LenovoNetwork
ApplicationGuideforLenovoCloudNetworkOperatingSystem10.6
Note:Beforeusingthisinformationandtheproductitsupports,readthegeneralinformationintheSafetyinformationandEnvironmentalNoticesandUserGuidedocumentsontheLenovoDocumentationCD,andtheWarrantyInformationdocumentthatcomeswiththeproduct.
FirstEdition(December2017)
CopyrightLenovo2017PortionsCopyrightIBMCorporation2014.
LIMITEDANDRESTRICTEDRIGHTSNOTICE:IfdataorsoftwareisdeliveredpursuantaGeneralServicesAdministrationGSAcontract,use,reproduction,ordisclosureissubjecttorestrictionssetforthinContractNo.GS35F05925.
LenovoandtheLenovologoaretrademarksofLenovointheUnitedStates,othercountries,orboth.
Copyright Lenovo 2017 3
ContentsPreface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23WhoShouldUseThisGuide .......................24ApplicationGuideOverview .......................25AdditionalReferences ..........................28TypographicConventions ........................29
Part 1: Getting Started . . . . . . . . . . . . . . . . . . . . . . 31
Chapter 1. Using the Command Line Interface . . . . . . . . . . . . 33CLICommandModes ..........................34CommandLineInterfaceShortcuts....................35
CLIListandRangeInputs......................35CommandAbbreviation .......................35TabCompletion...........................35LineEditing............................36
CommandAliases ...........................37DefiningAliases ..........................37RemovingAliases ..........................37DisplayingAliases .........................37RulesforUsingAliases .......................37
Chapter 2. Switch Administration . . . . . . . . . . . . . . . . . 41AdministrationInterfaces ........................42IndustryStandardCommandLineInterface ................43EstablishingaConnection........................44
UsingtheSwitchManagementInterface................44OtherWaystoManagetheSwitchUsingIP...............45ConfiguringaSwitchedVirtualInterfaceforManagement ........45UsingtheSwitchEthernetPortsinRoutedPortModeforManagement ..46UsingTelnet ............................47UsingSecureShell..........................48
UsingSSHwithPasswordAuthentication .............48UsingSSHwithServerKeyAuthentication .............49
UsingSimpleNetworkManagementProtocol..............50ZeroTouchProvisioning ........................51
DHCPDiscovery ..........................52ZTPBootFile ............................53ForcedlyEnablingorDisablingZTP..................54
4 Application Guide for CNOS 10.6
DHCPIPAddressServices ....................... 55DHCPClientConfiguration ..................... 55DHCPv4HostnameConfiguration(Option12) ............. 56DHCPv4SyslogServer(Option7)................... 56DHCPv4NTPServer(Option42) ................... 57DHCPv4VendorClassIdentifier(Option60) .............. 57DHCPv4Snooping ......................... 58
ConfiguretheDHCPv4SnoopingBindingTable .......... 58ConfiguretheDHCPv4SnoopingSyslog.............. 59DHCPSnoopingLimitations................... 59
DHCPRelayAgent ......................... 60DHCPv4Option82 ......................... 61
SwitchLoginLevels .......................... 62Ping ................................. 64
PingConfigurableParameters .................... 65TestInterruption ........................ 65PingCount ........................... 65PingPacketInterval ....................... 65PingPacketSize......................... 66PingSource........................... 66PingDFBit ........................... 66PingTimeout.......................... 67PingVRF............................ 67PingInteractiveMode ...................... 67
Traceroute............................... 69TracerouteConfigurableParameters ................. 70
TestInterruption ........................ 70TracerouteSource........................ 70TracerouteVRF......................... 70TracerouteInteractiveMode ................... 71
NetworkTimeProtocol ......................... 72NTPSynchronizationRetry ..................... 72NTPClientandPeer ........................ 73
NTPAuthenticationFieldEncryptionKey ............. 74NTPPollingIntervals ...................... 74NTPPreference......................... 75
DynamicandStaticNTPServers ................... 75NTPAuthentication ......................... 75NTPAuthenticationConfigurationExample .............. 76
DomainNameServerClient ....................... 77SystemLogging ............................ 79
SyslogOutput ........................... 80SyslogSeverityLevels ........................ 81SyslogTimeStamping ........................ 82SyslogRateLimit.......................... 83SyslogUserActionLogging ..................... 83SyslogServers ........................... 84ConsoleLoggingFloodControl .................... 85DuplicateSyslogMessageSuppression ................ 86CoreDumpInformation....................... 86
Copyright Lenovo 2017 Contents 5
IdleDisconnect .............................87PythonScripting ............................88RESTAPIProgramming .........................89
Chapter 3. System License Keys . . . . . . . . . . . . . . . . . 91ObtainingLicenseKeys.........................92InstallingLicenseKeys .........................93UninstallingLicenseKeys........................94TransferringLicenseKeys ........................95ONIELicenseKey ...........................96
Chapter 4. Switch Software Management . . . . . . . . . . . . . . 97InstallingNewSoftwaretoYourSwitch ..................98
InstallingSystemImagesfromaRemoteServer.............98InstallingSystemImagesfromaUSBDevice .............100InstallingUbootfromaRemoteServer ...............101InstallingUbootfromaUSBDevice .................102
SelectingaSoftwareImagetoRun ...................103ReloadingtheSwitch .........................104
NormalReboot ..........................104ScheduledBoot ..........................104
CopyingConfigurationFiles ......................106CopyConfigurationFilesviaaRemoteServer ............106CopyConfigurationFilestoaUSBDevice ..............107
ResettingtheSwitchtotheFactoryDefaults ...............108ConvertingtheSwitchSoftwareImagefromCNOStoENOS........109TheNE10032/NE2572GRUBMenu ...................111NE10032/NE2572RescueMode .....................112TheBootManagementMenu ......................113
SwitchingBetweenENOSandCNOSImagesLoadedontheG8272 ...114BootRecoveryMode .......................115RecoveringfromaFailedImageUpgradeusingTFTP .........116RecoveringfromaFailedImageUpgradeusingXModemDownload ..118PhysicalPresence .........................119ONIESubmenu ..........................120
ONIE ................................122
6 Application Guide for CNOS 10.6
Part 2: Securing the Switch . . . . . . . . . . . . . . . . . . . 123
Chapter 5. Securing Administration . . . . . . . . . . . . . . . . 125SecureShellandSecureCopy..................... 126
SSHEncryptionandAuthentication ................. 126GeneratingRSA/DSAHostKeyforSSHAccess ............ 127SSHIntegrationwithTACACS+Authentication ........... 127ConfiguringSSHontheSwitch ................... 127UsingSSHClientCommands.................... 128UsingSecureCopy ........................ 128
CopyingaFileUsingSCP ................... 128CopyingtheStartupConfigurationUsingSCP.......... 129CopyingtheRunningConfigurationUsingSCP .......... 129CopyingTechnicalSupportFilesUsingSCP ........... 129
EnduserAccessControl ....................... 130ConsiderationsforConfiguringEnduserAccounts .......... 130StrongPasswords ......................... 130UserAccessControl ........................ 131
SettingupUsers ....................... 131DefiningaUsersAccessLevel ................. 132DeletingaUser ........................ 132TheDefaultUser ....................... 132PasswordHistoryChecking .................. 133AdministratorPasswordRecovery ............... 134
Chapter 6. AAA Protocols . . . . . . . . . . . . . . . . . . . . 137RADIUS............................... 138
RADIUSBasics.......................... 138HowRADIUSAuthenticationWorks ................ 138RADIUSAuthenticationFeaturesinCloudNOS........... 139SwitchUserAccounts ....................... 139RADIUSAttributesforCloudNOSUserPrivileges .......... 139ConfiguringRADIUSontheSwitch................. 140
TACACS+.............................. 141TACACS+Basics......................... 141HowTACACS+AuthenticationWorks ............... 141TACACS+AuthenticationFeaturesinCloudNOS........... 142
Authorization......................... 142Accounting .......................... 142
ConfiguringTACACS+AuthenticationontheSwitch ......... 143LightweightDirectoryAccessProtocol................. 144
ConfigureanLDAPProfile..................... 144CreateanLDAPServerGroup ................... 147ConfigureGlobalLDAPSettings .................. 147ViewLDAPSettings ....................... 148
Copyright Lenovo 2017 Contents 7
Authentication,Authorization,andAccounting..............149AAAGroups...........................149
GroupLists ..........................149ConfiguringAAAGroups ...................150
Authentication ..........................151ConfiguringAAAAuthentication..................151Authorization ..........................153ConfiguringAAAAuthorization ..................153Accounting............................154ConfiguringAAAAccounting...................154
PublicKeyInfrastructure .......................155PKIComponents .........................155ImplementingaPKISystem ....................156RemovingPKIComponents....................157ViewingPKIComponents .....................158
Chapter 7. Access Control Lists . . . . . . . . . . . . . . . . . . 161SupportedACLTypes.........................162SummaryofPacketClassifiers .....................163SummaryofACLActions.......................165ConfiguringPortACLs(PACLs) ....................166ConfiguringRouterACLs(RACLs) ...................167ConfiguringVLANACLs(VACLs) ...................169ACLOrderofPrecedence .......................171CreatingandModifyingACLs.....................172
CreatinganIPv4ACL .......................173RemovinganIPv4ACL ......................173ResequencinganIPv4ACL .....................173CreatingaMACACL .......................174RemovingaMACACL ......................174ResequencingaMACACL.....................175CreatinganARPACL .......................175RemovinganARPACL ......................176ResequencinganARPACL.....................176RemarksandACLs ........................176
AddACLRemarks ......................177RemoveACLRemarks.....................177ViewACLRemarks ......................178
ViewingACLRuleStatistics......................179ACLConfigurationExamples .....................180
ACLExample1..........................180ACLExample2..........................180ACLExample3..........................181ACLExample4..........................181ACLExample5..........................182ACLExample6..........................182
ACLLogging ............................183ConfigureACLLogging ......................183
8 Application Guide for CNOS 10.6
Part 3: Switch Basics . . . . . . . . . . . . . . . . . . . . . . 185
Chapter 8. Interface Management . . . . . . . . . . . . . . . . . 187InterfaceManagementOverview.................... 188ManagementInterface ........................ 189
VirtualRoutingandForwarding .................. 190PhysicalPorts ............................ 191
G8272PhysicalPortCapabilities.................. 191G8296PhysicalPortCapabilities.................. 192G8332PhysicalPortCapabilities.................. 192NE1072TPhysicalPortCapabilities ................. 193NE1032TPhysicalPortCapabilities ................. 193NE1032PhysicalPortCapabilities.................. 194NE2572PhysicalCapabilities .................... 195NE10032PhysicalCapabilities ................... 196CLIPortFormat ......................... 197
PortAggregation ........................... 200LoopbackInterfaces ......................... 201SwitchVirtualInterfaces ....................... 202BasicInterfaceConfiguration ..................... 203
