Upload
others
View
154
Download
9
Embed Size (px)
Citation preview
HPE Mellanox Switch TrainingSuchart BoonpanMASE, CCNP, ACE-A, ACMP
July 2020
AGENDA• Introduction to HPE Mellanox switch (Hardware, Connectivity, and Basic Configuration)
• Access Web Management• Monitor status• Basic Troubleshooting
CONFIDENTIAL 2
Physical port and connection with Device
Confidential – For Training Purposes Only 3
4
CROSSLINKS (MLAG 10G, 40G, OR 100G)
HPE M‐Series SN2100M(16) 10/25/40/100Gb QSFP28 Ports
100GHPE M‐Series SN2010M(18) 10/25Gb SFP28 Ports
(4) 10/25/40/100Gb QSFP28 Ports
100G QSFP28 DAC
100G
100G
100G
100Gb QSFP28 Direct Attached Copper (DAC 1m)HPE X240 100G QSFP28 to QSFP28 1m Direct Attach Copper Cable (JL271A)
5
MANAGEMENT LINKS (1G)
Mgmt0Routed portIp: 10.18.0.228Vip: 10.18.0.229
Mgmt0Ip: 10.18.0.227Routed port
ILO Layer 2 switch
6
DOWNLINKS (COMPUTE AND STORAGE CONNECT)HPE M‐Series SN2010M
(18) 10/25Gb SFP28 Ports(4) 10/25/40/100Gb QSFP28 Ports
25G
25G
25G SFP+ DAC
25Gb SFP+ Direct Attached Copper (DAC .5m to 3m)HPE 25Gb SFP28 to SFP28 0.5m Direct Attach Copper Cable (844471-B21)
HPE 25Gb SFP28 to SFP28 1m Direct Attach Copper Cable (844474-B21)
HPE 25Gb SFP28 to SFP28 3m Direct Attach Copper Cable (844477-B21)
Server Node 01
Eth1/1 Eth1/1Mpo21Mpo21 switchport mode hybrid allowed-vlan 1421 + 51
7
DOWNLINKS (COMPUTE AND STORAGE CONNECT)HPE M‐Series SN2010M
(18) 10/25Gb SFP28 Ports(4) 10/25/40/100Gb QSFP28 Ports
25G
25G
25G SFP+ DAC
25Gb SFP+ Direct Attached Copper (DAC .5m to 3m)HPE 25Gb SFP28 to SFP28 0.5m Direct Attach Copper Cable (844471-B21)
HPE 25Gb SFP28 to SFP28 1m Direct Attach Copper Cable (844474-B21)
HPE 25Gb SFP28 to SFP28 3m Direct Attach Copper Cable (844477-B21)
Server Node 02
Eth1/2 Eth1/2Mpo22Mpo22 switchport mode hybrid allowed-vlan 1421 + 51
UPLINK AND REP
CONFIDENTIAL
Existing SN2010M 01
Existing SN2010M 02
Cisco Core Nexus 9k
Cisco Core Nexus 9k
Cisco Nexus 9k
Cisco Nexus 9kDWDM
Eth 1/15
Eth 1/15
Eth 1/16Eth 1/16
Eth 1/12/1
Eth 1/12/1
Uplink:Mpo 13switchport mode access vlan 1421
REP:Mpo 14switchport mode access vlan 51
LOGICAL NETWORK DIAGRAM
9
Link Aggregation
Data VLAN 300
ILO / MGMT
Core L3
SN2010M
iLO network
Mgmt0, 1G
iLO
Qumulo Servers
Mgmt0 SW1: 10.18.0.227 /24Mgmt0 SW2: 10.18.0.228 /24MLAG VIP: 10.18.0.229 /24
inter-peer link (IPL) Management Plane (Active/Standby)
SN2010MMgmt0, 1G
1/15-16Po1 Mpo21-25
1/1-5, 25G
Mpo131/13-14, 10G Mpo13
1/13-14, 10G
REP Access VLAN 51
Mpo14 1/12/1, 10G
ip route vrf default 0.0.0.0/0 10.18.0.1
REP
DATA Access VLAN 1241
Q&A
– Question ?
