Nortel Ethernet Routing Switch 8600 Administration
Transcript of Nortel Ethernet Routing Switch 8600 Administration
Nortel Ethernet Routing Switch 8600
AdministrationRelease: 5.1Document Revision: 02.05
www.nortel.com
NN46205-605.
Nortel Ethernet Routing Switch 8600Release: 5.1Publication: NN46205-605Document release date: 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
While the information in this document is believed to be accurate and reliable, except as otherwise expresslyagreed to in writing NORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OFANY KIND, EITHER EXPRESS OR IMPLIED. The information and/or products described in this document aresubject to change without notice.
Nortel, Nortel Networks, the Nortel logo, and the Globemark are trademarks of Nortel Networks.
All other trademarks are the property of their respective owners.
.
3.
ContentsSoftware license 15
New in this release 19Features 19
Configuring the time zone 19Feature licensing 19SF/CPU High Availability mode 19Memory size for secondary CPU 20FTP, TFTP, and rlogin support for IPv6 addresses 20
Other changes 20Default parameters 20Controlling link state changes 21Enabling the high availability mode 21Installing a license file 21Customer service 21Record reservation 21Viewing power supply parameters 21Feature Licensing 22Document update 22
Introduction 23
System startup fundamentals 25Boot sequence 25
Stage 1: Loading the boot monitor image 26Stage 2: Loading the boot configuration 26Stage 3: Loading the run-time image 27Stage 4: Loading the switch configuration file 27Boot sequence modification 29
Boot process and run-time process 33Boot image verification 33Boot monitor 34Run-time 34
System flags 35Clock synchronization 37
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
4
Real-time clock synchronization 38System connections 38
Terminal connection 38Modem connection 39
Boot parameter configuration using the CLI 43Job aid 44Accessing the boot monitor 47Configuring the boot monitor 48Modifying the boot sequence 51Enabling or disabling remote access services 51Accessing the boot monitor CLI 52Modifying the boot monitor CLI operation 53Modifying the boot sequence from the run-time CLI 54Changing the boot source order 54
Example of changing the boot source order 56Configuring the standby-to-master delay 56Configuring system flags 56Configuring the remote host logon 64Specifying the master SF/CPU 65Configuring SF/CPU network port devices 66Configuring SF/CPU serial port devices 69
Job aid 72Configuring the time zone 76Enabling remote access services from the run-time CLI 78Displaying the boot monitor configuration 79
Boot parameter configuration using the NNCLI 81Job aid 82Accessing the boot monitor 85Accessing the boot monitor from the run-time environment 85Configuring the boot monitor 86Modifying the boot sequence 87Enabling remote access services 88Changing the boot source order 89
Example of changing the boot source order 90Configuring the standby-to-master delay 90Configuring system flags 91Configuring the remote host logon 99Specifying the master SF/CPU 101Configuring SF/CPU network port devices 101Configuring SF/CPU serial port devices 103
Job aid 106Configuring the time zone 111Displaying the boot monitor configuration 114
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
5
Run-time process management using the CLI 117Job aid 117Configuring the date 121Configuring the run-time CLI 122Configuring the CLI logon banner 124Configuring the message-of-the-day 125Configuring command logging 125Configuring individual system-level switch parameters 126
Example of configuring system-level switch parameters 130Synchronizing the real-time and system clocks 131Creating a virtual management port 132
Example of creating a virtual management port 132Configuring system message control 133Forcing message control for system message control 134Enabling the administrative status of a module 135
Run-time process management using the NNCLI 137Job aid 137Configuring the date 139Configuring the run-time environment 139Configuring the NNCLI logon banner 141Configuring the message-of-the-day 142Configuring command logging 142
Prerequisites 143Configuring system-level switch parameters 143Synchronizing the real-time and system clocks 145Creating a virtual management port 146
Example of creating a virtual management port 147Configuring system message control 147Forcing message control for system message control 148
Chassis operations fundamentals 151Operating modes 151
SF/CPU High Availability mode 153Module types 157
R and RS module support for 8010co chassis 159SF/CPU warm standby 159
Hardware and software compatibility 160Power management 167Software lock-up detection 168Loop prevention and CP limit 168
SLPP configuration considerations 171Extended CP Limit 172
Switch reliability 173
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
6
Jumbo frames 174Tagged VLAN support 175Modules and interfaces that support Jumbo frames 175
Chassis operations configuration using Device Manager 177Editing system information 178Editing chassis information 181Configuring system flags 183Enabling M mode 187Enabling R mode 188Enabling enhanced operational mode 190Enabling global filter ordering 190Enabling CPU High Availability 191Configuring a basic configuration 192Opening a dual tab 197Editing ports 198Viewing the boot configuration 198Enabling Jumbo frames 199Reserving records 199Viewing the trap sender table 200Configuring the time 201Configuring SLPP globally 202Configuring the SLPP by VLAN 203Configuring the SLPP by port 204Configuring Extended CP Limit globally 205
Prerequisites 205Configuring extended CP Limit for a port 206Configuring loop detect 208Configuring CP Limit 209Editing the boot file 210Editing the management port parameters 212Editing the management port CPU route table 213Configuring the management port IPv6 interface parameters 214Configuring management port IPv6 addresses 216Configuring the CPU IPv6 route table 217Editing serial port parameters 218Enabling port lock 219Enabling power management 221Configuring slot priority 221
Chassis operations configuration using the CLI 223Job aid 224Enabling M mode 225Enabling R mode 226Enabling enhanced operational mode 227
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
7
Enabling global filter ordering 228Enabling CPU High Availability mode 228
Job aid 229Disabling CPU High Availability mode 230
Removing a master CPU with CPU-HA mode activated 231Enabling jumbo frames 231Reserving records 232
Prerequisites 232Configuring SLPP 233Configuring SLPP on a port 234Viewing SLPP information 235Configuring Extended CP Limit on a port 238Configuring loop detect 239Configuring CP Limit 240Enabling power management 241Configuring slot priority 241
Chassis operations configuration using the NNCLI 243Job aid 244Enabling M mode 245Enabling R mode 246Enabling enhanced operational mode 247Enabling global filter ordering 248Enabling the CPU High Availability mode 248
Prerequisites 248Procedure steps 249Job aid 249Disabling CPU High Availability mode 250
Removing a master SF/CPU with CPU-HA mode activated 251Enabling jumbo frames 252Reserving records 253
Prerequisites 253Job aid 254
Configuring SLPP 254Configuring SLPP on a port 256Viewing SLPP information 257
Procedure steps 257Prerequisites 258Procedure steps 258
Configuring Extended CP Limit on the chassis 258Configuring Extended CP Limit on a port 260Configuring loop detect 261Configuring CP Limit 262Enabling power management 263
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
8
Configuring slot priority 263Prerequisites 263
Hardware status using Device Manager 265Viewing card information 265Viewing fan details 266Viewing MDA parameters 267Viewing power supply parameters 268
System access fundamentals 271Logging on to the system 271
hsecure bootconfig flag 273Managing the switch using different VRF contexts 273CLI passwords 274
Password encryption 274Subscriber or administrative interaction 274
Access policies for services 275Web interface passwords 275Web server password 276
Password reset 276Password encryption 276Password recovery 276
System access configuration using Device Manager 279Enabling access levels 279Changing passwords 281Creating an access policy 283Enabling an access policy 286
System access configuration using the CLI 289Job aid 289Enabling CLI access levels 291Changing passwords 292Enabling the access policy globally 296Creating an access policy 296Configuring an access policy 297
Job aid 299Specifying a name for an access policy 300Specifying the host address and username for rlogin 301Enabling an access service 301
Job aid 303Allowing a network access to the switch 303Configuring access policies by MAC address 304Resetting and modifying passwords 305
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
9
System access configuration using the NNCLI 307Prerequisites 307Job aid 307Enabling CLI access levels 309Changing passwords 310Creating an access policy 312Configuring an access policy 313
Example of configuring an access policy 316Enabling the access policy globally 317Specifying a name for an access policy 317Allowing a network access to the switch 318Configuring access policies by MAC address 319
Ethernet Routing Switch 8600 licensing fundamentals 321Feature licensing 321
Advanced License 322Premier License 322Premier Trial License 323
License type and part numbers 323License certificates 325License file generation 325Working with feature license files 325License transfer 325
Ethernet Routing Switch 8600 licensing 327Ethernet Routing Switch 8600 licensing tasks 327
License generation 329Navigation 329Generating a license 329
License installation using Device Manager 333Installing a license file using Device Manager 333
License installation using the CLI 337Installing a license file using the CLI 337Showing a license file using the CLI 339
License installation using the NNCLI 341Installing a license file using the NNCLI 341Showing a license file using the NNCLI 343
License transfer 345Transferring a license 345
NTP fundamentals 349Overview 349
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
10
NTP terms 350NTP system implementation model 350Time distribution within a subnet 351Synchronization 352NTP modes of operation 352NTP authentication 353
NTP configuration using Device Manager 355NTP configuration procedures 355Enabling NTP globally 356Adding an NTP server 357Configuring authentication keys 359
NTP configuration using the CLI 361NTP configuration procedures 361Job aid 363Enabling NTP globally 363
Example of enabling NTP globally 364Adding an NTP server 364
Example of adding an NTP server 366Configuring authentication keys 366
Example of configuring an NTP authentication key 368
NTP configuration using the NNCLI 369NTP configuration procedures 369Job aid 371Enabling NTP globally 371Adding an NTP server 372
Example of adding an NTP server 373Configuring authentication keys 373
Example of configuring an NTP authentication key 374
DNS fundamentals 375DNS client 375
DNS configuration using Device Manager 377Configuring the DNS client 377Querying the DNS host 378
DNS configuration using the CLI 381Job aid 381Configuring the DNS client 382
Job aid 383Querying the DNS host 384
Job aid 385
DNS configuration using the NNCLI 387Job aid 387
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
11
Configuring the DNS client 388Querying the DNS host 389
Multicast group ID fundamentals 391Introduction 391Expansion 391
Multicast group ID reservation using Device Manager 393Enabling maximum VLAN mode 393Reserving MGIDs for IPMC 394
Multicast group ID reservation using the CLI 397Job aid 397Enabling maximum VLAN mode 397Reserving MGIDs for IPMC 398
Multicast group ID reservation using the NNCLI 399Job aid 399Enabling maximum VLAN mode 400Reserving MGIDs for IPMC 400
Common procedures using Device Manager 403Showing the MTU for the system 403Showing the MTU for each port 404Viewing topology status information 404Viewing the MIB status 405Displaying flash memory and PCMCIA information for the system 406Displaying flash file information for a specific SF/CPU 407Displaying flash file information for the system 408Displaying PCMCIA file information for a specific SF/CPU 408Displaying PCMCIA file information for the system 409Copying a PCMCIA or flash file 409
Common procedures using the CLI 411Job aid 411Saving the boot configuration to a file 413
Example of saving the boot configuration to a file 414Restarting the switch 415Resetting the switch 416Accessing the standby SF/CPU 416Pinging an IP device 417Pinging an IPX device 418Calculating the MD5 digest 419Resetting system functions 421
Example of resetting system functions 422Sourcing a configuration 423
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
12
Common procedures using the NNCLI 425Job aid 425Saving the boot configuration to a file 427
Example of saving the boot configuration to a file 429Saving the current configuration to a file 429
Example of saving the boot configuration to a file 431Restarting the switch 431Resetting the switch 432Accessing the standby SF/CPU 433Pinging an IP device 433Pinging an IPX device 435Calculating the MD5 digest 435Resetting system functions 438
Example of resetting system functions 439Sourcing a configuration 439
CLI show command reference 441Access, logon names, and passwords 441All CLI configuration 442Current switch configuration 443CLI settings 445Hardware information 446Memory size for secondary CPU 447MTU for all ports 448NTP server status 448Power summary 449Slot power details 450System status (detailed) 450System status and parameter configuration 451Users logged on 458
NNCLI show command reference 459Access, logon names, and passwords 459Basic switch configuration 460Current switch configuration 460CLI settings 462Hardware information 463Memory size for secondary CPU 464NTP server status 464Power summary 465Power information for power supplies 466Slot power details 466System information 467System status (detailed) 472
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
13
Users logged on 473
Port numbering and MAC address assignment reference 475Port numbering 475Interface indexes 476
Port interface index 476VLAN interface index 477MLT interface index 477
MAC address assignment 477Physical MAC addresses 478Virtual MAC addresses 479
Customer service 481Updated versions of documentation 481Getting help 481Express Routing Codes 481Additional information 482
Index 483
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
14
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
15.
Software licenseThis section contains the Nortel Networks software license.
Nortel Networks Inc. software license agreementThis Software License Agreement ("License Agreement") is betweenyou, the end-user ("Customer") and Nortel Networks Corporation andits subsidiaries and affiliates ("Nortel Networks"). PLEASE READ THEFOLLOWING CAREFULLY. YOU MUST ACCEPT THESE LICENSETERMS IN ORDER TO DOWNLOAD AND/OR USE THE SOFTWARE.USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OFTHIS LICENSE AGREEMENT. If you do not accept these terms andconditions, return the Software, unused and in the original shippingcontainer, within 30 days of purchase to obtain a credit for the fullpurchase price.
"Software" is owned or licensed by Nortel Networks, its parent or one ofits subsidiaries or affiliates, and is copyrighted and licensed, not sold.Software consists of machine-readable instructions, its components, data,audio-visual content (such as images, text, recordings or pictures) andrelated licensed materials including all whole or partial copies. NortelNetworks grants you a license to use the Software only in the countrywhere you acquired the Software. You obtain no rights other than thosegranted to you under this License Agreement. You are responsible for theselection of the Software and for the installation of, use of, and resultsobtained from the Software.
1. Licensed Use of Software. Nortel Networks grants Customer anonexclusive license to use a copy of the Software on only one machineat any one time or to the extent of the activation or authorized usage level,whichever is applicable. To the extent Software is furnished for use withdesignated hardware or Customer furnished equipment ("CFE"), Customeris granted a nonexclusive license to use Software only on such hardwareor CFE, as applicable. Software contains trade secrets and Customeragrees to treat Software as confidential information using the same careand discretion Customer uses with its own similar information that it doesnot wish to disclose, publish or disseminate. Customer will ensure thatanyone who uses the Software does so only in compliance with the terms
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
16 Software license
of this Agreement. Customer shall not a) use, copy, modify, transferor distribute the Software except as expressly authorized; b) reverseassemble, reverse compile, reverse engineer or otherwise translate theSoftware; c) create derivative works or modifications unless expresslyauthorized; or d) sublicense, rent or lease the Software. Licensors ofintellectual property to Nortel Networks are beneficiaries of this provision.Upon termination or breach of the license by Customer or in the eventdesignated hardware or CFE is no longer in use, Customer will promptlyreturn the Software to Nortel Networks or certify its destruction. NortelNetworks may audit by remote polling or other reasonable means todetermine Customer’s Software activation or usage levels. If suppliers ofthird party software included in Software require Nortel Networks to includeadditional or different terms, Customer agrees to abide by such termsprovided by Nortel Networks with respect to such third party software.
2. Warranty. Except as may be otherwise expressly agreed to inwriting between Nortel Networks and Customer, Software is provided"AS IS" without any warranties (conditions) of any kind. NORTELNETWORKS DISCLAIMS ALL WARRANTIES (CONDITIONS) FOR THESOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOTLIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY ANDFITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OFNON-INFRINGEMENT. Nortel Networks is not obligated to provide supportof any kind for the Software. Some jurisdictions do not allow exclusionof implied warranties, and, in such event, the above exclusions may notapply.
3. Limitation of Remedies. IN NO EVENT SHALL NORTELNETWORKS OR ITS AGENTS OR SUPPLIERS BE LIABLE FOR ANYOF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTYCLAIM; b) LOSS OF, OR DAMAGE TO, CUSTOMER’S RECORDS,FILES OR DATA; OR c) DIRECT, INDIRECT, SPECIAL, INCIDENTAL,PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOSTPROFITS OR SAVINGS), WHETHER IN CONTRACT, TORT OROTHERWISE (INCLUDING NEGLIGENCE) ARISING OUT OFYOUR USE OF THE SOFTWARE, EVEN IF NORTEL NETWORKS,ITS AGENTS OR SUPPLIERS HAVE BEEN ADVISED OF THEIRPOSSIBILITY. The forgoing limitations of remedies also apply to anydeveloper and/or supplier of the Software. Such developer and/or supplieris an intended beneficiary of this Section. Some jurisdictions do not allowthese limitations or exclusions and, in such event, they may not apply.
4. General
1. If Customer is the United States Government, the following paragraphshall apply: All Nortel Networks Software available under this LicenseAgreement is commercial computer software and commercial computer
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Nortel Networks Inc. software license agreement 17
software documentation and, in the event Software is licensed foror on behalf of the United States Government, the respective rightsto the software and software documentation are governed by NortelNetworks standard commercial license in accordance with U.S. FederalRegulations at 48 C.F.R. Sections 12.212 (for non-DoD entities) and48 C.F.R. 227.7202 (for DoD entities).
2. Customer may terminate the license at any time. Nortel Networksmay terminate the license if Customer fails to comply with the termsand conditions of this license. In either event, upon termination,Customer must either return the Software to Nortel Networks or certifyits destruction.
3. Customer is responsible for payment of any taxes, including personalproperty taxes, resulting from Customer’s use of the Software.Customer agrees to comply with all applicable laws including allapplicable export and import laws and regulations.
4. Neither party may bring an action, regardless of form, more than twoyears after the cause of the action arose.
5. The terms and conditions of this License Agreement form the completeand exclusive agreement between Customer and Nortel Networks.
6. This License Agreement is governed by the laws of the country inwhich Customer acquires the Software. If the Software is acquired inthe United States, then this License Agreement is governed by thelaws of the state of New York.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
18 Software license
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
19.
New in this releaseThe following sections detail what’s new in Nortel Ethernet Routing Switch8600 Administration (NN46205-605) for Release 5.1.
• “Features” (page 19)
• “Other changes” (page 20)
FeaturesSee the following sections for information about changes that arefeature-related:
• “Configuring the time zone” (page 19)
• “Feature licensing” (page 19)
• “SF/CPU High Availability mode” (page 19)
• “Memory size for secondary CPU” (page 20)
Configuring the time zoneThe time zone configuration command has been enhanced. The syntaxfor dst-offset and offset-from-utc can use hours and minutesin Release 5.1. For more information about the time zone commandenhancement, see “Configuring the time zone” (page 76) and “Configuringthe time zone” (page 111).
Feature licensingAdvanced and Premier License lists are updated to include the newfeatures for Release 5.1. For more information about the featuresincluded, see “Feature licensing” (page 321).
SF/CPU High Availability modeTables describing the feature support for High Availability (HA) in specifiedsoftware release versions and Release 3.5 and later synchronizationcapabilities in HA mode are updated for Release 5.1. For more informationabout the feature support for HA mode, see “SF/CPU High Availabilitymode” (page 153).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
20 New in this release
Memory size for secondary CPUYou can display the secondary CPU DRAM memory size in hexadecimalformat. For more information about CLI and NNCLI command syntax,see “Memory size for secondary CPU” (page 447) and “Memory size forsecondary CPU” (page 464).
FTP, TFTP, and rlogin support for IPv6 addressesFTP, TFTP, and rlogin server (incoming) connections and access policiesare now supported with IPv6 on the Ethernet Routing Switch 8600. Youcan configure an IPv6 address on the Ethernet Routing Switch 8600 anduse FTP, TFTP, or rlogin services to access the switch using the IPv6address. You use the same command syntax for any command related toFTP, TFTP, or rlogin regardless of whether you logged in using an IPv4 orIPv6 address (all commands supported with FTP, TFTP, and rlogin usingIPv4 are supported with IPv6 addresses). For more information aboutFTP, TFTP, rlogin, and access policy support for IPv6 addresses, see“Configuring management port IPv6 addresses” (page 216), “Configuringan access policy” (page 297), and “Specifying the host address andusername for rlogin” (page 301).
Other changesSee the following sections for information about changes that are notfeature-related:
• “Default parameters” (page 20)
• “Controlling link state changes” (page 21)
• “Enabling the high availability mode” (page 21)
• “Installing a license file” (page 21)
• “Customer service” (page 21)
• “Record reservation” (page 21)
• “Viewing power supply parameters” (page 21)
• “Document update” (page 22)
Default parametersThe command parameter descriptions are updated with default values.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Other changes 21
Controlling link state changesConceptual and procedural content for controlling link state changes wasremoved from the following sections to Nortel Ethernet Routing Switch8600 Series Fault Management, NN46205-705:
• Chassis operations configuration using Device Manager
• Chassis operations configuration using the CLI
• Chassis operations configuration using the NNCLI
Enabling the high availability modeA procedure to enable the High Availability (HA) mode is added along withthe messages a user would encounter while enabling the HA mode. Formore information about enabling the HA mode, see “Enabling CPU HighAvailability mode” (page 228) and “Enabling the CPU High Availabilitymode” (page 248).
Installing a license fileChanges have been made to the prerequisites of the procedures to installa licence file using Device Manager, CLI and NNCLI. For more informationabout these changes, see “License installation using Device Manager”(page 333), “License installation using the CLI” (page 337), “Licenseinstallation using the NNCLI” (page 341).
Customer serviceCustomer service chapter is added to this document. This chapterdescribes the complete range of services and support that Nortelprovides to its customers. For more information about Nortel support, see“Customer service” (page 481).
Record reservationProcedures for reserving hardware records for CLI and NNCLI,respectively, are added to this document to augment the existing DeviceManager procedure for reserving records. For more information and tosee these procedures, see “Reserving records” (page 232) and “Reservingrecords” (page 253).
Viewing power supply parametersVariable definitions for input line voltage and operating line voltage areadded for Device manager. For more information, and to see the variablesdefinition table containing these parameters, see “Viewing power supplyparameters” (page 268).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
22 New in this release
Feature LicensingYou must specify the location of your license file in the boot configurationfile. NN46205-605_02.03 updates the section Feature Licensing andupdates Table 31, Supported licenses for the Ethernet Routing Switch8600. For more information and to see the table containing the updates,see “Feature licensing” (page 321).
Document updateTHis issue is updated to reflect modifications made in chapters ’Chassisoperations fundamentals, Viewing SLPP information, Chassis operationsconfiguring using the CLI and Configuring SLPP on a port.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
23.
IntroductionThe Nortel Ethernet Routing Switch 8600 is a flexible and multifunctionalswitch that supports a diverse range of network architectures andprotocols. This guide contains conceptual and procedural informationto support the administration of the Ethernet Routing Switch 8600. Formore information about the available user interfaces and how to use editcommands and special terminal characters, see Nortel Ethernet RoutingSwitch 8600 User Interface Fundamentals (NN46205-308).
Navigation• “System startup fundamentals” (page 25)
• “Boot parameter configuration using the CLI” (page 43)
• “Boot parameter configuration using the NNCLI” (page 81)
• “Run-time process management using the CLI” (page 117)
• “Run-time process management using the NNCLI” (page 137)
• “Chassis operations fundamentals” (page 151)
• “Chassis operations configuration using Device Manager” (page 177)
• “Chassis operations configuration using the CLI” (page 223)
• “Chassis operations configuration using the NNCLI” (page 243)
• “Hardware status using Device Manager” (page 265)
• “System access fundamentals” (page 271)
• “System access configuration using Device Manager” (page 279)
• “System access configuration using the CLI” (page 289)
• “System access configuration using the NNCLI” (page 307)
• “Ethernet Routing Switch 8600 licensing fundamentals” (page 321)
• “Ethernet Routing Switch 8600 licensing” (page 327)
• “License generation” (page 329)
• “License installation using Device Manager” (page 333)
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
24 Introduction
• “License installation using the CLI” (page 337)
• “License installation using the NNCLI” (page 341)
• “License transfer” (page 345)
• “NTP fundamentals” (page 349)
• “NTP configuration using Device Manager” (page 355)
• “NTP configuration using the CLI” (page 361)
• “NTP configuration using the NNCLI” (page 369)
• “DNS fundamentals” (page 375)
• “DNS configuration using Device Manager” (page 377)
• “DNS configuration using the CLI” (page 381)
• “DNS configuration using the NNCLI” (page 387)
• “Multicast group ID fundamentals” (page 391)
• “Multicast group ID reservation using Device Manager” (page 393)
• “Multicast group ID reservation using the CLI” (page 397)
• “Multicast group ID reservation using the NNCLI” (page 399)
• “Common procedures using Device Manager” (page 403)
• “Common procedures using the CLI” (page 411)
• “Common procedures using the NNCLI” (page 425)
• “CLI show command reference” (page 441)
• “NNCLI show command reference” (page 459)
• “Port numbering and MAC address assignment reference” (page 475)
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
25.
System startup fundamentalsThis section provides conceptual material on the boot sequence and bootprocesses of the Nortel Ethernet Routing Switch 8600. Review this contentbefore you make changes to the configurable boot process options.
Navigation• “Boot sequence” (page 25)
• “Boot process and run-time process” (page 33)
• “System flags” (page 35)
• “Clock synchronization” (page 37)
• “System connections” (page 38)
Boot sequenceThe Ethernet Routing Switch 8600 goes through a four-stage bootsequence before it becomes fully operational. After you turn on powerto the switch, the SF/CPU module starts its built-in boot loader. In anEthernet Routing Switch 8600 with redundant switch fabric or switchmanagement modules, the module in slot 5 provides the active SF/CPUfunctions after the switch powers up or resets. (Use the options in the bootmonitor to specify the module that is the active SF/CPU.) The switch fabricsubsystems of both modules are active and share the switching functionsfor the switch.
The boot sequence consists of the following four file loads:
• “Stage 1: Loading the boot monitor image” (page 26)
• “Stage 2: Loading the boot configuration” (page 26)
• “Stage 3: Loading the run-time image” (page 27)
• “Stage 4: Loading the switch configuration file” (page 27)
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
26 System startup fundamentals
Stage 1: Loading the boot monitor imageAt power-up or reset, the SF/CPU subsystem on the 8691 SF/CPU moduleloads the boot monitor image.
After loading the boot monitor image, the SF/CPU and basic systemdevices such as the console port, modem port, Personal ComputerMemory Card International Association (PCMCIA) card slot, andmanagement port initialize. (At this stage, the input/output (I/O) ports arenot available; system does not initialize the I/O ports until later in the bootprocess.)
Stage 2: Loading the boot configurationAfter the boot monitor image loads, the boot configuration loads from a filecalled /pcmcia/pcmboot.cfg from the PCMCIA if a PCMCIA card is present.If a PCMCIA card is not present or file /pcmcia/pcmboot.cfg is not present,then the boot configuration loads from a file called /flash/boot.cfg on theonboard flash memory (Nortel recommends that you copy the boot.cfgfile in the /flash directory). If the /flash/boot.cfg file is not present, and if aPCMCIA card is present, the Ethernet Routing Switch 8600 searches forthe file /pcmcia/boot.cfg.
If the loaded boot configuration file is corrupt, then the switch starts a loopprocess.
If none of the boot configuration files are present (/pcmcia/pcmboot.cfgor /flash/boot.cfg or /pcmcia/boot.cfg), the Ethernet Routing Switch 8600starts using the default boot-configuration settings.
ATTENTIONIf you are using a PCMCIA card manufactured by Sandisk, the EthernetRouting Switch 8600 does not consistently access the /pcmcia/pcmboot.cfgor /pcmcia/boot.cfg file during boot-up. This limitation is observed only duringboot-up. No limitation is observed if you access the Sandisk device afterboot-up.
If the Autoboot flag is disabled or if the boot process is interrupted atthe console, the boot process stops. At this stage, you can access theboot monitor at the console. In the boot monitor, you can set the bootconfiguration and perform upgrades to the boot monitor image andrun-time image (loaded in stage 3). Changes made and saved at the bootmonitor change the boot configuration.
After you save changes, you can initiate the boot process from the bootmonitor using the boot command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Boot sequence 27
Stage 3: Loading the run-time imageThe run-time image loads after the boot configuration. This software imageinitializes the I/O modules and provides full routing switch functionality.You can load the run-time image from the flash memory, from a PCMCIAcard, or from a Trivial File Transfer Protocol (TFTP) server using themanagement port.
The default load order is defined in the boot configuration file(/pcmcia/boot.cfg or /flash/boot.cfg). You can redefine the source andorder from where to load the run-time image if you interrupt the autobootprocess.
Stage 4: Loading the switch configuration fileThe final step before the boot process is complete is to load the switchconfiguration file (/flash/config.cfg). The switch configuration consists ofhigher-level functionality, including:
• Chassis configuration
• Port configuration
• Spanning tree group (STG) configuration
• VLAN configuration
• Routing configuration
• IP address assignments
• RMON configuration
The default switch configuration includes the following:
• All ports in a single spanning tree group (STG), STG number 1 (Thedefault Spanning Tree Group is 802.1D compliant, and its BridgeProtocol Data Units (BPDU) are never tagged.)
• A single, port-based default VLAN with a VLAN identification numberof 1, bound to the default spanning tree group
• Spanning Tree FastStart disabled on all ports
• No interface assigned IP addresses
• Traffic priority for all ports set to normal priority
• All ports as nontagged ports
• Default communication protocol settings for the console port. SeeNortel Ethernet Routing Switch 8600 Quick Start (NN46205-310) forinformation about these protocol settings.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
28 System startup fundamentals
In the configuration file, statements preceded by both the number sign(#) and exclamation point (!) load prior to the general configurationparameters. Statements preceded by only the number sign are commentsmeant to add clarity to the configuration; they do not load configurationparameters. The following table illustrates the difference between thesetwo statement formats.
Table 1Configuration file statements
Sample statement Action
# software version : 3.7.12.0 Adds clarity to the configuration byidentifying the software version.
#!flags m-mode false Configures the M mode flag to thefalse condition, prior to loading thegeneral configuration.
Figure 1 "Switch boot sequence" (page 29) shows a summary of the bootsequence.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Boot sequence 29
Figure 1Switch boot sequence
Boot sequence modificationThe default boot sequence directs the switch to look for its image andconfiguration files first on the PCMCIA card, in the onboard flash memorysecond, and then from a server on the network. That is, the PCMCIAcard is the primary source for the files, the onboard flash memory is thesecondary source, and the network server is the tertiary source. Thesesource and file name definitions are in the boot configuration file.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
30 System startup fundamentals
ATTENTIONIf an Ethernet Routing Switch 8600 loads its secondary software image filebecause it cannot find its primary software image, during this process, it alsoloads the secondary configuration file.
You can change the boot sequence in the following ways:
• Change the primary, secondary, and tertiary designations for filesources. For example, you can specify the network as the primary filesource and update the configuration file or image file using a singlecopy of the file on the server.
ATTENTIONEach choice of a file source (primary, secondary, or tertiary) specifies animage file and a matching configuration file. When you specify a source, youspecify the associated pair of files.
• Change the file names from the default values. You can store severalversions of the image or configuration file and specify a particular oneby file name after you restart the switch.
• Start the switch without loading a configuration file, so that theswitch uses its factory default configuration settings. Bypassing theswitch configuration does not affect saved switch configuration; theconfiguration is simply not loaded.
Whether the switch configuration is loaded or not is controlled by the bootconfiguration. You can bypass loading the switch configuration.
If the configuration is bypassed, the switch starts with the default switchconfiguration settings and the boot flag settings that were loaded as theboot configuration file in stage 2.
Figure 2 "Boot source text added to the system log file" (page 31) showsthe boot source text added to the system log file.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Boot sequence 31
Figure 2Boot source text added to the system log file
Static IP entry for the OOB network management interfaceThe default IP for the Out of Band (OOB) network management port isassigned as shown in Figure 3 "Flowchart for the default IP for the OOBnetwork management port" (page 32).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
32 System startup fundamentals
Figure 3Flowchart for the default IP for the OOB network management port
The switch first checks for the file pcmboot.cfg, in PCMCIA. If not found,the switch checks for the file boot.cfg in flash.
ATTENTIONUsers using the boot configuration file from PCMCIA must rename the file topcmboot.cfg The boot.cfg file is no longer saved in PCMCIA. The file is savedonly in flash.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Boot process and run-time process 33
Boot process and run-time processYou manage the boot process of the switch using the boot monitor.
You access the boot monitor by interrupting the boot process. Thisinterrupt can only be initiated through a direct serial-port connection to theswitch, or some remote connection to the serial port such as a remote (outof band) terminal server connection.
A switch placed into the boot monitor state cannot accept peer telnetconnections from the master SF/CPU.
After the boot monitor is active, you can change the boot configuration,including boot choices and boot flags, and you can set the flags for Telnetand rlogin to allow remote access, but you cannot access the boot monitorremotely. You can access the boot monitor only through a direct serial-portconnection.
You manage the run-time process using the run-time commands. Toaccess the run-time command line interface (CLI) or Nortel Networkscommand line interface (NNCLI), wait until the boot process completes.
Boot image verificationAfter a switch starts, the switch recognizes the boot source and logs amessage in the system log file that informs you about the selected bootsource.
Figure 4 "Console port boot source messages" (page 33) shows the bootsource messages observed on the console port.
Figure 4Console port boot source messages
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
34 System startup fundamentals
Boot monitorUse the boot monitor to configure and manage the boot process.
ATTENTIONYou must use a terminal connected directly to the console port on the switch. Ifyou restart the switch from a remote terminal, the connection is terminated.
After you enter the boot monitor, the following prompt is displayed:
monitor#
Run-timeAfter the Ethernet Routing Switch 8600 is operational, you can use therun-time commands to perform most of the configuration and managementfunctions necessary to manage the switch. These functions include thefollowing:
• Resetting or restarting the Ethernet Routing Switch 8600.
• Adding, deleting, and displaying address resolution protocol (ARP)table entries.
• Pinging another network device.
• Viewing and configuring variables for the entire switch and forindividual ports.
• Configuring and displaying STG parameters and enabling or disablingthe Spanning Tree Protocol (STP) on an STG.
• Configuring and displaying MultiLink Trunking (MLT) parameters.
• Testing the switching fabric and performing internal and externalloopback tests on individual ports.
• Creating and managing port-based VLANs or policy-based VLANs.
To access the run-time environment you need a connection from a PCor terminal to the switch. You can use a direct connection to the switchthrough the console or modem port or through Telnet, rlogin, or SecureShell (SSH) sessions. For more information about SSH, see NortelEthernet Routing Switch 8600 Security (NN46205-601).
ATTENTIONBefore you attempt to access the switch using one of the previous methods,ensure you first enable the corresponding daemon flags.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
System flags 35
System flagsAfter you enable or disable certain modes and functions, you need to savethe configuration and reset the switch for your change to take effect. Thefollowing tables list parameters and indicate if they require a reset of theswitch.
Table 2 "Bootconfig flags" (page 35) lists parameters you configure in theCLI using the config bootconfig flags command and in the NNCLIusing the boot config flags command.
Table 2Bootconfig flags
CLI flag NNCLI flag Switchreset
8616-reautoneg <true|false> 8616-reautoneg No
alt-led-enable <true|false> alt-led Yes
autoboot <true|false> autoboot Yes
block-snmp <true|false> block-snmp No
block-warmstandby-switchover<true|false>
block-warmstandby-switchover Yes
control-record-optimization<true|false>
control-record-optimization Yes
daylight-saving-time <true|false> daylight-saving-time No
debug-config <true|false> debug-config Yes
debugmode <true|false> debugmode Yes
egress-mirror <true|false> egress-mirror Yes
factorydefaults <true|false> factorydefaults Yes
ftpd <true|false> ftpd No
ha-cpu <true|false> ha-cpu Yes
hsecure <true|false> hsecure No
info Not applicable No
logging <true|false> logging No
mezz <true|false> mezz Yes
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
36 System startup fundamentals
Table 2Bootconfig flags (cont’d.)
CLI flag NNCLI flag Switchreset
nncli <true|false> nncli Yes
reboot <true|false> reboot Yes
rlogind <true|false> rlogind No
savetostandby <true|false> savetostandby No
spanning-tree-mode <mstp|rstp|default>
spanning-tree-mode Yes
sshd <true|false> sshd No
telnetd <true|false> telnetd No
tftpd <true|false> tftpd No
trace-logging <true|false> trace-logging No
verify-config <true|false> verify-config Yes
wdt <true|false> wdt Yes
The Ethernet Routing Switch 8600 can operate in four different modes.You configure the mode parameters in the CLI using the config sysset flags command, in the NNCLI using the sys flags command, orin Device Manager using Edit, Chassis, System Flags. After you changethe configuration for the modes, you must reset the switch. The modesare:
• R mode
• M mode
• Enhanced operational mode
• VLAN optimization mode
In a chassis equipped with all R-modules (and most often R-modeenabled) the following flags have no effect, as these parameters arespecific to legacy modules and therefore must always be set to false ordisabled:
• Control-record-optimization (config bootconfig flagscontrol-record-optimization <false|true>)
• Enhanced-operational-mode (EOM) (config sys set flagsenhanced-operational-mode <false|true>)
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Clock synchronization 37
For best operation, also set these flags to disabled (false) in any mixedchassis that has R-modules present.
In addition to the mode flags, you can configure two other system flags.Both of the following flags require a system reset:
• global-filter-ordering
• multicast-check-packet
ATTENTIONNortel recommends that you do not change the configuration of themulticast-check-packet and vlan-optimization-mode flags.
Table 3 "Other system settings" (page 37) lists other parameters youconfigure by using the CLI, NNCLI, or Device Manager under Edit,Chassis, System Flags.
Table 3Other system settings
Flag Switch reset CLI command NNCLI command
AuthenticationTraps Yes
WebServer No config web-server enable
web-serverenable
AccessPolicy Yes
MrouteStreamLimit Yes
ForceTrapSender Yes
ForceIpheaderSender Yes
VlanByScrMac Yes
DiffServEcnCompatibility Yes
WsmDirectMode Yes
System Monitor Yes
Clock synchronizationThe Ethernet Routing Switch 8600 automatically synchronizes thereal-time clocks (hardware) on the primary and secondary SF/CPUs, andsynchronizes the real-time and system (software) clocks.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
38 System startup fundamentals
Real-time clock synchronizationAfter you configure the real-time clock on the master SF/CPU, the slaveSF/CPU real-time clock is immediately updated, and both clocks areset to the same time. A log message is added in the log file stating thatclock synchronization is complete. Familiarize yourself with the followingconditions regarding SF/CPU clock synchronization:
• If the switch is operating normally with a redundant SF/CPU, the clocksynchronizes at 24 hour intervals. If the switch is operating normallywith no redundant SF/CPU and a standby SF/CPU card is inserted,the real-time clocks on the master SF/CPU and the standby SF/CPUimmediately synchronize. A log message is added in the log file,stating that clock synchronization is complete. If the synchronizationprocess continues successfully, no more log messages are generatedand clock synchronization continues at 24 hour intervals.
At boot time, after the switch is initialized, the clocks on the masterSF/CPU and the standby SF/CPU immediately synchronize and clocksynchronization continues at 24 hour intervals. If the standby SF/CPUis removed, the SF/CPU clock synchronization process stops. Also, ifthe clock synchronization process fails, a log message generates in thelog file. When the real-time clock synchronization begins to fail, theswitch generates a log message for each failed attempt.
• If the Inter SF/CPU Communication (ICC) channel is in use by anotherprocess at the time of clock synchronization, the synchronizationprocess is not performed, but attempted again after the scheduled24-hour interval. The switch adds a log message in the log file.
System connectionsConnect to the Switch Fabric/Central Processor Unit (SF/CPU) serial portsusing one of the following connections:
• “Terminal connection” (page 38)
• “Modem connection” (page 39)
Terminal connectionConnect the serial console interface (an RS-232 port) to a PC or terminalto monitor and configure the switch. The port uses a DB-9 connectorthat operates as data terminal equipment (DTE) or data communicationequipment (DCE). The default communication protocol settings for theconsole port are:
• 9600 baud
• 8 data bits
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
System connections 39
• 1 stop bit
• No parity
To use the console port, you need the following equipment:
• a terminal or teletypewriter (TTY)-compatible terminal, or a portablecomputer with a serial port and terminal-emulation software
• an Underwriters Laboratories (UL)-listed straight-through or nullmodem RS-232 cable with a female DB-9 connector for the consoleport on the switch
The other end of the cable must use a connector appropriate to theserial port on your computer or terminal. Most computers or terminalsuse a male DB-25 connector. You can find a null modem cable withthe chassis.
You must shield the cable connected to the console port to comply withemissions regulations and requirements.
Modem connectionYou can access the switch through a modem connection to the 8691 or8692 SF/CPU modules. Nortel recommends that you use the defaultsettings for the modem port for most modem installations.
To set up modem access, you must use a DTE-to-DCE cable (straightor transmit cable) to connect the Ethernet Routing Switch 8600 to themodem. The following table shows the DTE-to-DCE pin assignments.
Table 4DTE-to-DCE straight-through pin assignments
Switch ModemSignal Pin
numberDCE DB-9pin number
DCE DB-25pin number
Received data(RXD)
2 2 3
Transmitted data(TXD)
3 3 2
Data terminalready (DTR)
4 4 20
Ground (GND) 5 5 7
Data set ready(DSR)
6 6 6
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
40 System startup fundamentals
Table 4DTE-to-DCE straight-through pin assignments (cont’d.)
Switch Modem
Signal Pinnumber
DCE DB-9pin number
DCE DB-25pin number
Request to send(RTS)
7 7 4
Clear to send(CTS)
8 8 5
The default communication protocol settings for the modem port are:
• 9600 baud
• 8 data bits
• 1 stop bit
• No parity
Because the modem port receives DSR and CTS signals beforetransmitting, control lines are required in the cables. The modem portsupports no inbound flow control. The port does not turn on and turn offcontrol lines to indicate the input buffer is full.
To connect a modem to an Ethernet Routing Switch 8600, you canconfigure the modem port first using another type of connection to the CLIor NNCLI.
PPP modem connectionYou can establish a PPP (Point-to-Point Protocol) link over serialasynchronous lines. PC clients use this link to connect remotely to aswitch through a standard dial-up modem and the modem DTE port on themaster switch SF/CPU. You must configure the connection on both theremote client PC and the switch. The following figure shows a standardPPP connection to the Ethernet Routing Switch 8600.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
System connections 41
Figure 5PPP configuration topology
After you configure the modem port on the switch to use PPP, you mustalso specify a PPP file. The PPP file is a text document which includesall additional PPP configuration parameters to include after the switchrestarts. Enter one configuration parameter on each line.
You can configure the connection to use the Challenge-HandshakeAuthentication Protocol (CHAP) or the Password Authentication Protocol(PAP). Both protocols require a secrets file. The secrets file is a textdocument which includes the list of all users authorized to use the modemport. You must list one user on each line and include specific parameters.The format for each user is client server password IP address. Thefollowing list explains each option.
• client–the name of the user. This value is the logon name of theauthorized user. This value is the name or ID of the user, similar to aWindows or UNIX logon.
• server–the name of the remote device, which is often the dial-in server.Use an asterisk (*) to indicate any server name is acceptable.
• password–the password for the user.
• IP address–the IP address associated with the user.
The value for the IP address depends on the desired configuration of themodem. If all users must use the same IP address, you must specifythe same IP address for all users in the file and it must be the same IPaddress that you configure as the peer-ip for the modem port. Configurethe IP settings on the client to obtain an IP address automatically.
If each user must use a different IP address, list each user with a differentIP address in the file. Configure the client IP settings to use a static IPaddress that matches what you configure in the secrets file.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
42 System startup fundamentals
An example secrets file looks like the following:
long * long 47.133.223.200william * william 47.133.223.200
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
43.
Boot parameter configuration usingthe CLI
Use the procedures in this section to configure and manage the bootparameters using the command line interface (CLI).
Prerequisites to boot parameter configuration• You initiate a boot monitor session only through a direct serial-port
connection to the switch. After the boot monitor is active, you can setthe flags for Telnet and rlogin to allow remote access, but accessto the boot monitor is still only available through a direct serial-portconnection. Within the boot monitor, you can change the bootconfiguration, including boot choices and boot flags.
Navigation• “Job aid” (page 44)
• “Accessing the boot monitor” (page 47)
• “Configuring the boot monitor” (page 48)
• “Modifying the boot sequence” (page 51)
• “Enabling or disabling remote access services” (page 51)
• “Accessing the boot monitor CLI” (page 52)
• “Modifying the boot monitor CLI operation” (page 53)
• “Modifying the boot sequence from the run-time CLI” (page 54)
• “Changing the boot source order” (page 54)
• “Configuring the standby-to-master delay” (page 56)
• “Configuring system flags” (page 56)
• “Configuring the remote host logon” (page 64)
• “Specifying the master SF/CPU” (page 65)
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
44 Boot parameter configuration using the CLI
• “Configuring SF/CPU network port devices” (page 66)
• “Configuring SF/CPU serial port devices” (page 69)
• “Configuring the time zone” (page 76)
• “Enabling remote access services from the run-time CLI” (page 78)
• “Displaying the boot monitor configuration” (page 79)
Job aidThe following table lists the commands and their parameters that you useto complete the procedures in this section.
Table 5Job aid
Command Parameter
config cli defaultlogin <true|false>defaultpassword <true|false>infologinprompt <string>more <true|false>passwordprompt <string>prompt <prompt>rlogin-sessions <nsessions>screenlines <nlines>telnet-sessions <nsessions>timeout <seconds>
info
delay <seconds>
loadconfigtime <seconds>
logfile <minsize> <maxsize><maxoccupyPercentage>
master <cpu-slot>
config bootconfig
multicast <value>
info
backup-config-file <file>
config-file <file>
image-file <file>
config bootconfig choice <boot-choice>
license-file <file>
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Job aid 45
Command Parameter
info
more <true|false>
prompt <value>
screenlines <value>
config bootconfig cli
timeout <seconds>
config bootconfig delay <seconds>
8616-reautoneg <true|false>
info
alt-led-enable <true|false>
autoboot <true|false>
block-snmp <true|false>
block-warmstandby-switchover<true|false>
control-record-optimization<true|false>
daylight-saving-time <true|false>
debug-config <true|false>
debugmode <true|false>
egress-mirror <true|false>
factorydefaults <true|false>
ftpd <true|false>
ha-cpu <true|false>
hsecure <true|false>
logging <true|false>
mezz <true|false>
nncli <true|false>
reboot <true|false>
rlogind <true|false>
savetostandby <true|false>
spanning-tree-mode <mstp|rstp|default>
sshd <true|false>
telnetd <true|false>
tftpd <true|false>
trace-logging <true|false>
config bootconfig flags
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
46 Boot parameter configuration using the CLI
Command Parameter
verify-config <true|false>
wdt <true|false>
ftp-debug <true|false>
password <value>
tftp-debug <true|false>
tftp-hash <true|false>
tftp-rexmit <seconds>
tftp-timeout <seconds>
user <value>
config bootconfig host
config bootconfig master <cpu-slot> info
autonegotiate <true|false>
bootp <true|false>
chk-src-route <true|false>
enable <true|false>
fullduplex <true|false>
ip <ipaddr/mask> [cpu-slot <value> ]
restart
route [add|del] <netaddr> <gateway>
speed <10|100>
tftp <ipaddr>
config bootconfig net <mgmt|cpu2cpu|pccard>
info
8databits <true|false>
baud <rate>
enable <true|false>
mode <ascii|slip|ppp>
mtu <bytes>
my-ip <ipaddr>
peer-ip <ipaddr>
pppfile <file>
restart
slip-compression <true|false>
slip-rx-compression <true|false>
config bootconfig sio <cpu-sio-port>
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Accessing the boot monitor 47
Command Parameter
info
dst-end <Mm.n.d/hhmm|MMddhhmm>
dst-name <dstname>
dst-offset <minutes>
dst-start <Mm.n.d/hhmm|MMddhhmm>
name <tz>
offset-from-utc <minutes>
config bootconfig tz
factorydefault
true
flags info
choice
cli
config [verbose]
flags
host
master
mezz-image
net
show-all [file <value> ]
sio
tz
wlan
bootp
show bootconfig
andconfig bootconfig show
show bootconfig master
Accessing the boot monitorAccess the boot monitor to configure and manage the boot process byperforming this procedure.
Procedure steps
Step Action
1 Restart the switch.
2 Interrupt the boot sequence by pressing the Enter key after thefollowing prompt is displayed:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
48 Boot parameter configuration using the CLI
Press Enter to stop autoboot.
--End--
Configuring the boot monitorConfigure the boot monitor to configure connection settings for CLIsessions. Use the bootconfig command to configure the general bootmonitor operations. The bootconfig command also provides severalsubcommands that are used in the procedures in this section.
Configure the boot monitor by performing this procedure.
Procedure steps
Step Action
1 Configure the boot monitor connection settings by using thefollowing command:
config cli
2 Save the changed configuration file.
3 Configure the boot monitor operations by using the followingcommand:
config bootconfig
4 Save the changed configuration to the boot.cfg and pcmboot.cfgfiles.
5 Restart the switch.
--End--
Variable definitionsUse the data in the following table to use the config cli command.
Variable Value
defaultlogin <true|false> Specifies the current settings for thelogin prompt as true or false.
The default value is true.
defaultpassword <true|false> Specifies the current settings for thepassword prompt as true or false.
The default is true.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring the boot monitor 49
Variable Value
info Specifies the current settings for theboot monitor CLI.
loginprompt <string> Specifies the login prompt for theboot monitor as a string of 1–1513characters.
more <true|false> Configures scrolling for the outputdisplay.
The default value is true.
• true —configures output displayscrolling to one page at a time.
• false —configures the outputdisplay to continuous scrolling.
passwordprompt <string> Specifies the password prompt for theboot monitor as a string of 1–1510characters.
prompt <prompt> Changes the boot monitor prompt tothe defined string.
• prompt is a string of 0–255characters.
The default prompt depends on theswitch; for example, ERS-8606.
rlogin-sessions <nsessions> Configures the allowable number ofinbound remote boot monitor CLIlogon sessions.
• nsessions is the number ofsessions from 0–8.
The default value is 8.
screenlines <nlines> Configures the number of lines in theoutput display.
• nlines is the number of lines from8–64.
The default value is 23.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
50 Boot parameter configuration using the CLI
Variable Value
telnet-sessions <nsessions> Configures the allowable number ofinbound Telnet sessions.
• nsessions is the number ofsessions from 0–8.
The default value is 8.
timeout <seconds> Configures the idle timeout periodbefore automatic logoff for CLIsessions.
• seconds is the timeout period inseconds from 30–65535.
The default is 900.
Use the data in the following table to use the config bootconfigcommand.
Variable Value
delay <seconds> Configures the number of seconds a standbySF/CPU waits (delays) before trying to becomethe master SF/CPU. This command appliesonly during a cold start and does not apply to afailover start.The default is 45 seconds delay.
info Specifies the configured values.
loadconfigtime<seconds>
Configures the time-out value, in seconds, forloading a configuration file. seconds is a valuefrom 0–300.The default is 60 seconds.
logfile <minsize><maxsize> <maxoccupyPercentage>
Configures the parameters for the log file.
• minsize is the minimum size of the log filefrom 64–500 kilobytes (KB).
The default value is 100.
• maxsize is the maximum size of the log filefrom 500–16384 KB.
The default value is 1024.
• maxoccupyPercentage is the percentageof free Personal Computer Memory CardInternational Association (PCMCIA) to usefor a log file from 10–90.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Enabling or disabling remote access services 51
Variable Value
The default value is 90.
master <cpu-slot> Indicates which SF/CPU becomes the masterafter the switch powers up. The masterSF/CPU performs a loopback test to test theswitch fabric. The default master is set for slot5.
• cpu-slot is the module position, eitherslot 5 or slot 6.
multicast <value> Configures the system multicast scalingparameter from 0–2147483647.The default value is 0.
Modifying the boot sequenceModify the boot sequence to prevent the switch from using the factorydefault settings or, conversely, to prevent loading a saved configuration fileby performing this procedure.
Procedure steps
Step Action
1 Bypass the loading of the switch configuration with the followingcommand:
flags factorydefault true
ATTENTIONIf the switch fails to read and load a saved configuration file afterit starts, ensure this flag is set to false before investigating otheroptions.
--End--
Enabling or disabling remote access servicesEnable the remote access service to provide multiple methods of remoteaccess by performing this procedure.
Prerequisites
• If you enable an rlogin flag, you must configure an access policy andspecify the name of the user who can access the switch.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
52 Boot parameter configuration using the CLI
Procedure steps
Step Action
1 While the switch is starting, press any key to interrupt theautoboot process.
2 Enable or disable the access service by using the followingcommand:
flags <access-service> <true|false>
3 Save the boot configuration.
--End--
Variable definitionsUse the data in the following table to use the flags command.
Variable Value
access-service Specifies the type of remote accessservice. Enter one of the following:ftpd, rlogind, telnetd, tftpd, or sshd.
true|false Specifies true to activate the service;false to disable the service.
Accessing the boot monitor CLIAccess the boot monitor CLI from the run-time CLI to configure andmanage the boot process by performing this procedure.
Procedure steps
Step Action
1 Configure the bootconfig autoboot flag by using the followingcommand:
config bootconfig flags autoboot false
2 Save the boot configuration by using the following command:
save bootconfig
3 Restart the switch.
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Modifying the boot monitor CLI operation 53
Modifying the boot monitor CLI operationModify the boot monitor CLI operation to change the connection settingsby performing this procedure.
Procedure steps
Step Action
1 Modify the boot monitor CLI by using the following command:
config bootconfig cli
2 Save the changed configuration to the boot.cfg and pcmboot.cfgfiles.
3 Restart the switch.
--End--
Variable definitionsUse the data in the following table to use the config bootconfig clicommand.
Variable Value
info Specifies the current settings for the bootmonitor CLI.
more <true|false> Configures scrolling for the output display.The default value is true.
• true configures output displayscrolling to one page at a time.
• false configures the output display tocontinuous scrolling.
prompt <value> Changes the boot monitor prompt to thedefined string.
• value is a string from 1–32 characters.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
54 Boot parameter configuration using the CLI
Variable Value
screenlines <value> Configures the number of lines in theoutput display.The default is 23.
• value is the number of lines from8–64.
timeout <seconds> Configures the idle timeout period beforeautomatic logout for CLI sessions. Thedefault value is 0.
• seconds is the timeout period inseconds from 30–65535.
Modifying the boot sequence from the run-time CLIModify the boot sequence to prevent the switch from using the factorydefault settings or, conversely, to prevent loading a saved configuration fileby performing this procedure.
Procedure steps
Step Action
1 Bypass loading a saved configuration file with the followingcommand:
config bootconfig flags factorydefault true
ATTENTIONIf the switch fails to read and load a saved configuration file afterit starts, ensure this flag is set to false before investigating otheroptions.
2 Save the changed configuration to the boot.cfg and pcmboot.cfgfiles.
3 Restart the switch.
--End--
Changing the boot source orderChange the boot source order to display or change the order in which theboot sources (flash and Personal Computer Memory Card InternationalAssociation, or PCMCIA, card) are accessed by performing this procedure.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Changing the boot source order 55
Procedure steps
Step Action
1 Change the boot order by using the following command:
config bootconfig choice <boot-choice>
2 Save the changed configuration to the boot.cfg and pcmboot.cfgfiles.
3 Restart the switch.
--End--
Variable definitionsUse the data in the following table to use the config bootconfigchoice command.
Variable Value
backup-config-file<file>
Identifies the backup boot configuration file.
• file is the device and file name, up to 256characters including the path.
boot-choice Lists the order in which the specified bootdevices are accessed after you restart the switch.The options for boot-choice are primary,secondary, or tertiary. The primary sourcefor files is the PCMCIA card, the secondary sourceis the onboard flash memory, and the tertiarysource is the network server. The default order isto access the device specified in this commandfirst, and then to access the onboard flash.
config-file <file> Identifies the boot configuration file.
• file is the device and file name, up to 255characters including the path.
license-file <file> Identifies the license file.
• file is the device and file name, up to 256characters including the path.
image-file <file> Identifies the image file.
• file is the device and file name, up to 255characters including the path.
info Specifies the current boot choices and associatedfiles.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
56 Boot parameter configuration using the CLI
Example of changing the boot source order
Step Action
1 Specify the configuration file in flash memory as the primary bootsource:
config bootconfig choice primary config-file/flash/config.cfg
--End--
Configuring the standby-to-master delayConfigure the standby-to-master delay to set the number of seconds astandby SF/CPU waits before trying to become the master SF/CPU. Thetime delay you configure applies during a cold start; it does not apply toa failover start.
Configure the standby-to-master delay by performing this procedure.
Procedure steps
Step Action
1 Configure the number of seconds by using the followingcommand:
config bootconfig delay <seconds>
2 Save the changed configuration to the boot.cfg and pcmboot.cfgfiles.
3 Restart the switch.
--End--
Configuring system flagsSet the system flags to enable or disable flags for specific configurationsettings by performing this procedure.
ATTENTIONIf you activate auto-trace, SF/CPU utilization increases by up to 30 percent.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring system flags 57
ATTENTIONAfter you change certain configuration parameters using the configbootconfig flags or the conf sys set flags command, you must save thechanges to the configuration file and restart the switch before the changes takeeffect. For more information about which parameters require a switch reset, seethe value descriptions in “System flags” (page 35).
Prerequisites
• After you enable the hsecure flag, you cannot enable the flags for theWeb server or SSH password-authentication.
Procedure steps
Step Action
1 Configure system flags by using the following command:
config bootconfig flags
2 Save the changed configuration to the boot.cfg and pcmboot.cfgfiles.
3 Restart the switch.
--End--
Variable definitionsUse the data in the following table to use the config bootconfig flagscommand.
Variable Value
8616-reautoneg <true|false> Permits 8616 modules to reautonegotiate whenconnected to a Multiservice Switch 15000.The default value is false.
alt-led-enable <true|false> Activates or disables the alternate LED behavior.The default value is false (off).If you change this parameter, you must reset the switch.
ATTENTIONDo not change this parameter unless directed by Nortel.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
58 Boot parameter configuration using the CLI
Variable Value
autoboot <true|false> Enables or disables use of the automatic run-time image.
• true—the switch automatically runs the run-time imageafter reset
• false—the boot process stops at the boot monitorprompt
The default value is true.If you change this parameter, you must reset the switch.
You can set autoboot <false> to facilitate debug tasks.
block-snmp <true|false> Enables or disables Simple Network ManagementProtocol (SNMP) access.
• true—disables SNMP access
• false—enables SNMP access
The default is value is false.
block-warmstandby-switchover<true|false>
Enables or disables use of the warm standby secondarySF/CPU as the primary SF/CPU if the primary SF/CPU isreset.
• true—the system prevents the secondary SF/CPUin warm standby mode from becoming the primarySF/CPU if the primary SF/CPU is reset.
• false—designates the secondary SF/CPU in warmstandby mode as the primary SF/CPU if the primarySF/CPU is reset
The default value is false.
If you change the block-warmstandby-switchovervariable, you must reset the switch.
control-record-optimization<true|false>
Enables or disables optimization of control records.The control-record-optimization command applies only toclassic E and M modules.The default value is false.
You must set the control-record-optimization variable totrue under the following conditions:
• To prevent hardware records creation—because theswitch creates hardware records for routing Layer 3
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring system flags 59
Variable Value
protocol destination multicast addresses by default,even when the corresponding protocol is not enabled.
• To achieve higher record scaling.
• To achieve faster startup time.
You must set the control-record-optimization variableto false if you operate the switch under the followingconditions:
• In High Availability mode.
• In a mixed chassis containing R or RS modules.
If you change the control-record-optimization variablevalue, you must reset the switch.
daylight-saving-time<true|false>
Activates or disables Daylight Saving Time (DST) for theswitch.The default value is false (disabled).If you set the daylight-saving-time variable to true(enabled), you must set the DST settings using theconfig bootconfig tz command.
debug-config <true|false> Activates or disables run-time debugging of theconfiguration file.
