Nortel Ethernet Routing Switch 8600
Commissioning
Release: 5.0
Document Revision: 01.01
www.nortel.com
NN46205-319 |
323883-A Rev 01 |
Nortel Ethernet Routing Switch 8600
Release: 5.0
Publication: NN46205-319
Document status: Standard
Document release date: 30 May 2008
Copyright © 2008 Nortel Networks
All Rights Reserved.
Printed in Canada and the United States of America
LEGAL NOTICE
While the information in this document is believed to be accurate and reliable, except as otherwise expressly agreed to in writing NORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS OR IMPLIED. The information and/or products described in this document are subject to change without notice.
Nortel, the Nortel logo, and the Globemark are trademarks of Nortel Networks.
All other trademarks are the property of their respective owners.
3
.
Contents
Software license |
7 |
|
|
|
|
New in this release |
11 |
|
Features |
11 |
|
NNCLI |
11 |
|
Other changes 11 |
|
|
Document changes 11 |
|
Introduction |
|
|
13 |
|
|
|
|||
Commissioning fundamentals |
15 |
|||
System connections 15 |
|
|||
Terminal connection |
16 |
|
||
Modem connection |
16 |
|
||
System logon |
19 |
|
|
|
hsecure mode |
20 |
|
|
|
Setup utility |
21 |
|
|
|
Secure and nonsecure protocols 25 |
|
|||
Password encryption |
26 |
|
||
Management port |
26 |
|
|
|
Static IP entry for the OOB network management interface |
27 |
|||
Web management |
29 |
|
|
|
Device Manager |
29 |
|
|
|
Commissioning |
|
|
|
31 |
|
Commissioning tasks |
31 |
|
|
|
|
|
|
|||
|
Initial steps using Device Manager |
33 |
|||
|
Initial commissioning procedures |
33 |
|
||
|
Editing system information 34 |
|
|
|
|
|
Configuring the date and time |
37 |
|
|
|
|
Changing passwords |
38 |
|
|
|
|
|
|
|
||
|
Initial steps using the CLI |
|
41 |
||
|
Initial commissioning procedures |
41 |
|
||
|
Job aid: Roadmap of initial CLI commands |
43 |
|||
|
Connecting a terminal |
45 |
|
|
|
|
|
||||
|
Nortel Ethernet Routing Switch 8600 |
||||
|
|
Commissioning |
|
||
|
NN46205-319 |
01.01 Standard |
30 May 2008
Copyright © 2008 Nortel Networks
4
Connecting a modem |
46 |
|
|
Procedure job aid: PPP file 49 |
|
||
Configuring the switch with the setup utility |
54 |
||
Procedure job aid: setup utility prompts |
54 |
||
Configuring system identification |
60 |
|
|
Configuring the time zone 62 |
|
|
|
Configuring the date |
63 |
|
|
Specifying the primary SF/CPU |
64 |
|
|
Changing passwords |
64 |
|
|
Resetting passwords |
68 |
|
|
Initial steps using the NNCLI |
|
69 |
||
Initial commissioning procedures |
69 |
|
|
|
Job aid: Roadmap of initial NNCLI commands |
71 |
|||
Connecting a terminal |
73 |
|
|
|
Connecting a modem |
74 |
|
|
|
Procedure job aid: PPP file 77 |
|
|
||
Configuring the switch with the setup utility |
81 |
|
||
Procedure job aid: setup utility prompts |
82 |
|
||
Configuring system identification |
87 |
|
|
|
Example of configuring system identification |
89 |
|||
Configuring the time zone 89 |
|
|
|
|
Configuring the date |
91 |
|
|
|
Specifying the primary SF/CPU |
91 |
|
|
|
Changing passwords |
92 |
|
|
|
Remote connection configuration using Device Manager |
95 |
Remote connection configuration procedures 95 |
|
Assigning an IP address to the management port 97 |
|
Assigning static routes to the management interface 97 |
|
Configuring SNMP settings for Device Manager access 99 |
|
Enabling the Web management interface 101 |
|
Remote connection configuration using the CLI |
103 |
|
Remote connection configuration procedures 103 |
|
|
Job aid: Roadmap of remote connection CLI commands 105 |
|
|
Assigning an IP address to the management port 106 |
|
|
Assigning static routes to the management interface 107 |
|
|
Example of assigning a static route to the management interface |
108 |
|
Enabling remote access services |
108 |
|
Enabling the Web management interface 109 |
|
|
Configuring the remote host logon |
110 |
|
|
|
|
Remote connection configuration using the NNCLI |
113 |
Remote connection configuration procedures 113
Job aid: Roadmap of remote connection NNCLI commands 115
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