10
Mellanox Switch User Interfaces
Confidential – For Training Purposes Only 11
User Interfaces of the MLNX-OS®
1. Command Line Interface (CLI)
The CLI is accessed through: SSH, Telnet sessions, or directly via the console port on the front pane
2. Web Interface (web GUI)
The Web GUI is accessed through: HTTP or HTTPS
12
RS232 (Console) port
1. The port labeled “Console” is an RS232 serial port
2. Symbol:
3. SN700 and SN2410 is on the back side
4. SN2740 and SN100 on the front side
13
Connection with via Console port
– The serial console is a useful tool for debugging issues, especially when you find yourself rebooting the switch often or if you do not have a reliable network connection.
14
User name and password
3. Log in with default credentials.– User name: admin– Password: admin
Confidential – For Training Purposes Only 15
login as: admin
Mellanox MLNX-OS Switch Management
Using keyboard-interactive authentication.Password:admin
Connection with MLNX-OS
Access the MLNX-OS WebUI via HTTP/HTTPS
16
Network
Mellanox Switch
PC
Connection with MLNX-OS
3. Access the MLNX-OS CLI via SSH
17
Network
Mellanox Switch
PC
CLI configuration modes—Standard and enable
Standard– Identified by the CLI prompt >.– Most restrictive mode.– Includes commands that query only a restricted set of state information.– Users cannot take any actions that directly affect the system—like rebooting the switch, or changing the
configuration.– Use the enable command to move from standard mode to enable mode.
Enable– Identified by the CLI prompt #.– Offers commands to view all state information, and take actions like rebooting the system.– Does not allow you to change any configurations.
– Use the disable command to move from enable mode to standard mode.
Confidential – For Training Purposes Only 18
switchA [standalone: master] > enable
switchA [standalone: master] # disable
Global configuration mode—Config
Config
– Identified by CLI prompt (config)#.
– Allowed only for user accounts in the “admin” role.
– Has a full, unrestricted set of commands to view anything, take any action, and change any configuration.– Use the configure terminal command to move from enable mode to config mode.
– Use ‘exit’ command to move from config mode to enable mode.
Confidential – For Training Purposes Only 19
g1switchA [standalone: master] # configure terminalg1switchA [standalone: master] (config) #
g1switchA [standalone: master] (config) # exitg1switchA [standalone: master] #
CLI commands autocomplete
– Use [Tab] to auto-complete commands.c [Tab] - displays all commands that start with ‘c.’
– co [Tab] - autocompletes to ‘configure.’
– Unique prefix of a command can be used, instead of the full command.Example: ‘co t’ can be used instead of ‘configure terminal.’
Confidential – For Training Purposes Only 20
switchA [standalone: master] # cclear cli configure crypto
switchA [standalone: master] # co tswitchA [standalone: master] (config) #
Saving the configuration
– Save running-config into active-config.
Or
Confidential – For Training Purposes Only 21
switchA [standalone: master] (config) # configuration writeswitchA [standalone: master] (config) # show configuration filesinitial (active)initial.bak
Active configuration: initialUnsaved changes: no
switchA [standalone: master] (config) # write memory
Mellanox Switch Image (Operating System)
Confidential – For Training Purposes Only 22
MLNX-OS images
– Two images are stored in the flash memory: Partition 1 and Partition 2.
– By default, the image from Partition 1 is loaded at reboot.
– Mellanox Operating system = ONYX = MLNX-OS (same thing)
Confidential – For Training Purposes Only 23
switchA [standalone: master] (config interface mgmt1) # show images
Installed images:Partition 1:
version: X86_64 3.8.2204 2019-12-29 16:11:11 x86_64
Partition 2:version: X86_64 3.7.1134 2019-01-24 13:38:57 x86_64
Last boot partition: 1Next boot partition: 1
Q&A
– Question ?
24
Steps to access the Mellanox web interface
Confidential – For Training Purposes Only 25
Step 1: verify the existence of the mgmt0 interface’s IP address
– Access to the switch via Serial Console or SSH then issue command: show interfaces mgmt0
Confidential – For Training Purposes Only 26
Step 2/1: http or https://mgmt0_ip
. Access the MLNX-OS WebUI via the existing network environment.