• true—the system displays the line by line configurationfile processing on the console during SF/CPUinitializing
• false—disables run-time configuration file debug
The default value for the debug-config variable is false.If you change the debug-config variable, you must resetthe switch.
debugmode <true|false> Controls whether the switch stops in debug modefollowing a fatal error.Debug mode provides information equivalent to thetrace commands.
• true—the switch does not restart following a fatalerror.
• false—the switch automatically restarts following afatal error.
The default value is false.If you change this parameter, you must reset the switch.
ATTENTION
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
60 Boot parameter configuration using the CLI
Variable Value
Do not change this parameter unless directed by Nortel.
egress-mirror <true|false> Activates the ability to mirror egress traffic for E and Mmodules.The default value is true.If you change this parameter, you must reset the switch.
factorydefaults <true|false> Specifies whether the switch uses the factory defaults atstartup.The default value is false.
• true—the switch uses the factory default configurationat startup
• false—the switch uses the current configuration atstartup
If you change the factorydefaults variable, you must resetthe switch.
The system automatically resets the value to the defaultsetting after the CPU restarts.
ftpd <true|false> Activates or disables FTP service on the switch.The default value is false.To enable FTP, you must set the config bootconfigflags tftpd command variable to false.
ha-cpu <true|false> Activates or disables High Availability (HA) mode.Switches with two SF/CPUs use HA mode to recoverquickly if one SF/CPU fails.The default value is false.
After you enable High Availability mode, the secondarySF/CPU resets to load settings from the saved bootconfiguration file.You must reset the primary SF/CPU after the secondarySF/CPU starting is complete.
CAUTIONRisk of service lossEnabling HA mode can disable certainfeatures.
For more information about the HA supported features,see Table 14 "Feature support for HA in specifiedsoftware release versions" (page 153).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring system flags 61
Variable Value
hsecure <true|false> Activates or disables High Secure mode in the switch.If you enable hsecure, the following password behaviorsare available:
• 10 characters enforcement
• aging time
• limitation of failed login attempts
• a protection mechanism to filter certain IP addresses
After you enable High Secure mode, you must reset theswitch to enforce secure passwords. In High Securemode, a user with an invalid-length password is promptedto change their password.
The default value is false.
logging <true|false> If a PCMCIA is present, the logging command activatesor disables system logging to a file on the PCMCIA.The default value is true.
The system generates the log file name based on an 8.3(xxxxxxxx.sss) format as described in the following list.
• The first 6 characters of the file name contain the lastthree bytes of the chassis base MAC address.
• The next two characters of the file name specify theslot number of the CPU that generated the logs.
• The last three characters of the file name denote thesequence number of the log file.
Under the following conditions, the system generatesmultiple sequence numbers for the same chassis andslot:
• You replace or reinsert the CPU.
• The log file reaches the maximum size.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
62 Boot parameter configuration using the CLI
Variable Value
mezz <true|false> Permits or prevents the mezzanine card from startingwhen it is present on a SF/CPU card.
On a dual CPU chassis the SuperMezz configurationmust be identical on both CPUs: either both CPUs have aSuperMezz or both CPUs do not have a SuperMezz.
The default value is true.If you change this value, you must reset the switch.Before you reset the switch with the mezz parameterenabled, you must ensure that the SuperMezz imageresides on the switch.
nncli <true|false> Configures the switch to use NNCLI or CLI mode.If you change the nncli variable, you must restart thesystem.The default value is false.
reboot <true|false> Activates or disables automatic reboot on a fatal error.The default value is true.If you change this parameter, you must reset the switch.The reboot command is equivalent to the debugmodecommand.
ATTENTIONDo not change this parameter unless directed by Nortel.
rlogind <true|false> Activates or disables the rlogin and rsh server.The default value is false.
savetostandby <true|false> Activates or disables the ability to save the configurationor boot configuration file automatically to the standbySF/CPU.
The default value is true.
If you have a dual SF/CPU system, for ease of operationNortel recommends that you set the savetostandbyvariable to true.
spanning-tree-mode<mstp|rstp|default>
Selects the Multiple Spanning Tree Protocol (MSTP),Rapid Spanning Tree Protocol (RSTP), or default (legacy)spanning tree modes.If you do not specify a protocol, the switch uses thedefault spanning tree mode.If you change this parameter, you must save the currentconfiguration and reset the switch.The default value is rstp.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring system flags 63
Variable Value
sshd <true|false> Activates or disables the SSH server service.The default value is true.
telnetd <true|false> Activates or disables the Telnet server service.The default value is true.
In a dual SF/CPU system, if you disable the Telnet serveryou prevent a Telnet connection from the other SF/CPU.
tftpd <true|false> Activates or disables Trivial File Transfer Protocol (TFTP)server service.The default value is true.
Even if you disable the TFTP server, you can copy filesbetween the SF/CPUs.
trace-logging <true|false> Activates or disables the creation of trace logs.The default value is false.
ATTENTIONDo not change this parameter unless directed by Nortel.
verify-config <true|false> Activates syntax checking of the configuration file.
The default value is false.
• true—when the system detects a syntax error, thesystem loads the factory default configuration
• false—the system logs syntax errors and the SF/CPUcontinues to source the configuration file
Nortel recommends that you use the default variable(false).If you change the verify-config variable, you must resetthe switch.
wdt <true|false> Activates or disables the hardware watchdog timer thatmonitors a hardware circuit.Based on software errors, the watchdog timer restarts theswitch.The default value for the wdt variable is true.
• true—activates a hardware circuit watchdog timer
• false—disables a hardware circuit watchdog timer
If you change the wdt variable, you must reset the switch.
ATTENTION
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
64 Boot parameter configuration using the CLI
Variable Value
Do not change this parameter unless directed by Nortel.
Configuring the remote host logonConfigure the remote host logon to modify parameters for FTP and TFTPaccess. The defaults allow TFTP transfers. If you want to use FTP as thetransfer mechanism, you need to change the password to a non-null value.
Configure the remote host logon by performing this procedure
Procedure steps
Step Action
1 Define conditions for the remote host logon by using thefollowing command:
config bootconfig host
2 Save the changed configuration to the boot.cfg and pcmboot.cfgfiles.
3 Restart the switch.
--End--
Variable definitionsUse the data in the following table to use the config bootconfig hostcommand.
Variable Value
ftp-debug<true|false>
Activates or disables debug mode on FTP. If youenable debug mode, debug messages display on themanagement console screen. The default value isfalse.
info Specifies the current remote host logon settings.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Specifying the master SF/CPU 65
Variable Value
password <value> Configures the password to enable FTP transfers.
• value is the password, up to 16 characters long.After this password is configured, only FTP is usedfor remote host logon.
ATTENTIONThis password must match the password set for theFTP server, or the FTP operation fails. Also, if thepassword is set to a nonnull value, all copying to andfrom the network uses FTP instead of TFTP. If theusername or password is incorrect, copying over thenetwork fails.
tftp-debug<true|false>
Activates or disables debug mode on TFTP/TFTPD.If you enable debug mode, debug messages display onthe management console screen.The default value is false.
tftp-hash<true|false>
Activates or disables the TFTP hash bucket display.The default value is false.
tftp-rexmit<seconds>
Configures the TFTP retransmission timeout.The default value is 6 seconds.
• seconds is the number of seconds from1–120.
tftp-timeout<seconds>
Configures the TFTP timeout value.
The default value is 6 seconds.
• seconds is the number of seconds from 1–120.
user <value> Configures the remote user logon.
• value is the user logon name, up to 16 characterslong.
Specifying the master SF/CPUSpecify the master SF/CPU to determine which SF/CPU becomes themaster after the switch performs a full power cycle.Specify the master SF/CPU by performing this procedure.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
66 Boot parameter configuration using the CLI
Procedure steps
Step Action
1 View the current configuration for the master SF/CPU by usingthe following command:
show bootconfig master
2 Specify the slot of the master SF/CPU by using the followingcommand:
config bootconfig master <cpu-slot>
3 Save the changed configuration to the boot.cfg and pcmboot.cfgfiles.
4 Restart the switch.
--End--
Variable definitionsUse the data in the following table to use the config bootconfigmaster command.
Variable Value
<cpu-slot> Specifies the slot number, either 5 or6, for the master SF/CPU.The default is slot 5.
Configuring SF/CPU network port devicesConfigure the network port devices to define connection settings for theport. The three network ports are:
• management port (mgmt)
• SF/CPU port (cpu2cpu)
• PCMCIA card (pccard)
Configure the SF/CPU network port devices by performing this procedure.
Procedure steps
Step Action
1 Configure the network port by using the following command:
config bootconfig net <mgmt|cpu2cpu|pccard>
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring SF/CPU network port devices 67
2 Save the changed configuration to the boot.cfg and pcmboot.cfgfiles.
--End--
Variable definitionsUse the data in the following table to use the config bootconfig netcommand.
Variable Value
autonegotiate<true|false>
Activates or disables autonegotiation for the port.The default autonegotiation port values are asfollows:• management port is true
• SF/CPU port is false
• PCMCIA card is true
bootp <true|false> Activates or disables the Bootstrap Protocol(BootP) for the port.The default bootp port values are as follows:
• management port is true
• SF/CPU port is true
• PCMCIA card is true
chk-src-route<true|false>
Blocks traffic with no route back to source.The chk-src-route default port values are asfollows:
• management port is true
• SF/CPU port is false
• PCMCIA card is true
enable <true|false> Activates or disables the specified port.The default enable port values are as follows:
• management port is true
• SF/CPU port is true
• PCMCIA card is true
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
68 Boot parameter configuration using the CLI
Variable Value
fullduplex<true|false>
Activates or disables full-duplex mode on thespecified port.The default fullduplex port values are as follows:
• management port is false
• SF/CPU port is true
• PCMCIA card is false
info Specifies information about the currentconfiguration of the specified port.
ip <ipaddr/mask>[cpu-slot <value> ]
Assigns an IP address and mask for:
• the management port
• SF/CPU
• PCMCIA
Optional parameter:
• cpu-slot value specifies the slot number towhich the IP address applies. The valid optionsare 3, 5, or 6. If you do not specify a slot, thesystem assigns the IP address to the port in thecurrently active SF/CPU.
ATTENTIONYou cannot assign an address of 0.0.0.0/0.
restart Shuts down and re-initializes the port.
route [add|del]<netaddr/subnetmask> <gateway>
Configures a route for the port.
• add adds a route. del deletes a route.
• netaddr is the IP address of the network to bereached.
• gateway is the gateway IP address.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring SF/CPU serial port devices 69
Variable Value
speed <10|100> Configures the connection speed for ports to 10Mb/s, 100 Mb/s, or 1000 Mb/s.The default value for management port is 10Mb/s.
The default value for SF/CPU port is 100Mb/s.
The default value for PCMCIA card is 10Mb/s.
tftp <ipaddr> Specifies a TFTP server for the port.
• ipaddr is the IP address of the TFTP server.
The default value is 0.0.0.0.
Configuring SF/CPU serial port devicesConfigure the serial port devices to define connection settings for serialports such as the modem and console port or to disable the port. If youuse American Standard Code for Information Interchange (ASCII) mode,configure the port if you need to use nondefault settings.
If you configure the mode for the modem port as either Serial Line IP(SLIP) or Point-to-Point Protocol (PPP), you must configure additionalparameters.
CAUTIONRisk of service interruptionNortel recommends that you not configure the console portmode to SLIP or PPP. The switch can display log, trace, anderror messages on the console port and these messagesinterfere with the SLIP or PPP operation.
Configure the SF/CPU serial port devices by performing this procedure.
Prerequisites
• You need a DTE-to-DCE cable (straight or transmit cable) to connectthe Ethernet Routing Switch 8600 to a modem.
• You must configure your client dial-up settings to establish aconnection to a modem.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
70 Boot parameter configuration using the CLI
Procedure steps
Step Action
1 Optionally, change the default generic port settings by using thefollowing command:
config bootconfig sio <console|modem|pccard> [8databits<true|false]> [baud <rate>] [mode <ascii|slip|ppp>]
2 If you use PPP mode, configure PPP options by using thefollowing command:
config bootconfig sio <console|modem|pccard> [mtu<bytes>] [my-ip <ipaddr>] [peer-ip <ipaddr>] pppfile<file>
3 If you use SLIP mode, optionally change the default SLIPsettings by using the following command:
config bootconfig sio <console|modem|pccard>[slip-compression <true|false>] [slip-rx-compression<true|false>]
4 Restart the port by using the following command:
config bootconfig sio <console|modem|pccard> restart
5 Disable the port by using the following command:
config bootconfig sio <console|modem|pccard> enablefalse
6 Save the changed configuration to the boot.cfg and pcmboot.cfgfiles.
7 Restart the switch.
--End--
Variable definitionsUse the data in the following table to use the config bootconfig siocommand.
Variable Value
8databits<true|false>
Specifies either 8 (true) or 7 (false) data bits for eachbyte for the software to interpret.The default value is 7 (false).
baud <rate> Configures the baud rate for the port.The default value is 9600.
enable <true|false>
Activates or disables the port.The default value is true.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring SF/CPU serial port devices 71
Variable Value
info Specifies information about the specified port.
mode <ascii|slip|ppp>
Configures the communication mode for the serial port.The default communication mode is ASCII.
If you are configuring the modem port, you can setthe port to use either the SLIP or PPP communicationmode.
mtu <bytes> Configures the size of the maximum transmission unitfor a PPP link from 0–2048.The default value is 0.
my-ip <ipaddr> Configures the IP address for the server side, theEthernet Routing Switch 8600, of the point-to-point link.The default is value 0.0.0.0.Nortel recommends that you use the IP address for themanagement port.
peer-ip <ipaddr> Configures the peer, the PC, IP address on thepoint-to-point link. The default value is 0.0.0.0.The switch assigns this value to a PC that connectsthrough the modem port with configured TCP/IPproperties to obtain an IP address automatically.If the client uses a static IP address, the EthernetRouting Switch 8600 accepts this address.If you use the Password Authentication Protocol (PAP)authentication, you must ensure that the client uses thecorrect IP address.
pppfile <file> Specifies the PPP configuration file to provide detailsfor authentication, and other options, to include duringthe start procedure of the switch.If you set the port mode to PPP, you must specify aPPP file name. For more information about this file,see “Job aid” (page 72).The PPP file name is a string value of no morethan 64 characters. Identify the file in the format{a.b.c.d:|peer:|/pcmcia/|/flash/}<file>.
ATTENTIONDo not specify a PPP file name with more than 64characters.
restart Shuts down and initializes the port.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
72 Boot parameter configuration using the CLI
Variable Value
slip-compression<true|false>
Activates or disables Transmission Control Protocolover IP (TCP/IP) header compression for SLIP mode.The default value is false.
slip-rx-compression <true|false>
Activates or disables TCP/IP header compression onthe receive packet for SLIP mode.The default value is false.
Job aidCreate the PPP file with one option on each line; comment lines start witha pound sign (#). The following table lists the recognized options.
Table 6Job aid
Option Description
asyncmap <value> Configures the desired async map tothe value you specify.
chap_file <file> Obtains Challenge-HandshakeAuthentication Protocol (CHAP)secrets from the specified file. Yourequire this option if either peerrequires CHAP authentication. If yourusers must use the same IP address,the PAP and CHAP secret files mustspecify the same IP address for allusers and it must match the peer-ipconfiguration on the modem port.
chap_interval <value> Configures the interval, in seconds, forthe CHAP rechallenge to the value youspecify.
chap_restart <value> Configures the timeout, in seconds,for CHAP negotiation to the value youspecify.
debug Activates the PPP daemon debugmode.
default_route Adds a default route to the systemrouting table, after successful InternetProtocol Control Protocol (IPCP)negotiation. Use the peer as thegateway. After the PPP connectionends, the system removes this entry.
driver_debug Activates PPP driver debug mode.
escape_chars <value> Configures the characters to escapeon transmission to the value youspecify.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring SF/CPU serial port devices 73
Table 6Job aid (cont’d.)
Option Description
ipcp_accept_local Accepts what the remote peer uses asthe target local IP address, even if thelocal IP address is specified.
ipcp_accept_remote Accepts what the remote peer uses asthe IP address, even if you specify theremote IP address.
ipcp_max_configure <value> Configures the maximum number oftransmissions for IPCP configurationrequests to the value you specify.
ipcp_max_failure <value> Configures the maximum numberof IPCP configuration negativeacknowledgements (NAK) to the valueyou specify.
ipcp_max_terminate <value> Configures the maximum number oftransmissions for IPCP terminationrequests to the value you specify.
ipcp_restart <value> Configures the timeout, in seconds,for IPCP negotiation to the value youspecify.
lcp_echo_failure <value> Configures the maximum consecutiveLink Control Protocol (LCP) echofailures to the value you specify.
lcp_echo_interval <value> Configures the interval, in seconds,between LCP echo requests to thevalue you specify.
lcp_max_configure <value> Configures the maximum number oftransmissions for LCP configurationrequests to the value you specify.
lcp_max_failure <value> Configures the maximum number ofLCP configuration NAKs to the valueyou specify.
lcp_max_terminate <value> Configures the maximum number oftransmissions for LCP terminationrequests to the value you specify.
lcp_restart <value> Configures the timeout in seconds forthe LCP negotiation to the value youspecify.
local_auth_name <name> Configures the local name forauthentication to the specified name.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
74 Boot parameter configuration using the CLI
Table 6Job aid (cont’d.)
Option Description
login Uses the logon password databasefor Password Authentication Protocol(PAP) peer authentication.
max_challenge <value> Configures the maximum number oftransmissions for CHAP challengerequests to the value you specify.
mru <value> Configures the maximum receive unit(MRU) size for negotiation to the valueyou specify.
mtu <value> Configures the maximum transmissionunit (MTU) size for negotiation to thevalue you specify.
netmask <value> Configures the netmask value fornegotiation to the value you specify.
no_acc Disables address control compression.
no_all Does not request or allow options.
no_asyncmap Disables async map negotiation.
no_chap Disallows CHAP authentication withpeer.
no_ip Disables IP address negotiation inIPCP.
no_mn Disables magic number negotiation.
no_mru Disables MRU negotiation.
no_pap Disables PAP authentication with thepeer.
no_pc Disables protocol field compression.
no_vj Disables Van Jacobson (VJ)compression. VJ compressionreduces the regular 40-byte TCP/IPheader to 3 or 8 bytes.
no_vjccomp Disables VJ connection IDcompression.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring SF/CPU serial port devices 75
Table 6Job aid (cont’d.)
Option Description
pap_file <file> Obtains PAP secrets from thespecified file. You require thisoption if either peer requires PAPauthentication. If your users must usethe same IP address, the PAP andCHAP secret files must specify thesame IP address for all users and itmust match the peer-ip configurationon the modem port.
pap_max_authreq <value> Configures the maximum number oftransmissions for PAP authenticationrequests to the value you specify.
pap_passwd <password> Configures the password for PAPauthentication with the peer to thespecified password.
pap_restart <value> Configures the timeout, in seconds,for PAP negotiation to the value youspecify.
pap_user_name <name> Configures the user name for PAPauthentication with the peer to thespecified name.
passive_mode Configures passive mode. PPP waitsfor the peer to connect after an initialconnection attempt.
proxy_arp Adds an entry to the AddressResolution Protocol (ARP) tablewith the IP address of the peer and theEthernet address of the local system.
remote_auth_name <name> Configures the remote name forauthentication to the specified name.
require_chap Requires CHAP authentication withpeer.
require_pap Requires PAP authentication withpeer.
silent_mode Configures silent mode. PPP doesnot transmit LCP packets to initiate aconnection until it receives a valid LCPpacket from the peer.
vj_max_slots <value> Configures the maximum number ofVJ compression header slots to thevalue you specify.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
76 Boot parameter configuration using the CLI
Table 7 "Sample PPP file" (page 76) shows example contents from a PPPfile.
Table 7Sample PPP file
passive_mode
lcp_echo_interval 30
lcp_echo_failure 10
require_chap
require_pap
no_vj
ipcp_accept_remote
login
chap_file "my_chap"
pap_file "my_pap"
Configuring the time zoneSet the time zone to specify the time for your location and configure thesettings for daylight saving by performing this procedure.
The format for the time zone command is derived with observation ashours:minutes when compared to minutes only in other Ethernet RoutingSwitches series for both DST offset and offset from GMT. The input valueis positive for the west side of GMT as opposed to negative in every othercommercial product.
Procedure steps
Step Action
1 Configure the time zone by using the following command:
config bootconfig tz
2 Save the changed configuration to the boot.cfg and pcmboot.cfgfiles.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring the time zone 77
3 Restart the switch.
--End--
Variable definitionsUse the data in the following table to use the config bootconfig tzcommand.
Variable Value
dst-end <Mm.n.d/hhmm|MMddhhmm>
Configures the ending date of daylight saving time.You can specify the time in one of the following ways:
• Mm.n.d/hhmm specifies an hour on the nthoccurrence of a weekday in a month. For example,M10.5.0/0200 means the fifth occurrence ofSunday in the tenth month (October) at 2:00 a.m.
• MMddhhmm specifies a month, day, hour, andminute. For example, 10310200 means October 31at 2:00 a.m.
dst-name<dstname>
Configures an abbreviated name for the local daylightsaving time zone.
• dstname is the name (for example, "pdt" is PacificDaylight Time).
dst-offset<minutes|hh:mm>
Configures the daylight saving adjustment in minutes orhours:minutes. The values range from -4:0 to 4:0 forhours:minutes and from -240 to 240 for minutes.
The default value is 60.
dst-start <Mm.n.d/hhmm|MMddhhmm>
Configures the starting date of daylight saving time.
• Mm.n.d/hhmm specifies an hour on the nthoccurrence of a weekday in a month. For example,M10.5.0/0200 means the fifth occurrence ofSunday in the tenth month (October) at 2:00 a.m.
• MMddhhmm specifies a month, day, hour, andminute. For example, 10310200 means October 31at 2:00 a.m.
info Specifies time zone information.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
78 Boot parameter configuration using the CLI
Variable Value
name <tz> Configures an abbreviated name for the local timezone name.
• tz is the name (for example "pst" is PacificStandard Time).
offset-from-utc<minutes|hh:mm>
Configures the time zone offset, in minutes orhours:minutes, to subtract from Universal CoordinatedTime (UTC), where positive numbers mean westof Greenwich and negative numbers mean east ofGreenwich.The values range from -14:0 to 14:0 for hours:minutesand from -840 to 840 for minutes.The default value is 0.
Enabling remote access services from the run-time CLIEnable the remote access service to provide multiple methods of remoteaccess by performing this procedure.
Prerequisites
• If you enable an rlogin flag, you must configure an access policy andspecify the name of the user who can access the switch.
Procedure steps
Step Action
1 Enable or disable the access service by using the followingcommand:
config bootconfig flags <access-service> <true|false>
2 Save the configuration.
--End--
Variable definitionsUse the data in the following table to use the config bootconfig flagscommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Displaying the boot monitor configuration 79
Variable Value
access-service Specify the type of remote accessservice. Enter one of the following:ftpd, rlogind, telnetd, tftpd, or sshd.
true|false Enables or disables a remote accessservice.
• true—activates a service
• false—disables a service
Displaying the boot monitor configurationDisplay the configuration to view current or changed settings for the bootmonitor and boot monitor CLI by performing this procedure.
CAUTIONRisk of equipment failureDo not edit the boot.cfg file manually because the switch readsthis file during the boot process. Errors generated while editingthe file can render the switch inoperable.
Procedure steps
Step Action
1 View the configuration using one of the following commands:
show bootconfig
or
config bootconfig show
--End--
Variable definitionsUse the data in the following table to use the show bootconfig andconfig bootconfig show commands.
Variable Value
choice Specifies the current boot configuration choices.
cli Specifies the current cli configuration.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
80 Boot parameter configuration using the CLI
Variable Value
config [verbose] Specifies the current boot configuration.
• verbose includes all possible information.
If you omit verbose, only the values that werechanged from their default settings are displayed.
flags Specifies the current flag settings.
host Specifies the current host configuration.
info Specifies the current settings for the boot monitor.
master Specifies the current SF/CPU slot set as master andthe settings for the delay and multicast command.
mezz-image Specifies the mezzanine image.
net Specifies the current configuration of the SF/CPUnetwork ports.
show-all [file<value> ]
Specifies all relevant information about bootconfiguration on the switch.
• value is the filename to which the output isredirected.
sio Specifies the current configuration of the SF/CPU serialports.
tz Specifies the current configuration of the switch timezone.
wlan Specifies wireless LAN information.
bootp Specifies the BootP configuration.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
81.
Boot parameter configuration usingthe NNCLI
Use the procedures in this section to configure and manage the bootmonitor using the Nortel Networks command line interface (NNCLI).
Prerequisites to boot parameter configuration• You initiate a boot monitor session only through a direct serial-port
connection to the switch. After the boot monitor is active, you can setthe flags for Telnet and rlogin to allow remote access, but accessto the boot monitor is still only available through a direct serial-portconnection. Within the boot monitor, you can change the bootconfiguration, including boot choices and boot flags.
• To perform the procedures in this section, you must log on to theGlobal Configuration mode in the NNCLI. For more information aboutusing NNCLI, see Nortel Ethernet Routing Switch 8600 User InterfaceFundamentals (NN46205-308).
Navigation• “Job aid” (page 82)
• “Accessing the boot monitor ” (page 85)
• “Accessing the boot monitor from the run-time environment” (page 85)
• “Configuring the boot monitor” (page 86)
• “Modifying the boot sequence” (page 87)
• “Enabling remote access services” (page 88)
• “Changing the boot source order” (page 89)
• “Configuring the standby-to-master delay” (page 90)
• “Configuring system flags” (page 91)
• “Configuring the remote host logon” (page 99)
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
82 Boot parameter configuration using the NNCLI
• “Specifying the master SF/CPU” (page 101)
• “Configuring SF/CPU network port devices” (page 101)
• “Configuring SF/CPU serial port devices” (page 103)
• “Configuring the time zone” (page 111)
• “Displaying the boot monitor configuration” (page 114)
Job aidThe following table lists the commands and their parameters that you useto complete the procedures in this section.
Table 8Job aid
Command Parameter
Privileged EXEC mode
bootp
choice
cli
flags
general
host
master
mezz-image
net
running-config
sio
tz
show boot config
wlan
Global Configuration mode
<primary|secondary|tertiary>
backup-config-file <file>
config-file <file>
boot config choice
image-file <file>
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Job aid 83
Command Parameter
8100-mode
8616-reautoneg
delay <seconds>
more
prompt <value>
screenlines <value>
boot config cli
timeout <seconds>
alt-led
autoboot
block-snmp
block-warmstandby-switchover
control-record-optimization
daylight-saving-time
debug-config
debugmode
egress-mirror
factorydefaults
ftpd
ha-cpu
hsecure
logging
mezz
nncli
reboot
rlogind
savetostandby
spanning-tree-mode
sshd
telnetd
tftpd
trace-logging
verify-config
boot config flags
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
84 Boot parameter configuration using the NNCLI
Command Parameter
wdt
ftp-debug
password
tftp-debug
tftp-hash
tftp-rexmit
tftp-timeout
boot config host
user
boot config master <cpu-slot>
autonegotiate
bootp
chk-src-route
fullduplex
ip
restart
route
speed
boot config net <cpu-network-port>
tftp
8databits
baud
mode
mtu
my-ip
peer-ip
pppfile
restart
slip-compression
boot config sio <console|modem|pccard>
slip-rx-compression
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Accessing the boot monitor from the run-time environment 85
Command Parameter
dst-end
dst-name
dst-offset
dst-start
name
boot config tz
offset-from-utc
Accessing the boot monitorAccess the boot monitor to configure and manage the boot process byperforming this procedure.
Procedure steps
Step Action
1 Restart the switch.
2 Interrupt the boot sequence by pressing the Enter key after thefollowing prompt is displayed:
Press Enter to stop autoboot.
--End--
Accessing the boot monitor from the run-time environmentAccess the boot monitor from the run-time environment to configure andmanage the boot process by performing this procedure.
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 Configure the autoboot flag by using the following command:
no boot config flags autoboot
2 Save the boot configuration by using the following command:
save bootconfig
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
86 Boot parameter configuration using the NNCLI
3 Restart the switch.
--End--
Configuring the boot monitorConfigure the boot monitor to configure connection settings for NNCLIsessions by performing this procedure.
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 Configure the boot monitor CLI by using the following command:
boot config cli [more] [prompt <value>] [screenlines<value>] [timeout <seconds>]
2 Save the changed configuration file.
3 Restart the switch.
--End--
Variable definitionsUse the data in the following table to use the boot config clicommand.
Variable Value
more Configures scrolling for the outputdisplay.
The default is true.Use the no operator to remove thisconfiguration.To set this option to the default value,use the default operator with thecommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Modifying the boot sequence 87
Variable Value
prompt <value> Changes the boot monitor prompt tothe defined string.
• value is a string from 1–32characters.
To set this option to the default value,use the default operator with thecommand.
screenlines <value> Configures the number of lines in theoutput display.
• value is the number of lines from1–64.
To set this option to the default value,use the default operator with thecommand.The default is value 23.
timeout <seconds> Configures the idle timeout periodbefore automatic logoff for NNCLIsessions.
• seconds is the timeout period, inseconds,from 0–65536.
To set this option to the default value,use the default operator with thecommand.The default value is 0.
Modifying the boot sequenceModify the boot sequence to prevent the switch from using the factorydefault settings or, conversely, to prevent loading a saved configuration fileby performing this procedure.
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 Bypass the loading of the switch configuration with the followingcommand:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
88 Boot parameter configuration using the NNCLI
boot config flags factorydefaults
ATTENTIONIf the switch fails to read and load a saved configuration file after itstarts, ensure you use the no operator with this command, no bootconfig flags factorydefaults, before investigating otheroptions.
--End--
Enabling remote access servicesEnable the remote access service to provide multiple methods of remoteaccess by performing this procedure.
Prerequisites
• If you enable an rlogin flag, you must configure an access policy tospecify the name of the user who can access the switch.
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 Enable the access service by using the following command:
boot config flags <access-service>
2 Save the boot configuration.
--End--
Variable definitionsUse the data in the following table to use the boot config flagscommand.
Variable Value
access-service Specifies the type of remote accessservice to enable. Select from thefollowing list:• ftpd
• rlogind
• sshd
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Changing the boot source order 89
Variable Value
• telnetd
• tftpd
Use the no operator to remove thisconfiguration.To set this option to the default value,use the default operator with thecommand.
Changing the boot source orderChange the boot source order to display or change the order in which thesystem accesses the boot sources (flash and PCMCIA card) by performingthis procedure.
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 Change the boot order by using the following command:
boot config choice <primary|secondary|tertiary>backup-config-file <file> config-file <file> image-file<file> license-file <file>
2 Save the changed configuration to the boot.cfg and pcmboot.cfgfiles.
3 Restart the switch.
--End--
Variable definitionsUse the data in the following table to use the boot config choicecommand.
Variable Value
backup-config-file<file>
Identifies the backup boot configuration file.
• file is the device and file name, up to 255characters including the path.
To set this option to the default value, use thedefault operator with the command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
90 Boot parameter configuration using the NNCLI
Variable Value
config-file <file> Identifies the boot configuration file.
• file is the device and file name, up to 255characters including the path.
To set this option to the default value, use thedefault operator with the command.
license-file <file> Identifies the license file.
• file is the device and file name, up to 255characters including the path.
image-file <file> Identifies the image file.
• file is the device and file name, up to 255characters including the path.
To set this option to the default value, use thedefault operator with the command.
<primary|secondary|tertiary>
Lists the order in which the specified boot devicesare accessed after you restart the switch. Theprimary source for files is the PCMCIA card, thesecondary source is the onboard flash memory,and the tertiary source is the network server. Thedefault order is to access the device specified inthis command first, and then to access the onboardflash.
Example of changing the boot source order
Step Action
1 Specify the configuration file in flash memory as the primary bootsource:
config bootconfig choice primary config-file/flash/config.cfg
--End--
Configuring the standby-to-master delayConfigure the standby-to-master delay to set the number of seconds astandby SF/CPU waits before trying to become the master SF/CPU. Thetime delay you configure applies during a cold start; it does not apply toa failover start.
Configure the standby-to-master delay by performing this procedure.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring system flags 91
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 Configure the number of seconds by using the followingcommand:
boot config cli delay <seconds>
2 Save the changed configuration to the boot.cfg and pcmboot.cfgfiles.
3 Restart the switch.
--End--
Configuring system flagsSet the system flags to enable flags for specific configuration settings byperforming this procedure.
ATTENTIONIf auto-trace is activated, SF/CPU utilization increases by up to 30 percent.
ATTENTIONAfter you change certain configuration parameters using the boot configflags command, you must save the changes to the configuration file andrestart the switch before the changes take effect. For more information aboutwhich parameters require a switch reset, see the variable definitions tablefollowing the procedure.
Prerequisites
• If you enable the hsecure flag, you cannot enable the flags for the Webserver or SSH password-authentication.
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 Enable system flags by using the following command:
boot config flags <flag>
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
92 Boot parameter configuration using the NNCLI
To disable a flag use the no operator before the flag command:no boot config flags <flag>.
To set a flag to the default value, use the default operator withthe command.
2 Save the changed configuration to the boot.cfg and pcmboot.cfgfiles.
3 Restart the switch.
--End--
Variable definitionsUse the data in the following table to use the boot config flagscommand.
Variable Value
8100-mode Turns the flag ON or OFF.The default value is false.
8616-reautoneg Permits 8616 modules to reautonegotiate whenconnected to a Multiservice Switch 15000.The default value is false.
alt-led Activates the alternate LED behavior.The default is false (disabled).If you change this parameter, you must resetthe switch.
ATTENTIONDo not change this parameter unless directedby Nortel.
autoboot Enables or disables automatic use of therun-time image by the switch after reset.The default value is true (enabled).
If you disable autoboot, the boot process stopsat the boot monitor prompt. Disabling autobootcan facilitate debug tasks.If you change this parameter, you must resetthe switch.
block-snmp Enables or disables Simple NetworkManagement Protocol (SNMP) management.The default value is disabled.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring system flags 93
Variable Value
block-warmstandby-switchover Enables or disables use of the secondarySF/CPU (in warm standby mode) as the primarySF/CPU if you reset the switch.
• enabled—prevents use of the secondarySF/CPU (in warm standby mode) from asthe primary SF/CPU if you reset the primarySF/CPU/
• disabled—designates the secondarySF/CPU in warm standby mode as theprimary SF/CPU if you reset the primarySF/CPU.
The default setting is disabled.If you change the block-warmstandby-switchover setting, you must reset the switch.
control-record-optimization Enables or disables creation of hardwarerecords to route Layer 3 protocol destinationmulticast addresses.By default, the switch creates hardware recordsto route Layer 3 protocol destination multicastaddresses even if the corresponding protocol isdisabled.
Set the control-record-optimization variable totrue (enabled) to
• prevent creation of hardware records
• achieve higher record scaling
• achieve faster boot time
Set the control-record-optimization variable tofalse (disabled) when operating the switch in
• High Availability mode
• a mixed chassis containing R or RSmodules
This flag applies only to classic E and Mmodules.
The default setting is false (disabled).If you change this parameter, you must resetthe switch.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
94 Boot parameter configuration using the NNCLI
Variable Value
daylight-saving-time Activates or disables Daylight Saving Time(DST) for the switch.If you enable DST you must configure the DSTsettings using the config bootconfig tzcommand.The default value is disabled.
debug-config Activates or disables run-time debugging of theconfiguration file.Use one of the following variables to configurethe command.
• true—line by line configuration fileprocessing displays on the console duringSF/CPU initialization
• false—disables run-time configuration filedebug
The default value is false (disabled).If you change the debug-config variable value,you must reset the switch.
debugmode Controls whether the switch stops in debugmode following a fatal error. Debug modeprovides information equivalent to the tracecommands.
• true (enabled)—the switch does not restartfollowing a fatal error
• false (disabled)—the switch restartsautomatically following a fatal error
The default value is disabled.If you change this parameter, you must resetthe switch.
ATTENTIONDo not change this parameter unless directedby Nortel.
egress-mirror Activates egress traffic mirroring for E and Mmodules.The default value is activated.If you change this parameter, you must resetthe switch.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring system flags 95
Variable Value
factorydefaults Specifies whether the switch uses the factorydefault settings at startup.The default value is disabled.This flag is automatically set back to the defaultsetting after the CPU restarts.If you change this parameter, you must resetthe switch.
ftpd Activates or disables theFTP server on theswitch.The default value is disabled.To enable FTP, ensure that the tftpd flag isdisabled.
ha-cpu Activates or disables High Availability (HA)mode. Switches with two SF/CPUs use HAmode to recover quickly from a failure of one ofthe SF/CPUs.
If you enable High Availability mode, thesecondary SF/CPU resets to load settings fromthe saved boot configuration file. You mustreset the primary SF/CPU after the secondarySF/CPU starting is complete.
CAUTIONRisk of service lossEnabling HA mode candisable certain features.
For more information about what features aresupported with HA, see Table 14 "Featuresupport for HA in specified software releaseversions" (page 153).
hsecure Activates or disables High Secure mode in theswitch.
The hsecure command provides the followingpassword behavior:
• 10 character enforcement
• aging time
• failed login attempt limitation
• designated IP address filtration
The default value is false (disabled).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
96 Boot parameter configuration using the NNCLI
Variable Value
If you enable High Secure mode, you mustreset the switch to enforce secure passwords.
If you operate the switch in High Secure mode,the switch prompts a password change if youenter invalid-length passwords.
logging If a PCMCIA exists in the system, you can usethe logging command to activate or disablesystem logging to a file on the PCMCIA.
The default value is true (enabled).
The system names log files according to thefollowing:
• File names appear in 8.3 (xxxxxxxx.sss)format.
• The first 6 characters of the file namecontain the last three bytes of the chassisbase MAC address.
• The next two characters in the file namespecify the slot number of the CPU thatgenerated the logs.
• The last three characters in the file nameare the sequence number of the log file.
The system generates multiple sequencenumbers for the same chassis and same slot if
• you replace the CPU
• you reinsert the CPU
• the system reaches the maximum log filesize
mezz Permits or prevents the mezzanine card fromstarting if it is present on a SF/CPU card.
If you enable mezz on a dual CPU chassis,ensure that both CPUs contain a SuperMezzcard.
The mezz default value is enabled.If you change this parameter, you must resetthe switch.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring system flags 97
Variable Value
If you reset the switch with mezz enabled,ensure that the SuperMezz image resides onthe switch prior to the reset.
nncli Configures the switch to use NNCLI or CLImode.After you change this parameter, you mustrestart the system for the change to take effect.The default value is true.
reboot Activates or disables automatic reboot on a fatalerror.The default value is activated.The reboot command is equivalent to thedebugmode command.If you change the reboot variable value, youmust reset the switch.
ATTENTIONDo not change this parameter unless directedby Nortel.
rlogind Activates or disables the rlogin and rsh server.The default value is disabled.
savetostandby Activates or disables automatic save of theconfiguration or boot configuration file to thestandby SF/CPU.The default value is disabled.
If you operate a dual SF/CPU system, Nortelrecommends that you enable this flag for easeof operation.
spanning-tree-mode <mstp|rstp|default>
Specifies the Multiple Spanning Tree Protocol(MSTP), Rapid Spanning Tree Protocol (RSTP),or default (legacy) spanning tree mode.If you do not specify a protocol, the switch usesthe default mode.The default mode is rstp.If you change the spanning tree mode, youmust save the current configuration and resetthe switch.
sshd Activates or disables the SSH server service.The default value is true (enabled).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
98 Boot parameter configuration using the NNCLI
Variable Value
telnetd Activates or disables the Telnet server service.The default is disabled.
If you disable the Telnet server service in a dualSF/CPU system, the Telnet server preventsa Telnet connection initiated from the otherSF/CPU.
tftpd Activates or disables Trivial File TransferProtocol (TFTP) server service.The default value is disabled.
If you disable the TFTP server you can stillcopy files between the SF/CPUs.
trace-logging Activates or disables the creation of trace logs.The default value is disabled.
ATTENTIONDo not change this parameter unless directedby Nortel.
verify-config Activates syntax checking of the configurationfile.The default value is true (enabled).If the system finds a syntax error, it loads thefactory default configuration.
If you set the variable to false, the system logssyntax errors and the SF/CPU continues tosource the configuration file.
Nortel recommends that you set theverify-config variable to false.If you change this parameter, you must resetthe switch.
wdt Activates or disables the hardware watchdogtimer monitoring a hardware circuit.The default value is activated.The watchdog timer restarts the switch basedon software errors.If you change the wtd variable, you must resetthe switch.
ATTENTIONDo not change this parameter unless directedby Nortel.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring the remote host logon 99
Configuring the remote host logonConfigure the remote host logon to modify parameters for FTP and TFTPaccess. The defaults allow TFTP transfers. If you want to use FTP as thetransfer mechanism, you need to change the password to a non-null value.
Configure the remote host logon by performing this procedure.
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 Define conditions for the remote host logon by using thefollowing command:
boot config host
2 Save the changed configuration to the boot.cfg and pcmboot.cfgfiles.
3 Restart the switch.
--End--
Variable definitionsUse the data in the following table to use the boot config hostcommand.
Variable Value
ftp-debug Activates or disables debug mode on FTP.If you enable debug mode, debug messages display onthe management console screen.The default value is disabled.Use the no operator to remove this configuration.To set this option to the default value, use thedefault operator with the command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
100 Boot parameter configuration using the NNCLI
Variable Value
password <value> Configures the password to enable FTP transfers.
• value is the password, up to 16 characters long.If you configure this password, you can use onlyFTP for remote host logon.
ATTENTIONThis password must match the password set for theFTP server, or the FTP operation fails. If you set thepassword to a nonnull value, all copy operations toand from the network use FTP instead of TFTP. If theuser name or password is incorrect, copy operationsover the network fail.
tftp-debug Activates or disables debug mode on TFTP/TFTPD.If you enable debug mode, debug messages display onthe management console screen.The default value is disabled.Use the no operator to remove this configuration.To set this option to the default value, use thedefault operator with the command.
tftp-hash Activates or disables the TFTP hash bucket display.The default value is disabled.Use the no operator to remove this configuration.To set this option to the default value, use thedefault operator with the command.
tftp-rexmit<seconds>
Configures the TFTP retransmission timeout. Thedefault value is 2 seconds.
• seconds is the number of seconds from 1–120.
To set this option to the default value, use thedefault operator with the command.
tftp-timeout<seconds>
Configures the TFTP timeout.The default value is 10 seconds.
• seconds is the number of seconds from 1–120.
To set this option to the default value, use thedefault operator with the command.
user <value> Configures the remote user logon.
• value is the user logon name, up to 16 characterslong.
To set this option to the default value, use thedefault operator with the command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring SF/CPU network port devices 101
Specifying the master SF/CPUSpecify the master SF/CPU to designate which SF/CPU becomes themaster after the switch performs a full power cycle.Specify the master SF/CPU by performing this procedure.
Prerequisites
• You must log on to the NNCLI Global Configuration mode.
Procedure steps
Step Action
1 View the current configuration for the master SF/CPU by usingthe following command:
show boot config master
2 Specify the slot of the master SF/CPU by using the followingcommand:
boot config master <cpu-slot>
3 Save the changed configuration to the boot.cfg and pcmboot.cfgfiles.
4 Restart the switch.
--End--
Variable definitionsUse the data in the following table to use the boot config mastercommand.
Variable Value
<cpu-slot> Specifies the slot number, either 5 or6, for the master SF/CPU.The default value is slot 5.
Configuring SF/CPU network port devicesConfigure the network port devices to define connection settings for theport. The three network ports are:
• management port (mgmt)
• SF/CPU port (cpu2cpu)
• PCMCIA card (pccard)
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
102 Boot parameter configuration using the NNCLI
Prerequisites
• You must log on to the NNCLI Global Configuration mode.
Procedure steps
Step Action
1 Configure the network port by using the following command:
boot config net <cpu-network-port>
2 Save the changed configuration to the boot.cfg and pcmboot.cfgfiles.
--End--
Variable definitionsUse the data in the following table to use the boot config netcommand.
Variable Value
<cpu-network-port> Identifies the port using one of the following:• mgmt
• cpu2cpu
• pccard
autonegotiate Activates or disables autonegotiation for the port.The default value is disabled.Use the no operator to remove this configuration.To set this option to the default value, use thedefault operator with the command.
bootp Activates or disables the Bootstrap Protocol(BootP) for the port.The default value is activated.Use the no operator to remove this configuration.To set this option to the default value, use thedefault operator with the command.
chk-src-route Blocks traffic with no route back to the source.The default value is activated.Use the no operator to remove this configuration.To set this option to the default value, use thedefault operator with the command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring SF/CPU serial port devices 103
Variable Value
fullduplex Activates or disables full-duplex mode on thespecified port.The default value is activated.Use the no operator to remove this configuration.To set this option to the default value, use thedefault operator with the command.
ip <ipaddr/mask>[cpu-slot <value> ]
Assigns an IP address/mask for the managementport, SF/CPU, or PCMCIA card.
Optional parameter:
• cpu-slot value specifies the slot number towhich the IP address applies.The valid options are 3, 5, or 6.If you do not specify a slot, the system assignsthe IP address to the port in the currently activeSF/CPU.
In an 8003 chassis, only SF/CPU slot 3 isavailable.
ATTENTIONYou cannot assign an address of 0.0.0.0/0.
restart Restarts the port.
route <netaddr> Configures a route for the port. netaddr is theIP address and mask of the network you want toreach.
Use the no operator to remove this configuration.
speed <10|100> Configures the connection speed for ports to 10Mb/s, 100 Mb/s, or 1000 Mb/s.The default is 10 Mb/s.To set this option to the default value, use thedefault operator with the command.
tftp <ipaddr> Specifies a TFTP server for the port.
ipaddr is the IP address of the TFTP server.
Configuring SF/CPU serial port devicesConfigure the serial port devices to define connection settings for serialports; for example, the modem and console port .
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
104 Boot parameter configuration using the NNCLI
If you configure the modem port mode as either Serial Line IP (SLIP) orPoint-to-Point Protocol (PPP), you must configure additional parameters.
CAUTIONRisk of service interruptionNortel recommends that you not configure the console portmode to SLIP or PPP. The switch can display log, trace, anderror messages on the console port and these messagesinterfere with the SLIP or PPP operation.
Prerequisites
• You need a DTE-to-DCE cable (straight or transmit cable) to connectthe Ethernet Routing Switch 8600 to a modem.
• You must configure your client dial-up settings to establish aconnection to a modem.
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 Optionally, change the default generic port settings by using thefollowing command:
boot config sio <console|modem|pccard> [8databits][baud <rate>] [mode <ascii|slip|ppp>]
2 If you use PPP mode, configure PPP options by using thefollowing command:
boot config sio <console|modem|pccard> [mtu <bytes>][my-ip <ipaddr>] [peer-ip <ipaddr>] pppfile <file>
3 If you use SLIP mode, optionally change the default SLIPsettings by using the following command:
boot config sio <console|modem|pccard> [slip-compression <true|false>] [slip-rx-compression <true|false>]
4 Restart the port by using the following command:
boot config sio <console|modem|pccard> restart
5 Disable the port by using the following command:
no boot config sio <console|modem|pccard>
6 Save the changed configuration to the boot.cfg and pcmboot.cfgfiles.
7 Optionally, shutdown and reinitialize the port by using thefollowing command:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring SF/CPU serial port devices 105
boot config sio modem restart
8 Restart the switch.
--End--
Variable definitionsUse the data in the following table to use the boot config siocommand.
Variable Value
8databits Specifies either 8 (activated) or 7 (disabled) data bitsfor each byte for the software to interpret.The default value is 7 (disabled).Use the no operator to remove this configuration.To set this option to the default value, use thedefault operator with the command.
baud <rate> Configures the baud rate for the port.The default value is 9600.To set this option to the default value, use thedefault operator with the command.
mode <ascii|slip|ppp>
Configures the communication mode for the serial port.The default is ASCII (American Standard Code forInformation Interchange).
If you are configuring the modem port, you can setthe port to use either the SLIP or PPP communicationmode.
To set this option to the default value, use thedefault operator with the command.
mtu <bytes> Configures the size of the maximum transmission unitfor a PPP link, from 0–2048.The default value is 0.To set this option to the default value, use thedefault operator with the command.
my-ip <ipaddr> Configures the IP address for the server side, theEthernet Routing Switch 8600, of the point-to-point link.The default value is 0.0.0.0.Nortel recommends that you use the current IPaddress for the management port.To set this option to the default value, use thedefault operator with the command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
106 Boot parameter configuration using the NNCLI
Variable Value
peer-ip <ipaddr> Configures the peer (the PC) IP address on thepoint-to-point link. The default is 0.0.0.0.The switch assigns the peer IP address to a PCthat connects through the modem port if the TCP/IPproperties for the PC are configured to obtain an IPaddress automatically.If the client uses a static IP address, the EthernetRouting Switch 8600 accepts this address.If you use Password Authentication Protocol (PAP)authentication, you must ensure that the client uses thecorrect IP address.To set this option to the default value, use thedefault operator with the command.
pppfile <file> Specifies the PPP configuration file that providesauthentication details and options to include during theswitch boot procedure.The PPP file name is a string value of no morethan 64 characters. Identify the file in the format{a.b.c.d:|peer:|/pcmcia/|/flash/}<file>.
ATTENTIONDo not specify a PPP file name with more than 64characters.
To set this option to the default value, use thedefault operator with the command.
restart Shuts down and initializes the port.
slip-compression<true|false>
Activates or disables Transmission Control Protocolover IP (TCP/IP) header compression for SLIP mode.The default value is false.Use the no operator to remove this configuration.To set this option to the default value, use thedefault operator with the command.
slip-rx-compression <true|false>
Activates or disables TCP/IP header compression onthe receive packet for SLIP mode.The default value is false.Use the no operator to remove this configuration.To set this option to the default value, use thedefault operator with the command.
Job aidCreate the PPP file with one option on each line; comment lines start witha pound sign (#). The following table lists the recognized options.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring SF/CPU serial port devices 107
Table 9Job aid
Option Description
asyncmap <value> Configures the async map.• value is the value you sprcify
chap_file <file> Obtains Challenge-HandshakeAuthentication Protocol (CHAP)secrets from the specified file.If either peer requires CHAPauthentication, you must specify afile name.If users must use the same IP address• the PAP and CHAP secret files
must specify the same IP addressfor all users
• the IP address must match thepeer-ip configuration on the modemport
chap_interval <value> Configures the interval for the CHAPrechallenge.• value, expressed in seconds, is
the interval that you specify.
chap_restart <value> Configures the timeout for CHAPnegotiation.• value, expressed in seconds, is
the interval that you specify.
debug Activates the PPP daemon debugmode.
default_route Adds a default route to the systemrouting table, after successful InternetProtocol Control Protocol (IPCP)negotiation.Use the peer as the gateway.After the PPP connection ends, thesystem removes the default routingtable entry.
driver_debug Activates PPP driver debug mode.
escape_chars <value> Configures the characters to escapeon transmission.• value is the number of characters
you specify.
ipcp_accept_local Accepts the remote peer target localIP address as the target local IPaddress, whether the local IP addressis specified or not.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
108 Boot parameter configuration using the NNCLI
Table 9Job aid (cont’d.)
Option Description
ipcp_accept_remote Accepts the remote peer IP address,whether the remote IP address isspecified or not.
ipcp_max_configure <value> Configures the maximum number oftransmissions for IPCP configurationrequests.• value is the number you specify
ipcp_max_failure <value> Configures the maximum numberof IPCP configuration negativeacknowledgements (NAK).• value is the number you specify
ipcp_max_terminate <value> Configures the maximum number oftransmissions for IPCP terminationrequests.• value is the number you specify
ipcp_restart <value> Configures the timeout interval forIPCP negotiation.• value is the interval, in seconds,
that you specify
lcp_echo_failure <value> Configures the maximum consecutiveLink Control Protocol (LCP) echofailures.• value is the number that you
specify
lcp_echo_interval <value> Configures the interval between LCPecho requests.• value is the interval, in seconds,
that you specify.
lcp_max_configure <value> Configures the maximum number oftransmissions for LCP configurationrequests.• value is a number that you specify
lcp_max_failure <value> Configures the maximum number ofLCP configuration NAKs• value is a number that you specify
lcp_max_terminate <value> Configures the maximum number oftransmissions for LCP terminationrequests• value is a number that you specify
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring SF/CPU serial port devices 109
Table 9Job aid (cont’d.)
Option Description
lcp_restart <value> Configures the timeout for the LCPnegotiation.• value is the interval, in seconds,
that you specify
local_auth_name <name> Configures the local name forauthentication.• name is the name that you specify
login Uses the logon password databasefor Password Authentication Protocol(PAP) peer authentication.
max_challenge <value> Configures the maximum number oftransmissions for CHAP challengerequests• value is the number you specify
mru <value> Configures the maximum receive unit(MRU) size for negotiation.• value is the MRU size for
negotiation that you specify
mtu <value> Configures the maximum transmissionunit (MTU) size for negotiation.• value is the MTU size for
negotiation that you specify
netmask <value> Configures the netmask value fornegotiation.• value is the netmask that you
specify
no_acc Disables address control compression.
no_all Does not request or allow options.
no_asyncmap Disables asynchronous mapnegotiation.
no_chap Disallows CHAP authentication withpeer.
no_ip Disables IP address negotiation inIPCP.
no_mn Disables magic number negotiation.
no_mru Disables MRU negotiation.
no_pap Disables PAP authentication with thepeer.
no_pc Disables protocol field compression.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
110 Boot parameter configuration using the NNCLI
Table 9Job aid (cont’d.)
Option Description
no_vj Disables Van Jacobson (VJ)compression.VJ compression reduces the regular40-byte TCP/IP header to 3 or 8 bytes.
no_vjccomp Disables VJ connection IDcompression.
pap_file <file> Obtains PAP secrets from thespecified file.Use this option if either peer requiresPAP authentication.If users must use the same IPaddress, you must specify the same IPaddress for all users in the PAP andCHAP secret files and the IP addressmust match the peer-ip configurationon the modem port.
pap_max_authreq <value> Configures the maximum number oftransmissions for PAP authenticationrequests.• value is the number you specify
pap_passwd <password> Configures the password for PAPauthentication with the peer.• password is the password you
specify
pap_restart <value> Configures the timeout for PAPnegotiation.• value is the interval, in seconds,
that you specify
pap_user_name <name> Configures the user name for PAPauthentication with the peer.• name is the name you specify
passive_mode Configures passive mode.PPP waits for the peer to connect afteran initial connection attempt.
proxy_arp Adds an entry to the AddressResolution Protocol (ARP) tablewith the IP address of the peer and theEthernet address of the local system.
remote_auth_name <name> Configures the remote name forauthentication.• name is the name you specify
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring the time zone 111
Table 9Job aid (cont’d.)
Option Description
require_chap Requires CHAP authentication withpeer.
require_pap Requires PAP authentication withpeer.
silent_mode Configures silent mode.PPP does not transmit LCP packets toinitiate a connection until it receives avalid LCP packet from the peer.
vj_max_slots <value> Configures the maximum number ofVJ compression header slots.• value is the number you specify
Table 10 "Sample PPP file" (page 111) shows example contents from aPPP file.
Table 10Sample PPP file
passive_mode
lcp_echo_interval 30
lcp_echo_failure 10
require_chap
require_pap
no_vj
ipcp_accept_remote
login
chap_file "my_chap"
pap_file "my_pap"
Configuring the time zoneSet the time zone to specify the time for your location and configuresettings for daylight saving.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
112 Boot parameter configuration using the NNCLI
The format for the time zone command is hours:minutes for both DaylightSavings Time (DST) offset and offset from Greenwich Mean Time (GMT);the format is minutes only in other Ethernet Routing Switch products. Theinput value is positive for the west side of GMT; it is negative in othercommercial products.
Configure the time zone by performing this procedure.
Prerequisites
• You must log on to the NNCLI Global Configuration mode.
Procedure steps
Step Action
1 Configure the time zone by using the following command:
boot config tz
2 Save the changed configuration to the boot.cfg and pcmboot.cfgfiles.
3 Restart the switch.
--End--
Variable definitionsUse the data in the following table to use the boot config tz command.
Variable Value
dst-end <Mm.n.d/hhmm|MMddhhmm>
Configures the ending date of daylight saving time. Youcan specify the time in one of the two ways:
• Mm.n.d/hhmm specifies an hour on the nthoccurrence of a weekday in a month. For example,M10.5.0/0200 means the fifth occurrence ofSunday in the tenth month (October) at 2:00 a.m.
• MMddhhmm specifies a month, day, hour, andminute. For example, 10310200 means October 31at 2:00 a.m.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring the time zone 113
Variable Value
dst-name<dstname>
Configures an abbreviated name for the local daylightsaving time zone.
• dstname is the name (for example, "pdt" is PacificDaylight Time).
To set this option to the default value, use thedefault operator with the command.
dst-offset<minutes|hh:mm>
Configures the daylight saving adjustment in minutes orhours:minutes. The values range from -4:0 to 4:0 forhours:minutes and from -240 to 240 for minutes.
The default, in minutes, is 60.
To set this option to the default value, use thedefault operator with the command.
dst-start <Mm.n.d/hhmm|MMddhhmm>
Configures the starting date of daylight saving time.
• Mm.n.d/hhmm specifies an hour on the nthoccurrence of a weekday in a month. For example,M10.5.0/0200 means the fifth occurrence ofSunday in the tenth month (October) at 2:00 a.m.
• MMddhhmm specifies a month, day, hour, andminute. For example, 10310200 means October 31at 2:00 a.m.
name <tz> Configures an abbreviated name for the local time zonename.
• tz is the name (for example "pst" is PacificStandard Time).
To set this option to the default value, use thedefault operator with the command.
offset-from-utc<minutes|hh:mm>
Configures the time zone offset in minutes orhours:minutes to subtract from Universal CoordinatedTime (UTC), where positive numbers mean westof Greenwich and negative numbers mean east ofGreenwich.The values range from -14:0 to 14:0 for hours:minutesand from -840 to 840 for minutes.The default value is 0.To set this option to the default value, use thedefault operator with the command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
114 Boot parameter configuration using the NNCLI
Displaying the boot monitor configurationDisplay the configuration to view current or changed settings for the bootmonitor and boot monitor by performing this procedure.
CAUTIONRisk of system failureDo not edit the boot.cfg file manually because the switch readsthis file during the boot process. Errors generated while editingthe file can render the switch inoperable.
Prerequisites
• You must log on to the NNCLI Privileged EXEC mode.
Procedure steps
Step Action
1 View the configuration by using the following command:
show boot config
--End--
Variable definitionsUse the data in the following table to use the show boot configcommand.
Variable Value
bootp Specifies the bootp configuration.
choice Specifies the current boot configuration choices.
cli Specifies the current cli configuration.
flags Specifies the current flag settings.
general Specifies system information.
host Specifies the current host configuration.
master Specifies the current SF/CPU slot set as master andthe settings for the delay and multicast command.
mezz-image Specifies the mezzanine image.
net Specifies the current configuration of the SF/CPUnetwork ports.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Displaying the boot monitor configuration 115
Variable Value
running-config[verbose]
Specifies the current boot configuration.
• verbose includes all possible information.
If you omit verbose, the system displays only thevalues that you changed from their default settings.
sio Specifies the current configuration of the SF/CPU serialports.
tz Specifies the current configuration of the switch timezone.
wlan Specifies wireless LAN information.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
116 Boot parameter configuration using the NNCLI
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
117.
Run-time process management usingthe CLI
Configure and manage the run-time process using the run-time commandline interface (CLI). Access the run-time CLI after the boot process iscomplete by entering your username and password at the logon prompt.
