T-Marc 300 Series v10.1.Rx User Guide

T-Marc 300 Series

(T-Marc 340 and T-Marc 380)

Demarcation Device

User Guide

Release 10.1.Rx May 2010

MN100168 Rev R

The information in this document is subject to change without notice and describes only the product defined in the introduction of this document. This document is intended for the use of customers of Telco Systems only for the purposes of the agreement under which the document is submitted, and no part of it may be reproduced or transmitted in any form or means without the prior written permission of Telco Systems. The document is intended for use by professional and properly trained personnel, and the customer assumes full responsibility when using it. Telco Systems welcomes customer comments as part of the process of continuous development and improvement of the documentation.

If the Release Notes that are shipped with the device contain information that conflicts with the information in the user guide or supplements it, the customer should follow the Release Notes.

The information or statements given in this document concerning the suitability, capacity, or performance of the relevant hardware or software products are for general informational purposes only and are not considered binding. Only those statements and/or representations defined in the agreement executed between Telco Systems and the customer shall bind and obligate Telco Systems. Telco Systems however has made all reasonable efforts to ensure that the instructions contained in this document are adequate and free of material errors and omissions. Telco Systems will, if necessary, explain issues which may not be covered by the document.

Telco Systems sole and exclusive liability for any errors in the document is limited to the documentary correction of errors. TELCO SYSTEMS IS NOT AND SHALL NOT BE RESPONSIBLE IN ANY EVENT FOR ERRORS IN THIS DOCUMENT OR FOR ANY DAMAGES OR LOSS OF WHATSOEVER KIND, WHETHER DIRECT, INCIDENTAL, OR CONSEQUENTIAL (INCLUDING MONETARY LOSSES), that might arise from the use of this document or the information in it.

This document and the product it describes are the property of Telco Systems, which is the owner of all intellectual property rights therein, and are protected by copyright according to the applicable laws.

Telco Systems logo is a registered trademark of Telco Systems, a BATM Company. BiNOS, BiNOSCenter, T-Marc, T5 Compact, T5C-XG, T-Metro, EdgeLink, EdgeGate, Access60, AccessIP, AccessMPLS, AccessTDM, AccessEthernet, NetBeacon, Metrobility, and OutBurst are trademarks of Telco Systems.

Other product and company names mentioned in this document reserve their copyrights, trademarks, and registrations; they are mentioned for identification purposes only.

Copyright Telco Systems 2010. All rights reserved.

Introduction (Rev. 12)

Introduction Telco Systems T-Marc 300 Series Ethernet Service-Demarcation and Extension product line provides intelligent and remotely managed, multiport customer-located equipment (CLE) to deliver managed converged services (voice, video, and data) over virtual Ethernet, MPLS/VPLS, and IP networks.

This family of products allows service providers to deliver multiple services on separate customer interfaces, including multiple services over a single customer interface. Since each service is isolated, providers can troubleshoot each individual service without impacting others.

Using Operations, Administration, and Maintenance (OAM) tools, service providers can measure and ensure provisioned Service Level Agreements (SLA).

The devices embedded security controls ensure protection against denial-of service attacks.

Advanced Layer 2 Networking, using Telco Systems AccessEthernet, allows total flexibility in deployment and delivery of Ethernet services. Physical and virtual networking capabilities provide automated address-management and discovery, bandwidth profiles, advanced traffic classes, and complete control over how subscriber traffic is transported across a service providers network.

The T-Marc 300 Series product line includes two models: T-Marc 340 offers two dual uplink ports (10/100/1000Base-T or 100Base-Fx/1000Base-X)

and four dual access ports (10/100/1000Base-T or 100Base-Fx/1000Base-X). T-Marc 380 offers the same as T-Marc 340 in addition to four dual access ports

(10/100/1000Base-T or 100Base-Fx/1000Base-X).

The devices operate using an internal AC or DC power supply. They can be rack/wall mounted or placed on a table-top.

T-Marc 300 Series User Guide

Page 2Introduction (Rev. 12)

Using This Document

Documentation Purpose This user guide includes the relevant information for configuring the T-Marc 300 Series functionalities.

It provides the complete syntax for the commands available in the currently-supported software version and describes the features supplied with the device.

This guide does not include instructions on how to install the device. For more information regarding the device installation, refer to the T-Marc 300 Series Installation Guide.

For the latest software updates, see the Release Notes for the relevant release. If the release notes contain information that conflicts with the information in the user guide or supplements it, follow the release notes' instructions.

Intended Audience This user guide is intended for network administrators responsible for installing and configuring network equipment.

You have to be familiar with the concepts and terminology of Ethernet and local area networking (LAN) to use this guide.

Documentation Suite This document is just one part of the full documentation suite provided with this product.

You are: Document Function Function

Installation Guide Contains information about installing the hardware and software; including site preparation, testing, and safety information.

User Guide Contains information on configuring and using the system.

Release Notes Contains information about the current release, including new features, resolved issues (bug fixes), known issues, and late-breaking information that supersedes information in other documentation.



Conventions Used The conventions below are used to inform important information:

NOTE

Indicating special information to which the user needs to pay special attention.

CAUTION

Indicating special instructions to avoid possible damage to the product.

DANGER

Indicating special instructions to avoid possible injury or death.

The table below explains the conventions used within the document text:

Conventions Description

commands CLI and SNMP commands command example CLI and SNMP examples user-defined variables

[Optional Command Parameters] CLI syntax and coded examples



Organization The T-Marc 300 Series User Guide comprises the below list of chapters, each focusing on a different feature or set of features. Each chapter begins with a brief overview of the feature/s, followed by the configuration flow and corresponding commands' configuration section.

Chapter Name Description

Using the Command Line Interface (CLI)

Basic information about the T-Marc 300 Series CLI, its modes, and general usage details.

Device Setup and Maintenance

Accessing T-Marc 300 Series devices, login information, and the devices' reloading options.

Device Administration Administering T-Marc 300 Series devices and performing initial device configuration (such as the devices time and date, software upgrade, and protecting the device from outside attacks).

Configuring Interfaces The device interface types and their configuration. The chapter also offers information on static Link Aggregation Groups (LAGs), establishing resilience across the network segments, and Alarm Propagation.

Configuring VLANs and Super VLANs

An overall understanding of VLANs and their configuration.

Configuring Transparent LAN Services (TLS)

The deployment of Transparent LAN Services.

Configuring Spanning Tree Protocol (STP)

The IEEE 802.1D STP standard and its configuration

Configuring Rapid Spanning Tree Protocol (RSTP)

The IEEE 802.1W Rapid STP standard and its configuration.

Configuring Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s)

The IEEE 802.1S Multiple STP standard and its configuration.

Configuring Access Control List (ACL)

Creating ACLs, traffic rate-limit, and applying QoS using ACLs.

DHCP Snooping DHCP Snooping security feature used to reinforce the client network and create an environment resilient to outside attacks.

Configuring Quality of Service (QoS)

Configuring different service levels for traffic traversing the device, providing preferential treatment to specific traffic.

Operation Administration and Maintenance (OAM)

The different tools for monitoring and troubleshooting the network: IEEE 802.3ah Ethernet in the First Mile (EFM) IEEE 802.1ag Connectivity Fault Management (CFM) SAA Test-Head and SAA Throughput Test ITU-T G.8031 Ethernet Protection Switching (EPS) Event Propagation (configuring automatic actions executed

upon the occurrence of specific events) Ethernet Local Management Interface (E-LMI), an OAM

protocol enabling the auto configuration of Metro Ethernet services support



Chapter Name Description

Configuring Link Layer Discovery Protocol (LLDP)

Configuring the IEEE 802.1AB standard.

Configuring Device Authentication Features

The privileged access levels to commands used for protecting the device from unauthorized access. The chapter describes RADIUS, TACACS+, and SSH.

Internet Group Multicast Protocol (IGMP) Snooping

Configuring the session-layer IGMP Protocol.

Configuring Simple Network Management Protocol (SNMP)

Configuring SNMP, community strings, and enabling trap managers and traps.

SNMP Reference Guide The detailed list of MIBs and objects for controlling, monitoring, and managing the device and its features from a remote location.

Configuring Remote Monitoring (RMON)

Configuring the RMON feature used with the SNMP agent.

Configuring System Message Logging

Configure system message logging, message format, and message types displayed.

