Management & Configuration

AT 8000S

Marvell Confidential

Agenda
AT - 8000S CLI
CLI structure Displaying System Information File Management

AT - 8000S Telnet AT - 8000S Web Server (EWS) AT - 8000S SNMP AT - 8000S Secure Management

Marvell Confidential

Configuration and Management Tools

There are several option to connect and manage the AT - 8000S devices:
CLI Telnet EWS SNMP

Device can be managed:

Either using a local terminal via the serial port of the device Or remotely via a management station on the network (using telnet; EWS or SNMP)

Marvell Confidential

AT - 8000S CLI

Marvell Confidential

AT - 8000S CLI
The Command-Line Interface (CLI or LCLI) on the AT 8000S device is used to control and define the devices parameters and configuration. The CLI is hierarchically and modularly structured. This way the user has better control and insight into the various commands and levels of configuration The CLI module is Pyramid shaped in which command interfaces start from the more general configuration/ commands and go down to the more specific ones. To achieve this, the commands are divided into several command blocks (or command modes). Each command mode has its own set of specific commands. The available commands depend on the mode.

Marvell Confidential

Command Modes
Example of command modes: EXEC; Global Configuration; Ethernet interface; Port channel interface; VLAN database etc Example of the mode access sequence:
User EXEC Mode; Privileged EXEC Mode, Global Configuration Mode, Interface Configuration Mode.

Marvell Confidential

Command Modes access

To enter a certain Command Mode user must use a specific command or command line. To exit a certain command mode user can either type exit or press the CTRL+Z. To exit the configuration mode completely type end.

Marvell Confidential

Command Modes Command View

Each mode will allow user to enter only commands relevant for that mode. Typing ? in each mode will list all the commands relevant for that mode. Due to the pyramid structure of the CLI, user may have to move up the pyramid and then down again to navigate from one context to another unrelated context. AT - 8000S devices support the do command which enables user to enter EXEC mode commands from any configuration mode
Relevant mostly for show commands to check configuration on the fly.

Marvell Confidential

Command Mode Access Path

EXEC User Mode
Commands: ping; enable; clear; show (limited); Prompt: console>

enable EXEC Privileged Mode

Commands: disable; show (extended); copy; delete; reload; boot; Prompt: console#

configure Global Configuration Mode

Commands: aaa; bridge; interface; vlan; lacp Prompt: console(config)#
Marvell Confidential

User Interfaces Example

console> ? clear Reset functions disable Disable privileged commands dot1x 802.1x EXEC commands enable Enable privileged commands .. console> enable console# configure console(config)# interface ethernet 1/e1 console(config-if)# exit console(config)# interface ethernet 1/e1 console(config-if)# end console#

Marvell Confidential

CLI - Command Help

At any stage of the command, user can type the ? key and device will display the list of parameters or keywords the user can enter next. If error message is received this is an indication that user entered an invalid keyword or parameter console(config)# interface ethernet IEEE 802.3 Ethernet port port-channel IEEE 802.3 Link Aggregation interface range Select range of interfaces to configure vlan Configure an IEEE 802.1 VLAN console(config)# interface lala % Unrecognized command

Marvell Confidential

CLI - Command Completion

User can use the tab key to complete keywords. If a keyword is unique it is enough to type in the first letters of the keyword instead of typing in the full word. console(config)# inter [tab] console(config)# interface

Marvell Confidential

CLI do Command
The do command Allows the user to use User EXEC mode from any configuration mode context Useful to check device setting while performing configuration

Marvell Confidential

CLI do Command
console# show vlan tag 2 Vlan Name Ports Type Authorization ---- ----------------- --------------------------- ------------ ------------2 2 permanent Required console# con console(config)# interface ethernet 1/e1 console(config-if)# switchport access vlan 2 console(config-if)# show vlan tag 2

% Unrecognized command console(config-if)# do show vlan tag 2

Vlan Name Ports Type Authorization ---- ----------------- --------------------------- ------------ ------------2 2 1/e1 permanent Required console(config-if)#

Marvell Confidential

CLI Cut & Paste

AT - 8000S devices Support copy / paste of text files. The number of lines, which can be copied into the CLI, is 1000. The feature is implemented as support for fast data entry. Commands in the configuration file are entered in configuration mode.