27
Network
Mellanox Switch
PC
Step 2/2: http or https://mgmt0_ip
Access the MLNX-OS WebUI directly to mgmt0 port.
1. Connect a UTP cable to the the RJ45 Ethernet ports labeled
2. Open a web browser to http or https://mgmt0_ip_address
3. User: admin, password admin
Confidential – For Training Purposes Only 28
Supported web browsers
1. Firefox 12 or higher
2. Chrome 18 or higher
3. IE 8 or higher
4. Safari 5 or higher
5. Screen resolution is set to 1024*768 or higher
Confidential – For Training Purposes Only 29
About Web UI
Confidential – For Training Purposes Only 30
Setup Menu: Interfaces
Confidential – For Training Purposes Only 31
– Obtains the status of, configures, or disables interfaces to the fabric.
– Set or clear the IP address and netmask of an interface;
– Enable DHCP to dynamically assign the IP address and netmask;
– Set interface attributes such as MTU, speed, duplex, etc.
Setup Menu: Routing
Confidential – For Training Purposes Only 32
– Configures the default gateway, the static or dynamic routes.
– Removes the default gateway, the static or dynamic routes.
– Displays the default gateway, the static or dynamic routes.
Setup Menu: Hostname
Confidential – For Training Purposes Only 33
– Configures or modifies the hostname
– Configures or deletes static hosts
Setup Menu: DNS
Confidential – For Training Purposes Only 34
– Configures, removes, modifies or displays static and dynamic name servers.
Setup Menu: SNMP
Confidential – For Training Purposes Only 35
– Configures SNMP attributes, SNMP admin user, and trap.
Setup Menu: Email Alerts
Confidential – For Training Purposes Only 36
– Configures the destination of email alerts and the recipients to be notified.
Setup Menu: Logging
Confidential – For Training Purposes Only 37
– Sets up system log files, remote log sinks, and log formats.
Setup Menu: Configurations
Confidential – For Training Purposes Only 38
– Manages OS configuration files.
– Activates OS configuration files.
– Saves OS configuration files.
– imports OS configuration files.
– executes CLI commands.
Setup Menu: Date and Time
Confidential – For Training Purposes Only 39
– Configures the date, time, and time zone of the switch system
Setup Menu: NTP
Confidential – For Training Purposes Only 40
– Configures NTP (Network Time Protocol) and NTP servers
Setup Menu: Licensing
Confidential – For Training Purposes Only 41
– Manages OS licenses
System Menu: Modules
Confidential – For Training Purposes Only 42
– Displays a graphic illustration of the system modules.
– By moving the mouse over the ports in the front view, a pop-up caption is displayed to indicate the status of the port.
– The port state (active/down) is differentiated by a color scheme (green for active, gray/black for down).
System Menu: Inventory
Confidential – For Training Purposes Only 43
– Displays a table with the following information about the system modules:
– Module name.
– Module type.
– Serial number.
– Ordering part number.
– ASIC firmware version.
System Menu: Power Management
Confidential – For Training Purposes Only 44
– Displays a table with the following information about the system power supplies:
– Power supply name,
– Voltage level,
– Current consumption, and status.
– A total power summary table is also displayed providing the power used, the power capacity, and the power available.
System Menu: OS Upgrade
Confidential – For Training Purposes Only 45
– Displays the installed OS images (and the active partition)
– Uploads a new image.
– Installs a new image.
System Menu: Reboot
Confidential – For Training Purposes Only 46
– Reboots the system. Make sure that you save your configuration prior to clicking reboot.
Security Menu: Users
Confidential – For Training Purposes Only 47
– Manages (setting up, removing, modifying) user accounts.
Security Menu: Admin Password
Confidential – For Training Purposes Only 48
– Modifies the system administrator password
Security Menu: SSH
Confidential – For Training Purposes Only 49
– Displays and generate host keys.