ForwardingErrorCorrection.................... 206InterfaceDescription....................... 207InterfaceDuplex ......................... 207InterfaceMACAddress...................... 208InterfaceMaximumTransmissionUnit ............... 208InterfaceShutdown ........................ 209InterfaceSpeed.......................... 209FlowControl ........................... 210StormControl.......................... 210
Chapter 9. Forwarding Database . . . . . . . . . . . . . . . . . 213MACLearning ............................ 214StaticMACaddresses ......................... 215AgingTime ............................. 216
Chapter 10. VLANs . . . . . . . . . . . . . . . . . . . . . . . 217VLANOverview........................... 218VLANConfiguration ......................... 219
CreatingaVLAN......................... 220DeletingaVLAN ......................... 221ConfiguringtheStateofaVLAN.................. 221ReservedVLANs ......................... 223ConfiguringtheNameofaVLAN ................. 224ConfiguringaSwitchAccessPort.................. 225ConfiguringtheAccessVLAN................... 225ConfiguringaSwitchTrunkPort.................. 226
ConfiguringtheAllowedVLANList............... 226ConfiguringtheNativeVLAN................. 228
NativeVLANTagging........................ 229ConfiguringNativeVLANTagging................... 231
Copyright Lenovo 2017 Contents 9
PortVLANIDIngressTagging.....................233IPSubnetVLANAssignment......................234IPMCFlooding ............................236HybridBridgePortMode.......................237
HybridBridgePortModeRules...................237ConfiguringaHybridBridgePort ..................238
VLANTopologiesandDesignConsiderations ..............240MultipleVLANswithTrunkModeAdapters.............240VLANConfigurationExample ...................242
Chapter 11. Ports and Link Aggregation . . . . . . . . . . . . . . 243PortConfigurationProfiles.......................244
G8272PortConfiguration .....................244G8296PortConfiguration .....................247G8332PortConfiguration .....................249NE1072TPortConfiguration....................252NE1032TPortConfiguration....................254NE1032PortConfiguration .....................254NE2572PortConfiguration .....................254NE10032PortConfiguration ....................257
AggregationOverview ........................260CreatingaLAG ..........................261
StaticLAGs.............................262StaticLAGConfigurationRules ...................262ConfiguringaStaticLAG .....................263
LinkAggregationControlProtocol ...................266ConfiguringLACP ........................266
SystemPriority ........................267PortPriority .........................267LACPTimeout ........................268LACPIndividual.......................268LACPMinimumLinks.....................269LACPConfigurationExample..................270
LAGHashing ............................272LAGHashingConfiguration....................274
Chapter 12. Spanning Tree Protocol . . . . . . . . . . . . . . . . 277STPOverview ............................278BridgeProtocolDataUnits .......................279
DeterminingthePathforForwardingBPDUs .............279BPDUGuard.........................279BPDUFilter..........................280RootGuard ..........................280LoopGuard..........................281PortPriority .........................281PortPathCost.........................282
ErrorDisableRecovery ........................283PortTypeandLinkType .......................284
EdgePort ............................284LinkType ............................284
10 Application Guide for CNOS 10.6
RapidPerVLANSpanningTreePlus .................. 285RapidPVST+Parameters ..................... 286
BridgePriority ........................ 286PortPriority......................... 286PortPathCost ........................ 287ForwardDelay ........................ 287HelloTimer ......................... 287MaximumAgeInterval .................... 288
RapidPVST+Configuration ...................... 289MultipleSpanningTreeProtocol .................... 290
CommonInternalSpanningTree.................. 290PortStates ............................ 290MSTRegion ........................... 291MSTPParameters ......................... 291
HopCount.......................... 292ForwardDelay ........................ 292HelloTimer ......................... 293MaximumAgeInterval .................... 293BridgePriority ........................ 293PortPriority......................... 294PortPathCost ........................ 294
MSTPConfiguration ......................... 295MSTPConfigurationExample................... 295
Chapter 13. Virtual Link Aggregation Groups . . . . . . . . . . . . 297vLAGOverview........................... 298vLAGCapacities ........................... 300
vLAGBenefits .......................... 300vLAGSynchronizationMechanism ................. 301vLAGSystemMAC ........................ 301vLAGandLACPIndividual.................... 302vLAGandLACPSystemPriority .................. 302vLAGLACPMisconfigurationsorCablingErrors ........... 302FDBSynchronization ....................... 303vLAGandSTP .......................... 304vLAGandVRRP......................... 305
vLAGVRRPPassiveMode(HalfActiveActive).......... 305vLAGVRRPActiveMode(FullActiveActive) .......... 305
vLAGConfigurationConsistencyCheck ............... 306vLAGandIGMPSnooping..................... 308
MulticastRouterSynchronization ................ 308IGMPGroupsSynchronization................. 308IGMPQuerierSynchronization ................. 308
vLAGPeerGateway ....................... 309vLAGsversusregularLAGs...................... 310
Copyright Lenovo 2017 Contents 11
ConfiguringvLAGs ..........................311vLAGISL............................312vLAGRoleElection ........................312vLAGInstance ..........................313FDBRefresh ...........................314vLAGTierID ...........................314vLAGStartupDelay ........................314vLAGAutorecovery.......................315
HealthCheck.............................316BasicHealthCheckConfigurationExample..............317
BasicvLAGConfigurationExample ...................318ConfiguringtheISL ........................318ConfiguringthevLAG .......................320
vLAGConfigurationVLANsMappedtoaMSTInstance .........321ConfiguringtheISL ........................321ConfiguringthevLAG .......................322
ConfiguringvLAGsinMultipleLayers.................323Task1:ConfigureLayer2/3BorderRegion ..............323
ConfigureBorderRouter1 ...................323ConfigureBorderRouter2 ...................324
Task2:ConfigureswitchesintheLayer2region ...........324ConfiguringSwitchA .....................324ConfiguringSwitchB .....................325ConfiguringSwitchesCandD .................327ConfiguringSwitchE .....................328ConfiguringSwitchF .....................329
Chapter 14. Quality of Service. . . . . . . . . . . . . . . . . . . 331QoSOverview............................332ClassMaps .............................333
QoSClassificationTypes ......................333UsingACLFilters .......................333SummaryofQoSActions ....................334UsingClassofServiceFilters ..................334Using802.1pPrioritytoProvideQoS...............334UsingDiffServCodePoint(DSCP)Filters .............335UsingTCP/UDPPortFilters...................337UsingPrecedenceFilters....................338UsingProtocolFilters .....................338
QueuingClassificationTypes ....................339ClassMapConfigurationExamples.................339
QoSClassMapConfigurationExample..............339QueueingClassMapConfigurationExample...........340
12 Application Guide for CNOS 10.6
PolicyMaps ............................. 341IngressPolicing.......................... 341
DefiningSingleRateandDualRatePolicers ........... 341Marking ........................... 343
QueuingPolicing ......................... 343Bandwidth .......................... 343Shaping ........................... 343Priority ........................... 343
PolicyMapConfigurationExamples ................ 344QoSPolicyMapConfigurationExample............. 344QueuingPolicyMapConfigurationExample ........... 345
ControlPlaneProtection ....................... 346ControlPlaneConfigurationExamples ............... 347
WRED ............................... 349ConfiguringWRED ........................ 349WREDConfigurationExample ................... 349
InterfaceServicePolicy ........................ 351ApplyanInterfaceServicePolicy .................. 351InterfaceServicePolicyLimitations ................. 351
MicroburstDetection ......................... 352
Chapter 15. CEE . . . . . . . . . . . . . . . . . . . . . . . . 353RoCEandiSCSI........................... 354
RoCERequirements ........................ 354ConvergedEnhancedEthernet..................... 355
TurningCEEOnorOff...................... 355EffectsonLinkLayerDiscoveryProtocol............... 356Effectson802.1pQualityofService ................. 356EffectsonFlowControl ...................... 357
PriorityBasedFlowControl ...................... 358PFCConfiguration ........................ 358PFCConfigurationExample .................... 359
EnhancedTransmissionSelection.................... 361802.1pPriorityValues....................... 361PriorityGroups.......................... 362
PGID............................ 362AssigningPriorityValuestoaPriorityGroup ........... 363AllocatingBandwidth ..................... 363
ConfiguringETS ......................... 364DataCenterBridgingCapabilityExchange................ 367
DCBXModes........................... 367DCBXSettings.......................... 367
EnablingandDisablingDCBX ................. 368PeerConfigurationNegotiation................. 368
ConfiguringDCBX ........................ 369CEEConfigurationExamples ..................... 370
CEEExample1.......................... 370CEEExample2.......................... 371
Copyright Lenovo 2017 Contents 13
Chapter 16. Secure Mode. . . . . . . . . . . . . . . . . . . . . 373SecureModeOverview ........................374UsingProtocolsWithSecureMode...................375
InsecureProtocols .........................375SecureProtocols .........................375InsecureProtocolsUnaffectedbySecureMode ............377
EnablingandDisablingSecureMode ..................378
Part 4: IP Routing . . . . . . . . . . . . . . . . . . . . . . . . 379
Chapter 17. Basic IP Routing . . . . . . . . . . . . . . . . . . . 381IPRouting..............................382
DirectandIndirectRouting.....................383StaticRouting ..........................383DynamicRouting .........................384DefaultGateway .........................384VirtualRoutingandForwarding ..................385
RoutingInformationBase .......................386BidirectionalForwardingDetection ...................387
BFDAsynchronousMode .....................388BFDEchoMode..........................388BFDPeerSupport .........................389BFDStaticRoutes .........................389BFDAuthentication ........................390GeneralizedTTLSecurityMechanism................391BFDandBGP...........................391BFDandOSPF ..........................391
RoutingBetweenIPSubnets ......................392ExampleofSubnetRouting.....................393UsingVLANstoSegregateBroadcastDomains ............394
ConfigurationExample.....................394ECMPStaticRoutes ..........................397
RIBSupportforECMPRoutes ...................397ECMPHashing ..........................397ConfiguringECMPStaticRoutes ..................398
WeightedECMPRoutes........................399RequirementsforWeightedECMP .................399ConfigureWeightedECMP.....................399
DynamicHostConfigurationProtocol ..................401InternetControlMessageProtocol ...................402
