Module 01 (Startup)

Slide *Student Objectives Upon completion of this module, you will be able to: Login to the switch.Interpret the system prompt.Assign a name to the switch.Use the syntax help function.Create a new user account.Describe the SNMP, SNTP, and logging management features.

Slide *Initial Switch ConfigurationConnect to the console port. DB-9, DTE, 9600, N, 8, 1, XON/XOFFA new switch boots and prompts for: Telnet enabled or disabledSNMP enabled or disabledAll data ports enabled or disabledFailsafe account and password changeFailsafe access on management portConsoleSwitch

Slide *CLI AccessTelnet ConnectionDedicated Ethernet management port or Ethernet data port: - Up to 8 Sessions - IP must be configured - Nested Telnet - SSH (requires additional s/w module)Console Port Connection - DB-9 serial cable - 9600, 8, N, 1, X

Slide *CLI Organization

# PROMPTFirst-tier CommandsclearconfigurecreatedeletedisabledownloadenableexithistorylogoutnslookuppingquitrebootrestartrtlookupshowtracerouteuploaduseSecond-tier CommandsaccountsconfigurationripvlanprotocollogstpdswitchqosfileipstatsfdbiparpmemorymanagementiparpiprouteportsversionsessionThird-tier Commandsconfigurationstatscollisionserrorspacketutilizationport number

Slide *Syntax HelperUsing the tab key displays the next set of command options.Using the question mark (?) at the end of the command displays the next set of command options.VLAB-R1-X450-24x.2 # show access-list access-list info accounts show accounts bandwidth Bandwidth resource banner Netlogin Banner bgp Display BGP global configuration information bootprelay Show the bootp relay information cfm Configure IEEE 802.1ag specific settings checkpoint-data Checkpoint Data clear-flow CLEAR-Flow configuration System configuration cpu-monitoring CPU Utilization Statistics debug debug commandVLAB-R1-X450-24x.2 # show ports ? anomaly anomaly statistics collisions Displays collision statistics configuration Display the port configuration information Displays port information packet histogram of packet statistics qosmonitor QOS redundant Display all software redundant ports on the system rxerrors receive error statistics sharing sharing stack-ports Stacking Ports statistics Port statistics txerrors Displays transmit error statistics

Slide *Abbreviated SyntaxAbbreviation of a command, parameter, or value:# show ipconfig# sh ipcEntering port valuesSeparated by commas, (1,2,4)Specify a range (1-9)Specify all ports (all)lVLAB-R1-X450-24x.2 # sh ipc Use Redirects : Disabled IpOption LSRR : Enabled IpOption SSRR : Enabled IpOption RR : Enabled IpOption TS : Enabled IpOption RA : Enabled Route Sharing : Disabled Originated Packets : Don't require ipforwarding IP Fwding into LSP : DisabledUnicast Reverse Path : Disabled Max Shared Gateways : Current: 4 Configured: 4

IRDP: Advertisement Address: 255.255.255.255 Maximum Interval: 600 Minimum Interval: 450 Lifetime: 1800 Preference: 0

VLAN IP Address Flags nSIADefault 10.1.0.1 /24 E-----MPuRX------- 0

Flags: (A) Address Mask Reply Enabled (B) BOOTP Enabled (b) Broadcast Forwarding Enabled, (E) Interface Enabled (f) Forwarding Enabled (g) Ignore IP Broadcast Enabled (h) Directed Broadcast Forwarding by Hardware EnabledPress to continue or to quit:

Slide *CLI Command - HistoryDisplays all commands enteredStored in the command history bufferContent of buffer is displayed by entering the history commandhistoryUse and arrow keys to scroll within the command history bufferVLAB-R1-X450-24x.7 # history 1 show 2 sh ipc 3 history 4 create vlan ipV6 5 create vlan Finance 6 save 7 historyVLAB-R1-X450-24x.8 ## history

Slide *Unique Name IdentifiersNames are used as reference keys within the command set.Unique name identifiers are used for naming VLANs, Spanning Tree protocol domains, etc.

BlueGreenFinanceMarketing

Slide *Switch Login(pending-AAA) login:Authentication Service (AAA) on the master node is now available for login.login: adminpassword:

ExtremeXOSCopyright (C) 2000-2007 Extreme Networks. All rights reserved.Protected by US Patent Nos: 6,678,248; 6,104,700; 6,766,482; 6,618,388; 6,034,957; 6,859,438; 6,912,592; 6,954,436; 6,977,891; 6,980,550; 6,981,174; 7,003,705; 7,017,082; 7,046,665; 7,126,923; 7,142,509; 7,149,217; 7,152,124; 7,154,861; 7,245,619; 7,245,629; 7,269,135.==================================================================Press the or '?' key at any time for completions.Remember to save your configuration changes.

