Upload
dnchathuranga
View
62
Download
4
Embed Size (px)
DESCRIPTION
sdsedfmsdf
Citation preview
Brocade Configuration Examples
Brocade Configuration Examples 2
Terminal Configurations
Windows Environment
In a UNIX environment, enter the following string at the prompt:tip /dev/ttyb -9600
If ttyb is already in use, use ttya instead and enter the following string at the prompt:tip /dev/ttya -9600
Brocade Configuration Examples 3
system prompt.
• User = >
• Privileged = #
• CONFIG = (config)#
Brocade Configuration Examples 4
POE/POE+
PoE Device will supply 15.4 watts of power at the RJ-45 jack
PoE+Device will supply either 15.4 or 30 watts of power
Brocade Configuration Examples 5
POE/POE+ Configurations
Brocade#configure terminalBrocade(config)# interface ethernet 1/1Brocade(config-if-e1000-1/1)# inline power power-limit 14000
These commands enable in-line power on interface ethernet 1 in slot 1 and set the PoE power level to 14,000milliwatts (14 watts).
Syntax: inline power power-limit <power level>
The <power level> variable is the maximum power level in number of milliwatts. The following values aresupported:
• PoE: Enter a value from 1000 through 15,400. The default is 15,400.• PoE+: Enter a value from 1000 through 30,000. The default is 30,000.
Brocade Configuration Examples 6
CLI Commands for use with the management portTo display the current configuration
show running-config interface management
Syntax: show running-config interface management <num>
Brocade(config-if-mgmt)#ip addr 10.44.9.64/24Brocade(config)#show running-config interface management 1interface management 1ip address 10.44.9.64 255.255.255.0
Brocade Configuration Examples 7
show interfaces management <num>
management port Show Commands
Brocade(config)#show interfaces management 1GigEthernetmgmt1 is up, line protocol is upHardware is GigEthernet, address is 0000.9876.544a (bia 0000.9876.544a)Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdxConfigured mdi mode AUTO, actual noneBPRU guard is disabled, ROOT protect is disabledLink Error Dampening is DisabledSTP configured to OFF, priority is level0, mac-learning is enabledFlow Control is config disabled, oper enabledMirror disabled, Monitor disabledNot member of any active trunksNot member of any configured trunksNo port nameIPG MII 0 bits-time, IPG GMII 0 bits-timeIP MTU 1500 bytes300 second input rate: 83728 bits/sec, 130 packets/sec, 0.01% utilization300 second output rate: 24 bits/sec, 0 packets/sec, 0.00% utilization39926 packets input, 3210077 bytes, 0 no bufferReceived 4353 broadcasts, 32503 multicasts, 370 unicasts0 input errors, 0 CRC, 0 frame, 0 ignored0 runts, 0 giants22 packets output, 1540 bytres, 0 underrunsTransmitted 0 broadcasts, 6 multicasts, 16 unicasts0 output errors, 0 collisions
Syntax: show interfaces brief management <num>
Syntax: show statistics brief management <num>
Brocade(config)#show statistics brief management 1PortIn PacketsOut PacketsTrunkIn ErrorsOut Errorsmgmt1399462200Total399452200
Brocade Configuration Examples 8
management port Show Commands Cont..
show statistics management <num>
Brocade Configuration Examples 9
Change Host Name
Syntax: hostname <string>
Brocade(config)# hostname zappazappa(config)#
Brocade Configuration Examples 10
CLI banner configuration
Setting a message of the day banner
For example, to display the message “Welcome to FESX!” when a Telnet CLI session is established
Brocade(config)# banner motd $ (Press Return)Enter TEXT message, End with the character '$'.Welcome to FESX! $
To remove the banner, enter the no banner motd command.
Setting a privileged EXEC CLI level banner
You can configure the Brocade device to display a message when a user enters the Privileged EXEC CLI level.
ExampleBrocade(config)# banner exec_mode # (Press Return)Enter TEXT message, End with the character '#'.You are entering Privileged EXEC levelDo not foul anything up! #
up to 4000 characters
Brocade Configuration Examples 11
Assigning a port name
To assign a name to a port.
Brocade(config)# interface ethernet 2Brocade(config-if-e1000-2)# port-name Marsha
The name can be up to
64 characte
rs long
Brocade Configuration Examples 12
Port speed and duplex mode modification
• designed to auto-sense and auto-negotiate the speed and duplex mode of the connected device
• If the attached device does not support you can manually enter the port speed to operate at either 10, 100, or 1000 Mbps
• default and recommended setting is 10/100/1000 auto-sense
Brocade Configuration Examples 13
Port speed and duplex mode configuration syntax
The following commands change the port speed of copper interface 8 on a FastIron from thedefault of 10/100/1000 auto-sense, to 100 Mbps operating in full-duplex mode.