ICMPRedirects..........................403ICMPPortUnreachable ......................403ICMPUnreachable(exceptPort) ..................403
Chapter 18. Routed Ports. . . . . . . . . . . . . . . . . . . . . 405RoutedPortsOverview ........................406ConfiguringaRoutedPort .......................408
ConfiguringOSPFonRoutedPorts .................409OSPFConfigurationExample ..................409
14 Application Guide for CNOS 10.6
Chapter 19. Address Resolution Protocol. . . . . . . . . . . . . . 411ARPOverview ............................ 412ARPAgingTimer .......................... 413ARPInspection ........................... 414StaticARPEntries.......................... 415
StaticARPConfigurationExample ................. 415ARPEntryStates........................... 416ARPTableRefresh.......................... 417ProxyARP ............................. 418
ProxyARPLimitations ...................... 418ConfigureProxyARP ....................... 418
Chapter 20. Internet Protocol Version 6 . . . . . . . . . . . . . . 419IPv6AddressFormat ......................... 420IPv6AddressTypes ......................... 421
UnicastAddress......................... 421Multicast ............................ 421Anycast ............................. 422
IPv6Interfaces ............................ 423NeighborDiscovery ......................... 424
NeighborDiscoveryOverview ................... 424RouterNodes .......................... 425NeighborTableThreshold ..................... 425
SupportedApplications........................ 426ConfigurationGuidelines....................... 427IPv6ConfigurationExamples..................... 428
IPv6Example1 .......................... 428IPv6Example2 .......................... 428
IPv6Limitations........................... 429
Chapter 21. Internet Group Management Protocol . . . . . . . . . . 431IGMPTerms ............................. 432HowIGMPWorks .......................... 433IGMPCapacityandDefaultValues................... 434IGMPSnooping........................... 435
IGMPv3Snooping ........................ 436SpanningTreeTopologyChange .................. 436IGMPQuerier.......................... 437
QuerierElection........................ 437MulticastRouterDiscovery .................... 439IGMPQueryMessages ...................... 440IGMPGroups .......................... 440IGMPSnoopingConfigurationGuidelines .............. 442
IGMPSnoopingConfigurationExample ................. 443
Copyright Lenovo 2017 Contents 15
AdvancedIGMPSnoopingConfigurationExample ............445Prerequisites ...........................446IGMPConfiguration........................446
SwitchAConfiguration ....................446SwitchBConfiguration.....................447SwitchCConfiguration ....................448
Troubleshooting .........................449AdditionalIGMPFeatures.......................452
ReportSuppression ........................452RobustnessVariable ........................452FastLeave............................453StaticMulticastRouter .......................454
Chapter 22. Border Gateway Protocol . . . . . . . . . . . . . . . 455BGPOverview ............................456
BGPRouterIdentifier .......................456InternalRoutingVersusExternalRouting ................457RouteReflector ............................459
RouteReflectionConfigurationExample...............460Restrictions............................461
FormingBGPPeerRouters.......................462BGPPeersandDynamicPeers...................462
StaticPeers ..........................462DynamicPeers........................463
LoopbackInterfaces ..........................464WhatisaRouteMap?.........................465
NextHopPeerIPAddress .....................466IncomingandOutgoingRouteMaps ................466Precedence ............................466ConfigurationOverview ......................466
AggregatingRoutes ..........................468RedistributingRoutes .........................469BGPCommunities..........................471
BGPCommunity .........................471BGPExtendedCommunity .....................473BGPConfederation ........................474
BGPPathAttributes..........................475WellKnownMandatory ......................475WellKnownDiscretionary.....................475OptionalTransitive ........................476OptionalNonTransitive......................476
BestPathSelectionLogic........................477BGPBestPathSelection ......................477BGPWeight...........................478LocalPreference .........................478Metric(MultiExitDiscriminator)Attribute ..............478NextHop ............................479BestPathSelectionTuning .....................479BGPECMP............................481
16 Application Guide for CNOS 10.6
BGPFeaturesandFunctions ...................... 482ASPathFilter .......................... 482BGPCapabilityCode ....................... 482AdministrativeDistance...................... 482TTLSecurityCheck........................ 483LocalAS............................. 483BGPAuthentication ........................ 484OriginateDefaultRoute ...................... 484IPPrefixListFilter ........................ 485DynamicCapability ........................ 486BGPGracefulRestart ....................... 486BGPDamping .......................... 487SoftReconfigurationInbound ................... 488BGPRouteRefresh ........................ 488BGPMultipleAddressFamilies................... 489BGPandBFD .......................... 489BGPNextHopTracking...................... 490BGPTuning ........................... 490
BGPFailoverConfiguration...................... 491DefaultRedistributionandRouteAggregationExample .......... 493DesigningaClosNetworkUsingBGP.................. 495ClosNetworkBGPConfigurationExample ............... 496
ConfigureFabricSwitchSF1 .................. 497ConfigureSpineSwitchSP11 .................. 499ConfigureLeafSwitchLP11 .................. 502
ConfiguringBGPUnnumbered..................... 504ConfigureBGPUnnumbered .................. 505BGPUnnumberedLimitations................. 506
DifferentiatedServicesandBGP .................... 507CommandsforUsingDSwithBGP ................. 508DSwithBGPExample ....................... 508
Chapter 23. Open Shortest Path First . . . . . . . . . . . . . . . 509OSPFv2Overview .......................... 510
TypesofOSPFAreas ....................... 510TypesofOSPFRoutingDevices................... 511NeighborsandAdjacencies .................... 512TheLinkStateDatabase...................... 512TheShortestPathFirstTree .................... 513InternalVersusExternalRouting.................. 513
Copyright Lenovo 2017 Contents 17
OSPFv2ImplementationinCloudNOS .................514ConfigurableParameters ......................514DefiningAreas..........................515
UsingtheAreaIDtoAssigntheOSPFAreaNumber ........515AttachinganAreatoaNetwork .................516
InterfaceCost ...........................516ElectingtheDesignatedRouterandBackup .............516SummarizingRoutes .......................517DefaultRoutes ..........................517VirtualLinks ...........................519RouterID ............................519Authentication ..........................520
ConfiguringPlainTextOSPFPasswords.............521ConfiguringMD5Authentication ................522
LoopbackInterfacesinOSPF ....................522GracefulRestartHelper ......................523OSPFandBFD ..........................523
OSPFv2ConfigurationExamples ....................524Example 1:SimpleOSPFDomain ..................524Example 2:VirtualLinks......................526
ConfiguringOSPFforaVirtualLinkonSwitch1 .........526ConfiguringOSPFforaVirtualLinkonSwitch2 .........527OtherVirtualLinkOptions ...................528
Example 3:SummarizingRoutes..................528VerifyingOSPFConfiguration...................529
Chapter 24. Route Maps . . . . . . . . . . . . . . . . . . . . . 531RouteMapsOverview.........................532PermitandDenyRules........................533MatchandApplyClauses.......................534RouteMapsConfigurationExample...................536
Part 5: High Availability Fundamentals . . . . . . . . . . . . . . . 537
Chapter 25. Basic Redundancy . . . . . . . . . . . . . . . . . . 539AggregatingforLinkRedundancy...................540VirtualLinkAggregation.......................541
Chapter 26. Virtual Router Redundancy Protocol . . . . . . . . . . . 543VRRPOverview ...........................544
VRRPComponents ........................545VirtualRouter.........................545VirtualRouterMACAddress ..................545OwnersandRenters ......................545MasterandBackupVirtualRouter ................545VirtualInterfaceRouter ....................545
AssigningVRRPVirtualRouterID .................546VRRPOperation.........................546SelectingtheMasterVRRPRouter ..................546
FailoverMethods ...........................548ActiveActiveRedundancy .....................548
18 Application Guide for CNOS 10.6
CloudNOSExtensionstoVRRP .................... 549VRRPAdvertisementIntervalandSubsecondFailover ........ 549InterfaceTracking......................... 550SwitchBackDelay ........................ 550BackwardCompatibilitywithVRRPv2 ............... 551VRRPAcceptMode........................ 551VRRPPreemption ........................ 552VRRPPriority.......................... 552IPv6VRRP ............................ 553
ConfiguringtheSwitchforTracking .................. 555BasicVRRPConfiguration ....................... 556ConfiguringVRRPHighAvailabilityUsingMultipleVIRs......... 558
Task1:ConfigureSwitch1 ................... 559Task2:ConfigureSwitch2 ................... 560
Chapter 27. Layer 2 Failover . . . . . . . . . . . . . . . . . . . 563MonitoringLAGLinks ........................ 564SettingtheFailoverLimit ....................... 565ManuallyMonitoringPortLinks .................... 566
MonitorPortState ........................ 566ControlPortState ......................... 566
L2FailoverwithOtherFeatures.................... 567StaticLAGs ........................... 567LACP .............................. 567SpanningTreeProtocol ...................... 567
ConfigurationGuidelines....................... 568ConfiguringLayer2Failover...................... 569
Part 6: Network Management . . . . . . . . . . . . . . . . . . . 571
Chapter 28. Link Layer Discovery Protocol . . . . . . . . . . . . . 573LLDPOverview ........................... 574EnablingorDisablingLLDP ...................... 575LLDPTransmitFeatures........................ 576
ScheduledInterval ........................ 576MinimumInterval ........................ 576TimetoLiveforTransmittedInformation.............. 577TrapNotifications ........................ 577ChangingtheLLDPTransmitState................. 578TypesofInformationTransmitted.................. 579
LLDPReceiveFeatures ........................ 580TypesofInformationReceived ................... 580TimetoLiveforReceivedInformation ............... 580ViewingRemoteDeviceInformation ................ 581
DebuggingLLDP........................... 582LLDPExampleConfiguration ..................... 584
Copyright Lenovo 2017 Contents 19
Chapter 29. Service Location Protocol . . . . . . . . . . . . . . . 587SLPAgentsCommunication ......................588
SLPSpecificMessages .......................588SLPSupportedServiceAttributes ..................588
SLPConfiguration..........................589
Chapter 30. Simple Network Management Protocol . . . . . . . . . . 591SNMPVersions............................592
SNMPVersion1&Version2 ....................592SNMPVersion3 .........................592
SNMPProtocolDetails ........................593SNMPNotifications ........................593SNMPDeviceContactandLocation.................593OneTimeAuthenticationforSNMPoverTCP............593
DefaultConfiguration .........................594ConfigurationExamples ........................595