Troubleshooting and Monitoring

Troubleshooting and monitoring tools used to detect and solve BiNOS related problems. Provides a set of built-in tests that examine hardware and its configuration validity. This chapter also contains other information such as traffic monitoring, monitoring the device's periodic operation, alert behavior, and laser monitoring.

Appendix A: Default Configuration

The devices default configuration.

Appendix B: Product Capabilities

The devices supported features.

Appendix C: Acronyms Glossary

The list of acronyms used in this user guide and their meaning.



Getting Documentation Updates You can access the most current Telco Systems documentation on the following site: http://support.batm.com/.

Access to most of the Telco Systems documentation is password protected. To obtain a password, contact the BATM support center.

Technical Support Telco Systems provides technical assistance for customers and partners. Users can obtain technical assistance by any of the following phone, fax, and e-mail options:

Web Access: http://www.telco.com/

BATM Advanced CommunicationsMain Support Center in Israel

Tel: +972-4-993-5630 Fax: +972-4-993-7926 Email: mailto:[email protected]

BATM/Telco Systems a BATM Companyfor Americas

Tel: 1-800-227-0937 (U.S.), 1-781-255-2120 (Outside U.S.) Fax: 1-781-255-2122 Email: [email protected]

BATM Germanyfor Northern Europe

Tel: +49-241-463-5490 Fax: +49-241-463-5491 Email: [email protected]

BATM Francefor Southern Europe


Telco Systems, a BATM Company Asia Pacific in Singapore


Telco Systems Asia PacificJapan


Using the Command Line Interface (CLI) (Rev. 07)

Using the Command Line Interface (CLI)

Table of Contents Overview 2

Accessing the CLI 2

The CLI Modes 3 View Mode 3 Privileged (Enable) Mode 3 Configuration Modes 3

Using the CLI 5 Command Keywords and Arguments 5 Minimum Abbreviation 6 Dynamic Completion of Commands 7 Regular Expressions 7 Getting Help 8 CLI Keyboard Sequences 12 Using the Command History 12 General Commands 13 CLI Messages 14


Page 2Using the Command Line Interface (CLI) (Rev. 07)

Overview CLI is a network management application operating through an ASCII terminal.

Using the CLI commands, users can configure the device parameters and maintain them, receiving text output on the terminal monitor. These system parameters are stored in a non-volatile memory and users have to set them up only once.

The device CLI is password protected.

Accessing the CLI You can access the CLI: directly, by connecting a PC to the devices console port over an IP network, using Telnet or SSH Once the console port is displayed, users have to type the deivce password to execute CLI commands.

Example: User Access Verification Password:batm T-Marc_3X0>

For more information, refer to the Methods of Managing a Device section of the Device Setup and Maintenance chapter.

Throughout this guide, we refer to the T-Marc 300 Series device prompt as device-name.



The CLI Modes The CLI is built in heirarchial modes, each mode grouping relevant CLI commands. Below is the list of the devices main CLI modes.

View Mode This is the initial, user-level mode the CLI enters after successfully login on to the CLI. This modes prompt is >: device-name>

The View mode is password protected (the default password is batm)

Privileged (Enable) Mode The Privileged (Enable) mode is primarily used for viewing the system status, controlling the CLI environment, monitoring network connectivity, troubleshooting, and initiating the different Configuration modes. This modes prompt is #.

To access this mode from View mode use the enable command: device-name>enable device-name#

The Privileged (Enable) mode is not password protected by default. However you can configure password protection by using the enable password command (for more information, refer to the Device Setup and Maintenance chapter of the user guide).

Configuration Modes To change the device configuarion, users need to access the Configuration mode. This modes prompt is (config)#. To access this mode from the Privileged (Enable) mode, use the configure terminal command. device-name#configure terminal device-name(config)#

The Configuration mode has various sub-modes for configuring the different device features, as shown in the below table.

Example To access the Protocol Configuration mode, use the protocol command in Global Configuration mode: device-name(config)#protocol device-name(cfg protocol)#



Table 1: Configuration Sub-Modes Summary

Configuration Mode

Role Prompt

VTY Controlling the Virtual Telnet Type (VTY) connection to the device

device-name(config-VTY)#

The device physical-interfaces configuration

device-name(config-config-if UU/SS/PP)#

Interface range configuration device-name(config-if-group)# Link Aggregation Groups (LAG) interface configuration

device-name(config-if AG0N)#

Interface

LAG interface range configuration device-name(config-ag-group)# Interface Access Control Groups (ACG) configuration

device-name(config-if UU/SS/PP acg ACL-NUMBER)#

Virtual LAN (VLAN) ACG configuration

device-name(config-vlan VLAN-NAME acg ACL-NUMBER)#

ACG

LAG interface ACG configuration device-name(config-if AG0N acg ACL-NUMBER)#

VLANs configuration device-name(config vlan)# VLAN Specific VLAN configuration device-name(config vlan VLAN-

NAME)# Protocol Protocols settings such as STP,

RSTP, MSTP, EFM-OAM and, LAG device-name(cfg protocol)#

Resilient Link Resilient links configuration device-name(config-resil-link N)#

Script-file System

Script-file system management device-name(config-config script-file-system)#

Monitor Monitoring parameters settings device-name(config monitor N)# MSTP MSTP configuration device-name(cfg protocol mstp) CFM CFM-OAM protocol configuration device-name(config-cfm) SAA Throughput Test

SAA throughput test configuration device-name(config-saa-throughput)

SAA profile configuration device-name(config-saa-profile-Profile_ID)

SAA Test-Head

SAA test configuration device-name(config-saa-TESTNAME) TLS TLS service configuration device-name(config-tls SERVICE-

NAME)# EPS EPS configuration device-name(config-eps-SERVICE-

NAME)# Event Propagation

Event Propagation profile configuration

device-name(config-ep-profile ID)#



Using the CLI

Command Keywords and Arguments Each CLI command is build up of a series of keywords and arguments: Keywords identify the commands action Arguments specify the commands configuration parameters The CLI commands are not case sensitive.

The general CLI syntax is represented by the following format: device-name[(config ...)]#keyword(s) [argument(s)] ... [keyword(s)]

[argument(s)]

In this format: device-name[(config ...)]# represents the prompt displayed by the device. This prompt

includes: the user-defined device-name the current CLI mode

the command keywords and arguments typed by the user

Example: In the command below: device-name(config vlan)#create NAME

the CLI mode is Config VLAN create is the command keyword NAME are command arguments



Table 2: CLI Syntax Conventions in the User Guide

Symbol/Format Description

A numerical argument:

Italic, capital letters

A string argument:

NAME

bold letters A command keyword: copy

A.B.C.D An IP address:

10.4.0.4

UU/SS/PP A physical port number in a unit/slot/port format:

1/2/6

HH:HH:HH:HH:HH:HH A MAC address in a hexadecimal format:

00:a0:12:07:0f:78

[] An optional argument or keyword: [FILENAME]

{} A mandatory argument or keyword: {enable | disable}

| An or between two arguments or keywords, the user should select from: {true | false}

Minimum Abbreviation The CLI accepts a minimum number of characters that uniquely identify a command. Therefore you can abbreviate commands and parameters as long as they contain enough letters to differentiate them from any other available commands or parameters on the specific CLI mode.

Example You can type the config terminal command as config t. device-name#config t device-name(config)#

In case of an ambiguous entry (when the CLI mode includes more than once command matching the characters typed), the system prompts for further input.

Example device-name#con [%Error] Command incomplete



Dynamic Completion of Commands In addition to the Minimum Abbreviation functionality, the CLI can display the commands possible completions.

To display possible command completions, type the partial command followed immediately by or . In case the partial command uniquely identifies a command, the CLI displays the full

command. Otherwise the CLI displays a list of possible completions.

device-name(config)#in Possible completions: interface --- insert Insert a parameter

Regular Expressions Regular expressions are a subset of EGREP and AWK programming-language regular expressions.

Table 3: Common Regular Expressions

Key Function

. Matches any character ^ Matches the beginning of a string $ Matches the end of a string [abc...] Character class that matches any of the characters: abc

To specify a character range, type a pair of characters separated by a -. [^abc...] Negated character class that matches any character except abc.... r1 | r2 Matches either r1 or r2 r1r2 Matches r1 and then r2 r+ Matches one or more r r* Matches zero or more r r? Matches zero or one r (r) Matches a pattern group



Getting Help To get specific help on a command mode, keyword, or argument, use one of the following commands or characters:

Table 4: CLI Help Options

Command Purpose

help Provides a brief description of the help system in any command mode:

device-name(config)#help BiNOS CLID VTY provides advanced help feature.

