Mers 8600 Commissioning

Nortel Metro Ethernet Routing Switch 8600

Commissioning

ATTENTIONClicking on a PDF hyperlink takes you to the appropriate page. If necessary,

scroll up or down the page to see the beginning of the referenced section.

NN46220-309 317814-E Rev 01.

Document status: StandardDocument version: 01.01Document date: 20 March 2007

Copyright © 2005-2007, Nortel NetworksAll Rights Reserved.

The information in this document is subject to change without notice. The statements, configurations, technicaldata, and recommendations in this document are believed to be accurate and reliable, but are presented withoutexpress or implied warranty. Users must take full responsibility for their applications of any products specified in thisdocument. The information in this document is proprietary to Nortel Networks Inc.

The software described in this document is furnished under a license agreement and may be used only in accordancewith the terms of that license. The software license agreement is included in this document.

This document is sourced in Canada and the United States of America.

Restricted rights legendUse, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.

Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computersoftware, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forthin the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.

Nortel Networks Inc. software license agreementThis Software License Agreement ("License Agreement") is between you, the end-user ("Customer") and NortelNetworks Corporation and its subsidiaries and affiliates ("Nortel Networks"). PLEASE READ THE FOLLOWINGCAREFULLY. YOU MUST ACCEPT THESE LICENSE TERMS IN ORDER TO DOWNLOAD AND/OR USE THESOFTWARE. USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OF THIS LICENSE AGREEMENT.If you do not accept these terms and conditions, return the Software, unused and in the original shipping container,within 30 days of purchase to obtain a credit for the full purchase price.

"Software" is owned or licensed by Nortel Networks, its parent or one of its subsidiaries or affiliates, and iscopyrighted and licensed, not sold. Software consists of machine-readable instructions, its components, data,audio-visual content (such as images, text, recordings or pictures) and related licensed materials including all wholeor partial copies. Nortel Networks grants you a license to use the Software only in the country where you acquired theSoftware. You obtain no rights other than those granted to you under this License Agreement. You are responsible forthe selection of the Software and for the installation of, use of, and results obtained from the Software.

1. Licensed Use of Software. Nortel Networks grants Customer a nonexclusive license to use a copy of theSoftware on only one machine at any one time or to the extent of the activation or authorized usage level,whichever is applicable. To the extent Software is furnished for use with designated hardware or Customerfurnished equipment ("CFE"), Customer is granted a nonexclusive license to use Software only on suchhardware or CFE, as applicable. Software contains trade secrets and Customer agrees to treat Software asconfidential information using the same care and discretion Customer uses with its own similar information that itdoes not wish to disclose, publish or disseminate. Customer will ensure that anyone who uses the Softwaredoes so only in compliance with the terms of this Agreement. Customer shall not a) use, copy, modify, transfer ordistribute the Software except as expressly authorized; b) reverse assemble, reverse compile, reverse engineeror otherwise translate the Software; c) create derivative works or modifications unless expressly authorized; or d)sublicense, rent or lease the Software. Licensors of intellectual property to Nortel Networks are beneficiaries ofthis provision. Upon termination or breach of the license by Customer or in the event designated hardware orCFE is no longer in use, Customer will promptly return the Software to Nortel Networks or certify its destruction.Nortel Networks may audit by remote polling or other reasonable means to determine Customer’s Softwareactivation or usage levels. If suppliers of third party software included in Software require Nortel Networks toinclude additional or different terms, Customer agrees to abide by such terms provided by Nortel Networkswith respect to such third party software.

2. Warranty. Except as may be otherwise expressly agreed to in writing between Nortel Networks and Customer,Software is provided "AS IS" without any warranties (conditions) of any kind. NORTEL NETWORKS DISCLAIMSALL WARRANTIES (CONDITIONS) FOR THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING,BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A

PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT. Nortel Networks is not obligatedto provide support of any kind for the Software. Some jurisdictions do not allow exclusion of implied warranties,and, in such event, the above exclusions may not apply.

3. Limitation of Remedies. IN NO EVENT SHALL NORTEL NETWORKS OR ITS AGENTS OR SUPPLIERS BELIABLE FOR ANY OF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTY CLAIM; b) LOSSOF, OR DAMAGE TO, CUSTOMER’S RECORDS, FILES OR DATA; OR c) DIRECT, INDIRECT, SPECIAL,INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS),WHETHER IN CONTRACT, TORT OR OTHERWISE (INCLUDING NEGLIGENCE) ARISING OUT OF YOURUSE OF THE SOFTWARE, EVEN IF NORTEL NETWORKS, ITS AGENTS OR SUPPLIERS HAVE BEENADVISED OF THEIR POSSIBILITY. The forgoing limitations of remedies also apply to any developer and/orsupplier of the Software. Such developer and/or supplier is an intended beneficiary of this Section. Somejurisdictions do not allow these limitations or exclusions and, in such event, they may not apply.

