OmniSwitch AOS Release 6 Switch Management Guide December 2017 i
Part No. 060497-10, Rev A
December 2017
OmniSwitch AOS Release 6
Switch Management Guide
6.7.2 R03
enterprise.alcatel-lucent.com
OmniSwitch AOS Release 6 Switch Management Guide December 2017 ii
This user guide documents release 6.7.2.R03 of the OmniSwitch 6350, 6450.
The functionality described in this guide is subject to change without notice.
Alcatel-Lucent and the Alcatel-Lucent Enterprise logo are trademarks of Alcatel-Lucent. To view other
trademarks used by affiliated companies of ALE Holding, visit: enterprise.alcatel-lucent.com/trademarks.
All other trademarks are the property of their respective owners. The information presented is subject to
change without notice. Neither ALE Holding nor any of its affiliates assumes any responsibility for
inaccuracies contained herein.
26801 West Agoura Road
Calabasas, CA 91301
Service & Support Contact Information
North America: 800-995-2696
Latin America: 877-919-9526
EMEA: +800 00200100 (Toll Free) or +1(650)385-2193
Asia Pacific: +65 6240 8484
Web: support.esd.alcatel-lucent.com
Email: ebg_global_supportce[email protected]m
OmniSwitch AOS Release 6 Switch Management Guide December 2017 iii
Contents
About This Guide ..........................................................................................................xi
Supported Platforms ..........................................................................................................xi
Who Should Read this Manual? .......................................................................................xii
When Should I Read this Manual? ...................................................................................xii
What is in this Manual? ....................................................................................................xii
What is Not in this Manual? ............................................................................................xiii
How is the Information Organized? ................................................................................xiii
Documentation Roadmap ................................................................................................xiv
Related Documentation .................................................................................................... xv
Product Documentation ...................................................................................................xvi
Technical Support ...........................................................................................................xvi
Chapter 1 Managing System Files .............................................................................................1-1
In This Chapter ................................................................................................................1-1
File Management Specifications .....................................................................................1-2
Switch Administration Overview ....................................................................................1-3
File Transfer .............................................................................................................1-3
Switch Directories ....................................................................................................1-4
File and Directory Management ......................................................................................1-5
Using Wildcards .......................................................................................................1-7
Multiple Characters ...........................................................................................1-7
Single Characters ...............................................................................................1-7
Directory Commands ...............................................................................................1-8
Determining Your Location in the File Structure ..............................................1-8
Changing Directories .........................................................................................1-9
Displaying Directory Contents ........................................................................1-10
Making a New Directory .................................................................................1-11
Displaying Directory Contents Including Subdirectories ................................1-12
Copying an Existing Directory ........................................................................1-12
Removing a Directory and its Contents ...........................................................1-13
File Commands ......................................................................................................1-14
Creating or Modifying Files ............................................................................1-14
Copy an Existing File ......................................................................................1-14
Secure Copy an Existing File .................................................................................1-15
Move an Existing File or Directory .................................................................1-15
Change File Attribute and Permissions ...........................................................1-16
Delete an Existing File ....................................................................................1-16
Managing Files on Switches ............................................................................1-17
Contents
iv OmniSwitch AOS Release 6 Switch Management Guide December 2017
Utility Commands ..................................................................................................1-18
Displaying Free Memory Space ......................................................................1-18
Performing a File System Check .....................................................................1-18
Deleting the Entire File System .......................................................................1-19
Process Self-test Function Commands ...................................................................1-20
Loading Software onto the Switch ................................................................................1-21
Using the Switch as an FTP Server ........................................................................1-21
Using the Switch as an FTP Client .........................................................................1-22
Using Secure Shell FTP .........................................................................................1-24
Closing a Secure Shell FTP Session ......................................................................1-25
Using TFTP to Transfer Files .................................................................................1-26
Using Zmodem .......................................................................................................1-26
Registering Software Image Files .................................................................................1-28
Directories on the Switch .......................................................................................1-28
Available Image Files .............................................................................................1-29
CodeGuardian ...............................................................................................................1-30
Application Examples for File Management ................................................................1-31
Transferring a File to the Switch Using FTP .........................................................1-31
Creating a File Directory on the Switch .................................................................1-32
FTP Client Application Example ....................................................................1-33
Creating a File Directory Using Secure Shell FTP ................................................1-35
Transfer a File Using Secure Shell FTP .................................................................1-36
Closing a Secure Shell FTP Session ......................................................................1-36
Verifying Directory Contents ........................................................................................1-37
Installing Software Licenses .........................................................................................1-38
Licensed Features ...................................................................................................1-39
Setting the System Clock ..............................................................................................1-41
Setting Date and Time ............................................................................................1-41
Date ..................................................................................................................1-41
Time Zone .......................................................................................................1-41
Time .................................................................................................................1-42
Daylight Savings Time Configuration ...................................................................1-43
Enabling DST ..................................................................................................1-44
Chapter 2 Logging Into the Switch ............................................................................................2-1
In This Chapter ................................................................................................................2-1
Login Specifications ........................................................................................................2-3
Login Defaults .................................................................................................................2-3
Quick Steps for Logging Into the Switch ........................................................................2-5
Overview of Switch Login Components .........................................................................2-6
Management Interfaces ............................................................................................2-6
Logging Into the CLI .........................................................................................2-6
Using the WebView Management Tool ............................................................2-7
Using SNMP to Manage the Switch ..................................................................2-7
User Accounts ..........................................................................................................2-7
Contents
OmniSwitch AOS Release 6 Switch Management Guide December 2017 v
Using Telnet ....................................................................................................................2-8
Logging Into the Switch Through Telnet .................................................................2-8
Starting a Telnet Session from the Switch ...............................................................2-8
Using FTP .....................................................................................................................2-10
Using FTP to Log Into the Switch .........................................................................2-10
Using Secure Shell ........................................................................................................2-12
Secure Shell Components .......................................................................................2-12
Secure Shell Interface ......................................................................................2-13
Configuring the SSH TCP port number ..........................................................2-13
Secure Shell File Transfer Protocol .................................................................2-13
Secure Shell Application Overview .......................................................................2-14
Secure Shell Authentication ...................................................................................2-15
Protocol Identification .....................................................................................2-15
Algorithm and Key Exchange .........................................................................2-15
Authentication Phase .......................................................................................2-16
Connection Phase ............................................................................................2-17
Using Secure Shell DSA Public Key Authentication .............................................2-17
Starting a Secure Shell Session ..............................................................................2-18
Closing a Secure Shell Session ..............................................................................2-20
Log Into the Switch with Secure Shell FTP ...........................................................2-20
Closing a Secure Shell FTP Session ......................................................................2-21
Modifying the Login Banner .........................................................................................2-22
Modifying the Text Display Before Login .............................................................2-23
Configuring Login Parameters ......................................................................................2-24
Configuring the Inactivity Timer ..................................................................................2-24
Enabling the DNS Resolver ..........................................................................................2-25
Verifying Login Settings ...............................................................................................2-26
Chapter 3 Using SNMP and OpenFlow ....................................................................................3-1
In This Chapter ................................................................................................................3-1
SNMP Specifications ......................................................................................................3-2
SNMP Defaults ...............................................................................................................3-3
Quick Steps for Setting Up An SNMP Management Station .........................................3-4
Quick Steps for Setting Up Trap Filters ..........................................................................3-5
Filtering by Trap Families ........................................................................................3-5
Filtering by Individual Traps ....................................................................................3-6
SNMP Overview .............................................................................................................3-7
SNMP Operations ....................................................................................................3-7
Using SNMP for Switch Management .....................................................................3-8
Setting Up an SNMP Management Station .......................................................3-8
SNMP Versions ........................................................................................................3-8
SNMPv1 ............................................................................................................3-8
SNMPv2 ............................................................................................................3-9
SNMPv3 ............................................................................................................3-9
Using SNMP For Switch Security ................................................................................3-10
Contents
OmniSwitch AOS Release 6 Switch Management Guide December 2017 vi
Community Strings (SNMPv1 and SNMPv2) .......................................................3-10
Configuring Community Strings .....................................................................3-10
Encryption and Authentication (SNMPv3) ............................................................3-11
Configuring Encryption and Authentication ...................................................3-11
Setting SNMP Security ...................................................................................3-13
Working with SNMP Traps ..........................................................................................3-14
Trap Filtering ..........................................................................................................3-14
Filtering by Trap Families ...............................................................................3-14
Filtering By Individual Trap ............................................................................3-14
Authentication Trap ................................................................................................3-15
Trap Management ..................................................................................................3-15
Replaying Traps ...............................................................................................3-15
Absorbing Traps ..............................................................................................3-15
Sending Traps to WebView .............................................................................3-15
Checking Configuration File Using Traps ......................................................3-16
SNMP MIB Information ...............................................................................................3-17
MIB Tables .............................................................................................................3-17
MIB Table Description ....................................................................................3-17
Industry Standard MIBs .........................................................................................3-18
Enterprise (Proprietary) MIBs ................................................................................3-22
Verifying the SNMP Configuration ..............................................................................3-26
OpenFlow Specifications ..............................................................................................3-27
OpenFlow Agent Overview ..........................................................................................3-28
OpenFlow Logical Switch ......................................................................................3-28
OpenFlow Normal Mode .................................................................................3-28
OpenFlow Hybrid (API) Mode .......................................................................3-28
Supported OpenFlow Parameters ....................................................................3-28
Quick Steps to Configure OpenFlow Agent .................................................................3-30
Verifying OpenFlow Configuration ..............................................................................3-31
Chapter 4 Configuring Network Time Protocol (NTP) ..........................................................4-1
In This Chapter ................................................................................................................4-1
NTP Specifications ..........................................................................................................4-2
NTP Defaults Table .........................................................................................................4-2
NTP Quick Steps .............................................................................................................4-3
NTP Overview ................................................................................................................4-5
Stratum .....................................................................................................................4-6
Using NTP in a Network ..........................................................................................4-6
Authentication ..........................................................................................................4-8
Configuring NTP .............................................................................................................4-9
Configuring the OmniSwitch as a Client .................................................................4-9
NTP Servers ...........................................................................................................4-10
Using Authentication ..............................................................................................4-12
Verifying NTP Configuration .......................................................................................4-13
Contents
OmniSwitch AOS Release 6 Switch Management Guide December 2017 vii
Chapter 5 Managing CMM Directory Content ........................................................................5-1
In This Chapter ................................................................................................................5-1
CMM Specifications .......................................................................................................5-2
USB Flash Drive Specifications ......................................................................................5-2
CMM Files ......................................................................................................................5-3
CMM Software Directory Structure .........................................................................5-3
Where is the Switch Running From? .................................................................5-4
Software Rollback Feature .......................................................................................5-4
Software Rollback Configuration Scenarios for a Single Switch .....................5-5
Redundancy ..............................................................................................................5-9
Redundancy Scenarios .......................................................................................5-9
Managing the Directory Structure (Non-Redundant) ...................................................5-13
Rebooting the Switch .............................................................................................5-13
Copying the Running Configuration to the Working Directory ............................5-16
Rebooting from the Working Directory .................................................................5-18
Copying the Working Directory to the Certified Directory ...................................5-21
Copying the Certified Directory to the Working Directory ...................................5-22
Show Currently Used Configuration ......................................................................5-23
Show Switch Files ..................................................................................................5-24
Managing Redundancy in a Stack and CMM ...............................................................5-25
Rebooting the Switch .............................................................................................5-25
Copying the Working Directory to the Certified Directory ...................................5-26
Synchronizing the Primary and Secondary CMMs ................................................5-27
Swapping the Primary CMM for the Secondary CMM .........................................5-29
Show Currently Used Configuration ......................................................................5-30
NI Module Behavior During Takeover ...........................................................5-31
Using the USB Flash Drive ...........................................................................................5-32
Transferring Files Using USB .........................................................................5-32
Automatically Upgrading Code Using USB ...................................................5-32
Disaster Recovery Using USB ........................................................................5-33
Emergency Restore of the boot.cfg File ........................................................................5-34
Can I Restore the boot.file While Running from Certified? ..................................5-34
Checking the Integrity of the Image ..............................................................................5-35
Displaying CMM Conditions ........................................................................................5-36
Chapter 6 Using the CLI ...............................................................................................................6-1
CLI Specifications ...........................................................................................................6-2
CLI Overview ..................................................................................................................6-3
Online Configuration ................................................................................................6-3
Offline Configuration Using Configuration Files ....................................................6-3
Command Entry Rules and Syntax .................................................................................6-4
Text Conventions .....................................................................................................6-4
Using “Show” Commands .......................................................................................6-5
Using the “No” Form ...............................................................................................6-5
Using “Alias” Commands ........................................................................................6-5
Contents
OmniSwitch AOS Release 6 Switch Management Guide December 2017 viii
Partial Keyword Completion ....................................................................................6-6
CLI Auto Completion ...............................................................................................6-6
Command Help ...............................................................................................................6-7
Tutorial for Building a Command Using Help .........................................................6-9
CLI Services ..................................................................................................................6-11
Command Line Editing ..........................................................................................6-11
Deleting Characters .........................................................................................6-11
Recalling the Previous Command Line ...........................................................6-12
Inserting Characters .........................................................................................6-12
Syntax Checking ....................................................................................................6-13
Prefix Recognition ..................................................................................................6-13
Example for Using Prefix Recognition ...........................................................6-14
Prefix Prompt ...................................................................................................6-15
Command History ..................................................................................................6-15
Logging CLI Commands and Entry Results .................................................................6-17
Enabling Command Logging ..........................................................................6-17
Disabling Command Logging .........................................................................6-17
Viewing the Current Command Logging Status .............................................6-18
Viewing Logged CLI Commands and Command Entry Results ....................6-18
Customizing the Screen Display ...................................................................................6-19
Changing the Screen Size .......................................................................................6-19
Changing the CLI Prompt ......................................................................................6-19
Setting Session Prompt as System Name ........................................................6-20
Displaying Table Information ................................................................................6-20
Filtering Table Information ....................................................................................6-21
Multiple User Sessions ..................................................................................................6-22
Listing Other User Sessions ...................................................................................6-22
Listing Your Current Login Session ......................................................................6-23
Terminating Another Session .................................................................................6-24
Application Example .....................................................................................................6-25
Using a Wildcard to Filter Table Information ........................................................6-25
Verifying CLI Usage .....................................................................................................6-27
Chapter 7 Working With Configuration Files .........................................................................7-1
In This Chapter ................................................................................................................7-1
Configuration File Specifications ...................................................................................7-2
Tutorial for Creating a Configuration File ......................................................................7-2
Quick Steps for Applying Configuration Files ...............................................................7-4
Setting a File for Immediate Application .................................................................7-4
Setting an Application Session for a Date and Time ...............................................7-4
Setting an Application Session for a Specified Time Period ...................................7-5
Configuration Files Overview .........................................................................................7-6
Applying Configuration Files to the Switch ............................................................7-6
Verifying a Timed Session ................................................................................7-6
Canceling a Timed Session ...............................................................................7-7
Configuration File Error Reporting ...................................................................7-7
Contents
OmniSwitch AOS Release 6 Switch Management Guide December 2017 ix
Setting the Error File Limit ...............................................................................7-8
Syntax Checking ................................................................................................7-8
Displaying a Text File ..............................................................................................7-9
Text Editing on the Switch .......................................................................................7-9
Invoke the “Vi” Editor .......................................................................................7-9
Creating Snapshot Configuration Files .........................................................................7-10
Snapshot Feature List .............................................................................................7-10
User-Defined Naming Options ........................................................................7-11
Editing Snapshot Files .....................................................................................7-11
Verifying File Configuration .........................................................................................7-14
Chapter 8 Managing Automatic Remote Configuration Download .................................8-1
In This Chapter ................................................................................................................8-1
Automatic Remote Configuration Specifications ...........................................................8-2
Automatic Remote Configuration Defaults ...................................................................8-3
Quick Steps for Automatic Remote Configuration .........................................................8-4
Overview .........................................................................................................................8-5
Basic Operation ........................................................................................................8-5
Network Components ........................................................................................8-6
Information Provided by DHCP Server ............................................................8-6
Information Provided by Instruction File ..........................................................8-6
File Servers and Download Process ..................................................................8-7
LED Status .........................................................................................................8-7
Interaction With Other Features ......................................................................................8-8
UDP/DHCP Relay .............................................................................................8-8
QoS ....................................................................................................................8-8
802.1Q ...............................................................................................................8-8
LLDP ........................................................................................................................8-8
Dynamic Link Aggregation (LACP) .................................................................8-8
Automatic Remote Configuration Download Process ....................................................8-9
Process Illustration .................................................................................................8-10
Additional Process Notes .......................................................................................8-11
Download Component Files ..........................................................................................8-12
Instruction File .......................................................................................................8-12
Instruction File Syntax ....................................................................................8-13
Instruction File Usage Guidelines ...................................................................8-14
Firmware Upgrade Files .........................................................................................8-14
Bootup Configuration File .....................................................................................8-14
Bootup Configuration File Usage Guidelines .................................................8-14
Debug Configuration File .......................................................................................8-15
Script File ...............................................................................................................8-15
Script File Usage Guidelines ...........................................................................8-15
LACP Auto Detection and Automatic Link Aggregate Association ............................8-16
DHCP Client Auto-Configuration Process ...................................................................8-17
DHCP Server Preference ...............................................................................................8-18
Contents
OmniSwitch AOS Release 6 Switch Management Guide December 2017 x
Nearest-Edge Mode Operation ......................................................................................8-20
Zero Touch License Upgrade ........................................................................................8-22
Troubleshooting ............................................................................................................8-23
Error Resolution ..............................................................................................8-23
Server Connection Failure and File Download Errors ...........................................8-23
Error Description Table ...................................................................................8-24
Script File Errors ....................................................................................................8-24
Error Description Table ...................................................................................8-25
Chapter 9 Managing Switch User Accounts ............................................................................9-1
In This Chapter ................................................................................................................9-1
User Database Specifications ..........................................................................................9-2
User Account Defaults ....................................................................................................9-2
Overview of User Accounts ............................................................................................9-4
Startup Defaults ........................................................................................................9-6
Quick Steps for Network Administrator User Accounts ..........................................9-7
Quick Steps for Creating Customer Login User Accounts ......................................9-8
Default User Settings ...............................................................................................9-9
Account and Password Policy Settings ..................................................................9-10
How User Settings Are Saved ................................................................................9-11
Creating a User ..............................................................................................................9-12
Removing a User ....................................................................................................9-12
User-Configured Password ....................................................................................9-13
Configuring Password Policy Settings ..........................................................................9-14
Setting a Minimum Password Size .........................................................................9-15
Configuring the Username Password Exception ....................................................9-15
Configuring Password Character Requirements ....................................................9-15
Configuring Password Expiration ..........................................................................9-16
Default Password Expiration ...........................................................................9-16
Specific User Password Expiration .................................................................9-16
Configuring the Password History .........................................................................9-17
Configuring the Minimum Age for a Password .....................................................9-17
Configuring Global User Lockout Settings ...................................................................9-18
Configuring the User Lockout Window .................................................................9-18
Configuring the User Lockout Threshold Number ................................................9-19
Configuring the User Lockout Duration Time .......................................................9-19
Manually Locking and Unlocking User Accounts .................................................9-20
Configuring Privileges for a User .................................................................................9-21
Setting Up SNMP Access for a User Account ..............................................................9-22
SNMP Access Without Authentication/Encryption ...............................................9-24
SNMP Access With Authentication/Encryption ....................................................9-24
Removing SNMP Access From a User ..................................................................9-24
Setting Up End-User Profiles ........................................................................................9-25
Creating End-User Profiles ....................................................................................9-26
Setting Up Port Ranges in a Profile .......................................................................9-26
Setting Up VLAN Ranges in a Profile ...................................................................9-26
Contents
OmniSwitch AOS Release 6 Switch Management Guide December 2017 xi
Associating a Profile With a User ..........................................................................9-27
Removing a Profile From the Configuration ..........................................................9-27
Verifying the User Configuration .................................................................................9-27
Chapter 10 Managing Switch Security ......................................................................................10-1
In This Chapter ..............................................................................................................10-1
Switch Security Specifications ......................................................................................10-2
Switch Security Defaults ...............................................................................................10-2
Switch Security Overview .............................................................................................10-3
Authenticated Switch Access ........................................................................................10-4
AAA Servers—RADIUS or LDAP ........................................................................10-4
Authentication-only—ACE/Server ........................................................................10-4
Interaction With the User Database .......................................................................10-5
ASA and Authenticated VLANs ............................................................................10-5
Configuring Authenticated Switch Access ...................................................................10-6
Quick Steps for Setting Up ASA ..................................................................................10-7
Setting Up Management Interfaces for ASA ................................................................10-9
Enabling Switch Access .......................................................................................10-10
Configuring the Default Setting ...........................................................................10-10
Using Secure Shell ...............................................................................................10-11
Configuring Accounting for ASA ...............................................................................10-12
Enabling or Disabling Console Session ......................................................................10-13
Authenticated Switch Access - Enhanced Mode ........................................................10-14
Configuring the ASA Mode .................................................................................10-14
Configuring the IP Lockout Threshold Value ......................................................10-16
Unlock/Release Banned or Locked IP .................................................................10-16
Configuring Privileges for an Access Type .........................................................10-17
Configuring Management Station ........................................................................10-18
Verifying the ASA Configuration ...............................................................................10-19
Chapter 11 Using WebView .........................................................................................................11-1
In This Chapter ..............................................................................................................11-1
WebView CLI Defaults .................................................................................................11-2
Browser Setup ...............................................................................................................11-2
WebView CLI Commands ............................................................................................11-3
Enabling/Disabling WebView ................................................................................11-3
Changing the HTTP Port ........................................................................................11-3
Enabling/Disabling SSL .........................................................................................11-4
Changing the HTTPS Port ......................................................................................11-4
Quick Steps for Setting Up WebView ..........................................................................11-5
WebView Overview ......................................................................................................11-5
WebView Page Layout ...........................................................................................11-5
Contents
OmniSwitch AOS Release 6 Switch Management Guide December 2017 xii
Banner ..............................................................................................................11-6
Toolbar ............................................................................................................11-6
Feature Options ...............................................................................................11-7
View/Configuration Area ................................................................................11-7
Configuring the Switch With WebView .......................................................................11-8
Accessing WebView ..............................................................................................11-8
Accessing WebView with Internet Explorer Version 7 ..................................11-9
Home Page ...........................................................................................................11-10
Configuration Page ...............................................................................................11-12
Global Configuration Page ............................................................................11-12
Table Configuration Page ..............................................................................11-13
Table Features ...............................................................................................11-17
Adjacencies ..........................................................................................................11-23
OAW-AP Web Management Configuration ........................................................11-24
Configuring the Virtual Cluster IP address for OAW-AP Web
Management using CLI .................................................................................11-24
Automatic Configuration of Cluster Virtual IP Address ...............................11-24
Enabling Automatic Configuration of Cluster Virtual IP Address ...............11-25
Configuring the Virtual Cluster IP address for OAW-AP Web
Management using WebView .......................................................................11-26
Verifying the WLAN Configuration .............................................................11-26
Accessing the WLAN Management page from WebView ...........................11-27
WebView Help ............................................................................................................11-28
General WebView Help .......................................................................................11-28
Specific-page Help ...............................................................................................11-28
Chapter 12 Using OmniVista Cirrus ..........................................................................................12-1
In This Chapter ..............................................................................................................12-1
OV Cirrus Defaults .......................................................................................................12-2
Quick Steps for Configuring OV Cirrus .......................................................................12-3
OV Cirrus Overview .....................................................................................................12-4
Components of OV Cirrus ............................................................................................12-4
Interaction with other features ......................................................................................12-6
Dependencies ................................................................................................................12-7
OmniSwitch OV Cirrus Modes .....................................................................................12-7
OV Cirrus Deployment Scenarios .................................................................................12-8
Verifying the OV Cirrus Configuration ........................................................................12-8
Appendix A Software License and Copyright Statements .....................................................A-1
Alcatel-Lucent License Agreement ................................................................................A-1
ALE USA, Inc. SOFTWARE LICENSE AGREEMENT ......................................A-1
Third Party Licenses and Notices ..................................................................................A-4
A. Booting and Debugging Non-Proprietary Software ..........................................A-4
B. The OpenLDAP Public License: Version 2.8, 17 August 2003 ........................A-4
C. Linux ..................................................................................................................A-5
Contents
OmniSwitch AOS Release 6 Switch Management Guide December 2017 xiii
D. GNU GENERAL PUBLIC LICENSE: Version 2, June 1991 ..........................A-5
E. University of California ...................................................................................A-10
F. Carnegie-Mellon University ............................................................................A-10
G. Random.c .........................................................................................................A-10
H. Apptitude, Inc. .................................................................................................A-11
I. Agranat .............................................................................................................A-11
J. RSA Security Inc. ............................................................................................A-11
K. Sun Microsystems, Inc. ....................................................................................A-12
L. Wind River Systems, Inc. ................................................................................A-12
M. Network Time Protocol Version 4 ...................................................................A-12
N. Remote-ni .........................................................................................................A-13
O. GNU Zip ..........................................................................................................A-13
P. FREESCALE SEMICONDUCTOR SOFTWARE LICENSE AGREEMENT A-13
Q. Boost C++ Libraries ........................................................................................A-14
R. U-Boot .............................................................................................................A-14
S. Solaris ..............................................................................................................A-14
T. Internet Protocol Version 6 ..............................................................................A-14
U. CURSES ..........................................................................................................A-15
V. ZModem ...........................................................................................................A-15
W. Boost Software License ...................................................................................A-15
X. OpenLDAP ......................................................................................................A-15
Y. BITMAP.C .......................................................................................................A-16
Z. University of Toronto ......................................................................................A-16
AA.Free/OpenBSD ...............................................................................................A-16
Appendix B SNMP Trap Information .......................................................................................... B-1
SNMP Traps Table .........................................................................................................B-2
Index ...................................................................................................................... Index-1
Contents
xiv OmniSwitch AOS Release 6 Switch Management Guide December 2017
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page xi
About This Guide
This OmniSwitch 6350, 6450 describes basic attributes of your switch and basic switch administration
tasks. The software features described in this manual are shipped standard with your OmniSwitch 6350,
6450 switches. These features are used when readying a switch for integration into a live network environ
-
ment.
Supported Platforms
This information in this guide applies to the following product:
• OmniSwitch 6350 Series
• OmniSwitch 6450 Series
Unsupported Platforms
The information in this guide does not apply to the following products:
• OmniSwitch 6250 Series
• OmniSwitch 9000 Series
• OmniSwitch 6400 Series
• OmniSwitch 6600 Family
• OmniSwitch 6800 Family
• OmniSwitch 6850 Series
• OmniSwitch 6855 Series
• OmniSwitch (original version with no numeric model name)
• OmniSwitch 7700/7800
• OmniSwitch 8800
• Omni Switch/Router
• OmniStack
• OmniAccess
Who Should Read this Manual? About This Guide
page xii OmniSwitch AOS Release 6 Switch Management Guide December 2017
Who Should Read this Manual?
The audience for this user guide are network administrators and IT support personnel who need to config-
ure, maintain, and monitor switches and routers in a live network. However, anyone wishing to gain
knowledge on how fundamental software features are implemented in the OmniSwitch 6350, 6450
switches benefits from the material in this configuration guide.
When Should I Read this Manual?
Read this guide as soon as your switch is up and running and you are ready to familiarize yourself with
basic software functions.
You should have already set up a switch password and be familiar with the very basics of the switch soft-
ware. This manual helps you understand the directory structure, the Command Line Interface (CLI),
configuration files, basic security features, and basic administrative functions of the switch. The features
and procedures in this guide will help form a foundation that will allow you to configure more advanced
switching features later.
What is in this Manual?
This configuration guide includes information about the following features:
• Basic switch administrative features, such as file editing utilities, procedures for loading new software,
and setting up system information (name of switch, date, time).
• Configurations files, including snapshots, off-line configuration, time-activated file download.
• The CLI, including on-line configuration, command-building help, syntax error checking, and line edit-
ing.
• Basic security features, such as switch access control and customized user accounts.
• SNMP
• Web-based management (WebView)
About This Guide What is Not in this Manual?
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page xiii
What is Not in this Manual?
The configuration procedures in this manual primarily use Command Line Interface (CLI) commands in
examples. CLI commands are text-based commands used to manage the switch through serial (console
port) connections or through Telnet sessions. This guide does include introductory chapters for alternative
methods of managing the switch, such as web-based (WebView) and SNMP management. However the
primary focus of this guide is managing the switch through the CLI.
Further information on WebView can be found in the context-sensitive on-line help available with that
application.
This guide does not include documentation for the OmniVista network management system. However,
OmniVista includes a complete context-sensitive on-line help system.
This guide provides overview material on software features, how-to procedures, and tutorials that will
enable you to begin configuring your OmniSwitch. However, it is not intended as a comprehensive refer
-
ence to all CLI commands available in the OmniSwitch. For such a reference to all CLI commands,
consult the OmniSwitch AOS Release 6 CLI Reference Guide.
How is the Information Organized?
Each chapter in this guide includes sections that will satisfy the information requirements of casual read-
ers, rushed readers, serious detail-oriented readers, advanced users, and beginning users.
Quick Information. Most chapters include a specifications table that lists RFCs and IEEE specifications
supported by the software feature. In addition, this table includes other pertinent information such as mini
-
mum and maximum values and sub-feature support. Some chapters include a defaults table that lists the
default values for important parameters along with the CLI command used to configure the parameter.
Many chapters include Quick Steps sections, which are procedures covering the basic steps required to get
a software feature up and running.
In-Depth Information. All chapters include overview sections on software features as well as on selected
topics of that software feature. Topical sections may often lead into procedure sections that describe how
to configure the feature just described. Many chapters include tutorials or application examples that help
convey how CLI commands can be used together to set up a particular feature.
Documentation Roadmap About This Guide
page xiv OmniSwitch AOS Release 6 Switch Management Guide December 2017
Documentation Roadmap
The OmniSwitch user documentation suite was designed to supply you with information at several critical
junctures of the configuration process. The following section outlines a roadmap of the manuals that will
help you at each stage of the configuration process. Under each stage, we point you to the manual or
manuals that will be most helpful to you.
Stage 1: Gaining Familiarity with Basic Switch Functions
Pertinent Documentation: Hardware Users Guide
Switch Management Guide
Once you have your switch up and running, you will want to begin investigating basic aspects of its hard-
ware and software. Information about switch hardware is provided in the Hardware Guide. This guide
provides specifications, illustrations, and descriptions of all hardware components, such as chassis, power
supplies, Chassis Management Modules (CMMs), Network Interface (NI) modules, and cooling fans. It
also includes steps for common procedures, such as removing and installing switch components.
The Switch Management Guide is the primary users guide for the basic software features on a single
switch. This guide contains information on the switch directory structure, basic file and directory utilities,
switch access security, SNMP, and web-based management. It is recommended that you read this guide
before connecting your switch to the network.
Stage 2: Integrating the Switch Into a Network
Pertinent Documentation: Network Configuration Guide
When you are ready to connect your switch to the network, you need to learn how the OmniSwitch imple-
ments fundamental software features, such as 802.1Q, VLANs, Spanning Tree, and network routing proto-
cols. The Network Configuration Guide contains overview information, procedures, and examples on how
standard networking technologies are configured in the OmniSwitch.
Anytime
The CLI Reference Guide contains comprehensive information on all CLI commands supported by the
switch. This guide includes syntax, default, usage, example, related CLI command, and CLI-to-MIB vari
-
able mapping information for all CLI commands supported by the switch. This guide can be consulted
anytime during the configuration process to find detailed and specific information on each CLI command.
About This Guide Related Documentation
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page xv
Related Documentation
User manuals can be downloaded at following
https://support.esd.alcatel-lucent.com/products/start
The following are the titles and descriptions of all the related OmniSwitch 6350, 6450 user manuals:
• OmniSwitch 6350 Hardware Users Guide
Complete technical specifications and procedures for all OmniSwitch 6350 chassis, power supplies,
and fans. Also includes comprehensive information on assembling and managing stacked configura
-
tions.
• OmniSwitch 6450 Hardware Users Guide
Complete technical specifications and procedures for all OmniSwitch 6450 chassis, power supplies,
and fans. Also includes comprehensive information on assembling and managing stacked configura
-
tions.
• OmniSwitch AOS Release 6 CLI Reference Guide
Complete reference to all CLI commands supported on the OmniSwitch 6350, 6450. Includes syntax
definitions, default values, examples, usage guidelines and CLI-to-MIB variable mappings.
• OmniSwitch AOS Release 6 Switch Management Guide
Includes procedures for readying an individual switch for integration into a network. Topics include
the software directory architecture, image rollback protections, authenticated switch access, managing
switch files, system configuration, using SNMP, and using web management software (WebView).
• OmniSwitch AOS Release 6 Network Configuration Guide
Includes network configuration procedures and descriptive information on all the major software
features and protocols included in the base software package. Chapters cover Layer 2 information
(Ethernet and VLAN configuration), Layer 3 information (routing protocols, such as RIP), security
options (authenticated VLANs), Quality of Service (QoS), and link aggregation.
• OmniSwitch AOS Release 6 Transceivers Guide
Includes information on Small Form Factor Pluggable (SFPs) and 10 Gbps Small Form Factor Plugga-
bles (XFPs) transceivers.
• AOS Release 6.7.2 Release Notes
Includes critical Open Problem Reports, feature exceptions, and other important information on the
features supported in the current release and any limitations to their support.
• Technical Tips, Field Notices
Includes information published by Alcatel-Lucent’s Customer Support group.
Product Documentation About This Guide
page xvi OmniSwitch AOS Release 6 Switch Management Guide December 2017
Product Documentation
All products are shipped with a Product Documentation Card that provides details for downloading docu-
mentation for all OmniSwitch and other Alcatel-Lucent Enterprise data products. All user guides for the
OmniSwitch Series are included on the Alcatel-Lucent Enterprise public website. This website also
includes user guides for other Alcatel-Lucent Enterprise products. The latest user guides can be found on
our website at:
https://support.esd.alcatel-lucent.com/products/start
Technical Support
An Alcatel-Lucent Enterprise service agreement brings your company the assurance of 7x24 no-excuses
technical support. You will also receive regular software updates to maintain and maximize your Alcatel-
Lucent product’s features and functionality and on-site hardware replacement through our global network
of highly qualified service delivery partners. Additionally, with 24-hour-a-day access to Alcatel-Lucent’s
Service and Support web page, you’ll be able to view and update any case (open or closed) that you have
reported to Alcatel-Lucent’s technical support, open a new case or access helpful release notes, technical
bulletins, and manuals.
For more information on Alcatel-Lucent Enterprise Service Programs:
Web: https://service.esd.alcatel-lucent.com
Email: ebg_global_supportcenter@al-enterprise.com.
Phone:
North America: 800-995-2696
Latin America: 877-919-9526
EMEA: +800 00200100 (Toll Free) or +1(650) 385-2193
Asia Pacific: +65 6240 8484
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-1
1 Managing System Files
This chapter describes the several methods of transferring software files onto the OmniSwitch and how to
register those files for use by the switch. This chapter also describes several basic switch management
procedures and discusses the Command Line Interface (CLI) commands used.
• File Management (copy, secure copy, edit, rename, remove, change, and display file attributes)
• Directory Management (create, copy, move, remove, rename, and display directory information)
• System Date and Time (set system clock)
CLI commands are used in the configuration examples; for more details about the syntax of commands,
see the OmniSwitch AOS Release 6 CLI Reference Guide.
In This Chapter
Configuration procedures described in this chapter include:
• “Loading Software onto the Switch” on page 1-21
• “Creating a File Directory on the Switch” on page 1-32
• “Registering Software Image Files” on page 1-28
• “Installing Software Licenses” on page 1-38
• “Setting the System Clock” on page 1-41
For related information about connecting a terminal to the switch, see “Getting Started” chapter in your
OmniSwitch AOS Release 6350/6450 Hardware Users Guide. For information about switch command
privileges, see
Chapter 10, “Managing Switch Security.”
File Management Specifications Managing System Files
page 1-2 OmniSwitch AOS Release 6 Switch Management Guide December 2017
File Management Specifications
The functionality described in this chapter is supported unless otherwise stated in the following Specifica-
tions table or specifically noted within any section of this chapter.
File Transfer Methods FTP, TFTP, SFTP, Zmodem.
Switch Software Utility OmniSwitch as an FTP Client, FTP server or TFTP Client.
Configuration Recovery The flash/certified directory holds configurations that are certified as
the default start-up files for the switch. They will be used in the event of
a non-specified reload.
Switch /flash Directory
• 128 MB flash memory available for switch files and directories
• Contains the /certified and /working directories.
File/Directory Name Metrics
• 32 characters maximum for directory and file names
• 255 character maximum for a fully qualified path
File/Directory Name Characters Character types are limited to a-z, A-Z, 0-9, dashes (-), dots (.), and
underlines (_).
Maximum Number of
Files/Directories
Maximum of 244 files and/or directories allowed in the root (flash)
directory.
Sub-Directories Up to seven sub-directories allowed including /flash.
Text Editing Vi standard UNIX editor. The Ed standard UNIX editor is available in
the debug mode.
System Clock Set local date, time and time zone, Universal Time Coordinate (UTC),
Daylight Savings (DST or summertime).
System Date Default Value THU JAN 01 1970 (Thursday, January 1, 1970)
Managing System Files Switch Administration Overview
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-3
Switch Administration Overview
The OmniSwitch has a variety of software features designed for different networking environments and
applications. Over the life of the switch, it is very likely that your configuration and feature set will change
because the needs of your network are likely to expand. Also, software updates become available from
Alcatel-Lucent. If you change your configuration to upgrade your network, you must understand how to
install switch files and to manage switch directories.
You can use this memory to store files, including executable files (used to operate switch features and
applications), configuration files, and log files.
You need to understand the various methods of loading files onto the switch for software upgrades and
new features. Once the files are on the switch, the CLI has commands that allow you to load, copy, and
delete these files. The CLI also has commands for displaying, creating, and editing ASCII files directly on
the switch. You may also want to establish a file directory structure to help organize your files on the
switch.
All the files and directories on the switch bear a time stamp. This is useful for switch administration
because the time stamp allows you to tell at a glance which files are the most recent. You can set the
system clock that controls these time stamps as well as other time based switch functions.
File Transfer
The switch can receive and send files by using industry standard local and remote transfer methods. Each
of these methods is defined and explained. Because file transfers can involve logging onto the switch from
a remote host, security factors, such as DNS resolver and Authenticated Switch Access requirements
should be considered.
It is not enough to simply transfer a file onto the switch. Once files are on the switch, they must be
registered in order to become functional. The OmniSwitch has a directory structure that allows you to
install new software while maintaining a backup copy of your old configuration. This directory structure is
explained in the
“Switch Directories” section on page 1-4.
File Transfer to OmniSwitch
User Host
OmniSwitch
File Transfer from User
Host to the OmniSwitch
Switch Administration Overview Managing System Files
page 1-4 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Switch Directories
You can create your own directories in the switch flash directory. This allows you to organize your config-
uration and text files on the switch. You can also use the vi command to create files. This chapter tells you
how to make, copy, move, and delete both files and directories.
Switch Flash Directory
(Files)
boot.params
(Files)
(Files)
cs_system.pmd
boot.slot.cfg
boot.cfg.1.err
Listing Directory: /flash
Directory: /flash/certified
Directory: /flash/working
(Files)
Directory: /flash/network
swlog1.log
swlog2.log
Managing System Files File and Directory Management
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-5
File and Directory Management
A number of CLI commands allow you to manage files on your switch by grouping them into sub-
directories within the switch flash directory. These commands perform the same functions as file manage
-
ment software applications (such as Microsoft Explorer) perform on a workstation. For documentation
purposes, we have categorized the commands into the following three groups.
• Directory commands allow you to create, copy, move, remove, rename, and display directories.
• File commands allow you copy, secure copy, edit, rename, remove, change, and display file attributes.
• Utility commands display memory and system diagnostic information.
The following illustration represents a sample flash directory that contains three directories and six files at
the top level. The sample working directory and the certified directory both hold five files. The sample
network directory holds one file.This sample flash directory is used in the explanations of the directory,
file and utility CLI commands described in the following section.The switch may show files and
directories different from the ones shown in this.
Sample Flash Directory
Flash Files
boot.params
Kbase.img
boot.cfg
Ksecu.img
Certified Directory
boot.params
Kos.img
Ksecu.img
boot.cfg
Krelease.img
Working Directory
Network Directory
policy.cfg
boot.params
cs_system.pmd
boot.slot.cfg
boot.cfg.1.err
swlog1.log
swlog2.log
Kadvrout.img
Kos.img
Kbase.img
File and Directory Management Managing System Files
page 1-6 OmniSwitch AOS Release 6 Switch Management Guide December 2017
To list all the files and directories in your current directory, use the ls command. Here is a sample display
of the flash directory.
-> ls
Listing Directory /flash:
-rw 315 Jan 5 09:38 boot.params
drw 2048 Jan 5 09:22 certified/
drw 2048 Jan 5 09:22 working/
-rw 12 Dec 18 2030 boot.slot.cfg
drw 2048 Dec 27 2030 switch/
-rw 64000 Jan 5 09:37 swlog1.log
-rw 64000 Dec 27 2030 swlog2.log
-rw 256 Dec 27 2030 random-seed
drw 2048 Dec 18 2030 network/
40208384 bytes free
The following information describes the screen displayed by the ls command:
• The first column consists of three text characters. The first character indicates whether the row entry is
a file (-) or a directory (d). The second and third characters indicate the user read/write permissions.
drw 512 Oct 25 14:17 WORKING/
-rw 321 Oct 25 14:39 boot.params
Here, the first entry shows a directory (d) for which the user has read and write (rw) permissions. The
second entry shows a file (-) for which the user has read and write (rw) permissions.
• The second column indicates the number of bytes of flash memory the row entry occupies.
drw 512 Oct 25 14:17 WORKING/
-rw 321 Oct 25 14:39 boot.params
Here, the first entry shows that the directory uses 512 bytes of flash memory. The second entry shows
that the file occupies 321 bytes of flash memory.
• The third, fourth and fifth columns show the date and time the row entry was created or copied into the
flash directory.
drw 512 Oct 25 14:17 WORKING/
-rw 321 Oct 25 14:39 boot.params
Here, the first entry indicates the file was created or copied on April 22 at 05:23 hours. The second
entry indicates that the directory was created or copied on April 19 at 06:12 hours.
• The column on the right lists the file or directory name. Note that directory names end with a slash (/)
character.
drw 512 Oct 25 14:17 WORKING/
-rw 321 Oct 25 14:39 boot.params
Here, the first entry shows a directory named WORKING, the second entry shows a file named
boot.params.
• The value shown at the bottom of the display indicates the amount of flash memory remaining for use
in this directory (9.47 megabytes in the above example).
Managing System Files File and Directory Management
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-7
Using Wildcards
Wildcards allow you to substitute symbols (* or ?) for text patterns while using file and directory
commands. The asterisk (*) takes the place of multiple characters and the question mark character (?)
takes the place of single characters. More than one wildcard can be used within a single text string.
Multiple Characters
An asterisk (*) is used as a wildcard for multiple characters in a text pattern. The following command will
list all entries in the current directory that end with the .log extension:
-> ls *.log
Listing Directory /flash:
-rw 64000 Sep 21 19:49 swlog1.log
-rw 64000 Aug 12 19:06 swlog2.log
The following command lists all entries in the current directory that contain the i character.
-> ls *i*
Listing Directory /flash:
drw 2048 Aug 21 17:49 certified/
drw 2048 Aug 12 18:51 working/
-rw 31 Jul 29 2001 policy.cfg
drw 2048 Jul 28 12:17 switch/
Single Characters
The question mark (?) is used as a wildcard for a single character in a text pattern. The following
command will locate all entries containing swlog followed by any single character and the .log extension.
-> ls swlog?.log
Listing Directory /flash:
-rw 64000 Jul 21 19:49 swlog1.log
-rw 64000 Aug 12 19:06 swlog2.log
The single and multiple character wildcards can be used in combination. The following command lists all
entries containing the letter i followed by any two single characters.
-> ls *i??
Listing Directory /flash:
drw 2048 Aug 12 18:51 working/
File and Directory Management Managing System Files
page 1-8 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Directory Commands
The directory commands are applied to the switch file system and to files contained within the file system.
When you first enter the flash directory, your login is located at the top of the directory tree. You may
navigate within this directory by using the
pwd and cd commands (discussed below). The location of your
login within the directory structure is called your current directory. You need to observe your login
location because when you issue a command, that command applies only to directories and files in your
current directory unless another path is specified.
The following drawing is a logical representation of the OmniSwitch file directory shown in the illustra-
tion on page 1-5.
Sample Switch Directory Tree
Determining Your Location in the File Structure
Use the pwd command to display the path to your current directory. When you first log into the switch,
your current directory is the flash directory. If you enter the pwd command, the following will be
displayed:
-> pwd
/flash
->
The display shows the name of the current directory and its path. If your current directory is the certified
directory and you enter the
pwd command, the following will be displayed:
-> pwd
/flash/certified
->
The display shows the path to your current directory.
Flash Directory
Certified Directory
Working Directory
(Files)
boot.params
Ksecu.img
Kos.img
Krelease.img
boot.cfg
(Files)
(Files)
Ksecu.img
Kbase.img
boot.cfg
Network Directory
policy.cfg
(File)
cs_system.pmd
boot.slot.cfg
boot.cfg.1.err
swlog.1.log
swlog2.log
Managing System Files File and Directory Management
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-9
Changing Directories
Use the cd command to navigate within the file directory structure. The cd command allows you to move
“up” or “down” the directory tree. To go down, you must specify a directory located in your current direc-
tory. The following command example presumes your current directory is the /flash file directory as
shown in the directory on
page 1-8 and that you want to move down the directory tree to the certified
directory.
->pwd
/flash
->cd certified
->
To verify that your current directory has changed to /flash/certified, use the pwd command and the
following will be displayed:
->pwd
/flash/certified
To move “up” the directory tree, use the cd command. Enter cd.. (cd dot dot) without specifying a direc-
tory name and your current directory will move up one directory level. If you enter cd without the dots,
your current directory will move to the top of the tree. The following example shows the cd command
used where the current directory is /flash/certified.
->pwd
/flash/certified
-> cd
->
To verify that your current directory has moved up the directory tree, use the pwd command to display
your location. The display shows you have moved up one level from the /flash/certified directory and that
your current directory is /flash.
-> pwd
/flash
If you use the cd command while you are at the top of the directory tree, the cd command will have no
effect on the location of your login. In other words, if you use cd while your current directory is /flash,
your current directory will remain /flash after you execute the cd command.
File and Directory Management Managing System Files
page 1-10 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Displaying Directory Contents
The ls and dir commands have the same function. These two commands display the contents of the current
directory. If you use the ls or dir command while logged into the /flash file directory of the switch as
shown on page 1-8, the following will be displayed:
-> dir
Listing Directory /flash:
drw 512 Oct 25 14:39 certified/
drw 512 Jul 15 14:59 NETWORK/
drw 512 Oct 25 14:17 WORKING/
-rw 321 Oct 25 14:39 boot.params
-rw 163258 Oct 2 11:04 cs_system.pmd
-rw 11 Jul 30 14:09 boot.slot.cfg
-rw 693 Oct 9 11:55 boot.cfg.1.err
-rw 0 Oct 28 11:14 swlog1.log
-rw 64000 Oct 29 09:12 swlog2.log
9467904 bytes free
If you specify a path as part of the ls or dir command, your screen will list the contents of the directory at
the specified path.
-> ls /flash/certified
Listing Directory /flash/certified:
drw 2048 Oct 12 11:16 ./
drw 2048 Oct 12 15:58 ../
-rw 2636 Oct 12 11:16 boot.cfg
-rw 860086 Oct 26 11:07 Kos.img
-rw 123574 Oct 14 10:54 Ksecu.img
-rw 123574 Oct 14 10:54 Krelease.img
If you use the ls or dir command while logged into the /flash file directory, the following will be
displayed.
-> dir
Listing Directory /flash:
drw 1024 Nov 8 08:30 WORKING/
-rw 276 Nov 8 09:59 boot.params
-rw 4890749 Oct 21 21:43 cs_system.pmd
-rw 256 Nov 8 09:57 random-seed
-rw 64000 Nov 8 09:59 swlog1.log
drw 1024 Nov 8 08:31 certified/
drw 1024 Nov 8 08:29 NETWORK/
drw 1024 Nov 8 08:29 SWITCH/
-rw 222 Nov 8 09:59 boot.cfg.1.err
-rw 524288 Oct 31 10:51 u-boot.bin
-rw 834497 Oct 31 10:50 miniboot.uboot
-rw 64000 Nov 8 10:56 swlog2.log
-rw 719 Nov 6 12:07 test020
-rw 199567 Nov 5 11:16 rule930.txt
63308800 bytes free
Managing System Files File and Directory Management
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-11
If you specify a path as part of the ls or dir command, your screen will list the contents of the directory at
the specified path.
-> ls /flash/
Listing Directory /flash:
drw 1024 Nov 8 08:30 WORKING/
-rw 276 Nov 8 09:59 boot.params
-rw 4890749 Oct 21 21:43 cs_system.pmd
-rw 256 Nov 8 09:57 random-seed
-rw 64000 Nov 8 09:59 swlog1.log
drw 1024 Nov 8 08:31 certified/
drw 1024 Nov 8 08:29 NETWORK/
drw 1024 Nov 8 08:29 SWITCH/
-rw 222 Nov 8 09:59 boot.cfg.1.err
-rw 524288 Oct 31 10:51 u-boot.bin
-rw 834497 Oct 31 10:50 miniboot.uboot
-rw 64000 Nov 8 10:56 swlog2.log
-rw 719 Nov 6 12:07 test020
-rw 199567 Nov 5 11:16 rule930.txt
63308800 bytes free
Making a New Directory
To make a new directory use the mkdir command. You may specify a path for the new directory. Other-
wise, the new directory will be created in your current directory. The syntax for this command requires a
slash (/) and no space between the path and the new directory name. Also, a slash (/) is required at the
beginning of your path specification.
Note. Your login account must have write privileges to execute the mkdir command.
The following command makes a new directory in the working directory on an OmniSwitch:
-> mkdir /flash/working/newdir1
This drawing represents the content of the /flash/working directory after the new directory is added.
Flash Directory
Working Directory
(Files)
Ksecu.img
Kbase.img
boot.cfg
newdir1 Directory
File and Directory Management Managing System Files
page 1-12 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Displaying Directory Contents Including Subdirectories
The ls -r command displays the contents of your current directory in addition to recursively displaying all
subdirectories. The following example shows the result of the ls -r command where the /flash/working
directory contains a directory named newdir1. Be sure to include a space between ls and -r.
-> ls -r /flash/working
Listing Directory /flash/working:
drw 2048 Oct 14 17:14 ./
drw 2048 Oct 14 17:12 ../
drw 2048 Oct 14 17:14 newdir1/
-rw 2636 Oct 12 11:16 boot.cfg
-rw 123574 Oct 14 10:54 Kbase.img
-rw 123574 Oct 14 10:54 Ksecu.img
Listing Directory /flash/working/newdir:
drw 2048 Oct 14 17:14 ./
drw 2048 Oct 14 17:14 ../
Copying an Existing Directory
The cp -r command recursively copies directories, as well as any associated subdirectories and files.
Before using this command, you should make sure you have enough memory space in your target direc-
tory to hold the new material you are copying.
Note. Your login account must have write privileges to execute the cp -r command.
In this example, a copy of the working directory and all its contents will be created in the certified direc-
tory of an OmniSwitch. The destination directory must exist before the cp -r command will work.
->cp -r /flash/working flash/certified/working
Flash Directory
Working Directory
(Files)
boot.cfg
newdir1 Directory
Certified Directory
Working Directory
(Files)
newdir1 Directory
(Files)
boot.cfg
Kos.img
Krelease.img
Ksecu.img
Kbase.img
Ksecu.img
boot.cfg
Kbase.img
Ksecu.img
Managing System Files File and Directory Management
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-13
To verify the creation of the new directory, use the ls -r command to produce a list of the contents of the
certified directory. This list will include the files that were originally in the certified directory plus the
newly created copy of the working directory and all its contents.
->ls -r /flash/certified
Listing Directory /flash/certified
drw 2048 Oct 12 16:22 ./
drw 2048 Oct 15 10:16 ../
-rw 4347 Oct 2 12:25 boot.cfg
-rw 844217 Oct 25 14:21 Kos.img
-rw 4658 Oct 25 14:21 Krelease.img
Listing Directory /flash/certified/working
drw 2048 Oct 14 17:14 ./
drw 2048 Oct 14 17:12 ../
drw 2048 Oct 14 17:14 newdir1/
-rw 4347 Oct 2 12:25 boot.cfg
-rw 142830 Oct 25 14:17 Ksecu.img
-rw 2743945 Oct 25 14:16 Kbase.img
-rw 844217 Oct 25 14:17 Kos.img
Listing Directory /flash/certified/working/newdir:
drw 2048 Oct 14 17:14 ./
drw 2048 Oct 14 17:14 ../
Removing a Directory and its Contents
The rmdir command removes the specified directory and all its contents. If the following command is
issued from the flash directory shown in the drawing on page 1-8, the working directory would be
removed from the certified directory.
->rm -r /flash/certified/working
Note. Your login account must have write privileges to execute the rmdir command.
File and Directory Management Managing System Files
page 1-14 OmniSwitch AOS Release 6 Switch Management Guide December 2017
File Commands
The file commands apply to files located in the /flash file directory and its sub-directories.
Note. Each file in any directory must have a unique name. If you attempt to create or copy a file into a
directory where a file of the same name already exists, you will overwrite or destroy one of the files.
Creating or Modifying Files
The switch has an editor for creating or modifying files. The editor is invoked by entering the vi command
and the name of the new file or existing file that you want to modify. For example:
-> vi /flash/my_file
This command puts the switch in editor mode for my_file. If my_file does not already exist, the switch
will create the file in the flash directory. In the editing mode, the switch uses command keystrokes similar
to any vi UNIX text editor. For example, to quit the edit session and save changes to the file, type ZZ to
return to the CLI prompt.
Copy an Existing File
Use the cp command to copy an existing file. You can specify the path and filename for the original file
being copied as well as the path and filename for the new copy being created. If no path is specified, the
command assumes the current directory. The following syntax copies the Kos.img file from the working
directory to the certified directory.
->cp /flash/working/Kos.img /flash/certified
This second example presumes that the user current directory is the /flash/working directory. Here, it is
not necessary to specify a path for the original file. A copy of Kos.img will appear in the /flash/certified
directory once the following command is executed.
->cp Kos.img /flash/certified
This third example presumes that the user current directory is the flash directory. To copy a file into the
same directory where the file currently exists, the user must specify a new filename. The following
command will result in the Kbase.img file being copied into the /flash/working directory under the new
name of newfile.img. Both Kos.img and its copy newfile.img will appear in the /flash/working directory.
->cp /flash/working/Kbase.img newfile.img
In these examples, a new file will be written to the specified or assumed path with the new filename. If
you do not specify a new filename, the new file will have the same name as the copied file. If you copy a
file to its own directory, you must specify a new filename. In each case, the file being copied will remain
in its original location.
Note. You must have write privileges in order to execute the cp command.
Managing System Files File and Directory Management
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-15
Secure Copy an Existing File
Use the scp command to copy an existing file in a secure manner. You can specify the path and filename
for the original file being copied as well as the path and filename for a new copy being created. If no path
is specified, the command assumes the current directory. If SCP is not enabled on the switch, use the
scp-sftp command to enable it. The following syntax copies all of the image files in the working directory
from a remote switch 172.17.11.13 to the local working directory:
-> scp [email protected]:/flash/working/*.img /flash/working
admin's password for keyboard-interactive method:
This second example helps copy all the image files from the user current working directory to the remote
switch working directory. A copy of all the image files will appear in the /flash/working directory of the
remote switch 172.17.11.13, once the following command is executed.
-> scp /flash/working/*.img admin@172.17.11.13:/flash/working
admin's password for keyboard-interactive method:
Note. The scp command prompts you to enter the admin password. On entering the admin password, the
names and the path of the files being copied will be displayed. SCP is not supported between OmniSwitch
and Windows in the current release.
You must have write privileges in order to execute the scp command.
Move an Existing File or Directory
The move and mv commands have the same function and use the same syntax. Use these commands to
move an existing file or directory to another location. You can specify the path and name for the file or
directory being moved. If no path is specified, the command assumes the current path. You can also
specify a path and a new name for the file or directory being moved. If no name is specified, the existing
name will be used.
Note. Your login account must have write privileges to use the move or mv command.
Flash Directory
Certified Directory
Working Directory
Testfiles Directory
(Files)
(Files)
(File)
Network Directory
policy.cfg
(File)
testfile2
File and Directory Management Managing System Files
page 1-16 OmniSwitch AOS Release 6 Switch Management Guide December 2017
In this first example, the user current directory is the flash directory. The following command syntax
moves the testfile2 file from the user created testfiles directory into the working directory as shown in the
illustration above. The screen displays a warning that the file is being renamed (or in this case, redirected).
-> move /flash/testfiles/testfile2 /flash/working/testfile2
WARNING:renaming file /flash/testfiles/testfile2 -> /flash/working/testfile2
In the next example, the user current directory is the /flash/testfiles directory as shown in the illustration,
so it is not necessary to specify a path for the file being copied. However, the command syntax specifies a
path to the destination directory. The screen displays a warning that the file is being renamed.
-> move testfile2 /flash/working/newtestfile2
WARNING:renaming file /flash/working/newtestfile2 -> /flash/working/newtestfile2
In this third example, the user current directory is the flash directory. Here, it is not necessary to specify a
path for the destination file but a path must be specified for the original file. The screen displays a warning
that the file is being renamed.
-> move /flash/testfiles/testfile2 newfile2
WARNING: renaming file /flash/testfiles/testfile2 -> /flash/testfiles/newfile2
In each of the above examples, a new file will be written to the specified or assumed path with the new
filename. In each case, the file being copied will be removed from its original location.
Change File Attribute and Permissions
The chmod and attrib commands have the same function and use the same syntax. Use these commands
to change read-write privileges for the specified file. The following syntax sets the privilege for the
config1.txt file to read-write. In this example, the user current directory is the /flash file directory.
Note. You must have read-write privileges to a file to change that file privileges.
To set the permission for the config1.txt file to read-only, use the following syntax.
-> chmod -w /flash/config1.txt
To set the permission for the config1.txt file to read/write, use the following syntax.
-> chmod +w /flash/config1.txt
Delete an Existing File
The delete command deletes an existing file. If you use the delete command from the directory containing
the file, you do not need to specify a path. If you are in another directory, you must specify the path and
name for the file being deleted. The user of this command must have write privileges for any file being
deleted.
-> delete /flash/config.txt
Managing System Files File and Directory Management
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-17
Managing Files on Switches
On OmniSwitch stackable switches, you can copy a file from a non-primary switch to the primary switch
in a stack using the
rcp command. To use this command, enter rcp followed by the slot number of the
non-primary switch, the path and file name of the source file on the non-primary switch, and the destina-
tion file name on the primary switch.
For example, to copy the boot.params file to the /flash directory on Switch 4 in a stack to the primary
switch and name it boot.params.bak, enter:
-> rcp 4:/flash/boot.params boot.params.bak
On OmniSwitch chassis-based switches, you can copy a file from a secondary management module to a
primary management module or from a primary management module to a secondary management module
with the
rcp command. To use this command enter rcp followed the secondary management module of
the switch, the path and file name of the source file on the secondary management module of the switch,
and the destination file name on the primary management module of the switch.
For example, to copy the boot.params file to the /flash directory on primary management module in a
switch and name it boot.params.bak enter:
-> rcp cmm-b: /flash/boot.params boot.params.bak
To delete a file on a secondary management module of the non-primary switch, use the rrm command. To
use this command, enter rrm followed by the path and file name of the file on the secondary management
module of the non-primary switch to be deleted.
For example, to delete the boot.params file in the /flash directory on a secondary management module of
the non-primary switch, enter:
-> rrm 4 /flash/boot.params
To list the directory contents of a secondary management module of the non-primary switch, use the rls
command by entering rls, followed by the path name of the directory you want to display. (As an option,
you can also specify a specific file name to be displayed.)
For example, to display the contents of the /flash directory on a secondary management module non-
primary switch, enter:
-> rls 4 /flash
A screen similar to the following will be displayed:
-rw 327 Sep 13 16:46 boot.params
drw 1024 Sep 13 16:46 certified/
drw 1024 Sep 13 16:45 working/
-rw 64000 Sep 13 16:46 swlog1.log
-rw 64000 Sep 8 21:24 swlog2.log
drw 1024 Sep 13 16:45 switch/
drw 1024 Sep 10 17:34 network/
-rw 256 Sep 13 16:41 random-seed
drw 1024 Jun 22 1986 tk.dir/
File and Directory Management Managing System Files
page 1-18 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Utility Commands
The utility commands include freespace, fsck, and newfs. These commands are used to check memory
and delete groups of files.
Displaying Free Memory Space
The freespace command displays the amount of free memory space available for use in the switch file
system. You may issue this command from any location in the switch directory tree.
-> freespace
/flash 16480256 bytes free
Performing a File System Check
The fsck command performs a file system check and can repair any errors found. It displays diagnostic
information in the event of file corruption. Note that the fsck command only applies to the primary and
secondary CMM in an OmniSwitch chassis-based switch or the primary and secondary switch in an
OmniSwitch stack.
There are two options available with the fsck command: no-repair and repair. Specifying the no-repair
option performs only the file system check on the /flash directory, whereas, specifying the repair option
performs the file system check on the /flash directory and also repairs any errors found on the file system.
If none of the options are specified, then the no-repair option is applied by default.
If you want to repair any errors found automatically while performing the file system check, you must
specify the flash directory as follows:
-> fsck /flash repair
The screen displays the following output:
/flash/ - disk check in progress ...
/flash/ - Volume is OK
Change volume Id from 0x0 to 0xef2e3c
total # of clusters: 29,758
# of free clusters: 18,886
# of bad clusters: 0
total free space: 77,357,056
max contiguous free space: 55,451,648 bytes
# of files: 59
# of folders: 5
total bytes in files: 44,357,695
# of lost chains: 0
total bytes in lost chains: 0
While performing the repair operation, the switch will display the errors found and specify those errors
that have been repaired. If there are no errors found, then just the file system information is displayed.
Managing System Files File and Directory Management
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-19
Deleting the Entire File System
The newfs command deletes the flash file system and all the files and directories contained in it. This
command is used when you want to reload all files in the file system.
Caution. This command will delete all of the switch system files. All configurations programmed into the
switch will be lost. Do not use this command unless you are prepared to reload all files.
File and Directory Management Managing System Files
page 1-20 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Process Self-test Function Commands
In the Authenticated Switch Access - Enhanced Mode, an option is provided to check the hardware and
software status during boot up. The following commands can be used to perform a self-test for the hard
-
ware components and software processes sanity as and when necessary.
Note. This functionality is applicable only in ASA enhanced mode. For more information on ASA mode
commands, refer to the “AAA Commands” chapter of the OmniSwitch AOS Release 6 CLI Reference
Guide.
To display the major hardware components status, use the show system hardware-self-test command.
This self test checks the hardware status during boot up.
-> show system hardware-self-test
Checking CPU status -> Ok
Checking Memory status -> Ok
Checking Flash Status -> Ok
Checking NI Module status -> Ok
Checking Power Supply status -> Ok
Checking Lanpower Status -> Ok
To display the major software process status, use the show system process-self-test command:
-> show system process-self-test
Checking Chassis Supervision Process ....................OK
Checking Configuration Manager Process ....................OK
Checking Network Process ....................OK
Checking AAA Process ....................OK
Checking 802.1x Process ....................OK
Checking QoS Process ....................OK
Checking VLAN Manager Process ....................OK
Checking IP Services Process ....................OK
Checking H/W Driver Process ....................OK
Checking IPV6 Process ....................OK
Checking Layer2 / Switching Process ....................OK
Checking Layer3 / Routing Process ....................OK
Checking NiSUP Process ....................OK
Managing System Files Loading Software onto the Switch
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-21
Loading Software onto the Switch
There are three common methods for loading software to and from your switch. The method you use
depends on your workstation software, your hardware configuration, and the location and condition of
your switch. These methods are discussed here.
• FTP Server—You can use the switch as an FTP server. If you have FTP client software on your work-
station, you can transfer a file to the switch via FTP. This is normally done to load or upgrade the
switch software or configurations. For details see
“Using the Switch as an FTP Server” on page 1-21.
• TFTP Client—You can use the TFTP client functionality on an OmniSwitch 6350, 6450 to transfer
software to/from a TFTP server. For details see
“Using TFTP to Transfer Files” on page 1-26
• FTP Client—You can use the switch as an FTP client by connecting a terminal to the switch console
port and using standard FTP commands. This feature is useful in cases where you do not have access to
a workstation with an FTP client. For details see
“Using the Switch as an FTP Client” on page 1-22.
• USB Flash Drive—You can copy files to and from an Alcatel-Lucent certified USB flash drive
connected to the CMM. The switch can also boot from the image files stored on the USB drive using
the disaster recovery feature. For details see
“Using the USB Flash Drive” on page 5-33.
• Zmodem—You can load software directly through the serial port with any terminal emulator that
supports the Zmodem protocol. Note that a Zmodem transfer of large files may take several minutes to
complete. For details see
“Using Zmodem” on page 1-26.
Using the Switch as an FTP Server
The switch can act as an FTP server for receiving files transferred from your workstation. You can trans-
fer software files to the switch by using standard FTP client software located on a host workstation. This is
normally done to load or upgrade the switch software.
The following describes how to transfer files where the switch is acting as an FTP server.
1 Log into the switch. Use your workstation FTP client software just as you would with any FTP appli-
cation. To log in to the switch, start your FTP client. Where the FTP client asks for “Name”, enter the IP
address of your switch. Where the FTP client asks for “User ID”, enter the username of your login account
on the switch. Where the FTP client asks for “Password”, enter your switch password.
OmniSwitch FTP Server
Workstation
The FTP Client software
on the Workstation sends a
file from the Workstation to
the OmniSwitch
FTP Client FTP Server
OmniSwitch
Loading Software onto the Switch Managing System Files
page 1-22 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Note. If you are using Authenticated Switch Access (ASA), the port interface must be authenticated for
FTP use and the username profile must have permission to use FTP. Otherwise the switch will not accept
an FTP login. For information about ASA, refer to Chapter 10, “Managing Switch Security.”
2 Specify the transfer mode. If you are transferring a switch image file, you must specify the binary
transfer mode on your FTP client. If you are transferring a configuration file, you must specify the ASCII
transfer mode.
3 Transfer the file. Use the FTP “put” command or click the client download button to send the file to
the switch.
When you use FTP to transfer a file to the switch, the file is automatically placed in the switch /flash/
working directory. For details on using CLI commands to managing files once they are on the switch see
“File and Directory Management” on page 1-5.
Note. You must use the binary mode (bin) to transfer files via FTP.
Using the Switch as an FTP Client
Using the switch as an FTP client is useful in cases where you do not have access to a workstation with an
FTP client. You can establish an FTP session locally by connecting a terminal to the switch console port.
You can also establish an FTP session to a remote switch by using a Telnet session. Once you are logged
into the switch as an FTP client, you can use standard FTP commands.
Note. If you are using Authenticated Switch Access (ASA), the port interface must be authenticated for
FTP and Telnet use. The login profile must also have permission to use FTP. Otherwise the switch will not
accept an FTP login. For information about ASA and user privileges, refer to
Chapter 10, “Managing
Switch Security.”
Use the switch ftp command to start its FTP client.
OmniSwitch FTP Client
File Server
OmniSwitch
FTP Client FTP Server
A dumb terminal uses the FTP cli-
ent on the OmniSwitch to retrieve
a file from a file server
Terminal
Managing System Files Loading Software onto the Switch
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-23
1 Establish a connection to the switch as explained in “Getting Started” chapter in your OmniSwitch
AOS Release 6350/6450 Hardware Users Guide.
2 Log on to the switch and enter the ftp command to start the FTP client. Next, enter a valid host name
or IP address. (For information about enabling the DNS resolver for host names, please refer to Chapter 2,
“Logging Into the Switch.”) A screen similar to the following is displayed:
-> ftp 198.23.9.101
Connecting to [198.23.9.101]...connected
220 cosmo FTP server (UNIX(r) System V Release 4.1) ready
Name :
Note. You can only use a host name instead of an IP address if the DNS resolver has been configured and
enabled. If not, you must specify an IP address.
You can use the ftp6 command followed by the IPv6 address or the hostname of the FTPv6 server to start
an FTPv6 session over an IPv6 environment. For example:
-> ftp6 fe80::a00:20ff:fea8:8961 intf1
Connecting to [fe80::a00:20ff:fea8:8961]...connected
220 cosmo FTP server (UNIX(r) System V Release 4.1) ready
Name :
Note. While using FTPv6 sessions, it is mandatory to specify the name of the particular IPv6 interface, if
the FTPv6 server has been specified using its link-local address.
3 Set the client to binary mode with the bin command. Enter a valid user name and password for the host
you specified with the
ftp command. A screen similar to the following is displayed:
Name: Jsmith
331 Password required for Jsmith
Password: *****
230 User Jsmith logged in.
4 After logging in, you will receive the ftp-> prompt. You may enter a question mark (?) to view
available FTP commands as shown here.
ftp->?
Supported commands:
ascii binary bye cd delete
dir get help hash ls
put pwd quit remotehelp user
lpwd mput mget prompt !ls
lcd user
These are industry standard FTP commands. Their definitions are given in the following table:
ascii Set transfer type to ASCII (7-bit).
binary Set transfer type to binary (8-bit).
bye Close session gracefully.
cd Change to a new directory on the remote machine.
Loading Software onto the Switch Managing System Files
page 1-24 OmniSwitch AOS Release 6 Switch Management Guide December 2017
If you lose communications while running FTP, you may receive a message similar to the following:
Waiting for reply (Hit ^C to abort)...........
In this case you can press Crtl-C to abort the session or wait until the communication failure is resolved
and the FTP transfer can continue.
Note. You must use the binary mode (bin) to transfer files via FTP.
Using Secure Shell FTP
1 Log on to the OmniSwitch and issue the sftp CLI command. The command syntax requires you to
identify the IP address for the device you are connecting to. The following command establishes a Secure
Shell FTP interface from the local OmniSwitch to IP address 10.222.30.125.
-> sftp 10.222.30.125
login as:
Note. If SFTP is not enabled on the switch, use the scp-sftp command to enable it.
You can use the sftp6 command followed by the IPv6 address or hostname of the SFTPv6 server to start
an SFTPv6 session over an IPv6 environment. For example:
delete Delete a file on the remote machine.
dir Obtain a long listing on the remote machine.
get Retrieve a file from the remote machine.
hash Print the hash symbol (#) for every block of data transferred.