BasicSNMPConfigurationExample .................595UserConfigurationExample....................595ConfiguringSNMPTrapHosts ...................596
SNMPMIBs.............................597
Chapter 31. Telemetry . . . . . . . . . . . . . . . . . . . . . . 599NetworkTelemetryOverview .....................600CNOSTelemetryArchitecture .....................601TheGangliaAnalyticsApplication ...................603
TheGangliaAgent ........................603TheCentralDataAggregator ....................603TheDataVisualizationFrontEnd ..................604TheGangliaMetricTool ......................604UsingGangliawithCNOS .....................604
TypesofDataSuppliedbytheCNOSTelemetryAgent..........606BufferStatistics ..........................606
CongestionDropCounters...................606BufferUtilizationCounters ...................606BufferStatisticsNames .....................606
RealmParametersandIndexes...................607SettingUptheCNOSTelemetryAgent .................609
EnabletheTelemetryAgent ....................609ConfiguretheTelemetryController.................609SetUptheTelemetryHeartbeat ...................610
ConfiguringTelemetryAgentParameters ................611CongestionDropCounters.....................611BSTBufferCounters ........................623DetectCongestionAfteritHappens .................632PredictingCongestionBeforeitHappens ...............638CapacityPlanningBasedonTrendAnalysis.............647
20 Application Guide for CNOS 10.6
Part 7: Hyperconverged Infrastructure . . . . . . . . . . . . . . . 653
Chapter 32. Network Virtualization Gateway. . . . . . . . . . . . . 655NSXIntegrationConcepts ....................... 656
VMwareNSXComponents..................... 658NSXManager......................... 658NSXController ........................ 658NSXEdge.......................... 658NSXvSwitch ......................... 658
NSXTunneling .......................... 659VXLAN............................... 661LenovoVXLANGateway ....................... 663
SoftwareArchitectureOverview .................. 666NWVDNetworkVirtualizationDaemon ............ 666OVSDBDOpenVirtualSwitchDatabaseDaemon ........ 667HSCHardwareSwitchController............... 669
VXLANGatewayStandaloneTopologies ................ 670VXLANTunnelsoverLayer3RoutedNetwork .......... 670PhysicalServersonLayer2Switches............... 670DirectlyAttachedVXLANTunnelwithaLayer2Network(NotSupported).......................... 671VXLANTunnelsthroughaLayer2Network(NotSupported) ... 671
HighAvailabilitySupport....................... 672VXLANGatewayConfigurationExample ................ 674
StandaloneVXLANGatewayConfigurationExample ......... 675HighAvailabilityVXLANGatewayConfigurationExample ...... 678
BasicSwitchConfiguration ................... 678vLAGConfiguration...................... 678HSCConfiguration ...................... 680
Chapter 33. Network Policy Agent . . . . . . . . . . . . . . . . . 683Overview .............................. 684SettinguptheNutanixVDMPlugin .................. 686ViewingVirtualDomainInformation .................. 692UnsubscribingtoNutanixVDMNotifications .............. 693DynamicVLANsandtheVDM .................... 694
DynamicVLANConsiderations .................. 694DynamicVLANCommands .................... 694
Part 8: Monitoring . . . . . . . . . . . . . . . . . . . . . . . 695
Chapter 34. Port Mirroring . . . . . . . . . . . . . . . . . . . . 697PortMirroringOverview ....................... 698SPANConfiguration ......................... 699
Sources ............................. 699Destinations........................... 699Sessions ............................. 699ConfigurationExample ...................... 700
Copyright Lenovo 2017 Contents 21
ERSPANConfiguration........................701SessionTypes...........................701Sources.............................702Destinations ...........................702ERSPANSourceSessionConfigurationExample...........703ERSPANDestinationSessionConfigurationExample .........704
Limitations .............................705
Chapter 35. Sampled Flow . . . . . . . . . . . . . . . . . . . . 707ConfiguringsFlow ..........................708sFlowNetworkPolling........................709sFlowNetworkSampling .......................710sFlowExampleConfiguration .....................711
Part 9: Appendices . . . . . . . . . . . . . . . . . . . . . . . 713
Appendix A. Getting help and technical assistance . . . . . . . . . . 715
Appendix B. Notices. . . . . . . . . . . . . . . . . . . . . . . 717Trademarks .............................719ImportantNotes ...........................720RecyclingInformation .........................721ParticulateContamination .......................722TelecommunicationRegulatoryStatement ................723ElectronicEmissionNotices ......................724
FederalCommunicationsCommission(FCC)Statement ........724IndustryCanadaClassAEmissionComplianceStatement.......724AvisdeConformitlaRglementationdIndustrieCanada ......724AustraliaandNewZealandClassAStatement ............724EuropeanUnionCompliancetotheElectromagneticCompatibilityDirective......................725GermanyClassAStatement....................725JapanVCCIClassAStatement ...................726JapanElectronicsandInformationTechnologyIndustriesAssociation(JEITA) Statement .........................727KoreaCommunicationsCommission(KCC)Statement .........727RussiaElectromagneticInterference(EMI)ClassAstatement ......727PeoplesRepublicofChinaClassAelectronicemissionstatement ....727TaiwanClassAcompliancestatement ................727
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 729
22 Application Guide for CNOS 10.6
Copyright Lenovo 2017 23
PrefaceThisApplicationGuidedescribeshowtoconfigureandusetheLenovoCloudNetworkOperatingSystem10.6softwareonthefollowingLenovoRackSwitches:
LenovoRackSwitchG8272.Fordocumentationoninstallingtheswitchphysically,seetheLenovoRackSwitchG8272InstallationGuide.
LenovoRackSwitchG8296.Fordocumentationoninstallingtheswitchphysically,seetheLenovoRackSwitchG8296InstallationGuide.
LenovoRackSwitchG8332.Fordocumentationoninstallingtheswitchphysically,seetheLenovoRackSwitchG8332InstallationGuide.
LenovoThinkSystemNE1032TRackSwitch.Fordocumentationoninstallingtheswitchphysically,seetheLenovoThinkSystemNE1032TRackSwitchInstallationGuide.
LenovoThinkSystemNE1032RackSwitch.Fordocumentationoninstallingtheswitchphysically,seetheLenovoThinkSystemNE1032RackSwitchInstallationGuide.
LenovoThinkSystemNE1072TRackSwitch.Fordocumentationoninstallingtheswitchphysically,seetheLenovoThinkSystemNE1072TRackSwitchInstallationGuide.
LenovoThinkSystemNE10032RackSwitch.Fordocumentationoninstallingtheswitchphysically,seetheLenovoThinkSystemNE10032RackSwitchInstallationGuide.
LenovoThinkSystemNE2572RackSwitch.Fordocumentationoninstallingtheswitchphysically,seetheLenovoThinkSystemNE2572RackSwitchInstallationGuide.
24 Application Guide for CNOS 10.6
Who Should Use This GuideThisguideisintendedfornetworkinstallersandsystemadministratorsengagedinconfiguringandmaintaininganetwork.TheadministratorshouldbefamiliarwithEthernetconcepts,IPaddressing,SpanningTreeProtocol,andSNMPconfigurationparameters.
Copyright Lenovo 2017 Preface 25
Application Guide OverviewThisguidewillhelpyouplan,implement,andadministertheCloudNOS(CNOS)software.Wherepossible,eachsectionprovidesfeatureoverviews,usageexamples,andconfigurationinstructions.Thefollowingmaterialisincluded:
Part 1: Getting Started
ThismaterialisintendedtohelpthosenewtoCNOSproductswiththebasicsofswitchmanagement.Thispartincludesthefollowingchapters:
Chapter 1,UsingtheCommandLineInterface,describestheCNOScommandlineinterfacemodes,commands,keyboardshortcuts,andaliases.
Chapter 2,SwitchAdministration,describeshowtoaccesstheswitchtoconfiguretheswitch,andviewswitchinformationandstatistics.Thischapterdiscussesavarietyofmanualadministrationinterfaces,includinglocalmanagementviatheswitchconsole,andremoteadministrationviaTelnetorSecureShell.
Chapter 3,SystemLicenseKeys,describeshowtoinstalladditionalfeaturesontheswitch.
Chapter 4,SwitchSoftwareManagement,describeshowtoupdatetheCNOSsoftwareoperatingontheswitchandhowtoconvertfromCNOStoENOS.
Part 2: Securing the Switch
Thismaterialcontainsinformationaboutimplementingsecurityprotocolsontheswitch.Thispartincludesthefollowingchapters:
Chapter 5,SecuringAdministration,describesmethodsforusingSecureShellforadministrationconnections,andconfiguringenduseraccesscontrol.
Chapter 6,AAAProtocols,describesdifferentsecureadministrationmethodsforremoteadministrators.ThisincludesusingRADIUS,TerminalAccessControllerAccessControlSystemPlus(TACACS+)andAuthentication,Authorization,andAccounting(AAA).
Chapter 7,AccessControlLists,describeshowtousefilterstopermitordenyspecifictypesoftraffic,basedonavarietyofsource,destination,andpacketattributes.
Part 3: Switch Basics
Thismaterialcontainsinformationaboutsettingupfeaturesontheswitch.Thispartincludesthefollowingchapters:
Chapter 8,InterfaceManagement,describeshowtoconfiguretheswitchinterfaces,liketheethernetormanagementports.
Chapter 9,ForwardingDatabase,describeshowaLayer2devicecanbeconfiguredtolearnandstoreMACaddressesandtheircorrespondingports.
Chapter 10,VLANs,describeshowtoconfigureVirtualLocalAreaNetworks(VLANs)forcreatingseparatenetworksegments,includinghowtouseVLANtaggingfordevicesthatusemultipleVLANs.
26 Application Guide for CNOS 10.6
Chapter 11,PortsandLinkAggregation,describeshowtogroupmultiplephysicalportstogethertoaggregatethebandwidthbetweenlargescalenetworkdevices.
Chapter 12,SpanningTreeProtocol,describeshowtousetheRapidPerVLANSpanningTreePlus(RapidPVST+)andMultipleSpanningTreeProtocol(MSTP)tobuildaloopfreenetworktopology.
Chapter 13,VirtualLinkAggregationGroups,describesusingVirtualLinkAggregationGroups(VLAGs)toformLAGsspanningmultipleVLAGcapableaggregatorswitches.
Chapter 14,QualityofService,discussesQualityofService(QoS)features,includingIPfilteringusingclassmaps,DifferentiatedServices,andIEEE802.1ppriorityvalues.
Chapter 15,CEE,discussesusingvariousConvergedEnhancedEthernet(CEE)featuressuchasPrioritybasedFlowControl(PFC),EnhancedTransmissionSelection(ETS)andDataCenterBridgingCapabilityExchange(DCBX).
Chapter 16,SecureMode,describesthedifferencebetweensecuremodeandlegacymode,whatenablingsecuremodemeans,andhowtoenableanddisableit.
Part 4: IP Routing
Thispartincludesthefollowingchapters:
Chapter 17,BasicIPRouting,describeshowtoconfiguretheswitchforIProutingusingIPsubnets,BFD,DHCPRelayandVRF.
Chapter 18,RoutedPorts,describeshowtoconfigureaswitchporttoforwardLayer3traffic.
Chapter 19,AddressResolutionProtocol,describeshowtousetheAddressResolutionProtocol(ARP)protocoltomapanIPv4addresstoaMACaddress.
Chapter 20,InternetProtocolVersion6,describeshowtoconfiguretheswitchtouseIPv6.
Chapter 21,InternetGroupManagementProtocol,describeshowCNOSimplementsInternetGroupManagementProtocol(IGMP)Snoopingtoconservebandwidthinamulticastswitchingenvironment.
Chapter 22,BorderGatewayProtocol,describesBorderGatewayProtocol(BGP)conceptsandfeaturessupportedinCNOS.
Chapter 23,OpenShortestPathFirst,describeskeyOpenShortestPathFirst(OSPF)concepts,andhowtheyareimplementedinCNOS,andprovidesexamplesofhowtoconfigureyourswitchforOSPFsupport.
Chapter 24,RouteMaps,describesroutemapsthatareusedtodefineroutepolicybypermittingordenyingcertainroutesbasedonaconfiguredsetofrules.
Copyright Lenovo 2017 Preface 27
Part 5: High Availability Fundamentals
Thispartincludesthefollowingchapters:
Chapter 25,BasicRedundancy,describeshowtheswitchsupportsredundancythroughLAGsandVLAGs.
Chapter 26,VirtualRouterRedundancyProtocol,describeshowtheswitchsupportshighavailabilitynetworktopologiesusingVirtualRouterRedundancyProtocol(VRRP).
Chapter 27,Layer2Failover,describeshowtoconfigureandusenetworkadapterteamingforLayer2LAGfailover.
Part 6: Network Management
Thispartincludesthefollowingchapters:
Chapter 28,LinkLayerDiscoveryProtocol,describeshowLinkLayerDiscoveryProtocol(LLDP)helpsneighboringnetworkdeviceslearnabouteachothersportsandcapabilities.