4. General

a. If Customer is the United States Government, the following paragraph shall apply: All Nortel NetworksSoftware available under this License Agreement is commercial computer software and commercialcomputer software documentation and, in the event Software is licensed for or on behalf of the United StatesGovernment, the respective rights to the software and software documentation are governed by NortelNetworks standard commercial license in accordance with U.S. Federal Regulations at 48 C.F.R. Sections12.212 (for non-DoD entities) and 48 C.F.R. 227.7202 (for DoD entities).

b. Customer may terminate the license at any time. Nortel Networks may terminate the license if Customerfails to comply with the terms and conditions of this license. In either event, upon termination, Customermust either return the Software to Nortel Networks or certify its destruction.

c. Customer is responsible for payment of any taxes, including personal property taxes, resulting fromCustomer’s use of the Software. Customer agrees to comply with all applicable laws including all applicableexport and import laws and regulations.

d. Neither party may bring an action, regardless of form, more than two years after the cause of the actionarose.

e. The terms and conditions of this License Agreement form the complete and exclusive agreement betweenCustomer and Nortel Networks.

f. This License Agreement is governed by the laws of the country in which Customer acquires the Software.If the Software is acquired in the United States, then this License Agreement is governed by the laws ofthe state of New York.

5

Contents

New in this release 7

Introduction 9Before you begin 9Acronyms 9

Setting up the switch 11Connecting a terminal 12Connecting a modem 13Logging on to the system 15

hsecure bootconfig flag 16Modifying the CLI login and passwords 18Rebooting or resetting the switch 19

Cold boot/warm boot trap messages 19Setting system identification 19Managing files 20

File system commands 20Displaying a directory 21Copying files 21Saving the configuration to a file 22

Getting online Help 22Pinging a device 24Setting and displaying the date 25Accessing the standby CPU 26Exiting and reentering the CLI 26

Setting up the switch for remote management 27Assigning an IP address to the management port 27

Assigning a default gateway 29Configuring the management Ethernet port 29Setting security features 30Enabling remote access services using the CLI 30

Accessing services from the Boot Monitor CLI 30Accessing services from the Run-Time CLI 31Enabling rlogin 31

Nortel Metro Ethernet Routing Switch 8600Commissioning

NN46220-309 01.01 Standard4.1 20 March 2007

Copyright © 2005-2007, Nortel Networks Nortel Networks Confidential

.

6 Contents

Disabling a service 32Monitoring the switch using web management 32Managing the switch using Device Manager 32

Providing switch reliability 33




.

7

New in this release

No new features are added to the document in this release.




.

8 New in this release




.

9

Introduction

The Nortel Metro Ethernet Routing Switch 8600 is a flexible andmultifunctional switch that supports a wide range of network architecturesand protocols. This guide provides procedures for setting up and startingthe Metro Ethernet Routing Switch 8600.

Before you beginThis guide is intended for network designers and administrators with thefollowing background:

• Basic knowledge of networks, Ethernet bridging, and IP

• Familiarity with networking concepts and terminology

• Basic knowledge of network topologies

• Experience with windowing systems or graphical user interfaces (GUIs)

AcronymsThis guide uses the following acronyms:

BootP Bootstrap Protocol

FTP File Transfer Protocol

IP Internet Protocol

MAC media access control

MLT MultiLink Trunking

PPP Point-to-Point Protocol

SF Switch Fabric

SNMP Simple Network Management Protocol

SMLT Split MultiLink Trunking

TCP/IP Transmission Control Protocol/Internet Protocol

TELNET Network Virtual Terminal Protocol

VRRP Virtual Router Redundancy Protocol




.

10 Introduction




.

11

Setting up the switch

This chapter describes how to connect a terminal and modem to the switch,log on to the switch software, configure the switch using the Setup Utility,reboot the switch using the command line interface (CLI), and perform basictasks. This section includes the following topics:

Topic

"Connecting a terminal" (page 12)

"Connecting a modem" (page 13)

"Logging on to the system" (page 15)

"Modifying the CLI login and passwords" (page 18)

"Rebooting or resetting the switch" (page 19)

"Setting system identification" (page 19)

"Managing files" (page 20)

"Getting online Help" (page 22)

"Pinging a device" (page 24)

"Setting and displaying the date" (page 25)

"Accessing the standby CPU" (page 26)

"Exiting and reentering the CLI" (page 26)

The Metro Ethernet Routing Switch 8600 supports two Command LineInterfaces (CLIs):

• Boot Monitor CLI

• Run-Time CLI

The Boot Monitor CLI allows you to configure and manage the boot process.You initiate a Boot Monitor CLI session only through a direct serial-portconnection to the switch. After the Boot Monitor CLI is active, you canaccess it only through a console session. Within the Boot Monitor CLI, youcan change the boot configuration, including boot choices and boot flags.




.