Brocade(config)# interface ethernet 8Brocade(config-if-e1000-8)# speed-duplex 100-full
NOTEOn FastIron devices, when setting the speed and duplex-mode of an interface to 1000-full, configureone side of the link as master (1000-full-master) and the other side as slave (1000-full-slave).
Brocade Configuration Examples 14
Enabling auto-negotiation maximum port speed advertisement and down-shift
Port speed down-shift enables Gbps copper ports on the Brocade device to establish a link at 1000Mbps over a 4-pair wire when possible, or to down-shift to 100 Mbps if the medium is a 2-pair wire.
Maximum port speed application notes
Port speed down-shift and maximum port speed advertisement work only whenauto-negotiation is enabled (CLI command speed-duplex auto). If auto-negotiation is OFF, thedevice will reject the port speed down-shift and maximum port speed advertisementconfiguration.
Combo Ports not support
Brocade Configuration Examples 15
Enabling port speed down-shiftfollowing at the Global CONFIG level of the CLI
Brocade(config)# link-config gig copper autoneg-control down-shift ethernet 1 ethernet 2
Brocade Configuration Examples 16
Enabling port speed down-shift Cont…
Configuring port speed down-shift and auto-negotiation for a range of ports
Port speed down-shift and auto-negotiation can be configured for an entire range of ports with asingle command.
For example, to configure down-shift on ports 0/1/1 to 0/1/10 and 0/1/15 to 0/1/20 on thedevice, enter the following.
Brocade(config)# link-config gig copper autoneg-control down-shift ethernet 0/1/1 to 0/1/10 ethernet 0/1/15 to 0/1/20
To configure down-shift on ports 5 to 13 and 17 to 19 on a compact switch, enter the following.
Brocade(config)# link-config gig copper autoneg-control down-shift ethernet 5 to 13 ethernet 17 to 19
Brocade Configuration Examples 17
Enabling port speed down-shift Cont…
To disable selective auto-negotiation of 100m-auto on ports 0/1/21 to 0/1/25 and 0/1/30, enterthe following.
Brocade(config)# no link-config gig copper autoneg-control 100m-auto Ethernet 0/1/21 to 0/1/25 ethernet 0/1/30
Brocade Configuration Examples 18
Configuring maximum port speed advertisement
To configure a maximum port speed advertisement of 10 Mbps on a port that has auto-negotiationenabled, enter a command such as the following at the Global CONFIG level of the CLI.
Brocade(config)# link-config gig copper autoneg-control 10m ethernet 1
To configure a maximum port speed advertisement of 100 Mbps on a port that hasauto-negotiation enabled, enter the following command at the Global CONFIG level of the CLI.
Brocade(config)# link-config gig copper autoneg-control 100m ethernet 2
Syntax: [no] link-config gig copper autoneg-control 10m | 100m ethernet <port> [Ethernet [<port>]
Brocade Configuration Examples 19
Modifying port duplex mode
You can manually configure a 10/100 Mbps port to accept either full-duplex (bi-directional) orhalf-duplex (uni-directional) traffic.
Port duplex mode configuration syntax
To change the port speed of interface 8 from the default of 10/100/1000 auto-sense to 10 Mbpsoperating at full-duplex, enter the following.
Brocade(config)# interface ethernet 8Brocade(config-if-e1000-8)# speed-duplex 10-full
Brocade Configuration Examples 20
Disabling or re-enabling a port
A port can be made inactive (disable) or active (enable) by selecting the appropriate status option.The default value for a port is enabled.
To disable port 8 of a Brocade device, enter the following.
Brocade(config)# interface ethernet 8Brocade(config-if-e1000-8)# disable
You also can disable or re-enable a virtual interface. To do so, enter commands such as thefollowing.Brocade(config)# interface ve v1Brocade(config-vif-1)# disable
Brocade Configuration Examples 21
Changing the Gbps fiber negotiation modeThe globally configured Gbps negotiation mode is the default mode for all Gbps fiber ports. Youcan override the globally configured default and set individual ports to the following: NOTE
Gbps negotiation is not supported on ICX 6430 and ICX 6450 devices.• Negotiate-full-auto – The port first tries to perform a handshake with the other port to
exchange capability information. If the other port does not respond to the handshake attempt,the port uses the manually configured configuration information (or the defaults if anadministrator has not set the information). This is the default.