(This command toggles hash enabling and disabling.)
help Displays a list of FTP commands and their definitions.
ls Display summary listing of the current directory on the remote
host.
put Send a file to the remote machine.
pwd Display the current working directory on the remote host.
quit Close session gracefully.
remotehelp List the commands that the remote FTP server supports.
user Send new user information.
lpwd Display the current working directory on the local host.
mput Allows for the transfer of multiple files out of the local machine.
mget Allows for the transfer of multiple files into the local machine.
prompt Toggles the query for use with the mput and mget commands.
!ls Lists the contents (files and directories) of the local directory.
lcd Change to a new local directory
user Sends new user information.
Managing System Files Loading Software onto the Switch
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-25
-> sftp6 fe80::a00:20ff:fea8:8961 int1
login as:
Note. While using SFTPv6 sessions, it is mandatory to specify the name of the particular IPv6 interface, if
the SFTPv6 server has been specified using its link-local address.
2 You must have a login and password that is recognized by the IP address you specify. When you enter
your login, the device you are logging in to, will request your password as shown here.
-> sftp 10.222.30.125
login as: rrlogin2
rrlogin2's password for keyboard-interactive method:
3 After logging in, you will receive the sftp> prompt. You may enter a question mark (?) to view
available Secure Shell FTP commands and their definitions as shown here.
sftp>?
Available commands:
cd path Change remote directory to 'path'
lcd path Change local directory to 'path'
chmod mode path Change permissions of file 'path' to 'mode'
help Display this help text
get remote-path [local-path] Download file
lls [path]] Display local directory listing
ln oldpath newpath Symlink remote file
lmkdir path Create local directory
lpwd Print local working directory
ls [path] Display remote directory listing
mkdir path Create remote directory
put local-path [remote-path] Upload file
pwd Display remote working directory
exit Quit sftp
quit Quit sftp
rename oldpath newpath Rename remote file
rmdir path Remove remote directory
rm path Delete remote file
symlink oldpath newpath Symlink remote file
version Show SFTP version
? Synonym for help
Note. Although Secure Shell FTP has commands similar to the industry standard FTP, the underlying
protocol is different.
Closing a Secure Shell FTP Session
To terminate the Secure Shell FTP session, issue the exit command. The following will display:
-> exit
Connection to 11.333.30.135 closed.
This display indicates the Secure Shell FTP session with IP address 11.333.20.135 is closed. The user is
now logged into the OmniSwitch as a local device with no active remote connection.
Loading Software onto the Switch Managing System Files
page 1-26 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Using TFTP to Transfer Files
Trivial File Transfer Protocol (TFTP), a client-server protocol, can be used to transfer files between the
TFTP server and client. TFTP client functionality on the OmniSwitch is used to download files from or
upload files to the TFTP server within a LAN using the
tftp command.
The following is an example of how to start a TFTP session to download a file from a TFTP server:
-> tftp 10.211.17.1 get source-file boot.cfg destination-file /flash/working/
boot.cfg ascii
When you enter the above command the following actions are performed:
• Establishes a TFTP session with the TFTP server 10.211.17.1.
• Downloads the boot.cfg file using the ASCII file transfer mode.
• Saves the downloaded file contents to the boot.cfg file in the working directory of the TFTP client.
You can specify a path for the specified file and if the file name is specified without a path then the current
path (/flash) is used by default. If a destination filename is not specified, then the source filename is used
by default. A TFTP client supports two modes of file transfer: Binary mode and ASCII mode. However,
files are transferred using the Binary mode by default.
A TFTP server does not prompt for a user to login and only one active TFTP session is allowed at any
point of time.
Note. When downloading a file to the switch, the file size must not exceed the available flash space.
Using Zmodem
A Zmodem application has been included with your switch software so that new programs and archives
can be uploaded through the switch serial console port. There are generally two situations that would
require you to use the switch console serial port to load software by using Zmodem.
• Your system is having problems and the FTP transfer method does not work.
• The switch Ethernet Management port is either not functioning or not configured.
To use Zmodem, you must have a terminal emulator that supports the Zmodem protocol. There are many
Zmodem products available that operate differently. You should consult the user manual that came with
your terminal emulation software for details.
Managing System Files Loading Software onto the Switch
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-27
Note. If a file you are transferring already exists in the switch flash memory, you must remove the file
before transferring the new file via Zmodem.
To transfer a file via Zmodem, complete the following steps:
1 Connect your terminal emulation device containing the Zmodem protocol to the switch console port.
2 Start the Zmodem process on your switch by executing the rz command.
-> rz
A screen similar to the following will appear.
Upload directory: /flash
rz ready to receive file, please start upload (or send 5 CTRL-X to abort).
**B000000023be50
3 Transfer the files by using your terminal emulation software. The following will be displayed.
ZMODEM file transfer successful,
Hit <RETURN> to exit...
When the transfer is complete, you can use the ls command to verify that the new files were loaded
successfully. To abort a Zmodem session enter Ctrl-X five times in succession.
Note. Files transferred via Zmodem are loaded into the flash directory. Before the new files can be used
by the switch, you must transfer them to the switch /flash/working directory and reboot the switch.
Zmodem File Transfer
OmniSwitch
Zmodem is used to transfer
a file from a workstation to
the OmniSwitch
Zmodem
Workstation
Registering Software Image Files Managing System Files
page 1-28 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Registering Software Image Files
New software transferred to the switch must go through a registration process before it can be used by the
switch. The registration process includes two tasks:
• Transfer the new software file(s) to the switch /flash/working directory via remote connection.
• Restart the switch to register the software.
Directories on the Switch
When you log into the switch, your current directory is the flash directory. For a factory default switch, the
flash directory contains three sub-directories and several files. It is important to understand the relation
-
ship of these directories before you load software or edit any of the files. The three directories are
described here:
• Certified directory—This directory contains configuration files that are certified as the default start-
up files for the switch. These are the trusted configuration and binary image files. They will be used in
the event of a non-specified reload. Do not attempt to edit these files. The path to this directory is
/flash/certified.
• Working directory—The working directory is a repository for configuration files that you are work-
ing on. If you are working on configuration files to develop a custom switch application, you may want
to test them before certifying them as the switch default. To do this, you can boot from the files in the
working directory while preserving the files in the certified directory. When the files in the working
directory are tested and working properly, you may certify them as the switch default files. The files
are then copied into the certified directory to replace the old ones. The path to this directory is
/flash/working.
• Network directory—This directory holds files that may be required by servers used for authentica-
tion. Other files can be put into this directory if desired. The path to this directory is /flash/network.
Note. The upgrade procedure of the image now works in the “Certified” directory and modification of the
configuration is reflected correctly in the configuration files of the switch. When you upload a new image
into the “Certified” directory and issue a “copy certified working” command, the system is fully synchro
-
nized including the running configuration.
For more information on switch directories refer to the “Managing CMM Directory Content” chapter of
this manual.
Managing System Files Registering Software Image Files
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-29
Available Image Files
The following table lists the image files for the OmniSwitch 6450 Series switches. Most of the files listed
here are part of the base switch configuration. Files that support an optional switch feature are noted in the
table.
The following table lists the image files for the OmniSwitch 6350 Series switches. Most of the files listed
here are part of the base switch configuration. Files that support an optional switch feature are noted in the
table.
Note. Some switches may also have image files in flash memory. These files can result from the
manufacturing process and are not needed for the switch to function. Therefore, they can be safely deleted.
Archive File Name Base or Optional Software Description
KFbase.img Base Software CMM Base
KFeni.img Base Software NI image for all Ethernet-type NIs
KFos.img Base Software CMM Operating System
KFsecu.img Base Software CMM Security
Archive File Name Base or Optional Software Description
KF3base.img Base Software CMM Base
KF3eni.img Base Software NI image for all Ethernet-type NIs
KF3os.img Base Software CMM Operating System
KF3secu.img Base Software CMM Security
CodeGuardian Managing System Files
page 1-30 OmniSwitch AOS Release 6 Switch Management Guide December 2017
CodeGuardian
Alcatel-Lucent Enterprise and LGS Innovations have combined to provide the first network equipment to
be hardened by an independent group. CodeGuardian promotes security and assurance at the network
device level using independent verification and validation of source code, software diversification to
prevent exploitation and secure delivery of software to customers.
CodeGuardian employs multiple techniques to
identify vulnerabilities such as software architecture
reviews, source code analysis (using both manual techniques and automated tools), vulnerability scanning
tools and techniques, as well as analysis of known vulnerabilities in third party code.
Software diversification
Software diversification randomizes the executable program so that various instances of the same soft-
ware, while functionally identical, are arranged differently. The CodeGuardian solution rearranges inter-
nal software while maintaining the same functionality and performance and modifies the deliverable
application to limit or prevent/impede software exploitation.
CodeGuardian AOS Releases
• X=Diversified image 1-5
• ALE will have 5 different diversified images per AOS release (R11 through R51)
• Our partner LGS will have 5 different diversified images per AOS release (L11 through L51)
Chassis Standard AOS
Release
AOS CodeGuardian
Release
LGS AOS CodeGuardian
Release
OmniSwitch 6450 6.7.2.R03 6.7.2.RX 6.7.2.LX
Managing System Files Application Examples for File Management
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-31
Application Examples for File Management
The following sections provide detailed examples of managing files and directories on the switch.
Transferring a File to the Switch Using FTP
In this example, the user is adding a security feature to an OmniSwitch 6450 Series switch. To do this, the
user must load the KFsecu.img image file onto the switch and then register the file by rebooting the
switch. The following steps describe how to transfer the file from the user workstation to the switch by
using an FTP client on the workstation:
1 Load the KFsecu.img file onto a workstation that contains an FTP client.
You will normally receive the file from the Internet, via E-mail, or on CD media. Place the file on your
workstation where it can be easily downloaded.
2 Run the FTP client software on your workstation.
Most workstations have an FTP client installed. Refer to your manufacturer instructions for details on
running the FTP application.
3 Log in to the switch from your FTP client.
Where the FTP client asks for Name, enter the IP address of your switch. Where the FTP client asks for
User ID, enter “admin”. Where the FTP client asks for Password, enter “switch” or your custom config
-
ured password.
4 Transfer the file from the workstation to the switch by using the FTP client.
If you have a GUI FTP client, select the KFsecu.img file on your desktop and click the download button.
If you have a text only FTP client, use the FTP “put” command to move the file from your desktop to the
switch. In either case, you must specify a binary file transfer because the KFsecu.img file is a binary file.
Once the transfer is complete, the file will appear in the switch /flash/working directory.
5 Close the FTP session with the switch.
6 To verify that the KFsecu.img file is in the /flash/working directory on the switch. Log onto the
switch and list the files in the /flash/working directory.
-> ls /flash/working
Listing Directory /flash/working:
drw 2048 Aug 4 10:45 ./
drw 2048 Aug 5 14:05 ../
-rw 670979 Aug 5 14:44 KFsecu.img
-rw 2877570 Aug 4 10:33 KFbase.img
-rw 217119 Aug 4 10:33 KFdiag.img
-rw 727663 Aug 4 10:33 KFeni.img
-rw 5519 Aug 4 10:34 KFrelease.img
-rw 880 Sep 31 13:05 boot.cfg
This list verifies that the file is located on the switch in the /flash/working directory.
7 Reboot the switch to register the security file KFsecu.img.
The features and services supported by the Ksecu.img image file are now available on the switch.
Application Examples for File Management Managing System Files
page 1-32 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Creating a File Directory on the Switch
In this example, the user wants to store several test files on the switch for use at a later date. The user has
loaded the files into the switch /flash/working directory by using FTP. Rather than leaving the files in the
working directory, the user may want to create a new directory. The following steps describe how to create
a directory on the switch, how to transfer files into the directory, and how to list the files.
1 Log onto the switch and use the mkdir command to create a new directory called “resources”.
-> mkdir resources
->
2 Verify that the new directory was created using the ls command. The “resources” directory is listed.
-> ls
Listing Directory /flash:
-rw 308 Aug 12 13:33 boot.params
drw 2048 Aug 14 10:45 certified/
drw 2048 Aug 15 16:24 working/
-rw 64000 Aug 15 16:19 swlog1.log
-rw 64000 Aug 15 14:05 swlog2.log
drw 2048 Sep 24 07:57 switch/
-rw 30 Aug 19 2023 policy.cfg
drw 2048 Aug 25 16:25 resources/
-rw 0 Sep 24 08:00 boot.cfg
3 Use the ls command to list the contents of the /flash/working directory.
-> ls /flash/working
Listing Directory /flash/working:
drw 2048 Aug 5 17:03 ./
drw 2048 Aug 5 16:25 ../
-rw 880 Sep 31 13:05 boot.cfg
-rw 6 Aug 5 17:03 test1.txt
-rw 6 Aug 5 17:03 test2.txt
-rw 6 Aug 5 17:03 test3.txt
4 Use the mv command to move the test files from /flash/working to /flash/resources.
-> mv test1.txt /flash/resources
-> mv test2.txt /flash/resources
-> mv test3.txt /flash/resources
Managing System Files Application Examples for File Management
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-33
5 Use the ls command to verify that the files are now located in the /flash/resources directory.
-> ls /flash/resources
Listing Directory /flash/resources:
drw 2048 Jul 5 17:20 ./
drw 2048 Jul 5 16:25 ../
-rw 6 Jul 5 17:03 test1.txt
-rw 6 Jul 5 17:03 test2.txt
-rw 6 Jul 5 17:03 test3.txt
17995776 bytes free
FTP Client Application Example
The following example shows how to transfer a file named rrtext.txt from the switch /flash/working
directory to another host by using the switch as an FTP client.
1 Log into the switch. Use the ls command to verify that your current directory is /flash.
-> ls
Listing Directory /flash:
-rw 272 Jun 12 15:57 boot.params
drw 2048 Jun 12 17:52 certified/
drw 2048 Jun 13 12:32 working/
drw 2048 Jul 12 16:22 switch/
-rw 10000 Jun 12 15:58 swlog1.log
-rw 10000 Jun 12 17:50 swlog2.log
-rw 445 Jun 21 11:43 aaasnap
-rw 7298 Jul 24 16:51 websnap1024
-rw 2662306 Jun 28 16:44 cs_system.pmd
-rw 543 Jun 28 12:02 aaapublic
drw 2048 Jun 28 17:50 newdir/
-rw 1452 Jun 29 12:50 nssnap76
-rw 1452 Jun 29 12:42 iesnap76
16480256 bytes free
2 Use the cd command to change your current directory to /flash/working. Use the ls or pwd command
to verify.
-> cd working
-> ls
Listing Directory /flash/working:
drw 2048 Aug 3 12:32 ./
drw 2048 Aug 14 10:58 ../
-rw 450 Aug 13 10:02 rrtest1.txt
Application Examples for File Management Managing System Files
page 1-34 OmniSwitch AOS Release 6 Switch Management Guide December 2017
3 Enter the FTP mode by using the ftp command followed by the IP address or the name of the host you
are connecting to. (If you enter a host name, please refer to “Using Zmodem” on page 1-26.)
->ftp 10.255.11.101
220 Connecting to [10.255.11.101]...connected.
Cosmo Windows FTP server ready
Name: Myhost1
Note. You can only use a host name instead of an IP address if the DNS resolver has been configured and
enabled. If not, you must specify an IP address.
You can use the ftp6 command followed by the IPv6 address or hostname of the FTPv6 server to start an
FTPv6 session over an IPv6 environment. For example:
-> ftp6 fe80::a00:20ff:fea8:8961 intf1
220 Connecting to [fe80::a00:20ff:fea8:8961]...connected.
Cosmo Windows FTP server ready
Name: Myhost1
Note. FTPv6 sessions are supported. It is mandatory to specify the name of the particular IPv6 interface, if
the FTPv6 server has been specified using its link-local address.
4 Enter a valid user name and password for the host you specified with the ftp command. A screen
similar to the following is displayed:
Name (d) : Jsmith
331 Password required for Jsmith
Password: *****
230 User Jsmith logged in.
5 Use the FTP “put” command to transfer the file from your switch to the host as shown here.
ftp> put rrtest.txt
The following will be displayed:
200 Port set okay
150 Opening BINARY mode data connection
Transferred 20 octets in 1 seconds.
226 Transfer complete
ftp>
6 To exit the switch FTP client mode, use the “quit” FTP command. Your current directory on the switch
is /flash/working, which is the location from which you initiated the FTP client session. Use the
pwd CLI
command to verify your current directory.
ftp> quit
221 Bye
-> pwd
/flash/working
Managing System Files Application Examples for File Management
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-35
Creating a File Directory Using Secure Shell FTP
The following example describes the steps necessary to create a directory on a remote OmniSwitch and to
transfer a file into the new directory by using Secure Shell FTP.
1 Log on to the switch and issue the sftp CLI command with the IP address for the device you are
connecting to. The following command establishes a Secure Shell FTP interface from the local OmniS-
witch to another OmniSwitch at IP address 10.222.30.125.
-> sftp 10.222.30.125
login as:
Note. If SFTP is not enabled, use the scp-sftp command to enable it.
You can use the sftp6 command followed by the IPv6 address or hostname of the SFTPv6 server to start
an SFTPv6 session over an IPv6 environment. For example:
-> sftp6 fe80::a00:20ff:fea8:8961 int1
login as:
Note. SFTPv6 sessions are supported. It is mandatory to specify the name of the particular IPv6 interface,
if the SFTPv6 server has been specified using its link-local address.
2 You must have a login and password that is recognized by the IP address you are logging in to. When
you enter your login, the device will request your password. Here, the login “rrlogin2” is used, the system
requests a password.
-> sftp 10.222.30.125
login as: rrlogin2
rrlogin2's password for keyboard-interactive method:
Once the correct password is given and the login is completed, the sftp> prompt is displayed. This indi-
cates that you are in the Secure Shell FTP mode and must, therefore, use the Secure Shell FTP commands
as listed on
page 1-25.
3 Use the ls command to display the contents of the target OmniSwitch directory.
sftp> ls
287 boot.params
2048 certified
2048 working
64000 swlog1.log
64000 swlog2.log30 policy.cfg
2048 network
206093 cs_system.pmd
2048 LPS
256 random-seed
4 Use the mkdir command to create a new directory entitled “newssdir” in the target OmniSwitch.
Remember you must specify the path for the new directory as follows:
sftp> mkdir /flash/newssdir
5 Use the ls command again to list the contents of the current (flash) directory. Note that the “newssdir”
directory appears toward the bottom of the following list.
sftp> ls
Application Examples for File Management Managing System Files
page 1-36 OmniSwitch AOS Release 6 Switch Management Guide December 2017
287 boot.params
2048 certified
2048 working
64000 swlog1.log
64000 swlog2.log30 policy.cfg
2048 network
206093 cs_system.pmd
2048 LPS
2048 newssdir
256 random-seed
Transfer a File Using Secure Shell FTP
To demonstrate how to transfer a file by using the Secure Shell FTP, this application example continues
from the previous example where a new directory named “newssdir” was created on a remote OmniS
-
witch.
1 Use the Secure Shell FTP put command to transfer the file “testfile1.rr” from the local OmniSwitch to
the “newssdir” directory on the remote OmniSwitch. You must specify the local path (where the file
originates) and the remote path (where the file is going) in the command syntax. The following command
is used:
sftp> put /flash/testfile1.rr /flash/newssdir
The following will be displayed to indicate that the file was successfully transferred to the /flash/newss-
dir on the target OmniSwitch.
Uploading /flash/testfile1.rr to /flash/newssdir/testfile1.rr
2 To verify that the file was transferred to the correct destination, use the Secure Shell FTP cd command
to move your login to the newssdir directory. Then, use the ls command to list the contents of the
directory. The copied file is listed in the correct directory as shown here.
sftp> cd newssdir
sftp> ls
2048 .
2048 ..
31 testfile1.rr
Closing a Secure Shell FTP Session
To terminate the Secure Shell FTP session, issue the exit command. The following will be displayed:
-> exit
Connection to 11.333.30.135 closed.
This display indicates the Secure Shell FTP session with IP address 11.333.20.135 is closed. The user is
now logged into the OmniSwitch as a local device with no active remote connection.
Managing System Files Verifying Directory Contents
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-37
Verifying Directory Contents
To display a list of files, the following CLI commands may be used.
For more information about these commands, see the OmniSwitch AOS Release 6 CLI Reference Guide.
ls Displays the contents of a specified directory or the current working
directory.
dir Displays the contents of a specified directory or the current working
directory.
rls Displays the content of a non primary switch in a stack.
Installing Software Licenses Managing System Files
page 1-38 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Installing Software Licenses
Some features require a software license and are restricted only to a licensed user. To activate licensed
features, a license serial number must be purchased along with an authorization code from Alcatel-Lucent.
The authorization code can then be used to generate a license file.
To install the license file on the switch and to activate the licensed features, perform the following steps:
1 Log on to https://service.esd.alcatel-lucent.com/portal/page/portal/EService/LicenseGeneration and
provide the serial number and MAC address of the switch along with the authorization code.
A license file, for example lmLicense.txt, is generated.
2 Save the generated (lmLicense.txt) file in the /flash directory (or any other directory) of the primary
CMM.
3 To install the license on the switch, use the license apply command with the generated file name or the
license key and reboot the switch. For example:
-> license apply file /flash/lmLicense.txt
4 To verify the installation, use the show license info command.
5 To deactivate a license use the license remove command as shown below:
-> license remove feature gig ni 1
6 To temporarily activate a license use the license unlock command as shown below:
-> license unlock feature gig ni 1
Note. For multiple entries of serial numbers, MAC addresses, and authorization codes, use a CSV
formatted file and upload the file on to the website. A single license file is generated for all the switches.
Activation or unlock of license can be performed for the first time using the configuration file. For any
subsequent unlocks the boot.cfg file must be removed and the switch must be rebooted.
Once the license is applied it is written to the EEPROM and the license file is no longer needed.
Managing System Files Installing Software Licenses
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-39
Licensed Features
License Features Installation Notes
Metro Ethernet-service
OAM (802.1ag, Y-1731,
802.3ah)
CPE test head
G.8032
IPMC VLAN
Dying Gasp
SAA
MVR
Mac Forced Forwarding
PPPoE
Note: Metro license features are
not supported on OmniSwitch
6350.
Switch/Stack must rebooted after install-
ing licenses.
Allows SMB models to run Metro fea-
tures.
Metro licenses are installed on the units
in a stack only if the keys for all the units
are available; all units must have a metro
license.
If a unit is inserted in the stack without
metro license and primary unit has a
metro license, new added unit will be put
into Pass Thru. Unit in Pass thru can be
recovered by installing the metro license.
If the unit is inserted in the stack with
metro license and primary unit does not
have metro license, newly added unit will
be put into Pass Thru.
Unit in Pass thru can be recovered by
removing the Metro license.
If unit is inserted in the stack with metro
license and primary unit has metro
license, newly added unit will not be put
into Pass thru.
When removing license from primary
element it will be removed for all stack
elements.
GIG Enables gigabit interfaces on
“lite” models.
No reboot required.
Copper ports will be upgraded to provide
gigabit capacity.
Individual units in a stack can be
upgraded.
Installing Software Licenses Managing System Files
page 1-40 OmniSwitch AOS Release 6 Switch Management Guide December 2017
10GIG Enables 10-Gigabit non-combo
SFP+ ports.
Note: 10GIG is not supported on
OmniSwitch 6350.
No reboot required.
Non-combo SFP+ ports will be upgraded
to provide 10G capacity.
Individual units can be upgraded.
Temporary Unlocks any licensed feature for
a period of 15 days.
No license file required, can be enabled
with CLI.
Can only be unlocked if no boot.cfg file
exists.
Can be re-installed after expiration as
long as no boot.cfg file exists.
License Features Installation Notes
Managing System Files Setting the System Clock
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-41
Setting the System Clock
The switch clock displays time by using a 24-hour clock format. It can also be set for use in any time
zone. Daylight Savings Time (DST) is supported for a number of standard time zones. DST parameters
can be programmed to support non-standard time zones and time off-set applications.
All switch files and directories listed in the flash directory bear a time stamp. This feature is useful for file
management purposes.
Setting Date and Time
You can set the local date, time zone, and time for your switch or you can also set the switch to run on
Universal Time Coordinate (UTC or GMT). If applicable, you can also configure Daylight Savings Time
(DST or Summertime) parameters.
Note. If you have multiple switches in a stack, you must set the date and time on both the primary and the
secondary switch. Otherwise, if you experience a fail-over situation, the secondary switch time and date
will not match. You can use the
takeover command to switch between primary and secondary switches to
set time and date. For more information on redundancy, refer to Chapter 5, “Managing CMM Directory
Content.”
Date
To display the current system date for your switch, use the system date command. If you do not specify a
new date in the command line, the switch will display the current system date.
To modify the switch current system date, enter the new date with the command syntax. The following
command will set the switch system date to June 23, 2002.
-> system date 06/23/2002
When you specify the date you must use the mm/dd/yyyy syntax where mm is the month, dd is the day and
yyyy is the year. Months are specified as numbers from 01 to 12. Days are specified as numbers from 1 to
31. You must use two digits to define the month and the day. You must use four digits to specify the year.
Time Zone
To determine the current time zone or to specify a new time zone for your switch, use the
system timezone command. This specifies the time zone for the switch and sets the system clock to run
on UTC time (or Greenwich Mean Time). The following is displayed for the Pacific standard time zone:
-> system timezone
PST: (Coordinated Universal Time) UTC-8 hours
To set a new time zone for the system clock, use the system timezone command along with the appropri-
ate time zone abbreviation. Refer to the table in “Enabling DST” on page 1-44 for time zone abbrevia-
tions. The following command sets the system clock to run on Pacific standard time:
-> system timezone pst
PST: (Coordinated Universal Time) UTC-8 hours
Setting the System Clock Managing System Files
page 1-42 OmniSwitch AOS Release 6 Switch Management Guide December 2017
You may set the switch system clock to a time that is offset from standard UTC time. For example, you
can set a time that is offset from UTC by increments of 15, 30, or 45 minutes. You must indicate by a plus
(+) or minus (-) character whether the time should be added to or subtracted from the system time. To set a
time that offsets UTC by adding 5 hours and 45 minutes, use the following command:
-> system timezone +05:45
Note that four digits must be used to specify an offset for minutes, and the minutes must be specified in
15, 30, or 45 minute increments. To specify the number of hours offset from UTC (such as ten hours) use
the following command syntax:
-> system timezone +10
Values to specify hours for offset range from -13 through +12.
Time
To display the current local time for your switch, use the system time command. If you do not specify a
new time in the command line, the current system time is displayed as shown:
-> system time
17:08:51 (PST)
To modify the switch current system time, enter the system time command. When you specify the time
you must use the hh:mm:ss syntax where hh is the hour based on a 24 hour clock. The mm syntax
represents minutes and ss represents seconds. You must use two digits to specify the minutes and two
digits to specify the seconds. The following command will set the switch system time to 10:45:00 a.m:
-> system time 10:45:00
->
The following command will set the switch system time to 3:14:00 p.m:
-> system time 15:41:00
->
Managing System Files Setting the System Clock
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-43
Daylight Savings Time Configuration
The switch can be set to change the system clock automatically to adjust for Daylight Savings Time
(DST). There are two situations that apply depending on the time zone selected for your switch.
If the time zone set for your switch shows DST parameters in the table on page 1-44, you need to only
enable DST on your switch by using the following command:
-> system daylight savings time enable
If the time zone set for your switch does not show DST parameters in the table on page 1-44, you must
specify the start, end, and change parameters for DST by using the system daylight savings time
command. The following information is needed to specify DST:
• The day of the week and month of the year when DST will begin.
• The position of that day in the month (e.g., first, second, third, fourth, or last Sunday of the month).
• The hour and minute of the day at which DST will begin.
• The day of the week and month of the year when DST will end.
• The position of that day in the month (e.g., first, second, third, fourth, or last Sunday of the month).
• The hour and minute of the day at which DST will end.
• The number of hours the switch clock will be offset for DST (one hour in most cases).
To set the switch DST parameters so that the clock will move back one hour on the fourth Sunday of
September at 11:00 p.m. and move forward on the fourth Sunday of March at 11:00 a.m., the following
command should be used:
-> system daylight savings time start fourth sun in Sept at 23:00 end fourth sun
in march at 11:00 by 1
For more details on syntax for this command, please refer to the OmniSwitch AOS Release 6 CLI Refer-
ence Guide. You can also use the question mark (?) character in the command syntax to invoke the CLI
help feature as described in the “Using the CLI” chapter of this manual.
Note. By default, Daylight Savings Time is disabled.
Setting the System Clock Managing System Files
page 1-44 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Enabling DST
When Daylight Savings Time (DST) is enabled, the switch clock will automatically set the default DST
parameters for the time zone specified on the switch or for the custom parameters you can specify with the
system daylight savings time command. In this case, it is not necessary to change the time setting on the
switch when your time zone changes to and from DST. To verify the DST parameters for your switch, use
the
system daylight savings time command. A screen similar to the following will be displayed:
-> system daylight savings time
Daylight Savings Time (DST) is DISABLED.
PST: (Coordinated Universal Time) UTC-8 hours
Daylight Savings Time (DST):
DST begins on the first sunday in april (4/7) at 2:00
DST ends on the last sunday in october (10/27) at 2:00
DST will change the time by +/- 1:00 hour(s)
The second line in the above display indicates the Enabled/Disabled status of the DST setting on the
switch. The last three lines describe the date and time parameters for the selected time zone or the custom
parameters set with the CLI. To enable daylight savings time use the following command:
-> system daylight savings time enable
Note. If your time zone shows “No default” in the “Time Zone and DST Information Table”, refer to
“Daylight Savings Time Configuration” on page 1-43 for information on configuring and enabling DST.
The following table shows a list of supported time zone abbreviations and DST parameters.
Time Zone and DST Information Table
Abbreviation Name
Hours from
UTC DST Start DST End DST Change
nzst New Zealand +12:00 1st Sunday in Oct. at
2:00 a.m.
3rd Sunday in Mar.
at 3:00 a.m.
1:00
zp11 No standard name +11:00 No default No default No default
aest Australia East +10:00 Last Sunday in Oct.
at 2:00 a.m.
Last Sunday in Mar.
at 3:00 a.m.
1:00
gst Guam +10:00 No default No default No default
acst Australia Central
Time
+09:30 Last Sunday in Oct.
at 2:00 a.m.
Last Sunday in Mar.
at 3:00 a.m.
1:00
jst Japan +09:00 No default No default No default
kst Korea +09:00 No default No default No default
awst Australia West +08:00 No default No default No default
zp8 China;
Manila, Philippines
+08:00 No default No default No default
zp7 Bangkok +07:00 No default No default No default
zp6 No standard name +06:00 No default No default No default
zp5 No standard name +05:00 No default No default No default
zp4 No standard name +04:00 No default No default No default
msk Moscow +03:00 Last Sunday in Mar.
at 2:00 a.m.
Last Sunday in Oct.
at 3:00 a.m.
1:00
eet Eastern Europe +02:00 Last Sunday in Mar.
at 2:00 a.m.
Last Sunday in Oct.
at 3:00 a.m.
1:00
Managing System Files Setting the System Clock
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 1-45
cet Central Europe +01:00 Last Sunday in Mar.
at 2:00 a.m.
Last Sunday in Oct.
at 3:00 a.m.
1:00
met Middle Europe +01:00 Last Sunday in Mar.
at 2:00 a.m.
Last Sunday in Oct.
at 3:00 a.m.
1:00
bst British Standard
Time
+00:00 Last Sunday in Mar.
at 1:00 a.m.
Last Sunday in Oct.
at 3:00 a.m.
1:00
wet Western Europe +00:00 Last Sunday in Mar.
at 1:00 a.m.
Last Sunday in Oct.
at 3:00 a.m.
1:00
gmt Greenwich Mean
Time
+00:00 No default No default No default
wat West Africa -01:00 No default No default No default
zm2 No standard name -02:00 No default No default No default
zm3 No standard name -03:00 No default No default No default
nst Newfoundland -03:30 1st Sunday in Apr. at
2:00 a.m.
Last Sunday in Oct.
at 2:00 a.m.
1:00
ast Atlantic Standard
Time
-04:00 2nd Sunday in Mar.
at 2:00 a.m.
1st Sunday in Nov. at
2:00 a.m.
1:00
est Eastern Standard
Time
-05:00 2nd Sunday in Mar.
at 2:00 a.m.
1st Sunday in Nov. at
2:00 a.m.
1:00
cst Central Standard
Time
-06:00 2nd Sunday in Mar.
at 2:00 a.m.
1st Sunday in Nov. at
2:00 a.m.
1:00
mst Mountain Standard
Time
-07:00 2nd Sunday in Mar.
at 2:00 a.m.
1st Sunday in Nov. at
2:00 a.m.
1:00
pst Pacific Standard
Time
-08:00 2nd Sunday in Mar.
at 2:00 a.m.
1st Sunday in Nov. at
2:00 a.m.
1:00
astcam Atlantic Standard
Time
Central America
-04:00 1st Sunday in Apr. at
2:00 a.m.
Last Sunday in Oct.
at 2:00 a.m.
1:00
estcam Eastern Standard
Time
Central America
-05:00 1st Sunday in Apr. at
2:00 a.m.
Last Sunday in Oct.
at 2:00 a.m.
1:00
cstcam Central Standard
Time
Central America
-06:00 1st Sunday in Apr. at
2:00 a.m.
Last Sunday in Oct.
at 2:00 a.m.
1:00
mstcam Mountain Standard
Time
Central America
-07:00 1st Sunday in Apr. at
2:00 a.m.
Last Sunday in Oct.
at 2:00 a.m.
1:00
pstcam Pacific Standard
Time
Central America
-08:00 1st Sunday in Apr. at
2:00 a.m.
Last Sunday in Oct.
at 2:00 a.m.
1:00
akst Alaska -09:00 1st Sunday in Apr. at
2:00 a.m.
Last Sunday in Oct.
at 2:00 a.m.
1:00
hst Hawaii -10:00 No default No default No default
zm11 No standard name -11:00 No default No default No default
Time Zone and DST Information Table (continued)
Abbreviation Name
Hours from
UTC DST Start DST End DST Change
Setting the System Clock Managing System Files
page 1-46 OmniSwitch AOS Release 6 Switch Management Guide December 2017
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 2-1
2 Logging Into the Switch
Logging into the switch may be done locally or remotely. Management tools include: the Command Line
Interface (CLI), which may be accessed locally through the console port, or remotely through Telnet;
WebView, which requires an HTTP client (browser) on a remote workstation; and SNMP, which requires
an SNMP manager (such as Alcatel-Lucent OmniVista or HP OpenView) on the remote workstation.
Secure sessions are available using the Secure Shell interface; file transfers are done through FTP or
Secure Shell FTP.
In This Chapter
This chapter describes the basics of logging into the switch to manage the switch through the CLI. It also
includes the information about using Telnet, FTP, and Secure Shell in
both IPv4 and IPv6 environments
for logging into the switch as well as information about using the switch to start a Telnet or Secure Shell
session on another device. It also includes information about managing sessions and specifying a DNS
resolver. For more details about the syntax of referenced commands, see the OmniSwitch AOS Release 6
CLI Reference Guide.
Configuration procedures described in this chapter include:
• “Quick Steps for Logging Into the Switch” on page 2-5
• “Using Telnet” on page 2-8
• “Using FTP” on page 2-10
• “Using Secure Shell” on page 2-12
• “Modifying the Login Banner” on page 2-22
• “Configuring Login Parameters” on page 2-24
• “Enabling the DNS Resolver” on page 2-25
In This Chapter Logging Into the Switch
page 2-2 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Management access is disabled (except through the console port) unless specifically enabled by a network
administrator. For more information about management access and methods, use the table here as a guide:
For more information about... See...
Enabling or “unlocking” management interfaces
on the switch
Chapter 10, “Managing Switch Security”
Authenticating users to manage the switch Chapter 10, “Managing Switch Security”
Creating user accounts directly on the switch Chapter 9, “Managing Switch User Accounts”
Using the CLI Chapter 6, “Using the CLI”
Using WebView to manage the switch Chapter 11, “Using WebView”
Using SNMP to manage the switch Chapter 3, “Using SNMP and OpenFlow”
Logging Into the Switch Login Specifications
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 2-3
Login Specifications
Login Defaults
Access to managing the switch is always available for the admin user through the console port, even if
management access to the console port is disabled
.
The following table describes the maximum number of sessions allowed on an OmniSwitch:
Platforms Supported OmniSwitch 6350, 6450
Telnet clients supported Any standard Telnet client
FTP clients supported Any standard FTP client
HTTP (WebView) clients supported
– Internet Explorer for Windows NT, Windows
XP, and Windows 2000, version 6.0
– Netscape for Windows NT, Windows XP, and
Windows 2000, version 7.1
– Netscape for Sun OS 2.8, version 4.79
– Netscape for HP-UX 11.0, version 4.79
Secure Shell clients supported Any standard Secure Shell client (Secure Shell
Version 2)
Secure Shell public key authentication Password
DSA Public Key
RSA Public Key
SNMP clients supported Any standard SNMP manager (such as HP Open-
View)
Parameter Description Command Default
Session login attempts allowed
before the TCP connection is
closed.
session login-attempt 3 attempts
Time-out period allowed for
session login before the TCP
connection is closed.
session login-timeout 55 seconds
Inactivity time-out period. The
length of time the switch can
remain idle during a login
session before the switch will
close the session.
session timeout 4 minutes
Session
OmniSwitch 6350/
OmniSwitch 6450
Telnet (v4 or v6) 6
FTP (v4 or v6) 4
Login Defaults Logging Into the Switch
page 2-4 OmniSwitch AOS Release 6 Switch Management Guide December 2017
SSH + SFTP (v4 or v6 secure
sessions)
8
HTTP 4
Total Sessions 20
SNMP 50
Session
OmniSwitch 6350/
OmniSwitch 6450
Logging Into the Switch Quick Steps for Logging Into the Switch
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 2-5
Quick Steps for Logging Into the Switch
The following procedure assumes that you have set up the switch as described in the OmniSwitch AOS
Release 6350/6450 Hardware Users Guide. Setup includes:
• Connecting to the switch through the console port.
• Setting up the Ethernet Management Port (EMP) through the switch’s boot prompt.
• Enabling (or “unlocking”) management interfaces types (Telnet, FTP, HTTP, SNMP, and Secure
Shell) through the
aaa authentication command for the interface you are using. Note that Telnet, FTP,
and Secure Shell are used to log into the switch’s Command Line Interface (CLI). For detailed infor-
mation about enabling session types, see Chapter 10, “Managing Switch Security”
1 If you are connected to the switch through the console port, your terminal automatically displays the
switch login prompt. If you are connected remotely, you must enter the switch IP address in your Telnet,
FTP, or Secure Shell client (typically the IP or IPv6 address of the EMP). The login prompt then displays.
2 At the login prompt, enter the admin username. At the password prompt, enter the switch password.
(Alternately, you may enter any valid username and password.) The switch’s default welcome banner is
displayed, followed by the CLI prompt.
Welcome to the Alcatel-Lucent OmniSwitch 6450
Software Version 6.7.1.20.R02 Development, March 21, 2016.
Copyright(c), ALE USA Inc., 2016. All Rights reserved.
OmniSwitch(TM) is a trademark of Alcatel-Lucent Enterprise registered
in the United States Patent and Trademark Office.
You are now logged into the CLI. For information about changing the welcome banner, see “Modifying
the Login Banner” on page 2-22.
For information about changing the login prompt, see Chapter 6, “Using the CLI.”
For information about setting up additional user accounts locally on the switch, see Chapter 9, “Managing
Switch User Accounts.”
Overview of Switch Login Components Logging Into the Switch
page 2-6 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Overview of Switch Login Components
Switch access components include access methods (or interfaces) and user accounts stored on the local
user database in the switch and/or on external authentication servers. Each access method, except the
console port, must be enabled or “unlocked” on the switch before users can access the switch through that
interface.
Management Interfaces
Logging into the switch may be done locally or remotely. Remote connections may be secure or insecure,
depending on the method. Management interfaces are enabled using the
aaa authentication command.
This command also requires specifying the external servers and/or local user database that is used to
authenticate users. The process of authenticating users to manage the switch is called Authenticated
Switch Access (ASA). Authenticated Switch Access is described in detail in
Chapter 10, “Managing
Switch Security”
An overview of management methods is listed here:
Logging Into the CLI
• Console port—A direct connection to the switch through the console port. The console port is always
enabled for the default user account. For more information about connecting to the console port, see
OmniSwitch AOS Release 6350/6450 Hardware Users Guide.
• Telnet—Any standard Telnet client may be used for remote login to the switch. This method is not
secure. For more information about using Telnet to access the switch, see
“Using Telnet” on page 2-8.
• FTP—Any standard FTP client may be used for remote login to the switch. This method is not secure.
See
“Using FTP” on page 2-10.
• Secure Shell—Any standard Secure Shell client may be used for remote login to the switch. See
“Using Secure Shell” on page 2-12.
OmniSwitch
Switch Login Components
remote user
local user
local user
database
Login via Secure Shell, Telnet,
FTP, HTTP, or SNMP
Login via the console port.
Authentication
Server
Logging Into the Switch Overview of Switch Login Components
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 2-7
Using the WebView Management Tool
• HTTP—The switch has a Web browser management interface for users logging in through HTTP.
This management tool is called WebView. For more information about using WebView, see
Chapter 11, “Using WebView.”
Using SNMP to Manage the Switch
• SNMP—Any standard SNMP browser may be used for logging into the switch. See Chapter 3, “Using
SNMP and OpenFlow.”
User Accounts
User accounts may be configured and stored directly on the switch, and user accounts may also be config-
ured and stored on an external authentication server or servers.
The accounts include a username and password. In addition, they also specify the user’s privileges or end-
user profile, depending on the type of user account. In either case, the user is given read-only or read-write
access to particular commands.
• Local User Database
See Chapter 9, “Managing Switch User Accounts,”for information about creating accounts on the switch.
• External Authentication Servers
The switch may be set up to communicate with external authentication servers that contain user informa-
tion. The user information includes usernames and passwords; it may also include privilege information or
reference an end-user profile name.
For information about setting up the switch to communicate with external authentication servers, see the
OmniSwitch AOS Release 6 Network Configuration Guide.
Using Telnet Logging Into the Switch
page 2-8 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Using Telnet
Telnet may be used to log into the switch from a remote station. All of the standard Telnet commands are
supported by software in the switch. When Telnet is used to log in, the switch acts as a Telnet server. If a
Telnet session is initiated from the switch itself during a login session, then the switch acts as a Telnet
client.
Logging Into the Switch Through Telnet
Before you can log into the OmniSwitch using a Telnet interface, the telnet option of the
aaa authentication command must be enabled. Once enabled, any standard Telnet client may be used to
log into the switch. To log into the switch, open your Telnet application and enter the switch’s IP address
(the IP address is the same as the one configured for the EMP). The switch’s welcome banner and login
prompt is displayed.
Note. A Telnet connection is not secure. Secure Shell is recommended instead of Telnet or FTP as a
secure method of accessing the switch.
Starting a Telnet Session from the Switch
At any time during a login session on the switch, you can initiate a Telnet session to another switch (or
some other device) by using the
telnet CLI command and the relevant IP address or hostname. You can
also establish a Telnetv6 session by using the telnet6 command and the relevant IPv6 address or host-
name.
The following shows an example of telnetting to another OmniSwitch with an IP address of
10.255.10.123:
-> telnet 10.255.10.123
Trying 10.255.10.123...
Connected to 10.255.10.123.
Escape character is '^]'.
login :
The following is an example of telnetting to another OmniSwitch with an IPv6 address of
fe80::a00:20ff:fea8:8961:
-> telnet6 fe80::a00:20ff:fea8:8961 intf1
Trying fe80::a00:20ff:fea8:8961...
Connected to fe80::a00:20ff:fea8:8961.
Escape character is '^]'.
login :
Note. It is mandatory to specify the name of the particular IPv6 interface, if the target has been specified
using the link-local address.
Logging Into the Switch Using Telnet
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 2-9
Here, you must enter a valid username and password. Once login is complete, the OmniSwitch welcome
banner is displayed as follows:
login : admin
password :
Welcome to the Alcatel-Lucent OmniSwitch 6450
Software Version 6.7.1.20.R02 Development, March 21, 2016.
Copyright(c), ALE USA Inc., 2016. All Rights reserved.
OmniSwitch(TM) is a trademark of Alcatel-Lucent Enterprise registered
in the United States Patent and Trademark Office.
Using FTP Logging Into the Switch
page 2-10 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Using FTP
The OmniSwitch can function as an FTP server. Any standard FTP client may be used.
Note. An FTP connection is not secure. Secure Shell is recommended instead of FTP or Telnet as a secure
method of accessing the switch.
Using FTP to Log Into the Switch
You can access the OmniSwitch with a standard FTP application. To log in to the switch, start your FTP
client. Where the FTP client asks for “Name”, enter the IP address of your switch. Where the FTP client
asks for “User ID”, enter the username of your login account on the switch. Where the FTP client asks for
“Password”, enter your switch password.
You can use the switch as an FTP client in a case where you do not have access to a workstation with an
FTP client. You can establish an FTP session locally by connecting a terminal to the switch console port.
You can also establish an FTP session to a remote switch by using a Telnet session. Once you are logged
into the switch as an FTP client, you can use standard FTP commands.
You can use the switch ftp command to start an FTP session followed by the relevant IP address or host-
name, and the ftp6 command to start an FTPv6 session followed by relevant IPv6 address or hostname
over an IPv6 environment. You have to specify the name of the particular IPv6 interface, if the target has
been specified using the link-local address.
Note. If you are using Authenticated Switch Access (ASA), the port interface must be authenticated for
FTP use and the username profile must have permission to use FTP. Otherwise the switch does not accept
an FTP login. For information about ASA, refer to Chapter 10, “Managing Switch Security.”
The following is an example of how to start an FTP session to an OmniSwitch with an IP address of
198.23.9.101.
->ftp 198.23.9.101
Connecting to [198.23.9.101]...connected
220 cosmo FTP server (UNIX(r) System V Release 4.1) ready
Name:
You need to enter a valid user name and password for the host you specified with the ftp command, after
which you will get a screen similar to the following display:
Name:Jsmith
331 Password required for Jsmith
Password: *****
230 User Jsmith logged in.
The following is an example of how to start an FTPv6 session to an OmniSwitch with an IPv6 address of
fe80::a00:20ff:fea8:8961.
-> ftp6 fe80::a00:20ff:fea8:8961 intf1
Connecting to [fe80::a00:20ff:fea8:8961]...connected
220 cosmo FTP server (UNIX(r) System V Release 4.1) ready
Name:
Logging Into the Switch Using FTP
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 2-11
You have to enter a valid user name and password for the host you specified with the ftp6 command, after
which you will get a screen similar to the following display:
Name:Jsmith
331 Password required for Jsmith
Password: *****
230 User Jsmith logged in.
Note. It is mandatory to specify the name of the particular IPv6 interface, if the target has been specified
using the link-local address.
After logging in, you see the ftp-> prompt, where you can execute the FTP commands that are supported
on the switch. For further information refer to the OmniSwitch AOS Release 6 CLI Reference Guide.
Note. You must use the binary mode (bin) to transfer image files through FTP.
Using Secure Shell Logging Into the Switch
page 2-12 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Using Secure Shell
The OmniSwitch Secure Shell feature provides a secure mechanism that allows you to log in to a remote
switch, to execute commands on a remote device, and to move files from one device to another. Secure
Shell provides secure, encrypted communications even when your transmission is between two untrusted
hosts or over an unsecure network. Secure Shell protects against a variety of security risks including the
following:
• IP spoofing
• IP source routing
• DNS spoofing
• Interception of clear-text passwords and other data by intermediate hosts
• Manipulation of data by users on intermediate hosts
Note. The OmniSwitch supports Secure Shell Version 2 only.
Secure Shell Components
The OmniSwitch includes both client and server components of the Secure Shell interface and the Secure
Shell FTP file transfer protocol. SFTP is a subsystem of the Secure Shell protocol. All Secure Shell FTP
data are encrypted through a Secure Shell channel.
Since Secure Shell provides a secure session, the Secure Shell interface and SFTP are recommended
instead of the Telnet program or the FTP protocol for communications over TCP/IP for sending file
transfers. Both Telnet and FTP are available on the OmniSwitch but they do not support encrypted
passwords.
Note. Secure Shell may only be used to log into the switch to manage the switch. It cannot be used for
Layer 2 authentication through the switch.
Logging Into the Switch Using Secure Shell
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 2-13
Secure Shell Interface
The Secure Shell interface is invoked when you enter the ssh command, and the Secure Shellv6 interface
is invoked by using the ssh6 command in an IPv6 environment. After the authentication process between
the client and the server is complete, the remote Secure Shell interface runs in the same way as Telnet.
Refer to
“Starting a Secure Shell Session” on page 2-18 to for detailed information.
Configuring the SSH TCP port number
The TCP port number for SSH can be configured using the ssh command. For example:
-> ssh tcp-port 2048
Secure Shell File Transfer Protocol
Secure Shell FTP is the standard file transfer protocol used with Secure Shell version 2. Secure Shell FTP
is an interactive file transfer program (similar to the industry standard FTP) which performs all file
transfer operations over a Secure Shell connection.
You can invoke the Secure Shell FTP session by using the sftp command, and the SFTPv6 session by
using the sftp6 command in an IPv6 environment. Once the authentication phase is complete, the Secure
Shell FTP subsystem runs. Secure Shell FTP connects and logs into the specified host, then enters an
interactive command mode. Refer to
“Starting a Secure Shell Session” on page 2-18 for detailed
information.
Using Secure Shell Logging Into the Switch
page 2-14 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Secure Shell Application Overview
Secure Shell is an access protocol used to establish secured access to your OmniSwitch. The Secure Shell
protocol can be used to manage an OmniSwitch directly or it can provide a secure mechanism for
managing network servers through the OmniSwitch.
The drawing below illustrates the Secure Shell being used as an access protocol replacing Telnet to
manage the OmniSwitch. Here, the user terminal is connected through the network to the switch.
The drawing below shows a slightly different application. Here, a terminal connected to a single OmniS-
witch, which acts as a Secure Shell client is an entry point to the network. In this scenario, the client
portion of the Secure Shell software is used on the connecting OmniSwitch and the server portion of
Secure Shell is used on the switches or servers being managed.
Terminal
OmniSwitch
Network
Secure Shell
Secure Shell Used as an Access Protocol
OmniSwitch as a Secure Shell Client
Network
Secure Shell
Access Protocol
Secure Shell
OmniSwitch Secure
Shell Client
Secure Shell
Server
Terminal
Logging Into the Switch Using Secure Shell
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 2-15
Secure Shell Authentication
Secure Shell authentication is accomplished in several phases using industry standard algorithms and
exchange mechanisms. The authentication phase is identical for Secure Shell and Secure Shell FTP. The
following sections describe the process in detail.
Protocol Identification
When the Secure Shell client in the OmniSwitch connects to a Secure Shell server, the server accepts the
connection and responds by sending back an identification string. The client will parse the server’s identi
-
fication string and send an identification string of its own. The purpose of the identification strings is to
validate that the attempted connection was made to the correct port number. The strings also declare the
protocol and software version numbers. This information is needed on both the client and server sides for
debugging purposes.
At this point, the protocol identification strings are in human-readable form. Later in the authentication
process, the client and the server switch to a packet-based binary protocol, which is machine readable
only.
Algorithm and Key Exchange
The OmniSwitch Secure Shell server is identified by one or several host-specific keys. Both the client and
server process the key exchange to choose a common algorithm for encryption, signature, and compres
-
sion. This key exchange is included in the Secure Shell transport layer protocol. It uses a key agreement to
produce a shared secret that cannot be determined by either the client or the server alone. The key
exchange is combined with a signature and the host key to provide host authentication. Once the exchange
is completed, the client and the server turn encryption on using the selected algorithm and key. The
following elements are supported:
Note. The OmniSwitch generates a DSA and RSA host keys at initial startup. The key on the switch is
made up of two file names contained in the directory above. There is a public key and a private key. To
generate a different key, use the Secure Shell tools available on your Unix or Windows system and copy
Host Key Types DSA / RSA
Encryption Algorithms aes128-ctr,aes192-ctr,aes256-ctr
arcfour256,arcfour128
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc
aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
Data Integrity Algorithms hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
hmac-ripemd160@openssh.com
hmac-sha1-96,hmac-sha2-256,hmac-md5-96
Compression Algorithms None Supported
Key Exchange Algorithms diffie-hellman-group-exchange-sha256
diffie-hellman-group-exchange-sha1
diffie-hellman-group14-sha1
diffie-hellman-group1-sha1
Default key location /flash/network
Default key names ssh_host_dsa_key.pub (DSA public key)
ssh_host_dsa_key (DSA private key)
ssh_host_rsa_key.pub (RSA public key)
ssh_host_rsa_key (RSA private key)
Using Secure Shell Logging Into the Switch
page 2-16 OmniSwitch AOS Release 6 Switch Management Guide December 2017
the files to the specified directory on your switch. The new key takes effect after the OmniSwitch is
rebooted.
Authentication Phase
When the client tries to authenticate, the server determines the process used by telling the client which
authentication methods can be used. The client has the freedom to attempt several methods listed by the
server. The server disconnects itself from the client if a certain number of failed authentications are
attempted or if a time-out period expires. Authentication is performed independent of whether the Secure
Shell interface or the SFTP file transfer protocol is implemented.
Logging Into the Switch Using Secure Shell
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 2-17
Connection Phase
After successful authentication, both the client and the server process the Secure Shell connection
protocol. The OmniSwitch supports one channel for each Secure Shell connection. This channel can be
used for a Secure Shell session or a Secure Shell FTP session.
Using Secure Shell DSA Public Key Authentication
The following procedure is used to set up Secure Shell (SSH) DSA public key authentication (PKA)
between an OmniSwitch and a client device:
Note. Note that if PKA fails, the user is prompted for a password. This is the password that was specified
when the user name was created on the OmniSwitch. Additionally, a similar procedure can be used for
RSA.
1 Use the PuTTYgen SSH software on the client device to generate a type SSH2 DSA private and public
key pair.
2 Do not save the public key on the client device using PutTTYgen. Instead, copy the key from the
PuTTYgen public key window and paste the key into a text file with the filename userid_dsa.pub. Spec
-
ify a valid OmniSwitch user login name for the userid portion of the filename. For example, the following
public key filename is for OmniSwitch user Thomas:
thomas_dsa.pub
3 Use PuTTYgen to save the private key on the client device.
4 Verify that the userid specified as part of the filename in Step 2 is a valid user name on the OmniS-
witch. If the username does not already exist in the switch configuration, create the user name with the
appropriate privileges.
5 FTP in ASCII mode the userid_dsa.pub file from the client device to the flash/network/pub direc-
tory on the OmniSwitch. Create the flash/network/pub directory first if it does not already exist.
6 Using PuTTY software on the client device, access SSH, then Auth, and then select the private key
generated in Step 1 to start the authentication process.
7 To enforce Secure Shell PKA on a switch use the ssh enforce pubkey-auth command.
Note. If a public key file (that is, thomas_dsa.pub) exists in the flash/network/pub directory on the
switch, PKA is still used even if this method of authentication was disabled using the
ssh enforce
pubkey-auth command. Rename, move, or delete the public key file to ensure that PKA is disabled on the
switch.
Using Secure Shell Logging Into the Switch
page 2-18 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Starting a Secure Shell Session
To start a Secure Shell session, issue the ssh command and identify the IP address or hostname for the
device you are connecting to.
You can use the ssh6 command to start an SSHv6 session followed by the relevant IPv6 address or the
hostname, over an IPv6 environment.
Note. You can only use a host name instead of an IP address if the DNS resolver has been configured and
enabled. If not, you must specify an IP address. See Chapter 1, “Managing System Files,” for details.
Note. Use of the cmdtool OpenWindows support facility is not recommended over Secure Shell connec-
tions with an external server.
The following command establishes a Secure Shell interface from the local OmniSwitch to IP address
11.133.30.135:
-> ssh 11.133.30.135
login as:
Note. If Secure Shell is not enabled on a switch, use the ssh enable command to enable it.
You can establish eight SSH sessions towards an OmniSwitch when it acts as Server. A maximum of three
SSH sessions are allowed in a minute (utilities such as keyscan is also considered as a valid session). More
than three sessions in a minute result in an SSH attack. A minute after an attack, only one SSH session per
minute is allowed. If there is no SSH session created for the next three minutes after an attack, a maxi
-
mum of three SSH sessions are allowed for a minute again.
You must have a login and password that is recognized by the IP address you specify. When you enter
your login, the device you are logging in to, requests your password as shown here:
-> ssh 11.133.30.135
login as: rrlogin1
rrlogin1's password for keyboard-interactive method:
Once the Secure Shell session is established, you can use the remote device specified by the IP address on
a secure connection from your OmniSwitch.
Note. The login parameters for Secure Shell session login parameters can be affected by the
session login-attempt and session login-timeout CLI commands.
Logging Into the Switch Using Secure Shell
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 2-19
The following drawing shows an OmniSwitch, using IP address 11.233.10.145, establishing a Secure Shell
session across a network to another OmniSwitch, using IP address 11.133.30.135. To establish this session
from the console in the figure below, you would use the CLI commands shown in the examples above.
Once you issue the correct password, you are logged into the OmniSwitch at IP address 11.133.30.135.
To view the parameters of the Secure Shell session, issue the who command. The following is displayed:
-> who
Session number = 0
User name = (at login),
Access type = console,
Access port = Local,
IP address = 0.0.0.0,
Read-only domains = None,
Read-only families = ,
Read-Write domains = None,
Read-Write families = ,
End-User profile =
Session number = 1
User name = rrlogin1,
Access type = ssh,
Access port = NI,
IP address = 11.233.10.145,
Read-only domains = None,
Read-only families = ,
Read-Write domains = All ,
Read-Write families = ,
End-User profile =
This display shows two sessions currently running on the remote OmniSwitch at IP address
11.133.30.135. Session number 0 is identified as the console session. Session number 1 indicates the
User name is rrlogin1, the IP address is 11.233.10.145, and the Access type is “ssh” which indicates a
Secure Shell session.
Note. You can use the ssh6 command followed by the IPv6 address or the hostname of the SSHv6 server
to start an SSHv6 session. It is mandatory to specify the name of the particular IPv6 interface, if the
SSHv6 server has been specified using its link-local address.
Secure Shell Session between Two OmniSwitches
OmniSwitch
11.233.10.145
Console
OmniSwitch
11.133.30.135
Using Secure Shell Logging Into the Switch
page 2-20 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Closing a Secure Shell Session
To terminate the Secure Shell session, issue the exit command. The following is displayed:
-> exit
Connection to 11.133.30.135 closed.
Using the example shown above, this display indicates the Secure Shell session between the two switches
is closed. At this point, the user is logged into the local OmniSwitch at IP address 11.233.10.145.
Note. Establishing and closing the Secure Shellv6 connection is similar to that of the Secure Shell connec-
tion.
Log Into the Switch with Secure Shell FTP
To open a Secure Shell FTP session from a local OmniSwitch to a remote device, issue the sftp command
and identify the IP address or hostname for the device you are connecting to.
You can use the sftp6 command to start an Secure Shell FTPv6 session followed by the relevant IPv6
address or hostname, over an IPv6 environment.
The following example describes how a Secure Shell interface is established from the local OmniSwitch to
IP address
10.222.30.125:
1 Log on to the OmniSwitch and issue the sftp CLI command. The command syntax requires you to
identify the IP address or hostname for the device to which you are connecting. The following command
establishes a Secure Shell FTP interface from the local OmniSwitch to IP address 10.222.30.125.
-> sftp 10.222.30.125
login as:
Note. If SFTP is not enabled, use the scp-sftp command to enable it.
2 You must have a login and password that is recognized by the IP address you specify. When you enter
your login, the device you are logging in to, requests your password as shown here.
-> sftp 10.222.30.125
login as: rrlogin2
rrlogin2's password for keyboard-interactive method:
Note. You can use the sftp6 command followed by the IPv6 address or hostname of the SFTPv6 server to
start an SFTPv6 session. It is mandatory to specify the name of the particular IPv6 interface, if the SFTPv6
server has been specified using its link-local address. After logging in, you see the sftp> prompt. You may
enter a question mark (?) to view available Secure Shell FTP commands and their definitions as shown
here.
Logging Into the Switch Using Secure Shell
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 2-21
sftp>?
Available commands:
cd path Change remote directory to 'path'
lcd path Change local directory to 'path'
chmod mode path Change permissions of file 'path' to 'mode'
help Display this help text
get remote-path [local-path] Download file
lls [path]] Display local directory listing
ln oldpath newpath Symlink remote file
lmkdir path Create local directory
lpwd Print local working directory
ls [path] Display remote directory listing
mkdir path Create remote directory
put local-path [remote-path] Upload file
pwd Display remote working directory
exit Quit sftp
quit Quit sftp
rename oldpath newpath Rename remote file
rmdir path Remove remote directory
rm path Delete remote file
symlink oldpath newpath Symlink remote file
version Show SFTP version
? Synonym for help
Note. Although Secure Shell FTP has commands similar to the industry standard FTP, the underlying
protocol is different. See
Chapter 1, “Managing System Files,” for a Secure Shell FTP application exam-
ple.
Closing a Secure Shell FTP Session
To terminate the Secure Shell FTP session, issue the exit command. The following is displayed:
-> exit
Connection to 11.133.30.135 closed.
This display indicates the Secure Shell FTP session with IP address 11.133.20.135 is closed. The user is
now logged into the OmniSwitch as a local device with no active remote connection.
Note. Establishing and closing the Secure Shell FTPv6 connection is similar to that of the Secure Shell
FTP connection.
Modifying the Login Banner Logging Into the Switch
page 2-22 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Modifying the Login Banner
The Login Banner feature allows you to change the banner that displays whenever someone logs into the
switch. This feature can be used to display messages about user authorization and security. You can
display the same banner for all login sessions or you can implement different banners for different login
sessions. You can display a different banner for logins initiated by FTP sessions than for logins initiated
by a direct console or a Telnet connection. The default login message looks similar to the following:
login : user123
password :
Welcome to the Alcatel-Lucent OmniSwitch 6450
Software Version 6.7.1.20.R02 Development, March 21, 2016.
Copyright(c), ALE USA Inc., 2016. All Rights reserved.
OmniSwitch(TM) is a trademark of Alcatel-Lucent Enterprise registered
in the United States Patent and Trademark Office.
Here is an example of a banner that has been changed:
login : user123
password :
Welcome to the Alcatel-Lucent OmniSwitch 6450
Software Version 6.7.1.20.R02 Development, March 21, 2016.
Copyright(c), ALE USA Inc., 2016. All Rights reserved.
OmniSwitch(TM) is a trademark of Alcatel-Lucent Enterprise registered
in the United States Patent and Trademark Office.
********** LOGIN ALERT ************************
This switch is a secure device. Unauthorized
use of this switch will go on your permanent record.
Two steps are required to change the login banner. These steps are listed here:
• Create a text file that contains the banner you want to display in the switch’s /flash/switch directory.
• Enable the text file by entering the session banner CLI command followed by the filename.
To create the text file containing the banner text, you may use the vi text editor in the switch. (See
Chapter 1, “Managing System Files,” for information about creating files directly on the switch.) This
method allows you to create the file in the /flash directory without leaving the CLI console session. You
can also create the text file using a text editing software package (such as MS Wordpad) and transfer the
file to the switch’s /flash directory. For more information about file transfers, see
Chapter 1, “Managing
System Files,”
If you want the login banner in the text file to apply to FTP switch sessions, execute the following CLI
command where the text filename is firstbanner.txt.
-> session banner ftp /flash/firstbanner.txt
If you want the login banner in the text file to apply to CLI switch sessions, execute the following CLI
command where the text filename is secondbanner.txt.
-> session banner cli /flash/secondbanner.txt
Logging Into the Switch Modifying the Login Banner
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 2-23
If you want the login banner in the text file to apply to HTTP switch sessions, execute the following CLI
command where the text filename is thirdbanner.txt.
-> session banner http /flash/thirdbanner.txt
The banner files must contain only ASCII characters and should bear the .txt extension. The switch does
not reproduce graphics or formatting contained in the file.
Modifying the Text Display Before Login
By default, the switch does not display any text before the login prompt for any CLI session.
At initial bootup, the switch creates a pre_banner.txt file in the /flash directory. The file is empty and
may be edited to include text that you want to display before the login prompt.
For example:
Please supply your user name and password at the prompts.
login : user123
password :
In this example, the pre_banner.txt file has been modified with a text editor to include the Please supply
your user name and password at the prompts message.
The pre-banner text cannot be configured for FTP sessions.
To remove a text display before the login prompt, delete the pre_banner.txt file (it is recreated at the next
bootup and will be empty), or modify the pre_banner.txt file.
Configuring Login Parameters Logging Into the Switch
page 2-24 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Configuring Login Parameters
You can set the number of times a user may attempt unsuccessfully to log in to the switch’s CLI by using
the
session login-attempt command as follows:
-> session login-attempt 5
In this example, the user may attempt to log in to the CLI five (5) times unsuccessfully. If the user
attempts to log in the sixth time, the switch will break the TCP connection.
You may also set the length of time allowed for a successful login by using the session login-timeout
command as follows:
-> session login-timeout 20
In this example, the user must complete the login process within 20 seconds. This means that the time
between a user entering a login name and the switch processing a valid password must not exceed 20
seconds. If the time-out period exceeds, the switch will break the TCP connection.
Configuring the Inactivity Timer
You can set the amount of time that a user must be inactive before the session times out. By default, the
time-out for each session type is 4 minutes. To change the setting, enter the
session timeout command
with the type of session (cli, http, or ftp) and the desired number of minutes. In the following example, the
CLI time-out is changed from the default to 8 minutes.
-> session timeout cli 8
This command changes the inactivity timer for new CLI sessions to 8 minutes. Current CLI sessions are
not affected. In this example, current CLI sessions will be timed out after 4 minutes. (CLI sessions are
initiated through Telnet, Secure Shell, or through the switch console port.)
For information about connecting to the CLI through Telnet or Secure Shell, see “Using Telnet” on
page 2-8 and “Using Secure Shell” on page 2-12. For information about connecting to the CLI through the
console port, see your Getting Started Guide. For information about using the CLI in general, see
Chapter 6, “Using the CLI.”
The ftp option sets the time-out for FTP sessions. For example, to change the FTP time-out to 5 minutes,
enter the following command:
-> session timeout ftp 5
This command changes the time-out for new FTP sessions to 5 minutes. Current FTP sessions are not
affected. For more information about FTP sessions, see
“Using FTP” on page 2-10.
The http option sets the time-out for WebView sessions. For example, to change the WebView inactivity
timer to 10 minutes, enter the following command:
-> session timeout http 10
In this example, any new WebView session will have a time-out of 10 minutes. Current WebView
sessions are not affected. For more information about WebView sessions, see
Chapter 11, “Using
WebView.”
Logging Into the Switch Enabling the DNS Resolver
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 2-25
Enabling the DNS Resolver
A Domain Name System (DNS) resolver is an optional internet service that translates host names into IP
addresses. Every time you enter a host name when logging into the switch, a DNS service must look up
the name on a server and resolve the name to an IP address. You can configure up to three IPv4 domain
name servers and three IPv6 domain name servers that is queried in turn to resolve the host name. If all
servers are queried and none can resolve the host name to an IP address, the DNS fails. If the DNS fails,
you must either enter an IP or IPv6 address in place of the host name or specify the necessary lookup
tables on one of the specified servers.
Note. You do not need to enable the DNS resolver service unless you want to communicate with the
switch by using a host name. If you use an IP or IPv6 address rather than a host name, the DNS resolver
service is not needed.
You must perform three steps on the switch to enable the DNS resolver service.
1 Set the default domain name for DNS lookups with the ip domain-name CLI command.
-> ip domain-name mycompany1.com
2 Use the ip domain-lookup CLI command to enable the DNS resolver service.
-> ip domain-lookup
You can disable the DNS resolver by using the no ip domain-lookup command. For more information,
refer to the OmniSwitch AOS Release 6 CLI Reference Guide.
3 Specify the IP addresses of up to three servers with the ip name-server CLI command. These servers
will be queried when a host lookup is requested.
-> ip name-server 189.202.191.14 189.202.191.15 189.255.19.1
You can also specify IPv6 DNS servers to query on a host lookup. The following example describes the
steps to enable the IPv6 DNS resolver service on the switch.
1 Set the default domain name for IPv6 DNS lookups with the ip domain-name CLI command.
-> ip domain-name mycompany1.com
2 Use the ip domain-lookup CLI command to enable the IPv6 DNS resolver service.
-> ip domain-lookup
You can disable the IPv6 DNS resolver by using the no form of the ip domain-lookup command. For
more information, refer to the OmniSwitch AOS Release 6 CLI Reference Guide.
3 Specify the IPv6 addresses of up to three servers with the ipv6 name-server CLI command. These IPv6
servers will be queried when a host lookup is requested.
-> ipv6 name-server fe2d::2c f302::3de1:1 f1bc::202:fd40:f3
Note. You cannot use multicast, loopback, link-local and unspecified IPv6 addresses for specifying IPv6
DNS servers.
Verifying Login Settings Logging Into the Switch
page 2-26 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Verifying Login Settings
To display information about login sessions, use the following CLI commands:
For more information about these commands, refer to the OmniSwitch AOS Release 6 CLI Reference
Guide.
who Displays all active login sessions (for example, console, Telnet, FTP,
HTTP, Secure Shell, Secure Shell FTP).
whoami Displays the current user session.
show session config Displays session configuration information (for example, default
prompt, banner file name, inactivity timer, login timer, login attempts).
show dns Displays the current DNS resolver configuration and status.
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 3-1
3 Using SNMP and
OpenFlow
The Simple Network Management Protocol (SNMP) is an application-layer protocol that allows
communication between SNMP managers and SNMP agents on an IPv4 as well as on an IPv6 network.
Network administrators use SNMP to monitor network performance and to manage network resources.
OpenFlow is a communications interface defined between the control and forwarding layers that is used in
a Software Defined Network (SDN). OpenFlow separates the control plane and the data plane in the
switch. Traditionally, switches and routers have made decisions on where packets should travel based on
rules local to the device.
In This Chapter
This chapter describes SNMP and OpenFlow and how to use them through the Command Line Interface
(CLI). CLI commands are used in the configuration examples; for more details about the syntax of
commands, see the OmniSwitch AOS Release 6 CLI Reference Guide.
Configuration procedures described in this chapter include:
• ‘‘Setting Up An SNMP Management Station’’ on page 3-4
• ‘‘Setting Up Trap Filters’’ on page 3-5
• “Using SNMP For Switch Security” on page 3-10
• “Working with SNMP Traps” on page 3-14
• “OpenFlow Specifications” on page 3-27
• “Quick Steps to Configure OpenFlow Agent” on page 3-30
• “Verifying OpenFlow Configuration” on page 3-31
This chapter also includes lists of Industry Standard and Enterprise (Proprietary) MIBs used to manage the
OmniSwitch.