12 Setting up the switch

You access the Run-Time CLI through a direct serial-port connection to theswitch or through a Telnet, SSH (Secure Shell), or rlogin session (if theflags for Telnet and rlogin are set to allow remote access). Metro EthernetRouting Switch 8600 modules support one CLI session at the console serialport or up to eight Telnet/SSH sessions. You can open a Telnet session fromDevice Manager by clicking the Telnet button on the toolbar or by choosingDevice > Telnet from the menu bar.

For more information about the Boot Monitor and Run-Time CLIs,see Managing Platform Operations (315545-E). For more informationabout Device Manager, see Nortel Metro Ethernet Routing Switch 8600Fundamentals — Using Device Manager (NN46225-300).

You can use any terminal or personal computer (PC) with a terminalemulator as the CLI console station. For instructions to connect thecomputer or terminal, see the section, "Connecting a terminal" (page 12).

Connecting a terminalThe serial console interface is an RS-232 port that enables a connectionto a PC or terminal for monitoring and configuring the switch. The port isimplemented as a DB-9 connector that can operate as either data terminalequipment (DTE) or data communication equipment (DCE). The defaultcommunication protocol settings for the console port are:

• 9600 baud

• 8 data bits

• 1 stop bit

• No parity

To use the console port, you need the following equipment:

• A terminal or TTY-compatible terminal, or a portable computer with aserial port and terminal-emulation software

• A UL-listed straight-through RS-232 cable with a female DB-9 connectorfor the console port on the switch

The other end of the cable must have a connector appropriate to theserial port on your computer or terminal. (Most computers or terminalsuse a male DB-25 connector.)

Any cable connected to the console port must be shielded to complywith emissions regulations and requirements.

To connect a computer or terminal to the Console port:




.

Connecting a modem 13

Step Action

1 Set the terminal protocol as follows:

• 9600 baud

• 8 data bits

• 1 stop bit

• No parity

2 Connect the RS-232 cable to the console port.

3 Connect the other end of the cable to the terminal or computerserial port.

4 Turn on the terminal.

5 Log on to the CLI (see "Logging on to the system" (page 15)).

—End—

Connecting a modemYou can access the CLI through a modem connection to the 8691omSF or8692omSF module. This section describes how to connect a modem to themodem port on the module.

To set up modem access, you need a DTE-to-DCE cable (straight ortransmit cable) to connect the Metro Ethernet Routing Switch 8600 to themodem. "DTE-to-DCE straight-through pin assignments" (page 13) showsthe DTE-to-DCE pin assignments.

DTE-to-DCE straight-through pin assignments

Switch ModemSignal Pin

numberDCE DB-9pin number

DCE DB-25pin number

RXD 2 2 3

TXD 3 3 2

DTR 4 4 20

GND 5 5 7

DSR 6 6 6

RTS 7 7 4

CTS 8 8 5




.


The modem port is a data terminal equipment (DTE) device operating at9600 baud, 8 data bits, no parity, and one stop bit. Because the modemport expects to receive Data Set Ready (DSR) and Clear To Send (CTS)signals before transmitting, these control lines are required in the cables.The modem port does not support any inbound flow control; that is, the portdoes not toggle control lines to indicate the input buffer is full.

To connect a modem to a Metro Ethernet Routing Switch 8600, first set upthe modem port using another type of connection to the CLI.

Nortel recommends that you use the default settings for the Modem port formost modem installations.

To set up the modem port using Metro Ethernet Routing Switch 8600 CLI:

Step Action

1 In the Run-Time CLI, enter the following command:

config bootconfig sio modem

Now you can enter options for this command level without retypingthe first part of the command.

2 Use the following commands to set port parameters, based on therequirements of the modem:

• baud <rate>

where

rate is the baud rate for the modem. The default is 9600.

• 8databits {true|false}

where

• false sets the number of data bits per byte to 8. This settingis the default.

• true sets the number of data bits per byte to 7.

• mode < ascii | slip | ppp >

where

• ascii is the default setting. This setting is recommended formost modem connections.

• slip sets the port for serial line IP (SLIP) operation.




.

Logging on to the system 15

• ppp sets the port for point-to-point protocol (PPP) operation.

For information about the configuration requirements of your modem,refer to the documentation that was shipped with the modem.

ATTENTIONNortel recommends that you do not set the modem port for SLIP orPPP operation unless you are thoroughly familiar with the operation ofthese protocols.

3 If you set the port mode to slip, use the following commands to setother SLIP parameters:

• slip-compression {true|false} to enable or disableTCP/IP header compression. The default is false.

• slip-rx-compression {true|false} to enable or disableTCP/IP header compression on the receive packet. The defaultis false.

4 If you set the port mode to ppp, use the following commands toset other PPP parameters:

• mtu <bytes> to set the maximum transmission unit for thepoint-to-point link. The default is zero (0).

• my-ip <ipaddr> to set the near-end IP address on thepoint-to-point link. The default is 0.0.0.0.

