Changes between Version 28 and Version 29 of Internal/OpenFlow/CLISetup


Ignore:
Timestamp:
Jan 28, 2010, 6:32:00 AM (15 years ago)
Author:
akoshibe
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Internal/OpenFlow/CLISetup

    v28 v29  
    1 = Configuring the switch through command line interface (CLI) = 
    2 
    3 The IP8800/S3640-48T2XW and IP8800/S3640-24T2XW are the two models of NEC switch that support !OpenFlow. This page is a how-to/log on configuring the IP8800/S3640-48T2XW NEC switch through the CLI. 
    4 
    5 == References ==
    6 
    7 For people literate in Japanese, a complete set of configuration guides may be found in the [http://www.nec.co.jp/ip88n/02.html#manual03 documents section of the NEC website.]
    8 
    9 == console connection to the switch (6/11) ==
    10 The switch uses regular RS-232 for the serial connection. The settings for the serial connection are the following:
    11 
    12  * speed: 9600
    13  * data bits: 8
    14  * stop bits: 1
    15  * Flow control: none
    16  * Parity: none
    17  
    18 Minicom didn't seem to work too well no matter what settings were changed. Kermit was used to connect to the switch because default settings can be used directly and no changes need to be made. After installation (The Debian package is ckermit), use the following commands as root:
    19 
    20 {{{
    21  C-Kermit>set line /dev/ttyS0
    22  C-Kermit>set carrier-watch off
    23  C-Kermit>connect
    24 }}}
    25 
    26 `Ctrl-\ q` ends the kermit session.
    27 
    28 If the login prompt doesn't show up, pressing enter a couple of times should do the trick. The default username is `operator`, and the password, blank.
    29 
    30 == Making configuration changes through CLI ==
    31 A lot of it looks like Cisco IOS. Type `enable` in the prompt to get to privileged mode. The '>' should become a '#'.
    32 
    33 {{{   
    34 > ena
    35 #
    36 }}}
    37 
    38 The shorthand of a command can be used. The switch also does command completions when you hit tab. A full list of commands can be seen by typing `?` at the prompt. Commands are often used in compound, so a `?` can be used at any time to see what options are available:
    39 
    40 {{{
    41 # show interface ?
    42   gigabitethernet     The type of a port is specified in
    43                       10BASE-T/100BASE-TX/1000BASE-T/1000BASE-X line
    44   tengigabitethernet  The type of a port is specified in 10GBASE-R line
    45 }}}
    46 
    47 To actually configure the switch, you need to be in configuration mode. Type `configure` to enter configuration mode:
    48 
    49 {{{
    50 # configure     
    51 (config)#
    52 }}}
    53 
    54 If, at any time, you get confused as to which interface or '' what '' you are even configuring, command `show` will output the name of the interface and the configuration changes made to it so far:
    55 
    56 {{{
    57 (config-if)# show
    58 interface gigabitethernet 0/27
    59   switchport mode access
    60   switchport access vlan 4
    61 !
    62 }}}
    63 
    64  
    65 == Telnet access to the switch (6/12) ==
    66 To telnet to a switch, you need to set up an IP address for the switch. To do this, you need to not only set up a vlan interface to which the IP address belongs, but also permit telnet access. 
    67 
    68  1. After entering configuration mode, create a vlan. Give it a name if you feel like it. The '!' before the prompt indicates that a change has been made, and you must use the command 'save' before exiting out of config mode to have the configuration changes apply.
    69 {{{
    70 (config)# vlan 4
    71 !(config-vlan)# name "telnet"
    72 !(config-vlan)# exit
    73 !(config)#
    74 }}}
    75 
    76  2. Assign the port that is to be used for remote access the vlan you just created. the range of ports available save the 10GBe interfaces are 0/1-0/48.