SNMP Specifications Using SNMP and OpenFlow
page 3-2 OmniSwitch AOS Release 6 Switch Management Guide December 2017
SNMP Specifications
The following table lists specifications for the SNMP protocol.
RFCs Supported for SNMPv2 1902 through 1907 - SNMPv2c Management Framework
1908 - Coexistence and transitions relating to SNMPv1 and SNMPv2c
RFCs Supported for SNMPv3 2570 – Version 3 of the Internet Standard Network Management
Framework
2571 – Architecture for Describing SNMP Management Frameworks
2572 – Message Processing and Dispatching for SNMP
2573 – SNMPv3 Applications
2574 – User-based Security Model (USM) for version 3 SNMP
2575 – View-based Access Control Model (VACM) for SNMP
2576 – Coexistence between SNMP versions
Platforms Supported OmniSwitch 6350, 6450
SNMPv1, SNMPv2, SNMPv3 The SNMPv3 protocol is ascending compatible with SNMPv1 and v2
and supports all the SNMPv1 and SNMPv2 PDUs
SNMPv1 and SNMPv2
Authentication
Community Strings
SNMPv1, SNMPv2 Encryption None
SNMPv1 and SNMPv2 Security
requests accepted by the switch
Sets and Gets
SNMPv3 Authentication SHA, MD5
SNMPv3 Encryption DES
SNMPv3 Security requests
accepted by the switch.
Non-authenticated Sets, Non-authenticated Gets and Get-Nexts,
Authenticated Sets, Authenticated Gets and Get-Nexts, Encrypted Sets,
Encrypted Gets and Get-Nexts
SNMP traps Refer to the table on page 3-10 for a complete list of traps and their
definitions.
Maximum number of SNMP
sessions that can be established
on an OmniSwitch.
50
Using SNMP and OpenFlow SNMP Defaults
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 3-3
SNMP Defaults
The following table describes the default values of the SNMP protocol parameters.
Parameter Description Command Default Value/Comments
SNMP Management Station snmp station UDP port 162, SNMPv3, Enabled
Community Strings snmp community map Enabled
SNMP Security setting snmp security Privacy all (highest) security
Trap filtering snmp trap filter Disabled
Trap Absorption snmp trap absorption Enabled
Enables the forwarding of traps to
WebView.
snmp trap to webview Enabled
Enables or disables SNMP
authentication failure trap forwarding.
snmp authentication trap Disabled
Quick Steps for Setting Up An SNMP Management Station Using SNMP and OpenFlow
page 3-4 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Quick Steps for Setting Up An SNMP
Management Station
An SNMP Network Management Station (NMS) is a workstation configured to receive SNMP traps from
the switch. To set up an SNMP NMS by using the switch’s CLI, proceed as follows:
1 Specify the user account name and the authentication type for that user. For example:
-> user NMSuserV3MD5DES md5+des password ********
2 Specify the UDP destination port number (in this case 8010), the IP address of the management station
(199.199.100.200), a user account name (NMSuserV3MD5DES), and the SNMP version number (v3). For
example:
-> snmp station 199.199.100.200 8010 NMSuserV3MD5DES v3 enable
Use the same command as above for specifying the IPv6 address of the management station. For example:
-> snmp station 300::1 enable
Note. Optional. To verify the SNMP Management Station, enter the show snmp station command. The
display is similar to the one shown here:
-> show snmp station
ipAddress/udpPort status protocol user
---------------------------+---------+--------+-------------------------------
199.199.100.200/8010 enable v3 NMSuserV3MD5DES
199.199.101.201/111 disable v2 NMSuserV3MD5
199.199.102.202/8002 enable v1 NMSuserV3SHADES
-> show snmp station
ipAddress/udpPort status protocol user
---------------------------------------------------+---------+--------+------
172.21.160.32/4000 enable v3 abc
172.21.160.12/5000 enable v3 user1
0300:0000:0000:0000:0211:d8ff:fe47:470b/4001 enable v3 user2
0300:0000:0000:0000:0211:d8ff:fe47:470c/5001 enable v2 abc
For more information about this display, see the “SNMP Commands” chapter in the OmniSwitch AOS
Release 6 CLI Reference Guide.
Using SNMP and OpenFlow Quick Steps for Setting Up Trap Filters
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 3-5
Quick Steps for Setting Up Trap Filters
You can filter traps by limiting user access to trap command families. You can also filter according to
individual traps.
Filtering by Trap Families
The following example creates a new user account. This account is granted read-only privileges to three
CLI command families (snmp, chassis, and interface). Read-only privileges is withheld from all other
command families.
1 Set up a user account named “usermark2” by executing the user CLI command.
-> user usermark2 password ******
2 Remove all read-only privileges from the user account.
-> user usermark2 read-only none
3 Add read-only privileges for the snmp, chassis, and interface command families.
-> user usermark2 read-only snmp chassis interface
Note. Optional. To verify the user account, enter the show user command. A partial display is shown
here:
-> show user
User name = usermark2
Read right = 0x0000a200 0x00000000,
Write right = 0x00000000 0x00000000,
Read for domains = ,
Read for families = snmp chassis interface ,
Write for domains = None ,
Snmp authentication = NONE, Snmp encryption = NONE
The usermark2 account has read-only privileges for the snmp, chassis, and interface command families.
4 Set up an SNMP station with the user account “usermark2” defined above.
-> snmp station 210.1.2.1 usermark2 v3 enable
Note. Optional.To verify the SNMP Management Station, enter the show snmp station command. The
display is similar to the one shown here:
-> show snmp station
ipAddress/udpPort status protocol user
---------------------------+---------+--------+-------------------------------
210.1.2.1/162 enable v3 usermark2
The usermark2 account is established on the SNMP station at IP address 210.1.2.1.
Quick Steps for Setting Up Trap Filters Using SNMP and OpenFlow
page 3-6 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Filtering by Individual Traps
The following example enables trap filtering for the coldstart, warmstart, linkup, and linkdown traps. The
identification numbers for these traps are 0, 1, 2, and 3. When trap filtering is enabled, these traps are
filtered. This means that the switch does not pass them through to the SNMP management station. All
other traps are passed through.
1 Specify the IP address for the SNMP management station and the trap identification numbers.
-> show snmp trap filter 210.1.2.1 0 1 2 3
-> snmp trap filter 300::1 1 3 4
Note. Optional. You can verify which traps will not pass through the filter by entering the snmp trap
filter command. The display is similar to the one shown here:
-> show snmp trap filter
ipAddress trapId list
-----------------+----------------------------------------
210.1.2.1 0 1 2 3
The SNMP management station with the IP address of 210.1.2.1 will not receive trap numbers 0, 1, 2,
and 3.
For trap numbers refer to the “Using SNMP For Switch Security” on page 3-10. For more information on
the CLI commands and the displays in these examples, refer to the OmniSwitch AOS Release 6 CLI Refer-
ence Guide.
Using SNMP and OpenFlow SNMP Overview
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 3-7
SNMP Overview
SNMP provides an industry standard communications model used by network administrators to manage
and monitor their network devices. The SNMP model defines two components, the SNMP Manager and
the SNMP Agent.
• The SNMP Manager resides on a workstation hosting the management application. It can query agents
by using SNMP operations. An SNMP manager is commonly called a Network Management System
(NMS). NMS refers to a system made up of a network device (such as a workstation) and the NMS
software. It provides an interface that allows users to request data or see alarms resulting from traps or
informs. It can also store data that can be used for network analysis.
• The SNMP Agent is the software entity that resides within the switch on the network. It maintains the
management data about a particular network device and reports this data, as needed, to the managing
systems. The agent also responds to requests for data from the SNMP Manager.
Along with the SNMP agent, the switch also contains Management Information Bases (MIBs). MIBs are
databases of managed objects, written in the SNMP module language, which can be monitored by the
NMS. The SNMP agent contains MIB variables, which have values the NMS can request or change using
Get, GetNext, GetBulk, or Set operations. The agent can also send unsolicited messages (traps or informs)
to the NMS to notify the manager of network conditions.
SNMP Operations
Devices on the network are managed through transactions between the NMS and the SNMP agent residing
on the network device (that is, switch). SNMP provides two kinds of management transactions, manager-
request/agent-response and unsolicited notifications (traps or informs) from the agent to the manager.
In a manager-request/agent-response transaction, the SNMP manager sends a request packet, referred to as
a Protocol Data Unit (PDU), to the SNMP agent in the switch. The SNMP agent complies with the request
and sends a response PDU to the manager. The types of management requests are Get, GetNext, and
GetBulk requests. These transactions are used to request information from the switch (Get, GetNext, or
GetBulk) or to change the value of an object instance on the switch (Set).
In an unsolicited notification, the SNMP agent in the switch sends a trap PDU to the SNMP manager to
inform it that an event has occurred. The SNMP manager normally does not send confirmation to the
agent acknowledging receipt of a trap.
SNMP Network Model
Network Management Station OmniSwitch
SNMP Manager
SNMP Agent
OmniSwitch 6648
SNMP Overview Using SNMP and OpenFlow
page 3-8 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Using SNMP for Switch Management
The Alcatel-Lucent switch can be configured using the Command Line Interface (CLI), SNMP, or the
WebView device management tool. When configuring the switch by using SNMP, an NMS application
(such as Alcatel-Lucent’s OmniVista or HP OpenView) is used.
Although MIB browsers vary depending on which software package is used, they all have a few things in
common. The browser must compile the Alcatel-Lucent switch MIBs before it can be used to manage the
switch by issuing requests and reading statistics. Each MIB must be checked for dependencies and the
MIBs must be compiled in the proper order. Once the browser is properly installed and the MIBs are
compiled, the browser software can be used to manage the switch. The MIB browser you use depends on
the design and management requirements of your network.
Detailed information on working with MIB browsers is beyond the scope of this manual. However, you
must know the configuration requirements of your MIB browser or other NMS installation before you can
define the system to the switch as an SNMP station.
Setting Up an SNMP Management Station
An SNMP management station is a workstation configured to receive SNMP traps from the switch. You
must identify this station to the switch by using the
snmp station CLI command.
The following information is needed to define an SNMP management station.
• The IP address of the SNMP management station device.
• The UDP destination port number on the management station. This identifies the port to which the
switch sends traps.
• The SNMP version used by the switch to send traps.
• A user account name that the management station recognizes.
Procedures for configuring a management station can be found in “Quick Steps for Setting Up An SNMP
Management Station” on page 3-4
SNMP Versions
The SNMP agent in the switch can communicate with multiple managers. You can configure the switch to
communicate with different management stations by using different versions of SNMP. The switch
supports three versions of SNMP—v1, v2, and v3.
SNMPv1
SNMPv1 is the original implementation of the SNMP protocol and network management model. It is
characterized by the Get, Set, GetNext, and Trap protocol operations.
SNMPv1 uses a rudimentary security system where each PDU contains information called a community
string. The community string acts like a combination username and password. When you configure a
device for SNMP management you normally specify one community string that provides read-write access
to objects within the device and another community string that limits access to read-only. If the
community string in a data unit matches one of these strings, the request is granted. If not, the request is
denied.
Using SNMP and OpenFlow SNMP Overview
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 3-9
The community string security standard offers minimal security and is generally insufficient for networks
where the need for security is high. Although SNMPv1 lacks bulk message retrieval capabilities and secu
-
rity features, it is widely used and is a de facto standard in the Internet environment.
SNMPv2
SNMPv2 is a later version of the SNMP protocol. It uses the same Get, Set, GetNext, and Trap operations
as SNMPv1 and supports the same community-based security standard. SNMPv1 is incompatible with
SNMPv2 in certain applications due to the following enhancements:
• Management Information Structure
SNMPv2 includes new macros for defining object groups, traps compliance characteristics, and
capability characteristics.
• Protocol Operations
SNMPv2 has two new PDUs not supported by SNMPv1. The GetBulkRequest PDU enables the
manager to retrieve large blocks of data efficiently. In particular, it is well suited to retrieving multiple
rows in a table. The InformRequest PDU enables one manager to send trap information to another
manager.
SNMPv3
SNMPv3 supports the View-Based Access Control Model (VACM) and User-Based Security Model
(USM) security models along with these added security features:
• Message integrity—Ensuring that a packet has not been tampered with in transit.
• Time Frame Protection—Limiting requests to specified time frames. The user can specify a time frame
so that any PDU bearing an out of date timestamp is ignored.
• Encryption—Scrambling the contents of a packet to prevent it from being learned by an unauthorized
source.
• Authentication—Determining that the message is from a valid source holding the correct privileges.
Using SNMP For Switch Security Using SNMP and OpenFlow
page 3-10 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Using SNMP For Switch Security
Community Strings (SNMPv1 and SNMPv2)
The switch supports the SNMPv1 and SNMPv2c community strings security standard. When a commu-
nity string is carried over an incoming SNMP request, the community string must match up with a user
account name as listed in the community string database on the switch. Otherwise, the SNMP request is
not processed by the SNMP agent in the switch.
Configuring Community Strings
To use SNMPv1 and v2 community strings, each user account name must be mapped to an SNMP
community string. Follow these steps:
1 Create a user account on the switch and define its password. Enter the following CLI syntax to create
the account “community_user1”.
-> user community_user1 password ******* no auth read-only all
Note. A community string inherits the security privileges of the user account that creates it.
A user account can be created locally on the switch by using CLI commands. For detailed information on
setting up user accounts, refer to the “Using Switch Security” chapter of this manual.
2 Map the user account to a community string.
A community string works like a password so it is defined by the user. It can be any text string up to 32
characters in length. If spaces are part of the text, the string must be enclosed in quotation marks (“ ”). The
following CLI command maps the username “community_user1” to the community string “comstring2”.
-> snmp community map comstring2 user community_user1 enable
3 Verify that the community string mapping mode is enabled.
By default, the community strings database is enabled. (If community string mapping is not enabled, the
community string configuration is not checked by the switch.) If the community string mapping mode is
disabled, use the following command to enable it.
-> snmp community map mode enable
Note. Optional. To verify that the community string is properly mapped to the username, enter the
show snmp community map command. The display is similar to the one shown here:
->show snmp community map
Community mode : enabled
status community string user name
--------+--------------------------------+--------------------------------
enabled comstring2 community_user1
This display also verifies that the community map mode is enabled.
Using SNMP and OpenFlow Using SNMP For Switch Security
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 3-11
Encryption and Authentication (SNMPv3)
Two important processes are used to verify that the message contents have not been altered and that the
source of the message is authentic. These processes are encryption and authentication.
A typical data encryption process requires an encryption algorithm on both ends of the transmission and a
secret key (like a code or a password). The sending device encrypts or “scrambles” the message by
running it through an encryption algorithm along with the key. The message is then transmitted over the
network in its encrypted state. The receiving device then takes the transmitted message and “un-scram
-
bles” it by running it through a decryption algorithm. The receiving device cannot un-scramble the coded
message without the key.
The switch uses the Data Encryption Standard (DES) encryption scheme in its SNMPv3 implementation.
For DES, the data is encrypted in 64-bit blocks by using a 56-bit key. The algorithm transforms a 64-bit
input into a 64-bit output. The same steps with the same key are used to reverse the encryption.
The authentication process ensures that the switch receives accurate messages from authorized sources.
Authentication is accomplished between the switch and the SNMP management station through the use of
a username and password identified via the
snmp station CLI syntax. The username and password are
used by the SNMP management station along with an authentication algorithm (SHA or MD5) to compute
a hash that is transmitted in the PDU. The switch receives the PDU and computes the hash to verify that
the management station knows the password. The switch also verifyies the checksum contained in the
PDU.
Authentication and encryption are combined when the PDU is first authenticated by either the SHA or
MD5 method. Then the message is encrypted using the DES encryption scheme. The encryption key is
derived from the authentication key, which is used to decrypt the PDU on the switch’s side.
Configuring Encryption and Authentication
Setting Authentication for a User Account
User account names and passwords must be a minimum of 8 characters in length when authentication and
encryption are used. SNMP authentication types SHA and MD5 are available with DES and AES encryp
-
tion. Specify the required authentication algorithm and the encryption standard to be used for authenticat-
ing and encrypting in the command syntax.
The following syntax sets authentication type MD5 with DES encryption for user account “user_auth1”.
-> user user_auth1 password pass1pass1 md5+des
Note. Optional. To verify the authentication and encryption type for the user, enter the show user
command. The following is a partial display.
-> show user
User name = user_auth1,
Password expiration = None,
Password allow to be modified date = None,
Account lockout = None,
Password bad attempts = 0,
Read Only for domains = None,
Read/Write for domains = None,
Snmp allowed = YES,
Snmp authentication = MD5,
Snmp encryption = DES,
Console-Only = Disabled
Using SNMP For Switch Security Using SNMP and OpenFlow
page 3-12 OmniSwitch AOS Release 6 Switch Management Guide December 2017
The user’s SNMP authentication is shown as MD5 and SNMP encryption is shown as DES.
Separate Auth Key and Encryption Key for SNMPv3 User Access
The switch supports SNMPv3 users with both hashing and encryption such as SHA+DES, MD5+DES, or
SHA+AES. Two different passwords are supported for a separate Auth Key and Priv Key using the priv-
password parameter, for example:
-> user snmpv3user password pass1pass1 priv-password priv1priv1 read-write all
sha+aes
The privacy password can be entered in a masked format rather than as clear text format. While creating a
user, prompt-priv-passwd option can be used with the ‘user’ command to configure the privacy pass
-
word for the user. When this option is selected, a password prompt appears and the password can be
provided. Password needs to be re-entered, and only if both the passwords match, command is accepted.
Password provided in this mode is not displayed on the CLI as text.
For example,
-> user snmpv3user password pass1pass1 prompt-priv-passwd
Enter privacy password: *********
Re-enter privacy password: *********
Using SNMP and OpenFlow Using SNMP For Switch Security
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 3-13
Setting SNMP Security
By default, the switch is set to “privacy all”, which means the switch accepts only authenticated and
encrypted v3 Sets, Gets, and Get-Nexts. You can configure different levels of SNMP security by entering
snmp security followed by the command parameter for the desired security level. For example, the
following syntax sets the SNMP security level as “authentication all” as defined in the table below:
-> snmp security authentication all
The command parameters shown in the following table define security from the lowest level (no security)
to the highest level (traps only) as shown.
Security Level SNMP requests accepted by the switch
no security All SNMP requests are accepted.
authentication set SNMPv1, v2 Gets
Non-authenticated v3 Gets and Get-Nexts
Authenticated v3 Sets, Gets, and Get-Nexts
Encrypted v3 Sets, Gets, and Get-Nexts
authentication all Authenticated v3 Sets, Gets, and Get-Nexts
Encrypted v3 Sets, Gets, and Get-Nexts
privacy set Authenticated v3 Gets and Get-Nexts
Encrypted v3 Sets, Gets, and Get-Nexts
privacy all Encrypted v3 Sets, Gets, and Get-Nexts
traps only All SNMP requests are rejected.
Working with SNMP Traps Using SNMP and OpenFlow
page 3-14 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Working with SNMP Traps
The SNMP agent in the switch has the ability to send traps to the management station. It is not required
that the management station request them. Traps are messages alerting the SNMP manager to a condition
on the network. A trap message is sent through a PDU issued from the switch’s network management
agent. It is sent to alert the management station to some event or condition on the switch.
Traps can indicate improper user authentication, restarts, the loss of a connection, or other significant
events. You can configure the switch so that traps are forwarded to or suppressed from transmission to the
management station under different circumstances. A trap informs the management station when the
switch configuration is saved using CLI/SNMP/WEB.
Trap Filtering
You can filter SNMP traps in at least two ways. You can filter traps by limiting user access to trap families
or you can filter according to individual traps.
Filtering by Trap Families
Access to SNMP traps can be restricted by withholding access privileges for user accounts to certain
command families or domains. (Designation of particular command families for user access is sometimes
referred to as partition management.)
SNMP traps are divided into functional families as shown in the “Using SNMP For Switch Security” on
page 3-10. These families correspond to switch CLI command families. When read-only privileges for a
user account are restricted for a command family, that user account is also restricted from reading traps
associated with that family.
Procedures for filtering traps according to command families can be found in the Quick Steps for
“Filtering by Trap Families” on page 3-5. For a list of trap names, command families, and their
descriptions refer to the “Using SNMP For Switch Security” on page 3-10.
Filtering By Individual Trap
You can configure the switch to filter out individual traps by using the snmp trap filter command. This
command allows you to suppress specified traps from the management station. The following information
is needed to suppress specific traps:
• The IP address of the SNMP management station that will receive the traps.
• The ID number of the individual traps to be suppressed.
Procedures for filtering individual traps can be found in the Quick Steps for “Filtering by Individual
Traps” on page 3-6. For a list of trap names, ID numbers, and their descriptions refer to the table “Using
SNMP For Switch Security” on page 3-10.
Using SNMP and OpenFlow Working with SNMP Traps
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 3-15
Authentication Trap
The authentication trap is sent when an SNMP authentication failure is detected. This trap is a signal to the
management station that the switch received a message from an unauthorized protocol entity. This
normally means that a network entity attempted an operation on the switch for which it had insufficient
authorization. When the SNMP authentication trap is enabled, the switch forwards a trap to the manage
-
ment station. The following command enables the authentication trap:
-> snmp authentication trap enable
The trap is suppressed if the SNMP authentication trap is disabled.
Trap Management
Several CLI commands allow you to control trap forwarding from the agent in the switch to the SNMP
management station.
Replaying Traps
The switch normally stores all traps that have been sent out to the SNMP management stations. You can
list the last stored traps by using the
show snmp trap replay command. This command lists the traps
along with their sequence number. The sequence number is a record of the order in which the traps were
previously sent out.
You can replay traps that have been stored on the switch for testing or troubleshooting purposes. This is
useful in the event when any traps are lost in the network. To replay stored traps, use the snmp trap
replay command followed by the IP address for an SNMP management station. This command replays (or
re-sends) all stored traps from the switch to the specified management station on demand.
If you do not want to replay all of the stored traps, you can specify the sequence number from which the
trap replay starts. The switch starts the replay with a trap sequence number greater than or equal to the
sequence number given in the CLI command. The number of traps replayed depends on the number of
traps stored for this station.
Absorbing Traps
The switch can send the same traps to the management station many, many times. You can suppress the
transmission of identical repetitive traps by issuing the
snmp trap absorption command. When trap
absorption is enabled, traps that are identical to traps previously sent are suppressed and therefore not
forwarded to the SNMP management station. The following command enables SNMP trap absorption:
-> snmp trap absorption enable
To view or verify the status of the Trap Absorption service, use the show snmp trap config command.
Sending Traps to WebView
When WebView forwarding is enabled, all traps sent by switch applications are also forwarded to
WebView. The following command allows a WebView session to retrieve the trap history log:
-> snmp trap to webview enable
Working with SNMP Traps Using SNMP and OpenFlow
page 3-16 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Checking Configuration File Using Traps
If there are any configuration changes, a trap is sent to Service Aware Manager (SAM) to enforce a poll
when configuration file is saved. The running configuration is not saved in the configuration file
(boot.cfg) until the user commits the changes using the write memory command or
copy running-config working command. The configuration changes that are not committed are not
detected by the switch until these commands are applied.
Related traps are raised on the following commands:
• write memory
• write memory flash-synchro
• copy running-config working
Using SNMP and OpenFlow SNMP MIB Information
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 3-17
SNMP MIB Information
MIB Tables
You can display MIB tables and their corresponding command families by using the show snmp mib
family command. The MIB table identifies the MIP identification number, the MIB table name and the
command family. If a command family is not valid for the entire MIB table, the command family is
displayed on a per-object basis.
For a list and description of system MIBs, refer to “Industry Standard MIBs” on page 3-18 and “Enter-
prise (Proprietary) MIBs” on page 3-22. For a list and description of traps, refer to the “Using SNMP For
Switch Security” on page 3-10.
The following is a partial display.
-> show snmp mib family
MIP ID MIB TABLE NAME FAMILY
-------+----------------------------------------+---------------------
6145 esmConfTrap NO SNMP ACCESS
6146 alcetherStatsTable interface
6147 dot3ControlTable interface
6148 dot3PauseTable interface
6149 dot3StatsTable interface
6150 esmConfTable interface
...
...
77828 healthModuleTable rmon
77829 healthPortTable rmon
77830 healthThreshInfo rmon
...
...
87042 vacmContextTable snmp
87043 vacmSecurityToGroupTable snmp
87044 vacmAccessTable snmp
87045 vacmViewTreeFamilyTable snmp
MIB Table Description
If the user account has no restrictions, the display shown by the show snmp mib family command can be
very long. For documentation purposes, a partial list is shown above and three entry examples are defined.
• The first entry in the MIB Table shows an MIP identification number of 6145. The MIB table name is
esmConfTrap.This table is found in the AlcatelIND1Port MIB, which defines managed objects for the
ESM Driver subsystem.
• For MIP Id number 77828, the MIB table name is healthModuleTable. This table is found in the
AlcatelIND1Health MIB, which defines managed objects for the health monitoring subsystem.
• For MIB Id number 87042, the MIB table name is vacmContextTable. This table is found in the
SNMP-VIEW-BASED-ACM MIB, which serves as the view-based access control model (VACM) for
the SNMP.
SNMP MIB Information Using SNMP and OpenFlow
page 3-18 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Industry Standard MIBs
The following table lists the supported industry standard MIBs.
MIB Name Description Dependencies
BRIDGE-MIB,
RFC 1493
The Bridge MIB for managing MAC bridges based on
the IEEE 802.1D standard between Local Area Net
-
work (LAN) segments.
SNMPv2-SMI,
RFC1215-MIB
EE8023-LAG-MIB,
IEEE 802.3ad
Link Aggregation module for managing IEEE
Standard 802.3ad.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
IF-MIB,
Q-BRIDGE-MIB
ENTITY-MIB, RFC 2737 Entity MIB (Version 2). Standardized set of managed
objects representing logical and physical entities and
relationships between them.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
SNMP-
FRAMEWORK-
MIB
EtherLike-MIB,
RFC 2665
Definitions of Managed Objects for the Ethernet-like
Interface Types.
SNMPv2-SMI,
SNMPv2-CONF,
IF-MIB
HCNUM-TC, RFC 2856: An MIB module containing textual conventions for
high-capacity data types. This module addresses an
immediate need for data types not directly supported in
the SMIv2. This short-term solution is meant to be
deprecated as a long-term solution is deployed.
SNMPv2-SMI,
SNMPv2-TC
IANAifType-MIB This MIB module defines the IANAifType Textual
Convention, and thus the enumerated values of the
ifType object defined in the MIB-II Table.
SNMPv2-SMI,
SNMPv2-TC
IANA-RTPROTO-MIB This MIB module defines the IANAipRouteProtocol
and IANAipMRouteProtocol textual conventions for
use in MIBs which need to identify unicast or multi
-
cast routing mechanisms.
SNMPv2-SMI,
SNMPv2-TC
IEEE8021-PAE-MIB This MIB modules defines 802.1X ports used for port-
based access control.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
SNMP-
FRAMEWORK-
MIB
IF-MIB
IF-MIB, RFC 2863 The Interfaces Group MIB. Contains generic
information about the physical interfaces of the entity.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
SNMPv2-MIB,
IANAifType-MIB
Using SNMP and OpenFlow SNMP MIB Information
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 3-19
IGMP-STD-MIB,
RFC 2933
Internet Group Management Protocol MIB. SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
IF-MIB
INET-ADDRESS-MIB,
RFC 2851
Textual Conventions for Internet Network Addresses. SNMPv2-SMI,
SNMPv2-TC
IP-BRIDGE-MIB,
RFC 2674
The Bridge MIB Extension module for managing
Priority and Multicast Filtering, defined by IEEE
802.1D.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
BRIDGE-MIB
IP-FORWARD-MIB,
RFC 2096
IP Forwarding Table MIB SNMPv2-SMI,
SNMPv2-TC,
IP-MIB,
SNMPv2-CONF
IP-MIB, RFC 2011 SNMPv2 Management Information Base for the
Internet Protocol by using SMIv2. Includes Internet
-
work Control Message Protocol (ICMP).
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF
IPv6-TC, RFC 2465 This MIB defines the management information for
IPv6; Textual conventions and general group
SNMPv2-SMI,
SNMPv2-TC
IPv6-ICMP-MIB,
RFC 2466
Management Information base for IPv6 Group. SNMPv2-SMI,
SNMPv2-CONF,
IPv6-MIB
IPv6-TCP-MIB,
RFC 2452
Management Information Base for the Transmission
Control Protocol.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF
IPv6-UDP-MIB,
RFC 2454
Management Information Base for User Datagram
Protocol
SNMPv2-SMI,
SNMPv2-CONF,
IPv6-TC
MAU-MIB,
RFC 2668
Management Information for IEEE 802.3 Medium
Attachment Units.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF
PIM-MIB,
RFC 2934
Protocol Independent Multicast MIB for IPv4 SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
IF-MIB,
IPMROUTE-STD-
MIB
Q-BRIDGE-MIB,
RFC 2674
The Bridge MIB Extension module for managing Pri-
ority and Multicast Filtering, defined by IEEE 802.1D.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
SNMP-
FRAMEWORK-
MIB,
BRIDGE-MIB,
P-BRIDGE-MIB
MIB Name Description Dependencies
SNMP MIB Information Using SNMP and OpenFlow
page 3-20 OmniSwitch AOS Release 6 Switch Management Guide December 2017
RIPv2-MIB,
RFC 1724
Routing Information Protocol (RIP) Version 2 MIB
Extension.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF
RMON-MIB, RFC 2819 Remote Network Monitoring (RMON) Management
Information Base.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF
RS-232-MIB, RFC 1659 Definitions of Managed Objects for RS-232-like
Hardware Devices by using SMIv2.
SNMPv2-SMI,
SNMPv2-CONF,
IF-MIB
SNMP-COMMUNITY
MIB, RFC 2576
This MIB module defines objects to help support coex-
istence between SNMPv1, SNMPv2c, and SNMPv3.
SNMPv2-SMI,
SNMP-FRAME
-
WORK-MIB,
SNMP-TARGET-
MIB,
SNMPv2-CONF
SNMP-FRAMEWORK
MIB, RFC 2571
An Architecture for Describing SNMP Management
Frameworks.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF
SNMP-MPD-MIB,
RFC 2572
Message Processing And Dispatching For The Simple
Network Management Protocol (SNMP).
SNMPv2-SMI,
SNMPv2-CONF
SNMP-NOTIFICATION
MIB, RFC 2573
SNMP Applications, Notifications SNMP Entity
Remote Configuration.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
SNMP-
FRAMEWORK-
MIB,
SNMP-TARGET-
MIB
SNMP-PROXY-MIB,
RFC 2573
SNMP Applications, Proxy SNMP Entity Remote
Configuration.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
SNMP-
FRAMEWORK-
MIB,
SNMP-TARGET
MIB
SNMP-TARGET-MIB,
RFC 2573
SNMP Applications, Proxy SNMP Entity Remote
Configuration.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
SNMP-
FRAMEWORK-
MIB
MIB Name Description Dependencies
Using SNMP and OpenFlow SNMP MIB Information
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 3-21
SNMP-USER-BASED-
SM-MIB, RFC 2574
User-based Security Model (USM) for version 3 of the
Simple Network Management Protocol (SNMPv3).
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
SNMP-
FRAMEWORK-
MIB
SNMPv2-MIB,
RFC 1907
Management Information Base for Version 2 of the
Simple Network Management Protocol (SNMPv2).
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF
SNMP-VIEW-BASED-
ACM-MIB, RFC 2575
View-based Access Control Model (VACM) for the
Simple Network Management Protocol (SNMP).
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
SNMP-
FRAMEWORK-
MIB
TCP-MIB, RFC 2012 SNMPv2 Management Information Base for the
Transmission Control Protocol by using SMIv2.
SNMPv2-SMI,
SNMPv2-CONF
TUNNEL-MIB,
RFC 2667
IP Tunnel MIB SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
IF-MIB
UDP-MIB, RFC 2013 SNMPv2 Management Information Base for the User
Datagram Protocol by using SMIv2.
SNMPv2-SMI,
SNMPv2-CONF
MIB Name Description Dependencies
SNMP MIB Information Using SNMP and OpenFlow
page 3-22 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Enterprise (Proprietary) MIBs
The following table lists the supported enterprise proprietary MIBs.
Note. The ALCATEL-IND1-BASE* MIB is required for all MIBs listed in this table.
MIB Name Description Dependencies*
ALCATEL-IND1-
AAA-MIB
Definitions of managed objects for the Authentication,
Authorization, and Accounting (AAA) subsystem.
SNMPv2-SMI,
SNMPv2-TC,
SNMP-v2-CONF
ALCATEL-IND1-BASE This module provides base definitions for modules
developed to manage Alcatel-Lucent Internetworking
networking infrastructure products.
SNMPv2-SMI
ALCATEL-IND1-
CHASSIS-MIB
Definitions of managed objects for the Chassis Man-
agement subsystem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
SNMP-
FRAMEWORK-
MIB,
ENTITY-MIB
ALCATEL-IND1-
CONFG-MGR-MIB
Definitions of managed objects for the Configuration
Manager subsystem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF
ALCATEL-IND1-
DEVICES
Definitions of chassis and modules. SNMP-SMI
ALCATEL-IND1-
DOT1Q-MIB
Definitions of managed objects for the IEEE 802.1Q
subsystem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF
ALCATEL-IND1-
DOT1X-MIB
Definitions of managed objects for the IEEE 802.1X
subsystem.
SNMPv2-SMI,
SNMPv2-TC
ALCATEL-IND1-
DRCTM-MIB
Definitions of managed objects for the Dynamic Rout-
ing and Control (DRC) subsystems.
SNMPv2-SMI,
SNMPv2-CONF
ALCATEL-IND1-
GROUP-MOBILITY-
MIB
Definitions of managed objects for Group Mobility. SNMPv2-TC,
SNMPv2-SMI,
SNMPv2-CONF
ALCATEL-IND1-
HEALTH-MIB
Definitions of managed objects for the Health Moni-
toring subsystem.
SNMPv2-SMI,
SNMPv2-CONF
ALCATEL-IND1-IGMP-
MIB
Definitions of managed objects for the IPv4 Multicast
MIB.
SNMPv2-TC,
SNMPv2-SMI,
SNMPv2-CONF,
INET-ADDRESS-
MIB,
IF-MIB
Using SNMP and OpenFlow SNMP MIB Information
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 3-23
ALCATEL-IND1-
INTERSWITCH-
PROTOCOL-MIB
Definitions of managed objects for the Interswitch
Protocol (that is, GMAP, XMAP) subsystem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF
IF-MIB
ALCATEL-IND1-
IP-MIB
Definitions of managed objects for the IP Stack sub-
system.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
IP-MIB
ALCATEL-IND1-
IPMRM-MIB
Definitions of managed objects for IP Multicast Route
Manager (IPMRM) global configuration parameters
SNMPv2-SMI,
SNMPv2-CONF
ALCATEL-IND1-
IPMS-MIB
Definitions of managed objects for the IP Multicast
Switching (IPMS) subsystem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF
IF-MIB
ALCATEL-IND1-
IPRM-MIB
Definitions of managed objects for the IP Routing
Manager (IPRM) subsystem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
IANA-RTPROTO-
MIB
ALCATEL-IND1-
IPv6-MIB
Definitions of managed objects for the IPv6 subsys-
tem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
IPv7-TC
IPv6-MIB
ALCATEL-IND1-
LAG-MIB
Definitions of managed objects for the IEEE 802.3ad
Link Aggregation (LAG) subsystem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
IEEE8023-LAG-
MIB,
IF-MIB
Q-BRIDGE-MIB
ALCATEL-IND1-
LPS-MIB
Definitions of the MIB module for the address learning
MIB addresses entity.
SNMPv2-SMI,
SNMPv2-TC,
IF-MIB,
Q-BRIDGE-MIB,
ALCATEL-IND1-
SYSTEM-MIB,
SNMPv2-CONF
ALCATEL-IND1-
MAC-ADDRESS-MIB
Definitions of managed objects for the Source Learn-
ing MAC Address subsystem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
IF-MIB,
Q-Bridge-MIB
MIB Name Description Dependencies*
SNMP MIB Information Using SNMP and OpenFlow
page 3-24 OmniSwitch AOS Release 6 Switch Management Guide December 2017
ALCATEL-IND1-
MAC-SERVER-MIB
Definitions of managed objects for the Chassis Super-
vision MAC Server subsystem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
ENTITY-MIB,
ALCATEL-IND1-
CHASSIS-MIB
ALCATEL-IND1-
MLD-MIB
Definitions of the Multicast Listener Discovery
(MLD) subsystem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
INET-ADDRESS-
MIB,
IF-MIB
ALCATEL-IND1-
NTP-MIB
Definitions of the Network Time Protocol (NTP) sub-
system.
SNMPv2-SMI,
SNMPv2-TC
ALCATEL-IND1-
PARTITIONED-MGR-
MIB
Definitions of the user Partitioned Manager subsys-
tem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
Q-BRIDGE-MIB,
SNMP-
FRAMEWORK-
MIB,
SNMPv2-TC
ALCATEL-IND1-
PCAM-MIB
Definition of managed objects for the Coronado Lay-
er3 Hardware Routing Engine (HRE).
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF
ALCATEL-IND1-PIM-
MIB
Definitions of managed objects for the Protocol Inde-
pendent Multicast Sparse Mode (PIM-SM) and Proto-
col Independent Multicast Dense Mode (PIM-DM)
subsystem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
ALCATEL-IND1-
BASE
ALCATEL-IND1-
POLICY-MIB
Definitions of managed objects for the Policy Manager
subsystem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF
ALCATEL-IND1-
PORT-MIB
Definitions of managed objects for the Port Manager
subsystem.
SNMPv2-SMI,
SNMPv2-CONF,
IF-MIB
ALCATEL-IND1-
PORT-MIRRORING-
MONITORING-MIB
Definitions of managed objects for the Port Mirroring
and Monitoring subsystem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF
ALCATEL-IND1-
QOS-MIB
Definitions of managed objects for the Quality of Ser-
vice (QoS) subsystem.
SNMPv2-SMI,
SNMPv2-TC
ALCATEL-IND1-
RDP-MIB
Definitions of managed objects for the Router Discov-
ery Protocol (RDP) subsystem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF
MIB Name Description Dependencies*
Using SNMP and OpenFlow SNMP MIB Information
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 3-25
ALCATEL-IND1-
RIP-MIB
Definitions of managed objects for the Routing Infor-
mation Protocol (RIP) subsystem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF
ALCATEL-IND1-
RIPNG-MIB
Definitions of managed objects for the Routing Infor-
mation Protocol (RIPng) subsystem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF
IPv6-TC
ALCATEL-IND1-
SESSION-MGR-MIB
Definitions of managed objects for the User Session
Manager subsystem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF
ALCATEL-IND1-
SNMP-AGENT-MIB
Definitions of managed objects for the Simple Net-
work Management Protocol (SNMP) Agent subsys-
tem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF
ALCATEL-IND1-
STACK-MANAGER
Definitions of the managed objects for Stack Manager
Chassis, Stack Manager Statistics, and Stack Manager
Traps.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF
ALCATEL-IND1-
SYSTEM-MIB
Definitions of managed objects for the System Ser-
vices subsystem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF
ALCATEL-IND1-
TP-DEVICES
Definitions of managed objects for the OmniAccess
4000.
SNMPv2-SMI,
ALCATEL-IND1
BASE
ALCATEL-IND1-
TRAP-MGR-MIB
Definitions of managed objects for the SNMP Notifi-
cation (that is, Trap) Manager subsystem.
SNMPv2-SMI,
SNMP-v2-TC,
SNMPv2-CONF
ALCATEL-IND1-
UDP-RELAY-MIB
Definitions of managed objects for the User Datagram
Protocol (UDP) Relay subsystem.
SNMPv2-SMI,
SNMPv2-CONF
ALCATEL-IND1-
VLAN-MGR-MIB
Definitions of managed objects for the VLAN Man-
ager subsystem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF
ALCATEL-IND1-
VLAN-STP-MIB
Definitions of managed objects for the VLAN Span-
ning Tree Protocol (STP) subsystem.
SNMPv2-SMI,
SNMPv2-CONF,
BRIDGE-MIB
ALCATEL-IND1-WEB-
MGT-MIB
Definitions of managed objects for the Web Based
Management subsystem.
SNMPv2-SMI,
SNMPv2-TC,
SNMPv2-CONF,
INET-ADDRESS-
MIB
MIB Name Description Dependencies*
Verifying the SNMP Configuration Using SNMP and OpenFlow
page 3-26 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Verifying the SNMP Configuration
To display information about SNMP management stations, trap management, community strings, and
security, use the show commands listed in the following table.
For more information about the resulting displays from these commands, see the OmniSwitch AOS Release
6 CLI Reference Guide.
show snmp station Displays current SNMP station information including IP address, UDP
Port number, Enabled/Disabled status, SNMP version, and user account
names.
show snmp community map Shows the local community strings database including status, commu-
nity string text, and user account name.
show snmp security Displays current SNMP security status.
show snmp statistics Displays SNMP statistics. Each MIB object is listed along with its
status.
show snmp mib family Displays SNMP MIB information. Information includes MIP ID num-
ber, MIB table name, and command family.
show snmp trap replay Displays SNMP trap replay information. This includes the IP address of
the SNMP station manager that replayed each trap and the number of
the oldest replayed trap.
show snmp trap filter Displays the current SNMP trap filter status. This includes the IP
address of the SNMP station that recorded the traps and the identifica
-
tion list for the traps being filtered.
show snmp authentication trap Displays the current authentication failure trap forwarding status (that
is, enable or disable).
show snmp trap config Displays SNMP trap information including trap ID numbers, trap
names, command families, and absorption rate. This command also dis
-
plays the Enabled/Disabled status of SNMP absorption and the Traps to
WebView service.
Using SNMP and OpenFlow OpenFlow Specifications
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 3-27
OpenFlow Specifications
Platforms Supported OmniSwitch 6450 (stack or standalone)
Modes Supported Normal
Hybrid (API)
Versions Supported 1.0
1.3.1
Maximum number of logical switches 3
Maximum number of controllers per logical switch 3
Maximum number of logical switches in Hybrid mode 1
OpenFlow Agent Overview Using SNMP and OpenFlow
page 3-28 OmniSwitch AOS Release 6 Switch Management Guide December 2017
OpenFlow Agent Overview
OpenFlow is a communications interface defined between the control and forwarding layers that is used in
a Software Defined Network (SDN). OpenFlow essentially separates the control plane and the data plane
in the switch. Traditionally, switches and routers have made decisions on where packets should travel
based on rules local to the device. With OpenFlow, only the data plane exists on the switch itself, and all
control decisions are communicated to the switch from a central Controller. If the device receives a packet
for which it has no flow information, it sends the packet to the Controller for inspection, and the Control
-
ler determines where that packet should be sent based on QoS-type rules configured by the user (drop the
packets to create a firewall, pass the packets to a specific port to perform load balancing, prioritize pack
-
ets, etc).
The OmniSwitch can operate in AOS or OpenFlow mode, including a modified OpenFlow mode known as
Hybrid mode. AOS will designate the ports managed/controlled by AOS or by OpenFlow on a per-port
basis. By default, ports are managed/controlled by AOS.
The following are the key components available for OpenFlow support.
OpenFlow Logical Switch
An OpenFlow logical switch consists of a portion of the switch's resources that are managed by an Open-
Flow Controller (or set of Controllers) via the OpenFlow Agent. Up to 3 logical switches can be config-
ured on an OmniSwitch, with each switch supporting up to three controllers. A logical switch has a
VLAN, physical ports, and/or link aggregate ports assigned to it. All packets received on these ports are
forwarded directly to the Openflow agent. Spanning tree and source learning do not operate on OpenFlow
assigned ports.
OpenFlow Normal Mode
In Normal mode, the logical switch operates as per the OpenFlow standards. In normal mode, on Open-
Flow enabled ports, most AOS commands will be disabled except for some port specific commands such
as those for link aggregation, UDLD, DDM,LLDP and QoS per port configuration.
OpenFlow Hybrid (API) Mode
In Hybrid mode, logical switch acts as an interface through which the Controller may insert flows. These
flows are treated as QoS policy entries and offer the same functionality. A Hybrid logical switch operates
on all ports, link aggregates, and VLANs not assigned to other OpenFlow logical switches. Only one logi
-
cal switch can be configured in Hybrid mode.
Supported OpenFlow Parameters
The following OpenFlow tables, match fields, groups and actions are supported.
Flow Definitions:
• Exact Match
• Wildcard
• MAC Table
Match Fields:
• Ingress Port
Using SNMP and OpenFlow OpenFlow Agent Overview
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 3-29
• Ethernet Destination Address
• Ethernet Source Address
• VLAN Tag / VLAN Priority
• Ethernet Type
• IPv4 or IPv6 Protocol Number
• IPv4 Source Address / ARP Sender Protocol Address
• IPv4 Destination Address / ARP Target Protocol Address
• TCP / UDP Source & Destination Ports
• ICMP Type / Code
• ARP Operation Code
Group
Groups are a way of combining a set of activities into one action. For example, a Group could be used to
represent an IP next hop with all of the associated activities (MAC change, VLAN update, and so on). The
collection of actions is stored in a bucket. Each group includes a collection of buckets and the different
types identify policies on how to select which bucket(s) to use.
• ALL - The actions of all buckets are executed. This will be used to implement broadcast or multicast
activities. The packet is effectively cloned for each bucket; one packet is processed for each bucket of
the group.
• INDIRECT - This is an ALL type group with a single bucket. Allows multiple flow entries or groups
to point to a common group identifier, supporting faster, more efficient convergence (for example, next
hops for IP forwarding). This group type is effectively identical to an all group with one bucket.
Note.
- Packet modification actions are supported by both ALL and INDIRECT group type.
- Groups are supported only in Openflow 1.3.1 version.
Actions Fields:
• Output - To physical, reserved or linkagg port
• Drop - Drop the packet
• Group - Process packets according to specified group
• Set Field - Set fields in the packet (only for single egress port). VLAN priority can only be set for
tagged packets.
• Change-TTL - Modify the values of the IPv4 TTL
• Push VLAN – The VLAN header tag is pushed as the outer header. (Note: Every Push VLAN action
must be followed by a Set VLAN action.)
Quick Steps to Configure OpenFlow Agent Using SNMP and OpenFlow
page 3-30 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Quick Steps to Configure OpenFlow Agent
Follow the steps in this section for a quick tutorial on how to configure an OpenFlow Agent on the
OmniSwitch. A logical switch in Hybrid mode does not have a VLAN or interface configured.
1 Create the logical switch and configure the mode
-> openflow logical-switch vswitch1 mode normal version 1.3.1 vlan 5
-> openflow logical-switch vswitch2 mode api
2 Assign a controller to the logical switch
-> openflow logical-switch vswitch1 controller 1.1.1.1
-> openflow logical-switch vswitch2 controller 2.2.2.2
3 Assign interfaces to the logical switch
-> openflow logical-switch vswitch1 interfaces port 1/3
4 Verify the configuration
-> show openflow logical-switch
Admin
Logical Switch State Mode Versions VLAN Ctrlrs Intf Flows
-------------------------+-----+------+------------+------+--------+------+-------
vswitch1 Ena Norm 1.3.1 5 1 1 5
vswitch2 Ena API 1.0 1.3.1 N/A 1 56 0
-> show openflow logical-switch controllers
Admin Oper
Logical Switch Controller Role State State
------------------------------+-----------------------+----------+-----+-----------
vswitch1 1.1.1.1:6633 Equal Ena Connect
vswitch2 2.2.2.2:6633 Equal Ena Backoff
-> show openflow logical-switch interfaces
Logical Switch Interface Mode
--------------------------------+---------------+------
vswitch1 1/3 Norm
vswitch2 1/1 API
vswitch2 1/2 API
vswitch2 1/4 API
vswitch2 1/5 API
vswitch2 1/6 API
vswitch2 1/7 API
(output truncated)
Using SNMP and OpenFlow Verifying OpenFlow Configuration
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 3-31
Verifying OpenFlow Configuration
To display information about the Openflow configuration use the following show command:
show openflow Displays global OpenFlow configuration.
show openflow logical-switch Displays logical switch configuration.
show openflow logical-switch stats Displays logical switch statistics.
Verifying OpenFlow Configuration Using SNMP and OpenFlow
page 3-32 OmniSwitch AOS Release 6 Switch Management Guide December 2017
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 4-1
4 Configuring Network Time
Protocol (NTP)
Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another
server or reference time source, such as a radio or satellite receiver. It provides client time accuracies
within a millisecond on LANs, and up to a few tens of milliseconds on WANs relative to a primary server
synchronized to Universal Coordinated Time (UTC) (through a Global Positioning Service receiver, for
example).
In This Chapter
This chapter describes the basic components of the OmniSwitch implementation of Network Time Proto-
col and how to configure it through Command Line Interface (CLI). CLI commands are used in the
configuration examples; for more details about the syntax of commands, see the OmniSwitch AOS Release
6 CLI Reference Guide.
Configuration procedures described in this chapter include:
• Enabling the NTP client and selecting the NTP mode. See “Configuring the OmniSwitch as a Client”
on page 4-9.
• Selecting an NTP server for the NTP client and modifying settings for communicating with the server.
See
“NTP Servers” on page 4-10.
• Enabling authentication in NTP negotiations. See “Using Authentication” on page 4-12.
NTP Specifications Configuring Network Time Protocol (NTP)
page 4-2 OmniSwitch AOS Release 6 Switch Management Guide December 2017
NTP Specifications
NTP Defaults Table
The following table shows the default settings of the configurable NTP parameters:
NTP Defaults
RFCs supported 1305–Network Time Protocol
Platforms Supported OmniSwitch 6350, 6450
Maximum number of NTP servers per client 12
Parameter Description Command Default Value/Comments
Specifies an NTP server from which
this switch receives updates
ntp server version: 4
minpoll: 6
prefer: no
key: 0
Used to activate client ntp client disabled
Used to activate NTP client
broadcast mode
ntp broadcast disabled
Used to set the advertised broadcast
delay, in microseconds
ntp broadcast-delay 4000 microseconds
Configuring Network Time Protocol (NTP) NTP Quick Steps
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 4-3
NTP Quick Steps
The following steps are designed to show the user the necessary commands to set up NTP on an
OmniSwitch:
1 Designate an NTP server for the switch using the ntp server command. The NTP server provides the
switch with its NTP time information. For example:
-> ntp server 1.2.5.6
2 Activate the client side of NTP on the switch using the ntp client command. For example:
-> ntp client enable
3 You can check the server status using the show ntp server status command, as shown:
-> show ntp server status 198.206.181.139
IP address = 198.206.181.139,
Host mode = client,
Peer mode = server,
Prefer = no,
Version = 4,
Key = 0,
Stratum = 2,
Minpoll = 6 (64 seconds),
Maxpoll = 10 (1024 seconds),
Delay = 0.016 seconds,
Offset = -180.232 seconds,
Dispersion = 7.945 seconds
Root distance = 0.026,
Precision = -14,
Reference IP = 209.81.9.7,
Status = configured : reachable : rejected,
Uptime count = 1742 seconds,
Reachability = 1,
Unreachable count = 0,
Stats reset count = 1680 seconds,
Packets sent = 1,
Packets received = 1,
Duplicate packets = 0,
Bogus origin = 0,
Bad authentication = 0,
Bad dispersion = 0,
Last Event = peer changed to reachable,
4 You can check the list of servers associated with this client using the show ntp client server-list
command, as shown:
-> show ntp client server-list
IP Address Ver Key St Delay Offset Disp
================+===+=======+====+==========+=================+==========
1.2.5.6 4 0 2 0.06 -0.673 0.017
NTP Quick Steps Configuring Network Time Protocol (NTP)
page 4-4 OmniSwitch AOS Release 6 Switch Management Guide December 2017
5 You can check the client configuration using the show ntp client command, as shown:
-> show ntp client
Current time: THU SEP 15 2005 17:44:54 (UTC)
Last NTP update: THU SEP 15 2005 17:30:54
Client mode: enabled
Broadcast client mode: disabled
Broadcast delay (microseconds): 4000
Configuring Network Time Protocol (NTP) NTP Overview
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 4-5
NTP Overview
Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another
server or reference time source, such as a radio or satellite receiver. It provides client time accuracies
within a millisecond on LANs, and up to a few tens of milliseconds on WANs relative to a primary server
synchronized to Universal Coordinated Time (UTC) (via a Global Positioning Service receiver, for exam
-
ple). Typical NTP configurations utilize multiple redundant servers and diverse network paths in order to
achieve high accuracy and reliability. Some configurations include cryptographic authentication to prevent
accidental or malicious protocol attacks.
It is important for networks to maintain accurate time synchronization between network nodes. The stan-
dard timescale used by most nations of the world is based on a combination of UTC (representing the
Earth’s rotation about its axis), and the Gregorian Calendar (representing the Earth’s rotation about the
Sun). The UTC timescale is disciplined with respect to International Atomic Time (TAI) by inserting leap
seconds at intervals of about 18 months. UTC time is disseminated by various means, including radio and
satellite navigation systems, telephone modems, and portable clocks.
Special purpose receivers are available for many time-dissemination services, including the Global Posi-
tion System (GPS) and other services operated by various national governments. For reasons of cost and
convenience, it is not possible to equip every computer with one of these receivers. However, it is possi
-
ble to equip some computers with these clocks, which then act as primary time servers to synchronize a
much larger number of secondary servers and clients connected by a common network. In order to do this,
a distributed network clock synchronization protocol is required which can read a server clock, transmit
the reading to one or more clients, and adjust each client clock as required. Protocols that do this include
NTP.
Note. The OmniSwitch can only be an NTP client in an NTP network. It cannot act as an NTP server.
NTP Overview Configuring Network Time Protocol (NTP)
page 4-6 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Stratum
Stratum is the term used to define the relative proximity of a node in a network to a time source (such as a
radio clock). Stratum 1 is the server connected to the time source itself. (In most cases the time source and
the stratum 1 server are in the same physical location.) An NTP client or server connected to a stratum 1
source would be stratum 2. A client or server connected to a stratum 2 machine would be stratum 3, and so
on, as demonstrated in the diagram below:
The farther away from stratum 1 a device is, the more likely there will be discrepancies or errors in the
time adjustments done by NTP. A list of stratum 1 and 2 sources available to the public can be found on
the Internet.
Note. It is not required that NTP be connected to an officially recognized time source (for example, a radio
clock). NTP can use any time source to synchronize time in the network.
Using NTP in a Network
NTP operates on the premise that there is one true standard time (defined by UTC), and that if several
servers claiming synchronization to the standard time are in disagreement, then one or more of them must
be out of synchronization or not functioning correctly. The stratum gradiation is used to qualify the accu
-
racy of a time source along with other factors, such as advertised precision and the length of the network
path between connections. NTP operates with a basic distrust of time information sent from other network
entities, and is most effective when multiple NTP time sources are integrated together for checks and
crosschecks. To achieve this end, there are several modes of operation that an NTP entity can use when
synchronizing time in a network. These modes help predict how the entity behaves when requesting or
sending time information, listed below:
• A switch can be a client of an NTP server (usually of a lower stratum), receiving time information from
the server but not passing it on to other switches.
• A switch can be a client of an NTP server, and in turn be a server to another switch or switches.
• A switch (regardless of its status as either a client or server) must be peered with another switch. Peer-
ing allows NTP entities in the network of the same stratum to regard each other as reliable sources of
time and exchange time information.
UTC Time Source Stratum 1 Stratum 2 Stratum 3
Configuring Network Time Protocol (NTP) NTP Overview
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 4-7
Examples of these are shown in the simple network diagram below:
Servers 1a and 1b receive time information from, or synchronize with, a UTC time source such as a radio
clock. (In most cases, these servers would not be connected to the same UTC source, though it is shown
this way for simplicity.) Servers 1a and 1b become stratum 1 NTP servers and are peered with each other,
allowing them to check UTC time information against each other. These machines support machines 2a
and 2b as clients, and these clients are synchronized to the higher stratum servers 1a and 1b.
Clients 2a and 2b are also peered with each other for time checks, and become stratum 2 NTP servers for
more clients (3a and 3b, which are also peered). In this hierarchy, the stratum 1 servers synchronize to the
most accurate time source available, then check the time information with peers at the same stratum. The
stratum 2 machines synchronize to the stratum 1 servers, but do not send time information to the stratum 1
machines. Machines 2a and 2b in turn provide time information to the stratum 3 machines. It is important
to consider the issue of robustness when selecting sources for time synchronization.
It is suggested that at least three sources should be available, and at least one should be “close” to you in
terms of network topology. It is also suggested that each NTP client is peered with at least three other
same stratum clients, so that time information crosschecking is performed.
Note. Alcatel-Lucent current implementation of NTP only allows the OmniSwitch to act as a passive
client, not as a server. A passive client only receives NTP information and adjusts its time accordingly. In
the above example, an OmniSwitch could be either Server 3a or 3b. An OmniSwitch as Server 3a or 3b
would also not be able to peer with other servers on the same stratum.
UTC Time Source
NTP
Servers
NTP
Server/Clients
NTP
Clients
Stratum 1
Stratum 3
Stratum 2
1a 1b
2a 2b
3a 3b
NTP Overview Configuring Network Time Protocol (NTP)
page 4-8 OmniSwitch AOS Release 6 Switch Management Guide December 2017
When planning your network, it is helpful to use the following general rules:
• It is usually not a good idea to synchronize a local time server with a peer (in other words, a server at
the same stratum), unless the latter is receiving time updates from a source that has a lower stratum
than from where the former is receiving time updates. This minimizes common points of failure.
• Peer associations should only be configured between servers at the same stratum level. Higher Strata
should configure lower Strata, not the reverse.
• It is inadvisable to configure time servers in a domain to a single time source. Doing so invites
common points of failure.
Note. NTP does not support year date values greater than 2035 (the reasons are documented in RFC 1305
in the data format section). This should not be a problem (until the year 2035) as setting the date this far in
advance runs counter to the administrative intention of running NTP.
Authentication
NTP is designed to use MD5 encryption authentication to prevent outside influence upon NTP timestamp
information. This is done by using a key file. The key file is loaded into the switch memory, and consists
of a text file that lists key identifiers that correspond to particular NTP entities.
If authentication is enabled on an NTP switch, any NTP message sent to the switch must contain the
correct key ID in the message packet to use in decryption. Likewise, any message sent from the authenti
-
cation enabled switch is not readable unless the receiving NTP entity possesses the correct key ID.
The key file is a text (.txt) file that contains a list of keys that are used to authenticate NTP servers. It
should be located in the /networking directory of the switch.
Key files are created by a system administrator independent of the NTP protocol, and then placed in the
switch memory when the switch boots. An example of a key file is shown below:
2 M RIrop8KPPvQvYotM # md5 key as an ASCII random string
14 M sundial # md5 key as an ASCII string
In a key file, the first token is the key number ID, the second is the key format, and the third is the key
itself. (The text following a “#” is not counted as part of the key, and is used merely for description.) The
key format indicates an MD5 key written as a 1 to 31 character ASCII string with each character standing
for a key octet.
The key file (with identical MD5 keys) must be located on both the local NTP client and the client’s
server.
Configuring Network Time Protocol (NTP) Configuring NTP
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 4-9
Configuring NTP
The following sections detail the various commands used to configure and view the NTP client software in
an OmniSwitch.
Configuring the OmniSwitch as a Client
The NTP software is disabled on the switch by default. To activate the switch as an NTP client, enter the
ntp client command as shown:
-> ntp client enable
This sets the switch to act as an NTP client in the passive mode, meaning the client receives updates from
a designated NTP server.
To disable the NTP software, enter the ntp client command as shown:
-> ntp client disable
Setting the Client to Broadcast Mode
It is possible to configure an NTP client to operate in the broadcast mode. Broadcast mode specifies that a
client switch listens on all interfaces for server broadcast timestamp information. It uses these messages to
update its time.
To set an OmniSwitch to operate in the broadcast mode, enter the ntp broadcast command as shown:
-> ntp broadcast enable
A client in the broadcast mode does not need to have a specified server.
Setting the Broadcast Delay
When set to the broadcast mode, a client needs to advertise a broadcast delay. The broadcast mode is
intended for operation on networks with numerous workstations and where the highest accuracy is not
required. In a typical scenario, one or more time servers on the network, broadcast messages, which are
received by NTP hosts. The correct time is determined from an NTP message based on a pre-configured
latency or broadcast delay in the order of a few milliseconds.
To set the broadcast delay, enter the ntp broadcast-delay command as shown:
-> ntp broadcast delay 1000
Configuring NTP Configuring Network Time Protocol (NTP)
page 4-10 OmniSwitch AOS Release 6 Switch Management Guide December 2017
NTP Servers
An NTP client needs to receive NTP updates from an NTP server. Each client must have at least one
server with which it synchronizes (unless it is operating in broadcast mode). There are also adjustable
server options.
Designating an NTP Server
To configure an NTP client to receive updates from an NTP server, enter the ntp server command with
the server IP address or domain name, as shown:
-> ntp server 1.1.1.1
or
-> ntp server spartacus
It is possible to remove an NTP server from the list of servers from which a client synchronizes. To do
this, enter the
ntp server command with the no prefix, as shown:
-> no ntp server 1.1.1.1
Enabling/Disabling NTP Server Synchronization Tests
To enable an NTP client to invoke NTP server synchronization tests as specified by the NTP protocol,
enter the
ntp server synchronized command as shown:
-> ntp server synchronized
NTP synchronization is enabled by default.
Note. The NTP protocol discards the NTP servers that are unsynchronized.
To disable an NTP client from invoking tests for NTP server synchronization, enter the
ntp server unsynchronized command, as shown:
-> ntp server unsynchronized
Disabling peer synchronization tests allows the NTP client to synchronize with either an NTP peer that is
not synchronized with an atomic clock or a network of NTP servers that will finally synchronize with an
atomic clock.
Setting the Minimum Poll Time
The minimum poll time is the number of seconds that the switch waits before requesting a time synchroni-
zation from the NTP server. This number is determined by raising 2 to the power of the number entered
using the
ntp server command with the server IP address (or domain name) and the minpoll keyword.
For example, to set the minimum poll time to 128 seconds, enter the following:
-> ntp server 1.1.1.1 minpoll 7
This would set the minimum poll time to 2
7
= 128 seconds.
Configuring Network Time Protocol (NTP) Configuring NTP
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 4-11
Setting the Version Number
There are currently four versions of NTP available (numbered one through four). The version that the NTP
server uses must be specified on the client side.
To specify the NTP version on the server from which the switch receives updates, use the ntp server
command with the server IP address (or domain name), version keyword, and version number, as shown:
-> ntp server 1.1.1.1 version 3
The default setting is version 4.
Marking a Server as Preferred
If a client receives timestamp updates from more than one server, it is possible to mark one of the servers
as the preferred server. A preferred server’s timestamp is used before another unpreferred server time
-
stamp.
To specify an NTP as preferred, use the ntp server command with the server IP address (or domain name)
and the prefer keyword, as shown:
-> ntp server 1.1.1.1 prefer
Configuring NTP Configuring Network Time Protocol (NTP)
page 4-12 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Using Authentication
Authentication is used to encrypt the NTP messages sent between the client and server. The NTP server
and the NTP client must both have a text file containing the public and secret keys. (This file should be
obtained from the server administrator. For more information on the authentication file, see
“Authentica-
tion” on page 4-8.)
Once both the client and server share a common MD5 encryption key, the MD5 key identification for the
NTP server must be specified on and labeled as trusted on the client side.
Setting the Key ID for the NTP Server
Enabling authentication requires the following steps:
1 Make sure the key file is located in the /networking directory of the switch. This file must contain the
key for the server that provides the switch with its timestamp information.
2 Make sure the key file with the NTP server’s MD5 key is loaded into the switch memory by issuing the
ntp key load command, as shown:
-> ntp key load
3 Set the server authentication key identification number using the ntp server command with the key
keyword. This key identification number must be the one the server uses for MD5 encryption. For exam-
ple, to specify key identification number 2 for an NTP server with an IP address of 1.1.1.1, enter:
-> ntp server 1.1.1.1 key 2
4 Specify the key identification set above as trusted. A key that has been labeled as trusted is ready for
use in the authentication process. To set a key identification to be trusted, enter the
ntp key command with
the key identification number and trusted keyword. For example, to set key ID 5 to trusted status, enter
the following:
-> ntp key 5 trusted
Untrusted keys, even if they are in the switch memory and match an NTP server, does not authenticate
NTP messages.
5 A key can be set to untrusted status by using the ntp key command with the untrusted keyword. For
example, to set key ID 5 to untrusted status, enter the following:
-> ntp key 5 untrusted
Configuring Network Time Protocol (NTP) Verifying NTP Configuration
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 4-13
Verifying NTP Configuration
To display information about the NTP client, use the show commands listed in the following table:
For more information about the resulting displays from these commands, see the “NTP Commands” chap-
ter in the OmniSwitch AOS Release 6 CLI Reference Guide.
Examples of the show ntp client, show ntp server status, and show ntp client server-list command
outputs are given in the section
“NTP Quick Steps” on page 4-3.
show ntp client Displays information about the current client NTP configuration.
show ntp server status Displays the basic server information for a specific NTP server or a list
of NTP servers.
show ntp client server-list Displays a list of the servers with which the NTP client synchronizes.
show ntp keys Displays information about all authentication keys.
Verifying NTP Configuration Configuring Network Time Protocol (NTP)
page 4-14 OmniSwitch AOS Release 6 Switch Management Guide December 2017
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 5-1
5 Managing CMM
Directory Content
The CMM (Chassis Management Module) software runs the switches. The directory structure of the CMM
software is designed to prevent corrupting or losing switch files. It also allows you to retrieve a previous
version of the switch software.
In addition to working as standalone switches, OmniSwitches can be linked together as a stack. A stack
can provide CMM redundancy; one switch is designated as the primary CMM, and one is designated as
the secondary CMM. One CMM or the other runs the switch, but never at the same time. All other
switches in a stack are designated “idle” for the purposes of CMM control.
Note. Mixing OmniSwitch 6350 and OmniSwitch 6450 models in the same stack is not supported.
Management of the stack is run by the stack configuration software. A detailed description of the stack
configuration software and how it works is provided in the “Managing Stacks” chapter found in the related
OmniSwitch AOS Release 6350/6450 Hardware Users Guide.
In This Chapter
This chapter describes the basic functions of CMM software directory management and how to
implement them by using the Command Line Interface (CLI). CLI commands are used in the
configuration examples; for more details about the syntax of commands, see the OmniSwitch AOS Release
6 CLI Reference Guide.
This chapter contains the following information:
• The interaction between the running configuration, the working directory, and the certified directory is
described in
“CMM Files” on page 5-3.
• A description of how to restore older versions of files and prevent switch downtime is described in
“Software Rollback Feature” on page 5-4.
• The CLI commands available for use and the correct way to implement them are listed in “Managing
the Directory Structure (Non-Redundant)” on page 5-13.
• The CLI commands and issues involved in managing the directory structure of a stack with redundant
CMM software is described in
“Managing Redundancy in a Stack and CMM” on page 5-25.
• The CLI command used to check the integrity of image files in working or certified directory is
described in
“Checking the Integrity of the Image” on page 5-35
CMM Specifications Managing CMM Directory Content
page 5-2 OmniSwitch AOS Release 6 Switch Management Guide December 2017
CMM Specifications
USB Flash Drive Specifications
Note: The format of the Alcatel-Lucent Certified USB Flash Drive must be FAT. To avoid file
corruption issues the USB Drive must be stopped before removing from a PC. Directory names are case
sensitive and must be lower case.
Size of Flash Memory 128 Megabytes
Size of RAM Memory 256 Megabytes
Maximum Length of File Names 32 Characters
Maximum Length of Directory Names 32 Characters
Default Boot Directory Certified
Platforms Supported OmniSwitch 6350, 6450
USB Flash Drive Support Alcatel-Lucent Certified USB Flash Drive
Automatic Software Upgrade Supported
Disaster Recovery Supported
Managing CMM Directory Content CMM Files
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 5-3
CMM Files
The management of a stack or single switch is controlled by three types of files:
• Image files, which are proprietary code developed by Alcatel-Lucent to run the hardware. These files
are not configurable by the user, but can be upgraded from one release to the next. These files are also
known as archive files as they are really the repository of several smaller files grouped under a
common heading.
• A configuration file, named boot.cfg, which is an ASCII-based text file, sets and controls the configu-
rable functions inherent in the image files provided with the switch. This file can be modified by the
user. When the switch boots, it looks for the file called boot.cfg. It uses this file to set various switch
parameters defined by the image files.
• A boot file on the OmniSwitch, named boot.slot.cfg, is an ASCII-based text file that numbers the
switches in a stack. A boot file on the OmniSwitch, named boot.params, is an ASCII-based text file
that sets the Ethernet Management Port (EMP) IP address, gateway, and mask. It also controls the baud
rate of the console port and displays directory loading information and is located in the Flash memory
of the switch.
Modifications to the switch parameters affect or change the configuration file. The image files are static
for the purposes of running the switch (though they can be updated and revised with future releases or
enhancements). Image and configuration files are stored in the Flash memory (which is equivalent to a
hard drive memory) in specified directories. When the switch is running, it loads the image and configura
-
tion files from the Flash memory into the RAM. When changes are made to the configuration file, the
changes are first stored in the RAM. The procedures for saving these changes through the CLI are detailed
in the sections to follow.
CMM Software Directory Structure
The directory structure that stores the image and configuration files is divided into two parts:
• The certified directory contains files that have been certified by an authorized user as the default files
for the switch. If the switch reboots, it would reload the files in the certified directory to reactivate its
functionality.
• The working directory contains files that can or cannot be altered from the certified directory. The
working directory is a holding place for new files. Files in the working directory must be tested before
committing them to the certified directory. You can save configuration changes to the working direc
-
tory. You can reboot the switch from the working directory by using the reload working command as
described in
“Rebooting from the Working Directory” on page 5-18.
The running configuration is the current operating parameters of the switch obtained from information
from the image and configuration files. The running configuration is in the RAM.
CMM Files Managing CMM Directory Content
page 5-4 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Where is the Switch Running From?
When a switch has booted and is running, the software used comes either from the certified directory or
the working directory. In most instances, the switch boots from the certified directory. (A switch can be
booted from the working directory by using the reload working command described in
“Rebooting from
the Working Directory” on page 5-18.)
Once the switch is booted and functioning, the switch is said to be running from a particular directory,
either the working or certified directory. Where the switch is running from is determined at the time of the
boot-up of the switch.
At the time of a normal boot (by turning on the switch power on or by using the reload command), a
comparison is made between the working directory and the certified directory. If the directories are
synchronized (all files are the same in both directories), the switch runs from the working directory. If
there is any discrepancy between the two directories (even as small as a different file size or file date), the
switch runs from the certified directory.