Marvell Confidential

AT - 8000S Displaying System Information

Marvell Confidential

Display the system information

Use the following EXEC Mode command to display system information: show system
console# show system System Description: Ethernet Switch System Up Time (days,hour:min:sec): 0,00:03:30 System Contact: System Name: System Location: System MAC Address: 00:00:b0:00:00:00 System Object ID: Main Power Supply Status: 1.3.6.1.4.1.89.1.1.3955.. OK

Sensor Temperature (Celsius) Status ------------------------ ------------------------ ------------------------

Marvell Confidential

File Management

Marvell Confidential

The Flash
The file system supports dynamic creation and deletion of files. All the files are stored in the device flash memory All access to the flash will be done through the file system interface The flash is divided to two major sections: static and dynamic

Marvell Confidential

Software images
There are two images that stored in the flash memory, the files are called image-1 and image-2. Only one image is used during boot, the user can choose the image that will be used by the command:

Boot system image {number} To check what is the active image use the command: Show bootvar

console# show bootvar Images currently available on the FLASH image-1 active (selected for next boot) image-2 not active
Marvell Confidential

The Flash
The static section includes the booton & boot sectors. This sections is invisible to the file system. However, the boot code will allow the file system to use its resources when decompressing the application image file The dynamic section will include the rest of the flash:
2 image files all other files defined by core module. This section is fully controlled by the file system (syslog, configuration files etc)

Marvell Confidential

Configuration Files
AT - 8000S supports 3 types of configuration files. Running configuration file the active configuration, stored in the RAM. Startup configuration file kept in the flash. Used whenever the system reboots. Backup configuration file.

Factory default configuration - if no configuration file is available upon the system boot, this is the default settings of the system These default setting will not appear when using the show running or show startup commands Marvell Confidential

Copying a File Basic Command

Use the following EXEC mode command format to copy a file from a source to a destination: copy source-url destination-url The source and destination url parameter can be a valid url or reserved keyword (like boot, image, unit, startup-config, running config etc)

Marvell Confidential

Copy Command - Source Options (1)

Keyword Running-config Source Copy from the current running configuration file - Only to another configuration file, or to a TFTP server. Example: #copy running-config startup-config Copy from the startup configuration file only to another configuration file, or to a TFTP server. Example: #copy startup-config tftp://10.0.0.2/saved_cfg Copy from the active software image file to a TFTP server. Examples: #copy image tftp://10.0.0.6/saved-image Copy from the devices BOOT file - Only to a TFTP server Examples: #copy boot tftp://10.0.0.6/saved-boot-image

Startup-config

Image

Boot

Marvell Confidential

Copy Command - Source Options (2)

Keyword Tftp://

Source Source URL (tftp://ip address/filename) for a file on a TFTP network server from which to download (configuration, image or boot file) Examples: #copy tftp://10.1.2.3/saved-config startup-config #copy tftp://10.4.5.6/file.dos image #copy tftp://10.7.8.9/boot.rfb boot Copy a software image or boot-image file from a serial connection that uses the Xmodem protocol Example: #copy xmodem: image URL prefixes

Xmodem

WORD

Marvell Confidential

Copy Command - Destination Options (1)

Keyword Running-config Source Copy into (merge with) the current running configuration file from a TFTP server Example: #copy tftp://10.0.0.9/commands-file runningconfig Note: when copying to running-config, existing running config remains and copied configuration is added. The new running config is a combination of both In case of contradiction in configuration error will appear. Copy to the startup configuration file - Only from another configuration file, or a TFTP server. Example: #copy running-config startup-config Note: When copying to startup-config The previous startupconfig is erased completely and only the new file is the startup -config

Startup-config

Marvell Confidential

Copy Command - Destination Options (2)

Keyword Image

Source Copy to the non-active software image file from xmodem or a TFTP server. #copy tftp://10.1.2.3/file.ros image Note when copying to device image in order to run the new image, active image has to be changed (show bootvar and then boot system image-x command) and then system rebooted Copy to the devices BOOT file - Only from TFTP server or xmodem Examples: #copy tftp://10.1.2.3/boot.rfb boot Copy to null destination (do the copy, discard any result) Example: #copy tftp://10.0.1.1 null: Destination URL (tftp://ip address/filename) to upload to a file (config, image or boot) to a TFTP network server Example: #copy image tftp://10.1.2.3/saved-image-file URL prefixes

Boot

Null: Tftp://

WORD

Marvell Confidential

Invalid Combinations
The source file and destination file cannot be the same file. xmodem: cant be a destination. tftp: cant be both source and destination.