Security Menu: AAA
Confidential – For Training Purposes Only 50
– Configures AAA (Authentication, Authorization, and Accounting) security services such as authentication methods and authorization
Security Menu: RADIUS
Confidential – For Training Purposes Only 51
– Manages Radius client
Security Menu: TACACS+
Confidential – For Training Purposes Only 52
– Manages TACACS+ client
Ports Menu
Confidential – For Training Purposes Only 53
– The Ports menu displays the port state and enables some configuration attributes of a selected port.
– Modification of the port configuration.
– A graphical display of traffic over time (last hour or last day) through the port.
Ports Menu: Ports
Confidential – For Training Purposes Only 54
– Manages port attributes, counters.
– Transceiver info.
– Displays a graphical counters histogram.
Ports Menu: Monitor Session
Confidential – For Training Purposes Only 55
– Displays monitor session summary and enables configuration of a selected session.
Ports Menu: Protocol Type
Confidential – For Training Purposes Only 56
– Manages the link protocol type.
Status Menu: Summary
Confidential – For Training Purposes Only 57
– Displays general information about the switch system and the OS image, including;
– Current date and time.
– Hostname.
– Uptime of system.
– System memory.
– CPU load averages.
– etc.
Status Menu: What Just Happened
Confidential – For Training Purposes Only 58
– Displays and configures What Just Happened packet drop reasons.
Status Menu: Temperature
Confidential – For Training Purposes Only 59
– Provides a graphical display of the switch module sensors’ temperature levels over time (1 hour).
Status Menu: Power Supplies
Confidential – For Training Purposes Only 60
– Provides a graphical display of one of the switch’s power supplies voltage level over time (1 hour)
Status Menu: Fans
Confidential – For Training Purposes Only 61
– Provides a graphical display of fan speeds over time (1 hour). The display is per fan unit within a fan module.
Status Menu: CPU Load
Confidential – For Training Purposes Only 62
– Provides a graphical display of the management CPU load over time (1 hour)
Status Menu: Memory
Confidential – For Training Purposes Only 63
– Provides a graphical display of memory utilization over time (1 day)
Status Menu: Network
Confidential – For Training Purposes Only 64
– Provides a graphical display of network usage (transmitted and received packets) over time (1 day).
– It also provides per interface statistics.
Status Menu: Logs
Confidential – For Training Purposes Only 65
– Displays the system log messages.
– It is possible to display either the currently saved system log or a continuous system log.
Status Menu: Alerts
Confidential – For Training Purposes Only 66
– Displays a list of the recent health alerts and enables the user to configure health settings.
LED Notifications
Confidential – For Training Purposes Only 67
The system’s LEDs
The system’s LEDs are an important tool for hardware event notification and troubleshooting.
Confidential – For Training Purposes Only 68
The system’s LEDs
The system’s LEDs are an important tool for hardware event notification and troubleshooting.
Confidential – For Training Purposes Only 69
System Status LED
Confidential – For Training Purposes Only 70
System Status LED Assignments
Confidential – For Training Purposes Only 71
Fan Status LED
Confidential – For Training Purposes Only 72
Fan Status Front LED Assignments
Confidential – For Training Purposes Only 73
Fan Status Rear LED Assignments (One LED per Fan)
Confidential – For Training Purposes Only 74
Power Supply Status LEDs
Confidential – For Training Purposes Only 75
Power Supply Unit Status Front LED Assignments for SN2100/SN2010
Confidential – For Training Purposes Only 76
Power Supply Unit Status Rear LED Assignments
Confidential – For Training Purposes Only 77
Port LEDs
Confidential – For Training Purposes Only 78
– Port LEDs
Inventory Information
Confidential – For Training Purposes Only 79
SN2100 Pull-out Tab
Confidential – For Training Purposes Only 80
Question ?
Confidential – For Training Purposes Only 81
Monitor mlag-port-channel
Confidential – For Training Purposes Only 82
MLAG – Multi Chassis LAG overview.
– Physical ports of two separate switches are aggregated in one logical port.
– MLAG switches appear as a single Layer 2 switch.
– A peering device (host or switch) runs a standard LAG, and is not aware of the fact that its LAG is connected to two separate switches.