While a switch is running from the certified directory, you cannot save any changes made in the running
configuration. If the switch reboots, the changes made to switch parameters is lost. In order to save
running configuration changes, the switch must be running from the working directory. You can deter
-
mine where the switch is running from by using the show running directory command described in
“Show Currently Used Configuration” on page 5-23.
Software Rollback Feature
The directory structure inherent in the CMM software allows for a switch to return to a previous, more
reliable version of image or configuration files.
Initially, when normally booting the switch, the software is loaded from the certified directory. This is the
repository for the most reliable software. When the switch is booted, the certified directory is loaded into
the running configuration and used to manage switch functionality.
Changes made to the configuration file in the running configuration alters the switch functionality. These
changes are not saved unless explicitly done so by the user using the copy running-config working
command described in
“Copying the Running Configuration to the Working Directory” on page 5-16. If
the switch reboots before the configuration file in the running configuration is saved, then the certified
directory is reloaded to the running configuration and changes made to the configuration file in the
running configuration prior to the reboot are lost.
Changes to the configuration file have to be initially saved to the working directory by using the copy
running-config working or the write-memory commands. Once the configuration file is saved to the
working directory, the switch can be rebooted from the working directory. To reboot, use the reload
working command, described in
“Rebooting from the Working Directory” on page 5-18.
Likewise, new image files are always placed in the working directory first. The switch can then be
rebooted from the working directory. When this is done, the contents of the working directory are loaded
and used to set up the running configuration, which is used to control switch functionality. New image or
configuration files can now be tested for a time to decide whether they are reliable.
Should the configuration or images files prove to be less reliable than their older counterparts in the certi-
fied directory, then the switch can be rebooted from the certified directory. The switch can be “rolled
back” to an earlier version.
Once the contents of the working directory are established as good files, then these files can be saved to
the certified directory and used as the most reliable software to which the switch can be rolled back in an
emergency situation.
Managing CMM Directory Content CMM Files
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 5-5
Software Rollback Configuration Scenarios for a Single Switch
The following examples illustrate a few likely scenarios and explain how the running configuration, work-
ing directory, and certified directory interoperate to facilitate the software rollback on a single switch.
Note. This information applies to a switch stack; however, the manner in which CMM software is propa-
gated to all switches in a stack is explained in “Redundancy Scenarios” on page 5-9.
In the following examples, R represents the running configuration, W represents the working directory,
and C represents the certified directory.
Note. For the following scenarios, it is important to remember the difference between where the switch
boots from, and where the switch is running from. See
“Where is the Switch Running From?” on page 5-4
for more information.
Scenario 1: Running Configuration Lost After Reboot
Switch X is new from the factory. It is plugged in and booted up from the certified directory, the contents
of which are loaded into the running configuration. Since the working and certified directories are the
same, the switch is running from the working directory. Through the course of several days, changes are
made to the configuration file in the running configuration.
Power to the switch is interrupted, the switch reboots from the certified directory, all the changes in the
running configuration are overwritten, and the switch rolls back to the certified directory (which in this
case is the factory setting).
This is illustrated in the following diagram:
Running Configuration is Overwritten by the Certified Directory on Boot
RWC
RWC
RWC
RWC
1. Switch boots
from certified
directory by using
factory configura-
tion settings.
Since the working
and certified
directories are the
same, it will be
running from the
working direc-
tory.
2. Changes are
made to the run-
ning configura-
tion and stored in
the running con-
figuration.
3. Power is inter-
rupted and the
switch goes down.
4. Switch reboots
from certified
directory by using
factory configura-
tion settings; run-
ning configuration
changes are lost.
Since the working
and certified direc-
tories are the same,
it runs from the
working directory.
CMM Files Managing CMM Directory Content
page 5-6 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Scenario 2: Running Configuration Saved to Working Directory
The network administrator recreates the running configuration of Switch X and immediately saves the
running configuration to the working directory.
In another mishap, the power to the switch is again interrupted. The switch reboots from certified direc-
tory, overwrites all of the changes in the running configuration, and rolls back to the certified directory
(which in this case is the factory settings). However, since the configuration file was saved to the working
directory, that file is still in the working directory and can be retrieved. Since the working and certified
directories are not the same, the switch is running from the certified directory.
This is illustrated in the following diagram:
Running Configuration Saved to Working Directory
It is important to note that in the preceding scenario, the switch is using the configuration file from the
certified directory, and not the working directory. The changes made and saved to the working directory
are not in effect. The switch can be booted from the working directory by using the reload working
command.
RWC
RWC
RWC
RWC
1. Switch boots
from certified
directory using
factory configura-
tion settings.
Since the working
and certified
directories are the
same, it will be
running from the
working direc-
tory.
2. Changes are
made to the run-
ning configura-
tion and stored in
the running con-
figuration, and
then saved to the
working directory.
3. Power is inter-
rupted and the
switch goes down.
4. Switch reboots
from the certified
directory by using
factory configura-
tion settings; saved
configuration file
is still in the work-
ing directory.
Since the working
and certified direc-
tories are not the
same, it will be
running from the
certified directory.
Managing CMM Directory Content CMM Files
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 5-7
Scenario 3: Saving the Working Directory to the Certified Directory
After running the modified configuration settings and checking that there are no problems, the network
administrator decides that the modified configuration settings (stored in the working directory) are reli
-
able. The administrator then decides to save the contents of the working directory to the certified direc-
tory. Once the working directory is saved to the certified directory, the modified configuration file is
included in a normal reboot.
Since the working and certified directories are the same, the switch is running from the working directory.
Running Configuration is Saved to Working, then to the Certified Directory
RWC
RWC
RWC
RWC
1. Switch boots
from certified
directory by using
factory configura-
tion settings.
Since the working
and certified
directories are the
same, it will be
running from the
working direc-
tory.
2. Changes are
made to the run-
ning configura-
tion, stored in the
running configura-
tion, saved to the
working direc-
tory, and then
saved to the certi-
fied directory.
3. Power is inter-
rupted and the
switch goes down.
4. Switch reboots
from certified
directory by using
saved configura-
tion file in the cer-
tified directory.
Since the working
and certified direc-
tories are the same,
it will be running
from the working
directory.
CMM Files Managing CMM Directory Content
page 5-8 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Scenario 4: Roll back to Previous Version of Switch Software
Later that year, an upgraded image file is released from Alcatel-Lucent. The network administrator loads
the new file through FTP to the working directory of the switch and reboots the switch from the working
directory. Since the switch is booted from the working directory, the switch is running from the working
directory.
After the reboot loads the new image file from the working directory, it is discovered that the image file
was corrupted during the FTP transfer. Rather than having a disabled switch, the network administrator
can reboot the switch from the certified directory (which has the previous, more reliable version of the
ENI image file) and wait for a new version of the image. In the meantime, the administrator’s switch is
still functioning.
This is illustrated in the following diagram:
Switch Rolls Back to Previous File Version
RWC
RWC
RWC
RWC
1. The new file is
installed in the
working directory.
2. The new file is
loaded through a
reboot from the
working direc-
tory. The switch is
running from the
working directory.
3. The file is cor-
rupted and does
not boot correctly.
4. Switch reboots
from certified
directory by using
the old file. Since
the working and
certified directo-
ries are not the
same, it will be
running from the
certified directory.
Managing CMM Directory Content CMM Files
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 5-9
Redundancy
CMM software redundancy is one of the switch’s most important fail over features. For CMM software
redundancy, at least two fully-operational switches must be linked together as a stack. In addition, the
CMM software must be synchronized. (Refer to
“Synchronizing the Primary and Secondary CMMs” on
page 5-27 for more information.)
In a stack of switches, one of the switches has the primary role and the other switch has the secondary role
at any given time. (The primary and secondary roles are determined by the switch number indicated on the
LED on the front panel; the lowest number switch becomes the primary switch in the stack.) The primary
switch manages the current switch operations while the secondary switch provides backup (also referred to
as “fail over”).
Additional switches in a stack are set to “idle” for the purposes of redundancy. For more information on
managing a stack of switches, see the “Managing Stacks” chapter found in the related
OmniSwitch AOS Release 6350/6450 Hardware Users Guide.
When two CMMs are running in a stack, one CMM has the primary role and the other has the secondary
role at any given time. The primary CMM manages the current switch operations while the secondary
CMM provides backup (also referred to as “fail over”).
Redundancy Scenarios
The following scenarios demonstrate how the CMM software is propagated to other switches in a stack for
the purposes of coherent redundancy. In the examples below, W represents the working directory and C
represents the certified directory.
Scenario 1: Booting the Stack
The following diagram illustrates what occurs when a stack powers up. The stack displayed is a three-
switch stack.
Powering Up a Stack
WC
WC
WC
1. Stack is pow-
ered up and boots
from the certified
directory.
2. The contents of
the certified direc-
tory of the primary
CMM switch are
copied to the
working directory
of the secondary
CMM switch.
The working
directory is then
copied to the certi-
fied directory.
3. The contents of
the certified direc-
tory of the pri-
mary
CMM
switch are copied
to the working
directory of addi-
tional switches.
The working direc-
tory is then copied
to the certified
directory.
Switch #1 Switch #2 Switch #3
CMM Files Managing CMM Directory Content
page 5-10 OmniSwitch AOS Release 6 Switch Management Guide December 2017
This process occurs automatically when the switch boots. The working and certified directory relationship
described in the preceding figure in
“Software Rollback Feature” on page 5-4 continues to apply to the
primary CMM switch.
Generally speaking, the switch assigned the lowest stack number is the primary CMM switch; the switch
with the next lowest stack number is the secondary CMM switch, and all other switches are idle. For more
information on stack numbering, see the “Managing Stacks” chapter found in the related OmniSwitch AOS
Release 6350/6450 Hardware Users Guide.
Scenario 2: Rebooting from the Working Directory
Since changes to the boot.cfg file and new.img files are initially saved to the working directory,
sometimes it is necessary to boot from the working directory to check the validity of the new files. The
following diagram illustrates the synchronization process of a working directory reboot. The stack
displayed is a three switch stack.
Booting from the Working Directory
This synchronization process occurs automatically on a working directory reboot.
Note. It is important to certify the working directory and synchronize the stack as soon as the validity of
the software is established. Stacks booted from the working directory or unsynchronized stacks are at risk
of mismanaging data traffic due to incompatibilities in different versions of switch software. Certifying the
working directory is described in
“Copying the Working Directory to the Certified Directory” on
page 5-21, while synchronizing the switch is described in “Synchronizing the Primary and Secondary
CMMs” on page 5-27.
WC
WC
WC
1. Stack is booted
up from the work-
ing directory.
2. The primary
CMM switch cop-
ies its working
directory to the
secondary CMM
switch working
directory.
3. The primary
CMM switch cop-
ies its working
directory to the
other switch work-
ing directories.
Switch #1 Switch #2 Switch #3
Managing CMM Directory Content CMM Files
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 5-11
Scenario 3: Synchronizing Switches in a Stack
When changes have been made to the primary CMM switch certified directory, these changes have to be
propagated to the other switches in the stack. This could be done by rebooting the stack. However, a loss
of switch functionality is to be avoided, a copy flash-synchro command can be issued.
The following diagram illustrates the process that occurs when using a copy flash-synchro command. The
stack shown is a three switch stack.
Synchronizing Switches in a Stack
The copy flash-synchro command (described in “Synchronizing the Primary and Secondary CMMs” on
page 5-27) can be issued on its own, or in conjunction with the copy working certified command
(described in “Copying the Working Directory to the Certified Directory” on page 5-26).
Note. It is important to certify the working directory and synchronize the stack as soon as the validity of
the software is established. Stacks booted from the working directory or unsynchronized stacks are at risk
of mismanaging data traffic due to incompatibilities in different versions of switch software. Certifying
the working directory is described in
“Copying the Working Directory to the Certified Directory” on
page 5-21, while synchronizing the switch is described in “Synchronizing the Primary and Secondary
CMMs” on page 5-27.
WC
WC
WC
1. A copy flash-
synchro com-
mand is issued on
the primary
CMM
switch.
2. The contents of
the certified direc-
tory of the primary
CMM switch are
copied to the
working directory
of the secondary
CMM switch.
The working
directory is then
copied to the certi-
fied directory.
3. The contents of
the certified direc-
tory of the pri-
mary CMM switch
are copied to the
working directory
of additional
switches. The
working directory
is then copied to
the certified direc-
tory.
Switch #1 Switch #2 Switch #3
CMM Files Managing CMM Directory Content
page 5-12 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Scenario 4: Adding a New Switch to a Stack
Since the OmniSwitch is designed to be expandable, it is likely that new switches are added to stacks. The
stack automatically detects new switches added to the stack, and new switches can pass traffic without a
complete reboot of the stack.
However, a new switch added to the stack may not have the same software as the rest of the stack. In this
case, the new switch must be synchronized with the stack software.
The following diagram illustrates this idea. The diagram shows a stack of three switches to which a fourth
switch is added.
Synchronizing a Stack with Three More Switches
WC
WC
WC
WC
1. Stack is pow-
ered up and boots
from the certified
directory,
or a copy flash-
synchro com-
mand is issued.
2. The contents of
the certified direc-
tory of the primary
CMM switch are
copied to the
working directory
of the secondary
CMM switch.
The working
directory is then
copied to the certi-
fied directory.
3. The contents of
the certified direc-
tory of the pri-
mary CMM switch
are copied to the
working directory
of additional
switches. The
working directory
is then copied to
the certified direc-
tory.
4. In a stack of
four or more
switches the sec-
ondary CMM
switch assists in
the synchroniza-
tion process, after
it has been syn-
chronized with the
primary CMM
switch.
Managing CMM Directory Content Managing the Directory Structure (Non-Redundant)
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 5-13
Managing the Directory Structure
(Non-Redundant)
The following sections define commands that allow the user to manipulate the files in the directory struc-
ture of a single CMM.
Note. All of the commands described in the following sections work on switches in a stack with redun-
dancy enabled. However, there can be special circumstances that apply when modifying parameters on a
switch in a stack that do not apply to a single switch. Redundant command usage is covered in
“Managing
Redundancy in a Stack and CMM” on page 5-25. See the related OmniSwitch AOS Release 6350/6450
Hardware Users Guide for more information on switch redundancy.
Rebooting the Switch
When booting the switch, the software in the certified directory is loaded into the RAM memory of the
switch and used as a running configuration, as shown:
The certified directory software should be the best, most reliable versions of both the image files and the
boot.cfg file (configuration file). The switch runs from the certified directory after boot if the working and
certified directories are not the same. If they are the same, then the switch runs from the
working directory, allowing changes made to the running configuration to be saved. If the switch is
running from the certified directory, you cannot save any changes to the running configuration, or copy
files between the directories.
Working Certified
Running
Primary CMM
Managing the Directory Structure (Non-Redundant) Managing CMM Directory Content
page 5-14 OmniSwitch AOS Release 6 Switch Management Guide December 2017
To reboot the switch from the certified directory, enter the reload command at the prompt:
-> reload
This command loads the image and configuration files in the certified directory into the RAM memory.
These files control the operation of the switch.
Note. When the switch reboots using the reload command, it boots up from the certified directory. Any
information in the running configuration that has not been saved to the working directory is lost.
Scheduling a Reboot
It is possible to cause a reboot of the primary or secondary CMM at a future time by setting time
parameters in conjunction with the reload command, using the in or at keywords.
To schedule a reboot of the primary CMM in 3 hr and 3 min, you would enter:
-> reload primary in 3:03
To schedule a reboot of the primary CMM for June 30 at 8:00 pm, you would enter:
-> reload primary at 20:00 june 30
Note. Scheduled reboot times has to be entered in military format ( a twenty-four hour clock).
Canceling a Scheduled Reboot
To cancel a scheduled reboot, use the cancel keyword. A cancel command can be specified for a primary
reboot, a secondary reboot, or all currently scheduled reboots. for example, to cancel the primary reboot
set above, enter the following:
-> reload primary cancel
To cancel all scheduled reboots with a single command, enter the following:
-> reload cancel
Managing CMM Directory Content Managing the Directory Structure (Non-Redundant)
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 5-15
Checking the Status of a Scheduled Reboot
You can check the status of a reboot set for a later time by entering the following command:
-> show reload
or
-> show reload status
The reload command is described in detail in the OmniSwitch AOS Release 6 CLI Reference Guide.
Managing the Directory Structure (Non-Redundant) Managing CMM Directory Content
page 5-16 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Copying the Running Configuration to the Working Directory
Once the switch has booted and is running, a user can modify various parameters of switch functionality.
These changes are stored temporarily in the running configuration in the RAM of the switch. In order to
save these changes, the running configuration must be saved to the working directory as shown:
In this diagram:
1 The switch boots from the certified directory, and the software is loaded to the RAM to create a
running configuration.
2 Changes are made in the running configuration and are saved to the working directory.
Now the boot.cfg file in the running configuration and the boot.cfg file in the working directory are identi-
cal. Should the switch go down or reboot, the configuration changes made can be restored.
Note. If the switch is rebooted at this point in the process, since the certified and working directory
boot.cfg files are not the same, the switch boots up and run from the certified directory. (See
“Where is the
Switch Running From?” on page 5-4 for a description of this process.)
The modifications made to the functionality of the switch are recorded in the running configuration, in the
RAM. These changes in the RAM are only valid until the switch is rebooted. At that time, the switch
reboots from the certified directory. If the running configuration is not saved to the working directory
before a reboot, then the changes made in the running configuration are lost. To save these changes, it is
necessary to save the contents of the running configuration to the working directory.
Working Certified
Running
Primary CMM
1
2
Managing CMM Directory Content Managing the Directory Structure (Non-Redundant)
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 5-17
To save the running configuration to the working directory, enter the copy running-config working or
write memory, or copy flash-syncro command at the prompt. A trap is raised to enforce a poll whenever
a configuration file is saved. The configuration changes that are not committed are not detected by the
switch until these commands are applied as follows:
-> copy running-config working
or
-> write memory
The preceding commands perform the same function. When these commands are issued the running
configuration with all modifications made is saved to a file called boot.cfg in the working directory.
Note. This command does not function if the switch is running from the certified directory. See “Where is
the Switch Running From?” on page 5-4 for an explanation.
The copy running-config working and write memory commands are described in detail in the OmniS-
witch AOS Release 6 CLI Reference Guide.
Note. The saved boot.cfg file is overwritten if the takeover command is executed after the
copy running-config working or write memory commands in an OmniSwitch set up with redundant
CMMs.
Note. It is important to certify the working directory and synchronize the stack as soon as the validity of
the working directory software is established. Stacks booted from the working directory or unsynchro
-
nized stacks are at risk of mismanaging data traffic due to incompatibilities in different versions of switch
software. Certifying the working directory is described in
“Copying the Working Directory to the Certi-
fied Directory” on page 5-21, while synchronizing the switch is described in “Synchronizing the Primary
and Secondary CMMs” on page 5-27.
Managing the Directory Structure (Non-Redundant) Managing CMM Directory Content
page 5-18 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Rebooting from the Working Directory
Besides a regular boot of the switch (from the certified directory), you can also force the switch to boot
from the working directory. This is useful for checking whether a new configuration or image file boots up
the switch correctly, before committing it to the certified directory. (For information on saving the
working directory to the certified directory, see “Copying the Working Directory to the Certified Direc-
tory” on page 5-21.)
The following picture illustrates the case of a switch being rebooted from the working directory:
In the above diagram:
1 The certified directory is used to initially boot the switch.
2 Changes are made to the configuration file and are saved to the configuration file in the working direc-
tory by using the copy running-config working command, described in the section “Copying the Running
Configuration to the Working Directory” on page 5-16.
3 The switch is rebooted from the working directory by using the reload working command.
When a reload working command is entered, the switch prohibits a takeover from the secondary CMM.
Switch functions are suspended until the boot process is complete.
If you decide against using the new software booted from the working directory, the switch can revert to
the software stored in the certified directory by using the copy certified working command as described
in
“Copying the Certified Directory to the Working Directory” on page 5-22, or by using the reload
command as described in “Rebooting the Switch” on page 5-13.
Working Certified
Running
Primary CMM
1
2
3
Managing CMM Directory Content Managing the Directory Structure (Non-Redundant)
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 5-19
Note. If the switch is rebooted before using the copy certified working command, the switch runs from
the certified directory as the working and certified directories are not the same. This behavior is described
in “Where is the Switch Running From?” on page 5-4.
To reboot the switch from the working directory, enter the following command at the prompt, along with a
timeout period (in minutes), as shown:
-> reload working rollback-timeout 5
At the end of the timeout period, the switch reboots again normally, as if a reload command had been
issued.
Note. It is important to certify the working directory and synchronize the stack as soon as the validity of
the software is established. Stacks booted from the working directory or unsynchronized stacks are at risk
of mismanaging data traffic due to incompatibilities in different versions of switch software. Certifying
the working directory is described in
“Copying the Working Directory to the Certified Directory” on
page 5-21, while synchronizing the switch is described in “Synchronizing the Primary and Secondary
CMMs” on page 5-27.
Rebooting the Switch from the Working Directory with No Rollback Timeout
It is possible to reboot from the working directory without setting a rollback timeout, in the following
manner:
-> reload working no rollback-timeout
Scheduling a Working Directory Reboot
It is possible to cause a working directory reboot of the CMM at a future time by setting time parameters
in conjunction with the
reload working command, using the in or at keywords. You still need to specify a
rollback time-out time, or that there is no rollback.
To schedule a working directory reboot of the CMM in 3 hr and 3 min with no rollback time-out, you
would enter:
-> reload working no rollback-timeout in 3:03
To schedule a working directory reboot of the CMM at 8:00pm with a rollback time-out of 10 minutes,
you would enter:
-> reload working rollback-timeout 10 at 20:00
Note. Scheduled reboot times should be entered in military format ( a twenty-four hour clock).
Managing the Directory Structure (Non-Redundant) Managing CMM Directory Content
page 5-20 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Canceling a Rollback Timeout
To cancel a rollback time-out, enter the reload cancel command as shown:
-> reload primary cancel
or
-> reload cancel
The reload working command is described in detail in the OmniSwitch AOS Release 6 CLI Reference
Guide.
Managing CMM Directory Content Managing the Directory Structure (Non-Redundant)
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 5-21
Copying the Working Directory to the Certified Directory
When the running configuration is saved to the working directory, the working and certified directories of
the switch are now different. This difference, if the CMM reboots, causes the switch to boot and run from
the certified directory. When the switch is booted and run from the certified directory, changes made to
switch functionality cannot be saved and files cannot be moved between directories. The boot.cfg file
saved on the working directory has to be saved to the certified directory, as shown:
In this diagram:
1 The switch boots from the certified directory and changes are made to the running configuration.
2 The changes are saved to the working directory as the boot.cfg file.
3 The contents of the working directory are saved to the certified directory.
Once the working directory is copied to the certified directory, and the switch reboots, it reboots from the
certified directory but run from the working directory. When the switch runs in this fashion, changes made
to the running configuration can be saved to the working directory as described in
“Copying the Running
Configuration to the Working Directory” on page 5-16.
Note. Only software that has been thoroughly validated as viable and reliant software has to be copied to
the certified directory. Once you copy software to the certified directory, you will not be able to recover a
previous version of the image or configuration files.
Working Certified
Running
Primary CMM
3
1
2
Managing the Directory Structure (Non-Redundant) Managing CMM Directory Content
page 5-22 OmniSwitch AOS Release 6 Switch Management Guide December 2017
When the software on the working directory of a switch has proven to be effective and reliable, eventually
the contents of the working directory should be copied into the certified directory.
To copy the contents of the working directory to the certified directory, enter the following command at
the prompt:
-> copy working certified
The copy working certified command is only valid if the switch is running from the working directory. If
you attempt to copy the working directory to the certified directory when the switch is running from the
certified directory, nothing happens, and the files in the certified directory remains unchanged.
Note. In order for this command to work, the amount of free space in flash must equal the size of the files
being copied. If there is not enough free space, the copy attempt fails and an error message is generated.
Only image files, the boot.cfg file, and the certs.pem file should be kept in the working directory.
Note. It is important to synchronize the stack as soon as the validity of the software is established. Unsyn-
chronized stacks are at risk of mismanaging data traffic due to incompatibilities in different versions of
switch software. Synchronizing the switch is described in
“Synchronizing the Primary and Secondary
CMMs” on page 5-27.
Copying the Certified Directory to the Working Directory
It is possible to copy the contents of the certified directory to the working directory. This is done by using
the following CLI command:
-> copy certified working
If this command is executed, all files in the working directory is permanently overwritten by the contents
of the certified directory.
The copy working certified command is described in detail in the OmniSwitch AOS Release 6 CLI Refer-
ence Guide.
Note. In order for this command to work, the amount of free space in flash must equal the size of the files
being copied. If there is not enough free space, the copy attempt fails and an error message is generated.
Only image files, the boot.cfg file, and the certs.pem file should be kept in the certified directory.
Managing CMM Directory Content Managing the Directory Structure (Non-Redundant)
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 5-23
Show Currently Used Configuration
When a switch is booted, the certified and working directories are compared. If they are the same, the
switch runs from the working directory. If they are different, the switch runs from the certified directory.
A switch running from the certified directory cannot modify directory contents. (This topic is covered in
“Where is the Switch Running From?” on page 5-4.)
To check the directory from where the switch is currently running, enter the following command:
->show running-directory
CONFIGURATION STATUS
Running CMM : PRIMARY,
CMM Mode : DUAL CMMs,
Current CMM Slot : 1,
Running configuration : WORKING,
Certify/Restore Status : CERTIFY NEEDED
SYNCHRONIZATION STATUS
Flash Between CMMs : SYNCHRONIZED,
Running Configuration : NOT AVAILABLE,
Stacks Reload on Takeover: ALL STACKs (SW Activation)
The command returns the directory the switch is currently running from (working or certified) and which
CMM is currently controlling the switch (primary or secondary). It also displays whether the working and
certified directories are the same, and if a synchronization is needed between the primary and secondary
CMM.
The show running-directory command is described in detail in the OmniSwitch AOS Release 6 CLI
Reference Guide.
Managing the Directory Structure (Non-Redundant) Managing CMM Directory Content
page 5-24 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Show Switch Files
The files currently installed on a switch can be viewed using the show microcode command. This
command displays the files currently in the specified directory.
To display files on a switch, enter the show microcode command with a directory, as shown:
-> show microcode certified
Package Release Size Description
-----------------+---------------+--------+----------------------------------
KFbase.img 6.7.1.20.R02 17364947 Alcatel-Lucent Base Software
KFos.img 6.7.1.20.R02 2607699 Alcatel-Lucent OS
KFeni.img 6.7.1.20.R02 5944695 Alcatel-Lucent NI software
KFsecu.img 6.7.1.20.R02 618493 Alcatel-Lucent Security Management
KFdiag.img 6.7.1.20.R02 2411898 Alcatel-Lucent Diagnostic Software
If no directory is specified, the files that have been loaded into the running configuration are shown.
Managing CMM Directory Content Managing Redundancy in a Stack and CMM
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 5-25
Managing Redundancy in a Stack and CMM
The following section describe circumstances that the user should be aware of when managing the CMM
directory structure on a stack with redundant CMMs. It also includes descriptions of the CLI commands
designed to synchronize software between the primary and secondary CMMs.
Rebooting the Switch
When you reload the primary switch CMM in a stack, the secondary switch takes over the primary
function. If the stack is comprised of three or more switches, then the original primary switch becomes
“idle” and the next available “idle” switch becomes the secondary CMM. For more information on stacks,
see the “Managing Stacks” chapter found in the OmniSwitch AOS Release 6350/6450 Hardware Users
Guide.
You can specify a reboot of the secondary CMM by using the secondary keyword in conjunction with the
reload command. for example, to reboot the secondary CMM, enter the reload command as shown:
-> reload secondary
In this case, the current primary CMM continues to run, while the secondary CMM reboots.
Scheduling a Reboot
It is possible to cause a reboot of the primary or secondary CMM at a future time by setting time
parameters in conjunction with the reload command.
For example, to schedule a reboot of the secondary CMM in 8 hours and 15 minutes on the same day,
enter the following at the prompt:
-> reload secondary in 08:15
Note. Scheduled reboot times should be entered in military format ( a twenty-four-hour clock).
Canceling a Scheduled Reboot
To cancel a scheduled reboot, use the cancel keyword. A cancel command can be specified for a primary
reboot, a secondary reboot, or all currently scheduled reboots. For example, to cancel the primary reboot
set in the preceding example, enter the following:
-> reload secondary cancel
Secondary CMM Fail Over
While rebooting the switch during normal operation, a secondary CMM is installed, the switch will “fail
over” to the secondary CMM. “Fail over” means the secondary CMM takes the place of the primary
CMM. This prevents the switch from ceasing functionality during the boot process.
When the primary switch CMM in a stack fails over, the secondary switch takes over the primary func-
tion. If the stack comprises three or more switches, then the original primary switch becomes “idle” and
the next available “idle” switch becomes the secondary CMM. For more information on stacks, see the
“Managing Stacks” chapter found in the OmniSwitch AOS Release 6350/6450 Hardware Users Guide.
Synchronizing the primary and secondary CMMs is done using the copy flash-synchro command
described in “Synchronizing the Primary and Secondary CMMs” on page 5-27.
Managing Redundancy in a Stack and CMM Managing CMM Directory Content
page 5-26 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Note. If a switch fails over to the secondary CMM, it is necessary to have a management interface connec-
tion to the secondary CMM (such as an Ethernet port or a console port).
Copying the Working Directory to the Certified Directory
Synchronizing the Primary and Secondary CMMs
At the same time that you copy the working directory to the certified directory, you can synchronize the
secondary CMM with the primary CMM. In the case of redundant CMMs, this ensures that the two
modules are booting from the same software.
To copy the working directory to the certified directory of the primary CMM and at the same time
synchronize the software of the primary and secondary CMM, use the following command:
-> copy working certified flash-synchro
Note. This command does not function if the switch is running from the certified directory. See “Where is
the Switch Running From?” on page 5-4 for an explanation.
The copy working certified command synchronizes all switches in a stack. This command is described in
detail in the OmniSwitch AOS Release 6 CLI Reference Guide.
Note. When synchronizing the primary and secondary CMMs, it is important to remember that the
boot.params file and the switch date and time are not automatically synchronized. See the OmniSwitch
AOS Release 6350/6450 Hardware Users Guide for information on the boot.params file, and
Chapter 1,
“Managing System Files,” for information on setting the switch date and time. The date and time are
synchronized using the system time-and-date synchro command.
Managing CMM Directory Content Managing Redundancy in a Stack and CMM
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 5-27
Synchronizing the Primary and Secondary CMMs
If you have a secondary CMM in your switch, it is necessary to synchronize the software between the
primary and secondary CMMs. If the primary CMM goes down (for example, during a reboot), then the
switch fails over to the secondary CMM. If the software in the secondary CMM is not synchronized with
the software in the primary CMM, the switch does not function as configured by the administrator.
The synchronization process is shown in the following diagram :
In the above diagram:
1 The primary CMM copies its certified directory to the secondary CMM working directory (remember
that you cannot copy files directly to the certified directory, they must first be copied to the working
directory).
2 An automatic reboot is then triggered on the secondary CMM, loading the new contents of the
working directory to the running configuration.
3 If no problems exist, then the working directory is automatically copied to the certified directory of the
secondary CMM.
If the secondary CMM fails to boot properly, then the contents of the secondary CMM’s certified direc-
tory overwrite the new software on the working directory of the secondary CMM. This causes denying the
attempted synchronization process.
This process copies the files in the certified directory of the primary CMM to the certified directory of the
secondary CMM. This prevents the secondary CMM from rebooting using incorrect or out-of-date soft
-
ware if the primary CMM goes down.
This command synchronizes all switches in a stack.
Working
Certified
Running
Secondary CMM
Working
Certified
Primary CMM
1
3
2
Managing Redundancy in a Stack and CMM Managing CMM Directory Content
page 5-28 OmniSwitch AOS Release 6 Switch Management Guide December 2017
To synchronize the secondary CMM to the primary CMM, enter the following command at the prompt:
-> copy flash-synchro
The copy flash-synchro command is described in detail in the OmniSwitch AOS Release 6 CLI Reference
Guide.
Note. When synchronizing the primary and secondary CMMs, it is important to remember that the
boot.params file and the switch date and time are not automatically synchronized. See the OmniSwitch
Hardware Guide for information on the boot.params file and information on setting the switch date and
time. The date and time are synchronized using the system time-and-date synchro command.
Synchronizing the System Date and Time
To synchronize the system date and time, use the system time-and-date synchro command. This
command synchronizes the secondary CMM date and time to the primary CMM date and time.
Enter the command as shown:
-> system time-and-date synchro
Managing CMM Directory Content Managing Redundancy in a Stack and CMM
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 5-29
Swapping the Primary CMM for the Secondary CMM
If the primary CMM is having problems, or if it needs to be shut down, then the secondary CMM can be
instructed to “take over” the switch operation as the primary CMM is shut down.
Note. It is important that the software for the secondary CMM has been synchronized with the primary
CMM before you initiate a secondary CMM takeover. If the CMMs are not synchronized, the takeover
could result in the switch running old or out-of-date software. Synchronizing the primary and secondary
CMMs is described in “Synchronizing the Primary and Secondary CMMs” on page 5-27.
To instruct the secondary CMM to takeover switch functions from the primary CMM, enter the following
command at the prompt:
-> takeover
The takeover command is described in detail in the OmniSwitch AOS Release 6 CLI Reference Guide.
In a stack with three or more switches, the secondary CMM takes over as primary and the original primary
becomes “idle.” The next available idle switch becomes the new secondary CMM. For more information
on stacks, see the “Managing Stacks” chapter found in the OmniSwitch AOS Release 6350/6450 Hard
-
ware Users Guide.
Note. The saved boot.cfg file is overwritten if the takeover command is executed after the
copy running-config working or write memory command on an OmniSwitch 6350, 6450 switch set up
with redundant CMMs.
Managing Redundancy in a Stack and CMM Managing CMM Directory Content
page 5-30 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Show Currently Used Configuration
In a chassis with a redundant CMM, the display for the currently running configuration tells the user if the
primary and secondary CMMs are synchronized.
To check the directory from where the switch is currently running and if the primary and secondary
CMMs are synchronized, enter the following command:
->show running-directory
CONFIGURATION STATUS
Running CMM : PRIMARY,
CMM Mode : DUAL CMMs,
Current CMM Slot : 1,
Running configuration : WORKING,
Certify/Restore Status : CERTIFY NEEDED
SYNCHRONIZATION STATUS
Flash Between CMMs : SYNCHRONIZED,
Running Configuration : NOT AVAILABLE,
Stacks Reload on Takeover: ALL STACKs (SW Activation)
The command returns the name of the directory the switch is currently running from (working or certi-
fied), and also displays the CMM which is currently controlling the switch (primary or secondary). It also
displays whether the working and certified directories are the same and whether a synchronization is
needed between the primary and secondaryCMM. In addition, the command output displays how many
modules in the stack are reloaded in the event of a management module takeover. Options include NONE,
ALL, or a list of specific modules. Refer to the following section for additional information on NI module
behavior during a redundant CMM takeover.
The show running-directory command is described in detail in the OmniSwitch AOS Release 6 CLI
Reference Guide.
Managing CMM Directory Content Managing Redundancy in a Stack and CMM
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 5-31
NI Module Behavior During Takeover
If there are no unsaved configuration changes and the flash directories on both the primary and secondary
management modules have been synchronized through the
copy flash-synchro command, no NIs is
reloaded if a management module takeover occurs. As a result, data flow is not interrupted on the NIs
during the takeover.
If a configuration change is made to one or more NI modules (for example, a VLAN is configured on
several different interfaces) and the changes are not saved through the
write memory command, the
corresponding NIs automatically reloads if a management module takeover occurs. Data flow on the
affected NIs will be interrupted until the reload is complete. Note that the NIs reloads whether the flash
synchronization status shows SYNCHRONIZED. This is because the unsaved changes have occurred in
the running configuration (RAM), and have not been written to the configuration file of the flash direc
-
tory. In this case, a list of only the affected NIs is displayed in the table output (for example, 1 6).
If the flash directories on the primary and secondary management modules are not synchronized (for
example, a
copy flash-synchro command has not been issued recently), all NIs is reloaded automatically
if a management module takeover occurs. Data flow is interrupted on all NIs until the reload is complete.
Using the USB Flash Drive Managing CMM Directory Content
page 5-32 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Using the USB Flash Drive
An Alcatel-Lucent certified USB flash drive can be connected the CMM and used to transfer images to
and from the flash memory on the switch. This can be used for upgrading switch code or backing up files.
Additionally, automatic code upgrades as well as the capability to boot from the USB flash drive for disas
-
ter recovery purposes are also supported. For the automatic upgrades and disaster recovery the USB flash
drive must be configured with the proper directory structure, depending on the platform, as noted in the
following table. Once the flash drive is properly mounted a directory named /uflash is automatically
created. Files can then be copied to and from the /uflash directory.
The directories below must be created on the USB flash drive for feature support.
Transferring Files Using USB
The following is an example of how to mount and transfer files using the USB flash drive using the usb
and umount commands.
-> usb enable
-> cp /flash/working/boot.cfg /uflash/boot.cfg
-> umount /uflash
Once the USB flash drive is mounted most common file and directory commands can be performed on the
/uflash directory.
Automatically Upgrading Code Using USB
The switch can be configured to automatically mount and copy image files from the USB flash drive as
soon as it’s connected. This can be used to automatically upgrade code. In order to prevent an accidental
upgrade, a file named aossignature must be stored on the USB flash drive as well as having a directory
with the same name as the product family as noted in the table above. The following is an example for an
OmniSwitch 6450 using the
usb auto-copy command
Note: The aossignature file can be an empty text file.
1 Create a file named aossignature in the root of the USB flash drive.
2 Create a directory named 6450/working on the USB flash drive with all the proper image files.
3 -> usb enable
4 -> usb auto-copy enable
5 Connect the USB flash drive to the CMM. The presence of image files on the USB flash drive is
checked and then copied from the USB flash drive directory /uflash/6450/working to the /flash/working
directory of the CMM. The switch now reboots from the /flash/working directory applying the code
upgrade.
6 Once the switch reboots the auto-copy feature is automatically disabled to prevent another upgrade.
Product Family Name Auto-Upgrade Support Disaster-Recovery Support
OmniSwitch 6450 6450/working 6450/certified
OmniSwitch 6350 6350/working 6350/certified
Managing CMM Directory Content Using the USB Flash Drive
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 5-33
Disaster Recovery Using USB
The switch can be recovered from the USB flash drive. This can be used if the image files on the CMM
become corrupted, deleted, or the switch is unable to boot from the CMM for other reasons. The follow
-
ing is an example for an OmniSwitch 6450:
1 It is recommended to prepare the USB flash drive prior to needing it for disaster recovery.
2 Create a directory named 6450/certified on the USB flash drive with all the proper backup system and
configuration files.
3 Connect the USB flash drive to the CMM. The CMM flash is reformatted and the images are copied
from the USB flash drive directory /uflash/6450/certified to the /flash/certified directory of the CMM and
the switch reboots from the /flash/certified directory.
4 Now that the switch has been recovered it can be reconfigured as needed.
Note: The OmniSwitch must have a properly working 6.6.4 version of uboot/miniboot to support the
Disaster Recovery feature.
If a backup boot.cfg file is on the USB flash drive it is copied along with the image files and can be used
to recover the switch configuration.
Emergency Restore of the boot.cfg File Managing CMM Directory Content
page 5-34 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Emergency Restore of the boot.cfg File
If all copies of the boot.cfg file have been deleted and a system boot has occurred, network configuration
information is permanently lost. However, if the files have been deleted and no boot has occurred you can
issue a write memory command to regenerate the boot.cfg file.
Can I Restore the boot.file While Running from Certified?
Yes. While it is not recommended that you routinely save configuration changes while running from the
certified directory, you can perform an emergency restore of your configuration by following the steps:
1 Copy your current configuration to a manually-generated boot.cfg file in the /flash directory by enter-
ing the following command:
-> configuration snapshot all boot.cfg
2 Copy the new boot.cfg file from the /flash directory to the /flash/working directory by using the cp
command. for example:
-> cp boot.cfg working/boot.cfg
3 Reboot the switch from the /flash/working directory by entering the following command:
-> reload working no rollback-timeout
Once the boot.cfg file is confirmed to be good, it has to be saved to the certified directory by using the
procedure described in
“Copying the Working Directory to the Certified Directory” on page 5-21.
Managing CMM Directory Content Checking the Integrity of the Image
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 5-35
Checking the Integrity of the Image
To check the integrity of image files in working or certified directory, use the image integrity-check
command.
For example,
-> image integrity-check working
HASH for KFsecu.img : BC077D4A467CA0794E231A841342783793AE48E8
HASH for KFeni.img : 9E09B914CFCA80333F6405116ADB89DF76A025C4
HASH for KFos.img : CD1C0743F1EEBF3480677D649F0748FB70FE3A11
HASH for KFdiag.img : 4CF2A1E394906D40E6DBE6817C66664322B4CAED
HASH for KFbase.img : 3955CDAA1C49DC50D0B52BE35DA2E5E0769C710D
-> Image integrity-check working hash.txt
Computing the HASH for image files .....
Image integrity check success for KFsecu.img
Image integrity check success for KFeni.img
Image integrity check success for KFos.img
Image integrity check success for KFdiag.img
Image integrity check success for KFbase.img
When the command is entered without the filename, the SHA256 hash of the image files in selected direc-
tory (working/certified) is calculated and displayed. It can be manually verified against the hash provided
in the file.
When the command is entered with the filename, the SHA hash is calculated on the individual image files
in the selected directory (working/certified) and compared with the hash information in the file.
Hash value for the images needs to be stored in the <filename> in the below format.
KFsecu.img:AE02549EA4D793593AD676F8A49A6522F2C9F4E
KFeni.img:7F95BE32F2F1CB12E31D635AFA873C149551F1EA
Displaying CMM Conditions Managing CMM Directory Content
page 5-36 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Displaying CMM Conditions
To show various CMM conditions, such as where the switch is running from and which files are installed,
use the following CLI show commands:
For more information on the resulting displays from these commands, see the OmniSwitch AOS Release 6
CLI Reference Guide. An example of the output for the show microcode command is given in
“Show
Switch Files” on page 5-24.
show running-directory Shows the directory from where the switch was booted.
show reload Shows the status of any time delayed reboot(s) that are pending on the
switch.
show microcode Displays microcode versions installed on the switch.
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 6-1
6 Using the CLI
Command Line Interface (CLI) is a text-based configuration interface that allows you to configure switch
applications and to view switch statistics. Each CLI command applicable to the switch is defined in the
OmniSwitch AOS Release 6 CLI Reference Guide. All command descriptions listed in the Reference Guide
include command syntax definitions, defaults, usage guidelines, example screen output, and release
history.
This chapter describes various rules and techniques that help use the CLI to its best advantage. This
chapter includes the following sections:
• “CLI Overview” on page 6-3
• “Command Entry Rules and Syntax” on page 6-4
• “CLI Services” on page 6-11
• “Logging CLI Commands and Entry Results” on page 6-17
Using the CLI CLI Specifications
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 6-2
CLI Specifications
The following table lists specifications for the Command Line Interface.
Platforms Supported OmniSwitch 6350, 6450
Configuration Methods
• Online configuration through real-time sessions using CLI
commands.
• Offline configuration using text file holding CLI commands.
Command Capture Feature Snapshot feature captures switch configurations in a text file.
User Service Features
• Command Line Editing
• Command Prefix Recognition
• CLI Prompt Option
• Command Help
• Keyword Completion
• Command History (up to 30 commands)
• Command Logging (up to 100 commands; detailed information)
• Syntax Error Display
• Alias Command Option
• More Command
CLI Overview Using the CLI
page 6-3 OmniSwitch AOS Release 6 Switch Management Guide December 2017
CLI Overview
The CLI uses single-line text commands that are similar to other industry standard switch interfaces.
However, the Alcatel-Lucent CLI is different from industry standard interfaces in that the Alcatel-Lucent
uses a single level command hierarchy.
Unlike other switch interfaces, the Alcatel-Lucent CLI has no concept of command modes. Other CLIs
require you to step your way down a tree-type hierarchy to access commands. Once you enter a command
mode, go back to the top of the hierarchy before you enter a command in a different mode. The
Alcatel-Lucent switch answers any CLI command at any time because there is no hierarchy.
Online Configuration
To configure parameters and view statistics, connect the switch to a terminal, such as a PC or UNIX
workstation, using terminal emulation software. This connection can be made directly to the serial port of
the switch through a modem, or over a network through Telnet. For information about connecting a
terminal to the switch, see the OmniSwitch AOS Release 6350/6450 Hardware Users Guide.
Note. If you are using an OmniSwitch 6350, 6450 switch in a stacked configuration, you must be
connected to the console port of the primary switch. For detailed information on primary switch status,
refer to the OmniSwitch AOS Release 6350/6450 Hardware Users Guide.
Once you are logged in to the switch, configure the switch directly using CLI commands. Commands
executed in this manner normally take effect immediately. The majority of CLI commands are
independent, single-line commands and therefore can be entered in any order. However, some functions
require you to configure specific network information before other commands can be entered. For
example, before you can assign a port to a VLAN, first create the VLAN. For information about CLI
command requirements, refer to the OmniSwitch AOS Release 6 CLI Reference Guide.
Offline Configuration Using Configuration Files
CLI configuration commands can be typed into a generic text file. When the text file is placed in the
switch /flash/working directory, its commands are applied to the switch when the
configuration apply
command is issued. Files used in this manner are called configuration files.
A configuration file can be viewed or edited offline using a standard text editor. It can then be uploaded
and applied to additional switches in the network. This allows you to clone switch configurations easily.
This ability to store comprehensive network information in a single text file facilitates troubleshooting,
testing, and overall network reliability.
See Chapter 7, “Working With Configuration Files,” for detailed information about configuration files.
Using the CLI Command Entry Rules and Syntax
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 6-4
Command Entry Rules and Syntax
When you start a session on the switch, you can execute CLI commands as soon as you are logged in. The
following rules apply:
• Enter only one command per line.
• No command can be extended across multiple lines.
• Passwords are case sensitive.
• Commands are not case sensitive. The switch accepts commands entered in upper case, lower case, or a
combination of both.
• Press Enter to complete each command line entry.
• To use spaces within a user-defined text string, enclose the entry in quotation marks (“ ”).
• If you receive a syntax error (that is, ERROR: Invalid entry:), double-check your command as written
and re-enter it exactly as described in the OmniSwitch AOS Release 6 CLI Reference Guide. Be sure to
include all syntax option parameters.
• To exit the CLI, type exit, and press Enter.
Text Conventions
The following table contains text conventions and usage guidelines for CLI commands as they are
documented in this manual.
bold text Indicates basic command and keyword syntax.
Example: show snmp station
“ ” (Quotation Marks) Used to enclose text strings that contain spaces
Example: vlan 2 name “new test vlan”
Command Entry Rules and Syntax Using the CLI
page 6-5 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Using “Show” Commands
The CLI contains show commands that allow you to view configuration and switch status on your console
screen. The show syntax is used with other command keywords to display information pertaining to those
keywords.
For example, the show vlan command displays a table of all VLANs currently configured, along with
pertinent information about each VLAN. Different forms of the show vlan command can be used to
display different subsets of VLAN information. For example the show vlan rules command displays all
rules defined for a VLAN.
Using the “No” Form
The OmniSwitch AOS Release 6 CLI Reference Guide defines all CLI commands and explains their
syntax. Whenever a command has a “no” form, it is described on the same page as the original command.
The “no” form of a command can be used for the following:
• Remove the configuration created by a command. For example, create a VLAN with the vlan
command, and delete a VLAN using the no vlan command.
• Reset a configuration value to its default. For example, create a static IGMP entry on a specified port of
a specified VLAN with the ip multicast static-group command. You can remove the static IGMP
entry from a specified port on a specified VLAN with the no ip multicast static-group command.
Using “Alias” Commands
Define substitute text for the CLI commands in the switch by using the alias command.
There are two main reasons for defining aliases:
• To eliminate excess typing by reducing the number of characters required for a command.
To reduce the number of characters required to use the group term in a CLI command, you can change the
syntax to gp as follows:
-> alias gp group
• To change unfamiliar command words into familiar words or patterns.
If you prefer the term “privilege” to the term “attribute” with reference to the read-write capabilities of a
login account, you can change the CLI word from attrib to privilege by using the following command.
-> alias privilege attrib
After an alias has been defined, both the alias and the original CLI term are supported as valid CLI terms.
For example if privilege is defined as an alias as shown above, both privilege and attrib work as CLI
commands and both words are shown when you use the CLI help feature.
You can save command aliases for the current user account by executing the user profile save command.
If the aliases are not saved they are stored until the user session ends. In this case, once you log off the
switch, substitute terms configured with the
alias command are destroyed.
To display aliases, use the show alias command. To set all alias values back to their factory defaults, use
the user profile reset command.
Using the CLI Command Entry Rules and Syntax
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 6-6
Partial Keyword Completion
The CLI has a partial keyword recognition feature that allows the switch to recognize partial keywords to
CLI command syntax. Instead of typing the entire keyword, type only as many characters as is necessary
to identify the keyword uniquely, then press the Tab key. The CLI completes the keyword and place the
cursor at the end of the keyword.
When you press Tab to complete a command keyword, one of four things can happen:
• You enter enough characters (prior to Tab) to identify the command keyword uniquely.
In this case, pressing Tab causes the CLI to complete the keyword and place a space followed by the
cursor at the end of the completed keyword.
• You do not enter enough characters (prior to Tab) to identify the command keyword uniquely.
In this case pressing Tab has no effect.
• You enter characters that do not belong to a keyword that can be used in this instance.
In this case, pressing Tab removes the characters and place the cursor back to its previous position.
• You enter enough characters (prior to Tab) to identify a group of keywords uniquely such that all
keywords in the group share a common prefix.
In this case, pressing Tab causes the CLI to complete the common prefix and place the cursor at the end of
the prefix. In this case, no space is placed at the end of the keyword.
Note. The keyword completion feature accepts wildcards.
CLI Auto Completion
The space key can be used for auto completion of the CLI command similar to TAB key. If the space
key is pressed, auto-completion will complete the keyword.
When you enter an incorrect keyword, pressing space key will not remove the keyword whereas
pressing the TAB key will remove the keyword while attempting auto-completion.
Use the command session cli-auto-complete-space enable to enable this feature.
Command Help Using the CLI
page 6-7 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Command Help
The CLI has an internal help feature you can invoke by using the question mark (?) character as a
command. The CLI help feature provides progressive information on how to build your command syntax,
one keyword at a time.
If you do not know the first keyword of the command you need, you can use a question mark character at
the CLI system prompt. The CLI responds by listing command keywords divided into command sets. You
can find the first keyword for the command you need by referring to the list on your screen. The
following is a partial display:
-> ?
WHOAMI WHO VIEW VI VERBOSE USER UPDATE TTY TELNET6 TELNET SYSTEM SWLOG SSH6
SSH SHOW SFTP6 SFTP SESSION RZ RMDIR RM RENAME PWD PROMPT NTP NSLOOKUP NO NEWFS
MV MOVE MORE MODIFY MKDIR LS KILL IP INSTALL HISTORY FTP FSCK FREESPACE EXIT
DSHELL DIR DELETE DEBUG CP COMMAND-LOG CHMOD CD AUTO ATTRIB ALIAS
(System Service & File Mgmt Command Set)
(Additional output not shown)
The command keywords are shown in all capital letters. The name of the command set is listed
parenthetically below the keywords in initial caps.
The following table contains the first-level commands and their set names as they are listed on the display
screen when you enter a single question mark and press Enter.
Command Set Name Commands
System Service &
File Management
WHOAMI, WHO, VIEW, VI, VERBOSE, USER, UPDATE, TTY,
TELNET6, TELNET, SYSTEM, SWLOG, SSH6, SSH, SHOW,
SFTP6, SFTP, SESSION, RZ, RMDIR, RM, RENAME, PWD,
PROMPT, NTP, NSLOOKUP, NO, NEWFS, MV, MOVE, MORE,
MODIFY, MKDIR, LS, KILL, IP,
HISTORY, FTP, FSCK, FREESPACE, EXIT, DSHELL, DIR,
DELETE, DEBUG, CP, COMMAND-LOG, CHMOD, CD, AUTO,
ATTRIB, ALIAS
CMM Chassis Supervision COPY, WRITE, POWER, TEMP-THRESHOLD, TAKEOVER,
SYSTEM, SHOW, RRM, RPUT, RLS, RGET, RELOAD, RDF,
RCP, NO, DEBUG, CONFIGURE
Source Learning SOURCE-LEARNING, SHOW, PORT-SECURITY, NO, MAC-
ADDRESS-TABLE, DEBUG
Spanning Tree SHOW, BRIDGE
VLAN VLAN, SHOW, NO, MAC-ADDRESS-TABLE, DEBUG
Link Aggregation STATIC, SHOW, NO, LINKAGG, LACP
Miscellaneous HTTP, TRACEROUTE, SNMP, SHOW, RMON, PORT, POLICY,
PING, NO, MAC-RANGE, MAC, LANPOWER, IP, IPV6, ICMP,
HTTPS, HRE, HEALTH, GMAP, DEBUG, CLEAR, ARP, AMAP,
802.1X
AAA & Configuration
Manager
USER, SHOW, PASSWORD, NO, END-USER, DEBUG,
CONFIGURATION, AAA
Interface TRAP, SHOW, NO, INTERFACES, FLOW, DEBUG, 10GIG
Using the CLI Command Help
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 6-8
IP Routing & Multicast DEBUG, TRACEROUTE6, SHOW, PING6, NO, IPV6, IP, CLEAR
QoS SHOW, QOS, POLICY, NO, DEBUG
Debug UPDATE, SHOW, NO, DEBUG
Command Set Name Commands
Command Help Using the CLI
page 6-9 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Tutorial for Building a Command Using Help
The Help feature allows you to figure out syntax for a CLI command by using a series of command line
inquiries together with some educated guesses. If you do not know the correct CLI command you can use
the Help feature to determine the syntax.
This tutorial shows you how to use help to find the CLI syntax to create a VLAN. This VLAN will be
given the ID number 33 and will be named “test vlan 2.”
1 At the command prompt, enter vlan followed by a space and a question mark. The following is
displayed:
-> vlan ?
^
PORT NO IPMVLAN 802.1Q <vid> <vlan1-vlan2>
(Vlan Command Set)
The question mark character invokes the help feature, which displays keywords that can be used with the
vlan prefix. As you are setting up a new VLAN, you can presume the proper command for this task is
shown in the VLAN Manager Command Set. This set shows the possible keywords to follow the vlan
syntax.
Note. The presumptions you make while using the help feature are educated guesses. Whenever you make
a guess as to the next keyword, it is a good idea to enter the keyword followed by a space and a question
mark.
2 At the command prompt, enter the number 33 followed by a space and a question mark. This step
either gives you more choices or an error message.
-> vlan 33 ?
^
<cr> AUTHENTICATION DISABLE ENABLE NAME NO PORT ROUTER STP
(Vlan Manager Command Set)
BINDING DHCP IP MAC NO PORT PROTOCOL USER
(Group Mobility Command Set)
802.1Q NO
(Miscellaneous Command Set)
In this example, the question mark displays all keywords that can be used with the vlan 33 syntax. As you
are setting up a new VLAN, and want to give the VLAN a name, you can presume the proper syntax for
this task is NAME as shown in the VLAN Manager Command Set.
Using the CLI Command Help
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 6-10
3 At the command prompt, enter name followed by a space and a question mark. This step either gives
you more choices or an error message.
-> vlan 33 name ?
^
<hex> <"string"> <string>
(Vlan Manager Command Set)
There is a smaller set of keywords available for use with the vlan 33 name syntax. This is because the
command becomes more specialized as more keywords are added. From the choices shown on the screen,
you can enter a hex value, a text string enclosed in quotes (“ ”) or a text string without quotes. In this case,
the name selected for the VLAN includes spaces so use the syntax enclosed in quotes.
4 At the command prompt, enter the name of the VLAN enclosed in quotes, followed by a space and a
question mark.
-> vlan 33 name "test vlan 2" ?
^
<cr>
(Vlan Manager Command Set)
When the question mark is issued this time, the only syntax listed is <cr>. This means that the command
syntax is complete. When you press Enter, the command is issued.
Note. Optional. To verify that the command was accepted, enter the show vlan command. The display is
similar to the one shown here.
-> show vlan
vlan admin oper stree auth ip name
-----+-------+------+-------+------+----+-----+---------------------------------
1 on off on off off VLAN 1
33 on off on off off test vlan 2
The second entry verifies that a VLAN was created, the VLAN ID is 33, and the name is test vlan 2.
CLI Services Using the CLI
page 6-11 OmniSwitch AOS Release 6 Switch Management Guide December 2017
CLI Services
There are several services built into the CLI that help you use the interface. The Command Line Editing
service makes it easy for you to enter and edit repetitive commands. Other CLI services, such as syntax
checking, command help, prefix prompt, and history assist you in selecting and using the correct command
syntax for the task you are performing.
Command Line Editing
CLI commands are entered from your keyboard and are executed when you press Enter. The CLI also has
several editing features that make it easier for you to enter the correct commands, either by allowing you
to correct entry mistakes or by helping you enter the correct command.
Deleting Characters
You can delete CLI command characters by using the Backspace key or the Delete key. The Backspace
key deletes each character in the line, one at a time, from right to left. Note the following command entry:
-> show macrocode
The correct syntax is “show microcode”. To change the spelling in this entry, use the Backspace key to
delete all of the characters after the “m”.
-> show m
Type the correct syntax, then press Enter to execute the command.
To change incorrect syntax with the Delete key, use the Left Arrow key to move the cursor to the left of
the character to be deleted, then use the Delete key to remove characters to the right of the cursor. Note the
following command entry:
-> show macrocode
The correct syntax is “show microcode”. To change the spelling in this entry, use the Left Arrow key to
place the cursor between the “m” and the “a”.
-> show m|acrocode
Use the Delete key to remove the “a” and type “i”.
-> show microcode
Press Enter to execute the command.
Using the CLI CLI Services
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 6-12
Recalling the Previous Command Line
To recall the last command executed by the switch, press either the Up Arrow key or the !! (bang, bang)
command at the prompt and the previous command is displayed on your screen. You can execute the
command again by pressing Enter or you can edit it first by deleting or inserting characters.
In the following example, the ls command is used to list the contents of the /flash/switch directory of the
switch.
-> ls
Listing Directory /flash/switch:
drw 2048 Jan 1 1980 ./
drw 2048 Jan 3 19:23 ../
-rw 308 Jan 1 1980 banner_default.txt
9850880 bytes free
->
To enter this same command again, use the Up Arrow key. The ls command appears at the prompt. To
issue the ls command, press Enter.
-> ls
The Up Arrow key and the !! (bang, bang) command displays the last command line entered even if the
command was rejected by the switch.
For more details on using the !! command, refer to “Command History” on page 6-15.
Inserting Characters
To insert a character between characters already typed, use the Left and Right Arrow keys to place the
cursor into position, then type the new character. Once the command is correct, execute it by pressing
Enter. In the following example, the user enters the wrong syntax to execute the
show microcode
command. The result is an error message.
-> show microcode
ERROR: flash: no such directory
To correct the syntax without retyping the entire command line, use the !! command to recall the previous
syntax. Then, use the Left Arrow key to position the cursor between the “r” and the “c” characters. To
insert the missing character, type “o”.
-> !!
-> show microcode
To execute the corrected command, press Enter.
CLI Services Using the CLI
page 6-13 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Syntax Checking
If you make a mistake while entering command syntax, the CLI gives you clues about how to correct your
error. Whenever you enter an invalid command, two indicators are displayed.
• The Error message tells you what the error is.
• The caret (^) character tells you where the error is in your syntax.
The following example of the syntax checking feature shows an attempt to set IP routing. If you enter the
command set ip routing, the following is displayed:
-> set ip routing enable
^
ERROR: Invalid entry: "set"
The set ip routing command is not valid so the CLI error message states what the problem is (Invalid
entry) and the carat indicates where the problem is located in the syntax. Here, the problem is with the
“set” keyword so the carat is located under “set”. The error message states the nature of the problem—that
“set” is an invalid entry. To enable IP routing, find another command keyword because set is not valid.
Prefix Recognition
Prefix Recognition is a CLI feature that reduces redundant command line entry by storing prefix
information for certain network commands.
When you configure network services, you might have to enter the same command prefix multiple times.
Entering the same prefix multiple times can be cumbersome and prone to error. The prefix recognition
feature addresses the problem of redundant command entry by allowing the CLI to store commonly used
prefix information. This prefix information stored by the switch then becomes part of the next CLI
command entered.
The following command families support the prefix recognition feature:
• AAA
• Interface
• Link Aggregation
• QOS
• Spanning Tree
• VLAN Management
When certain commands are entered from one of these families, the CLI retains the prefix information in a
memory buffer. Then, if a valid related command is entered next, the CLI assumes the stored prefix is part
of the next command. In this case, you are only required to enter the suffix information for the next
command.
Using the CLI CLI Services
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 6-14
Example for Using Prefix Recognition
This example shows how the Prefix Recognition feature is used for entering multiple commands that have
the same prefix. This table lists the tasks to be accomplished in this example and the CLI syntax required
for each task.
To create VLAN 501 and configure its attributes using the CLI commands, you could enter the vlan 501
prefix three times. However, VLAN commands support the prefix recognition capability so redundant
entry of this prefix is not necessary.
For example, when you enter
-> vlan 501 enable
The CLI automatically stores the prefix vlan 501. Now, if you enter a related command for the same
VLAN, you are only required to enter suffix information. In this case, you can enter the commands to
accomplish tasks 2, and 3 as follows:
-> stp enable
-> authentication enable
Prefix information is remembered by the CLI until you enter a command with a new prefix.
Note. If you want to create or configure another VLAN, reenter the full command prefix, including the
new VLAN ID.
Show Prefix
You can view the current prefix by issuing the show prefix command. If you issue this command when
the prefix stored by the CLI is vlan 501, the following is displayed:
-> show prefix
Current prefix: vlan 501
If you issue the show prefix command when there is no prefix stored by the CLI, a “no prefix” message is
displayed.
Task CLI Syntax
1. Create a VLAN with an identification number of 501. vlan 501 enable
2. Enable the spanning tree protocol for VLAN 501. vlan 501 stp enable
3. Enable authentication for VLAN 501. vlan 501 authentication enable
CLI Services Using the CLI
page 6-15 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Prefix Prompt
You can set the CLI so that your screen prompt displays the stored prefix. To display the stored prefix as
part of the screen prompt for the VLAN example above, enter the
prompt prefix CLI command as
follows:
-> prompt prefix
The following is displayed:
-> vlan 501
Your screen prompt includes your stored prefix until a new prompt is specified. To set the prompt back to
the arrow (->) enter the
prompt string -> (prompt string arrow) syntax as follows:
-> vlan 501 prompt string ->
->
The arrow displays to indicate that your prompt has changed back to the default.
For more general information about changing the prompt, refer to “Changing the CLI Prompt” on
page 6-19.
Command History
The history command allows you to view commands you have recently issued to the switch. The switch
has a history buffer that stores up to 30 of the most recently executed commands.
Note. The command history feature differs from the command logging feature in that command logging
stores up to 100 of the most recent commands in a separate command.log file. Also, the command logging
feature includes additional information, such as full command syntax, login user name, entry date and
time, session IP address, and entry results. For more information on command logging, refer to
“Logging
CLI Commands and Entry Results” on page 6-17.
You can display the commands in a numbered list by using the show history command. The following is a
sample list:
-> show history
1 show cmm
2 show fan
3 show sensor
4 show temp
5 show arp
6 clear arp
7 show ip config
8 ip helper max hops 5
9 ip bgp pn
10 show ip bgp
11 show history
In the example above, the show history command is listed last because it is the command that was
executed most recently.
Using the CLI CLI Services
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 6-16
You can recall commands shown in the history list by using the exclamation point character (!) also called
“bang”. To recall the command shown in the history list at number 4, enter !4 (bang, 4). The CLI responds
by printing the number four command at the prompt. Using the history list of commands above, the
following would display:
-> !4
-> show temp
You can recall the last command in the history list by issuing the !! (bang bang) syntax. The CLI responds
by printing the last command in the history list (show history) at the prompt as shown here.
-> !!
-> show history
Note. When you use !n or !! to recall a command in the history list, press the Enter key to execute the
command.
You can configure the number of history commands saved by the switch for display by the show history
command. The range for the
history size value is 1 to 30. To view the history parameters, use the
show history parameters command.
-> history size 30
-> show history parameters
History size: 30
CurrentSize: 10
Index Range: 1-10
The values in this display are defined here:
• History Size: The number of commands the switch will save for display by the show history
command.
• Current Size: The number of commands currently saved by the switch, ready for display by the
show history command.
• Index Range: This value indicates the index range of the commands for this CLI session currently
stored in the history buffer.
In the above example, the switch is set to display 30 commands. However, when the show history
parameters command was issued, only ten commands had yet been issued. Since only ten commands had
been issued during the current login session, the index range shows 1 to 10. This is because the commands
in the buffer are the first through the tenth commands issued during the current login session.
Note. The Partial Keyword Completion feature described on page 6-6 works within the CLI history buffer.
Logging CLI Commands and Entry Results Using the CLI
page 6-17 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Logging CLI Commands and Entry Results
The switch provides command logging through the command-log command. This feature allows users to
record up to 100 of the most recent commands entered through Telnet, Secure Shell, and console sessions.
In addition to a list of commands entered, the results of each command entry are recorded. Results include
information such as whether a command was executed successfully, or whether a syntax or configuration
error occurred.
Note. The command history feature differs from the command logging feature in that command history
buffers up to 30 of the most recent commands. The command information is not written to a separate log
file. Also, the command history feature includes only general keyword syntax (that is, it does not record
full syntax, date and time, session IP address, and entry results). For more information on command
history, refer to page 6-15.
Refer to the sections below for more information on configuring and using CLI command logging. For
detailed information related to command logging commands, refer to the OmniSwitch AOS Release 6 CLI
Reference Guide.
Enabling Command Logging
By default, command logging is disabled. To enable command logging on the switch, enter the following
command:
-> command-log enable
When command logging is enabled through the command-log enable syntax, a file called command.log
is automatically created in the flash directory of the switch. Once enabled, configuration commands
entered on the command line are recorded to this file until command logging is disabled.
The command.log file has a 66402-byte capacity. This capacity allows up to 100 of the most recent
commands to be recorded. Because all CLI command logging information is archived to the command.log
file, command history information is lost if the file is deleted.
Note. The command.log file cannot be deleted while the command logging feature is enabled. Before
attempting to remove the file, be sure to disable command logging. To disable command logging, refer to
the information below.
Disabling Command Logging
To disable the command logging, simply enter the following command:
-> command-log disable
Disabling command logging does not automatically remove the command.log file from the flash
directory. All commands logged before the command-log disable syntax was entered remains available
for viewing. For information on viewing logged commands, along with the command entry results, refer to
“Viewing Logged CLI Commands and Command Entry Results” on page 6-18.
Using the CLI Logging CLI Commands and Entry Results
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 6-18
Viewing the Current Command Logging Status
As mentioned above, the command logging feature is disabled by default. To view whether the feature is
currently enabled or disabled on the switch, use the
show command-log status command. For example:
-> show command-log status
CLI command logging: Enable
In this case, the feature has been enabled by the user through the command-log command. For more
information on enabling and disabling command logging, refer to the sections above.
Viewing Logged CLI Commands and Command Entry Results
To view a list of logged commands, along with the corresponding information (including entry results),
enter the
show ssh config command. For example:
-> show command-log
Command : ip interface vlan-68 address 168.14.12.120 vlan 68
UserName : admin
Date : MON APR 28 01:42:24
Ip Addr : 128.251.19.240
Result : SUCCESS
Command : ip interface vlan-68 address 172.22.2.13 vlan 68
UserName : admin
Date : MON APR 28 01:41:51
Ip Addr : 128.251.19.240
Result : ERROR: Ip Address must not belong to IP VLAN 67 subnet
Command : ip interface vlan-67 address 172.22.2.12 vlan 67
UserName : admin
Date : MON APR 28 01:41:35
Ip Addr : 128.251.19.240
Result : SUCCESS
Command : command-log enable
UserName : admin
Date : MON APR 28 01:40:55
Ip Addr : 128.251.19.240
Result : SUCCESS
The show command-log command lists up to 100 CLI commands in descending order. In other words,
the most recent commands are listed first. In the example above, the command-log enable syntax is the
least recent command logged; the ip interface vlan-68 address 168.14.12.120 vlan 68 syntax is the most
recent.
• Command. Shows the exact syntax of the command, as entered by the user.
• UserName. Shows the name of the user session that entered the command. For more information on
different user session names, refer to Chapter 9, “Managing Switch User Accounts.”
• Date. Shows the date and time, down to the second, when the command was originally entered.
• IP Addr. The IP address of the terminal from which the command was entered.
• Result. The outcome of the command entry. If a command was entered successfully, the syntax
SUCCESS displays in the Result field. If a syntax or configuration error occurred at the time a
command was entered, details of the error display. For example:
Result : ERROR: Ip Address must not belong to IP VLAN 67 subnet
Customizing the Screen Display Using the CLI
page 6-19 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Customizing the Screen Display
The CLI has several commands that allow you to customize the way switch information is displayed to
your screen. You can make the screen display smaller or larger. You can also adjust the size of the table
displays and the number of lines shown on the screen.
Note. Screen display examples in this chapter assume the use of a VT-100/ASCII emulator.
Changing the Screen Size
Specify the size of the display shown on your terminal screen by using the tty command. This command is
useful when you have a small display screen or you want to limit the number of lines scrolled to the screen
at one time. For example, to limit the number of lines to 10 and the number of columns to 150, enter the
following:
-> tty 10 150
The first number entered after tty defines the number of lines on the screen. It must be a number between
10 and 150. The second number after tty defines the number of columns on the screen. It must be a
number between 20 and 150. View the current setting for your screen by using the
show tty command.
Changing the CLI Prompt
You can change the system prompt that displays on the screen when you are logged in to the switch. The
default prompt consists of a dash, greater-than (
->) text string. To change the text string that defines the
prompt from -> to ##=> use the session prompt default command as follows:
->
-> session prompt default ##=>
##=>
The switch displays the new prompt string after the command is entered.
Several building blocks are provided that can automatically display system information along with the
prompt string. You can set a switch to display any combination of the current username, system time,
system date, and system prefix along with the prompt string. The following command defines the prefix to
display the system time and date along with the prompt string defined in the above example:
-> prompt time date string ##=>
01:31:01 04/29/02##=>
For an example of using a stored prefix as part of the prompt, refer to “Prefix Prompt” on page 6-15.
Using the CLI Customizing the Screen Display
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 6-20
Setting Session Prompt as System Name
CLI prompt can be configured as the current system name of the switch. By default, the system name is
set to ‘VxTarget’. This can be configured using the command session prompt default system-name.
