Confidential
Agenda
• AT - 8000S CLI– CLI structure
– Displaying System Information
– File Management
• AT - 8000S Telnet
• AT - 8000S Web Server (EWS)
• AT - 8000S SNMP
• AT - 8000S Secure Management
Marvell Confidential
Configuration and Management Tools
• There are several option to connect and manage the AT - 8000S devices:– CLI– Telnet– EWS– SNMP
• Device can be managed:– Either using a local terminal via the serial port of the
device– Or remotely via a management station on the network
(using telnet; EWS or SNMP)
Marvell Confidential
AT - 8000SCLI
Marvell Confidential
AT - 8000S CLI
• The Command-Line Interface (CLI or LCLI) on the AT -8000S device is used to control and define the device’s parameters and configuration.
• The CLI is hierarchically and modularly structured. This way the user has better control and insight into the various commands and levels of configuration
• The CLI module is “Pyramid” shaped in which command interfaces start from the more general configuration/ commands and go down to the more specific ones.
• To achieve this, the commands are divided into several “command blocks” (or command modes).
• Each command mode has its own set of specific commands. The available commands depend on the mode.
Marvell Confidential
Command Modes
• Example of command modes: EXEC; Global Configuration; Ethernet interface; Port channel interface; VLAN database etc…
• Example of the mode access sequence:– User EXEC Mode; – Privileged EXEC Mode, – Global Configuration Mode, – Interface Configuration Mode.
Marvell Confidential
Command Modes access
• To enter a certain Command Mode user must use a specific command or command line.
• To exit a certain command mode user can either type “exit” or press the CTRL+Z.
• To exit the configuration mode completely type “end”.
Marvell Confidential
Command Modes – Command View
• Each mode will allow user to enter only commands relevant for that mode.
• Typing “?” in each mode will list all the commands relevant for that mode.
• Due to the pyramid structure of the CLI, user may have to “move up” the pyramid and then “down again” to navigate from one context to another unrelated context.
• AT - 8000S devices support the “do” command which enables user to enter EXEC mode commands from any configuration mode– Relevant mostly for “show” commands to check configuration
“on the fly”.
Marvell Confidential
Command Mode Access PathEXEC User Mode
Commands: ping; enable; clear; show (limited);
Prompt: console>
EXEC Privileged ModeCommands: disable; show
(extended); copy; delete; reload; boot;
Prompt: console#
Global Configuration Mode
Commands: aaa; bridge; interface; vlan; lacp…
Prompt: console(config)#
enable
configure
Marvell Confidential
User Interfaces – Exampleconsole> “?”clear Reset functionsdisable Disable privileged commandsdot1x 802.1x EXEC commandsenable Enable privileged commands
…..console> enableconsole# configureconsole(config)# interface ethernet 1/e1console(config-if)# exitconsole(config)# interface ethernet 1/e1console(config-if)# endconsole#
Marvell Confidential
CLI - Command Help
• At any stage of the command, user can type the “?’ key and device will display the list of parameters or keywords the user can enter next.
• If error message is received – this is an indication that user entered an invalid keyword or parameterconsole(config)# interfaceethernet IEEE 802.3 Ethernet portport-channel IEEE 802.3 Link Aggregation interfacerange Select range of interfaces to configurevlan Configure an IEEE 802.1 VLAN
console(config)# interface lala% Unrecognized command
Marvell Confidential
CLI - Command Completion
• User can use the “tab” key to complete keywords.• If a keyword is unique – it is enough to type in the first
letters of the keyword instead of typing in the full word.
console(config)# inter [tab]console(config)# interface
Marvell Confidential
CLI – “do” Command
• The “do” command Allows the user to use User EXEC mode from any configuration mode context
• Useful to check device setting while performing configuration
Marvell Confidential
CLI – “do” Command
console# show vlan tag 2
Vlan Name Ports Type Authorization---- ----------------- --------------------------- ------------ -------------2 2 permanent Required
console# conconsole(config)# interface ethernet 1/e1console(config-if)# switchport access vlan 2console(config-if)# show vlan tag 2% Unrecognized commandconsole(config-if)# do show vlan tag 2
Vlan Name Ports Type Authorization---- ----------------- --------------------------- ------------ -------------2 2 1/e1 permanent Required
console(config-if)#
Marvell Confidential
CLI – Cut & Paste
• AT - 8000S devices Support copy / paste of text files. • The number of lines, which can be copied into the CLI, is
1000. • The feature is implemented as support for “fast data entry”.• Commands in the configuration file are entered in
“configuration mode”.