Run-time process management navigation• “Job aid” (page 117)
• “Configuring the date” (page 121)
• “Configuring the run-time CLI” (page 122)
• “Configuring the CLI logon banner” (page 124)
• “Configuring the message-of-the-day” (page 125)
• “Configuring command logging” (page 125)
• “Configuring individual system-level switch parameters” (page 126)
• “Synchronizing the real-time and system clocks” (page 131)
• “Creating a virtual management port” (page 132)
• “Configuring system message control” (page 133)
• “Forcing message control for system message control” (page 134)
• “Enabling the administrative status of a module” (page 135)
Job aidThe following table lists the commands, with their parameters, that you useto complete the procedures in this section.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
118 Run-time process management using the CLI
Table 11Job aid
Command Parameter
info
defaultlogin <true|false>
defaultpassword <true|false>
loginprompt <string>
more <true|false>
passwordprompt <string>
prompt <prompt>
rlogin-sessions <nsessions>
screenlines <nlines>
telnet-sessions <nsessions>
config cli
timeout <seconds>
info
add <string>
defaultbanner <true|false>
config cli banner
delete
enable <true|false>
info
config cli clilog
maxfilesize <integer>
info
duration <integer>
config cli monitor
interval <integer>
info
add <string>
displaymotd <true|false>
config cli motd
delete
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Job aid 119
Command Parameter
info
access-level <access-level> <enable|disable>
aging <days>
min-password-len <integer>
default-lockout-time <secs>
lockout-time <HostAddress> <secs>
l1<username> [<password>]
l2 <username> [<password>]
l3 <username> [<password>]
l4oper <username>
l4admin <username>
oper <username>
ro<username> [<password>]
rw<username> [<password>]
rwa<username> [<password>]
slbadmin <username>
slboper <username>
ssladmin <username>
config cli password
password-history <number>
config slot
<slot>
infostate <enable|disable|reset>
info
auto-port-down
<enable|disable>
frequency
<frequency>
interval
<interval>
config sys link-flap-detect
send-trap
<enable|disable>
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
120 Run-time process management using the CLI
Command Parameter
info
cpuswitchover
resetconsole
resetcounters
config sys set action
resetmodem
clipld-topology-ip <id>
clock-sync-time
<minutes>
contact
<contact>
ecn-compatibility
<enable|disable>
force-topology-ip-flag <true|false>
global-filter
<enable|disable>
info
location
<location>
max-vlan-resource-reservation<enable|disable>
mgmt-virtual-ip
<ipaddr/mask>
mgmt-virtual-ipv6
<ipv6addr|prefix-len>
mroute-stream-limit
<enable|disable>
mtu
<bytes>
multicast-resource reservaton <value>
name
<prompt>
portlock <on|off>
sendAuthenticationTrap
<true|false>
smlt-on-single-cp
config sys set
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring the date 121
Command Parameter
<enable|disable>[timer <value>]
topology
<on|off>
udp-checksum
<enable|disable>
udpsrc-by-vip
<enable|disable>
vlan-bysrcmac
<enable|disable>
wsm-direct-mode
<enable|disable>
config sys set clock-sync-time<minutes>
config sys set mgmt-virtual-ip<ipaddr/mask>
info
action
<suppress-msg | send-trap|both>
control-interval
<minutes>
disable
enable
config sys set msg-control
max-msg-num
<number>
info
add <string>
config sys set msg-controlforce-msg
del
<string>
Configuring the dateConfigure the calendar time in the form of month, day, year, hour, minute,and second by performing this procedure.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
122 Run-time process management using the CLI
Prerequisites
• You must log on as rwa to use this command.
Procedure steps
Step Action
1 Configure the date by using the following command:
config setdate <MMddyyyyhhmmss>
--End--
Configuring the run-time CLIConfigure the run-time CLI to define generic configuration settings for CLIsessions by performing this procedure.
Procedure steps
Step Action
1 Configure the run-time CLI options by using the followingcommand:
config cli
--End--
Variable definitionsUse the data in the following table to use the config cli command.
Variable Value
defaultlogin <true|false> Activates or disables use of the defaultlogon string.
• false disables the default logonbanner and displays the new banner.
defaultpassword <true|false>
Activates or disables use of the defaultpassword string.
info Specifies the current CLI parametersettings.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring the run-time CLI 123
Variable Value
loginprompt <string> Changes the CLI logon prompt.
• string is an American Standard Codefor Information Interchange (ASCII)string from 1–1513 characters.
more <true|false> Configures scrolling for the output display.The default value is true.
• true configures output displayscrolling to one page at a time.
• false configures the output display tocontinuous scrolling.
passwordprompt <string> Changes the CLI password prompt.
• string is an ASCII string from 1–1510characters.
prompt <prompt> Configures the root level prompt andsysName to a defined string.
• prompt is a string from 0–255characters.
rlogin-sessions <nsessions>
Configures the allowable number ofinbound remote CLI logon sessions.The default value is 8.
• nsessions is the number of sessionsfrom 0–8.
screenlines <nlines> Configures the number of lines in theoutput display.The default value is 23.
• nlines is the number of lines from8–64.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
124 Run-time process management using the CLI
Variable Value
telnet-sessions <nsessions>
Configures the allowable number ofinbound Telnet sessions.The default value is 8.
• nsessions is the number of sessionsfrom 0–8.
timeout <seconds> Configures the idle timeout period beforethe system terminates CLI sessions.The default value is 0.
• seconds is the timeout period, inseconds, from 30–65535.
Configuring the CLI logon bannerConfigure the CLI logon banner to display a warning message to usersbefore authentication by performing this procedure.
Procedure steps
Step Action
1 Configure the CLI banner by using the following command:
config cli banner add <string>
--End--
Variable definitionsUse the data in the following table to use the config cli bannercommand.
Variable Value
add <string> Adds lines of text to the CLI logon banner.
• string is an ASCII string from 1–80characters.
defaultbanner <true|false> Activates or disables using the default CLIlogon banner.
delete Deletes an existing customized logonbanner.
info Specifies the text added to the logonbanner using the config cli addcommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring command logging 125
Configuring the message-of-the-dayConfigure a system login message-of-the-day in the form of a text bannerthat is displayed upon each successful logon by performing this procedure.
Procedure steps
Step Action
1 Configure the message-of-the-day by using the followingcommand:
config cli motd add <string>
--End--
Variable definitionsUse the data in the following table to use the config cli motdcommand.
Variable Value
add <string> Creates a message of the day to displaywith the logon banner.
• string is an ASCII string from 1–1516characters.
delete Deletes the message of the day.
displaymotd <true|false> Specifies (true) or does not display(false) the message of the day.
info Specifies information about the messageof the day.
Configuring command loggingConfigure logging of CLI commands to the file clilog.txt on the PersonalComputer Memory Card International Association (PCMCIA). You canenable command logging to keep track of the commands a user entersduring a login session.
Configure logging of CLI commands by performing this procedure.
Procedure steps
Step Action
1 Configure CLI logging by using the following command:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
126 Run-time process management using the CLI
config cli clilog enable {true|false} [maxfilesize<integer>]
--End--
Variable definitionsUse the data in the following table to use the config cli clilogcommand.
Variable Value
enable {true|false} Enables or disables logging of CLIcommands.
• true—activates logging of CLIcommands
• false—disables CLI logging
maxfilesize <integer> Specifies the maximum size of the clilog.txtfile, in kilobytes (KB), in a range from64–256000.The default value is 256 KB.
Configuring individual system-level switch parametersConfigure individual system-level switch parameters to configure globaloptions for the Ethernet Routing Switch 8600 by performing this procedure.
Procedure steps
Step Action
1 Configure system-level switch parameters by using the followingcommand:
config sys set
--End--
Variable definitionsUse the data in the following table to use the config sys set command.
Variable Value
clipld-topology-ip <id> Set the topology IP address from theavailable CLIP.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring individual system-level switch parameters 127
Variable Value
clock-sync-time <minutes> Configures the RTC-to-system clocksynchronization time.
• minutes is 15–3600 minutes.
The default value is 60.
contact <contact> Configures the contact information for theswitch.
• contact is an ASCII string from0–255 characters (for example a phoneextension or email address).
The default e-mail address ishttp://support.nortel.com/.
ecn-compatibility<enable|disable>
Activates or disables explicit congestionnotification, as defined in ExperimentalRequest For Comments (RFC) 2780.This feature is not currently supported onthe Ethernet Routing Switch 8600.The default value is enable.
force-topology-ip-flag<flue|false>
Sets the flag to force the topology IPchoice.
global-filter <enable|disable>
Activates or disables global filtering on theswitch.After you activate this command, youmust disable source MAC VLANs—usethe config sys set vlan-bysrcmacdisable command because youcannot enable global filtering and sourceMAC-based VLANs at the same time.
This command is available only on theEthernet Routing Switch 8600 E and Mmodules.
The default value is enable.
info Specifies current system settings.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
128 Run-time process management using the CLI
Variable Value
location <location> Configures the location information for theswitch.
• location is an ASCII string from0–255 characters.
The default location is 4655, GreatAmerica Parkway, Santa Clara, CA 95054.
max-vlan-resource-reservation <enable|disable>
Activates or disables the max-vlan feature.The default is false (disabled).
mroute-stream-limit<enable|disable>
Activates or disables multicast streamlimiting.The default value is disable.
mgmt-virtual-ip <ipaddr/mask>
Configures the virtual management port.
• ipaddr|mask is the IP address andmask of the virtual management port.
The default value is 0.0.0.0/0.0.0.0.
mgmt-virtual-ipv6<ipv6addr|prefix-len>
Configures the management of virtualIPv6.
• ipv6addr is the IPv6 address in thehexadecimal format.
• prefix-len is the prefix length with astring length from 0–46.
The default value is 0:0:0:0:0:0:0:0/0
mtu <bytes> Activates Jumbo frame support for thedata path.
• bytes is the Ethernet frame size,either 1522, 1950 (default), or 9600bytes.Settings of 1950 or 9600 activateJumbo frame support.Jumbo frame support is activated bydefault.
name <prompt> Configures the root level prompt name forthe switch.
• prompt is an ASCII string from 0–255characters (for example, LabSC7 orCloset4).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring individual system-level switch parameters 129
Variable Value
portlock <on|off> Turns port locking on or off.To specify the ports to be locked, usethe config ethernet <ports> lockcommand.The default value is off.
sendAuthenticationTrap<true|false>
Configures whether to send authenticationfailure traps.The default value is false.
smlt-on-single-cp<enable|disable> [timer<value> ]
Activates or disables SMLT on the singleCP.
Optional parameter:
timer value is the timer value for SMLTon the single CP feature timer.Valid options are 1–3.This mode is applicable only on E andM modules. R and RS modules supportSMLT-on-single-CP configurations bydefault.
The default value is set to disable and thetimer value default is 3.
topology <on|off> Turns the topology feature on or off.The topology feature generates topologypackets used by Enterprise NetworkManagement System (ENMS).If you disable this feature, the system doesnot generate the topology table.The default is on.
udp-checksum <enable|disable>
Activates or disables the UDP checksumcalculation.The default value is enable.
udpsrc-by-vip <enable|disable>
Activates or disables virtual IP as the UDPsource.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
130 Run-time process management using the CLI
Variable Value
vlan-bysrcmac <enable|disable>
Activates or disables source MAC VLANconfiguration on the switch.The default is disable.If you enable this command, you mustdisable the global filter command (configsys set global-filter disable)because you cannot enable global filteringand source MAC-based VLANs at thesame time.
wsm-direct-mode <enable|disable>
Activates or disables configuration of thesame community string on the EthernetRouting Switch 8600 and the WebSwitching Module (WSM) for a directSNMP connection to the WSM.The default configuration is disable.
Example of configuring system-level switch parameters
Step Action
1 Configure the contact parameter:
ERS-8606:5# config sys setERS-8606:5/config/sys/set# contact cbfw
2 Configure the location parameter:
ERS-8606:5/config/sys/set# location Marketing
3 Configure the authentication trap parameter:
ERS-8606:5/config/sys/set# sendAuthenticationTrap true
4 View the current system-level switch parameters:
ERS-8606:5/config/sys/set# infoSub-Context: action flags msg-controlrecord-reservation snmp sshCurrent Context:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Synchronizing the real-time and system clocks 131
mgmt-virtual-ip : 0.0.0.0/0.0.0.0mgmt-virtual-ipv6 : 0:0:0:0:0:0:0:0/0udp-checksum : enableudp-source : disableclock-sync-time : 60mroute-stream-limit : disablecontact : cbfwlocation : Marketingname : ERS-8606portlock : offsendAuthenticationTrap : falsetopology : onglobalFilter : enablevlanBySrcMac : disableecn-compatibility : enablewsm-direct-mode : disablesmmlt-on-single-cp : disable timer 3max-vlan-resource-reservation : (disable) -> (disable)multicast-resource-reservation : (2000) -> (2000)System MTU : 1950ERS-8606:5/config/sys/set#
--End--
Synchronizing the real-time and system clocksConfigure the regular interval to synchronize the real-time and systemclocks. The switch generates log messages if the drift between thereal-time clock and the system clock is more than 5 seconds.
Synchronize the real-time and system clocks by performing this procedure.
Procedure steps
Step Action
1 Configure the synchronization interval by using the followingcommand:
config sys set clock-sync-time <minutes>
--End--
Variable definitionsUse the data in the following table to use the config sys setclock-sync-time command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
132 Run-time process management using the CLI
Variable Value
minutes Specifies the number of minutesbetween synchronization in a rangefrom 15–3600 minutes.The default value is 60 minutes.
Creating a virtual management portCreate a virtual management port in addition to the physical managementports on the switch management modules.
After you assign an IP address to the virtual management port, the IPaddress provides access to both switch management modules. Themaster management module replies to all management requests sentto the virtual IP address, as well as to requests sent to its managementport IP address. If the master management module fails and the standbymanagement module takes over, the virtual management port IP addresscontinues to provide management access to the switch.
ATTENTIONThis feature is not supported in a switch with mixed Ethernet Routing Switch8600 8190SM modules and 8691 SF/CPU modules.
Create a virtual management port by performing this procedure.
Procedure steps
Step Action
1 Create a virtual management port by using the followingcommand:
config sys set mgmt-virtual-ip <ipaddr|mask>
--End--
Example of creating a virtual management port
Step Action
1 Create a virtual management port:
ERS-8606:5# config sys set mgmt-virtual-ip47.140.54.40/255.255.255.0Physical and Virtual IP must be in the same subnet
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring system message control 133
Configuring system message controlConfigure system message control to enable or disable system messagingand define configuration settings by performing this procedure.
Procedure steps
Step Action
1 Configure system message control action by using the followingcommand:
config sys set msg-control action <suppress-msg|send-trap|both>
2 Configure the maximum number of messages by using thefollowing command:
config sys set msg-control max-msg-num
3 Configure the interval by using the following command:
config sys set msg-control control-interval <minutes>
--End--
Variable definitionsUse the data in the following table to use the config sys setmsg-control command.
Variable Value
action <suppress-msg|send-trap|both>
Configures the message controlaction.
control-interval <minutes> Configures the message controlinterval in minutes.• minutes is a number from
1–30
disable Disables system message control.
enable Activates system message control.• enable suppresses duplicate
error messages
info Specifies the configuration ofsystem message control.
max-msg-num <number> Configures the number ofoccurrences of a message afterwhich the control action occurs.• number is a value from 2–500
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
134 Run-time process management using the CLI
Forcing message control for system message controlUse the force message control option to extend the message controlfeature functionality to the software and hardware log messages.
To enable the message control feature, you must specify an action, controlinterval, and maximum message number. After enabling the feature, thelog messages, which get repeated and cross the maximum messagenumber in the control interval, trigger the force message feature. You caneither suppress the message or send a trap notification, or both.
Use the force message control for system message control by performingthis procedure.
Procedure steps
Step Action
1 Configure the force message control option by using thefollowing command:
config sys set msg-control force-msg add <string>
--End--
Variable definitionsUse the data in the following table to use the config sys setmsg-control force-msg command.
Variable Value
add <string> Adds a forced message control pattern
• string is a string of 4 characters.
You can add a four-byte pattern into the force-msgtable. The software and the hardware log messagesthat use the first four bytes that match one of thepatterns in the force-msg table undergo the configuredmessage control action.
You can specify up to 32 patterns in the force-msgtable. The force-msg table can include a wild-cardpattern (****). If you specify the wild-card pattern, allmessages undergo message control.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Enabling the administrative status of a module 135
Variable Value
del <string> Deletes a forced message control pattern
• string is a string of 4 characters.
info Specifies the current configuration.
Enabling the administrative status of a moduleEnable or disable the administrative status of the module by performingthis procedure.
Procedure steps
Step Action
1 View the current administrative status of the module by using thefollowing command:
config slot <slots> info
2 Change the administrative status of the module by using thefollowing command:
config slot <slots> state <enable|disable>
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
136 Run-time process management using the CLI
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
137.
Run-time process management usingthe NNCLI
Configure and manage the run-time process using the Nortel Networkscommand line interface (NNCLI).
Prerequisites to run-time process management• To perform the procedures in this section, you must log on to the
Global Configuration mode in the NNCLI. For more information aboutusing NNCLI, see Nortel Ethernet Routing Switch 8600 User InterfaceFundamentals (NN46205-308).
Navigation• “Job aid” (page 137)
• “Configuring the date” (page 139)
• “Configuring the run-time environment” (page 139)
• “Configuring the NNCLI logon banner” (page 141)
• “Configuring the message-of-the-day” (page 142)
• “Configuring command logging” (page 142)
• “Configuring system-level switch parameters” (page 143)
• “Synchronizing the real-time and system clocks” (page 145)
• “Creating a virtual management port” (page 146)
• “Configuring system message control” (page 147)
• “Forcing message control for system message control” (page 148)
Job aidThe following table lists the commands and parameters that you use tocomplete the procedures in this section.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
138 Run-time process management using the NNCLI
Table 12Job aid
Command Parameter
Privileged EXEC mode
clock set <MMddyyyyhhmmss>
Global Configuration mode
custom
displaymotd
motd <string>
static
banner
string
enable
maxfilesize <integer>
clilog
word<1-80>
clock sync-time <minutes> minutes <15-3600>
auto-port-down
frequency
interval
link-flap-detect
send-trap
login-message <string> WORD <1-1513>
max-logins <nsessions> nsessions <0-8>
passwordprompt <string> WORD <1-1510>
sys ecn-compatibility
sys force-msg <string> WORD <4-4>
sys global-filter
sys mgmt-virtual-ip <ipaddr/mask>
sys mtu <bytes> bytes <1522-9600>
action <suppress-msg|send-trap|both>
control-interval <minutes>
sys msg-control
max-msg-num
sys name <string> WORD <0-255>
sys smlt-on-single-cp timer <value> value <1-3>
login-timeout <seconds>telnet-access
sessions <nsessions>
udp-checksum enable
udpsrc-by-vip
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring the run-time environment 139
Configuring the dateConfigure the calendar time in the form of month, day, year, hour, minute,and second by performing this procedure.
Prerequisites
• You must log on as rwa to use this command.
• You must log on to the Privileged EXEC mode in the NNCLI.
Procedure steps
Step Action
1 Configure the date by using the following command:
clock set <MMddyyyyhhmmss>
--End--
Configuring the run-time environmentConfigure the run-time environment to define generic configuration settingsfor NNCLI sessions by performing this procedure.
Prerequisites
• You must log on to the NNCLI Global Configuration mode.
Procedure steps
Step Action
1 Change the login prompt by using the following command:
login-message WORD <1-1513>
2 Change the password prompt by using the following command:
passwordprompt word <1-1510>
3 Configure the number of supported rlogin sessions by using thefollowing command:
max-logins <0-8>
4 Configure the number of supported Telnet sessions by using thefollowing command:
telnet-access sessions <0-8>
5 Configure the Telnet login timeout by using the followingcommand:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
140 Run-time process management using the NNCLI
telnet-access login-timeout <30-65535>
--End--
Variable definitionsUse the data in the following table to use the run-time environmentcommands.
Variable Value
login-message <string> Changes the NNCLI logon prompt.
• string is an American Standard Codefor Information Interchange (ASCII)string from 1–1513 characters.
• Use the default option before thisparameter, default loginmessage,to enable use of the default logonstring.
• Use the no operator before thisparameter, no loginmessage, todisable the default logon banner anddisplay the new banner.
passwordprompt <string> Changes the NNCLI password prompt.
• string is an ASCII string from 1–1510characters.
• Use the default option beforethis parameter, defaultpasswordprompt, to enable using thedefault password string.
• Use the no operator before thisparameter, no passwordprompt, todisable the default password string.
max-logins <nsessions> Configures the allowable number ofinbound remote NNCLI logon sessions.
The default value is 8.
• nsessions is the number of sessionsfrom 0–8.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring the NNCLI logon banner 141
Variable Value
telnet-access login-timeout <seconds>
Configures the time, in seconds, to waitfor a Telnet login before terminating theconnection.• seconds is a number from 30–65535
telnet-access sessions<nsessions>
Configures the allowable number ofinbound Telnet sessions.
The default value is 8.
• nsessions is a number from 0–8.
Configuring the NNCLI logon bannerConfigure the NNCLI logon banner to display a warning message to usersbefore authentication by performing this procedure.
Prerequisites
• You must log on to the NNCLI Global Configuration mode.
Procedure steps
Step Action
1 Configure the switch to use a custom banner or use the defaultbanner by using the following command:
banner <custom|static>
2 Create a custom banner by using the following command:
banner <string>
--End--
Variable definitionsUse the data in the following table to use the banner command.
Variable Value
string Adds lines of text to the NNCLI logonbanner.
• string is an ASCII string from 1–80characters
custom|static Activates or disables use of the defaultbanner.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
142 Run-time process management using the NNCLI
Configuring the message-of-the-dayConfigure a system login message-of-the-day in the form of a text bannerthat is displayed upon each successful logon by performing this procedure.
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 Create the message-of-the-day by using the following command:
banner motd <string>
2 Enable the custom message-of-the-day by using the followingcommand:
banner displaymotd
--End--
Variable definitionsUse the data in the following table to use the banner command.
Variable Value
<string> Creates a message of the day to displaywith the logon banner.To provide a string with spaces, includethe text in quotation marks (").To set this option to the default value, usethe default operator with the command.
• string is an ASCII string from 1–1516characters
displaymotd Specifies the message of the day.To set this option to the default value, usethe default operator with the command.
Configuring command loggingConfigure logging of NNCLI commands to the file clilog.txt on the PersonalComputer Memory Card International Association (PCMCIA). You canenable command logging to keep track of the commands a user entersduring a login session.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring system-level switch parameters 143
Configure logging of CLI commands by performing this procedure.
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 Configure NNCLI logging by using the following command:
clilog enable [maxfilesize <integer>]
--End--
Variable definitionsUse the data in the following table to use the clilog command.
Variable Value
enable Activates NNCLI logging to the file clilog.txton the PCMCIA,To disable NNCLI logging, use the no formof the command, no clilog enable.
maxfilesize <integer> Specify the maximum size of the fileclilog.txt in a range from 64–256000.The file size is expressed in kilobytes (KB).The default value is 256.
Configuring system-level switch parametersConfigure individual system-level switch parameters to configure globaloptions for the Ethernet Routing Switch 8600 by performing this procedure.
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 Change the system name by using the following command:
sys name <string>
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
144 Run-time process management using the NNCLI
2 Enable explicit congestion notification by using the followingcommand:
sys ecn-compatibility
3 Enable global filtering by using the following command:
sys global-filter
4 Enable support for Jumbo frames by using the followingcommand: (where <bytes> is either 1950 or 9600)
sys mtu <bytes>
5 Enable SMLT on the single CP by using the following command:
sys smlt-on-single-cp [timer <value>]
6 Enable the UDP checksum calculation by using the followingcommand:
udp-checksum enable
7 Enable virtual IP as the UDP source by using the followingcommand:
udpsrc-by-vip
--End--
Variable definitionsUse the data in the following table to use system-level commands.
Variable Value
ecn-compatibility Activates explicit congestion notification,as defined in Experimental Request ForComments (RFC) 2780.This feature is not currently supported onthe Ethernet Routing Switch 8600.
sys global-filter Activates global filtering on the switch.If you activate global filtering, you mustdisable source MAC VLANs because youcannot enable global filtering and sourceMAC-based VLANs at the same time.
Global filtering is available only on theEthernet Routing Switch 8600 E and Mmodules.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Synchronizing the real-time and system clocks 145
Variable Value
mtu <bytes> Activates Jumbo frame support for thedata path.
• bytes is the Ethernet frame size,either 1522, 1950 (default), or 9600bytes.Settings of 1950 or 9600 bytes activateJumbo frame support.Jumbo frame support is activated bydefault.
name <string> Configures the system, or root level,prompt name for the switch.
• string is an ASCII string from 0–255characters (for example, LabSC7 orCloset4).
smlt-on-single-cp timer<value>
Activates SMLT on the single CP.
Optional parameter:
timer value is the timer value for SMLTon the single CP feature timer in a rangefrom 1–3.SMLT on the single CP timer applies onlyto E and M modules.R and RS modules support SMLT-on-single-CP configurations by default.
Synchronizing the real-time and system clocksConfigure the regular interval to synchronize the real-time and systemclocks. The switch generates log messages if the drift between thereal-time clock and the system clock is more than 5 seconds.
Synchronize the real-time and system clocks by performing this procedure.
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 Configure the synchronization interval by using the followingcommand:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
146 Run-time process management using the NNCLI
clock sync-time <minutes>
--End--
Variable definitionsUse the data in the following table to use theclock sync-timecommand.
Variable Value
<minutes> Specifies the number of minutesbetween synchronization in a rangefrom 15–3600.The default value is 60.To set this option to the default value,use the default operator with thecommand.
Creating a virtual management portCreate a virtual management port in addition to the physical managementports on the switch management modules.
After you assign an IP address to the virtual management port, the IPaddress provides access to both switch management modules. Themaster management module replies to all management requests sentto the virtual IP address, as well as to requests sent to its managementport IP address. If the master management module fails and the standbymanagement module takes over, the virtual management port IP addresscontinues to provide management access to the switch.
Create a virtual management port by performing this procedure.
ATTENTIONThis feature is not supported in a switch with mixed Ethernet Routing Switch8600 8190SM modules and 8691 SF/CPU modules.
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 Create a virtual management port by using the followingcommand:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring system message control 147
sys mgmt-virtual-ip <ipaddr/mask>
--End--
Example of creating a virtual management port
Step Action
1 Create a virtual management port:
ERS-8606:5(config)# sys mgmt-virtual-ip47.140.54.40/255.255.255.0Physical and Virtual IP must be in the same subnet
--End--
Configuring system message controlConfigure system message control to enable or disable system messagingand define configuration settings by performing this procedure.
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 Configure system message control action by using the followingcommand:
sys msg-control action <suppress-msg|send-trap|both>
2 Configure the maximum number of messages by using thefollowing command:
sys msg-control max-msg-num <number>
3 Configure the interval by using the following command:
sys msg-control control-interval <minutes>
--End--
Variable definitionsUse the data in the following table to use the sys msg-controlcommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
148 Run-time process management using the NNCLI
Variable Value
action <suppress-msg|send-trap|both>
Configures the message controlaction.The default value is supress-msg.To set this option to the defaultvalue, use the default operatorwith the command.
control-interval <minutes> Configures the message controlinterval, in minutes.The default value is 5.
• minutes is a value from 1–30
To set this option to the defaultvalue, use the default operatorwith the command.
max-msg-num <number> Configures the number ofoccurrences of a message afterwhich the control action occurs.The default value is 5.
• number is a value from 2–500
To set this option to the defaultvalue, use the default operatorwith the command.
Forcing message control for system message controlUse the force message control option to extend the message controlfeature functionality to the software and hardware log messages.
To enable the message control feature, you must specify an action, controlinterval, and maximum message number. After enabling the feature, thelog messages, which get repeated and cross the maximum messagenumber in the control interval, trigger the force message feature. You caneither suppress the message or send a trap notification, or both.
Use the force message control for system message control by performingthis procedure.
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Forcing message control for system message control 149
Procedure steps
Step Action
1 Configure the force message control option by using thefollowing command:
sys force-msg <string>
--End--
Variable definitionsUse the data in the following table to use the sys force-msg command.
Variable Value
<string> Adds a forced message control pattern
• string is a string of 4 characters.
You can add a four-byte pattern into the force-msgtable.The software and the hardware log messages that usethe first four bytes that match one of the patterns inthe force-msg table undergo the configured messagecontrol action.
You can specify up to 32 different patterns in theforce-msg table including a wild-card pattern (****) .If you specify the wild-card pattern, all messagesundergo message control.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
150 Run-time process management using the NNCLI
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
151.
Chassis operations fundamentalsThis section provides conceptual information for chassis operations suchas operating modes, module types, hardware and software compatibility,and power management. Read this section before configuring the chassisoperations.
Navigation• “Operating modes” (page 151)
• “Module types” (page 157)
• “Hardware and software compatibility” (page 160)
• “Power management” (page 167)
• “Software lock-up detection” (page 168)
• “Loop prevention and CP limit” (page 168)
• “Switch reliability” (page 173)
• “Jumbo frames” (page 174)
Operating modesThe Nortel Ethernet Routing Switch 8600 uses hardware records (or tableentries) to store Address Resolution Protocol (ARP) entries. In addition,hardware records are used to store information pertaining to MACs,multicast, VLANs, IP routes, IP filters, and IPX entries. Each hardwarerecord type, such as ARP or MAC, has a defined minimum number ofreserved records.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
152 Chassis operations fundamentals
The Ethernet Routing Switch 8600 interface modules can run in differentoperating modes that define the level of support for hardware records. TheEthernet Routing Switch 8600 has the following operating modes:
• Default mode supports up to 32 000 hardware records. This modesupports all modules. The default mode supports 21 000 AddressRouting Protocol (ARP) entries.
• M mode supports up to 128 000 hardware records. This modesupports M, R, and RS modules. M mode supports 32 000 ARPentries.
• R mode supports up to:
— 256 000 IP routes
— 64 000 MAC entries
— 32 000 ARP entries
This mode supports only R and RS modules.
The switch can additionally operate in the following modes:
• Enhanced operational mode increases the maximum number ofVLANs. This mode supports E and M modules. Enhanced operationalmode supports 21 000 ARP entries.
For best operation, set the flag for the enhanced operational mode todisabled (false) in any chassis that has R-modules present.
• VLAN optimization mode supports E and M modules, except the8648TXE module. VLAN optimization mode is not applicable to R andRS modules.
Table 13Operation mode and module type interoperability
Module types
Chassisconfiguration
Operationmodes
RS R M E
a= activated; d = disabled
Default mode - - - a
M mode - - a a
same typemodulechassis
R mode a a - -
Default mode a a a a
M mode a a a d
mixed typemodulechassis
R mode a a d d
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Operating modes 153
SF/CPU High Availability modeCPU High Availability (HA) mode enables switches with two CPUs torecover quickly from a failure of the master SF/CPU. HA and non-HAmode characteristics are as follows:
• In HA mode, also called “hot standby,” the two CPUs are synchronized.This means the CPUs have the same configuration and forwardingtables, with the master automatically updating the forwarding tablesof the secondary in real time. When the master SF/CPU fails, thesecondary takes over "master" responsibility very quickly, therebyminimizing traffic interruption for the failure condition.
• In non-HA mode, also called “warm standby,” the two CPUs are notsynchronized. In this mode, when the master fails, the secondarySF/CPU must boot before taking "master" responsibility, and then mustalso re-learn the forwarding table information. This operation causesan interruption to traffic.
SF/CPU failure has no effect on the SF portion of the SF/CPU module.The switchover of traffic to the single functioning SF is always sub-second.The preceding list of characteristics refers to failures and their effect onthe CPU portion of the SF/CPU module, as this is a dual-purpose module.Failures to the secondary or standby SF/CPU have no effect on CPUoperation within the system while the primary SF/CPU is operational.
The following table identifies which features support HA mode.
Table 14Feature support for HA in specified software release versions
Release/Feature
3.5.0 3.7.0 4.0.0 4.1.0 5.0 5.1
Modules Classic Classic Classicand R
Classicand R
Classic, R,and RS
Classic, R, and RS
Platform Yes Yes Yes Yes Yes Yes
Layer 2 Yes Yes Yes(3.5based)
Yes Yes Yes
Layer 3 Yes(Static/ARP)
Yes (3.5+ RIP,OSPF,VRRP,Filters,RoutePolicies)No BGP
No, 3.5based
Yes (3.7.0 +, ACE/ACLs)No BGP
Yes as in4.1.0 andBGP
Yes
BGP, BFD
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
154 Chassis operations fundamentals
Table 14Feature support for HA in specified software release versions (cont’d.)
Release/Feature
3.5.0 3.7.0 4.0.0 4.1.0 5.0 5.1
Multicast No No No No Yes,DVMRPand PIMNo PGM
Yes
DVMRP, PIM,MSDP, Multicastvirtualization ofIGMP,and PIM-SM/SSM
IPv6 NA NA NA Yes,Restart
Yes, Restart
Yes
Security Yes Yes Yes(3.5based)
Yes Yes Yes
TACACS+
ATM, POS,WSM,SAM, SDMModules
No No No No No No
HA synchronization also applies to various configuration and softwareparameters, and may also be dependent on software release. Thefollowing table shows which features are supported in Release 3.5 andlater.
Table 15Release 3.5 and later synchronization capabilities in HA mode
Synchroniza-tion of:
3.5 3.7 4.0 (HALayer 2 isnotsupported)
4.1 5.0 5.1
Layer 1
Portconfigurationparameters
Yes Yes Yes Yes Yes Yes
Layer 2
VLANparameters
Yes Yes Yes Yes Yes Yes
STPparameters
Yes Yes Yes Yes Yes Yes
RSTP/MSTPparameters
N/A N/A N/A Yes Yes Yes
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Operating modes 155
Synchroniza-tion of:
3.5 3.7 4.0 (HALayer 2 isnotsupported)
4.1 5.0 5.1
SMLTparameters
Yes Yes Yes Yes Yes Yes
QoSparameters
Yes Yes Yes Yes Yes Yes
Layer 3
Virtual IP(VLANs)
Yes Yes Yes Yes Yes Yes
ARP entries Yes Yes Yes Yes Yes Yes
Static anddefault routes
Yes Yes Yes Yes Yes Yes
VRRP No Yes No Yes Yes Yes
RIP No Yes No Yes Yes Yes
OSPF No Yes No Yes Yes Yes
Layer 3 Filters/ACE/ACLs
No Yes No Yes Yes Yes
BGP No No No No Yes Yes
DVMRP No No No No Yes Yes
PIM-SM/SSM No No No No NoNote 1
Yes
Note 2
MSDP No No No No No Yes
Multicast No No No No No Yes
BFD No No No No No Yes
Note 1: In Release 5.0, PIM-SM and SSM have partial HA support with GRT only, no virtualization.Note 2: In Release 5.1, PIM-SM and SSM are virtualized and have partial HA support.
HA mode support for 8691 SF/CPUsIn the following configurations, assume that SF/CPU High Availabilitymode is activated. However, you can see in some cases that HA modeis impossible because one of the SF/CPUs is offline due to a hardwareor software incompatibility.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
156 Chassis operations fundamentals
HA mode support for Dual SF/CPUIf your switch supports Dual SF/CPU modules, see Table 16 "Boot modeat startup for Dual SF/CPU configurations" (page 156) to use the SF/CPUHigh Availability mode. The boot mode is determined by the types ofSF/CPUs in the chassis and whether the SF/CPU High Availability modeis activated.
When using the command line interface (CLI) or Nortel Networkscommand line interface (NNCLI) on a dual-SF/CPU system with HA modeenabled, do not enter configuration commands on the Standby SF/CPU.Execute all configuration commands on the Master SF/CPU only.
Table 16Boot mode at startup for Dual SF/CPU configurations
If the configuration is: And SF/CPU high-availability mode is:
Then:
Two dual SF/CPU modules Activated System starts in SF/CPU HighAvailability mode.
One dual SF/CPU module andone single SF/CPU module
Activated If the single SF/CPU startsfirst, the SF/CPU restarts sothe dual SF/CPU is the masterand the single SF/CPU goesoffline. If the dual SF/CPUstarts first, the system starts inSF/CPU High Availability modeand the single SF/CPU goesoffline.
Two single SF/CPU modules Activated System does not start andstays in monitor mode.
Two dual SF/CPU modules Disabled System starts in single SF/CPUmode.
One dual SF/CPU module andone single SF/CPU module
Disabled System starts in single SF/CPUmode.
Two single SF/CPU modules Disabled System starts in single SF/CPUmode.
After you insert a module into a running chassis, the SF/CPU HighAvailability mode status determines the initialization mode of the module.
Table 17Inserting single and dual SF/CPU modules into running chassis
If you insert this module intoa running chassis:
And SF/CPU High Availabilitymode status is:
Then:
Dual SF/CPU module Activated The module is activated as abackup.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Module types 157
If you insert this module intoa running chassis:
And SF/CPU High Availabilitymode status is:
Then:
Single SF/CPU module Activated The module is not activated.A trap is sent and the systemlogs an error to the console.
Dual SF/CPU module Disabled The module is activated insingle SF/CPU mode.
Single SF/CPU module Disabled The module is activated insingle SF/CPU mode.
Module typesThe Ethernet Routing Switch 8600 modules include the following types:
• E modules replace the pre-E modules.
— E modules support egress port mirroring.
— E modules support 32 000 records and can operate only in defaultmode.
• M modules do not replace E modules. Both E and M modules areavailable and use different part numbers. The only exception is the8683POSM module, which replaced the 8683POSE.
— M modules use the same model number as the E modules, exceptthe M suffix. The exceptions to this rule are the 10 Gigabit Ethernetmodules (8661XLR and 8661XLW), the 8661 SSL AccelerationModule, and the Web Switching Module, which do not use the Msuffix, but are still M modules.
— M modules support 128 000 records and operate in M mode ordefault mode.
• R modules support greater bandwidth and routing table memory thanE, or M modules. R modules use an R suffix, which identifies them asR modules. R modules support:
— 256 000 IP routes
— 64 000 MAC entries
— 32 000 ARP entries
— Custom AutoNegotiation Advertisement (CANA)
• RS modules support extended mirroring over R modules. RS modulesuse an RS suffix, which identifies them as RS modules. RS modulessupport:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
158 Chassis operations fundamentals
— All features supported by R modules as well as new features inRelease 5.1.
— Multiple ports for each lane for both ingress and egress mirroring.
— Improved port behavior to provide for faster link state detectionthan R modules.
Table 18 "Nortel Ethernet Routing Switch 8600 modules" (page 158) liststhe supported modules.
Table 18Nortel Ethernet Routing Switch 8600 modules
E modules M modules R modules RS modules
N/A N/A N/A 8612XLRS
8608GBE(DS1404038)
8608GBM(DS1404059)
N/A
8608GTE(DS1404044)
8608GTM(DS1404061)
N/A
8608SXE(DS1404036)
N/A N/A
8616SXE(DS1404011)
N/A N/A
8624FXE(DS1404037)
N/A N/A
N/A N/A 8630GBR
8632TXE(DS1404024)
8632TXM(DS1404055)
N/A
N/A N/A N/A 8634XGRS
N/A N/A N/A 8648GBRS
N/A N/A 8648GTR 8648GTRS
8648TXE(DS1404035)
8648TXM(DS1404056)
N/A
8672ATME(DS1304008)
8672ATMM(DS1304009)
N/A
N/A 8683POSM(DS1404060)
N/A
8616GTE(DS1404034)
N/A N/A
N/A 8661XLR(DS1404053)
N/A
N/A 8661XLW(DS1404052)
N/A
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Module types 159
Table 18Nortel Ethernet Routing Switch 8600 modules (cont’d.)
E modules M modules R modules RS modules
N/A 8661 SSLAcceleration Module(DS1404070
N/A
N/A Web SwitchingModule (WSM)(DS1404045)
N/A
N/A N/A 8683XlR
R and RS module support for 8010co chassisThe 8010co chassis supports R or RS modules with a High PerformanceBackplane. Identify the High Performance Backplane by the chassisrevision number in the CLI. The CLI display of the show sys infocommand shows a revision number of 02 or higher in the hardwareconfiguration (H/W Config) field to indicate the new high performancechassis. Additionally, you can examine the hardware revision field(HwRev) to determine whether a chassis is high performance or standard,see Table 19 "Chassis revision number" (page 159).
Table 19Chassis revision number
Chassis Mode HwRev
8010 06 or greater
8006 05 or greater
8010 co chassis 05 or greater
SF/CPU warm standbyThe Ethernet Routing Switch 8600 supports up to two 8691 or 8692SF/CPU modules in slots 5 or 6 in either a 6-slot or 10-slot chassis. If youstart the switch with SF/CPU modules in slots 5 and 6, slot 5 becomesthe master SF/CPU, and slot 6 becomes the backup (warm standby) bydefault. You can change this default behavior.
8691/8692 SF/CPU modules provide two functions: SF/CPU andswitching. Switching fabrics are always active, providing load sharing forinput/output (I/O) modules. One SF/CPU remains active, while the otherSF/CPU is the backup. R modules are supported only with the 8692SF/CPU.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
160 Chassis operations fundamentals
ATTENTIONA Dual SF/CPU system configuration supports two modes of SF/CPU operation:warm standby or hot standby. Hot standby, or High Availability (HA) uses thetwo SF/CPUs as synchronizing tables – Layer 2, Layer 3, or both. HA is notactivated by default. You must enable a specific flag to enable HA.
Hardware and software compatibilityThe following tables describe the hardware and the minimum EthernetRouting Switch 8600 software version required to support the hardware.
Table 20Hardware and minimum software version
Chassis and switching fabric Minimumsoftwareversion
Partnumber
8010co chassis 10-slot chassis 3.1.2 DS1402004-E5DS1402004- E5GS
8010 chassis 10-slot chassis 3.0.0 DS1402001-E5DS1402001- E5GS
8006 chassis 6-slot chassis 3.0.0 DS1402002-E5DS1402002- E5GS
8003 chassis 3-slot chassis 3.1.2 DS1402003-E5DS1402003- E5GS
8691 SF/CPU Switching fabric 3.1.1 DS1404025
8691SF/256 8691SF/256 with 256 SDRAMinstalled
3.1.1 DS1404090
8692 SF/CPU Switching fabric 3.5.6, 3.7.3,4.0.0
DS1404065
Power Supplies
8001AC 690W AC Power Supply 3.0.0 DS1405x01
8002DC 780W DC Power Supply 3.0.0 DS1405002
8003AC 500W AC Power Supply(8003 chassis only)
3.1.2 DS1405x03
8004AC 850W AC Power Supply 3.1.2 DS1405x08
8004DC 850W DC Power Supply 3.1.2 DS1405007
8005AC 1462W AC Power Supply 4.0.0 DS1405012
8005DI 1500W dual input AC powersupply
5.0 DS1405016-E6
8005DC 1462W DC Power Supply 4.0.x DS1405011
Upgrade Kits
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Hardware and software compatibility 161
Table 20Hardware and minimum software version (cont’d.)
Chassis and switching fabric Minimumsoftwareversion
Partnumber
256MB SF/CPUupgrade kit
The 8691 SF/CPU must beupgraded to 256MB withSoftware Release 3.5, 3.7,4.0 and 4.1. This memoryupgrade is required for the3.5 and 3.7 software to runproperly. See note 1.
3.5.0 DS1404016
MAC upgrade kit Use this kit to add MediaAccess Control (MAC)addresses to your system.This kit is required for routedinterface scaling beyond 500.
3.5.0 DS1404015
Notes
1 The 8691 SF/CPU must be upgraded to 256MB with Software Release 3.5, 3.7, 4.0 and 4.1.
Table 21Hardware and minimum software version continued
8600 modules and componentsMinimumsoftwareversion
Partnumber
Security modules
8661SSL Acceleration Module (SAM)
High PerformanceSSL AccelerationModule securesWeb-based applicationsand businesscommunications. Seenote 1.
3.3.1See note 2.
DS1404070
8660 ServiceDelivery ModuleFirewall 1 (SDMFW1)
The 8660 SDM is acombination of dedicatedhardware and softwarethat addresses the needsfor security, performance,and ease of use.
3.7.6 DS1404104
8660 ServiceDelivery ModuleFirewall 2 (SDMFW2)
The 8660 SDM is acombination of dedicatedhardware and softwarethat addresses the needsfor security, performance,and ease of use.
3.7.6 DS1404081
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
162 Chassis operations fundamentals
Table 21Hardware and minimum software version continued (cont’d.)
8600 modules and componentsMinimumsoftwareversion
Partnumber
8660 ServiceDelivery ModuleFirewall 4 (SDMFW4)
The 8660 SDM is acombination of dedicatedhardware and softwarethat addresses the needsfor security, performance,and ease of use.
3.7.6 DS1404080
8660 ServiceDelivery ModuleThreat ProtectionSystem (SDMTPS4)
The 8660 SDM is acombination of dedicatedhardware and softwarethat addresses the needsfor security, performance,and ease of use.
4.1.0 DS1404082
8660 ComboService DeliveryModule Firewall 2Threat ProtectionSystem 2 (SDMFW2/TPS2)
The 8660 SDM is acombination of dedicatedhardware and softwarethat addresses the needsfor security, performance,and ease of use.
4.1.0 DS1404086
8660 ComboService DeliveryModule Firewall 1Threat ProtectionSystem 1 (SDMFW1/TPS1)
The 8660 SDM is acombination of dedicatedhardware and softwarethat addresses the needsfor security, performance,and ease of use.
4.1.0 DS1404087
8660 SDM sparedisk drive
Replacement part 3.7.6 DS1411023
8660 SDM sparePrPMC
Replacement part 3.7.6 DS1411024
Layer 4-7 module
Web SwitchingModule (WSM)
4-Port Gigabit EthernetSX or 10/100TX
3.1.3, seenote 33.2.1, seenote 43.3.0, seenote 5
DS1404045
Ethernet E modules see note 6
8608GBE module 8-port Gigabit EthernetGBIC
3.1.1 DS1404038
8608GTE module 8-port Gigabit Ethernet1000TX
3.1.1 DS1404044
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Hardware and software compatibility 163
Table 21Hardware and minimum software version continued (cont’d.)
8600 modules and componentsMinimumsoftwareversion
Partnumber
8608SXE module 8-port Gigabit EthernetSX
3.1.1 DS1404036
8616SXE module 16-port Gigabit EthernetSX
3.1.0 DS1404011
8616GTE module 16-port Gigabit EthernetTX
3.3.0 DS1404034
8624FXE module 24-port 100FX 3.1.1 DS1404037
8648TXE module 48-port 10/100 TX 3.1.1 DS1404035
8632TXE module 32-port 10/100TX (2GBICs)
3.1.2 DS1404024
Ethernet M modules see note 7
8608GBM module 8-port Gigabit EthernetGBIC
3.3.0 DS1404059
8608GTM module 8-port Gigabit Ethernet1000TX
3.3.0 DS1404061
8632TXM module 32-port 10/100TX (2GBICs)
3.3.0 DS1404055
8648TXM module 48-port 10/100 TX 3.3.0 DS1404056
Ethernet R modules see note 9
8630GBR module 30-port Gigabit EthernetSFP
4.0.0 DS1404063
8648GTR module 48-port 10/100/1000 TX 4.0.x DS1404092
8683XLR module 3-port 10Gigabit EthernetXFP (10.3125 Gb/s LANPHY)
4.0.0 DS1404101
8683XZR module 3-port 10Gigabit EthernetXFP (10.3125 Gb/s LANPHY and 9.953 Gb/sWAN PHY)
4.1.0 DS1404064
Ethernet RS modules
8612XLRS 12 port 10 GE 5.0 DS1404097
8634XGRS 2 port 10GE, 32 port100/1000
5.0 DS1404109
8648GBRS 48 port 100/1000Gb/sSFP
5.0 DS1404102
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
164 Chassis operations fundamentals
Table 21Hardware and minimum software version continued (cont’d.)
8600 modules and componentsMinimumsoftwareversion
Partnumber
8648GTRS 48 port 10 Base-T/100Base -TX/1000 Base-T
5.0 DS1404110
ATM/ATME/ATMM modules
8672ATME module ATME module. See note6.
3.1.1 DS1304008
8672ATMM module ATMM module. See note7.
3.3.0 DS1304009
ATM/ATME/ATMM module components see note 10
DS-3 MDA 2-port 75 ohm coaxial 3.3.0 DS1304002
OC-12c/STM-4MDA
1-port MMF 3.1.0, 3.1.1,3.3.0
DS1304004
OC-12c/STM-4MDA
1-port SMF 3.1.0, 3.1.1,3.3.0
DS1304005
OC-3c/STM-1 MDA 4-port MMF 3.1.0, 3.1.1,3.3.0
DS1304006
OC-3c/STM-1 MDA 4-port SMF 3.1.0, 3.1.1,3.3.0
DS1304007
POS/POSE/POSM modules
8683POSM module M module. See note 7. 3.3.0 DS1404060
POS/POSE/POSM MDAs see note 11
OC-3c/STM-1 MDA 2-port MMF 3.1.0, 3.1.1,3.3
DS1333003
OC-3c/STM-1 MDA 2-port SMF 3.1.0, 3.1.1,3.3
DS1333004
OC-12c/STM-4MDA
1-port MMF 3.1.0, 3.1.1,3.3
DS1333001
OC-12c/STM-4MDA
1-port SMF 3.1.0, 3.1.1,3.3
DS1333002
8600 compatible GBICs, SFPs and XFPs see note 12
1000BASE-SXGBIC
850 nm, shortwavelength, GigabitEthernet
3.0.0 AA1419001
1000BASE-LXGBIC
1300 nm, longwavelength, GigabitEthernet
3.0.0 AA1419002
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Hardware and software compatibility 165
Table 21Hardware and minimum software version continued (cont’d.)
8600 modules and componentsMinimumsoftwareversion
Partnumber
1000BASE-T GBIC Category 5 copperunshielded twisted pair(UTP)
3.5.0 AA1419041
1000BASE-XDGBIC
50k, SC duplex SMF,Gigabit Ethernet
3.0.0 AA1419003
1000BASE-ZXGBIC
70k, SC duplex SMF,Gigabit Ethernet
3.0.0 AA1419004
Gray CWDM GBIC Discontinued, see GrayCWDM APD GBIC
3.1.2 AA1419005
Violet CWDM GBIC Discontinued, see VioletCWDM APD GBIC
3.1.2 AA1419006
Blue CWDM GBIC Discontinued, see BlueCWDM APD GBIC
3.1.2 AA1419007
Green CWDMGBIC
Discontinued, see GreenCWDM APD GBIC
3.1.2 AA1419008
Yellow CWDMGBIC
Discontinued, see YellowCWDM APD GBIC
3.1.2 AA1419009
Orange CWDMGBIC
Discontinued, seeOrange CWDM APDGBIC
3.1.2 AA1419010
Red CWDM GBIC Discontinued, see RedCWDM APD GBIC
3.1.2 AA1419011
Brown CWDMGBIC
Discontinued, see BrownCWDM APD GBIC
3.1.2 AA1419012
Gray CWDM APDGBIC
1470nm 3.1.4 AA1419017
Violet CWDM APDGBIC
1490nm 3.1.4 AA1419018
Blue CWDM APDGBIC
1510nm 3.1.4 AA1419019
Green CWDM APDGBIC
1530nm 3.1.4 AA1419020
Yellow CWDMAPD GBIC
1550nm 3.1.4 AA1419021
Orange CWDMAPD GBIC
1570nm 3.1.4 AA1419022
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
166 Chassis operations fundamentals
Table 21Hardware and minimum software version continued (cont’d.)
8600 modules and componentsMinimumsoftwareversion
Partnumber
Red CWDM APDGBIC
1590nm 3.1.4 AA1419023
Brown CWDM APDGBIC
1610nm 3.1.4 AA1419024
1000BASE-SXSFP
850nm, Gigabit Ethernet,LC connector
4.0.0 AA1419013
1000BASE-SXSFP
850nm, Gigabit Ethernet,MT-RJ connector
4.0.0 AA1419014
1000BASE-LX SFP 1310nm, GigabitEthernet, LC connector
4.0.0 AA1419015
1000BASE-T SFP Category 5 copperunshielded twisted pair(UTP), RJ-45 connector
4.0.0 AA1419043
1000BASE-BXbidirectional SFP
1310nm, GigabitEthernet, single fiberLC fiber-optic connector
4.1.0 AA1419069
1000BASE-BXbidirectional SFP
1490nm, GigabitEthernet, single fiberLC fiber-optic connector
4.1.0 AA1419070
10GBASE-LR/LWXFP
1-port 10km, 1310nmSMF, LC connector
4.0.0 AA1403001
10GBASE-SR/SWXFP
1-port 300m, 850nmMMF, LC connector
4.0.0 AA1403005
10GBASE-ER/EWXFP
1-port 40km, 1550nmSMF, LC connector
4.0.x AA1403003
10GBASE-ZR/ZWXFP
1550nm SMF, 80km, LCconnector
4.1.0 AA1403006
Notes
1 The 8661 SAM is used in conjunction with the Web Switching Module to intelligentlyaccelerate secure business communication and confidential data by off-loading SecureSockets Layer (SSL) Processing.
2 The 8661 SAM and Web Switching Module security solution also require WebOS version10.0.27.3 or newer. Nortel Ethernet Routing Switch 8600 Software Release 3.3.1 wasspecifically designed to introduce the 8661 SAM module. Release 3.3.1 is the only 3.3.xRelease that supports the 8661 SAM module. The 8661 SAM module is supported inRelease 3.5.
3 Nortel Ethernet Routing Switch 8600 Software Release 3.1.3 is the first and only Release inthe 3.1.x software branch that supports the Web Switching Module.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Power management 167
Table 21Hardware and minimum software version continued (cont’d.)
8600 modules and componentsMinimumsoftwareversion
Partnumber
4 Nortel Ethernet Routing Switch 8600 Software Release 3.2.1 (and later) supports the WebSwitching Module.
5 Nortel Ethernet Routing Switch 8600 Software Release 3.3.0 introduced support for WebOS10.0 on the Web Switching Module.
7 M modules offer additional memory to support large routing tables such as those found inBGP implementations. The Nortel Ethernet Routing Switch 8600 Software Release 3.3introduced a new mode, called M Mode, or 128K records mode, which requires the 8691SF/CPU module. If this mode is activated, M modules can use their full capabilities (128Krecords). If this mode is disabled, the M modules work in 32K mode (case of non E and Emodules). To be effective, this mode requires that all modules installed in the same chassissupport 128K records (M modules) and that the SF/CPUs are 8691 SF/CPU. If one or moremodules installed in the chassis is a 32K records module (non M module), these modulesare disabled if the chassis is configured to operate in M Mode .
9 R modules support greater bandwidth and routing table memory than E and M modules aswell as advanced QoS and filtering.
10 ATM MDAs inserted into an 8672ATME module require Nortel Ethernet Routing Switch8600 Series Software Release 3.1.1 or higher. ATM MDAs inserted into a 8672ATMMmodule require Nortel Ethernet Routing Switch 8600 Series Software Release 3.3.0 orhigher.
11 POS MDAs inserted into an 8683POSM module require Nortel Ethernet Routing Switch8600 Series Software Release 3.3.0 or higher.
12 Nonsupported GBICs are displayed as GBIC-other.
Power managementRelease 5.1 of the Nortel Ethernet Routing Switch 8600 offers improvedpower management. Power management identifies the available power inthe chassis, called the power budget, and determines if enough power isavailable to operate the installed components.
If the power usage exceeds the power budget, the system powers off thelast module or ports to power on. If you configure slot priorities, the systempowers off the slot with the lowest priority. If a port exceeds the slot power,the system powers off the offending port. After a power over-usage occurs,the system uses an SNMP trap to send a message to the user interface.
In redundancy mode, the system compares the total chassis powerconsumed against the total chassis power available and verifies that ifone power supply fails, enough power still remains to operate the chassisand components. If, after one power supply failure, not enough power isavailable to operate the chassis and all components, the system sends an
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
168 Chassis operations fundamentals
SNMP trap to the receiver and a message to the CLI to inform you thatthe switch is no longer operating in redundant mode. By default, the trapnotification for redundancy is disabled.
Software lock-up detectionThe software lock-up detect feature monitors processes on the masterSF/CPU to limit situations where the switch stops functioning because of asoftware process issue. Monitored issues include:
• software entering a dead-lock state
• a software process entering an infinite loop
This feature monitors processes to ensure that software is functioningwithin expected time limits. After an issue that can potentially lock up themaster SF/CPU is encountered, the master ends the process and restarts.In redundant configurations, the standby SF/CPU takes over from themaster.
The SF/CPU logs details about suspended tasks in the log file. Thelog file is saved only on an installed Personal Computer Memory CardInternational Association (PCMCIA). Installation of a PCMCIA on allSF/CPU modules is a best practice. Ensure that the PCMCIA cardprovides sufficient space to write the log file. For additional informationabout this log file, see Nortel Ethernet Routing Switch 8600 LogsReference (NN46205-701).
Loop prevention and CP limitSplit MultiLink Trunking (SMLT) based network designs form physicalloops for redundancy that logically do not function as a loop. Under certainadverse conditions, incorrect configurations or cabling, loops can form.
The two solutions to detect loops are Loop Detect and Simple LoopPrevention Protocol (SLPP). Loop Detect and SLPP detect a loop andautomatically stop the loop. Both solutions determine on which port theloop is occurring and shuts down that port.
Control packet rate limit (CP Limit) controls the amount of multicastand broadcast traffic sent to the SF/CPU from a physical port. CP Limitprotects the SF/CPU from being flooded with traffic from a single, unstableport.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Loop prevention and CP limit 169
Do not use only the CP Limit for loop prevention. Nortel recommends thefollowing loop prevention and recovery features in order of preference:
• SLPP
• Extended CP Limit (Ext-CP Limit) HardDown
• Loop Detect with ARP-Detect activated, when available
Beginning with Software Release 4.1, Nortel recommends using SLPP toprotect the network against Layer 2 loops. SLPP is used to prevent loopsin an SMLT network. SLPP is focused on SMLT networks but works withother configurations. This functionality provides active protection againstnetwork loops. When you configure and enable SLPP, the switch sendsa test packet to the VLAN. A loop is detected if the switch or if a peeraggregation switch on the same VLAN receives the original packet. If aloop is detected, the switch disables the port. To enable the port requiresmanual intervention. As an alternative, you can use port auto-enable tore-enable the port after a predefined interval. In addition to using SLPPfor loop prevention, you can use the extended CP Limit softdown featureto protect the SF/CPU against DOS attacks where required. The extendedCP Limit harddown option should be used only as a loop preventionmechanism in Software Release 3.7.x.
The Loop Detection feature is used at the edge of a network to preventloops. It detects whether the same MAC address appears on differentports. This feature can disable a VLAN or a port. The Loop Detectionfeature can also disable a group of ports if it detects the same MACaddress on two different ports five times in a configurable amount of time.
On a individual port basis, the Loop Detection feature detects MACaddresses that are looping from one port to other ports. After a loop isdetected, the port on which the MAC addresses were learned is disabled.Additionally, if a MAC address is found to loop, the MAC address isdisabled for that VLAN.
The ARP-Detect feature is an enhancement over Loop Detect to accountfor ARP packets on IP configured interfaces. For network loops involvingARP frames on routed interfaces, Loop-Detect does not detect the networkloop condition due to how ARP frames are copied to the SF/CPU . UseARP-Detect on Layer 3 interfaces. The ARP-Detect feature supports onlythe vlan-block and port-down options.