Every time the system name is modified, the prompt also gets modified. The new prompt takes effect after
relogging to a new session.
Note. System name is configured for the switch using the CLI command system name. The system name
can also be dynamically obtained from the DHCP server (DHCP Option-12). The user-defined system
name configuration (through CLI, WebView, SNMP) gets priority over the DHCP server values.
For more information on the session prompt default command, refer to the OmniSwitch AOS Release 6
CLI Reference Guide.
Displaying Table Information
The amount of information displayed on your console screen can be extensive, especially for certain show
commands. By default, the CLI immediately scrolls all information to the screen. The more mode can be
used to limit the number of lines displayed to your screen. To use the more mode requires two steps as
follows:
• Specify the number of lines displayed while in the more mode.
• Enter the more mode.
The more size command specifies the number of lines displayed to the screen while in the more mode.
The following syntax sets the switch to display six lines of data to the screen while in the CLI is in more
mode.
-> more size 6
The following command enables the more feature.
-> more
After these commands are executed, the CLI displays no more than six lines to the screen at a time
followed by the More? prompt. The following is a sample display.
-> show snmp mib family
MIP ID MIB TABLE NAME FAMILY
-------+----------------------------------------+---------------------
6145 esmConfTrap NO SNMP ACCESS
6146 alcetherStatsTable interface
6147 esmConfTable interface
More? [next screen <sp>, next line <cr>, filter pattern </>, quit <q>]
At the More? prompt, you are given a list of options. The output formats are described here:
<sp> Press <sp> (space bar) to display the next page of information.
<cr> Press <cr> (character return) to display the next line of information
/ Press / to enter the filter mode. (See “Filtering Table Information” on page 6-21.)
<q> Press the character “q” to exit More? and return you to the system prompt.
Customizing the Screen Display Using the CLI
page 6-21 OmniSwitch AOS Release 6 Switch Management Guide December 2017
To exit the more mode, use the no more CLI command.
Note. The value set with the more size command applies to the screen display when the CLI is in the more
mode or when you are using the Vi text editor of the switch.
Filtering Table Information
The CLI allows you to define filters for displaying table information. This is useful in cases where a vast
amount of display data exists but you are interested in only a small subset of that data. Commands
showing routing tables are a good example to filter information. You can specify a filter that identifies the
data that are relevant to your search. The switch then displays the information you identified. This saves
you the trouble of scanning long lists of data unnecessarily.
The filter mode filters unwanted information from a CLI table by displaying only those lines containing a
specified text pattern (up to 80 characters). Once the filter command has been executed, the filter mode
remains active until you reach the end of the CLI table or until you exit the table by using the q command.
The filter command is case sensitive. When using the slash (/) command, type the text exactly as it would
appear in the CLI table.
For additional information about filtering, refer to “Using a Wildcard to Filter Table Information” on
page 6-25.
Using the CLI Multiple User Sessions
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 6-22
Multiple User Sessions
Several CLI commands give you information about user sessions that are currently operating on the
OmniSwitch, including your own session. These commands allow you to list the number and types of
sessions that are currently running on the switch. You can also terminate another session, provided you
have administrative privileges.
Listing Other User Sessions
The who command displays all users currently logged into the OmniSwitch. The following example
shows use of the who command and a resulting display:
-> who
Session number = 0
User name = (at login),
Access type = console,
Access port = Local,
IP address = 0.0.0.0,
Read-only rights = 0x00000000 0x00000000,
Read-Write rights = 0x00000000 0x00000000,
Read-only domains = None,
Read-only families = ,
Read-Write domains = None,
Read-Write families = ,
Session number = 1
User name = admin,
Access type = http,
Access port = NS,
IP address = 123.251.12.51,
Read-only rights = 0x00000000 0x00000000,
Read-Write rights = 0xffffffff 0xffffffff,
Read-only domains = None,
Read-only families = ,
Read-Write domains = All ,
Read-Write families = ,
Session number = 3
User name = admin,
Access type = telnet,
Access port = NI,
IP address = 123.251.12.61,
Read-only rights = 0x00000000 0x00000000,
Read-Write rights = 0xffffffff 0xffffffff,
Read-only domains = None,
Read-only families = ,
Read-Write domains = All ,
Read-Write families = ,
The above display indicates that three sessions are currently active on the OmniSwitch. Session number 0
always shows the console port whenever that port is active and logged in. The other sessions are identi
-
fied by session number, user name, the type of access, port type, IP address, and user privileges. The
output definitions are defined in the table on
page 6-23.
Multiple User Sessions Using the CLI
page 6-23 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Listing Your Current Login Session
To list information about your current login session, use the who command and identify your login by
your IP address or enter the whoami command. The following is displayed:
-> whoami
Session number = 4
User name = admin,
Access type = telnet,
Access port = NI,
IP address = 148.211.11.02,
Read-only domains = None,
Read-only families = ,
Read-Write domains = All ,
Read-Write families = ,
End-User profile =
This display indicates that the user is currently logged in as session number 4, under the user name
“admin,” using a Telnet interface, from the IP address of 148.211.11.02.
Session Number The session number assigned to the user.
User name User name.
Access type Type of access protocol used to connect to the switch.
Access port Switch port used for access during this session.
Ip Address User IP address.
Read-only domains The command domains available with the read-only access of the user.
See the table beginning on
page 6-24 for a listing of valid domains.
Read-only families The command families available with the read-only access of the user.
See the table beginning on
page 6-24 for a listing of valid families.
Read-Write domains The command domains available with the read-write access of the user.
See the table beginning on
page 6-24 for a listing of valid domains.
Read-Write families The command families available with the read-write access of the user.
See the table beginning on
page 6-24 for a listing of valid families.
Using the CLI Multiple User Sessions
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 6-24
Possible values for command domains and families are listed here:
Terminating Another Session
If you are logged in with administrative privileges you can terminate the session of another user by using
the kill command. The following command terminates the login session number 4.
-> kill 4
The command syntax requires you to specify the number of the session you want to kill. You can use the
who command for a list of all current user sessions and their numbers. The kill command takes effect
immediately.
domain families
domain-admin file telnet debug
domain-system system aip snmp rmon webmgt config
domain-physical chassis module interface pmm health
domain-network ip rip ip-routing ipmr ipms rdp ipv6
domain-layer2 vlan bridge stp 802.1q linkagg ip-helper
domain-service dns
domain-policy qos policy slb
domain-security session aaa
Using the CLI Application Example
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 6-25
Application Example
Using a Wildcard to Filter Table Information
The wildcard character allows you to substitute the asterisk (*) character for text patterns while using the
filter mode.
Note. Type the wildcard character in front of and after the filter text pattern unless the text pattern appears
alone on a table row.
In this example, the show snmp mib family command is used because it displays a long table of MIB
information. This example uses the filter option to display only those lines containing the “vlan” character
pattern.
1 Use the more command to set the number of displayed lines to 10 and to enable the more mode.
-> more size 10
-> more
To verify your settings, enter the following:
-> show more
The more feature is enabled and the number of line is set to 10
2 Enter the show snmp mib family command. Ten lines of information are displayed. The switch is now
in the More? mode as indicated at the bottom of the screen.
-> show snmp mib family
MIP ID MIB TABLE NAME FAMILY
-------+----------------------------------------+---------------------
6145 esmConfTrap NO SNMP ACCESS
6146 alcetherStatsTable interface
6147 esmConfTable interface
6148 ifJackTable interface
7169 dot1qPortVlanTable 802.1Q
7170 qAggregateVlanTable 802.1Q
7171 qPortVlanTable 802.1Q
More? [next screen <sp>, next line <cr>, filter pattern </>, quit <q>]
3 Type the filter pattern “/” command and the following message automatically appears.
Enter filter pattern:
Enter the desired text pattern, in this case “*vlan*”, at the prompt. Remember to type the text exactly as it
would appear in the CLI table and to type the asterisk (*) character before and after the text. The More?
mode prompt automatically re-appears.
Enter filter pattern: *vlan*
More? [next screen <sp>*, next line <cr>*, filter pattern </>*, quit <q>]
Using the CLI Application Example
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 6-26
4 Press the spacebar <sp> key to execute the filter option. The following is displayed.
Enter filter pattern: *vlan*
8193 dot1qBase vlan
8194 dot1qVlan vlan
8195 dot1qVlanCurrentTable vlan
8196 dot1qVlanStaticTable vlan
8197 vlanMgrVlanSet vlan
8198 vlanTable vlan
8199 vpaTable vlan
9217 vCustomRuleTable vlan
9218 vDhcpGenericRuleTable vlan
9219 vDhcpMacRuleTable vlan
More? [next screen <sp>*, next line <cr>*, filter pattern </>*, quit <q>]
The screen displays ten table rows, each of which contain the text pattern “vlan”. Alcatel-Lucent CLI uses
a single level command hierarchy. (The screen rows shown above and below the table are not counted as
part of the 10 rows.) If you want to display the rows one line at a time, press Enter instead of the space bar
key. To exit the table, type the “q” character and the CLI exits the
more mode and return you to the
system prompt.
Using the CLI Verifying CLI Usage
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 6-27
Verifying CLI Usage
To display information about CLI commands and the configuration status of your switch, use the show
commands listed here:
For more information about the resulting displays from these commands, see the OmniSwitch AOS
Release 6 CLI Reference Guide. Additional information can also be found in
“Using “Show” Commands”
on page 6-5.
show session config Displays session manager configuration information (for example,
default prompt, banner file name, inactivity timer, login timer, login
attempts, and CLI console shell status).
show alias Lists all current commands defined by the use of the alias CLI
command.
show prefix Shows the command prefix (if any) currently stored by the CLI. Prefixes
are stored for command families that support the prefix recognition
feature.
show history Displays commands you have recently issued to the switch. The
commands are displayed in a numbered list.
show more Shows the enable status of the more mode along with the number of
lines specified for the screen display.
Verifying CLI Usage Using the CLI
page 6-28 OmniSwitch AOS Release 6 Switch Management Guide December 2017
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 7-1
7 Working With
Configuration Files
Commands and settings needed for the OmniSwitch can be contained in an ASCII-based configuration
text file. Configuration files can be created in several ways and are useful in network environments where
multiple switches must be managed and monitored.
This chapter describes how configuration files are created, how they are applied to the switch, and how
they can be used to enhance OmniSwitch usability.
In This Chapter
Configuration procedures described in this chapter include:
• “Tutorial for Creating a Configuration File” on page 7-2
• “Applying Configuration Files to the Switch” on page 7-6
• “Configuration File Error Reporting” on page 7-7
• “Text Editing on the Switch” on page 7-9
• “Creating Snapshot Configuration Files” on page 7-10
Configuration File Specifications Working With Configuration Files
page 7-2 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Configuration File Specifications
The following table lists specifications applicable to Configuration Files.
Tutorial for Creating a Configuration File
This example creates a configuration file that includes CLI commands to configure the DHCP Relay appli-
cation on the switch. For this example, the forward delay value is set to 15 seconds, the maximum number
of hops is set to 3 and the IP address of the DHCP server is 128.251.16.52.
This tutorial shows you how to accomplish the following tasks:
1 Create a configuration text file containing CLI commands needed to configure DHCP Relay applica-
tion.
This example used MS Notepad to create a text file on a PC workstation. The text file named dhcp_re-
lay.txt contains three CLI commands needed to configure the forward delay value to 15 seconds and the
maximum number of hops to 3. The IP address of the DHCP server is 128.251.16.52.
ip helper address 128.251.16.52
ip helper forward delay 15
ip helper maximum hops 3
2 Transfer the configuration file to the switch’s file system.
To transfer the configuration file to the switch, use an FTP transfer method. For more information about
transferring files onto the switch see
Chapter 1, “Managing System Files.”
3 Apply the configuration file to the switch by using the configuration apply command as shown here:
-> configuration apply dhcp_relay.txt
File configuration <dhcp_relay.txt>: completed with no errors
Creation Methods for
Configuration Files
• Create a text file on a word processor and upload it to the switch.
• Invoke the switch’s snapshot feature to create a text file.
• Create a text file using one of the switch’s text editors.
Timer Functions Files can be applied immediately or by setting a timer on the switch.
Command Capture Feature Snapshot feature captures switch configurations in a text file.
Error Reporting Snapshot feature includes error reporting in the text file.
Text Editing on the Switch Vi standard UNIX editor. The Ed standard UNIX editor is available in
the debug mode.
Working With Configuration Files Tutorial for Creating a Configuration File
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 7-3
4 Use the show configuration status command to verify that the dhcp_relay.txt configuration file was
applied to the switch. The display is similar to the one shown here:
-> show configuration status
File configuration <dhcp_relay.txt>: completed with no errors
File configuration: none scheduled
Running configuration and saved configuration are different
Note. If the configuration file applied with the configuration apply command results in no changes to the
saved configuration, the message will state that the running configuration and saved configuration are
identical. To synchronize the running configuration and the saved configuration, use the
write memory
command.
For more information about these displays, refer to the OmniSwitch AOS Release 6 CLI Reference Guide.
5 Use a the show ip helper command to verify that the DHCP Relay parameters defined in the configu-
ration files were actually implemented on the switch. The display is similar to the one shown here:
-> show ip helper
Forward Delay (seconds) = 15
Max number of hops = 3
Forwarding option = standard
Forwarding Address:
128.251.16.52
These results confirm that the commands specified in the file dhcp_relay.txt configuration file were
successfully applied to the switch.
Quick Steps for Applying Configuration Files Working With Configuration Files
page 7-4 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Quick Steps for Applying Configuration Files
Setting a File for Immediate Application
In this example, the configuration file configfile_1 exists on the switch in the /flash directory. When these
steps are followed, the file will be immediately applied to the switch.
1 Verify that there are no timer sessions pending on the switch.
-> show configuration status
File configuration: none scheduled
2 Apply the file by executing the configuration apply command, followed by the path and file name. If
the configuration file is accepted with no errors, the CLI responds with a system prompt.
-> configuration apply /flash/configfile_1.txt
->
Note. Optional. You can specify verbose mode when applying a configuration file to the switch. When the
keyword verbose is specified in the command line, all syntax contained in the configuration file is printed
to the console. (When verbose is not specified in the command line, cursory information—number of
errors and error log file name—will be printed to the console only if a syntax or configuration error is
detected.)
To verify that the file was applied, enter the show configuration status command. The display is similar
to the one shown here.
-> show configuration status
File configuration </flash/configfile_1.txt>: completed with 0 errors
For more information about this display, see “Configuration File Manager Commands” in the OmniSwitch
AOS Release 6 CLI Reference Guide.
Setting an Application Session for a Date and Time
You can set a timed session to apply a configuration file at a specific date and time in the future. The
following example applies the bncom_cfg.txt file at 9:00 a.m. on July 4 of the current year.
1 Verify that there are no current timer sessions pending on the switch.
-> show configuration status
File configuration: none scheduled
2 Apply the file by executing the configuration apply using the at keyword with the relevant date and
time.
-> configuration apply bncom_cfg.txt at 09:00 04 july
Working With Configuration Files Quick Steps for Applying Configuration Files
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 7-5
Note. Optional. To verify that the switch received this configuration apply request, enter the
show configuration status command. The display is similar to the one shown here.
-> show configuration status
File configuration </flash/working/bncom_cfg.txt>: scheduled at 07/04/02 09:00
For more information about this display see “Configuration File Manager Commands” in the OmniSwitch
AOS Release 6 CLI Reference Guide.
Setting an Application Session for a Specified Time Period
You can set a future timed session to apply a configuration file after a specified period of time has elapsed.
In the following example, the amzncom_cfg.txt will be applied after 6 hours and 15 minutes have
elapsed.
1 Verify that there are no current timer sessions pending on the switch.
-> show configuration status
File configuration: none scheduled
2 Apply the file by executing the configuration apply command using the in keyword with the relevant
time frame specified.
-> configuration apply amzncom_cfg.txt in 6:15
Note. Optional. To verify that the switch received this configuration apply request, enter the
show configuration status command. The display is similar to the one shown here.
-> show configuration status
File configuration </flash/working/amzncom_cfg.txt>: scheduled at 03/07/02 05:02
The “scheduled at” date and time show when the file will be applied. This value is 6 hours and 15 minutes
from the date and time the command was issued.
For more information about this display see “Configuration File Manager Commands” in the OmniSwitch
AOS Release 6 CLI Reference Guide.
Configuration Files Overview Working With Configuration Files
page 7-6 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Configuration Files Overview
Instead of using CLI commands entered at a workstation, you can configure the switch using an ASCII-
based text file. You may type CLI commands directly into a text document to create a configuration file
that will reside in your switch’s /flash directory. Configuration files are created in the following ways:
• You may create, edit, and view a file using a standard text editor (such as MS WordPad or Notepad) on
a workstation. The file can then be uploaded to the switch’s /flash file directory.
• You can invoke the switch’s CLI configuration snapshot command to capture the switch’s current
configuration into a text file. This causes a configuration file to be created in the switch’s /flash direc-
tory.
• You can use the switch’s text editor to create or edit a configuration file located in the switch’s /flash
file directory.
Applying Configuration Files to the Switch
Once you have a configuration file located in the switch’s file system you must load the file into running
memory to make it run on the switch. You do this by using
configuration apply command.
You may apply configuration files to the switch immediately, or you can specify a timer session. In a timer
session, you schedule a file to be applied in the future at a specific date and time or after a specific period
of time has passed (like a countdown). Timer sessions are very useful for certain management tasks, espe
-
cially synchronized batch updates.
• For information on applying a file immediately, refer to “Setting a File for Immediate Application” on
page 7-4.
• For information on applying a file at a specified date and time, refer to “Setting an Application Session
for a Date and Time” on page 7-4.
• For information on applying a file after a specified period of time has elapsed, refer to “Setting an
Application Session for a Specified Time Period” on page 7-5.
Verifying a Timed Session
To verify that a timed session is running, use the show configuration status command. The following
displays where the timed session was set using the configuration apply qos_pol at 11:30 october 31
syntax.
-> show configuration status
File configuration <qos_pol>: scheduled at 01/10/31 11:30
Note. Only one session at a time can be scheduled on the switch. If two sessions are set, the last one will
overwrite the first. Before you schedule a timed session you must use the
show configuration status
command to see if another session is already running.
The following displays where the timed session was set on March 10, 2002 at 01:00 using the
configuration apply group_config in 6:10 syntax.
-> show configuration status
File configuration <group_config>: scheduled at 03/10/02 07:10
Working With Configuration Files Configuration Files Overview
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 7-7
Canceling a Timed Session
You may cancel a pending timed session by using the configuration cancel command. To confirm that
your timer session has been canceled, use the show configuration status command. The following will
display.
-> configuration cancel
-> show configuration status
File configuration: none scheduled
For more details about the CLI commands used to apply configuration files or to use timer sessions, refer
to “Configuration File Manager Commands” in the OmniSwitch AOS Release 6 CLI Reference Guide.
Configuration File Error Reporting
If you apply a configuration file to the switch that contains significant errors, the application may not
work. In this case, the switch will indicate the number of errors detected and print the errors into a text file
that will appear in the /flash directory. The following display will result where the cfg_txt file contains
three errors.
-> configuration apply cfg_file
Errors: 3
Log file name: cfg_txt.1.err
In this case, the error message indicates that the application attempt was unsuccessful. It also indicates that
the switch wrote log messages into a file named cfg_txt.1.err, which now appears in your /flash direc
-
tory. To view the contents of a generated error file, use the view command. For example, view
cfg_txt.1.err.
Note. The keyword, authkey, along with a related alpha-numeric text string, are automatically included in
many snapshot files (e.g., configuration snapshot all). The text string following the authkey keyword
represents a login password that has been encrypted twice. (The first encryption occurs when a password
is first created by a user; the second encryption occurs when a configuration snapshot is taken.) This dual
encryption further enhances switch security. However, it is important to note that any configuration file
(including a generated snapshot) that includes this dual-encrypted password information will result in an
error whenever it is applied to the switch via the configuration apply command. This is a valid switch
function and does not represent a significant problem. If an authkey-related error is the only error
detected, simply remove all authkey-related syntax using a text editor. If a new password is required for
the switch, include valid password syntax in the configuration file or immediately issue a new password
using the
password command at the command prompt.
For more information on configuration snapshots, refer to “Creating Snapshot Configuration Files” on
page 7-10. For more information on passwords, refer to “User-Configured Password” on page 9-13.
Note. When you enter a command using debug set or debug show keyword syntax, the switch writes the
command output to a separate file that also ends with the .err extension. This does not mean that a config
-
uration apply error has occurred; it is merely the switch’s standard method for displaying debug set or
debug show command output.
Configuration Files Overview Working With Configuration Files
page 7-8 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Setting the Error File Limit
The number of files ending with the .err extension present in the switch’s /flash directory is set with the
configuration error-file limit command. You can set the switch to allow up to 25 error files in the /flash
directory. Once the error file limit has been reached, the next error file generated will cause the error file
with the oldest time stamp to be deleted. The following command sets the error file limit to 5 files:
-> configuration error-file limit 5
If you need to save files with the .err extension, you can either rename them so they no longer end with
the .err extension or you may move them to another directory.
Note. The default error file limit is one file. Unless you set the error file limit to a higher number, any
subsequent error file will cause any existing error file to be overwritten.
Syntax Checking
The configuration syntax check command is used to detect potential syntax errors contained in a
configuration file before it is applied to the switch. It is recommended that you check all configuration
files for syntax errors before applying them to your switch.
To run a syntax check on a configuration file, use the configuration syntax check command.
For example:
-> configuration syntax check asc.1.snap
Errors: 3
Log file name: check asc.1.snap.1.err
In this example, the proposed asc.1.snap configuration file contains three errors. As with the
configuration apply command, an error file (.err) is automatically generated by the switch whenever
an error is detected. By default, this file is placed in the root /flash directory.
Note. The syntax, mac alloc, is automatically included in many snapshot files (e.g., configuration
snapshot all). All mac alloc-related syntax is valid during switch boot up only (that is, it cannot be
applied while the switch is in run-time operation). Because snapshot files are commonly used as
configuration files, syntax checks may detect mac alloc syntax and issue an error (along with a generated
.err file).
This is a valid switch function and does not represent a significant problem. If a mac alloc-related error is
the only error detected, simply remove the syntax using a text editor, then re-check the file using the
configuration syntax check command.
If a configuration file is located in another directory, be sure to specify the full path. For example:
-> configuration syntax check /flash/working/asc.1.snap
Viewing Generated Error File Contents
For error details, you can view the contents of a generated error file. To view the contents of an error file,
use the more command. For example:
-> more asc.1.snap.1.err
For more information, refer to “Displaying a Text File” on page 7-9.
Working With Configuration Files Configuration Files Overview
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 7-9
Verbose Mode Syntax Checking
When verbose is specified in the command line, all syntax contained in the configuration file is printed to
the console, even if no error is detected. (When verbose is not specified in the command line, cursory
information—number of errors and error log file name—will be printed to the console only if a syntax or
configuration error is detected.)
To specify verbose mode, enter the verbose keyword at the end of the command line. For example:
-> configuration syntax check asc.1.snap verbose
Displaying a Text File
The more command allows you to view a text file one screen at a time. Use this command with the
desired filename. Specifying a path is optional. The following command will display the textfile.rtf text
file located in the /flash/working directory.
-> more /flash/working/textfile.rtf
The switch will display the file text on your terminal screen until the entire screen is full. After that, when
you press Enter, the switch will scroll the file text until it fills up another screen or until the end of the file.
The more mode assumes a screen that is 80 columns wide and 24 lines long.
Text Editing on the Switch
The switch software includes a standard UNIX-type line editor called “Vi”. The Vi editor is available on
most UNIX systems. No attempt is being made to document Vi in this manual because information on it is
freely available on the Internet.
Invoke the “Vi” Editor
You can invoke the Vi editor from the command line. Use the following syntax to view the switchlog.txt
file located in the /flash/working directory:
-> vi /flash/working switchlog.txt
You can invoke the Vi editor in read-only mode by using the following syntax.
-> view
To exit the Vi editor, use the Cap ZZ key sequence.
Creating Snapshot Configuration Files Working With Configuration Files
page 7-10 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Creating Snapshot Configuration Files
You can generate a list of configurations currently running on the switch by using the configuration
snapshot command. A snapshot is a text file that lists commands issued to the switch during the current
login session.
Note. A user must have read and write permission for the configuration family of commands to generate a
snapshot file for those commands. See the “Switch Security” chapter of this manual for further informa
-
tion on permissions to specific command families.
Snapshot Feature List
You can specify the snapshot file so that it will capture the CLI commands for one or more switch features
or for all network features. To generate a snapshot file for all network features, use the following syntax:
-> configuration snapshot all
To generate a snapshot file for specific features, select the appropriate syntax from the following list.
You may enter more than one network feature in the command line. Separate each feature with a space
(and no comma). The following command will generate a snapshot file listing current configurations for
the vlan, qos, and snmp command families.
-> configuration snapshot vlan qos snmp
You can verify that a new snapshot file is created by using the ls command to list all files in the /flash
directory.
Snapshot Keywords
802.1Q ipmr rip
aaa ip-helper ripng
aip interface rdp
all ip-routing session
bridge linkagg snmp
chassis module stp
health ntp system
ip pmm vlan
ipms policy webmgt
ipv6 qos
Working With Configuration Files Creating Snapshot Configuration Files
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 7-11
User-Defined Naming Options
When the snapshot syntax does not include a file name, the snapshot file is created using the default file
name asc.n.snap. Here, the n character holds the place of a number indicating the order in which the
snapshot file name is generated. For example, the following syntax may generate a file named asc.1.snap.
-> configuration snapshot all
Subsequent snapshot files without a name specified in the command syntax will become asc.2.snap,
asc.3.snap, and so on.
The following command produces a snapshot file with the name testfile.snap.
-> configuration snapshot testfile.snap
Editing Snapshot Files
Snapshot files can be viewed, edited and reused as a configuration file. You also have the option of editing
the snapshot file directly using the switch’s Vi text editor or you may upload the snapshot file to a text
editing software application on your workstation.
The snapshot file contains both command lines and comment lines. You can identify the comment lines
because they each begin with the exclamation point (!) character. Comment lines are ignored by the switch
when a snapshot file is being applied. Comment lines are located at the beginning of the snapshot file to
form a sort of header. They also appear intermittently throughout the file to identify switch features or
applications that apply to the commands that follow them.
Creating Snapshot Configuration Files Working With Configuration Files
page 7-12 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Example Snapshot File Text
The following is the text of a sample snapshot file created with the configuration snapshot all command.
!========================================!
! File: asc.1.snap !
!========================================!
! Chassis :
system name FujiCmm
mac alloc 91 0 1 00:d0:95:6b:09:41
! Configuration:
! VLAN :
! VLAN SL:
! IP :
ip service all
icmp unreachable net-unreachable disable
ip interface "vlan-1" address 10.255.211.70 mask 255.255.255.192 vlan 1 mtu 1500
ifindex 1
! IPMS :
! AAA :
aaa authentication default "local"
aaa authentication console "local"
! PARTM :
! 802.1x :
! QOS :
! Policy manager :
! Session manager :
! SNMP :
snmp security no security
snmp community map mode off
! IP route manager :
ip static-route 0.0.0.0 mask 0.0.0.0 gateway 10.255.211.65 metric 1
! RIP :
! IP multicast :
! IPv6 :
! RIPng :
! Health monitor :
! Interface :
! Link Aggregate :
! VLAN AGG:
! 802.1Q :
! Spanning tree :
bridge mode 1x1
! Bridging :
source-learning chassis hardware
! Bridging :
! Port mirroring :
! UDP Relay :
! Server load balance :
! System service :
! Web :
! AMAP :
! GMAP :
! Module :
! Lan Power :
! NTP :
! RDP :
Working With Configuration Files Creating Snapshot Configuration Files
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 7-13
This file shows configuration settings for the Chassis, IP, AAA, SNMP, IP route manager, Spanning tree,
and Bridging services. Each of these services have configuration commands listed under their heading. All
other switch services and applications are either not being using or are using default settings.
Verifying File Configuration Working With Configuration Files
page 7-14 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Verifying File Configuration
You can verify the content and the status of the switch’s configuration files with commands listed in the
following table.
show configuration status Displays whether there is a pending timer session scheduled for a con-
figuration file and indicates whether the running configuration and the
saved configuration files are identical or different. This command also
displays the number of error files that will be held in the flash directory.
show configuration snapshot Generates a snapshot file of the switch’s non-default current running
configuration. A snapshot can be generated for all current network fea
-
tures or for one or more specific network features. A snapshot is a sin-
gle text file that can be viewed, edited, and reused as a configuration
file.
write terminal Displays the switch’s current running configuration for all features.
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 8-1
8 Managing Automatic
Remote Configuration
Download
The Automatic Remote Configuration feature enables:
• The automatic upgrade of firmware and/or configuration of an OmniSwitch without user intervention.
• The automated configuration of the switch on bootup, when the switch is connected to the network for
the first time.
• The automatic download and installation of the critical configuration bootup and image files.
In This Chapter
This chapter describes the Automatic Remote Configuration on OmniSwitch. The sections in this chapter
are:
• “Automatic Remote Configuration Specifications” on page 8-2
• “Automatic Remote Configuration Defaults” on page 8-3
• “Quick Steps for Automatic Remote Configuration” on page 8-4
• “Overview” on page 8-5
• “Interaction With Other Features” on page 8-8
• “Automatic Remote Configuration Download Process” on page 8-9
• “Download Component Files” on page 8-12
• “LACP Auto Detection and Automatic Link Aggregate Association” on page 8-16
• “DHCP Client Auto-Configuration Process” on page 8-17
• “DHCP Server Preference” on page 8-18
• “Nearest-Edge Mode Operation” on page 8-20
• “Zero Touch License Upgrade” on page 8-22
• “Troubleshooting” on page 8-23
For related information on the initial setup of the switch and switch file management, see the OmniSwitch
AOS Release 6350/6450 Hardware Users Guide.
Automatic Remote Configuration Specifications Managing Automatic Remote Configuration Download
page 8-2 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Automatic Remote Configuration Specifications
Platforms Supported OmniSwitch 6350, 6450
DHCP Specifications DHCP Server required
Temporary DHCP Client on VLAN 1 or VLAN 127
(DHCP client on VLAN 127 only works on combo and uplink
ports)
File Servers TFTP
FTP/SFTP
Clients supported TFTP
FTP/SFTP
Instruction file Maximum length of:
• Pathname: 255 characters
• Filename: 63 characters
Maximum length of username
for FTP/SFTP file server.
15 characters
Nearest Edge MAC Address 01:20:da:02:01:73
Feature Supported only on
switch bootup in Remote
Configuration Load Mode (no
boot.cfg file present).
LACP Auto Detection and Link Aggregate
Association (operates only on combo ports and uplink ports).
Unsupported Features:
• ISSU and IPv6 are not supported.
• Upgrade of uboot, miniboot, or FPGA files is not
supported.
Managing Automatic Remote Configuration Download Automatic Remote Configuration Defaults
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 8-3
Automatic Remote Configuration Defaults
Description Default
Management VLAN
Untagged Management VLAN
VLAN 1
DHCP broadcast VLAN
802.1q tagged VLAN
VLAN 127
Default Auto Link Aggregate Creation Between VLAN 1 and VLAN 127
Instruction file Location: TFTP Server
File name: *.alu
(* represents any instruction filename)
Download location: /flash directory
Downloaded as a temporary file.
Configuration file File name: Any name
Location: FTP/SFTP/TFTP Server
Download location: /flash/working directory
Debug configuration file File name: AlcatelDebug.cfg
Location: FTP/SFTP/TFTP Server
Download location: /flash/working directory
Script file File name: Any name
Location: FTP/SFTP/TFTP Server
Download location: /flash/working directory
Firmware version OS_*_*_R01
(*_* represents version number)
Firmware or image files File name extension: *.img
(* represents image filename)
Location: FTP/SFTP/TFTP Server
Download location: /flash/working directory
File download server Primary FTP/SFTP/TFTP Server
Backup server for file download Secondary FTP/SFTP/TFTP Server
Password for FTP/SFTP Server Same as username
Quick Steps for Automatic Remote Configuration Managing Automatic Remote Configuration Download
page 8-4 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Quick Steps for Automatic Remote Configuration
1 Configure the DHCP server in the network to provide IP address, gateway, and TFTP server addresses
to the OmniSwitch DHCP client.
2 Store the instruction file on the TFTP server.
3 Store the configuration, image, and script files on the primary and/or secondary FTP/SFTP servers.
4 When the OmniSwitch is integrated in to the network as a new device with no boot.cfg file in the
working directory, the automatic remote configuration process is initiated.
5 A DHCP client is automatically configured on the OmniSwitch. The OmniSwitch obtains IP address
information, TFTP server address, instruction file name, and location from the DHCP server through the
DHCP client.
6 The OmniSwitch downloads the instruction file from the TFTP server. The instruction file contains the
file names and file locations of the configuration, image, and script files.
7 The OmniSwitch downloads the image files from the FTP/SFTP server if necessary.
8 The OmniSwitch downloads the configuration file from the FTP/SFTP server, if available, and saves it
as the boot.cfg file in the /flash/working/ directory. If no script file is downloaded, the switch reboots
applying the downloaded configuration file and the automatic configuration process is complete.
9 The OmniSwitch downloads the script file, if available, from the FTP/SFTP server and runs the
commands in the script file.
Note.
• If the script file is not specified in the instruction file, or if it is not properly downloaded, then the
Remote Configuration Manager software automatically initiates a reload working no
rollback-timeout command after firmware or bootup configuration files are downloaded.
• If a write memory command is used in the script file, then it overwrites the boot.cfg file. Hence, if the
script file is downloaded along with the bootup configuration file, then the script file must not contain
the write memory command.
• If a boot.cfg is already present in the working directory of the switch, Automatic Remote
Configuration Download does not occur.
Managing Automatic Remote Configuration Download Overview
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 8-5
Overview
The Automatic Remote Configuration feature provides the advantage of automatic download and
installation of critical configuration and image files at initial bootup or when firmware upgrade is required
for the OmniSwitch.
Automatic Remote Configuration download occurs when:
• There is no bootup configuration file (boot.cfg) in the working directory of the switch.
• During a takeover or reboot on the new Primary unit or CMM.
• The initialization process of the switch is complete and the network interfaces or ports are ready.
• There is connectivity with a DHCP server through the default VLAN 1 or through a tagged VLAN 127
from a Management Switch using the Nearest-Edge mode operation.
• There is connectivity with TFTP file server.
The following sections provide more information about the automatic configuration and download
process.
Basic Operation
Automatic remote configuration process is initialized on the OmniSwitch if the boot.cfg file is not found
in the working directory of the switch.
The following illustration shows the basic setup required for Automatic Remote Configuration Download
operation.
Basic Network Components for Automatic Remote Configuration Download
Alcatel-Lucent
OmniSwitch
Network
with Router
or Gateway
Provides Switch IP, TFTP server IP
and instruction file name
DHCP
Server
TFTP Server
Stores the instruction file.
the config
file and firmware.
FTP/SFTP Server
Stores the firmware and
configuration for secure access
VLAN 1
Overview Managing Automatic Remote Configuration Download
page 8-6 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Network Components
The network components required for the Automatic Remote Configuration download process are:
• DHCP server (mandatory)
• TFTP file server (mandatory)
• Primary FTP/SFTP server (mandatory)
• Secondary FTP/SFTP server (optional)
• Management Switch (only required for Nearest-Edge Mode)
Information Provided by DHCP Server
When the network interfaces or ports on the switch are ready, a DHCP client is automatically configured
on any available tagged or untagged VLAN. For details on the DHCP client auto-configuration, see
“DHCP Client Auto-Configuration Process” on page 8-17. The following information is acquired from the
DHCP server, after a connection is established:
• IP address of the Network Gateway or Router.
• TFTP file server address.
• Instruction file name and location.
• Dynamic IP address for the OmniSwitch (valid only for initial bootup process).
Information Provided by Instruction File
The TFTP server address information is received from the DHCP server. The OmniSwitch downloads the
instruction file from the TFTP server. The instruction file provides the following information:
• Firmware version and file location.
• Configuration file name and location.
• Debug configuration file name and location.
• Script file name and location.
• Primary FTP/SFTP file server address / type / username.
• Secondary FTP/SFTP file server address / type / username.
For more details on all the component files downloaded during the automatic remote configuration
download process, see - “Download Component Files” on page 8-12.
Managing Automatic Remote Configuration Download Overview
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 8-7
File Servers and Download Process
The download process from the file servers is as follows:
1 The username required to connect to the FTP/SFTP enabled servers is provided in the instruction file.
The password required to connect to the servers is same as the username.
2 The required files mentioned in the instruction file are downloaded from the primary FTP/SFTP file
server.
3 If the configuration, debug and script file names are specified in the instruction file, then they are
downloaded to the /flash/working directory of the switch.
4 The Remote Configuration Manager now compares the current firmware version on the switch to the
one mentioned in the instruction file. If the firmware version is different, then firmware upgrade is
performed.
5 The new firmware or image files are downloaded to the working directory of the switch.
Note. If the primary server is down or if there is any failure in downloading the files from the primary file
server, then a connection is established with the secondary file server. The secondary file server is used for
file download.
6 All the required files are downloaded.
Note. If a specific filename (for firmware and configuration/debug/script files) is not found, an error is
logged. The download process continues with the next available file. File transfer is tried three times and
if file transfer still fails, an error is logged, and download process is stopped. In such instances, the
working folder of the switch will contain an incomplete set of image files, configuration, debug, or script
files. For details on troubleshooting under such instances, see - “Troubleshooting” on page 8-23
7 Now, the DHCP client configured on the related VLAN is removed.
8 The script file is downloaded and the commands in the script file are run. All the commands in the
script file are implemented on the switch in the order specified.
For other detailed steps that are part of the automatic remote configuration download process, see
“Automatic Remote Configuration Download Process” on page 8-9
LED Status
The LED status during different stages of the Automatic Remote Configuration download process is as
follows:
• DHCP phase: OK LED is flashing green
• DHCP lease obtained: OK LED is solid green
• DHCP phase stopped by console login: OK LED is solid green.
Interaction With Other Features Managing Automatic Remote Configuration Download
page 8-8 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Interaction With Other Features
This section contains important information about how other OmniSwitch features interact with
Automatic Remote Configuration. Refer to the specific sections if required, to get detailed
information about the feature interaction process.
UDP/DHCP Relay
Interaction with UDP/DHCP Relay is required for the following processes, to support Automatic Remote
Configuration:
• All the DHCP responses from the DHCP server are processed. The IP address, mask, and gateway
details are processed
• To acquire Option (66) and Option(67) information - the TFTP Server name and Boot file name
are retrieved.
For details on DHCP interaction see the section “DHCP Client Auto-Configuration Process” on page 8-17
QoS
Interaction with QoS is required for the following processes, to support Auto Remote Configuration:
• Policy control lists (PCLs) are created to trap LLDP packets.
• PCLs are deleted after the required processing for Nearest-Edge Mode operation.
802.1Q
For 802.1Q tagging is applied interaction is required for Nearest Edge Mode operation
LLDP
In Nearest-Edge Mode operation LLDP packets carry and provide the advertised VLAN ID to the Access
OmniSwitches running Auto Remote Configuration download.
Dynamic Link Aggregation (LACP)
Interaction with LACP is required for the following processes, to support Automatic Remote
Configuration:
• To detect LACP PDU from the peer device on combo/uplink ports
• To enable the auto link aggregate creation after receiving LACP message
• The link aggregate is associated as a tagged member of VLAN 127 and VLAN 1.
• On completion of the Automatic Download and configuration process, the automatic link aggregate is
disabled and all port associations are deleted.
Managing Automatic Remote Configuration Download Automatic Remote Configuration Download Process
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 8-9
Automatic Remote Configuration Download
Process
The automatic remote configuration process is initialized when an OmniSwitch is integrated in to the
network as a new device or when a firmware and configuration upgrade is required.
If the automatic configuration download process is not performed completely on the switch, manual
intervention is required. For details on troubleshooting techniques under such instances, see
“Troubleshooting” on page 8-23
The detailed process of Automatic Remote Configuration Download performed on the OmniSwitch is as
follows:
1 When the switch is integrated in to the network as a new device with no boot.cfg file, then Automatic
Remote Configuration is performed on the switch.
2 The Remote Configuration Manager on OmniSwitch configures a link aggregate automatically when a
LACP PDU is detected on combo or uplink ports on the switch during Automatic Remote Configuration.
For details, see the following section
“LACP Auto Detection and Automatic Link Aggregate Association”
on page 8-16
3 A DHCP client is automatically configured first on the default VLAN at switch boot up. OmniSwitch
then uses different methods of DHCP client configuration until connection to a DHCP Server is obtained.
For details, see the following section
“DHCP Client Auto-Configuration Process” on page 8-17
4 The DHCP client looks for the OXO DHCP server response to provide preference to the desired OXO
DHCP server. For details, see the following section
“DHCP Server Preference” on page 8-18
5 The DHCP client obtains the switch IP address information from the DHCP server.
6 The DHCP client obtains the TFTP server IP address from the DHCP server using Option (66).
7 The DHCP client obtains the instruction file name and location from the DHCP server using Option
(67).
8 SSH access is automatically enabled to allow remote access in case the automatic configuration
process fails.
9 The instruction file with the .alu extension is downloaded from the TFTP server to the /flash/working
directory of the OmniSwitch.
10 If available, the configuration, script, and images files are downloaded from the FTP or SFTP serv-
ers. The password used to connect to the FTP/SFTP servers is same as the username.
11 If available, the switch compares the firmware version available on the switch with the firmware
version in the instruction file. If the firmware versions are different, then the new firmware is downloaded
in to the /flash/working directory.
12 If available, the downloaded configuration file is saved as the boot.cfg file in the /flash/working
directory and the switch is rebooted completing the auto configuration process (a reboot occurs only if no
script file is downloaded).
13 If available, commands in the script file are run and the DHCP client configuration is automatically
removed on the default VLAN 1.
Automatic Remote Configuration Download Process Managing Automatic Remote Configuration Download
page 8-10 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Process Illustration
The following flowchart represents the automatic remote configuration download process in detail.
.
Illustration of Automatic Remote Configuration Process
Power
ON
Is boot.cfg
present?
Yes
Normal
Switch
Bootup
No
Start Automatic Configuration
LACP Auto Detection and Link
Aggregate Association
DHCP client configuration on
VLAN 1 Management VLAN127 or
LLDP tagged management VLAN
1
Does DHCP offer
have TFTP server
address ?
Yes
Connect to TFTP
server
Get instruction file
Found
instruction
file?
Download
firmware and/or
boot.cfg only
Yes
Reload Switch
Download
Script
Run Script
3
Switch is available remotely
No
No
Yes
No
Yes
Managing Automatic Remote Configuration Download Automatic Remote Configuration Download Process
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 8-11
Additional Process Notes
1 Once the switch obtains an IP interface from the DHCP server, remote access through SSH is
automatically configured to allow remote access in case of any download errors during the Auto
Configuration process.
Note. It is not recommended to have the write memory command in the script file if a configuration file
is downloaded. This causes the boot.cfg file to be overwritten with the commands in the script file.
2 After the successful download of the script file, the DHCP IP interface is automatically deleted.
However, SSH access remains enabled. Use the no aaa authentication ssh command to disable SSH
connectivity if desired.
Download Component Files Managing Automatic Remote Configuration Download
page 8-12 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Download Component Files
This section provides the details of the files downloaded and how they are utilized during the automatic
configuration process. The main component files are:
• Instruction file -The instruction file is the initial file required for the automatic remote configuration
process to occur. The instruction file is stored in the TFTP server with the .alu
extension. For further
details, see
“Instruction File” on page 8-12
• Firmware upgrade files - The firmware files or image files differ for different OmniSwitch
platforms. These image files contain executable code, which provides support for the system, Ethernet
ports, and network functions. For further details, see
“Firmware Upgrade Files” on page 8-14
• Bootup configuration file - The file contains bootup configuration information for the switch. The
bootup configuration file stores the network configuration parameters. For further details, see
“Bootup
Configuration File” on page 8-14
• Debug Configuration file - The debug configuration file stores the default debug configuration
information. For further details, see “Debug Configuration File” on page 8-15
• Script file - The script file consists of commands to be performed on the switch so that
appropriate actions can be taken on the downloaded files. For further details, see “Script File” on
page 8-15
Instruction File
The instruction file is the initial file required for automatic remote configuration process to occur. The
instruction file is stored in the TFTP server with the .alu
extension.
The instruction file contains user information such as switch ID, file version, firmware version, image
file names and location, configuration file (boot.cfg) name and location, script file name and location,
FTP/SFTP server IP address, username and password to connect to the FTP/SFTP server.
The TFTP server IP address and instruction filename details are received from the DHCP server by the
DHCP client on the OmniSwitch.
The instruction file is downloaded from the TFTP server and stored in the /flash/working directory of the
switch.
Note.
• If an error or failure occurs during the file transfer, the transfer process is retried up to three times. If
file transfer and download are not successful, the automatic remote configuration process is halted and
the switch is made available remotely using SSH.
• All contents of the instruction file are stored in the switch log (swlog.log) file as evidence of the last
Automatic Remote Configuration download.
Managing Automatic Remote Configuration Download Download Component Files
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 8-13
Instruction File Syntax
The instruction file is a text file containing the following information:
Example
The instruction file has the Keyword:Value format as shown below:
Firmware version:OS_6_7_2_12_R01
Firmware location:/home/ftpboot
! Configuration file
!Config filename:vcboot.cfg
Config filename:boot.cfg
!Config filename:None
Config location:/home/ftpboot
! Setup File
!VC setup config filename:vcsetup.cfg
!VC setup config location:/home/ftpboot
! Script file
!Script filename:default_script.txt
!Script location:/home/ftpboot
! License filename
!License filename:swlicense.dat
!License location:/home/ftpboot/license
! Directory name
!Directory name:working
Directory name:working
!Directory name:certified
! Primary File Server
Primary server:120.1.1.1
Primary protocol:FTP
Primary user:admin
! Secondary File Server
!Secondary server:15.1.1.2
!Secondary protocol:FTP
!Secondary user:admin
Header Contains user information such as switch ID, file version, and so on.
Header text is a type of comment.
Comments Comments provide additional information for better user readability.
These lines are ignored during the remote configuration download
process.
Firmware version and file
location
Image files required for firmware upgrade.
Configuration file name and
location
The file containing the configuration for the switch, this file is saved as
the boot.cfg file in the /flash/working directory.
Debug file name and location The AlcatelDebug.cfg containing additional debug configuration
commands
Script file name and location The script file containing commands to be implemented on the switch.
Primary file server address/
protocol/username
The primary file server from which the required files are
downloaded. The specified protocol and username is used for the
download.
Secondary file server address/
protocol/username
The secondary file server from which the required files are downloaded
if the connection to primary file server fails. The specified protocol and
username are used for the download.
Download Component Files Managing Automatic Remote Configuration Download
page 8-14 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Instruction File Usage Guidelines
• The instruction file is case sensitive and can contain only the keywords provided in the instruction file
output example.
• The keywords can be placed in any order.
• If the Keyword:Value format is incorrect, the information on that line is discarded.
• Firmware version must be provided in the format as specified in the example.
• Pathnames provided must contain the complete path to the file location.
• If any file is not required, the value is provided as “None”. For example, if a debug configuration file is
not required to be downloaded, the instruction file syntax is as follows:
Debug filename:None
Debug location:None
• The header line is the first line of the instruction file and begins with “!” character.
• Header line contents are logged to the switch log along with the other contents of the instruction file.
• The header and comment lines begin with “!” character.
Firmware Upgrade Files
Firmware files are also known as image files. These files have the .img extension.
Firmware files are different for each OmniSwitch platform. The relevant firmware files are downloaded
from the location mentioned in the instruction file. The filenames of the firmware files must exactly match
the files which are to be downloaded. The filenames are in the *os.img, *base.img, *en.img format, where
* can be ‘J’, ‘K’, ‘K2’, ‘K2I’, or ‘G’ based on the OmniSwitch product. Modified filenames are not recog
-
nized.
Details about the different firmware files and file names can be found in the Available Image Files section
in
“Managing System Files” on page 1-1.
Firmware files are downloaded only when the firmware version in the instruction file is higher than the
firmware version present on the switch.
Bootup Configuration File
The bootup configuration (boot.cfg) file is not present during the initial bootup process when a new switch
is integrated in to the network. The boot.cfg file is automatically generated and stored in the
/flash/working directory when a write memory command is issued.
During the automatic remote configuration process, the bootup configuration file is downloaded from the
FTP/SFTP server and stored as boot.cfg in the /flash/working directory of the switch.
If no script file is downloaded, the switch boots up normally according to the configurations specified in
the boot.cfg file when the remote configuration download process is completed.
Bootup Configuration File Usage Guidelines
If configuring an AAA server authentication key in the boot.cfg file the encrypted value of the key must
be stored in the boot.cfg file. To get the encrypted value first enter the key using the CLI and then use the
Managing Automatic Remote Configuration Download Download Component Files
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 8-15
show configuration snapshot command to get the encrypted value. This encrypted value can then be can
used in the boot.cfg file for Remote Configuration Download.
Debug Configuration File
The debug configuration file is used for setting specific OmniSwitch settings and must only be used as
directed by Service and Support. During the automatic remote configuration process, the debug
configuration file is downloaded with the filename AlcatelDebug.cfg.
Script File
The script file is downloaded and stored with the same name in the /flash/working directory. The script
file contains the commands to be implemented on the switch after running the configuration file.
If a configuration file is not available, the script file can be used to configure the switch dynamically with-
out a boot.cfg file.
Script File Example
vlan 100 enable name "VLAN 100"
vlan 100 port default 1/1
write memory
Script File Usage Guidelines
• After the script file is downloaded the switch does not automatically reboot.
• If a write memory command is used in the script file, then it overwrites the boot.cfg file. Hence, the
script file must not contain the write memory command if it is downloaded along with the
configuration file.
• If any script file command fails, it is logged in to a file *.err (* is the script file name) in the /flash
directory and the remaining commands are implemented.
• If the script file name mentioned in the instruction file is incorrect, then an error is logged in the switch
log or swlog.log file.
LACP Auto Detection and Automatic Link Aggregate Association Managing Automatic Remote Configuration Download
page 8-16 OmniSwitch AOS Release 6 Switch Management Guide December 2017
LACP Auto Detection and Automatic Link
Aggregate Association
DHCP Server Association and DHCP Client creation works on fixed ports. When an OmniSwitch is newly
introduced to a network, an assigned peer network device detects this device as new. If the peer device has
a link aggregate configuration on the detecting port, then it sends LACP PDU to the newly connected
OmniSwitch. In such instances, LACP PDUs must be acknowledged by OmniSwitch. The Remote
Configuration Manager on OmniSwitch detects any LACP PDUs on combo or uplink ports and
configures a link aggregate automatically during Automatic Remote Configuration.
The following diagram illustrates the different network components required for Auto Remote
Configuration and LACP Auto Detection and Link Aggregate Association process
.
Network Components for LACP Auto Detection and Link Aggregate Association
Alcatel-Lucent
OmniSwitch
Provides Switch IP, TFTP server IP
and instruction file name
DHCP
Server
TFTP Server
Stores the instruction file.
optionally the config
file and firmware
FTP/SFTP Server
Stores the firmware and
configuration for secure access
Network
with Router
or Gateway
Peer Device
LACP
Handshake and Auto
Link Aggregate
Association
Managing Automatic Remote Configuration Download DHCP Client Auto-Configuration Process
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 8-17
LACP auto detection is enabled by default and operates only on the combo ports and uplink ports on
OmniSwitch during the Automatic Remote Configuration stage.
1 When an OmniSwitch detects LACP PDUs from a remote peer connected through a combo or an
uplink port, it configures that port as a LACP port and starts LACP handshake with the peer device.
2 The newly formed LACP port is made a member of VLAN 127 and VLAN 1 and DHCP packets are
sent out through this LACP port.
3 Once the remote configuration download is complete on this LACP port, the switch configuration file
can automatically configure the required ports for the link aggregate.
4 After the process is completed, this automatic link aggregate and related associations are deleted.
Note. The LACP auto detection mode is not supported when the switch boots up in normal mode
(non-remote configuration load mode). The LACP configuration at the peer device must not be changed
once the automatic link aggregate is created using the parameters in the LACP PDU sent from the peer
device.
DHCP Client Auto-Configuration Process
The automatic remote configuration download feature supports three DHCP client configuration methods
to obtain an initial dynamic IP address from the DHCP server:
• Static DHCP client on untagged VLAN 1
• Dynamic DHCP client on tagged VLAN 127
• Dynamic DHCP client on LLDP tagged management VLAN
Note. Some Metro networks use a fixed tagged VLAN 127 for initial IP assignment. The
auto-configuration of Dynamic DHCP client on LLDP tagged management VLAN facilitates the
installation of OmniSwitch in such networks.
OmniSwitch creates a DHCP Client interface on:
• the default untagged VLAN 1 and then on tagged VLAN 127 alternatively
Or
• the Management VLAN being advertised in the LLDP PDUs sent by the Management Switch
configured in Nearest-Edge Mode.
See the “Nearest-Edge Mode Operation” on page 8-20 for additional information.
Note. OmniSwitch must have at least one port with connectivity to the DHCP server through
Management VLAN.
DHCP Server Preference Managing Automatic Remote Configuration Download
page 8-18 OmniSwitch AOS Release 6 Switch Management Guide December 2017
If OmniSwitch receives LLDP PDUs with VLAN and port information from a Management switch in
nearest edge mode, then the DHCP client interface is moved to user defined LLDP management VLAN on
the network.
The detailed process of DHCP client auto-configuration on OmniSwitch is as follows:
1 At boot-up, the initial DHCP client starts with untagged VLAN 1.The DHCP client waits for 30
seconds for a DHCP lease.
2 If the lease is not obtained even after 30 seconds, the DHCP client is stopped on the untagged VLAN 1
and DHCP client is started on tagged VLAN 127. The DHCP client on tagged VLAN 127 waits for 30
seconds for a DHCP lease.
3 If the DHCP client does not get the lease in 30 seconds, DHCP client moves back to untagged VLAN 1
and this process continues until it gets the DHCP lease on any one of the two VLANs.
4 If a LLDP that is advertising the management VLAN ID is received on any of the switch ports, the
initial DHCP client on untagged VLAN and tagged VLAN 127 is stopped and a new DHCP client is
started on this tagged management VLAN.
5 The DHCP Client created on tagged management VLAN waits infinitely to get a lease.
Note.
If the initial DHCP clients (untagged or VLAN 127) obtains an IP lease, the LLDP detection mechanism is
disabled to prevent the switch from starting a new DHCP client.
DHCP client is automatically stopped once a user logs in the switch through console port before getting
the DHCP lease. This condition applies for any type of DHCP client (untagged, tagged 127 or tagged with
LLDP associated management VLAN).
Once the DHCP client gets the lease, the Remote Config process does not stop even if the user logs on to
the switch through console port.
DHCP Server Preference
When RCL is running and the DHCP client is created, the following steps are followed in order to provide
preference to different DHCP servers. The preference for the VLAN 1 DHCP client is below:
1 OmniVista Server = VSI: alcatel.nms.ov2500
2 OXO DHCP Server = VSI: alcatel.a4400.0
3 Other non-preferred DCHP Server
The following describes the DHCP client preference operation:
1 If a DHCP response is received on the VLAN 1 DHCP client from a non-preferred DHCP server it will
be stored during the 30 second window allowing time for a DHCP response from a higher preference
server. Subsequent responses from non-preferred DHCP servers will be dropped.
2 If a DHCP response is received on the VLAN 1 DHCP client from an OXO DHCP server it will over-
write any non-preferred DHCP response. The response will be stored during the 30 second window allow-
Managing Automatic Remote Configuration Download DHCP Server Preference
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 8-19
ing time for a DHCP response from an OmniVista server. Subsequent responses from any OXO DHCP
servers or non-preferred DHCP servers will be dropped.
3 If a DHCP response is received on the VLAN 1 DHCP client from an OmniVista DHCP server it will
overwrite any existing DHCP responses and be applied immediately.
4 If a DHCP response is received on the VLAN 127 DHCP client it will be applied immediately regard-
less of which DHCP server it was received from. Receiving a DHCP response on VLAN 127 indicates
there was no response received on VLAN 1 from any preferred DHCP server.
5 If any VLAN ID is received from LLDP during the DHCP process and no response has been received
from an OmniVista or OXO server, then the DHCP client on VLAN 1 or on VLAN 127 is deleted and a
DHCP client gets created on management VLAN received from LLDP.
Note:
- A DHCP server should be configured and have connectivity the switch during the initial boot-up.
- The RCL process may be delayed while waiting for a preferred server.
Nearest-Edge Mode Operation Managing Automatic Remote Configuration Download
page 8-20 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Nearest-Edge Mode Operation
In order for the network to propagate Nearest-Edge mode LLDP PDUs a Management Switch must be
configured to send the LLDP PDUs with the Management VLAN information. Additionally, the peer
switches are automatically configured to process the Nearest-Edge Mode LLDP PDU frames by the
Automatic Configuration Download feature.
An OmniSwitch running the Automatic Remote Configuration feature is automatically enabled to process
LLDP PDUs with the unique Nearest-Edge destination MAC address. In Nearest-Edge mode the
Management OmniSwitch uses a unique MAC address when sending LLDP PDUs. The network OmniS-
witch also looks for these unique packets to determine a Management VLAN. It then creates a DHCP
client interface on that tagged VLAN.
LLDP Transmission from Management Switch
• The Management Switch is configured to use the Nearest-Edge Mode MAC address using the lldp
destination mac-address command and is connected to the network using an untagged interface.
• LLDP is configured on the untagged port of the Management Switch so that the LLDP PDUs are sent
with the Management VLAN information.
• The LLDP interval must not be set higher than 30 seconds (default).
• The Management Switch sends LLDP PDUs on the untagged interface with the MAC address of
01:20:DA:02:01:73.
LLDP Propagation through Network
These LLDP PDUs are propagated throughout the network as normal L2 multicast frames, eventually
reaching the Access Switch.
LLDP Reception by Access Switch
The Automatic Configuration Download feature enables the processing of the Nearest-edge LLDP PDUs
by default.
Nearest-Edge Mode Configuration Example
Management Switch
The Management Switch is connected to the network using an untagged interface and is configured to use
the Nearest-edge Mode MAC address using the
lldp destination mac-address command. LLDP is
configured on the untagged port of the Management Switch so that the LLDP PDUs are sent with the
Management VLAN information. The LLDP PDUs are sent on the untagged interface with the
Nearest-edge MAC address and propagated throughout the network eventually reaching the Access
Switch.
For example:
-> vlan 999 name “VLAN 999”
-> vlan 999 port default 1/1
-> lldp destination mac-address nearest-edge
-> lldp 1/1 tlv dot1 vlan-name enable
Managing Automatic Remote Configuration Download Nearest-Edge Mode Operation
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 8-21
Access Switch
When used in conjunction with the Automatic Remote Configuration feature no configuration is neces-
sary on the Access OmniSwitches. Newly connected switches without a boot.cfg file receive the Nearest-
Edge LLDP PDUs, discover the Management VLAN, tag the port with that VLAN ID, and create a DHCP
client interface on the Management VLAN. This auto-configuration allows the DHCP client interface on
the OmniSwitch to receive an IP address in the proper IP subnet.
Example Nearest-Edge Configuration
Zero Touch License Upgrade Managing Automatic Remote Configuration Download
page 8-22 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Zero Touch License Upgrade
Some features like OmniSwitch-Metro features require a software license for activation and are restricted
only to a licensed user. To activate licensed features, a license serial number must be purchased along with
an authorization code from Alcatel-Lucent. The authorization code can then be used to generate a license
file.
The Automatic Remote Configuration Download feature supports automatic license upgrade process for
remote devices. With Zero Touch License Upgrade, the metro features can be unlocked on each non-metro
switch in a network. The switches are automatically upgraded with the set license for a trial period. This
feature can be implemented by running a script file with the license unlock metro command.
Note. This upgrade procedure does not affect OmniSwitch Metro models as they already have the metro
features activated.
The metro features are activated on the switch for a trial period of 15 days. In order to get a permanent
license, the customer must identify the MAC address or serial number of the newly installed switches in
the network and obtain the license file from the Alcatel-Lucent portal and install it.
Note. For detailed procedure on manual license upgrade see the Installing Software Licenses section in
the “Managing System Files” chapter. Also see the different types of license upgrades available.
The reboot of the switch or stack occurs at the end of automatic remote configuration process.
If any of the switches in the network already have the metro license installed, then the automatic license
upgrade does not occur. Specifically, the switch or stack does not reboot again.
Script File Example
For Zero Touch License Upgrade to occur, the script file must contain the license unlock metro
command. For details on the command see the OmniSwitch AOS Release 6 CLI Reference Guide.
vlan 100 enable name "VLAN 100"
vlan 100 port default 1/1
license unlock metro
write memory
reload working no rollback-timeout
Managing Automatic Remote Configuration Download Troubleshooting
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 8-23
Troubleshooting
Due to errors during download, the automatic configuration process can halt, or the file download process
can be incomplete. The errors that occur during the automatic remote configuration download process are
displayed on the switch command prompt and also stored in switch log or the swlog.log file.
The following section provides information on some of the common errors that can occur during the
configuration download process and troubleshooting techniques to resolve these errors.
Error Resolution
If there are any issues downloading the required files for the auto configuration process the switch can be
reached using the DHCP client IP address and the SSH protocol for manual intervention or configuration.
Server Connection Failure and File Download Errors
Manual download of component files is required when there is a failure in connecting to the servers or
when all the component files are not downloaded during the automatic remote configuration download
process.
Server connection failures can occur when:
• DHCP server is not reachable.
• TFTP server is not reachable.
• Primary and secondary servers are not reachable.
File download errors can occur when:
• Files are corrupted.
• File locations or names listed in the instruction file are incorrect.
Troubleshooting Managing Automatic Remote Configuration Download
page 8-24 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Error Description Table
The following table provides information on the common server connection failures and file download
errors that can occur during Automatic Remote Configuration:
Script File Errors
The different types of script file errors and the troubleshooting techniques for such errors are as follows:
• If any script file command fails, it is logged in to a file *.err (* is the script file name) in the /flash
directory and the remaining commands are implemented. In such an instance, check the *.err file. The
script file commands can be manually implemented and debugged in the order specified in the script
file.
• If the script file name mentioned in the instruction file is incorrect, then an error is logged in the switch
log or swlog.log file. In such an instance, check the swlog.log file. The script file can be downloaded
manually from the FTP/SFTP servers and implemented onto the OmniSwitch.
Error Type Error Description
User Login
Auto-Config
Abort
User logged in via console, Auto-
matic Remote configuration is
aborted.
DHCP client is automatically stopped only if
a user logs in to the switch through console
port before getting the DHCP lease.
TFTP Response
Timeout
Instruction File not Downloaded
and the Max try 3 For TFTP reached.
Instruction file not downloaded due to TFTP
not reachable.
Primary/
Secondary
Server
Connection
Download of file: <File name and
pathname> from Primary Server
Failed
Starting download of file: <File
name and pathname> from Secondary
Server
Download Failed - <File name and
pathname> using both Pri & Sec IP
File download failure from primary server.
File download failure from both primary and
secondary server.
File Download
and File
Location Errors
Transfer error <File name and
pathname>
Download failed for configuration
file <File name and pathname>
Not all image files are downloaded
Unable to download the firmware
version
Unable to download boot config file
Unable to download AlcatelDebug.cfg
Unable to download script file
File transfer failure.
Configuration file download failure.
Some of the image files are not downloaded.
File location errors occur when the
corresponding files are not available in the
locations as mentioned in the instruction file.
Managing Automatic Remote Configuration Download Troubleshooting
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 8-25
Error Description Table
The following error description table provides information about some of the common script file errors
that occur during Automatic Remote Configuration:
Error Type Error Description
Script File
Download
Download of Script file from
Primary Server Failed
Starting download of Script file:
<File name and pathname> from
Secondary Server
Download failed - <File name and
pathname> using Pri and Sec IP
Script file cannot be downloaded from the
primary server.
Script file cannot be downloaded from both
primary and secondary server.
Script File
Command
Failure
Unable to remove Instruction
file <File name and pathname>
Error in executing the downloaded
script file
Instruction file cannot be removed from flash
due to error in running the script file
commands.
The downloaded script file cannot be run.
Troubleshooting Managing Automatic Remote Configuration Download
page 8-26 OmniSwitch AOS Release 6 Switch Management Guide December 2017
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 9-1
9 Managing Switch User
Accounts
Switch user accounts can be set up locally on the switch for users to log into and manage the switch. The
accounts specify login information (combinations of usernames and passwords) and privilege or profile
information depending on the type of user.
The switch has several interfaces (console, Telnet, HTTP, FTP, Secure Shell, and SNMP) through which
users can access the switch. The switch can be set up to allow or deny access through any of these
interfaces. See Chapter 10, “Managing Switch Security,” for information about setting up management
interfaces.
In This Chapter
This chapter describes how to set up user accounts locally on the switch through the Command Line Inter-
face (CLI). CLI commands are used in the configuration examples; for more details about the syntax of
commands, see the OmniSwitch AOS Release 6 CLI Reference Guide.
This chapter provides an overview of user accounts. In addition, configuration procedures described in this
chapter include:
• “Creating a User” on page 9-12.
• “Configuring Password Policy Settings” on page 9-14.
• “Configuring Privileges for a User” on page 9-21.
• “Setting Up SNMP Access for a User Account” on page 9-22.
• “Setting Up End-User Profiles” on page 9-25.
For information about enabling management interfaces on the switch, see Chapter 10, “Managing Switch
Security.”
For information about connecting a management station to the switch, see OmniSwitch AOS Release 6350/
6450 Hardware Users Guide.
User information can also be configured on external servers in addition to, or instead of, user accounts
configured locally on the switch (except end-user profiles, which can only be configured on the switch).
For information about setting up external servers that are configured with user information, see the
“Managing Authentication Servers” chapter in the OmniSwitch AOS Release 6 Network Configuration
Guide.
User Database Specifications Managing Switch User Accounts
page 9-2 OmniSwitch AOS Release 6 Switch Management Guide December 2017
User Database Specifications
User Account Defaults
• Two user accounts are available on the switch by default: admin and default. For more information
about these accounts, see
“Startup Defaults” on page 9-6 and “Default User Settings” on page 9-9.
• New users inherit the privileges of the default user if the specific privileges for the user are not config-
ured; the default user is modifiable.
• Password defaults are as follows:
Platforms Supported OmniSwitch 6350, 6450
Maximum number of alphanumeric characters in a
username
31
Maximum number of alphanumeric characters in a
user password
31
Maximum number of alphanumeric characters in an
end-user profile name
32
Maximum number of user accounts 64
Maximum number of end-user profiles 128
Description Command Default
Minimum password length user password-size min 8 characters
Default password expiration for any
user
user password-expiration disabled
Username is not allowed in pass-
word.
user password-policy cannot-con-
tain-username
disabled
Minimum number of uppercase char-
acters allowed in a password.
user password-policy min-upper-
case
0 (disabled)
Minimum number of lowercase char-
acters allowed in a password.
user password-policy min-lower-
case
0 (disabled)
Minimum number of base-10 digits
allowed in a password.
user password-policy min-digit 0 (disabled)
Minimum number of non-alphanu-
meric characters allowed in a pass-
word.
user password-policy min-nonal-
pha
0 (disabled)
Maximum number of old passwords
to retain in the password history.
user password-history 4
Minimum number of days user is
blocked from changing password.
user password-min-age 0 (disabled)
Managing Switch User Accounts User Account Defaults
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 9-3
• Global user account lockout defaults are as follows:
Parameter Description Command Default
Length of time during which failed
login attempts are counted.
user lockout-window 0—all attempts are
counted
Length of time a user account
remains locked out of the switch
before the account is automatically
unlocked.
user lockout-duration 0—account remains
locked until manually
unlocked
Maximum number of failed login
attempts allowed during the lockout
window time period.
user lockout-threshold 0—no limit to the num-
ber of failed login
attempts
Overview of User Accounts Managing Switch User Accounts
page 9-4 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Overview of User Accounts
A user account includes a login name, password, and user privileges. The account also includes privilege
or profile information, depending on the type of user account. There are two types of accounts: network
administrator accounts and end-user or customer login accounts.
Network administrator accounts are configured with user (sometimes called functional) privileges. These
privileges determine whether the user has read or write access to the switch and which command domains
and command families the user is authorized to execute on the switch.
Customer login accounts are configured with end-user profiles rather than functional privileges. Profiles
are configured separately and then attached to the user account. A profile specifies command areas to
which a user has access as well as VLAN and/or port ranges to which the user has access.
The designation of particular command families/domains or command families for user access is some-
times referred to as partitioned management. The privileges and profiles are sometimes referred to as
authorization.
Note. End-user command areas are different from the command domains/families used for network
administrator accounts. In general, command areas are much more restricted groups of commands (see
page 9-25).
Functional privileges (network administration) and end-user profiles (customer login) are mutually exclu-
sive. Both types of users can exist on the switch, but any given user account can only be one type, network
administrator or customer login. The CLI in the switch prevents you from configuring both privileges and
a profile for the same user.
End-user profiles also cannot be configured on an authentication server; however, users configured on an
external authentication server can have profile attributes, which the switch will attempt to match to
profiles configured locally.
If the user information is configured on an external server (rather than locally on the switch through the
CLI) with both functional privilege attributes and profile attributes, the user is seen by the switch as an
end-user and will attempt to match the profile name to a profile name configured on the switch. If there is
no match, the user will not be able to log into the switch.
Note. For information about setting up user information on an authentication (AAA) server, see the
“Managing Authentication Servers” chapter of the OmniSwitch AOS Release 6 Network Configuration
Guide.
Users typically log into the switch through one of the following methods:
• Console port—A direct connection to the switch through the console port.
• Telnet—Any standard Telnet client can be used for logging into the switch.
• FTP—Any standard FTP client can be used for logging into the switch.
• HTTP—The switch has a Web browser management interface for users logging in via HTTP. This
management tool is called WebView.
Managing Switch User Accounts Overview of User Accounts
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 9-5
• Secure Shell—Any standard Secure Shell client can be used for logging into the switch.
• SNMP—Any standard SNMP browser can be used for logging into the switch.
For more information about connecting to the switch through one of these methods, see OmniSwitch AOS
Release 6350/6450 Hardware Users Guide.
For information about setting up the switch to allow user access through these interfaces, see Chapter 10,
“Managing Switch Security.”
Overview of User Accounts Managing Switch User Accounts
page 9-6 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Startup Defaults
By default, a single user management account is available at the first bootup of the switch. This account
has the following user name and password:
• user name—admin
• password—switch
Initially, the admin user can only be authorized on the switch through the console port. Management
access through any other interface is disabled. The Authenticated Switch Access commands can be used to
enable access through other interfaces or services (such as Telnet, HTTP). However, SNMP access is not
allowed for the admin user. The admin user cannot be modified, except for the password. SHA2 (SHA224
and SHA256) hashing algorithms can be configured for admin user.