5
Assigning an IP address to the management port 116 |
|
Assigning static routes to the management interface 117 |
|
Example of assigning a static route to the management interface 118 |
|
Enabling remote access services |
118 |
Enabling the Web management interface 119 |
|
Configuring the remote host logon |
120 |
Commissioning verification |
123 |
Pinging an IP device 123 |
|
Using Telnet to log on to the device 124 |
|
Accessing the switch through the Web interface 124 |
|
|
|
Common procedures using Device Manager |
127 |
Saving the configuration 127 |
|
|
|
Common procedures using the CLI |
129 |
Saving the configuration 129 |
|
|
|
Common procedures using the NNCLI |
131 |
Saving the configuration 131 |
|
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
6
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
7
.
Software license
This section contains the Nortel Networks software license.
Nortel Networks Inc. software license agreement
This Software License Agreement ("License Agreement") is between you, the end-user ("Customer") and Nortel Networks Corporation and its subsidiaries and affiliates ("Nortel Networks"). PLEASE READ THE FOLLOWING CAREFULLY. YOU MUST ACCEPT THESE LICENSE TERMS IN ORDER TO DOWNLOAD AND/OR USE THE SOFTWARE. USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OF THIS LICENSE AGREEMENT. If you do not accept these terms and conditions, return the Software, unused and in the original shipping container, within 30 days of purchase to obtain a credit for the full purchase price.
"Software" is owned or licensed by Nortel Networks, its parent or one of its subsidiaries or affiliates, and is copyrighted and licensed, not sold. Software consists of machine-readable instructions, its components, data, audio-visual content (such as images, text, recordings or pictures) and related licensed materials including all whole or partial copies. Nortel Networks grants you a license to use the Software only in the country where you acquired the Software. You obtain no rights other than those granted to you under this License Agreement. You are responsible for the selection of the Software and for the installation of, use of, and results obtained from the Software.
1. Licensed Use of Software. Nortel Networks grants Customer a nonexclusive license to use a copy of the Software on only one machine at any one time or to the extent of the activation or authorized usage level, whichever is applicable. To the extent Software is furnished for use with designated hardware or Customer furnished equipment ("CFE"), Customer is granted a nonexclusive license to use Software only on such hardware or CFE, as applicable. Software contains trade secrets and Customer agrees to treat Software as confidential information using the same care and discretion Customer uses with its own similar information that it does not wish to disclose, publish or disseminate. Customer will ensure that anyone who uses the Software does so only in compliance with the terms
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
8 Software license
of this Agreement. Customer shall not a) use, copy, modify, transfer or distribute the Software except as expressly authorized; b) reverse
assemble, reverse compile, reverse engineer or otherwise translate the Software; c) create derivative works or modifications unless expressly authorized; or d) sublicense, rent or lease the Software. Licensors of intellectual property to Nortel Networks are beneficiaries of this provision. Upon termination or breach of the license by Customer or in the event designated hardware or CFE is no longer in use, Customer will promptly return the Software to Nortel Networks or certify its destruction. Nortel Networks may audit by remote polling or other reasonable means to determine Customer’s Software activation or usage levels. If suppliers of third party software included in Software require Nortel Networks to include additional or different terms, Customer agrees to abide by such terms provided by Nortel Networks with respect to such third party software.