Marvell Confidential

Flash File Additional CLI Commands

Use the following Privileged EXEC mode command to copy from a backup file on flash to destination file: Copy flash://filename destination-file Use the following Privileged EXEC mode command to copy from a source file to backup file on flash: Copy source-file flash://filename

Marvell Confidential

Flash Files CLI Examples

console# copy running-config flash://backup 01-Jan-2000 01:31:20 %COPY-I-FILECPY: Files Copy - source URL running-config destination URL flash://backup 01-Jan-2000 01:31:22 %COPY-W-TRAP: The copy operation was completed successfully ! Copy: 60 bytes copied in 00:00:02 [hh:mm:ss]

Marvell Confidential

Copy character description

! For transfers, an exclamation mark indicates that the copy process is taking place. Each exclamation mark indicates the successful transfer of ten packets (512 bytes each). . For network transfers, a period indicates that the copy process is timed out. Many periods in a row typically mean that the copy process may fail. E An uppercase E indicates an error. The copy process may fail.

Marvell Confidential

Examples
Copying an Image from a Server to Device The following example copies a system image named image-10022.ros from the TFTP server with an IP address of 172.16.101.101 to non active image file. console# copy tftp://172.16.101.101/image-10022.ros image !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!! Copy: XXXXX bytes copied in XX:XX:XX [hh:mm:ss]
Marvell Confidential

Running Device with New Image

Note!!! To run a device (or unit) using the new downloaded image select the non-active image (the one to which the image was downloaded) as the image for next boot and then reboot.

To view which image is currently inactive use command:

show bootvar

Console# show bootvar Images currently available on the FLASH image-1 active (selected for next boot) image-2 not active

Marvell Confidential

Running Device with New Image

To specify the system image for the device to load at next startup, use the boot system Privileged EXEC command:
boot system { image-1 | image-2 }

Console# boot system image-2

Marvell Confidential

Other Commands
To delete the startup-config file, use the following privileged EXEC command: delete startup-config Show commands
show running-config show startup-config

Marvell Confidential

AT - 8000S Telnet

Marvell Confidential

Telnet
The user can connect to the device via telnet and work as if working via the terminal. The user must configure a user name and password in order to be able to connect via telnet To allow full configuration capabilities, level must be set to 15. Level 1 allows only limited device view and configuration.

console> enable console# configure console(config)# username myuser password mypassword level 15 console(config)#

Marvell Confidential

AT - 8000S Web Server

Marvell Confidential

Embedded Web Server (EWS)

The user can connect and mange the device via the Embedded Web Server. The EWS allows the user to control and monitor the device using a GUI interface. To allow EWS management an IP has to be configured on one of the devices interfaces (Ethernet port or VLAN). User must verify that HTTP server is enabled on the device (default is enabled) In addition, a username and password must be created with access level of 15

Marvell Confidential

EWS Configuration Example

console(config)# ip http server console(config)# username George password Washington level 15 console(config)# interface vlan 1 console(config-if)# ip address 10.8.7.9 /24 console(config-if)# exit console(config)# ip default-gateway 10.8.7.10 console(config)# Default gateway is needed if management station is located in a remote network

Marvell Confidential

AT - 8000S SNMP

Marvell Confidential

Defining SNMP Settings

Simple Network Management Protocol (SNMP) provides a method for managing network devices. Devices supporting SNMP run a local agent. The SNMP agents maintain a list of variables, which are used to manage the device. The variables are defined in the Management Information Base (MIB). The MIB presents the variables controlled by the agent. The SNMP agent defines the MIB specification format, as well as the format used to access the information over the network.

Marvell Confidential

AT - 8000S Secure Management

Marvell Confidential

Secure Management Options

The Secure Shell (SSH) protocol provides encrypted and strongly authenticated remote login sessions, similar to the Telnet protocol, between a device running a Secure Shell server and a host (PC) with a Secure Shell client. The Secure Socket Layer (SSL) has been universally accepted on the World Wide Web for authenticated and encrypted communication between clients and servers applications. Therefore, SSL allows secure management of the networking devices via the standard WEB browser.

Marvell Confidential

How does SSH Tunneling work?

Telnet
App Insecure 23

Telnetd

This telnet connection is transmitted in the clear data and passwords are insecure!
23 2023

Set up SSH port forwarding from the client to the server

App

Client
SSH

Router
SSHd

2023

App

Secure

22

App

The result a secure connection!

Marvell Confidential

Never Trnamitted!

Loopback I/F
Loopback I/F
Never Trnamitted!

Loopback I/F

Network I/F

Network I/F

Client

Router

Loopback I/F

Network I/F

Network I/F

Client
SSH

Router
SSHd

App

Secure

22

App

Telnet
Network I/F Network I/F

Telnetd

23

Loopback I/F

Loopback I/F

SSL/TLS

Not secure

Secure HTTP

HTTP TCP IP

TLS TCP IP

Marvell Confidential

Marvell Confidential