• peer-ip <ipaddr> to set the peer IP address on thepoint-to-point link. The default is 0.0.0.0.

• pppfile <file> to identify the file to use for PPP initializationparameters.

5 On the modem, turn off echo mode and return code messaging.

6 Connect the modem to the modem port using a cable withthe connector described in "DTE-to-DCE straight-through pinassignments" (page 13).

—End—

Logging on to the systemThe basic switch configuration procedures in this chapter use the Run-TimeCLI. When the switch completes its boot sequence, the login promptappears. Enter a login and password that correspond to the level of access




.


needed. The default values for login and password for the console andTelnet sessions are shown in "Access levels and default login values" (page16).

Access levels and default login values

Access level DescriptionDefaultlogin

Defaultpassword

Read-only Allows only viewing configurationand status information. Isequivalent to SNMP read-onlycommunity access.

ro ro

Layer 1read/write

Allows viewing most switchconfiguration and statusinformation and changing physicalport settings.

l1 l1

Layer 2read/write

Allows viewing and changingconfiguration and statusinformation for layer 2(bridging/switching) functions.

l2 l2

Layer 3read/write(8600 switchesonly)

Allows viewing and changingconfiguration and statusinformation for layer 2 andlayer 3 (routing) functions.

l3 l3

Read/write Allows viewing and changingconfiguration and statusinformation across the switch;does not allow changing securityand password settings. Isequivalent to SNMP read-writecommunity access.

rw rw

Read/write/all Allows all the rights of read/writeaccess and the ability to changesecurity settings, including the CLIand web-based management usernames and passwords and theSNMP community strings.

rwa rwa

hsecure bootconfig flagThe Metro Ethernet Routing Switch 8600 supports a high secure(hsecure) mode that you can set with the hsecure boot configurationflag. High secure mode introduces the following restrictions on passwords:10-character enforcement, aging time; and a protection mechanism to filtercertain IP addresses.




.

Logging on to the system 17

When the hsecure flag is enabled, the software enforces the 10-characterrule for all passwords. When upgrading from a previous release, if thepassword does not have at least 10 characters, you are prompted to changeyour password to the mandatory character length. This password mustcontain a minimum of two uppercase characters, two lowercase characters,two numbers, and two special characters, such as !@#$%^*().

When the switch boots in hsecure mode after default factory settings withoutany password previously configured, you can use a default password to logon, but will be prompted to change the password. The new password mustfollow the rules mandated by high secure mode.

Enabling or disabling hsecureTo enable or disable hsecure, execute the CLI command:

config bootconfig flag hsecure {true|false}

A warning message appears prompting you to reboot the switch for thechange to take effect:Warning: Please save boot configuration and reboot theswitch for this to take effect.

Changing an invalid-length passwordWhen you enable hsecure and reboot the switch, any user with aninvalid-length password is prompted to change their password:

Login: rwaPassword: ***Your password is valid but less than mandatory 10 characters.Please change the password to continue.Enter the New password : **********Re-enter the New password : **********Password changed successfully

Aging enforcementWhen the hsecure flag is enabled, after a certain duration you are askedto change your password. If not configured, the aging parameter defaultsto 90 days.

You can configure the aging parameter by executing the following CLIcommand:

MERS-8610:5# config cli password aging <days>Set age-out time for passwordsRequired parameters: <days> = age-out time forpasswords/community strings {1..365}Command syntax: aging <days>




.


For SNMP and FTP, access is denied when a password expires. Communitystrings must be changed to a new string made up of more than eightcharacters before accessing the system.

Note that when the hsecure flag is enabled:

• The Webserver cannot be enabled at any time.

• The SSH password-authentication cannot be enabled at any time.

Filtering mechanismWhen the hsecure flag is enabled, incorrect IP source addresses asnetwork or broadcast addresses are filtered at the virtual router interface.For example:

V1 has the network address 192.168.168.0/24

Source addresses 192.168.168.0 and 192.168.168.255 are discarded.Note that this occurs for all IP subnets, not only for /24 as mentioned inthe example.

Modifying and Resetting PasswordsThe boot monitor command reset-passwd is used to reset the passwordsto the factory defaults.

• To reset all passwords to the factory defaults, enter the followingcommand at the boot monitor prompt:

reset-passwd

• To change a password, enter the following command. All passwordsare case-sensitive.

config cli password <access-level> <username>

The config cli password command prompts you to enter your oldand new password. The following shows the command prompts:

Enter the old password: <password>Enter the new password: <password>Re-enter the new password: <password>

Modifying the CLI login and passwordsIf you have read/write/all access permission, you can modify the CLI loginand passwords using the config cli password command. You canalso change the CLI login and passwords using Device Manager. Forinformation about how to change the CLI login and passwords usingthe Metro Ethernet Routing Switch 8600 CLI or Device Manager, seeConfiguring and Managing Security (314724-E).




.