Chapter 29,ServiceLocationProtocol,describestheServiceLocationProtocol(SLP)thatallowstheswitchtoprovidedynamicdirectoryservices.
Chapter 30,SimpleNetworkManagementProtocol,describeshowtoconfiguretheswitchformanagementthroughaSimpleNetworkManagementProtocol(SNMP)client.
Chapter 31,Telemetry,describestheCNOSNetworkTelemetryAgentandhowtousethedataitprovidestofinetuneyournetwork.
Part 7: Hyperconverged Infrastructure
Thispartincludesthefollowingchapters:
Chapter 32,NetworkVirtualizationGateway,describeshowtointegrateVMwareNSXwithyourswitch.
Chapter 33,NetworkPolicyAgent,explainshowtousetheCNOSnetworkpolicyagentpluginthatworkswiththeNutanixVirtualDomainModule.
Part 8: Monitoring
Thispartincludesthefollowingchapters:
Chapter 34,PortMirroring,discussestoolstocopyselectedporttraffictoaremotemonitorportfornetworkanalysis.
Chapter 35,SampledFlow,discussesusingSampledFlow(sFlow)formonitoringtraffic.
Part 9: Appendices
Thispartincludesthefollowingappendices:
AppendixA,Gettinghelpandtechnicalassistance,providesdetailsonwheretogoforadditionalinformationaboutLenovoandLenovoproducts.
AppendixB,Notices,containssafetyandenvironmentalnotices.
28 Application Guide for CNOS 10.6
Additional ReferencesAdditionalinformationaboutinstallingandconfiguringyourswitchisavailableinthefollowingguides:
LenovoNetworkCommandReferenceforLenovoCloudNetworkOperatingSystem10.6
LenovoNetworkReleaseNotesforLenovoCloudNetworkOperatingSystem10.6foryourswitch
LenovoNetworkPythonProgrammingGuideforLenovoCloudNetworkOperatingSystem10.6
LenovoNetworkRESTAPIProgrammingGuideforLenovoCloudNetworkOperatingSystem10.6
Copyright Lenovo 2017 Preface 29
Typographic ConventionsThefollowingtabledescribesthetypographicstylesusedinthisbook.
Table 1. Typographic Conventions
Typeface or Symbol
Meaning Example
ABC123 Thistypeisusedfornamesofcommands,files,anddirectoriesusedwithinthetext.
Viewthereadme.txtfile.
Italsodepictsonscreencomputeroutputandprompts.
Switch#
ABC123 Thisboldtypeappearsincommandexamples.Itshowstextthatmustbetypedinexactlyasshown.
Switch#ping
Thisitalicizedtypeappearsincommandexamplesasaparameterplaceholder.Replacetheindicatedtextwiththeappropriaterealnameorvaluewhenusingthecommand.Donottypethebrackets.
ToestablishaTelnetsession,enter:Switch#telnet
Thisalsoshowsbooktitles,specialterms,orwordstobeemphasized.
ReadyourUsersGuidethoroughly.
{} Commanditemsshowninsidebracketsaremandatoryandcannotbeexcluded.Donottypethebrackets.
Switch#cp{ftp|sftp}
[] Commanditemsshowninsidebracketsareoptionalandcanbeusedorexcludedasthesituationdemands.Donottypethebrackets.
Switch#configure[device]
| Theverticalbar(|)isusedincommandexamplestoseparatechoiceswheremultipleoptionsexist.Selectonlyoneofthelistedoptions.Donottypetheverticalbar.
Switch#cp{ftp|sftp}
Thisblocktypedepictsmenus,buttons,andothercontrolsthatappearingraphicalinterfaces.
Clickthebutton.
30 Application Guide for CNOS 10.6
Copyright Lenovo 2017 31
Part 1: Getting StartedThissectiondiscussesthefollowingtopics:
SwitchAdministrationonpage 41
SystemLicenseKeysonpage 91
SwitchSoftwareManagementonpage 97
32 Application Guide for CNOS 10.6
Copyright Lenovo 2017 33
Chapter 1. Using the Command Line InterfaceLenovoCloudNetworkOperatingSystemusesanindustrystandardcommandlineinterface(CLI).LikeanyswitchCLI,therearesubtledifferencesbetweentheCNOSCLIandtheCLIonswitchesfromothervendors.
Thefollowingsubjectsarediscussedinthischapter:
CLICommandModesonpage 34
CommandLineInterfaceShortcutsonpage 35
CommandAliasesonpage 37
34 Application Guide for CNOS 10.6
CLI Command ModesTheCLIhasthreemajorcommandmodeslistedinorderofincreasingprivileges,asfollows:
UserEXECMode:Switch>Thisistheinitialmodeofaccess.Bydefault,onconsolesessionspasswordcheckingisdisabledforthismode.
PrivilegedEXECmode:Switch#ThismodeisaccessedfromUserEXECMode.Thismodecanbeaccessedusingthefollowingcommand:enable
ConfigurationMode:Switch(config)#Thismodeallowsyoutomakechangestotherunningconfiguration.Ifyousavetheconfiguration,thesettingssurviveareloadoftheswitch.SeveralsubmodescanbeaccessedfromtheUserEXECMode.Thismodecanbeaccessedusingthefollowingcommand:configure[device]
Eachmodeprovidesaspecificsetofcommands.Mostlowerprivilegemodecommandsareaccessiblewhenusingahigherprivilegemode.Note: ThewordSwitchisagenerictermusedthroughouttheApplicationGuidetoindicatethehostnameoftheswitchwhenissuingcommands.DependingontheLenovoRachSwitchorThinkSystem,thewordSwitchwillbereplacedwithoneofthefollowing:
Switch Type Prompt
RackSwitchG8272 G8272
RackSwitchG8296 G8296
RackSwitchG8332 G8332
ThinkSystemNE1032RackSwitch NE1032
ThinkSystemNE1032TRackSwitch NE1032T
ThinkSystemNE1072TRackSwitch NE1072T
ThinkSystemNE10032RackSwitch NE10032
ThinkSystemNE2572RackSwitch NE2572
Copyright Lenovo 2017 Chapter 1: Using the Command Line Interface 35
Command Line Interface ShortcutsThefollowingshortcutsallowyoutoentercommandsquicklyandeasily.
CLI List and Range InputsForVLANandportcommandsthatallowanindividualitemtobeselectedfromwithinanumericrange,listsandrangesofitemscannowbespecified.Forexample,thevlancommandpermitsthefollowingoptions:
Thenumbersinarangemustbeseparatedbyadash:
Multiplerangesoritemsarepermittedusingacomma:,
Donotusespaceswithinlistandrangespecifications.
Rangescanalsobeusedtoapplythesamecommandoptiontomultipleitems.Forexample,toaccessmultipleportswithonecommand:
Command AbbreviationMostcommandscanbeabbreviatedbyenteringthefirstcharacterswhichdistinguishthecommandfromtheothersinthesamemode.Forexample,considerthefollowingfullcommand:
Itcanbeabbreviatedasfollows:
Tab CompletionByenteringthefirstletterofacommandatanypromptandpressing,theISCLIdisplaysallavailablecommandsoroptionsthatbeginwiththatletter.Enteringadditionallettersfurtherrefinesthelistofcommandsoroptionsdisplayed.Ifonlyonecommandfitstheinputtextwhenispressed,thatcommandissuppliedonthecommandline,waitingtobeentered.
Ifmultiplecommandssharethetypedcharacters,whenyoupress,theISCLIcompletesthecommonpartofthesharedsyntax.
Switch(config)#vlan1,3,1094 (accessVLANs1,3,and1094)Switch(config)#vlan120 (accessVLANs1through20)Switch(config)#vlan15,9099,10901094(accessmultipleranges)Switch(config)#vlan15,19,20,10901094(accessamixoflistsandranges)
Switch(config)#spanningtreemst14cost4096 (instances1through4)
Switch(config)#displaymacaddresstableinterfaceethernet1/12
Switch(config)#dispmaadie1/12
36 Application Guide for CNOS 10.6
Line EditingThefollowingcaseinsensitivekeystrokecommandsareavailableforeditingcommandlines:
Command Behavior
Movesthecursortothebeginningoftheline.
Movesthecursoronecharactertotheleft.
Deletesthecharacteratthecursor.
Movesthecursortotheendoftheline.
Movesthecursoronecharactertotheright.
Killsalltexttotherightofthecursor,puttingitintoabuffer.
Clearsthescreen,leavingthecurrentlineintactatthetop.
Movetothenextcommandinthecommandhistory.
Movetothepreviouscommandinthecommandhistory.
Swapsthecharacteratthecursorwiththecharactertotheleftofthecursor.
Clearsalltextfromthecommandline.
Deletesfromthecursortothestartoftheword.
Yanksthetextfromthekillbuffer.
Movesthecursorbackwardsoneword.
Capitalizesthefirstletterofthewordorthecharacterwherethecursorispointing.
Deletestotheendofthewordtotherightofthecursor.
Movesthecursorforwardsoneword.
Changesthetexttolowercasefromthecursortotheendoftheword.
Changesthetexttouppercasefromthecursortotheendoftheword.
Copyright Lenovo 2017 Chapter 1: Using the Command Line Interface 37
Command AliasesCommandaliasingenablesyoutochangethenamesofcommandsintheCLI.
Defining AliasesTodefineanalias,enter:
Forexample,tousethecommandshowtoinvokethedisplaycommand,enter:
Removing AliasesToremoveanalias,enter:
Toremoveallaliases,enter:
Displaying AliasesToseethelistofaliasesconfiguredtoyoursystem,enter:
Note: Thealiascommanddoesnotdovalidationchecking.Ifyouenteraninvalidcommandforanaliastoinvoke,youwillgetanerrormessage.
Rules for Using AliasesThefollowingrulesapplywhenyouaredefininganalias:
Analiasmustbeanalphanumericstringthatstartswithanalphabeticcharacter.Therecanbenospacesorpunctuationcharactersinanaliasname.Therecanbedashesandspacesinthecommandbeingaliased.Forexample,thefollowingcommandaliasesthestringdsitodisplaysysinfo:
Switch(config)#alias
Switch(config)#aliasshowdisplay
Switch(config)#noalias
Switch(config)#noaliasall
Switch(config)#displayaliasCLIaliasinformation:=====================show:displayabc:display
Switch(config)#aliasdsidisplaysysinfo
38 Application Guide for CNOS 10.6
Youcannotescapenonalphanumericcharacterswithabackslashorwithquotes.Forexample,youwillgetanerrormessageifyouenter:
Youcanhavemultiplealiasesforthesamecommand,butyoucannothavemultiplecommandsmappedtothesamealias.Forexample,ifyouenter:
Thealiasesshowandabcwillbothinvokethedisplaycommand.However,ifyouenter:
Theshowaliaswillinvoketheenablecommand.
Youcanuseanaliastoinvokeamultiplewordcommand.Forexample,youcanenter:
Thessialiaswillnowinvokethecommanddisplaysysinfo.
Youcannotnestaliases.Forexample,ifyouenter:
Thessicommandwillreturnanerrormessage.