    77 {{{
    78 !(config)# interface gigabitethernet 0/27
    79 !(config-if)# switchport mode access
    80 !(config-if)# swi acc vlan 4         
    81 !(config-if)# exit
    82 }}}
    83 
    84  3. Assign an IP address and subnet mask to the vlan's interface:
    85 {{{
    86 !(config)# interface vlan 4
    87 !(config-if)# ip address 192.168.10.1 255.255.255.0
    88 !(config-if)# exit
    89 !(config)#
    90 }}}
    91  
    92  4. Allow login via telnet. This will limit the number of maximum simultaneous telnet connections to 3. `save` will allow config changes to survive a reboot, and gets rid of the annoying !'s.
    93  
    94 {{{
    95 !(config)# line vty 0 2
    96 !(config-line)# exit
    97 !(config)#   
    98 !(config)# save
    99 (config)# exit
    100 #
    101 }}}
    102 
    103 The telnet VLAN (4) was later changed to VLAN 1.
    104 
    105 == switch as DHCP server ==
    106 The switch can be a DHCP server, so it was made so the laptop that'll be used to test if the telnet configs worked would get an address from the switch. This was later disabled since hosts on this switch would acquire IP addresses from a designated DHCP server.
    107 The commands for making the switch a DHCP server is [wiki:Internal/OpenFlow/SwitchConfiguration here].
    108 
    109 == The right way to flash the switch (6/16) ==
    110 The specific how-to's are on [wiki:Internal/OpenFlow/Firmware another article], but the general gist is to copy the firmware, license, and configuration files onto a SD card provided by NEC, and cold booting the switch off of it.   
    111 
    112 == VLAN Configuration, based on convention (6/23) ==
    113 The switch should follow the conventions used in other switches for which port corresponds to which VLAN, where the trunk is, ect. After week 2, the switch was booted back into normal mode (no SD card), and the VLANs statically set according to the following convention for networking SB9:
    114 
    115  ||Usage||ports||VLAN||
    116  ||CM||1-4||3||
    117  ||Control||5-8||27||
    118  ||Data||9-12||28||
    119 
    120 == Static VLAN Configuration ==
    121 Configuration of the CM VLAN (VLAN 3) is shown here.
    122  
    123  1. Create and name VLAN
    124 {{{
    125 (config)# vlan 3
    126 !(config-vlan)# name "CM"
    127 !(config-vlan)# exit
    128 }}}
    129 
    130  2. Assign CM VLAN 3 to the desired ports. Unfortunately, you have to configure one port at a time. Luckily, you can use the up arrow key to go through previous commands to make things faster. 
    131 {{{
    132 !(config)# interface gi 0/1
    133 !(config-if)# switchport mode access
    134 !(config-if)# switchport acc vlan 3
    135 !(config)# interface gi 0/2
    136 !(config-if)# switchport mode access
    137 !(config-if)# switchport acc vlan 3
    138 !(config)# interface gi 0/3
    139 !(config-if)# switchport mode access
    140 !(config-if)# switchport acc vlan 3
    141 !(config)# interface gi 0/4
    142 !(config-if)# switchport mode access
    143 !(config-if)# switchport acc vlan 3
    144 }}}
    145  
    146  3. After repeating steps 1 and 2 for the Control and Data VLANs (with correct port numbers and VLAN number, of course), configure the trunk ports:
    147 {{{
    148 !(config-if)# interface gi 0/45
    149 !(config-if)# switchport mode trunk
    150 !(config-if)# switchport trunk allowed vlan 3,27,28
    151 !(config-if)# interface gi 0/46
    152 !(config-if)# switchport mode trunk
    153 !(config-if)# switchport trunk allowed vlan 3,27,28
    154 !(config-if)# interface gi 0/47
    155 !(config-if)# switchport mode trunk
    156 !(config-if)# switchport trunk allowed vlan 3,27,28
    157 !(config-if)# interface gi 0/48
    158 !(config-if)# switchport mode trunk
    159 !(config-if)# switchport trunk allowed vlan 3,27,28
    160 !(config-if)# exit
    161 !(config)# save
    162 (config)# exit
    163 }}}
    164 
    165 == DHCP/BootP relay agent (6/24) ==
    166 attempt was made but not knowing the DHCP server's address didn't help. Nevertheless, translations on how to set up a relay agent/ IP helper are [wiki:Internal/OpenFlow/SwitchConfiguration here].