When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and

you must backup until entering a '?' shows the available options. Two styles of help are provided: 1. Full help is available when you are ready to

enter a command argument (e.g. 'show ?') and describes

each possible argument. 2. Partial help is provided when an abbreviated

argument is entered and you want to know what arguments match the

input (e.g. 'show me?'.)

abbreviated-command or abbreviated-command

To display a commands possible completions, type the partial command followed immediately by or . If the partially typed command uniquely identifies a command, the full command name is displayed. Otherwise, the CLI displays a list of possible completions:

device-name(config)#int UU/SS/PP ag01 ag02 ag03 ag04

ag05 ag06 ag07 range sw0

command? or abbreviated-command?

(Leave no space between the command and ?) Provides a list of commands that begin with a particular string and their description:

device-name#con? configure Configuration from vty interface



Command Purpose

? Lists all commands available in the particular command mode:

device-name(config)#? aaa Authentication and accounting

method access-list Set access list definition alias Enable creating an alias of a

command. An alias is a short form of a command banner Set the banner string caps-lock Warn if passwords contains only

CAPITAL letters cfm Connectivity Fault Management cpu CPU utilization monitoring --More

command ? or abbreviated-command ?

(Leave a space between command and ?) Lists the keywords or arguments that the user can type next on the command line:

device-name#show ? access-class Access-class vty status access-lists Display the named access

lists alarm-inherit Show Alarm Propagation on

port cfm Connectivity Fault

Management clock Show current system date and

time configuration-history Display stored configuration

history cpu Display CPU monitoring --More



Command Purpose

! The CLI ignores all the characters following ! and up to the next new line. Use this option when pasting a file that includes comments into the CLI:

device-name#show running-config Building the configuration ... ! T-Marc 300 Version 9.4 ! password: 3090372e3f8bc00eeacc46219f7557485983251a994551f918e

04712f86c5818 ip address 10.4.4.210 255.255.0.0 interface sw0 ! ! Source Ip Configuration: ! ! Log Configuration: --More--

NOTE

To use ! as an argument, prefix it with \ or inside double quotes ().



Command Purpose

command | {include | exclude} regular-expression

Searches and filters the command output. Use this functionality to sort through a large output or to exclude irrelevant output. include: displays output lines that contain the regular

expression exclude: displays output lines that do not contain the

regular expression any regular-expression (text string) found in the show

command output

Example 1 The example below displays only interface output lines: device-name#show running-config | include interface Building the configuration ... interface sw0 interface 1/1/1 interface 1/1/2 interface 1/2/1 interface 1/2/2 interface 1/2/3 interface 1/2/4 interface 1/2/5 interface 1/2/6 interface 1/2/7 interface 1/2/8 interface ag01 interface ag02 interface ag03 interface ag04 interface ag05 interface ag06 interface ag07

Example 2 The example below displays only lines that contain 2:

device-name#show running-config | include 2 password 3090372e3f8bc00eeacc46219f7557485983251a994551f918e

04712f86c5818 ip address 10.4.4.210 255.255.0.0 interface 1/2/2 interface 1/2/3 interface 1/2/4 interface 1/2/5 interface 1/2/6 interface 1/2/7 interface 1/2/8 interface ag02



CLI Keyboard Sequences Users can use keyboard sequences to move around the command line and edit it. They can also use keyboard sequences to scroll through a list of recently executed commands.

Table 5: CLI Keyboard Sequences

Key Function

Backspace Deletes the character preceding the cursor

Ctrl-A Moves to the beginning of the line

Ctrl-B Moves one character back

Ctrl-C Interrupts the current input and moves to the next line

Ctrl-D Moves one node back

Ctrl-E Moves to the end of the line

Ctrl-F Moves one character forward

Ctrl-H Deletes the character preceding the cursor

Ctrl-K Deletes all characters to the end of the line

Ctrl-N Moves down to the next line in the history buffer

Ctrl-P Moves up to the previous line in the history buffer

Ctrl-U Deletes the line

Ctrl-W Erases the last word

Ctrl-Z Returns to Enable mode

Esc+B Moves one word back

Esc+D Deletes the characters after the cursor

Esc+F Moves one word forward

Esc Stops ping from the device (for more information regarding the ping command, refer to the Device Administration chapter).

Tab Fills in the rest of the command line

Using the Command History The CLI maintains a history of commands (used in any CLI mode) that users can modify and execute.

To scroll back through the commands history, press the arrow-up key.

For more information, refer to the Configuring System Message Logging chapter.



General Commands You can use the following commands in all CLI modes:

Table 6: General Commands

Command Description

no Negates the command or resets the command to its default value.

To disable privilege-limited logging, type:

device-name#no log group users-limit

alias Associates a contiguous character string as an alias to a command that optionally includes specific arguments. The defined alias is fully equivalent to the command it is associated to, in the CLI mode the alias was defined.

To assign an alias to the command show interface 1/1/1 statistics, type: device-name#alias sint1 show interface 1/1/1 statistics

Once the alias is assigned, you can execute the command by typing the alias (sint1) in the relevant mode (Privileged (Enable) mode): device-name#sint1 Octets 212 In/OutPkts 64 383 Collisions 0 In/OutPkts 65-127 0 Broadcast 0 In/OutPkts 128-255 0 Multicast 0 In/OutPkts 256-511 0 CRCAlignErrors 0 In/OutPkts 512-1023 0 Undersize 0 In/OutPkts 1024-

MaxFrameSize 0 Oversize 0 TotalInPkts 383 Fragments 0 TotalIn/OutPkts 383 Jabbers 0 DropCount 0 DropEvents 0 Last5secInPkts 50 Last5secInBps 409 Last1minInPkts 353 Last1minInBps 408 Last5minInPkts 353 Last5minInBps 81 Last5secOutPkts 0 Last5secOutBps 0 Last1minOutPkts 0 Last1minOutBps 0 Last5minOutPkts 0 Last5minOutBps 0

exit Escapes the current mode and enters the previous mode:

device-name(config-if 1/1/1)#exit device-name(config)#protocol device-name(cfg protocol)#exit device-name(config)#



Command Description

quit Logs out and disconnects from the device:

device-name(config-if 1/1/1)#quit Connection to host lost

end Escapes the current mode and enters the Privileged (Enable) mode:

device-name(cfg protocol)#end device-name#

CLI Messages The CLI displays relevant messages in response to executed commands:

Table 7: CLI Messages

CLI Message Description

% is not recognized Displayed when the entry is not a command. % command incomplete Displayed when the user types a valid command but fails to type

the commands required arguments. In this case, press to display the commands possible completions.

% Ambiguous token Displayed when the user types too few characters. In these cases, the CLI detects an ambiguity and displays the possible matches:

device-name(config)#w % Ambiguous token : w % It matches the following tokens : who write

Device Setup and Maintenance (Rev. 09)

Device Setup and Maintenance

Table of Contents Table of Figures 3

Overview 4

Methods of Managing a Device 5

Connecting to the Console Port 5

The Terminal Screen Display 6

Connecting the Device via Telnet 7 Managing the Device via SNMP 7

Login and Password 8 Password Recovery 8

Default Passwords Recovery 8

Backdoor Password Recovery 8 Device Passwords Configuration Commands 9

Configuring the View Mode Password 9

Configuring the Privileged (Enabled) Mode Password 10

Configuring the Loader Mode Password10

Enabling/Disabling Caps Lock Notification 11

The Device IP Commands 12

Configuring the Devices Primary IP Address12

Configuring the Devices Secondary IP Address 13

Configuring a Default Gateway 14

Displaying the Device IP Address 14

Displaying Routes 15

Telnet Commands 16 Telnet Session Configuration Commands16

Connecting a Remote Host via a Telnet Client 17


Page 2Device Setup and Maintenance (Rev. 09)

Enabling/Disabling the Devices Telnet Server 17

Displaying Current Telnet Connections18

Displaying the Current Telnet-Session Index18

Terminating a Telnet Connection19

Virtual Terminal (VTY) 20 Switching Between VTY Sessions20 The VTY Step by Step Configuration 21 VTY Configuration Commands22