• Auto-Gbps – The port tries to perform a handshake with the other port to exchange capabilityinformation.
• Negotiation-off – The port does not try to perform a handshake. Instead, the port usesconfiguration information manually configured by an administrator.
To change the mode for individual ports, enter commands such as the following.Brocade(config)# interface ethernet 1 to 4Brocade(config-mif-1-4)# gig-default auto-gig
Brocade Configuration Examples 22
Determining the flash image version running on the device
To determine the flash image version running on a device, enter the show version command at anylevel of the CLI. Some examples are shown below.
Brocade Configuration Examples 23
Displaying the boot image version running on the device
To determine the boot image running on a device, enter the show flash command at any level of theCLI. The following shows an example output.
Brocade Configuration Examples 24
Flash image verification
The Flash Image Verification feature allows you to verify boot images based on hash codes, and togenerate hash codes where needed. This feature lets you select from three data integrityverification algorithms:
• MD5 - Message Digest algorithm (RFC 1321)
• SHA1 - US Secure Hash Algorithm (RFC 3174)
• CRC - Cyclic Redundancy Checksum algorithm
Brocade Configuration Examples 25
Flash image CLI commandsUse the following command syntax to verify the flash image:
Syntax: verify md5 | sha1 | crc32 <ASCII string> | primary | secondary [<hash code>]
• md5 – Generates a 16-byte hash code• sha1 – Generates a 20-byte hash code• crc32 – Generates a 4 byte checksum• ascii string – A valid image filename• primary – The primary boot image (primary.img)• secondary – The secondary boot image (secondary.img)• hash code – The hash code to verify
Flash image verification Cont…
Brocade Configuration Examples 26
To generate an MD5 hash value for the secondary image, enter the following command.
Brocade#verify md5 secondaryBrocade#.........................DoneSize = 2044830, MD5 01c410d6d153189a4a5d36c955653862
To generate a SHA-1 hash value for the secondary image, enter the following command.Brocade#verify sha secondaryBrocade#.........................DoneSize = 2044830, SHA1 49d12d26552072337f7f5fcaef4cf4b742a9f525
To generate a CRC32 hash value for the secondary image, enter the following command.Brocade#verify crc32 secondaryBrocade#.........................DoneSize = 2044830, CRC32 b31fcbc0
Flash image verification Cont…
Brocade Configuration Examples 27
To verify the hash value of a secondary image with a known value, enter the following commands.
Brocade#verify md5 secondary 01c410d6d153189a4a5d36c955653861Brocade#.........................DoneSize = 2044830, MD5 01c410d6d153189a4a5d36c955653862Verification FAILED.
In the previous example, the codes did not match, and verification failed. If verification succeeds,the output will look like this.Brocade#verify md5 secondary 01c410d6d153189a4a5d36c955653861Brocade#.........................DoneSize = 2044830, MD5 01c410d6d153189a4a5d36c955653861Verification SUCEEDED.
The following examples show this process for SHA-1 and CRC32 algorithms.Brocade#verify sha secondary 49d12d26552072337f7f5fcaef4cf4b742a9f525Brocade#.........................DoneSize = 2044830, sha 49d12d26552072337f7f5fcaef4cf4b742a9f525Verification SUCCEEDED.
Flash image verification Cont…
Brocade Configuration Examples 28
Software upgrades
Brocade Configuration Examples 29
Loading and saving configuration files
For easy configuration management, all Brocade devices support both the download and upload ofconfiguration files between the devices and a TFTP server on the network.
Brocade Configuration Examples 30
Replacing the startup configuration with the running configuration
After you make configuration changes to the active system, you can save those changes by writingthem to flash memory. When you write configuration changes to flash memory, you replace thestartup configuration with the running configuration.
To replace the startup configuration with the running configuration, enter the following commandat any Enable or CONFIG command prompt.
Brocade#write memory
Brocade Configuration Examples 31
Replacing the running configuration with the startup configuration
If you want to back out of the changes you have made to the running configuration and return tothe startup configuration, enter the following command at the Privileged EXEC level of the CLI.
Brocade#reload
Brocade Configuration Examples 32
Copying a configuration file to or from a TFTP server
The maximum size for the running-config and the startup-config file is 512K each.
Brocade Configuration Examples 33
NOTE Make sure you enter each command at the correct CLI level. Since some commands haveidentical forms at both the global CONFIG level and individual configuration levels, if the CLIresponse to the configuration file results in the CLI entering a configuration level you did notintend, then you can get unexpected results.