For more information about designing your network with CP Limit andSLPP, see Nortel Ethernet Routing Switch 8600 Planning and Engineering— Network Design (NN46205-200). For more information about loopdetection, see Nortel Ethernet Routing Switch 8600 Configuration —VLANs and Spanning Tree (NN46205-517).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
170 Chassis operations fundamentals
Depending upon code release usage, select the set of features listedin Table 22 "Loop prevention by release" (page 170). For best loopprevention, Nortel Global Network Product Support recommends that youupgrade to release 4.1.1 or greater and use SLPP.
Table 22Loop prevention by release
Software release CP Limit Loop detect Ext-CP Limit SLPP
3.7.0 - 3.7.4 Yes (see Note 2) Yes (see Note 1) N/A N/A
3.7.5 - 3.7.x Yes (see Note 2) Yes(see Notes 1 and5)
Yes (hard down)(see Notes 2 and4)
N/A
4.0.x Yes (see Note 2) Yes (see Note 1) N/A N/A
4.1.x and on Yes (see Note 2) No Yes (soft down)(see Notes 2 and4)
Yes (see Note 3)
Note 1: Do not enable on IST links and do not use the VLAN down option for SMLT configurations.
Note 2: SF/CPU protection mechanism; do not enable on IST links.
Note 3: Do not enable SLPP on IST or SMLT core facing ports.
Note 4: With Release 4.1.1.0 and later, Nortel recommends that you use the Soft Down optionverses Hard Down.
Note 5: For this configuration, always set ARP-detect option to activated as well.
The following table provides the Nortel recommended CP Limit values.
Table 23CP Limit recommended values
CP Limit Values
Broadcast Multicast
Aggressive
Access SMLT/SLT 1000 1000
Server 2500 2500
Core SMLT 7500 7500
Moderate
Access SMLT/SLT 2500 2500
Server 5000 5000
Core SMLT 9000 9000
Relaxed
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Loop prevention and CP limit 171
Table 23CP Limit recommended values (cont’d.)
CP Limit Values
Broadcast Multicast
Aggressive
Access SMLT/SLT 4000 4000
Server 7000 7000
Core SMLT 10 000 10 000
The following table provides the Nortel recommended SLPP values.
Table 24SLPP recommended values
Setting
Enable SLPP
Access SMLT Yes
Access SLT Yes
Core SMLT No
IST No
Primary switch
Packet Rx threshold 5
Transmission interval 500 milliseconds (ms) (default)
Ethertype Default
Secondary switch
Packet Rx threshold 50
Transmission interval 500 ms (default)
Ethertype Default
SLPP configuration considerationsUse the information in this section to understand the considerations andguidelines when configuring SLPP in an SMLT network.
• You must enable SLPP packet receive on each port to detect a loop.
• Vary the SLPP packet receive threshold between the two core SMLTswitches so that if a loop is detected, the access ports on bothswitches do not go down, and SMLT client isolation is avoided.
• SLPP test packets (SLPP-PDU) are forwarded for each VLAN.
• SLPP-PDUs are automatically forwarded VLAN ports configured forSLPP.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
172 Chassis operations fundamentals
• The SLPP-PDU destination MAC address is the switch MAC address(with the multicast bit set) and the source MAC address is the switchMAC address.
• The SLPP-PDU is sent out as a multicast packet and is constrainedto the VLAN on which it is sent.
• If one port of an MLT is shut down because it received SLPP-PDUsthat exceed the receive threshold of the port, then all ports of the MLTare shut down.
• The SLPP-PDU can be received by the originating CP or the peerSMLT CP. All other switches treat the SLPP-PDU as a normalmulticast packet, and forward it to the VLAN.
• SLPP-PDU transmission and reception operates only on ports forwhich STP is in a forwarding state (if STP is enabled on one switchin the path).
• SLPP is port-based, so a port is disabled if it receives SLPP-PDUon one or more VLANs on a tagged port. For example, if the SLPPpacket receive threshold is set to 5, a port is shut down if it receives 5SLPP-PDU from one or more VLANs on a tagged port.
Extended CP LimitThe CP Limit function protects the SF/CPU by shutting down ports thatsend traffic to the SF/CPU at a rate greater than desired through oneor more ports. You can configure the Extended CP Limit functionality toprevent overwhelming the switch with high traffic. To use the Extended CPLimit functionality, configure CP Limit at the chassis and port levels.
ATTENTIONThe Extended CP Limit feature differs from the rate-limit feature by monitoringpackets that are only sent to the SF/CPU (control plane), instead of all packetsthat are forwarded through the switch (data plane).
The set of ports to check for a high rate of traffic must be predetermined,and configured as either SoftDown or HardDown.
HardDown ports are disabled immediately after the SF/CPU is congestedfor a certain period of time.
SoftDown ports are monitored for a specified time interval, and aredisabled only if the traffic does not subside. The user configures themaximum number of monitored SoftDown ports.
To enable this functionality and set its general parameters, configurationmust take place at the chassis level first. After you enable this functionalityat the chassis level, configure each port individually to make use of it.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Switch reliability 173
The following table provides the Nortel recommended Extended CP Limitvalues.
Table 25Extended CP Limit recommended values
Setting Value
SoftDown – use with 4.1
Maximum ports 5
Minimum congestion time 3 seconds (default)
Port congestion time 5 seconds (default)
CP Limit utilization rate Dependent on network traffic
HardDown – use with 3.7
Maximum ports 5
Minimum congestion time P = 4000 msS = 70000 msT = 140 000 msQ = 210 000 ms
Port congestion time P = 4 secondsS = 70 secondsT = 140 secondsQ = 210 seconds
Legend: Primary (P) – primary target for convergence, Secondary (S) –secondary target for convergence, Tertiary (T) – third target for convergence,Quarternary (Q) – fourth target for convergenceNortel does not recommend the Ext CP Limit HardDown option for softwareRelease 4.1 or later. Only use this option if SLPP is not available.
Switch reliabilityAs system resources become more widely distributed, the reliability ofnetwork nodes is even more important because it affects connectivity inthe entire network. Although software and hardware components of a nodeare reliable, they are still prone to failures. Protecting the node from failureof one of its components makes the node highly available.
The Ethernet Routing Switch 8600 supports many High Availabilityfeatures at all levels, including the following:
• Hardware
— hot-swappable Input/Output (I/O) modules
— hot-swappable Service Delivery Modules
— passive backplane
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
174 Chassis operations fundamentals
— Silicon Switch Fabric redundancy and load-sharing
— redundant fans and power supply units
• Software
— port-level and slot-level redundancy in the form of link aggregation
— Split Link Aggregation
— Split MulitLink Trunking (SMLT)
— Routed Split MultiLink Trunking (RSMLT)
— basic Central Processing Unit (SF/CPU) availability— warmstandby
— high SF/CPU availability—hot standby
— router redundancy through Virtual Router Redundancy Protocol(VRRP)
If the primary SF/CPU module fails, the backup SF/CPU assumes theprimary role.
ATTENTIONDuring a SF/CPU failover, do not hot swap I/O modules until the new SF/CPUbecomes the master SF/CPU.
You can configure SF/CPU redundancy to provide either basic availabilityor High Availability.
In warm standby redundancy mode, if the primary SF/CPU fails, thebackup SF/CPU must initialize all input/output modules and load switchconfigurations, causing delays and disrupting operations. In hot standbyredundancy mode, both SF/CPUs maintain synchronized configuration andoperational databases, enabling very quick recovery and High Availability.
If you enable HA, also called Layer 3 redundancy, you automaticallydisable all non-HA features, that is features not supported by HA.
After you enable HA, both the primary and secondary SF/CPUssynchronize their database structures following initialization. After thiscomplete table synchronization, only topology changes are exchangedbetween the primary and secondary SF/CPU.
Jumbo framesThe standard 1518 bytes Ethernet frame size was designed to protectagainst the high bit error rates of older physical-layer Ethernet componentsbut increases in computer processing power and the use of switchedEthernet over unshielded twisted pair or fiber media significantly lowersEthernet errors.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Jumbo frames 175
In addition, the speed and capacity of the Ethernet are expanding theprocessor limits of many installed servers, and more data is transferredbetween servers. For these reasons, increasing Ethernet frame size is alogical option. The Ethernet Routing Switch 8600 now supports Ethernetframes as large as 9600 bytes, compared to the standard 1518 bytes, totransmit large amounts of data efficiently and minimize the task load on aserver SF/CPU.
Tagged VLAN supportA port with VLAN tagging activated can send tagged frames. If you planto use Jumbo frames in a VLAN, make sure that the ports in the VLANare configured to accept Jumbo frames and that the server or hosts in theVLAN do not send frames that exceed 9600 bytes. For more informationabout configuring VLANs, see Nortel Ethernet Routing Switch 8600Configuration — VLANs and Spanning Tree (NN46205-517).
Modules and interfaces that support Jumbo framesAs a minimum, Jumbo frame support requires Gigabit speed. Althoughthe system allows larger MTU settings, modules with 10/100 interfaces donot support Jumbo frames.
The following Ethernet Routing Switch 8600 devices and interfacessupport Jumbo frames:
• All RS modules: 8612XLRS, 8634XGRS, 8648GBRS, and 8648GTRS.
• Gigabit fiber and Gigabit copper ports in 8608SX-E, 8608GBIC,8608GBIC-E, 8632TX, 8632TX-E, 8608GT-E, 8630GBR, and8648GTR.
• 10 Gigabit interfaces 8683XLR and 8683XZR.
• IPv6—if you enable IPv6 Jumbo frame support you must set the portinterface MTU size to 9600 bytes.
The following IPv4 and IPv6 control plane applications do not supportJumbo frames:
• Ping
• Telnet
• Domain Name Service (DNS)
• Secure Shell (SSH)
• Secure Copy Protocol (SCP)
• Simple Network Management Protocol (SNMP)
• Open Shortest Path First (OSPF) versions 2 and 3
• Routing Internet Protocol (RIP)
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
176 Chassis operations fundamentals
If you enable Jumbo frame support on the chassis, then you must set theport interfaces that support the Jumbo frames feature to an MTU size of9600 bytes. Retain the default MTU size of 1950 bytes on port interfacesthat do not support the Jumbo frames feature. Changes that you make tothe MTU size take place immediately.
ATTENTIONOn the 8648GTR module, ports operating at 100 Mbit/s support a maximumframe size of 9188 bytes.
The Web Switching Module (WSM) supports Jumbo frames of up to9018 octets. For instructions about configuring Jumbo frames for thismodule, see Nortel Ethernet Routing Switch 8600 Web Switching ModuleFundamentals (NN46205-314).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
177.
Chassis operations configurationusing Device Manager
This section provides the details to configure operating modes and basichardware and system settings.
Navigation• “Editing system information” (page 178)
• “Editing chassis information” (page 181)
• “Configuring system flags” (page 183)
• “Enabling M mode ” (page 187)
• “Enabling R mode” (page 188)
• “Enabling enhanced operational mode” (page 190)
• “Enabling global filter ordering” (page 190)
• “Enabling CPU High Availability” (page 191)
• “Configuring a basic configuration” (page 192)
• “Opening a dual tab” (page 197)
• “Editing ports” (page 198)
• “Viewing the boot configuration” (page 198)
• “Enabling Jumbo frames” (page 199)
• “Reserving records” (page 199)
• “Viewing the trap sender table” (page 200)
• “Configuring the time” (page 201)
• “Configuring SLPP globally” (page 202)
• “Configuring the SLPP by VLAN” (page 203)
• “Configuring the SLPP by port” (page 204)
• “Configuring Extended CP Limit globally” (page 205)
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
178 Chassis operations configuration using Device Manager
• “Configuring extended CP Limit for a port ” (page 206)
• “Configuring loop detect” (page 208)
• “Configuring CP Limit” (page 209)
• “Editing the boot file” (page 210)
• “Editing the management port parameters” (page 212)
• “Editing the management port CPU route table” (page 213)
• “Configuring the management port IPv6 interface parameters” (page214)
• “Configuring management port IPv6 addresses” (page 216)
• “Configuring the CPU IPv6 route table” (page 217)
• “Editing serial port parameters” (page 218)
• “Enabling port lock” (page 219)
• “Locking a port” (page 220)
• “Enabling power management” (page 221)
• “Configuring slot priority” (page 221)
Editing system informationYou can edit system information such as the contact person, the name ofthe device, and its location. Other information cannot be edited, but is veryuseful, such as the software version running on the device.
Edit system information by performing this procedure.
Procedure steps
Step Action
1 On the Device Manager menu bar, choose Edit, Chassis.
The Chassis dialog box appears with the System tab displayed.
2 Edit the required options.
3 Click Apply.
4 Click Close.
--End--
Variable definitionsUse the data in the following table to configure the Chassis, System tab.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Editing system information 179
Variable Value
sysDescr Shows the system assigned name and thecurrent, running software version.
sysUpTime Shows the time since the system last started.
sysContact Configures the contact information (in thiscase, an E-mail address) for the Nortelsupport group.
sysName Configures the device name.
sysLocation Configures the physical location of the device.The default location is 4655, Great AmericaParkway, Santa Clara, CA - 95054.
VirtualIpAddr Configures the virtual IP address advertisedby the master SF/CPU.Unlike the management port IP address,the virtual IP address is stored in the switchconfiguration file, not the boot configurationfile.The default IP address is 0.0.0.0.
VirtualNetMask Configures the net mask of the virtualmanagement IP address.The default net mask is 0.0.0.0.
VirtualIpv6Address Configures the virtual IPv6 address advertisedby the master SF/CPU.Unlike the management port IPv6 address,this address is stored in the switchconfiguration file, not the boot configurationfile.The default address is 0:0:0:0:0:0:0:0.
VirtualIPv6Prefix Length Configures the length of the virtual IPv6 prefixentry.The default is 0.
DnsDomainName Configures the default domain for querying theDNS server.
LastChange Specifies the time since the last configurationchange.
LastVlanChange Specifies the time since the last VLANchange.
LastStatisticsReset Specifies the time since the statistics counterswere last reset.
LastRunTimeConfigSave Specifies the last run-time configurationsaved.
LastRunTimeConfigSaveToSlave
Specifies the last run-time configuration savedto the standby device.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
180 Chassis operations configuration using Device Manager
Variable Value
LastBootConfigSave Specifies the last boot configuration saved.
LastBootConfigSaveOnSlave Specifies the last boot configuration saved onthe standby device.
LastRuntimeConfigFileName Specifies the default Runtime ConfigurationFile directory name.
DefaultBootConfigFileName Specifies the default Boot Configuration Filedirectory name.The default name is /flash/boot.cfg.
ConfigFileName Specifies the name of a new boot or runtimeconfiguration file.For more information, see saveBootConfigand saveRuntimeConfig in ActionGroup1.The default name is /flash/config.cfg.
ActionGroup1 Specifies one of the following actions:
• resetCounters—resets all statisticcounters.
• checkSwInFlash—checks the software inflash memory.
• saveRuntimeConfigToSlave—savesthe current run-time configuration to thesecondary SF/CPU.
• saveToNVRAM—saves the currentrun-time configuration to NVRAM.
• checkSwInPcmcia—checks the softwarein Personal Computer Memory CardInternational Association (PCMCIA).
• saveBootConfig—saves the currentboot configuration to the file specified inConfigFileName. If the configFileNamefield is blank, the switch saves theboot configuration to the current bootconfiguration file.
• saveToStandbyNVRAM—saves thecurrent run-time configuration to thestandby NVRAM.
• saveRuntimeConfig—saves the currentrun-time configuration to the file specifiedin ConfigFileName. If the configFileNamefield is blank, the switch saves the run-timeconfiguration to the current run-timeconfiguration file.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Editing chassis information 181
Variable Value
• saveSlaveBootConfig—saves the currentboot configuration to the secondarySF/CPU.
• loadLicense—loads a software license fileto enable features.
ActionGroup2 Specifies one of the following actions:• resetlstStatCounters—resets the IST
statistic counters.
• resetLspStats—resets the LSP statistics
ActionGroup3 flushIpRouteTbl—flushes IP routes from therouting table.
ActionGroup4 Specifies one of the following actions:
• hardReset—resets the device and runspower-on tests.
• softReset—resets the device withoutrunning power-on tests.
• cpuSwitchOver—swaps control from oneSF/CPU to another.
• resetConsole—reinitializes the hardwareUART drivers. Reset the console onlyif the console or modem connection ishanging.
• resetModem—reinitializes the UARTdrivers on the modem port. Reset themodem only if the console or modemconnection is hunging.
Result Specifies a message after you click Apply.
Editing chassis informationEdit the chassis information to make changes to chassis-wide settings byperforming this procedure.
Procedure steps
Step Action
1 On the device, select the chassis.
2 From the Device Manager menu bar, choose Edit, Chassis.
The chassis dialog box appears with the System tab displayed.
3 Click the Chassis tab.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
182 Chassis operations configuration using Device Manager
4 Edit the necessary options.
5 Click Apply.
6 Click Close.
--End--
Variable definitionsUse the data in the following table to configure the Chassis tab.
Variable Value
Type Specifies the Ethernet Routing Switch 8600module type.
SerialNumber Specifies a unique chassis serial number.
HardwareRevision Specifies the current hardware revision of thedevice chassis.
NumSlots Specifies the number of slots (or cards) thisdevice can contain.
NumPorts Specifies the number of ports currently on thisdevice.
BaseMacAddr Specifies the starting point of the block of MACaddresses used by the switch for logical andphysical interfaces.
MacAddrCapacity Specifies the MAC address capacity.The default value is 4096.
MacFlapLimitTime Configures the time limit for the loop-detectfeature, in milliseconds, for MAC flapping. Thevalue ranges from 10 to 5000.The default value is 500.
AutoRecoverDelay Configures the delay in autorecovery. Thevalue ranges from 5 to 3600.The default is 30 seconds.
MTUSize Configures the maximum transmission unitsize.The default is 1950.
Temperature Specifies the current temperature of thechassis in degrees Celsius.
PrimaryCPUType Specifies the primary SF/CPU type; forexample, the 8692 SF/CPU.
PrimaryCPUMemory Specifies the primary SF/CPU memory size;for example, 256 MB.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring system flags 183
Variable Value
SecondaryCPUType Specifies the secondary SF/CPU type; forexample, the 8692 SF/CPU.
SecondaryCPUMemory Specifies the secondary SF/CPU memory size;for example, 256 MB.
PowerUsage Specifies the amount of power the SF/CPUuses.The default value is 665.
PowerAvailable Specifies the amount of power available to theSF/CPU.The default is 1050.
Configuring system flagsConfigure the system flags to enable or disable flags for specificconfiguration settings by performing this procedure.
Procedure steps
Step Action
1 On the device, select the chassis.
2 From the Device Manager menu bar, choose Edit, Chassis.
The chassis dialog box appears with the System tab displayed .
3 Click the System Flags tab.
The Chassis—System Flags tab appears.
4 Select the system flags you want to set.
5 You can assign a specific mode by selecting it in the modesection of the dialog box.
6 Click Apply.
ATTENTIONAfter you change certain configuration parameters, you must savethe changes to the configuration file and restart the switch before thechanges take effect. For more information about which parametersrequire a switch reset, see the value descriptions in Variablesdefinitions.
--End--
Variable definitionsUse the data in the following table to configure the Chassis, System Flagstab.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
184 Chassis operations configuration using Device Manager
Variable Value
AuthenticationTraps Activates Authentication traps.If you change this parameter, you must restartthe system for the change to take effect.
EnableWebServer Activates the Web server.If you change this parameter, you must clickApply for the change to take effect.
EnableAccessPolicy Activates access policies.If you change this parameter, you must restartthe system for the change to take effect.
MrouteStreamLimit Enables or disables Mroute Stream Limit.If you change this parameter, you must restartthe system for the change to take effect.
ForceTrapSender Configures CLIP (Circuit Less IP) as a traporiginator. If you change this parameter, youmust restart the system for the change to takeeffect.
ForceIpHdrSender If you enable Force IP Header Senter, thesystem matches the IP header source addresswith SNMP header sender networks.If you change this parameter, you must restartthe system for the change to take effect.
GlobalFilterEnable Enables or disables the ordering of globalfilters by their ID in the system.If you change this parameter, you must restartthe system for the change to take effect.
VlanBySrcMacEnable Enables or disables source MAC basedVLANs.If you change this parameter, you must restartthe system for the change to take effect.
DiffServEcnCompatibilityEnable
Enables or disables the Explicit CongestionNotification (ECN) compatibility feature.If you select false, the system masks the ECNbits in the DS field while re-marking DSCP anddoes not match on ECN capable flows if thefilter is set on DSmatch.If you select true, the system preserves theECN bits in the DS field while re-marking andmakes matches based on the full 8-bit DSfield.If you change this parameter, you must restartthe system for the change to take effect.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring system flags 185
Variable Value
WsmDirectMode Activates configuration of same communitystrings on the WSM and 8600.Enables direct connection by SNMP to theWSM.If you change this parameter, you must restartthe system for the change to take effect.
ConfigMode Configures the switch to use Nortel Networkscommand line interface (NNCLI) or CLI mode.If you change this parameter, you must restartthe system for the change to take effect.The default is nncli.
ForceTopologyIpFlagEnable Enables or disables the flag that sets the CLIPID as the topology IP. Values are true or false.The default value is false (disabled).
CircuitlessIpId Sets the CLIP ID to be used as the topologyIP. Enter a value from 1 to 256.
EnableEnhancedOperationalMode
Configures Enhanced Operational mode.
EnhancedOperMode Indicates if Enhanced Operational mode isconfigured. The values are true or false. Thisis a read-only field.
EnableM-Mode Enables or disables M mode.If you change this parameter, you must restartthe system for the change to take effect.
M-Mode Indicates if M mode is configured. The valuesare true or false. This is a read-only field.
EmModeError Indicates the M mode error status. Thepossible error message values are as follows:
• none
• non128KCardOffLine
• checkSlaveConfigNResetForEmMMode
• mismatchResetForEmMode
• mismatchEmModeMasterSlave
• incompatMasterResetForEmMode
• putSlaveOffEmImcompat
• slave8690EmIncompatGoingOffline
• cpu8690DisableEm
EnableR-Mode Activates R mode.If you change this parameter, you must restartthe system for the change to take effect.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
186 Chassis operations configuration using Device Manager
Variable Value
R-Mode Indicates if R-mode is configured. The valuesare true or false. This is a read-only field.
RspModeError Indicates the R mode error status. Thepossible error message values are as follows:
• none
• non256KCardOffLine
EnableVlanOptimizationMode Configures VLAN Optimization mode.
ATTENTIONNortel recommends that you do not changethe configuration of the VLAN optimizationmode.
VlanOptimization Specifies the current state of VLANOptimization mode.
SystemMonitorEnable Activates or disables system monitoring inthe switch. If you change this parameter, youmust restart the system for the change to takeeffect.
MonitoringEnable Starts or ends a monitoring session.
MonitorDetectionTime Configures the interval, in seconds, for systemmonitoring, in a range from 10 to 600 seconds.The default value is 30.
HaCpu Activates or disables the High Availability CPUfeature.If you change this parameter, you must restartthe system for the change to take effect.The default value is disabled.
HaCpuState Indicates the High Availability CPU state.
• initialization—indicates the SF/CPU is inthis state
• oneWayActive—modules that need to besynchronized register with the framework(either locally or a message received from aremote SF/CPU)
• twoWayActive—modules that need to besynchronized register with the framework(either locally or a message received from aremote SF/CPU)
• synchronized—table-based synchronizationis complete on the current SF/CPU
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Enabling M mode 187
Variable Value
• remoteIncompatible—SF/CPU frameworkversion is incompatible with the remoteSF/CPU
• error—if an invalid event is generated in aspecific state the SF/CPU enters Error state
• disabled—High Availability is not activated
• peerNotConnected—no established peerconnection
• peerConnected—established peerconnection is established
• lostPeerConnection—lost connection topeer or standby SF/CPU
• notSynchronized—table-basedsynchronization is not complete
The default is disabled.
HaEvent Indicates the High Availability event status.
• restart—causes the state machine torestart.
• systemRegistrationDone—causes theSF/CPU to transfer to One Way or TwoWay Active state.
• tableSynchronizationDone—causes theSF/CPU to transfer to synchronized state.
• versionIncompatible—causes the SF/CPUto go to remote incompatible state
• noEvent—means no event occurred todate.
StandbyCpu Indicates the state of the standby SF/CPU.
Enabling M modeEnable M mode to support up to 128000 table entries in the system byperforming this procedure.
Prerequisites
• M mode supports the Nortel Ethernet Routing Switch 8600 Release 3.xfeature set. Full support of M mode requires the following configurationconditions:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
188 Chassis operations configuration using Device Manager
— The chassis must include at least one 8691 or 8692 SF/CPUmodule.
— All modules installed in the chassis must be M, R, or RS modules,are capable of supporting 128000 table entries.
— M modules require Nortel Ethernet Routing Switch 8600 Release3.3 or later.
— You must understand how the modules installed in the chassisaffect the operating mode of the switch.
ATTENTIONIf M mode is activated, any E modules present in the chassis aredisabled. This protects the system forwarding tables from lost entries.
• You cannot activate M mode and R mode at the same time.
Procedure steps
Step Action
1 From the Device Manager menu bar, choose Edit, Chassis.
The Chassis dialog box appears with the System tab displayed.
2 Click the System Flags tab.
3 Select the EnableM-Mode box.
4 Click Apply.
A warning message appears, advising you to restart.
5 Click OK.
ATTENTIONIf you activated M mode and you are using Device Manager,you cannot edit or apply changes on the Boot tab on the standbySF/CPU. Configuration is possible if you are in default mode.
--End--
Enabling R modeEnable R mode to support 256 000 IP routes. R mode supports the NortelEthernet Routing Switch 8600 Release 4.0 and later feature sets.
Enable R mode by performing this procedure.
Prerequisites
• Full support of R mode requires the following configuration conditions:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Enabling R mode 189
— The system must include either R or RS modules only. Ifthe system uses a mix of R, RS, M, or E modules, you mustunderstand how that affects available configuration options.
— The system must include at least one 8692 SF/CPU module. R andRS modules do not start with the 8691 SF/CPU modules (see thefollowing exception).
The 8648GTR module operates with 8691 and 8692 SF/CPUmodules. To support the 8648GTR with the 8691 SF/CPU, theSF/CPU must be configured with 256MB Synchronous DynamicRandom Access Memory (SDRAM) (the 8692 SF/CPU shipsstandard with 256MB SDRAM). A system with 8691 SF/CPUconfigured with 256MB SDRAM and only 8648GTR interfacemodules meets the conditions for R mode.
— When you configure an Ethernet Routing Switch 8600, considertotal power-consumption to ensure proper system performance.The total input power-consumption of the components (modulesand fan trays) must not exceed the output power rating of thepower supply. See your power supply document for power supplyspecifications. For input power consumption information, seeNortel Ethernet Routing Switch 8600 Installation — Chassis(NN46205-303).
— R modules require Nortel Ethernet Routing Switch 8600 softwareRelease 4.0 or later.
Procedure steps
Step Action
1 From the Device Manager menu bar, choose Edit, Chassis.
The Chassis dialog box appears with the System tab displayed.
2 Click the System Flags tab.
3 Select the Enable R-Mode box.
4 Click Apply.
A warning message appears, advising you to restart.
5 Click OK.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
190 Chassis operations configuration using Device Manager
ATTENTIONIf you activate R mode and you are using Device Manager, youcannot edit or apply changes on the Boot tab on the standbySF/CPU. Configuration is possible if you are in default mode or Mmode.
--End--
Enabling enhanced operational modeEnable enhanced operational mode to increase the maximum numberof virtual LANs (VLAN) if you use MultiLink Trunking (MLT) and SplitMultiLink Trunking (SMLT) by performing this procedure.
Procedure steps
Step Action
1 From the Device Manager menu bar, choose Edit, Chassis.
The Chassis dialog box appears with the System tab displayed.
2 Click the System Flags tab.
3 Select the EnableEnhancedOperationalMode box.
4 Click Apply.
5 Save the configuration.
6 Restart the chassis.
--End--
Enabling global filter orderingEnable the ordering of global filters. By default, global filters are stored inthe hardware records in the order that they are applied. After you enablethe ordering of global filters, global filters are stored in the order of theirIDs. To ensure that a global filter is used first, you need to assign a lowerID to that filter; or assign a higher ID to a less specific filter.
Enable the order of global filter by performing this procedure
Prerequisites
• Global filter ordering is supported only on classic modules; this featureis not applicable to R or RS modules.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Enabling CPU High Availability 191
Procedure steps
Step Action
1 From the Device Manager menu bar, choose Edit, Chassis.
The Chassis dialog box appears with the System tab displayed.
2 Click the System Flags tab.
3 Select the GlobalFilterEnable box.
4 Click Apply.
ATTENTIONFor the changes to take effect, you must save the configuration andrestart the chassis.
--End--
Enabling CPU High AvailabilityCPU high-availability (HA) mode enables switches with two CPUs torecover quickly from a failure of the master SF/CPU. Use the procedure inthis section to enable CPU HA mode.
Procedure steps
Step Action
1 On the device, select the chassis.
2 From the Device Manager menu bar, choose Edit, Chassis.
The chassis dialog box appears with the System tab displayed .
3 Click the System Flags tab.
4 In HaCpu section, select Enable.
5 Click Apply.
A message box appears.
6 Click Yes to confirm.
After enabling HA mode on the master SF/CPU, the secondarySF/CPU automatically resets to load settings from itspreviously-saved boot configuration file. You must manuallyreset the primary SF/CPU while the secondary SF/CPU isbooting.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
192 Chassis operations configuration using Device Manager
ATTENTIONFailure to manually boot the primary CPU before the secondaryfinishes booting can lead to system instability. Traffic is interruptedwhen the master is manually reset.
CAUTIONEnabling the HA mode can cause certain features tobecome disabled. See the Release Notes for yoursoftware version for details on HA mode specificinformation.
--End--
Configuring a basic configurationYou can set options for a basic port configuration through the Interfacetab in the Port dialog box. Additional tabs and screen entries formodule-specific functions appear when applicable. For example, on theInterface dialog box for a port, tabs for Layer 3 (routing) functions appear ifDevice Manager accesses an Ethernet Routing Switch 8600.
Configure the basic port configuration by performing this procedure.
Procedure steps
Step Action
1 On the device view, select a port or multiple ports.
2 From the Device Manager menu bar, choose Edit, Port, General– Global Router (vrf 0)....
The Port dialog box appears with the Interface tab displayed.
3 Configure the fields as required.
The 10/100Base-TX ports do not consistently autonegotiate witholder 10/100Base-TX equipment. You can sometimes upgradethe older devices with new firmware or driver revisions. If anupgrade does not allow autonegotiation to correctly identify thelink speed and duplex settings, you can manually configure thesettings for the link in question. Check the Nortel Web site forthe latest compatibility information.
--End--
Variable definitionsUse the data in the following table to use the Interface tab.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring a basic configuration 193
Variable Value
Index A unique value, in a range from 64–511,assigned to each interface.The default value is 212.
Name The name assigned to the port.
Descr The port type of this interface.
Type The media type of this interface.
Mtu The size of the largest packet, in octets, theswitch can send or receive on the interface(maximum transmission unit).The default is 1950.
PhysAddress The MAC address assigned to a particularinterface.
VendorDescr The name of the interface chipset. (Thisdoes not apply to all port types.)
AdminStatus AdminStatus is expressed as one of thefollowing states:
• up
• down
• testing
After a managed system initializes, allinterfaces start with AdminStatus in the upstate.AdminStatus changes to either the downor the testing state (or remains in the downstate) if you make explicit managementaction or if the managed system retainsconfiguration information.The testing state indicates that the switchdoes not pass operational packets.
The default state is up.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
194 Chassis operations configuration using Device Manager
Variable Value
OperStatus The current operational state of the interfaceexpressed as one of the following states:
• up
• down
• testing
The testing state indicates that the switchdoes not pass operational packets.If AdminStatus is down, OperStatus is down.If AdminStatus changes to up, OperStatuschanges to up if the interface is ready totransmit and receive network traffic.AdminStatus remains in the down state if,and only if, a fault exists that prevents itfrom going to the up state.
The default operating status is down.
LastChange The value of sysUpTime at the time theinterface entered its current operationalstate.If the interface entered the current stateprior to the last reinitialization of the localnetwork management subsystem, the valueis zero.
LinkTrap Indicates whether the system generates linkUp or link Down traps for this interface.The default setting is enabled.
AutoNegotiate Indicates whether this port is activated forautonegotiations (only 10/100Base ports).Nortel recommends that you useautonegotiation whenever it is supported bythe devices on both ends of a Gigabit fiberlink.If the Ethernet Routing Switch 8600 isconnected to a device that does not supportit, disable autonegotiation and enable SFFD.The default setting is true.For more information, see NortelEthernet Routing Switch 8600 Planningand Engineering -- Network Design(NN46205-200).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring a basic configuration 195
Variable Value
AdminDuplex Indicates the current duplex value of the portas one of the following modes:• half-duplex
• full-duplex
The default is half-duplex.
OperDuplex The current operational duplex mode of theport (half or full).The default is Full-duplex.
AdminSpeed Indicates the port data rate (10 Mb/s or 100Mb/s).
OperSpeed The current operating data rate of the port.
AutoNegAd The port speed to advertise.
QosLevel Quality of Service level.The default is level 1.
DiffServ Activates Differentiated Services on thisport.
Layer3Trust Configures the type of Differentiated Serviceto one of the following:
• none
• access
• core
The default is core.
MultimediaPlatformAndDevice Specifies the platform and multimediadevice.
TelephonyAndMultimediaFilterEnable
Activates telephony and multimedia filters.
MltId The MultiLink Trunk to which the port isassigned.The default is 0.
Locked Indicates whether or not the port is locked.If the port is locked, you cannot change theport configuration.To lock or unlock a port, select Edit,Security, Port Lock.The default is false.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
196 Chassis operations configuration using Device Manager
Variable Value
UnknownMacDiscard If you enable UnknownMacDiscard on aport, the system drops a packet with anunknown source MAC address on thatport, and other ports discard packets thatcontain the unknown MAC address in thedestination field.For example, if 11:22:33:44:55:66 is anunknown source MAC, packets tagged witha source MAC of 11:22:33:44:55 comingfrom this port are discarded; packets taggedwith a destination MAC of 11:22:33:44:55:66coming from other ports are also discarded,unless the address is learned on anotherport or the restriction ages out.
You must enable autolearn beforeyou can set the unknown-mac-discardlock-autolearn-mac disable parameter.
DirectBroadcastEnable Indicates whether this interface forwardsdirect broadcast traffic.
AdminRouting Indicates whether the port is routable.
OperRouting The status of the port; whether it is routable.
HighSecureEnable Activates or disables the high securefeature.
Layer 2 Override 8021p Activates or disables IEEE 802.1p override.If activated, the 802.1p value from a taggedframe is not used.
CpLimitEnable Activates or disables extended CP Limit insystem.
CpMulticastLimit Selects the CP multicast limit.
CpBroadcastLimit Selects the CP broadcast limit.
Action One of the following port-related actions:
• none
• flushMacFdb—flush MAC forwardingtable for port
• flushArp—flush ARP table for port
• flushIp—flush IP route table for port
• flushAll—flush all tables for port
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Opening a dual tab 197
Variable Value
• triggerRipUpdate—manually update theRIP table
• clearLoopDetectAlarm—manuallyenable the port on all the disabled vlans
Result The result of port-related actions.
Opening a dual tabIf you use ports with redundant connectors, a dual tab appears. Use thistab to define which connector is the primary connector.
Open a dual tab by performing this procedure.
Procedure steps
Step Action
1 On the device view, select at least two ports.
2 From the Device Manager menu bar, choose Edit, Port, General– Global Router (vrf 0)....
3 Click the Dual tab.
--End--
Variable definitionsUse the data in the following table to use the Dual tab.
Variable Value
Index A unique value assigned to each interface.
PrimaryConnector For ports configured with redundantconnectors, this value indicates whichconnector to use as the active connector onthis port the next time the port is placed intothe ifAdminStatus=Up state.
ActiveConnector Indicates which connector is currently theactive connector. Only one connector isactive at a time.
BackupConnectorStatus Indicates the status of the link attached tothe backup (nonactive) connector.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
198 Chassis operations configuration using Device Manager
Editing portsIf you edit multiple ports, some options are not available, and otheroptions appear to be available even though the dialog box or tab is notapplicable. If a dialog box or tab does not apply for a port, you receive aNoSuchObject message.
If you edit a single port, dialog boxes and tabs that are not applicable arenot available for the selection.
Edit multiple ports by performing this procedure.
ATTENTIONIf a port is modified while an alarm is active on the port, and the port sendsfaults to a Multiservice Data Manager (MDM) server. It is possible that duplicatealarms appear in the MDM Active Alarm browser due to a component namechange. To clear these alarms, use the procedure called Clearing Local Alarmsin Nortel Multiservice Data Manager (MDM) Fault Management — Tools(NN10470-011).
Procedure steps
Step Action
1 Select the port, or ports, you want to edit.
2 Do one of the following:
• Double-click a port.
• Right-click a port. On the shortcut menu, choose Edit.
• From the Device Manager menu bar, choose Edit, Port.
--End--
Viewing the boot configurationView the boot source, as well as view the source from which the switchstarted last by performing this procedure.
Procedure steps
Step Action
1 On the device, select a chassis.
2 From the Device Manager menu bar, choose Edit, Chassis.
The chassis dialog box appears with the System tab displayed .
3 Click the Boot Config tab.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Reserving records 199
The Boot Config tab appears.
--End--
Variable definitionsUse the data in the following table to use the Boot Config tab.
Variable Value
Slot Specifies the slot number of the device
SwVersion Specifies the software version that is currentlyrunning
LastBootConfigSource Specifies the last source from which the switchstarted
LastRuntimeImageSource Specifies the last source for the run-time image
LastRuntimeConfigSource Specifies the last source for the run-timeconfiguration
Enabling Jumbo framesEnable Jumbo frames to increase the size of Ethernet frames supportedon the chassis by performing this procedure.
Procedure steps
Step Action
1 From the Device Manager menu bar, choose Edit, Chassis.
The System dialog box appears with the System tab displayed.
2 Click the Chassis tab.
The Chassis dialog box appears with the Chassis tab displayed.
3 Click MTU size: 1950 or 9600.
4 Click Apply.
5 Click Close.
--End--
Reserving recordsReserve records to change the number of hardware records available foreach record type by performing this procedure.
Prerequisites
• Reserving records is supported only on classic E and M modules.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
200 Chassis operations configuration using Device Manager
Procedure steps
Step Action
1 On the device, select the chassis.
2 From the Device Manager menu bar, choose Edit, Chassis.
The chassis dialog box appears with the System tab displayed .
3 Click the Record Reservation tab.
The Record Reservation tab appears.
4 Select the amount in the NewReserved column for the recordtype you want.
5 Enter the new value.
6 Click Apply.
The new number of reserved records appears in the Reservedcolumn.
--End--
Variable definitionsUse the data in the following table to configure the Chassis, RecordReservation tab.
Variable Value
Record Type Identifies the record type: filter, ipmc, local, mac, static,or vrrp.
Reserved Specifies the number of hardware records reserved forthe recordType.
Used Specifies the number of hardware records actuallyused by the recordType.
NewReserved Specifies the number of hardware records that isreserved for this record type after a reset if theconfiguration is saved.
DefReserved Specifies the number of records reserved for thisrecord type if loaded with factory default.
Viewing the trap sender tableUse the trap sender table to view source and receiving addresses byperforming this procedure.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring the time 201
Procedure steps
Step Action
1 On the device, select a chassis.
2 From the Device Manager menu bar, choose Edit, Chassis.
The chassis dialog box appears with the System tab displayed .
3 Click the Trap Sender Table tab.
The Trap Sender Table tab appears.
--End--
Variable definitionsUse the data in the following table to use the Chassis, Trap Sender Tabletab.
Variable Value
RecvAddress Specifies the IP address for the trap receiver. Thisvariable is a read-only variable containing the IPaddress configured in the TAddress field in theTargetTable.
SrcAddress Identifies the IP address for the trap sender.
Configuring the timeSet the date and time on the switch with the User Set Time tab byperforming this procedure.
Procedure steps
Step Action
1 On the device, select a chassis.
2 From the Device Manager menu bar, choose Edit, Chassis.
The chassis dialog box appears with the System tab displayed.
3 Click the User Set Time tab.
The User Set Time tab appears.
4 Enter the correct details.
5 Click Apply.
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
202 Chassis operations configuration using Device Manager
Variable definitionsUse the data in the following table to configure the User Set Time tab.
Variable Value
Year Configures the year (integer from 1998–2097)
Month Configures the month (integer from 1–12)
Date Configures the day (integer from 1–31)
Hour Configures the hour (integer from 0–23)
Minute Configures the minute (integer from 0–59)
Second Configures the second (integer from 0–59)
Configuring SLPP globallyEnable the Simple Loop Prevention Protocol (SLPP) to detect a loop andautomatically stop it by performing this procedure.
Procedure steps
Step Action
1 From the Device Manager menu bar, select VLAN, SLPP.
The Slpp dialog box appears with the Global tab displayed.
2 Select GlobalEnable.
3 In the TransmissionInterval box, enter a value for the timeinterval for loop detection.
4 In the EtherType box, enter the SLPP protocol value as ahexadecimal number.
5 Click Apply.
--End--
Variable definitionsUse the data in the following table to configure the Slpp dialog box.
Variable Value
GlobalEnable Enables or disables SLPP globally.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring the SLPP by VLAN 203
Variable Value
TransmissionInterval Sets the interval for which loopdetection occurs. The interval isexpressed in milliseconds in a rangefrom 500–5000.The default value is 500.
EtherType Specifies the SLPP protocolidentification. This value is expressedin hexadecimal format.
Configuring the SLPP by VLANActivates SLPP on a VLAN to enable forwarding of the SLPP packet overthe VLAN by performing this procedure.
Prerequisites
• Enable the SLPP globally before configuring it on a VLAN.
Procedure steps
Step Action
1 From the Device Manager menu bar, select VLAN, SLPP.
The Slpp dialog box appears with the Global tab displayed.
2 Click the VLANS tab.
The VLANS tab appears.
3 Click Insert.
The Slpp, Insert VLANS box appears.
4 Click the VlanID ellipses (...).
5 Select the desired VLAN ID.
6 Click Ok.
7 To enable SLPP, select SlppEnable.
8 Click Insert.
The ID and status of the selected VLAN appears in the Slpp,VLANS dialog box.
--End--
Variable definitionsUse the data in the following table to configure the SLPP, Insert VLANSdialog box.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
204 Chassis operations configuration using Device Manager
Variable Value
VlanId Specifies the VLAN.Click the ellipsis button to select froma list of VLANs.
SlppEnable Enables SLPP on the selected VLAN.
The SLPP packet transmission andreception process is active only if youenable the SLPP operation.When you disable the SLPP operation,the following occurs:
• the system sends no SLPP packets
• the system discards received SLPPpackets
Configuring the SLPP by portUse SLPP on a port to avoid traffic loops on the port by performing thisprocedure.
ATTENTIONTo provide protection against broadcast and multicast storms, Nortelrecommends that you enable Rate Limiting for broadcast traffic and multicasttraffic.
Procedure steps
Step Action
1 From the Device Manager menu bar, select VLAN, SLPP.
The Slpp dialog box appears with the Global tab displayed.
2 Click the Ports tab.
The Ports tab appears displaying all available ports.
3 In the PktRxThreshold box for the desired port, specify thethreshold value for packet reception.
4 Double-click the SlppEnable box for the desired port.
5 Select true to enable SLPP.
6 Click Apply.
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring Extended CP Limit globally 205
Variable definitionsUse the data in the following table to configure the Slpp, Ports tab.
Variable Value
IfIndex Specifies the interface index numberfor a port.
PktRxThreshold Specifies the threshold for packetreception. The SLPP packet receivethreshold is set to a value (1- 500) thatrepresents the number of SLPP-PDUsthat must be received to shut downthe port. Note that this is a port-levelparameter, therefore if the port istagged, SLPP-PDUs from the variousVLANs increment this single thresholdcounter.
See Table 24 "SLPP recommendedvalues" (page 171) for recommendedvalues in an SMLT environment.
SlppEnable Enables SLPP on the selectedinterface.
IncomingVlanId VLAN ID of the classified packet on aport disabled by SLPP.
SrcNodeType Specifies the source node type of thereceived SLPP packet.
Configuring Extended CP Limit globallyExtended CP Limit protects the switch from congestion caused by excessdata flowing through one or more ports.Configure the Extended CP Limit to prevent the switch from beingoverwhelmed by performing this procedure.
Prerequisites
• You must enable and configure Extended CP Limit at the chassis level.
Procedure steps
Step Action
1 In the Device Manager menu, select Edit, Chassis, Ext. CPLimit.
The Chassis—Ext CP Limit dialog box appears.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
206 Chassis operations configuration using Device Manager
2 Enter appropriate information in the fields provided and clickApply.
--End--
Variable definitionsUse the data in the following table to configure the Chassis—Ext. CP Limittab.
Variable Value
Enable Select this check box to enable the Extended CPLimit functionality.Clear the checkbox to disable Extended CP Limitfunctionality.
MinCongTime Configures the minimum time the system octapidremains in a congested state before triggering thecongestion algorithm.The default interval is 3000 milliseconds.
MaxPorts Configures the total number of ports that need tobe analyzed from the may-go-down port list.The range is from 0 to 512.The default is 0.
PortCongTime Configures the interval a port can remain at thecongestion threshold until the system disables it.The value ranges from 1 to 600 seconds.The default value is 5.
TrapLevel Indicates the trap level for extended CP Limit as:• none
• normal
• verbose
The default is none.
SysOctapidCongested Indicates whether system octapid congestion isdetected for extended CP Limit.
PortsMonitored Indicates ports monitored by extended CP Limit.
PortsShutDown Indicates whether ports are shut down due toextended CP Limit.
Configuring extended CP Limit for a portCP Limit functionality protects the switch from becoming congested by anexcess of data flowing through one or more ports. Currently the CP Limitfunctionality only protects the switch from broadcast and control traffic witha QoS value of 7. The Extended CP Limit functionality is configurable andyou can use it to prevent overwhelming the switch.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring extended CP Limit for a port 207
Configure extended CP limit for a port by performing this procedure.
Prerequisites
• You must enable extended CP Limit at the chassis level before youenable it for a port.
Procedure steps
Step Action
1 On the device, select a port.
2 From the Device Manager menu, select Edit, Port, General –Global Router (vrf 0)....
The Edit Port dialog box appears with the Interface tabdisplayed.
3 Click the CP Limit tab.
4 Select a value for ExtCplimitConf.
5 Configure the threshold for ExtCplimitUtilRate.
6 Click Apply.
--End--
Variable definitionsUse the data in the following table to configure the CP Limit tab.
Variable Value
CpLimitEnable Activates or disables the CP Limit feature.The default is activated.
CpMulticastLimit Configures the multicast control frame rate in arange from 1000–100000 ppsThe default value is 10000.
CpBroadcastLimit Configures the broadcast control frame rate in arange from 1000–100000 pps.The default value is 10000.
AutoRecoverPort Activates or disables auto recovery of the port fromaction taken by CP Limit, link flap, or loop detectfeatures.The default value is disabled.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
208 Chassis operations configuration using Device Manager
Variable Value
ExtCplimitConf Configures the manner in which the individual portparticipates in the Extended CP limit functionality.Select one of the following values for the port:
• None - port is not monitored.
• SoftDown - port belongs to may-go-down portlist.
• HardDown - port belongs to must-go-down portlist.
The default setting is none.
ExtCplimitUtilRate Configures the threshold percentage, from1–100, at which bandwidth utilization triggers themonitoring algorithm.The default value is 50.
Configuring loop detectConfigure loop detect to determine if the same MAC address appears ondifferent ports. Use the optional ARP-Detect feature to account for ARPpackets on IP configured interfaces.
Configure loop detect by performing this procedure.
Procedure steps
Step Action
1 On the device, select a port.
2 From the Device Manager menu, select Edit, Port, General –Global Router (vrf 0)....
The Port dialog box appears with the Interface tab displayed.
3 Click the VLAN tab.
4 Select the LoopDetect box to enable loop detection.
5 If required, select the ArpDetect box.
6 Select the appropriate action.
7 Click Apply.
--End--
Variable definitionsUse the data in the following table to configure the Loop Detect optionson the VLAN tab.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring CP Limit 209
Variable Value
LoopDetect Activates or disables the loop detectfeature for the port.
ArpDetect Activates ARP-Detect.Activate ARP-Detect and loop detecton routed interfaces.
LoopDetectAction Specifies the loop detect action to betaken.• portDown shuts down the port
when the system detects a flappingMAC address
• vlanBlock shuts down the VLANwhen the system detects flappingMAC address
• macDiscard. ARP-Detect does notsupport macDiscard.
Configuring CP LimitCP Limit functionality protects the switch from becoming congested by anexcess of data flowing through one or more ports. Currently the CP Limitfunctionality only protects the switch from broadcast and control traffic witha QoS value of 7.
Configure CP limit by performing this procedure.
Procedure steps
Step Action
1 From the Device Manager menu, select Edit, Port, General –Global Router (vrf 0)....
The Edit Port dialog box appears with the Interface tabdisplayed.
2 Click the CP Limit tab.
3 Select Enable or Disable for the CP Limit option.
4 Enter the multicast control frame rate.
5 Enter the broadcast control frame rate.
6 Click Apply.
--End--
Variable definitionsUse the data in the following table to configure the CP Limit tab.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
210 Chassis operations configuration using Device Manager
Variable Value
CpLimitEnable Activates or disables the CP Limitfeature.The default is activated.
CpMulticastLimit Configures the multicast control framerate in a range from 1000–100000pps.The default is 15000.
CpBroadcastLimit Configures the broadcast control framerate in a range from 1000–100000pps.The default is 10000.
AutoRecoverPort Activates or disables auto recovery ofthe port from action taken by CP Limit,link flap, or loop detect features.The default value is disabled.
ExtCplimitConf Configures the way a port participatesin the Extended CP limit functionality.Select one of the following values forthe port:
• None - port is not monitored.
• SoftDown - port belongs tomay-go-down port list.
• HardDown - port belongs tomust-go-down port list.
ExtCplimitUtilRate Configures the threshold percentage,from 1–100, at which bandwidthutilization triggers the monitoringalgorithm. The default value is 50.
Editing the boot fileEdit the boot file to specify configuration settings such as the boot sourceand order for your switch by performing this procedure.
Procedure steps
Step Action
1 Select a SF/CPU card.
2 From the Device Manager menu bar, choose Edit, Card.
The Card dialog box appears with the Card tab displayed.
3 Click the Boot tab.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Editing the boot file 211
The Boot tab appears.
4 Change the appropriate settings.
5 Click Apply.
--End--
Variable definitionsUse the data in the following table to configure the Card, Boot tab.
Variable Value
SwVersion Specifies the currently running softwareversion
LastBootConfigSource Specifies the boot configuration file used mostrecently
LastRuntimeImageSource Specifies the run-time image loaded mostrecently
LastRuntimeConfigSource Specifies the run-time configuration loadedmost recently
PrimaryImageSource Specifies the primary image source file
PrimaryConfigSource Specifies the primary configuration source file
PrimaryBackupConfigSource Specifies the primary backup configurationsource (safeconfig)
SecondaryImageSource Specifies the secondary image source file
SecondaryConfigSource Specifies the secondary configuration sourcefile
TertiaryImageSource Specifies the tertiary image source file
TertiaryConfigSource Specifies the tertiary configuration source file
MezzImageSource Specifies the SuperMezz configuration sourcefile
EnableAutoBoot Activates the autoboot option.
After you power up the switch, the switch waits5 seconds and then starts.If you set this option to false, the boot processstops at the Boot Monitor.
EnableFactoryDefaults Activates the factory defaults option
EnableDebugMode Activates the debug mode option
EnableHwWatchDogTimer Activates the hardware watchdog timer option
EnableRebootOnError Activates the reboot on error option
EnableTelnetServer Activates the Telnet server option
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
212 Chassis operations configuration using Device Manager
Variable Value
EnableRloginServer Activates the rlogin server option
EnableFtpServer Activates the FTP server option
EnableTftpServer Activates the Trivial File Transfer Protocol(TFTP) server option
EnableSshServer Activates the SSH server option
EnableMezz Activates the SuperMezz option
Enable8616ReAutoneg Activates re-autonegotiation on the EthernetRouting Switch 8616
Editing the management port parametersThe management port on the switch fabric/CPU module is a 10/100 Mb/sEthernet port that you can use for an out-of-band management connectionto the switch.
You can use the Mgmt Port dialog box to specify, among other things,management information for the device and to set device configuration.
If you use Device Manager to configure the static routes of themanagement port, you do not receive a warning if you set a non-naturalmask. After you save the changes to the boot.cfg file, those staticroutes are deleted upon the next restart, possibly causing the loss of IPconnectivity to the management port.
If you are uncertain whether the mask you set is non-natural, use the CLIor NNCLI to configure static routes.
Edit the management port parameter by performing this procedure.
Procedure steps
Step Action
1 Select the management port object.
2 From the Device Manager menu bar, choose Edit, Mgmt Port.
The Mgmt Port dialog box appears with the Mgmt Port-IP tabdisplayed.
3 Modify the appropriate settings.
4 Click Apply.
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Editing the management port CPU route table 213
Variable definitionsUse the data in the following table to configure the Mgmt Port-IP tab.
Variable Value
IfIndex Specifies the slot and port number of the managementport.
Descr Specifies the description of the management port.
AdminStatus Configures the administrative status of the device.
OperStatus Specifies the operational status of the device.
MgmtMacAddr Specifies the MAC address of the management device.
Addr Configures the IP address of the device.
Mask Configures the subnet IP mask.
AutoNegotiate Enables or disables autonegotiate.
AdminDuplex Specifies the administrative duplex mode for themanagement port.
If you change the duplex mode for the managementport, from full to half duplex on a 8649GTR port, thereis a 30 second loss of bidirectional traffic while thesoftware resets.
OperDuplex Specifies the operational duplex configuration for thisport.
AdminSpeed Specifies the administrative speed for this port.
OperSpeed Indicates the operational duplex mode for this port.
EnableBootp Activates or disables BootP.
Editing the management port CPU route tableEdit the management port CPU route table to specify network and gatewayIP addresses used to remotely manage the device.
Open the Mgmt Port Route Table dialog box by performing this procedure.
Procedure steps
Step Action
1 Select the management port object.
2 From the Device Manager menu bar, choose Edit, Mgmt Port.
The Mgmt Port dialog box appears.
3 On the Mgmt Port dialog box, click the CPU Route Table tab.
The CPU Route Table dialog box appears.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
214 Chassis operations configuration using Device Manager
4 On the Mgmt Port, CPU Route Table dialog box, click Insert.
The Mgmt Port Route Table, Insert CPU Route Table dialog boxappears.
5 Enter the new Network and Gateway IP addresses.
6 Click Insert.
--End--
Variable definitionsUse the data in the following table to configure the Mgmt Port, Insert CPURoute Table tab.
Variable Value
Network Specifies the network IP address.
Gateway Specifies the device gateway IP address.
Configuring the management port IPv6 interface parametersConfigure IPv6 management port parameters to use IPv6 routing on theport by performing this procedure.
Procedure steps
Step Action
1 Select the management port object.
2 From the Device Manager menu bar, choose Edit, Mgmt Port.
The Mgmt Port dialog box appears.
3 On the Mgmt Port dialog box, click the Mgmt Port-IPv6Interface tab.
The Mgmt Port-IPv6 Interface tab appears.
4 Click Insert.
The Mgmt Port, Insert Mgmt Port IPv6 Interface dialog boxappears.
5 Edit the fields as required.
6 Click Insert.
7 Click Apply.
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring the management port IPv6 interface parameters 215
Variable definitionsUse the data in the following table to configure the Mgmt Port-IPv6Interface dialog box.
Variable Value
Identifier Configures the IPv6 address interface identifiers.Identifier is a binary string of up to 8 octets innetwork byte-order.
IdentifierLength Specifies the length of the Interface Identifier inbits.
Descr Specifies a textual string containing informationabout the interface.Descr string is also set by the networkmanagement system.
ReasmMaxSize Configures the MTU for this IPv6 interface.This value must be same for all the IP addressesdefined on this interface.The default value is 1500.
IPv6 does not support Jumbo Frames in Release4.1.
AdminStatus Configures the indication of whether IPv6is activated (up) or disabled (down) on thisinterface.This object does not affect the state of theinterface, only the interface connection to an IPv6stack.The default is false.
ReachableTime Configures the time a neighbor is consideredreachable after receiving a reachabilityconfirmation. The value is expressed inmilliseconds in a range from 0–3600000.The default value is 30000.
RetransmitTime Configures the time between retransmissions ofneighbor solicitation messages to a neighbor;during address resolution or neighbor reachabilitydiscovery. The value is expressed in millisecondsin a range from 0–3600000.The default value is 1000.
MulticastAdminStatus Configures the status indication for IPv6multicasting on this interface.The default is false.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
216 Chassis operations configuration using Device Manager
Configuring management port IPv6 addressesConfigure management port IPv6 addresses to add or remove IPv6addresses from the port by performing this procedure.
Nortel supports IPv6 addressing with HTTP, SSH, TELNET, SNMPv3,FTP, RLOGIN, and TFTP access to the switch.
Procedure steps
Step Action
1 In the Device Manager window, select a management port.
2 From the Device Manager toolbar, select Edit, Mgmt Port.
The Mgmt Port dialog box appears with the Mgmt Port-IP tabdisplayed.
3 Click the Mgmt Port-IPv6 Addresses tab.
The Mgmt Port-IPv6 Addresses tab appears.
4 Click Insert.
The Mgmt Port, Insert Mgmt Port-IPv6 Addresses dialog boxappears.
5 In the Addr box, enter the required IPv6 address for themanagement port.
6 In the AddrLen box, enter the number of bits from the IPv6address you want to advertise.
7 Click Insert.
8 Click Apply.
--End--
Variable definitionsUse the data in the following table to configure the Mgmt Port, Insert MgmtPort-IPv6 Addresses dialog box.
Variable Value
Addr Specifies the IPv6 address to which this entryaddressing information pertains.
If the IPv6 address exceeds 116 octets, the objectidentifiers (OIDS) of instances of columns in this rowis more than 128 sub identifiers and you cannot useSNMPv1, SNMPv2c, or SNMPv3 to access them.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring the CPU IPv6 route table 217
Variable Value
AddrLen Specifies the prefix length value for this address.You cannot change the address length after creation.You must provide this field to create an entry in thistable.
Type Specifies Unicast, the only supported type.
Configuring the CPU IPv6 route tableUse the management port for switch connectivity and management. Aswith other ports, you can configure the management port to route IPv6 andconfigure a number of IP addresses on an interface. The switch does notadvertise the management port address to the other ports.
Configure the CPU IPv6 route table by performing this procedure.
Procedure steps
Step Action
1 In the main Device Manager window, select the managementport.
2 From the Device Manager toolbar, select Edit, Mgmt Port.
The Mgmt Port dialog box appears with the Mgmt Port-IP tabdisplayed.
3 Click the CPU IPv6 Route Table tab.
The CPU IPv6 Route Table tab appears.
4 Click Insert.
The Mgmt Port, Insert CPU IPv6 Route Table dialog boxappears.
5 Edit the fields as required.
6 Click Insert.
7 Click Apply.
--End--
Variable definitionsUse the data in the following table to configure the Mgmt Port, Insert CPUIPv6 Route Table dialog box.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
218 Chassis operations configuration using Device Manager
Variable Value
Network Specifies the IPv6 destination address.
GatewayConfigures the gateway as the IPv6 address of themanagement port.
Editing serial port parametersThe serial ports on the switch fabric/CPU module include the modem portand the console port.
Use the Serial Port dialog box to specify serial port communication settingsby performing this procedure.
Procedure steps
Step Action
1 Select the serial port.
2 Perform one of the following actions:
• Double-click the serial port.
