1 | | = Configuring the switch through command line interface (CLI) = |
2 | | |
3 | | The IP8800/S3640-48T2XW and IP8800/S3640-24T2XW are the two models of NEC switch that support !OpenFlow. This page is a how-to/log on configuring the IP8800/S3640-48T2XW NEC switch through the CLI. |
4 | | |
5 | | == References == |
6 | | |
7 | | For people literate in Japanese, a complete set of configuration guides may be found in the [http://www.nec.co.jp/ip88n/02.html#manual03 documents section of the NEC website.] |
8 | | |
9 | | == console connection to the switch (6/11) == |
10 | | The switch uses regular RS-232 for the serial connection. The settings for the serial connection are the following: |
11 | | |
12 | | * speed: 9600 |
13 | | * data bits: 8 |
14 | | * stop bits: 1 |
15 | | * Flow control: none |
16 | | * Parity: none |
17 | | |
18 | | Minicom didn't seem to work too well no matter what settings were changed. Kermit was used to connect to the switch because default settings can be used directly and no changes need to be made. After installation (The Debian package is ckermit), use the following commands as root: |
19 | | |
20 | | {{{ |
21 | | C-Kermit>set line /dev/ttyS0 |
22 | | C-Kermit>set carrier-watch off |
23 | | C-Kermit>connect |
24 | | }}} |
25 | | |
26 | | `Ctrl-\ q` ends the kermit session. |
27 | | |
28 | | If the login prompt doesn't show up, pressing enter a couple of times should do the trick. The default username is `operator`, and the password, blank. |
29 | | |
30 | | == Making configuration changes through CLI == |
31 | | A lot of it looks like Cisco IOS. Type `enable` in the prompt to get to privileged mode. The '>' should become a '#'. |
32 | | |
33 | | {{{ |
34 | | > ena |
35 | | # |
36 | | }}} |
37 | | |
38 | | The shorthand of a command can be used. The switch also does command completions when you hit tab. A full list of commands can be seen by typing `?` at the prompt. Commands are often used in compound, so a `?` can be used at any time to see what options are available: |
39 | | |
40 | | {{{ |
41 | | # show interface ? |
42 | | gigabitethernet The type of a port is specified in |
43 | | 10BASE-T/100BASE-TX/1000BASE-T/1000BASE-X line |
44 | | tengigabitethernet The type of a port is specified in 10GBASE-R line |
45 | | }}} |
46 | | |
47 | | To actually configure the switch, you need to be in configuration mode. Type `configure` to enter configuration mode: |
48 | | |
49 | | {{{ |
50 | | # configure |
51 | | (config)# |
52 | | }}} |
53 | | |
54 | | If, at any time, you get confused as to which interface or '' what '' you are even configuring, command `show` will output the name of the interface and the configuration changes made to it so far: |
55 | | |
56 | | {{{ |
57 | | (config-if)# show |
58 | | interface gigabitethernet 0/27 |
59 | | switchport mode access |
60 | | switchport access vlan 4 |
61 | | ! |
62 | | }}} |
63 | | |
64 | | |
65 | | == Telnet access to the switch (6/12) == |
66 | | To telnet to a switch, you need to set up an IP address for the switch. To do this, you need to not only set up a vlan interface to which the IP address belongs, but also permit telnet access. |
67 | | |
68 | | 1. After entering configuration mode, create a vlan. Give it a name if you feel like it. The '!' before the prompt indicates that a change has been made, and you must use the command 'save' before exiting out of config mode to have the configuration changes apply. |
69 | | {{{ |
70 | | (config)# vlan 4 |
71 | | !(config-vlan)# name "telnet" |
