Professional Documents
Culture Documents
Page 1 of 82
All rights reserved. Printed in the Peoples Republic of China. No part of this document may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise without the prior written consent of Maipu Communication Technology Co., Ltd. Maipu makes no representations or warranties with respect to this document contents and specifically disclaims any implied warranties of merchantability or fitness for any specific purpose. Further, Maipu reserves the right to revise this document and to make changes from time to time in its content without being obligated to notify any person of such revisions or changes. Maipu values and appreciates comments you may have concerning our products or this document. Please address comments to:
All other products or services mentioned herein may be registered trademarks, trademarks, or service marks of their respective manufacturers, companies, or organizations.
Page 2 of 82
Presentation: (Introductions, procedures, illustrations, completeness, arrangement, appearance) Good Fair Average Poor Accessibility: (Contents, index, headings, numbering) Good Fair Average Poor Editorial: (Language, vocabulary, readability, clarity, technical accuracy, content) Good Fair Average Poor
Please check suggestions to improve this document: Improve introduction Make more concise Improve Contents Add more step-by-step procedures/tutorials Improve arrangement Add more technical information Include images Make it less technical Add more detail Improve index
If you wish to be contacted, complete the following: Name Postcode Telephone Company Address E-mail
Page 3 of 82
Contents
Configure & Manage System......................................................................6
Configure System ...................................................................................................6 Configure System Name .........................................................................................6 Configure System Time...........................................................................................7
Configure Time Zone ...............................................................................................................8
Control Temperature............................................................................................. 76
Temperature Alarm and System Control.................................................................................76
Page 4 of 82
Page 5 of 82
The contents are as follows: Configure system Manage System System tools
Configure System
In Maipu switches, the main tasks of configuring system are as follows: Configure the system name Configure the system time Configure the login security service
Page 6 of 82
The following instance will change the system name from switch to switch_1:
The following instance configures the system time as 09:36:10, November 15, 2001 by the command clock.
Command switch#clock 2001 11 15 9 36 10 switch#show clock UTC: THU NOV 09:36:15 2001 15 Description In the privileged user mode, to execute the command to configure the time of the system calendar as 09:36:10, November 15, 2001. Display the present calendar time of the system. The present time is 09:36:10, November 15, 2001, Thursday; By default, the time zone of the system is UTC.
Page 7 of 82
hourOffset [minOffset]}
config
As shown in the following example, run the clock timezone command to set the system time zone to: one hour and 10 minutes ahead of current time.
Command switch(config)#clock timezone test -1 10 switch#show clock test(UTC-20:30) THU NOV 15 08:28:15 2001 Description In the global configuration mode, the command is used to set the system time zone to: name: test, one hour 10 minutes ahead of current time. Display the current time of the system. The current time is 2001-11-15 08:28:15, Thursday. The system time zone is one hour 10 minutes ahead of UTC time, that is, the current UTC time is: 2001-11-15 09:38:15.
The function of preventing the brute-force attack on user login password is to prevent the illegal users from cracking the user name and password used for logging into the Maipu switch. When the system finds that the authentication failure times of continued login from a user reaches the specified times, the system forbids the login connection from that IP address in a given period.
The function of preventing the fast connection is to prevent the illegal users from initiating a great deal of login requests to the switch in a short period which occupies a lot of system and network resources. If the times of repeatedly logging into a switch from a user reaches the configured
Maipu Confidential & Proprietary Information Page 8 of 82
times, the system forbids the login connection requests from that IP address in a given period.
The commands for configuring the login security service are as follows:
Command service login-secure Description Enable service the system security Config mode config config
login-secure checkrecord-interval
<30m-14400m>
Configure the interval time for the login security service clearing the aged login authentication failures and the fast connection information. 60 minutes by default. Configure the time for the login security service forbidding the illegal IP address to log in. 10 minutes by default. Configure the authentication failure continued login after security service takes times by default. maximum times for the login effect. 5
login-secure time
144000m>
<10m-
forbid-
config
config
login-secure aging-time
record-
1440m>
<15m-
Configure the time for the login security service aging the login authentication failure and the fast connection information. 15 minutes by default. Configure the maximum connection times of the preventing fast connection function. 20 times by default. Configure the minimum interval time between two connections of the preventing fast connection function. 30s by default. Configure the forbidding time for the illegal IP address to log in after the preventing quickconnection function takes effect. 20 minutes by default. View the login authentication failure records of the login security service View the quick-connection records of the login security service
config
config
<10-10000>
login-secure quickconnect restrictinterval <10s-600s> login-secure quickconnect unrestrictinterval <10m1440m> show login-secure information show login-secure quick-connect
config
config
enable
enable
Default status: By default, the login security service is enabled when the system starting up Note
Page 9 of 82
Execute the command no service login-secure to disable the login security service; meanwhile clear all login connection records.
Manage System
The contents of the section are as follows: Overview Manage file system Configure the file management
Overview
This section mainly describes the related contents of the system management, comprises managing the file system, configuring the file management, system authentication and command hierarchical authorization.
File System
Maipu switches have three kinds of storage mediums. Their functions are as follows: SDRAM: it is used as the space for a switch executing the application programs FLASH: it is used to store the application programs, configuration files and BootROM programs etc. EEPROM: it is used to store the configuration files and the user information that are often being changed.
Page 10 of 82
There are three kinds of files managed by Maipu switches: Switch application programit is used to transmit routes, manage files and manage system etc. Configuration fileIt is used to store the system parameters configured by users. BootROM fileit is used to store the basic data initialized by system.
Maipu switches construct a DOS-based file system for storing the information that rarely needs to be changed, such as the application programs (protocol software and driver etc.) and BootROM programs of a switch. The file system is called TFFS (True Flash File System).
Page 11 of 82
The file system management of a switch is composed of two parts, they are: file management and directory management. Because TFFS is based on DOS file system, long file names are not supported. Each directory name can be a maximum of eight characters in length, each file name follows the 8.3 naming standard.
Command Format: volume - Execute in the file system configuration mode show filesystem - Execute in the privileged user mode
Application Instance: In the file system configuration mode, execute the command volume: switch(config-fs)#volume
0x5fe2bd0 volume descriptor ptr (pVolDesc): cache block I/O descriptor ptr (cbio): 0x2839e70 auto disk check on mount: NOT ENABLED max # of simultaneously open files: 22 file descriptors in use: 0 # of different files in use: 0 # of descriptors for deleted files: 0 # of obsolete descriptors: 0
current volume configuration: - volume label: NO LABEL ; (in boot sector: ) - volume Id: 0x0 126,968 - total number of sectors: /*sectors of the file system */ - bytes per sector: 512 /* bytes of each sector */ - # of sectors per cluster: 4 /* sectors of each cluster*/ - # of reserved sectors: 1 /* of the reserved sectors*/
Maipu Confidential & Proprietary Information Page 12 of 82
- FAT entry size: FAT16 /* size of FAT */ - # of sectors per FAT copy: 124 /*sectors occupied by each FAT */ - # of FAT table copies: 2 /* copies of FAT table */ 8 /* hidden - # of hidden sectors: sectors */ /* the location of - first cluster is in sector # 264 the first cluster in sector */ - Update last access date for open-read-close = FALSE - directory structure: VFAT /* directory structure */ 249 /* the - root dir start sector: start sector of root directory */ - # of sectors per root: 15 /* the sectors occupied by root directory */ - max # of entries in root: 240 /* the maximum number of entries in root directory */ FAT handler information: ------------------------ allocation group size: can be allocated */ - free space on volume: system free space */
2.
File management
By utilizing the file manage commands in the file system configuration mode, users can operate all files in TFFS: Directory Copy files Delete files View contents of files
The instances of applying the commands of file management are as follows: A. Directory Command Format: dir Application instance:
Page 13 of 82
switch(config-fs)#dir size date time name ------------------------1930 JAN-01-1980 00:00:00 LOGGING 4 JAN-01-1980 00:00:00 RANDOM 3160 JAN-01-1980 00:00:00 STARTUP 3160 JAN-01-1980 00:00:00 SCRIPT
B. Copy files The file copy command can be used to copy files in the FLASH file system, FTP server, TFTP server, startup configuration and running configuration. The command formats are as follows:
copy {(filesystem /flash|/cfcard|/usb)|(ftp [vrf vrf-name] hotname username passwd)|(running-config)|(startup-config)|(tftp [vrf vrfname] hotname)} source-filename {(filesystem /flash|/cfcard|/usb)|(ftp [vrf vrf-name] hotname username passwd)|(running-config)|(startupconfig)|(tftp [vrf vrf-name] hotname)} dest-filename ftpcopy [vrf vrf-name] dest-ipaddress ftp-username ftp-password sourcefilename /flash/dest-filename tftpcopy [vrf vrf-name] dest-ipaddress source-filename /flash/destfilenam xmodemcopy source-filename trans-baudrate
The following explains each copy type in detail. Copy files from FLASH file system to FLASH file system Command Format:
copy filename
filesystem
/flash/source-filename
filesystem
/flash//dest-
Application instance: switch(config-fs)#dir size date time name ------------------ -------2048 JAN-01-1980 00:00:30 mpssh
<DIR>
Page 14 of 82
JAN-01-1980 00:00:24
random
switch(config-fs)#copy
filesystem
Copying... Completed switch(config-fs)#dir size date time name ------------------ -------2048 JAN-01-1980 00:00:30 mpssh 4 JAN-01-1980 00:00:24 random 4 JAN-01-1980 00:10:16 abc
<DIR>
<DIR>
<DIR>
Page 15 of 82
11577
JAN-01-1980 00:09:10
abc
Copy a file of FLASH file system as the start-up configuration file Command Format:
<DIR>
<DIR>
<DIR>
Page 16 of 82
Copy the startup configuration to the host via FTP Command Format: copy startup-config ftp [vrf vrf-name] dest-ipaddress ftpusername ftp-password dest-filename Application instance: switch(config-fs)#copy startup-config ftp 128.255.42.180 123 123 test Copying!Total 510 bytes copying completed.