Password expiration for the admin user is disabled by default. See “Configuring Password Expiration” on
page 9-16.
In addition, another account, default, is available on the switch for default settings only; this account
cannot be used to log into the switch. It is used to store and modify default settings for new users.
Note. Up to 64 users can be configured in the local switch database.
To set up a user account, use the user command, which specifies the following:
• Password—The password is required for new users or when modifying a user’s SNMP access. The
password will not appear in an ASCII configuration file created via the snapshot command.
• Privileges—The user’s read and write access to command domains and families. See “Configuring
Privileges for a User” on page 9-21 for more details.
• SNMP access—Whether or not the user is permitted to manage the switch via SNMP. See “Setting Up
SNMP Access for a User Account” on page 9-22 for more details.
• End-User Profile—The user’s read and write access to command areas, port ranges, and VLAN ranges;
used for customer login accounts. See
“Setting Up End-User Profiles” on page 9-25.
Typically, options for the user (privileges or end-user profile; SNMP access) are configured at the same
time the user is created. An example of creating a user and setting access privileges for the account is
given here:
-> user thomas techpubs read-write domain-policy md5+des
For more details about command syntax, see the OmniSwitch AOS Release 6 CLI Reference Guide.
Managing Switch User Accounts Overview of User Accounts
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 9-7
Quick Steps for Network Administrator User Accounts
1 Configure the user with the relevant username and password. For example, to create a user called
thomas with a password of techpubs, enter the following:
-> user thomas password techpubs
For information about creating a user and setting up a password, see “Creating a User” on page 9-12.
2 Configure the user privileges (and SNMP access) if the user must have privileges that are different than
those set up for the default user account. For example:
-> user thomas read-write domain-network ip-helper telnet
For information about the default user settings, see the next section. For information about setting up priv-
ileges, see “Configuring Privileges for a User” on page 9-21.
Note. Optional. To verify the user account, enter the show user command. The display is similar to the
following:
User name = admin,
Password expiration = None,
Password allow to be modified date = None,
Account lockout = None,
Password bad attempts = 1,
Read Only for domains = None,
Read/Write for domains = All ,
Snmp allowed = NO
User name = default (*),
Password expiration = None,
Password allow to be modified date = None,
Account lockout = None,
Password bad attempts = 0,
Read Only for domains = None,
Read/Write for domains = None,
Snmp allowed = NO,
User name = public (*),
Password expiration = None,
Password allow to be modified date = None,
Account lockout = None,
Password bad attempts = 0,
Read Only for domains = None,
Read/Write for domains = None,
Snmp allowed = NO,
(*)Note:
The default user is not an active user account.
It constains the default user account settings,
for new user accounts.
For more information about the show user command, see the OmniSwitch AOS Release 6 CLI Reference
Guide.
Overview of User Accounts Managing Switch User Accounts
page 9-8 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Quick Steps for Creating Customer Login User Accounts
1 Set up a user profile through the aaa admin-logout command. For example, configure a profile called
Profile1 that specifies read-write access to the physical and basic-ip-routing command areas:
-> end-user profile Profile1 read-write physical basic-ip-routing
2 Specify ports to which the profile will allow access. In this example, Profile1 will be configured with
access to ports on slot 1 and slot 2.
-> end-user profile Profile1 port-list 1/1-2 1/4-5 2/1-8
3 Specify VLANs or VLAN ranges to which the profile will allow access. In this example, Profile1 will
be configured with access to VLANs 3 through 8.
-> end-user profile Profile1 vlan-range 3-8
Note. Optional. To verify the end-user profile, enter the show end-user profile command. The display is
similar to the following:
End user profile : Profile1
Area accessible with read and write rights :
physical,
basic ip routing,
Slot : 1, ports allowed : 1-2, 4-5
Slot : 2, ports allowed : 1-8
Vlan Id :
3-8
For more information about the show end-user profile command, see the OmniSwitch AOS Release 6 CLI
Reference Guide.
4 Associate the profile with a user account. Enter the user command with the relevant username and
password and specify Profile1. In this example, the user name is Customer1 and the password is
my_passwd:
-> user Customer1 password my_passwd end-user profile Profile1
For more information about creating a user and setting up a password, see “Creating a User” on page 9-12.
For information about creating end-user profiles, see “Setting Up End-User Profiles” on page 9-25.
Note. Optional. To verify the user account, enter the show user command. The display is similar to the
following:
User name = Customer1
END user profile = Profile1
SNMP authentication = NONE, Snmp encryption = NONE
User name = default
END user profile Profile5
Snmp not allowed
For more information about the show user command, see the OmniSwitch AOS Release 6 CLI Reference
Guide.
Managing Switch User Accounts Overview of User Accounts
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 9-9
Default User Settings
The default user account on the switch is used for storing new user defaults for privileges and profile
information. This account does not include a password and cannot be used to log into the switch.
At the first switch startup, the default user account is configured for:
• No read or write access
• No SNMP access
• No end-user profile
Any new users created on the switch will inherit the privileges or the end-user profile of the default user
unless the user is configured with specific privileges or a profile.
The default user settings can be modified. Enter the user command with default as the user name. The
default user can only store default functional privileges or a default end-user profile. The default user
cannot be configured with both privileges and a profile.
The following example modifies the default user account with read-write access to all CLI commands:
-> user default read-write all
In this example, any new user that is created will have read and write access to all CLI commands (unless
a specific privilege or SNMP access is configured for the new user). For more information about configur
-
ing privileges, see “Setting Up End-User Profiles” on page 9-25.
The privilege default is particularly important for users who are authenticated via an ACE/Server, which
only supplies username and password information; or for users who are authenticated via a RADIUS or
LDAP server on which privileges are not configured. For more information about these servers, see the
“Managing Authentication Servers” chapter of the OmniSwitch AOS Release 6 Network Configuration
Guide.
Overview of User Accounts Managing Switch User Accounts
page 9-10 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Account and Password Policy Settings
The switch includes global password settings that are used to implement and enforce password complex-
ity when a password is created, modified, and used. These user-configurable settings apply the following
password requirements to all user accounts configured for the switch:
• Minimum password size
• Whether or not a password can contain the account username
• Minimum password character requirements
• Password expiration
• Password history
• Minimum password age
In addition to global password settings, the switch also includes global user lockout settings that deter-
mine when a user account is locked out of the switch and the length of time the user account remains
locked.
See “Configuring Password Policy Settings” on page 9-14 and “Configuring Global User Lockout
Settings” on page 9-18 for more information.
Managing Switch User Accounts Overview of User Accounts
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 9-11
How User Settings Are Saved
Unlike other settings on the switch, user settings configured through the password command are saved to
the switch configuration automatically. These settings are saved in real time in the local user database.
At bootup, the switch reads the database file for user information (rather than the boot.cfg file). The write
memory, copy running-config working, or configuration snapshot commands are not required to save
user or password settings over a reboot.
Note. Password settings configured through the user password-policy commands are not automatically
saved to the switch configuration.
For information about using the write memory, copy running-config working, and configuration
snapshot commands, see
Chapter 5, “Managing CMM Directory Content,” Chapter 7, “Working With
Configuration Files,” and the OmniSwitch AOS Release 6 CLI Reference Guide.
Creating a User Managing Switch User Accounts
page 9-12 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Creating a User
To create a new user, enter the user command with the desired username and password. Use the password
keyword. For example:
-> user thomas password techpubs
In this example, a user account with a user name of thomas and a password of techpubs is stored in the
local user database.
The password must be a string of non-repeating characters. The CLI uses the first occurrence of the char-
acter series to uniquely identify the password. For example, the password tpubtpub is the same as tpub. A
better password might be tpub3457.
Note. The exclamation point (!) is not a valid password character. In addition, specifying an asterisk (*) as
one or more characters in a password is allowed as long as every character is not an asterisk. For example,
password **123456** is allowed; password ******** is not allowed.
If privileges are not specified for the user, the user will inherit all of the privileges of the default user
account. See
“Default User Settings” on page 9-9.
The password does not display in clear text in an ASCII configuration file produced by the snapshot
command. Instead, it displays in encrypted form. See
Chapter 7, “Working With Configuration Files,” for
information about using the snapshot command.
While creating a user, password-prompt option can be used with the ‘user’ command to configure the
password for the user. When this option is selected, a password prompt appears and the password can be
provided. Password needs to be re-entered, and only if both the passwords match, command is accepted.
Password provided in this mode is not displayed on the CLI as text.
For example,
-> user techpubs password-prompt
Password: *******
Re-enter password: ********
Removing a User
To remove a user from the local database, use the no form of the command:
-> no user thomas
The user account for thomas is removed from the local user database.
Managing Switch User Accounts Creating a User
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 9-13
User-Configured Password
Users can change their own passwords by using the password command. In this example, the current user
wants to change her password to my_passwd. Follow these steps to change the password:
1 Enter the password command. The system displays a prompt for the new password:
-> password
enter old password:
2 Enter the old password. (The password is concealed with asterisks.) A prompt displays for the new
password.
-> password
enter old password:********
enter new password:
3 Enter the desired password. The system then displays a prompt to verify the password.
-> password
enter old password:********
enter new password: *********
reenter new password:
4 Enter the password again.
-> password
enter old password:********
enter new password: *********
reenter new password: *********
->
The password is now reset for the current user. At the next switch login, the user must enter the new pass-
word.
Note. A new password cannot be identical to the current password; it cannot be identical to any of the
three passwords that preceded the current password. Also, the exclamation point (!) is not a valid pass
-
word character and specifying an asterisk (*) as one or more characters in a password is allowed as long as
every character is not an asterisk. For example, password **123456** is allowed; password ******** is
not allowed.
Configuring Password Policy Settings Managing Switch User Accounts
page 9-14 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Configuring Password Policy Settings
The global password policy settings for the switch define the following requirements that are applied to all
user accounts:
• Minimum password size.
• Whether or not the password can contain the username.
• The minimum number of uppercase characters required in a password.
• The minimum number of uppercase characters required in a password.
• The minimum number of base-10 digits required in a password.
• The minimum number of non-alphanumeric characters (symbols) required in a password.
• Password expiration.
• The maximum number of old passwords that are saved in the password history.
• The minimum number of days during which a user is not allowed to change their password.
Password policy settings are applied when a password is created or modified. The following subsections
describe how to configure these settings using CLI commands.
To view the current policy configuration, use the show user password-policy command. For more infor-
mation about this command and those used in the configuration examples throughout this section, see the
OmniSwitch AOS Release 6 CLI Reference Guide.
Managing Switch User Accounts Configuring Password Policy Settings
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 9-15
Setting a Minimum Password Size
The default minimum password length (or size) is 8 characters. To configure a minimum password size,
enter the
user password-size min command. For example:
-> user password-size min 10
The minimum length for any passwords configured for users is now 10 characters.
The maximum password length is 31 characters.
Configuring the Username Password Exception
By default, specifying the username as all or part of a password is allowed. Use the user password-policy
cannot-contain-username command to block the ability to configure a password that contains the user-
name. For example:
-> user password-policy cannot-contain-username enable
Enabling this functionality prevents the user from specifying the username in the password that is config-
ured for the same user account. For example, the password for the account username of public can not
contain the word public in any part of the password. However, the username of another account is still
allowed.
Configuring Password Character Requirements
The character requirements specified in the global password policy determine the minimum number of
uppercase, lowercase, non-alphanumeric, and 10-base digit characters required in all passwords. These
requirements are configured using the following user password-policy commands:
Specifying zero with any of the these commands disables the requirement. For example, if the number of
minimum uppercase characters is set to zero (the default), then there is no requirement for a password to
contain any uppercase characters.
Command Configures ...
user password-policy min-uppercase The minimum number of uppercase characters
required in all passwords.
user password-policy min-lowercase The minimum number of lowercase characters
required in all passwords.
user password-policy min-digit The minimum number of base-10 digits required
in all passwords.
user password-policy min-nonalpha The minimum number of non-alphanumeric char-
acters (symbols) required in all passwords.
Configuring Password Policy Settings Managing Switch User Accounts
page 9-16 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Configuring Password Expiration
By default, password expiration is disabled on the switch. A global default password expiration can be
specified for all users or password expiration can be set for an individual user.
Note. When the current user’s password has less than one week before expiration, the switch will display
an expiration warning after login.
If a user’s password expires, the user will be unable to log into the switch through any interface; the
admin user must reset the user’s password. If the admin user’s password expires, the admin user will have
access to the switch through the console port with the currently configured password.
Default Password Expiration
To set password expiration globally, use the user password-expiration command with the desired
number of days; the allowable range is 1 to 150 days. For example:
-> user password-expiration 3
The default password expiration is now set to three days. All user passwords on the switch will be set or
reset with the three-day expiration. If an individual user was configured with a different expiration, the
expiration will be reset to the global value.
The expiration is based on the switch system date/time and date/time the user password-expiration
command is entered. For example, if a user is configured with a password expiration of 10 days, but the
global setting is 20 days, that user’s password will expire in 10 days.
To disable the default password expiration, use the user password-expiration command with the disable
option:
-> user password-expiration disable
Specific User Password Expiration
To set password expiration for an individual user, use the user password-expiration command with the
expiration keyword and the desired number of days or an expiration date. For example:
-> user bert password techpubs expiration 5
This command gives user bert a password expiration of five days.
To set a specific date for password expiration, include the date in mm/dd/yyyy hh:mm format. For example:
-> user bert password techpubs expiration 02/19/2003 13:30
This command sets the password expiration to February 19, 2003, at 1:30pm; the switch will calculate the
expiration based on the system date/time. The
system date and system time commands displays the
system date and time information. For more information on the system date or time, see the
OmniSwitch AOS Release 6 Switch Management Guide.
Note. The expiration will be reset to the global default setting (based on the user password-expiration
command) if the user password is changed or the user password-expiration command is entered again.
Managing Switch User Accounts Configuring Password Policy Settings
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 9-17
Configuring the Password History
The password history refers to the number of old passwords for each user account that are saved by the
switch. This functionality prevents the user from using the same password each time their account pass
-
word is changed. For example, if the password history is set to 10 and a new password entered by the user
matches any of the 10 passwords saved, then an error message is displayed notifying the user that the
password is not available.
By default, the password history is set to save up to 4 old passwords for each user account. To configure
the number of old passwords to save, use the
user password-history command. For example:
-> user password-history 2
To disable the password history function, specify 0 as the number of old passwords to save. For example:
-> user password-history 0
A password is dropped from the password history when it no longer falls within the number of passwords
that are retained by the switch.
Configuring the Minimum Age for a Password
The password minimum age setting specifies the number of days during which a user is not allowed to
change their password. It is necessary to configure a password minimum age value that is less than the
password expiration value.
The default minimum age is set to zero, which means that there is no minimum age requirement for a
password. To configure a minimum password age, use the
user password-min-age command. For exam-
ple:
-> user password-min-age 7
This command specifies that the user is prevented from changing their password for seven days from the
time the password was created or modified.
Configuring Global User Lockout Settings Managing Switch User Accounts
page 9-18 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Configuring Global User Lockout Settings
The following user lockout settings configured for the switch apply to all user accounts:
• Lockout window—the length of time a failed login attempt is aged before it is no longer counted as a
failed attempt.
• Lockout threshold—the number of failed login attempts allowed within a given lockout window period
of time.
• Lockout duration—the length of time a user account remains locked until it is automatically unlocked.
In addition to the above lockout settings, the network administrator also has the ability to manually lock
and unlock user accounts. The following subsections describe how to configure user lockout settings and
how to manually lock and unlock user accounts.
Note. Only the admin user is allowed to configure user lockout settings. The admin account is protected
from lockout; therefore, it is always available.
Lockout settings are saved automatically; that is, these settings do not require the write memory, copy
running-config working, or configuration snapshot command to save user settings over a reboot. To
view the current lockout settings configured for the switch, use the show user lockout-setting command.
For more information about this command and those used in the configuration examples throughout this
section, see the OmniSwitch AOS Release 6 CLI Reference Guide.
Configuring the User Lockout Window
The lockout window is basically a moving observation window of time in which failed login attempts are
counted. If the number of failed login attempts exceeds the lockout threshold setting (see
“Configuring the
User Lockout Threshold Number” on page 9-19) during any given observation window period of time, the
user account is locked out of the switch.
If a failed login attempt ages beyond the observation window of time, that attempt is no longer counted
towards the threshold number. For example, if the lockout window is set for 10 minutes and a failed login
attempt occurred 11 minutes ago, then that attempt has aged beyond the lockout window time and is not
counted. In addition, the failed login count is decremented when the failed attempt ages out.
By default, the lockout window is set to 0; this means that there is no observation window and failed login
attempts are not counted. The user is allowed an unlimited number of failed login attempts. To configure
the lockout window time, in minutes, use the
user lockout-window command. For example:
-> user lockout-window 30
Do not configure an observation window time period that is greater than the lockout duration time period
(see
“Configuring the User Lockout Duration Time” on page 9-19).
Managing Switch User Accounts Configuring Global User Lockout Settings
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 9-19
Configuring the User Lockout Threshold Number
The lockout threshold number specifies the number of failed login attempts allowed during any given
lockout window period of time (see
“Configuring the User Lockout Window” on page 9-18). For exam-
ple, if the lockout window is set for 30 minutes and the threshold number is set for 3 failed login attempts,
then the user is locked out when 3 failed login attempts occur within a 30 minute time frame.
By default, the lockout threshold number is set to 0; this means that there is no limit to the number of
failed login attempts allowed, even if a lockout window time period exists. To configure a lockout thresh
-
old number, use the user lockout-threshold command. For example:
-> user lockout-threshold 3
A locked user account is automatically unlocked when the lockout duration time (see “Configuring the
User Lockout Duration Time” on page 9-19) is reached or the admin user manually unlocks the user
account.
Configuring the User Lockout Duration Time
The user lockout duration time specifies the number of minutes a user account remains locked until it is
automatically unlocked by the switch. This period of time starts when the user account is locked out of the
switch. At any point during the lockout duration time, the admin user can still manually unlock the user
account.
By default, the user lockout duration time is set to 0; this means that there is no automatic unlocking of a
user account by the switch. The locked user account remains locked until it is manually unlocked by the
admin user. To configure a lockout duration time, use the
user lockout-duration command. For example:
-> user lockout-duration 60
Do not configure a lockout duration time that is less than the lockout window time period (see “Configur-
ing the User Lockout Window” on page 9-18).
Configuring Global User Lockout Settings Managing Switch User Accounts
page 9-20 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Manually Locking and Unlocking User Accounts
The user lockout unlock command is used to manually lock or unlock a user account. This command is
only available to the admin user or a user who has read/write access privileges to the switch.
To lock a user account, enter user lockout and the username for the account. For example,
-> user lockout j_smith
To unlock a user account, enter user unlock and the username for the locked account. For example,
-> user unlock j_smith
In addition to this command, the admin user or users with read/write access privileges can change the user
account password to unlock the account.
If a lockout duration time (see “Configuring the User Lockout Duration Time” on page 9-19) is not config-
ured for the switch, then it is only possible to manually unlock a user account with the user lockout
command or by changing the user password.
Managing Switch User Accounts Configuring Privileges for a User
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 9-21
Configuring Privileges for a User
To configure privileges for a user, enter the user command with the read-only or read-write option and
the desired CLI command domain names or command family names. The read-only option provides
access to show commands; the read-write option provides access to configuration commands and show
commands. Command families are subsets of command domains.
If you create a user without specifying any privileges, the user’s account will be configured with the privi-
leges specified for the default user account.
Command domains and families are listed here:
In addition to command families, the keywords all or none can be used to set privileges for all command
families or no command families respectively.
An example of setting up user privileges:
-> user thomas read-write domain-network ip-helper telnet
User thomas will have write access to all the configuration commands and show commands in the
network domain, as well as Telnet and IP helper (DHCP relay) commands. The user will not be able to
execute any other commands on the switch.
Use the keyword all to specify access to all commands. In the following example, the user is given read
access to all commands:
-> user lindy read-only all
Note. When modifying an existing user, the user password is not required. If you are configuring a new
user with privileges, the password is required.
Use the keyword all-except to disable the function privileges for a specific family for a user. The follow-
ing example creates a user with read-write privileges for all families except dshell.
-> user techpubs password writer read-write all-except dshell
The default user privileges can also be modified. See “Default User Settings” on page 9-9.
Domain Corresponding Families
domain-admin file telnet debug
domain-system system aip snmp rmon webmgt config
domain-physical chassis module interface pmm health
domain-network ip rip ip-routing ipmr ipms rdp ipv6
domain-layer2 vlan bridge stp 802.1q linkagg ip-helper
domain-service dns
domain-policy qos policy
domain-security session aaa
Setting Up SNMP Access for a User Account Managing Switch User Accounts
page 9-22 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Setting Up SNMP Access for a User Account
By default, users can access the switch based on the SNMP setting specified for the default user account.
The user command, however, can be used to configure SNMP access for a particular user. SNMP access
can be configured without authentication and encryption required (supported by SNMPv1, SNMPv2, or
SNMPv3). Or the user command can be configured with authentication or authentication/encryption
required (SNMPv3 only).
SNMP authentication specifies the algorithm that must be used for computing the SNMP authentication
key. It can also specify AES or DES encryption. The following options can be configured for a user’s
SNMP access with authentication or authentication/encryption:
• SHA—The SHA authentication algorithm is used for authenticating SNMP PDU for the user.
• MD5—The MD5 authentication algorithm is used for authenticating SNMP PDU for the user.
• SHA and DES—The SHA authentication algorithm and DES encryption standard is used for authenti-
cating and encrypting SNMP PDU for the user.
• MD5 and DES—The MD5 authentication algorithm and the DES encryption standard is used for
authenticating and encrypting SNMP PDU for the user.
• SHA and 3DES — The SHA authentication algorithm and 3DES encryption standard is used for
authenticating and encrypting SNMP PDU for the user.
• SHA and AES— The SHA authentication algorithm and AES encryption standard is used for authenti-
cating and encrypting SNMP PDU for the user.
• SHA and AES192— The SHA authentication algorithm and AES192 encryption standard is used for
authenticating and encrypting SNMP PDU for the user.
• SHA and AES256— The SHA authentication algorithm and AES256 encryption standard is used for
authenticating and encrypting SNMP PDU for the user.
• SHA224— The SHA224 authentication algorithm is used for authenticating SNMP PDU for the user.
• SHA224 and 3DES— The SHA224 authentication algorithm and 3DES encryption standard is used for
authenticating and encrypting SNMP PDU for the user.
• SHA224 and AES— The SHA224 authentication algorithm and AES encryption standard is used for
authenticating and encrypting SNMP PDU for the user.
• SHA224 and AES192— The SHA224 authentication algorithm and AES192 encryption standard is
used for authenticating and encrypting SNMP PDU for the user.
• SHA224 and AES256— The SHA224 authentication algorithm and AES256 encryption standard is
used for authenticating and encrypting SNMP PDU for the user.
• SHA256— The SHA256 authentication algorithm is used for authenticating SNMP PDU for the user.
• SHA256 and 3DES— The SHA256 authentication algorithm and 3DES encryption standard is used for
authenticating and encrypting SNMP PDU for the user.
• SHA256 and AES— The SHA256 authentication algorithm and AES encryption standard is used for
authenticating and encrypting SNMP PDU for the user.
• SHA256 and AES192— The SHA256 authentication algorithm and AES192 encryption standard is
used for authenticating and encrypting SNMP PDU for the user.
Managing Switch User Accounts Setting Up SNMP Access for a User Account
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 9-23
• SHA256 and AES256— The SHA256 authentication algorithm and AES256 encryption standard is
used for authenticating and encrypting SNMP PDU for the user.
The user’s level of SNMP authentication is superseded by the SNMP version allowed globally on the
switch. By default, the switch allows all SNMP requests. Use the
snmp security command to change the
SNMP security level on the switch.
Note. At least one user with SHA/MD5 authentication and/or DES encryption must be configured on the
switch for SNMPv3 communication with OmniVista.
The community string carried in the SNMP PDU identifies the request as an SNMPv1 or SNMPv2
request. The way the community string is handled on the switch is determined by the setting of the
snmp
community map mode command. If the community map mode is enabled, the community string is
checked against the community strings database (populated by the snmp community map command). If
the community map mode is disabled, then the community string value is checked against the user data-
base. In either case, if the check fails, the request is dropped.
For more information about configuring SNMP globally on the switch, see Chapter 3, “Using SNMP and
OpenFlow.”
The next sections describe how to configure SNMP access for users. Note the following:
• SNMP access cannot be specified for the admin user. However, SHA2 (SHA224 and SHA256) hash-
ing algorithms can be configured for admin user. The default hash algorithm for admin user is SHA1.
‘Snmp authentication’ field in the
show user command displays the hashing algorithm configured for
the admin user.
• The hashing algorithm modification must always associated with the password change, that is,
whenever the admin user’s hashing algorithm is modified, the admin user’s password must be
reconfigured (that is new password must be entered).
• If the hashing algorithm is modified to SHA2 for the admin user, in case of software downgrade,
SNMP access to the admin user will be enabled. To avoid this, configure the hash level of the admin
user to 'no snmp' before downgrade using the command user admin password <string> no snmp.
• When modifying a user’s SNMP access, the user password must be re-entered (or a new one config-
ured). This is required because the hash algorithm used to save the password in the switch depends on
the SNMP authentication level.
Setting Up SNMP Access for a User Account Managing Switch User Accounts
page 9-24 OmniSwitch AOS Release 6 Switch Management Guide December 2017
SNMP Access Without Authentication/Encryption
To give a user SNMP access without SNMP authentication required, enter the user command with the no
auth option. For example, to give existing user thomas SNMP access without SNMP authentication, enter
the following:
-> user thomas password techpubs no auth
For this user, if the SNMP community map mode is enabled (the default), the SNMP community map
must include a mapping for this user to a community string. In this example, the community string is
our_group:
-> snmp community map our_group user thomas
In addition, the global SNMP security level on the switch must allow non-authenticated SNMP frames
through the switch. By default, the SNMP security level is privacy all; this is the highest level of SNMP
security, which allows only SNMPv3 frames through the switch. Use the snmp security command to
change the SNMP security level. For more information about configuring SNMP globally on the switch,
see
Chapter 3, “Using SNMP and OpenFlow.”
SNMP Access With Authentication/Encryption
To configure a user with SNMP access and authentication, enter the user command with the desired
authentication type (sha, md5, sha+des, and md5+des).
-> user thomas password techpubs sha+des
When SNMP authentication is specified, an SNMP authentication key is computed from the user pass-
word based on the authentication/encryption setting. In this example, the switch would use the SHA
authentication algorithm and DES encryption on the techpubs password to determine the SNMP authenti
-
cation key for this user. The key is in hexadecimal form and is used for encryption/de-encryption of the
SNMP PDU.
The authentication key is only displayed in an ASCII configuration file if the snapshot command is
entered. The key is indicated in the file by the syntax authkey key. See
Chapter 7, “Working With Config-
uration Files,” for information about using the snapshot command. The key is not displayed in the CLI.
Removing SNMP Access From a User
To deny SNMP access, enter the user command with the no snmp option:
-> user thomas no snmp
This command results in thomas no longer having SNMP access to manage the switch.
Managing Switch User Accounts Setting Up End-User Profiles
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 9-25
Setting Up End-User Profiles
End-user profiles are designed for user accounts in the carrier market. With end-user profiles, a network
administrator can configure customer login accounts that restrict users to particular command areas over
particular ports and/or VLANs.
End-user profiles are only managed and stored on the switch; profiles are not stored on external servers.
Note. End-user profiles cannot be used in conjunction with user partitioned management; the features are
mutually exclusive.
The following table shows the end-user command areas and the commands associated with each area:
Area Keyword Available Commands
physical flow
flow wait
interfaces
interfaces admin
interfaces alias
interfaces no L2 statistics
trap port link
show interfaces
vlan-table vlan
vlan 802.1q
vlan 802.1q frame type
vlan 802.1q force tag internal
vlan authentication
vlan binding mac-ip-port
vlan binding mac-port-protocol
vlan binding mac-port
vlan binding mac-ip
vlan binding ip-port
vlan dhcp mac
vlan dhcp mac range
vlan dhcp port
vlan dhcp generic
vlan mac
vlan mac range
vlan ip
vlan port default
vlan protocol
vlan port
vlan port mobile
vlan port default vlan restore
vlan port authenticate
vlan stp
vlan user
show 802.1q
show vlan rules
show vlan port mobile
show vlan
show vlan port
show vlan router mac status
mac-filtering-table mac-address-table
mac-address-table aging-time
show mac-address-table
show mac-address-table count
show mac-address aging-time
spantree show spantree
show spantree ports
basic-ip-routing show arp
ip-routes-table show ip route
Setting Up End-User Profiles Managing Switch User Accounts
page 9-26 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Creating End-User Profiles
To set up an end-user profile, use the aaa admin-logout command and enter a name for the profile. Spec-
ify read-only or read-write access to particular command areas. The profile can also specify port ranges
and/or VLAN ranges. The port ranges and VLAN ranges must be configured on separate command lines
and are discussed in the next sections.
In this example, a profile is created with access to physical commands on the switch:
-> end-user profile Profile3 read-write physical
A profile named Profile3 is now available on the switch and can be associated with a user through the
user command.
If port ranges or VLAN ranges are not configured, a user with this profile will not be able to use any
commands that require port or VLAN values or view any show outputs that contain port or VLAN values.
Setting Up Port Ranges in a Profile
To set up port ranges for a profile, enter the end-user profile port-list command with the relevant profile
name and the desired slots/ports. For example:
-> end-user profile Profile3 port-list 2 3/1-4
In this example, the port list includes all ports in slot 2, and ports 1 through 4 on slot 3. A user with this
profile will be able to manage these ports (depending on the command areas specified in the profile).
To remove a port list, use the no form of the command with the relevant slot number(s). All ports in the
port list on a given slot will be removed. For example:
-> end-user profile Profile3 no port-list 3
In this example, all ports on slot 3 are removed from the profile.
Setting Up VLAN Ranges in a Profile
To set up VLAN ranges for a profile, enter the end-user profile vlan-range command with the relevant
profile name and the desired VLAN range. For example:
-> end-user profile Profile3 vlan-range 2-4 7-8
In this example, the VLAN range includes VLANs 2, 3, 4, 7, and 8. A user with this profile will be able to
manage these VLANs (depending on the command areas specified in the profile).
To remove a VLAN range from a profile, use the no form of the command and the VLAN ID of the start
of the range to be removed. For example:
-> end-user profile Profile3 no vlan-range 7
This command removes VLANs 7 and 8 from Profile3.
Managing Switch User Accounts Verifying the User Configuration
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 9-27
Associating a Profile With a User
To associate a profile with a user, enter the user command with the end-user profile keywords and the
relevant profile name. For example:
-> user Customer2 end-user profile Profile3
Profile3 is now associated with Customer2. When Customer2 logs into the switch, Customer2 will have
access to command areas, port ranges, and VLAN ranges specified by Profile3.
The user information stored on an external server can include a profile name. When the user attempts to
log into the switch, the switch will attempt to match the profile name to a profile stored on the switch.
Removing a Profile From the Configuration
To delete a profile from the configuration, enter the no form of the end-user profile command with the
name of the profile you want to delete. For example:
-> no end-user profile Profile3
Profile3 is deleted from the configuration.
Note. If the profile name is associated with a user, and the profile is deleted from the configuration, the
user will not have access to the switch.
Verifying the User Configuration
To display information about user accounts configured locally in the user database, use the show
commands listed here:
For more information about the resulting displays from these commands, see the OmniSwitch AOS
Release 6 CLI Reference Guide. An example of the output for the show user command is also given in
“Quick Steps for Network Administrator User Accounts” on page 9-7.
show user Displays information about all users or a particular user configured in
the local user database on the switch.
show user password-size Displays the minimum number of characters that are required for a user
password.
show user password-expiration Displays the expiration date for passwords configured for user accounts
stored on the switch.
show user password-policy Displays the global password settings configured for the switch.
show user lockout-setting Displays the global user lockout settings configured for the switch.
show end-user profile Displays information about end-user profiles.
show aaa classification-rule Displays hexadecimal values for command domains/families.
Verifying the User Configuration Managing Switch User Accounts
page 9-28 OmniSwitch AOS Release 6 Switch Management Guide December 2017
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 10-1
10 Managing Switch Security
Switch security is provided on the switch for all available management interfaces (console, Telnet, HTTP,
FTP, Secure Shell, and SNMP). The switch can be set up to allow or deny access through any of these
interfaces.
Note. Users attempting to access the switch must have a valid username and password.
In This Chapter
This chapter describes how to set up switch management interfaces through the Command Line Interface
(CLI). CLI commands are used in the configuration examples; for more details about the syntax of
commands, see the OmniSwitch AOS Release 6 CLI Reference Guide.
An overview of switch security is given in this chapter. In addition, configuration procedures described in
this chapter include:
• “Configuring Authenticated Switch Access” on page 10-6
• “Setting Up Management Interfaces for ASA” on page 10-9
• “Configuring Accounting for ASA” on page 10-12
• “Authenticated Switch Access - Enhanced Mode” on page 10-14
For more information about the resulting displays from these commands, see the OmniSwitch AOS Release
6 CLI Reference Guide. An example of the output for the show aaa authentication command is also given
in “
“Quick Steps for Setting Up ASA” on page 10-7.
A user login procedure requires that users are authenticated for switch access via an external authentica-
tion server or the local user database. For information about setting up user accounts locally on the switch,
see
Chapter 9, “Managing Switch User Accounts.” For information about setting up external servers that
are configured with user information, see the “Managing Authentication Servers” chapter in the OmniS-
witch AOS Release 6 Network Configuration Guide.
This chapter describes how to enable/disable access for management interfaces. For information about
basic login on the switch, see
Chapter 2, “Logging Into the Switch.”
Switch Security Specifications Managing Switch Security
page 10-2 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Switch Security Specifications
The following table describes the maximum number of sessions allowed on an OmniSwitch:
Note. An IPv6 client session for Telnet, FTP, SSH, SFTP, and SNMP is supported on an OmniSwitch
6350, 6450.
Switch Security Defaults
Access to managing the switch is always available for the admin user through the console port, even if
management access to the console port is disabled for other users.
Session OmniSwitch 6350, 6450
Telnet (v4 or v6) 4
FTP (v4 or v6) 4
SSH + SFTP (v4 or v6 secure
sessions)
8
HTTP 4
Total Sessions 20
SNMP 50
Managing Switch Security Switch Security Overview
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 10-3
Switch Security Overview
Switch security features increase the security of the basic switch login process by allowing management
only through particular interfaces for users with particular privileges. Login information and privileges can
be stored on the switch and/or an external server, depending on the type of external server you are using
and how you configure switch access.
The illustration here shows the components of switch security:
An external RADIUS or LDAP server can supply both user login and authorization information. ACE/
Server can provide login information; user authorization information is available through the switch’s
local user database. External servers can also be used for accounting, which includes logging statistics
about user sessions. For information about configuring the switch to communicate with external servers,
see the “Managing Authentication Servers” chapter in the OmniSwitch AOS Release 6 Network Configura
-
tion Guide.
If an external server is not available or is not configured, user login information and user authorization can
be provided through the local user database on the switch. The user database is described in
Chapter 9,
“Managing Switch User Accounts.”
Logging can also be accomplished directly on the switch. For information about configuring local logging
for switch access, see
“Configuring Accounting for ASA” on page 10-12. For complete details about local
logging, see the “Using Switch Logging” chapter in the OmniSwitch AOS Release 6 Network Configura-
tion Guide.
RADIUS, LDAP, or ACE
Server
OmniSwitch
End User
login request
Servers supply login infor-
mation about the user. User
privilege information is also
available on RADIUS and
LDAP servers.
Authenticated Switch Access Setup
management interface
local user
database
Authenticated Switch Access Managing Switch Security
page 10-4 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Authenticated Switch Access
Authenticated Switch Access (ASA) is a way of authenticating users who want to manage the switch. With
authenticated access, all switch login attempts using the console or modem port, Telnet, FTP, SNMP, or
HTTP require authentication via the local user database or via a third-party server.
This section describes how to configure management interfaces for authenticated access as well as how to
specify external servers that the switch can poll for login information. The type of server can be an
authentication-only mechanism or an authentication, authorization, and accounting (AAA) mechanism.
AAA Servers—RADIUS or LDAP
AAA servers are able to provide authorization for switch management users as well as authentication (they
also can be used for accounting). The AAA servers supported on the switch are Remote Authentication
Dial-In User Service (RADIUS) or Lightweight Directory Access Protocol (LDAP) servers. User login
information and user privileges can be stored on the servers.
Privileges are used for network administrator accounts. Instead of user privileges an end-user profile can
be associated with a user for customer login accounts. User information configured on an external server
can include a profile name attribute. The switch will attempt to match the profile name to a profile stored
locally on the switch.
The following illustration shows the two different user types attempting to authenticate with a AAA
server:
For more information about types of users, see Chapter 9, “Managing Switch User Accounts.”
Authentication-only—ACE/Server
Authentication-only servers are able to authenticate users for switch management access, but authoriza-
tion (or what privileges the user has after authenticating) are determined by the switch. Authentication-
only servers cannot return user privileges or end-user profiles to the switch. The authentication-only server
supported by the switch is ACE/Server, which is a part of RSA Security’s SecurID product suite. RSA
Security’s ACE/Agent is embedded in the switch.
The switch polls the server
for login information, which
can reference a profile
name; end-user profiles are
stored on the switch.
LDAP or RADIUS
Server
AAA Server (LDAP or RADIUS)
OmniSwitch
login request
The switch polls the server
and receives login and privi-
lege information about the
user.
Customer
login request
OmniSwitch
Network Administrator
LDAP or RADIUS
Server
end-user
profile
Managing Switch Security Authenticated Switch Access
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 10-5
The following illustration shows the two different user types attempting to authenticate with an ACE/
Server:
Note. A RADIUS server supporting the challenge and response mechanism as defined in RADIUS
RFC
2865 can access an ACE/Server for authentication purposes. The ACE/Server is then used for user
authentication, and the RADIUS server is used for user authorization.
Interaction With the User Database
By default, switch management users can be authenticated through the console port via the local user data-
base. If external servers are configured for other management interfaces (such as Telnet, or HTTP), but the
servers become unavailable, the switch will poll the local user database for login information.
Access to the console port provides secure failover in case of misconfiguration or if external authentica-
tion servers become unavailable. The admin user is always authorized through the console port via the
local database (provided the correct password is supplied), even if access to the console port is disabled.
The database includes information about whether or not a user is able to log into the switch and which
kinds of privileges or rights the user has for managing the switch. The database can be set up by the
admin user or any user with write privileges to the AAA commands.
See Chapter 9, “Managing Switch User Accounts,” for more information about setting up the user data-
base.
ASA and Authenticated VLANs
Layer 2 Authentication uses Authenticated VLANs to authenticate users through the switch out to a
subnet. Authenticated Switch Access authenticates users into the switch to manage it. The features are
independent of each other; however, user databases for each feature can be located on the same authentica
-
tion server.
For more information on authenticated VLANs, and authentication servers, see “Configuring Authenti-
cated VLANs” and “Configuring Authentication Servers” in the
OmniSwitch AOS Release 6 Network Configuration Guide.
The switch polls the server
for login information; end-
user profiles are stored on
the switch.
ACE/Server
OmniSwitch
login request
The switch polls the server
for login information; privi-
leges are stored on the
switch.
ACE/Server
Authentication-Only Server (ACE/Server)
Customer
login request
OmniSwitch
Network Administrator
user
privilege
s
end-user
profiles
Configuring Authenticated Switch Access Managing Switch Security
page 10-6 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Configuring Authenticated Switch Access
Setting up Authenticated Switch Access involves the following general steps:
1 Set Up the Authentication Servers. This procedure is described briefly in this chapter. See the
“Managing Authentication Servers” chapter of the OmniSwitch AOS Release 6 Network Configuration
Guide for complete details.
2 Set Up the Local User Database. Set up user information on the switch if user login or privilege infor-
mation will be pulled from the switch. See Chapter 9, “Managing Switch User Accounts.”
3 Set Up the Management Interfaces. This procedure is described in “Setting Up Management Inter-
faces for ASA” on page 10-9.
4 Set Up Accounting. This step is optional and is described in “Configuring Accounting for ASA” on
page 10-12.
Additional configuration is required to set up the switch to communicate with external authentication serv-
ers. This configuration is briefly mentioned in this chapter and described in detail in the “Managing
Authentication Servers” chapter of the OmniSwitch AOS Release 6 Network Configuration Guide.
If you are using the local switch database to authenticate users, user accounts must be set up on the switch.
Procedures for creating user accounts are described in this chapter. See
Chapter 9, “Managing Switch User
Accounts.”
Note that by default:
• Authenticated switch access is available only through the console port.
• Users are authenticated through the console port via the local user database on the switch.
These defaults provide “out-of-the-box” security at initial startup. Other management interfaces (Telnet,
HTTP, and so on.) must be specifically enabled before they can access the switch.
A summary of the commands used for configuring ASA is given in the following table:
Commands Used for...
aaa radius-server
aaa tacacs+-server
Setting up the switch to communicate with external RADIUS or LDAP
authentication servers.
aaa authentication Configuring the management interface and specifying the servers and/or
local user database to be used for the interface.
aaa accounting mac Optional. Specifies servers to be used for accounting.
Managing Switch Security Quick Steps for Setting Up ASA
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 10-7
Quick Steps for Setting Up ASA
1 If the local user database is used for user login information, set up user accounts through the user
command. User accounts includes user privileges or an end-user profile. In this example, user privileges
are configured:
-> user thomas password pubs read-write domain-network ip-helper telnet
If SNMP access is configured for the user, the global SNMP setting for the switch can be configured
through the
snmp security command. See Chapter 9, “Managing Switch User Accounts,” for more
information about setting up user accounts.
2 If an external RADIUS or LDAP server will is used for user login information, use the
aaa radius-server or aaa tacacs+-server commands to configure the switch to communicate with these
servers. For example:
-> aaa radius-server rad1 host 10.10.1.2 timeout 3
For more information, see the “Managing Authentication Servers” chapter in the OmniSwitch AOS
Release 6 Network Configuration Guide.
3 Use the aaa authentication command to specify the management interface through which switch
access is permitted (such as console, telnet, ftp, http, or ssh). Specify the server and backup servers to be
used for checking user login and privilege information. Multiple servers of different types can be
specified. For example:
-> aaa authentication telnet rad1 ldap2 local
The order of the server names is important. The switch uses the first available server in the list. In this
example, the switch would use rad1 to authenticate Telnet users. If rad1 becomes unavailable, the switch
will use ldap2. If ldap2 then becomes unavailable, the switch will use the local user database to authenti
-
cate users.
4 Repeat step 3 for each management interface to which you want to configure access; or use the default
keyword to specify access for all interfaces for which access is not specifically denied. For example, if
you want to configure access for all management interfaces except HTTP, you would enter:
-> no aaa authentication http
-> aaa authentication default rad1 local
Note the following:
• SNMP access can only use LDAP servers or the local user database. If you configure the default
management access with only RADIUS and/or ACE, SNMP will not be enabled.
• It is recommended that Telnet and FTP be disabled if Secure Shell (ssh) is enabled.
• If you want to use WebView to manage the switch, make sure HTTP is enabled.
5 Specify an accounting server if a RADIUS or LDAP server will be used for accounting. Specify local
if accounting can be done on the switch through the Switch Logging feature. Multiple servers can be
specified as backups.
-> aaa accounting session ldap2 local
Quick Steps for Setting Up ASA Managing Switch Security
page 10-8 OmniSwitch AOS Release 6 Switch Management Guide December 2017
The order of the server names is important here as well. In this example, the switch will use ldap2 for
logging switch access sessions. If ldap2 becomes unavailable, the switch will use the local Switch
Logging facility. For more information about Switch Logging, see the
OmniSwitch AOS Release 6 Network Configuration Guide.
Note. To verify the switch access setup, enter the show aaa authentication command. The display is
similar to the one shown here:
Service type = Default
1rst authentication server = rad1
2nd authentication server = local
Service type = Console
Authentication = Use Default,
1rst authentication server = rad1
2nd authentication server = local
Service type = Telnet
Authentication = Use Default,
1rst authentication server = rad1
2nd authentication server = local
Service type = Ftp
Authentication = Use Default,
1rst authentication server = rad1
2nd authentication server = local
Service type = Http
Authentication = denied
Service type = Snmp
Authentication = Use Default,
1rst authentication server = rad1
2nd authentication server = local
Service type = Ssh
Authentication = Use Default,
1rst authentication server = rad1
2nd authentication server = local
For more information about this command, see the OmniSwitch AOS Release 6 CLI Reference Guide.
Managing Switch Security Setting Up Management Interfaces for ASA
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 10-9
Setting Up Management Interfaces for ASA
By default, authenticated access is available through the console port. Access through other management
interfaces is disabled. Other management interfaces include Telnet, FTP, HTTP, Secure Shell, and SNMP.
This chapter describes how to set up access for management interfaces. For more details about particular
management interfaces and how they are used, see
Chapter 2, “Logging Into the Switch.”
To give switch access to management interfaces, use the aaa authentication command to allow or deny
access to each interface type; the default keyword can be used to configure access for all interface types.
Specify the server(s) to be used for authentication through the indicated management interface.
Keywords used for specifying management interfaces are listed here:
Note that ssh is the keyword used to specify Secure Shell.
To specify an external authentication server or servers, use the RADIUS or LDAP server name or the
keyword ace for an ACE/Server. To specify that the local user database must be used for authentication,
use the local keyword. Up to four servers can be specified.
RADIUS and LDAP servers are set up to communicate with the switch via the aaa radius-server and
aaa tacacs+-server commands. ACE/Servers do not require any configuration, but you must FTP the
sdconf.rec file from the server to the switch’s network directory. For more information about configur-
ing the switch to communicate with these servers, see the “Managing Authentication Servers” chapter of
the OmniSwitch AOS Release 6 Network Configuration Guide.
Note. RADIUS or LDAP servers used for authenticated switch access can also be used with authenticated
VLANs. Authenticated VLANs are described in the “Configuring Authenticated VLANs” chapter of the
OmniSwitch AOS Release 6 Network Configuration Guide.
The order of the specified servers is important. The switch uses only one server for authentication—the
first available server in the list. All authentication attempts will be tried on that server. Other servers are
not tried, even if they are available. If local is specified, it must be last in the list since the local user data
-
base is always available when the switch is up.
Servers can also be used for accounting, or logging, of authenticated sessions. See “Configuring Account-
ing for ASA” on page 10-12.
The following table describes the management access interfaces or methods and the types of authentica-
tion servers that can be used with them:
keywords
console
telnet
ftp
http
ssh
snmp
default
Server Type Management Access Method
RADIUS Telnet, FTP, HTTP, Secure Shell
LDAP Telnet, FTP, HTTP, Secure Shell, SNMP
ACE/Server Telnet, FTP, HTTP, Secure Shell
local console, FTP, HTTP, Secure Shell, SNMP
Setting Up Management Interfaces for ASA Managing Switch Security
page 10-10 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Enabling Switch Access
Enter the aaa authentication command with the relevant keyword that indicates the management inter-
face and specify the servers to be used for authentication. In this example, Telnet access for switch
management is enabled. Telnet users will be authenticated through a chain of servers that includes a
RADIUS server and an LDAP server that have already been configured through the aaa radius-server
and aaa ldap-server commands respectively. For example:
-> aaa authentication telnet rad1 ldap2 local
After this command is entered, Telnet users will be authenticated to manage the switch through the rad1
RADIUS server. If that server is unavailable, the LDAP server, ldap2, will be polled for user information.
If that server is unavailable, the local user database will be polled for user information. If the local user
database is specified, it must be last in the list of servers.
To disable authenticated access for a management interface use the no form of the command with the
keyword for the interface. For example:
-> no aaa authentication ftp
FTP access is now denied on the switch.
Note. The admin user always has switch access through the console port even if access is denied through
the console port.
To remove a server from the authenticated switch access configuration, enter the aaa authentication
command with the relevant server names (s) and leave out the names of any servers you want to remove.
For example:
-> aaa authentication telnet rad1 local
The server ldap2 is removed for Telnet access and will not be polled for user information when users
attempt to log into the switch through Telnet.
Note. SNMP can only use LDAP servers or the local user database for authentication.
Configuring the Default Setting
The default keyword can be used to specify the default setting for all management interfaces except those
that have been explicitly denied. For example:
-> no aaa authentication ftp
-> aaa authentication default ldap2 local
In this example, all management interfaces except FTP are given switch access through ldap2 and the
local user database.
Since SNMP can only use LDAP servers or the local database for authentication, RADIUS or ACE/Server
are not valid servers for SNMP management access. If the default interface setting includes only RADIUS
and/or ACE server, the default setting will not be used for SNMP. For example:
-> no aaa authentication ftp
-> aaa authentication default rad1 rad2
Managing Switch Security Setting Up Management Interfaces for ASA
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 10-11
In this scenario, SNMP access is not enabled because only RADIUS servers have been included in the
default setting. If servers of different types are configured and include LDAP or local, SNMP will be
enabled through those servers. For example:
-> aaa authentication default rad1 ldap2 local
In this case, SNMP access is enabled, and users will be authenticated through ldap2 and the local data-
base.
The default keyword can also be used to reset a specified interface to the default interface setting. For
example:
-> aaa authentication telnet default
In this example, Telnet users will now be authenticated through the servers that are specified for the
default interface.
Using Secure Shell
Secure Shell is recommended instead of Telnet and FTP as a method for accessing the switch. (Telnet and
FTP are not secure.) Secure Shell contains a secure FTP application that can be used after a Secure Shell
session is initiated. If Secure Shell is enabled, it is recommended that Telnet and FTP be disabled. For
example:
-> no aaa authentication telnet
-> no aaa authentication ftp
-> aaa authentication ssh rad1 ldap2 local
In addition to enabling Secure Shell on the switch, you can replace the DSA key on the switch. The DSA
key is generated at initial switch startup and copied to the secondary CMM; it includes a private key that
generates a digital signature against a public key. The Secure Shell client will verify this signature when
the client attempts to log into the switch.
The DSA key on the switch is made up of two files contained in the /flash/network directory; the public
key is called ssh_host_dsa_key.pub, and the private key is called ssh_host_dsa_key. To generate a
different DSA key, use the Secure Shell tools available on your Unix or Windows system and copy the
files to the /flash/network directory.
For more information about Secure Shell, see Chapter 2, “Logging Into the Switch.”
Note. Secure Shell cannot be used for Authenticated VLANs.
Configuring Accounting for ASA Managing Switch Security
page 10-12 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Configuring Accounting for ASA
Accounting servers track network resources such as time, packets, bytes, and user activity (when a user
logs in and out, how many login attempts were made, session length, and so on.). The accounting servers
can be located anywhere in the network.
Note the following:
• Up to four servers can be configured.
• The servers can be of different types.
• ACE cannot be used as an accounting server.
• The keyword local must be specified if you want accounting to be performed via the Switch Logging
feature in the switch. If local is specified, it must be the last server in the list.
External accounting servers are configured through the aaa radius-server and aaa tacacs+-server
commands. These commands are described in “Managing Authentication Servers” in the OmniSwitch AOS
Release 6 Network Configuration Guide.
To enable accounting (logging a user session) for Authenticated Switch Access, use the
aaa accounting mac command with the relevant server name(s). In this example, the RADIUS and LDAP
servers have already been configured through the aaa radius-server and aaa ldap-server commands.
-> aaa accounting session rad1 ldap2 local
After this command is entered, accounting will be performed through the rad1 RADIUS server. If that
server is unavailable, the LDAP server, ldap2, will be used for accounting. If that server is unavailable,
logging will be done locally on the switch through the Switch Logging feature. (For more information
about Switch Logging, see the OmniSwitch AOS Release 6 Network Configuration Guide.)
To remove an individual server from the list of servers, enter the aaa accounting session command with
the relevant server name(s), removing the desired server from the list. For example:
-> aaa accounting session rad1 local
The server ldap2 is removed as an accounting server.
To disable accounting for Authenticated Switch Access, use the no form of the aaa accounting session
command:
-> no aaa accounting session
Accounting will not be performed for Authenticated Switch Access sessions.
Managing Switch Security Enabling or Disabling Console Session
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 10-13
Enabling or Disabling Console Session
Console session helps in security-sensitive networks and deployments. The option manages the access to
the switch configuration shell through the console port.
The feature allows the following operations:
• Enable or disable the access to the switch configuration shell through the console port.
• Allows storing the configuration in the configuration file so that even after a reboot, the access to the
switch remains through console port.
Use the command session console to enable the switch access through the console port through the CLI
shell. Example:
-> session console enable
Use the command session console to disable the switch access through the console port through the CLI
shell. Example:
-> session console disable
However, When the command is disabled, only the console on the primary switch is disabled and not the
console on the secondary switch or the idle switch.
To view the status of the CLI console shell use the command show session config.
To display information about CLI console shell status, use the show command listed here:
For more information on command usage and the resulting displays, refer chapter Session Management
Commands in OmniSwitch AOS Release 6 CLI Reference Guide.
If this command is disabled and the telnet, SSH or webview access to the switch is also lost please contact
customer support.
Note. Deleting configuration file will also delete the other configurations. Hence, it is recommended to
create a back-up of the configuration file before deleting the configuration file.
show session config Displays session manager configuration information (for example,
default prompt, banner file name, inactivity timer, login timer, CLI con
-
sole shell status and login attempts).
Authenticated Switch Access - Enhanced Mode Managing Switch Security
page 10-14 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Authenticated Switch Access - Enhanced Mode
Authenticated Switch Access - Enhanced Mode feature allows configuration of enhanced security restric-
tions to the OmniSwitch.
Configuring the ASA Mode
Set the access mode to enhanced or default mode by using the aaa switch-access mode command.
Enhanced mode enables enhanced set of security options for switch access.
ASA mode is not enabled by default or when the switch is in the factory default state. The mode must first
be activated through CLI through console access with default username and password (admin/switch).
However, to avoid this initial CLI command, the new mode can also be activated by creating ‘asaAd
-
vancedMode.cfg’ file in the /flash/switch directory.
Note. It is recommended to save the configuration and reboot the switch when the ASA access mode is
configured.
For example, the following command sets the access mode to default.
-> aaa switch-access mode default
The following command sets the access mode to enhanced mode.
-> aaa switch-access mode enhanced
The following functionality come into effect when the ASA mode is enabled:
• When the enhanced mode is initially activated, the default password-policy and lockout settings are
automatically set to enhanced mode default values. When the switch boots up with a boot.cfg configu
-
ration file that has the enhanced ASA mode activated, LockoutSetting file will be considered for the
modified lockout settings as the modified values will not be stored in boot.cfg.
• Default password switch cannot be set anymore as it does not meet the enhanced mode password
policy. User ‘admin’ shall be forced to change the password upon login.
• The following table lists the factory default and the ASA enhanced mode values for password policy
and user lockout parameters:
Parameters
ASA enhanced mode
default values
Factory default values
User password-size-min 9 8
User-password-expiration Disabled Disabled
User password-policy-cannot-contain-
username
Disabled Disabled
User password-policy min-upper-case 1 0
User password-policy-min-lower-case 1 0
User password-policy-min-digit 1 0
User password-policy-min-nonalpha 1 0
Managing Switch Security Authenticated Switch Access - Enhanced Mode
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 10-15
• If the mode is changed from default to enhanced and if the user password policy settings and the user
lockout settings have the default mode default values, then corresponding enhanced mode default
values will be assigned. If the user password policy settings and the user lockout settings are assigned
with non-default values in the default mode, then the same values will be carried to the enhanced
mode. If the mode is changed from enhanced to default, the user password policy settings and user
lockout settings assigned during enhanced mode will be kept unchanged.
• In enhanced mode, a given user is restricted to only one session. For example, if a user 'admin' has
already logged in a session, another session with the same user 'admin' is not allowed, and the new
session login is refused. This is applicable for both local and external users.
For example:
login: admin
password: ******
Account already in use.
This login failure attempt is not considered as an invalid login attempt for lockout count as this check
is done before the login request reaches AAA.
• When the enhanced mode is activated, other existing sessions will not be logged out. The change of
password for internal or external user will not impact existing sessions until they log out.
• When the ASA mode is set to enhanced or default, the changes will take effect in secondary after write
memory flash-synchro.
• When the mode is changed from enhanced to default, the configurations affected by the enhanced
mode will continue to exist on the switch.
• When enhanced mode is activated, any local user who logs in with the password that does not comply
with the enhanced mode password policy, the user will be prompted to change the password.
• ASA enhanced mode allows the dynamic alignment of IP services like telnet, FTP, SSH, to the AAA
authentication status. Other IP services except console access is disabled. However, existing command
[no] ip service can be used to enable or disable individual IP services.
• In the enhanced mode, a user account will be locked after the authentication failure based on the
threshold value within the observation window duration, irrespective of the access method. The user
account will remain locked for the lockout duration (lockout-window, lockout-threshold, and lockout-
duration is based on the configured or default values.) This is only supported for local users.
• AOS shall support both DSA 1024 and RSA 2048 public key algorithms for SSH in enhanced mode.
• Viewing of SSH public and SSH private key files on the console using vi or more commands is not
allowed in enhanced mode.
User password-history 4 4
User password-min-age 0 0
User lockout-window 1 minute 0
User lockout-duration 5 minutes 0
User lockout-threshold 3 0 (Disabled)
Parameters
ASA enhanced mode
default values
Factory default values
Authenticated Switch Access - Enhanced Mode Managing Switch Security
page 10-16 OmniSwitch AOS Release 6 Switch Management Guide December 2017
• RSA 2048 public/private key pair will be generated in "/flash/network" directory (if not already pres-
ent) when the switch reboots after enabling enhanced mode.
• Webview access supports connection over TLS. In the enhanced mode, the default certificates are
generated with RSA 2048 bit keys.
• When enhanced mode is activated, TLS connections use only TLS 1.2 version. Connection requests
with TLS version 1.1 and lower shall be rejected. Support for TLS 1.2 version would require a switch
reboot after enabling enhanced mode. After reboot, TLS exchange shall use only TLS 1.2 version.
• When the switch is in ASA enhanced mode, both user name and password is prompted to view the
SWLOG data when show log swlog, vi swlog.log, more swlog.log commands are used by the users.
Only those users who provide valid ASA credentials are allowed to view the data. For more informa
-
tion on the switch logging commands, refer chapter Switch Logging Commands in OmniSwitch AOS
Release 6 CLI Reference Guide.
Configuring the IP Lockout Threshold Value
The lockout threshold number specifies the number of failed login attempts from an IP address after which
the IP address will be banned from switch access.
By default, the lockout threshold value is set to 6. To configure a lockout threshold number, use the aaa
switch-access ip-lockout-threshold command. For example:
-> aaa switch-access ip-lockout-threshold 2
IP address is permanently blocked/banned if the number of authentication failures from a particular IP
equals or exceeds IP lockout threshold limit. A maximum of 128 IPs will be added to the banned list.
When the maximum limit has reached, oldest entry from the list is removed to accommodate the new
entries.
Unlock/Release Banned or Locked IP
To release the banned IP addresses that are blocked due to failed login attempts, use the aaa switch-access
banned-ip release command. For example:
-> aaa switch-access banned-ip all release
-> aaa switch-access banned-ip 100.2.45.56 release
Managing Switch Security Authenticated Switch Access - Enhanced Mode
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 10-17
Configuring Privileges for an Access Type
The access privileges for the SSH, TELNET, Console, HTTP, HTTPS can be defined with the read-only
or read-write option and the desired CLI command domain names or command family names. The read-
only option provides access to show commands; the read-write option provides access to configuration
commands and show commands. Command families are subsets of command domains.
Possible values for domains and families are listed in the table here:
In addition to command families, the keywords all or none can be used to set privileges for all command
families or no command families respectively. And, use the all-except keyword to disable functional priv
-
ileges for specific families for an access type.
An example of setting up access type privileges:
-> aaa switch-access priv-mask ssh read-write ripng rip rdp qos port-mapping pmm
Use the keyword all to specify that all command families and domains are available to the user for a
specific access type.
-> aaa switch-access priv-mask ssh read-write all
Use the keyword all-except to disable function privileges for a specific family for an access type. The
following example creates read-only privileges for SSH for all the families except VLAN.
-> aaa switch-access priv-mask ssh read-only all-except vlan
If privileges for specific families need to be re-applied, then remove the existing privilege using the no
command, and re-apply the required family privilege.
-> no aaa switch-access priv-mask telnet read-write all
-> aaa switch-access priv-mask telnet read-write vlan aaa
Domain Corresponding Families
domain-admin file telnet dshell debug
domain-system system aip snmp rmon webmgt config
domain-physical chassis module interface pmm health
domain-network ip rip ospf bgp vrrp ip-routing ipmr ipms
domain-layer2 vlan bridge stp 802.1q linkagg ip-helper
domain-service dns
domain-policy qos policy slb
domain-security session avlan aaa
Authenticated Switch Access - Enhanced Mode Managing Switch Security
page 10-18 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Configuring Management Station
Enable or disable the IP management station feature in a switch.
When the IP management station is disabled, the switch access from any IP address is allowed. After login
failure, based on the lockout threshold value, (ip-lockout threshold) those IP address are banned/blocked
and are added to the banned IP address list.
To disable the IP management station feature in a switch, use the disable option in the aaa switch-access
management-stations command. By default, the IP management station feature state is disabled.
-> aaa switch-access management stations disable
When the management station is enabled, the switch access is allowed only from those IP addresses
configured as management station IP, and only if they are not in the banned list.
To enable the IP management station feature in a switch, use the enable option in the aaa switch-access
management-stations command.
-> aaa switch-access management stations enable
To configure the IP address for the management station, use the aaa switch-access management-stations
command. A management station IP can be configured with or without mask value. The remote access is
allowed only from these IP addresses. A maximum of 64 management stations can be configured.
-> aaa switch-access management stations 100.15.5.9
-> aaa switch-access management stations 100.15.5.9 mask 255.255.255.0
Managing Switch Security Verifying the ASA Configuration
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 10-19
Verifying the ASA Configuration
To display information about management interfaces used for Authenticated Switch Access and ASA
enhanced mode configuration, use the show commands listed here:
For more information about the resulting displays from these commands, see the OmniSwitch AOS
Release 6 CLI Reference Guide. An example of the output for the show aaa authentication command is
also given in
“Quick Steps for Setting Up ASA” on page 10-7.
show aaa authentication Displays information about the current authenticated switch session.
show aaa accounting mac Displays information about accounting servers configured for Authenti-
cated Switch Access or Authenticated VLANs.
aaa classification-rule mac-
address
Displays information about a particular AAA server or AAA servers.
show aaa switch-access mode Displays the global access mode configuration.
show aaa switch-access ip-
lockout-threshold
Displays the lockout threshold configured for the remote IP addresses.
show aaa switch-access
banned-ip
Displays the list of banned ip addresses.
show aaa switch-access priv-
mask
Displays the privilege details for access types.
show aaa switch-access
management-stations
Displays the list of configured management stations.
Verifying the ASA Configuration Managing Switch Security
page 10-20 OmniSwitch AOS Release 6 Switch Management Guide December 2017
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 11-1
11 Using WebView
The switch can be monitored and configured using WebView, Alcatel-Lucent web-based device
management tool. The WebView application is embedded in the switch and is accessible through the
following web browsers:
• Internet Explorer 6 or later
• Firefox2 or later
Note. For information about setting up browser preferences and options, see “Browser Setup” on
page 11-2.
In This Chapter
This chapter provides an overview of WebView and WebView functionality, and includes information
about the following procedures:
• Configuring the Switch with WebView
– WebView Login (see page 11-8)
– Home Page (see page 11-9)
– Configuration Page (see page 11-12)
• Using WebView Help
– Global Configuration Page (see page 11-12)
– Table Configuration Page (see page 11-13)
Note. For detailed configuration information on each feature, see other chapters in this guide, the
OmniSwitch AOS Release 6 Network Configuration Guide.
WebView CLI Defaults Using WebView
page 11-2 OmniSwitch AOS Release 6 Switch Management Guide December 2017
WebView CLI Defaults
Web Management Command Line Interface (CLI) commands allow you to enable/disable WebView,
enable/disable Secure Socket Layer (SSL), and view basic WebView parameters. These configuration
options are also available in WebView. The following table lists the defaults for WebView configuration
through the http and https commands
Browser Setup
Set up your browser preferences (or options) as follows:
• Cookies must be enabled. This is the default.
• JavaScript must be enabled/supported.
• Java must be enabled.
• Style sheets must be enabled; that is, the colors, fonts, backgrounds, and so on of web pages must
always be used (rather than any user-configured settings).
• Checking for new versions of pages must be set to “Every time” when your browser opens.
• If you are using a proxy server, the proxy settings must be configured to bypass the switch on which
you are running WebView (the local switch).
Typically many of these settings are configured as the default. Different browsers (and different versions
of the same browser) can have different dialogs for these settings. Check your browser help pages if you
need help.
Description Command Default
WebView Status http server enabled
Force SSL http ssl disabled
HTTPS port https port 443
HTTP port http port 80
WebView WLAN Cluster-Vir-
tual-IP Precedence
webview wlan cluster-virtual-ip
precedence
lldp
Using WebView WebView CLI Commands
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 11-3
WebView CLI Commands
The following configuration options can be performed using the CLI. These configuration options are also
available in WebView; but changing the web server port or secured port can only be done through the CLI
(or SNMP).
Enabling/Disabling WebView
WebView is enabled on the switch by default. If necessary, use the http server command to enable
WebView. For example:
-> http server
Use the no http server command to disable WebView on the switch. If web management is disabled, you
will not be able to access the switch using WebView. Use the
show http command to view WebView
status.
As an alternative you can use the https keyword instead of the http keyword to enable WebView. For
example:
-> https server
When using this format of the command use the no https server command to disable WebView on the
switch.
Changing the HTTP Port
The default HTTP port is 80, the well-known port number for Web servers. You can change the port to a
number in the range 0 to 65535 using the
http port command. (Well-known port numbers, which are in
the range 0 to 1023, cannot be configured.)
Note. All WebView sessions must be terminated before the switch accepts the command.
For example:
-> http port 2000
This command changes the HTTP port to 2000.
To restore an HTTP port to its default value, use the default keyword as shown below:
-> http port default
WebView CLI Commands Using WebView
page 11-4 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Enabling/Disabling SSL
Force SSL is disabled by default. Use the http ssl command to enable Force SSL on the switch. For exam-
ple:
-> http ssl
Use the no http ssl command to disable Force SSL on the switch. Use the show http command to view
WebView status.
As an alternative you can use the https keyword instead of the http keyword to enable Force SSL. For
example:
-> https ssl
When using this format of the command use the no https server command to disable Force SSL on the
switch.
Changing the HTTPS Port
The default secure HTTP (HTTPS) port is 443, the well-known port number for SSL. You can change the
port to a number in the range 0 to 65535 using the
https port command. (Well-known port numbers,
which are in the range 0 to 1023, cannot be configured.)
Note. All WebView sessions must be terminated before the switch accepts the command.
For example:
-> https port 2500
This command changes the secure HTTP port to 2500.
To restore an HTTPS port to its default value, use the default keyword as shown below:
-> https port default
Using WebView Quick Steps for Setting Up WebView
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 11-5
Quick Steps for Setting Up WebView
1 Make sure you have an Ethernet connection to the switch.
2 Configure switch management for HTTP using the aaa authentication command. Enter the command,
the port type that you are authenticating (http), and the name of the LDAP, RADIUS, ACE, or local
server that is being used for authentication. For example, to configure switch management for HTTP using
the “local” authentication server you would enter:
-> aaa authentication http local
3 Open a web browser.
4 Enter the IP address of the switch you want to access in the Address field of the browser and press
Enter. The WebView login screen appears.
5 Enter the appropriate user ID and password (the initial user name is admin and the initial password is
switch). After successful login, the Chassis Management Home Page appears.
WebView Overview
The following sections provide an overview of WebView page layouts. For information on configuring
the switch with WebView, see
page 11-8.
WebView Page Layout
As shown below, each WebView page is divided into four areas:
• Banner—Used to access global options (e.g., global help, telnet, and log out). An icon is also
displayed in this area to indicate the current directory (Certified or Working).
• Toolbar—Used to access WebView features.
• Feature Options—Used to access specific configuration options for each feature (displayed in drop-
down menus at the top of the page).
• View/Configuration Area—Used to view/configure a feature.
Certified
Working
WebView Overview Using WebView
page 11-6 OmniSwitch AOS Release 6 Switch Management Guide December 2017
WebView Chassis Home Page
Banner
The following features are available in the WebView Banner:
• Options—Brings up the User Options Page, which is used to change the user login password.
• Save Config—Brings up the Save Configuration Screen. Click Apply to save the switch’s running
configuration for the next startup.
• Help—Brings up general WebView Help. Specific help pages are also available on each configuration
page.
• About—Provides basic WebView product information.
• Telnet—Brings up a Telnet session window, through which you can access the switch for CLI configu-
ration.
• Log Out—Logs the user out of the switch and ends the user session. After logout, the login screen
appears. The user can log back into the switch or just close the login screen.
Toolbar
Switch configuration is divided into configuration groups in the toolbar (for example, Physical, Layer 2,
and so on). Under each configuration group are switch features, identified by a name and an icon.
For detailed configuration information on each feature, see other chapters in this guide, the
OmniSwitch AOS Release 6 Network Configuration Guide. Help pages are also available in WebView.
Using WebView WebView Overview
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 11-7
Feature Options
Feature configuration options are displayed as drop-down menus at the top of each feature page. For more
information on using the drop-down menus, see
“Configuration Page” on page 11-12.
View/Configuration Area
The View/Configuration area is where switch configuration information is displayed and where configura-
tion pages appear. After logging into WebView, a real-time graphical representation of the switch displays
all of the switch’s current components. The feature configuration options on this page are used to config
-
ure the switch.
Configuring the Switch With WebView Using WebView
page 11-8 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Configuring the Switch With WebView
The following sections provide an overview of WebView functionality. For detailed configuration proce-
dures, see other chapters in this guide, the OmniSwitch AOS Release 6 Network Configuration Guide.
Accessing WebView
WebView is accessed using any of the browsers listed on page 11-1. All of the necessary WebView files
are stored on the switch. To access WebView and login to a switch:
1 Open a web browser.
2 Enter the IP address of the switch you want to configure in the browser Address field and press Enter.
The login screen appears.
WebView Login Page
3 Enter the appropriate user ID and password at the login prompt (the initial user name is admin and the
initial password is switch) and click Login. After successful login, the Chassis Management Home Page
appears.
Note. You can access WebView through any NI on the switch.
Using WebView Configuring the Switch With WebView
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 11-9
To configure a feature in WebView, click on the feature icon in the toolbar on the left side of the screen.