– MLAG provides:
– High bandwidth and load-balancing
– High availability in case of a link failure
– High availability in case of a switch failure or a switch software upgrade
Layer 3 Network
LAG
MLAG
IPL
Qumulo 1
switchA switchB
Layer 3 Network
Verify MLAG VIP Configuration
switchA [MLAG‐ACAD: master] (config) # show mlag‐vipMLAG VIP========MLAG group name: MLAG‐G1MLAG VIP address: 10.25.19.13/16Active nodes: 2
Hostname VIP‐State IP Address‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐switchA master 10.25.19.11switchB standby 10.25.19.12
Cluster master/ standby
switchA [MLAG‐G1: master] (config) # show mlagAdmin status: EnabledOperational status: UpReload‐delay: 30 secKeepalive‐interval: 1 secUpgrade‐timeout: 60 minSystem‐mac: 00:00:5E:00:01:57
MLAG Ports Configuration Summary:Configured: 1Disabled: 0Enabled: 1
MLAG Ports Status Summary:Inactive: 0Active‐partial: 0Active‐full: 1
MLAG IPLs Summary:ID Group Vlan Operational Local Peer
Port‐Channel Interface State IP address IP address‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐1 Po1 34 Up 172.16.34.253 172.16.34.254
MLAG Members Summary:System‐id State Hostname‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐00:02:C9:A8:E2:D8 Up <g1switchA>00:02:C9:83:84:48 Up g1switchB
Verify MLAG Configuration
Switch g1switchA ‐ MLAG master
MLAG virtual MAC
Switch g1switchB ‐ MLAG Standby
– Physical ports flags:– Down - port is down– Up – ports is up
– ‘mlag-port-channel’ flags:– Partial Up – local or remote are down – Up – both local and remote are up– Down – ‘admin’ state is disabled
Verify mlag-port-channel Configuration
switchA [MLAG‐G1: master] (config) # show interfaces mlag‐port‐channel summaryMLAG Port‐Channel Flags: D‐Down, U‐Up
P‐Partial UP, S ‐ suspended by MLAGPort Flags: D ‐ Down, P ‐ Up in port‐channel (members)
S ‐ Suspend in port‐channel (members), I ‐ Individual
GroupPort‐Channel Type Local Ports Peer Ports(D/U/P/S) (D/P/S/I) (D/P/S/I)‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐1 Mpo16(U) LACP Eth1/16(P) Eth1/16(P)
IMPORTANT: Please take note, links will be Down until the Qumulo node adapter ports are set to support LACP
Q&A
– Question ?
87
Monitor Spanning-Tree status
Confidential – For Training Purposes Only 88
Ethernet layer 2 loops
– Layer 2 redundant links are required to provide a backup path in case of link or switch failure.
– Redundant links result in layer 2 loops—There are multiple paths between a pair of nodes.
– Layer 2 loops cause “broadcast storms.”– When an Ethernet broadcast frame is sent in the network, it
endlessly circulates in a loop consuming all available bandwidth.
– Broadcast storms deny bandwidth for normal network traffic.
Confidential – For Training Purposes Only 89
Spanning Tree Protocol (STP)
– Spanning Tree Protocol (STP) is an IEEE 802.1D standard.
– STP ensures a loop-free topology for Ethernet networks.
– STP allows a network design to include redundant links and to provide automatic backup paths, if an active link fails.
– STP identifies redundant links and puts redundant ports in blocking state.
– When a topology change occurs, STP reacts and moves blocked ports to the forwarding state.
– Convergence time is 30 to 50 seconds.
Confidential – For Training Purposes Only 90
X X
Multiple spanning tree (MST)
91
- MST maps multiple VLANs to an instance, reducing the number of spanning-tree instances.
- MST and PVST+ are compatible
- Backwards compatible with RSTP and STP- It is the IEEE standard protocol (802.1s)
Rapid spanning tree (RSTP)
92
- The Rapid Spanning Tree Protocol recovers (converges to a new spanning tree) more quickly than STP
- It is backwards-compatible with MST and STP.- It is the IEEE standard protocol (802.1w)
Rapid per-VLAN spanning tree (RPVST)
93
- Cisco proprietary version of Rapid Spanning Tree Protocol (802.1w)
- It creates a spanning tree for each VLAN, just like PVST.- Rapid-PVST is backward compatible with standard Per-VLAN Spanning Tree (PVST/802.1d)
Verify spanning-tree status
94
- show logging
- show log
- show spanning-tree
- show spanning-tree detail
- show spanning-tree interface
- show spanning-tree root- show spanning-tree topo-change-history
Q&A
– Question ?