72 | | !(config-vlan)# exit |
73 | | !(config)# |
74 | | }}} |
75 | | |
76 | | 2. Assign the port that is to be used for remote access the vlan you just created. the range of ports available save the 10GBe interfaces are 0/1-0/48. |
77 | | {{{ |
78 | | !(config)# interface gigabitethernet 0/27 |
79 | | !(config-if)# switchport mode access |
80 | | !(config-if)# swi acc vlan 4 |
81 | | !(config-if)# exit |
82 | | }}} |
83 | | |
84 | | 3. Assign an IP address and subnet mask to the vlan's interface: |
85 | | {{{ |
86 | | !(config)# interface vlan 4 |
87 | | !(config-if)# ip address 192.168.10.1 255.255.255.0 |
88 | | !(config-if)# exit |
89 | | !(config)# |
90 | | }}} |
91 | | |
92 | | 4. Allow login via telnet. This will limit the number of maximum simultaneous telnet connections to 3. `save` will allow config changes to survive a reboot, and gets rid of the annoying !'s. |
93 | | |
94 | | {{{ |
95 | | !(config)# line vty 0 2 |
96 | | !(config-line)# exit |
97 | | !(config)# |
98 | | !(config)# save |
99 | | (config)# exit |
100 | | # |
101 | | }}} |
102 | | |
103 | | The telnet VLAN (4) was later changed to VLAN 1. |
104 | | |
105 | | == switch as DHCP server == |
106 | | The switch can be a DHCP server, so it was made so the laptop that'll be used to test if the telnet configs worked would get an address from the switch. This was later disabled since hosts on this switch would acquire IP addresses from a designated DHCP server. |
107 | | The commands for making the switch a DHCP server is [wiki:Internal/OpenFlow/SwitchConfiguration here]. |
108 | | |
109 | | == The right way to flash the switch (6/16) == |
110 | | The specific how-to's are on [wiki:Internal/OpenFlow/Firmware another article], but the general gist is to copy the firmware, license, and configuration files onto a SD card provided by NEC, and cold booting the switch off of it. |
111 | | |
112 | | == VLAN Configuration, based on convention (6/23) == |
113 | | The switch should follow the conventions used in other switches for which port corresponds to which VLAN, where the trunk is, ect. After week 2, the switch was booted back into normal mode (no SD card), and the VLANs statically set according to the following convention for networking SB9: |
114 | | |
115 | | ||Usage||ports||VLAN|| |
116 | | ||CM||1-4||3|| |
117 | | ||Control||5-8||27|| |
118 | | ||Data||9-12||28|| |
119 | | |
120 | | == Static VLAN Configuration == |
121 | | Configuration of the CM VLAN (VLAN 3) is shown here. |
122 | | |
123 | | 1. Create and name VLAN |
124 | | {{{ |
125 | | (config)# vlan 3 |
126 | | !(config-vlan)# name "CM" |
127 | | !(config-vlan)# exit |
128 | | }}} |
129 | | |
130 | | 2. Assign CM VLAN 3 to the desired ports. Unfortunately, you have to configure one port at a time. Luckily, you can use the up arrow key to go through previous commands to make things faster. |
131 | | {{{ |
132 | | !(config)# interface gi 0/1 |
133 | | !(config-if)# switchport mode access |
134 | | !(config-if)# switchport acc vlan 3 |
135 | | !(config)# interface gi 0/2 |
136 | | !(config-if)# switchport mode access |
137 | | !(config-if)# switchport acc vlan 3 |
138 | | !(config)# interface gi 0/3 |
139 | | !(config-if)# switchport mode access |
140 | | !(config-if)# switchport acc vlan 3 |
141 | | !(config)# interface gi 0/4 |
142 | | !(config-if)# switchport mode access |
143 | | !(config-if)# switchport acc vlan 3 |
144 | | }}} |
145 | | |
146 | | 3. After repeating steps 1 and 2 for the Control and Data VLANs (with correct port numbers and VLAN number, of course), configure the trunk ports: |