    167 
    168 == Native VLAN configuration (6/25) ==
    169 A native VLAN was set up on the trunk ports so the switch will have an interface that can be assigned an IP address.   
    170 
    171  1. Make a VLAN. Name the native VLAN. 
    172 {{{
    173 (config)# vlan 1
    174 (config-vlan)# name "Network"
    175 !(config-vlan)# exit
    176 }}}
    177  2. Assign static IP address to the interface. we needed to find the switch's IP address with nslookup. This was actually done 7/2, after its MAC address was registered.   
    178 {{{
    179 !(config-vlan)# interface vlan 1
    180 !(config-if)# ip address 172.16.19.253 255.255.0.0
    181 }}}
    182  3. Configure ports to be trunk ports, then specify the native VLAN
    183 {{{
    184 !(config)# interface gi 0/48
    185 !(config-if)# switchport mode trunk
    186 !(config-if)# switchport trunk native vlan 1
    187 }}}
    188  4. Specify which VLANs are allowed on the trunk. This includes all VLANs that converge to this trunk, as well as the native VLAN for this trunk. If the port is already made to allow other VLANs, instead of using command `switchport trunk allowed vlan 1,3,27,28` you can just add VLAN 1 by using the `vlan add <vlan ID>` context:
    189 {{{
    190 !(config-if)# swi trunk allowed vlan add 1
    191 }}}
    192 so now the configurations for port 0/48 look like this:
    193 {{{
    194 !(config-if)# sh
    195 interface gigabitethernet 0/48
    196   switchport mode trunk
    197   switchport trunk allowed vlan 1,3,27-28
    198   switchport trunk native vlan 1
    199 }}}
    200 
    201 === Port speeds (7/17) ===
    202 By default, the switch autonegociates. You can change this by going into configuration mode for each port, and changing settings using the `speed` command. The syntax:
    203  
    204  * `speed auto [10|100|1000]` - autonegociate. If a speed is specified, the port will be shut down by the switch if the host refuses to negotiate to the set speed.
    205  * `speed [10|100|1000]` - sets port to specific speed, no autonegociation
    206 
    207 The port should be shut down before changing speed settings. This seems to allow the changes to take immediate effect, even before saving config changes. Each port needs to be configured separately, which makes it a bit annoying. 
    208 {{{ 
    209 sw-sb09(config)#  interface gi 0/13
    210 sw-sb09(config-if)# shutdown
    211 !sw-sb09(config-if)#
    212 02/06 03:35:48 E3 PORT GigabitEthernet0/13 25011100 1350:000000000000 Port disabled administratively.
    213 !sw-sb09(config-if)# speed auto 1000
    214 !sw-sb09(config-if)# no shutdown     
    215 }}}
    216 
    217 === SNMP (8/13) ===
    218 For a explanation of SNMP: http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol [[BR]]
    219 In the IP8800 guide: http://www.nec.co.jp/ip88n/s36_sw/html/cfguide2/index.html [[BR]]
    220 MIB references: http://www.alvestrand.no/objectid/
    221 ==== Configuring the IP8800 ====
    222 Use of SNMP (Simple Network Management Protocol) is not set by default; you must create access lists with IP addresses allowed to request information as a manager device. In this case, an ACL is created for all the interfaces of SB9, eth1:
    223 {{{
    224 !sw-sb09(config)# access-list 1 permit 10.19.0.10 0.0.0.0
    225 !sw-sb09(config)# access-list 1 permit 192.168.100.28 0.0.0.0
    226 !sw-sb09(config)# access-list 1 permit 192.168.1.28 0.0.0.0
    227 !sw-sb09(config)# access-list 1 permit 172.16.100.1 0.0.0.0
    228 !sw-sb09(config)# sh access-list
    229 access-list 1 10 permit host 10.19.0.10
    230 access-list 1 20 permit host 192.168.100.28
    231 access-list 1 30 permit host 192.168.1.28
    232 access-list 1 40 permit host 172.16.100.1
    233 }}}
    234 To add a block of IP's to the ACL, you need the starting IP address and wildcard (range of host addresses available) for that IP block. To add the Network VLAN subnet to the ACL:
    235 {{{
    236 access-list 1 50 permit 172.16.0.1 0.0.255.255
    237 }}}
    238 
    239 to include it in the snmp access list, use the following command:
    240 {{{
    241 sw-sb09(config)# snmp-server community "NET" rw 1
    242 }}}
    243 where "NET" is the group name, "rw" - read/write, as opposed to "ro", read-only, and "1" is the access list allowed.