2.Warranty. Except as may be otherwise expressly agreed to in writing between Nortel Networks and Customer, Software is provided "AS IS" without any warranties (conditions) of any kind. NORTEL NETWORKS DISCLAIMS ALL WARRANTIES (CONDITIONS) FOR THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT
LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT. Nortel Networks is not obligated to provide support of any kind for the Software. Some jurisdictions do not allow exclusion
of implied warranties, and, in such event, the above exclusions may not apply.
3.Limitation of Remedies. IN NO EVENT SHALL NORTEL NETWORKS OR ITS AGENTS OR SUPPLIERS BE LIABLE FOR ANY OF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTY CLAIM; b) LOSS OF, OR DAMAGE TO, CUSTOMER’S RECORDS, FILES OR DATA; OR c) DIRECT, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS), WHETHER IN CONTRACT, TORT OR OTHERWISE (INCLUDING NEGLIGENCE) ARISING OUT OF
YOUR USE OF THE SOFTWARE, EVEN IF NORTEL NETWORKS, ITS AGENTS OR SUPPLIERS HAVE BEEN ADVISED OF THEIR POSSIBILITY. The forgoing limitations of remedies also apply to any
developer and/or supplier of the Software. Such developer and/or supplier is an intended beneficiary of this Section. Some jurisdictions do not allow these limitations or exclusions and, in such event, they may not apply.
4.General
1.If Customer is the United States Government, the following paragraph shall apply: All Nortel Networks Software available under this License Agreement is commercial computer software and commercial computer
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
Nortel Networks Inc. software license agreement 9
software documentation and, in the event Software is licensed for or on behalf of the United States Government, the respective rights to the software and software documentation are governed by Nortel
Networks standard commercial license in accordance with U.S. Federal Regulations at 48 C.F.R. Sections 12.212 (for non-DoD entities) and 48 C.F.R. 227.7202 (for DoD entities).
2.Customer may terminate the license at any time. Nortel Networks may terminate the license if Customer fails to comply with the terms and conditions of this license. In either event, upon termination, Customer must either return the Software to Nortel Networks or certify its destruction.
3.Customer is responsible for payment of any taxes, including personal property taxes, resulting from Customer’s use of the Software. Customer agrees to comply with all applicable laws including all applicable export and import laws and regulations.
4.Neither party may bring an action, regardless of form, more than two years after the cause of the action arose.
5.The terms and conditions of this License Agreement form the complete and exclusive agreement between Customer and Nortel Networks.
6.This License Agreement is governed by the laws of the country in which Customer acquires the Software. If the Software is acquired in the United States, then this License Agreement is governed by the laws of the state of New York.
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
10 Software license
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
11
.
New in this release
The following sections detail what’s new in Nortel Routing Switch 8600 Commissioning, NN46205-319 for Release 5.0:
•“Features” (page 11)
•“Other changes” (page 11)
Features
See the following sections for information about feature changes.
•“NNCLI” (page 11)
NNCLI
In Release 5.0, you can use the new Nortel Command Line Interface (NNCLI) to configure the switch. For more information about the NNCLI, see the following sections:
•“Initial steps using the NNCLI” (page 69)
•“Remote connection configuration using the NNCLI” (page 113)
•“Common procedures using the NNCLI” (page 131)
Other changes
See the following sections for information about changes that are not feature-related.
•“Document changes” (page 11)
Document changes
Much of the content in this document is previously released as Getting Started, 313189-F. All document titles in the Nortel Ethernet Routing Switch 8600 suite are changed. For more information, see Nortel Ethernet Routing Switch 8600 Documentation Roadmap, NN46205-103.
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
12 New in this release
This document is restructured to align with Nortel Customer Documentation Standards (NCDS).
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
13
.
Introduction
This guide provides procedures to commission the Nortel Ethernet Routing Switch 8600.
Navigation
•“Commissioning fundamentals” (page 15)
•“Commissioning” (page 31)
•“Initial steps using Device Manager” (page 33)
•“Initial steps using the CLI” (page 41)
•“Initial steps using the NNCLI” (page 69)
•“Remote connection configuration using Device Manager” (page 95)
•“Remote connection configuration using the CLI” (page 103)
•“Remote connection configuration using the NNCLI” (page 113)
•“Commissioning verification” (page 123)
•“Common procedures using Device Manager” (page 127)
•“Common procedures using the CLI” (page 129)
•“Common procedures using the NNCLI” (page 131)
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
14 Introduction
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
15
.