Copy the startup configuration to the host via TFTP Command Format: copy startup-config tftp [vrf vrf-name] dest-ipaddress destfilename Application instance: switch(config-fs)#copy startup-config tftp 128.255.42.180 test Completed! Copy the running configuration as a file of FLASH file system Command Format:
<DIR>
<DIR>
Page 17 of 82
copy running-config ftp [vrf vrf-name] dest-ipaddress ftpusername ftp-password dest-filename Application instance: switch(config-fs)#copy running-config ftp 128.255.42.180 123 123 test Copying!Total 510 bytes copying completed.
Copy the running configuration to the host via TFTP Command Format: copy running-config tftp [vrf vrf-name] dest-ipaddress destfilename Application instance: switch(config-fs)#copy running-config tftp 128.255.42.180 test Completed!
Copy the running configuration as the startup configuration Command Format: copy running-config startup-config Application instance: switch(config-fs)#dir size date time name ------------------ -------2048 JAN-01-1980 00:00:30 mpssh 4 JAN-01-1980 00:00:26 random
<DIR>
switch(config-fs)#copy running-config startup-config Building Configuration...done switch(config-fs)#dir size date time name ------------------ -------2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:26 random 495 JAN-01-1980 00:33:28 startup switch(config-fs)# Copy files from ftp server to FLASH file system Command Format:
copy ftp [vrf vrf-name] dest-ipaddress ftp-username ftp-password source-filename file-system /flash /dest-filename
same as the command ftpcopy
Page 18 of 82
Application instance: switch(config-fs)#dir size date time name ------------------ -------2048 JAN-01-1980 00:00:30 mpssh 4 JAN-01-1980 00:00:24 random
<DIR>
<DIR>
Note The same as the command tftpcopy Application instance: switch(config-fs)#dir size date time name ------------------ -------2048 JAN-01-1980 00:00:30 mpssh 4 JAN-01-1980 00:00:26 random
<DIR>
switch(config-fs)#copy /flash/abc
tftp
128.255.42.180
test
file-system
Downloading##OK! switch(config-fs)#dir size date time name ------------------ -------2048 JAN-01-1980 00:00:30 mpssh 4 JAN-01-1980 00:00:26 random 495 JAN-01-1980 01:01:00 abc switch(config-fs)# Copy from TFTP server to the startup configuration file Command Format: copy tftp [vrf startup-config Application instance: switch(config-fs)#dir size date time name ------------------ -------2048 JAN-01-1980 00:00:30 mpssh 4 JAN-01-1980 00:00:26 random vrf-name] dest-ipaddress
<DIR>
source-filename
<DIR>
switch(config-fs)#copy tftp 128.255.42.180 test startup-config Downloading##OK! switch(config-fs)#dir size date time name ------------------ -------2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:26 random 495 JAN-01-1980 01:03:28 startup switch(config-fs)# Copy files to FLASH file system by using xmodem protocol via the configuration port Command Format:
Page 20 of 82
xmodemcopy dest-filename trans-baudrate Application instance: switch(config-fs)#dir size date time name ------------------ -------2048 JAN-01-1980 00:00:30 mpssh 4 JAN-01-1980 00:00:26 random
<DIR>
switch(config-fs)#xmodemcopy abc 9600 Now ready to receive file.Please send file with XMODEM protocol.If you want to cancel in progress,press CTL+C key... Receive file successfully!! switch(config-fs)#dir size date time name ------------------ -------2048 JAN-01-1980 00:00:30 mpssh 4 JAN-01-1980 00:00:26 random 512 JAN-01-1980 01:30:32 abc switch(config-fs)# C. Delete files
<DIR>
Command Format: delete filename Application instance: switch(config-fs)#dir size date time name ------------------ -------2048 JAN-01-1980 00:00:30 mpssh 4 JAN-01-1980 00:00:26 random 512 JAN-01-1980 01:30:32 abc
<DIR>
switch(config-fs)#delete abc WARNING: The Data of this file will be lost! if OS is deleted,the system will hangup! Please confirm to continue?(Yes/No)y Delete /flash/abc OK switch(config-fs)#dir size date time name ------------------ -------2048 JAN-01-1980 00:00:30 mpssh 4 JAN-01-1980 00:00:26 random switch(config-fs)#
<DIR>
Page 21 of 82
D. View the contents of files Command Format: type filename Application instance: switch(confgi-fs)#type startup file startup The contexts of file startup View the contents of the
Building Configuration...done ! Current configuration : 49084 bytes ! ! No configuration change since last restart ! Configuration version 0.8 ! !software version 6.1.0(sw-100)(integrity) !software image file flash0: /flash/sphb-g-6.1.0(sw-100).pck !compiled on May 12 2009, 02:27:35
hostname switch
service timestamps debug datetime service timestamps log datetime service taskname debug service taskname log no service password-encrypt no service new-encrypt service login-secure
enable password OW encrypt
user a password 0 a no exception reboot ip load-sharing per-packet vfp-action-group a untag ovlan-act add_ovlan 3
exit
ip access-list standard 10 10 permit host 129.255.8.7 vfp-action-group a exit mpls label range 70000 1048575 mpls ip
Page 22 of 82
no mpls ttl-propagate mpls ttl-expiration 0 ip multicast-routing spanning-tree transmit hold-count 10 spanning-tree mst instance 1 priority 12288 spanning-tree enable lacp system-priority 168 link-aggregation 1 mode manual link-aggregation 2 mode manual vlan 1 description DEFAULT exit vlan 2 description VLAN0002 exit vlan 3 description VLAN0003 exit vlan 4 description VLAN0004 exit vlan 5 description VLAN0005 exit vlan 6 description VLAN0006 exit vlan 7 description VLAN0007 exit vlan 8 description VLAN0008 exit vlan 9 description VLAN0009
Maipu Confidential & Proprietary Information Page 23 of 82
exit vlan 10 description VLAN0010 exit mac-vlan mac-address 0001.7a99.8877 vlan 3 all mac-vlan mac-address 2222.2222.2222 vlan 100 all ip-subnet-vlan ipv4 1.1.0.0 mask 255.255.0.0 vlan 3 untagged ip-subnet-vlan ipv4 10.0.0.0 mask 255.255.0.0 vlan 2 all ip-subnet-vlan ipv4 129.255.0.0 mask 255.255.0.0 vlan 3 all protocol-vlan profile 1 frame-type ETHERII ether-type 0x800 all protocol-vlan profile 2 frame-type ETHERII ether-type 0x8100 untagged protocol-vlan profile 3 frame-type ETHERII ether-type 0x900 untagged protocol-vlan profile 16 frame-type ETHERII ether-type 0x6800 all mac-address static 0001.0002.0002 vlan 1500 drop mac-address static 0001.0002.0003 vlan 1500 drop mac-address static 0001.0002.0001 vlan 1500 drop cpu-packet ospf cos 7 evc aaa type point-to-point svlan-id 999 cevlan-id 2 exit !slot_2_SM68A-24GETH !end !slot_6_SM68A-24GETH !end link-aggregation 4 port mode trunk port trunk allowed vlan 1,3001-3100 port trunk pvid vlan 1 spanning-tree portfast edgeport exit interface null0 exit
Page 24 of 82
interface dc0 ip address 128.255.40.114 255.255.252.0 mac-address 0810.abcd.aecd ip access-group 2 in exit interface loopback0 ip address 23.23.23.23 255.255.255.255 exit interface loopback1 exit interface vlan6 ip address 33.0.0.68 255.255.255.0 exit interface vlan7 ip address 144.0.0.68 255.255.255.0 exit interface vlan8 ip address 134.0.0.68 255.255.255.0 exit interface vlan9 ip address 69.0.0.68 255.255.255.0 exit interface vlan10 ip address 34.0.0.68 255.255.255.0 exit interface tunnel0 exit interface tunnel1 tunnel source vlan4091 tunnel destination 140.0.0.38 ip address 14.0.0.68 255.255.0.0 exit router rip version 2 no auto-summary address-family ipv4 vrf w1 version 2 network loopback4001
Maipu Confidential & Proprietary Information Page 25 of 82
network vlan4001 network vlan4030 network vlan4090 network vlan4091 no auto-summary exit-address-family exit router ospf 23 ispf network 10.0.0.0 0.0.0.255 area 0 network 23.23.23.23 0.0.0.0 area 0 exit router ospf 1000 network 12.0.0.0 0.255.255.255 area 0 exit ftp enable ftp max-user-num 4 snmp-server start snmp-server view default 1.0.8802 include snmp-server view default 1.1.2 include snmp-server view default 1.3.111 include snmp-server view default 1.3.6.1 include snmp-server community public view default rw line con 0 exec-timeout 0 0 line vty 0 15 Jan exec-timeout 0 01 0 0:45:06: [tCMMHlpe no loginr][HAM]: Lp u 6 core temperatu exitre warn,tempNow !end
Directory Management
In the switch, the directory management covers: 1. 2. 3. 4. Print the home path of the system. Change the current path. Create the directory. Delete the directory.