Setting system identification 19

Rebooting or resetting the switchWhen you reboot the system, you can specify the boot source (flash,PCMCIA card, or TFTP server) and file name. If you do not specify a deviceand file, the Run-Time CLI uses the software and configuration files on theprimary boot device that is defined by the Boot Monitor choice command.

To reboot the system, use the following system command:

boot [<file>] [config <value>] [-y]

where

• file is the software image device and file name in the format[a.b.c.d:]<file> | /pcmcia/<file> | /flash/<file>. The file name, includingthe directory structure, can be up to 1024 characters.

• config <value> is the software configuration device and file name inthe format [a.b.c.d:]<file> | /pcmcia/<file> | /flash/<file>. The file name,including the directory structure, can be up to 1024 characters.

• -y suppresses the confirmation message before the switch reboots. Ifyou omit this parameter, you are asked to confirm the action beforethe switch reboots.

To boot the switch using the BootStrap Protocol (BootP), use the followingcommand:

boot 0.0.0.0

Entering the boot command with no arguments causes the switch to bootusing the current boot choices defined by the choice command.

You can reset the switch by using the following command:

reset

When you reset the switch, the most recently saved configuration file is usedto reload the system parameters.

Cold boot/warm boot trap messagesWhen the switch reboots normally, a cold trap is sent within 45 secondsafter a reboot. In the event of a SF switchover, a warm-start managementtrap is sent within 45 seconds of a reboot.

Setting system identificationSystem identification parameters specify the system name, contact person,and location.

To set the system identification:




.


Step Action

1 Specify the system name by entering:

config sys set name <sysname>

where

sysname is an ASCII string specifying the system name.

2 Specify the name of the contact person for the switch by entering:

config sys set contact <name>

where

name is an ASCII string specifying the name of the person.

3 Define the location for the system with the command:

config sys set location <system_location>

where

system_location is an ASCII string specifying the systemlocation.

—End—

Managing filesThis section describes CLI commands you can use to manage your files.

This section includes the following topics:

• "File system commands" (page 20) "

• "Displaying a directory" (page 21)

• "Copying files" (page 21)

• "Saving the configuration to a file" (page 22)

File system commandsThe CLI includes file management commands for working with the switchfiles. These commands allow all the basic operations of any file system.The commands take the general form of command <arguments>.




.

Managing files 21

Both the commands and the arguments can be abbreviated, providedthe abbreviation is not ambiguous. "File system commands" (page 21)summarizes the file system commands.

File system commands

Command Description

directoryLists contents of onboard flash memory or a PCMCIAcard.

copy Copies a file.

renameRenames a file.

save Saves the running configuration to a file.

Displaying a directoryTo display the contents of the flash and PCMCIA memory, use the followingcommand:

directory [<dir>] [<-l>]

where

• dir specifies either flash or PCMCIA, in the form /flash or /pcmcia.

• -l displays file details if you specify a path name.

When you invoke the directory command with no arguments, thiscommand displays the contents of all flash devices. When you specify flashor PCMCIA, directory displays only the contents of that device.

When using the dir command, the CLI displays all filenames under theparent directory, rather than the subdirectory.

Copying filesTo copy a file, use the following command:

copy <srcfile> <dstfile>

where

srcfile is the source file.dstfile is the destination file, that is, the name of the copied file.

For the copy command, the source and destination are specific file namesin the form:

[<ipaddr>:]<filename>




.


where

• ipaddr can specify a remote server location for the file.

• filename is the name of the file in the form /flash/xxx or /pcmcia/xxx.

You can use the copy command to copy a run-time image to flash memoryfrom a remote server. The command format for this operation is:

copy <ip_address>:<filename> <destination>

where

• ip_address:filename is the source argument that specifies the IPaddress of the remote server and the name of the file to be copied.

• destination specifies the name of the copied file in its new location.

Saving the configuration to a fileTo save the running configuration to a file, use the following command:

save <savetype> [file <value>] [verbose] [standby<value>] [backup <value>]

where

• savetype specifies the type of file to save; options are config,bootconfig, log, trace, or clilog.

• file <value> is the file name. value is a string from 1 to 99characters long.

• verbose saves the default and current configuration. If you omit theverbose parameter, only the current configuration is saved.

• standby <value> saves the specified file name to the standby CPU.value is a string from 1 to 99 characters long.

• backup <value> saves the specified file name and identifies the fileas a backup file. value is a string from 1 to 99 characters long.

Getting online HelpWhen you navigate through the Boot Monitor and Run-Time CLI, online Helpis available at all levels. You can access Help in one of the following ways:

• Typing help <command> explains what the command does and givesits syntax (see "help clear command sample output" (page 23)).




.

Getting online Help 23

help clear command sample output

• Typing the word help at the system prompt provides an explanation ofthe available help ("help command sample output" (page 23)).

help command sample output




.