Commissioning fundamentals
Commissioning follows hardware installation. Commissioning includes the minimal, but essential, configuration steps to provide a default, starting point configuration, set up a management interface, and establish basic security on the node. For more information about configuring security, see
Nortel Ethernet Routing Switch 8600 Security, NN46205-601.
Navigation
•“System connections” (page 15)
•“System logon” (page 19)
•“Setup utility” (page 21)
•“Secure and nonsecure protocols” (page 25)
•“Password encryption” (page 26)
•“Management port” (page 26)
•“Web management” (page 29)
•“Device Manager” (page 29)
System connections
Connect to the Switch Fabric/Central Processor Unit (SF/CPU) serial ports using one of the following connections:
•“Terminal connection” (page 16)
•“Modem connection” (page 16)
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
16 Commissioning fundamentals
Terminal connection
Connect the serial console interface (an RS-232 port) to a PC or terminal to monitor and configure the switch. The port uses a DB-9 connector that operates as data terminal equipment (DTE) or data communication equipment (DCE). The default communication protocol settings for the console port are:
•9600 baud
•8 data bits
•1 stop bit
•No parity
To use the console port, you need the following equipment:
•A terminal or teletypewriter (TTY)-compatible terminal, or a portable computer with a serial port and terminal-emulation software
•An Underwriters Laboratories (UL)-listed straight-through or null modem RS-232 cable with a female DB-9 connector for the console port on the switch. The other end of the cable must use a connector appropriate to the serial port on your computer or terminal. Most computers or terminals use a male DB-25 connector. You can find a null modem cable with the chassis.
You must shield the cable connected to the console port to comply with emissions regulations and requirements.
Modem connection
You can access the switch through a modem connection to the Nortel Ethernet Routing Switch 8600, 8691SF/CPU, or 8692SF/CPU modules. Nortel recommends that you use the default settings for the modem port for most modem installations.
To set up modem access, you must use a DTE-to-DCE cable (straight or transmit cable) to connect the Nortel Ethernet Routing Switch 8600 to the modem. The following table shows the DTE-to-DCE pin assignments.
Table 1
DTE-to-DCE straight-through pin assignments
|
Switch |
|
Modem |
|
Signal |
|
|
|
|
Pin |
|
DCE DB-9 |
DCE DB-25 |
|
|
number |
|
pin number |
pin number |
|
|
|
|
|
Received data |
2 |
|
2 |
3 |
(RXD) |
|
|
|
|
|
|
|
|
|
Transmitted data |
3 |
|
3 |
2 |
(TXD) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Nortel Ethernet Routing Switch 8600 |
|
|
|
|
|
Commissioning |
|
|
|
NN46205-319 01.01 Standard |
|
|
|
|
|
30 May 2008 |
|
Copyright © 2008 Nortel Networks
|
|
|
System connections 17 |
|
|
|
|
Table 1 |
|
|
|
DTE-to-DCE straight-through pin assignments (cont’d.) |
|
||
|
|
|
|
|
Switch |
Modem |
|
Signal |
|
|
|
Pin |
DCE DB-9 |
DCE DB-25 |
|
|
number |
pin number |
pin number |
|
|
|
|
Data terminal |
4 |
4 |
20 |
ready (DTR) |
|
|
|
|
|
|
|
Ground (GND) |
5 |
5 |
7 |
|
|
|
|
Data set ready |
6 |
6 |
6 |
(DSR) |
|
|
|
|
|
|
|
Request to send |
7 |
7 |
4 |
(RTS) |
|
|
|
|
|
|
|
Clear to send |
8 |
8 |
5 |
(CTS) |
|
|
|
|
|
|
|
The default communication protocol settings for the modem port are:
•9600 baud
•8 data bits
•1 stop bit
•No parity
Because the modem port receives DSR and CTS signals before transmitting, control lines are required in the cables. The modem port supports no inbound flow control. The port does not turn on and turn off control lines to indicate the input buffer is full.
