chapter 2 configure and manage system

Maipu Confidential & Proprietary Information of 82

Configure and Manage System

Maipu Communication Technology Co., Ltd No. 16, Jiuxing Avenue Hi-tech Park Chengdu, Sichuan Province People’s Republic of China - 610041 Tel: (86) 28-85148850, 85148041 Fax: (86) 28-85148948, 85148139 URL: http:// www.maipu.com Email: [email protected]



All rights reserved. Printed in the People’s Republic of China. No part of this document may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise without the prior written consent of Maipu Communication Technology Co., Ltd. Maipu makes no representations or warranties with respect to this document contents and specifically disclaims any implied warranties of merchantability or fitness for any specific purpose. Further, Maipu reserves the right to revise this document and to make changes from time to time in its content without being obligated to notify any person of such revisions or changes. Maipu values and appreciates comments you may have concerning our products or this document. Please address comments to: Maipu Communication Technology Co., Ltd No. 16, Jiuxing Avenue Hi-tech Park Chengdu, Sichuan Province People’s Republic of China - 610041 Tel: (86) 28-85148850, 85148041 Fax: (86) 28-85148948, 85148139 URL: http:// www.maipu.com Email: [email protected] All other products or services mentioned herein may be registered trademarks, trademarks, or service marks of their respective manufacturers, companies, or organizations.



Maipu Feedback Form Your opinion helps us improve the quality of our product documentation and offer better services. Please fax your comments and suggestions to (86) 28-85148948, 85148139 or email to [email protected].

Document Title


Product Version

Document Revision Number

1.0

Presentation: (Introductions, procedures, illustrations, completeness, arrangement, appearance)

Good Fair Average Poor

Accessibility: (Contents, index, headings, numbering)


Evaluate this document

Editorial: (Language, vocabulary, readability, clarity, technical accuracy, content)


Your suggestions to improve the document

Please check suggestions to improve this document: Improve introduction Make more concise Improve Contents Add more step-by-step

procedures/tutorials Improve arrangement Add more technical information Include images Make it less technical Add more detail Improve index

If you wish to be contacted, complete the following:

Name Company

Postcode Address

Telephone E-mail



Contents

Configure & Manage System......................................................................6 Configure System...................................................................................................6 Configure System Name .........................................................................................6 Configure System Time...........................................................................................7

Configure Time Zone...............................................................................................................8 Configure Login Security Service..............................................................................8 Manage System....................................................................................................10

Overview ..............................................................................................................................10 Manage File System ..............................................................................................................10 Management of Configuration File ..........................................................................................28

Manage System Authentication & Command Hierarchical Authorization.....................36 Overview ..............................................................................................................................37 Basic Commands...................................................................................................................37 Modify User Level ..................................................................................................................38 Modify Command Level .........................................................................................................40 Instance of Modifying Command Level ...................................................................................41 Set Enable Password .............................................................................................................41 Configure User & Attributes....................................................................................................41 Set Line Attributes.................................................................................................................42 View Present User Level.........................................................................................................44

System Tools .......................................................................................................45 Command show....................................................................................................................45 Protocol Debugging ...............................................................................................................64 System Log Function.............................................................................................................65 View CPU Utilization...............................................................................................................68 Configuration Rollback Function .............................................................................................71

Commands for Viewing History ..............................................................................73 Display Information By Pages ................................................................................................74

System Remote Login Service ...............................................................................75 Telnet...................................................................................................................................75 SSH......................................................................................................................................76

Control Temperature.............................................................................................76 Temperature Alarm and System Control.................................................................................76

Set Display Language of SIU..................................................................................77 Set Parameters of System Alarm ...........................................................................77



System Information Unit .......................................................................................78 Procedure .............................................................................................................................78 View Information...................................................................................................................78



Configure & Manage System

This chapter mainly describes the basic configurations and managements of Maipu switches, which include the commands for configuring system, managing the user name and password, configuring the parameters of environment, managing the files and viewing the system information.