95
Link Layer Discovery Protocol (LLDP) Configuration
Confidential – For Training Purposes Only 96
Link Layer Discovery Protocol (LLDP) overview
– Link Layer Discovery Protocol (LLDP) is a vendor-neutral protocol defined in IEEE 802.1AB.
– LLDP is used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 LAN.
– LLDP can be used to discover and verify Ethernet network topology.
– LLDP is by default globally disabled.
– LLDP frames are sent every 30 seconds by all LLDP enabled interfaces.
Confidential – For Training Purposes Only 97
Eth1/1
switchA switchB
Show local LLDP information – Show local LLDP information.
– Show interface LLDP information.
Confidential – For Training Purposes Only 98
switchA [MLAG-G1: master] (config) # show lldp localLLDP: enabled
Local global configurationChassis sub type: Mac AddressChassis id: b8:59:9f:70:d6:00System Name: g1switchASystem Description: SN2010M,Onyx,SWv3.8.2204Supported capabilities: B,RSupported capabilities enabled: B
switchA [MLAG-G1: master] (config) # show lldp interfaces ethernet 1/19TLV flags
PD: port-descriptionSN: sys-nameSD: sys-descriptionSC: sys-capabilitiesMA: management-addressETS-C: ETS-Configuration
Interface Receive Transmit TLVs-----------------------------------------------------------------------------------Eth1/19 Enabled Enabled PD, SN, SD, SC, MA, PFC, AP, ETS-C, ETS-R
Eth1/19
switchA switchB
View Cable/Transceiver – Show local Transceivers information.
Confidential – For Training Purposes Only 99
switchA [MLAG-G1: master] (config) # show interfaces ethernet 1/19 transceiverPort 1/19 state
identifier : QSFP28cable/module type : Passive copper cableethernet speed and type: 100GBASE-CR4vendor : Mellanoxcable length : 1mpart number : 845404-B21revision : A1serial number : 6C2749003C
Eth1/19
switchA switchB
Simple Network Management Protocol (SNMP)
Confidential – For Training Purposes Only 100
What Is SNMP?
101
SNMP is a simple set of operations that gives administrators the ability to change the state of some SNMPbased device, for example;
- Shut down a router interface.
- Check the speed at which the interface is operating.
- Monitor the temperature of network devices and warn when it is too high.
SNMP can be used to manage many types of devices, for example;
- Router, Switch
- Unix systems
- Windows systems
- Software i.e. web servers, database.
- Printers, modem racks, power supplies, and more.
Mellanox switch supports:
102
• SNMP versions v1, v2c and v3
• SNMP trap notifications
• Standard MIBs
• Mellanox private MIBs
SNMP Managers and Agents
103
- A manager is a server running some kind of software system that can handle management tasks for a network.
- Managers are often referred to as Network Management Stations (NMSs), e.g., PRGT, NAGIOS, etc
- NMS is responsible for polling and receiving traps from agents.
- A poll is the act of querying an agent (router, switch, Unix server, etc.) for some piece of information.
- A trap is a way for the agent to tell the NMS that something has happened. (e.g., when your T1 circuit to the Internet goes down, your router can send a trap to your NMS.)
SNMP Managers and Agents
104
- SNMP uses the User Datagram Protocol
(UDP) as the transport protocol for passing
data between managers and agents.
- SNMP uses UDP port 161 for sending
and receiving requests.
- SNMP uses port 162 for receiving traps
from managed devices.
Management Information Base (MIB)
105
- MIB can be thought of as a database of managed objects.
- Any sort of status or statistical information that can be accessed by the NMS is defined in a MIB.
- All agents implement a particular MIB called MIB-II* (RFC 1213).
- MIB-II defines variables for things such as interface statistics (interface speeds, MTU, octets* sent, octets received, etc.) as well as various other things pertaining to the system itself (system location, system contact, etc.).