Youcannotaliasanargumentofacommand.Forexample,ifyoutryentering:
Thecommandshowsiwillreturnanerrormessagebecausetheswitchistryingtoparseitasdisplaysi.
Ifyouusethenameofanexistingcommandasanaliasname,itwilloverridetheexistingcommand.Forexample,ifyouenter:
Theqoscommandwillbehaveasifyouhadentereddisplay.Tofixthis,enter:
Inthecaseoffixingtheqoscommandtoitsoriginalfunction,youwouldenter:
Switch(config)#aliasshow\sysinfodisplaysysinfo
Switch(config)#aliasshowdisplaySwitch(config)#aliasabcdisplay
Switch(config)#aliasshowdisplaySwitch(config)#aliasshowenable
Switch(config)#aliasssidisplaysysinfo
Switch(config)#aliasshowdisplaySwitch(config)#aliasssishowsysinfo
Switch(config)#aliasshowdisplaySwitch(config)#aliassisysinfo
Switch(config)#aliasqosdisplay
Switch(config)#noalias
Switch(config)#noaliasqos
Copyright Lenovo 2017 Chapter 1: Using the Command Line Interface 39
Analiasdoesnotsupportmultiplecommandlines.Forexample,ifyouenter:
Youwillgetanerrormessage.
Youcannotconcatenatealiases.Forexample,ifyouenter:
Youwillgetanerrormessageafteryouentershowpa.
Themaximumnumberofaliasesthatcanbeconfiguredonaswitchis128.
Thefollowingarereservedwordsthatcannotbeusedasanaliasname:
Switch(config)#aliasdvdudisplayversion\ndisplayuser
Switch(config)#aliasdisplayshowSwitch(config)#aliaspaportaggregationSwitch(config)#showpa1
alias enable python
all end quit
bfd exit reload
configure logout remove
disable name restart
display no save
40 Application Guide for CNOS 10.6
Copyright Lenovo 2017 41
Chapter 2. Switch AdministrationYourRackSwitchisreadytoperformbasicswitchingfunctionsrightoutofthebox.Someofthemoreadvancedfeatures,however,requiresomeadministrativeconfigurationbeforetheycanbeusedeffectively.
TheextensiveLenovoCloudNetworkOperatingSystemfortheswitchprovidesavarietyofoptionsforaccessingtheswitchtoperformavarietyofconfigurationsandtoviewswitchinformationandstatistics.
Thischapterdiscussesthevariouscommandsusedtoadministertheswitch:
AdministrationInterfacesonpage 42
IndustryStandardCommandLineInterfaceonpage 43
EstablishingaConnectiononpage 44
ZeroTouchProvisioningonpage 51
DHCPIPAddressServicesonpage 55
SwitchLoginLevelsonpage 62
Pingonpage 64
Tracerouteonpage 69
NetworkTimeProtocolonpage 72
DomainNameServerClientonpage 77
SystemLoggingonpage 79
IdleDisconnectonpage 87
PythonScriptingonpage 88
RESTAPIProgrammingonpage 89
42 Application Guide for CNOS 10.6
Administration InterfacesCloudNOSprovidesavarietyofuserinterfacesforadministration.Theseinterfacesvaryincharacterandinthemethodsusedtoaccessthem.Somearetextbasedandsomearegraphical;someareavailablebydefault,whileothersrequireconfiguration;somecanbeaccessedbylocalconnectiontotheswitch,whileothersareaccessedremotelyusingvariousclientapplications.Forexample,administrationcanbeperformedusinganyofthefollowing:
Abuiltin,textbasedcommandlineinterface(CLI)andmenusystemforswitchaccessviaaserialportconnectionoranoptionalTelnetorSSHsession
SNMPsupportforaccessthroughthirdpartycommercialandopensourcenetworkmanagementapplications.
Thespecificinterfacechosenforanadministrativesessiondependsonyourpreferences,theswitchconfiguration,andtheavailableclienttools.
Inallcases,administrationrequiresthattheswitchhardwareisproperlyinstalledandturnedon(seetheLenovoRackSwitchInstallationGuide).
Copyright Lenovo 2017 Chapter 2: Switch Administration 43
Industry Standard Command Line InterfaceTheIndustryStandardCommandLineInterface(ISCLI)providesasimpleanddirectmethodforswitchadministration.Usingabasicterminal,youcanissuecommandsthatallowyoutoviewdetailedinformationandstatisticsabouttheswitch,andtoperformanynecessaryconfigurationandswitchsoftwaremaintenance.
YoucanestablishaconnectiontotheISCLIinanyofthefollowingways:
Serialconnectionviatheserialportontheswitch(thisoptionisalwaysavailable)
Telnetconnectionoverthenetwork
SSHconnectionoverthenetwork
44 Application Guide for CNOS 10.6
Establishing a ConnectionThefactorydefaultsettingspermitinitialswitchadministrationthroughthebuiltinserialport.TheswitchcanalsobeinitiallyconfiguredthroughtheOOBmanagementportthatgetsadefaultIPaddress(192.168.50.50/24);inthiscase,theuserisabletologinviaSSHintotheportandperforminitialconfiguration.
Remoteaccessusingthenetworkrequirestheaccessingterminaltohaveavalid,routableconnectiontotheswitchinterface.TheclientIPaddressmaybeconfiguredmanually,oranIPaddresscanbeprovidedautomaticallytotheswitchusingaservicesuchasDHCP(seeDHCPIPAddressServicesonpage 55).AnIPv6addresscanalsobeobtainedusingIPv6statelessaddressconfiguration.Note: Throughoutthismanual,IPaddressisusedinplaceswhereeitheranIPv4orIPv6addressisallowed.IPv4addressesareenteredindotteddecimalnotation(forexample,10.10.10.1),whileIPv6addressesareenteredinhexadecimalnotation(forexample,2001:db8:85a3::8a2e:370:7334).Inplaceswhereonlyonetypeofaddressisallowed,IPv4addressorIPv6addressisspecified.
Using the Switch Management InterfaceTomanagetheswitchthroughthemanagementinterface,youmustconfigureitwithanIPinterface.ConfiguretheIPaddressandnetworkmaskanddefaultgatewayaddress:
1. Logontotheswitch.
2. EnterGlobalConfigurationmode.
3. ConfigureamanagementIPaddressandnetworkmask:
IPv4configuration:
IPv6configuration:
4. Configuretheappropriatedefaultgateway:
IPv4configuration:
Switch>enableSwitch#configuredeviceSwitch(config)#
Switch(config)#interfacemgmt0Switch(configif)#ipaddress/Switch(configif)#exit
Switch(config)#interfacemgmt0Switch(configif)#ipv6address/Switch(configif)#exit
Switch(config)#vrfcontextmanagementSwitch(configvrf)#iproute0.0.0.00.0.0.0Switch(configvrf)#exit
Copyright Lenovo 2017 Chapter 2: Switch Administration 45
IPv6configuration:
OnceyouconfigureamanagementIPaddressforyourswitch,youcanconnecttothemanagementportanduseaTelnetoranSSHclientfromanexternalmanagementstationtoaccessandcontroltheswitch.Themanagementportprovidesoutofbandmanagement.Note: Touseatelnetclient,youmustfirstenabletelnetaccesswiththecommand:
Other Ways to Manage the Switch Using IPBesidesusingtheoutofbandmanagementporttoadministertheswitch,youcanmanagetheswitchusinganinbandconnectionoverthedataports.Thefollowingoptionsareavailableforconfiguringinbandmanagement:
SwitchedVirtualInterface(SVI)
L3routedports
SwitchVirtualInterfacesonpage 202containsrulesandmoredetailsaboutusinganSVI,whileConfiguringaRoutedPortonpage 408containsmoredetailsaboutconfiguringroutedports.Thefollowingsectioncontainsexamplesofeach.
Configuring a Switched Virtual Interface for ManagementASwitchedVirtualInterfaceisaVLANthathasanIPaddressassigneddirectlyonitviathecommand:
TheVLANmustalreadyexistbeforeyouconfiguretheVLANinterface,andtheVLANmustbeallowedonanydataportsyouwanttousetomanagetheswitch.AlongwithconfiguringtheVLANinterface,ifyouwanttoconnecttotheswitchviaaremoteIPsubnet,configureaninbanddefaultgateway.
ThefollowingisanexampleofconfiguringanSVIandassociateddefaultgateway.
1. Logontotheswitch.
2. EnterconfigurationmodeandthencreatethedesiredVLANthatwillbeusedbytheSVI
Switch(config)#vrfcontextmanagementSwitch(configvrf)#ipv6route::/0Switch(configvrf)#exit
Switch(config)#featuretelnet
Switch(config)#interfacevlan
Switch>enableSwitch#configuredeviceSwitch(config)#vlanSwitch(config)#exit
46 Application Guide for CNOS 10.6
3. CreatetheSVIandconfiguretheIPaddressandnetworkmask.
4. Configuretheinbanddefaultgateway(optional).
IPv4configuration:
IPv6configuration:
YoumustcarrytheVLANbeingusedformanagementonatleastoneoftheinbanddataports,topermitmanagementoftheswitchviathispath.
Using the Switch Ethernet Ports in Routed Port Mode for ManagementYoualsocanconfigureinbandmanagementdirectlyonanyoftheswitchEthernetdataportsbysettingthephysicalinterfacetoRoutedPortmode.ToallowinbandmanagementviatheRoutedportfeatureusethefollowingprocedure:
1. Logontotheswitch.
2. Enterinterfacemodeandconfigureanethernetinterfaceasroutedport.
3. ConfiguretheinterfaceIPaddressandnetworkmaskonthisphysicalEthernetinterface.
IPv4configuration:
IPv6configuration:
4. (Optional)Configuretheinbanddefaultgateway.
IPv4configuration:
Switch(config)#interfacevlanSwitch(configif)#ipaddress/Switch(configif)#exit
Switch(configif)#iproute0.0.0.0/0
Switch(configif)#ipv6route::/0Switch(configvrf)#exit
Switch>enableSwitch#configuredeviceSwitch(config)#interfaceethernet/Switch(configif)#nobridgeport
Switch(configif)#ipaddress/Switch(configif)#exit
Switch(configif)#ipv6address/Switch(configif)#exit
Switch(config)#iproute0.0.0.0/0
Copyright Lenovo 2017 Chapter 2: Switch Administration 47
IPv6configuration:
OnceyouconfiguretheIPaddressandhaveanetworkconnection,youcanuseaTelnetoranSSHclientfromanexternalmanagementstationtoaccessandcontroltheswitch.Oncethedefaultgatewayisenabled,themanagementstationandtheswitchdonotneedtobeonthesameIPsubnettocommunicate.
Theswitchsupportsanindustrystandardcommandlineinterface(ISCLI)thatyoucanusetoconfigureandcontroltheswitchoverthenetworkusingaTelnetoranSSHclient.YoucanusetheISCLItoperformmanybasicnetworkmanagementfunctions.Inaddition,youcanconfiguretheswitchformanagementusinganSNMPbasednetworkmanagementsystem.
Formoreinformation,seethedocumentslistedinAdditionalReferencesonpage 28.