    244 
    245 ==== Accessing MIBs on the IP8800 ====
    246 accessing it through the switch itsself is easy enough:
    247 {{{
    248 sw-sb09# snmp walk 1.3.6.1.2.1.1           
    249 
    250 Name: sysDescr.0
    251 Value: ALAXALA AX3640S AX-3640-48T2XW-L [AX3640S-48T2XW] Switching software Ver.
    252 10.7 [OS-L3L]
    253 
    254 Name: sysObjectID.0
    255 Value: ax3640s
    256 
    257 Name: sysUpTime.0
    258 Value: 25724205
    259 
    260 Name: sysContact.0
    261 Value:
    262 
    263 Name: sysName.0
    264 Value: sw-sb09
    265 
    266 Name: sysLocation.0
    267 Value:
    268 
    269 Name: sysServices.0
    270 Value: 78
    271 }}}
    2721
    2732== Elucidation (Or, How-TO's) ==
     
    536265Interface VLANs are also important because it provides a means to interact with a Layer 2 device (the switch) using Layer 3 means (IP). For example, The IP addresses used to uniquely identify each switch on the network is assigned to the switch via an interface VLAN.
    537266
    538 === Creating/ Using VLANs and Interface VLANs ===
     267=== Creating VLANs and Interface VLANs ===
    539268
    540269The following steps outline the general configuration of VLANs and interface VLANs through the CLI.
     
    586315With the "access mode" ports in the previous section, VLANs with the same VLAN ID that are on different but connected switches would be recognized as different VLANs despite same VLAN ID. In order to allow the two same-ID VLANs to communicate with one another, we need to 1) set up trunking between the two switches, and 2) enable "dot1q tunneling" on the ports.
    587316
    588 1. '''Configure the trunk port.''' Say that ports 0/45-48 are trunk ports:
     3171. '''Configure the trunk port.''' Say that ports 0/45-48 are trunk ports (Remember, if you are just configuring one port, you can always use the singular "interface gigabitethernet" context.):
    589318{{{
    590319!(config-if)# interface range gi 0/45-48
    591 !(config-if)# switchport mode trunk
    592 !(config-if)# switchport trunk allowed vlan 3,27,28
     320!(config-if-range)# switchport mode trunk
     321!(config-if-range)# switchport trunk allowed vlan 3,27,28
    593322}}}
    594323
    595324 * "interface range gi 0/45-48" - configure all four ports at once with "interface range" context
    596325 * "switchport mode trunk" - make the ports trunk ports
    597  * "switchport trunk allowed vlan 3,27,28" - allow the trunk to only carry frames from VLANs 3,27,or 28
     326 * "switchport trunk allowed vlan 3,27,28" - allow the trunk to only carry frames from VLANs 3,27,or 28 (frames from these VLANs will get tagged)
    598327
    599328'''Some extensions of the "switchport trunk allow" context."'''
    600 Yes, we know that you're thinking "wait, there's more?", but without these sub-contexts you'd have to undo the whole "switchport trunk allowed vlan" bit each time you need to add or remove VLANs from the access list.
    601 
    602 Firstly, the switch's help output:
    603 {{{
    604 sw-sb09(config-if)# switchport trunk allowed vlan ?
     329Without these sub-contexts you'd have to undo the whole "switchport trunk allowed vlan" bit each time you need to add or remove VLANs from the access list.
     330
     331First off, as per the switch's help output:
     332{{{
     333sw-sb09(config-if-range)# switchport trunk allowed vlan ?