Marvell Confidential
AT - 8000SDisplaying System
Information
Marvell Confidential
Display the system information• Use the following EXEC Mode command to display system
information:show system
console# show systemSystem Description: Ethernet SwitchSystem Up Time (days,hour:min:sec): 0,00:03:30System Contact:System Name:System Location:System MAC Address: 00:00:b0:00:00:00
System Object ID: 1.3.6.1.4.1.89.1.1.3955…..Main Power Supply Status: OK
Sensor Temperature (Celsius) Status------------------------ ------------------------ ------------------------
Marvell Confidential
File Management
Marvell Confidential
The Flash
• The file system supports dynamic creation and deletion of files.
• All the files are stored in the device flash memory• All access to the flash will be done through the file system
interface• The flash is divided to two major sections: static and dynamic
Marvell Confidential
Software images
• There are two images that stored in the flash memory, the files are called image-1 and image-2.
• Only one image is used during boot, the user can choose the image that will be used by the command:
Boot system image {number}
• To check what is the active image use the command:Show bootvar
console# show bootvar
Images currently available on the FLASH
image-1 active (selected for next boot)
image-2 not active
Marvell Confidential
The Flash
• The static section includes the booton & boot sectors. This sections is “invisible” to the file system. However, the boot code will allow the file system to use its resources when decompressing the application image file
• The dynamic section will include the rest of the flash:– 2 image files– all other files defined by core module. This section is fully controlled by the
file system (syslog, configuration files etc)
Marvell Confidential
Configuration Files
• AT - 8000S supports 3 types of configuration files.
• Running configuration file – the active configuration, stored in the RAM.
• Startup configuration file – kept in the flash. Used whenever the system reboots.
• Backup configuration file.
• Factory default configuration - if no configuration file is available upon the system boot, this is the default settings of the system– These default setting will not appear when using the
“show running” or “show startup” commands
Marvell Confidential
Copying a File – Basic Command
• Use the following EXEC mode command format to copy a file from a source to a destination:copy source-url destination-url
• The source and destination url parameter can be a valid url or reserved keyword (like boot, image, unit, startup-config, running config etc)
Marvell Confidential
Copy Command - Source Options (1)
Keyword Source
Running-config Copy from the current running configuration file - Only to another configuration file, or to a TFTP server.Example: #copy running-config startup-config
Startup-config Copy from the startup configuration file – only to another configuration file, or to a TFTP server.Example: #copy startup-config tftp://10.0.0.2/saved_cfg
Image Copy from the active software image file – to a TFTP server.Examples: #copy image tftp://10.0.0.6/saved-image
Boot Copy from the device’s BOOT file - Only to a TFTP serverExamples: #copy boot tftp://10.0.0.6/saved-boot-image
Marvell Confidential
Copy Command - Source Options (2)
Keyword Source
Tftp:// Source URL (tftp://ip address/filename) for a file on a TFTP network server from which to download (configuration, image or boot file)Examples:#copy tftp://10.1.2.3/saved-config startup-config#copy tftp://10.4.5.6/file.dos image#copy tftp://10.7.8.9/boot.rfb boot
Xmodem Copy a software image or boot-image file from a serial connection that uses the Xmodem protocolExample: #copy xmodem: image
WORD URL prefixes
Marvell Confidential
Copy Command - Destination Options (1)
Keyword Source
Running-config Copy into (merge with) the current running configuration file from a TFTP server Example: #copy tftp://10.0.0.9/commands-file running-configNote: when copying to running-config, existing running config remains and copied configuration is added. The new running config is a combination of both In case of contradiction in configuration – error will appear.
Startup-config Copy to the startup configuration file - Only from another configuration file, or a TFTP server.Example: #copy running-config startup-configNote: When copying to startup-config The previous startup-config is erased completely and only the new file is the startup -config
Marvell Confidential
Copy Command - Destination Options (2)
Keyword Source
Image Copy to the non-active software image file – from xmodem or a TFTP server.#copy tftp://10.1.2.3/file.ros imageNote when copying to device image – in order to run the new image, active image has to be changed (“show bootvar” and then “boot system image-x” command) and then system rebooted
Boot Copy to the device’s BOOT file - Only from TFTP server or xmodemExamples: #copy tftp://10.1.2.3/boot.rfb boot
Null: Copy to null destination (do the copy, discard any result)Example: #copy tftp://10.0.1.1 null:
Tftp:// Destination URL (tftp://ip address/filename) to upload to a file (config, image or boot) to a TFTP network serverExample: #copy image tftp://10.1.2.3/saved-image-file
WORD URL prefixes
Marvell Confidential
Invalid Combinations
• The source file and destination file cannot be the same file.
• xmodem: can’t be a destination. • tftp: can’t be both source and destination.