• Typing <command> syntax displays a list of commands and parametersavailable for that command (see "clear syntax command sample output"(page 24)).

clear syntax command sample output

• Typing a question mark (?) at the prompt results in a list of all commandsin that command context and the subcontext of that command.

Pinging a deviceWhen you ping a device, an Internet Control Message Protocol (ICMP)packet is sent from the switch to the target device. If the device receives thepacket, it sends a ping reply. When the switch receives the reply, it displaysa message indicating that the specified IP address is alive. If no reply isreceived, a message indicates that the address is not responding.

To test the connection between the Metro Ethernet Routing Switch 8600and another network device, use the following command:

ping <ipaddr> [datasize <value>] [count <value>] [-s][-I <value>] [-t <value>] [-d]

where

• ipaddr is the IP address of the other network device.

• datasize <value> is the size of ping data sent in bytes. value is anumber from 16 to 4076.

• count <value> is the number of times to ping. value is a numberfrom 1 to 9999.

• -s sets the continuous ping at the interval rate defined by the -Iparameter.




.

Setting and displaying the date 25

• -I <value> is the interval between transmissions in seconds. valueis a number from 1 to 60.

• -t <value> is the no-answer time-out value in seconds. value isa number from 1 to 120.

• -d sets ping debug mode.

To specify a count for the ping operation, you must also specify a size. Forexample:

ping 10.5.5.5 datasize 1600 count 5

"ping command sample output" (page 25) shows output from the pingcommand.

ping command sample output

Setting and displaying the dateTo set the calendar time in the form of month, day, year, hour, minute, andsecond, use the following command:

config setdate <MMddyyyyhhmmss>

You must be logged in as rwa to use this command.

Configuration example: setting system date "config setdate commandsample output" (page 25) is sample output using the setdate command toset the system date.

config setdate command sample output

To view the current date settings for the switch, use one of the followingcommands:

date

or




.


show date

"date command sample output" (page 26) shows sample output for thedate command.

date command sample output

Accessing the standby CPUTo use Telnet or rlogin to access the standby CPU, use the followingcommand:

peer <operation>

where

operation is telnet or rlogin.

Use the peer command to make changes to the standby CPU withoutreconnecting to the console port on that module.

Note that before attempting to telnet to the standby CPU, the telnet daemonmust be enabled, otherwise the action cannot be executed.

ATTENTIONYou must set an rlogin access policy on the standby CPU before you can use thepeer command to access it from the master CPU using rlogin. To set an accesspolicy on the standby CPU, connect a terminal to the console port on the standbyCPU. For more information about the access policy commands, see Configuringand Managing Security (314724-E).

Exiting and reentering the CLITo end your CLI session, enter one of the following commands:

quitlogoutexit

To log back in to the CLI, use the login command.




.

27

Setting up the switch for remotemanagement

This chapter describes how to assign an IP address to the managementport, configure the management Ethernet port, and enable remotemanagement services. It includes the following topics:

Topic

"Assigning an IP address to the management port" (page 27)

"Configuring the management Ethernet port" (page 29)

"Setting security features" (page 30)

"Enabling remote access services using the CLI" (page 30)

"Monitoring the switch using web management" (page 32)

"Managing the switch using Device Manager" (page 32)

Assigning an IP address to the management portYou must assign an IP address to the management port (or ports, for aredundant CPU configuration) before you can use the port for out-of-bandmanagement. For example, if your switch has redundant 8691omSF or8692omSF CPU modules, each CPU management port has a specific IPaddress.

Note that when using a redundant CPU chassis configuration, the8692omSF is not supported in combination with 8691omSF, except whenfirst upgrading the chassis from the 869x to the 8692omSF.

In addition, you can create a virtual management port with an IP addressthat is available to either management module.

The master management module replies to all management requests sentto the virtual IP address, as well as to requests sent to its managementport IP address. If the master management module fails, and the backupmanagement module takes over, the virtual management port IP addresscontinues to provide management access to the switch.




.

28 Setting up the switch for remote management

To assign an IP address to the management port, use the followingcommand:

config bootconfig net mgmt ip <ipaddr/mask> [cpu-slot<value>]

where

• ipaddr/mask specifies the IP address and subnet mask of themanagement port (for example, 10.10.10.1/24).

• cpu-slot <value> specifies the position of the 8691omSF or8692omSF CPU (either slot 5 or slot 6). If you do not specify a slotnumber for the IP address, the address is assigned to the currentlyactive management module.

To assign an IP address to the virtual management port, use the followingcommand:

config sys set mgmt-virtual-ip <ipaddr/mask>

where

ipaddr/mask is the IP address and subnet mask you are assigning.

Any time you change the boot configuration, you must save the changes toboth the master and standby management modules.

To save the boot configuration:

Step Action

1 Save the command to the master and standby management moduleby entering:

save bootconfig standby <boot.cfg>

where

boot.cfg is the name of the configuration file.

2 Telnet to the standby management module and reset it by entering:

telnet <ipaddr>

reset

where

ipaddr is the IP address of the standby management module

—End—




.