Page 26 of 82
The following is the example of directory management command: 1. Print the home path of the system
Command: pwd Application example: switch(config-fs)#pwd /flash switch(config-fs)# The content indicates that the system is in the /flash directory.
2.
Command: mkdir dir-name Application example: switch(config-fs)#mkdir maipu switch(config-fs)#dir size -------1930 4 3160 512 3160 date -----time -----name -------LOGGING RANDOM STARTUP MAIPU SCRIPT <DIR>
JAN-01-1980 00:00:00 JAN-01-1980 00:00:00 JAN-01-1980 00:00:00 JAN-01-1980 00:00:00 JAN-01-1980 00:00:00
3.
Command: cd dest-dirname
Page 27 of 82
Application example: switch(config-fs)#cd maipu switch(config-fs)#pwd /flash/maipu The content indicates that the system is in the /flash/maipu directory.
4.
Command: rmdir dir-name Application example: switch(config-fs)#cd /flash switch(config-fs)#rmdir maipu WARNING: The Data of this dir will be lost! if OS is deleted,the system will hangup! Please confirm to continue?(Yes/No)y switch(config-fs)#dir size -------1930 4 3160 3160 date -----time -----name -------LOGGING RANDOM STARTUP SCRIPT
Page 28 of 82
2.
To save the space of flash, save only the commands in configuration modes (including global configuration mode, interface configuration mode, file system configuration mode, access list configuration mode, and routing protocol configuration mode). The organization of commands is subject to the command mode. The commands in the same mode are organized into a paragraph. The sequence of the paragraph is as follows: global configuration mode, interface configuration mode, and route configuration mode. Categorize according to the relation between commands. The relevant commands form a group and groups are separated by blank line.
3. 4. 5.
The following is an example of Maipu configuration file: (The meaning of the information is provided in subsequent chapters).
switch#sh running-config Building Configuration...done ! Current configuration : 49084 bytes ! ! No configuration change since last restart ! Configuration version 0.8 ! !software version 6.1.0(sw-100)(integrity) !software image file flash0: /flash/sphb-g-6.1.0(sw-100).pck !compiled on May 12 2009, 02:27:35 hostname switch service timestamps debug datetime service timestamps log datetime service taskname debug service taskname log no service password-encrypt no service new-encrypt service login-secure enable password OW encrypt user a password 0 a no exception reboot
ip load-sharing per-packet
Page 29 of 82
vfp-action-group a untag ovlan-act add_ovlan 3 exit ip access-list standard 10 10 permit host 129.255.8.7 vfp-action-group a exit mpls label range 70000 1048575 mpls ip no mpls ttl-propagate mpls ttl-expiration 0 ip multicast-routing spanning-tree transmit hold-count 10 spanning-tree mst instance 1 priority 12288 spanning-tree enable lacp system-priority 168 link-aggregation 1 mode manual link-aggregation 2 mode manual vlan 1 description DEFAULT exit vlan 2 description VLAN0002 exit vlan 3 description VLAN0003 exit vlan 4 description VLAN0004 exit vlan 5 description VLAN0005 exit vlan 6 description VLAN0006
Maipu Confidential & Proprietary Information Page 30 of 82
exit vlan 7 description VLAN0007 exit vlan 8 description VLAN0008 exit vlan 9 description VLAN0009 exit vlan 10 description VLAN0010 exit mac-vlan mac-address 0001.7a99.8877 vlan 3 all mac-vlan mac-address 2222.2222.2222 vlan 100 all ip-subnet-vlan ipv4 1.1.0.0 mask 255.255.0.0 vlan 3 untagged ip-subnet-vlan ipv4 10.0.0.0 mask 255.255.0.0 vlan 2 all ip-subnet-vlan ipv4 129.255.0.0 mask 255.255.0.0 vlan 3 all protocol-vlan profile 1 frame-type ETHERII ether-type 0x800 all protocol-vlan profile 2 frame-type ETHERII ether-type 0x8100 untagged protocol-vlan profile 3 frame-type ETHERII ether-type 0x900 untagged protocol-vlan profile 16 frame-type ETHERII ether-type 0x6800 all mac-address static 0001.0002.0002 vlan 1500 drop mac-address static 0001.0002.0003 vlan 1500 drop mac-address static 0001.0002.0001 vlan 1500 drop cpu-packet ospf cos 7 evc aaa type point-to-point svlan-id 999 cevlan-id 2 exit !slot_2_SM68A-24GETH !end !slot_6_SM68A-24GETH
Maipu Confidential & Proprietary Information Page 31 of 82
!end link-aggregation 4 port mode trunk port trunk allowed vlan 1,3001-3100 port trunk pvid vlan 1 spanning-tree portfast edgeport exit interface null0 exit interface dc0 ip address 128.255.40.114 255.255.252.0 mac-address 0810.abcd.aecd ip access-group 2 in exit interface loopback0 ip address 23.23.23.23 255.255.255.255 exit interface loopback1 exit interface vlan6 ip address 33.0.0.68 255.255.255.0 exit interface vlan7 ip address 144.0.0.68 255.255.255.0 exit interface vlan8 ip address 134.0.0.68 255.255.255.0 exit interface vlan9 ip address 69.0.0.68 255.255.255.0 exit interface vlan10 ip address 34.0.0.68 255.255.255.0 exit interface tunnel0 exit
Page 32 of 82
interface tunnel1 tunnel source vlan4091 tunnel destination 140.0.0.38 ip address 14.0.0.68 255.255.0.0 exit router rip version 2 no auto-summary address-family ipv4 vrf w1 version 2 network loopback4001 network vlan4001 network vlan4030 network vlan4090 network vlan4091 no auto-summary exit-address-family exit router ospf 23 ispf network 10.0.0.0 0.0.0.255 area 0 network 23.23.23.23 0.0.0.0 area 0 exit router ospf 1000 network 12.0.0.0 0.255.255.255 area 0 exit ftp enable ftp max-user-num 4 snmp-server start snmp-server view default 1.0.8802 include snmp-server view default 1.1.2 include snmp-server view default 1.3.111 include snmp-server view default 1.3.6.1 include snmp-server community public view default rw line con 0 exec-timeout 0 0 line vty 0 15 exec-timeout 0 01 0 !end
Page 33 of 82
The following instance is given to explain how to download the switch configuration file via FTP: Step 1: Edit the configuration file named config on a PC Step 2: Enable the FTP SERVER on the PC; Step 3: Execute the command ftpcopy in the file configuration mode of the switch to download the configuration file from the PC;
As follows: switch(config-fs)#ftpcopy A.B.C.D switch switch1 config startup PC address, user name, password, file name, local file name
The above commands is to download the configuration file config from the PC whose address is A.B.C.D to the switch and write into the current directory of the switch TFFS with the name startup. Here, execute the command dir; you can see a new file-startup is added into the directory. switch(config-fs)#dir size date time name ------------------------1930 JAN-01-1980 00:00:00 LOGGING 4 JAN-01-1980 00:00:00 RANDOM 3160 JAN-01-1980 00:00:00 STARTUP 3160 JAN-01-1980 00:00:00 SCRIPT Downloading the configuration file via TFTP is similar with downloading via FTP. The only difference between them is that the computer needs to run TFTP SERVER.
Step 4: Restart the switch, execute the configuration file-startup and modify the system configurations.
Page 34 of 82
The following command can be executed to save the running configuration into the startup configuration file (STARTUP):
The following command can be executed to save the running configuration into the remote host via TFTP:
The following command can be executed to save the startup configuration file into the remote host via TFTP:
Page 35 of 82
Note Before a user logging into the file system of a switch via ftp mode, the user name and password need to be configured on the switch.
Page 36 of 82
Modify user level Modify command level Set enable password Configure user and related attributes Set line attributes View user level
Overview
In order to enhance the operation security of a switch, Maipu series switches provide various authentication managements (include AAA, please refer to <Configure AAA>) when users logging in or perform enable operation. Only the users who have the corresponding rights can log in or operate enable successfully.
In order to authorize the executable commands set with different levels for different level of users, the commands of maipu switch are graded from level 0-15. Here, the level 0 has the lowest right while the level 15 has the highest.