Accessing the VTY Configuration Mode 22

Configuring the Device Name 23

Defining the VTY Connection Timeout 23

Creating ACLs for Restricting Telnet and SSH Access to the Device24

Applying ACLs for Filtering Telnet/SSH Connections 25

Defining the Terminal Length 25

Enabling the Advanced VTY Mode 26

Displaying Applied ACLs26 Configuration Example 27

Creating a Login Banner/Message-of-the-Day (MOTD) 28 MOTD Configuration Commands28

Enabling/Disabling the Default-MOTD Display 28

Configuring a Single-line MOTD 29

Configuring a Multi-line MOTD30

Saving and Displaying the Device Configuration31 Saving, Erasing, and Displaying Configuration Commands 31

Saving the Devices Running Configuration 31

Restoring Factory Defaults Configuration 32

Displaying the Devices Running Configuration 32

Displaying the Devices Start-up Configuration 33

Reloading the Device34

Supported Platforms35

Supported Standards, MIBs and RFCs 35



Table of Figures Figure 1: Initial Device Configuration 4 Figure 2: Management Methods 5 Figure 3: A Telnet Server Example 27



Overview This chapter provides the initial necessary information for accessing a T-Marc 300 Series device, password configuration, saving new configuation parameters, and reload options.

To start a T-Marc 300 Series device, follow the installation guide instructions about installing, and powering on the device.

Below are the first steps for initializing and configuring the T-Marc 300 Series device.

Figure 1: Initial Device Configuration

Manage the device via CLI or/and SNMP

Log on to the device as a default user

Connect to the device console port

Configure the device IP address

Start

End



Methods of Managing a Device You can manage a device using one (or both) of the following methods: Command line interface (CLI)either directly, connecting the device console port to a PC or over

the network using Telnet and/or SSH Simple Network Management Protocol (SNMP)

Figure 2: Management Methods

Connecting to the Console Port The T-Marc 300 Series console port is a EIA232 VT-100 compatible, (optionaly) password-protected port, through which you can define the device's basic operational parameters.

To connect your PC to the devices console port follow the steps below: 1. Use the console cable shipped with the device and connect the cables RJ-45 connector to the

device's console port (CON). The cable has the following pinout:

Device Side PC Side

RJ-45 Pin # DB-9 Female

3 2

2 3

5 5

2. Connect the other side of the cable to your PCs serial port. 3. Set the PC port to 9600-N-8-1 or: 9600 bps no parity 8 data bits 1 stop bit no flow control



The Terminal Screen Display Once connected to the console port, turn on the device. A screen similar to the below example is displayed after a few seconds:

BATM Telco Boot Loader Device model : T-Marc 340 Loader version : 6.6 TMC 07 created Jan 15 2006 - 10:44:48 MAC Address : 00:A0:12:27:14:20 Press any key to stop auto-boot... 0 auto-booting... Uncompressing 2131761 bytes... Loading image... 8234000 Starting device application, please wait... BUILT-IN SELF TEST ------------------ CPU Core Test : Passed CPU Interface Test : Passed Testing Device Core : Passed Data Buffer Test : Passed /////////////////////////////////////////////////////////////////////////// // // // // // B A T M A d v a n c e d C o m m u n i c a t i o n s // // // // T e l c o S y s t e m s // // // // Device model : T-Marc 380 // // Product Category : AccessEthernet(TM) // // SW version : 10.1 created Mar 17 2010 - 20:19:58 // // // // // /////////////////////////////////////////////////////////////////////////// User Access Verification Password:



Connecting the Device via Telnet You can connect the device CLI using Telnet once the device has a configured IP address.

To connect the device using Telnet, follow the below steps: 1. Connect to the device console port (see above). 2. Power on the device. The device starts up, displaying the device terminal. 3. Type the device password at the prompt (the default password is batm).

Password: batm 4. Enter the Privileged (Enable) mode:

device-name>enable device-name#

5. Enter the Configure mode: device-name#configure terminal

6. Configure the device IP address and subnet mask (the default IP address is 20.20.5.254/16): device-name(config)#ip address

A.B.C.D The device IP address

/M The subnet mask, in the range of

7. Define the default gateway IP address (if the host is on a different subnet): device-name(config)#ip route 0.0.0.0/0

8. Return to the Privileged (Enable) mode: device-name(config)#end

9. Save these parameters (from the running configuration to NVRAM): device-name#write

10. Connect your PC to a device port that is in VLAN 1 (by default all the device ports are members of this VLAN. For more information on VLANs, refer to the Configuring VLANs and Super VLANs chapter of this User Guide).

11. Open a Telnet session and type the device IP address to connect to the device.

Managing the Device via SNMP You can manage a T-Marc 300 Series device via SNMP using an SNMP based management-application. For more information, refer to the Configuring SNMP and SNMP Reference Guide chapters of this User Guide.

To manage a device via SNMP, connect youre management PC to a device port that is in VLAN 1 (by default all the device ports are members of this VLAN. For more information on VLANs, refer to the Configuring VLANs and Super VLANs chapter of this User Guide).



Login and Password The CLI is passowrd protected, enabling access only to authorised users.

To control the level of access to the device, the device has three privilege levels, each one with its own configurable password: View mode Privileged (Enable) mode Loader mode All device passwords are encrypted.

For information about adding new usernames and defining user privileges, refer to the Device Authentication chapter of this User Guide.

Caution To protect your device from unauthorized access, change all default passwords as

soon as possible.

Password Recovery Password recovery techniques enable users to recover lost and forgotten passwords. There are two available password-recovery methods:

Default Passwords Recovery You can reset the device to factory defaults, including the default passwords, by using the clean startup-config command (for more information, refer to the Device Administration chapter of this User Guide).

Backdoor Password Recovery You can access the device using the Backdoor password. BATM Technical Support can provide you the devices Backdoor password, based on the devices MAC address.

You can find the device MAC address on the label found on the device rear panel or at the bottom of the device. You can also obtain the devices MAC address from the devices boot loader, during the device start up.

Once you regain access to the device, you can change the device passwords.



Device Passwords Configuration Commands Table 1: Password Commands

Command Description

password Configures the View mode password (see Configuring the View Mode Password)

enable password Configures the Privileged (Enabled) mode password (see Configuring the Privileged (Enabled) Mode Password)

password loader Configures the boot loader password (see Configuring the Loader Mode Password)

caps-lock passwords warning

Notifies the user when is activated, while changing or typing a password (see Enabling/Disabling Caps Lock Notification)

Configuring the View Mode Password The password command configures the View mode password.

CLI Mode: Global Configuration

Command Syntax device-name(config)#password PASSWORD CONFIRM-PASSWORD

Argument Description PASSWORD An alphanumeric, case sensitive field of up to 64 characters (blank

spaces are not allowed) batm

CONFIRM-PASSWORD Retype the password for confirmation

Example The following example sets the View mode password to device12: device-name(config)#password device12 device12

After setting the new password, use this password upon entering the device console: Password:device12 device-name>



Configuring the Privileged (Enabled) Mode Password The enable password command configures the Privileged (Enabled) mode password.


Command Syntax device-name(config)#enable password PASSWORD CONFIRM-PASSWORD device-name(config)#no enable password


spaces are not allowed) The Privileged (Enabled) mode does not require a password. However,

once you define this password, users are required to type the password to enter this mode.


no Removes the modes password

Example The following example sets the Privileged (Enabled) password to device12: device-name(config)#enable password device12 device12

After setting the new password, use this password upon entering the Privileged (Enable) mode: device-name>enable Password:device12 device-name#

Configuring the Loader Mode Password The password loader command configures the (boot) Loader mode password.


Command Syntax device-name(config)#password loader PASSWORD CONFIRM-PASSWORD


spaces are not allowed) batm




Example The following command sets the Loader mode password to loaderp: device-name(config)#password loader loaderp loaderp

After setting the new password, use this password upon entering the Loader mode: User Access Verification Password: loaderp Loader>

Enabling/Disabling Caps Lock Notification The caps-lock passwords warning command generates a notification in case the is activated, while changing or typing a password.


