Professional Documents
Culture Documents
Operating Instructions
Disclaimer
The contents of this document are subject to revision without notice due to
continued progress in methodology, design and manufacturing. Ericsson shall
have no liability for any error or damage of any kind resulting from the use of this
document.
Contents
1 Overview 1
1.1 Command-Line Interface 1
1.2 Accessing the CLI 2
1.3 Field-Support Account 3
1.4 Local Administrator Accounts 3
1 Overview
Before initial configuration, you should be familiar with the router's basic
concepts of Contexts and Interfaces and Bindings.
Arguments are case-sensitive. For example, if you use Customers for the <ctx-
name> argument in the context <ctx-name> command, the system does not
recognize customers as the same context.
If you have configured the management port, you can establish a Telnet or SSH
session to the system. Many tools provide Telnet and SSH access to remote
systems. These tools are beyond the scope of this document. In general, provide
the system name (the hostname configured for the system) or IP address
configured for the system management port, and an administrator name and
password.
Note: You may encounter login problems if you perform successive logins on a
remote system. For details, see Modify the Maximum Number of
Concurrent SSH Sessions on page 17.
If you forget the password, delete the administrator account and create a new
one. You cannot modify the password for an administrator account. See
Password Recovery.
The operating system provides default settings for local console sessions. You
can customize these settings for the duration current session using the terminal
length, terminal monitor, and terminal width commands.
After you are logged on to the system, you have access to the CLI based on the
context to which you are logged on, the privilege level of your account.
Note: To enter the Telnet shell (with the Telnet prompt), enter the ^]
characters. The telnet prompt is displayed.
— Field-support account is a Linux user and only for field support engineer to
get the root access.
Users who own both the SudoUser role and TechSupport role could
change the FSA password.
You can also create additional administrator accounts in the local context or in
nonlocal contexts to further restrict access to the CLI; see Restrict Access to the
CLI. To further secure the router, see Key Chains and TACACS+.
This section describes how to access the system through the CLI and configure
the minimum necessary for administrator access.
Steps
1. When you log on for the first time, connect a terminal to the console port
either directly or through a terminal server. See the appropriate hardware
guide for your system for information about connecting and configuring a
terminal for use with the console port.
Note: Enter the user name and password. Each operation is performed within
2 minutes. If the time is out, the system continues to boot.
Steps
Example
Field-Support Account does not exist on this Node. Please create it first.
Please Input Field-Support Name: xxx
Field Support Name must start with "_"
Please Input Field-Support Name:xxxx
Please Input Field-Support Password:************
Please Retype your Password:************
Example
[local]Ericsson#show field-support name
The field-support account is: xxxx
[local]Ericsson#
3. Log out the console, you can log in with the field-support account from
console again.
For more information about Field-Support Account configuration, refer to
Modify a Field-Support Account in Password Recovery.
To access global configuration mode, do the following starting from exec mode.
Steps
Example
[local]Ericsson#configure
Enter configuration commands, one per line, 'end' to exit
[local]Ericsson(config)#
Example
[local]Ericsson(config)#?
aaa Authentication, Authorization and Accounting
abort Abort this configuration - backout from running config
alarm-port Configure external alarm IO port attributes
alias Command level aliases
asp Enter the asp configuration mode
backup-housekeeping Configure backup restore management housekeeping model
backup-scheduler Configure backup restore management scheduler model
banner banner configuration command
boot Set boot parameters
bridge Configure a bridge
bs-cb-periodic-event Configure backup restore management calender base
periodic event model
bs-periodic-event Configure backup restore management periodic event model
bs-single-event Configure backup restore management single event model
card Select card to configure
circuit-group Configure a circuit group
comment Comment current transaction
commit Commit configuration transactions to running config
context Configure an operational context
default Return a parameter to its default value
default-linecard Configure default linecard for routing local traffic
dhcp Configure DHCP
dhcpv6 Configure DHCPv6
diag Set Diagnostics mode
dot1q dot1q configuration commands
dscp Configure dscp profile
end Commit configuration changes and return to exec mode
ethernet-ring Configure ethernet-ring protection
ethernet-segment Configure an ethernet segment group
exit Exit global configuration mode
export Backup and Restore Management Configuration Mode
flow Configure Flows
forward Configure forward policy parameters
global Global synchronization parameters
Every time the administrator super logs on to the system, the administrator is at
privilege level 10, which allows the administrator to enter configuration
commands. The maximum privilege level of 15, which can be enabled after initial
login, allows the administrator access to the complete system. This administrator
can view and modify the entire system configuration, and view all running
information on the system after enabling access to the maximum privilege level
because this account is created in the local context.