Basic Commands
Command enable user-level privilege MODE level 0 15 all | command LINE no privilege MODE {CR | level 0 15 { CR |all | command LINE } } enable password level 1 15 [0] string enable password no enable password CR| level 1~15 user string password 0 Description Modify the user level Modify the command level Recover a command to the default level Config mode switch> enable config config
Set the enable password Set the enable password Delete the enable password Set the user password Set that a user can log in without password authentication Set the authorized level of a user Set the authorized auto-execute command of a
string
[0 ]
LINE
user string nopassword user string privilege 0-15 user string autocommand
Page 37 of 82
user Set the option of a user executing the autocommand; nohangup means the connection is not disconnected after the auto-command is executed; delay means after how many seconds delayed the auto-command is executed.
config
Note 1. 2. Specify a user level 0-15 after enable and enter the corresponding level. By default, the level is 15 if not specified. If the level of a user is higher than the user level he is going to enter, then he can enter the related level directly without any authentication. If the user is going to enter a level which is higher than his, the user needs to pass the authentication according to the current configuration, and the authentication method is selected according to the configuration. If the enable password of the corresponding level is configured (configure via the command enable password level) and if no enable authentication of AAA is configured or the enable authentication of AAA uses enable means, the password can be used to authenticate. If no enable password of the corresponding level is configure but the enable authentication means uses the local enable password to authenticate, there are two kinds of situations:
3.
4.
Page 38 of 82
a)
If it is a telnet user, the authentication is failed. % No password set is prompted if aaa is not configured; % Error in authentication is prompted if aaa is configured; If it is a console interface user and the aaa is configured, then the enable login tries to use the enable password to authenticate at first. If there is no enable password, it uses none authentication means, which means that the authentication is passed by default. If the aaa is not configure, then % No password set is prompted and the authentication is failed.
b)
5.
If the enable authentication is passed, then the user enters the specified user level and the user possesses the corresponding level. Via the command show privilege the user level can be viewed. If configured aaa authentication enable default method and use the corresponding method list to process the enable authentication, then the corresponding methods need to be used for authenticating, they are as follows: a) b) If configured: aaa authentication enable default none; no password is needed If configured: aaa authentication enable default line; if configured line password then use the password, or % Error in authentication is prompted and the authentication is failed. If configured: aaa authentication enable default radius, use the radius authentication. Notice, the user name of radius enable authentication is fixed, that is $enab+level$. Level is a number of 1-15, that is the level the user is going to enter. Because radius uses the user name of the fixed rule, users do not need to input the user name when authenticating, just input the password to pass. If the password of the user name with corresponding level is configured on the radius sever, then input the corresponding password to log in successfully, or the authentication is failed. For instance, execute the command enable 10, then use the fixed user name $enab10$; if the user name exists on the radius sever, then input the user name and corresponding password to pass the authentication. If configured: aaa authentication enable default tacacsuse the tacacs authentication. If there is a user name when logging in, then users can use the user name and input the enable password of the user name to log in; otherwise users need to input a username and the enable password of it. If the input user name exists on the tacacs sever, and the enable password of tacacs is configured (notice: the corresponding enable password needs to be set for users on the tacacs sever), then the authentication is passed, or is failed.
6.
c)
d)
The above enable authentication methods can be combined to use, please refer to chapter 15 <Configure AAA >.
Page 39 of 82
Users can only execute the commands whose levels are equal with or lower than the levels of themselves. For instance, if a user whose user level is 12, he can only execute the commands of level 0-level 12.
Note 1. 2. When a user executing a command, whether the user has the corresponding level right depends on the configuration. When executing show run or show startup, whether the present user has the level right for configuring a script depends on the configuration. The input command character string follows the rule of match most, which means the input character string can be found and the result is only it. But in the script, it completes the character string as a full command. The command no can be used to recover the command level of the corresponding command set to the default level.
3.
4.
MODE
level {0-15} request all command
MODE means the mode that the command needs to be configured in, includes all modes of the present system. Parameter 0-15 is a level specified for a command
Configure as the responder Specify all commands in the present mode as a level Can input some keywords that a command starts with; all sub-commands start with the specified keywords are also belong to the configured level
Page 40 of 82
user-name password
user
user-name command-line
user
autocommand
Note Each command has the corresponding no command; the no command can be used to cancel the corresponding configuration.
Page 41 of 82
config-line config-line
{[nohangup]
config-line
exec-timeout [0_2147483]
{0_35791}
config-line
Page 42 of 82
Configure the line password Configure the login authentication mode. Here login CR uses the line password to authenticate; Login authentication uses AAA authentication mode. No login means users can log in without authentication (this can be used only when AAA is not configured). For common telnet, it is login by default; for ssh, login local by default.
config-line config-line
authorization exec {default | word} authorization commands {default | word} accounting exec {default|word}
level
word}
Configure the authentication mode and the accounting mode, if the aaa is enabled (command aaa new-model), then can specify the authentication and accounting mode of exec and commands for each line. Please refer to <Configure AAA>.
config-line
Enable the mode function of console interface Configure the timeout of waiting for a user to input the user name and password; 30 seconds by default.
config-line config-line
Note Except the first command, others have their corresponding no commands which are used to cancel the corresponding configurations or recover to the default configurations.
For instance: configure the idle timeout of a telnet user as 5 minutes and the absolute timeout as 20 minutes, login timeout as 60 seconds, right level-14, to execute the command show memory when 5 seconds delayed after logged in and not to exit after the command is executed:
Command switch(config)#line vty 0 2 switch(config-line)#exec-timeout 5 0 switch(config-line)#absolute-timeout 20 switch(config-line)#timeout login respond 60 switch(config-line)#privilege level 14 switch(config-line)#autocommand show memory Description Enter the line configuration mode of telnet user Configure the timeout for idling as 5 minutes Configure the total time permitted for a user configuring as 20 minutes Configure the timeout for user logging in as 60 seconds. Configure the authorized level of a user as 14 Configure to execute the command
Page 43 of 82
show memory automatically after a user logged in successfully Configure to execute the command automatically after 5 seconds delayed and the connection is not disconnected. Configure the password of line as vty To exit the line configuration mode
After configured according to above commands, users should be authorized the following line attributes after telnet logged into the device: Debug information is as follows: (via enable the command debug author exec):
00:34:30: %SYS-5-LOGIN: Telnet(vty0) is entered by client (130.255.136.69) 00:34:30: AUTHOR/EXEC/LINE (3): processing AV priv-lvl=14 00:34:30: AUTHOR/EXEC/LINE (3): processing AV autocmd=show memory 00:34:35: AUTHOR/EXEC/LINE (3): processing AV timeout=1200 00:34:35: AUTHOR/EXEC/LINE (3): processing AV nohangup=TRUE
Execute in the normal user mode (STD) or the privileged user mode (EN). Note By default, the level of the command is 1. So the user whose level is 0 cannot execute the command.
Page 44 of 82
System Tools
Command show
The types of the information can be viewed via the system command show are as follows: The information about the system software and hardware resources The information about the system statistics The information about the system configuration The basic information about the system
Display the information about the system physical and logical devices Display the information about the system network interface Display the information about the system internal host table Display the information about the system ARP table Display the information about the statistic of IP layer (include TCP and UDP) Display the contents configuration file of system startup
Display the information about the versions of the system hardware and software Display the information about system board, SIU, power, and fan.
Take MP2600 as an instance, partial information is displayed as follows: 1. Display the system stack switch#sh stack
Page 45 of 82
NAME tExcTask tLogTask tRlimit tFmmHdle tExcTrace tActive tVlanTask tDmemReapd tIpamTrap tShell0 tMdsp tSysLog tMbufTask tCGTimer tEAps bcmRX7 bcmRX6 bcmRX5 bcmRX4 tFlowCore tNotify tSysTimerH tNetTask tFwdTask tIfMgt tSDEvent bcmDPC bcmL2X.0 bcmCNTR.0 bcmTX 16020 bcmLINK.0 tRtrSched tRtrWdog tKmemReapd tConMSig tSysTask tMSTP tAaaRecv tFlowExpi
ENTRY
TID
SIZE
CUR HIGH MARGIN 288 280 264 248 144 516 356 7468 4636 2884 7444 3760 8000 3768 5036 7736 2840 3756
---------------- -------- -------- ----- ----- ----- -----80255dfc 87fe97e0 7984 8025c440 87fe6a60 4992 802f3838 85e19f20 16368 8020bb6c 87a0a9e0 7984 80206178 85c6ad00 3984 805753d4 85ef0d70 10224 8069ab50 874dfc10 5360 8030cd10 8662e8f0 8176 803573d8 87f06c10 15344 80308680 8677a790 3056 802dcda4 865c1cf0 4080 8062dd74 85c741c0 10224 809aa298 85fdb650 32752 809a9dd0 85fd31f0 32752 809a9908 85fcad90 32752 809a9440 85fc2930 32752 802edb78 85d34c70 8176 803ec568 87efccd0 12272 803a6550 866ab0f0 9984 803a66b4 866a8580 9984 80813100 866914e0 9984 8071d70c 865b6340 10224 80a8dee0 865a3570 16368 80abb020 864d38d0 16368 80a98024 8648fc40 16368 809d3630 86474f00 16368 804c5b0c 874eede0 10224
340 16028
802233f8 85c71560 25584 2864 6076 19508 288 2384 12960 136 168 120 176 176 176 176 144 152 128 96 112 96 144 224 200 136 216 324
200 10024 256 32496 256 32496 256 32496 256 32496 220 280 376 176 192 960 7956 9944 9608 9808 9792 9264
104
180 12092
220 16148 536 15832 676 15692 212 16156 192 348
bcmXGS3AsyncTX
809803c0 860fa980 16368 80434694 85e2e7a0 10224 8042ac38 85e28b20 10224 804babbc 87f92d60 3984 802db208 865b7940 4080 804a5f30 87a124c0 9984 8075cbd4 85ecedf0 20464 802a221c 85e097c0 6128 802e9a2c 85d32810 8176
184 1540 14828 96 96 136 112 136 172 10052 408 396 372 352 508 420 9816 3588 3708 9632 5620 7756
180 20284
Page 46 of 82
tNetBuffer tSysTimerL tTnlFFRcv tGreFastRcv tGTL tIp6tnlTask tTffsPTask tStaticRt tDot1x tPortMon tElmi tTrackMsg tPmtud tTelnetd tTelnetd6 tIcmpErr tArpTask tRtMgt tDhcpSp tIpsg tDai tPortSts tArl tIpubr tPortSec tRtrSla bcmRX3 bcmRX2 bcmRX1 bcmRX0 tFmmDtct tDcacheUpd tTunnel tPortPoll tCGTask INTERRUPT 2.