To connect a modem to a Nortel Ethernet Routing Switch 8600, you can configure the modem port first using another type of connection to the command line interface (CLI) or Nortel Command Line Interface (NNCLI).
PPP modem connection
You can establish a PPP (Point-to-Point Protocol) link over serial asynchronous lines. PC clients use this link to connect remotely to a switch through a standard dial-up modem and the modem DTE port on the primary switch SF/CPU. You must configure the connection on both the remote client PC and the switch. The following figure shows a standard PPP connection to the Nortel Ethernet Routing Switch 8600.
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
18 Commissioning fundamentals
Figure 1
PPP configuration topology
When you configure the modem port on the switch to use PPP, you must also specify a PPP file. The PPP file is a text document which includes all additional PPP configuration parameters to include when the switch reboots. Enter one configuration parameter on each line with any required values.
You can configure the connection to use the Challenge-Handshake Authentication Protocol (CHAP) or the Password Authentication Protocol (PAP). Both protocols require a secrets file. The secrets file is a text document which includes the list of all users authorized to use the modem port. You must list one user on each line and include specific parameters. The format for each user is client server password IP address. The following list explains each option.
•client: the name of the user. This value is the logon name of the authorized user. This value should be the name or ID of the user, similar to a Windows or UNIX logon.
•server: the name of the remote device, which is often the dial-in server. Use an asterisk (*) to indicate any server name is acceptable.
•password: the password for the user.
•IP address: the IP address associated with the user.
The value for the IP address depends on the desired configuration of the modem. If all users must use the same IP address, you must specify the same IP address for all users in the file and it must be the same IP address that you configure as the peer-ip for the modem port. Configure the IP settings on the client to obtain an IP address automatically.
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
System logon 19
If each user must use a different IP address, list each user with a different IP address in the file. Configure the client IP settings to use a static IP address that matches what you configure in the secrets file.
An example secrets file looks like the following:
long * long 47.133.223.200 william * william 47.133.223.200
System logon
After the switch boot sequence is complete, a Login prompt appears. The following table shows the default values for logon and password for the console and Telnet sessions.
Table 2
Access levels and default logon values
Access level |
Description |
Default |
Default |
|
logon |
password |
|||
|
|
|||
|
|
|
|
|
Read-only |
Permits view-only configuration and |
ro |
ro |
|
|
status information. Is equivalent |
|
|
|
|
to Simple Network Management |
|
|
|
|
Protocol (SNMP) read-only |
|
|
|
|
community access. |
|
|
|
|
|
|
|
|
Layer 1 read/write |
View most switch configuration |
l1 |
l1 |
|
|
and status information and change |
|
|
|
|
physical port settings. |
|
|
|
|
|
|
|
|
Layer 2 read/write |
View and change configuration |
l2 |
l2 |
|
|
and status information for Layer 2 |
|
|
|
|
(bridging and switching) functions. |
|
|
|
|
|
|
|
|
Layer 3 read/write |
View and change configuration and |
l3 |
l3 |
|
(8600 switches only) |
status information for Layer 2 and |
|
|
|
|
Layer 3 (routing) functions. |
|
|
|
|
|
|
|
|
Read/write |
View and change configuration and |
rw |
rw |
|
|
status information across the switch. |
|
|
|
|
You cannot change security and |
|
|
|
|
password settings. This access level |
|
|
|
|
is equivalent to SNMP read/write |
|
|
|
|
community access. |
|
|
|
|
|
|
|
|
Read/write/all |
Permits all the rights of Read/Write |
rwa |
rwa |
|
|
access and the ability to change |
|
|
|
|
security settings, including the CLI |
|
|
|
|
and Web-based management user |
|
|
|
|
names and passwords and the SNMP |
|
|
|
|
community strings. |
|
|
|
|
|
|
|
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
20 Commissioning fundamentals
hsecure mode
The Nortel Ethernet Routing Switch 8600 supports a flag called high secure (hsecure). hsecure introduces the following behaviors for the password: 10-character enforcement, aging time, limitation of failed logon attempts, and a protection mechanism to filter certain IP addresses.