The first page displayed is the Home Page. Each configuration feature in WebView has a Home Page and
a number of configuration pages. The Home Page provides an overview of the feature and its current
configuration. The configuration pages are used to configure the feature.
Accessing WebView with Internet Explorer Version 7
When using Windows Internet Explorer Version 7 (IE7) browser software to access WebView with
HTTPS, the following certificate warning message is displayed:
Click “Continue to this website (not recommended)” to continue the browser session. A certificate error
message, similar to the one shown below, appears at the top of the WebView browser window.
At this point, you can decide to do one of the following:
• Ignore the certificate error message and log into WebView. By doing so, the certificate error message
always appears at the top of every WebView browser window; or,
• Follow the steps below to install the Alcatel-Lucent self-signed certificate in the Trusted Root Certifi-
cation Authorities store. This clears the certificate error message.
1 Click on the certificate error message. A “Certificate Invalid” popup window displays.
Configuring the Switch With WebView Using WebView
page 11-10 OmniSwitch AOS Release 6 Switch Management Guide December 2017
2 Click on “View Certificates” at the bottom of the “Certificate Invalid” popup window. A “Certificate
Information” popup window displays.
3 Click on the “Install Certificate” button at the bottom of the “Certificate Information” window. This
step launches the Certificate Import Wizard.
4 Click the “Next” button to continue with the Certificate Import Wizard process. The “Certificate Store”
window displays.
5 Select “Place all certificates in the following store” and click on the “Browse” button. This displays a
list of certificate stores.
6 Select “Trusted Root Certification Authorities” from the list of stores and continue with the wizard
installation process. A “Security Warning” window is displayed containing a warning about installing the
certificate.
7 Click the “Yes” button in the “Security Warning” window to finish installing the certificate. After the
certificate is installed, the browser window no longer displays the certificate error message.
Home Page
The first page displayed for each feature is the Home Page (e.g., IP Home). The Home Page describes the
feature and provides an overview of that feature’s current configuration. If applicable, home pages display
the feature’s current configuration and can also be used to configure global parameters. Each Home Page
also provides a Site Map (shown below), which displays all of the configuration options available for that
feature. These are the same configuration options available in the drop-down menus at the top of the page.
IP Home Page
Feature
Overview
Displays
Site Map
Click to
display
feature
Home
Page.
Using WebView Configuring the Switch With WebView
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 11-11
IP Site Map
Click on a
configuration
option to
display the
configuration
page.
Click browser
Back button to
return to the
Home Page.
Configuring the Switch With WebView Using WebView
page 11-12 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Configuration Page
Feature configuration options are displayed in the drop-down menus at the top of each page. The same
menus are displayed on every configuration page within a feature. To configure a feature on the switch,
select a configuration option from the drop down menu. There are two types of configuration pages in
WebView—a Global configuration page and a Table configuration page.
Global Configuration Page
Global configuration pages display drop-down menus and fields that you complete to configure global
parameters. The fields display the current configuration. To change the configuration:
1 Select a new value from one of the drop-down lists or enter a new value in a field.
2 Click Apply to apply the changes to the switch. The new configuration takes effect immediately.
3 Repeat the procedure to make additional configuration changes.
Note. If you update a field and want to return it to the previous configuration, click Restore. However, you
must click Restore before applying the new configuration. If you apply the new configuration and want to
return to the previous configuration, you must re-enter the old configuration in the applicable fields.
Global Configuration Page
Enter a value.
Select item
from drop-
down menu.
Applies
new
configuration.
Restores
original field
values.
Using WebView Configuring the Switch With WebView
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 11-13
Table Configuration Page
Table configuration pages show current configurations in tabular form. Entries can be added, modified, or
deleted. You can delete multiple entries, but you can only modify one entry at a time.
Table Configuration Page
Click to select
item to
modify or
delete.
Configuring the Switch With WebView Using WebView
page 11-14 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Adding a New Entry
To add a new entry to the table:
1 Click Add on the Configuration page. The Add window appears (e.g., Add IP Static Route).
2 Complete the fields, then click Apply. The new configuration takes effect immediately and the new
entry appears in the table.
3 Repeat steps 1 and 2 to add additional entries.
Add Window
Using WebView Configuring the Switch With WebView
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 11-15
Modifying an Existing Entry
To modify an existing entry:
1 Click on the checkbox to the left of the entry on the Configuration page and click Modify. The Modify
window appears (e.g., Modify IP Static Route). The current configuration is displayed in each field.
2 Modify the applicable field(s), then click Apply. If successful, the Modify window disappears. The
new configuration takes effect immediately and the modified entry appears in the table. If there is an error,
the window remains and an error message is displayed.
3 Repeat the procedure to modify additional entries.
Modify Window
Configuring the Switch With WebView Using WebView
page 11-16 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Deleting an Existing Entry
To delete an existing entry:
1 Click on the checkbox to the left of the entry on the Configuration page.
2 Click Delete. The entry is immediately deleted from the table.
Note. You can delete multiple entries by selecting the checkbox next to each entry. Click on the top box to
select all entries in the table.
Using WebView Configuring the Switch With WebView
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 11-17
Table Features
Table Views
Some table configuration pages can be expanded to view additional configuration information. If this
option is available, a toggle switch appears at the bottom left corner of the table. To change views, click
on the toggle switch (e.g., Expanded View). For example, if the table is in summary view, click on
“Expanded View” to change to the expanded view. From the expanded view, click on “Summary View” to
return to the summary view. For example:
Table View Feature—Summary View
Click to
expand the
table.
Configuring the Switch With WebView Using WebView
page 11-18 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Table View Feature—Expanded View
Table Sorting
Basic Sort
Table entries can be sorted by column in ascending or descending order. Initially, tables are sorted on the
first column in ascending order (the number 1 appears in the first column). To sort in descending order,
click on the column heading. Click again to return to the ascending order.
To sort on a different column, click on the column heading (the table sorts on that column and the number
1 appears at the top of the column). Click again to sort the data in descending order.
Note. You can also click on the “Flip” icon at the upper-right corner of the table to toggle between the
ascending and the descending order.
Click to
return to
Summary
view.
Using WebView Configuring the Switch With WebView
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 11-19
Table Sort Feature—Initial Sort
“Flip” icon
Click to tog-
gle between
ascending
and
descending
order.
Configuring the Switch With WebView Using WebView
page 11-20 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Table Sort Feature—Modified Sort
Sort on a
different
column.
Using WebView Configuring the Switch With WebView
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 11-21
Advanced Sorting
You can also customize a sort by defining primary and secondary sort criteria. To define primary and
secondary column sorts, click on the “Sort” icon in the upper-right corner of the table (the column head
-
ings are highlighted). Next, click on the primary and secondary column headings (the numbers 1 and 2
appear in the primary and secondary columns). Click again on the “Sort” icon to sort the table. Click on
the “Clear” icon to clear the sort settings. You can sort up to four columns at one time.
Table Sort Feature—Advanced Sort
Then,
click on
the
primary
and
second-
ary
column
headings.
Click on
the“Sort”
icon.
Configuring the Switch With WebView Using WebView
page 11-22 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Table Paging
Certain potentially large tables (e.g., VLANs) have a paging feature that loads the table data in increments
of 50 or 100 entries. If the table reaches this threshold, the first group of entries is displayed and a “Next”
button appears at the bottom of the page. Click Next to view the next group of entries. Click Previous to
view the previous group of entries.
Table Paging Feature
Click Next
to view the
next group
of entries.
Using WebView Configuring the Switch With WebView
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 11-23
Adjacencies
WebView provides a graphical representation of all AMAP-supported Alcatel-Lucent switches and IP
phones adjacent to the switch. The following information for each device is also listed:
• IP address
• MAC address
• Remote slot/port
By clicking on a device, the Web-based device manager (if available) is displayed for that device. If a
Web-based device manager is not available, a Telnet session can be launched. (A route to the adjacent
switch must exist in the IP routing table for a Web-based device manager or Telnet session to be
launched.)
To display the adjacencies, click on the Adjacencies button under the Physical group. The page displays
similar to the following:
Adjacencies View
C
l
i
c
k
t
o
d
i
s
p
l
a
y
A
d
j
a
c
e
n
c
i
e
s
P
a
g
e
Mouse-over a
switch to
display
switch.
information
Configuring the Switch With WebView Using WebView
page 11-24 OmniSwitch AOS Release 6 Switch Management Guide December 2017
OAW-AP Web Management Configuration
The OAW-APs can be managed from the OAW-AP web interface. The OAW-AP web interface can be
accessed from the WebView page by clicking on the WLAN button under the Physical group.
WLAN WebView Page
In order to access the OAW-AP web management interface, the switch must be aware of the Virtual Clus-
ter IP of the AP. When you try to access the WLAN web management on the WebView page, the
WebView server on the switch redirects the URL to the AP (Virtual IP Address) URL on port 8080 from
where the OAW-APs can be managed. The Virtual Cluster IP address can be configured using the CLI on
the OmniSwitch or from the WebView page.
Configuring the Virtual Cluster IP address for OAW-AP Web Management
using CLI
To configure the AP Virtual Cluster IP address using the CLI, use the webview wlan cluster-virtual-
ip
CLI command. For example:
-> webview wlan cluster-virtual-ip 10.25.6.8
Automatic Configuration of Cluster Virtual IP Address
The Cluster Virtual IP address to access the group of APs through OmniSwitch Webview can be automati-
cally configured. The OmniSwitch acquires the Cluster Virtual IP address from the LLDP TLV received
from the Access Points (AP).
All AP belonging to the same L2 domain and having the same cluster-ID are grouped into a single cluster.
Each of these APs have their own unique IP address and the cluster is associated with a single virtual IP
address for management. The cluster can be configured or managed through a Web interface by connect
-
ing to the cluster virtual IP address. The cluster virtual IP address is associated with the primary AP of the
Using WebView Configuring the Switch With WebView
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 11-25
cluster. The OmniSwitch automatically configures the cluster virtual IP address from the received LLDP
packets from the APs.
Enabling Automatic Configuration of Cluster Virtual IP Address
To automatically configure the cluster virtual IP address the precedence to obtain the cluster IP address
from the LLDP packets must be set. To set the precedence for LLDP packets received from the APs, use
the webview wlan cluster-virtual-ip precedence command. For example, the following command sets
the precedence for LLDP packets:
-> webview wlan cluster-virtual-ip precedence lldp
Note. By default, the precedence is set for LLDP packets.
However, the precedence can be changed to the manually configured cluster virtual IP address. To set the
precedence for manually configured virtual IP address, use the webview wlan cluster-virtual-ip prece
-
dence command. For example, the following command sets the precedence for manually configured IP
address:
-> webview wlan cluster-virtual-ip precedence configured
The configuration can be verified using the show webview wlan config command.
For more information on the CLI, refer to OmniSwitch AOS Release 6 CLI Reference Guide.
Configuring the Switch With WebView Using WebView
page 11-26 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Configuring the Virtual Cluster IP address for OAW-AP Web Management
using WebView
The Virtual Cluster IP address of the AP can be configured from the WebView page by clicking on the
WLAN button under the Physical group. The WLAN WebView page is displayed.
Click on the Configuration tab to configure the Virtual Cluster IP address of the AP.
WLAN Virtual IP Configuration
Set the precedence to obtain the cluster virtual IP address from the WLAN Cluster-Virtual-IP Prece-
dence drop down box. If LLDP is selected, then the precedence to obtain the cluster virtual IP address is
set to LLDP packets coming from the APs. If Configured is selected, then the precedence to obtain the
cluster virtual IP address is set to the manually configured IP address.
To manually configure the cluster virtual IP address, enter the cluster IP address in the Configure WLAN
Cluster IP address box.
Click Apply to apply the changes. The Virtual Cluster IP address is configured.
Click Restore to restore the previous configuration.
Click Refresh to refresh the WLAN configuration page.
Note. By default, the precedence is set to LLDP.
Verifying the WLAN Configuration
The Virtual Cluster IP address configuration can be verified in the WLAN Configuration screen in the
WebView or by using the show webview wlan config CLI on the OmniSwitch. For example:
-> show webview wlan config
WebView WLAN Cluster-Virtual-IP Precedence = LLDP
WebView WLAN Cluster-Virtual-IP configured address = 0.0.0.0
WebView WLAN Cluster-Virtual-IP LLDP address = 1.1.1.1
The output displays the precedence set for obtaining the cluster virtual IP address, the configured cluster
virtual IP address, and the cluster virtual IP address obtained from the LLDP packets.
Using WebView Configuring the Switch With WebView
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 11-27
Accessing the WLAN Management page from WebView
To access the WLAN Management from WebView, click on the WLAN_WebGui tab in the WLAN
WebView page. The WebView server on the switch redirects the URL to the configured OAW-AP
(Virtual IP Address) URL on port 8080.
A separate page to access the WLAN Management page is displayed.
WebView Help Using WebView
page 11-28 OmniSwitch AOS Release 6 Switch Management Guide December 2017
WebView Help
A general help page for using WebView is available from the banner at the top of the page. In addition,
on-line help is available on every WebView page. Each help page provides a description of the page and
specific instructions for each configurable field.
General WebView Help
To display general help for WebView, click the Help option in the WebView banner. (For information
about the banner, see
“WebView Page Layout” on page 11-5.)
The information in the help page is similar to the information given in this chapter.
Specific-page Help
Each help page provides a description of the page and a description for each field. To access help from any
global configuration page, table page, or Add or Modify window:
1 Click the Help button at the bottom of the page. A help window displays similar to the following:
Help Page Layout
Print or close
the Help page.
Click to jump to
field definition.
Using WebView WebView Help
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 11-29
2 Click on the field name hyperlink on the Help page to go to the Help page for that field; or use the
scroll bar on the right side of the Help page to scroll through help for all fields. (You can also click Print
to print a hard copy of the Help page.)
Click Close or click the Close Window icon at the top-right corner to close the Help page and return to the
configuration or table page.
WebView Help Using WebView
page 11-30 OmniSwitch AOS Release 6 Switch Management Guide December 2017
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 12-1
12 Using OmniVista Cirrus
OmniVista Cirrus (OV Cirrus) is a cloud-based network management solution used to deliver zero touch
provisioning using the cloud. The OV Cirrus NMS solution provides reduced costs, ease of device
provisioning and a unified wired/wireless management from the cloud. The OmniSwitch cloud
management feature is configured using the OV Cloud Agent.
Deployment of OV Cirrus provides easier to use management and monitoring tools in a network and the
ability to manage the network using devices ranging from workstations to smart phones.
In This Chapter
This chapter provides an overview of OV Cirrus and OV Cirrus functionality, and includes information
about the following procedures:
• “Quick Steps for Configuring OV Cirrus” on page 12-3
• “OV Cirrus Overview” on page 12-4
• “Components of OV Cirrus” on page 12-4
• “Interaction with other features” on page 12-6
• “OmniSwitch OV Cirrus Modes” on page 12-7
• “OV Cirrus Deployment Scenarios” on page 12-8
OV Cirrus Defaults Using OmniVista Cirrus
page 12-2 OmniSwitch AOS Release 6 Switch Management Guide December 2017
OV Cirrus Defaults
When OV Cirrus is configured, the following default parameter values are applied unless otherwise
specified:
Parameter Description Default Value/Comments
OV Cloud Agent Admin Status Disabled.
OV Cloud Agent Discovery Interval 30 minutes
No. of tenant that an OV Cirrus Instance can support 1000 Tenants
Default location of Activation Server files downloads /flash/switch/cloud/
Default URL of the Activation Server activation.myovcloud.com:443
Using OmniVista Cirrus Quick Steps for Configuring OV Cirrus
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 12-3
Quick Steps for Configuring OV Cirrus
The following steps provide a quick tutorial on how to configure and enable OV Cirrus on an
OmniSwitch.
1 When the OmniSwitch is booted up for the first time, the switch will not have a [boot.cfg] configura-
tion file. Hence, OV Cirrus is enabled by default.
2 Enable the OV Cirrus functionality on the switch using the cloud-agent admin-state command. For
example:
-> cloud-agent admin-state enable
3 Configure the time interval after which the switch will call-home the activation server, in case of any
fatal error. Use the
cloud-agent discovery-interval command. For example:
-> cloud-agent discovery-interval 60
4 The OmniSwitch will now be connected to the OV Cirrus.
Note. To verify and display the Cloud Agent status and parameters received from the DHCP and
activation server, use the show cloud-agent status command. For example,
-> show cloud-agent status
Admin State : Enabled,
Activation Server State : clientCertificatePreviouslyIssued ,
Device State : DeviceManaged,
Error State : CertificatePreviouslyIssued,
Cloud Group : Dev,
DHCP Address : 125.111.111.11,
DHCP IP Address Mask : 255.255.255.0,
Gateway : 125.111.111.1,
Activation Server : activation.myovcloud.com:443,
NTP Server : 125.111.111.160,
DNS Server : 10.11.0.254,
DNS Domain : netaos.in,
Proxy Server : 192.168.254.49:8080,
VPN Server : -,
Preprovision Server : -,
OV Tenant : -,
VPN DPD Time (sec) : 30,
Image Server : -,
Image Download Retry Count : -,
Discovery Interval (min) : 30,
Time to next Call Home (sec) : 900,
Call Home Timer Status : Running,
Discovery Retry Count : 0
OV Cirrus Overview Using OmniVista Cirrus
page 12-4 OmniSwitch AOS Release 6 Switch Management Guide December 2017
OV Cirrus Overview
The OmniVista Cirrus is an alternative to the current on premise version of OmniVista.
OV cloud Agent is a solution to deliver zero touch provisioning using Omnivista over the cloud. The
solution provides reduced costs, ease of device provisioning and a unified wired/wireless management
from the cloud. The solution also provides an ability to identify each device uniquely and provide a
freemium/premium solution based on the user policy.
Components of OV Cirrus
OmniSwitch interacts with the following main components in an OV Cirrus topology.
The above diagram shows the deployment topology of OmniVista Cirrus.
OV Cloud agent shall configure and enable the DNS resolver service based on the DHCP option received
OmniSwitch interacts with the following main components in an OV Cirrus topology.
Using OmniVista Cirrus Components of OV Cirrus
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 12-5
DHCP Server
The DCHP Server is located at the customer network premises. The DHCP server in the network may be
configured for the following.
– IP address
–IP subnet
– Default gateway address
– DNS gateway address
– Domain name (optional).
– NTP server address (Option 42)
– DHCP Vendor Specific Options (Option 43 - VSO)
Activation Server
The Activation Server (AS) is placed in the cloud environment and has to be reachable through the secure
internet router with minimal to no special configuration. The default cloud-agent configuration file in the
OmniSwitch (cloudagent.cfg) will have “activation.myovcloud.com” as the default activation server.
HTTPS secure protocol is used for communication between the switch and AS. The initial HTTPS
connection to the Activation server will only validate server certificate using the certificate chain stored on
switch. Once the Activation server pushes a device specific certificate, the device will re-initiate HTTPS
connection using this new certificate. This device specific certificate will be used for openVPN
communication. The switch first obtains its certificate from the AS. All further communication with the
AS or OV is secured using this certificate.
OV Cirrus Instance
This is in the Cloud and is accessible through the internet router. This connection is secure and OV Cirrus
manages the OmniSwitch using SNMP. Each OV Cirrus instance is multi-tenant and can support up to
5000 devices (APs and switches). A secure VPN connection is used to communicate between the switch
and the OV Cirrus instance.
Proxy Server
All the communication to the Activation site and OV Cirrus connects through this Proxy server. The
openVPN client and HTTPS client must be able to work through a Proxy in the network. The Proxy server
address and port shall be obtained from the DHCP VSO. A secure VPN connection should be used to
communicate between the switch and the OV Cirrus instance.
Note. its not mandatory for a proxy to be present. This comes into consideration ony if proxy is present.
NTP Server
Time synchronization between the devices and across the network is critical to ease communication across
the network. Time syncronization helps to trace and track security issues, network usage and troubleshoot
network issues.
The Network Time Protocol (NTP) helps to obtain the accurate time from a server and synchronize the
local time in each network element. Connectivity to a valid NTP server is required to synchronize the
OmniSwitch clock to set the correct time. If NTP server is not configured in the network, OmniSwitch
reboot may lead to variation in time data.
Interaction with other features Using OmniVista Cirrus
page 12-6 OmniSwitch AOS Release 6 Switch Management Guide December 2017
NTP server is used to synchronize the time of Open VPN and OV Cirrus. NTP update is used to set time
initially through NTP step mode. This is to shorten the convergence of NTP time and ensures that the
device time is within the certificate validity time.
Initially, OV cloud agent configures and enables the NTP server based on the DHCP parameters received.
It will first run NTP date to setup the time through step mode. Then start the NTP client to keep
synchronizing the switch time.
Image Download CDN Server
OmniSwitch downloads the AOS images from this server. The Activation server provides the URL for this
server to the OmniSwitch. The switch establishes HTTPS connection to the Image Download CDN Server
and downloads the images.
Open VPN Server
OpenVPN Server is a full featured secure network tunneling VPN solution that integrates OpenVPN
server capabilities and enterprise management capabilities. This server is in the Cloud. OmniSwitch
establishes the Open VPN connection to this server for secure communication with the OV instance. The
Activation server provides openVPN configuration to the OmniSwitch.
When trying to connect to the openVPN server, if the connection is not established in 90 seconds, the
switch will move to an error state and will call home after the expiry of the discovery interval. Once after
the VPN connection is established, and if for any reason, the VPN connection is lost, the switch shall keep
trying to re-connect with the VPN server. If the VPN connection cannot be re-established for a period of
10 mins, the switch shall terminate the openVPN client and call home again.
To displays the Cloud Agent VPN status, use the show cloud-agent vpn status command.
-> show cloud-agent vpn status
VPN status : Connected,
VPN Assigned IP : 10.8.0.4,
VPN DPD time (sec) : 600
Interaction with other features
DCHP Server for Option 43
DHCP servers are used to configure network devices with essential networking information like an IP
address, a default gateway, network mask, DNS server, and so on. Most DHCP servers have the ability to
send a variety of optional information, including the Vendor-Specific Option Code, also called option 43.
In an OV Cirrus network, A DHCP server can be configured to send the IP address along with the Vendor-
Specific Option Code (option 43) in the DHCP reply to the host. In the OV Cirrus network, this
information allow an OmniSwitch to automatically discover the use of AS for its configuration and
management.
The DHCP server sees the Vendor Class Identifier Code in the request and checks to see if it has option 43
configured. If it does, it sends the Vendor-Specific Option Code (option 43) to the client.
The OmniSwitch receives a response from the DHCP server and checks if option 43 is received If it is, the
OmniSwitch contacts the Activation server using the URL received through Option 43.
Using OmniVista Cirrus Dependencies
OmniSwitch AOS Release 6 Switch Management Guide December 2017 page 12-7
HTTPS
HTTPS is the secure protocol that is used for communication between the switch with the activation server
and CDN server. The OmniSwitch first obtains its certificates from the AS. All subsequent
communication with the Activation server or OV is secured using this certificate.
Dependencies
• The switch will initiate a call-home after every reboot if there is no configuration file on the switch.
• If there is a configuration file on the switch, the switch will initiate a call-home only if the cloud agent
enabled explicitly using
cloud-agent admin-state command in the configuration. Enabling cloud agent
using this command will immediately initiate a call-home sequence with the activation server.
• If the call-home sequence is already in progress or in connected state, the CLI will display a warning
“Switch is already connected/connecting to OV Cloud. Please `write memory` to save the
configuration”. Use the
write memory command ` to save the configuration.
• All the certificate files downloaded from the Application Server as well as the default files built in the
image like publicCaChain.pem and imagesigning.cert present in /flash/switch/cloud should not be
modified or removed from the switch.
• The /flash/switch/cloud/vpn_proxy.txt is automatically generated with the proxy credentials by the
cloud agent task. This openvpn client configuration file should not be deleted or modified.
• The openvpn client configuration file in /flash/switch/cloud cannot be edited by the user.
• It is always advisable to execute cloud-agent admin-state only from working directory.
• IPv6 DNS resolution is not supported.
OmniSwitch OV Cirrus Modes
The main objective of network management thorough OV Cirrus is to configure, backup restore and
control configuration changes of devices thorough a centrally managed cloud network.
The types of OV Cirrus deployment of OmniSwitch available for the customers are:
1 Freemium/Basic Customer
This type of customer is an OV Cirrus user with subscription for one time AOS Software upgrade. This
customer does not have access to OV in the cloud. The freemium customer needs to be registered at the
Activation site either automatically through communication between Activation server and the Datalake or
by manual registration at the Activation portal by the customer or business partner.
2 Non-Freemium/Premier customer:
There are two types of Non-Freemium or Premium customers.
• Premier Demo customer
– This customer gets both a software upgrade and OV Management from the cloud for duration of
the demo period. After the demo period the customer devices goes to registered state on Activa-
tion site. The customer has to upgrade to licensed service to get management from the cloud.
OV Cirrus Deployment Scenarios Using OmniVista Cirrus
page 12-8 OmniSwitch AOS Release 6 Switch Management Guide December 2017
• Premier Licensed customer
– This customer gets both a software upgrade and OV Management from the cloud for the dura-
tion of the purchased license.
OV Cirrus Deployment Scenarios
The deployment scenarios of ALE devices are as follows:
Greenfield deployments: In this scenario, ALE switches/APs that at are deployed for the first time with
Freemium or Non-Freemium OV Cirrus service.
Brownfield deployments 1: In this scenario, the network consists of an existing operational network of
third-party devices, ALE switches, and APs. To this operational network, the customer adds ALE
switches/APs with Freemium or Non-Freemium OV Cirrus service. Only the newly added devices are
using the OV Cirrus service.
Brownfield deployments 2: In this scenario, the network consists of an existing operational network of
third-party devices, ALE switches, and AP. To this operational network, the customer adds the OV Cirrus
management service to manage the existing network. The existing configuration of the customer should
not be overwritten when moving to the cloud unless explicitly changed from the cloud.
Verifying the OV Cirrus Configuration
To display information about OV Cirrus on the switch, use the show commands listed below:
show cloud-agent status Displays the Cloud Agent status and parameters received from the
DHCP and activation server.
show cloud-agent vpn status Displays the Cloud Agent VPN status.
OmniSwitch AOS Release 6 Switch Management Guide December 2017 A-1
A Software License and
Copyright Statements
This appendix contains Alcatel-Lucent and third-party software vendor license and copyright statements.
Alcatel-Lucent License Agreement
ALE USA, Inc. SOFTWARE LICENSE AGREEMENT
IMPORTANT. Please read the terms and conditions of this license agreement carefully before opening
this package.
By opening this package, you accept and agree to the terms of this license agreement. If you are not
willing to be bound by the terms of this license agreement, do not open this package. Please
promptly return the product and any materials in unopened form to the place where you obtained it
for a full refund.
1. License Grant. This is a license, not a sales agreement, between you (the “Licensee”) and Alcatel-
Lucent Alcatel-Lucent hereby grants to Licensee, and Licensee accepts, a non-exclusive license to use
program media and computer software contained therein (the “Licensed Files”) and the accompanying
user documentation (collectively the “Licensed Materials”), only as authorized in this License Agreement.
Licensee, subject to the terms of this License Agreement, may use one copy of the Licensed Files on the
Licensee’s system. Licensee agrees not to assign, sublicense, transfer, pledge, lease, rent, or share their
rights under this License Agreement. Licensee may retain the program media for backup purposes with
retention of the copyright and other proprietary notices. Except as authorized under this paragraph, no
copies of the Licensed Materials or any portions thereof may be made by Licensee and Licensee shall not
modify, decompile, disassemble, reverse engineer, or otherwise attempt to derive the Source Code.
Licensee is also advised that Alcatel-Lucent products contain embedded software known as firmware
which resides in silicon. Licensee may not copy the firmware or transfer the firmware to another medium.
2. ALE USA, Inc.’s Rights. Licensee acknowledges and agrees that the Licensed Materials are the sole
property of Alcatel-Lucent and its licensors (herein “its licensors”), protected by U.S. copyright law, trade
-
mark law, and are licensed on a right to use basis. Licensee further acknowledges and agrees that all rights,
title, and interest in and to the Licensed Materials are and shall remain with Alcatel-Lucent and its licen
-
sors and that no such right, license, or interest shall be asserted with respect to such copyrights and trade-
marks. This License Agreement does not convey to Licensee an interest in or to the Licensed Materials,
but only a limited right to use revocable in accordance with the terms of this License Agreement.
Alcatel-Lucent License Agreement Software License and Copyright Statements
A-2 OmniSwitch AOS Release 6 Switch Management Guide December 2017
3. Confidentiality. Alcatel-Lucent considers the Licensed Files to contain valuable trade secrets of
Alcatel-Lucent, the unauthorized disclosure of which could cause irreparable harm to Alcatel-Lucent.
Except as expressly set forth herein, Licensee agrees to use reasonable efforts not to disclose the Licensed
Files to any third party and not to use the Licensed Files other than for the purpose authorized by this
License Agreement. This confidentiality obligation shall continue after any termination of this License
Agreement.
4. Indemnity. Licensee agrees to indemnify, defend and hold Alcatel-Lucent harmless from any claim,
lawsuit, legal proceeding, settlement or judgment (including without limitation Alcatel-Lucent’s reason
-
able United States and local attorneys’ and expert witnesses’ fees and costs) arising out of or in connec-
tion with the unauthorized copying, marketing, performance or distribution of the Licensed Files.
5. Limited Warranty. Alcatel-Lucent warrants, for Licensee’s benefit alone, that the program media
shall, for a period of ninety (90) days from the date of commencement of this License Agreement (referred
to as the Warranty Period), be free from defects in material and workmanship. Alcatel-Lucent further
warrants, for Licensee benefit alone, that during the Warranty Period the Licensed Files shall operate
substantially in accordance with the functional specifications in the User Guide. If during the Warranty
Period, a defect in the Licensed Files appears, Licensee may return the Licensed Files to Alcatel-Lucent
for either replacement or, if so elected by Alcatel-Lucent, refund of amounts paid by Licensee under this
License Agreement. EXCEPT FOR THE WARRANTIES SET FORTH ABOVE, THE LICENSED
MATERIALS ARE LICENSED “AS IS” AND ALE USA, Inc. AND ITS LICENSORS DISCLAIM ANY
AND ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING (WITHOUT
LIMITATION) ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED
WARRANTIES SO THE ABOVE EXCLUSIONS MAY NOT APPLY TO LICENSEE. THIS
WARRANTY GIVES THE LICENSEE SPECIFIC LEGAL RIGHTS. LICENSEE MAY ALSO HAVE
OTHER RIGHTS WHICH VARY FROM STATE TO STATE.
6. Limitation of Liability. Alcatel-Lucent’s cumulative liability to Licensee or any other party for any
loss or damages resulting from any claims, demands, or actions arising out of or relating to this License
Agreement shall not exceed the license fee paid to Alcatel-Lucent for the Licensed Materials. IN NO
EVENT SHALL ALE USA, Inc. BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUEN
-
TIAL, SPECIAL, OR EXEMPLARY DAMAGES OR LOST PROFITS, EVEN IF
ALE USA, Inc. HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES
DO NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR
CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION TO INCIDEN
-
TAL OR CONSEQUENTIAL DAMAGES MAY NOT APPLY TO LICENSEE.
7. Export Control. This product is subject to the jurisdiction of the United States. Licensee may not
export or reexport the Licensed Files, without complying with all United States export laws and regula
-
tions, including but not limited to (i) obtaining prior authorization from the U.S. Department of Commerce
if a validated export license is required, and (ii) obtaining “written assurances” from licensees, if required.
8. Support and Maintenance. Except as may be provided in a separate agreement between
Alcatel-Lucent and Licensee, if any, Alcatel-Lucent is under no obligation to maintain or support the
copies of the Licensed Files made and distributed hereunder and Alcatel-Lucent has no obligation to
furnish Licensee with any further assistance, documentation or information of any nature or kind.
9. Term. This License Agreement is effective upon Licensee opening this package and shall continue until
terminated. Licensee may terminate this License Agreement at any time by returning the Licensed Materi
-
als and all copies thereof and extracts therefrom to Alcatel-Lucent and certifying to Alcatel-Lucent in
writing that all Licensed Materials and all copies thereof and extracts therefrom have been returned or
erased by the memory of Licensee’s computer or made non-readable. Alcatel-Lucent may terminate this
License Agreement upon the breach by Licensee of any term hereof. Upon such termination by
Software License and Copyright Statements Alcatel-Lucent License Agreement
OmniSwitch AOS Release 6 Switch Management Guide December 2017 A-3
Alcatel-Lucent, Licensee agrees to return to ALE USA, Inc.ALE USA, Inc. or destroy the Licensed Mate-
rials and all copies and portions thereof.
10. Governing Law. This License Agreement shall be construed and governed in accordance with the
laws of the State of California.
11. Severability. Should any term of this License Agreement be declared void or unenforceable by any
court of competent jurisdiction, such declaration shall have no effect on the remaining terms herein.
12. No Waiver. The failure of either party to enforce any rights granted hereunder or to take action against
the other party in the event of any breach hereunder shall not be deemed a waiver by that party as to
subsequent enforcement of rights or subsequent actions in the event of future breaches.
13. Notes to United States Government Users. Software and documentation are provided with restricted
rights. Use, duplication or disclosure by the government is subject to (i) restrictions set forth in GSA ADP
Schedule Contract with ALE USA, Inc.’s reseller(s), or (ii) restrictions set forth in subparagraph (c) (1)
and (2) of 48 CFR 52.227-19, as applicable.
14.Third Party Materials. Licensee is notified that the Licensed Files contain third party software and
materials licensed to ALE USA, Inc. by certain third party licensors. Some third party licensors (e.g.,
Wind River and their licensors with respect to the Run-Time Module) are third part beneficiaries to this
License Agreement with full rights of enforcement. Please refer to the section entitled
“Third Party
Licenses and Notices” on page A-4 for the third party license and notice terms.
Third Party Licenses and Notices Software License and Copyright Statements
A-4 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Third Party Licenses and Notices
The licenses and notices related only to such third party software are set forth below:
A. Booting and Debugging Non-Proprietary Software
A small, separate software portion aggregated with the core software in this product and primarily used for
initial booting and debugging constitutes non-proprietary software, some of which may be obtained in
source code format from ALE USA, Inc. for a limited period of time. ALE USA, Inc. will provide a
machine-readable copy of the applicable non-proprietary software to any requester for a cost of copying,
shipping and handling. This offer will expire 3 years from the date of the first shipment of this product.
B. The OpenLDAP Public License: Version 2.8, 17 August 2003
Redistribution and use of this software and associated documentation (“Software”), with or without modi-
fication, are permitted provided that the following conditions are met:
1 Redistributions of source code must retain copyright statements and notices.
2 Redistributions in binary form must reproduce applicable copyright statements and notices, this list of
conditions, and the following disclaimer in the documentation and/or other materials provided with the
distribution.
3 Redistributions must contain a verbatim copy of this document.
4 The names and trademarks of the authors and copyright holders must not be used in advertising or
otherwise to promote the sale, use or other dealing in this Software without specific, written prior permis
-
sion.
5 Due credit should be given to the OpenLDAP Project.
6 The OpenLDAP Foundation may revise this license from time to time. Each revision is distinguished
by a version number. You may use the Software under terms of this license revision or under the terms of
any subsequent revision of the license.
THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND CONTRIBUTORS “AS
IS” AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENLDAP FOUNDATIO OR ITS
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEM
-
PLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCURE-
MENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
OpenLDAP is a trademark of the OpenLDAP Foundation.
Copyright 1999-2000 The OpenLDAP Foundation, Redwood City,
California, USA. All Rights Reserved. Permission to copy and
distributed verbatim copies of this document is granted.
Software License and Copyright Statements Third Party Licenses and Notices
OmniSwitch AOS Release 6 Switch Management Guide December 2017 A-5
C. Linux
Linux is written and distributed under the GNU General Public License which means that its source code
is freely-distributed and available to the general public.
D. GNU GENERAL PUBLIC LICENSE: Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc. 675 Mass Ave, Cambridge, MA 02139, USA
Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is
not allowed.
Preamble
The licenses for most software are designed to take away your freedom to share and change it. By
contrast, the GNU General Public License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This General Public License applies to most of
the Free Software Foundation’s software and to any other program whose authors commit to using it.
(Some other Free Software Foundation software is covered by the GNU Library General Public License
instead.) You can apply it to your programs, too.
When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are
designed to make sure that you have the freedom to distribute copies of free software (and charge for this
service if you wish), that you receive source code or can get it if you want it, that you can change the soft
-
ware or use pieces of it in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask
you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute
copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the
recipients all the rights that you have. You must make sure that they, too, receive or can get the source
code. And you must show them these terms so they know their rights.
We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which
gives you legal permission to copy, distribute and/or modify the software.
Also, for each author’s protection and ours, we want to make certain that everyone understands that there
is no warranty for this free software. If the software is modified by someone else and passed on, we want
its recipients to know that what they have is not the original, so that any problems introduced by others
will not reflect on the original authors’ reputations.
Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that
redistributors of a free program will individually obtain patent licenses, in effect making the program
proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone’s free use
or not licensed at all.
The precise terms and conditions for copying, distribution and modification follow.
GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING,
DISTRIBUTION AND MODIFICATION
0 This License applies to any program or other work which contains a notice placed by the copyright
holder saying it may be distributed under the terms of this General Public License. The “Program”, below,
refers to any such program or work, and a “work based on the Program” means either the Program or any
derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either
Third Party Licenses and Notices Software License and Copyright Statements
A-6 OmniSwitch AOS Release 6 Switch Management Guide December 2017
verbatim or with modifications and/or translated into another language. (Hereinafter, translation is
included without limitation in the term “modification”.) Each licensee is addressed as “you”.
Activities other than copying, distribution and modification are not covered by this License; they are
outside its scope. The act of running the Program is not restricted, and the output from the Program is
covered only if its contents constitute a work based on the Program (independent of having been made by
running the Program). Whether that is true depends on what the Program does.
1 You may copy and distribute verbatim copies of the Program’s source code as you receive it, in any
medium, provided that you conspicuously and appropriately publish on each copy an appropriate copy
-
right notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the
absence of any warranty; and give any other recipients of the Program a copy of this License along with
the Program.
You may charge a fee for the physical act of transferring a copy, and you may at your option offer
warranty protection in exchange for a fee.
2 You may modify your copy or copies of the Program or any portion of it, thus forming a work based on
the Program, and copy and distribute such modifications or work under the terms of Section 1 above,
provided that you also meet all of these conditions:
a You must cause the modified files to carry prominent notices stating that you changed the files and
the date of any change.
b You must cause any work that you distribute or publish, that in whole or in part contains or is
derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties
under the terms of this License.
c If the modified program normally reads commands interactively when run, you must cause it, when
started running for such interactive use in the most ordinary way, to print or display an announcement
including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you
provide a warranty) and that users may redistribute the program under these conditions, and telling the
user how to view a copy of this License. (Exception: if the Program itself is interactive but does not
normally print such an announcement, your work based on the Program is not required to print an
announcement.)
These requirements apply to the modified work as a whole. If identifiable sections of that work are not
derived from the Program, and can be reasonably considered independent and separate works in them
-
selves, then this License, and its terms, do not apply to those sections when you distribute them as sepa-
rate works. But when you distribute the same sections as part of a whole which is a work based on the
Program, the distribution of the whole must be on the terms of this License, whose permissions for other
licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is
not the intent of this section to claim rights or contest your rights to work written entirely by you; rather,
the intent is to exercise the right to control the distribution of derivative or collective works based on the
Program.
In addition, mere aggregation of another work not based on the Program with the Program (or with a work
based on the Program) on a volume of a storage or distribution medium does not bring the other work
under the scope of this License.
3 You may copy and distribute the Program (or a work based on it, under Section 2) in object code or
executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
a Accompany it with the complete corresponding machine-readable source code, which must be
distributed under the terms of Sections 1 and 2 above on a medium customarily used for software inter
-
change; or,
Software License and Copyright Statements Third Party Licenses and Notices
OmniSwitch AOS Release 6 Switch Management Guide December 2017 A-7
b Accompany it with a written offer, valid for at least three years, to give any third party, for a charge
no more than your cost of physically performing source distribution, a complete machine-readable
copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a
medium customarily used for software interchange; or,
c Accompany it with the information you received as to the offer to distribute corresponding source
code. (This alternative is allowed only for noncommercial distribution and only if you received the
program in object code or executable form with such an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for making modifications to it. For an
executable work, complete source code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to control compilation and installation of the
executable. However, as a special exception, the source code distributed need not include anything that is
normally distributed (in either source or binary form) with the major components (compiler, kernel, and so
on) of the operating system on which the executable runs, unless that component itself accompanies the
executable.
If distribution of executable or object code is made by offering access to copy from a designated place,
then offering equivalent access to copy the source code from the same place counts as distribution of the
source code, even though third parties are not compelled to copy the source along with the object code.
4 You may not copy, modify, sublicense, or distribute the Program except as expressly provided under
this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will
automatically terminate your rights under this License. However, parties who have received copies, or
rights, from you under this License will not have their licenses terminated so long as such parties remain
in full compliance.
5 You are not required to accept this License, since you have not signed it. However, nothing else grants
you permission to modify or distribute the Program or its derivative works. These actions are prohibited
by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any
work based on the Program), you indicate your acceptance of this License to do so, and all its terms and
conditions for copying, distributing or modifying the Program or works based on it.
6 Each time you redistribute the Program (or any work based on the Program), the recipient automati-
cally receives a license from the original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further restrictions on the recipients’ exercise of the
rights granted herein. You are not responsible for enforcing compliance by third parties to this License.
7 If, as a consequence of a court judgment or allegation of patent infringement or for any other reason
(not limited to patent issues), conditions are imposed on you (whether by court order, agreement or other
-
wise) that contradict the conditions of this License, they do not excuse you from the conditions of this
License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and
any other pertinent obligations, then as a consequence you may not distribute the Program at all. For
example, if a patent license would not permit royalty-free redistribution of the Program by all those who
receive copies directly or indirectly through you, then the only way you could satisfy both it and this
License would be to refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under any particular circumstance, the
balance of the section is intended to apply and the section as a whole is intended to apply in other circum
-
stances.
It is not the purpose of this section to induce you to infringe any patents or other property right claims or
to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the
free software distribution system, which is implemented by public license practices. Many people have
made generous contributions to the wide range of software distributed through that system in reliance on
Third Party Licenses and Notices Software License and Copyright Statements
A-8 OmniSwitch AOS Release 6 Switch Management Guide December 2017
consistent application of that system; it is up to the author/donor to decide if he or she is willing to distrib-
ute software through any other system and a licensee cannot impose that choice.
This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this
License.
8 If the distribution and/or use of the Program is restricted in certain countries either by patents or by
copyrighted interfaces, the original copyright holder who places the Program under this License may add
an explicit geographical distribution limitation excluding those countries, so that distribution is permitted
only in or among countries not thus excluded. In such case, this License incorporates the limitation as if
written in the body of this License.
9 The Free Software Foundation may publish revised and/or new versions of the General Public License
from time to time. Such new versions will be similar in spirit to the present version, but may differ in
detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Program specifies a version number of this
License which applies to it and “any later version”, you have the option of following the terms and condi
-
tions either of that version or of any later version published by the Free Software Foundation. If the
Program does not specify a version number of this License, you may choose any version ever published by
the Free Software Foundation.
10 If you wish to incorporate parts of the Program into other free programs whose distribution conditions
are different, write to the author to ask for permission. For software which is copyrighted by the Free Soft
-
ware Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our
decision will be guided by the two goals of preserving the free status of all derivatives of our free soft
-
ware and of promoting the sharing and reuse of software generally.
NO WARRANTY
11 BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO
THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12 IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARIS
-
ING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT
LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES
SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE
WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS.
Software License and Copyright Statements Third Party Licenses and Notices
OmniSwitch AOS Release 6 Switch Management Guide December 2017 A-9
Appendix: How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest possible use to the public, the best way
to achieve this is to make it free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest to attach them to the start of each source
file to most effectively convey the exclusion of warranty; and each file should have at least the “copy
-
right” line and a pointer to where the full notice is found.
<one line to give the program’s name and a brief idea of what it does.> Copyright (C)
19yy <name of author>
This program is free software; you can redistribute it and/or modify it under the terms of
the GNU General Public License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License along with this
program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
MA 02139, USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) 19yy name of author Gnomovision comes with
ABSOLUTELY NO WARRANTY; for details type ‘show w’. This is free software,
and you are welcome to redistribute it under certain conditions; type ‘show c’ for details.
The hypothetical commands ‘show w’ and ‘show c’ should show the appropriate parts of the General
Public License. Of course, the commands you use may be called something other than ‘show w’ and
‘show c’; they could even be mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your school, if any, to sign a “copy-
right disclaimer” for the program, if necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program ‘Gnomovision’
(which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into proprietary programs. If
your program is a subroutine library, you may consider it more useful to permit linking proprietary appli
-
cations with the library. If this is what you want to do, use the GNU Library General Public License
instead of this License.
URLWatch:
For notice when this page changes, fill in your email address.
Maintained by: Webmaster, Linux Online Inc.
Last modified: 09-Aug-2000 02:03AM.
Views since 16-Aug-2000: 177203.
Third Party Licenses and Notices Software License and Copyright Statements
A-10 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Material copyright Linux Online Inc.
Design and compilation copyright (c)1994-2002 Linux Online Inc.
Linux is a registered trademark of Linus Torvalds
Tux the Penguin, featured in our logo, was created by Larry Ewing
Consult our privacy statement
URLWatch provided by URLWatch Services.
All rights reserved.
E. University of California
Provided with this product is certain TCP input and Telnet client software developed by the University of
California, Berkeley.
Copyright (C) 1987. The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms are permitted provided that the above copyright notice
and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and
other materials related to such distribution and use acknowledge that the software was developed by the
University of California, Berkeley. The name of the University may not be used to endorse or promote
products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
F. Carnegie-Mellon University
Provided with this product is certain BOOTP Relay software developed by Carnegie-Mellon University.
G.Random.c
PR 30872 B Kesner created May 5 2000
PR 30872 B Kesner June 16 2000 moved batch_entropy_process to own task iWhirlpool to make code
more efficient
random.c -- A strong random number generator
Version 1.89, last modified 19-Sep-99
Copyright Theodore Ts’o, 1994, 1995, 1996, 1997, 1998, 1999. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided
that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, and the entire permission notice
in its entirety, including the disclaimer of warranties.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
following disclaimer in the documentation and/or other materials provided with the distribution.
3. The name of the author may not be used to endorse or promote products derived from this software
without specific prior written permission. ALTERNATIVELY, this product may be distributed under the
terms of the GNU Public License, in which case the provisions of the GPL are required INSTEAD OF the
Software License and Copyright Statements Third Party Licenses and Notices
OmniSwitch AOS Release 6 Switch Management Guide December 2017 A-11
above restrictions. (This clause is necessary due to a potential bad interaction between the GPL and the
restrictions contained in a BSD-style copyright.)
THIS SOFTWARE IS PROVIDED “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF WHICH ARE HEREBY DISCLAIMED. IN
NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROF
-
ITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABIL-
ITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF NOT
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
H. Apptitude, Inc.
Provided with this product is certain network monitoring software (“MeterWorks/RMON”) licensed from
Apptitude, Inc., whose copyright notice is as follows: Copyright (C) 1997-1999 by Apptitude, Inc. All
Rights Reserved. Licensee is notified that Apptitude, Inc. (formerly, Technically Elite, Inc.), a California
corporation with principal offices at 6330 San Ignacio Avenue, San Jose, California, is a third party bene
-
ficiary to the Software License Agreement. The provisions of the Software License Agreement as applied
to MeterWorks/RMON are made expressly for the benefit of Apptitude, Inc., and are enforceable by
Apptitude, Inc. in addition to ALE USA, Inc.. IN NO EVENT SHALL APPTITUDE, INC. OR ITS
SUPPLIERS BE LIABLE FOR ANY DAMAGES, INCLUDING COSTS OF PROCUREMENT OF
SUBSTITUTE PRODUCTS OR SERVICES, LOST PROFITS, OR ANY SPECIAL, INDIRECT,
CONSEQUENTIAL OR INCIDENTAL DAMAGES, HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, ARISING IN ANY WAY OUT OF THIS AGREEMENT.
I. Agranat
Provided with this product is certain web server software (“EMWEB PRODUCT”) licensed from Agranat
Systems, Inc. (“Agranat”). Agranat has granted to ALE USA, Inc. certain warranties of performance,
which warranties [or portion thereof] ALE USA, Inc. now extends to Licensee. IN NO EVENT,
HOWEVER, SHALL AGRANAT BE LIABLE TO LICENSEE FOR ANY INDIRECT, SPECIAL, OR
CONSEQUENTIAL DAMAGES OF LICENSEE OR A THIRD PARTY AGAINST LICENSEE ARIS
-
ING OUT OF, OR IN CONNECTION WITH, THIS DISTRIBUTION OF EMWEB PRODUCT TO
LICENSEE. In case of any termination of the Software License Agreement between ALE USA, Inc. and
Licensee, Licensee shall immediately return the EMWEB Product and any back-up copy to ALE USA,
Inc., and will certify to ALE USA, Inc. in writing that all EMWEB Product components and any copies of
the software have been returned or erased by the memory of Licensee’s computer or made non-readable.
J. RSA Security Inc.
Provided with this product is certain security software (“RSA Software”) licensed from RSA Security Inc.
RSA SECURITY INC. PROVIDES RSA SOFTWARE “AS IS” WITHOUT ANY WARRANTY WHAT
-
SOEVER. RSA SECURITY INC. DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED OR STAT-
UTORY, AS TO ANY MATTER WHATSOEVER INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF
THIRD PARTY RIGHTS.
Third Party Licenses and Notices Software License and Copyright Statements
A-12 OmniSwitch AOS Release 6 Switch Management Guide December 2017
K. Sun Microsystems, Inc.
This product contains Coronado ASIC, which includes a component derived from designs licensed from
Sun Microsystems, Inc.
L. Wind River Systems, Inc.
Provided with this product is certain software (“Run-Time Module”) licensed from Wind River Systems,
Inc. Licensee is prohibited from: (i) copying the Run-Time Module, except for archive purposes consis
-
tent with Licensee’s archive procedures; (ii) transferring the Run-Time Module to a third party apart from
the product; (iii) modifying, decompiling, disassembling, reverse engineering or otherwise attempting to
derive the source code of the Run-Time Module; (iv) exporting the Run-Time Module or underlying tech
-
nology in contravention of applicable U.S. and foreign export laws and regulations; and (v) using the Run-
Time Module other than in connection with operation of the product. In addition, please be advised that:
(i) the Run-Time Module is licensed, not sold and that ALE USA, Inc. and its licensors retain ownership
of all copies of the Run-Time Module; (ii) WIND RIVER DISCLAIMS ALL IMPLIED WARRANTIES,
INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, (iii) The SOFTWARE LICENSE AGREEMENT
EXCLUDES LIABILITY FOR ANY SPECIAL, INDIRECT, PUNITIVE, INCIDENTAL AND CONSE
-
QUENTIAL DAMAGES; and (iv) any further distribution of the Run-Time Module shall be subject to the
same restrictions set forth herein. With respect to the Run-Time Module, Wind River and its licensors are
third party beneficiaries of the License Agreement and the provisions related to the Run-Time Module are
made expressly for the benefit of, and are enforceable by, Wind River and its licensors.
M.Network Time Protocol Version 4
The following copyright notice applies to all files collectively called the Network Time Protocol Version 4
Distribution. Unless specifically declared otherwise in an individual file, this notice applies as if the text
was explicitly included in the file.
***********************************************************************
* *
* Copyright (c) David L. Mills 1992-2003 *
* *
* Permission to use, copy, modify, and distribute this software and *
* its documentation for any purpose and without fee is hereby *
* granted, provided that the above copyright notice appears in all *
* copies and that both the copyright notice and this permission *
* notice appear in supporting documentation, and that the name *
* University of Delaware not be used in advertising or publicity *
* pertaining to distribution of the software without specific, *
* written prior permission. The University of Delaware makes no *
* representations about the suitability this software for any *
* purpose. It is provided "as is" without express or implied *
* warranty. *
* *
*************************************************************************
Software License and Copyright Statements Third Party Licenses and Notices
OmniSwitch AOS Release 6 Switch Management Guide December 2017 A-13
N.Remote-ni
Provided with this product is a file (part of GDB), the GNU debugger and is licensed from Free Software
Foundation, Inc., whose copyright notice is as follows: Copyright (C) 1989, 1991, 1992 by Free Software
Foundation, Inc. Licensee can redistribute this software and modify it under the terms of General Public
License as published by Free Software Foundation Inc.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
O.GNU Zip
GNU Zip -- A compression utility which compresses the files with zip algorithm.
Copyright (C) 1992-1993 Jean-loup Gailly.
BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR
THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO
THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
P. FREESCALE SEMICONDUCTOR SOFTWARE LICENSE AGREEMENT
Provided with this product is a software also known as DINK32 (Dynamic Interactive Nano Kernel for
32-bit processors) solely in conjunction with the development and marketing of your products which use
and incorporate microprocessors which implement the PowerPC (TM) architecture manufactured by
Motorola. The licensee comply with all of the following restrictions:
1. This entire notice is retained without alteration in any modified and/or redistributed versions.
2. The modified versions are clearly identified as such. No licenses are granted by implication, estoppel or
otherwise under any patents or trademarks of Motorola, Inc.
The SOFTWARE is provided on an "AS IS" basis and without warranty. To the maximum extent permit-
ted by applicable law, MOTOROLA DISCLAIMS ALL WARRANTIES WHETHER EXPRESS OR
IMPLIED, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE AND ANY WARRANTY AGAINST INFRINGEMENT WITH REGARD
TO THE SOFTWARE (INCLUDING ANY MODIFIED VERSIONS THEREOF) AND ANY ACCOM
-
PANYING WRITTEN MATERIALS.To the maximum extent permitted by applicable law, IN NO
EVENT SHALL MOTOROLA BE LIABLE FOR ANY DAMAGES WHATSOEVER.
Copyright (C) Motorola, Inc. 1989-2001 All rights reserved.
Version 13.1
Third Party Licenses and Notices Software License and Copyright Statements
A-14 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Q.Boost C++ Libraries
Provided with this product is free peer-reviewed portable C++ source libraries.
Version 1.33.1
Copyright (C) by Beman Dawes, David Abrahams, 1998-2003. All rights reserved.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-
INFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR ANYONE
DISTRIBUTING THE SOFTWARE BE LIABLE FOR ANY DAMAGES OR OTHER
LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE
OR OTHER DEALINGS IN THE SOFTWARE.
R. U-Boot
Provided with this product is a software licensed from Free Software Foundation Inc. This is used as OS
Bootloader; and located in on-board flash. This product is standalone and not linked (statically or dynami
-
cally) to any other software.
Version 1.1.0
Copyright (C) 2000-2004. All rights reserved.
S. Solaris
Provided with this product is free software; Licensee can redistribute it and/or modify it under the terms of
the GNU General Public License.
Copyright (C) 1992-1993 Jean-loup Gailly. All rights reserved.
T. Internet Protocol Version 6
Copyright (C) 1982, 1986, 1990, 1991, 1993. The Regents of the University of California.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permit-
ted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of condi-
tions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or other materials provided
with the distribution.
3. All advertising materials mentioning features or use of this software must display the
following acknowledgment: This product includes software developed by the University of
California, Berkeley and its contributors.
Software License and Copyright Statements Third Party Licenses and Notices
OmniSwitch AOS Release 6 Switch Management Guide December 2017 A-15
4. Neither the name of the University nor the names of its contributors may be used to
endorse or promote products derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS “AS IS'' AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE. FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL.
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS.
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION). HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT. LIABIL
-
ITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The copyright of the products such as crypto, dhcp, net, netinet, netinet6, netley, netwrs, libinet6 are same
as that of the internet protocol version 6.
U. CURSES
Copyright (C) 1987. The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms are permitted provided that the above copyright notice
and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and
other materials related to such distribution and use acknowledge that the software was developed by the
University of California, Berkeley. The name of the University may not be used to endorse or promote
products derived from this software without specific prior written permission.
V. Z M o d e m
Provided with this product is a program or code that can be used without any restriction.
Copyright (C) 1986 Gary S. Brown. All rights reserved.
W.Boost Software License
Provided with this product is reference implementation, so that the Boost libraries are suit-
able for eventual standardization. Boost works on any modern operating system, including UNIX and
Windows variants.
Version 1.0
Copyright (C) Gennadiy Rozental 2005. All rights reserved.
X. OpenLDAP
Provided with this software is an open source implementation of the Lightweight Directory Access Proto-
col (LDAP).
Version 3
Copyright (C) 1990, 1998, 1999, Regents of the University of Michigan, A. Hartgers, Juan C. Gomez. All
rights reserved.
Third Party Licenses and Notices Software License and Copyright Statements
A-16 OmniSwitch AOS Release 6 Switch Management Guide December 2017
This software is not subject to any license of Eindhoven University of Technology.Redistribution and use
in source and binary forms are permitted only as authorized by the OpenLDAP Public License.
This software is not subject to any license of Silicon Graphics Inc.or Purdue University. Redistribution and
use in source and binary forms are permitted without restriction or fee of any kind as long as this notice is
preserved.
Y. BITMAP.C
Provided with this product is a program for personal and non-profit use.
Copyright (C) Allen I. Holub, All rights reserved.
Z. University of Toronto
Provided with this product is a code that is modified specifically for use with the STEVIE editor. Permis-
sion is granted to anyone to use this software for any purpose on any computer system, and to redistribute
it freely, subject to the following restrictions:
1. The author is not responsible for the consequences of use of this software, no matter how awful, even if
they arise from defects in it.
2.The origin of this software must not be misrepresented, either by explicit claim or by omission.
3. Altered versions must be plainly marked as such, and must not be misrepresented as being the original
software.
Version 1.5
Copyright (C) 1986 by University of Toronto and written by Henry Spencer.
AA.Free/OpenBSD
Copyright (c) 1982, 1986, 1990, 1991, 1993 The Regents of University of California. All Rights Reserved.
OmniSwitch AOS Release 6 Switch Management Guide December 2017 B-1
B SNMP Trap Information
This appendix lists the supported SNMP traps along with their descriptions.
SNMP Traps Table SNMP Trap Information
B-2 OmniSwitch AOS Release 6 Switch Management Guide December 2017
SNMP Traps Table
The following table provides information on all SNMP traps supported by the switch. Each row includes
the trap name, its ID number, any objects (if applicable), its command family, and a description of the
condition the SNMP agent in the switch is reporting to the SNMP management station.
No. Trap Name Objects Family Description
0 coldStart none chassis The SNMP agent in the switch is
reinitiating and its configuration
may have been altered.
1 warmStart none chassis The SNMP agent in the switch is
reinitiating itself and its configu
-
ration is unaltered.
2 linkDown IfIndex
ifAdminStatus
ifOperStatus
interface The SNMP agent in the switch
recognizes a failure in one of the
communications links configured
for the switch.
IfIndex—A unique value, greater than zero, for each interface. It is recommended that values are assigned con-
tiguously starting from 1. The value for each interface sub-layer must remain constant at least from one re-ini-
tialization of the entity’s network management system to the next re-initialization.
ifAdminStatus—The desired state of the interface. The testing (3) state indicates that no operational packets can
be passed. When a managed system initializes, all interfaces start with ifAdminStatus in the down (2) state. As a
result of either explicit management action or per configuration information retained by the managed system,
ifAdminStatus is then changed to either the up (1) or testing (3) states (or remains in the down (2) state).
ifOperStatus—The current operational state of the interface. The testing (3) state indicates that no operational
packets can be passed. If ifAdminStatus is down (2) then ifOperStatus should be down(2). If ifAdminStatus is
changed to up (1) then ifOperStatus should change to up (1) if the interface is ready to transmit and receive net
-
work traffic; it should change to dormant (5) if the interface is waiting for external actions (such as a serial line
waiting for an incoming connection); it should remain in the down (2) state if and only if there is a fault that pre
-
vents it from going to the up (1) state; it should remain in the notPresent (6) state if the interface has missing
(typically, hardware) components.
3 linkUp ifIndex
ifAdminStatus
ifOperStatus
interface The SNMP agent in the switch
recognizes that one of the com
-
munications links configured for
the switch has come up.
IfIndex—A unique value, greater than zero, for each interface. It is recommended that values are assigned con-
tiguously starting from 1. The value for each interface sub-layer must remain constant at least from one re-ini-
tialization of the entity's network management system to the next re-initialization.
ifAdminStatus—The desired state of the interface. The testing (3) state indicates that no operational packets can
be passed. When a managed system initializes, all interfaces start with ifAdminStatus in the down (2) state. As a
result of either explicit management action or per configuration information retained by the managed system,
ifAdminStatus is then changed to either the up (1) or testing (3) states (or remains in the down (2) state).
ifOperStatus—The current operational state of the interface. The testing(3) state indicates that no operational
packets can be passed. If ifAdminStatus is down (2) then ifOperStatus should be down (2). If ifAdminStatus is
changed to up (1), then ifOperStatus should change to up (1) if the interface is ready to transmit and receive net
-
work traffic; it should change to dormant (5) if the interface is waiting for external actions (such as a serial line
waiting for an incoming connection); it should remain in the down (2) state if and only if there is a fault that pre
-
vents it from going to the up (1) state; it should remain in the notPresent (6) state if the interface has missing
(typically, hardware) components.
SNMP Trap Information SNMP Traps Table
OmniSwitch AOS Release 6 Switch Management Guide December 2017 B-3
4 authenticationFailure none snmp The SNMP agent in the switch
has received a protocol message
that is not properly authenticated.
5 entConfigChange none module An entConfigChange notification
is generated when a conceptual
row is created, modified, or
deleted in one of the entity
tables.
6 aipAMAPStatusTrap aipAMAPLast-
TrapReason
aipAMAPLast-
TrapPort
aip The status of the Alcatel-Lucent
Mapping Adjacency Protocol
(AMAP) port changed.
aipAMAPLastTrapReason—Reason for last change of port status. Valid reasons are 1 (port added), 2 (change
of information on existing port), 3 (port deleted), and 4 (no trap has been sent).
aipAMAPLastTrapPort—The ifindex number of the port that most recently changed.
7 aipGMAPConflictTrap aipGMAPLast-
TrapReason
aipGMAPLast-
TrapPort
aipGMAPLast-
TrapMac
aipGMAPLast-
TrapProtocol
aipGMAPLast-
TrapVlan
aip Indicates a Group Mobility
Advertisement Protocol (GMAP)
port update conflict.
aipGMAPLastTrapReason—Reason for last GMAP update to not be applied. Valid reasons are 1 (Target
VLAN is an authenticated VLAN), 2 (update would conflict with a binding rule), 3 (update would create two
different VLAN entries for the same protocol), 4 (update would create two different protocol entries for the same
VLAN), 5 (target VLAN is not mobile), and 6 (no trap has been sent).
aipGMAPLastTrapPort—The ifindex number of the last port on which the GMAP was not applied because of
a conflict.
aipGMAPLastTrapMac—The last MAC address for which a GMAP change was not
applied because of a conflict.
aipGMAPLastTrapProtocol—The protocol identifier of the last GMAP change that was not applied because of
a conflict.
aipGMAPLastTrapVlan—The VLAN identifier of the last GMAP change that was not applied because of a
conflict.
Note: This trap (GMAP) is not supported.
8 policyEventNotification policyTrapE-
ventDetail-
String
policyTrapE-
ventCode
qos The switch notifies the NMS
when a significant event happens
that involves the policy manager.
policyTrapEventDetailString—Details about the event that took place.
policyTrapEventCode—The code of the event.
No. Trap Name Objects Family Description
SNMP Traps Table SNMP Trap Information
B-4 OmniSwitch AOS Release 6 Switch Management Guide December 2017
9 chassisTrapsStr chassis-
TrapsStrLevel
chassis-
TrapsStrAp-
pID
chassis-
TrapsStrSnapI
D
chassisTrapsStr-
fileName
chassisTrapsStr-
fileLineNb
chassis-
TrapsStrError
Nb
chassisTrapsStr-
comments
chassisTrapsStr-
dataInfo
chassis A software trouble report (STR)
was sent by an application
encountering a problem during
its execution.
chassisTrapsStrLevel—An enumerated value that provides the urgency level of the STR.
chassisTrapsStrAppID—The application identification number.
chassisTrapsStrSnapID—The subapplication identification number. You can have multiple snapIDs per Subap-
plication (task) but only one is to be used to send STRs.
chassisTrapsStrfileName—Name of the source file where the fault was detected. This is given by the C ANSI
macro __FILE__. The path shouldn’t appear.
chassisTrapsStrfileLineNb—Line number in the source file where the fault was detected. This is given by the C
ANSI macro __LINE__.
chassisTrapsStrErrorNb—The fault identificator. The error number identifies the kind the detected fault and
allows a mapping of the data contained in chassisTrapsdataInfo.
chassisTrapsStrcomments—Comment text explaining the fault.
chassisTrapsStrdataInfo—Additional data provided to help to find out the origin of the fault. The contained
and the significant portion are varying in accordance with chassisTrapsStrErrorNb. The length of this field is
expressed in bytes.
10 chassisTrapsAlert physicalIndex
chassisTrapsOb-
jectType
chassisTrapsOb-
jectNumber
chassisTrap-
sAlertNumber
chassisTrap-
sAlertDescr
chassis A notification that some change
has occurred in the chassis.
physicalIndex—The physical index of the involved object.
chassisTrapsObjectType—An enumerated value that provides the object type involved in the alert trap.
chassisTrapsObjectNumber—A number defining the order of the object in the set (e.g., the number of the con-
sidered fan or power supply). This is intended to clarify as much as possible the location of the failure or alert.
An instance of the appearance of the trap could be “failure on a module. Power supply 3”.
chassisTrapsAlertNumber—This number that identifies the alert among all the possible chassis alert causes.
chassisTrapsAlertDescr— The description of the alert matching ChassisTrapsAlertNumber.
No. Trap Name Objects Family Description
SNMP Trap Information SNMP Traps Table
OmniSwitch AOS Release 6 Switch Management Guide December 2017 B-5
11 chassisTrapsStateChange physicalIndex
chassisTrapsOb-
jectType
chassisTrapsOb-
jectNumber
chasEntPhysOp-
erStatus
chassis An NI status change was
detected.
physicalIndex—The physical index of the involved object.
chassisTrapsObjectType—An enumerated value that provides the object type involved in the alert trap.
chassisTrapsObjectNumber—A number defining the order of the object in the set (e.g., the number of the con-
sidered fan or power supply). This intends to clarify as much as possible the location of the failure or alert. An
instance of the appearance of the trap could be “failure on a module. Power supply 3”.
chasEntPhysOperStatus—An enumerated value that indicates the operational status of installed modules
(includes empty slots).
12 chassisTrapsMacOverlap physicalIndex
chasTrapMac-
RangeIndex
module A MAC range overlap was found
in the backplane eeprom.
physicalIndex—The physical index of the involved object.
chasTrapMacRangeIndex—The MAC range index of the involved object.
15 healthMonDeviceTrap healthMonRx-
Status
healthMonRxTx-
Status
healthMonMem-
oryStatus
healthMonCpuS-
tatus
healthMonCm-
mTempStatus
healthMonCm-
mCpuTemp-
Status
health Indicates a device-level threshold
was crossed.
healthMonRxStatus—Rx threshold status indicating if threshold was crossed or no change.
healthMonRxTxStatus— RxTx threshold status indicating if threshold was crossed or no change.
healthMonMemoryStatus—Memory threshold status indicating if threshold was crossed or no change.
healthMonCpuStatus—CPU threshold status indicating if threshold was crossed or no change.
healthMonCmmTempStatus—CMM temperature threshold status indicating if threshold was crossed or no
change.
healthMonCmmCpuTempStatus—CMM CPU temperature threshold status indicating if threshold was
crossed or no change.
No. Trap Name Objects Family Description
SNMP Traps Table SNMP Trap Information
B-6 OmniSwitch AOS Release 6 Switch Management Guide December 2017
16 healthMonModuleTrap healthMod-
uleSlot
healthMonRx-
Status
healthMonRxTx-
Status
healthMonMem-
oryStatus
healthMonCpuS-
tatus
health Indicates a module-level thresh-
old was crossed.
healthModuleSlot—The (one-based) front slot number within the chassis.
healthMonRxStatus—Rx threshold status indicating if threshold was crossed or no change.
healthMonRxTxStatus—RxTx threshold status indicating if threshold was crossed or no change.
healthMonMemoryStatus—Memory threshold status indicating if threshold was crossed or no change.
healthMonCpuStatus—CPU threshold status indicating if threshold was crossed or no change.
17 healthMonPortTrap healthPortSlot
healthPortIF
healthMonRx-
Status
healthMonRxTx-
Status
health Indicates a port-level threshold
was crossed.
healthPortSlot—The physical slot number for this port.
healthPortIF—The on-board interface number.
healthMonRxStatus—Rx threshold status indicating if threshold was crossed or no change.
healthMonRxTxStatus—RxTx threshold status indicating if threshold was crossed or no change.
20 esmDrvTrapDropsLink esmPortSlot
esmPortIF
ifInErrors
ifOutErrors
esmDrvTrap-
Drops
interface This trap is sent when the Ether-
net code drops the link because
of excessive errors.
esmPortSlot—The physical slot number for this Ethernet Port. The slot number has been added to be used by
the private trap.
esmPortIF—The on-board interface number for this Ethernet port. The port number has been added to be used
by the private trap.
ifInErrors—For packet-oriented interfaces, the number of inbound packets that contained errors preventing
them from being deliverable to a higher-layer protocol. For character-oriented or fixed-length interfaces, the
number of inbound transmission units that contained errors preventing them from being deliverable to a higher-
layer protocol. Discontinuities in the value of this counter can occur at re-initialization of the management sys
-
tem and at other times as indicated by the value of ifCounterDiscontinuityTime.
ifOutErrors—For packet-oriented interfaces, the number of outbound packets that could not be transmitted
because of errors. For character-oriented or fixed-length interfaces, the number of outbound transmission units
that could not be transmitted because of errors. Discontinuities in the value of this counter can occur at re-ini
-
tialization of the management system and at other times as indicated by the value of ifCounterDiscontinuity-
Time.
esmDrvTrapDrops— Partitioned port (separated due to errors).
No. Trap Name Objects Family Description
SNMP Trap Information SNMP Traps Table
OmniSwitch AOS Release 6 Switch Management Guide December 2017 B-7
21 pimNeighborLoss pimNeigh-
borIfIndex
ipmr Signifies the loss of adjacency
with a neighbor device. This trap
is generated when the neighbor
time expires and the switch has
no other neighbors on the same
interface with a lower IP address
than itself.
pimNeighborIfIndex—The value of ifIndex for the interface used to reach this PIM neighbor.