808224f4 87a1da50 5360 804c5b0c 874f1b40 10224 804d43a4 874c8b80 8176 802ffdd0 866a37c0 12272
4940 9772 8004 5280 5640 1612 5736 5828 9912 5168 9888 9872 9660 9812 9784 9240 7796
236 12036
80300350 8669edf0 8176 1504 2896 802779e8 87fe4cb0 2032 8049b134 8660dcc0 16368 806d6908 85db6de0 6128 806d6908 85da5f60 6128 806d6908 85d09c70 20464 80566c70 865bb7c0 10224 803e13d4 866b2db0 5360 8054c5c4 85c69800 10224 8054c688 85c66b00 10224 803afcf8 874ce060 9984 807fe640 866addf0 9984 804216f8 866235b0 9984 806d6908 85f41df0 10224 806d6908 85f3eb80 8176 806d6908 85f3c520 8176 805c8dac 85ee9860 8176 805c0ae4 85ed5cf0 15344 803aeca4 85ea7e00 9984 806d6908 85daad70 6128 80450ddc 85e2b8e0 10224 809a8f78 85fba4d0 32752 809a8ab0 85fb2070 32752 809a85e8 85fa9c10 32752 809a8120 85fa17b0 32752 8068d468 85e147b0 16368 8023c254 87ed71d0 4992 804d3830 874ca460 5104 8056e1a0 85f35a50 16368 802dc650 865c0890 16368 5008 0 160 224 224 224 208 112 256 272 248 96 120 224 224 224 424 224 280 224 336 176 176 176 176 176 420 392 300 312 192 336 352 324 172 200 984 380 984 824 540 300 412
300 20164
300 15044
628 32124 332 32420 332 32420 488 32264 436 4556
Display the using condition of the system memory switch#show memory SUMMARY ------Type Used bytes
Total bytes
Used
percent ----------------------------------
Page 47 of 82
heap 32.28%
36990832
77589184
2.89% Note:
CODE 19632640 / 19632640 slab 1534292 54496 1588788 fpss 0 4784128 4784128 mbuf 495180 16624824
The space of all such memory types exclude code is part of the heap's used memory,for instance:mbuf,slab,and fpss if exists.
Free bytes
Total bytes
Used
-------------------99052632
-----------134212656
Use the command show memory to set different parameters to realize various functions: show memory FPSS|HEAP|MBUF|SLAB: display the memory using condition of different memory management mechanisms show memory FPSS|MBUF|SLAB _POOLNAME_: display the memory pool using condition of a memory management mechanism show memory detail: display the detailed using condition of the system memory
3.
Page 48 of 82
switch# show pool detail Driver pool Statistics for the network stack mbuf type --------FREE DATA HEADER SOCKET PCB RTABLE HTABLE ATABLE SONAME ZOMBIE SOOPTS FTABLE RIGHTS IFADDR : : : : : : : : : : : : : : 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 : : 0 0
Page 49 of 82
number -----1024 0 0 0
CONTROL : OOBDATA : IPMOPTS : IPMADDR : IFMADDR : MRTABLE : DRV_SCC : DRV_8SA : DRV_8S : DRV_16A : DRV_4M336: DRVEXTSCC: DRV_QMC : E1 CE1 CPOS POS : :
MCC M128 ASYNC FEC FPSS ISDN RS8234 FCC NDSP FR PPP LABP X25 SNA ADSL PWI MASC LLC2 ATM LINK MDOT IPSEC IGMP RTSOCK ARP TEST PKTGEN TOTAL :
: : : : : : : : :
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ENCRYPT :
: : : : : : : : : : : : : : : : : :
0 0 0 0 0 0 0 0 1024
MPLSINFO :
number of mbufs: 1024 number of times failed to find space: 0 number of times waited for space: 0 number of times drained protocols for space: 0 __________________ CLUSTER POOL TABLE
Page 50 of 82
_____________________________________________________ __________________________ size clusters free usage -----------------------------------------------------------------------------1884 1024 1024 0 -----------------------------------------------------------------------------Size: 2078720 bytes Data pool Statistics for the network stack mbuf type --------FREE DATA HEADER SOCKET PCB RTABLE HTABLE ATABLE SONAME ZOMBIE SOOPTS FTABLE RIGHTS IFADDR : : : : : : : : : : : : : : 7 0 0 0 0 0 0 0 0 3 0 0 0 1 0 0 0 0 0
Page 51 of 82
number -----41823 0 0 5
DRV_16A : DRV_4M336: DRVEXTSCC: DRV_QMC : E1 CE1 CPOS POS MCC M128 ASYNC FEC FPSS ISDN RS8234 FCC NDSP FR PPP LABP X25 SNA ADSL PWI MASC LLC2 ATM LINK MDOT IPSEC IGMP RTSOCK ARP TEST PKTGEN : : : : : : : : : : 0 0 : : : : : : : : : : 0 0 0 0 0 0 0 0 0 0 0 0 : : : : 0 0 : : : : : : : 0 0 0 0 0 0 0 0 0
0 0 0 0
ENCRYPT :
0 0
MPLSINFO : 0 1
0
Page 52 of 82
TOTAL
41840
number of mbufs: 41840 number of times failed to find space: 0 number of times waited for space: 0 number of times drained protocols for space: 0 __________________ CLUSTER POOL TABLE _____________________________________________________ __________________________ size clusters free usage -----------------------------------------------------------------------------64 128 256 512 1024 2048 10000 24000 5024 3000 360 480 9997 23996 5019 2995 360 480 3 43 5 12 0 0
-----------------------------------------------------------------------------Size: 13914880 bytes unregistered pool Statistics for the network stack mbuf type --------FREE DATA HEADER SOCKET PCB RTABLE HTABLE ATABLE SONAME ZOMBIE SOOPTS : : : : : : : : : : : 0 0 0 0 0 0 0
Page 53 of 82
number -----512 0 0 0
: : :
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
CONTROL : OOBDATA : IPMOPTS : IPMADDR : IFMADDR : MRTABLE : DRV_SCC : DRV_8SA : DRV_8S : DRV_16A : DRV_4M336: DRVEXTSCC: DRV_QMC : E1 CE1 CPOS POS MCC M128 ASYNC FEC FPSS ISDN RS8234 FCC NDSP FR PPP LABP X25 SNA ADSL PWI : : : : : : : : : 0 0 0 0 0 0 0 : : : : 0 0 : : : : : : : 0 0 0
0 0 0 0 0
ENCRYPT :
0 0
Page 54 of 82
MASC LLC2 ATM LINK MDOT IPSEC IGMP RTSOCK ARP TEST PKTGEN TOTAL : :
: : : : : : :
0 0 0 0 0 0 0 0 0 0 0
MPLSINFO :
: : :
0 512
number of mbufs: 512 number of times failed to find space: 0 number of times waited for space: 0 number of times drained protocols for space: 0 __________________ CLUSTER POOL TABLE _____________________________________________________ __________________________ size clusters free usage -----------------------------------------------------------------------------2048 512 448 64 -----------------------------------------------------------------------------Size: 1126404 bytes All MBUF pool size : 17120004 bytes
4.
Display the information about the system device switch#show device drv name 0 /null 1 /tyCo/0 1 /tyCo/1 3 /flash 3 /flash1
Page 55 of 82
1 2 3 3 3 3 3 3 2
5.
Display the information about the status of all system portss switch#show port port 0/0 configuration information Description : Status : Enabled Link : Down Set Speed : Auto Act Speed : Unkown Set Duplex : Auto Act Duplex : Unkown Set Flow Control : Off Act Flow Control : Off Mdix : Auto Mtu : 1728 Link Delay :0 Storm Control : Unicast Disabled Storm Control : Broadcast Disabled Storm Control : Multicast Disabled Storm Action : None Port Type : Nni Pvid :1
6.