Configuring the management Ethernet port 29

Assigning a default gatewayWhen configuring IP on most layer 2 switches, you need to specify the IPaddress of the default gateway, as well as the IP address of the device. Youcan specify up to four separate static routes. For more information aboutstatic routes, see Configuring IP Routing Operations (314720-F).

To specify a default gateway address/default route from the Boot MonitorCLI, use the following command:

net mgmt route net <netaddr> <gateway>

To specify a default gateway address/default route from the Run-Time CLI,use the following command:

config bootconfig net mgmt route net <netaddr> <gateway>

In each of these commands, the parameters are defined as follows:

• netaddr is the IP address of the destination network.

• gateway is the IP address of the default gateway.

As an example, if the IP address of the management port is 10.125.2.11and its next hop is 10.125.2.1, enter the following command to set up themanagement port correctly:

config bootconfig net mgmt route net 13.177.76.0 10.125.2.1

The value 13.177.76.0 represents the target subnet; the value 10.125.2.1represents the gateway used to point to the target subnet.

To save the configuration, use the following command:

save config

Configuring the management Ethernet portThe management Ethernet port can communicate only with devices on itslocal subnet, and on up to four statically configured remote subnets. Themanagement Ethernet port does not support a default gateway or defaultroute. The remote subnet is configured using the following CLI command,which requires knowledge of the next hop address:

config bootconfig net mgmt route add <a.b.c.d> <w.x.y.z>

For example, if the IP address of the management port is 10.125.2.11,and its next hop is 10.125.2.1, use the following command to set up themanagement port:

config bootconfig net mgmt route add 13.177.76.0 10.125.2.1




.


CAUTIONThis command uses the natural mask of the target subnet.Therefore, using the example above, implement the followingcommand:

config bootconfig net mgmt route add 13.0.0.010.125.2.1

Additionally, this route does not appear in the routing table of theMetro Ethernet Routing Switch 8600. Therefore, any 13.x.x.xnetworks that are learned or configured for output by way of theI/O modules can result in connectivity issues .

Setting security featuresUse system security parameters to define login names and passwords foraccess to the switch management functions and to specify the accessmethods, such as through a Telnet session or through a web browser.

You can use the CLI to set up passwords and community strings for accessto all the management functions of the switch.

For information about the security features available in the Metro EthernetRouting Switch 8600 software, see Configuring and Managing Security(314724-E).

Enabling remote access services using the CLIThis section describes how you enable or disable access services by settingflags, either from the Boot Monitor CLI or from the Run-Time CLI. You canaccess the boot monitor CLI while the switch is booting.

This section includes the following topics:

• "Accessing services from the Boot Monitor CLI" (page 30) "

• "Accessing services from the Run-Time CLI" (page 31)

• "Enabling rlogin" (page 31)

• "Disabling a service" (page 32)

Accessing services from the Boot Monitor CLITo enable an access service from the Boot Monitor CLI, use the followingprocedure:

Step Action

1 While the switch is booting, press any key to interrupt the autobootprocess.

2 Enable or disable the access service by using the followingcommand:




.

Enabling remote access services using the CLI 31

flags <access-service> {true|false}

where

• access-service is ftpd, rlogind, telnetd, tftpd, orsshd.

• true enables the access service.

• false disables the access service.

—End—

Accessing services from the Run-Time CLITo set up an access service from the Run-Time CLI, use the followingcommand:

config bootconfig flags <access-service> {true|false}

where

• access-service is ftpd, rlogind, telnetd, tftpd, or sshd.

• true enables the access service.

• false disables the access service.

To save the state of the access service that you set up, use the followingcommand:

save bootconfig

Enabling rloginWhen you enable remote login using the config bootconfig rlogindtrue command, you must configure an access policy and specify the nameof the user who can have access to the switch.

The following sample configuration shows how to configure an accesspolicy for rlogin. For more information about configuring access policiesusing the CLI and Device Manager, see Configuring and Managing Security(314724-E).MERS-8610:5# config sys access-policy policy 3 name "fromsubnet10"MERS-8610:5# config sys access-policy policy 3 username"netadmin"MERS-8610:5# config sys access-policy policy 3 network10.0.0.0/255.0.0.0MERS-8610:5# config sys access-policy policy 3 service rloginenable




.


Disabling a serviceTo disable one of the services on the switch, enter the following command:

config bootconfig flags <access-service> false

where

access-service is ftpd, rlogind, telnetd, tftpd, or sshd.

When you enable or disable the access service flags, daemon behavior ischanged immediately. You do not need to save the boot configuration fileand reboot the system.

Monitoring the switch using web managementThe Metro Ethernet Routing Switch 8600 includes a web managementinterface that enables you to monitor your switch, through a World WideWeb browser, from anywhere on your network. The web interface providesmany of the same monitoring features as the Device Manager software.