    605334  <vlan id list>  <List style>. 1 to 4094. ex. "10-20", "30,40"
    606335  add             add the VLANs to use this port
     
    612341 * "switchport trunk...vlan remove <VLAN IDs> - remove VLANs from your current list     
    613342 
    614 moving on...
    615 
    616 2. '''Configure the VLAN ports.''' The steps are same as configuring the ports for regular VLANs, except instead of "switchport mode access" we specify "switchport mode dot1q-tunnel" in this case:
    617 {{{
    618  sw-sb09(config)# int range gigabitethernet 0/1-4, gigabitethernet 0/30
    619  sw-sb09(config-if-range)#
    620 }}}
    621 
    622 3. '''Associate the trunk with a Native VLAN.''' Technially speaking, native VLANs allows hosts that do not understand tagging to function on a network implementing VLAN tagging. In context of the switch, the native VLAN is much like a trunk port version of an interface VLAN.       
    623 
    624 
    625 ==== ports ====
     343
     3442. '''Associate the trunk with a Native VLAN.''' Native VLANs allows hosts that do not understand VLAN tagging to function on a network implementing trunking (IEEE 802.1q). In context of the switch, the native VLAN is much like a trunk port version of an interface VLAN; It essentially assigns an IP address and VLAN to the switch's trunk port(s), and provides a means to transport non-tagged frames on the trunk.         
     345{{{
     346!(config-if-range)# switchport trunk native vlan 1
     347}}}
     348
     349 * "switchport trunk native vlan 1" - make VLAN 1 the native VLAN for trunk port 0/48 (any frames from VLAN 1 will pass through the trunk untagged)
     350
     351By the way, this is the configuration for interface VLAN 1, which should be done ahead of time:
     352{{{
     353(config-vlan)# interface vlan 1
     354(config-if)# ip address 172.16.19.253 255.255.0.0
     355}}}
     356
     357...And that's it for the trunks. If you now go into a context for one of your trunk ports and do a "show", your configurations should look like this:
     358{{{
     359!(config-if-range)# interface gi 0/48
     360!(config-if)# show
     361interface gigabitethernet 0/48
     362  switchport mode trunk
     363  switchport trunk allowed vlan 1,3,27-28
     364  switchport trunk native vlan 1
     365}}}
     366
     367But finally...
     368
     3693. '''Configure the ports associated with the trunked VLANs.''' The steps are same as configuring the ports for regular VLANs, except instead of "switchport mode access" we specify "switchport mode dot1q-tunnel" in this case:
     370{{{
     371(config)# int ran gi 0/13-22
     372(config-if-range)# sw mo dot1q-tunnel
     373!(config-if-range)# sw acc vlan 3
     374!(config-if-range)# save             <<<-----VERY important if you want the configurations saved!
     375}}}
     376
     377=== Troubleshooting ===
     378
     379...error messages, undoing configs, ect to come here
     380
     381----
     382== Port configurations ==
     383While we have been mentioning ports perpetually via contexts, this section covers them in deeper detail.
     384
     385==== ports as seen by the switch ====
    626386
    627387By configuring the ports, you can control physical layer properties of the switch e.g. port speed, whether it is full or half duplex, and whether the port is up or down.         
     
    655415The ports are counted beginning the top left RJ-45 at 0/1 and end at the lower right port at 0/48. If you look at the front of the switch you can see that they are labeled above the link lights of each of the pairs of ports.
    656416
    657 
    658  * Virtual interfaces - Also called "VLANs" by the switch. They do function as VLANs in the traditional sense, but in this case, are also associated with IP addresses used by the switch (i.e. the IP address used when telnetting).
    659  
    660  * Ports - By default all ports are assigned to VLAN 1. The ports must be assigned to different VLANs according to how you want the frames to/from the port are handled. Port settings are configured from the `interface gigabitethernet 0/n` context in configure mode. The three main contexts we need are:
    661 
    662  1- `switchport mode access` - the default port mode. Port is associated with a vlan, but frames from the port are not tagged - the frames are dropped if they are seen on the trunk.
    663  
    664  2- `switchport mode dot1q-tunnel` - frames from the port are tagged upon hitting the trunk and not dropped.