Display the information about the system version (The system information varies with the platform) switch#show version MyPower (R) Operating System Software
MyPower S6800 system image file (dc0: sphb-g-6.1.0(sw100).pck), version 6.1.0(sw-100)(integrity), Compiled on May 18 2009, 17:24:37 Copyright (C) 2009 Maipu Communication Technology Co., Ltd. All Rights Reserved. System ID : 000000010002 Hardware Model : SM68A-MPUBH with 512 MBytes DDR SDRAM, 128 MBytes flash Hardware Version : 0ff(Hotswap Supported) MPU CPLD Version : 101 Backplane Version : 0ff(Hotswap Supported)
Page 56 of 82
Monitor Version : 1.29 Software Version : 6.1.0(sw-100)(integrity) Software Image File : dc0: sphb-g-6.1.0(sw-100).pck Compiled : May 18 2009, 17:24:37
System Uptime is 0 hour 28 minutes 37 seconds
Display the information about equipment board, SIU, power, and fan. In the equipment, run the show system command to display the running status of system board, SIU, power, and fan. The example of the command is as follows:
switch#show system chassis System Chassis Information (ONLINE) ---------------------------------------------------------------Device ID: 021e Vender ID: 0001 Serial No.: 0023456789012345 Chassis-MAC-Group-0: 000000010002 000000010003 000000010004 000000010005 000000010006 Chassis-MAC-Group-1: 000000010007 000000010008 000000010009 000000000000 000000000000 SPD -On-Card-Information: <1 SPDs> SPD-TYPE Vendor: (0x1) (MAIPU) Device:(0x21e MOD_SM6800_08BB) id:0x00 phid:0x00 type:0x02 SPD Version: (01 ) SPD Size: (01 ) Vendor ID: (01 ) Device ID: (02 1e ) Hardware Version: (01 ) Hardware Serial Number: (30 30 32 33 34 35 36 37 38 39 30 31 32 33 34 35 ) Power Message: (00 00 ) ---------------------------------------------------------------STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR switch#show system mpu System Card Information(Mpu 0 - ONLINE) ---------------------------------------------------------------Maipu Confidential & Proprietary Information Page 57 of 82
Type: SM68A-MPUBH[0x25832001] Status: Start Ok Last-Alarm: Normal Card-Port-Num: 0 Card-SubSlot-Num: 1 Power-INTF-Status: Normal Power-Card-Status: On Serial No.: 0123456789012345 Card-Name: SM68A-MPUBH Description: Power-RT-Infomation: Voltage-In: 5.01 V Hardware-Information: HW-State: 0 PCB-Version: 1 CPLD-Version: 003 Software-Information: Monitor-Version: 1.22 Software-Version: 6.1.0(sw-88)(integrity) Temperature-Information: Temperature-State: Temperature = 59.C Last-Alarm = Normal. CPU-On-Card-Information: < 1 CPUs> CPU-Idx: 00 Status: Normal Core-Num: 0002 Core-State: Core-Idx-00 Core-Status: 0000 Core-Utilization: 0% Core-Idx-01 Core-Status: 0000 Core-Utilization: 0% Temperature: Temperature-State: Temperature = 86.C Last-Alarm = Normal. MEM-On-Card-Information: <1 MEMs> MEM-Idx: 00 MEM-State: BytesFree = 307309156 bytes BytesAlloc = 193290780 bytes BlocksFree = 16 blocks BlocksAlloc = 10502 blocks MaxBlockSizeFree = 102760448 bytes SizeTotal = 500599936 bytes DISK-On-Card-Information:
Maipu Confidential & Proprietary Information Page 58 of 82
DISK-Idx: 00 Type: Flash Status: Online DISK-State: SizeTotal = 65007616 bytes SizeFree = 64065536 bytes CMM-Information: Hardware-Type: 0000 Monitor-Version: 1.0.9 Software-Version: 2.0.40 ---------------------------------------------------------------STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR
System Card Information(Mpu 1 - ONLINE) ---------------------------------------------------------------Type: SM68A-MPUBH[0x25832001] Status: Start Ok Last-Alarm: Normal Card-Port-Num: 0 Card-SubSlot-Num: 1 Power-INTF-Status: Normal Power-Card-Status: On Serial No.: 0923456789012345 Card-Name: SM68A-MPUBH Description: Power-RT-Infomation: Voltage-In: 5.19 V Hardware-Information: HW-State: 0 PCB-Version: 1 CPLD-Version: 003 Software-Information: Monitor-Version: 1.18 Software-Version: 6.1.0(sw-88)(integrity) Temperature-Information: Temperature-State: Temperature = 63.C Last-Alarm = Normal. CPU-On-Card-Information: < 1 CPUs> CPU-Idx: 00 Status: Normal Core-Num: 0002 Core-State: Core-Idx-00 Core-Status: 0000 Core-Utilization: 57% Core-Idx-01
Maipu Confidential & Proprietary Information Page 59 of 82
Core-Status: 0000 Core-Utilization: 0% Temperature: Temperature-State: Temperature = 93.C Last-Alarm = Abnormal. MEM-On-Card-Information: <1 MEMs> MEM-Idx: 00 MEM-State: BytesFree = 301748820 bytes BytesAlloc = 198851116 bytes BlocksFree = 19 blocks BlocksAlloc = 10603 blocks MaxBlockSizeFree = 102760448 bytes SizeTotal = 500599936 bytes DISK-On-Card-Information: DISK-Idx: 00 Type: Flash Status: Online DISK-State: SizeTotal = 65007616 bytes SizeFree = 13488128 bytes CMM-Information: Hardware-Type: 0000 Monitor-Version: 1.0.10 Software-Version: 2.0.40 ---------------------------------------------------------------STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR switch# show system lpu System Card Information(Lpu 0 - OFFLINE) ---------------------------------------------------------------STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR
System Card Information(Lpu 2 - ONLINE) ---------------------------------------------------------------Type: SM68A-48GETH[0x25814030] Status: Start Ok Last-Alarm: Normal Card-Port-Num: 48 Card-SubSlot-Num: 0 Power-INTF-Status: Normal Power-Card-Status: On
Maipu Confidential & Proprietary Information Page 60 of 82
Power-Card-Need: 0w Serial No.: 0123456789012345 Card-Name: SM68A-48GETH Description: Power-RT-Infomation: Voltage-In: 5.04 V Hardware-Information: HW-State: 0 PCB-Version: 0 CPLD-Version: 003 Software-Information: Monitor-Version: 1.10 Temperature-Information: Temperature-State: Temperature = 67.C Last-Alarm = Normal. CPU-On-Card-Information: < 1 CPUs> CPU-Idx: 00 Status: Normal Core-Num: 0001 Core-State: Core-Idx-00 Core-Status: 0000 Core-Utilization: 2% Temperature: Temperature-State: Temperature = 106.C Last-Alarm = Normal. MEM-On-Card-Information: <1 MEMs> MEM-Idx: 00 MEM-State: BytesFree = 409182096 bytes BytesAlloc = 124661936 bytes BlocksFree = 21 blocks BlocksAlloc = 6577 blocks MaxBlockSizeFree = 132120576 bytes SizeTotal = 533844032 bytes CMM-Information: Hardware-Type: 0000 Monitor-Version: 1.0.10 Software-Version: 2.0.35 ---------------------------------------------------------------STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR
switch#show system fan System FAN Information(Fan 0 - ONLINE) ---------------------------------------------------------------Status: Normal Last-Alarm: Normal Serial No.: Description: Fan-RT-Information: Fan-online: group0: [ fan0:on fan1: on fan2: on ] speed level:0 group1: [ fan0:on fan1:on fan2:on ] speed level:0 group2: [ fan0: on fan1: on fan2: on ] speed level:7 group3: [ fan0: on fan1: on fan2: on ] speed level:7 SPD -On-Card-Information: <1 SPDs> SPD-TYPE Vendor: (0x0) (NOT DEFINED) Device:(0x0 UNDEFINED) id:0x00 phid:0x00 type:0x04 ---------------------------------------------------------------STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR
switch#show system siu System SIU Information(Siu - ONLINE) ---------------------------------------------------------------Status: Online Last-Alarm: Normal
Maipu Confidential & Proprietary Information Page 62 of 82
Serial No.: 0123456789012345 Description: Hardware-Information: PCB-Version: 00 CMM-Information: Hardware-Type: 0000 Monitor-Version: 1.0.10 Software-Version: 2.0.47 ---------------------------------------------------------------STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR
RH02-ME#show system power System Power Information(total:735w idle:465w) System Power Information(Power 0 - OFFLINE) ---------------------------------------------------------------STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR
System Power Information(Power 7 - ONLINE) ---------------------------------------------------------------Status: Online Last-Alarm: Normal rate-power: 600w Description: ---------------------------------------------------------------STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR
switch#
Note The show system command can set different parameters to display the running status of the corresponding components: show system mpu {local | peer}: display the running status of local or opposite-peer MPU card show system sfu|lpu <0~x>: LPU cards show system siu: components show system power <0~x>: components sshow system fan <0~x>: components Display the running status of SFU and Display the running status of SIU Display the running status of power Display the running status of fan
Protocol Debugging
The system provides debugging switches for various protocols. The following instance briefly explains the enabling and disabling of the debugging switch: 1. Enable the protocol debugging switch
Page 64 of 82
switch#debug ip packet access-list For detailed introduction of the protocol debugging switch, please refer to related chapters.