For configuration requirements and instructions for installing the help files,enabling the web server using Device Manager, and accessing the webinterface, see Configuring Network Management (314723-E).

Managing the switch using Device ManagerDevice Manager is an SNMP-based graphical user interface (GUI) tooldesigned to manage single devices. To use Device Manager, you must havenetwork connectivity to a management station running Device Manager inone of the supported environments.

For instructions on installing and starting Device Manager, refer to NortelMetro Ethernet Routing Switch 8600 Fundamentals — Using DeviceManager (NN46225-300).




.

33

Providing switch reliability

As system resources become more widely distributed, the reliability ofnetwork nodes is even more important because it affects connectivity in theentire network. While reliability ensures that the software and hardwarecomponents of a node are robust, they are still prone to failures. Protectingthe node from failure of any of its components makes the node highlyavailable.

Many high availability features are built in at all levels of the Metro EthernetRouting Switch 8600, including the following:

• Port-level and slot-level redundancy in the form of MultiLink Trunking(MLT)

• Switch Fabric (SF) redundancy and load-sharing

• Split MultiLink Trunking (SMLT)

• Hot-swappable input/output (I/O) modules

• Router redundancy through Virtual Router Redundancy Protocol (VRRP)

• Redundant fans and power supply units

• Basic CPU availability—warm standby

• High CPU availability—hot standby (High Availability mode is notsupported with Metro ESM 8668 modules)

For more information about MLT, SMLT, and VRRP, see Configuring VLANs,Spanning Tree, and Link Aggregation (314725-E).

In the event that the primary CPU fails, the backup CPU assumes theprimary role.

ATTENTIONDuring a CPU failover, do not hot swap I/O modules until the new CPU becomesthe master CPU.

You can configure CPU redundancy to provide either basic availability orhigh availability.




.

34 Providing switch reliability

In warm standby redundancy mode, if the primary CPU fails, the backupCPU must initialize all input/output modules and load switch configurations,causing delays and disrupting operations. In hot standby redundancy mode,both CPUs maintain synchronized configuration and operational databases,enabling very quick recovery and high availability.

If you enable layer 2 CPU redundancy, you automatically disable layer 3routing operations on the switch and cannot configure routing parameters.

When you enable layer 2 CPU redundancy, both the primary and backupCPUs synchronize their database structures following initialization. Thisprocess is performed only on initialization.




.

35

Index

Aaccess methods, specifying 30access services

enabling, using the CLI 30acronyms 9

BBoot Monitor CLI

help commands 22boot parameters, setting 19BootP (BootStrap Protocol)

using to boot the switch 19

Ccable, serial 13CLI

Run-Time 12CLI commands

config sys 20copy 21date 25directory 21exit 26file system 20logout 26peer 26ping 24quit 26setdate 25

commandsconfig sys 20copy 21

date 25directory 21exit 26file system 20help 22logout 26peer 26ping 24quit 26save 22setdate 25

config sys commands 20configuration

saving 22connection, testing 24connector, modemConsole port

connecting 12interface description 12RS-232 port 12

contact person, system 20copy command 21CPU, accessing standby 26

Ddate command 25default route, assigning 29defaults

login names and passwords 15Device Manager

requirements 32directory command 21




.

36 Index

Eexit command 26

Ffile system commands 20files, copying 22

Ggateway address, assigning 29

Hhelp commands 22

Iidentification parameters, system 19IP address

assigning 27

Llayer 2 CPU redundancy

hot standby 34warm standby 34

location, system 20login names

default 15setting 30

logout command 26

MManagement port 27master management module 28messages

cold boot 19warm boot 19

modem, connecting 13

Nname, system 20

Ppasswords

changing Web interface, usingDevice Manager 32

default 15peer command 26, 26pin assignments, Modem portping command, Boot Monitor CLI 24protocol settings, terminal 13

Qquestion mark in the CLI 24quit command 26

Rrequirements

Device Manager 32RS-232 Console port 12Run-Time CLI

accessing 12

Ssave command, Run-Time CLI 22save configuration 22serial-port connection 12setdate command 25standby CPU, accessing 26, 26standby management module 28system identification 19system parameters, setting 20

TTelnet access

opening from Device Manager 12telnet command 28terminal protocol, setting 13terminal, connecting 12

Vvirtual management port 28

WWeb interface

changing password for, using DeviceManager 32




.

Nortel Metro Ethernet Routing Switch 8600

CommissioningCopyright © 2005-2007, Nortel NetworksAll Rights Reserved.

Publication: NN46220-309Document status: StandardDocument version: 01.01Document date: 20 March 2007

To provide feedback or report a problem in this document, go to www.nortel.com/documentfeedback.

Nortel, the Nortel logo, and the Globemark are trademarks of Nortel Networks.

All other trademarks are the property of their respective owners.

This document is sourced in Canada and the United States of America.

http://www.nortel.com/documentfeedback

Documents

Mers 8600 Commissioning