Marvell Confidential
Flash File – Additional CLI Commands
• Use the following Privileged EXEC mode command to copy from a backup file on flash to destination file:
Copy flash://filename destination-file
• Use the following Privileged EXEC mode command to copy from a source file to backup file on flash:
Copy source-file flash://filename
Marvell Confidential
Flash Files – CLI Examples
console# copy running-config flash://backup01-Jan-2000 01:31:20 %COPY-I-FILECPY: Files Copy - source URL
running-config destination URL flash://backup01-Jan-2000 01:31:22 %COPY-W-TRAP: The copy operation was
completed successfully!Copy: 60 bytes copied in 00:00:02 [hh:mm:ss]
Marvell Confidential
Copy character description
• ! For transfers, an exclamation mark indicates that the copy process is taking place. Each exclamation mark indicates the successful transfer of ten packets (512 bytes each).
• . For network transfers, a period indicates that the copy process is timed out. Many periods in a row typically mean that the copy process may fail.
• E An uppercase E indicates an error. The copy process may fail.
Marvell Confidential
Examples
• Copying an Image from a Server to Device• The following example copies a system image named image-10022.ros
from the TFTP server with an IP address of 172.16.101.101 to non active image file.
console# copy tftp://172.16.101.101/image-10022.ros image!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Copy: XXXXX bytes copied in XX:XX:XX [hh:mm:ss]
Marvell Confidential
Running Device with New Image
• Note!!! To run a device (or unit) using the new downloaded image -select the non-active image (the one to which the image was downloaded) as the image for next boot – and then reboot.
• To view which image is currently inactive use command:show bootvar
Console# show bootvarImages currently available on the FLASHimage-1 active (selected for next boot)image-2 not active
Marvell Confidential
Running Device with New Image
• To specify the system image for the device to load at next startup, use the boot system Privileged EXEC command:
boot system { image-1 | image-2 }
Console# boot system image-2
Marvell Confidential
Other Commands
• To delete the startup-config file, use the following privileged EXEC command:
delete startup-config• Show commands
– show running-config– show startup-config
Marvell Confidential
AT - 8000STelnet
Marvell Confidential
Telnet
• The user can connect to the device via telnet and work as if working via the terminal.
• The user must configure a user name and password in order to be able to connect via telnet
• To allow full configuration capabilities, level must be set to 15. • Level 1 allows only limited device view and configuration.
console> enable
console# configure
console(config)# username myuser password mypassword level 15
console(config)#
Marvell Confidential
AT - 8000SWeb Server
Marvell Confidential
Embedded Web Server (EWS)• The user can connect and mange the device via the
Embedded Web Server.
• The EWS allows the user to control and monitor the device using a GUI interface.
• To allow EWS management an IP has to be configured on one of the devices interfaces (Ethernet port or VLAN).
• User must verify that HTTP server is enabled on the device (default is enabled)
• In addition, a username and password must be created with access level of 15
Marvell Confidential
EWS Configuration Example
console(config)# ip http server
console(config)# username George password Washington level 15
console(config)# interface vlan 1
console(config-if)# ip address 10.8.7.9 /24
console(config-if)# exit
console(config)# ip default-gateway 10.8.7.10
console(config)#
Default gateway is needed if management station is located in a remote network
Marvell Confidential
AT - 8000SSNMP
Marvell Confidential
Defining SNMP Settings
• Simple Network Management Protocol (SNMP) provides a method for managing network devices. Devices supporting SNMP run a local agent.
• The SNMP agents maintain a list of variables, which are used to manage the device. The variables are defined in the Management Information Base (MIB).
• The MIB presents the variables controlled by the agent. The SNMP agent defines the MIB specification format, as well as the format used to access the information over the network.
Marvell Confidential
AT - 8000SSecure Management
Marvell Confidential
Secure Management Options• The Secure Shell (SSH) protocol provides encrypted and
strongly authenticated remote login sessions, similar to the Telnet protocol, between a device running a Secure Shell server and a host (PC) with a Secure Shell client.
• The Secure Socket Layer (SSL) has been universally accepted on the World Wide Web for authenticated and encrypted communication between clients and servers applications. Therefore, SSL allows secure management of the networking devices via the standard WEB browser.
Marvell Confidential
How does SSH Tunneling work?
This telnet connection is transmitted in the clear – data and passwords are insecure!
Set up SSH port forwarding from the client to the server
The result – a secure connection!
Network I/F
Router
Loopback I/F
Loopback I/F
Client
Network I/F
23AppTelnetdTelnet
Insecure
Network I/F
Router
Loopback I/F
Loopback I/F
Client
Network I/F
22App SSHdSSHSecure App
23
2023
Network I/F
Router
Loopback I/F
Loopback I/F
Client
Network I/F22App SSHdSSH
Secure
TelnetdTelnet
App
23
2023
App
NeverTrnam
itted!
Neve
rTr
nam
itted!
Marvell Confidential
SSL/TLS
IP
TCP
HTTP TLS
IP
TCP
HTTP
Not secure
Secure
Marvell Confidential