2.
In order to disable the protocol debugging switch, users only need to add a command word no before the command used to enable the related switch; or use the command no debug all to disable all debug switches.
logging color { alerts|critical | debugging | emergencies | errors|informational | notifications | warnings} [blue | brown | cyan | green | purple | red | white] logging buffer
config
Enable recording log messages in the memory buffer. The corresponding command no logging buffer can be executed to disable the function Configure the log message selected according to the severity level and needs to be recorded in the memory buffer Enable output the log message to the console. The corresponding command no logging console can be executed to disable the function Configure the log messages selected according to the severity level and
config
logging buffer {<0-7> | alerts | critical | debugging | emergencies | errors | informational | notifications | warnings} logging console
config
config
config
Page 65 of 82
Enable saving the log messages in the flash file system with file format. The corresponding command no logging file can be executed to disable the function max-size <4096| | | | Configure the size of the log file in the flash file system Configure the log messages selected according to the severity level and need to be recorded to the log file
config
config config
logging file {<0-7> | alerts critical | debugging emergencies | errors informational | notifications warnings} logging trap
Enable sending the log message to the specified log sever. The command no logging trap can be used to disable the function Configure the host name or IP address and VRF name of the log sever and the severity level of the log messages sent to the log sever
config
logging {hostname|A.B.C.D} [vrf vrf-name] {<0-7> | alerts | critical | debugging | emergencies | errors | informational | notifications | warnings} logging source-ip A.B.C.D
config
Configure the source address used for connecting the log severs Configure to send all operation records to the log sever Enable output the log messages to terminal. The corresponding command no logging monitor can be executed to disable the function. | | | | Configure the log message selected according to the severity level and needs to be displayed on the terminal Configure the type of the log messages sent to the log sever belongs. By default, the type is local7.
config
config config
logging monitor {<0-7> alerts | critical | debugging emergencies | errors informational | notifications warnings}
config
logging facility {auth | cron | daemon | kern | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | sys10 | sys11 | sys12 | sys13 | sys14 | sys9 | syslog | user | uucp} service timestamps log [datetime [localtime/ msec/ show-timezone]| uptime] service taskname log clear logging [buffer|file] show logging [file|buffer]
config
Configure the options of log message header: date, time zone, local time and whether to display millisecond etc. Configure to add the task name in the log message header To clear the log contents of memory and flash file Display the log contents of memory
config
Page 66 of 82
The log messages are graded from level 0 to level 7 according to the severity levels. Level 0 means the message level is the most severe. By default, level 0 -7 are all printed to the console interface and the telnet terminal; level 0-5 are written into the memory file; level 0-2 are written into the flash file; level 0-5 are sent to the log server.
Meanwhile, ranges for modifying command level are provided. The related commands are: logging console level, logging monitor level, logging buffer level, logging file level, logging ip-address level. If a level is configured as level, which means the level range of it is from 0 to level. In the global configuration mode: switch(config)#logging file ? <0-7> Logging severity level alerts Immediate action needed (severity=1) critical Critical conditions (severity=2) debugging Debugging messages (severity=7) emergencies System is unusable (severity=0) errors Error conditions (severity=3) informational Informational messages (severity=6) max-size Set max-size parameters notifications Normal but significant conditions (severity=5) warnings Warning conditions (severity=4) <CR>
Page 67 of 82
config
config
config
spy cpu
enable
no spy cpu
enable
monitor cpu
enable
no monitor cpu
enable
enable enable
Instance: In the privileged user mode, use the command spy cpu at first to monitor the CPU using condition of each task, and then use the command show cpu to display the CPU using condition of each task. switch#spy cpu switch#show cpu
Page 68 of 82
switch#show cpu System monitor result: NAME ENTRY TID PRI total % (ticks) delta % (ticks) ------------------- --- --------------- --------------tExcTask 87fe97e0 0 0% ( 0) 0% ( 0) tLogTask 87fe6a60 0 0% ( 0) 0% ( 0) tRlimit 879eb100 5 0% ( 0) 0% ( 0) tFmmHdle 85e19f20 8 0% ( 0) 0% ( 0) tExcTrace 87a0a9e0 10 0% ( 0) 0% ( 0) tActive 85c6ad00 10 0% ( 0) 0% ( 0) tVlanTask 85ef0d70 19 0% ( 0) 0% ( 0) tDmemReapd 87f91140 20 0% ( 0) 0% ( 0) tIpamTrap 874dfc10 20 0% ( 0) 0% ( 0) tShell0 85c71560 20 3% ( 1) 3% ( 1) tMdsp 8662e8f0 35 0% ( 0) 0% ( 0) tSysLog 87f06c10 40 0% ( 0) 0% ( 0) tMbufTask 8677a790 40 0% ( 0) 0% ( 0) tCGTimer 865c1cf0 40 6% ( 2) 6% ( 2) tEAps 85c741c0 40 0% ( 0) 0% ( 0) bcmRX7 85fdb650 42 0% ( 0) 0% ( 0) bcmRX6 85fd31f0 42 0% ( 0) 0% ( 0) bcmRX5 85fcad90 43 3% ( 1) 3% ( 1) bcmRX4 85fc2930 44 0% ( 0) 0% ( 0) tFlowCore 85d34c70 45 0% ( 0) 0% ( 0) tNotify 87efccd0 50 0% ( 0) 0% ( 0) tSysTimerH 874eede0 50 0% ( 0) 0% ( 0) tNetTask 866ab0f0 50 3% ( 1) 3% ( 1) tFwdTask 866a8580 50 0% ( 0) 0% ( 0) tIfMgt 866914e0 50 0% ( 0) 0% ( 0) tSDEvent 865b6340 50 0% ( 0) 0% ( 0) bcmDPC 865a3570 50 0% ( 0) 0% ( 0) bcmL2X.0 864d38d0 50 3% ( 1) 3% ( 1) bcmCNTR.0 8648fc40 50 0% ( 0) 0% ( 0) bcmTX 86474f00 50 0% ( 0) 0% ( 0) bcmXGS3Async 86470a20 50 0% ( 0) 0% ( 0) bcmLINK.0 860fa980 50 0% ( 0) 0% ( 0) tRtrSched 85e2e7a0 50 0% ( 0) 0% ( 0) tRtrWdog 85e28b20 50 0% ( 0) 0% ( 0) tKmemReapd 87f92d60 55 0% ( 0) 0% ( 0) tConMSig 865b7940 55 0% ( 0) 0% ( 0) tSysTask 87a124c0 60 0% ( 0) 0% ( 0) tMSTP 85ecedf0 75 0% ( 0) 0% ( 0) tAaaRecv 85e097c0 80 0% ( 0) 0% ( 0) tFlowExpi 85d32810 80 0% ( 0) 0% ( 0) tNetBuffer 87a1da50 90 0% ( 0) 0% ( 0) tSysTimerL 874f1b40 90 0% ( 0) 0% ( 0) tTnlFFRcv 874c8b80 90 0% ( 0) 0% ( 0) tGreFastRcv 866a37c0 90 0% ( 0) 0% ( 0) tGTL 8669edf0 90 0% ( 0) 0% ( 0) tIp6tnlTask 8669a330 90 0% ( 0) 0% ( 0) tTffsPTask 87fe4cb0 100 0% ( 0) 0% ( 0) tStaticRt 8660dcc0 100 0% ( 0) 0% ( 0) tDot1x 85db6de0 100 0% ( 0) 0% ( 0)
Maipu Confidential & Proprietary Information Page 69 of 82
tPortMon 85da5f60 tElmi 85d09c70 tTrackMsg 865bb7c0 tPmtud 866b2db0 tTelnetd 85c69800 tTelnetd6 85c66b00 tIcmpErr 874ce060 tArpTask 866addf0 tRtMgt 866235b0 tDhcpSp 85f41df0 tIpsg 85f3eb80 tDai 85f3c520 tPortSts 85ee9860 tArl 85ed5cf0 tIpubr 85ea7e00 tPortSec 85daad70 tRtrSla 85e2b8e0 bcmRX3 85fba4d0 bcmRX2 85fb2070 bcmRX1 85fa9c10 bcmRX0 85fa17b0 tFmmDtct 85e147b0 tDcacheUpd 87ed71d0 tTunnel 874ca460 tPortPoll 85f35a50 tCGTask 865c0890 KERNEL INTERRUPT IDLE TOTAL
100 0% ( 0) 0% ( 0) 100 0% ( 0) 0% ( 0) 110 0% ( 0) 0% ( 0) 120 0% ( 0) 0% ( 0) 120 0% ( 0) 0% ( 0) 120 0% ( 0) 0% ( 0) 150 0% ( 0) 0% ( 0) 150 0% ( 0) 0% ( 0) 150 0% ( 0) 0% ( 0) 150 0% ( 0) 0% ( 0) 150 0% ( 0) 0% ( 0) 150 0% ( 0) 0% ( 0) 150 0% ( 0) 0% ( 0) 150 0% ( 0) 0% ( 0) 150 0% ( 0) 0% ( 0) 150 0% ( 0) 0% ( 0) 200 0% ( 0) 0% ( 0) 204 0% ( 0) 0% ( 0) 205 0% ( 0) 0% ( 0) 206 0% ( 0) 0% ( 0) 207 0% ( 0) 0% ( 0) 220 0% ( 0) 0% ( 0) 250 0% ( 0) 0% ( 0) 250 0% ( 0) 0% ( 0) 250 0% ( 0) 0% ( 0) 251 0% ( 0) 0% ( 0) 0% ( 0) 0% ( 0) 0% ( 0) 0% ( 0) 79% ( 23) 79% ( 23) 97% ( 29) 97% ( 29)
In the privileged user mode, use the command monitor cpu at first to monitor the using condition of the CPU in a period, and then use show cpu monitor to display the using condition of the CPU in a period. switch#monitor cpu switch#show cpu monitor CPU utilization for five seconds: 2%; one minute: 1%; five minutes: 1%
Page 70 of 82
1% 1% 1% 1% 1% 2% - - - - - - -
1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% - - - - - - - - - - - - - - - - - - -
1% 1% 2%
1% 1% 1% 1% - -
The above three data tables respectively display the cpu operating condition of each second in the past 60 seconds, each minutes in the past 60 minutes and each quarter in the past 96 quarters. (-means the moment has not come).