Command Syntax device-name(config)#caps-lock passwords warning {on | off}

Argument Description on Enables caps lock notification

Caps lock notification is enabled off Disables caps lock notification

Example device-name(config)#caps-lock passwords warning on device-name(config)#password batm batm device-name(config)#password BATM BATM % Warning! The password typed is all in uppercase characters. Please check if

your CapsLock key is not pressed by mistake.



The Device IP Commands Table 2: Device IP Commands

Commands Description

ip address Configures the devices primary IP address (see Configuring the Devices Primary IP Address)

ip address secondary Configures the devices secondary IP address (see Configuring the Devices Secondary IP Address)

ip route Configures the devices default-gateway IP address (see Configuring a Default Gateway)

show ip Displays the device IP address (see Displaying the Device IP Address)

show ip route Displays the static and directly connected (via configured IP interfaces) routes (see Displaying Routes)

Configuring the Devices Primary IP Address The ip address command configures the devices primary (inband, sw0 interface) IP address. You must configure the devices primary IP address to be able to connect the device via the inband (using Telnet, SSH, NTP, or SNMP).


Command Syntax device-name(config)#ip address A.B.C.D [/M | A2.B2.C2.D2]

Argument Description A.B.C.D The devices primary IP address

20.20.5.254/16 /M (Optional) the IP address subnet-mask, in the range of

A2.B2.C2.D2 (Optional) the IP address subnet-mask, in an IP format

Example device-name(config)#ip address 100.1.2.3/16



Configuring the Devices Secondary IP Address The ip address secondary command configures sw0 interfaces secondary IP address.

CLI Mode: IP Interface Configuration

NOTE

You have to configure the devices primary IP address prior to configuring the secondary one, otherwise the following prompt is displayed on the terminal:

% There is no primary address.

Command Syntax device-name(config-if sw0)#ip address A.B.C.D [/M | A2.B2.C2.D2] secondary device-name(config-if sw0)#no ip address A.B.C.D [/M | A2.B2.C2.D2] secondary

Argument Description A.B.C.D The devices secondary IP address

/M (Optional) the IP address subnet-mask, in the range of

A2.B2.C2.D2 (Optional) the IP address subnet-mask, in an IP format

secondary Specifies that this is a secondary IP address no Removes the secondary address (you cannot remove the primary IP

address)

Example device-name(config)#interface sw0 device-name(config-if sw0)#ip address 100.1.2.3/16 secondary



Configuring a Default Gateway The ip route command configures the devices default-gateway IP address.


Command Syntax device-name(config)#[no] ip route A.B.C.D {/0 | 0.0.0.0} A2.B2.C2.D2

Argument Description A.B.C.D The destination network IP-address

/0 The destination network subnet-mask (the only permitted destination subnet-mask is 0)

0.0.0.0 The destination network mask, in an IP format

A2.B2.C2.D2 The gateway IP address

no Removes the specified destination network

Displaying the Device IP Address The show ip command displays the device IP address.

CLI Mode: Privileged (Enable)

Command Syntax device-name#show ip

Example device-name#show ip IP-ADDR : 100.1.2.3 NET-MASK : 255.255.0.0



Displaying Routes The show ip route command displays the static and directly connected (via configured IP interfaces) routes.


Command Syntax device-name#show ip route

Example device-name#show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, > - selected route, * - FIB route S>* 0.0.0.0/0 [1/0] via 10.4.10.1, outBand0 K>* 10.4.0.0/16 is directly connected, outBand0 K>* 10.4.4.225/32 is directly connected, outBand0 C>* 10.5.0.0/16 is directly connected, sw0 C>* 10.5.4.225/32 is directly connected, sw0 C>* 127.0.0.0/8 is directly connected, lo0 C>* 127.0.0.1/32 is directly connected, lo0



Telnet Commands T-Marc 300 Series devices have an internal Telnet server and client: You can connec to the device with a Telnet client (up to five concurrent sessions) You can connect to a remote host using the devices internal Telnet client

Telnet Session Configuration Commands Table 3: Telnet Configuration Commands

Command Description

telnet (In Privileged mode) initiates a Telnet connection to a remote host (see Connecting a Remote Host via a Telnet Client)

telnet (In Global Configuration mode) enables/disables the local devices Telnet server (see Enabling/Disabling the Devices Telnet Server)

who Displays information about currently logged on users. (see Displaying Current Telnet Connections)

session Displays your current Telnet session-index to the device (see Displaying the Current Telnet-Session Index)

session kill Terminates a specified Telnet/SSH session to the device (see Terminating a Telnet Connection)



Connecting a Remote Host via a Telnet Client The telnet command initiates a Telnet connection to a specified remote host. For more information about the Telnet log output, refer to the Configuring System Logging chapter of this User Guide.


Command Syntax device-name#telnet A.B.C.D []

Argument Description A.B.C.D The remote hosts IP address

port-num (Optional) specifies a port number for the service, in the range of

port 23

Enabling/Disabling the Devices Telnet Server The telnet command enables or disables the devices internal Telnet server, allowing/disallowing remote PCs to access the device.


Command Syntax device-name(config)#telnet {start | stop}

Argument Description start Enables the Telnet server, allowing remote hosts to connect the device via

Telnet Telnet server is enabled

stop Disables the Telnet server. Executing this command terminates any open Telnet connections immediately.



Displaying Current Telnet Connections The who command displays information about Telnet clients that are currently logged on to the device.

CLI Modes: View and Privileged (Enable)

Command Syntax device-name>who device-name#who

Example device-name#who Codes: > - current session, * - configuring vty on console connected on console. >vty on telnet [1] connected from 10.2.71.137.

Displaying the Current Telnet-Session Index The session command displays your current Telnet session-index to the device.


Command Syntax device-name#session

Example device-name#session your current session is: 2



Terminating a Telnet Connection The session kill command terminates a specified Telent/SSH session to the device. Before executing the command, BiNOS checks if the session number is not the master sessions number (the VTY from which other sessions originate). If the result is negative, the command closes the specified session to the remote host.

The CLI displays a notification in case the session terminates.


Command Syntax device-name#session kill

Argument Description session-number The Telnet session number, in the range of



Virtual Terminal (VTY) VTY is a logical conneciton used for controlling inbound Telnet/SSH/console connections. BiNOS supports up to five concurrent VTY sessions (numbered VTY 15).

Switching Between VTY Sessions To switch between sessions initiated from the same VTY terminal type:

or

Example device-name#telnet 192.0.103.13 connecting to 192.0.103.13... current session is 4. ... device-name(config)# choose session to device to: the current session is 4 your sessions are 0 4 > 0 current session is 0.



The VTY Step by Step Configuration To configure VTY, follow the below steps: 12. Enter the VTY Configuration mode (see Accessing the VTY Configuration Mode). 13. Optional configurations: Configure the device name (see Configuring the Device Name) Configure the VTY connection timeout (see Defining the VTY Connection Timeout) Create access control lists (ACL) to restrict/filter Telnet and SSH connections to the

device and apply them to VTY (see Creating ACLs for Restricting Telnet and SSH Access to the Device and Applying ACLs for Filtering Telnet/SSH Connections)

Define the number of command lines displayed on the terminal screen (see Defining the Terminal Length)

Enable advanced mode VTY (see Enabling the Advanced VTY Mode)



VTY Configuration Commands Table 4: VTY Configuration Commands

Command Description

line vty Enters the VTY Configuration mode (see Accessing the VTY Configuration Mode)

hostname Configures the devices hostname (see Configuring the Device Name)

exec-timeout Defines the VTY connection timeout (see Defining the VTY Connection Timeout)

access-list Creates ACLs to restrict device management for specific IP addresses (see Creating ACLs for Restricting Telnet and SSH Access to the Device)

access-class Filters Telnet and SSH connections to the device (see Applying ACLs for Filtering Telnet/SSH Connections)

terminal length

service terminal-length

Defines the number of commands lines displayed on the terminal screen (see Defining the Terminal Length)

service advanced-vty Enables the advanced VTY mode (see Enabling the Advanced VTY Mode)

show access-lists Displays the applied VTY ACLs (see Displaying Applied ACLs)

Accessing the VTY Configuration Mode The line vty command enters the VTY Configuration mode.


Command Syntax device-name(config)#line vty device-name(config-vty)#



Configuring the Device Name The hostname command specifies the name of the device (the name displayed at the prompt line).