After you enable the hsecure flag, the software enforces the 10-character rule for all passwords. After you upgrade from a previous release, if the password does not contain at least 10 characters, you must change your password to the mandatory character length. This password must contain a minimum of two uppercase characters, two lowercase characters, two numbers, and two special characters.
Default passwords and community strings
If the switch boots in hsecure mode as a default factory setting, and you have not configured a password, the default passwords are changed to respect this rule. The following table describes the default passwords.
Table 3
Default setting passwords
User ID |
Default password |
|
|
rwa |
rwarwarrwar |
|
|
rw |
rwrwrwrwrw |
|
|
ro |
rororororo |
|
|
l3 |
l3l3l3l3l3 |
|
|
l2 |
l2l2l2l2l2 |
|
|
l1 |
l1l1l1l1l1 |
|
|
l4admin |
l4adminl4a |
|
|
slbadmin |
slbadminsl |
|
|
oper |
operoperop |
|
|
l4oper |
l4operl4op |
|
|
slboper |
slboperslb |
|
|
ssladmin |
ssladminss |
|
|
The following table describes the default community strings.
Table 4
Default community strings
|
User ID |
|
New community string |
|
|
|
|
|
ro |
|
publiconly |
|
|
|
|
|
l1 |
|
privateonly |
|
|
|
|
|
l2 |
|
privateonly |
|
|
|
|
|
|
|
|
|
|
Nortel Ethernet Routing Switch 8600 |
|
|
|
Commissioning |
|
|
|
NN46205-319 01.01 Standard |
|
|
|
30 May 2008 |
Copyright © 2008 Nortel Networks
|
|
Setup utility 21 |
|
|
|
Table 4 |
|
|
Default community strings (cont’d.) |
|
|
|
|
|
|
User ID |
New community string |
|
|
|
|
l3 |
privateonly |
|
|
|
|
rw |
privateonly |
|
|
|
|
rwa |
secretonly |
|
|
|
Aging enforcement
When you enable the hsecure flag, you can configure a duration after which you must change your password. You configure the duration by using the aging parameter.
For SNMP and FTP, after a password expires, access is denied. Before you access the system, you must change a community string to a new string consisting of more than eight characters.
Consider the following after you enable the hsecure flag:
•You cannot enable the Web server.
•You cannot enable the SSH password authentication.
Filtering mechanism
Beginning with Release 4.1, incorrect IP source addresses as network or broadcast addresses are filtered at the virtual router interface. For example, V1 has the network address 192.168.168.0/24.
This change is valid for all IP subnets, not only for /24 as mentioned in the example. Source addresses 192.168.168.0 and 192.168.168.255 are discarded.
You can filter addresses only if you enable the hsecure mode.
Setup utility
To optimize the function of the Nortel Ethernet Routing Switch 8600, you can obtain a list of hardware modules. Because the latest modules provide advanced features, they work in certain operation modes that previous modules do not support. The setup utility monitors system requirements and obtains the highest system performance.
Use the setup utility to configure your switch by responding to a series of on-screen questions. The setup utility saves the information in the boot and run-time configuration files. The saved information and files ensure
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
22 Commissioning fundamentals
the switch reboots in the desired operating mode. The setup utility also provides error and warning messages to advise you of the ramifications of certain hardware and software configurations.
For information about the supported operating modes, see Nortel Ethernet Routing Switch 8600 Administration, NN46205-605.
The setup utility prompts you through the configuration process by asking a series of questions. Answer each question or accept the default by pressing Enter. Each question shows the default in brackets ([ ]) and the acceptable parameter options in parenthesis.
After you run the setup utility, reboot the switch.
The following figures show sample output from the setup utility. This example uses the default values.