VLAB-R1-X450-24x.1 #Two access levels:User / AdministratorMay login after AAA initializationUp to 16 accountsPasswords:Blank4 to 12 charactersCase sensitiveYou can create two admin accounts, and they are identical in their capabilities.Fail Safe account Used for recoveryIf password is lost, return switch to Extreme NetworksMay use to login before AAA initialization

Slide ** X450a-24t.6 #CLI - Command PromptThe command prompt tells us four things:Unsaved configuration changesSwitch nameNumber of commands executed during this sessionPrivilege levelNew change to switch configuration not savedSwitch SNMP SysnameNumber of next command to be executedPrivilege Level

Slide *Management AccountsUser account can: View anything except: Switch configuration Switch management User accounts SNMP community strings Use PING Change own passwordPrompt type: X450a-24t >Administration account can: View and change anything Add/Remove users Change user passwords Disconnect Telnet sessionsPrompt type: X450a-24t ## show session {{detail} {}} {history} # clear session [ | all]

Slide *For security, always configure a password on the default admin account.Creating User AccountsDisplay user account information with:show accountOnly admin-level users can create or delete accounts.Default accounts have no passwords.configure account 1 to 32 characterscase-sensitiveThe default admin account cannot be deleted.You may create password policies.VLAB-R1-X450-24x.4 # show accounts User Name Access LoginOK Failed-------------------------------- ------ ------- ------ admin R/W 20 0 user RO 0 0 test R/W 3 7VLAB-R1-X450-24x.4 # configure account testpassword:Reenter password:* VLAB-R1-X450-24x.5 # saveThe configuration file primary.cfg already exists.Do you want to save configuration to primary.cfg and overwrite it? (y/N) YesSaving configuration on master ....... done!Configuration saved to primary.cfg successfully.VLAB-R1-X450-24x.6 # delete account test* VLAB-R1-X450-24x.7 # saveThe configuration file primary.cfg already exists.Do you want to save configuration to primary.cfg and overwrite it? (y/N) YesSaving configuration on master ....... done!Configuration saved to primary.cfg successfullyVLAB-R1-X450-24x.7 # # create account [admin | user] {} # delete account

Slide *Failsafe LoginThe account of last resort to access the ExtremeXOS switch when the admin password has been lost.Never displayed but always present.To access the switch using the failsafe account, you must be connected using a permitted method:allcontrolserialsshtelnetChanges to failsafe account and password are immediately stored in NVRAM, not in the configuration file.# configure failsafe-accountNote: The information that you use to configure the failsafe account cannot be recovered by Extreme Networks Technical support. Protect this information carefully.

Slide *Limiting CLI Sessions and Failed LoginsLimit the number of simultaneous CLI sessions:configure cli max-sessions 4Limit the number of failed login attempts:configure cli max-failed-logins 2Lock out a user after consecutive failed login attempts:configure account [all | ] password-policy lockout-on-login-failures onView the accounts that are currently locked out with the following command:show accountAdmin-level user must clear lockout condition:clear account [all | ] lockout# configure cli max-sessions # configure cli max-failed-logins

Slide *Restricting Telnet AccessRestrict which virtual router interfaces listen for Telnet connection requests:configure telnet vr admin_vrouter# configure telnet vr admin_vrouter

Slide *Dedicated management portIP address required to access switchOut-of-band management for:TelnetSSHSNMPSNTPRADIUSRMONRemote loggingLocal loggingConfiguring Management AccessIP NetworkRegional OfficesManagement Station

Slide *Using SSH and SCPUsed to encrypt Telnet sessions between a network administrator using SSH2 client software and the switch. Secure copy is included in the SSH module and is used to transfer files using encrypted data between the switch and an SSH2 client.To enable the switch to function as an SSH2 server:enable ssh2 To copy a file using secure copy: scp2 {cipher [3des | blowfish]} {port } {debug } @ [ | ]: {vr }Copy policy and configuration files to the switch using the Secure Copy Protocol 2 (SCP2).Note: Installing the SSH module also provides secure web (HTTPS / SSL) functionality.# enable ssh2 # scp2

Slide *Using SNMPThe switch must have an IP address.The SNMP agent can then be accessed from a Network Management Station (NMS).Any SNMP based network manager can manage a switch. Switch MIB must be installed correctly on the mgmt workstation.10.1.6.1NMS10.1.4.110.1.5.1