Command Syntax device-name(config)#hostname HOSTNAME device-name(config)#no hostname

Argument Description HOSTNAME An alphanumeric, case sensitive string of up to 30 characters (the string

must follow ARPANET rules for host names) T-Marc

no Restores the default device name

Example device-name(config)#hostname Demarc1 Demarc1(config)#

Defining the VTY Connection Timeout The exec-timeout command defines the VTY connection timeout value. The VTY connection to the device is terminated, if the session is not active for this period of time.

Executing this command without any arguments, displays the defined VTY connection-timeout.

CLI Mode: VTY Configuration

Command Syntax device-name(config-vty)#exec-timeout [ [] | unlimited] device-name(config-vty)#no exec-timeout

Argument Description minutes (Optional) the timeout, in the range of minutes (setting a

zero timeout means no timeout) 10 minutes

seconds (Optional) the timeout value in the range of seconds

unlimited (Optional) unlimited timeout value no Sets an unlimited timeout value



Example device-name(config-vty)#exec-timeout 3 device-name(config-vty)#exec-timeout exec-timeout 3 min 0 sec

Creating ACLs for Restricting Telnet and SSH Access to the Device The access-list command creates ACLs to restrict the device management to specific IP addresses. For more information about ACLs, refer to the Configuring Access Control List (ACL) chapter of this User Guide.


Command Syntax device-name(config)#access-list {deny | permit} {any | SOURCE-MASK [exact-match]} device-name(config)#no access-list [deny | permit] [any | SOURCE-MASK [exact-match]]

Argument Description ACL-NAME The ACL name deny Denies access if conditions are matched permit Permits access if conditions are matched any The ACL is relevant to any source address SOURCE-MASK The management source mask-bits. You can specify the source mask in one

of the below options: An IP address format, place ones (1) in the bit positions that should be

ignored /M (the IP mask in the range of )

exact-match (Optional) prefixes exact matching no Clears the specified ACL

Example device-name(config)#access-list batm1 deny 192.98.0.0/16 device-name(config)#access-list batm2 permit 192.0.0.0/8



Applying ACLs for Filtering Telnet/SSH Connections The access-class command applies the defined ACLs (see above) to filter Telnet and SSH connections to the device.

CLI Mode: VTY Configuration

Command Syntax device-name(config-vty)#access-class ACL-NAME device-name(config-vty)#no access-class [ACL-NAME]

Argument Description ACL-NAME Restricts the Telnet connections to the addresses specified in the ACL

no Removes access restrictions. If you do not specify an ACL-NAME, this command removes all access classes

Defining the Terminal Length The terminal length command defines the number of command lines displayed on the terminal screen (applied to all VTY interfaces).

CLI Mode: View and Privileged (Enable)

You can also use the service terminal-length command to define the number of command lines.


Command Syntax device-name>terminal length device-name>no terminal length device-name#terminal length device-name#no terminal length device-name(config)#service terminal-length device-name(config)#no service terminal-length

Argument Description number-of-lines The number of lines displayed, in the range of

A value of zero removes the limit. 25 lines

no Restores to default



Enabling the Advanced VTY Mode The advanced VTY mode skips the CLI View mode when connecting to the device and moves directly to the Privileged mode

The service advanced-vty command enables advanced VTY mode. To access the device View mode, type the disable command in Privileged mode.


Command Syntax device-name(config)#service advanced-vty device-name(config)#no service advanced-vty

Argument Description no Disables the advanced VTY mode

VTY mode is disabled

Example device-name(config)#service advanced-vty ... User Access Verification Password: device-name#

Displaying Applied ACLs The show access-lists command displays the applied filtering ACLs.


Command Syntax device-name#show access-lists

Example device-name(config)#access-list batm1 deny 192.98.0.0/16 device-name(config)#access-list batm2 permit 192.0.0.0/8 device-name(config)#end device-name#show ip access-lists access-list batm1 deny 192.98.0.0/16 access-list batm2 permit 192.0.0.0/8



Configuration Example The following example shows how to restrict Telnet connections to one IP address:

Figure 3: A Telnet Server Example

1. Create an access list named Management to allow a Telnet connection only to management station 212.192.50.2: device-name(config)#access-list Management permit 212.192.50.2/32

2. Enter the VTY Configuration mode: device-name(config)#line vty

3. Apply access list Management to the VTY: device-name(config-vty)#access-class Management

4. Set the VTY timeout to one hour: device-name(config-vty)#exec-timeout 60 device-name(config-vty)#end

5. Display the current open sessions to the device: device-name#who Codes: > - current session, * - configuring vty on console connected on console. >vty on telnet [1] connected from 212.192.50.2.



Creating a Login Banner/Message-of-the-Day (MOTD)

The MOTD (or login banner) is the text appearing on the terminal when initiating a Telnet session or console connection to the device.

The MOTD is displayed before the User Access Verification and is useful for displaying messages that affect all network users (such as impending a system shutdown).

MOTD Configuration Commands NOTE

These commands take effect only after reloading the device.

Table 5: MOTD Commands

Command Description

banner motd default Enables the default MOTD string display (see Enabling/Disabling the Default-MOTD)

banner set Enters a specified string to a single-line MOTD (see Configuring a Single-line MOTD)

banner set multiline Enters a specified string to multi-line MOTD (see Configuring a Multi-line MOTD)

Enabling/Disabling the Default-MOTD Display The banner motd default command enables the default MOTD Hello, this is OS CLI..


Command Syntax device-name(config)#banner motd default device-name(config)#no banner

Argument Description no Disables the default banner

MOTD is disabled



Example device-name(config)#banner motd default device-name(config)#end device-name#write Building the configuration Configuration is successfully written to NVRAM device-name#reload no-save ... Hello, this is OS CLI User Access Verification Password:

Configuring a Single-line MOTD The banner set command configures a user-defined single-line MOTD.


Command Syntax device-name(config)#banner set MOTD-STRING device-name(config)#no banner

Argument Description MOTD-STRING An alphanumeric string of up to 1024 characters, including blank

spaces and other characters except for a question mark (?)

no Removes the configured MOTD

Example device-name(config)#banner set DO NOT CHANGE CONFIGURATION WITHOUT NOTICING THE

SYSADMIN! device-name(config)#end device-name#write Building the configuration ... Configuration is successfully written to NVRAM device-name#reload no-save ... DO NOT CHANGE CONFIGURATION WITHOUT NOTICING THE SYSADMIN! User Access Verification Password:



Configuring a Multi-line MOTD The banner set multiline command configures a user-defined multi-line MOTD. End the multi-line MOTD with the caret (^) character.


Command Syntax device-name(config)#banner set multiline > MOTD-STRING device-name(config)#no banner

Argument Description > MOTD-STRING An alphanumeric string of up to 1024 characters, including blank

spaces and other characters except for a question mark (?). Type the caret (^) character on the last line to end the multi-line MOTD.

no Removes the banner

Example device-name(config)#banner set multiline % Enter a multiline text. Finish with '^' string at the beginning of a row >this is >multi-line >text ^ device-name(config)#end device-name#write Building the configuration ... Configuration is successfully written to NVRAM device-name#reload no-save ... this is multi-line text



Saving and Displaying the Device Configuration The device configuration is stored in the start-up configuration in NVRAM.

Any configuration changes are stored first on the running configuraiton, in RAM. These changes are erased when the device shuts down. To save these configuration changes, you have to save these changes in the startup configuration.

Saving, Erasing, and Displaying Configuration Commands Table 6: Saving, Erasing, and Displaying the Device Configuration Commands

Command Description

write memory Saves the running configuration to the NVRAM (see Saving the Devices Running Configuration)

write erase Restoring the device configuration to factory defaults, erasing the configuration stored on the NVRAM (see Restoring Factory Defaults Configuration)

write terminal show running-config

Displays the current running configuration information (see Displaying the Devices Running Configuration)

show startup-config

Displays the startup configuration (see Displaying the Devices Start-up Configuration)

Saving the Devices Running Configuration The write and write memory commands save the running configuration to the startup configuration (NVRAM).

These commands are equivalent to the copy running-config startup-config command (see the Device Administration chapter of this User Guide).


Command Syntax device-name#write [memory]



Restoring Factory Defaults Configuration The write erase command erases the device startup configuration and restores the device to factory defaults.

This command is like the reload-to-default command (see Reloading the Device), however it does not reset the device.