147 | | {{{ |
148 | | !(config-if)# interface gi 0/45 |
149 | | !(config-if)# switchport mode trunk |
150 | | !(config-if)# switchport trunk allowed vlan 3,27,28 |
151 | | !(config-if)# interface gi 0/46 |
152 | | !(config-if)# switchport mode trunk |
153 | | !(config-if)# switchport trunk allowed vlan 3,27,28 |
154 | | !(config-if)# interface gi 0/47 |
155 | | !(config-if)# switchport mode trunk |
156 | | !(config-if)# switchport trunk allowed vlan 3,27,28 |
157 | | !(config-if)# interface gi 0/48 |
158 | | !(config-if)# switchport mode trunk |
159 | | !(config-if)# switchport trunk allowed vlan 3,27,28 |
160 | | !(config-if)# exit |
161 | | !(config)# save |
162 | | (config)# exit |
163 | | }}} |
164 | | |
165 | | == DHCP/BootP relay agent (6/24) == |
166 | | attempt was made but not knowing the DHCP server's address didn't help. Nevertheless, translations on how to set up a relay agent/ IP helper are [wiki:Internal/OpenFlow/SwitchConfiguration here]. |
167 | | |
168 | | == Native VLAN configuration (6/25) == |
169 | | A native VLAN was set up on the trunk ports so the switch will have an interface that can be assigned an IP address. |
170 | | |
171 | | 1. Make a VLAN. Name the native VLAN. |
172 | | {{{ |
173 | | (config)# vlan 1 |
174 | | (config-vlan)# name "Network" |
175 | | !(config-vlan)# exit |
176 | | }}} |
177 | | 2. Assign static IP address to the interface. we needed to find the switch's IP address with nslookup. This was actually done 7/2, after its MAC address was registered. |
178 | | {{{ |
179 | | !(config-vlan)# interface vlan 1 |
180 | | !(config-if)# ip address 172.16.19.253 255.255.0.0 |
181 | | }}} |
182 | | 3. Configure ports to be trunk ports, then specify the native VLAN |
183 | | {{{ |
184 | | !(config)# interface gi 0/48 |
185 | | !(config-if)# switchport mode trunk |
186 | | !(config-if)# switchport trunk native vlan 1 |
187 | | }}} |
188 | | 4. Specify which VLANs are allowed on the trunk. This includes all VLANs that converge to this trunk, as well as the native VLAN for this trunk. If the port is already made to allow other VLANs, instead of using command `switchport trunk allowed vlan 1,3,27,28` you can just add VLAN 1 by using the `vlan add <vlan ID>` context: |
189 | | {{{ |
190 | | !(config-if)# swi trunk allowed vlan add 1 |
191 | | }}} |
192 | | so now the configurations for port 0/48 look like this: |
193 | | {{{ |
194 | | !(config-if)# sh |
195 | | interface gigabitethernet 0/48 |
196 | | switchport mode trunk |
197 | | switchport trunk allowed vlan 1,3,27-28 |
198 | | switchport trunk native vlan 1 |
199 | | }}} |
200 | | |
201 | | === Port speeds (7/17) === |
202 | | By default, the switch autonegociates. You can change this by going into configuration mode for each port, and changing settings using the `speed` command. The syntax: |
203 | | |
204 | | * `speed auto [10|100|1000]` - autonegociate. If a speed is specified, the port will be shut down by the switch if the host refuses to negotiate to the set speed. |
205 | | * `speed [10|100|1000]` - sets port to specific speed, no autonegociation |
206 | | |
207 | | The port should be shut down before changing speed settings. This seems to allow the changes to take immediate effect, even before saving config changes. Each port needs to be configured separately, which makes it a bit annoying. |
208 | | {{{ |
209 | | sw-sb09(config)# interface gi 0/13 |
210 | | sw-sb09(config-if)# shutdown |
211 | | !sw-sb09(config-if)# |