• Right-click the serial port and click Edit.
• From the Device Manager menu bar, choose Edit, SerialPort.
• From the Device Manager menu bar, choose Edit, Select All,Serial Ports, and then choose Edit, Serial Port.
• On the Device Manager toolbar, click the Edit Selectedbutton.
The Serial Port dialog box appears .
3 Edit the port parameters as required.
--End--
Variable definitionsUse the data in the following table to configure the Serial Port dialog box.
Variable Value
IfIndex Specifies the slot and port number of the serial port.
Descr Specifies the description of the serial port.
Mode Specifies the mode in which this port operates.The default is ppp.
BaudRate Specifies the baud rate of this port.The default is 9600.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Enabling port lock 219
Variable Value
DataBits Specifies the number of data bits, for each byte of data,this port sends and receives.The default is 7.
MyAddr Specifies this IP address of the port.Use the IP address for both SLIP and PPP modes.
PeerAddr Specifies the peer IP address.Use the peer IP address for both SLIP and PPPmodes.
SlipMtu Specifies the MTU for this port in a range from 0–224.
SlipTxRxCompress Activates or disables compression of TCP/IP packetheaders on this port for SLIP mode only.
SlipRxCompress Activates or disables compression for receiving packetson this port for SLIP mode only.
PppConfigFile Specifies the configuration file to use PPP.
Enabling port lockUse the port lock feature to administratively lock a port or ports to preventother users from changing port parameters or modifying port action. Youcannot modify locked ports until you first unlock the port.
Enable port lock by performing this procedure.
Procedure steps
Step Action
1 From the Device Manager menu bar, choose Security, ControlPath, General.
The Control Path Security dialog box appears with the Port Locktab visible.
2 To enable port lock, select the Enable box.
3 Click Apply.
--End--
Variable definitionsUse the data in the following table to configure the Port Lock tab.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
220 Chassis operations configuration using Device Manager
Variable Value
Enable Activates the port lock feature.
LockedPorts Lists the locked ports.Click the ellipsis (...) button to select the portsyou want to lock or unlock.
Locking a portUse the port lock feature to administratively lock a port or ports to preventother users from changing port parameters or modifying port action. Youcannot modify locked ports until you first unlock the port.
Lock a port by performing this procedure.
Prerequisites
• You must enable port lock before you lock or unlock a port.
Procedure steps
Step Action
1 From the Device Manager menu bar, choose Security, ControlPath, General.
The Control Path Security dialog box appears with the Port Locktab visible.
2 In the LockedPorts box, click the elipsis button.
The PortLockLockedPorts dialog box appears.
3 Click the desired port or ports.
4 Click Ok.
5 On the Port Lock tab, click Apply .
--End--
Variable definitionsUse the data in the following table to configure the Port Lock tab.
Variable Value
Enable Activates the port lock feature.
LockedPorts Lists the locked ports.Click the ellipsis (...) button to select the ports you wantto lock or unlock.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring slot priority 221
Enabling power managementEnable power redundancy to create traps and events after powerconsumption exceeds redundancy capacity by performing this procedure.
Procedure steps
Step Action
1 From the Device Manager menu bar, select Edit, Chassis.
The Chassis dialog box appears with the System tab displayed.
2 Click the Power Management tab.
The Power Management dialog box appears.
3 Select PowerManagementEnable.
4 Select PowerManagementFanCheckEnable.
5 Click Apply.
--End--
Variable definitionsUse the data in the following table to configure the Power Managementtab.
Variable Value
PowerManagementEnable Activates power redundancy to createtraps and events if power consumptionexceeds redundancy capacity.
PowerManagementFanCheckEnable
Enables the fan check.
Configuring slot priorityConfigure slot priority to determine which slots shut down when notenough power is available in the chassis. The slot with the lowest priorityshuts down first. Slots with the same priority shut down by highest slotnumber first.
Configure priority of slots by performing this procedure.
Procedure steps
Step Action
1 In Device Manager, select a card.
2 From the Device Manager menu bar, select Edit, Card.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
222 Chassis operations configuration using Device Manager
3 In the PowerManagementPriority box, select the priority level.
4 Click Apply.
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
223.
Chassis operations configurationusing the CLI
This section provides the details to configure operating modes and basichardware and system settings.
Navigation• “Job aid” (page 224)
• “Enabling M mode” (page 225)
• “Enabling R mode ” (page 226)
• “Enabling enhanced operational mode” (page 227)
• “Enabling global filter ordering” (page 228)
• “Enabling CPU High Availability mode” (page 228)
• “Removing a master CPU with CPU-HA mode activated” (page 231)
• “Enabling jumbo frames” (page 231)
• “Reserving records” (page 232)
• “Configuring SLPP” (page 233)
• “Configuring SLPP on a port” (page 234)
• “Viewing SLPP information” (page 235)
• “Viewing SLPP information for a port” (page 236)
• “Configuring Extended CP Limit on the chassis” (page 236)
• “Configuring Extended CP Limit on a port” (page 238)
• “Configuring loop detect” (page 239)
• “Configuring CP Limit” (page 240)
• “Enabling power management” (page 241)
• “Configuring slot priority” (page 241)
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
224 Chassis operations configuration using the CLI
Job aidThe following table lists the commands and their parameters that you useto complete the procedures in this section.
Table 26Job aid
Command Parameter
<enable|disable>
multicast-limit <value>
config ethernet <slot/port> cp-limit
broadcast-limit <value>
<None|SoftDown|HardDown>config ethernet <ports> ext-cp-limit
threshold-util-rate <value>
<enable|disable>
action <value>
arp-detect
config ethernet <port> loop-detect
<enable|disable>
info
packet-rx <enable|disable>
config ethernet <portlist> slpp
packet-rx-threshold <integer>
config mac-flap-time-limit <10–5000milliseconds>
add <vid>
etherType <pid>
info
operation enable
remove <vid>
config slpp
tx-interval <integer>
<enable|disable>
info
max-ports-to-check <number of ports>
min-congestion-time <time in msec>
port-congestion-time <time in sec>
config sys ext-cp-limit extcplimit
trap-level <Normal|Verbose|None>
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Enabling M mode 225
Command Parameter
m-mode <true|false>
r-mode <true|false>
enhanced-operational-mode <true|false>
global-filter-ordering <true|false>
info
multicast-check-packet <true|false>
config sys set flags
vlan-optimization-mode <true|false>
fan-check-enable <true|false>
info
power-check-enable <true|false>
config sys set power
slot-priority <slot> <criticial|high|low>
config sys set mtu <bytes>
filter <value>
info
ipmc <value>
local <value>
mac <value>
static-route <value>
config sys set record-reservation
vrrp <value>
Enabling M modeEnable M mode to support up to 128000 table entries in the system byperforming this procedure.
Prerequisites
• M mode supports the Nortel Ethernet Routing Switch 8600 Release 3.xfeature set. Full support of M mode requires the following configurationconditions:
— The chassis must include at least one 8691 or 8692 SF/CPUmodule.
— All modules installed in the chassis must be M, R, or RS modules,which are capable of supporting 128000 table entries.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
226 Chassis operations configuration using the CLI
— M modules require Nortel Ethernet Routing Switch 8600 Release3.3 or later.
— You must understand how the modules installed in the chassisaffects the operating mode of the switch.
ATTENTIONIf M mode is activated, any E modules present in the chassis aredisabled. This protects the system forwarding tables from lost entries.
• M mode and R mode cannot be activated at the same time.
Procedure steps
Step Action
1 Enable M mode by using the following command:
config sys set flags m-mode true
2 Save the configuration.
3 Restart the switch.
--End--
Enabling R modeEnable R mode to support 256000 IP routes. R mode supports theEthernet Routing Switch 8600 Release 4.0 and later feature sets.
Enable R mode by performing this procedure.
ATTENTIONIf you use 8691 SF/CPU modules in your switch and you attempt to activate246000 IP routes features using the command line interface (CLI), the followingerror message appears: This feature will not be enabled with 8691SF/CPU cards.
Prerequisites
• Full support of R mode requires the following configuration conditions:
— The system must include R or RS modules only.
— The system must include at least one 8692 SF/CPU module. R andRS modules do not start with the 8691 SF/CPU modules (see thefollowing exception).
The 8648GTR module operates with 8691 and 8692 SF/CPUmodules. To support the 8648GTR with the 8691 SF/CPU, theSF/CPU must be configured with 256MB Synchronous Dynamic
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Enabling enhanced operational mode 227
Random Access Memory (SDRAM) (the 8692 SF/CPU shipsstandard with 256MB SDRAM). A system with 8691 SF/CPUconfigured with 256MB SDRAM and only 8648GTR interfacemodules meets the conditions for R mode.
— When you configure an Ethernet Routing Switch 8600 system,you consider total power-consumption to ensure propersystem performance. The total input power-consumption ofthe components (modules and fan trays) must not exceed theoutput power rating of the power supply. See your power supplydocument for power supply specifications. For input powerconsumption information, see Nortel Ethernet Routing Switch 8600Installation — Chassis (NN46205-303).
• R mode and M mode cannot be activated at the same time.
Procedure steps
Step Action
1 Enable R mode by using the following command:
config sys set flags r-mode true
The following warning message appears:
Warning: The change made will take effect only after theconfiguration is saved and the full chassis is rebooted.This feature is not applicable to 8690SF/CPU cards.All non-RSP Cards will be taken off-line if r-mode isenabled.
2 Save the configuration.
3 Restart the switch.
--End--
Enabling enhanced operational modeEnable enhanced operational mode to increase the maximum numberof virtual LANs (VLAN) if you use MultiLink Trunking (MLT) and SplitMultiLink Trunking (SMLT) by performing this procedure.
Procedure steps
Step Action
1 Enable enhanced operational mode by using the followingcommand:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
228 Chassis operations configuration using the CLI
config sys set flags enhanced-operational-mode true
2 Save the configuration.
3 Restar the switch.
--End--
Enabling global filter orderingEnable the ordering of global filters.
By default, the system stores global filters in the hardware records in theorder that they are applied.
If you enable the ordering of global filters, the system stores global filtersin ascending order by identification number—assign a lower ID number toa global filter so that it is used first; assign a higher ID number to a lessspecific filter.
Enable order of global filter by performing this procedure.
Prerequisites
• Global filter ordering is supported on classic modules only; this featureis not applicable to R or RS modules.
Procedure steps
Step Action
1 Enable global filter ordering by using the following command:
config sys set flags global-filter-ordering true
2 Save the configuration.
3 Restart the switch.
--End--
Enabling CPU High Availability modeCPU high-availability (HA) mode enables switches with two CPUs torecover quickly from a failure of the master SF/CPU.
Use the procedure in this section to enable CPU HA mode.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Enabling CPU High Availability mode 229
Procedure steps
Step Action
1 To enable HA mode, enter the following boot flag command onthe master SF/CPU:
config bootconfig flags ha-cpu true
After enabling HA mode on the master SF/CPU, the secondarySF/CPU automatically resets to load settings from itspreviously-saved boot configuration file. You must manuallyreset the primary SF/CPU while the secondary SF/CPU isbooting.
ATTENTIONFailure to manually boot the primary CPU before the secondaryfinishes booting can lead to system instability. Traffic is interruptedwhen the master is manually reset.
CAUTIONEnabling the HA mode can cause certain features tobecome disabled. See the Release Notes for yoursoftware version for details on HA mode specificinformation.
--End--
Table 15 "Release 3.5 and later synchronization capabilities in HA mode "(page 154) shows which features are supported in each release.
Job aidSee the following sample output for the messages the switch returns whenyou enable HA mode using CLI:
ERS-8610:6# config bootconfig flags ha-cpu trueSave bootconfig to file /flash/boot.cfg successful.Boot configuration is being saved on secondary CPUYou need to reset the secondary CPU for the change to take effect!!Do you want to restart the secondary CPU now (y/n) ? y
ATTENTIONThe preceding autosave of the boot configuration file occurs because thesavetostandby flag is enabled. If this flag is not enabled, a manual save of theboot configuration file on the secondary SF/CPU is required.
Answering the user prompt with a "y" causes the secondary SF/CPU toreset itself automatically, and that secondary SF/CPU restarts with HAmode enabled. You must manually reset the master SF/CPU immediately
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
230 Chassis operations configuration using the CLI
(before the secondary CPU completes reset). Resetting the primary CPUcauses an interruption to traffic. After the reset completes successfully,the CPUs reverse roles (the CPU that was the primary CPU before resetbecomes the secondary CPU and the CPU that was secondary beforereset becomes the primary CPU).
Disabling CPU High Availability modeUse the procedure in this section to disable CPU HA mode.
Procedure steps
Step Action
1 To disable HA mode, enter the following boot flag command onthe master SF/CPU:
config bootconfig flags ha-cpu false
After disabling HA mode on the master SF/CPU, the secondarySF/CPU automatically resets to load settings from itspreviously-saved boot configuration file. You must manuallyreset the primary SF/CPU while the secondary SF/CPU isbooting.
ATTENTIONFailure to manually boot the primary CPU before the secondaryfinishes booting can lead to system instability. Traffic is interruptedwhen the master is manually reset.
--End--
Job aidSee the following sample output for the messages the switch returns whenyou disable HA mode using CLI:
ERS-8610:5(config)#config bootconfig flags ha-cpu false
Save bootconfig to file /flash/boot.cfg successful.Save to slave file /flash/boot.cfg successful.CPU5 [02/12/09 15:14:44] SNMP INFO Save to slave file/flash/boot.cfg successful.Boot configuration is being saved on both master and slave.CPU5 [02/12/09 15:14:44] SNMP INFO Save boot successful.
You need to reset the master for the changes to take effect.Resetting Slave CPU from Master CPU.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Enabling jumbo frames 231
Removing a master CPU with CPU-HA mode activatedProperly remove the master SF/CPU to avoid loss of traffic if CPU-HA isactivated by performing this procedure.
Procedure steps
Step Action
1 Software reset the master SF/CPU, which becomes the standby.
2 Remove what is now the standby SF/CPU.
The master is removed. Because CPU-HA is activated, no trafficdata is lost during reset.
ATTENTIONReinserting an SF/CPU module before the HA-activated CPUbecomes the master SF/CPU can cause the master SF/CPU toremain in a booting state.
--End--
Enabling jumbo framesEnable jumbo frames to increase the size of Ethernet frames supported onthe chassis by performing this procedure.
Procedure steps
Step Action
1 Enable jumbo frames by using the following command:
config sys set mtu <bytes>
--End--
Variable definitionsUse the data in the following table to configure the config sys set mtucommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
232 Chassis operations configuration using the CLI
Variable Value
<bytes> The control plane (CPU, CPP) doesnot support Jumbo frames, but canlearn properly when you use Jumboframes.You can use mtu <bytes> to activateJumbo frame support for the datapath.• bytes is the Ethernet Frame size,
either 1522, 1950 (default), or 9600bytes. Settings of either 1950 or9600 bytes activate Jumbo framesupport.
Jumbo frame support is activated bydefault.
Reserving recordsReserve records to change the number of hardware records available foreach record type by performing this procedure.
Prerequisites
• You can reserve records only on modules E and M.
Procedure steps
Step Action
1 At the prompt, enterconfig sys set record-reservation [filter<value>|info|ipmc <value>|local <value>|mac<value>|static-route <value>|vrrp <value>]
--End--
Variable definitionsUse the data in the following table to configure config sysrecord-reservation.
Variable Value
filter <value> Configure reservation for filter record type.Enter a filter value between 1025 and 8192.The default value is 4096.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring SLPP 233
Variable Value
info Show current level parameter settings and nextlevel directories.
ipmc <value> Configure reservation for ipmc record type.Enter an ipmc value between 0 and 8000.The default value is 500.
local <value Configure reservation for local record type.Enter a local value between 0 and 16000.The default value is 2000.
mac <value> Configure reservation for mac record type.Enter a mac value between 0 and 200000.The default value is 2000.
static-route <value> Configure reservation for static-route recordtype.Enter a route value between 0 and 1000.The default value is 200.
vrrp <value> Configure reservation for vrrp record type.Enter a vrrp value between 0 and 510.The default value is 500.
Configuring SLPPEnable the Simple Loop Prevention Protocol (SLPP) globally and ona VLAN to detect a loop and automatically stop it by performing thisprocedure.
Procedure steps
Step Action
1 Enable SLPP by using the following command:
config slpp operation enable
2 Specify the SLPP protocol ID by using the following command:
config slpp etherType <pid>
3 Configure the transmission interval by using the followingcommand:
config slpp tx-interval <integer>
4 Add a VLAN to the transmission list by using the followingcommand:
config slpp add <vid>
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
234 Chassis operations configuration using the CLI
Variable definitionsUse the data in the following table to use the config slpp command.
Variable Value
add <vid> Adds a VLAN to a SLPP transmissionlist.• <vid> is the VLAN ID.
etherType <pid> Specifies the SLPP PDU Ethernettype.• <pid> is the SLPP protocol ID in
hexadecimal format.
info Shows current level parameter settingsand next level directories.
operation <enable|disable> Enables or disables the SLPPoperation.
ATTENTIONIf the SLPP operation is disabled,the system sends no SLPP packetsand discards received SLPPpackets.The SLPP packets transmitand receive process is active only ifthe SLPP operation is enabled.
remove <vid> Removes a VLAN from a SLPPtransmission list.• <vid> is the ID of the VLAN.
tx-interval <integer> Configures the SLPP packet transmitinterval, expressed in milliseconds in arange from 500–5000.• <integer> is the SLPP packet
transmit interval.
The default value is 500.
Configuring SLPP on a portEnable SLPP on a port to detect, and automatically terminate, a loop byperforming this procedure.
ATTENTIONTo provide protection against broadcast and multicast storms, Nortelrecommends that you enable Rate Limiting for broadcast traffic and multicasttraffic.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Viewing SLPP information 235
Procedure steps
Step Action
1 Configure SLPP on a port by using the following command:
config ethernet <portlist> slpp
--End--
Variable definitionsUse the data in the following table to use the config ethernet<portlist> slpp command.
Variable Value
info Shows current level parameter settingsand next level directories.
packet-rx <enable|disable> Activates or disables SLPP packetreception on the listed ports.
packet-rx-threshold <integer> Specifies the threshold for packetreception. The SLPP packet receivethreshold is set to a value (1- 500) thatrepresents the number of SLPP-PDUsthat must be received to shut downthe port. Note that this is a port-levelparameter, therefore if the port istagged, SLPP-PDUs from the variousVLANs increment this single thresholdcounter.
See Table 24 "SLPP recommendedvalues" (page 171) for recommendedvalues in an SMLT environment.
<portlist> Identifies the slot/port.
Viewing SLPP informationUse SLPP information to view simple loop information by performing thisprocedure.
Procedure steps
Step Action
1 View SLPP information by using the following command:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
236 Chassis operations configuration using the CLI
show slpp info
--End--
Viewing SLPP information for a portShow SLPP information for a port so that you can view the loopinformation for a port by performing this procedure.
Procedure steps
Step Action
1 Show the SLPP information for a port or all ports by using thefollowing command.
show ports info slpp [port <slot/port>]
--End--
Variable definitionsUse the data in the following table to help you view the SLPP portinformation.
Variable Value
PORT NUM Specifies the port number.
PKT-RX Specifies whether SLPP is enabled ordisabled.
PKT-RX THRESHOLD Specifies the configured SLPP receivethreshold configured on the port.
INCOMING VLAN ID VLAN Specifies the ID of the classifiedpacket on a port disabled by SLPP.
SLPP PDU ORIGINATOR Specifies the originator of the SLPPPDU.
Configuring Extended CP Limit on the chassisCP Limit functionality protects the switch from becoming congested by anexcess of data flowing through one or more ports. Currently the CP Limitfunctionality only protects the switch from broadcast and control traffic witha QoS value of 7. The Extended CP Limit functionality is configurable andyou can use it to prevent overwhelming the switch.
Configure extended CP Limit on the chassis by performing this procedure.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring Extended CP Limit on the chassis 237
Procedure steps
Step Action
1 Enable Extended CP Limit by using the following command:
config sys ext-cp-limit extcplimit enable
2 Configure additional optional parameters
--End--
Variable definitionsUse the data in the following table to use the config sys ext-cp-limitcommand.
Variable Value
extcplimit <enable|disable>
Configures the extended CP limit.The default is disabled.
info Specifies the current configuration.
max-ports-to-check<number of ports>
Configures the total number of ports tomonitor.
• number of ports is in the range of 0–512.The default is 0.
min-congestion-time<time in msec>
Configures the minimum time for whichtraffic keeps hitting the SF/CPU to trigger thecongestion algorithm.
• time in msec is the time in milliseconds inthe range of 100–600000.The default value is 3000.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
238 Chassis operations configuration using the CLI
Variable Value
port-congestion-time<time in sec>
Configures the time duration for which, if thebandwidth utilization for a monitoring portremains more than the threshold, the port isdisabled.
• time in sec is the time in seconds in therange of 1–600.The default value is 5 seconds.
trap-level <Normal|Verbose|None>
Configures the trap level. The options are:
• Normal–sends a single trap for all the portswhich are disabled.
• Verbose–sends a trap for each of the portswhich is disabled.
• None–no traps are sent.
The default value is None.
Configuring Extended CP Limit on a portCP Limit functionality protects the switch from becoming congested by anexcess of data flowing through one or more ports. Currently the CP Limitfunctionality only protects the switch from broadcast and control traffic witha QoS value of 7. The Extended CP Limit functionality is configurable andyou can use it to prevent overwhelming the switch.
Configure extended CP Limit on a port by performing this procedure.
Procedure steps
Step Action
1 Configure Extended CP Limit on a port by using the followingcommand:
config ethernet <ports> ext-cp-limit <None|SoftDown|HardDown> [threshold-util-rate <value>]
--End--
Variable definitionsUse the data in the following table to use the config ethernetext-cp-limit command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring loop detect 239
Variable Value
<None|SoftDown|HardDown> Indicates the following:• None–the port does not need to be
checked.
• SoftDown–the port belongs to themay-go-down-port-list.
• HardDown–the port belongs to themust-go-down-port-list.
<ports> Specifies a port or list of ports.
threshold-util-rate Specifies the threshold bandwidthutilization rate expressed in per cent ina range from 1–100.The default value is 50.
Configuring loop detectConfigure loop detect to determine if the same MAC address appears ondifferent ports. Use the ARP-Detect feature to account for ARP packetson IP configured interfaces.
Configure loop detect by performing this procedure.
Procedure steps
Step Action
1 Configure loop detect by using the following command:
config ethernet <port> loop-detect <enable|disable>action <value>
2 Configure the interval at which MAC addresses are monitored:
config mac-flap-time-limit <10..5000 milliseconds>
--End--
Variable definitionsUse the data in the following table to use the config ethernetloop-detect command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
240 Chassis operations configuration using the CLI
Variable Value
action <value> Specifies the loop detect action to betaken.• port-down shuts down the port
upon detecting a flapping MACaddress
• vlan-block shuts down the VLANupon detecting a flapping MACaddress
• mac-discard. ARP-Detect does notsupport this action.
arp-detect Activates ARP-Detect.On routed interfaces, activateARP-Detect with loop detect.
<enable|disable> Activates or disables the loop detectfeature for the port.
Configuring CP LimitCP Limit functionality protects the switch from becoming congestedby excess data flowing through one or more ports by performing thisprocedure.
Procedure steps
Step Action
1 Configure CP Limit by using the following command:
config ethernet <slot/port> cp-limit <enable|disable>[multicast-limit <value>] [broadcast-limit <value>]
--End--
Variable definitionsUse the data in the following table to use the config ethernetcp-limit command.
Variable Value
broadcast-limit <value> Configures the broadcast control framerate expressed as pps in a range from1000–100000.The default value is 10000.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring slot priority 241
Variable Value
<enable|disable> Activates or disables the CP Limitfeature.The default is activated.
info Specifies the configured parametersfor CP Limit.The syntax for this command is:config ethernet slot/port info
multicast-limit <value> Configures the multicast control framerate expressed in pps in a range from1000–100000.The default value is 15000.
Enabling power managementEnable power redundancy to create traps and events after powerconsumption exceeds redundancy capacity by performing this procedure.
Procedure steps
Step Action
1 At the prompt, enter config sys set power.
2 Configure power management by using the following command:
power-check-enable true
You must save the run-time configuration and reset the switchfor this change to take effect.
--End--
Configuring slot priorityConfigure slot priority to determine which slots shut down if not enoughpower is available in the chassis. The slot with the lowest priority shutsdown first. Slots with the same priority shut down by highest slot numberfirst.
Configure priority of slots by performing this procedure.
Procedure steps
Step Action
1 Configure slot priority by using the following command:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
242 Chassis operations configuration using the CLI
config sys set power slot-priority <slot> <critical|high|low>
--End--
Variable definitionsUse the data in the following table to use the config sys set powerslot-priority command.
Variable Value
<critical|high|low> Configures the priority for the slot.
slot Specifies the slot for which to set thepriority value.You can configure priority for slots 1–4and 7–10.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
243.
Chassis operations configurationusing the NNCLI
This section provides the details to configure operating modes and basichardware and system settings.
Navigation• “Job aid” (page 244)
• “Enabling M mode ” (page 245)
• “Enabling R mode ” (page 246)
• “Enabling enhanced operational mode” (page 247)
• “Enabling global filter ordering” (page 248)
• “Enabling the CPU High Availability mode” (page 248)
• “Removing a master SF/CPU with CPU-HA mode activated” (page251)
• “Enabling jumbo frames” (page 252)
• “Reserving records” (page 253)
• “Configuring SLPP” (page 254)
• “Configuring SLPP on a port” (page 256)
• “Viewing SLPP information” (page 257)
• “Viewing SLPP information for a port” (page 257)
• “Configuring Extended CP Limit on the chassis” (page 258)
• “Configuring Extended CP Limit on a port” (page 260)
• “Configuring loop detect” (page 261)
• “Configuring CP Limit” (page 262)
• “Enabling power management” (page 263)
• “Configuring slot priority” (page 263)
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
244 Chassis operations configuration using the NNCLI
Job aidThe following table lists the commands and their parameters that you useto complete the procedures in this section.
Table 27Job aid
Command Parameter
Global Configuration mode
boot config flags ha-cpu
mac-flap-time-limit <10–5000milliseconds>
enable
ethertype
operation
tx-interval
slpp
vid
max-ports-to-check <value>
min-congestion-time <time>
port-congestion-time <time>
sys ext-cp-limit
trap-level <dummy|None|Normal|Verbose>
enhanced-operational-mode
global-filter-ordering
multicast-check-packet
m-mode
r-mode
sys flags
vlan-optimization-mode
sys mtu <bytes>
sys power
sys power slot-priority <1–10> critical|high|low
filter <value>
ipmc <value>
local <value>
mac <value>
static-route <value>
sys record-reservation
vrrp <value>
Interface Configuration mode
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Enabling M mode 245
Command Parameter
broadcast-limit <value>cp-limit port
multicast-limit <value>
<None|SoftDown|HardDown>ext-cp-limit port <PortList>
threshold-util-rate <value>
action <mac-discard|port-down|vlan-block>
loop-detect
arp-detect
packet-rx
packet-rx-threshold <1-500>
slpp port <portlist>
port <portlist>
Privileged EXEC mode
show slpp interface
GigabitEthernet <slot/port>
Fastethernet <slot/port>
Enabling M modeEnable M mode to support up to 128 000 table entries in the system byperforming this procedure.
Prerequisites
• M mode supports the Nortel Ethernet Routing Switch 8600 Release 3.xfeature set. Full support of M mode requires the following configurationconditions:
— The chassis must include at least one 8691 or 8692 SF/CPUmodule.
— All modules installed in the chassis must be M, R, or RS modules,which are capable of supporting 128 000 table entries.
— M modules require Nortel Ethernet Routing Switch 8600 Release3.3 or later.
— You must understand how the modules installed in the chassisaffects the operating mode of the switch.
ATTENTIONIf M mode is activated, any E modules present in the chassis aredisabled. This protects the system forwarding tables from lost entries.
• M mode and R mode cannot be activated at the same time.
• You must log on to the Global Configuration mode in the NNCLI.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
246 Chassis operations configuration using the NNCLI
Procedure steps
Step Action
1 Enable M mode by using the following command:
sys flags m-mode
2 Save the configuration.
3 Restart the switch.
--End--
Enabling R modeEnable R mode to support 256000 IP routes. R mode supports the NortelEthernet Routing Switch 8600 Release 4.0 and later feature sets.
Enable R mode by performing this procedure.
ATTENTIONIf you use 8691 SF/CPU modules in your switch and you attempt to activate246000 IP routes features using the NNCLI, the following error messageappears: This feature will not be enabled with 8691 SF/CPU cards.
Prerequisites
• Full support of R mode requires the following configuration conditions:
— The system must include R or RS modules only.
— The system must include at least one 8692 SF/CPU module. R andRS modules do not start with the 8691 SF/CPU modules (see thefollowing exception).
The 8648GTR module operates with 8691 and 8692 SF/CPUmodules. To support the 8648GTR with the 8691 SF/CPU, theSF/CPU must be configured with 256MB Synchronous DynamicRandom Access Memory (SDRAM) (the 8692 SF/CPU shipsstandard with 256MB SDRAM). A system with 8691 SF/CPUconfigured with 256MB SDRAM and only 8648GTR interfacemodules meets the conditions for R mode.
— When configuring an Ethernet Routing Switch 8600 system,you consider total power-consumption to ensure propersystem performance. The total input power-consumption ofthe components (modules and fan trays) must not exceed theoutput power rating of the power supply. See your power supplydocument for power supply specifications. For input power
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Enabling enhanced operational mode 247
consumption information, see Nortel Ethernet Routing Switch 8600Installation — Chassis (NN46205-303).
• R mode and M mode cannot be activated at the same time.
• You must log on to the NNCLI Global Configuration mode.
Procedure steps
Step Action
1 Enable R mode by using the following command:
sys flags r-mode
The following warning message appears:
Warning: The change made will take effect only after theconfiguration is saved and the full chassis is rebooted.This feature is not applicable to 8690SF/CPU cards.All non-RSP Cards will be taken off-line if r-mode isenabled.
2 Save the configuration.
3 Restart the switch.
--End--
Enabling enhanced operational modeEnable enhanced operational mode to increase the maximum numberof virtual LANs (VLAN) if you use MultiLink Trunking (MLT) and SplitMultiLink Trunking (SMLT) by performing this procedure.
Prerequisites
• You must log on to the NNCLI Global Configuration mode.
Procedure steps
Step Action
1 Enable enhanced operational mode by using the followingcommand:
sys flags enhanced-operational-mode
2 Save the configuration.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
248 Chassis operations configuration using the NNCLI
3 Restart the switch.
--End--
Enabling global filter orderingEnable the ordering of global filters. By default, global filters are stored inthe hardware records in the order that they are applied. When you enablethe ordering of global filters, global filters are stored in the order of theirIDs. To ensure that a global filter is used first, you need to assign a lowerID to that filter; or assign a higher ID to a less specific filter.
Enable order of global filter by performing this procedure.
ATTENTIONGlobal filter ordering is supported only on classic modules; this feature is notapplicable to R or RS modules.
Prerequisites
• You must log on to the NNCLI Global Configuration mode.
Procedure steps
Step Action
1 Enable global filter ordering by using the following command:
sys flags global-filter-ordering true
2 Save the configuration.
3 Restart the switch.
--End--
Enabling the CPU High Availability modeCPU high-availability (HA) mode enables switches with two CPUs torecover quickly from a failure of the master SF/CPU.
Use the procedure in this section to enable CPU HA mode.
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Enabling the CPU High Availability mode 249
Procedure steps
Step Action
1 To enable HA mode, enter the following boot flag command onthe master SF/CPU:
boot config flags ha-cpu
After enabling HA mode on the master SF/CPU, the secondarySF/CPU automatically resets to load settings from itspreviously-saved boot configuration file. You must manuallyreset the primary SF/CPU while the secondary SF/CPU isbooting.
ATTENTIONFailure to manually boot the primary CPU before the secondaryfinishes booting can lead to system instability. Traffic is interruptedwhen the master is manually reset.
CAUTIONEnabling the HA mode can cause certain features tobecome disabled. See the Release Notes for yoursoftware version for details on HA mode specificinformation.
--End--
Table 15 "Release 3.5 and later synchronization capabilities in HA mode "(page 154) shows which features are supported in each release.
Job aidSee the following sample output for the messages while enabling the HAmode using NNCLI:
ERS-8610:6(config)#boot config flags ha-cpu
The config files on the Master and Slave will be overwritten withthe current active configuration.Note:-POS/ATM card not supported in HA mode.-IPX will be disabled globally.-Layer 2/3 features except IPX will be enabled in L2/L3redundancy mode.
Do you want to continue (y/n) ? ySave bootconfig to file /flash/boot.cfg successful.Save to slave file /flash/boot.cfg successful.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
250 Chassis operations configuration using the NNCLI
CPU6 [02/02/09 12:41:33] SNMP INFO Save to slave file/flash/boot.cfg successful.CPU6 [02/02/09 12:41:33] SNMP INFO Save boot successful.
Boot configuration is being saved on both master and slave.Save config to file /flash/config.cfg successful.Save to slave file /flash/config.cfg successful.CPU6 [02/02/09 12:41:37] SNMP INFO Save config successful.
Runtime configuration is being saved on master and slave.
You need to reset the master for the changes to take effect.Resetting Slave CPU from Master CPU.
ATTENTIONThe preceding autosave of the boot configuration file occurs because thesavetostandby flag is enabled. If this flag is not enabled, a manual save of theboot configuration file on the secondary SF/CPU is required.
Answering the user prompt with a "y" causes the secondary SF/CPU toreset itself automatically, and that secondary SF/CPU restarts with HAmode enabled. You must manually reset the master SF/CPU immediately(before the secondary CPU completes reset). Resetting the primary CPUcauses an interruption to traffic. After the reset completes successfully,the CPUs reverse roles (the CPU that was the primary CPU before resetbecomes the secondary CPU and the CPU that was secondary beforereset becomes the primary CPU).
Disabling CPU High Availability modeUse the procedure in this section to disable CPU HA mode.
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 To disable HA mode, enter the following boot flag command onthe master SF/CPU:
no boot config flags ha-cpu
After disabling HA mode on the master SF/CPU, the secondarySF/CPU automatically resets to load settings from itspreviously-saved boot configuration file. You must manuallyreset the primary SF/CPU while the secondary SF/CPU isbooting.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Removing a master SF/CPU with CPU-HA mode activated 251
ATTENTIONFailure to manually boot the primary CPU before the secondaryfinishes booting can lead to system instability. Traffic is interruptedwhen the master is manually reset.
--End--
Job aidSee the following sample output for the messages the switch returns whenyou disable HA mode using NNCLI:
ERS-8610:5(config)#no boot config flags ha-cpu
Note:-savetostandby flag is TRUE. Modify the same if required.
Save bootconfig to file /flash/boot.cfg successful.Save to slave file /flash/boot.cfg successful.
Boot configuration is being saved on both master and slave.CPU5 [02/02/09 12:30:19] SNMP INFO Save to slave file/flash/boot.cfg successful.CPU5 [02/02/09 12:30:19] SNMP INFO Save boot successful.You need to reset the master for the changes to take effect.Resetting Slave CPU from Master CPU.
Removing a master SF/CPU with CPU-HA mode activatedProperly remove the master SF/CPU to avoid loss of traffic if CPU-HA isactivated by performing this procedure.
Prerequisites
• You must log on to the NNCLI Global Configuration mode.
Procedure steps
Step Action
1 Software reset the master SF/CPU to becomes the standby.
2 Remove the standby SF/CPU.
The master is removed. Because CPU-HA is activated, no trafficdata is lost during reset.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
252 Chassis operations configuration using the NNCLI
ATTENTIONReinserting a SF/CPU module before the HA-activated SF/CPUbecomes the master SF/CPU can cause the master SF/CPU toremain in a booting state.
--End--
Enabling jumbo framesEnable jumbo frames to increase the size of Ethernet frames supported onthe chassis by performing this procedure.
Prerequisites
• You must log on to the NNCLI Global Configuration mode.
Procedure steps
Step Action
1 Enable jumbo frames by using the following command:
sys mtu <bytes>
--End--
Variable definitionsUse the data in the following table to configure the sys mtu command.
Variable Value
<bytes> The control plane (CPU, CPP) doesnot support Jumbo frames, but canlearn properly when you use Jumboframes.You can use mtu <bytes> to activateJumbo frames support for the datapath.• bytes is the Ethernet Frame size,
either 1522, 1950 (default), or 9600bytes. Settings of either 1950 or9600 bytes activate Jumbo framesupport.
Jumbo frame support is activated bydefault.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Reserving records 253
Reserving recordsReserve records to change the number of hardware records available foreach record type by performing this procedure.
Prerequisites
• You can reserve records only on modules E and M.
• You must use this command in the NNCLI Global configurationcommand mode.
Procedure steps
Step Action
1 At the Global configuration prompt, entersys record-reservation [filter <value>|ipmc<value>|local <value>|mac <value>|static-route<value>|vrrp <value>]
--End--
Variable definitionsUse the data in the following table to configure sys record-reservation.
Variable Value
filter <value> Configure reservation for filter record typeexpressed in a range from 1025–8192.The default value is 4096
ipmc <value> Configure reservation for ipmc record typeexpressed as an ipmc value in a range from0–8000.The default value is 500.
local <value Configure reservation for local record typeexpressed as a local value in a range from0–16000.The default value is 2000.
mac <value> Configure reservation for mac record typeexpressed as a mac value in a range from0–200000.The default value is 2000.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
254 Chassis operations configuration using the NNCLI
Variable Value
static-route <value> Configure reservation for static-route recordtype expressed as a route value in a range from0–1000.The default value is 200.
vrrp <value> Configure reservation for vrrp record typeexpressed as a vrrp value from 0–510.The default value is 500.
Job aidAfter you enter the show sys record-reservation command, thesystem displays the HW Record Reservation table. The following tableexplains the column headings in the HW Record Reservation table.
Column heading Description
Record Type Identifies the record type as follows:• filter
• ipmc
• local
• mac
• static-route
• vrrp
Reserved Specifies the number of hardware recordsreserved for the record type.
Used Specifies the number of hardware recordsactually used by the record type.
New-Reserved Specifies the number of hardware recordsreserved for this record type after a switch resetif you save the current configuration.
Def-Reserved Specifies the number of hardware recordsreserved for this record type after a switch resetif you use the factory default configuration.
Configuring SLPPEnable the Simple Loop Prevention Protocol (SLPP) globally and ona VLAN to detect a loop and automatically stop it by performing thisprocedure.
Prerequisites
• You must log on to the NNCLI Global Configuration mode.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring SLPP 255
Procedure steps
Step Action
1 Enable SLPP by using the following command:
slpp operation
2 Specify the PDU Ether type by using the following command:
slpp ethertype <pid>
3 Configure the transmission interval by using the followingcommand:
slpp tx-interval <integer>
4 Add a VLAN to the transmission list by using the followingcommand:
slpp <vid>
--End--
Variable definitionsUse the data in the following table to use the slpp command.
Variable Value
ethertype <pid> Specifies the SLPP PDU Ethernettype.• <pid> is the SLPP protocol ID
expressed as an integer from1–65535.
To set this option to the default value,use the default operator with thecommand.
operation Enables or disables the SLPPoperation.
You must enable the SLPP operationto enable the SLPP packet transmitand receive process.
If you disable the SLPP operation, thesystem sends no SLPP packets anddiscards received SLPP packets.
To set this option to the default value,use the default operator with thecommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
256 Chassis operations configuration using the NNCLI
Variable Value
tx-interval <integer> Configures the SLPP packet transmitinterval.• <integer> is the SLPP packet
transmit interval expressed inmilliseconds in a range from500–5000.
The default value is 500.To set this option to the default value,use the default operator with thecommand.
<vid> Adds a VLAN to a SLPP transmissionlist.• <vid> is the VLAN ID expressed in
a range from 1–4095.
Use the no operator to remove thisconfiguration.
Configuring SLPP on a portEnable SLPP by port to detect a loop and automatically stop it byperforming this procedure.
ATTENTIONTo provide protection against broadcast and multicast storms, Nortelrecommends that you enable Rate Limiting for broadcast traffic and multicasttraffic.
Prerequisites
• You must log on to the NNCLI FastEthernet or GigabitEthernetInterface Configuration mode.
Procedure steps
Step Action
1 Configure SLPP on a port by using the following command:
slpp port <portlist> [packet-rx] [packet-rx-threshold<1-500>]
--End--
Variable definitionsUse the data in the following table to use the slpp port command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Viewing SLPP information for a port 257
Variable Value
packet-rx Activates SLPP packet reception onthe listed ports.To set this option to the default value,use the default operator with thecommand.
packet-rx-threshold <1-500> Specifies the threshold for packetreception. The SLPP packet receivethreshold is set to a value (1- 500) thatrepresents the number of SLPP-PDUsthat must be received to shut downthe port. Note that this is a port-levelparameter, therefore if the port istagged, SLPP-PDUs from the variousVLANs increment this single thresholdcounter.
See Table 24 "SLPP recommendedvalues" (page 171) for recommendedvalues in an SMLT environment.
<portlist> Identifies the slot/port.
Viewing SLPP informationUse SLPP information to view loop information by performing thisprocedure.
Prerequisites
• You must log on to the NNCLI Privileged EXEC mode.
Procedure steps
Step Action
1 View SLPP information by using the following command:
show slpp
--End--
Viewing SLPP information for a portShow SLPP information for a port so that you can view the loopinformation for a port by performing this procedure.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
258 Chassis operations configuration using the NNCLI
Prerequisites
• You must log on to the NNCLI Privileged EXEC mode.
Procedure steps
Step Action
1 View SLPP information for a port by using the followingcommand:
show slpp interface
--End--
Configuring Extended CP Limit on the chassisCP Limit functionality protects the switch from becoming congested byexcess data flowing through one or more ports.You can configure the Extended CP Limit functionality to prevent theswitch from being overwhelmed.
Currently the CP Limit functionality only protects the switch from broadcastand control traffic with a QoS value of 7.
Configure extended CP Limit on the chassis by performing this procedure.
Prerequisites
• You must log on to the NNCLI Global Configuration mode.
Procedure steps
Step Action
1 Configure Extended CP Limit by using the following command:
sys ext-cp-limit [max-ports-to-check <value>][min-congestion-time <time>] [port-congestion-time<time>] [trap-level <dummy|None|Normal|Verbose>]
--End--
Variable definitionsUse the data in the following table to use the sys ext-cp-limitcommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring Extended CP Limit on the chassis 259
Variable Value
max-ports-to-check<number of ports>
Configures the total number of ports tomonitor.
• number of ports is expressed in a rangefrom 0–512.The default value is 0.
To set this option to the default value, use thedefault operator with the command.
min-congestion-time<time in msec>
Configures the minimum time required totrigger the congestion algorithm (while trafficcontinues to hit the SF/CPU).
• time in msec is expressed milliseconds ina range from 100–600000.The default value is 300.
To set this option to the default value, use thedefault operator with the command.
port-congestion-time<time in sec>
Specifies the duration that the monitoring portbandwidth utilization can exceed thresholdbefore the system disables the port.
• time in sec is expressed in a range from1–600.The default value is 5.
To set this option to the default value, use thedefault operator with the command.
trap-level <dummy|None|Normal|Verbose>
Configures the trap level.Trap levels are:
• dummy
• None–no traps are sent
• Normal–sends a single trap for all disabledports
• Verbose–sends a trap for each disabledport
The default value is None.
To set this option to the default value, use thedefault operator with the command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
260 Chassis operations configuration using the NNCLI
Configuring Extended CP Limit on a portCP Limit functionality protects the switch from becoming congestedby excess data flowing through one or more ports. You can configureExtended CP Limit functionality to prevent excess data from overwhelmingthe switch.
Configure extended CP Limit on a port by performing this procedure.
Prerequisites
• You must log on to theNNCLI FastEthernet or GigabitEthernet Interfaceconfiguration mode.
Procedure steps
Step Action
1 Configure Extended CP Limit on a port by using the followingcommand:
ext-cp-limit port <PortList> <None|SoftDown|HardDown>[threshold-util-rate <value>]
--End--
Variable definitionsUse the data in the following table to use the ext-cp-limit command.
Variable Value
<None|SoftDown|HardDown> Specifies port status as follows:• None–the port does not need to be
checked.
• SoftDown–the port belongs to themay-go-down-port-list.
• HardDown–the port belongs to themust-go-down-port-list.
port <PortList> Specifies a port or list of ports.
threshold-util-rate Specifies the threshold bandwidthutilization expressed as per cent in arange from 1–100.The default value is 50.To set this option to the default value,use the default operator with thecommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring loop detect 261
Configuring loop detectConfigure loop detect to determine if the same MAC address appears ondifferent ports. Use the ARP-Detect feature to account for ARP packetson IP configured interfaces.
Configure loop detect by performing this procedure.
Prerequisites
• To use the loop-detect command, you must log on to the FastEthernetor GigabitEthernet Interface Configuration mode.
• Complete the remainder of the procedure in Global Configurationmode.
• On routed interfaces you must activate ARP-Detect with loop detect.
Procedure steps
Step Action
1 Configure loop detect by using the following command:
loop-detect action <mac-discard|port-down|vlan-block>arp-detect
2 Exit to Global Configuration mode:
exit
3 Configure the interval at which MAC addresses are monitored:
mac-flap-time-limit <10–5000 milliseconds>
--End--
Variable definitionsUse the data in the following table to use the loop-detect command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
262 Chassis operations configuration using the NNCLI
Variable Value
action <mac-discard|port-down|vlan-block>
Specifies the loop detect action to betaken.• port-down shuts down the port if
the system detects a flapping MACaddress
• vlan-block shuts down the VLAN ifthe system detects a flapping MACaddress
• mac-discard. ARP-Detect does notsupport this action.
arp-detect Activates ARP-Detect.
Configuring CP LimitCP Limit functionality protects the switch from becoming congestedby excess data flowing through one or more ports by performing thisprocedure.
Prerequisites
• You must log on to the NNCLI FastEthernet or GigabitEthernetInterface Configuration mode.
Procedure steps
Step Action
1 Configure CP Limit by using the following command:
cp-limit port [multicast-limit <value>] [broadcast-limit <value>]
--End--
Variable definitionsUse the data in the following table to use the cp-limit command.
Variable Value
broadcast-limit <value> Configures the broadcast control framerate expressed as pps in a range from1000–100000.The default value is 10000.To set this option to the default value,use the default operator with thecommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring slot priority 263
Variable Value
multicast-limit <value> Configures the multicast control framerate expressed as pps in a range from1000–100000.The default is 15000.To set this option to the default value,use the default operator with thecommand.
port Specifies a port or list of ports.To set this option to the default value,use the default operator with thecommand.
Enabling power managementEnable power redundancy to create traps and events after powerconsumption exceeds redundancy capacity by performing this procedure.
Prerequisites
• You must log on to the NNCLI Global Configuration mode.
Procedure steps
Step Action
1 Enable power management by using the following command:
sys power
--End--
Configuring slot priorityConfigure slot priority to determine which slots shut down if insufficientpower is available in the chassis.The slot with the lowest priority shuts down first.Slots with the same priority shut down in descending order (highest slotnumber first).
Configure priority of a slot by performing this procedure.
Prerequisites
• You must log on to the NNCLI Global Configuration mode.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
264 Chassis operations configuration using the NNCLI
Procedure steps
Step Action
1 Configure slot priority by using the following command:
sys power slot-priority <1–10> {critical|high|low}
--End--
Variable definitionsUse the data in the following table to use the sys power slot-prioritycommand.
Variable Value
critical|high|low Specifies slot priority.
1–10 Designates the slot for priority setting.You can configure priority for slots 1–4and 7–10.To set this option to the default value,use the default operator with thecommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
265.
Hardware status using Device ManagerThis sections provides methods to check the status of basic hardwareinstalled in the chassis.
Hardware status navigation• “Viewing card information” (page 265)
• “Viewing fan details” (page 266)
• “Viewing MDA parameters” (page 267)
• “Viewing power supply parameters” (page 268)
Viewing card informationView the administrative status for all input/output (I/O) cards except theSF/CPU card.
Procedure steps
Step Action
1 Select one or more modules.
2 Do one of the following:
• Double-click the module.
• Right-click the module. On the shortcut menu, choose Edit.
• From the Device Manager menu bar, choose Edit, Card.
• From the Device Manager menu bar, choose Edit, Select All,Cards, and then choose Edit, Card.
• On the Device Manager toolbar, click Edit Selected.
The Card dialog box appears with the Card tab displayed.
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
266 Hardware status using Device Manager
Variable definitionsUse the data in the following table to use the Card, Card tab.
Variable Value
FrontTypeBackType
Indicates card types in the Ethernet RoutingSwitch 8600.Front refers to the I/O portion of the module,the I/O card.
FrontDescriptionBackDescription
Specifies the model number of the module.
FrontAdminStatus Indicates the administrative status of the card.
FrontOperStatus Indicates the operational status of thedesignated module.
FrontSerialNumBackSerialNum
Specifies the serial number of the I/O card.
FrontHwVersionBackHwVersion
Specifies the hardware version of the I/Ocard.
FrontPartNumberBackPartNumber
Specifies the part number of the I/O card.
FrontDateCodeBackDateCode
Specifies the manufacturing date code for theI/O card.
FrontDeviationsBackDeviations
Shows deviations.
PowerManagementPriority Configures the priority level for the slot.Configure slot priority to determine whichslots shut down if insufficient power isavailable in the chassis. The slot with thelowest priority shuts down first.Slots with the same priority shut down indescending order (highest slot number first).
PCMCIAType Indicate the type of Personal ComputerMemory Card International Association(PCMCIA) card currently installed in thisSF/CPU card.
For non-SF/CPU cards, this variable is set tonone.
PCMCIADescr Specifies the PCMCIA description, if installed.
Viewing fan detailsThe Fan dialog box provides read-only information about the operatingstatus of the switch fans.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Viewing MDA parameters 267
Procedure steps
Step Action
1 Select the fan object.
2 Do one of the following:
• Double-click the fan object.
• Right-click the fan object and click Edit.
• From the Device Manager menu bar, choose Edit, Fan.
• From the Device Manager menu bar, choose Edit, Select All,Fan, and then choose Edit, Fan.
• On the Device Manager toolbar, click the Edit Selectedbutton.
--End--
Variable definitionsUse the data in the following table to use the Fan, Details tab.
Variable Value
Id Specifies the fan ID.
OperStatus Specifies the status of the fan as follows:
• unknown—status cannot be determined.
• up—present and supplying power.
• down—present, but failure indicated.
Type Indicates the fan type. Fan types are thefollowing:
• unknown—type cannot be determined.
• regularSpeed—a regular speed fan ispresent.
• highSpeed—a high speed fan is present.
AmbientTemperature Indicates the temperature of the air enteringthe fan.
Viewing MDA parametersThe media dependent adapter (MDA) dialog box provides read-onlyinformation about the operating status of the switch MDAs.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
268 Hardware status using Device Manager
Procedure steps
Step Action
1 Select the MDA object.
2 Do one of the following:
• Double-click the MDA object.
• Right-click the MDA object and click Edit.
• From the Device Manager menu bar, choose Edit, MDA.
• From the Device Manager menu bar, choose Edit, Select All,MDA , and then choose Edit, MDA.
• On the Device Manager toolbar, click the Edit Selectedbutton.
The MDA dialog box appears.
--End--
Variable definitionsUse the data in the following table to use the MDS dialog box.
Variable Value
Type Specifies the media type of the MDA as one ofthe following:
• OC-3 SMF MDA
• OC-3 MMF MDA
• OC-12 SMF MDA
• OC-12 MMF MDA—rc2klx0c12cBaseMM
Description Specifies a description of the MDA as one ofthe following:
• OC-3 SMF MDA—Quad OC-3 SM
• OC-3 MMF MDA—Quad OC-3 MM
• OC-12 SMF MDA—Single Port OC-12 SM
• OC-12 MMF MDA —Single Port OC-12 MM
Viewing power supply parametersThe Power Supply dialog box provides read-only information about theoperating status of the switch power supplies.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Viewing power supply parameters 269
Procedure steps
Step Action
1 Select the power supply object.
2 Do one of the following:
• Double-click the power supply object.
• Right-click the power supply object and click Edit.
• From the Device Manager menu bar, choose Edit, PowerSupply.
• From the Device Manager menu bar, choose Edit, Select All,Power Supplies, and then choose Edit, Power Supply.
• On the Device Manager toolbar, click the Edit Selectedbutton.
The PowerSupply Detail tab appears.
--End--
Variable definitionsUse the information in the following table to understand the Power Supply,Detail tab.
Variable Value
Type Describes the type of power used—AC or DC.
Description Provides a description of the power supply.
SerialNumber Specifies the power supply serial number.
HardwareRevision Specifies the hardware revision number.
PartNumber Specifies the power supply part number.
PowerSupplyOperStatus Specifies the status of the power supply asone of the following:.• on (up)
• off (down)
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
270 Hardware status using Device Manager
Variable Value
InputLineVoltage Specifies the input line voltage.There are two possible states:• low 110v—power supply connected to a
110 Volt source
• high 220v—power supply connected to a220 Volt source
If the power supplies in a chassis are notof identical input line voltage values, theoperating line voltage displays the low 110vvalue.
OperLineVoltage Specifies the operating line voltage.There are two possible states:• low 110v—output power equivalent to
power supply operating with a 110 Voltinput
• high 220v—output power equivalent topower supply operating with a 220 Voltinput
If the power supplies in a chassis are notof identical input line voltage values, theoperating line voltage displays the low 110vvalue.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
271.
System access fundamentalsThis section contains conceptual information about accessing the NortelEthernet Routing Switch 8600 and creating users and user passwords foraccess.
Navigation• “Logging on to the system” (page 271)
• “Managing the switch using different VRF contexts” (page 273)
• “CLI passwords” (page 274)
• “Access policies for services” (page 275)
• “Web interface passwords” (page 275)
Logging on to the systemAfter the switch startup sequence is complete, the login prompt appears.The default values for login and password for the console and Telnetsessions are shown in the following table .
Table 28Access levels and default logon values
Access level DescriptionDefaultlogon
Defaultpassword
Read-only Permits view only configuration andstatus information. Is equivalentto Simple Network ManagementProtocol (SNMP) read-onlycommunity access.
ro ro
Layer 1 read/write View most switch configurationand status information and changephysical port settings.
l1 l1
Layer 2 read/write View and change configurationand status information for Layer 2(bridging and switching) functions.
l2 l2
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
272 System access fundamentals
Table 28Access levels and default logon values (cont’d.)
Access level DescriptionDefaultlogon
Defaultpassword
Layer 3 read/write(8600 switches only)
View and change configuration andstatus information for Layer 2 andLayer 3 (routing) functions.
l3 l3
Read/write View and change configuration andstatus information across the switch;does not allow changing security andpassword settings. This access levelis equivalent to SNMP read-writecommunity access.
rw rw
Read/write/all Permits all the rights of Read-Writeaccess and the ability to changesecurity settings, including thecommand line interface (CLI) andWeb-based management user namesand passwords and the SNMPcommunity strings.
rwa rwa
You can enable or disable users with particular access levels on theEthernet Routing Switch 8600, eliminating the need to of maintain largenumbers of access levels and passwords for each user.
A user with a disabled access level who attempts to log on is deniedaccess to the switch. The following error message appears after a userattempts to log on with a blocked access level:
Code=0x1ff0009 Blocked unauthorized cli access.The system logs the following message to the log file:
User <user-name> tried to connect with blocked access level<access-level> from <src-ipaddress> via <login type>.The system logs the following message for the console or modem port:
User <user-name> tried to connect with blocked access level<access-level> from <console/modem> port.
RADIUS authentication takes precedence over the local configuration. Ifyou enable RADIUS authentication on the switch, the user can access theswitch even if an access level is blocked on the switch.
If you disable an access level all running sessions, except FTP sessions,with that access level to the switch terminate.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Managing the switch using different VRF contexts 273
ATTENTIONOnly the RWA user can disable an access level on the switch. You cannotdisable the RWA access level on the switch.
These configurations are preserved across restarts.
hsecure bootconfig flagThe Ethernet Routing Switch 8600 supports a configurable flag called HighSecure (hsecure). Use the hsecure flag to enable the following passwordfeatures:
• 10 characters enforcement
• aging time
• limitation of failed login attempts
• protection mechanism to filter designated IP addresses
If you activate the hsecure flag, the software enforces the 10-characterrule for all passwords. If you upgrade from a previous release, if thepassword does not contain at least 10 characters, you must change thepassword to the mandatory character length. The password must containa minimum of two uppercase characters, two lowercase characters, twonumbers, and two special characters.
For more information about the hsecure flag, see Nortel Ethernet RoutingSwitch 8600 Security (NN46205-601).
Managing the switch using different VRF contextsYou can use Device Manager to manage the switch using differentVRF contexts. When you open a switch using Device Manager in theGlobalRouter (VRF 0) context, you can manage the entire switch. Whenyou open a switch using Device Manager in a different VRF context, youhave limited capability for managing the switch. For example, you canmanage only the ports that were assigned to this VRF. In addition, many ofthe Device Manager management functions are not available to you.
Using Device Manager, you can open the switch in the GlobalRouter(VRF 0) context and switch to another VRF context. You can switch theVRF contexts by choosing IP, VRF from the Device Manager menu.Just as when you open the switch using a VRF context other than theGlobalRouter (VRF 0) , when you use Device Manager to switch to adifferent VRF, you are limited to how you can manage the switch. You canmanage only those functions and components that are assigned to thatspecific VRF.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
274 System access fundamentals
With the use of user names and context names (SNMPv3), and communitystrings (SNMPv1/v2) , administrators can assign different VRFs to manageselected components, such as ports and VLANs. For more informationabout context names and community strings, see Nortel Ethernet RoutingSwitch 8600 Security (NN46205-601).
CLI passwordsThe switch ships with default passwords set for access to the CLI througha console or Telnet session. If you possess read/write/all access authority,and you are using SNMPv3, you can change passwords that are inencrypted format. If you are using Device Manager, you can also specifythe number of allowed Telnet sessions and rlogin sessions.
ATTENTIONBe aware that the default passwords and community strings are documentedand well known. Nortel strongly recommends that you change the defaultpasswords and community strings immediately after the first logon.
For security, if you fail to log on correctly on the master central processingunit (CPU) in three consecutive instances, the CPU locks for 60 seconds.
Password encryptionIn the Nortel Ethernet Routing Switch 8600 software Release 4.1 and later,passwords are stored in encrypted format and are no longer stored in theconfiguration file.
CAUTIONSecurity riskIf you load a configuration file saved prior to Release 3.7.6,saved passwords from the configuration file are not recognized.If you start the switch for the first time with Release 3.7.6 orhigher image, the password resets to default values and thesystem generates a log, indicating changes.
For security reasons, Nortel recommends that you set thepasswords to values other than the factory defaults.
Subscriber or administrative interactionAs a network administrator, you can configure the RADIUS server foruser authentication to override user access to commands. You must stillprovide access based on the existing six access levels in the EthernetRouting Switch 8600, but you can customize user access by allowing anddisallowing specific commands.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Web interface passwords 275
You must configure the following three returnable attributes for each user:
• Access priority (single instance)–the access levels currently availableon Ethernet Routing Switch 8600 ro, l1, l2, l3, rw, rwa.
• Command access (single instance)–indicates whether the commandsconfigured on the RADIUS server are allowed or disallowed for theuser.
• CLI commands (multiple instances)–the list of commands that the usercan or cannot use.
Access policies for servicesYou can control access to the switch by creating an access policy. Anaccess policy specifies the hosts or networks that can access the switchthrough various services, such as Telnet, Simple Network ManagementProtocol (SNMP), Hypertext Transfer Protocol (HTTP), Secure Shell(SSH), and remote login (rlogin). You can enable or disable accessservices by configuring flags.