Steps
Example
[local]Ericsson(config)#context local
Example
[local]Ericsson(config-ctx)#administrator super password icandoanything
[local]Ericsson(config-administrator)#full-name "Fred P. Lynch x.1234"
[local]Ericsson(config-administrator)#privilege start 10
[local]Ericsson(config-administrator)#privilege max 15
[local]Ericsson(config-administrator)#allow-password-change
[local]Ericsson(config-administrator)#commit
Example
[local]Ericsson(config-administrator)#show configuration
administrator super encrypted 1 $1$........$dVif8R0QofOH8Waz/xuB40
full-name Fred Q. Lynch x1234
privilege start 10
privilege max 15
allow-password-change
Example
[local]Ericsson(config-administrator)#exit
[local]Ericsson(config-ctx)#enable password level 15 pwd_for_priv_level_15
[local]Ericsson(config-ctx)#commit
Example
[local]Ericsson(config-ctx)#show configuration
-
-
-
enable encrypted 1 $1$........$AGSXlr2Tk5AsG92NBXzqi0
Example
[local]Ericsson(config-ctx)#service telnet
[local]Ericsson(config-ctx)#commit
[local]Ericsson(config-ctx)#exit
[local]Ericsson(config)#
Steps
Example
[local]Ericsson#save configuration
Save to file: ericsson.cfg
Target file exists, overwrite?y
Steps
Example
[local]Ericsson#change-password
Changing password for user: super
Current password:
New password:
Verifying New password:
Password changed successfully
Example
[local]Ericsson#change-password platadmin _cde
New password: **************
Retype new password: **************
Field-Support Account has been modified successfully.
As an administrator, you can also change the password for field-support account,
if you have the required privileges. Use platadmin <username> keyword with the
change password command.
2. Issue the enable command to allow access to privilege level 15. You are
prompted to provide the enable password configured for privilege level 15 (in
this example pwd_for_priv_level_15). The password is not displayed as
you type it in.
Example
[local]Ericsson#enable 15
password:
The other roles except SudoUser and TechSupport roles are recommended if
none of the above three situations are needed.
Steps
Example
[local]Ericsson(config)#context local
Example
[local]Ericsson(config-ctx)#administrator admin1 password supersecret1
Example
[local]Ericsson(config-administrator#role SystemAdministrator
[local]Ericsson(config-administrator)#role SudoUser
[local]Ericsson(config-administrator)#role TechSupport
[local]Ericsson(config-administrator)#commit
[local]Ericsson(config-administrator)#exit
[local]Ericsson(config)#exit
[local]Ericsson#
This example creates the management interface in the local context and binds it
to the management port.
Note: Use the port ethernet management command only once. Your access to
the system automatically switches to the management port if it
becomes active during normal operation.
Steps
Example
[local]Ericsson(config)#context local
Example
[local]Ericsson(config-ctx)#interface management
[local]Ericsson(config-if)#ip address 192.168.1.1/16
[local]Ericsson(config-if)#exit
[local]Ericsson(config-ctx)#exit
3. Access the management port and bind it to the interface. Enable the port.
Example
[local]Ericsson(config)#port ethernet management
[local]Ericsson(config-port)#bind interface management local
[local]Ericsson(config-port)#no shutdown
[local]Ericsson(config-port)#commit
Note: You can also bind the management interface to a non-local context.
This facilitates the usage of a separate management context with
out-of-band router management.
Example
[local]Ericsson(config-port)#show configuration
context local
...
interface management
ip address 192.168.1.1/16
...