212 | | 02/06 03:35:48 E3 PORT GigabitEthernet0/13 25011100 1350:000000000000 Port disabled administratively. |
213 | | !sw-sb09(config-if)# speed auto 1000 |
214 | | !sw-sb09(config-if)# no shutdown |
215 | | }}} |
216 | | |
217 | | === SNMP (8/13) === |
218 | | For a explanation of SNMP: http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol [[BR]] |
219 | | In the IP8800 guide: http://www.nec.co.jp/ip88n/s36_sw/html/cfguide2/index.html [[BR]] |
220 | | MIB references: http://www.alvestrand.no/objectid/ |
221 | | ==== Configuring the IP8800 ==== |
222 | | Use of SNMP (Simple Network Management Protocol) is not set by default; you must create access lists with IP addresses allowed to request information as a manager device. In this case, an ACL is created for all the interfaces of SB9, eth1: |
223 | | {{{ |
224 | | !sw-sb09(config)# access-list 1 permit 10.19.0.10 0.0.0.0 |
225 | | !sw-sb09(config)# access-list 1 permit 192.168.100.28 0.0.0.0 |
226 | | !sw-sb09(config)# access-list 1 permit 192.168.1.28 0.0.0.0 |
227 | | !sw-sb09(config)# access-list 1 permit 172.16.100.1 0.0.0.0 |
228 | | !sw-sb09(config)# sh access-list |
229 | | access-list 1 10 permit host 10.19.0.10 |
230 | | access-list 1 20 permit host 192.168.100.28 |
231 | | access-list 1 30 permit host 192.168.1.28 |
232 | | access-list 1 40 permit host 172.16.100.1 |
233 | | }}} |
234 | | To add a block of IP's to the ACL, you need the starting IP address and wildcard (range of host addresses available) for that IP block. To add the Network VLAN subnet to the ACL: |
235 | | {{{ |
236 | | access-list 1 50 permit 172.16.0.1 0.0.255.255 |
237 | | }}} |
238 | | |
239 | | to include it in the snmp access list, use the following command: |
240 | | {{{ |
241 | | sw-sb09(config)# snmp-server community "NET" rw 1 |
242 | | }}} |
243 | | where "NET" is the group name, "rw" - read/write, as opposed to "ro", read-only, and "1" is the access list allowed. |
244 | | |
245 | | ==== Accessing MIBs on the IP8800 ==== |
246 | | accessing it through the switch itsself is easy enough: |
247 | | {{{ |
248 | | sw-sb09# snmp walk 1.3.6.1.2.1.1 |
249 | | |
250 | | Name: sysDescr.0 |
251 | | Value: ALAXALA AX3640S AX-3640-48T2XW-L [AX3640S-48T2XW] Switching software Ver. |
252 | | 10.7 [OS-L3L] |
253 | | |
254 | | Name: sysObjectID.0 |
255 | | Value: ax3640s |
256 | | |
257 | | Name: sysUpTime.0 |
258 | | Value: 25724205 |
259 | | |
260 | | Name: sysContact.0 |
261 | | Value: |
262 | | |
263 | | Name: sysName.0 |
264 | | Value: sw-sb09 |
265 | | |
266 | | Name: sysLocation.0 |
267 | | Value: |
268 | | |
269 | | Name: sysServices.0 |
270 | | Value: 78 |
271 | | }}} |
614 | | moving on... |
615 | | |
616 | | 2. '''Configure the VLAN ports.''' The steps are same as configuring the ports for regular VLANs, except instead of "switchport mode access" we specify "switchport mode dot1q-tunnel" in this case: |
617 | | {{{ |
618 | | sw-sb09(config)# int range gigabitethernet 0/1-4, gigabitethernet 0/30 |
619 | | sw-sb09(config-if-range)# |
620 | | }}} |
621 | | |
622 | | 3. '''Associate the trunk with a Native VLAN.''' Technially speaking, native VLANs allows hosts that do not understand tagging to function on a network implementing VLAN tagging. In context of the switch, the native VLAN is much like a trunk port version of an interface VLAN. |
623 | | |
624 | | |
625 | | ==== ports ==== |
| 343 | |