You can define network stations that are explicitly allowed to access theswitch or stations that are explicitly forbidden to access the switch. Foreach service you can also specify the level of access, such as read-onlyor read/write/all.
When you configure access policies, you can either:
Globally enable the access policy feature, and then create and enableindividual policies. Each policy takes effect immediately after you enable it.
or
Create and enable individual access policies, and then globally enable theaccess policy feature to activate all the policies at the same time.
For more information about configuring access policies on IPv6, seeNortel Ethernet Routing Switch 8600 Configuration — IPv6 Routing(NN46205-504).
Web interface passwordsThe Ethernet Routing Switch 8600 includes a Web-management interfacethat you can use to monitor your switch through a Web browser fromanywhere on your network. The interface provides many of the samemonitoring features as the Device Manager software.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
276 System access fundamentals
The Web management interface is protected by a security mechanism thatrequires you to log in to the device using a user name and password. Theswitch ships with the default user name and password both specified as ro.
ATTENTIONFor security reasons, the Web interface is disabled by default. For instructionsabout how to enable the interface, see Nortel Ethernet Routing Switch 8600User Interface Fundamentals (NN46205-308)
Web server passwordWeb-server passwords authenticate the user who is accessing the deviceusing the web interface. The passwords are encrypted using the blowfishalgorithm and are stored in a hidden file. The passwords are not visibleon the device through any show command and are not stored in theconfiguration file.
Password resetYou can selectively reset login username and passwords, Web SwitchModules (WSM) passwords, SSL Acceleration Module (SAM) passwordsweb-server passwords, and SNMP community strings. This reset isimplemented as a hidden command in the CLI and Nortel Networkscommand line interface (NNCLI) and you can access the command only ifyou are assigned the rwa access level.
Password encryptionThe Ethernet Routing Switch 8600 handles password encryption in thefollowing manner:
• When the device starts, the web-server passwords and communitystrings are restored from the hidden file.
• When the web-server username/password or SNMP community stringsare modified, the modifications are updated to the hidden file.
Password recoveryUse the following CLI commands to recover your password. Only a userwith rwa access can access these hidden commands.
• ERS-8606:5/config/sys/set/reset-passwd# login-user<l1|l2|l3|ro|rw>
The preceding command resets the login usernames and passwordsselectively. You can reset the following access levels: l1, l2, l3, ro, rw.
ATTENTIONYou cannot reset the rwa community string.
• The following command resets the WSM usernames/passwordsselectively. You can reset the following WSM access levels:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Web server password 277
l4admin, slbadmin, oper, l4oper, slboper: ERS-8606:5/config/sys/set/reset-passwd# wsm-passwd<l4admin|slbadmin|oper|l4oper|slboper>
• The following command resets the ssladmin username/password:ERS-8606:5/config/sys/set/reset-passwd# sam-passwd<ssladmin>
• The following command resets the web server username/passwordfor "ro" access: ERS-8606:5/config/sys/set/reset-passwd#web-server-passwd <ro>
• The following command resets the following SNMP community strings:l1, l2, l3, ro, rw : ERS-8606:5/config/sys/set/reset-passwd#snmp-community-strings <l1|l2|l3|ro|rw>
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
278 System access fundamentals
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
279.
System access configuration usingDevice Manager
The section provides procedures you can use to manage system access.Procedures include configurations for usernames, passwords, and accesspolicies.
Navigation• “Enabling access levels” (page 279)
• “Changing passwords” (page 281)
• “Creating an access policy” (page 283)
• “Enabling an access policy” (page 286)
Enabling access levelsEnable access levels to control the configuration actions of various usersby performing this procedure.
ATTENTIONOnly the RWA user can disable an access level on the switch. The RWA accesslevel cannot be disabled on the switch.
These configurations are preserved across restarts.
Procedure steps
Step Action
1 From the Device Manager menu bar, choose Security, ControlPath, General.
The Control Path Security dialog box appears with the Port Locktab visible.
2 Click the CLI tab.
The CLI tab appears.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
280 System access configuration using Device Manager
3 Select the Enable box for the required access level.
4 Click Apply.
--End--
Variable definitionsUse the data in the following table to configure the Control Path SecurityCLI tab.
Variable Value
RWAUserName Specifies the user name for the read/write/allCLI account.
RWAPassword Specifies the password for the read/write/allCLI account.
RWEnable Activates the read/write access.
RWUserName Specifies the user name for the read/write CLIaccount.
RWPassword Specifies the password for the read/write CLIaccount.
RWL3Enable Activates the read/write Layer 3 access.
RWL3UserName Specifies the user name for the Layer 3read/write CLI account.
RWL3Password Specifies the password for the Layer 3read/write CLI account.
RWL2Enable Activates the read/write Layer 2 access.
RWL2UserName Specifies the user name for the Layer 2read/write CLI account.
RWL2Password Specifies the password for the Layer 2read/write CLI account.
RWL1Enable Activates the read/write Layer 1 access.
RWL1UserName Specifies the user name for the Layer 1read/write CLI account.
RWL1Password Specifies the password for the Layer 1read/write CLI account.
ROEnable Activates the read-only CLI account.
ROUserName Specifies the user name for the read-only CLIaccount.
ROPassword Specifies the password for the read-only CLIaccount.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Changing passwords 281
Variable Value
MaxTelnetSessions Specifies the maximum number of concurrentTelnet sessions that are allowed expressed ina range from 0–8.
MaxRloginSessions Specifies the maximum number of concurrentRlogin sessions that are allowed in a rangefrom 0–8 .
Timeout Specifies the number of seconds of inactivityfor a Telnet or Rlogin session before thesystem initiates automatic timeout anddisconnect, expressed in a range from30–65535.
NumAccessViolations Indicates the number of CLI access violationsdetected by the system.This variable is a read-only field.
Changing passwordsUse this procedure to
• configure new passwords for each access level
• change the login for different access levels
• change the password for different access levels
The Ethernet Routing Switch 8600 ships with default passwords set foraccess to the CLI.If you use Simple Network Management Protocol version 3 (SNMPv3), youcan change encrypted passwords.
Procedure steps
Step Action
1 From the Device Manager menu bar, choose Security, ControlPath, General.
The Control Path Security dialog box appears with the Port Locktab visible.
2 Click the CLI tab.
The CLI tab appears.
3 Specify the user name and password for the appropriate accesslevel.
4 Click Apply.
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
282 System access configuration using Device Manager
Variable definitionsUse the data in the following table to configure the Control Path SecurityCLI tab.
Variable Value
RWAUserName Specifies the user name for the read/write/all CLIaccount.
RWAPassword Specifies the password for the read/write/all CLIaccount.
RWEnable Activates the read/write access.
RWUserName Specifies the user name for the read/write CLI account.
RWPassword Specifies the password for the read/write CLI account.
RWL3Enable Activates the read/write Layer 3 access.
RWL3UserName Specifies the user name for the Layer 3 read/write CLIaccount.
RWL3Password Specifies the password for the Layer 3 read/write CLIaccount.
RWL2Enable Activates the read/write Layer 2 access.
RWL2UserName Specifies the user name for the Layer 2 read/write CLIaccount.
RWL2Password Specifies the password for the Layer 2 read/write CLIaccount.
RWL1Enable Activates the read/write Layer 1 access.
RWL1UserName Specifies the user name for the Layer 1 read/write CLIaccount.
RWL1Password Specifies the password for the Layer 1 read/write CLIaccount.
ROEnable Activates the read-only CLI account.
ROUserName Specifies the user name for the read-only CLI account.
ROPassword Specifies the password for the read-only CLI account.
MaxTelnetSessions Specifies the maximum number of concurrent Telnetsessions that are allowed expressed in a range from0–8.
MaxRloginSessions Specifies the maximum number of concurrent Rloginsessions that are allowed expressed in a range from0–8.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Creating an access policy 283
Variable Value
Timeout Specifies the number of seconds of inactivity for aTelnet or Rlogin session before the switch initiatesautomatic timeout and disconnect expressed in a rangefrom 30– 65535.
NumAccessViolations Indicates the number of CLI access violations detectedby the system.This is a read-only field.
Creating an access policyYou can control access to the switch by creating an access policy. Anaccess policy specifies the hosts or networks that can access the switchthrough various services, such as Telnet, SNMP, HTTP, rsh, and rlogin.
You can define network stations that are explicitly allowed to accessthe switch or network stations that are explicitly forbidden to access theswitch. For each service, you can also specify the level of access, such asread-only or read/write/all.Create an access policy by performing this procedure.
ATTENTIONDevice Manager does not provide SNMPv3 support for an access policy. If youmodify an access policy with Device Manager, SNMPV3 is disabled.
Procedure steps
Step Action
1 From the Device Manager menu bar, choose Security,ControlPath, Access Policies.
The ControlPathSecurity dialog box appears with the AccessPolicies tab active.
2 In the Security dialog box, click Insert.
The ControlPathSecurity, Insert Access Policy dialog boxappears. All fields are optional except ID.
3 In the ID box, type the policy ID.
4 In the Name box, type the policy name.
5 Select the PolicyEnable check box.
6 Select the Mode option to allow or deny a service.
7 From the Service options, select a service.
8 In the Precedence box, type a precedence number for theservice (lower numbers mean higher precedence).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
284 System access configuration using Device Manager
9 Select the NetInetAddrType.
10 In the NetInetAddress box, type an IP address.
11 In the NetInetAddrPrefixLen box, type the prefix length.
12 In the TrustedHostInet Address box, type an IP address for thetrusted host.
13 In the TrustedHostUserName box, type a user name for thetrusted host.
14 Select an AccessLevel for the service.
15 Select the AccessStrict check box, if desired.
ATTENTIONIf you select the AccessStrict option, you specify that a user mustuse an access level identical to the one you selected in the dialog boxto use this service.
16 Click Insert.
--End--
Variable definitionsUse the data in the following table to configure the Insert access policiestab.
Variable Value
Id Specifies the policy ID.
Name Specifies the name of the policy.
PolicyEnable Activates the access policy.
Mode Indicates whether a packet with a source IPaddress matching this entry is permitted toenter the device or is denied access.
Service Indicates the protocol to which this entryapplies.
Precedence Indicates the precedence of the policyexpressed in a range from 1–128.The lower the number, the higher theprecedence.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Creating an access policy 285
Variable Value
NetInetAddrType Indicates the source network Internet addresstype as one of the following.• any
• IPv4
• IPv6
IPv4 is expressed in the format a.b.c.d.IPv6 is expressed in the format a:b:c:d:e:f:g:h.
NetInetAddress Indicates the source network Inet address(prefix/network).If the address type is IPv4, you must enter anIPv4 address and its mask length.If the type is IPv6, you must enter an IPv6address.
NetInetAddrPrefixLen Indicates the source network Inet addressprefix-length/mask.If the type is IPv4, you must enter an IPv4address and mask length;If the type is IPv6, you must enter an IPv6address and prefix length.
TrustedHostInetAddr Indicates the trusted Inet address of a hostperforming a remote login to the device.TrustedHostInetAddr applies only to rlogin andrsh.
ATTENTIONYou cannot use wildcard entries in theTrustedHostInetAddr field.
TrustedHostUserName Specifies the user name assigned to thetrusted host. The trusted host name appliesonly to rlogin and rsh. Ensure that the trustedhost user name is the same as your networklogon user name; do not use the switch username, for example, rwa.
ATTENTIONYou cannot use wildcard entries. The usermust already be logged in with the username to be assigned to the trusted host.For example, using "rlogin -l newusernamexx.xx.xx.xx" does not work from a UNIXworkstation.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
286 System access configuration using Device Manager
Variable Value
AccessLevel Specifies the access level of the trusted hostas one of the following:• readOnly
• readWrite
• readWriteAll
AccessStrict Enables or disables strict access criteria forremote users.
If unchecked, a user must use an access levelidentical to the one you selected in the dialogbox to use this service.
• true: remote login users can use only thecurrently configured access level
• false: remote users can use any accesslevel
ATTENTIONIf you do not select true or false, user accessis governed by criteria specified in the policytable. For example, a user with an rw accesslevel specified for a policy ID in the policytable is allowed rw and rw access, and ro isdenied access.
Enabling an access policyEnable the access policy feature globally to control access across theswitch.
You can create an access policy to control access to the switch. Anaccess policy specifies the hosts or networks that can access the switchthrough access services; for example Telnet, SNMP, Hypertext TransferProtocol (HTTP), and remote login (rlogin).Enable an access policy by performing this procedure.
Procedure steps
Step Action
1 From the Device Manager menu bar, select Edit, Chassis.
The Chassis dialog box appears with the System tab visible.
2 Click the System Flags tab.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Enabling an access policy 287
The System Flags tab appears.
3 Select the EnableAccessPolicy check box.
4 Click Apply.
5 Click Close.
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
288 System access configuration using Device Manager
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
289.
System access configuration using theCLI
The section provides procedures to manage system access throughconfigurations such as usernames, passwords, and access policies.
Navigation• “Job aid” (page 289)
• “Enabling CLI access levels” (page 291)
• “Changing passwords” (page 292)
• “Resetting and modifying passwords” (page 305)
• “Enabling the access policy globally” (page 296)
• “Creating an access policy” (page 296)
• “Configuring an access policy” (page 297)
• “Specifying a name for an access policy” (page 300)
• “Specifying the host address and username for rlogin” (page 301)
• “Enabling an access service” (page 301)
• “Allowing a network access to the switch” (page 303)
• “Configuring access policies by MAC address” (page 304)
Job aidThe following table lists the commands and their parameters that you useto complete the procedures in this section.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
290 System access configuration using the CLI
Table 29Job aid
Command Parameter
access level <access level><enable|disable>
aging <days>
default-lockout-time <secs>
info
l1 <username> [ <password> ]
l2 <username> [ <password> ]
l3 <username> [ <password> ]
l4admin <username>
l4oper <username>
lockout-time <HostAddress> <secs>
min-passwd-len <integer>
oper <username>
password-history <number>
ro <username> [ <password> ]
rw <username> [ <password> ]
rwa <username> [ <password> ]
slboper <username>
slbadmin <username>
config cli password
ssladmin <username>
<string length 2..8>config cli password access-level
<enable|disable>
config cli password <access-level><username>
add <mac> <action>
del <mac>
default-action <default-action>
config sys access-policy by-mac
info
config sys access-policy enable<true|false>
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Enabling CLI access levels 291
Command Parameter
accesslevel <level>
access-strict <true|false>
create
delete
disable
enable
host <ipaddr/IPv6addr>
info
mode <allow|deny>
name <name>
network <addr/mask>
precedence <precedence>
snmp-group-add <group-name> <model>
snmp-group-del <group-name> <model>
snmp-group-info
config sys access-policy policy <pid>
username <string>
ftp <enable|disable>
http <enable|disable>
info
rlogin <enable|disable>
snmpv3 <enable|disable>
ssh <enable|disable>
telnet <enable|disable>
config sys access-policy policy <pid>service
tftp <enable|disable>
reset-passwd
Enabling CLI access levelsEnable command line interface (CLI) access levels to control theconfiguration actions of system users by performing this procedure.
ATTENTIONOnly the RWA user can disable an access level on the switch. You cannotdisable the RWA access level on the switch.
These configurations are preserved across restarts.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
292 System access configuration using the CLI
Procedure steps
Step Action
1 Enable a CLI access level by using the following command:
config cli password access-level <access-level><enable|disable>
--End--
Variable definitionsUse the data in the following table to use the config cli passwordaccess-level command.
Variable Value
access level Specifies the required access levelwith a string length of 2–8 characters.
enable|disable Blocks or permits the access level.The default value is enable.
Changing passwordsConfigure new passwords for each access level, or change the login orpassword for switch access levels.
The Ethernet Routing Switch 8600 ships with default passwords set foraccess to the CLI. For security, passwords are saved to a hidden file. Theoptional parameter password is the password associated with the username or login name.
If you use Simple Network Management Protocol version 3 (SNMPv3), youcan change encrypted passwords.Change password by performing this procedure.
Prerequisites
• To change passwords, you must have read-write-all privileges.
Procedure steps
Step Action
1 Change a password by using the following command:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Changing passwords 293
config cli password
--End--
VariablesUse the data in the following table to use the config cli passwordcommand
Variable Value
access level <access level><enable|disable>
Permits or blocks an access level.
• access level is expressed as aninteger from 2–8.
• enable|disable activates ordisables the designated level.
aging <days> Configures the age-out time forpasswords.
• days is expressed as an integerfrom 1–365.
default-lockout-time <secs> Changes the default lockout time afterthree invalid attempts, expressed inseconds. .
• secs is the lockout time in a rangefrom 60–65000.
The default value is 60.
info Specifies the current level parametersettings and the next level directories.
l1 <username> [ <password> ] Changes the Layer 1 read/write loginand password.
• username is the login name
• password is the passwordassociated with the login name.
l2 <username> [ <password> ] Changes the Layer 2 read/write loginand password.
• username is the login name.
• password is the passwordassociated with the login name.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
294 System access configuration using the CLI
Variable Value
l3 <username> [ <password> ] Changes the Layer 3 read/write loginand password (applies only to theEthernet Routing Switch 8600).
• username is the login name.
• password is the passwordassociated with the login name.
l4admin <username> Configures the Layer 4 administratorlogin for connection to the WebSwitching Module (WSM). For moreinformation about the WSM, see NortelEthernet Routing Switch 8600 WebSwitching Module Fundamentals(NN46205-314).
l4oper <username> Configures the Layer 4 operator loginfor connection to the WSM. For moreinformation about the WSM, see NortelEthernet Routing Switch 8600 WebSwitching Module Fundamentals(NN46205-314).
lockout-time <HostAddress><secs>
Configures the host lockout time.
• HostAddress is the Host InternetProtocol (IP) address in the formata.b.c.d.
• secs is the password lockout-outtime, in seconds, expressed in arange from 60–65000. .
The default value is 60
min-passwd-len <integer> Configures the minimum length forpasswords in high-secure mode.
• integer is as an integer in arange from 10–20.
oper <username> Configures the operator login forconnection to the WSM. For moreinformation about the WSM, see NortelEthernet Routing Switch 8600 WebSwitching Module Fundamentals(NN46205-314).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Changing passwords 295
Variable Value
password-history <number> Specifies the number of previouspasswords to retain in systemmemory.
• number is expressed as an integerin a range from 3–32.
The default is 3.
ro <username> [ <password> ] Changes the read-only login andpassword.
• username is the login name.
• password is the passwordassociated with the login name.
rw <username> [ <password> ] Changes the read/write login andpassword.
• username is the login name.
• password is the passwordassociated with the login name.
rwa <username> [ <password> ] Changes the read/write/all login andpassword.
• username is the login name.
• password is the passwordassociated with the login name.
slboper <username> Configures the server load balancing(SLB) operator login for connection tothe WSM. For more information aboutthe WSM, see Nortel Ethernet RoutingSwitch 8600 Web Switching ModuleFundamentals (NN46205-314).
slbadmin <username> Configures the SLB administratorlogin to connect to the WSM. Formore information about the WSM, seeNortel Ethernet Routing Switch 8600Web Switching Module Fundamentals(NN46205-314).
ssladmin <username> Configures the ssladmin login toconnect to and configure the SAM(SSL acceleration module).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
296 System access configuration using the CLI
Enabling the access policy globallyEnable the access policy feature globally to control access across theswitch. You can control access to the switch by creating an access policy.An access policy specifies the hosts or networks that can access theswitch through various access services, such as Telnet, SNMP, HypertextTransfer Protocol (HTTP), and remote login (rlogin). You must enable thefeature globally before individual policies take effect.Enable access policy globally by performing this procedure.
Procedure steps
Step Action
1 Enable the access policy feature globally with the followingcommand:
config sys access-policy enable <true|false>
--End--
Variable definitionsUse the data in the following table to use the config sysaccess-policy command.
Variables Value
enable <true|false> Activates the access policy on theswitch.• true globally activates the
access-policy feature.
• false globally disables theaccess-policy feature.
Creating an access policyCreate an access policy to control access to the switch. You can definenetwork stations that are explicitly allowed to access the switch or networkstations that are explicitly forbidden to access the switch. For eachservice, you can also specify the level of access, such as read-only orread/write/all.Create an access policy by performing this procedure.
Procedure steps
Step Action
1 Create an access policy by using the following command:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring an access policy 297
config sys access-policy policy <pid> create
--End--
Variable definitionsUse the data in the following table to use the config sysaccess-policy policy command.
Variables Value
create Creates the specified access policy onthe switch.
policy <pid> Identifies a policy.
• <pid> is a number that identifies apolicy.
Example of creating an access policy
Step Action
1 Enable access policies globally with the following command:
ERS-8606:5# config sys access-policy enable true
2 Create the policy 2345 with the following command:
ERS-8606:5# config sys access-policy policy 2345create
--End--
Configuring an access policyConfigure an access policy to control access to the switch by performingthis procedure.
Prerequisites
• You must enable the access policy feature globally before theindividual policy can take effect.
Procedure steps
Step Action
1 Configure optional parameters for an access policy by using thefollowing command:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
298 System access configuration using the CLI
config sys access-policy policy <pid>
2 Enable the access policy by using the following command:
config sys access-policy policy <pid> enable
--End--
Variable definitionsUse the data in the following table to use the config sysaccess-policy policy command.
Variables Value
accesslevel <level> Specifies the level of access if youcofigure the policy to allow access.
• level is the access level
access-strict <true|false> Designates access associated withconfigured levels.• true—the system accepts only the
currently configured access level
• false—the system accepts accessup to the configured level
create Creates the specified access policy onthe switch.
delete Removes the specified access policyfrom the switch.
disable Disables the access policy on theswitch.
enable Activates the access policy on theswitch.
host <ipaddr/IPv6addr> For rlogin access, specifies the trustedhost address as an IP address.
info Shows the current status of an accesspolicy.
mode <allow|deny> Specifies whether a designatednetwork address is allowed or deniedaccess through the specified accessservice.The default setting is allow.
name <name> Specifies the name of the policy.The default name is policy_<ID>
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring an access policy 299
Variables Value
network <addr/mask> Specifies whether the designatedIP address and subnet mask arepermitted or denied access throughthe specified access service.
precedence <precedence> Specifies a precedence for a policyto determine which policy the systemuses if multiple policies apply..
• precedence is expressed asa number from 1–128. Lowernumbers take higher precedence.
The default precedence value is 10.
snmp-group-add <group-name><model>
Adds snmp-v3 group under the accesspolicy.
• group-name is the snmp-v3 groupname expressed in a range from1–32 characters.
• model is the security model: eithersnmpv1, snmpv2c, or usm.
snmp-group-del <group-name><model>
Removes an snmp-v3 group under theaccess policy.
• group name is the snmp-v3 groupname expressed in a range from1–32 characters.
• model is the security model: eithersnmpv1, snmpv2c, or usm.
snmp-group-info Shows snmp-v3 groups under thisaccess policy
username <string> For rlogin access, specifies the trustedhost user name.
Job aidThe following is an example of configuring an access policy.
Procedure steps
Step Action
1 Enable access policies globally:
ERS-8606:5# config sys access-policy enable true
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
300 System access configuration using the CLI
2 Assuming no access policies exist, start with policy 2 and namethe policy policy2 as follows:
ERS-8606:5# config sys access-policy policy 2 create
ERS-8606:5# config sys access-policy policy 2 namepolicy2
3 Add read/write/all access level to policy 2:
ERS-8606:5# config sys access-policy policy 2accesslevel rwa
4 Add the usm group group_example to policy 2:
ERS-8610:5# config sys access-policy policy 2snmp-group-add group_example usm
5 Enable access strict enable:
ERS-8610:5# config sys access-policy policy 2access-strict true
6 Enable policy 2:
ERS-8610:5# config sys access-policy policy 2enable
--End--
Specifying a name for an access policyAssign a name to the access policy to uniquely identify the policy byperforming this procedure.
Procedure steps
Step Action
1 Assign a name to the access policy by using the followingcommand:
config sys access-policy policy <pid> name <name>
--End--
Variable definitionsUse the data in the following table to use the config sysaccess-policy policy command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Enabling an access service 301
Variables Value
name
<name>
name is a string from 0–15 characters.
policy <pid> Identifies the policy.• <pid> is a number that identifies
the policy expressed in a rangefrom 1—65535.
Specifying the host address and username for rloginSpecify the address and username required to access the SF/CPU whenusing rlogin by performing this procedure.
Procedure steps
Step Action
1 Specify the trusted host address with the following command:
config sys access-policy policy <pid> host <ipaddr>
2 Specify the trusted host user name with the following command:
config sys access-policy policy <pid> username<string>
--End--
Variable definitionsUse the data in the following table to use the config sysaccess-policy command.
Variables Value
host <ipaddr/IPv6addr> For rlogin access, specifies the trustedhost address as an IP address.
username <string> For rlogin access, specifies the trustedhost user name.
Enabling an access serviceEnable an access service for the specified policy. An access policyspecifies the hosts or networks that can access the switch through variousservices, such as Telnet, SNMP, Hypertext Transfer Protocol (HTTP),Secure Shell (SSH), and remote login (Rlogin).Enable an access service by performing this procedure.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
302 System access configuration using the CLI
Procedure steps
Step Action
1 Enable an access service for the specified policy by using thefollowing command:
config sys access-policy policy <pid> service
--End--
Variable definitionsUse the data in the following table to use the config sysaccess-policy policy service command.
Variables Value
ftp <enable|disable> Activates or disables FTP for thespecified policy.Because FTP derives its accesslevel and password from the CLImanagement filters, FTP works onlyfor the following access levels:• read-write-only (rwo)
• read-write (rw)
FTP does not work for read-only (ro).
http <enable|disable> Activates or disables HTTP for thespecified policy.
info Shows the status (disable or enable)of each service (for example, ftp, http,rlogin) .
rlogin <enable|disable> Activates or disables rlogin for thespecified policy.
snmpv3 <enable|disable> Activates or disables SNMPv3for the specified policy. For moreinformation about SNMPv3, see NortelEthernet Routing Switch 8600 Security(NN46205-601).
ssh <enable|disable> Activates or disables SSH for thespecified policy. For more informationabout SSH, see Nortel EthernetRouting Switch 8600 Security(NN46205-601).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Allowing a network access to the switch 303
Variables Value
telnet <enable|disable> Activates or disables Telnet for thespecified policy.
tftp <enable|disable> Activates or disables Trivial FileTransfer Protocol (TFTP) for thespecified policy.
Job aidThe following is an example of enabling FTP, Rlogin, HTTP, SNMP, SSH,and Telnet access services.
Procedure steps
Step Action
1 Enable access services:
ERS-8610:6/config/sys/access-policy/policy/2/service#ftp enable
ERS-8610:6/config/sys/access-policy/policy/2/service#rlogin enable http enable
ERS-8610:6/config/sys/access-policy/policy/2/service#snmpv3 enable
ERS-8610:6/config/sys/access-policy/policy/2/service#ssh enable telnet enable
--End--
Allowing a network access to the switchSpecify the network to which you want to allow access by performing thisprocedure.
Procedure steps
Step Action
1 Specify the network with the following command:
config sys access-policy policy <pid> network<addr/prefix- length>
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
304 System access configuration using the CLI
Variable definitionsUse the data in the following table to use the config sysaccess-policy policy command.
Variables Value
accesslevel <level> Specifies an access level.• level is expressed as one of
these access levels: ro, rw, rwa,or the equivalent community stringdesignation (read-only, read/write,or read/write/all).
addr/prefix-length Designates the IPv4 address/mask, orthe IPv6 address/prefix-length that ispermitted or denied access throughthe specified access service.
mode <allow|deny> Specifies whether a designatednetwork address is allowed or deniedaccess through the specified accessservice.The default setting is allow.
Configuring access policies by MAC addressConfigure access-policies by MAC address to permit or deny local MACaddresses on the network management port after you activate an accesspolicy.
If the source MAC does not match a configured entry, then the defaultaction is taken. The system generates a log message to record the denialof access.
For connections coming in from a different subnet, the source mac of thelast hop is used in decision making.
Configure access-policies by MAC address does not perform MAC orforwarding database (FDB) filtering on data ports.
Access policies are changed from previous releases. Before you attemptto upgrade an access policy from a previous release, see Nortel EthernetRouting Switch 8600 Upgrades — Software Release 5.1 (NN46205-400).Configure an access policy by MAC address by performing this procedure.
Procedure steps
Step Action
1 Configure access-policies by MAC address by using thefollowing command:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Resetting and modifying passwords 305
config sys access-policy by-mac
--End--
Variable definitionsUse the data in the following table to use the config sysaccess-policy by-mac command.
Variables Value
add <mac><action>
Adds a MAC address for a designated action.
• <mac> is the MAC address in the format0x00:0x00:0x00:0x00:0x00:0x00.
• <action> is allow or deny.
del <mac> Deletes a designated MAC address.
default-action<default-action>
Specifies the default action to allow or deny a MACaddress with no match.The default action is allow.
info Specifies the current access level configured by MACaddress.
Resetting and modifying passwordsModify passwords to protect security if users forget passwords or yoususpect they are compromised by performing this procedure.
Procedure steps
Step Action
1 In the boot-monitor CLI, reset all passwords to the factorydefaults by using the following command:
reset-passwd
2 In the run-time CLI, change passwords by using the followingcommand:
config cli password <access-level><username>
You are prompted to enter the old password, the new password,and to confirm the new password.
ATTENTIONAll passwords are case-sensitive.
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
306 System access configuration using the CLI
Variable definitionsUse the data in the following table to use the config cli passwordcommand.
Variable Value
access-level Specifies the access level associatedwith the password to be changed.
username Identifies the user account assocaitedwith the password to be changed.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
307.
System access configuration using theNNCLI
The section provides procedures to manage system access throughconfigurations such as usernames, passwords, and access policies.
Prerequisites• To perform the procedures in this section, you must log on to the
Global Configuration mode in the NNCLI. For more information aboutusing NNCLI, see Nortel Ethernet Routing Switch 8600 User InterfaceFundamentals (NN46205-308).
Navigation• “Job aid” (page 307)
• “Enabling CLI access levels” (page 309)
• “Changing passwords” (page 310)
• “Creating an access policy” (page 312)
• “Configuring an access policy” (page 313)
• “Enabling the access policy globally” (page 317)
• “Specifying a name for an access policy” (page 317)
• “Allowing a network access to the switch” (page 318)
• “Configuring access policies by MAC address” (page 319)
Job aidThe following table lists the commands and their parameters that you useto complete the procedures in this section.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
308 System access configuration using the NNCLI
Table 30Job aid
Command Parameter
Global Configuration mode
access-strict
accesslevel <ro|rwa|rw>
enable
ftp
host <word>
http
mode <allow|deny>
name <word>
network <A.B.C.D>
precedence <1-128>
rlogin
snmp-group <word> <snmpv1|snmpv2c|usm>
snmpv3
ssh
telnet
tftp
access-policy <1-65535>
username <word>
<0x00:0x00:0x00:0x00:0x00:0x00>access-policy by-mac
action <allow|deny>
l4admin
l4 oper
layer 1
layer 2
layer 3
oper
read-only
read-write
read-write-all
slbadmin
slboper
cli password <word> <access-level>
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Enabling CLI access levels 309
Command Parameter
ssladmin
access-level <word>
aging-time day <1-365>
default-lockout-time <60-65000>
lockout <word> <time>
min-passwd-len <10-20>
password
password-history <0-32>
Enabling CLI access levelsEnable CLI access levels to control the configuration actions of varioususers by performing this procedure.
ATTENTIONOnly the RWA user can disable an access level on the switch. The RWA accesslevel cannot be disabled on the switch.
These configurations are preserved across restarts.
Prerequisites
• You must log on to the NNCLI Global Configuration mode.
Procedure steps
Step Action
1 Enable an access level by using the following command:
password access-level <word>
--End--
Variable definitionsUse the data in the following table to use the password access-levelcommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
310 System access configuration using the NNCLI
Variable Value
word Specifies the name of the requiredaccess leve, expressed as a stringlength from 2–8 characters.To set this option to the default value,use the default operator with thecommand.
Changing passwordsConfigure new passwords for each access level, or change the login orpassword for the access levels of the switch.
The Ethernet Routing Switch 8600 ships with default passwords set foraccess to the CLI. For security, the system saves passwords to a hiddenfile.
If you use Simple Network Management Protocol version 3 (SNMPv3), youcan change encrypted passwords.Change passwords by performing this procedure.
Prerequisites
• You must have read-write-all privileges to change passwords.
• You must log on to the NNCLI Global Configuration mode.
Procedure steps
Step Action
1 Change a password by using the following command:
cli password <word> <access-level>
2 Configure password options by using the following command:
password [aging-time day <1-365>] [default-lockout-time<60-65000>] [lockout <word> <time>] [min-passwd-len<10-20>] [password-history <0-32>]
--End--
VariablesUse the data in the following table to use the password commands.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Changing passwords 311
Variable Value
access level Permits or blocks a designated accesslevel from the following list:
• l4admin
• l4oper
• layer1 <word>
• layer2
• layer3 <word>
• oper
• read-only <word>
• read-write <word>
• read-write-all <word>
• slbadmin
• slboper
• ssladmin
Use Layer 4 administrator andoperator access levels to connect tothe Web Switching Module (WSM).For more information about the WebSwitching Module (WSM), see NortelEthernet Routing Switch 8600 WebSwitching Module Fundamentals(NN46205-314).
aging-time day <1-365> Configures the age-out time forpasswords, in days.
default-lockout-time<60-65000>
Changes the default lockout time afterthree invalid attempts. Configures thelockout time in seconds and is in therange of 60–65000. The default is 60seconds.
To set this option to the default value,use the default operator with thecommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
312 System access configuration using the NNCLI
Variable Value
lockout <word> <time> Configures the host lockout time.
• word is the Host Internet Protocol(IP) address in the format a.b.c.d.
• time is the lockout-out time inseconds for passwords lockout inthe range of 60–65000. The defaultis 60 seconds.
min-passwd-len <10-20> Configures the minimum length forpasswords in high-secure mode.
To set this option to the default value,use the default operator with thecommand.
password-history <3-32> Specifies the number of previouspasswords to remember. The defaultis 3.
To set this option to the default value,use the default operator with thecommand.
<word> Represents the new passwordcontaining 0–20 characters.
Creating an access policyCreate an access policy to control access to the switch by performing thisprocedure.
Prerequisites
• You must log on to the NNCLI Global Configuration mode.
Procedure steps
Step Action
1 Create an access policy by assigning it a number
access-policy <1-65535>
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring an access policy 313
Configuring an access policyConfigure an access policy to control access to the switch.
You can define network stations that are explicitly allowed to access theswitch or network stations that are explicitly forbidden to access the switch.
For each service, you can also specify the level of access; for example,read-only or read/write/all.Configure an access policy by performing this procedure.
Prerequisites
• You must log on to the NNCLI Global Configuration mode.
Procedure steps
Step Action
1 Configure access for an access policy by using the followingcommand:
access-policy <1-65535> [access-strict] [accesslevel<ro|rwa|rw>]
2 Configure the access policy mode, network and precedence byusing the following command:
access-policy <1-65535> [mode <allow|deny>] [network<A.B.C.D>] [precedence <1-128>]
3 Configure optional access protocols for an access policy byusing the following command:
access-policy <1-65535> [ftp] [http] [ssh] [telnet][tftp]
4 Configure optional rlogin access for an access policy by usingthe following command:
access-policy <1-65535> host <word> rlogin username<word>
5 Configure optional SNMP parameters for an access policy byusing the following command:
access-policy <1-65535> [snmp-group <word><snmpv1|snmpv2c|usm>] [snmpv3]
--End--
Variable definitionsUse the data in the following table to use the access-policy command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
314 System access configuration using the NNCLI
Variables Value
accesslevel <ro|rwa|rw> Specifies the level of access if youconfigure the policy to allow access.
access-strict Restrains access to criteria specifiedin the access policy.• true—the system accepts only the
currently configured access level
• false—the system accepts accessup to the configured level
Use the no operator to remove thisconfiguration.To set this option to the default value,use the default operator with thecommand.
ftp Activates or disables FTP for thespecified policy.Because FTP derives itslogin/password from the CLImanagement filters, FTP worksfor read-write-only (rwo) and read-write(rw) access but not for the read-only(ro) access.Use the no operator to remove thisconfiguration.To set this option to the default value,use the default operator with thecommand.
host <word> For rlogin access, specifies the trustedhost address as an IP address.
http Activates the HTTP for this accesspolicy.Use the no operator to remove thisconfiguration.To set this option to the default value,use the default operator with thecommand.
mode <allow|deny> Specifies whether the designatednetwork address is allowed accessto the system through the specifiedaccess service.The default setting is allow.
network <A.B.C.D> Specifies the IP address and subnetmask that can access the systemthrough the specified access service.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring an access policy 315
Variables Value
precedence <1-128> Specifies a precedence value for apolicy, expressed as a number from1–128.The precedence value determineswhich policy the system uses ifmultiple policies apply.Lower numbers take higherprecedence.The default value is 10.
rlogin Activates remote login for the accesspolicy. Use the no operator to removethis configuration.To set this option to the default value,use the default operator with thecommand.
snmp-group <word> <snmpv1|snmpv2c|usm>
Adds an snmp-v3 group under theaccess policy.
• word is the snmp-v3 group nameconsisting of 1–32 characters.
• <snmpv1|snmpv2c|usm> is thesecurity model; either snmpv1,snmpv2c, or usm.
Use the no operator to remove thisconfiguration.
snmpv3 Activates SNMP version 3 for theaccess policy. For more informationabout SNMPv3, see Nortel EthernetRouting Switch 8600 Security(NN46205-601).
Use the no operator to remove thisconfiguration.To set this option to the default value,use the default operator with thecommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
316 System access configuration using the NNCLI
Variables Value
ssh Activates SSH for the access policy.For more information about SSH, seeNortel Ethernet Routing Switch 8600Security (NN46205-601).
Use the no operator to remove thisconfiguration.To set this option to the default value,use the default operator with thecommand.
telnet Activates Telnet for the access policy.Use the no operator to remove thisconfiguration.To set this option to the default value,use the default operator with thecommand.
tftp Activates the Trivial File TransferProtocol (TFTP) for this access policy.Use the no operator to remove thisconfiguration.To set this option to the default value,use the default operator with thecommand.
username <word> Specifies the trusted host user namefor remote login access.
Example of configuring an access policy
Step Action
1 Assuming no access policies exist, start with policy 3 and namethe policy policy3 as follows:
ERS-8606:5(config)# access-policy 3 name policy3
2 Add read/write/all access level to policy 3:
ERS-8606:5(config)# access-policy 3 accesslevelrwa
3 Add the usm group group_example to policy 3:
ERS-8606:5(config)# access-policy 3 snmp-groupgroup_example usm
4 Enable access strict:
ERS-8606:5(config)# access-policy 3 access-strict
5 Enable policy 3:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Specifying a name for an access policy 317
ERS-8606:5(config)# access-policy 3 enable
--End--
Enabling the access policy globallyEnable the access policy globally to control access across the switch. Youcan control access to the switch by creating an access policy. An accesspolicy specifies the hosts or networks that can access the switch throughvarious access services, such as Telnet, SNMP, Hypertext TransferProtocol (HTTP), and remote login (rlogin).Enable an access policy globally by performing this procedure.
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 Enable the access policy globally with the following command:
access-policy <1-65535> enable
--End--
Specifying a name for an access policyAssign a name to the access policy to uniquely identify the policy byperforming this procedure.
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 Assign a name to the access policy by using the followingcommand:
access-policy <1-65535> name <word>
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
318 System access configuration using the NNCLI
Variable definitionsUse the data in the following table to use the access-policy command.
Variables Value
name <word> Specifies a name expressed as astring from 0–15 characters.
Allowing a network access to the switchSpecify the network to which you want to allow access by performing thisprocedure.
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 Specify the network with the following command:
access-policy <1-65535> [accesslevel <ro|rwa|rw>] [mode<allow|deny>] [network <A.B.C.D>]
--End--
Variable definitionsUse the data in the following table to use the access-policy command.
Variables Value
accesslevel <ro|rwa|rw> Configures the access level (ro, rw,rwa) or equivalent community stringdesignation (read-only, read/write, orread/write/all).
mode <allow|deny> Specifies whether a designatednetwork address is allowed or deniedaccess through the specified accessservice.The default setting is allow.
network <A.B.C.D> The IPv4 address/mask, or the IPv6address/prefix-length permitted, ordenied, access through the specifiedaccess service.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring access policies by MAC address 319
Configuring access policies by MAC addressConfigure access-policies by MAC address to allow or deny local MACaddresses on the network management port after an access policy isactivated. If the source MAC does not match a configured entry, then thedefault action is taken. A log message is generated to record the denialof access. For connections coming in from a different subnet, the sourcemac of the last hop is used in decision making. Configure access-policiesby MAC address does not perform MAC or Forwarding Database (FDB)filtering on data ports.
Access policies are changed from previous releases. Before you attemptto upgrade an access policy from a previous release, see Nortel EthernetRouting Switch 8600 Upgrades — Software Release 5.1 (NN46205-400).Configure access policy by MAC address by performing this procedure.
Prerequisites
• You must log on to the NNCLI Global Configuration mode.
Procedure steps
Step Action
1 Add the MAC address and configure the action for the policy byusing the following command:
access-policy by-mac <0x00:0x00:0x00:0x00:0x00:0x00>action <allow|deny>
--End--
Variable definitionsUse the data in the following table to use the access-policy by-maccommand.
Variables Value
<0x00:0x00:0x00:0x00:0x00:0x00>
Adds a MAC address to the policy.Enter the MAC address in hexadecimal format.
<allow|deny> Specifies the action to take for the designatedMAC address.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
320 System access configuration using the NNCLI
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
321.
Ethernet Routing Switch 8600 licensingfundamentals
This section provides conceptual information about the feature licensing forthe Nortel Ethernet Routing Switch 8600. Review this section before youmake changes to the license configuration.
Navigation• “Feature licensing” (page 321)
• “License type and part numbers” (page 323)
• “License certificates” (page 325)
• “License file generation” (page 325)
• “Working with feature license files” (page 325)
• “License transfer” (page 325)
Feature licensingEnabling features on a Ethernet Routing Switch 8600 requires thegeneration and installation of a license file that contains the authorizedMAC addresses of the switches that the license file will be installed on.
In addition to a Base Software License, the Ethernet Routing Switch 8600supports optional Advanced and Premier feature licenses to provideaccess to additional switch features contained within those licensinglevels. These licenses are purchased separately in the form of either anAdvanced License Kit or Premier License Kit. The Premier License Kitcontains all Advanced License Kit features. When you purchase eitheran Advanced License Kit or a Premier License Kit, all current and futurefeatures are covered under the license. If you currently have an AdvancedLicense Kit, there is no discounted price to move to a Premier LicenseKit, you must purchase a complete Premier License Kit. If you purchase
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
322 Ethernet Routing Switch 8600 licensing fundamentals
a Premier License Kit at any time, you are licensed for all features forthe life of the product. For more information, contact your Nortel salesrepresentative.
You must purchase one Base software license for each chassis to obtainaccess to those features.
Advanced and Premier License level features use a software-basedlicensing mechanism to unlock specific features.
You must specify the location of your license file in the boot configurationfile. If you do not specify the location of your license file, you canencounter issues with your licensed features. For more informationsee “Boot parameter configuration using the CLI” (page 43)and “Bootparameter configuration using the NNCLI” (page 81).
Advanced LicenseThe features enabled by the Advanced License are as follows:
• Border Gateway Protocol version 4 (BGP4) for more than 10 Peers
• Bidirectional Forwarding Detection
• IPv6 Routing
• Multicast Source Discovery Protocol (MSDP)
• Packet Capture function (PCAP)
Premier LicenseThe features enabled by the Premier License are as follows:
• All Advanced License features
• Virtual Routing and Forwarding, Lite version (VRF-Lite)
• Multi-Protocol Border Gateway Protocol (MP-BGP)
• IP-Virtual Private Network, Multi-Protocol Label Switching (RFC2547)(IP-VPN MPLS RFC2547)
• IP-Virtual Private Network-Lite (IP-VPN-Lite – IP in IP)
• Multicast virtualization for VRF-Lite (IGMP and PIM-SM/SSM)
The Premier License enables all licensed features on the Ethernet RoutingSwitch 8600.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
License type and part numbers 323
ATTENTIONNortel recommends that you purchase the Premier License if you anticipategrowth in your network. If you purchase the Advanced License, and laterrequire features available only if you have the Premier License, you must alsopurchase the Premier License. If you purchase the Premier License initially, youhave access to all features enabled by the Advanced License and the PremierLicense (there is no need to purchase the Advanced License separately).
You must purchase the Base software license for each chassis. You can installan Advanced or Premier License on each chassis after you have installed theBase software license, but the Advanced and Premier Licenses are optional.
Premier Trial LicenseThe Ethernet Routing Switch 8600 provides a trial period of 60 daysduring which you have access to all features. In the trial period you canconfigure all features without restriction, including system console and logmessages.
System console and log messages alert you to the expiry of the 60 daytrial period. The message Trial Period for Automatic PremierFeature usage will expire in ## days first appears when 30 daysof the trial period remain. You receive periodic notification until fewer than10 days remain in the trial period, at which point you receive notificationevery 24 hours until the expiry date.
At the end of the trial period, the following message appears:The automatic Premier feature trial period has now expired.Any Advanced or Premier features that were used or enabledwill continue to work but will be disabled after any switchreboot. Please buy the proper license if you wish tocontinue to use these features.This message is the last notification recorded.
The switch logs the preceding messages even if no license features areused or tested during the trial period. If any valid license is loaded on theswitch at any time, none of the preceding messages will be recorded.
License type and part numbersThe following table provides the part number for the various licensessupported on the Ethernet Routing Switch 8600.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
324 Ethernet Routing Switch 8600 licensing fundamentals
Table 31Supported licenses for the Ethernet Routing Switch 8600
Part number/Order code
License type and description Number of chassissupported
DS1410021 Ethernet Routing Switch 8600 Advanced LicenseKit for one chassis. Enabled features: BGP4(above 10 peers), IPv6 Routing, PCAP, MSDP,and BFD. (One license required per chassis.)
1
DS1410022 Ethernet Routing Switch 8600 Advanced LicenseKit for up to 10 chassis. Enabled features: BGP4(above 10 peers), IPv6 Routing, PCAP, MSDP,and BFD. (One license required per chassis.)
10
DS1410023 Ethernet Routing Switch 8600 Advanced LicenseKit for up to 50 chassis. Enabled features: BGP4(above 10 peers), IPv6 Routing, PCAP, MSDP,and BFD. (One license required per chassis.)
50
DS1410024 Ethernet Routing Switch 8600 Advanced LicenseKit for up to 100 chassis. Enabled features: BGP4,IPv6 Routing, PCAP, MSDP, and BFD. (Onelicense required per chassis.)
100
DS1410026 Ethernet Routing Switch 8600 Premier Licensekit for one chassis. Enabled features: AdvancedLicense features, plus, VRF-Lite, MP-BGP, IP-VPNMPLS RFC4364/2547, IP-VPN-Lite (IP-in-IP)and Multicast Virtualization for VRF-lite (IGMP,PIM-SM/SSM). (One license required per chassis.)
1
DS1410027 Ethernet Routing Switch 8600 Premier License Kitfor up to 10 chassis. Enabled features: AdvancedLicense features, plus, VRF-Lite, MP-BGP, IP-VPNMPLS RFC4364/2547, IP-VPN-Lite (IP-in-IP)and Multicast Virtualization for VRF-lite (IGMP,PIM-SM/SSM). (One license required per chassis.)
10
DS1410028 Ethernet Routing Switch 8600 Premier License Kitfor up to 50 chassis. Enabled features: AdvancedLicense features, plus, VRF-Lite, MP-BGP, IP-VPNMPLS RFC4364/2547, IP-VPN-Lite (IP-in-IP)and Multicast Virtualization VRF-lite (IGMP,PIM-SM/SSM). (One license required per chassis.)
50
DS1410029 Ethernet Routing Switch 8600 Premier License Kitfor up to 100 chassis. Enabled features: AdvancedLicense features, plus, VRF-Lite, MP-BGP, IP-VPNMPLS RFC4364/2547, IP-VPN-Lite (IP-in-IP)and Multicast Virtualization for VRF-lite (IGMP,PIM-SM/SSM). (One license required per chassis.)
100
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
License transfer 325
License certificatesEach Advanced or Premier License Kit contains a License Certificate witha License Authorization Code (LAC) that enables a specific number oflicenses for one or multiple Ethernet Routing Switch 8600 switches. EachEthernet Routing Switch 8600 switch requires and uses only one licensefile to unlock features associated with that license. A single license filecan contain up to 100 Base MAC addresses for installation on multipleEthernet Routing Switch 8600 switches.
The License Certificate has printed instructions detailing how to depositlicense entitlements (LACs) into a license bank, enter switch base MACaddresses and create the license file. It also has instructions on howto copy the license file onto each switch to unlock additional featuresassociated with a license.
License file generationAfter you purchase a license, you must generate the license file usingthe Nortel Electronic Licensing portal. The licensing portal works onthe concept of a license bank—an electronic repository for all licenseentitlements and licenses. License entitlements are deposited into yourlicense bank when you enter a License Authorization Code (LAC). TheLAC is provided on the License Certificate when you purchase the license.
The software license file is based on authorized chassis base MACaddresses. You can generate an individual license file with one or multiplechassis base MAC addresses. You can add additional MAC addresses tothe same license file at a later time, if required. A license file can supportup to 100 unique MAC addresses.
Working with feature license filesAfter you obtain the license file to enable Advanced or Premier Licensefeatures, you must install the license file on the switch to unlock theassociated licensed features. For an Ethernet Routing Switch 8600, alicense file must be loaded on the flash.
License transferFor information about transferring a license and obtaining an updatedlicense file for the Ethernet Routing Switch 8600, see “License transfer”(page 345).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
326 Ethernet Routing Switch 8600 licensing fundamentals
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
327.
Ethernet Routing Switch 8600 licensingGenerate and install license files to enable advanced and premier featureson your Nortel Ethernet Routing Switch 8600.
Prerequisites to Ethernet Routing Switch 8600 licensing• You must purchase the appropriate license for the additional
switch features. For more information, contact your Nortel salesrepresentative.
Ethernet Routing Switch 8600 licensing tasksThis work flows shows you the sequence of tasks you perform to configurelicensed features. To link to a task, go to “Ethernet Routing Switch 8600licensing navigation” (page 328).
Figure 6Licensing tasks
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
328 Ethernet Routing Switch 8600 licensing
Ethernet Routing Switch 8600 licensing navigation
• “Generating a license” (page 329)
• “Installing a license file using Device Manager” (page 333)
• “Installing a license file using the CLI” (page 337)
• “Installing a license file using the NNCLI” (page 341)
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
329.
License generationGenerate the license file you need to enable licensed features on thesystem. This task is independent of loading the license file on to theswitch.
Navigation• “Generating a license” (page 329)
Generating a licenseGenerate a license to enable licensed features on the switch by performingthis procedure.
Prerequisites
• You must have a purchased Ethernet Routing Switch 8600 license kitcontaining a License Certificate with a License Authorization Code(LAC).
• Before you generate a license file, you need to obtain the EthernetRouting Switch 8600 base MAC address that you want to enablelicensed features on. The base MAC address can be found by usingthe following CLI command:show sys info
You can also find the base MAC address by using the Nortel Networkscommand line interface (NNCLI) command:show sys-info
For sample output from these commands, see “Job aid” (page 332).
Procedure steps
Step Action
1 Go to the Nortel Electronic Licensing portal atwww.nortellicensing.com
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
330 License generation
2 Type your contact information in the required boxes.
3 Create a new license bank or provide details for an existinglicense bank to deposit licenses.
4 Select an E-mail notification option. Newly generated licensesare always sent to the nominated E-mail address.
5 Enter the License Authorization Code provided on the LicenseCertificate when you purchased the license.
6 Click Submit.
A new screen appears while the portal activates and depositsthe associated number of licenses in the license bank. Do notleave the page or close your Web browser. Upon successfulcompletion, a confirmation message appears.
7 Click Go to License Bank to Download license.
The License Bank screen appears and displays informationabout the License Authorization Code just activated.
8 Click Generate License.
The Generate License screen appears.
9 Enter the required details for the license file.
For additional information, see “Variable definitions” (page 330).
10 Click Generate License File.
A confirmation message appears. The license file is immediatelysent to the nominated E-mail address set up with the licensebank. You can choose to return to the license bank or log outfrom the licensing portal.
ATTENTIONThe license file is a compressed binary file. It is important that whiledownloading or saving this file, the browser does not automaticallydecompress this file.
--End--
Variable definitionsUse the data in the following table to complete the Generate licensescreen.
Variable Value
Switch MAC Address Specifies the base MAC address ofthe switch for which the license file isbeing generated. Follow the exampleformat displayed next to the entry box.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Generating a license 331
Variable Value
File Name of List of MAC Addresses Specifies the file name containingmultiple base MAC addresses of theswitches for which the license file isbeing generated. The file must bean ASCII text file and adhere to thefollowing rules:
• Each line must contain one MACaddress (use MS-DOS or UNIX lineending characters.
• The MAC addresses can be inlower or upper case charactersand must be in hexadecimal formatwith each pair (byte) separated bycolons (XX:XX:XX:XX:XX:XX).
• Do not use other characters orspaces.
• The file must contain the correctbase MAC addresses. Incorrectaddresses results in non-workinglicensed features.
• The number of MAC addressesmust not exceed the number oflicenses allowed for the LicenseAuthorization Code.
Output License File Name Specifies the name of the licensefile. The file name is limited to 63alphanumeric, lowercase characters.The underscore (_) character isallowed. Do not use spaces or specialcharacters. The filename must usea dot (.) with a three character fileextension. For example, license.dat.
ATTENTIONWhile a license file generated foran Ethernet Routing Switch 8600on the Nortel Licensing portal canbe created using any filename orextension, an Ethernet RoutingSwitch 8600 searches for a licensefilename with an extension of .datin its flash directory. Therefore,you need to ensure the destinationlicense file being copied to the
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
332 License generation
Variable Value
Ethernet Routing Switch 8600 has.dat as the file extension. Failureto do this results in Advanced orPremier features not being available.
User Comment 1 Provides a location for free-form,user-entered text related to the licensefile. For example, a location to assistin asset tracking.
User Comment 2 Provides a second location forfree-form, user-entered text relatedto the license file. For example, alocation to assist in asset tracking.
Job aidThe following shows sample output that is displayed when you use the CLIshow sys info command. You can also use the NNCLI show sys-infocommand to display the base MAC address.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
333.
License installation using DeviceManager
Install and manage a license file for the Nortel Ethernet Routing Switch8600, using Device Manager.
Navigation• “Installing a license file using Device Manager” (page 333)
Installing a license file using Device ManagerInstall a license file on an Ethernet Routing Switch 8600 to enable licensedfeatures by performing this procedure.
Prerequisites
• You must have the license file stored on a Trivial File Transfer Protocol(TFTP) server.
• Ensure that you have the correct license file with the base MACaddress of the Ethernet Routing Switch 8600 that you are installing thelicense on. Otherwise, system does not unblock the licensed features.
• If the Ethernet Routing Switch 8600 chassis has two SF/CPU modulesinstalled, you do not need to install the license file on the secondarySF/CPU. When you enable High Availability, the primary SF/CPUcopies the license vectors to the secondary SF/CPU during tablesynchronization and the trial period counters stop. The systemcopies the license file to the secondary SF/CPU when you save theconfiguration on the primary SF/CPU.
In warm-standby mode, license vectors are not synchronized with thesecondary SF/CPU. However, the system copies the license file tothe secondary SF/CPU when you save the configuration using thesaveRuntimeConfigtoSlave option.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
334 License installation using Device Manager
Procedure steps
Step Action
1 From the main Device Manager menu bar, select Edit, FileSystem.
The FileSystem dialog box appears with the Copy File tabdisplayed.
2 In the Source field, enter the IP address of the TFTP serverwhere the license file is located and the name of the license file.
3 In the Destination field, enter the flash device and the name ofthe license file.
The license file name must be lower case and have a fileextension of .dat.
4 In the Action field, select start.
5 Click Apply.
The license file is copied to the flash of the primary SF/CPUmodule. The status of the file copy is provided in the Result field.
6 From the main Device Manager menu bar, select Edit, Chassis.
The Chassis dialog box appears with the System tab displayed.
7 In ActionGroup1, select loadLicense.
8 Click Apply.
ATTENTIONIf the loading fails, the switch cannot unlock the licensed features andreverts to base functionality.
9 If you have two SF/CPU modules installed, you need to save theconfiguration so that the license file is copied to the secondarySF/CPU. From the Device Manager menu bar, choose Edit,Chassis. On the System tab, select saveRuntimeConfig fromActionGroup1, and then click Apply.
--End--
Variable definitionsUse the data in the following table when copying a license file with theCopy File tab.
Variable Value
Source Identifies the IPv4 address of the TFTP server and thename of the license file that you are copying.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Installing a license file using Device Manager 335
Variable Value
Destination Specifies the location and the name of the license filewhen copied to the SF/CPU. The destination file namemust be lower case and have a file extension of .dat. Forexample, /flash/bld100_8610adv.dat or /flash/license.dat.
Action Starts the copy process or cancels the copy process.
Result Specifies the result of the copy process:• none
• inProgress
• success
• fail
• invalidSource
• invalidDestination
• outOfMemory
• outOfSpace
• fileNotFound
Job aidThe following is an example of the FileSystem, Copy File tab filled in forcopying the license file from a TFTP server to the SF/CPU flash.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
336 License installation using Device Manager
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
337.
License installation using the CLIInstall and manage a license file for the Nortel Ethernet Routing Switch8600, using the command line interface (CLI).
Navigation• “Installing a license file using the CLI” (page 337)
• “Showing a license file using the CLI” (page 339)
Installing a license file using the CLIInstall a license file on an Ethernet Routing Switch 8600 to enable licensedfeatures by performing this procedure.
Prerequisites
• You must have the license file stored on a Trivial File Transfer Protocol(TFTP) server.
• Ensure that you have the correct license file with the base MACaddress of the Ethernet Routing Switch 8600 that you are installing thelicense on. Otherwise, system does not unblock the licensed features.
• If the Ethernet Routing Switch 8600 chassis has two SF/CPU modulesinstalled, you do not need to install the license file on the secondarySF/CPU. When you enable High Availability, the primary SF/CPUcopies the license vectors to the secondary SF/CPU during tablesynchronization and the trial period counters stop. The systemcopies the license file to the secondary SF/CPU when you save theconfiguration on the primary SF/CPU.
In warm-standby mode, license vectors are not synchronized with thesecondary SF/CPU. However, the system copies the license file to thesecondary SF/CPU when you save the configuration with the save tostandby flag set to true.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
338 License installation using the CLI
Procedure steps
Step Action
1 Install a license file by using the following command:
copy <a.b.c.d>:<srcfile> /flash/<destfile>
The following is an example of copying a license file from aTFTP server to the flash on an SF/CPU module of an EthernetRouting Switch 8600:
ERS-8610:5# copy 10.10.10.20:bld100_8610adv.lic/flash/bld100_8610adv.dat
2 Load the license file to unlock the licensed features.
config load-license
ATTENTIONIf the loading fails, or if the switch restarts and cannot locate a licensefile in the specified location, the switch cannot unlock the licensedfeatures and reverts to base functionality.
The following shows sample output that is displayed on theconsole when issuing a load-license command:
CPU5 [05/10/08 03:26:17] SW INFO Found serial number <00:19:69:7b:50:00> in file </flash/license.dat>
CPU5 [05/10/08 03:26:17] SW INFO LicenseSuccessfully Loaded From <license.dat> LicenseType -- PREMIER
3 Save the configuration.
save config
--End--
Variable definitionsUse the data in the following table to help you install a license with thecopy command.