- The main goal of MIB-II is to provide general TCP/IP management information.
- Vendors, and individuals, are allowed to define MIB variables for their own use, e.g., when the agent may have some significant new features that are worth monitoring but are not covered by any standard MIB.
- You need to load only those MIBs supported by the agents from which you’re requesting queries (e.g., snmpget, snmpwalk).
Configuring SNMP
106
Activate the SNMP server on your switch by running:
Configuring SNMP Notifications (Traps or Informs)
107
1. Make sure SNMP and SNMP notification are enable. Run:
Configuring SNMP Notifications (Traps or Informs)
108
2. Configure SNMP host with the desired arguments (IP Address, SNMP version, authentication methods). More than one host can be configured. Each host may have different attributes. Run:
Configuring SNMP Notifications (Traps or Informs)
109
3. Verify the SNMP host configuration. Run:
Configuring SNMP Notifications (Traps or Informs)
110
4. Configure the desired event to be sent via SNMP. Run:
Configuring SNMP Notifications (Traps or Informs)
111
5. Verify the list of traps and informs being sent to out of the system. Run:
SNMP SET Operations
112
– The OS allows the user to use SET operations via SNMP interface.
– This is needed to configure a user/community supporting SET operations.
SNMP SET Operations: Enabling SNMP SET
113
1. Enable SNMP communities. Run:
SNMP SET Operations: Enabling SNMP SET
114
2. Configure a read-write community. Run:
SNMP SET Operations: Enabling SNMP SET
115
3. Make sure SNMP communities are enabled (they are enabled by default). Make sure “(DISABLED)” does not appear beside “Read-only communities” / “Read-write communities”. Run:
SNMP SET Operations: Enabling SNMP SET
116
To allow SNMP SET operations using SNMPv3:
1. Create an SNMPv3 user. Run:
SNMP SET Operations: Enabling SNMP SET
117
2. Make sure the username is enabled for SET access and has admin capability level. Run:
SNMP MIBs on Mellanox switches
118
1. Make sure that you have a MIB browser installed. Such as iReasoning MIB Browser.
2. Get the Mellanox Onyx private MIB files the MyMellanox portal (https://support.mellanox.com/s/)
3. Make sure you have L3 connectivity (ping, ssh) to the specific switch.
SNMP Get Examples
119
Get Switch Model and Software VersionUse the sysDescr OID (RFC1213-MIB) to get the switch's basic parameters such as switch model and software version.
SNMP Get Examples
120
Get Switch Inventory1. Make sure that the standard ENTITY-MIB is loaded to the MIB browser (File->Load MIBs).
2. Open the entPhysicalTable
SNMP Get Examples
121
Get the Fan and Temperature Sensors, Operational Status, and Speed1. Make sure that the standard ENTITY-SENSOR-MIB is loaded to the MIB browser (File->Load MIBs).
2. Get the entPhySensorTable:
SNMP Get Examples
122
For all other supported MIB options, refer to Mellanox Onyx user manual.Download Mellanox Onyx user manual from;
1. login to the switch webGUI, and click on top right side the Product Documentation.
2. Click on the User Manual Tab to open the User Manual.
Logging Configuration
Confidential – For Training Purposes Only 123
Logging Monitor
124
To print logging events to the terminal, set the modules or events you wish to print to the terminal. For
example, run:
– switch (config) # logging monitor events notice
– switch (config) # logging monitor sx-sdk warning
These commands print system events in severity “notice”, and “sx-sdk” module notifications in severity
“warning” to the screen. For example, in case of interface-down event, the following gets printed to the screen:
– switch (config) #
– Wed Jul 10 11:30:42 2013: Interface IB1/17 changed state to DOWN
– Wed Jul 10 11:30:43 2013: Interface IB1/18 changed state to DOWN
To see a list of the events, refer to “Supported Event Notifications and MIB Mapping” section on the "user manaul guide"
Remote Logging
125
To configure remote syslog to send syslog messages to a remote syslog server:1. Set remote syslog server. Run:
switch (config) # logging <IP address/hostname>
2. (Optional) Set the destination port of the remote host. Run:
switch (config) # logging <IP address/hostname> port <port>
3. Set the minimum severity of the log level to info. Run:
switch (config) # logging <IP address/hostname> trap info
Q&A
– Question ?