    665  
    666  3- `switchport mode trunk` - port is a trunk and can handle frames from multiple vlans.
    667 
     417=== Port speed ===
     418By default, the switch autonegociates. You can change this by going into configuration mode for each port, and changing settings.
     419
     4201. '''Shut port(s) to configure down.''' Shutting the ports down before configuring them allows the changes to take immediate effect upon bringing them back up.
     421{{{ 
     422sw-sb09(config)#  interface gi 0/13
     423sw-sb09(config-if)# shutdown
     424!sw-sb09(config-if)#
     42502/06 03:35:48 E3 PORT GigabitEthernet0/13 25011100 1350:000000000000 Port disabled administratively.
     426}}}
     427
     428It is normal to see an output message when you take down ports.
     429
     4302. '''Set speed.''' The sub-context "speed" allows you to configure the port speed. The syntax is the following:
     431
     432 * `speed auto [10|100|1000]` - autonegociate. If a speed is specified, the port will be shut down by the switch if the host refuses to negotiate to the set speed.
     433 * `speed [10|100|1000]` - force port to run at a specific speed, no autonegociation
     434
     435Where the numbers denote Mbps. Here, we configure the port to go at 1000Mbps (1Gbps), and bring it back up:
     436{{{
     437!sw-sb09(config-if)# speed auto 1000   
     438!sw-sb09(config-if)# no shutdown     
     439}}}
     440
     441=== Help? ===
     442...To be completed.
     443
     444----
     445
     446== Access Lists and SNMP ==
     447=== SNMP (8/13) ===
     448For a explanation of SNMP: http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol [[BR]]
     449In the IP8800 guide: http://www.nec.co.jp/ip88n/s36_sw/html/cfguide2/index.html [[BR]]
     450MIB references: http://www.alvestrand.no/objectid/
     451==== Configuring the IP8800 ====
     452Use of SNMP (Simple Network Management Protocol) is not set by default; you must create access lists with IP addresses allowed to request information as a manager device. In this case, an ACL is created for all the interfaces of SB9, eth1:
     453{{{
     454!sw-sb09(config)# access-list 1 permit 10.19.0.10 0.0.0.0
     455!sw-sb09(config)# access-list 1 permit 192.168.100.28 0.0.0.0
     456!sw-sb09(config)# access-list 1 permit 192.168.1.28 0.0.0.0
     457!sw-sb09(config)# access-list 1 permit 172.16.100.1 0.0.0.0
     458!sw-sb09(config)# sh access-list
     459access-list 1 10 permit host 10.19.0.10
     460access-list 1 20 permit host 192.168.100.28
     461access-list 1 30 permit host 192.168.1.28
     462access-list 1 40 permit host 172.16.100.1
     463}}}
     464To add a block of IP's to the ACL, you need the starting IP address and wildcard (range of host addresses available) for that IP block. To add the Network VLAN subnet to the ACL:
     465{{{
     466access-list 1 50 permit 172.16.0.1 0.0.255.255
     467}}}
     468
     469to include it in the snmp access list, use the following command:
     470{{{
     471sw-sb09(config)# snmp-server community "NET" rw 1
     472}}}
     473where "NET" is the group name, "rw" - read/write, as opposed to "ro", read-only, and "1" is the access list allowed.
     474
     475==== Accessing MIBs on the IP8800 ====
     476accessing it through the switch itsself is easy enough:
     477{{{
     478sw-sb09# snmp walk 1.3.6.1.2.1.1           
     479
     480Name: sysDescr.0
     481Value: ALAXALA AX3640S AX-3640-48T2XW-L [AX3640S-48T2XW] Switching software Ver.
     48210.7 [OS-L3L]
     483
     484Name: sysObjectID.0
     485Value: ax3640s
     486
     487Name: sysUpTime.0
     488Value: 25724205
     489
     490Name: sysContact.0
     491Value:
     492
     493Name: sysName.0
     494Value: sw-sb09
     495
     496Name: sysLocation.0
     497Value:
     498
     499Name: sysServices.0
     500Value: 78
     501}}}
    668502
    669503