24 risingAlarm alarmIndex
alarmVariable
alarmSample-
Type
alarmValue
alarmRising-
Threshold
rmon An Ethernet statistical variable
has exceeded its rising thresh
-
old. The variable’s rising thresh-
old and whether it will issue an
SNMP trap for this condition are
configured by an NMS station
running RMON.
alarmIndex—An index that uniquely identifies an entry in the alarm table. Each such entry defines a diagnostic
sample at a particular interval for an object on the device.
alarmVariable—The object identifier of the particular variable to be sampled. Only variables that resolve to an
ASN.1 primitive type of INTEGER (INTEGER, Integer32, Counter32, Counter64, Gauge, or TimeTicks) may
be sampled.
alarmSampleType—The method of sampling the selected variable and calculating the value to be compared
against the thresholds. If the value of this object is absoluteValue (1), the value of the selected variable will be
compared directly with the thresholds at the end of the sampling interval. If the value of this object is deltaValue
(2), the value of the selected variable at the last sample will be subtracted from the current value, and the differ
-
ence compared with the thresholds.
alarmValue—The value of the statistic during the last sampling period. For example, if the sample type is del-
taValue, this value will be the difference between the samples at the beginning and end of the period. If the sam-
ple type is absoluteValue, this value will be the sampled value at the end of the period.
alarmRisingThreshold—A threshold for the sampled statistic. When the current sampled value is greater than
or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single event
will be generated. A single event will also be generated if the first sample after this entry becomes valid is
greater than or equal to this threshold and the associated alarmStartupAlarm is equal to risingAlarm (1) or risin
-
gOrFallingAlarm (3).
No. Trap Name Objects Family Description
SNMP Traps Table SNMP Trap Information
B-8 OmniSwitch AOS Release 6 Switch Management Guide December 2017
25 fallingAlarm alarmIndex
alarmVariable
alarmSample-
Type
alarmValue
alarmFalling-
Threshold
rmon An Ethernet statistical variable
has dipped below its falling
threshold. The variable’s falling
threshold and whether it will
issue an SNMP trap for this con
-
dition are configured by an NMS
station running RMON.
alarmIndex—An index that uniquely identifies an entry in the alarm table. Each such entry defines a diagnostic
sample at a particular interval for an object on the device.
alarmVariable—The object identifier of the particular variable to be sampled. Only variables that resolve to an
ASN.1 primitive type of INTEGER (INTEGER, Integer32, Counter32, Counter64, Gauge, or TimeTicks) may
be sampled.
alarmSampleType—The method of sampling the selected variable and calculating the value to be compared
against the thresholds. If the value of this object is absoluteValue (1), the value of the selected variable will be
compared directly with the thresholds at the end of the sampling interval. If the value of this object is deltaValue
(2), the value of the selected variable at the last sample will be subtracted from the current value, and the differ
-
ence compared with the thresholds.
alarmValue—The value of the statistic during the last sampling period. For example, if the sample type is del-
taValue, this value will be the difference between the samples at the beginning and end of the period. If the sam-
ple type is absoluteValue, this value will be the sampled value at the end of the period.
alarmFallingThreshold—A threshold for the sampled statistic. When the current sampled value is less than or
equal to this threshold, and the value at the last sampling interval was greater than this threshold, a single event
will be generated. A single event will also be generated if the first sample after this entry becomes valid is less
than or equal to this threshold and the associated alarmStartupAlarm is equal to fallingAlarm (2) or risingOrFall
-
ingAlarm (3).
26 stpNewRoot vStpNumber stp Sent by a bridge that became the
new root of the spanning tree.
vStpNumber—The Spanning Tree number identifying this instance.
27 stpRootPortChange vStpNumber
vStpRootPort-
Number
stp A root port has changed for a
spanning tree bridge. The root
port is the port that offers the
lowest cost path from this bridge
to the root bridge.
vStpNumber—The Spanning Tree number identifying this instance.
vStpRootPortNumber—The port ifindex of the port which offers the lowest cost path from this bridge to the
root bridge for this spanning tree instance.
28 mirrorConfigError mirmonPrima-
rySlot
mirmonPrimary-
Port
mirroringSlot
mirroringPort
mirMonErrorNi
mirMonError
pmm The mirroring configuration
failed on an NI. This trap is sent
when any NI fails to configure
mirroring. Due to this error, port
mirroring session will be termi
-
nated.
mirmonPrimarySlot—Slot of mirrored or monitored interface.
mirmonPrimaryPort—Port of mirrored or monitored interface.
mirroringSlot—Slot of mirroring interface.
mirroringPort—Port of mirroring interface.
mirMonErrorNi—The NI slot number.
mirMonError—The Error returned by the NI which failed to configure Mirroring/Monitoring.
No. Trap Name Objects Family Description
SNMP Trap Information SNMP Traps Table
OmniSwitch AOS Release 6 Switch Management Guide December 2017 B-9
29 mirrorUnlikeNi mirmonPrima-
rySlot
mirmonPrimary-
Port
mirroringSlot
mirroringPort
mirMonErrorNi
pmm The mirroring configuration is
deleted due to the swapping of
different NI board type. The Port
Mirroring session which was
active on a slot cannot continue
with the insertion of different NI
type in the same slot.
mirmonPrimarySlot—Slot of mirrored or monitored interface.
mirmonPrimaryPort—Port of mirrored or monitored interface.
mirroringSlot—Slot of mirroring interface.
mirroringPort—Port of mirroring interface.
mirMonErrorNi—The NI slot number.
mirMonError—The Error returned by the NI which failed to configure Mirroring/Monitoring.
30 slPCAMStatusTrap slPCAMSlot-
Number
slPCAMSli-
ceNumber
slPCAMStatus
bridge The trap status of the Layer 2
pesudoCAM for this NI.
slPCAMSlotNumber—The slot number of this Coronado switching/routing ASIC.
slPCAMSliceNumber—The slice number of this Coronado switching/routing ASIC.
slPCAMStatus—The Layer 2 pesudoCAM status of this Coronado switching/routing ASIC.
31 unused N/A N/A
32 unused N/A N/A
34 ifMauJabberTrap ifMauJabber-
State
interface This trap is sent whenever a man-
aged interface MAU enters the
jabber state.
ifMauJabberState—The value other(1) is returned if the jabber state is not 2, 3, or 4. The agent MUST always
return other(1) for MAU type dot3MauTypeAUI. The value unknown(2) is returned when the MAU’s true state
is unknown; for example, when it is being initialized. If the MAU is not jabbering the agent returns noJabber(3).
This is the “normal” state. If the MAU is in jabber state the agent returns the jabbering(4) value.
35 sessionAuthenticationTrap sessionAccess-
Type
sessionUser-
Name
sessionUserI-
pAddress
sessionAuthFail-
ure
session An authentication failure trap is
sent each time a user authentica
-
tion is refused.
sessionAccessType—The access type of the session.
sessionUserName—The user name of the user logged-in.
sessionUserIpAddress—The IP address of the user logged-in.
No. Trap Name Objects Family Description
SNMP Traps Table SNMP Trap Information
B-10 OmniSwitch AOS Release 6 Switch Management Guide December 2017
36 trapAbsorptionTrap trapAbsorStamp
trapAbsorTrapId
trapAb-
sorCounter
trapAbsorTime
none The absorption trap is sent when
a trap has been absorbed at least
once.
trapAbsorStamp—The time stamp of the absorbed trap.
trapAbsorTrapId—The trap identifier of the absorbed trap.
trapAbsorCounter—The number of the iterations of the absorbed trap.
trapAbsorTime—The time stamp of the last iteration.
37 alaStackMgrDuplicateSlotTrap alaStack-
MgrSlotNI-
Number
chassis Two or more slots claim to have
the same slot number.
alaStackMgrSlotNINumber—The numbers allocated for the stack NIs are from 1 to 8.
38 alaStackMgrNeighborChangeTrap alaStack-
MgrStackSta-
tus
alaStack-
MgrSlotNI-
Number
alaStackMgr-
TrapLinkNum-
ber
chassis Indicates whether or not the stack
is in loop.
alaStackMgrStackStatus—Indicates whether the stack is or is not in a loop.
alaStackMgrSlotNINumber—The numbers allocated for the stack NIs are from 1to 8.
alaStackMgrTrapLinkNumber—Holds the link number when the stack is not in a loop.
39 alaStackMgrRoleChangeTrap alaStackMgrPri-
mary
alaStackMgrSec-
ondary
chassis Indicates that a new primary or
secondary stack is elected.
alaStackMgrPrimary—Holds the number of the stack, which is in Primary role.
alaStackMgrSecondary—Holds the number of the stack, which is in Secondary role.
No. Trap Name Objects Family Description
SNMP Trap Information SNMP Traps Table
OmniSwitch AOS Release 6 Switch Management Guide December 2017 B-11
40 lpsViolationTrap lpsTrap-
SwitchName
lpsTrapSwitchI-
pAddr
lpsTrap-
SwitchSlice
lpsTrapSwitch-
Port
lpsTrapViolat-
ingMac
lpsTrapViola-
tionType
systemServices-
Date
systemServices-
Time
bridge A Learned Port Security (LPS)
violation has occurred.
lpsTrapSwitchName—The name of the switch.
lpsTrapSwitchIpAddr—The IP address of switch.
lpsTrapSwitchSlice— The physical slice number for the LPS port on which the violation occurred.
lpsTrapSwitchPort—The physical port number on which the violation occurred.
lpsTrapViolatingMac—The violating MAC address.
lpsTrapViolationType—The type of violation that occurred on the LPS port.
systemServicesDate—This object contains the current System Date in the following format: MM/DD/YYYY.
systemServicesTime—This object contains the current System Time in the following format: HH:MM:SS.
41 alaDoSTrap alaDoSType
alaDoSDetected
ip Indicates that the sending agent
has received a Denial of Service
(DoS) attack.
alaDoSType—Index field for the alaDoSTable. Integer indicating the DoS Type: 0=portscan, 1=tcpsyn,
2=pingofdeath, 3=smurf, 3=pepsi, 5=land and 6=teardropBonkBoink.
alaDoSDetected—Number of attacks detected
No. Trap Name Objects Family Description
SNMP Traps Table SNMP Trap Information
B-12 OmniSwitch AOS Release 6 Switch Management Guide December 2017
42 gmBindRuleViolation gmBindRule-
Type
gmBindRu-
leVlanId
gmBindRuleI-
PAddress
gmBin-
dRuleMacAd-
dress
gmBindRulePor-
tIfIndex
gmBindRulePro-
toClass
gmBindRuleEth-
ertype
gmBindRuleD-
sapSsap
vlan Occurs whenever a binding rule
which has been configured gets
violated.
gmBindRuleType—Type of binding rule for which trap sent.
gmBindRuleVlanId—Binding Rule VLAN Id.
gmBindRuleIPAddress—Binding Rule IP address.
gmBindRuleMacAddress—Binding Rule Mac Address.
gmBindRulePortIfIndex—The ifIndex corresponding to the mobile port on which the binding rule violation
occurred.
gmBindRuleProtoClass—The encoded protocol number used for binding VLAN classification.
gmBindRuleEthertype—Ethertype value for generic Ethertype or snap rule. This value has no meaning for
vProtoRuleProtoClass set to values other than 9 or 11.
gmBindRuleDsapSsap— DSAP and SSAP values for generic DSAP/SSAP and SNAP rules. This value has no
meaning for vProtoRuleProtoClass set to values other than 10.
43 unused N/A N/A
44 unused N/A N/A
45 unused N/A N/A
46 unused N/A N/A
47 pethPsePortOnOff pethPsePortDe-
tectionStatus
module Indicates if power inline port is
or is not delivering power to the a
power inline device.
pethPsePortDetectionStatus—Describes the operational status of the port PD detection. A value of disabled
(1)- indicates that the PSE State diagram is in the state IDLE. A value of searching (2)- indicates that the PSE
State diagram is in the state DETECTION, CLASSIFICATION, SIGNATURE_INVALID or BACKOFF. A
value of deliveringPower (4) - indicates that the PSE State diagram is in the state POWER_UP, POWER_ON or
POWER_OFF. A value of fault (5) - indicates that the PSE State diagram is in the state TEST_ERROR or the
state IDLE due to the variable error condition. Faults detected are vendor-specific. A value of test (7) - indicates
that the PSE State diagram is in the state TEST_MODE. A value of denyLowPriority (8) indicates that the port
was disabled by the power management system, in order to keep active higher priority ports.
No. Trap Name Objects Family Description
SNMP Trap Information SNMP Traps Table
OmniSwitch AOS Release 6 Switch Management Guide December 2017 B-13
48 pethPsePortPowerMaintenanceStatus pethPsePortPow-
erMaintenan-
ceStatus
module Indicates the status of the power
maintenance signature for inline
power.
pethPsePortPowerMaintenanceStatus—The value ok (1) indicates the Power Maintenance Signature is pres-
ent and the overcurrent condition has not been detected. The value overCurrent (2) indicates an overcurrent con-
dition has been detected. The value mPSAbsent (3) indicates that the Power Maintenance Signature is absent.
49 pethMainPowerUsageOn pethMainPseC-
onsumption-
Power
module Indicates that the power inline
usage is above the threshold.
pethMainPseConsumptionPower—Measured usage power expressed in Watts.
50 pethMainPowerUsageOff pethMainPseC-
onsumption-
Power
module Indicates that the power inline
usage is below the threshold.
pethMainPseConsumptionPower—Measured usage power expressed in Watts.
53 httpServerDoSAttackTrap httpConnection-
Stats
httpsConnection-
Stats
webmgt This trap is sent to management
station(s) when the HTTP server
is under Denial of Service attack.
The HTTP and HTTPS connec
-
tions are sampled at a 15 second
interval. This trap is sent every 1
minute while the HTTP server
detects it is under attack.
httpConnectionStats—The number of HTTP connection attempts over the past 15 seconds.
54 alaStackMgrDuplicateRoleTrap alaStack-
MgrSlotNI-
Number
alaStackMgr-
ChasRole
chassis The element identified by
alaStackMgrSlotNINumber
detected the presence of two ele
-
ments with the same primary or
secondary role as specified by
alaStackMgrChasRole on the
stack.
alaStackMgrSlotNINumber—Numbers allocated for the stack NIs as follows:
- 0: invalid slot number
- 1..8: valid and assigned slot numbers corresponding to values from the entPhysicalTable
- 1001..1008: switches operating in pass through mode
- 255: unassigned slot number.
alaStackMgrChasRole—The current role of the chassis as follows:
- unassigned(0),
- primary(1),
- secondary(2),
- idle(3),
- standalone(4),
- passthrough(5).
No. Trap Name Objects Family Description
SNMP Traps Table SNMP Trap Information
B-14 OmniSwitch AOS Release 6 Switch Management Guide December 2017
55 alaStackMgrClearedSlotTrap alaStack-
MgrSlotNI-
Number
chassis The element identified by
alaStackMgrSlotNINumber will
enter the pass through mode
because its operational slot was
cleared with immediate effect.
alaStackMgrSlotNINumber—Numbers allocated for the stack NIs as follows:
- 0: invalid slot number
- 1..8: valid and assigned slot numbers corresponding to values from the entPhysicalTable
- 1001..1008: switches operating in pass through mode
- 255: unassigned slot number.
56 alaStackMgrOutOfSlotsTrap N/A chassis One element of the stack will
enter the pass through mode
because there are no slot num
-
bers available to be assigned to
this element.
57 alaStackMgrOutOfTokensTrap alaStack-
MgrSlotNI-
Number
chassis The element identified by
alaStackMgrSlotNINumber will
enter the pass through mode
because there are no tokens
available to be assigned to this
element.
alaStackMgrSlotNINumber—Numbers allocated for the stack NIs as follows:
- 0: invalid slot number
- 1..8: valid and assigned slot numbers corresponding to values from the entPhysicalTable
- 1001..1008: switches operating in pass through mode
- 255: unassigned slot number.
58 alaStackMgrOutOfPassThruSlotsTrap N/A chassis There are no pass through slots
available to be assigned to an ele
-
ment that is supposed to enter the
pass through mode.
59 gmHwVlanRuleTableOverloadAlert gmOverload-
RuleTable
gmOverload-
RuleType
gmOverloadRu-
leVlanId
gmOverload-
RuleMacAd-
dress
gmOverloadRu-
leIpAddress
gmOverload-
RuleProtocol
vlan An overload trap occurs when-
ever a new entry to the hardware
VLAN rule table gets dropped
due to the overload of the table.
gmOverloadRuleTable—Overloaded hardware VLAN rule table.
gmOverloadRuleType—VLAN rule types that are not configured due to the overload of the hardware VLAN
rule table.
gmOverloadRuleVlanId—The overloaded VLAN ID.
gmOverloadRuleMacAddress—The overloaded MAC address.
gmOverloadRuleIpAddress—The overloaded IP address.
gmOverloadRuleProtocol—The overloaded protocol type.
No. Trap Name Objects Family Description
SNMP Trap Information SNMP Traps Table
OmniSwitch AOS Release 6 Switch Management Guide December 2017 B-15
60 lnkaggAggUp traplnkaggId
traplnkaggPortI-
fIndex
linkaggre-
gation
Indicates the link aggregate is
active. This trap is sent when any
one port of the link aggregate
group goes into the attached
state.
traplnkaggId—Index value of the Link Aggregate group.
traplnkaggIfIndex—Port of the Link Aggregate group.
61 lnkaggAggDown traplnkaggId
traplnkaggPortI-
fIndex
linkaggre-
gation
Indicates the link aggregate is not
active. This trap is sent when all
ports of the link aggregate group
are no longer in the attached
state.
traplnkaggId—Index value of the Link Aggregate group.
traplnkaggIfIndex—Port of the Link Aggregate group.
62 lnkaggPortJoin traplnkaggId
traplnkaggPortI-
fIndex
linkaggre-
gation
This trap is sent when any given
port of the link aggregate group
goes to the attached state.
traplnkaggId—Index value of the Link Aggregate group.
traplnkaggIfIndex—Port of the Link Aggregate group.
63 lnkaggPortLeave traplnkaggId
traplnkaggPortI-
fIndex
linkaggre-
gation
This trap is sent when any given
port detaches from the link
aggregate group.
traplnkaggId—Index value of the Link Aggregate group.
traplnkaggIfIndex—Port of the Link Aggregate group.
64 lnkaggPortRemove traplnkaggId
traplnkaggPortI-
fIndex
linkaggre-
gation
This trap is sent when any given
port of the link aggregate group
is removed due to an invalid con
-
figuration.
traplnkaggId—Index value of the Link Aggregate group.
traplnkaggIfIndex—Port of the Link Aggregate group.
65 pktDrop pktDropType
pktDropIfIndex
pktDropCount
pktDropFrag
IP The pktDrop trap indicates that
the sending agent has dropped
certain packets (to blocked IP
ports, from spoofed addresses,
etc.).
pktDropType—Reason index for why the packet was dropped.
pktDropIfIndex—Interface index (if_index) of the ingress port of the dropped pkt.
pktDropCount—The number of packet drops (within a configured time interval) of the pktDropType that trig-
gered this particular trap instance.
pktDropFrag—Less than or equal to 512 bytes of the dropped packet (dsmac[12], tag[4], etype[2], pay-
load[..512] (0 if DropCount only).
No. Trap Name Objects Family Description
SNMP Traps Table SNMP Trap Information
B-16 OmniSwitch AOS Release 6 Switch Management Guide December 2017
66 monitorFileWritten mirmonPrima-
rySlot
mirmonPrimary-
Port
monitorFile-
Name
monitorFileSize
pmm A File Written Trap is sent when
the amount of data requested by
the user has been written by the
port monitoring instance.
mirmonPrimarySlot—Slot of mirrored or monitored interface.
mirmonPrimaryPort—Port of mirrored or monitored interface.
monitorFileName—The name of the file in which the traffic will be stored (the default is
“PMONITOR.ENC”).
monitorFileSize—The number of bytes in 16K (16384) increments allowed for the file (default 16384 bytes).
The file contains only the last monitorFileName bytes of the current port monitoring instance.
69 gmHwMixModeSubnetRuleTable-
OverloadAlert
gmSubnetRuleT-
able
gmOverload-
RuleSlice
vlan An subnet overload trap occurs
in mixed mode whenever a new
entry to the HW subnet rule table
gets dropped due to the overload
of the table.
gmSubnetRuleTable—Overloaded HW subnet rule table.
gmOverloadRuleSlice—Overloaded slot Id.
Note: This trap is not supported.
70 pethPwrSupplyConflict pethSourceSlot chassis This trap is sent when there is a
power supply conflict in a POE
device.
pethSourceSlot—Slot number of generating entity.
71 pethPwrSupplyNotSupported pethSourceSlot chassis This trap is sent when the power
supply is not supported.
pethSourceSlot—Slot number of generating entity.
72 lpsPortUpAfterLearningWindowEx-
piredT
lpsTrap-
SwitchName
lpsTrap-
SwitchSlice
lpsTrapSwitch-
Port
systemServices-
Date
systemServices-
Time
bridge This trap is sent when an LPS
port joins or is enabled after the
Learning Window is expired, dis
-
abling the MAC address learning
on the port.
This trap is also generated at the
time the Learning Window
expires, with a slice and port
value of 0.
lpsTrapSwitchName—The name of the switch.
lpsTrapSwitchSlice—The slot number for the LPS port on which the violation occured
lpsTrapSwitchPort—The port number for the LPS port on which the violation occured
systemServicesDate—The current System Date in the following format: MM/DD/YYYY.
systemServicesTime—The current System Time in the following format: HH:MM:SS.
92
dot1agCfmFaultAlarm
bridge A
gmSubnetRuleTable—Overloaded HW subnet rule table.
gmOverloadRuleSlice—Overloaded slot Id.
93 unused N/A N/A N/A
No. Trap Name Objects Family Description
SNMP Trap Information SNMP Traps Table
OmniSwitch AOS Release 6 Switch Management Guide December 2017 B-17
94 lldpRemTablesChange lldptatsRem-
TablesInserts
lldptatsRem-
TablesDeletes
lldptatsRem-
TablesDrops
lldptatsRem-
TablesAgeouts
aip This trap is sent when the value
ofthe LLDP Stats Rem Table
Last ChangeTime changes. It
can be utilized by an NMS to
trigger LLDP remote systems
table maintenance polls.
lldptatsRemTablesInserts—The number of times the complete set of information advertised by a particular
MSAP has been inserted into tables contained in lldpRemoteSystemsData and lldpExtensions objects.
lldptatsRemTablesDeletes—The number of times the complete set of information advertised by a particular
MSAP has been deleted from tables contained in lldpRemoteSystemsData and lldpExtensions objects
lldptatsRemTablesDrops—The number of times the complete set of information advertised by a particular
MSAP could not be entered into tables contained in lldpRemoteSystemsData and lldpExtensions objects because
of insufficient resources
lldptatsRemTablesAgeouts—The number of times the complete set of information advertised by a particular
MSAP has been deleted from tables contained in lldpRemoteSystemsData and lldpExtensions objects because
the information timeliness interval has expired.
95 chassisTrapsPossibleDuplicateMac physicalIndex
baseMacAddress
chassis This trap is sent when there is a
possiblity of duplicate a MAC
address in the network.
physicalIndex—The Physical index of the involved object.
baseMacAddress—The base MAC Address.
96 alaPimNeighborLoss alaPimNeigh-
borUpTime
ipmr This trap is sent when an adja-
cency with a neighbor is lost.
The notification is generated
when the neighbor timer expires,
and the router has no other neigh
-
bors on the same interface with
the same IP version and a lower
IP address than itself.
The notification is generated
whenever the PIM NeighborLoss
Count is incremented, subject to
the rate limit specified by the
PIM Neighbor Loss Notification
-
Period.
alaPimNeighborUpTime—The time since this PIM neighbor (last) became a neighbor of the local router.
No. Trap Name Objects Family Description
SNMP Traps Table SNMP Trap Information
B-18 OmniSwitch AOS Release 6 Switch Management Guide December 2017
97 alaPimInvalidRegister alaPimGroup-
MappingPim-
Mode
alaPimIn-
validRegis-
terAddressTyp
e
alaPimIn-
validRegister-
Origin
alaPimIn-
validRegister-
Group
alaPimIn-
validRegis-
terRp
ipmr This trap is sent when an invalid
PIM Register message is
received.
The notification is generated
whenever the PIM Invalid Regis
-
ter Message Reveived counter is
incremented, subject to the rate
limit specified by the Invalid
Register NotificationPeriod.
alaPimGroupMappingPimMode—The PIM mode used for groups in this group prefix.
alaPimInvalidRegisterAddressType—The address type stored in alaPimInvalidRegisterOrigin, alaPimInvalid
RegisterGroup and alaPimInvalidRegisterRp. If no unexpected Register messages are received, the onject is set
to “Unknown”.
alaPimInvalidRegisterOrigin—The source address of the last unexpected Register message received by this-
device
alaPimInvalidRegisterGroup—The IP multicast group address to which the last unexpected Register message
received by this device was addressed.
alaPimInvalidRegisterRp—The RP address to which the last unexpected Register message received by this
device was delivered.
98 alaPimInvalidJoinPrune alaPimGroup-
MappingPim-
Mode
alaPimInvali-
dJoinPruneAd-
dressType
alaPimInvali-
dJoinPruneOr-
igin
alaPimInvali-
dJoinPrune-
Group
alaPimInvali-
dJoinPruneRp
alaPimNeigh-
borUpTime
ipmr This trap is sent when an invalid
PIM Join/Prune message is
received.
The notification is generated
whenever the PIM Invalid Join
Prune Messages Recieved
counter is incremented, subject to
the rate limit specified by the
PIM Invalid Join/Prune Notifica
-
tion Period.
alaPimGroupMappingPimMode—The PIM mode used for groups in this group prefix.
alaPimInvalidRegisterAddressType—The address type stored in alaPimInvalidRegisterOrigin, alaPimInvalid
RegisterGroup and alaPimInvalidRegisterRp. If no unexpected Register messages are received, the onject is set
to “Unknown”.
alaPimInvalidJoinPruneOrigin—The source address of the last unexpected Join/Prune message received
alaPimInvalidJoinPruneGroup—The IP multicast group address carried in the last unexpected Join/Prune
message received
alaPimInvalidJoinPruneRp—The RP address carried in the last unexpected Join/Prune message received
alaPimNeighborUpTime—The time since this PIM neighbor (last) became a neighbor of the local router.
No. Trap Name Objects Family Description
SNMP Trap Information SNMP Traps Table
OmniSwitch AOS Release 6 Switch Management Guide December 2017 B-19
99 alaPimRPMappingChange alaPimGroup-
MappingPim-
Mode
alaPimGroup-
MappingPre-
cedence
ipmr This trap is sent when a change is
detected to the active RP map
-
ping on the device.
The notification is generated
whenever the PIM RP Mapping
Change Count is incremented,
subject to the rate limit specified
by PIM RP Mapping Change
Notification Period
alaPimGroupMappingPimMode—The PIM mode used for groups in this group prefix.
alaPimGroupMappingPrecedence—The value for alaPimGroupMappingPrecedence to be used for this static
RP configuration. This allows fine control over which configuration is overridden by this static configuration
100 alaPimInterfaceElection alaPimInter-
faceAddress-
Type
alaPimInter-
faceAddress
ipmr This trap is sent when a new DR
or DR has been elected on a net-
work.
The notification is generated
whenever the counter PIM Inter
-
face Elections Win Count is
incremented, subject to the rate
limit specified by PIM Interface
Election Notification Period.
alaPimInterfaceAddressType—The address type of the PIM interface.
alaPimInterfaceAddress—The primary IP address of this router on this PIM interface.
101 lpsLearnTrap lpsLearnTrap-
Threshold
bridge This trap is sent when the num-
ber of bridged MACs learned
matches the configured Learned
Trap Threshhold. A trap is then
generated or every additional
MAC that is learned.
lpsLearnTrapThreshold—The number of bridged MAC addresses that can be learned before a trap is sent.
102 gvrpVlanLimitReachedEvent alaGvrpMax-
VlanLimit
bridge This trap is sent when the num-
ber of dynamically-learned
VLANs has reached the config
-
ured limit.
alaGvrpMaxVlanLimit—The maximum number of dynamic VLANs that can be created on the system by
GVRP before a trap is sent.
alaNetSecPortTrapInfoIfId—The interface index of port on which anomaly is detected.
105 udldStateChange alaUdldPortIfIn-
dex
alaUdld-
PrevState
alaUdldCurrent-
State
interface This trap is sent when the UDLD
state of a port has changed.
alaUdldPortIfIndex—The interface index of the port which troggered the UDLD trap.
alaUdldPrevState—The previous UDLD state of the port - notapplicable (0), shutdown (1), undetermined (2),
bidirectional (3).
alaUdldCurrentState—he current UDLD state of the port - notapplicable (0), shutdown (1), undetermined (2),
bidirectional (3).
No. Trap Name Objects Family Description
SNMP Traps Table SNMP Trap Information
B-20 OmniSwitch AOS Release 6 Switch Management Guide December 2017
106 healthMonIpcTrap healthMonIp-
cPoolStatus
health This trap is sent when IPC Pools
exceed usage.
healthMonIpcPoolStatus—The IPC Pools usage status.
107
bcmHashCollisionTrap
? eth This trap is sent when ?
bcmHashCollisionTrap—The ?
108 healthMonCpuShutPortTrap healthMod-
uleSlot
ifIndex
healthMod-
uleCpuLatest
health This trap is sent when port is shut
down because of a CPU spike.
healthModuleSlot—The slot on which anomaly is detected.
ifIndex—The port on which anomaly is detected.
healthModuleCpuLatest—The average module-level CPU utilization over the latest sample period (percent).
109 arpMaxLimitReached none ip This trap is sent when the hard-
ware table has reached the
maximum number of entries sup-
ported. The OmniSwitch will not
generate new ARP request for
new nexthops.
110 ndpMaxLimitReached none ipv6 This trap is sent when the hard-
ware table has reached the
maximum number of entries sup-
ported. The OmniSwitch will not
generate new ARP request for
new nexthops.
111 ripRouteMaxLimitReached none rip This trap is sent when the RIP
database reaches the supported
maximum number of entries.
When the maximum number is
reached, RIP discards any new
updates.
112 ripngRouteMaxLimitReached none ripng This trap is sent when the RIPng
database reaches the supported
maximum number of entries.
When the maximum number is
reached, RIPng discards any new
updates.
113
-
118
Reserved
No. Trap Name Objects Family Description
SNMP Trap Information SNMP Traps Table
OmniSwitch AOS Release 6 Switch Management Guide December 2017 B-21
119 dot3OamThresholdEvent dot3OamEvent-
LogTimestamp
dot3OamEvent-
LogOui
dot3OamEvent-
LogType
dot3OamEvent-
LogLocation
dot3OamEvent-
LogWindowHi
dot3OamEvent-
LogWin-
dowLo
dot3OamEvent-
LogThresh-
oldHi
dot3OamEvent-
LogThresh-
oldLo
dot3OamEvent-
LogValue
dot3OamEvent-
LogRunning-
Total
dot3OamEvent-
LogEventTotal
dot3-oam
This trap is sent when a local or
remote threshold crossing event
is detected. A local threshold
crossing event is detected by the
local entity, while a remote
threshold crossing event is
detected by the reception of an
Ethernet OAM Event Notifica
-
tion OAMPDU that indicates a
threshold event.
dot3OamEventLogTimestamp—The sysUpTime at the time of the logged event.
dot3OamEventLogOui—The OUI of the entity defining the object type. All IEEE 802.3 defined events (as
appearing in [802.3ah] except for the Organizationally Unique Event TLVs) use the IEEE 802.3 OUI of
0x0180C2. Organizations defining their own Event Notification TLVs include their OUI in the Event Notifica
-
tion TLV that is reflected here.
dot3OamEventLogType—The type of event that generated this entry in the event log. When the OUI is the
IEEE 802.3 OUI of 0x0180C2, the following event types are defined: erroredSymbolEvent(1), erroredFramePe
-
riodEvent(2), erroredFrameEvent(3), erroredFrameSecondsEvent(4), linkFault(256), dyingGaspEvent(257),
criticalLinkEvent(258).
dot3OamEventLogLocation—Indicates whether this event occurred locally (local(1)), or was received from
the OAM peer via Ethernet OAM (remote(2)).
dot3OamEventLogWindowHi—The time interval, in seconds, that is used to monitor the “High” threshold
limit for this event. A notification is sent every time the threshold is exceeded during any 5-second monitoring
interval.
dot3OamEventLogWindowLo—The time interval, in seconds, that is used to monitor the “Low” threshold
limit for this event. A notification is sent every time the threshold is exceeded during any 5-second monitoring
interval.
dot3OamEventLogThresholdHi—The “High” threshold level set for the event.
dot3OamEventLogThresholdLo—The “Low” threshold level set for the event.
dot3OamEventLogValue—The value of the event when it exceeded a threshold limit.
dot3OamEventLogRunningTotal—the total number of times this event has happened since the last reset
dot3OamEventLogEventTotal—The total number of times this event has resulted in a notification.
No. Trap Name Objects Family Description
SNMP Traps Table SNMP Trap Information
B-22 OmniSwitch AOS Release 6 Switch Management Guide December 2017
120 dot3OamNonThresholdEvent dot3OamEvent-
LogTimestamp
dot3OamEvent-
LogOui
dot3OamEvent-
LogType
dot3OamEvent-
LogLocation
dot3OamEvent-
LogEventTotal
dot3-oam This trap is sent when a local or
remote non-threshold crossing
event is detected. A local event is
detected by the local entity, while
a remote event is detected by the
reception of an Ethernet OAM
Event Notification OAMPDU
that indicates a non-threshold
crossing event.
dot3OamEventLogTimestamp—The value of sysUpTime at the time of the logged event.
dot3OamEventLogOui—The OUI of the entity defining the object type. All IEEE 802.3 defined events (as
appearing in [802.3ah] except for the Organizationally Unique Event TLVs) use the IEEE 802.3 OUI of
0x0180C2. Organizations defining their own Event Notification TLVs include their OUI in the Event Notifica
-
tion TLV that gets reflected here.
dot3OamEventLogType—The type of event that generated this entry in the event log. When the OUI is the
IEEE 802.3 OUI of 0x0180C2, the following event types are defined: erroredSymbolEvent(1), erroredFramePe
-
riodEvent(2), erroredFrameEvent(3), erroredFrameSecondsEvent(4), linkFault(256), dyingGaspEvent(257),
criticalLinkEvent(258).
dot3OamEventLogLocation—Indicates whether this event occurred locally (local(1)), or was received from
the OAM peer via Ethernet OAM (remote(2)).
dot3OamEventLogEventTotal—The total number of times this event has resulted in a notification.
121 alaDot3OamThresholdEventClear dot3OamEvent-
LogTimestamp
dot3OamEvent-
LogOui
dot3OamEvent-
LogType
dot3OamEvent-
LogLocation
dot3OamEvent-
LogWindowHi
dot3OamEvent-
LogWin-
dowLo
dot3OamEvent-
LogThresh-
oldHi
dot3OamEvent-
LogThresh-
oldLo
dot3OamEvent-
LogValue
dot3OamEvent-
LogRunning-
Total
dot3OamEvent-
LogEventTotal
dot3-oam This trap is sent when is sent
when a local or remote threshold
crossing event is recovered.
No. Trap Name Objects Family Description
SNMP Trap Information SNMP Traps Table
OmniSwitch AOS Release 6 Switch Management Guide December 2017 B-23
dot3OamEventLogTimestamp—The sysUpTime at the time of the logged event.
dot3OamEventLogOui—The OUI of the entity defining the object type. All IEEE 802.3 defined events (as
appearing in [802.3ah] except for the Organizationally Unique Event TLVs) use the IEEE 802.3 OUI of
0x0180C2. Organizations defining their own Event Notification TLVs include their OUI in the Event Notifica
-
tion TLV that is reflected here.
dot3OamEventLogType—The type of event that generated this entry in the event log. When the OUI is the
IEEE 802.3 OUI of 0x0180C2, the following event types are defined: erroredSymbolEvent(1), erroredFramePe
-
riodEvent(2), erroredFrameEvent(3), erroredFrameSecondsEvent(4), linkFault(256), dyingGaspEvent(257),
criticalLinkEvent(258).
dot3OamEventLogLocation—Indicates whether this event occurred locally (local(1)), or was received from
the OAM peer via Ethernet OAM (remote(2)).
dot3OamEventLogWindowHi—The time interval, in seconds, that is used to monitor the “High” threshold
limit for this event. A notification is sent every time the threshold is exceeded during any 5-second monitoring
interval.
dot3OamEventLogWindowLo—The time interval, in seconds, that is used to monitor the “Low” threshold
limit for this event. A notification is sent every time the threshold is exceeded during any 5-second monitoring
interval.
dot3OamEventLogThresholdHi—The “High” threshold level set for the event.
dot3OamEventLogThresholdLo—The “Low” threshold level set for the event.
dot3OamEventLogValue—The value of the event when it exceeded a threshold limit.
dot3OamEventLogRunningTotal—the total number of times this event has happened since the last reset
dot3OamEventLogEventTotal—The total number of times this event has resulted in a notification.
122 alaDot3OamNonThresholdEventClear dot3OamEvent-
LogTimestamp
dot3OamEvent-
LogOui
dot3OamEvent-
LogType
dot3OamEvent-
LogLocation
dot3OamEvent-
LogEventTotal
dot3-oam This trap is sent is sent when a
local or remote non-threshold
crossing event is recovered.
dot3OamEventLogTimestamp—The value of sysUpTime at the time of the logged event.
dot3OamEventLogOui—The OUI of the entity defining the object type. All IEEE 802.3 defined events (as
appearing in [802.3ah] except for the Organizationally Unique Event TLVs) use the IEEE 802.3 OUI of
0x0180C2. Organizations defining their own Event Notification TLVs include their OUI in the Event Notifica
-
tion TLV that gets reflected here.
dot3OamEventLogType—The type of event that generated this entry in the event log. When the OUI is the
IEEE 802.3 OUI of 0x0180C2, the following event types are defined: erroredSymbolEvent(1), erroredFramePe-
riodEvent(2), erroredFrameEvent(3), erroredFrameSecondsEvent(4), linkFault(256), dyingGaspEvent(257),
criticalLinkEvent(258).
dot3OamEventLogLocation—Indicates whether this event occurred locally (local(1)), or was received from
the OAM peer via Ethernet OAM (remote(2)).
dot3OamEventLogEventTotal—The total number of times this event has resulted in a notification.
123
-
146
Reserved
No. Trap Name Objects Family Description
SNMP Traps Table SNMP Trap Information
B-24 OmniSwitch AOS Release 6 Switch Management Guide December 2017
147 halHashCollisionTrap halHashColli-
sionMac,
halHashColli-
sionSlot,
halHashColli-
sionPort,
halHashColli-
sionVlan,
halHashColli-
sionTable
bridge Trap to notify of a hash collision
in BCM table.
halHashCollisionMac—MAC for which the collision occurred.
halHashCollisionSlot—Physical slot number on which the collision MAC tried to be added.
halHashCollisionPort—Physical port number on which the collision MAC tried to be added.
halHashCollisionVlan—The VLAN ID on which the collision MAC tried to be added.
halHashCollisionTable—The BCM table in which the collision occurred.
148 alaLbdStateChangeToShutdown alaLbdPortIfIn-
dex,
alaLbdPrevi-
ousState,
alaLbdCurrent-
State
ldb When the port state is changed to
shutdown, a notification is sent
to the Management Entity with
the LBD-state information.
alaLbdPortIfIndex—The ifIndex of the port on which LBD trap is raised.
alaLbdPreviousState—The previous state of the port on which LBD was running.
alaLbdCurrentState—The current state of the port on which LBD was running.
149 alaLbdStateChangeForClearViolation-
All
alaLbdPortIfIn-
dex,
alaLbdPrevi-
ousStateClear-
ViolationAll,
alaLbdCurrent-
StateClearVio-
lationAll
lbd When the the port state changes
from shutdown due to
clear-violation-all, a notification
is sent to the Management
Entity, with the LBD-state infor-
mation.
alaLbdPortIfIndex—The ifIndex of the port on which LBD trap is raised.
alaLbdPreviousStateClearViolationAll—The state of the port where LBD was running before clear-violation-
all applied.
alaLbdCurrentStateClearViolationAll—The state of the port where LBD was running after clear-violation-all
applied.
150 alaLbdStateChangeForAutoRecovery alaLbdPortIfIn-
dex,
alaLbdPrevi-
ousStateAuto-
Recovery,
alaLbdCurrent-
StateAutoRe-
covery
lbd When the port state changes from
shutdown due to auto-recovery
mechanism, a notification is sent
to the Management Entity
with the LBD-state information.
alaLbdPortIfIndex—The ifIndex of the port on which LBD trap is raised.
alaLbdPreviousStateAutoRecovery—The state of the port where LBD was running before auto-recovery.
alaLbdCurrentStateAutoRecovery—The state of the port where LBD was running after auto-recovery.
151
-
152
Reserved
No. Trap Name Objects Family Description
SNMP Trap Information SNMP Traps Table
OmniSwitch AOS Release 6 Switch Management Guide December 2017 B-25
153
alaErpRingPortStatusChanged
alaErpRingId,
alaErpRing-
PortIfIndex,
alaErpRing-
PortStatus
bridge This trap is sent when the ring
port status is changed.
alaErpRingId—The Ring identifier that is unique in the bridge.
alaErpRingPortIfIndex—The interface index - either a bridge port, or an aggregated link within a bridge port,
to which ring port is configured.
alaErpRingPortStatus—The status of the ring port.
154
-
158
Reserved
159 alaDhcpClientAddressAddTrap alaDhcpClien-
tAddress
ip-helper This trap is sent when a new IP
address is assigned to a DHCP
client interface.
alaDhcpClientAddress—The current IP address of the DHCP client.
160
alaDhcpClientAddressExpiryTrap
ialaDhcpClien-
tAddress
ip-helper This trap is sent when the lease
time expires or when a DHCP
client unable to renew/rebind an
IP address.
alaDhcpClientAddress—The current IP address of the DHCP client.
161
alaDhcpClientAddressModifyTrap
alaDhcpClien-
tAddress,
alaDhcpClient-
NewAddress
ip-helper This trap is sent when the DHCP
client unable to obtain the exist
-
ing IP address and a new IP
address is assigned to the DHCP
client.
alaDhcpClientAddress—The current IP address of the DHCP client.
alaDhcpClientNewAddress—The new IP address assigned to the DHCP client.
162
alaDyingGaspTrap
alaDyingGaspS-
lot,
alaDyingGasp-
PowerSupply-
Type,
alaDyingGasp-
Time
interface This trap is sent when a switch
has lost all power.
alaDyingGaspSlot—The slot number of the chassis whose NI is going down.
alaDyingGaspPowerSupplyType—The type of the power supply.
alaDyingGaspTime—The time of the failure.
163
alaTestOamTxDoneTrap
alaTestOamCon-
figTestId,
alaTestOamCon-
figSourceEnd-
point,
alaTestOamCon-
figTestIdStatus
bridge After a configured time interval,
this trap is sent to the NMS from
Generator switch when the test
duration expires.
alaTestOamConfigTestId—A unique name to identify the entries in the table.
alaTestOamConfigSourceEndpoint—The the local or transmitting switch. For bidirectional test, this also iden-
tifies the analyzer switch.
alaTestOamConfigTestIdStatus—The test status (not started, running, stopped, ended).
No. Trap Name Objects Family Description
SNMP Traps Table SNMP Trap Information
B-26 OmniSwitch AOS Release 6 Switch Management Guide December 2017
164
alaTestOamRxReadyTrap
alaTestOamCon-
figTestId,
alaTestOamCon-
figSourceEnd-
point,
alaTestOamCon-
figTestIdStatus
bridge This trap is sent to the NMS once
the switch with Analyzer or
Loopback Role is ready to
receive test traffic. Once this trap
is received, the Generator is acti
-
vated for generating test traffic.
alaTestOamConfigTestId—A unique name to identify the entries in the table.
alaTestOamConfigSourceEndpoint—The the local or transmitting switch. For bidirectional test, this also iden-
tifies the analyzer switch.
alaTestOamConfigTestIdStatus—The test status (not started, running, stopped, ended).
165
alaTestOamTestAbortTrap
alaTestOamCon-
figTestId
bridge This trap is sent to the NMS from
the switch, if the test is aborted
during takeover.
alaTestOamConfigTestId—A unique name to identify the entries in the table.
166
Reserved
167
Reserved
168
alaSaaIPIterationCompleteTrap
alaSaaCtrlOwn-
erIndex,
alaSaaCtrlT-
estIndex,
alaSaaIpResult-
sTestRunIn-
dex,
alaSaaCtrl-
LastRunRe-
sult,
alaSaaCtrl-
LastRunTime
system This trap is sent when an IP SAA
iteration is completed.
alaSaaCtrlOwnerIndex—An owner name to identify entries in the table. This is currently not supported and its
value will always be the string 'USER'.
alaSaaCtrlTestIndex—A unique name to identify the entries in the table. The name is unique across various
SNMP users.
alaSaaIpResultsTestRunIndex—Identifies the row entry that reports results for a single OAM test run. The
value of this object starts from 1 and can go upto a maximum of alaSaaCtrlMaxHistoryRows.
alaSaaCtrlLastRunResult—The result of the latest SAA test iteration: 1 - Undetermined, 2 - Success, 3 -
Failed, 4 - Aborted.
alaSaaCtrlLastRunTime—The date and time at which the last iteration of the SAA was run.
No. Trap Name Objects Family Description
SNMP Trap Information SNMP Traps Table
OmniSwitch AOS Release 6 Switch Management Guide December 2017 B-27
169
alaSaaEthIterationCompleteTrap
alaSaaCtrlOwn-
erIndex,
alaSaaCtrlT-
estIndex,
alaSaaEthoam-
ResultsT-
estRunIndex,
alaSaaCtrl-
LastRunRe-
sult,
alaSaaCtrl-
LastRunTime
system This trap is sent is sent when a
Eth-LB or Eth-DMM SAA itera
-
tion is completed.
alaSaaCtrlOwnerIndex—An owner name to identify entries in the table. This is currently not supported and its
value will always be the string 'USER'.
alaSaaCtrlTestIndex—A unique name to identify the entries in the table. The name is unique across various
SNMP users.
alaSaaEthoamResultsTestRunIndex—Identifies the row entry that reports results for a single Eth-LB/DMM
test run. The value of this object starts from 1 and can go upto a maximum of alaSaaCtrlMaxHistoryRows.
alaSaaCtrlLastRunResult—The result of the latest SAA test iteration: 1 - Undetermined, 2 - Success, 3 -
Failed, 4 - Aborted.
alaSaaCtrlLastRunTime—The date and time at which the last iteration of the SAA was run..
170
alaSaaMacIterationCompleteTrap
alaSaaCtrlOwn-
erIndex
alaSaaCtrlT-
estIndex,
alaSaaMacRe-
sultsTestRun-
Index,
alaSaaCtrl-
LastRunRe-
sult,
alaSaaCtrl-
LastRunTime
system This trap is sent is sent when a
MAC SAA iteration is
completed.
alaSaaCtrlOwnerIndex—An owner name to identify entries in the table. This is currently not supported and its
value will always be the string 'USER'.
alaSaaCtrlTestIndex—A unique name to identify the entries in the table. The name is unique across various
SNMP users.
alaSaaMacResultsTestRunIndex—Identifies the row entry that reports results for a single test run. The value
of this object starts from 1 and can go upto a maximum of alaSaaCtrlMaxHistoryRows.
alaSaaCtrlLastRunResult—The result of the latest SAA test iteration: 1 - Undetermined, 2 - Success, 3 -
Failed, 4 - Aborted.
alaSaaCtrlLastRunTime—The date and time at which the last iteration of the SAA was run.
171
aaaHicServerChangeTrap aaaHSvrIpAd-
dress,
aaaHSvrCurrI-
pAddress
aaa This trap is sent when the active HIC
server is changed from.to primary.
aaaHSvrIpAddress—The HIC/Rem/WebDL server's IP address.
aaaHSvrCurrIpAddress—The current active HIC server's IP address.
No. Trap Name Objects Family Description
SNMP Traps Table SNMP Trap Information
B-28 OmniSwitch AOS Release 6 Switch Management Guide December 2017
172
aaaHicServerUpTrap
aaaHSvrIpAd-
dress,
aaaHSvrRole,
aaaHSvrName
aaa This trap is sent when at least one
of the HIC servers comes UP.
aaaHSvrIpAddress—The HIC/Rem/WebDL server's IP address.
aaaHSvrRole—The HIC Server’s role.
aaaHSvrName—The HIC Server’s name.
173
alaLldpTrustViolation
agentalreadyex-
istonport ,
agentalreadyex-
istonotherport,
chassisidsub-
typemissmatch
aip This trap is sent when there is an
LLDP Trust Violation, and gives
the reason for the violation.
agentalreadyexistonport (1)—There is already one trust agent exists on the port. Only one trust agent can be
allowed on a port.
agentalreadyexistonotherport (2)—The same agent is already present on another port. Any given remote agent
shall be part of only on port.
chassisidsubtypemissmatch (3)—The Chassis ID subtype does not match the configured subtype.
174
alaStackMgrIncompatibleModeTrap
chassis Not Supported
175
Reserved
176
alaDHLVlanMoveTrap
alaDHLSes-
sionID,
alaDHLPort-
From,
alaDHLPortTo,
alaDHLVlan-
MoveReason
vlan When linkA or linkB goes down
or comes up and both ports are
are part of some vlan-map, this
trap is sent to the Management
Entity, with the DHL port infor
-
mation.
alaDHLSessionID—The DHL Session ID for which alaDHLVlanMoveTrap needs to be sent to the Manage-
ment Entity.
alaDHLPortFrom—The the port, either linkA or linkB, from whichvlan-mapped vlans have joined to other
port due to linkUp or linkDown as specified by alaDHLVlanMoveReason.
alaDHLPortTo—The the port, either linkA or linkB, to which vlan-mapped vlans have joined from other port
due to linkUp or linkDown as specified by alaDHLVlanMoveReason
alaDHLVlanMoveReason—The reason for Vlan Movement from one port to another port.
177
esmPortViolation
ifIndex,
esmPortViola-
tionValue
interface This trap is sent when an inter-
face is shut down by a feature
due to violation.
No. Trap Name Objects Family Description
SNMP Trap Information SNMP Traps Table
OmniSwitch AOS Release 6 Switch Management Guide December 2017 B-29
ifIndex—The interface that was shut down due to the violation.
esmPortViolationValue—The reason the interface was shut down.
EniSecurityBlockPortNone(0) No App blocking this port
EniSecurityBlockPortENI(1) ENI App blocking this port
EniSecurityBlockPortSTP(2) STP App blocking this port
EniSecurityBlockPortLPSS(3) LPS Shutdown App blocking this port
EniSecurityBlockPortQoS(4) QoS App blocking this port
EniSecurityBlockPortUDLD(5 UDLD App blocking this port
EniSecurityBlockPortETHBLK(6) ETHBLK App blocking this port
EniSecurityBlockPortNISUP(7) NISUP App blocking this port
EniSecurityBlockPortLLDP(8) LLDP App blocking this port
EniSecurityBlockPortRFP(9 ) RFP App blocking this port
EniSecurityBlockPortLinkMon(10) LinkMon App blocking this port
EniSecurityBlockPortLFP(11) LFP App blocking this port
EniSecurityBlockPortLPSD(12) LPS Discard App blocking this port
178
Reserved
179
Reserved
180
alaTestOamTxDoneTrap
alaTestOamCon-
figTestId,
alaTestOamCon-
figSourceEnd-
point,
alaTestOamCon-
figTestIdStatus
bridge After a configured time interval,
this trap is sent to the NMS from
Generator switch when the test
duration expires.
alaTestOamConfigTestId—A unique name to identify the entries in the table.
alaTestOamConfigSourceEndpoint—The the local or transmitting switch. For bidirectional test, this also iden-
tifies the analyzer switch.
alaTestOamConfigTestIdStatus—The test status (not started, running, stopped, ended).
181
alaTestOamRxReadyTrap
alaTestOamCon-
figTestId,
alaTestOamCon-
figSourceEnd-
point,
alaTestOamCon-
figTestIdStatus
bridge This trap is sent to the NMS once
the switch with Analyzer or
Loopback Role is ready to
receive test traffic. Once this trap
is received, the Generator is acti
-
vated for generating test traffic.
alaTestOamConfigTestId—A unique name to identify the entries in the table.
alaTestOamConfigSourceEndpoint—The the local or transmitting switch. For bidirectional test, this also iden-
tifies the analyzer switch.
alaTestOamConfigTestIdStatus—The test status (not started, running, stopped, ended).
182
alaTestOamTestAbortTrap
alaTestOamCon-
figTestId
bridge This trap is sent to the NMS from
the switch, if the test is aborted
during takeover.
alaTestOamConfigTestId—A unique name to identify the entries in the table.
No. Trap Name Objects Family Description
SNMP Traps Table SNMP Trap Information
B-30 OmniSwitch AOS Release 6 Switch Management Guide December 2017
183
alaDhcpBindingDuplicateEntry
iphelperDh-
cpSnooping-
BindingMacA
ddress,
iphelperDh-
cpSnooping-
BindingVlan,
iphelperDh-
cpSnooping-
BindingIfInde
x,
This trap is sent to notify the user
of MAC Movement in DHCP-
Binding Table.
iphelperDhcpSnoopingBindingMacAddress—The MAC Address subindex identifying this instance.
iphelperDhcpSnoopingBindingVlan—The DHCP client VLAN.
iphelperDhcpSnoopingBindingIfIndex—The IfIndex subindex identifying this instance. It is the interface
from which the where the DHCP request is coming.
184
esmStormThresholdViolationStatus
Not Supported
185
Reserved
186
Reserved
187
Reserved
188
poePowerBudgetChange
Not Supported
189
alaDBChange
alaOldDb,
alaNewDb,
alaMod-
uleChange-
String
port This trap is sent when there is a
change in the expansion module
presence. Please note that if the
old module and new module,
defined by AlaDBType, are
same, then this trap will not
be sent.
alaOldDb—The daughter module that was present before inserting a new module.
alaNewDb—The daughter module that was inserted.
alaModuleChangeString—Specifies the string value describing: 1) Reboot is required to activate the
new module. 2) New module can be used without reboot. 3) No expansion module is present.
190
alaStackMgrIncompatibleLicenseTrap
alaStack-
MgrSlotNI-
Number,
alaStackMgrPri-
maryLicense
chassis This trap is sent when an inter-
face enters the pass through
mode because element license
information is not same as
primary element license
information.
alaStackMgrSlotNINumber—The number assigned for NI Stack.
alaStackMgrPrimaryLicense—The stack element license type.
191
Reserved
No. Trap Name Objects Family Description
SNMP Trap Information SNMP Traps Table
OmniSwitch AOS Release 6 Switch Management Guide December 2017 B-31
192
Reserved
193
Reserved
194
Reserved
195
Reserved
196
Reserved
197
Reserved
198 aluLicenseManagerLicenseExpired aluLicensedAp-
plication
aluLicenseTim-
eRemaining
license
manager
This trap is sent when the value
of aluLicenseTimeRemaining
becomes 0 (zero) for a demo
licensed application. This notifi
-
cation is applicable only for tem-
porary licenses. This trap can be
utilized by an NMS to inform
user about an application license
expiration.
aluLicensedApplication—String displaying the application for which this license is valid.
aluLicenseTimeRemaining—Number of days remaining to evaluate this demo license.
199
-
225
Reserved
No. Trap Name Objects Family Description
SNMP Traps Table SNMP Trap Information
B-32 OmniSwitch AOS Release 6 Switch Management Guide December 2017
226
configSaveSucceededTrap
configMgrTraps-
Group
configMgrTra-
pReasonGroup
configSaveSuc-
ceededTrap
configSaveSuc-
ceededTrapRea-
son
config
manager
This trap is sent from existing
Configuration Manager Task
when configuration is saved.
Existing socket between the
Configuration Manager and the
Trap Manager is used for sending
trap. SAM is informed of the
changes in switch configuration
with SNMP traps allowing.
Switches are polled when the
configuration is saved.
This is done by checking the
configuration file periodically
using CLI, SNMPor Webview.
The trap can also be raised using
"debug trap generate"
command, “write memory”,
"write memory flash-synchro",
and "copy running-config
working" commands
configSaveSucceededTrap—Generated when the saving of configuration finishes without errors.
configSaveSucceededTrapReason—Specifies the reason of trap for successful execution of write memory
command.
configMgrTrapsGroup—Collection of Traps for Configuration Manager.
configMgrTrapReasonGroup—Configurations saved successfully by write memory command.
227
-
229
Reserved
230
alaStackSplitProtectionTrap
alaStack-
MgrSlotNI-
Number
chassis This trap is sent when an element
of the stack enters into the Pro
-
tection state.
alaStackMgrSlotNINumber—The slot number of the stack that entered the Protection state.
231
alaStackSplitRecoveryTrap
alaStack-
MgrSlotNI-
Number
chassis This trap is sent when an element
of the stack recovers from the
Protection state.
alaStackMgrSlotNINumber—The slot number of the stack that entered the Protection state.
232 Reserved
233
systemSwlogSizeTrap
systemSwlo-
gName
system The size of the specified file has
exceeded 90 percent of precon
-
figured value.
systemSwlogName—SWLOG file name whose size exceeded preconfigured value.
234
alaTestOamStatsWriteDoneTrap
alaTestOam-
StatsWrite-
DoneStr
bridge This trap is sent when the maxi-
mum number of stats records
have been written to the testoam
stats file maintained in /flash.
alaTestOamStatsWriteDoneStr—The string mentioning that the maximum number of records have been writ-
ten on the flash.
235
Reserved
No. Trap Name Objects Family Description
SNMP Trap Information SNMP Traps Table
OmniSwitch AOS Release 6 Switch Management Guide December 2017 B-33
236
aaaRadiusServerUpTrap
aaasIpAddress,
aaasIpAddress2
aaa AAA RADIUS server Up trap is
sent when the server is reachable.
aaasIpAddress—IP address of the server host.
aaasIpAddress2—IP address of the backup server host.
237
aaaRadiusServerDownTrap
aaasIpAddress,
aaasIpAddress2
aaa AAA RADIUS server Up trap is
sent when the server is unreach
-
able.
aaasIpAddress—IP address of the server host.
aaasIpAddress2—IP address of the backup server host.
238
alaNtpActiveServerChangeTrap
alaNtpSyn-
cPeerIpAd-
dress
ntp Notify the management entity
when the NTP active server
changes.
alaNtpSyncPeerIpAddress—IP address of the currently synchronised NTP server.
239
alaNtpAllPeerUnreachableTrap
alaNtpAllServer-
Down
ntp Notify the management entity
that all the configured NTP serv
-
ers are unreachable.
alaNtpAllServerDown—All configured NTP servers are unreachable.
240
alaDhcpBindingTcamFail
alaDhcpTcam-
FailMsg
ip-helper Trap to notify DHCP Binding
Failure due to TCAM resource
failure.
alaDhcpTcamFailMsg — This object specifies binding fail due to TCAM Resource.
241
alaDhcpIsfDrop
alaDhcpIsfDrop-
IntervalStart-
TimeStamp
alaDhcpIsfDrop-
IntervalStop-
TimeStamp
alaDhcpIsfDrop-
Count
ip-helper Trap message to notify ISF drop.
alaDhcpIsfDropIntervalStartTimeStamp—This object specifies the start time of this ISF drop monitoring
interval.
alaDhcpIsfDropIntervalStopTimeStamp—This object specifies the end time of this ISF drop monitoring
interval. This is the time at which the trap message will be initiated.
alaDhcpIsfDropCount—This object specifies the number of ISF drop in the time period specified by alaDh-
cpIsfDropIntervalStartTimeStamp and alaDhcpIsfDropIntervalStopTimeStamp.
No. Trap Name Objects Family Description
SNMP Traps Table SNMP Trap Information
B-34 OmniSwitch AOS Release 6 Switch Management Guide December 2017
OmniSwitch AOS Release 6 Switch Management Guide December 2017 Index-1
Index
Symbols
!! command 6-12
Numerics
802.1AB
verify information about 3-31
A
aaa authentication command 10-7, 10-8, 10-10, 11-5
aaa radius-server command 10-7
accounting
for Authenticated Switch Access 10-12
ACE/Servers 10-4
application example
Ethernet OAM 12-3
application examples
applying configuration files 7-4
Authenticated Switch Access 10-7
CLI 6-9, 6-25
CMM 5-5
configuration file 7-2
customer login user accounts 9-8
Emergency Restore 5-32
file management 1-31
logging into the switch 2-5
network administrator user accounts 9-7
NTP 4-3
Prefix Recognition 6-14
Server Load Balancing 3-30
SNMP 3-4
Trap Filters 3-5
WebView 11-5
applying configuration files
application examples 7-4
ASA
see Authenticated Switch Access
ASA Configuration
verify information about 10-13, 10-19
Authenticated Switch Access 10-4
accounting 10-12
application examples 10-7
management interfaces 10-9
authentication
MD5 3-11
SHA 3-11
traps 3-15
Automatic Remote Configuration 8-5
Bootup Configuration File 8-12
Debug Configuration File 8-12
Firmware upgrade Files 8-12
Instruction File 8-12
Script File 8-12
Troubleshooting 8-23
Automatic Remote Configuration network components 8-6
TFTP File Server 8-6
B
banner
login 2-22
pre-login text 2-23
boot.cfg file 5-3, 5-16
Emergency Restore 5-34
C
cd command 1-9
certified directory 5-3
copying to working directory 5-22, 5-27
Chassis Management Module
see CMM
chmod command 1-16
CLI 6-1
application examples 6-9, 6-25
domains and families 9-21
logging commands 6-17–6-18
specifications 6-2
CLI usage
verify information about 6-27
CMM 5-1
application examples 5-5
boot.cfg file 5-3
cancelling a reboot 5-14, 5-20, 5-25
certified directory 5-3
checking reboot status 5-15
configuration files 5-3
copying
certified directory to working directory 5-22, 5-27
running configuration to working directory 5-16
working directory to certified directory 5-21, 5-26
displaying current configuration 5-23, 5-30
displaying switch files 5-24
image files 5-3
managing 5-13
rebooting 5-13, 5-25
rebooting from the working directory 5-18, 5-26
running configuration 5-3, 5-4
scheduling a reboot 5-14, 5-25
specifications 5-2
swapping primary for secondary 5-29
synchronizing primary and secondary 5-26, 5-27
working directory 5-3
CMM Conditions
verify information about 5-36
CMM scenarios 5-5
lost running configuration 5-5
rollback to previous software 5-8
running configuration saved to working directory 5-6
working directory saved to certified directory 5-7
Index
Index-2 OmniSwitch AOS Release 6 Switch Management Guide December 2017
Command Line Interface
see CLI
commands
domains and families 10-17
community strings 3-10
configuration apply command 7-2, 7-4
for a specific timeperiod 7-5
configuration cancel command 7-7
configuration error-file limit command 7-8
configuration file
application examples 7-2
specifications 7-2
configuration files 5-3, 6-3
errors 7-7
configuration snapshot all command 7-12
configuration syntax check 7-8
console port 2-6
copy certified working command 5-22
copy flash-synchro command 5-28
copy running-config working command 5-17
copy working certified flash-synchro command 5-26
cp command 5-34
customer login user accounts
application examples 9-8
D
date 1-41, 7-4
Daylight Savings Time
see DST
defaults
login 2-3
NTP 4-2
SNMP 3-3
startup 9-6
switch security 10-2
user accounts 9-2
WebView 11-2
delete command 1-16
DES encryption 3-11
dir command 1-10
directories
certified 1-28, 5-3
flash 1-8
managing 5-13
network 1-28
working 1-28, 5-3
Directory Contents
verify information about 1-37
DNS resolver 2-25
Domain Name Server
see DNS resolver
DSA key
Secure Shell 10-11
DST 1-43
E
editor
vi 7-9
Emergency Restore
application examples 5-32
encryption
DES 3-11
end-user profile command 9-8, 9-26
end-user profile port-list command 9-26
end-user profile vlan-range command 9-26
errors 7-7
Ethernet OAM
application example 12-3
exit command 1-25, 2-20
F
File Configuration
verify information about 7-14
file management
application examples 1-31
specifications 1-2
files
attributes 1-16
boot.cfg 5-3
configuration 5-3
image 5-3
names 7-11
permissions 1-16
snapshots 7-10
text 7-9
filters 6-21
traps 3-5
freespace command 1-18
fsck command 1-18
FTP 2-10
FTP client 1-22, 2-10
ftp command 1-22, 1-23, 2-10, 2-11
FTP server 1-21
ftp6 command 1-23
H
help 6-7
HTTP
web browser 2-7
http port command 11-3
http server command 11-3
http ssl command 11-4
https
LicenseGeneration 1-38
https port command 11-4
I
image files 5-3
ip domain-lookup command 2-25
ip domain-name command 2-25
ip name-server command 2-25
K
keywords 6-6
Index
Index-3 OmniSwitch AOS Release 6 Switch Management Guide December 2017
L
LDAP accounting servers
Authenticated Switch Access 10-12
LDAP servers
for switch security 10-4
logging into the switch
application examples 2-5
login
defaults 2-3
specifications 2-3
login banner 2-22
login settings
verify information about 2-26
ls command 1-6, 1-10, 6-12
ls-r command 1-13
M
Management Information Bases
see MIBs
MD5
authentication 3-11
memory 1-18
MIBs
enterprise 3-22
industry standard 3-18
mkdir command 1-11
more command 6-20, 7-9
mv command 1-32
N
network administrator user accounts
application examples 9-7
Network Management Station
see NMS
Network Time Protocol
see NTP
NI modules
behavior during takeover 5-31
NMS 3-8
NTP 4-1
application examples 4-3
configuring 4-9
client 4-9
defaults 4-2
overview 4-5
specifications 4-2
stratum 4-6
using in a network 4-6
ntp broadcast command 4-9
ntp broadcast-delay command 4-9
NTP client
broadcast delay 4-9
broadcast mode 4-9
ntp client command 4-3, 4-9
NTP Configuration
verify information about 4-13
ntp key command 4-12
ntp key load command 4-12
NTP server
designating 4-10
minimum poll time 4-10
preferred server 4-11
Synchronization Tests 4-10
version number 4-11
ntp server command 4-3, 4-10
P
partition management 3-14
password command 9-13
passwords
expiration 9-16
global settings 9-10
minimum length 9-15
user-configured 9-13
pre_banner.txt file 2-23
Prefix Recognition 6-13
application examples 6-14
prefixes 6-13
primary CMM
swapping with the secondary 5-29
synchronizing with secondary 5-27
prompt 6-15, 6-19
prompt prefix command 6-15
pwd command 1-8
R
RADIUS accounting servers
Authenticated Switch Access 10-12
RADIUS servers
for switch security 10-4
RAM 5-3
rcp command 1-17
reboot
cancelling 5-14, 5-20, 5-25
checking status 5-15
primary 5-13, 5-25
scheduling 5-14, 5-25
secondary 5-25
working directory 5-18, 5-26
reload cancel command 5-14, 5-20
reload command 5-14, 5-25
reload secondary command 5-25
reload working command 5-18
rls command 1-17
rmdir command 1-13
rrm command 1-17
running configuration 5-3, 5-4
copying to working directory 5-16
rz command 1-27
S
screen
display 6-19
prompt 6-15, 6-19
Index
Index-4 OmniSwitch AOS Release 6 Switch Management Guide December 2017
secondary CMM
managing files 1-17
swapping with the primary 5-29
synchronizing with primary 5-27
Secure Shell 2-6, 2-12, 10-9
algorithms 2-15
DSA key 10-11
key exchange 2-15
managing the switch 10-11
Secure Socket Layer
WebView 11-4
security
SNMP 3-10
Server Load Balancing
application examples 3-30
session banner command 2-22
session login-attempt command 2-24
session login-timeout command 2-24
session prompt command 6-19
session timeout command 2-24
sftp command 1-24, 2-20
sftp6 command 1-24, 1-35
SHA
authentication 3-11
show command-log command 6-18
show command-log status command 6-18
show configuration status command 7-3, 7-7
show history command 6-15
show ip helper command 7-3
show microcode command 5-24, 6-12
show ntp client command 4-4
show ntp client server-list command 4-3
show ntp server status command 4-3
show prefix command 6-14
show reload command 5-15
show running-directory command 5-23, 5-30
show snmp community map command 3-10
show snmp mib family command 3-17, 6-25
show snmp station command 3-4
show snmp trap replay command 3-15
show user command 3-5, 3-11, 9-7
snapshots 7-10, 7-14
SNMP
access for user accounts 9-24
agent 3-7
application examples 3-4
browser 2-7
defaults 3-3
management station 3-8
manager 3-7
security 3-10, 3-13
specifications 3-2
traps table B-2
versions 3-8
snmp community map mode command 9-23
SNMP configuration
verify information about 3-26
snmp security command 3-13, 9-23
snmp trap filter command 3-6
software rollback
configuration scenarios 5-5
specifications
CLI 6-2
CMM 5-2
configuration file 7-2
file management 1-2
login 2-3
NTP 4-2
SNMP 3-2
switch security 10-2
user database 3-27, 9-2
ssh command 2-18, 2-20
SSL
HTTPS port 11-4
see Secure Socket Layer
startup
defaults 9-6
switch
rebooting 5-13, 5-25
switch security
defaults 10-2
specifications 10-2
syntax 6-4
syntax checking 6-13
System Clock 1-41
system date command 1-41
system time command 1-42
system timezone command 1-41
T
tables
displays 6-20
filters 6-25
takeover command 5-29
Telnet 2-6, 2-8
telnet command 2-8
time 1-42, 7-4
time zone 1-41
timed sessions 7-4
cancelling 7-7
future timed session 7-5
Trap Filters
application examples 3-5
Traps 3-14
traps
authentication 3-15
families 3-14
filters 3-14
management 3-15
tty command 6-19
U
user accounts
defaults 9-2
for switch access 9-4
saving settings 9-11
SNMP access 9-24
Index
Index-5 OmniSwitch AOS Release 6 Switch Management Guide December 2017
user command 3-5, 9-8, 9-16, 9-27, 10-7
creating a user 9-12
user configuration
verify information about 9-27
user database
specifications 3-27, 9-2
switch management 10-5
user password-expiration command 9-16
user password-size min command 9-15
users
see user accounts
UTC 4-1
V
verbose mode 7-9
vi command 1-14
W
WebView 11-1, 12-1
accessing WebView 11-8
adjacencies 11-23
application examples 11-5
browser setup 11-2
CLI commands 11-3
configuring the switch 11-8
defaults 11-2
disabling 11-3
enabling 11-3
HTTP port 11-3
on-line help 11-28
Secure Socket Layer 11-4
Webview
Configuring the Switch 11-8
who command 2-19, 6-22
whoami command 6-23
wildcards 6-25
working directory 5-3
copying to certified directory 5-21, 5-26
write memory command 5-17
Z
Zmodem 1-26
Index
Index-6 OmniSwitch AOS Release 6 Switch Management Guide December 2017