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
Setup utility 23
Figure 2
Setup utility example one
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
24 Commissioning fundamentals
Figure 3
Setup utility example two
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
Secure and nonsecure protocols 25
Figure 4
Setup utility example three
Secure and nonsecure protocols
The following table describes the secure and nonsecure protocols the Nortel Ethernet Routing Switch 8600 supports.
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
26 Commissioning fundamentals
Table 5
Secure and nonsecure protocols for IPv4
Nonsecure protocols |
Default |
Equivalent secure protocols |
Default |
|
status |
status |
|||
|
|
|||
|
|
|
|
|
FTP and TFTP |
Disabled |
SCP |
Disabled |
|
|
|
|
|
|
|
|
Secure SHell (SSH) v1, v2 |
|
|
Telnet |
Disabled |
Nortel recommends that you use |
Disabled |
|
|
|
SSHv2 instead of SSHv1. |
|
|
|
|
|
|
|
|
|
SNMPv3 |
|
|
SNMPv1, SNMPv2 |
Enabled |
You must load the DES/AES image on |
Enabled |
|
|
|
the switch to use SNMPv3. |
|
|
|
|
|
|
|
Rlogin |
Disabled |
Secure SHell (SSH) v1, v2 |
Disabled |
|
|
|
|
|
|
|
|
No equivalent |
|
HTTP |
Disabled |
ATTENTION |
|
Nortel recommends that you do not |
|
||
|
|
use this protocol due to the risk to |
|
|
|
the security of your network. |
|
|
|
|
|
|
|
|
|
Password encryption
Beginning in Release 4.1, the switch stores passwords in encrypted format and no longer in the configuration file.
ATTENTION
If you load a configuration file saved prior to Release 3.7.6, saved passwords from the configuration file are not recognized. If you boot the switch for the first time with the software Release 3.7.6 or higher image, the switch resets the password to default values and generates a log, which indicates the changes.
For security reasons, Nortel recommends that you configure the passwords to values other than the factory defaults.
Management port
You must assign an IP address to the management port before you can use it for out-of-band (OOB) management. In a switch with redundant 8691or 8692 modules, each management port uses a specific IP address. In addition, you can create a virtual management port with an IP address available to the master management module.
The master management module replies to all management requests sent to the virtual IP address, and to requests sent to the management port IP address. If the master management module fails and the backup management module takes over, the virtual management port IP address continues to provide management access to the switch.
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
Management port 27
The following lists provides configuration considerations.
•You can configure the standby IP to a subnet other than that of the master IP using Device Manager only. Attempts to do so using CLI or NNCLI will generate a warning message.
•If you use Device Manager, you can configure the standby IP to a different subnet than the master IP, and you do not receive a warning message.
Static IP entry for the OOB network management interface
The following figure shows the OOB network management port default IP assignment.
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
28 Commissioning fundamentals
Figure 5
OOB network management port default IP flowchart
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
Device Manager 29
The switch first checks for the file pcmboot.cfg, in Personal Computer Memory Card International Association (PCMCIA). If not found, the switch checks for the file boot.cfg in flash.
ATTENTION
If you use the boot configuration file from PCMCIA, you must rename the file to pcmboot.cfg The boot.cfg file is no longer saved in PCMCIA. The file is saved only in flash.
Web management
The Nortel Ethernet Routing Switch 8600 includes a Web management interface you can use to monitor your switch through a Web browser from anywhere on your network. The Web interface supports many of the same monitoring features as the Device Manager software.
For information about configuration requirements and instructions to install the help files, to enable the Web server using Device Manager, and to access the Web interface, see Nortel Ethernet Routing Switch 8600 User Interface Fundamentals, NN46205-308.
Device Manager
Device Manager is an SNMP-based graphical user interface (GUI) tool designed to manage single devices. To use Device Manager, you must connect to a management station running Device Manager in one of the supported environments.
For information about Device Manager installation and startup, see
Nortel Ethernet Routing Switch 8600 User Interface Fundamentals,
NN46205-308.
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks
30 Commissioning fundamentals
Nortel Ethernet Routing Switch 8600
Commissioning
NN46205-319 01.01 Standard
30 May 2008
Copyright © 2008 Nortel Networks