126
Basic Troubleshooting
Confidential – For Training Purposes Only 127
Troubleshooting Instructions
128
What happens if the IPL link goes down?
129
Link Aggregation
Data VLAN 300
ILO
Cisco core L3 #1, #2
SN2410M
Cisco MGMG switch
VLAN 400
mgmt0
iLO
Qumulo
Servers 1-6
MAGP 1:Interface vlan: 300Admin state : EnabledState : MasterVirtual IP : 10.0.1.254Virtual MAC : 00:00:5E:00:01:01
MAGP 2:Interface vlan: 400Admin state : EnabledState : MasterVirtual IP : 10.0.102.1Virtual MAC : 00:00:5E:00:01:02 10.0.99.61 ‐ 63 /24
inter-peer link (IPL) Management Plane (Active/Standby)
SN2410Mmgmt0
1. Split-brain2. Only the master switch will pass traffic.
What happens if no IP communication between the MGMT ports
130
Link Aggregation
Data VLAN 300
ILO
Cisco core L3 #1, #2
SN2410M
Cisco MGMG switch
VLAN 400
mgmt0
iLO
Qumulo
Servers 1-6
MAGP 1:Interface vlan: 300Admin state : EnabledState : MasterVirtual IP : 10.0.1.254Virtual MAC : 00:00:5E:00:01:01
MAGP 2:Interface vlan: 400Admin state : EnabledState : MasterVirtual IP : 10.0.102.1Virtual MAC : 00:00:5E:00:01:02 10.0.99.61 ‐ 63 /24
Management Plane (Active/Standby)
SN2410Mmgmt0
1. CLI prompt is displayed: [:unknown]#2. It Split-brain when IPL down
Verify interface MLAG port channel
131
Link Aggregation
Data VLAN 300
ILO
Cisco core L3 #1, #2
SN2410M
Cisco MGMG switch
VLAN 400
mgmt0
iLO
Qumulo
Servers 1-6
10.0.99.61 ‐ 63 /24
SN2410Mmgmt0
#show interface mlag-port-channel sum
mlag-port-channel
Listed of useful command
– show licensesweb auto-logoutweb cache-enableweb enableweb httpweb httpsConfiguring Management Interfaces with Static IP Addressesshow interface briefshow interface configured
– show hostsshow ip/ipv6 routeshow ipv6 default-gatewayshow ip arpshow ip dhcpshow clockshow ntpshow bootvarshow imagesshow running-configlogging monitor events noticelogging monitor sx-sdk warning
132
Listed of useful command
– logging <IP address/hostname>logging <IP address/hostname> port <port>
show loggingshow logshow interfaces ethernet [<interface>] link-diagnosticsshow interfaces ethernet signal-degradesnmpshow emailshow usernamesshow usersshow whoamishow aaashow radiusshow tacacsshow stats alarmshow stats cpu
133
Listed of useful command
– show fanshow power consumersshow health-reportshow inventoryshow ledsshow memoryshow moduleshow powershow power consumersshow resourcesshow system capabilitiesshow system macshow temperatureshow versionshow voltageshow chassis hashow snmpshow interfaces ethernet 1/60 transceivershow interfaces status
134
Listed of useful command
– show interfaces ethernetshow interfaces countersshow interfaces ethernet descriptionshow interfaces ethernet ratesshow interfaces ethernet statusshow interfaces ethernet transceivershow lacp interfaces ethernetshow lacp interfaces neighborshow lacpshow lacp interfaces system-identifiershow interfaces port-channelshow interfaces port-channel load-balanceshow interfaces port-channel summaryshow mlag
135
Listed of useful command
– show mlag-vipshow interfaces mlag-port-channelshow interfaces mlag-port-channel summaryshow interface switchportshow mac-address-tableshow mac-address-table interfaceshow mac-address-table summaryshow spanning-treeshow spanning-tree detailshow spanning-tree interfaceshow spanning-tree rootShow spanning-tree mst topo-change-historyshow spanning-tree topo-change-history
136
Thank [email protected]