Using TelnetATelnetconnectionofferstheconvenienceofaccessingtheswitchfromaworkstationconnectedtothenetwork.Telnetaccessprovidesthesameoptionsforuserandadministratoraccessasthoseavailablethroughtheconsoleport.
Bydefault,Telnetaccessisdisabled.UsethefollowingcommandtoenableordisableTelnetaccess:
OncetheswitchisconfiguredwithanIPaddressandgateway,youcanuseTelnettoaccessswitchadministrationfromanyworkstationconnectedtothemanagementnetwork.
ToestablishaTelnetconnectionwiththeswitch,runtheTelnetclientonyourworkstation,useTelnetastheprotocoltypeandtheswitchsIPaddressasthehostname.
YouwillthenbepromptedtoenterapasswordasexplainedinSwitchLoginLevelsonpage 62.
Bydefault,TelnetusesTCPport23oftheremotehosttoestablishaconnectionfromtheswitch.WheninitializingaTelnetsession,youcanspecifytheTCPportoftheremotehostbyusingthefollowingcommandontheswitch:
Note: ThespecifiedportwillbeusedonlyforthecurrentTelnetsession.Futuresessionswillnotusetheselectedport.
Bydefault,TelnetclientswillconnecttothelocalTelnetserverusingTCPport23ontheswitch.ToconfiguretheTCPportusedbyaTelnetclientwhenestablishingaconnectiontotheswitch,usethefollowingcommand:
Switch(config)#ipv6route::/0
Switch(config)#[no]featuretelnet
Switch#telnetport
Switch(config)#telnetserverport
48 Application Guide for CNOS 10.6
Using Secure ShellAlthougharemotenetworkadministratorcanmanagetheconfigurationofaswitchviaTelnet,thismethoddoesnotprovideasecureconnection.TheSecureShell(SSH)protocolenablesyoutosecurelylogintoanotherdeviceoveranetworktoexecutecommandsremotely.AsasecurealternativetousingTelnettomanageswitchconfiguration,SSHensuresthatalldatasentoverthenetworkisencryptedandsecure.
Bydefault,SSHaccessisenabled.UsethefollowingcommandtoenableordisableSSHaccess:
Theswitchcandoonlyonesessionofkey/ciphergenerationatatime.Thus,anSSHclientwillnotbeabletologiniftheswitchisdoingkeygenerationatthattime.Similarly,thesystemwillfailtodothekeygenerationifanSSHclientislogginginatthattime.
ThesupportedSSHencryptionandauthenticationmethodsare:
ServerHostAuthentication:ClientRSAauthenticatestheswitchwhenstartingeachconnection
KeyExchange:ecdhsha2nistp256,ecdhsha2nistp384,ecdhsha2nistp521,diffiehellmangroup14sha1
Encryption:aes128ctr,aes192ctr,aes256ctr,[email protected],[email protected]
MAC:hmacsha2256,hmacsha2512,[email protected],[email protected]
UserAuthentication:Localpasswordauthentication,TACACS+
LenovoCloudNetworkOperatingSystemimplementstheSSHversion2.0standardandisconfirmedtoworkwithSSHversion2.0compliantclientssuchasthefollowing:
OpenSSH_6.7p1forLinux
SecureCRTVersion7.3.4(build839)
PuttySSHrelease0.63
Using SSH with Password AuthenticationOncetheIPparametersareconfigured,youcanaccessthecommandlineinterfaceusinganSSHconnection.
ToestablishanSSHconnectionwiththeswitch,runtheSSHclientonyourworkstation,useSSHastheprotocoltypeandtheswitchsIPaddressasthehostname.
YouwillthenbepromptedtoenterapasswordasexplainedinSwitchLoginLevelsonpage 62.
Switch(config)#[no]featuressh
Copyright Lenovo 2017 Chapter 2: Switch Administration 49
Using SSH with Server Key AuthenticationSSHcanalsobeusedforswitchauthenticationbasedonasymmetriccryptography.Serverencryptionkeyscanbegeneratedontheswitchandusedtoauthenticateincomingloginattemptsbasedontheclientsprivateencryptionkeypairs.Afterapredefinednumberoffailedserverkeyauthenticationattempts,aloginerrorwillappearandtheSSHsessionwillbedisconnected.
Tosetupserverkeyauthentication:
1. DisableSSH:
Note: SSHsettingscannotbemodifiedifSSHisenabled.
2. GenerateanSSHkey:
DSA:
RSA:
Note: YoucanalsoconfigurethelengthoftheRSAkeybyusingthefollowingcommand:
3. ConfigureamaximumnumberoffailedserverkeyauthenticationattemptsbeforetheSSHsessionwillbedisconnected:
Note: Thedefaultnumberoffailedattemptsis3.
4. ReenableSSH:
Oncetheserverkeyisconfiguredontheswitch,aclientcanuseSSHtologinfromasystemwheretheprivatekeypairissetup.
Switch(config)#nofeaturessh
Switch(config)#sshkeydsa[force]
Switch(config)#sshkeyrsa[force]
Switch(config)#sshkeyrsalength
Switch(config)#sshloginattempts
Switch(config)#featuressh
50 Application Guide for CNOS 10.6
Using Simple Network Management ProtocolCNOSprovidesSimpleNetworkManagementProtocol(SNMP)version1,2,and3supportforaccessthroughanynetworkmanagementsoftware,suchasSwitchCenterorLenovoXClarity.Note: TheSNMPreadfunctionisenabledbydefault.Forbestsecuritypractices,ifSNMPisnotneededforyournetwork,disablethisfunctionpriortoconnectingtheswitchtothenetwork.
ToaccesstheSNMPagentontheswitch,thereadandwritecommunitystringsontheSNMPmanagermustbeconfiguredtomatchthoseontheswitch.
Thereadandwritecommunitystringsontheswitchcanbeconfiguredusingthefollowingcommands:
readonlyaccesscommunitystring:
readwriteaccesscommunitystring:
TheSNMPmanagermustbeabletoreachanyoneoftheIPinterfacesontheswitch.
FortheSNMPmanagertoreceivetheSNMPv1trapssentoutbytheSNMPagentontheswitch,configurethetraphostontheswitchwiththefollowingcommand:
FormoreinformationonSNMPusageandconfiguration,seeChapter 30,SimpleNetworkManagementProtocol.
Switch(config)#snmpservercommunityro
Switch(config)#snmpservercommunityrw
Switch(config)#snmpserverhosttrapsversion1
Copyright Lenovo 2017 Chapter 2: Switch Administration 51
Zero Touch ProvisioningZeroTouchProvisioning(ZTP)enablesaswitchtoautomaticallyprovisionitselfusingtheresourcesavailableonthenetworkwithoutmanualintervention.WhenaswitchwithZTPenabledstartsup,itlocatesaDHCPserverwhichprovidestheswitchwithaninterfaceIPv4addressandagatewayIPv4address.TheswitchthenobtainstheIPaddressofaTFTPserverfromwhichitwilldownloadthenecessarybootfile.Thenextstepisfortheswitchtorunthebootfile.
Ontheswitch,ZTPwilltriggerwhenanyofthefollowingconditionsaremet:
aswitchbootswithnostartupconfiguration(onlythedefaultconfiguration)
thestartupconfigurationiserasedandtheswitchisreloaded
ZTPisforcedlyenabledfromtheCLINote: ZTPwillnotbetriggeredifitisforcedlydisabledfromtheCLI.
Duringthebootprocess,iftheswitchdoesnotfindastartupconfigurationandZTPisenabled,theswitchwillenterZTPmode.WhenforcedlyenabledfromtheCLI,theswitchentersZTPmoderegardlessofthepresenceofastartupconfiguration.TheswitchwillsearchforavailableDHCPserversandrequestthemtoacquireaninterfaceaddress,agatewayaddress,theTFTPserveraddress,andthebootfilename.
AftertheinformationfromtheDHCPserverisobtained,ZTPwilldownloadandrunthebootfile,andthenexecutetheZTPprocessaccordingtothebootfile.ZTPautomaticallyhandlestheprocessofupgradingtheswitchsoftwareimageandinstallingconfigurationfiles.
Notes:
Duringthebootprocess,apromptwillappearaskingifyouwanttoabortorcontinuetheZTPprocess.IfyouchoosetoexitZTP,theswitchwillcontinuewithitsnormalbootprocess,usingthedefaultconfigurationoranystartupconfiguration,ifoneispresentontheswitchandZTPwasforcedlyenabledfromtheCLI.
IfZTPwasforcedlyenabledandnoDHCPserverwasfoundduringtheZTPprocess,anypreviousIPv4addressmanuallyconfiguredofthemanagementinterfacewillberemoved.
IfZTPiscanceledduringitsexecution,theswitchexitsZTPmode.IfaninterfaceIPv4addresswasobtained,itwillnotbereleased.Ifanyfileswheredownloaded,theywillnotbedeleted.
ImportantZTPeventsareloggedbytheswitchandareavailablefordisplayfromaconsolesession.
52 Application Guide for CNOS 10.6
DHCP DiscoveryAfterenteringZTPmode,theswitchsendsaDHCPdiscovermessageonitsmanagementinterfacerequestingDHCPoffersfromtheDHCPserverspresentonthenetwork.ThereceivingDHCPserverreplieswithaDHCPoffermessage.
WhentheDHCPclientreceivestheDHCPoffermessage,itwillrequesttheDHCPservertosendthefollowinginformation:
aninterfaceIPv4address
agatewayIPv4address
theTFTPserverIPaddress(usingoption66)
thebootfilename(usingoption67)
TheswitchcompletestheDHCPnegotiationprocess(requestandacknowledgement)withtheDHCPserver,whichassignstheswitchanIPv4address.TheswitchthenusestheacquiredTFTPserverIPaddresstocontacttheTFTPserver.ThebootfilenamecontainsthecompletefilepathofthebootfileontheTFTPserver.Theswitchthendownloadsthebootfile.
IfnoDHCPserversreplytotheDHCPdiscovermessageorifnoDHCPoffermeetstheZTPrequirements,theswitchwillbeunabletocompletetheDHCPnegotiationandanIPv4addressisnotassigned(exceptthedefaultIPv4address192.168.50.50/24,butthiscannothelptheswitchfinalizetheZTPprocess).ZTPwilltrythreetimestosuccessfullyobtaintherequiredinformation.IfitfailstheDHCPnegotiationthreetimes,theswitchexitsZTPmodeandcontinuesthenormalbootprocess.
Notes:
TheinterfaceIPv4addressobtainedfromtheDHCPserveriskeptandusedevenaftertheZTPprocessover.
ZTPsupportsonlyDHCPv4andnotDHCPv6.
ZTPsupportsonlyTFTPandnotFTP,SCP,orothertransferprotocols.
DHCPserversmustbeconfiguredwithoptions66and67toensurethattheswitchalwaysobtainstheTFTPserverhostnameandthebootfilenameduringtheZTPprocess.
DHCPoptions66and67areenabledbydefaultontheswitch.Ifeitherofthemisintentionallydisabled,theZTPprocesswillresultinafailure.