| 344 | 2. '''Associate the trunk with a Native VLAN.''' Native VLANs allows hosts that do not understand VLAN tagging to function on a network implementing trunking (IEEE 802.1q). In context of the switch, the native VLAN is much like a trunk port version of an interface VLAN; It essentially assigns an IP address and VLAN to the switch's trunk port(s), and provides a means to transport non-tagged frames on the trunk. |
| 345 | {{{ |
| 346 | !(config-if-range)# switchport trunk native vlan 1 |
| 347 | }}} |
| 348 | |
| 349 | * "switchport trunk native vlan 1" - make VLAN 1 the native VLAN for trunk port 0/48 (any frames from VLAN 1 will pass through the trunk untagged) |
| 350 | |
| 351 | By the way, this is the configuration for interface VLAN 1, which should be done ahead of time: |
| 352 | {{{ |
| 353 | (config-vlan)# interface vlan 1 |
| 354 | (config-if)# ip address 172.16.19.253 255.255.0.0 |
| 355 | }}} |
| 356 | |
| 357 | ...And that's it for the trunks. If you now go into a context for one of your trunk ports and do a "show", your configurations should look like this: |
| 358 | {{{ |
| 359 | !(config-if-range)# interface gi 0/48 |
| 360 | !(config-if)# show |
| 361 | interface gigabitethernet 0/48 |
| 362 | switchport mode trunk |
| 363 | switchport trunk allowed vlan 1,3,27-28 |
| 364 | switchport trunk native vlan 1 |
| 365 | }}} |
| 366 | |
| 367 | But finally... |
| 368 | |
| 369 | 3. '''Configure the ports associated with the trunked VLANs.''' The steps are same as configuring the ports for regular VLANs, except instead of "switchport mode access" we specify "switchport mode dot1q-tunnel" in this case: |
| 370 | {{{ |
| 371 | (config)# int ran gi 0/13-22 |
| 372 | (config-if-range)# sw mo dot1q-tunnel |
| 373 | !(config-if-range)# sw acc vlan 3 |
| 374 | !(config-if-range)# save <<<-----VERY important if you want the configurations saved! |
| 375 | }}} |
| 376 | |
| 377 | === Troubleshooting === |
| 378 | |
| 379 | ...error messages, undoing configs, ect to come here |
| 380 | |
| 381 | ---- |
| 382 | == Port configurations == |
| 383 | While we have been mentioning ports perpetually via contexts, this section covers them in deeper detail. |
| 384 | |
| 385 | ==== ports as seen by the switch ==== |
657 | | |
658 | | * Virtual interfaces - Also called "VLANs" by the switch. They do function as VLANs in the traditional sense, but in this case, are also associated with IP addresses used by the switch (i.e. the IP address used when telnetting). |
659 | | |
660 | | * Ports - By default all ports are assigned to VLAN 1. The ports must be assigned to different VLANs according to how you want the frames to/from the port are handled. Port settings are configured from the `interface gigabitethernet 0/n` context in configure mode. The three main contexts we need are: |
661 | | |
662 | | 1- `switchport mode access` - the default port mode. Port is associated with a vlan, but frames from the port are not tagged - the frames are dropped if they are seen on the trunk. |
663 | | |
664 | | 2- `switchport mode dot1q-tunnel` - frames from the port are tagged upon hitting the trunk and not dropped. |
665 | | |
666 | | 3- `switchport mode trunk` - port is a trunk and can handle frames from multiple vlans. |
667 | | |
| 417 | === Port speed === |
| 418 | By default, the switch autonegociates. You can change this by going into configuration mode for each port, and changing settings. |
| 419 | |
| 420 | 1. '''Shut port(s) to configure down.''' Shutting the ports down before configuring them allows the changes to take immediate effect upon bringing them back up. |
| 421 | {{{ |