Steps
Note: The separator character between the <admin-name> and the <ctx-
name> argument is configurable. It can be %, -, @, _, \, #, $, or /. The
default character is @. To configure the character, see aaa
username-format.
Steps
1. If you are logging on to a router on which the IP address and SSH service are
configured in a context different from that of the administrator, enter the
administrator name in the following format, using the context name in which
the user is configured for authentication.
<admin-name>@<ctx-name>
2. If you are logging on to a router on which the IP address and SSH service are
configured in the same context as the administrator, enter the administrator
name in the following format:
<admin-name>
3. When you connect to the system, the password you enter is not echoed.
Passwords are stored in the configuration file in encrypted format.
Steps
Steps
Example
[local]Ericsson(config)#system contact IS hotline 1-800-555-1234
[local]Ericsson(config)#system hostname freebird
[local]Ericsson(config)#system description router-gold
[local]Ericsson(config)#system location Building 2, 2nd fl. lab 3
[local]Ericsson(config)#commit
2. Confirm the configuration. Note that the system prompt reflects the new
hostname.
Example
[local]freebird(config)#show configuration | grep system
...
system contact IS hotline 1-800-555-1234
system hostname freebird
system description router-gold
system location Building 2, 2nd fl. lab 3
Steps
Example
[local]Ericsson(config)#management context to-mgr
[local]Ericsson(config)#commit
Transaction complete.
[local]Ericsson(config)#exit
Steps
Example
[local]Ericsson(config)#service multiple-contexts
Example
[local]Ericsson(config)#system confirmations context
[local]Ericsson(config)#commit
Example
[local]Ericsson(config)#show configuration | grep system
...
service multiple-contexts
...
system confirmations context
Example
[local]Ericsson(config)#context newcontext
Are you sure you want to create context newcontext? y
[local]Ericsson(config-ctx)#
— Defines Atlantic Standard Time (AST), Eastern Standard Time (EST), Central
Standard Time (CST), Mountain Standard Time (MST), Pacific Standard Time
(PST), and Hawaii Standard Time (HST) time zones. Identifies PST as the
local time zone.
To configure the system time zone, do the following starting in exec mode.
Steps
Example
[local]Ericsson#clock set 2013:06:30:12:01
Example
[local]Ericsson#configure
[local]Ericsson(config)#system clock timezone AST -4
[local]Ericsson(config)#system clock timezone EST -5
[local]Ericsson(config)#system clock timezone CST -6
[local]Ericsson(config)#system clock timezone MST -7
[local]Ericsson(config)#system clock timezone PST -8 local
[local]Ericsson(config)#system clock timezone HST -10
Example
[local]Ericsson(config)#system clock summer-time PST PDT recurring first Sunday April 6 last \
Sunday October 2
[local]Ericsson(config)#system clock summer-time MST MDT recurring first Sunday April 6 last \
Sunday October 2
[local]Ericsson(config)#commit
Example
[local]Ericsson(config)#show configuration
...
system clock timezone AST -4 0
system clock timezone CST -6 0
system clock timezone FST -5 0
system clock timezone HST -10 0
system clock timezone MST -7 0
system clock summer-time MST MDT recurring first Sunday April 6 last Sunday O→
ctober 2
system clock timezone PST -8 0 local
system clock summer-time PST PDT recurring first Sunday April 6 last Sunday O→
ctober 2
— The login banner Freebird system, which is displayed before the user logs
on.
— The exec banner Welcome to the freebird system., which displays after
a user logs on.
In addition, you can use the banner motd command to create ad hoc messages.
Steps
Example
[local]Ericsson(config)#banner login /Freebird system/
[local]Ericsson(config)#banner exec /Welcome to the freebird system./
[local]Ericsson(config)#commit
Example
[local]Ericsson(config)#show configuration
...
banner login /Freebird system/
banner exec /Welcome to the freebird system./
Steps
1. Change the number of times that the system tries to reestablish a dropped
TCP connection.