DHCPoption66providestheIPaddressofasingleTFTPserver.ToenableordisableDHCPoption66,usethefollowingcommand:
DHCPoption67providesthefilepathofthebootfileneededbyZTP.ToenableordisableDHCPoption67,usethefollowingcommand:
Switch(config)#[no]ipdhcpclientrequesttftpservername
Switch(config)#[no]ipdhcpclientrequestbootfilename
Copyright Lenovo 2017 Chapter 2: Switch Administration 53
ZTP Boot FileThebootfileiswritteninYAMLformatandcontainsswitchmodels,andundereachswitchmodelareseveralfieldsthatinstructtheZTPprocesswhattodo.
Thebootfilemaycontainuptothreefieldsundereachswitchmodel:
img_namethisinstructsZTPtoupdatetheswitchsoftwareimagetothespecifiedimageversionandconfigureitasthestandbyimageontheswitch
configurationthisinstructsZTPtocopythespecifiedconfigurationfilefromtheTFTPserveranduseitasthestartupconfigurationfileontheswitch
scriptthisinstructsZTPtocopythescriptfileandexecuteitontheswitch
ZTPchecksthebootfilefortheswitchmodelandexecutetheappropriateactionsaccordingtothefieldsunderthecorrectswitchmodel.
ZTPsupportstheexecutionofPythonscripts.Ifthereisascriptfieldundertheswitchmodelinthebootfile,thefieldhasahigherprioritythantheothertwofields(img_nameandconfiguration)andZTPwillignorethem.ZTPdownloadsthePythonscriptfiletotheswitchandexecutesit.Thescriptcanalsocontaininstructionstodownloadandinstallaswitchsoftwareimageandaconfigurationfile.Note: ThePythonscriptfileisstoredinatemporaryfolderontheswitchanditwillbedeletedoncetheswitchreloads.
Followingisanexampleofabootfile:
Note: AftertheZTPprocessisover,theswitchwillbereloadedifthesoftwareimageorthestartupconfigurationareupdated.IfZTPexecutesaPythonscript,thereloadingoftheswitchisdecidedbythescriptinstead.
G8272:img_name:G827210.6.0.1.imgconfiguration:netboot_config_file_G8272script:netboot_G8272.py
G8296:img_name:G829610.6.0.1.imgconfiguration:netboot_config_file_G8296script:netboot_G8296.py
G8332:img_name:G833210.6.0.1.imgconfiguration:netboot_config_file_G8332script:netboot_G8332.py
54 Application Guide for CNOS 10.6
Forcedly Enabling or Disabling ZTPZTPcanbeforcedlyenabledontheswitchevenifthereisastartupconfigurationpresent.Itcanalsobeforcedlydisabledtonotexecuteevenifthereisnostartupconfiguration.
ZTPcanhaveoneofthefollowingstates:
Default
ForcedlyEnabled
ForcedlyDisabled
ToforcedlyenableZTPontheswitch,usethefollowingcommand:
ToforcedlydisableZTPontheswitch,usethefollowingcommand:
ToresettheZTPtoitsdefaultsetting,usethefollowingcommand:
ToviewthecurrentZTPstate,usethefollowingcommand:
ToviewtheZTPparametersobtainedaftertheZTPprocesshasexecuted,usethefollowingcommand:
Switch(config)#startupzerotouchforceenable
Switch(config)#startupzerotouchforcedisable
Switch(config)#nostartupzerotouchforce
Switch#displayboot
CurrentZTPState:EnableCurrentFLASHsoftware:activeimage:version10.6.0.1,downloaded18:39:47UTCWedSep162015standbyimage:version10.6.0.1,downloaded18:44:40UTCWedSep162015Uboot:version10.6.0.1,downloaded17:49:51UTCThuJul302015CurrentlysettobootsoftwareactiveimageCurrentlyscheduledreboottime:noneCurrentportmode:defaultmode
Switch#displayzerotouch
TFTPserver:10.122.3.69Image:G8xxx10.6.0.1.imgConfiguration:netboot_config_file_G8xxxScript:netboot_G8xxx.py
Copyright Lenovo 2017 Chapter 2: Switch Administration 55
DHCP IP Address ServicesForremoteswitchadministration,theclientterminaldevicemusthaveavalidIPaddressonthesamenetworkastheswitchinterface.TheIPaddressontheclientdevicemaybeconfiguredmanually,orobtainedautomaticallyusingIPv6statelessaddressconfiguration,oranIPaddressmaybeobtainedautomaticallyviaDHCPrelayasdiscussedinthenextsection.
TheswitchcanfunctionasarelayagentforDHCP.ThisallowsclientstobeassignedanIPaddressforafiniteleaseperiod,reassigningfreedaddresseslatertootherclients.Actingasarelayagent,theswitchcanforwardaclientsIPaddressrequesttouptofiveDHCPservers.Additionally,uptofivedomainspecificDHCPserverscanbeconfiguredforeachofupto10VLANs.
WhenaswitchreceivesaDHCPrequestfromaclientseekinganIPaddress,theswitchactsasaproxyfortheclient.TherequestisforwardedasaUDPunicastMAClayermessagetotheDHCPserversconfiguredfortheclientsVLANortotheglobalDHCPserversifnodomainspecificDHCPserversareconfiguredfortheclientsVLAN.TheserversrespondtotheswitchwithaunicastreplythatcontainstheIPdefaultgatewayandtheIPaddressfortheclient.Theswitchthenforwardsthisreplybacktotheclient.
DHCPisdescribedinRFC2131andtheDHCPrelayagentsupportedontheswitchisdescribedinRFC1542.DHCPusesUserDatagramProtocol(UDP)asitstransportprotocol.Theclientsendsmessagestotheserveronport67andreceivesmessagesfromtheserveronport68.
DHCP Client ConfigurationDHCPisenabledbydefaultonthemanagementinterfaceanddisabledonallotherinterfaces.YoucanenableDHCPonlyonamaximumof10interfaces,includingthemanagementinterface.
ToenableordisableDHCPonaninterface(forexampleethernetinterface1/12),usethefollowingcommand:
forDHCPv4:
forDHCPv6:
Notes:
DHCPcannotbeenabledonaninterfaceconfiguredasaswitchport,onlyonroutingports.
ManuallyconfiguringanIPaddressonaninterfacewilldisableDHCPforthatinterface.
Switch(config)#interfaceethernet1/12Switch(configif)#nobridgeportSwitch(configif)#ipaddressdhcp
Switch(config)#interfaceethernet1/12Switch(configif)#nobridgeportSwitch(configif)#ipv6addressdhcp
56 Application Guide for CNOS 10.6
DHCPv4 Hostname Configuration (Option 12)TheswitchsupportsDHCPv4hostnameconfigurationasdescribedinRFC2132,option12.DHCPv4hostnameconfigurationisdisabledbydefault.
Theswitchshostnamecanbemanuallyconfiguredusingthefollowingcommand:
Note: Ifthehostnameismanuallyconfigured,theswitchdoesnotreplaceitwiththehostnamereceivedfromtheDHCPv4server.
AfterDHCPconfiguresthehostnameontheswitch,iftheDHCPv4configurationisdisabled,theswitchretainsthehostname.
ToenableordisableDHCPhostnameconfiguration,usethefollowingcommandonaninterface(inthisexample,ethernetport1/12isused):
Toviewthesystemhostnameusethefollowingcommand:
Note: Theswitchpromptalsodisplaysthehostname.
DHCPv4 Syslog Server (Option 7)TheswitchsupportstherequestingoftheSyslogserverIPaddressfromtheDHCPserverasdescribedinRFC2132,option7.TheDHCPv4Syslogserverrequestoptionisdisabledbydefault.Note: ManuallyconfiguredSyslogserverstakepriorityovertheDHCPv4Syslogserver.
UptothreeSyslogserveraddressesreceivedfromtheDHCPv4servercanbeused.TheSyslogserveraddressescanbelearnedoverthemanagementportoranethernetport.
ToenableordisabletheDHCPSyslogserverrequest,usethefollowingcommandonaninterface(inthisexample,ethernetport1/12isused):
ToviewtheSyslogserveraddress,usethefollowingcommand:
Switch(config)#hostname
Switch(config)#interfaceethernet1/12Switch(configif)#[no]ipdhcpclientrequesthostname
Switch>displayhostname
Switch(config)#interfaceethernet1/12Switch(configif)#[no]ipdhcpclientrequestlogserver
Switch>displayloggingserver
Loggingserver:enabled{*2.2.2.1}Serverseverity:debuggingServerfacility:local7Servervrf:data*ValuesassignedbyDHCPClient.
Copyright Lenovo 2017 Chapter 2: Switch Administration 57
DHCPv4 NTP Server (Option 42)ThisoptionrequesttheDHCPservertoprovidealistofIPaddressesindicatingNetworkTimeProtocol(NTP)serversavailabletotheclient.TheNTPserversarelistedinorderofpreference.TheswitchsupportstherequestingofNTPserversasdescribedinRFC2132,option42.
Bydefault,theswitchdoesnotincludethisrequestinDHCPv4messages.Toenableordisablethisoptiononaninterface,usethefollowingcommand(inthisexample,ethernetport1/12isused):
Note: AnymanuallyconfiguredNTPserverwillnotbeoverwrittenbytheNTPserversreceivedviaDHCPv4.
ToviewthelistofNTPservers,usethefollowingcommand:
DHCPv4 Vendor Class Identifier (Option 60)ThisoptionisusedbyaDHCPclienttoidentifyitselftotheDHCPserver.ItisusedtodefinethevendortypeandfunctionalityoftheDHCPclient.TheDHCPclientcancommunicatetoaserverthatitusesaspecifictypeofhardwareorsoftwarebyspecifyingitsVendorClassIdentifier(VCI).
TheswitchsupportstheidentifyingofaTFTPserverasdescribedinRFC2132,option60.
EachswitchinterfacecanbeconfiguredwithadifferentVCI.
Bydefault,theswitchwillincludethisoptioninDHCPv4packets.ToenableordisabletheidentificationofTFTPserversusethefollowingcommand(inthisexample,ethernetport1/12isused):
Note: DependingontheLenovoRackSwitch,thedefaultVCIisdifferent. fortheLenovoRackSwitchG8272,thedefaultVCIisLENOVOG8272 fortheLenovoRackSwitchG8296,thedefaultVCIisLENOVOG8296 fortheLenovoRackSwitchG8332,thedefaultVCIisLENOVOG8332 fortheLenovoRackSwitchNE2572,thedefaultVCIisLENOVONE2572 fortheLenovoRackSwitchNE10032,thedefaultVCIisLENOVONE10032 fortheLenovoRackSwitchNE1032,thedefaultVCIisLENOVONE1032 fortheLenovoRackSwitchNE1032T,thedefaultVCIisLENOVONE1032T fortheLenovoRackSwitchNE1072T,thedefaultVCIisLENOVONE1072T
Switch(config)#interfaceethernet1/12Switch(configif)#[no]ipdhcpclientrequestntpserver
Switch>displayntppeers
Switch(config)#interfaceethernet1/12Switch(configif)#[no]ipdhcpclientclassid
58 Application Guide for CNOS 10.6
Top Related