Note When enable monitoring the operating condition of cpu, the task tCheckCpu collects the cup data ceaselessly (by default, the interval is 2 second) which occupies some resources of cpu, therefore if it is unnecessary to diagnose the CUP utilization of each task, you should better not enable the switch.
Page 71 of 82
2. 3.
Return to the earlier configuration: Restore the configuration to the environment of the previous operation. Restore the rescue configuration: If the rescue configuration file (the file is the verified most stable and reliable configuration) is saved, with the rescue configuration, any personnel on site (even if without any technical background) can perform fast and safe rescue configuration rollback. It is used in case of emergency.
enable
write [rescue]
enable
rollbackconfirmed
enable
Display the rollback files. Number means the ID of the configuration file to be displayed. The configuration file number is based on the generated configuration files that are automatically displayed. If the sequence number is not specified, the current startup file is displayed by default. Rescue: Display the content of the rescue configuration. confirmed-status: display the confirm status of the rollback, whether the rollback is to be confirmed. auto-rollbackfile: in the rollback confirmed status, the script files of the automatic rollback configuration.
enable
Note
Page 72 of 82
1. 2.
MyPower S6800 does not support the function. Other switches support the function. The interface becomes up/down. The current operation of the rollback is to clear the current script and then configure the configuration file to be rolled back. Owing to the operation of clearing the current configuration, the interface and the dynamic route neighbor become up/down. Be cautious about the risk. For example, if the operation is conducted in telnet, the telnet is temporarily disconnected after the configuration is cleared. If the new configuration changes the interface address, telnet remains disconnected.
Configure the service shell-history command to save the operation records to the flash. After the equipment is powered off and restarted, you can also view the operation records before the restart. You can use the show history command to view the records.
For example:
JAN/01/1970 00:03:46(tty0)[] enable (First Command) JAN/01/1970 00:03:49(tty0)[] write JAN/01/1970 00:03:50(tty0)[] y JAN/01/1970 00:03:57(tty0)[] filesystem JAN/01/1970 00:34:24(tty0)[] copy running-config startup-config JAN/01/1970 00:34:34(tty0)[] end JAN/01/1970 00:42:11(tty0)[] configure terminal JAN/01/1970 01:05:58(tty0)[] delete startup-config JAN/01/1970 01:06:14(tty0)[] show history
Page 73 of 82
JAN/01/1970 01:07:38(tty0)[] configure terminal JAN/01/1970 01:07:42(tty0)[] interface loopback0 JAN/01/1970 01:07:43(tty0)[] exit JAN/01/1970 01:07:48(tty0)[] router ospf 1 JAN/01/1970 01:07:55(tty0)[] network 10.10.10.0 0.0.0.255 area 0 JAN/01/1970 01:07:56(tty0)[] end JAN/01/1970 01:07:58(tty0)[] show history
Note By default, the operation records are saved in the memory file. The function of saving operation records to flash file is disabled by default.
In addition, expanded output function is provided, that is, filter the displayed content, or output the content to other media. For example, you can filter the displayed content according to the specified character string, save displayed content to other files, or FTP the content to the FTP server.
enable
Page 74 of 82
24 lines by default. And the range is 5-50 lines. If the number of characters in a line is greater than 80, the line is regarded as two lines. Help is to show the usage of the keys of more function. The expanded subcommand is registered to the back of the display command in each module. | Identification character of more expanding sub command. begin _LINE_ Display from the specified character string. Include [context] _LINE_ Display only the content containing the specified character string, and the context, to display the context of the specified content. exclude _LINE_ Exclude the contents of specified character string. redirect file filename Copy the displayed contents to the specified file (filename). redirect ftp [vrf vrf-name]
_LINE_ | include [context] _LINE_ | exclude _LINE_ | filename | ftp [vrf vrf-name] host usr password filename } }
redirect {file
| {begin
enable
Transmit the displayed contents to the ftp server via the FTP
Note The more command is registered by the display command of each module, serving as the sub command of the display command in each module. Presently, only some of the display commands in modules are registered with more expanded sub command.
Meanwhile MP switches provide the commands of the telnet client. In the common user mode and the privileged user mode, users can execute the following command to telnet to a device.
Page 75 of 82
SSH
MP switches provide a much more secure remote login service-SSH service (service port 22). It permits that at most 16 users can SSH login at the same time. Users can configure the attributes of the ssh login via the command line ssh-vty.
Control Temperature
MPUs of MyPower S6800, and MyPower S3900 provide the temperature alarm and system control functions.
Page 76 of 82
temperature
Configure the threshold of temperature alarm in MPU, SFU, and LPU card.
config
shieldTime
Note: The parameters of shielding system alarm are saved in the cabinet, and they are not related with configuration files. Therefore, you need to run the following command:
Page 77 of 82
Procedure
The SIU has three buttons including left, right, and confirm. The SIU provides two modes for displaying information: idle mode and menu mode. In the idle mode, display important system information circularly. In the menu mode, query system information through the buttons in the SIU. In the idle mode, press any button to enter the menu mode. In the menu mode, if no button is pressed in 30 seconds, the system is back to the idle mode automatically.
Note After the button is pressed, the background light is on for 10 seconds. If no another pressing action, the light turns off.
View Information
Idle Mo de
In the idle mode, the system information is displayed circularly in specific sequence. In the process of display, the information is refreshed every 2 seconds. According to the importance of the information, the time of displaying the information is different.
Name
Displayed Content (MPU is not working) MPUxx is not used. ( MPU is in position and working)
MPU information
Master/slave mode of MPU CPU utilization of MPU CPU kernel temperature value and temperature status of MPU Card temperature value and temperature status of MPU (LPU is in position and can be identified) LPUxx type LPUxx registration status LPUxxCPU utilization LPUxxCPU kernel temperature value and temperature status LPUxx card temperature value and temperature status
LPU information
(SFU is in position and can be identified) LPUxx type SFUxx registration status SFUxxCPU utilization SFU information SFUxxCPU kernel temperature value and temperature status SFUxx card temperature value and temperature status
Fan frame xx Status of fan frame xx Power module xx status Switch type Company address Company website Contact phone number
Regular information
Note If the information cannot be displayed in a page, the system displays the information in multiple pages.
Menu Mode
In the menu mode, you can select the content to be displayed through the buttons. In the process of display, the information is refreshed every 2
Page 79 of 82
seconds. If the system detects that the menu does not exist during the refresh, the system returns to an existing menu.
Page 80 of 82
CPU kernel temperature value and temperature status LPU card temperature value and temperature status Memory size Memory utilization Flash size Flash utilization (No SFU) SFU list There is no SFU information (SFU exists) SFU list SFU registration status Input voltage Serial number Hardware version CPLD version CMM version SFU information CPU utilization CPU kernel temperature value and temperature status SFU card temperature value and temperature status Memory size Memory utilization Flash size Flash utilization SIU registration status SIU information Serial number Hardware version CMM version (No fan frame) Fan frame list There is no fan frame (There is fan frame) Fan frame list Status frame of fan Status of fan Fan work status (No power module) There is no power module Power list module (There is power module) List the power modules Power module status Work status of power module (No alarm information) Alarm information There is no alarm information (There is alarm information) All alarm information Regular information Equipment Type Company address Level 2 menu Level 2 menu Level 2 menu Level 3 menu Level 2 menu Level 2 menu Level 3 menu Level 2 menu
Page 81 of 82
Note In the menu mode, if any menu is available, you can roll the menu circularly. If no menu is available, and only data is displayed, you cannot roll menu circularly.
When the SIU module receives the alarm information, it stops the current displayed content and then display the alarm information circularly until all alarm information is displayed.
Note When the real-time information is displayed, the last line of the displayed content is covered.
Page 82 of 82