| 422 | sw-sb09(config)# interface gi 0/13 |
| 423 | sw-sb09(config-if)# shutdown |
| 424 | !sw-sb09(config-if)# |
| 425 | 02/06 03:35:48 E3 PORT GigabitEthernet0/13 25011100 1350:000000000000 Port disabled administratively. |
| 426 | }}} |
| 427 | |
| 428 | It is normal to see an output message when you take down ports. |
| 429 | |
| 430 | 2. '''Set speed.''' The sub-context "speed" allows you to configure the port speed. The syntax is the following: |
| 431 | |
| 432 | * `speed auto [10|100|1000]` - autonegociate. If a speed is specified, the port will be shut down by the switch if the host refuses to negotiate to the set speed. |
| 433 | * `speed [10|100|1000]` - force port to run at a specific speed, no autonegociation |
| 434 | |
| 435 | Where the numbers denote Mbps. Here, we configure the port to go at 1000Mbps (1Gbps), and bring it back up: |
| 436 | {{{ |
| 437 | !sw-sb09(config-if)# speed auto 1000 |
| 438 | !sw-sb09(config-if)# no shutdown |
| 439 | }}} |
| 440 | |
| 441 | === Help? === |
| 442 | ...To be completed. |
| 443 | |
| 444 | ---- |
| 445 | |
| 446 | == Access Lists and SNMP == |
| 447 | === SNMP (8/13) === |
| 448 | For a explanation of SNMP: http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol [[BR]] |
| 449 | In the IP8800 guide: http://www.nec.co.jp/ip88n/s36_sw/html/cfguide2/index.html [[BR]] |
| 450 | MIB references: http://www.alvestrand.no/objectid/ |
| 451 | ==== Configuring the IP8800 ==== |
| 452 | Use of SNMP (Simple Network Management Protocol) is not set by default; you must create access lists with IP addresses allowed to request information as a manager device. In this case, an ACL is created for all the interfaces of SB9, eth1: |
| 453 | {{{ |
| 454 | !sw-sb09(config)# access-list 1 permit 10.19.0.10 0.0.0.0 |
| 455 | !sw-sb09(config)# access-list 1 permit 192.168.100.28 0.0.0.0 |
| 456 | !sw-sb09(config)# access-list 1 permit 192.168.1.28 0.0.0.0 |
| 457 | !sw-sb09(config)# access-list 1 permit 172.16.100.1 0.0.0.0 |
| 458 | !sw-sb09(config)# sh access-list |
| 459 | access-list 1 10 permit host 10.19.0.10 |
| 460 | access-list 1 20 permit host 192.168.100.28 |
| 461 | access-list 1 30 permit host 192.168.1.28 |
| 462 | access-list 1 40 permit host 172.16.100.1 |
| 463 | }}} |
| 464 | To add a block of IP's to the ACL, you need the starting IP address and wildcard (range of host addresses available) for that IP block. To add the Network VLAN subnet to the ACL: |
| 465 | {{{ |
| 466 | access-list 1 50 permit 172.16.0.1 0.0.255.255 |
| 467 | }}} |
| 468 | |
| 469 | to include it in the snmp access list, use the following command: |
| 470 | {{{ |
| 471 | sw-sb09(config)# snmp-server community "NET" rw 1 |
| 472 | }}} |
| 473 | where "NET" is the group name, "rw" - read/write, as opposed to "ro", read-only, and "1" is the access list allowed. |
| 474 | |
| 475 | ==== Accessing MIBs on the IP8800 ==== |
| 476 | accessing it through the switch itsself is easy enough: |
| 477 | {{{ |
| 478 | sw-sb09# snmp walk 1.3.6.1.2.1.1 |
| 479 | |
| 480 | Name: sysDescr.0 |
| 481 | Value: ALAXALA AX3640S AX-3640-48T2XW-L [AX3640S-48T2XW] Switching software Ver. |
| 482 | 10.7 [OS-L3L] |
| 483 | |
| 484 | Name: sysObjectID.0 |
| 485 | Value: ax3640s |
| 486 | |
| 487 | Name: sysUpTime.0 |
| 488 | Value: 25724205 |
| 489 | |
| 490 | Name: sysContact.0 |
| 491 | Value: |
| 492 | |
| 493 | Name: sysName.0 |
| 494 | Value: sw-sb09 |
| 495 | |
| 496 | Name: sysLocation.0 |
| 497 | Value: |
| 498 | |
| 499 | Name: sysServices.0 |
| 500 | Value: 78 |
| 501 | }}} |