Example
[local]Ericsson(config)#tcp keepalive count 4
[local]Ericsson(config)#commit
Example
[local]Ericsson(config)#show configuration
...
tcp keepalive count 4
If you use automated scripts to establish multiple Telnet or SSH sessions, note
that the router supports a maximum of one login every 30 seconds. If you
encounter a login error, wait 5-10 minutes before establishing another Telnet or
SSH session.
Steps
Example
[local]Ericsson(config)#ssh server full-drop 17
[local]Ericsson(config)#commit
[local]Ericsson(config)#ssh server start-drop 17
[local]Ericsson(config)#commit
Note: Restricting maximum number of sessions using the ssh server full-
drop command does not restrict the maximum number of SFTP
sessions. The maximum number of SFTP sessions remains 32.
Example
[local]Ericsson(config)#show configuration | in ssh
...
ssh server full-drop 17
To change the duration of time that the system waits for a response before
timing out:
Steps
Example
[local]Ericsson(config)#timeout login response 5
[local]Ericsson(config)#commit
Example
[local]Ericsson(config)#show configuration
...
timeout login response 5
Steps
Example
[local]Ericsson(config)#timeout session idle 30
[local]Ericsson(config)#commit
Example
[local]Ericsson(config)#show configuration
...
timeout session idle 30
Steps
Example
[local]Ericsson>show hardware
Slot Type Product No Serial No Rev M →
fg Date Payload
----- -------------------- ---------------- -------------- ------- --------- →
-- -------
N/A backplane C920757845 D825663644 R1A 08-JAN-2018 N →
/A
PFT1 pft-ac BML 901 374/1 BR84839677 R1A 08-F →
EB-2018 N/A
PFT2 pft-dc BMR 911 86/1 BR84555748 R1A 25- →
FEB-2018 N/A
RP1 rp ROA 128 6130/1 ENCD826387 R1A 22-S →
EP-2017 OK
RP2 rp ROA 128 6130/1 ENCD826388 R1A 22-S →
EP-2017 OK
1 1-10ge-48-port ROA 128 6028/1 ENCD823439 R1A 01- →
FEB-2018 OK
2 1-10ge-48-port ROA 128 6028/1 ENCD823440 R1A 01- →
FEB-2018 OK
3 10-100ge-32-4-port ROA 128 6188/1 ENCD823526 R1A 13- F →
EB-2018 OK
Example
[local]Ericsson#show licensing
Capacity alarm hysteresis(%) : 5
Capacity alarm threshold(%) : 80
Fingerprint : D825663644
Fingerprint updatable : true
Last inventory change : NULL
Last license inventory refresh : 2018-05-12T04:50:30+00:00
License expiration warning(day) : 7
State : INTEGRATION_UNLOCK
Locking code :
Note: — If the serial number of the backplane is identical to the fingerprint, it means that
the fingerprint is the initial configuration. By default, the fingerprint is the serial
number of the backplane if you don't set the fingerprint manually. If it requires to
replace a failed router, use the fingerprint command to reset the fingerprint. For
details, refer to fingerprint in Commands: F.
Example
[local]Ericsson(config)#licensing
[local]router6000(config-licensing)#fingerprint C920757834
Note: The fingerprint is no longer than 256 characters and contains only letters, numbers,
hyphens (-), and underscores (_).
Step 2 and Step 3 are exclusive. Follow either Step 2 or Step 3, depending on whether the license
key file is installed from a remote or local URI.
3. Install the license key file from a local URI. Skip this step if you install the license key file from a
remote URI.
a. Copy the license key file from the license server to the local URI with the password
1234.
Example
[local]Ericsson#copy scp://admin@132.196.28.228//home/LKF/C920757834_171212_093034.xml /flash
Enter Windows password:****
C920757834_171212_093034.xml 100% 1184 9.2KB/s 00:00
Note: Enable Secure Copy Protocol (SCP) client if you use SCP to copy the license
key file.
b. Install the license key file from the URI of file:///flash/
C920757834_171212_093034.xml with password admin.