Slide *Configuring SNMP System ParametersEnable SNMPenable snmp accessSystem nameconfigure snmp sysname System locationconfigure snmp syslocation System contactconfigure snmp syscontact # enable snmp # configure snmp10.1.6.1NMS10.1.4.110.1.5.1

Slide *Configuring SNMP Access Parameters Community strings Default Public and PrivateSNMP read or read/write accessconfigure snmp add community [readonly | readwrite] Authorized trap receiversEnable trapsenable snmp trapsAdd trap receiverconfigure snmp add trapreceiver community 10.1.6.1NMS10.1.4.110.1.5.1# configure snmp add community # configure snmp

Slide *Authenticating Switch Management UsersRADIUS ClientRemote Authentication Dial In User Service (RADIUS)A mechanism for authenticating and centrally administering access to network nodesAllows authentication for Telnet, Vista, or console switch access TACACS+Terminal Access Controller Access Control System Plus Similar to the RADIUS Client Used to authenticate prospective users attempting to administer the switch Used to communicate between the switch and an authentication databaseNOTE: You cannot configure RADIUS and TACACS+ at the same time.

Slide *Logging FeaturesRemote loggingenabled Timestamp Fault Level Subsystem MessageUNIX syslog host facility accepts and logs messagesRemote loggingenabledLocal logging

Slide *Logging Featuresconfigure syslog {add} [ | ] {vr } [local0 ...local7] {}enable syslogRemote loggingenabledRemote loggingenabledLocal logging# configure syslog # enable syslogUNIX syslog host facility accepts and logs messages

Slide *Displaying Log MessagesLocal logging:Up to 20,000 messages in the internal logDefault is 1000 entriesDisplay log anytime:show log {}# show log {}

Slide *Using SNTPSimple Network Time Protocol (SNTP) Version 3.Used to update/synchronize the internal switch clock from a Network Time Protocol (NTP) server. When enabled, the switch sends out a periodic query to the NTP server or the switch listens to broadcast NTP updates. # configure sntp-client [pri | sec] server [ | ] {vr }# enable sntp-client# configure sntp-client # enable sntp-client

Slide *Verifying the Management ConfigurationTo display the network management configuration, statistics, and SNMP settings:show managementThe display includes:Enable/disable states for Telnet, and SNMPAuthorized SNMP station listSNMP trap receiver listRMON polling configurationSNMP statisticsVLAB-R1-X450-24x.1 # show managementCLI idle timeout : Enabled (20 minutes)CLI max number of login attempts : 3CLI max number of sessions : 8CLI paging : Enabled (this session only)CLI space-completion : Disabled (this session only)CLI configuration logging : DisabledCLI scripting : Disabled (this session only)CLI scripting error mode : Ignore-Error (this session only)CLI persistent mode : Persistent (this session only)Telnet access : Enabled (tcp port 23 vr all) : Access Profile : not setSSH Access : ssh module not loaded.Web access : Enabled (tcp port 80)Total Read Only Communities : 1Total Read Write Communities : 1RMON : DisabledSNMP access : Disabled : Access Profile Name : not setSNMP Traps : EnabledSNMP v1/v2c TrapReceivers : None

SNMP stats: InPkts 0 OutPkts 0 Errors 0 AuthErrors 0 Gets 0 GetNexts 0 Sets 0SNMP traps: Sent 0 AuthTraps EnabledVLAB-R1-X450-24x.2 ## show management

Slide *Summary You should now be able to:Login to the switch.Interpret the system prompt.Assign a name to the switch.Use the syntax help function.Create a new user account.Describe the SNMP, SNTP, and logging management features.

Slide *LabTurn to the Initial Switch Configuration Lab in the ExtremeXOS Operations and Configuration - Lab Guide Rev. 12.1 and complete the hands-on portion of this module.

2008 Extreme Networks, Inc. All rights reserved. ExtremeXOS Operation and Configuration, Version 12.1. Part number DOC-00919.

Review Questions


This presentation contains forward-looking statements that involve risks and uncertainties, including statements regarding our expectations as to products, trends and our performance. There can be no assurances that any forward-looking statements will be achieved, and actual results could differ materially from forecasts and estimates. For factors that may affect our business and financial results please refer to our filings with the Securities and Exchange Commission, including, without limitation, under the captions: Managements Discussion and Analysis of Financial Condition and Results of Operations, and Risk Factors, which is on file with the Securities and Exchange Commission (http://www.sec.gov). We undertake no obligation to update the forward-looking information in this release.



Documents

Module 01 (Startup)