For example, if a trunk group is active on the device, and the configuration file contains acommand to disable STP on one of the secondary ports in the trunk group, the CLI rejects thecommands to enter the interface configuration level for the port and moves on to the nextcommand in the file you are loading. If the next command is a spanning-tree command whosesyntax is valid at the global CONFIG level as well as the interface configuration level, then thesoftware applies the command globally. Here is an example.
The configuration file contains these commands.interface ethernet 2no spanning-tree
Brocade Configuration Examples 34
NOTE
If the file contains commands that must be entered in a specific order, the commands mustappear in the file in the required order. For example, if you want to use the file to replace an IPaddress on an interface, you must first remove the old address using “no” in front of the ipaddress command, then add the new address. Otherwise, the CLI displays an error messageand does not implement the command. Here is an example.
The configuration file contains these commands.interface ethernet 11ip address 10.10.10.69/24
The end command must appear on thelast line of the file, by itself
Brocade Configuration Examples 35
Network connectivity testing
Brocade Configuration Examples 36
By default, a Brocade device does not time out serial console sessions. A serial session remainsopen indefinitely until you close it. You can however define how many minutes a serial managementsession can remain idle before it is timed out.
Defining the console idle time
Brocade Configuration Examples 37
NOTE
Brocade Configuration Examples 38
NOTE
Brocade Configuration Examples 39
NOTE
Brocade Configuration Examples 40
NOTE
Brocade Configuration Examples 41
NOTE
Brocade Configuration Examples 42
Local user accounts
You can define up to 16 local user accounts on a Brocade device. User accounts regulate who canaccess the management functions in the CLI using the following methods:• Telnet access• Web management access• SNMP access
A management privilege level, which can be one of the following:• Super User level (default) – Allows complete read-and-write access to the system. This isgenerally for system administrators and is the only privilege level that allows you toconfigure passwords.• Port Configuration level – Allows read-and-write access for specific ports but not for globalparameters.• Read Only level – Allows access to the Privileged EXEC mode and User EXEC mode withread access only.
Brocade Configuration Examples 43
Local user accounts Cont….
Brocade Configuration Examples 44
Enabling enhanced user password combination requirements
When strict password enforcement is enabled on the Brocade device, you must enter a minimum ofeight characters containing the following combinations when you create an enable and a userpassword:
• At least two upper case characters• At least two lower case characters• At least two numeric characters• At least two special characters
Use the enable strict-password-enforcement command to enable the password security feature.Brocade(config)#enable strict-password-enforcement
Brocade Configuration Examples 45
Enabling user password masking
By default, when you use the CLI to create a user password, the password displays on the consoleas you type it. For enhanced security, you can configure the Brocade device to mask the passwordcharacters entered at the CLI. When password masking is enabled, the CLI displays asterisks (*) onthe console instead of the actual password characters entered.
The following shows the default CLI behavior when configuring a username and password.
Brocade(config)#username kelly password summertime
The following shows the CLI behavior when configuring a username and password whenpassword-masking is enabled.
Brocade(config)#username kelly passwordEnter Password: ********
Brocade Configuration Examples 46
System reload scheduling
Brocade Configuration Examples 47
Brocade Configuration Examples 48
Brocade Configuration Examples 49
Setting a Telnet password
Brocade Configuration Examples 50
Setting a SSH passwordLets break this down into steps:1) generate a key #crypto key gen2) create an ACL access group and bind it to the SSH login #access-list 10 permit <ip_address/maskbits> ... repeat as necessary ... #ssh access-group 103) set an idle timeout #ip ssh idle-time 20 !time in minutes4) set a login timeout #ip ssh timeout 60 !time in seconds5) consider disabling telnet (optional) #no telnet server6) Now create the local login accounts: #user icxadmin privilege 0 pass <yourSuperSecurePassword>7) Configure AAA to use the local user database as default #aaa authentication login default local8) Consider enabling user/pass requirement for console access too (optional) #enable aaa consoleAlways keep your routers/switches secure and document your configuration, including access settings, in your secure run book.
Brocade Configuration Examples 51
Changing the MAC age time and disabling MAC address learning
Brocade Configuration Examples 52
Brocade Configuration Examples 53
LABCreate VLAN
Assign IP to VLANMAP Ports to VLAN
VLAN Routing
Brocade Configuration Examples 54
Brocade Configuration Examples 55
THANK YOU!