Example
[local]Ericsson#licensing install keyfile uri file:///flash/C920757834_171212_093034.xml password →
admin
4. Install the license key file from the remote URI of sftp://admin@132.196.28.228/home/LKF/
C920757834_171212_093034.xml. Use the password 1234. Skip this step if you install the
license key file from a local URI.
Example
[local]Ericsson#licensing install keyfile uri sftp://admin@132.196.28.228/home/LKF/C920757834_171212_093034. →
xml password 1234
Example
[local]Ericsson#show licensing keyfile progress
Report progress :
Action name : loadLicKeyFile
Additional info :
Progress info :
Progress percentage : 100
Result : SUCCESS
Result info : Successfully loaded the new LKF
State : FINISHED
Action id : 0
Time action started : 2018-05-14T15:44:07+00:00
Time action completed : 2018-05-14T15:44:07+00:00
Time of last status update : 2018-05-14T15:44:07+00:00
Note: When installing the license key file from a remote URI, ensure the progress percentage
is 100 before starting the second installation.
Example
[local]Ericsson#licensing inventory refresh
[local]Ericsson#licensing inventory publish
Example
This example displays general license management information.
[local]Ericsson#show licensing
Capacity alarm hysteresis(%) : 5
Capacity alarm threshold(%) : 80
Fingerprint : C920757834
Fingerprint updatable : false
Last inventory change : 2018-05-14T11:59:57+0000
Last license inventory refresh : 2018-08-29T03:08:43+00:00
License expiration warning(day) : 7
State : NORMAL
Locking code :
Reconnect attempt interval(sec) : 30
Synchronization interval(sec) : 30
Example
This example displays detailed license key information.
Expiration : 1970-01-01
Shared : false
Version :
Capacity key : 7
Licensed capacity limit :
Value : 0
No limit : false
Capacity unit : token
Granted capacity level : 0
Licensed capacity limit reached : false
Key id : FAT1023953/1
Name : Capacity Key, 1 x Abis/IP Attach Unit license
Product type : Router 6000
Valid from : 1970-01-01
Expiration : 1970-01-01
Shared : false
Version :
Capacity key : 8
Licensed capacity limit :
Value : 0
No limit : false
Capacity unit : token
Granted capacity level : 0
Licensed capacity limit reached : false
Key id : FAT1023955/1
Name : Capacity Key, 1 x CES Attach Unit license
Product type : Router 6000
Valid from : 1970-01-01
Expiration : 1970-01-01
Shared : false
Version :
Capacity key : 9
Licensed capacity limit :
Value : 0
No limit : false
Capacity unit : token
Granted capacity level : 1
Licensed capacity limit reached : true
Key id : FAT1023253/1
Name : Feature Key, IPOS
Product type : Router 6000
Valid from : 1970-01-01
Expiration : 1970-01-01
Shared : false
Version :
Capacity key : 10
Licensed capacity limit :
Value : 0
No limit : false
Capacity unit : token
Granted capacity level : 0
Licensed capacity limit reached : false
Key id : FAT1023871/1
Name : Feature Key, Shortest Path Based Segment Routing
Product type : Router 6000
Valid from : 1970-01-01
Expiration : 1970-01-01
Shared : false
Version :
Capacity key : 11
Licensed capacity limit :
Value : 0
No limit : false
Capacity unit : token
Granted capacity level : 1
Licensed capacity limit reached : true
Key id : FAT1023595/1
Name : Feature Key, 1588/PTP
Product type : Router 6000
Valid from : 1970-01-01
Expiration : 1970-01-01
Shared : false
Version :
Capacity key : 12
Licensed capacity limit :
Value : 0
No limit : false
AST
Atlantic Standard Time
BFD
Bidirectional Forwarding Detection
CLI
Command-Line Interface
CST
Central Standard Time
DES
Data Encryption Standard
EST
Eastern Standard Ti
FTP
File Transfer Protocol
HST
Hawaii Standard Time
MOMs
Managed Object Models
MST
Mountain Standard Time
NETCONF
Network Configuration
PST
Pacific Standard Time
SCP
Secure Copy Protocol
SSH
Secure Shell