Variable Value
<a.b.c.d> Specifies the IPv4 address of the TFTP serverwhere the license file is to be copied from.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Showing a license file using the CLI 339
Variable Value
<destfile> Specifies the name of the license file when copiedto the flash. The destination file name must belower case and have a file extension of .dat. Forexample, bld100_8610adv.dat or license.dat.
<srcfile> Specifies the name of the license file on theTFTP server. For example, bld100_8610adv.lic orlicense.dat.
Showing a license file using the CLIDisplay the existing software licenses on your switch by performing thisprocedure.
Procedure steps
Step Action
1 To display the existing software licenses on your switch, use thefollowing command:
show license
For samples of the output shown with this command, see “Jobaid” (page 339).
--End--
Job aidThe following shows two sample outputs for different licenses with theshow license command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
340 License installation using the CLI
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
341.
License installation using the NNCLIInstall and manage a license file for the Nortel Ethernet Routing Switch8600, using the Nortel Networks command line interface (NNCLI).
Navigation• “Installing a license file using the NNCLI” (page 341)
• “Showing a license file using the NNCLI” (page 343)
Installing a license file using the NNCLIInstall a license file on an Ethernet Routing Switch 8600 to enable licensedfeatures.
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
• You must have the license file stored on a Trivial File Transfer Protocol(TFTP) server.
• Ensure that you have the correct license file with the base MACaddress of the Ethernet Routing Switch 8600 that you are installing thelicense on. Otherwise, system does not unblock the licensed features.
• If the Ethernet Routing Switch 8600 chassis has two SF/CPU modulesinstalled, you do not need to install the license file on the secondarySF/CPU. When you enable High Availability, the primary SF/CPUcopies the license vectors to the secondary SF/CPU during table syncand the trial period countdown is stopped. This ensures that the runtime vectors of the primary and secondary SF/CPU are the same.When you save the configuration on the primary SF/CPU, the systemcopies the license file to the secondary SF/CPU.
In warm-standby mode, license vectors are not synchronized with thesecondary SF/CPU. However, the system copies the license file to thesecondary SF/CPU when you save the configuration with the save tostandby flag set to true.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
342 License installation using the NNCLI
Procedure steps
Step Action
1 Install a license file by using the following command:
copy <a.b.c.d>:<srcfile> /flash/<destfile>
The following is an example of copying a license file from aTFTP server to the flash on an SF/CPU module of an EthernetRouting Switch 8600:
ERS-8610:5# copy 10.10.10.20:bld100_8610adv.lic/flash/bld100_8610adv.dat
2 Load the license file to unlock the licensed features.
load-license
ATTENTIONIf the loading fails, or if the switch restarts and cannot locate a licensefile in the specified location, the switch cannot unlock the licensedfeatures and reverts to base functionality.
The following shows sample output that is displayed on theconsole when issuing a load-license command:
CPU5 [05/10/08 03:26:17] SW INFO Found serial number <00:19:69:7b:50:00> in file </flash/license.dat>
CPU5 [05/10/08 03:26:17] SW INFO LicenseSuccessfully Loaded From <license.dat> LicenseType -- PREMIER
3 Save the configuration.
save config
--End--
Variable definitionsUse the data in the following table to help you install a license with thecopy command.
Variable Value
<a.b.c.d> Specifies the IPv4 address of the TFTP serverwhere the license file is to be copied from.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Showing a license file using the NNCLI 343
Variable Value
<destfile> Specifies the name of the license file when copiedto the flash. The destination file name must belower case and have a file extension of .dat. Forexample, bld100_8610adv.dat or license.dat.
<srcfile> Specifies the name of the license file on theTFTP server. For example, bld100_8610adv.lic orlicense.dat.
Showing a license file using the NNCLIDisplay the existing software licenses on your switch.
Procedure steps
Step Action
1 To display the existing software licenses on your switch, use thefollowing command:
show license
For samples of the output displayed with this command, see “Jobaid” (page 343).
--End--
Job aidThe following shows two sample outputs for different licenses with theshow license command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
344 License installation using the NNCLI
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
345.
License transferTransfer a license and obtain an updated license file for Nortel EthernetRouting Switch 8600. You need to transfer a license in the followingscenarios:
• Due to a chassis failure, you replaced the switch with a replacementchassis that has a new base MAC address.
• You entered an incorrect base MAC address on the Nortel ElectronicLicensing portal during the license file generation process.
• You need to transfer the license to a different switch.
Transferring a licenseTransfer a license and obtain an updated license file for an EthernetRouting Switch 8600 by performing this procedure.
Prerequisites
• Before you transfer a license, you need to obtain the new replacementEthernet Routing Switch 8600 base MAC address. The base MACaddress can be found by using the following command line interface(CLI) command:show sys info
You can also find the base MAC address by using the Nortel Networkscommand line interface (NNCLI) command:show sys-info
Procedure steps
Step Action
1 Go to the Nortel Electronic Licensing portal atwww.nortellicensing.com
2 Click License Bank on the left menu.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
346 License transfer
3 Login to the License Bank by entering the License Bank nameand password.
4 Select the appropriate License Authorization Code (LAC) entryin the License Bank associated with the license type, and thenclick View Details.
Note that a License Bank can contain many different Licensetypes for different products. Therefore, it is important that youselect the correct LAC entry for the product and license typeto access the license file containing the MAC address youwant to replace. For example, if the Ethernet Routing Switch8600 base MAC address that is being replaced is running aPremier License, then select a Premier Licence LAC to view thetransaction for the license file containing the base MAC.
ATTENTIONMAC address replacements are allocated and limited on a per LACbasis. You can replace only one MAC address in a 1 or 10 licenseLAC entry. You can replace up to 5 or 10 MAC addresses for 50 or100 license LAC deposits, respectively.
5 Within the View Details screen, select a transaction that has thelicense file name in use on the Ethernet Routing Switch 8600that is being replaced.
The same license file name can appear in several transactions;choose any transaction that has the license file name that youneed to replace. The license file always contains the latest fulllist of MAC addresses.
6 Click Replace Switch.
The Replace Switch MAC screen appears displaying the name ofthe license file and the MAC addresses that it contains.
7 In the Enter Replacement Switch MAC Address box, type thenew base MAC address.
8 In the Select the Switch MAC Address to replace list, select theMAC address that you want to replace.
Before proceeding to the next step, ensure that you selectedthe correct MAC address to be replaced, and that the new baseMAC address is correct.
9 Click Replace Switch MAC.
A screen appears confirming the MAC address replacement. Thelicense file is immediately updated, however it is not sent to thenominated License Bank E-mail address.
If the MAC replacement limit reaches for the LAC, a messageis displayed and the MAC replacement fails. If this occurs, youneed to repeat this procedure with a different LAC entry in theLicense Bank. If there are no other LAC entries in the LicenseBank, contact Nortel Technical Support.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Transferring a license 347
10 Click Return to License Bank Details.
11 Locate the transaction with the license file that is updated withthe new MAC address, and then click Download.
A File Download window appears.
12 When prompted, click Save.
You can save the license file on the PC being used to accessthe license portal. After downloading the license file, you needto install it on the new switch.
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
348 License transfer
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
349.
NTP fundamentalsThis section provides conceptual material on the Network Time Protocol(NTP). Review this content before you make changes to the NTPconfiguration
Navigation• “Overview” (page 349)
• “NTP system implementation model” (page 350)
• “Time distribution within a subnet” (page 351)
• “Synchronization” (page 352)
• “NTP modes of operation” (page 352)
• “NTP authentication” (page 353)
OverviewThe Network Time Protocol (NTP) synchronizes the internal clocks ofvarious network devices across large, diverse networks to universalstandard time. NTP runs over the User Datagram Protocol (UDP), whichin turn runs over IP. The NTP specification is documented in Request ForComments (RFC) 1305.
Every network device relies on an internal system clock to maintainaccurate time. On local devices, the internal system clock is usually setby eye or by wristwatch to within a minute or two of the actual time andis rarely reset at regular intervals. Many local clocks are battery-backeddevices that use room temperature clock oscillators that can drift as muchas several seconds each day. NTP solves this problem by automaticallyadjusting the time of the devices so that they are synchronized within amillisecond (ms) on LANs and up to a few tens of milliseconds on WANsrelative to Coordinated Universal Time (UTC).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
350 NTP fundamentals
The current implementation of NTP supports only unicast client mode. Inthis mode, the NTP client, which is tailored to the limitations of the RealTime Clock (RTC) on the SF/CPU board (Dallas Semiconductors DS1307series), sends NTP time requests to other remote time servers in anasynchronous fashion. The NTP client collects four samples of time fromeach remote time server. A clock selection algorithm determines the bestserver among the selected samples based on stratum, delay, dispersionand the last updated time of the remote server. The RTC is adjusted to theselected sample from the chosen server.
NTP termsA peer is a device that runs NTP software. However, this implementationof NTP refers to peers as remote time servers that provide timeinformation to other time servers on the network and to the local NTPclient. An NTP client refers to the local network device, an EthernetRouting Switch 8600, that accepts time information from other remote timeservers.
NTP system implementation modelNTP is based on a hierarchical model that consists of a local NTP clientthat runs on the Ethernet Routing Switch 8600 and on remote timeservers. The NTP client requests and receives time information fromone or more remote time servers. The local NTP client reviews the timeinformation from all available time servers and synchronizes its internalclock to the time server whose time is most accurate. The NTP client doesnot forward time information to other devices running NTP.
Two types of time servers exist in the NTP model: primary time serversand secondary time servers. A primary time server is directly synchronizedto a primary reference source, usually a wire or radio clock that issynchronized to a radio station providing a standard time service. Theprimary time server is the authoritative time source in the hierarchy,meaning that it is the one true time source to which the other NTP devicesin the subnet synchronize their internal clocks.
A secondary time server uses a primary time server or one or moresecondary time servers to synchronize its time, forming a synchronizationsubnet, see Figure 7 "NTP time servers forming a synchronization subnet"(page 351). A synchronization subnet is a self-organizing, hierarchicalmaster-slave configuration with the primary servers at the root andsecondary servers of decreasing accuracy at successive levels.
Figure 7 "NTP time servers forming a synchronization subnet" (page351) shows NTP time servers forming a synchronization subnet.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Time distribution within a subnet 351
Figure 7NTP time servers forming a synchronization subnet
In the NTP model, the synchronization subnet automatically reconfigures ina hierarchical primary-secondary (master-slave) configuration to produceaccurate and reliable time, even if one or more primary time servers orthe path between them fails. This feature applies in a case in which allthe primary servers on a partitioned subnet fail, but one or more backupprimary servers continue to operate. If all of the primary time serversin the subnet fail, the remaining secondary servers synchronize amongthemselves.
Time distribution within a subnetNTP distributes time through a hierarchy of primary and secondaryservers, with each server adopting a stratum, see Figure 7 "NTP timeservers forming a synchronization subnet" (page 351). A stratum defineshow many NTP hops away a particular secondary time server is froman authoritative time source (primary time server) in the synchronizationsubnet. A stratum 1 time server is located at the top of the hierarchy and isdirectly attached to an external time source, typically a wire or radio clock;a stratum 2 time server receives its time through NTP from a stratum 1time server; a stratum 3 time server receives its time through NTP from astratum 2 time server, and so forth.
Each NTP client in the synchronization subnet chooses as its timesource the server with the lowest stratum number with which it isconfigured to communicate through NTP. This strategy effectively builds aself-organizing tree of NTP speakers. The number of strata is limited to 15to avoid long synchronization loops.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
352 NTP fundamentals
NTP avoids synchronizing to a remote time server whose time isinaccurate. NTP never synchronizes to a remote time server that is notitself synchronized. NTP compares the times reported by several remotetime servers.
SynchronizationUnlike other time synchronization protocols, NTP does not attempt tosynchronize the internal clocks of the remote time servers to each other.Rather, NTP synchronizes the clocks to universal standard time, using thebest available time source and transmission paths to that time source.
NTP uses the following criteria to determine the time server whose timeis best:
• The time server with the lowest stratum.
• The time server closest in proximity to the primary time server (reducesnetwork delays).
• The time server offering the highest claimed precision.
NTP accesses several (at least three) servers at the lower stratum levelbecause it can apply an agreement algorithm to detect a problem on thetime source.
NTP modes of operationNTP uses unicast client mode to enable time servers and NTP clients tocommunicate in the synchronization subnet. The Ethernet Routing Switch8600 supports only unicast client mode.
After you configure a set of remote time servers (peers), NTP creates a listthat includes each time server IP address. The NTP client uses this list todetermine the remote time servers to query for time information.
After the NTP client queries the remote time servers, the servers respondwith various timestamps, along with information about their clocks, such asstratum, precision, and time reference, see Figure 8 "NTP time serversoperating in unicast client mode" (page 353). The NTP client reviews thelist of responses from all available servers and chooses one as the bestavailable time source from which to synchronize its internal clock.
Figure 8 "NTP time servers operating in unicast client mode" (page353) shows how NTP time servers operate in unicast mode.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
NTP authentication 353
Figure 8NTP time servers operating in unicast client mode
NTP authenticationYou can authenticate time synchronization to ensure that the localtime server obtains its time services only from known sources. NTPauthentication adds a level of security to your NTP configuration. Bydefault, network time synchronization is not authenticated.
If you select authentication, the Ethernet Routing Switch 8600 uses theMessage Digest 5 (MD5) algorithm to produce a message digest of thekey. The message digest is created using the key and the message, butthe key itself is not sent. The MD5 algorithm verifies the integrity of thecommunication, authenticates the origin, and checks for timeliness.
To authenticate the message, the client authentication key must matchthat of the time server. Therefore, the authentication key must be securelydistributed in advance (the client administrator must obtain the key fromthe server administrator and configure it on the client).
While a server can know many keys (identified by many key IDs) it ispossible to declare only a subset of these as trusted. The time server usesthis feature to share keys with a client that requires authenticated time andthat trusts the server, but that is not trusted by the time server.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
354 NTP fundamentals
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
355.
NTP configuration using DeviceManager
This section describes how to configure the Network Time Protocol (NTP)using Device Manager.
Prerequisites to NTP configuration• Before you configure NTP, you must perform the following tasks:
— Configure an IP interface on the Ethernet Routing Switch 8600 andensure that the NTP server is reachable through this interface. Forinstructions, see Nortel Ethernet Routing Switch 8600 Configuration— IP Routing (NN46205-523).
— Ensure the Real Time Clock is present on the SF/CPU board.
ATTENTIONNTP server MD5 authentication does not support passwords (keys) that startwith a special character or that contain a space between characters.
NTP configuration proceduresThis task flow shows you the sequence of procedures you perform toconfigure basic elements of IP multicast routing. To link to a procedure,click on the procedure title in “NTP configuration navigation” (page 356).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
356 NTP configuration using Device Manager
Figure 9NTP configuration procedures
NTP configuration navigation
• “Enabling NTP globally ” (page 356)
• “Adding an NTP server ” (page 357)
• “Configuring authentication keys ” (page 359)
Enabling NTP globallyEnable NTP globally on the Ethernet Routing Switch 8600 by performingthis procedure. Default values are in effect for most NTP parameters.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Adding an NTP server 357
Procedure steps
Step Action
1 From the Device Manager menu bar, select Edit, NTP.
The NTP dialog box appears with the Globals tab displayed.
2 Select the Enable check box.
3 Click Apply.
--End--
Variable definitionsUse the data in the following table to configure the Globals tab.
Variable Value
Enable Activates (true) or disables (false) NTP.By default, NTP is disabled.
Interval Specifies the time interval (10–1440 minutes) between successiveNTP updates. The default interval is 15 minutes.
ATTENTIONIf NTP is already activated, this configuration does not take effectuntil you disable NTP, and then re-enable it.
Adding an NTP serverAdd a remote NTP server to the configuration by specifying its IP address.NTP adds this IP address to a list of servers, which the local NTP clientuses when it queries remote time servers for time information. The list ofqualified servers called to as a peer list.
You can configure a maximum of 10 time servers.Add an NTP server by performing this procedure.
Procedure steps
Step Action
1 From the Device Manager menu bar, select Edit, NTP.
The NTP dialog box appears with the Globals tab displayed.
2 Click the Server tab.
The Server tab appears.
3 Click Insert.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
358 NTP configuration using Device Manager
The NTP, Insert Server dialog box appears.
4 Specify the IP address of the NTP server.
5 Click Insert.
The IP address of the NTP server that you configured isdisplayed in the Server tab of the NTP dialog box.
--End--
Variable definitionsUse the data in the following table to configure the Server tab.
Variable Value
ServerAddress Specifies the IP address of the remote NTP server.
Enable Activates or disables the remote NTP server.
Authentication Activates or disables MD5 authentication on this NTPserver.MD5 produces a message digest of the key.MD5 verifies the integrity of the communication,authenticates the origin, and checks for timeliness.
The default is no MD5 authentication.
KeyId Specifies the key ID used to generate the MD5 digest forthis NTP server.You must specify a number between 1–214743647.The default is 0, which indicates that authentication isdisabled.
AccessAttempts Specifies the number of NTP requests sent to this NTPserver.
AccessSuccess Specifies the number of times this NTP server updated thetime.
AccessFailure Specifies the number of times this NTP server was rejectedwhile attempting to update the time.
Stratum This variable is the stratum of the server.
Version This variable is the NTP version of the server.
RootDelay This variable is the root delay of the server.
Precision This variable is the NTP precision of the server in seconds.
Reachable This variable is the NTP reach ability of the server.
Synchronized This variable is the status of synchronization with theserver.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring authentication keys 359
Configuring authentication keysAssign an NTP key to use MD5 authentication on the server by performingthis procedure.
Procedure steps
Step Action
1 From the Device Manager menu bar, select Edit, NTP.
The NTP dialog box appears with the Globals tab displayed.
2 Click the Key tab.
The Key tab appears.
3 Click Insert.
The NTP, Insert Key dialog box appears.
4 Click Insert.
The values that you specified for the key ID and the MD5 key IDare displayed in the Key tab of the NTP dialog box.
--End--
Variable definitionsUse the data in the following table to configure the Key tab.
Variable Value
KeyId This field is the key id used to generate the MD5 digest.You must specify a value between 1–214743647.The default value is 1, which indicates that authentication isdisabled.
KeySecret This field is the MD5 key used to generate the MD5 Digest.You must specify an alphanumeric string between 0–8
ATTENTIONYou cannot specify the number sign (#) as a value in theKeySecret field. The NTP server interprets the # as thebeginning of a comment and truncates all text entered afterthe #. This limitation applies to xntpd, the NTP daemon,version 3 or lower.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
360 NTP configuration using Device Manager
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
361.
NTP configuration using the CLIThis section describes how to configure the Network Time Protocol (NTP)using the command line interface (CLI).
Prerequisites to NTP configuration• Before you configure NTP, you must perform the following tasks:
— Configure an IP interface on the Ethernet Routing Switch 8600 andensure that the NTP server is reachable through this interface. Forinstructions, see Nortel Ethernet Routing Switch 8600 Configuration— IP Routing (NN46205-523).
— Ensure the Real Time Clock is present on the SF/CPU board.
ATTENTIONNTP server MD5 authentication does not support passwords (keys) that startwith a special character or that contain a space between characters.
NTP configuration proceduresThis task flow shows you the sequence of procedures you perform toconfigure the NTP. To link to a procedure, click on the procedure title in“NTP configuration navigation” (page 362).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
362 NTP configuration using the CLI
Figure 10NTP configuration procedures
NTP configuration navigation
• “Job aid” (page 363)
• “Enabling NTP globally” (page 363)
• “Adding an NTP server ” (page 364)
• “Configuring authentication keys ” (page 366)
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Enabling NTP globally 363
Job aidThe following table lists the commands and their parameters that you useto complete the procedures in this section.
Table 32Job aid
Command Parameter
enable <true|false>
info
config ntp
interval <value>
create <auth_key_value> <secret_key_value>
delete <auth_key_value>
<ID>
info
<IP address>
config ntp key
set <auth_key_value> <secret_key_value>
create <ipaddr> [enable <value>][auth <value>] [key <value>]
delete <ipaddr>
info
config ntp server
set <ipaddr> [enable <value>] [auth<value>] [key <value>]
Enabling NTP globallyEnable NTP globally. Default values are in effect for most parameters.You can customize NTP by modifying parameters.Enable NTP globally by performing this procedure.
Procedure steps
Step Action
1 Enable NTP globally by using the following command:
config ntp enable true interval <value>
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
364 NTP configuration using the CLI
Variable definitionsUse the data in the following table to use the config ntp command.
Variable Value
enable <true|false> Globally activates or disables NTP.The default is false.
info Specifies current NTP settings on this NTPserver.
interval <value> Specifies the time interval between successiveNTP updates.
value is the time interval expressed inminutes in a range from 10–1440.
The default is 15.
ATTENTIONIf NTP is already activated, this configurationdoes not take effect until you disable NTP,and then reenable it.
Example of enabling NTP globally
Step Action
1 Enable NTP :
ERS-8606:5# config ntp enable true
--End--
Adding an NTP serverAdd an NTP server or modify existing NTP server parameters byperforming this procedure. You can configure a maximum of 10 timeservers.
Procedure steps
Step Action
1 Add an NTP server by using the following command:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Adding an NTP server 365
config ntp server create <ipaddr> [enable <value>] [auth<value>] [key <value>]
--End--
Variable definitionsUse the data in the following table to use the config ntp servercommand.
Variable Value
create <ipaddr> [enable<value>] [auth <value>][key <value>]
Adds an NTP server.
• ipaddr is the IP address of the NTPserver. NTP adds this address to a list ofservers. The local NTP server consults thislist of servers for time information.
• enable value activates (true) or disables(false) the NTP server. The default isenable.
• auth value activates (true) or disables(false) MD5 authentication on thisNTP server. The default is no MD5authentication.
• key value specifies the key ID valueused to generate the MD5 digest for thisNTP server. The value range is an integerfrom 1–2147483647. The default value is0, which indicates that authentication isdisabled.
delete <ipaddr> Deletes the NTP server.
• ipaddr is the IP address of the NTPserver you want to delete.
info Specifies NTP server configuration settings onthe switch.
set <ipaddr> [enable<value>] [auth <value>][key <value>]
Use to modify NTP server parameters.
• ipaddr is the IP address of the NTPserver.
• enable value activates (true) or disables(false) the NTP server. The default isenable.
• auth value activates (true) or disables(false) MD5 authentication on this
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
366 NTP configuration using the CLI
Variable Value
NTP server. The default is no MD5authentication.
• key value specifies the key ID value usedto generate the MD5 digest for this NTPserver.
• The value range is an integer from1–2147483647. The default value is 0,which indicates that authentication isdisabled.
Example of adding an NTP server
Step Action
1 Add an NTP server:
ERS-8606:5# config ntp server create 47.140.53.187enable true
2 View the current configuration:
ERS-8606:5# config ntp serverERS-8606:5/config/ntp/server# info
Sub-Context:Current Context:create :Server Ip Enabled Auth Key Id 47.140.53.187 true false 0
delete : N/Aset : N/A
--End--
Configuring authentication keysConfigure NTP authentication keys to use MD5 authentication byperforming this procedure.
Procedure steps
Step Action
1 Create an authentication key by using the following command:
config ntp key create <auth_key_value> <secret_key_value>
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring authentication keys 367
2 Enable MD5 authentication for the server by using the followingcommand:
config ntp server set <IP address> auth true
3 Assign an authentication key to the server by using the followingcommand:
config ntp server set <IP address> key <ID>
--End--
Variable definitionsUse the data in the following table to use the config ntp key command.
Variable Value
create <auth_key_value><secret_key_value>
Adds an MD5 authentication key entryto the list where:
• auth_key_value is the keyID used to generate the MD5digest. Specify a value between1–2147483647. The default is 0.
• secret_key_value is the MD5key ID used to generate the MD5digest. Specify an alphanumericstring between 0–8 characters.
delete <auth_key_value> Delete an MD5 authentication keyentry from the list.
• auth_key_value is the key IDused to generate the MD5 digest.
<ID> Specifies the entry ID of theauthentication key to apply to theNTP server.
info Display NTP authentication keyconfiguration settings.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
368 NTP configuration using the CLI
Variable Value
<IP address> Specifies the IP address of the NTPserver for which you are enabling MD5authentication.
set <auth_key_value><secret_key_value>
Modifies a MD5 authentication keyvalue where:
• auth_key_value is the keyID used to generate the MD5digest. Specify a value between1–2147483647. The default is 0.
• secret_key_value is the MD5key ID used to generate the MD5digest. Specify an alphanumericstring between 0–8 characters.
Example of configuring an NTP authentication key
Step Action
1 Create the authentication key:
ERS-8606:5# config ntp keyERS-8606:5/config/ntp/key# create 5 18
2 Enable MD5 authentication for the NTP server:
ERS-8606:5#
config ntp server set 47.140.53.187 auth true
3 Assign an authentication key to the NTP server:
ERS-8606:5/config/ntp/server#
set 47.140.53.187 key 5
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
369.
NTP configuration using the NNCLIThis section describes how to configure the Network Time Protocol (NTP)using the Nortel Networks command line interface (NNCLI).
Prerequisites to NTP configuration• Unless otherwise stated, to perform the procedures in this section, you
must log on to the Global Configuration mode in the NNCLI. For moreinformation about using NNCLI, see Nortel Ethernet Routing Switch8600 User Interface Fundamentals (NN46205-308).
• Before you configure NTP, you must perform the following tasks:
— Configure an IP interface on the Ethernet Routing Switch 8600 andensure that the NTP server is reachable through this interface. Forinstructions, see Nortel Ethernet Routing Switch 8600 Configuration— IP Routing (NN46205-523).
— Ensure the Real Time Clock is present on the SF/CPU board.
ATTENTIONNTP server MD5 authentication does not support passwords (keys) that startwith a special character or that contain a space between characters.
NTP configuration proceduresThis task flow shows you the sequence of procedures you perform toconfigure NTP. To link to a procedure, click on the procedure title in “NTPconfiguration navigation” (page 370).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
370 NTP configuration using the NNCLI
Figure 11NTP configuration procedures
NTP configuration navigation
• “Job aid” (page 371)
• “Enabling NTP globally” (page 371)
• “Adding an NTP server ” (page 372)
• “Configuring authentication keys ” (page 373)
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Enabling NTP globally 371
Job aidThe following table lists the commands and their parameters that you useto complete the procedures in this section.
Table 33Job aid
Command Parameter
Global Configuration mode
authentication-key <1-2147483647><word>
ntp
interval <10-1440>
auth-enable
authentication-key <0-2147483647>
ntp server <A.B.C.D>
enable
Enabling NTP globallyEnable NTP globally. Default values are in effect for most parameters.You can customize NTP by modifying parameters.Enable NTP globally by performing this procedure.
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 Enable NTP globally by using the following command:
ntp interval <10-1440>
2 Create an authentication key by using the following command:
ntp authentication-key <1-2147483647> <word>
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
372 NTP configuration using the NNCLI
Variable definitionsUse the data in the following table to use the ntp command.
Variable Value
authentication-key<1-2147483647> <word>
Creates an authentication key for MD5authentication.To set this option to the default value, use thedefault operator with the command.
interval <10-1440> Specifies the time interval, in minutes, betweensuccessive NTP updates.
• interval is expressed as an integer in arange from 10–1440
The default value is 15.To set this option to the default value, use thedefault operator with the command.
ATTENTIONIf NTP is already activated, this configurationdoes not take effect until you disable NTP,and then re-enable it.
Adding an NTP serverAdd an NTP server or modify existing NTP server parameters byperforming this procedure. You can configure a maximum of 10 timeservers.
Prerequisites
• You must log on to the NNCLI Global Configuration mode.
Procedure steps
Step Action
1 Add an NTP server by using the following command:
ntp server <A.B.C.D>
2 Configure additional options for the NTP server by using thefollowing command:
ntp server <A.B.C.D> [auth-enable] [authentication-key<0-2147483647>] [enable]
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring authentication keys 373
Variable definitionsUse the data in the following table to use the ntp server command.
Variable Value
auth-enable Activates MD5 authentication on this NTPserver.The default is no MD5 authentication.To set this option to the default value, use thedefault operator with the command.
authentication-key<0-2147483647>
Specifies the key ID value used to generatethe MD5 digest for the NTP server.The value range is an integer from1–2147483647.The default value is 0, which indicates disabledauthentication.To set this option to the default value, use thedefault operator with the command.
enable Activates the NTP server.To set this option to the default value, use thedefault operator with the command.
Example of adding an NTP server
Step Action
1 Add an NTP server:
ERS-8606:5(config)# ntp server 47.140.53.187
--End--
Configuring authentication keysConfigure NTP authentication keys to use MD5 authentication byperforming this procedure.
Prerequisites
• You must log on to the NNCLI Global Configuration mode.
Procedure steps
Step Action
1 Create an authentication key by using the following command:
ntp authentication-key <1-2147483647> <word>
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
374 NTP configuration using the NNCLI
2 Enable MD5 authentication for the server by using the followingcommand:
ntp server <A.B.C.D> auth-enable
3 Assign an authentication key to the server by using the followingcommand:
ntp server <A.B.C.D> authentication-key <0-2147483647>
--End--
Example of configuring an NTP authentication key
Step Action
1 Create the authentication key:
ERS-8606:5(config)# ntp authentication-key 5 test
2 Enable MD5 authentication for the NTP server:
ERS-8606:5(config)#ntp server 47.140.53.187auth-enable
3 Assign an authentication key to the NTP server:
ERS-8606:5(config)#ntp server 47.140.53.187authentication-key 5
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
375.
DNS fundamentalsThis section provides conceptual material on the Domain Name Service(DNS) implementation for the Nortel Ethernet Routing Switch 8600.Review this content before you make changes to the configurable DNSoptions.
Navigation• “DNS client” (page 375)
DNS clientEvery equipment interface connected to a Transmission Control Protocolover IP (TCP/IP) network is identified with a unique IP address. You canassign a name to every machine that uses an IP address. The TCP/IPdoes not require the usage of names, but these names make the taskeasier for network managers in the following ways:
• An IP client can contact a machine with its name, which is converted toan IP address, based on a mapping table. All applications that use thisspecific machine are not dependent on the addressing scheme.
• It is easier to remember a name than a full IP address.
To establish the mapping between an IP name and an IP address you usethe Domain Name Service (DNS). DNS is a hierarchical database thatyou can distribute on several servers for backup and load sharing. Afteryou add a new hostname, update this database. The information is sentto all the different hosts. An IP client that resolves the mapping betweenthe hostname and the IP address sends a request to one of the databaseservers to resolve the name.
After you establish the mapping of IP name and IP address, the applicationis modified to use a hostname instead of an IP address. The switchconverts the hostname to an IP address.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
376 DNS fundamentals
If the entry for translating the hostname to IP address is not found in thehost file, the switch queries the configured DNS server for the mappingfrom hostname to IP address. You can configure connections for up tothree different DNS servers—primary, secondary and tertiary. First theprimary server is queried, and then the secondary, and finally the tertiary.
Ping, Telnet, and copy applications are modified. You can either entera hostname or an IP address for invoking Ping, Telnet, and copyapplications.
The DNS query to remote host is not performed if the application isinvoked from the boot monitor. Only the /etc/hosts file lookup is performedfor translating the hostname to IP address when invoked from the bootmonitor.
In non-HA mode, you can configure a separate DNS server for master andslave SF/CPUs. In HA mode, you can configure a DNS server only fromthe master SF/CPU.
A log/debug report is generated for all the DNS requests sent to DNSservers and all successful DNS responses received from the DNS servers.
Nortel does not provide a default hosts file on the system. The format issimilar to the one used in a Uniplexed Information and Computing Service(UNIX) workstation. Use the editor provided on the system to create, save,or modify such a file.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
377.
DNS configuration using DeviceManager
This section describes how to configure the Domain Name Service (DNS)using Device Manager.
Navigation• “Configuring the DNS client ” (page 377)
• “Querying the DNS host” (page 378)
Configuring the DNS clientUse the DNS client to establish the mapping between an IP name and anIP address.
You can configure connections for up to three different DNSservers—primary, secondary and tertiary. First the primary server isqueried, and then the secondary, and finally the tertiary.Configure DNS client by performing this procedure.
Procedure steps
Step Action
1 From the Device Manager menu bar, choose Edit, Diagnostics,DNS.
The DNS dialog box appears with the DNS Host tab visible.
2 Click the DNS Servers tab.
The DNS Servers tab appears.
3 Click Insert.
The DNS, Insert DNS Servers tab appears.
4 In the DnsServerListType box, select the DNs server type.
5 In the DnsServerListAddressType box, select the IP version.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
378 DNS configuration using Device Manager
6 In the DnsServerListAddress box, enter the DNS server IPaddress.
7 Click Insert.
--End--
Variable definitionsUse the data in the following table to configure the DNS Servers tab.
Variable Value
DnsServerListType Configures the DNS server as primary,secondary, or tertiary.
DnsServerListAddressType Configures the DNS server address type asIPv4 or IPv6.
DnsServerListAddress Specifies the DNS server address.
• ipaddress in a.b.c.d format configuresthe IPv4 address.
• ipv6address in hexadecimal format(string length 0–46) configures the IPv6address.
DnsServerListStatus Specifies the status of the DNS server.
DnsServerListRequestCount Specifies the number of requests sent to theDNS server.
DnsServerListSuccessCount Specifies the number of successful requestssent to the DNS server.
Querying the DNS hostQuery the DNS host for information about host addresses.
You can enter either a hostname or an IP address. If you enter thehostname, this command shows the IP address corresponding to thehostname and if you enter an IP address, this command shows thehostname for the IP address.Query the DNS host by performing this procedure.
Procedure steps
Step Action
1 From the Device Manager menu bar, choose Edit, Diagnostics,DNS.
The Dns dialog box appears with the DNS Host tab visible.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Querying the DNS host 379
2 In the HostData text box, enter the DNS host name or IPaddress.
3 Click the Query button.
--End--
Variable definitionsUse the data in the following table to use the DNS Host tab.
Variable Value
HostData Identifies the host name or host IP address.This variable is a read-only field.
HostName Identifies the host name.This variable is a read-only field.
HostAddressType Identifies the address type of the host.
HostAddress Identifies the host IP address.This variable is a read-only field.
HostSource Identifies the DNS server IP or host file.This variable is a read-only field.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
380 DNS configuration using Device Manager
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
381.
DNS configuration using the CLIThis section describes how to configure the Domain Name Service (DNS)client using the command line interface (CLI).
Navigation• “Job aid” (page 381)
• “Configuring the DNS client” (page 382)
• “Querying the DNS host” (page 384)
Job aidThe following table lists the commands and their parameters that you useto complete the procedures in this section.
Table 34Job aid
Command Parameter
info
delete <primary|secondary|tertiary>
domain-name <domain-name>
primary-create <IPAddress|IPv6Address>
secondary-create <IPAddress|IPv6Address>
config sys dns
tertiary-create <IPAddress|IPv6Address>
show host <hostname|ipaddress|ipv6address>
show sys dns
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
382 DNS configuration using the CLI
Configuring the DNS clientConfigure the Domain Name Service to establish the mapping between anIP name and an IP address.
You can configure connection for up to three different DNSservers—primary, secondary and tertiary. First the primary server isqueried, and then the secondary, and finally the tertiary.Configure DNS client by performing this procedure.
Procedure steps
Step Action
1 Configure the DNS client by using the following command:
config sys dns domain-name <domain-name> primary-create<IPAddress|IPv6Address>
2 Optionally, add addresses for additional DNS servers by usingthe following command:
config sys dns domain-name <domain-name> secondary-create <IPAddress|IPv6Address> tertiary-create<IPAddress|IPv6Address>
3 View the DNS client system status by using the followingcommand:
show sys dns
--End--
Variable definitionsUse the data in the following table to use the config sys dns command.
Variable Value
delete <primary| secondary|tertiary>
Deletes the IP address of the specifiedprimary, secondary, or tertiary DNSserver.
domain-name <domain-name> Configures the default domain name.
• domain-name is a string 0–255characters.
info Specifies the list of DNS servers, withthe status (active/inactive).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Configuring the DNS client 383
Variable Value
primary-create <IPAddress|IPv6Address>
Configures the primary DNS serveraddress.
• IPAddress in a.b.c.d formatconfigures the IP address
• IPv6Address in hexadecimalformat (string length 0–46)configures the IPv6 address
secondary-create <IPAddress|IPv6Address>
Configures the secondary DNS serveraddress.
• IPAddress in a.b.c.d formatconfigures the IP address
• IPv6Address in hexadecimalformat (string length 0–46)configures the IPv6 address
tertiary-create <IPAddress|IPv6Address>
Configures the tertiary DNS serveraddress.
• IPAddress in a.b.c.d formatconfigures the IP address
• IPv6Address in hexadecimalformat (string length 0–46)configures the IPv6 address
Job aidFigure 12 "Job aid" (page 384) shows sample output for the show sysdns command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
384 DNS configuration using the CLI
Figure 12Job aid
Querying the DNS hostQuery the DNS host for information about host addresses.
You can enter either a hostname or an IP address. If you enter thehostname, this command shows the IP address corresponding to thehostname and if you enter an IP address, this command shows thehostname for the IP address.Query the DNS host by performing this procedure.
Procedure steps
Step Action
1 View the host information by using the following command:
show host <hostname|ipaddress|ipv6address>
--End--
Variable definitionsUse the data in the following table to use the show host command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Querying the DNS host 385
Variable Value
hostname Specifies the name of the host DNSserver as a string of 0–255 characters.
ipaddress Specifies the IP address of the hostDNS server in a.b.c.d format.
ipv6address Specifies the IPv6 address of the hostDNS server in hexadecimal format(string length 0–46).
Job aidFigure 13 "Job aid" (page 385) shows sample output for the show hostcommand.
Figure 13Job aid
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
386 DNS configuration using the CLI
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
387.
DNS configuration using the NNCLIThis section describes how to configure the Domain Name Service (DNS)client using the Nortel Networks command line interface (NNCLI).
Prerequisites to DNS configuration• Unless otherwise stated, to perform the procedures in this section, you
must log on to the Global Configuration mode in the NNCLI. For moreinformation about using NNCLI, see Nortel Ethernet Routing Switch8600 User Interface Fundamentals (NN46205-308).
Navigation• “Job aid” (page 387)
• “Configuring the DNS client” (page 388)
• “Querying the DNS host” (page 389)
Job aidThe following table lists the commands and their parameters that you useto complete the procedures in this section.
Table 35Job aid
Command Parameter
Privileged EXEC mode
show hosts <word>
show ip dns
Global Configuration mode
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
388 DNS configuration using the NNCLI
Table 35Job aid (cont’d.)
Command Parameter
ip domain-name <word>
primary <word>
secondary <word>
ip name-server
tertiary <word>
Configuring the DNS clientConfigure the Domain Name Service to establish the mapping between anIP name and an IP address.
You can configure connection for up to three different DNSservers—primary, secondary and tertiary. First the primary server isqueried, and then the secondary, and finally the tertiary.Configure DNS client by performing this procedure.
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 Configure the DNS client by using the following command:
ip domain-name <word>
2 Optionally, add addresses for additional DNS servers by usingthe following command:
ip name-server primary <word> [secondary <word>][tertiary <word>]
3 View the DNS client system status by using the followingcommand:
show ip dns
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Querying the DNS host 389
Variable definitionsUse the data in the following table to use the ip domain-name and ipname-server commands.
Variable Value
domain-name <word> Configures the default domain name.
• word is a string 0–255 characters.
primary <word> Configures the primary DNS serveraddress. Enter the IP address ina.b.c.d format for IPv4 or hexadecimalformat (string length 0–46) for IPv6.
secondary <word> Configures the secondary DNS serveraddress. Enter the IP address ina.b.c.d format for IPv4 or hexadecimalformat (string length 0–46) for IPv6.
tertiary <word> Configures the tertiary DNS serveraddress. Enter the IP address ina.b.c.d format for IPv4 or hexadecimalformat (string length 0–46) for IPv6.
Querying the DNS hostQuery the DNS host for information about host addresses.
You can enter either a hostname or an IP address. If you enter thehostname, this command shows the IP address corresponding to thehostname and if you enter an IP address, this command shows thehostname for the IP address.Query the DNS host by performing this procedure.
Prerequisites
• You must log on to the Privileged EXEC mode in the NNCLI.
Procedure steps
Step Action
1 View the host information by using the following command:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
390 DNS configuration using the NNCLI
show hosts <word>
--End--
Variable definitionsUse the data in the following table to use the show hosts command.
Variable Value
word Specifies one of the following:• the name of the host DNS server
as a string of 0–255 characters.
• the IP address of the host DNSserver in a.b.c.d format.
• the IPv6 address of the host DNSserver in hexadecimal format(string length 0–46).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
391.
Multicast group ID fundamentalsThis section provides conceptual material on the expansion of themulticast group ID (MGID) for the Ethernet Routing Switch 8600. Reviewthis content before you make changes to the MGID reservation.
Navigation• “Introduction” (page 391)
• “Expansion” (page 391)
IntroductionThe MGID is a hardware mechanism the switch uses to send data toseveral ports simultaneously. Instead of sending the data to a specific portnumber, the data is directed to an MGID. The switch maintains a tablethat maps MGIDs to their member ports. Both virtual LAN (VLAN) and IPmulticast (IPMC) use MGIDs. The system also reserves a small number ofMGIDs.
Generally, each VLAN requires one MGID, though more are required incertain situations, such as if IST is enabled on the system; or in certainchassis modes if the VLAN is associated with an MLT. Several IPMCstreams can use a single MGID but performance begins to suffer aftermore than eight streams use one MGID.
Nortel Ethernet Routing Switch 8600 Release 4.1 provides 2048 MGIDssplit between system, VLAN, and IPMC use. Release 4.1 uses a fixedrange of 64, from 64 to 127, of those MGIDs for IPMC.
ExpansionRelease 5.1 expands the total number of MGIDs to 4096, still split betweensystem, VLAN, and IPMC. MGID expansion provides support for moreVLANs and higher performance for IPMC.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
392 Multicast group ID fundamentals
MGID expansion provides a maximum VLAN mode. If you configuremaximum VLAN mode, every available MGID, except system-usedMGIDs, is used for VLANs; no IPMC traffic occurs. The system supports amaximum of 4084 VLANs.
If you do not configure the maximum VLAN mode, you can reserve MGIDsfor IPMC. You can reserve between 64 and 4084 MGIDs for IPMC. Thedefault for IPMC is 2048.
MGID expansion is available in R mode only and requires an 8692SF/CPU. If the switch does not operate in R mode, the switch usesthe same MGID allocation as if it is running Release 4.1 software. Thefollowing figure illustrates MGID allocation in various modes and releases.
Figure 14MGID allocation map
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
393.
Multicast group ID reservation usingDevice Manager
This section provides procedures to create multicast group ID (MGID)reservations using Device Manager.
Navigation• “Enabling maximum VLAN mode” (page 393)
• “Reserving MGIDs for IPMC” (page 394)
Enabling maximum VLAN modeEnable maximum VLAN mode to use all available MGIDs for VLANs. NoIP multicast (IPMC) traffic transmits if you enable maximum VLAN mode.Enable maximum VLAN mode by performing this procedure.
Procedure steps
Step Action
1 From the Device Manager menu bar, select Edit, Chassis.
The Chassis dialog box appears with the System tab displayed.
2 Click the MGID Expansion tab.
3 For NewMaxVlanResourceReservation, select Enable.
4 Click Apply.
--End--
Variable definitionsUse the data in the following tab to configure the Chassis, MGIDExpansion tab.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
394 Multicast group ID reservation using Device Manager
Variable Value
NewMulticastResourceReservation Specifies the number of MGIDs toreserve for IPMC traffic. Select fromthe range of 64–4084. The defaultvalue is 2048.You cannot configure this option ifmaximum VLAN mode is activated.
MulticastResourceReservation Specifies the current IPMC MGIDreservation. The default value is 2048.
NewMaxVlanResourceReservation Activates or disables the maximumVLAN mode for MGID use.The default is disabled.
MaxVlanResourceReservation Specifies the current configurationstatus of maximum VLAN mode.The default is disabled.
UsageVlanCurrent Specifies the number of MGIDscurrently in use by VLANs.The default value is 1.
UsageVlanRemaining Specifies the number of VLANreserved MGIDs still available.The default value is 1972.
UsageMulticastCurrent Specifies the number of MGIDscurrently in use by IPMC.The default value is 0.
UsageMulticastRemaining Specifies the number of IPMCreserved MGIDs still available.The default value is 64.
Reserving MGIDs for IPMCReserve MGIDs for IPMC to increase the number of IPMC traffic streamssupported on the system by performing this procedure.
Procedure steps
Step Action
1 From the Device Manager menu bar, select Edit, Chassis.
The Chassis dialog box appears with the System tab displayed.
2 Click the MGID Expansion tab.
3 In NewMulticastResourceReservation, type the number ofMGIDs to reserve for IPMC.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Reserving MGIDs for IPMC 395
4 Click Apply.
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
396 Multicast group ID reservation using Device Manager
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
397.
Multicast group ID reservation usingthe CLI
This section provides procedures to create multicast group ID (MGID)reservations using the command line interface (CLI).
Navigation• “Job aid” (page 397)
• “Enabling maximum VLAN mode” (page 397)
• “Reserving MGIDs for IPMC” (page 398)
Job aidThe following table lists the commands and their parameters that you useto complete the procedures in this section.
Table 36Job aid
Command Parameter
config sys set max-vlan-resource-reservation
<enable|disable>
config sys set multicast-resource-reservation <value>
Enabling maximum VLAN modeEnable maximum VLAN mode to use all available MGIDs for VLANs. NoIP multicast (IPMC) traffic transmits if you enable maximum VLAN mode.Enable maximum VLAN mode by performing this procedure.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
398 Multicast group ID reservation using the CLI
Procedure steps
Step Action
1 Enable maximum VLAN mode by using the following command:
config sys set max-vlan-resource-reservation enable
--End--
Reserving MGIDs for IPMCReserve MGIDs for IPMC to increase the number of IPMC traffic streamssupported on the system by performing this procedure.
Procedure steps
Step Action
1 Reserve MGIDs for IPMC by using the following command:
config sys set multicast-resource-reservation <value>
--End--
Variable definitionsUse the data in the following table to use theconfig sys setmulticast-resource-reservation command.
Variable Value
value Specifies the number of MGIDs toreserve for IPMC traffic. Select fromthe range of 64–4083. The defaultvalue is 2048.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
399.
Multicast group ID reservation usingthe NNCLI
This section provides procedures to create multicast group ID (MGID)reservations using the Nortel Networks command line interface (NNCLI).
Prerequisites to multicast group ID reservation• To perform the procedures in this section, you must log on to the
Global Configuration mode in the NNCLI. For more information aboutusing NNCLI, see Nortel Ethernet Routing Switch 8600 User InterfaceFundamentals (NN46205-308).
Navigation• “Job aid” (page 399)
• “Enabling maximum VLAN mode” (page 400)
• “Reserving MGIDs for IPMC” (page 400)
Job aidThe following table lists the commands and their parameters that you useto complete the procedures in this section.
Table 37Job aid
Command
Global Configuration mode
sys max-vlan-resource-reservation
sys multicast-resource-reservation <value>
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
400 Multicast group ID reservation using the NNCLI
Enabling maximum VLAN modeEnable maximum VLAN mode to use all available MGIDs for VLANs. NoIP multicast (IPMC) traffic transmits if you enable maximum VLAN mode.Enable maximum VLAN mode by performing this procedure.
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 Enable maximum VLAN mode by using the following command:
sys max-vlan-resource-reservation
--End--
Reserving MGIDs for IPMCReserve MGIDs for IPMC to increase the number of IPMC traffic streamssupported on the system by performing this procedure.
Prerequisites
• You must log on to the Global Configuration mode in the NNCLI.
Procedure steps
Step Action
1 Reserve MGIDs for IPMC by using the following command:
sys multicast-resource-reservation <value>
--End--
Variable definitionsUse the data in the following table to use thesys multicast-resource-reservation command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Reserving MGIDs for IPMC 401
Variable Value
value Specifies the number of MGIDs toreserve for IPMC traffic. Select fromthe range of 64–4083. The defaultvalue is 2048.To set this option to the default value,use the default operator with thecommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
402 Multicast group ID reservation using the NNCLI
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
403.
Common procedures using DeviceManager
The following section describes common procedures that you use whileconfiguring and monitoring the Ethernet Routing Switch 8600 operations.
Navigation• “Showing the MTU for the system” (page 403)
• “Showing the MTU for each port” (page 404)
• “Viewing topology status information” (page 404)
• “Viewing the MIB status” (page 405)
• “Displaying flash memory and PCMCIA information for the system”(page 406)
• “Displaying flash file information for a specific SF/CPU” (page 407)
• “Displaying flash file information for the system” (page 408)
• “Displaying PCMCIA file information for a specific SF/CPU” (page 408)
• “Displaying PCMCIA file information for the system” (page 409)
• “Copying a PCMCIA or flash file” (page 409)
Showing the MTU for the systemShow the MTU configured for the entire system by performing thisprocedure.
Procedure steps
Step Action
1 From the Device Manager menu bar, choose Edit, Chassis.
The System dialog box appears with the System tab displayed.
2 Click on the Chassis tab.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
404 Common procedures using Device Manager
The Chassis dialog box appears with the Chassis tab displayed.
3 Make sure that 9600 is selected for MTU size.
--End--
Showing the MTU for each portShow the MTU for each port by performing this procedure.
Procedure steps
Step Action
1 From the Device View, click the port for which you want todisplay information.
To select more than one port, click the first port. Then, whilepressing the Ctrl key, click on the ports for which you want todisplay information.
2 From the Device Manager menu bar, choose Edit, Port, General– Global Router (vrf 0).
The Port dialog box appears with the Interface tab displayed.
3 Examine the MTU box to verify the MTU size for each port.
--End--
Viewing topology status informationView topology status information (which includes Nortel Management MIBstatus information) by performing this procedure.
Procedure steps
Step Action
1 From the Device Manager menu bar, choose Edit, Diagnostics,Topology.
The Topology dialog box appears with the Topology tab visible.
For a description of the topology status information, see“Variable definitions” (page 404).
--End--
Variable definitionsThe following table describes the Topology tab fields.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Viewing the MIB status 405
Variable Value
IpAddr Specifies the IP address of the device.
Status Indicates whether Nortel topology is on or off for thedevice.
NmmLstChg Specifies the value of sysUpTime, the last time anentry in the network management MIB (NMM) topologytable was added, deleted, or modified, if the table didnot change since the last cold or warm start of theagent.
NmmMaxNum Specifies the maximum number of entries in the NMMtopology table.
NmmCurNum Specifies the current number of entries in the NMMtopology table.
Viewing the MIB statusView MIB status (which includes topology message status) by performingthis procedure.
Procedure steps
Step Action
1 From the Device Manager menu bar, choose Edit, Diagnostics,Topology.
The Topology dialog box appears with the Topology tabdisplayed.
2 Click the Topology Table tab.
The Topology Table tab appears.
For a description of the topology table, see “Variable definitions”(page 405).
--End--
Variable definitionsThe following table describes the Topology Table fields.
Variable Value
Slot Specifies the slot number in the chassis that receivedthe topology message.
Port Specifies the port that received the topology message.
IpAddr Specifies the IP address of the sender of the topologymessage.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
406 Common procedures using Device Manager
Variable Value
SegId Specifies the segment identifier of the segment fromwhich the remote agent sent the topology message.This value is extracted from the message.
MacAddr Specifies the MAC address of the sender of thetopology message.
ChassisType Specifies the chassis type of the device that sent thetopology message.
BkplType Specifies the backplane type of the device that sent thetopology message.
LocalSeg Indicates if the sender of the topology message is onthe same Ethernet segment as the reporting agent.
CurState Specifies the current state of the sender of the topologymessage. The choices are:
• topChanged—Topology information recentlychanged.
• heartbeat—Topology information is unchanged.
• new—The sending agent is in a new state.
Displaying flash memory and PCMCIA information for the systemDisplay the amount of memory used and available for both onboard flashmemory and an installed Personal Computer Memory Card InternationalAssociation (PCMCIA) card, as well as the number of files in each location.Display flash memory and PCMCIA information for the system byperforming this procedure.
Procedure steps
Step Action
1 From the Device Manager menu bar, choose Edit , File System.
The Filesystem dialog box appears with the Copy File tabdisplayed.
2 Click the Device Info tab.
The Device Info tab appears.
--End--
Variable definitionsUse the data in the following table to use the Device Info tab.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Displaying flash file information for a specific SF/CPU 407
Variable Value
Slot Specifies the slot number of the SF/CPU module.
FlashBytesUsed Specifies the number of bytes used in flashmemory.
FlashBytesFree Specifies the number of bytes available for use inflash memory.
FlashNumFiles Specifies the number of files in flash memory.
PcmciaBytesUsed Specifies the number of bytes used on thePCMCIA card.
PcmciaBytesFree Specifies the number of bytes available for use onthe PCMCIA card.
PcmciaNumFiles Specifies the number of files on the PCMCIA card.
PcmciaAction Used to reset the PCMCIA card.
Result Specifies the result of the PCMCIA action.
Displaying flash file information for a specific SF/CPUDisplay information about the files in flash memory for a specific SF/CPUmodule to view general file information by performing this procedure.
Procedure steps
Step Action
1 Select an SF/CPU module.
2 From the Device Manager menu bar, choose Edit, Card.
The Card dialog box appears with the Card tab displayed.
3 Click the Flash Files tab.
The Flash Files tab appears.
--End--
Variable definitionsUse the data in the following table to use the Card, Flash Files tab.
Variable Value
Name Specifies the directory name of the flash file.
DateSpecifies the creation or modification date of the flashfile.
Size Specifies the size of the flash file.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
408 Common procedures using Device Manager
Displaying flash file information for the systemDisplay information about the files in flash memory for all SF/CPU modulesto view general file information by performing this procedure.
Procedure steps
Step Action
1 From the Device Manager menu bar, choose Edit, File System.
2 Click the Flash Files tab.
--End--
Variable definitionsUse the data in the following table to use the Flash Files tab.
Variable Value
Slot Specifies the slot number of the SF/CPU module.
Name Specifies the name of the flash file.
Date Specifies the creation or modification date and time ofthe Flash file.
Size Specifies the size of the flash file in bytes.
Displaying PCMCIA file information for a specific SF/CPUDisplay information about the files stores in the PCMCIA card for aspecific SF/CPU module to view general file information by performingthis procedure.
Procedure steps
Step Action
1 Select an SF/CPU card.
2 From the Device Manager menu bar, choose Edit, Card.
The Card dialog box appears with the Card tab displayed.
3 Click the PCMCIA Files tab.
The PCMCIA Files tab appears.
--End--
Variable definitionsUse the data in the following table to use the Card, PCMCIA Files tab.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Copying a PCMCIA or flash file 409
Variable Value
Name Specifies the directory name of the PCMCIA file.
Date Specifies the creation or modification date of thePCMCIA file.
Size Specifies the size of the PCMCIA file.
Displaying PCMCIA file information for the systemDisplay information about the files stored in the PCMCIA card for allSF/CPU modules to view general file information by performing thisprocedure.
Procedure steps
Step Action
1 From the Device Manager menu bar, choose Edit, File System.
2 Click the PCMCIA Files tab.
--End--
Variable definitionsUse the data in the following table to use the PCMCIA Files tab.
Variable Value
Slot Specifies the slot number of the SF/CPU module.
Name Specifies the name of the PCMCIA file.
DateSpecifies the creation or modification date and time ofthe PCMCIA file.
Size Specifies the size of the PCMCIA file in bytes.
Copying a PCMCIA or flash fileCopy files between the flash and the PCMCIA. File copying and fileinformation are all related to files on the switch SF/CPU module.Copy a PCMCIA or flash file by performing this procedure.
Procedure steps
Step Action
1 From the Device Manager menu bar, choose Edit, File System.
The FileSystem dialog box appears with the Copy File tab active.
2 Edit the fields as required.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
410 Common procedures using Device Manager
3 Click Apply.
--End--
Variable definitionsUse the data in the following table to configure the Copy File tab.
Variable Value
Source Identifies the source file to copy from the flash/PCMCIAor the config file on the NVRAM or trace file.
Destination Identifies the device and the file name (optional) towhich the source file is to be copied.The destination options are• flash
• PCMCIA
• NVRAM
Trace files are not a valid destination.
Action Starts the copy process or cancels the copy process.
Result Specifies the result of the copy process:
• none
• inProgress
• success
• fail
• invalidSource
• invalidDestination
• outOfMemory
• outOfSpace
• fileNotFound
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
411.
Common procedures using the CLIThe following section describes common procedures that you use whileconfiguring and monitoring the Nortel Ethernet Routing Switch 8600operations.
Navigation• “Job aid” (page 411)
• “Saving the boot configuration to a file” (page 413)
• “Restarting the switch” (page 415)
• “Resetting the switch” (page 416)
• “Accessing the standby SF/CPU” (page 416)
• “Pinging an IP device” (page 417)
• “Pinging an IPX device” (page 418)
• “Calculating the MD5 digest” (page 419)
• “Resetting system functions” (page 421)
• “Sourcing a configuration” (page 423)
Job aidThe following table lists the commands and their parameters that you useto complete the procedures in this section.
Table 38Job aid
Command Parameter
<file>
config <value>
boot
-y
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
412 Common procedures using the CLI
Table 38Job aid (cont’d.)
Command Parameter
cpuswitchover
info
resetconsole
resetcounters
config sys set action
resetmodem
wildcard (*
)
-f <checksum-file-name>
-r
-a
md5
-c
peer <operation>
count value
-d
datasize value
HostName/ipv4address/ipv6address
-I
-s
scopeid value
-t
ping
vrf <value>
ipxhost
count
-s
-q
pingipx
-t
reset
verbose
standby <value>
save <savetype> [file <value>]
backup <value>
stop
debug
source <file>
syntax
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Saving the boot configuration to a file 413
Saving the boot configuration to a fileSave a boot configuration to a file to retain the configuration settings byperforming this procedure. You can configure the switch to load a specificconfiguration file.
CAUTIONRisk of data lossIf a Personal Computer Memory Card International Association(PCMCIA) card is removed before a write operation is complete,the file can contain a corrupted end of file (EOF) marker. Beforeremoving the PCMCIA card, execute the command line interface(CLI) command stop-pcmcia.
Prerequisites
• Some PCMCIA cards become file allocation table (FAT) corrupted afteryou insert them into the PC-card slot. If this situation occurs, format orrepair the FAT on the card.
• The boot configuration file must be named boot.cfg for the system toboot using it.
• To save a file to the standby SF/CPU, you must enable Trivial FileTransfer Protocol (TFTP) on the standby SF/CPU.
Procedure steps
Step Action
1 Save the configuration by using the following command:
save <savetype> [file <value>] [verbose] [standby<value>] [backup <value>]
--End--
Variable definitionsUse the data in the following table to use the save command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
414 Common procedures using the CLI
Variable Value
backup
<value>
Saves the specified file name andidentifies the file as a backup file.value uses one of the followingformats:• [a.b.c.d]:<file>
• peer/<file>
• /pcmcia/ <file>
• /flash/ <file>
file is a string of 1–99 characters.
file
<value>
Specifies the file name in one of thefollowing formats for value:• [a.b.c.d]: <file>
• peer/<file>
• /pcmcia/ <file>
• /flash/ <file>
file is a string of 1–99 characters.
savetype Specifies what to save.Values for this parameter include:• config
• bootconfig
• log
• trace
• clilog
standby
<value>
Saves the specified file name to thestandby SF/CPU in the followingformat for value:• filename, /pcmcia/ <file>
• /flash/ <file>
file is a string of 1–99 characters.
verbose Saves the default and currentconfiguration. If you omit thisparameter, the command savesonly parameters you changed.