Command Syntax device-name#write erase

Displaying the Devices Running Configuration The write terminal and the show running-config commands display the delta between the deivces running configuration and factory default-values.

Use the relevant command argument to view the Running Configuration for a specific feature.


Command Syntax device-name#write terminal device-name#show running-config [acl | cfm | dns | fpga | igmp | lag | log | monitor-session | oam | port | protocol | ptp | qos | rmon | rtr | saa | snmp | super-vlan | sw-watchdog | switch-monitoring | time-server | vlan]

Example 1 device-name#write terminal Building the configuration ... ! Current Configuration: ! ! T-Marc 380 ! password 3090372e3f8bc00eeacc46219f7557485983251a994551f918e04712f86c5818 ip address 3.0.0.1 255.0.0.0 .

Example 3 device-name#show running-config port Building the configuration ... ! Port Configuration: ! interface 1/1/1 ! interface 1/1/2 ! interface 1/2/1



! interface 1/2/2 ! interface 1/2/3 ! interface 1/2/4 ! interface 1/2/5 ! interface 1/2/6 ! interface 1/2/7 ! interface 1/2/8 ...

Displaying the Devices Start-up Configuration The show startup-config command displays the devices startup configuration.


Command Syntax device-name#show startup-config



Reloading the Device When reloading (restarting/rebooting) the device, you can select one of the below options: Reload the device, with or without saving the running configuration Reload the device with factory-default configuration The reload command ceases the devices operation and reloads it.

NOTE

The devices running configuration stored on the device RAM is erased upon the device reload, unless you save it to the devices startup configuration.

To save the running configuration, refer to Saving the Devices Running Configuration.


Command Syntax device-name#reload [save | no-save | to-defaults]

Argument Description save (Optional) saves the running configuration to NVRAM and reloads the

device save

no-save (Optional) does not save the running configuration to NVRAM and reloads the device

to-defaults (Optional) reloads the device and resets the device configuration to its factory defaults

Example 1 Saving the running configuration and reloading the device (the save keyword is optional): device-name#reload save save current configuration and reboot the switch ? [y/n]: y Rebooting ...

Example 2 Reloading the device without saving the running configuration: device-name#reload no-save Proceed with reload ? [y/n] : y Rebooting ...



Supported Platforms Features T-Marc 340 T-Marc 380

Accessing the Device using Telnet + +

VTY (Virtual Telnet Type) Commands + +

Configuring ACLs + +

Creating a Banner + +

Saving and Displaying the Device Configuration + +

How to Reload the Device + +

Supported Standards, MIBs and RFCs Features Standards MIBs RFCs

Accessing the Device using Telnet

No standards are supported by this feature.

No MIBs are supported by this feature.

RFC 854, Telnet Protocol Specification

VTY (Virtual Telnet Type) Commands



RFC 791, Internet Protocol DARPA Internet Program Protocol Specifications

Configuring ACLs No standards are supported by this feature.

Private MIB, prvt_switch_access_list.mib

No RFCs are supported by this feature.

Creating a Banner No standards are supported by this feature.


RFC 791, Internet Protocol DARPA Internet Program Protocol Specifications

Saving and Displaying the Device Configuration



RFC 1350, The TFTP Protocol (Revision 2)

How to Reload the Device



RFC 1350, The TFTP Protocol (Revision 2)

Device Administration (Rev. 11)

Device Administration Table of Figures 3

Features Included in this Chapter 4

MAC Address Table (FDB) 5 Overview 5 The MAC Address Table Default Configuration 7 The MAC Address Table Step by Step Configuration 7 The MAC Address Table Configuration Commands 8

ARP Table 21 Overview 21 Configuring the ARP Table21

Script Files System23 Overview 23 The Script Files System Default Configuration 23 The Script Files System Configuration Commands 24

File System 33 Overview 33 The File System Default Folders 33 The File System Commands 34

Modifying the Default Configuration 41 Default Configuration Commands41

Zero-Touch Configuration 44 Overview 44 Zero-touch Configuration Default Configuration 44 Zero-touch Configuration Commands 45

Software Upgrade and Boot Options 50 Preparing to Download a BiNOS Software Image Using TFTP/FTP Connection50 Downloading the BiNOS Software Image 51 Commands for Upgrading Software Images 52


Page 2Device Administration (Rev. 11)

Downloading and Uploading Configuration Files 60

Boot Loader 66 Overview 66 The Device Loader's Default Configuration 67 The Loader Commands 67 Configuration Example 81

System Time and Date 82 Daytime Protocol 82 Time Protocol82 Summer Time (Daylight saving time)82 Network Time Protocol83 1588v2 Precision Time Protocol (PTP) 83 System Time and Date Default Configuration83 1588v2 PTP Default Configuration83 System Time and Date Configuration Flow85 System Time and Date Configuration Commands 86 Configuration Example 95 1588v2 PTP Configuration Flow96 1588v2 PTP Configuration Commands 97 Configuration Example 104

DHCP Client 105 Overview 105 When Should Clients Use DHCP 106 The DHCP Client Default Configuration 107 The DHCP Client Configuration Flow 107 DHCP Client Configuration Commands 108

Controlling the Packet Rate112 Overview 112 Packet-Rate Thresholds' Default Configuration 113 The Packet-Rate Thresholds' Commands 113

Control Plane Priority per Protocol 116

Supported Platforms117

Supported Standards, MIBs and RFCs 117



Table of Figures Figure 1: Obtaining an IP Address from a DHCP Server 106 Figure 2: Rate Limit Mechanism 112



Features Included in this Chapter This chapter describes how to perform operations to administer your T-Marc 300 Series devices.

This chapter consists of these sections: MAC Address Table (FDB)

The MAC address table contains address information that the device uses to forward traffic between ports. The T-Marc 300 Series devices maintain a database of MAC addresses; both manually configured (static) and dynamically learned entries. During troubleshooting, it may be helpful to investigate the entries in the MAC address table.

ARP Table ARP table is another table that is supported on your device. It provides IP communication within a Layer 2 broadcast domain by mapping an IP address to a MAC address.

Zero-Touch Configuration Zero configuration networking allows inexpert users to connect network devices and expect a functioning network to be established automatically.

Script Files System, File System, Software Upgrade and Boot Options, Boot Loader, and Modifying the Default Configuration These sections describe some fundamental tasks you perform to maintain the configuration files and system images used by your T-Marc 300 Series devices.

System Time and Date You can manage the system time and date on your device using automatic configuration, such as the Network Time Protocol (NTP), or manual configuration methods. NTP allows the synchronization of device clocks over TCP/IP networks. Having a common view of time on the network makes many things easier, from correlating log files from different devices to keeping file timestamps consistent.

DHCP Client The main advantage of dynamically assigning IP addresses using Dynamic Host Configuration Protocol (DHCP) is that it allows such addresses to be reused, thereby greatly increasing the total number of devices that can use the Internet.

Controlling the Packet Rate The ability to control the CPU resource allows you to protect the device from denial-of-service attacks and to prevent excessive traffic to the CPU.



MAC Address Table (FDB)

Overview The MAC (Media Access Control) address is the unique hardware number that identifies the computer on a local area network (LAN) or other network.

MAC addresses are 12-digit hexadecimal numbers (48 bits in length) in the following format: MM:MM:MM:SS:SS:SS

Whereas MAC addressing works at the data link layer (layer 2), IP addressing functions at the network layer (layer 3). MAC addresses are also known as hardware or physical addresses.

The MAC Address table holds the source MAC address, VLAN ID, MAC address priority and port number.

MAC Address Table Entry Types The following entry types can exist in the MAC address table: Dynamic entriesto learn a dynamic entry, the device examines packets to determine the

source MAC address, VLAN, and port information. Initially, all entries in the database are dynamic, except for certain entries created by the device.

Dynamic entries are flushed and updated when any of the following occurs: A VLAN is removed A VLAN ID is changed A port mode is changed (tagged/untagged) A port is removed from a VLAN A port is disabled A port QoS setting is changed A port goes down A new dynamic entry is created when the device identifies a source MAC address that

does not yet have an entry in the MAC address table. Dynamic entries are deleted from the database if the device is reset or a power off/on occurs.

Static entriespermanent entries are retained in the database if the device is reset or a power off/on cycle occurs. A permanent entry can either be a unicast or multicast MAC address. These entries are created through the CLI.

Secure entriesa secure entry is configured to a secured port to allow only secured MAC address to be learned by this port.

Self entriesa self entry is automatically created by the device software for various reasons. Filtered entriesa filtered entry can be created in two ways. One way is to configure filter

entry statically for blocking the traffic from and to specific MAC address on the device. The second way is to use the Port/VLAN Security or the Port Limit feature. The MAC addresses in the filtered entries are the MAC addresses that caused security violation.



Multicast entriesMulticast entries are multicast MAC addresses that were created dynamically by multicast protocol. The multicast entry is removed via the mac-address-table command, multicast entries are added via the ip igmp snooping dynamic/static command. For more information refer to the Configuring Multicast Layer 2 chapter of this User Guide.

NOTE

Only the dynamic MAC addresses age out.

You can remove MAC addresses (except Self) from the MAC Address table by using one of the clear mac-address-table commands.

Adding Entries to a MAC Address Table Entries can be added to the MAC address table in the following two ways: The device can learn entries by examining packets it receives. The system updates its MAC

Address table with the source MAC address from a packet, the VLAN, and the port identifier on which the source packet is received. You can also limit the number of addresses that can be learned on a port, or you can shut down the current port and prevent additional MAC address learning.

You can enter and update entries using the command-line interface (CLI).



The MAC Address Table Default Configuration Table 1: MAC Address Table Default Configuration

Feature Default Value

MAC address aging time 300 seconds

New MAC address learning Enabled

Displaying the learned MAC addresses Enabled

The MAC Address Table Step by Step Configuration 1. Add a static, dynamic or secure entry to the MAC address table (see Adding a New Entry)

or 2. Add a filtered entry to the MAC address table (see Adding a Filtered Entry) 3. Optional configurations: Configure the MAC address table aging time (see Configuring the MAC Address Table Aging

Time) Configure learning of new MAC addresses globally (see Configuring MAC Addresses Learning

Globally) Configure learning of new MAC addresses on a port (see Configuring MAC Addresses

Learning per Port) 4. Delete a specific entry from the MAC address table (see Clearing a MAC Address Table) 5. Display entries from the MAC address table (see Displaying MAC Address Table Entries)



The MAC Address Table Configuration Commands Table 2: MAC Address Table Commands

Command Description

mac-address-table Adds a static, dynamic or secure entry to the MAC address table (see Adding a New Entry)

mac-address-table filtered Adds a filtered entry to the MAC address table (see Adding a Filtered Entry)

Table 3: MAC Address Table Optional Commands

Command Description

mac-address-table aging-time

Configures the MAC address table aging time (see Configuring the MAC Address Table Aging Time)

learning new-address Configures learning of new MAC addresses globally (see Configuring MAC Addresses Learning Globally)

port learning new-address Enables/disables learning of new MAC addresses on a port (see Configuring MAC Addresses Learning per Port)

Table 4: Clear MAC Address Table Commands

Command Description

clear mac-address-table

no mac-address-table

Clears a specific entry from the MAC address table (see Clearing a MAC Address Table)

Table 5: MAC Address Table Display Commands

Command Description

show mac-address-table Displays the MAC address table contents (see Displaying MAC Address Table Entries)

mac-address-table learning-display

Enables/disables displaying the MAC addresses, learned on a specific list of interfaces or on a list of VLANs (see Displaying/Hiding MAC Addresses)

show mac-address-table aging-time

Displays the MAC address table aging time (see Displaying the MAC Address Table Aging Time)

show mac-address-table hash-depth

Displays the length of the MAC address table hash chain (see Displaying the Length of the MAC Address Hash Chain)



Adding a New Entry The mac-address-table command adds a static, dynamic or secure entry to the MAC address table.


Command Syntax device-name(config)#mac-address-table {static | dynamic | secure} HH:HH:HH:HH:HH:HH interface {UU/SS/PP | ag0N} vlan device-name(config)#no mac-address-table {static | dynamic | secure} HH:HH:HH:HH:HH:HH [interface {UU/SS/PP | ag0N} | vlan ] device-name(config)#mac-address-table {static | dynamic | secure} HH:HH:HH:HH:HH:HH {service [sap SAPSTRING | sdp SDPSTRING] [interface UU/SS/PP vlan [priority ]} device-name(config)#no mac-address-table {static | dynamic | secure} HH:HH:HH:HH:HH:HH [service [sap SAPSTRING | sdp SDPSTRING]] [vlan ] [interface UU/SS/PP]

Argument Description static Adds a static entry. dynamic Adds a dynamic entry. secure Adds a secure entry for the secured port feature. HH:HH:HH:HH:HH:HH Destination MAC address to be added to the MAC Address table.

Packets with this destination address received on a specific VLAN are forwarded to the specified interface.

UU/SS/PP Port to which the received packets are forwarded.

ag0N The link aggregation ID (ag01, ag04ag07). The allowed ID is in the range of .

vlan Specifies a VLAN for which the packet with the desired MAC address is received. The VLAN ID is in the range .

service The service unique service identifier, in the range .

sap SAPSTRING The SAPSTRING has the forms: UU/SS/PP:CVLANID:use it if you configure the SAP on a

port AG0N:CVLANID:use it if you configure the SAP on a link

aggregation The C-VLAN ID is in the range of



sdp SDPSTRING The SDPSTRING has the forms: UU/SS/PP:SVLANID:use it if you configure the SDP on a

port AG0N:SVLANID:use it if you configure the SDP on a link

aggregation The S-VLAN ID is in the range of

priority (Optional) specifies the priority range no Removes entries from the MAC address table.

Adding a Filtered Entry The mac-address-table filtered command adds a filtered entry to the MAC address table.


The filtered entry in the MAC address table is known as dangerous. This entry is denied as source and as destination for each incoming and outgoing packet on the specified VLAN.

Command Syntax device-name(config)#mac-address-table filtered HH:HH:HH:HH:HH:HH vlan device-name(config)#no mac-address-table filtered HH:HH:HH:HH:HH:HH [interface UU/SS/PP | vlan ]

Argument Description HH:HH:HH:HH:HH:HH Destination MAC address to be filtered. Packets with this destination

address received on the specified VLAN are filtered.

vlan Specifies the VLAN for which the packet with the specified MAC address is filtered. The valid range is .

UU/SS/PP The interface's unit/slot/port.

no Removes entries from the MAC address table.

Example device-name(config)#mac-address-table filtered 00:A0:12:02:03:04 vlan 2496



Configuring the MAC Address Table Aging Time The mac-address-table aging-time command configures the length of time that a dynamic entry can remain in the MAC address table from the time the entry was used or last updated.


NOTE

The actual aging time period of the MAC address table may be any time period between the specified value and twice the specified value.

By default, the aging-time value is 300 seconds.

Command Syntax device-name(config)#mac-address-table aging-time device-name(config)#no mac-address-table aging-time

Argument Description time Specifies how many seconds the address of a learned device remains on the

list of stations connected to your device. The address is removed from the list of stations if no frame is received from that device during the aging time interval. If the value assigned to the aging time is too short, this may increase the amount of packets received by the device with unknown destinations and cause the device to flood such packets to all ports in the VLAN. If the value assigned to the aging time is too long, the MAC Address table may be loaded with addresses that are no longer in use. MAC address table aging time is in the range seconds.

no Restores to default

Example The following example sets the MAC Address aging time to 1500 seconds (25 minutes): device-name(config)#mac-address-table aging-time 1500



Configuring MAC Addresses Learning Globally The learning new-address command configures learning of new MAC addresses globally.


By default, the learning is enabled. NOTE

When learning new-address is disabled per port or globally, the following features will not work correctly:

Port limit Port security

Command Syntax device-name(config)#learning new-address {enable | disable}

Argument Description enable Enables new MAC address learning. disable Disables new MAC address learning. When learning is disabled, no new MAC

addresses will be learned in the MAC address table and the unicast traffic will be flooded to all the relevant ports (depending on the VLAN configuration).

Configuring MAC Addresses Learning per Port The port learning new-address command enables/disables learning new MAC addresses on a port.

CLI Mode: Interface Configuration, Range Interface Configuration, LAG Range Interface Configuration, and LAG Interface Configuration

Documents

T-Marc 300 Series v10.1.Rx User Guide