Example of saving the boot configuration to a file
Step Action
1 Save a boot configuration file as a backup file by using thefollowing command:
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Restarting the switch 415
save bootconfig file boot.cfg backup2
--End--
Restarting the switchRestart the switch to implement configuration changes or recover from asystem failure. When you restart the system, you can specify the bootsource (flash, PCMCIA card, or TFTP server) and file name. If you donot specify a device and file, the run-time CLI uses the software andconfiguration files on the primary boot device that is defined by the BootMonitor choice command.
After the switch restarts normally, a cold trap is sent within 45 secondsafter a restart. If a single strand fiber (SSF) switchover occurs, awarm-start management trap is sent within 45 seconds of a restart.Restart the switch by performing this procedure.
Procedure steps
Step Action
1 Restart the switch by using the following command:
boot [<file>] [config <value>] [-y]
ATTENTIONEntering the boot command with no arguments causes the switch tostart using the current boot choices defined by the choice command(next).
--End--
Variable definitionsUse the data in the following table to use the boot command.
Variable Value
config <value> Specifies the software configurationdevice and file name in the format:[a.b.c.d:]<file> /pcmcia/<file>/flash/<file>. The file name, includingthe directory structure, can include upto 99 characters.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
416 Common procedures using the CLI
Variable Value
file Specifies the software image deviceand file name in the format:[a.b.c.d:]<file> /pcmcia/<file>/flash/<file>. The file name, includingthe directory structure, can include upto 99 characters.
-y Suppresses the confirmation messagebefore the switch restarts. If you omitthis parameter, you are asked toconfirm the action before the switchrestarts.
Resetting the switchReset the switch to reload system parameters from the most recentlysaved configuration file by performing this procedure.
Procedure steps
Step Action
1 Reset the switch by using the following command:
reset
--End--
Accessing the standby SF/CPUAccess the standby SF/CPU to make changes to the standby SF/CPUwithout reconnecting to the console port on that module by performingthis procedure.
Prerequisites
• The Telnet daemon is activated.
• You must set an rlogin access policy on the standby SF/CPU beforeyou can use the peer command to access it from the master SF/CPUusing rlogin. To set an access policy on the standby SF/CPU, connecta terminal to the Console port on the standby SF/CPU. For moreinformation about the access policy commands, see Nortel EthernetRouting Switch 8600 Fundamentals — User Interfaces (NN46205-308).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Pinging an IP device 417
Procedure steps
Step Action
1 Access the standby SF/CPU by using the following command:
peer <operation>
--End--
Variable definitionsUse the data in the following table to use the peer command.
Variable Value
operation Specifies either Telnet or remote login(rlogin).
Pinging an IP devicePing a device to test the connection between the Ethernet Routing Switch8600 and another network device. After you ping a device, an InternetControl Message Protocol (ICMP) packet is sent from the switch to thetarget device. If the device receives the packet, it sends a ping reply.After the switch receives the reply, a message appears indicating that thespecified IP address is alive. If no reply is received, the message indicatesthat the address is not responding.Ping an IP device by performing this procedure.
Procedure steps
Step Action
1 Ping an IP network connection by using the following command:
ping <HostName/ipv4address/ipv6address> [scopeid<value>] [datasize <value>] [count <value>][-s] [-I<value>] [-t <value>] [-d] [vrf <value>]
--End--
Variable definitionsUse the data in the following table to use the ping command.
Variable Value
count value Specifies the number of times to ping(for IPv4) (1–9999).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
418 Common procedures using the CLI
Variable Value
-d Configures ping debug mode (forIPv4).
datasize value Specifies the size of ping data sent, inbytes, as follows:• 16–4076 for IPv4
• 16–65487 for IPv6
HostName/ipv4address/ipv6address
Specifies the Host Name or IPv4(a.b.c.d) or IPv6 (x:x:x:x:x:x:x:x)address (string length 1–256).
-I Specifies the interval betweentransmissions in seconds (1–60).
-s Configures the continuous ping atthe interval rate defined by the [-I]parameter (for IPv4).
scopeid value Specifies the circuit ID (for IPv6)(1–9999).
-t Specifies the no-answer time-out valuein seconds (1–120) (for IPv4).
vrf <value> Specifies the VRF name from 0–16characters..
Pinging an IPX devicePing a device to test the connection between the Ethernet Routing Switch8600 and another network device. After you ping a device, an InternetControl Message Protocol (ICMP) packet is sent from the switch to thetarget device. If the device receives the packet, it sends a ping reply.After the switch receives the reply, a message appears indicating that thespecified IP address is alive. If no reply is received, the message indicatesthat the address is not respondingPing an IPX device by performing this procedure.
Procedure steps
Step Action
1 Ping an IPX network connection by using the followingcommand:
pingipx <ipxhost> <count>[-s] [-q] [-t <value>]
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Calculating the MD5 digest 419
Variable definitionsUse the data in the following table to use the pingipx command.
Variable Value
ipxhost Specifies the IP address of thenetwork node to ping
count Specifies the number of times to ping(for IPv4) (1–9999)
-s Configures a continuous ping
-q Configures quiet output (same asnonverbose mode)
-t Specifies the no-answer time-out valuein seconds (1–120)
Calculating the MD5 digestCalculate the MD5 digest to verify the MD5 checksum. The md5 commandcalculates the MD5 digest for files on the switch flash or PCMCIA andeither displays the output on screen or stores the output in a file that youspecify. An MD5 command option compares the calculated MD5 digestwith that in a checksum file on flash or PCMCIA, and the compared outputappears on the screen. By verifying the MD5 checksum, you can verifythat the file transferred properly to the switch. This command is availablefrom both the boot monitor and runtime CLI.
The MD5 file, p80a5000.md5, is provided with the Release 5.0 software.This contains the MD5 checksums of all software Release 5.0 files.Calculate the MD5 digest by performing this procedure.
ATTENTIONIf the MD5 key file parameters change, you must remove the old file and createa new file.
Prerequisites
• Use the md5 command with reserved files (for example, a passwordfile) only if you possess sufficient permissions to access these files.
• A checksum file is provided with the images for download. Transferyour image files to the switch and use the md5 command to ensurethat the checksum of the images on the switch is the same as thechecksum file.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
420 Common procedures using the CLI
Procedure steps
Step Action
1 Calculate the MD5 digest by using the following command:
md5 <filename>
--End--
Variable definitionsUse the data in the following table to use the md5 command.
Variable Value
wildcard (*) Calculates the MD5 checksum of allfiles.
-f <checksum-file-name> Stores the result of MD5 checksum toa file on flash or PCMCIA.
If the output file specified with the -foption is one of the:
• reserved filenames on the switch,the command fails with the errormessage:Error: Invalid operation.
• files for which MD5 checksum is tobe computed, the command failswith the error message:Ethernet Routing Switch-8610:5# md5 *.cfg -f config.cfgError: Invalid operationon file <filename>
If the checksum filename specified bythe -f option exists on the switch (andis not one of the reserved filenames),the following message appears on theswitch:
File exists. Do you wish tooverwrite? (y/n)
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Resetting system functions 421
Variable Value
-r Reverses the output. Use with the -foption to store the output to a file.
The -r option cannot be used with the-c option.
-a Adds data to the output file instead ofoverwriting it.
You cannot use the -a option with the-c option.
-c Compares the checksum of thespecified file by <filename> withthe MD5 checksum present inthe checksum file name. You canspecify the checksum file nameusing the -f option. If the checksumfilename is not specified, the file/flash/checksum.md5 is used forcomparison.
If the supplied checksum filenameand the default file are not availableon flash, the following error messageappears:
Error: Checksum file <filename> notpresent.
The -c option also:
• calculates the checksum of filesspecified by filename
• compares the checksum with allkeys in the checksum file, even iffilenames do not match
• displays the output of comparison
Resetting system functionsReset system functions to reset all statistics counters, the modem port, theconsole port, and the operation of the switchover function by performingthis procedure.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
422 Common procedures using the CLI
Procedure steps
Step Action
1 Reset system functions by using the following command:
config sys set action
--End--
Variable definitionsUse the data in the following table to use the config sys set actioncommand.
Variable Value
cpuswitchover Resets the switch to change over to the backupSF/CPU.
info Specifies the current settings for system actions.
resetconsole Reinitializes the hardware universal asynchronousreceiver transmitter (UART) drivers. Use thiscommand only if the console or modem connectionis hung.
resetcounters Resets all the statistics counters in the switch tozero.
resetmodem Resets the modem port.
Example of resetting system functions
Step Action
1 Reset the switch to change over to the backup SF/CPU:
ERS-8606:5# config sys set action cpuswitchover
2 Reset the statistics counters:
ERS-8606:5# config sys set action resetcountersAre you sure you want to reset system counters(y/n)? y
3 Display information about the system function:
ERS-8606:5# config sys set action info
Sub-Context: clear config dump monitor show testtrace wsm Current Context:cpuswitchover : (N/A)resetconsole : (N/A)resetcounters : (N/A)
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Sourcing a configuration 423
resetmodem : (N/A)ERS-8606:5#
--End--
N/A displayed in a command output indicates that the information is NotAvailable or Not Applicable.
Sourcing a configurationSource a configuration to merge a script file into the running configurationby performing this procedure.
Procedure steps
Step Action
1 Source a configuration by using the following command:
source <file> [stop] [debug] [syntax]
--End--
Variable definitionsUse the data in the following table to use the source command.
Variable Value
debug Debugs the script output.
file Specifies a filename and locationfrom 1–99 characters. Use the format{a.b.c.d:|peer:|/pcmcia/|/flash/}<file>
stop Stops the merge after an error occurs.
syntax Verifies the script syntax.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
424 Common procedures using the CLI
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
425.
Common procedures using the NNCLIThe following section describes common procedures that you use whileconfiguring and monitoring the Nortel Ethernet Routing Switch 8600operations.
Prerequisites to common procedures• Unless otherwise stated, to perform the procedures in this section,
you must log on to the Privileged EXEC mode in the Nortel Networkscommand line interface (NNCLI). For more information about usingNNCLI, see Nortel Ethernet Routing Switch 8600 User InterfaceFundamentals (NN46205-308).
Navigation• “Job aid” (page 425)
• “Saving the boot configuration to a file” (page 427)
• “Saving the current configuration to a file” (page 429)
• “Restarting the switch” (page 431)
• “Resetting the switch” (page 432)
• “Accessing the standby SF/CPU” (page 433)
• “Resetting system functions” (page 438)
• “Sourcing a configuration” (page 439)
Job aidThe following table lists the commands and their parameters that you useto complete the procedures in this section.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
426 Common procedures using the NNCLI
Table 39Job aid
Command Parameter
Privileged EXEC mode
config <value>boot [<file>]
-y
peer <telnet|rlogin>
-a
-c
-f
md5 <filename>
-r
scopeid <value>
datasize <value>
count <value>
-s
-I <value>
-t <value>
-d
ping <HostName/ipv4address/ipv6address>
vrf <word>
<count>
-s
-q
pingipx <ipxhost>
-t <value>
reset -y
verbose
standby <value>
backup <word>
save bootconfig [file <word>]
mode (cli|nncli)
verbose
standby <value>
backup <word>
save config [file <word>]
mode (cli|nncli)
debug
stop
source <file>
syntax
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Saving the boot configuration to a file 427
Table 39Job aid (cont’d.)
Command Parameter
Global Configuration mode
cpu-switch-oversys action
reset {console|counters|modem]
Saving the boot configuration to a fileSave a boot configuration to a file to retain the configuration settings byperforming this procedure. You can configure the switch to load a specificconfiguration file.
CAUTIONRisk of data lossIf a Personal Computer Memory Card International Association(PCMCIA) card is removed before a write operation is complete,the file can contain a corrupted end of file (EOF) marker.Before removing the PCMCIA card, execute the commandpcmcia-stop.
Prerequisites
• Some PCMCIA cards become file allocation table (FAT) corrupted afteryou insert them into the PC-card slot. If this situation occurs, format orrepair the FAT on the card.
• The boot configuration file must be named boot.cfg for the system toboot using it.
• To save a file to the standby SF/CPU, you must enable Trivial FileTransfer Protocol (TFTP) on the standby SF/CPU.
• You must log on to the Privileged EXEC mode in the NNCLI.
Procedure steps
Step Action
1 Save the configuration by using the following command:
save bootconfig [file <word>] [verbose] [standby<value>] [backup <word>] [mode (cli|nncli)]
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
428 Common procedures using the NNCLI
Variable definitionsUse the data in the following table to use the save bootconfigcommand.
Variable Value
backup
<word>
Saves the specified file name andidentifies the file as a backup file.word uses one of the followingformats:• [a.b.c.d]:<file>
• peer/<file>
• /pcmcia/ <file>
• /flash/ <file>
file
is a string of 1–99 characters.
file
<word>
Specifies the file name in one of thefollowing formats for value:• [a.b.c.d]: <file>
• peer/<file>
• /pcmcia/ <file>
• /flash/ <file>
File
is a string of 1–99 characters.
mode (cli|nncli) Saves the boot configuration in eitherCLI or NNCLI format.
standby
<word>
Saves the specified file name to thestandby SF/CPU in the followingformat for value:• filename, /pcmcia/ <file>
• /flash/ <file>
file
is a string of 1–99 characters.
verbose Saves the default and currentconfiguration. If you omit thisparameter, the command savesonly parameters you changed.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Saving the current configuration to a file 429
Example of saving the boot configuration to a file
Step Action
1 Save a boot configuration file as a backup file by using thefollowing command:
ERS-8606:5#save bootconfig file boot.cfg modenncliFile [boot.cfg] already existing, overwrite (y/n) ?
--End--
Saving the current configuration to a fileSave the current configuration to a file to retain the configuration settingsby performing this procedure.
CAUTIONRisk of data lossIf a PCMCIA card is removed before a write operation iscomplete, the file can contain a corrupted end of file (EOF)marker. Before removing the PCMCIA card, execute thecommand pcmcia-stop.
Prerequisites
• Some PCMCIA cards become file allocation table (FAT) corrupted afteryou insert them into the PC-card slot. If this situation occurs, format orrepair the FAT on the card.
• The boot configuration file must be named boot.cfg for the system toboot using it.
• To save a file to the standby SF/CPU, you must enable TFTP on thestandby SF/CPU.
• You must log on to the Privileged EXEC mode in the NNCLI.
Procedure steps
Step Action
1 Save the configuration by using the following command:
save config [file <word>] [verbose] [standby <value>][backup <word>] [mode (cli|nncli)]
--End--
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
430 Common procedures using the NNCLI
Variable definitionsUse the data in the following table to use the save config command.
Variable Value
backup
<word>
Saves the specified file name andidentifies the file as a backup file.word uses one of the followingformats:• [a.b.c.d]:<file>
• peer/<file>
• /pcmcia/ <file>
• /flash/ <file>
file
is a string of 1–99 characters.
file
<word>
Specifies the file name in one of thefollowing formats for value:• [a.b.c.d]: <file>
• peer/<file>
• /pcmcia/ <file>
• /flash/ <file>
File
is a string of 1–99 characters.
mode (cli|nncli) Saves the boot configuration in eitherCLI or NNCLI format.
standby
<word>
Saves the specified file name to thestandby SF/CPU in the followingformat for value:• filename, /pcmcia/ <file>
• /flash/ <file>
file
is a string of 1–99 characters.
verbose Saves the default and currentconfiguration. If you omit thisparameter, the command savesonly parameters you changed.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Restarting the switch 431
Example of saving the boot configuration to a file
Step Action
1 Save a boot configuration file as a backup file by using thefollowing command:
ERS-8606:5#save bootconfig file boot.cfg modenncliFile [boot.cfg] already existing, overwrite (y/n) ?
--End--
Restarting the switchRestart the switch to implement configuration changes or recover from asystem failure. When you restart the system, you can specify the bootsource (flash, PCMCIA card, or TFTP server) and file name. If you donot specify a device and file, the run-time NNCLI uses the software andconfiguration files on the primary boot device that is defined by the BootMonitor choice command.
After the switch rerestarts normally, a cold trap is sent within 45 secondsafter a restart. If a single strand fiber (SSF) switchover occurs, awarm-start management trap is sent within 45 seconds of a restart.Restart the switch by performing this procedure.
Prerequisites
• You must log on to the Privileged EXEC mode in the NNCLI.
Procedure steps
Step Action
1 Restart the switch by using the following command:
boot [<file>] [config <value>] [-y]
ATTENTIONEntering the boot command with no arguments causes the switch tostart using the current boot choices defined by the choice command(next).
--End--
Variable definitionsUse the data in the following table to use the boot command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
432 Common procedures using the NNCLI
Variable Value
file Specifies the software image deviceand file name in the format:[a.b.c.d:]<file> /pcmcia/<file>/flash/<file>. The file name, includingthe directory structure, can include upto 99 characters.
config <value> Specifies the software configurationdevice and file name in the format:[a.b.c.d:]<file> /pcmcia/<file>/flash/<file>. The file name, includingthe directory structure, can include upto 99 characters.
-y Suppresses the confirmation messagebefore the switch restarts. If you omitthis parameter, you are asked toconfirm the action before the switchrestarts.
Resetting the switchReset the switch to reload system parameters from the most recentlysaved configuration file by performing this procedure.
Prerequisites
• You must log on to the Privileged EXEC mode in the NNCLI.
Procedure steps
Step Action
1 Reset the switch by using the following command:
reset [-y]
--End--
Variable definitionsUse the data in the following table to use the reset command.
Variable Value
-y Suppresses the confirmation messagebefore the switch resets. If you omitthis parameter, you are asked toconfirm the action before the switchresets.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Pinging an IP device 433
Accessing the standby SF/CPUAccess the standby SF/CPU to make changes to the standby SF/CPUwithout reconnecting to the console port on that module by performingthis procedure.
Prerequisites
• The Telnet daemon is activated.
• You must set an rlogin access policy on the standby SF/CPU beforeyou can use the peer command to access it from the master SF/CPUusing rlogin. To set an access policy on the standby SF/CPU, connecta terminal to the console port on the standby SF/CPU. For moreinformation about the access policy commands, see Nortel EthernetRouting Switch 8600 Fundamentals — User Interfaces (NN46205-308).
• You must log on to the Privileged EXEC mode in the NNCLI.
Procedure steps
Step Action
1 Access the standby SF/CPU by using the following command:
peer <telnet|rlogin>
--End--
Variable definitionsUse the data in the following table to use the peer command.
Variable Value
(telnet|rlogin) Specifies either Telnet or rlogin to useto access the standby SF/CPU.
Pinging an IP devicePing a device to test the connection between the Ethernet Routing Switch8600 and another network device. After you ping a device, an InternetControl Message Protocol (ICMP) packet is sent from the switch to thetarget device. If the device receives the packet, it sends a ping reply.After the switch receives the reply, a message appears indicating that thespecified IP address is alive. If no reply is received, the message indicatesthat the address is not responding.Ping an IP device by performing this procedure.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
434 Common procedures using the NNCLI
Prerequisites
• You must log on to the Privileged EXEC mode in the NNCLI.
Procedure steps
Step Action
1 Ping an IP network connection by using the following command:
ping <HostName/ipv4address/ipv6address> [scopeid<value>] [datasize <value>] [count <value>][-s] [-I<value>] [-t <value>] [-d] [vrf <word>]
--End--
Variable definitionsUse the data in the following table to use the ping command.
Variable Value
count value Specifies the number of times to ping(for IPv4) (1–9999).
-d Configures ping debug mode (forIPv4).
datasize value specifies the size of ping data sent inbytes (for IPv4) (16–4076).
HostName/ipv4address/ipv6address
Specifies the Host Name or IPv4(a.b.c.d) or IPv6 (x:x:x:x:x:x:x:x)address (string length 1–256).
-I Specifies the interval betweentransmissions in seconds (1–60).
-s Configures the continuous ping atthe interval rate defined by the [-I]parameter (for IPv4).
scopeid value Specifies the circuit ID (for IPv6)(1–9999).
-t Specifies the no-answer time-out valuein seconds (1–120)(for IPv4).
vrf <word> Specifies the VRF name from 1–16characters..
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Calculating the MD5 digest 435
Pinging an IPX devicePing a device to test the connection between the Ethernet Routing Switch8600 and another network device. After you ping a device, an InternetControl Message Protocol (ICMP) packet is sent from the switch to thetarget device. If the device receives the packet, it sends a ping reply.After the switch receives the reply, a message appears indicating that thespecified IP address is alive. If no reply is received, the message indicatesthat the address is not responding.Ping an IPX device by performing this procedure.
Prerequisites
• You must log on to the Privileged EXEC mode in the NNCLI.
Procedure steps
Step Action
1 Ping an IPX network connection by using the followingcommand:
pingipx <ipxhost> <count>[-s] [-q] [-t <value>]
--End--
Variable definitionsUse the data in the following table to use the pingipx command.
Variable Value
ipxhost Specifies the IP address of thenetwork node to ping
count Specifies the number of times to ping(for IPv4) (1–9999)
-s Configures a continuous ping
-q Configures quiet output (same asnonverbose mode)
-t Specifies the no-answer time-out valuein seconds (1–120
Calculating the MD5 digestCalculate the MD5 digest to verify the MD5 checksum. The md5 commandcalculates the MD5 digest for files on the switch flash or PCMCIA andeither displays the output on screen or stores the output in a file thatyou specify. An md5 command option compares the calculated MD5
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
436 Common procedures using the NNCLI
digest with that in a checksum file on flash or PCMCIA, and displays thecompared output on the screen. By verifying the MD5 checksum, you canverify that the file transferred properly to the switch. This command isavailable from both the boot monitor and runtime NNCLI.
The MD5 file, p80a5000.md5, is provided with the Release 5.0 software.This contains the MD5 checksums of all software Release 5.0 files.Calculate the MD5 digest by performing this procedure.
ATTENTIONIf the MD5 key file parameters change, you must remove the old file and createa new file.
Prerequisites
• Use the md5 command with reserved files (for example, a passwordfile) only if you possess sufficient permissions to access these files.
• A checksum file is provided with the images for download. Transferyour image files to the switch and use the md5 command to ensurethat the checksum of the images on the switch is the same as thechecksum file.
• You must log on to the Privileged EXEC mode in the NNCLI.
Procedure steps
Step Action
1 Calculate the MD5 digest by using the following command:
md5 <filename> [-a] [-c] [-f] [-r]
--End--
Variable definitionsUse the data in the following table to use the md5 command.
Variable Value
-a Adds data to the output file instead ofoverwriting it.
You cannot use the -a option with the-c option.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Calculating the MD5 digest 437
Variable Value
-c Compares the checksum of thespecified file by <filename> withthe MD5 checksum present inthe checksum file name. You canspecify the checksum file nameusing the -f option. If the checksumfilename is not specified, the file/flash/checksum.md5 is used forcomparison.
If the supplied checksum filenameand the default file are not availableon flash, the following error messageappears:
Error: Checksum file <filename> notpresent.
The -c option also:
• calculates the checksum of filesspecified by filename
• compares the checksum with allkeys in the checksum file, even iffilenames do not match
• displays the output of comparison
-f <checksum-file-name> Stores the result of MD5 checksum toa file on flash or PCMCIA.
If the output file specified with the -foption is one of the:
• reserved filenames on the switch,the command fails with the errormessage:Error: Invalid operation.
• files for which MD5 checksum is tobe computed, the command failswith the error message:Ethernet Routing Switch-8610:5# md5 *.cfg -f config.cfgError: Invalid operationon file <filename>
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
438 Common procedures using the NNCLI
Variable Value
If the checksum filename specified bythe -f option exists on the switch (andis not one of the reserved filenames),the following message appears on theswitch:
File exists. Do you wish tooverwrite? (y/n)
-r Reverses the output. Use with the -foption to store the output to a file.
The -r option cannot be used with the-c option.
Resetting system functionsReset system functions to reset all statistics counters, the modem port, theconsole port, and the operation of the switchover function by performingthis procedure.
Prerequisites
• You must log on to the Global Configuration mode of the NNCLI.
Procedure steps
Step Action
1 Change to the backup SF/CPU by using the following command:
sys action cpu-switch-over
2 Reset system functions by using the following command:
sys action reset {console|counters|modem}
--End--
Variable definitionsUse the data in the following table to use the sys action command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Sourcing a configuration 439
Variable Value
cpuswitchover Resets the switch to change over to the backupSF/CPU.
reset {console|counters|modem}
Reinitializes the hardware universal asynchronousreceiver transmitter (UART) drivers. Use thiscommand only if the console or modem connectionis hung. Resets all the statistics counters in theswitch to zero. Resets the modem port.
Example of resetting system functions
Step Action
1 Reset the switch to change over to the backup SF/CPU:
ERS-8606:5(config)# sys action cpuswitchover
2 Reset the statistics counters:
ERS-8606:5(config)# sys action reset countersAre you sure you want to reset system counters(y/n)? y
--End--
Sourcing a configurationSource a configuration to merge a script file into the running configurationby performing this procedure.
Prerequisites
• You must log on to Privileged EXEC mode in the NNCLI.
Procedure steps
Step Action
1 Source a configuration by using the following command:
source <file> [stop] [debug] [syntax]
--End--
Variable definitionsUse the data in the following table to use the source command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
440 Common procedures using the NNCLI
Variable Value
debug Debugs the script output.
file Specifies a filename and locationfrom 1–99 characters. Use the format{a.b.c.d:|peer:|/pcmcia/|/flash/}<file>
stop Stops the merge after an error occurs.
syntax Verifies the script syntax.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
441.
CLI show command referenceThis reference information provides show commands to view theoperational status of the Nortel Ethernet Routing Switch 8600.
Navigation• “Access, logon names, and passwords” (page 441)
• “All CLI configuration ” (page 442)
• “Current switch configuration” (page 443)
• “CLI settings” (page 445)
• “Hardware information” (page 446)
• “Memory size for secondary CPU” (page 447)
• “MTU for all ports” (page 448)
• “NTP server status” (page 448)
• “Power summary” (page 449)
• “Slot power details” (page 450)
• “System status (detailed)” (page 450)
• “System status and parameter configuration” (page 451)
• “Users logged on” (page 458)
Access, logon names, and passwordsUse the show cli password command to display the CLI access, logonname, and password combinations. The syntax for this command is asfollows.
show cli password
The following figure shows output from the show cli passwordcommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
442 CLI show command reference
Figure 15show cli password command output
All CLI configurationUse the show command to display all relevant CLI information. The syntaxfor this command is as follows.
show cli show-all [file <value>]
The following table explains parameters for this command.
Table 40Command parameters
Parameter Description
file value Specifies the filename to which output isredirected. Options include:• /pcmcia/ <file>
• /flash/ <file>
File is a string of 1 to 99 characters.
The following figure shows sample output.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Current switch configuration 443
Figure 16show cli show-all command output
Current switch configurationUse the show config command to display the current switchconfiguration. The syntax for this command is as follows.
show config [verbose] [module <value>]
The following table explains parameters for this command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
444 CLI show command reference
Table 41Command parameters
Parameter Description
verbose Specifies a complete list of all configurationinformation about the switch.
module
<value>
module <value> specifies the commandgroup for which you are requesting configurationsettings. The options are:• cli
• sys
• web
• rmon
• vlan
• port
• qos
• traffic-filter
• mlt
• stg
• ip
• ipx
• diag
• dvmrp
• radius
• atm
• ntp
• svlan
• lacp
• naap
• cluster
• bootp
• filter
• ipv6
If you make a change to the switch, it is displayed under that configurationheading. Figure 17 "show config command (partial output)" (page445) shows a subset of the output of this command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
CLI settings 445
Figure 17show config command (partial output)
If you add verbose to the show config command, the output containscurrent switch configuration including software (versions), performance,VLANs (such as numbers, port members), ports (such as type, status),routes, OSPF (such as area, interface, neighbors), memory, interface, andlog and trace files. With the verbose command, you can view the currentconfiguration and default values.
CLI settingsUse the show cli info command to display information about the CLIconfiguration. The syntax for this command is as follows.
show cli info
The following figure shows sample output from the show cli infocommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
446 CLI show command reference
Figure 18show cli info command output
Hardware informationUse the show sys info command to display system status and technicalinformation about the switch hardware components. The commanddisplays several pages of information, including general information aboutthe system (such as location), chassis (type, serial number, and base MACaddress), temperature, power supplies, fans, cards, system errors, portlocks, topology status, and message control information. The syntax forthis command is as follows.
show sys info [card] [asic] [mda] [gbic]
The following table explains parameters for this command.
Table 42Command parameters
Parameter Description
info Specifies the current settings.
card Specifies information about all the installedmodules.
asic Specifies information about the application-specific integrated circuit (ASIC) installed on eachmodule.
mda Specifies information about installed mediadependent adapters (MDA).
gbic Specifies information about installed gigabitinterface converters (GBIC).
The following figure shows partial output from the show sys infocommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Memory size for secondary CPU 447
Figure 19show sys info command (partial output)
Memory size for secondary CPUUse the show boot info command to display the secondary CPU DRAMmemory size, in hexadecimal format.
The syntax for the command is as follows: show boot info
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
448 CLI show command reference
Example of show boot info command outputFollowing is an example of the screen output for the show boot infocommand.
ERS-8606:5# show boot info
CPU Slot 5: PMC280-B-MV-B-MPC7447A (1.1)
Version: 5.1.0.0/022
Memory Size: 0x10000000
MTU for all portsUse the show port info command to display the MTU values for allports on the chassis. The syntax for this command is as follows.
show port info all
The following figure shows partial output for this command.
Figure 20show port info all command (partial output)
NTP server statusUse the show ntp server stat command to view the followinginformation:
• Number of NTP requests sent to this NTP server
• Number of times this NTP server updated the time
• Number of times this NTP server was rejected attempting to updatethe time
• Stratum
• Version
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Power summary 449
• Sync Status
• Reachability
• Root Delay
• Precision
The syntax for this command is as follows.
show ntp server stat
The following figure shows sample command output.
Figure 21show ntp server stat command output
Power summaryUse the show sys power info command to view a summary of thepower information for the chassis.
The syntax for this command is as follows.
show sys power info
The following figure shows sample command output.
Figure 22show sys power info command output
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
450 CLI show command reference
Slot power detailsUse the show sys power slot-info command to view detailed powerinformation for each slot.
The syntax for this command is as follows.
show sys power slot-info
The following figure shows sample command output.
Figure 23show sys power slot-info command output
System status (detailed)Use the show tech command to display technical information aboutsystem status and information about the hardware, software, and operationof the switch.
The information available from the show tech command includes generalinformation about the system (such as location), hardware (chassis, powersupplies, fans, and modules), system errors, boot configuration, softwareversions, memory, port information (locking status, configurations, names,interface status), VLANs and STGs (numbers, port members), OSPF(area, interface, neighbors), VRRP, IPv6, RIP, PIM, PGM, and log andtrace files. This command displays more information than the similar showsys info command. The syntax for this command is as follows.
show tech
The following figure shows representative output from the show techcommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
System status and parameter configuration 451
Figure 24show tech command (partial output)
System status and parameter configurationUse the show sys command to view current system status and parameterconfiguration. The syntax for this command is as follows.
show sys
The following table explains parameters for this command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
452 CLI show command reference
Table 43Command parameters
Parameter Description
info [card] [asic] [mda][gbic]
Specifies system status and technicalinformation about the switch hardwarecomponents.
• card displays information about allthe installed modules.
• asic displays information aboutthe ASICS installed on eachmodule.
• mda displays information aboutinstalled Media DependentAdapters (MDA).
• gbic displays informationabout installed Gigabit InterfaceConverters (GBIC).
dns Specifies the DNS Default DomainName, see Figure 25 "show sys dnsoutput" (page 454).
eapol Specifies the Extensible AuthenticationProtocol over LAN (EAPoL) settings,see Figure 26 "show sys eapol output"(page 454).
ext-cp-limit Specifies the ext-cp-limit settings,see Figure 27 "show sys ext-cp-limitoutput" (page 454).
force-msg Specifies the message control forcemessage pattern settings, see Figure28 "show sys force-msg output" (page455).
mcast-mlt-distribution Specifies the settings formulticast over MultiLink Trunking(MLT), see Figure 29 "show sysmcast-mlt-distribution output" (page455).
mcast-software-forwarding Specifies the settings for multicastsoftware forwarding, see Figure 30"show sys mcast-software-forwardingoutput" (page 455).
msg-control Specifies the system message controlfunction status (activated or disabled),see Figure 31 "show sys msg-controloutput" (page 455).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
System status and parameter configuration 453
Table 43Command parameters (cont’d.)
Parameter Description
perf Specifies system performanceinformation, such as CPU utilization,switch fabric utilization, Non-VolatileRandom Access Memory (NVRAM)size, and NVRAM used. Theinformation is updated once a second,so it is no more than one second fromreal time, see Figure 32 "show sysperf output" (page 456).
power Specifies chassis power summary,power supply information, and powerinformation per slot basis. Options are:• info—chassis power summary
• power-supply-info—powerinformation for each power supply
• slot-info—power information foreach slot
record-reservation Specifies the number of reservedrecords and usage information foreach record type. Record typesinclude filter, IP multicasting (IPMC),MAC, and static route, see Figure 33"show sys record-reservation output"(page 456).
sw Specifies the version of softwarerunning on the switch, the last updateof that software, and the Boot ConfigTable. The Boot Config Table lists thecurrent system settings and flags, seeFigure 34 "show sys sw output" (page457).
topology Specifies the topology table. This tableshows the information that is sentto Enterprise Network ManagementSystem for creating network displays,see Figure 35 "show sys topologyoutput" (page 457).
The following figure shows output from the show sys dns command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
454 CLI show command reference
Figure 25show sys dns output
The following figure shows output from the show sys eapol command.
Figure 26show sys eapol output
The following figure shows output from the show sys ext-cp-limitcommand.
Figure 27show sys ext-cp-limit output
The following figure shows output from the show sys force-msgcommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
System status and parameter configuration 455
Figure 28show sys force-msg output
The following figure shows output from the show sys mcast-mlt-distribution command.
Figure 29show sys mcast-mlt-distribution output
The following figure shows output from the show sys mcast-software-forwarding command.
Figure 30show sys mcast-software-forwarding output
The following figure shows output from the show sys msg-controlcommand.
Figure 31show sys msg-control output
The following figure shows output from the show sys perf command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
456 CLI show command reference
Figure 32show sys perf output
The following figure shows output from the show sys record-reservation command.
Figure 33show sys record-reservation output
The following figure shows output from the show sys sw command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
System status and parameter configuration 457
Figure 34show sys sw output
The following figure shows output from the show sys topologycommand.
Figure 35show sys topology output
Job aid
Field Description
Local Port Specifies the local port number.
IP Address Specifies the IP address.
Segment Id
MACAddress Specifies the MAC address of the system.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
458 CLI show command reference
Field Description
ChassisType Specifies the type of chassis.
BT Back Lane Type
LS Specifies the local segment as yes or no.
CS Specifies the current state as one of thefollowing:• HtBt (Heartbeat)—topology has not
changed.
• New— the sending agent is in a new state.
Rem Port
Users logged onUse the show cli who command to display a list of users who are loggedon to the switch. The syntax for this command is as follows.
show cli who
The following figure shows output from the show cli who command.
Figure 36show cli who command output
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
459.
NNCLI show command referenceThis reference information provides show commands to view theoperational status of the Nortel Ethernet Routing Switch 8600.
Navigation• “Access, logon names, and passwords” (page 459)
• “Basic switch configuration” (page 460)
• “Current switch configuration” (page 460)
• “CLI settings” (page 462)
• “Hardware information” (page 463)
• “Memory size for secondary CPU” (page 464)
• “NTP server status” (page 464)
• “Power summary” (page 465)
• “Power management information” (page 466)
• “Power information for power supplies” (page 466)
• “Slot power details” (page 466)
• “System information” (page 467)
• “System status (detailed)” (page 472)
• “Users logged on” (page 473)
Access, logon names, and passwordsUse the show cli password command to display the access, logonname, and password combinations. The syntax for this command is asfollows.
show cli password
The following figure shows output from the show cli passwordcommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
460 NNCLI show command reference
Figure 37show cli password command output
Basic switch configurationUse the show basic config command to display the basic switchconfiguration. The syntax for this command is as follows.
show basic config
The following figure shows the output of this command.
Figure 38show basic config command output
Current switch configurationUse the show running-config command to display the current switchconfiguration. The syntax for this command is as follows.
show running-config [mode (cli|nncli)][module <value>][verbose]
The following table explains parameters for this command.
Table 44Command parameters
Parameter Description
mode (cli|nncli) Selects the mode between CLI and NNCLI.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Current switch configuration 461
Parameter Description
module
<value>
module <value> specifies the commandgroup for which you are requesting configurationsettings. The options are:• cli
• sys
• web
• rmon
• vlan
• port
• qos
• traffic-filter
• mlt
• stg
• ip
• ipx
• diag
• dvmrp
• radius
• atm
• ntp
• svlan
• lacp
• naap
• cluster
• bootp
• filter
• ipv6
verbose Specifies a complete list of all configurationinformation about the switch.
If you make a change to the switch, it is displayed under that configurationheading. shows a subset of the output of this command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
462 NNCLI show command reference
Figure 39show running-config partial output
If you add verbose to the show running-config command, theoutput contains current switch configuration including software (versions),performance, VLANs (such as numbers, port members), ports (such astype, status), routes, OSPF (such as area, interface, neighbors), memory,interface, and log and trace files. With the verbose command, you canview the current configuration and default values.
CLI settingsUse the show cli info command to display information about the NNCLIconfiguration. The syntax for this command is as follows.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Hardware information 463
show cli info
The following figure shows sample output from the show cli infocommand.
Figure 40show cli info command output
Hardware informationUse the show sys-info command to display system status and technicalinformation about the switch hardware components. The commanddisplays several pages of information, including general information aboutthe system (such as location), chassis (type, serial number, and base MACaddress), temperature, power supplies, fans, cards, system errors, portlocks, topology status, and message control information. The syntax forthis command is as follows.
show sys-info [asic] [card] [mda]
The following table explains parameters for this command.
Table 45Command parameters
Parameter Description
asic Specifies information about the application-specific integrated circuit (ASIC) installed on eachmodule.
card Specifies information about all the installedmodules.
mda Specifies information about installed mediadependent adapters (MDA).
The following figure shows partial output from the show sys-infocommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
464 NNCLI show command reference
Figure 41show sys-info partial output
Memory size for secondary CPUUse the show boot config command to display the secondary CPUDRAM memory size, in hexadecimal format.
From the Privileged Executive command prompt, the syntax for thiscommand is as follows: show boot config general
Example of show boot config general command outputThe following is an example of the screen output for the show bootconfig general command.
ERS-8610:5#show boot config general
CPU Slot 5: PMC280-B-MV-B-MPC7447A (1.1)
Version: 5.1.0.0/022
Memory Size: 0x10000000
ERS-8610:5#
NTP server statusUse the show ntp server statistics command to view the followinginformation:
• Number of NTP requests sent to this NTP server
• Number of times this NTP server updated the time
• Number of times this NTP server was rejected attempting to updatethe time
• Stratum
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Power summary 465
• Version
• Sync Status
• Reachability
• Root Delay
• Precision
The syntax for this command is as follows.
show ntp server statistics
The following figure shows sample command output.
Figure 42show ntp server statistics command output
Power summaryUse the show sys power command to view a summary of the powerinformation for the chassis.
The syntax for this command is as follows.
show sys power
The following figure shows sample command output.
Figure 43show sys power command sample output
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
466 NNCLI show command reference
Power management informationUse the show sys power global command to view a summary of thepower redundancy settings.
The syntax for this command is as follows.
show sys power global
The following figure shows sample command output.
Figure 44show sys power global command sample output
Power information for power suppliesUse the show sys power power-supply command to view detailedpower information for each power supply.
The syntax for this command is as follows.
show sys power power-supply
The following figure shows sample command output.
Figure 45show sys power power-supply command sample output
Slot power detailsUse the show sys power slot command to view detailed powerinformation for each slot.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
System information 467
The syntax for this command is as follows.
show sys power slot
The following figure shows sample command output.
Figure 46show sys power slot command sample output
System informationUse the show sys command to display system status and technicalinformation about the switch hardware components and softwareconfiguration. The command displays several pages of information,including general information about the system (such as location), chassis(type, serial number, and base MAC address), temperature, powersupplies, fans, cards, system errors, port locks, topology status, andmessage control information. The syntax for this command is as follows.
show sys
The following table explains parameters for this command.
Parameter Description
8648gtr Specifies technical information about the 8648gtrsettings, see Figure 47 "show sys 8648gtr commandoutput" (page 469).
action Specifies the configuration for the system actionparameter, see Figure 48 "show sys actioncommand output" (page 469).
dns Specifies the DNS default domain name, see Figure49 "show sys dns command output" (page 469).
ecn-compatibility Specifies the status of Explicit CongestionNotification (ECN) compatibility, either enabled ordisabled.
ext-cp-limit Specifies the ext-cp-limit settings, see Figure 50"show sys ext-cp-limit command output" (page 469).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
468 NNCLI show command reference
Parameter Description
flags Specifies the configuration of system flags, seeFigure 51 "show sys flags command output" (page470).
force-msg Specifies the message control force messagepattern settings.
global-filter Specifies the status of system global filter settings,either enabled or disabled.
mcast-smlt Specifies the settings for multicast over SplitMultiLink Trunking (MLT).
mgid-usage Specifies the multicast group ID (MGID) usage forVLANs and multicast traffic, see Figure 52 "showsys mgid-usage command output" (page 470).
msg-control Specifies the system message control functionstatus (activated or disabled), see Figure 53 "showsys msg-control command output" (page 470).
mtu Specifies system maximum transmission unit (MTU)information.
performance Specifies system performance information, such asCPU utilization, switch fabric utilization, Non-VolatileRandom Access Memory (NVRAM) size, andNVRAM used. The information is updated oncea second, see Figure 54 "show sys performancecommand output" (page 470).
power Specifies power information for the chassis.Command options are:• group—power management settings
• power-supply—power information for eachpower supply
• slot—power information for each slot
record-reservation Specifies the number of reserved records andusage information for each record type. Recordtypes include filter, IP multicasting (IPMC),MAC, and static route, see Figure 55 "show sysrecord-reservation command output" (page 471).
setting Display system settings, see Figure 56 "show syssetting command output" (page 471).
smlt-on-single-cp Specifies the settings for SMLT on a single CP.
software Specifies the version of software running on theswitch, the last update of that software, and theBoot Config Table. The Boot Config Table lists thecurrent system settings and flags, see Figure 57"show sys software command output" (page 472).
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
System information 469
Parameter Description
stats Specifies system statistics. For more informationabout statistics, see Nortel Ethernet Routing Switch8600 Performance Management (NN46205-704).
vlan-bysrcmac Specifies the status of VLANs created by sourceMAC address, either enabled or disabled.
The following figure shows output from the show sys 8648gtr command.
Figure 47show sys 8648gtr command output
The following figure shows output from the show sys action command.
Figure 48show sys action command output
The following figure shows output from the show sys dns command.
Figure 49show sys dns command output
The following figure shows output from the show sys ext-cp-limitcommand.
Figure 50show sys ext-cp-limit command output
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
470 NNCLI show command reference
The following figure shows output from the show sys flags command.
Figure 51show sys flags command output
The following figure shows output from the show sys mgid-usagecommand.
Figure 52show sys mgid-usage command output
The following figure shows output from the show sys msg-controlcommand.
Figure 53show sys msg-control command output
The following figure shows output from the show sys performancecommand.
Figure 54show sys performance command output
The following figure shows output from the show sys record-reservation command.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
System information 471
Figure 55show sys record-reservation command output
The following figure shows output from the show sys setting command.
Figure 56show sys setting command output
The following figure shows output from the show sys softwarecommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
472 NNCLI show command reference
Figure 57show sys software command output
System status (detailed)Use the show tech command to display technical information aboutsystem status and information about the hardware, software, and operationof the switch.
The information available from the show tech command includes generalinformation about the system (such as location), hardware (chassis, powersupplies, fans, and modules), system errors, boot configuration, softwareversions, memory, port information (locking status, configurations, names,interface status), VLANs and STGs (numbers, port members), OSPF(area, interface, neighbors), VRRP, IPv6, RIP, PIM, PGM, and log andtrace files. This command displays more information than the similar showsys-info command. The syntax for this command is as follows.
show tech
The following figure shows representative output from the show techcommand.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Users logged on 473
Figure 58show tech command partial output
Users logged onUse the show users command to display a list of users who are loggedon to the switch. The syntax for this command is as follows.
show users
The following figure shows output from the show users command.
Figure 59show users command output
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
474 NNCLI show command reference
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
475.
Port numbering and MAC addressassignment reference
This section provides information about the port numbering and MediaAccess Control (MAC) address assignment used on the Nortel EthernetRouting Switch 8600.
Navigation• “Port numbering” (page 475)
• “Interface indexes” (page 476)
• “MAC address assignment” (page 477)
Port numberingA port number includes the slot location of the module in the chassis, aswell as the port position in the input/output (I/O) module. In the EthernetRouting Switch 8600, slots are numbered from top to bottom. Figure 60"8010 chassis slots" (page 476) shows slot numbering for an 8010 chassis.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
476 Port numbering and MAC address assignment reference
Figure 608010 chassis slots
Ports are numbered from left to right beginning with 1 for the far leftport. On high-density modules with two rows of ports, ports in the toprow are assigned sequential odd numbers, and ports in the bottom roware assigned sequential even numbers, seeFigure 61 "Port numbers onhigh-density modules" (page 476).
Figure 61Port numbers on high-densitymodules
Interface indexesThe Simple Network Management Protocol (SNMP) uses interface indexesto identify ports, Virtual Local Area Networks (VLAN), and multilink trunks(MLT).
Port interface indexThe interface index of a port is computed using the following formula:
ifIndex = (64 x slot number) + (port number – 1)
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
MAC address assignment 477
where
Slot number is a value between 1–10, inclusive.Port number is a value between 1–48, inclusive.
For example, the interface index of port 1/1 is 64, and the interface indexof port 10/48 is 687.
VLAN interface indexThe interface index of a VLAN is computed using the following formula:
ifIndex = 2048 + VLAN multicast group ID (MGID)
Because the default VLAN always uses an MGID value of 1, its interfaceindex is always 2049.
MLT interface indexThe interface index of a multilink trunk (MLT) for Release 5.0 is computedusing the following formula:
ifIndex = 6143 + MLT ID number
For releases earlier than 5.0, use the following formula:
ifIndex = 4095 + MLT ID number
MAC address assignmentIt is important to understand how MAC addresses are assigned if youperform one of the following actions:
• define static Address Resolution Protocol (ARP) entries for IPaddresses in the switch
• use a network analyzer to decode network traffic
System assigns each chassis a base of 4096 MAC addresses. Within theswitch, system assigns these MAC addresses as follows:
• 512 addresses for ports in the switch (physical MAC addresses)
• 3584 addresses for VLANs in the switch (virtual MAC addresses).
— If you have the maximum VLAN resource reservation(max-vlan-resource-reservation) enabled, you can create only 2000VLANs with an IP address.
— The last 12 addresses are reserved for the SF/CPU.
A MAC address uses the format shown in the following figure.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
478 Port numbering and MAC address assignment reference
Figure 62Parts of a MAC address
The MAC address is divided into the following parts:
• Bits 47–24: Institute of Electrical and Electronics Engineers (IEEE)Organization Unique Identity (OUI) (for example, 00-80-2d)
• Bits 23–12: Chassis ID
• Bit 11-9: Type of MAC address in the switch
If all zeroes (000), it is a port address (physical MAC address);otherwise it is a VLAN address (virtual MAC address)
• Bits 8-0: 512 port MAC addresses
• Bits 11–0: 3584 VLAN MAC addresses
Physical MAC addressesPhysical MAC addresses are addresses assigned to the physicalinterfaces or ports visible on the device. The physical MAC addresses areused in the following types of frames:
• Spanning Tree Protocol Bridge Packet Data Units (BPDU) sent by theswitch
• Frames to or from the physical interface an isolated routing port
BPDUs are sent using the physical MAC address as the source becausethe Spanning Tree Protocol must identify the physical port that sent theBPDU.
The ports on the SF/CPU module use the following last bytes:
• Management port in slot 5: 0xf4
• SF/CPU port (an internal port) in slot 5: 0xf5
• Management port in slot 6: 0xf6
• SF/CPU port in slot 6: 0xf7
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
MAC address assignment 479
Virtual MAC addressesVirtual MAC addresses are the addresses assigned to VLANs. Systemassigns a virtual MAC address to a VLAN when the VLAN is created. TheMAC address for a VLAN IP address is the virtual MAC address assignedto the VLAN.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
480 Port numbering and MAC address assignment reference
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
481.
Customer serviceVisit the Nortel Web site to access the complete range of services andsupport that Nortel provides. Go to www.nortel.com, or go to one of thepages listed in the following sections.
Navigation• “Updated versions of documentation” (page 481)
• “Getting help” (page 481)
• “Express Routing Codes” (page 481)
• “Additional information” (page 482)
Updated versions of documentationYou can download and print the latest versions of Nortel Ethernet RoutingSwitch 8600 NTPs and Release Notes directly from the Internet atwww.nortel.com/documentation.
Getting helpIf you purchased a service contract for your Nortel product from adistributor or authorized reseller, contact the technical support staff for thatdistributor or reseller for assistance.
If you purchased a Nortel service program, you can get help bycontacting one of the Nortel Technical Solutions Centers foundat www.nortel.com/callus; or visit our Technical Support site atwww.nortel.com/support.
Express Routing CodesAn Express Routing Code (ERC) is available for many Nortel products andservices.
When you use an ERC, your call is routed to a technical support personwho specializes in supporting that particular product or service. To locatean ERC for a product or service, go to www.nortel.com/erc.
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
482 Customer service
Additional informationUse the information in the following table to access other areas of theNortel Web site.
For information about Contact
Contact Us www.nortel.com/contactus
Documentation feedback www.nortel.com/documentfeedback
Products (marketing) www.nortel.com/products
Partner Information Center (PIC) www.nortel.com/pic
Register www.nortel.com/register
Search www.nortel.com/search
Services www.nortel.com/services
Training www.nortel.com/training
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
483.
Index
Aaccess policies
configuring, using the CLI 297creating, using the NNCLI 313enabling globally, using the CLI 296
, 317overview of 275specifying the host and username for
rlogin, using the CLI 301access services
allowing network access for, usingthe CLI 303
allowing network access for, usingthe NNCLI 318
enabling, using the CLI 301list of 302
active SF/CPU 25ambient temperature 267autoboot, enable 211autonegotiation, on a CPU port 67, 102
Bbackup SF/CPU, activating 422, 439banner, login 124, 141baud option 70, 105baud rate, setting 70, 105, 218Boot Config tab 198boot configuration 198
displaying 80, 115saving 181
boot configuration choices,displaying 79, 114
boot configuration file 27boot configuration file, identifying 55, 90boot configuration, bypassing 30boot image, verifying after the boot
process 33
boot monitorprompt 49, 53, 87
Boot monitoraccessing 34
boot monitor image load 26boot sequence
changing 30default 51, 54, 87diagram 29summary 25
boot sequence, changing 55boot sources, viewing 55, 90boot-choice parameter 55, 90booting with factory defaults 35, 60, 95BootP (BootStrap Protocol)
enabling 67, 102bootp option 67, 102Bootp, enabling 213box-level prompt 128
Ccard
hardware version 266model number 266part number 266PCMCIA type 266serial number 266status 266types 266
chassisediting 181, 200temperature 182
chassis serial number 182CLI
logging of commands 125CLI commands
setdate 121
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
484
CLI configuration, displaying 79, 114CLI login banner 124commands
setdate 121, 139compression, TCP/IP headers 219config bootconfig commands
cli 53show 79, 114
config ethernet commandext-cp-limit 238
config sys commandsgeneral set 126set action 422
configurationdefault 27displaying
boot 80, 115CLI 79, 114host 80, 114serial port 80, 115SF/CPU port 80, 114
loading 27configuration file
debugging 59, 94syntax checking 63, 98
connection, testing 417–418, 433, 435connector, modem 39Console port
RS-232 port 38console, reset 181counters, reset 181counters, resetting 422, 439
Ddaylight saving time, setting 77, 112daylight-saving-time flag 35, 59, 94debug mode, enable boot 211debugmode flag 35, 60, 94default load order 27defaults
booting with 35, 60, 95login names and passwords 271switch configuration 27
dst-end option 77, 112dst-name option 77, 113dst-offset option 77, 113dst-start option 77, 113
Eegress traffic, mirroring 60, 94egress-mirror flag 35, 60, 94Extended CP Limit, configuring 205
Ffactory defaults, booting with 35, 60, 95factorydefaults flag 35, 60, 95fatal error, debug mode 35, 60, 94file names, changing 30file transfers, FTP 65, 100flag settings, displaying 80, 114flags commands
boot monitor 91boot monitor CLI 56
flash memory, onboard 87FTP transfers 65, 100FTP, enabling 60, 95FTP, enabling boot server 212ftp-debug option 64, 99ftpd flag 35, 60, 95full-duplex mode, enabling 68, 103fullduplex option 68, 103
Gglobal filtering, setting 127, 144
Hhard reset 181hardware revision 182hardware watchdog timer 36, 64, 98hash bucket display, TFTP 65, 100host commands
boot monitor CLI 64, 99host configuration, displaying 80, 114host password option 65, 100
Iidle timeout 50, 54, 87, 124image file, identifying 55, 90interface index 476IP address, assigning physical port 68
, 103IPv6
Management port address,configuring 216
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
485
JJumbo frames
enabling using Device Manager 199enabling using the CLI 231enabling using the NNCLI 252overview 174supported modules and interfaces 175tagged VLAN support 175
LLayer 2 SF/CPU redundancy
hot standby 174warm standby 174
LED, enabling the alternate LED 212logging flag 35, 61, 96logging, trace 36, 63, 98login banner 124, 141login names
default 271login prompt, changing using NNCLI 139Loop detection
configuring using the CLI 239configuring using the NNCLI 261
MMAC
management port address 213MAC address
block used by switch 182MAC address assignment 477management port, assigning IP
address 68, 103management port, editing 216master command 101master SF/CPU
and master command 101displaying location 80, 114master command 65
max rlogins, using NNCLI 139max Telnet sessions, using NNCLI 139message of the day 125message of the day, NNCLI 142MIBs
checking MIB topology status 404viewing the topology message
status 405modem port, resetting 439Modem port, resetting 422modem, connecting 39
modem, reset 181MTU
serial port 219mtu option 71, 105Multi-Link Trunk interface index 477my-ip option 71, 105
Nnet commands 66, 101Network Time Protocol. See NTP 349NMM (network management MIB) 405NNCLI
logging of commands 142NNCLI commands
setdate 139NNCLI login banner 141NNCLI show command reference
show sys power command 465show sys power power-supply
command 466show sys power slot command 466
NTPAccessAttempts field 358AccessFailure field 358AccessSuccess field 358authentication 353Authentication field 358best available time server 352client device 350Coordinated Universal Time (UTC) 349description 349Enable field 357–358enabling globally 363, 371hierarchical 350Interval field 357KeyID field 358–359KeySecret field 359Message Digest 5 (MD5) 353modes of operation 352peer device 350primary time server 350Real Time Clock 350secondary time server 350ServerAddress field 358stratum 351synchronization subnet 350time distribution 351UDP 349unicast client mode 350
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
486
Ooffset, time zone 78, 113offset-from-utc option 78, 113onboard flash memory 87
Ppassword commands 281, 292, 310password prompt 123, 140password prompt, changing using
NNCLI 139passwords
default 271PCMCIA card 66, 101PCMCIA type 266peer-ip option 71, 106performance, system 453, 468physical MAC address 478pin assignments, Modem port 39point-to-point link 71, 105port
enabling 67locking 129Modem 422, 439SF/CPU 66, 101
port locking, enabling 129port numbering 476ports
interface index 477numbering 475
power supplyviewing power supply parameters 268
PPP configuration file 219pppfile option 71, 106primary file source 87prompt
boot monitor 49, 53, 87box-level 128root-level 128, 145
prompt, password 123, 140
Rreboot flag 36, 62, 97reboot, enable on error 211redundant switch fabric modules 25remote host login, defining 64, 99remote login
number allowed, setting 49username, setting 65, 100
remote login, configuring numberallowed 123, 140
reserve records 232, 253reset
console 181counters 181hard 181modem 181soft 181
restart option 68, 71, 103, 106retransmission timeout, TFTP 65, 100Rlogin
enable boot server 212rlogind flag 36, 62, 97root-level prompt 128, 145route option 68, 103route, configuring for port 68, 103run-time configuration source 199, 211run-time configuration, saving 181run-time image 27run-time image source 199, 211
Ssaved configuration file, failure to load 54secondary file source 87serial number of cards 266serial number, chassis 182serial port
configuring 69, 103settings, displaying 80, 115
setdate command 121, 139setting the time 201SF/CPU clock synchronization 38SF/CPU network port devices 66, 101SF/CPU port, displaying
configuration 80, 114SF/CPU, accessing standby 416, 433SF/CPU, active 25SF/CPU, switch control 181show bootconfig commands 79, 114show cli commands
info 445, 462password 441, 459who 458
show cli show-all command 442show config command 443, 460show ntp server stat command 448, 464show sys commands 469–471show sys commands, info 446, 463show sys power global command
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
487
NNCLI 466show sys power info command 449show sys power slot-info 450show tech command 450, 472show users command 473sio commands 69, 103sio mode option 71, 105slip-compression option 72, 106slip-rx-compression option 72, 106slot numbering 476soft reset 181software version 179, 199source MAC-based VLAN, enabling 130speed option 69, 103switch configuration load 27switch fabric, redundant 25system logging 35, 61, 96system performance, verifying 453, 468System tab 178
TTCP/IP header compression 72, 106TCP/IP headers, compressing 219technical information, viewing 450, 472Telnet
enable for boot 211Telnet sessions
boot monitor 50number allowed 124, 141
telnetd flag 36, 63, 98temperature of chassis 182temperature, ambient 267tertiary file source 87TFTP hash bucket display 65, 100tftp option 69, 103TFTP retransmission timeout 65, 100TFTP server, setting 69, 103TFTP, enabling boot server 212tftp-debug option 65, 100tftp-hash command 65, 100tftp-rexmit option 65, 100tftp-timeout option 65, 100tftpd flag 36, 63, 98time server
primary 350time zone
displaying 80, 115time zone commands 76, 111time, setting 201timeout
idle 50, 54, 87TFTP 65, 100
timeout, idle 124timer, watchdog 64, 98topology 404topology table 129, 453trace logging 36, 63, 98trace-logging flag 36, 63, 98transfers, FTP 65, 100troubleshooting
configuration file does not load 54tz commands 76, 111
Uuniversal standard time 352user option 65, 100User Set Time tab 201
Vverify-config flag 36, 63, 98virtual MAC address 479VLAN interface index 477
Wwatchdog timer 36, 64, 98watchdog, enable boot timer 211wdt flag 36, 64, 98
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
488
Nortel Ethernet Routing Switch 8600Administration
NN46205-605 02.05 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
.
Nortel Ethernet Routing Switch 8600
AdministrationRelease: 5.1Publication: NN46205-605Document revision: 02.05Document release date: 28 April 2010
Copyright © 2008-2010 Nortel Networks. All Rights Reserved.
While the information in this document is believed to be accurate and reliable, except as otherwise expressly agreed to in writingNORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESSOR IMPLIED. The information and/or products described in this document are subject to change without notice.
Nortel, Nortel Networks, the Nortel logo, and the Globemark are trademarks of Nortel Networks.
All other trademarks are the property of their respective owners.
To provide feedback or to report a problem in this document, go to www.nortel.com/documentfeedback.
www.nortel.com