The contents are as follows:

Configure system

Manage System

System tools

Configure System In Maipu switches, the main tasks of configuring system are as follows:

Configure the system name

Configure the system time

Configure the login security service

Configure System Name When the switch leaves the factory, its default system name is switch. Users can change the system name by desires. This change takes effect immediately and the new system name appears in the displaying of the next system prompt. The command for configuring the switch name is as follows:

Command Description Config mode

hostname hostname * Configure the name of a switch config



The following instance will change the system name from “switch” to “switch_1”:

The steps are as follows:

Command Description

switch#configure terminal

Execute the command configure terminal in the privileged user mode to enter the global configuration mode

switch(config)#hostname switch_1

Execute the command hostname and take the parameter “switch_1” in the global configuration mode to change the system name

switch_1(config)# The new system command takes effect in the displaying of the next system prompt

Configure System Time An independent clock system for recording the current time of the system is configured in the switch. The system can obtain the current time of the switch with real-time clock system after power off and restart. For the switch without real-time clock system, the initial time of the system is 1970-1-1 00:00:00. But you can use the NTP service to obtain the current time automatically after startup (For the usage of NTP, refer to NTP Configuration Manual). You can run the clock command to configure the year, month, date, hour, minute, and second of the system. The configuration commands are as follows:


clock year month day hour minute second

* Configure the system clock enable

The following instance configures the system time as 09:36:10, November 15, 2001 by the command clock.

Command Description

switch#clock 2001 11 15 9 36 10

In the privileged user mode, to execute the command to configure the time of the system calendar as 09:36:10, November 15, 2001.

switch#show clock UTC: THU NOV 15 09:36:15 2001

Display the present calendar time of the system. The present time is 09:36:10, November 15, 2001, Thursday; By default, the time zone of the system is UTC.



Configure Time Zone In the switch, you can configure the time zone. Run the clock timezone command to configure the time zone.

Command Description Configuration Mode

clock timezone {BEIJING | string hourOffset [minOffset]}

* Configure system time zone config

As shown in the following example, run the clock timezone command to set the system time zone to: one hour and 10 minutes ahead of current time.

Command Description

switch(config)#clock timezone test -1 10

In the global configuration mode, the command is used to set the system time zone to: name: test, one hour 10 minutes ahead of current time.

switch#show clock test(UTC-20:30) THU NOV 15 08:28:15 2001

Display the current time of the system. The current time is 2001-11-15 08:28:15, Thursday. The system time zone is one hour 10 minutes ahead of UTC time, that is, the current UTC time is: 2001-11-15 09:38:15.

Configure Login Security Service In order to enhance the system security, Maipu switches provide the login security service function. Main functions are as follows:

1. Prevent the brute-force attack on user login password

2. Prevent the fast connection

The function of preventing the brute-force attack on user login password is to prevent the illegal users from cracking the user name and password used for logging into the Maipu switch. When the system finds that the authentication failure times of continued login from a user reaches the specified times, the system forbids the login connection from that IP address in a given period.

The function of preventing the fast connection is to prevent the illegal users from initiating a great deal of login requests to the switch in a short period which occupies a lot of system and network resources. If the times of repeatedly logging into a switch from a user reaches the configured



times, the system forbids the login connection requests from that IP address in a given period.

The commands for configuring the login security service are as follows:


service login-secure Enable the system security service

config

login-secure check-record-interval <30m-14400m>

Configure the interval time for the login security service clearing the aged login authentication failures and the fast connection information. 60 minutes by default.

config

login-secure forbid-time <10m-144000m>

Configure the time for the login security service forbidding the illegal IP address to log in. 10 minutes by default.

config

login-secure max-try-time <1-20>

Configure the maximum authentication failure times for continued login after the login security service takes effect. 5 times by default.

config

login-secure record-aging-time <15m-1440m>

Configure the time for the login security service aging the login authentication failure and the fast connection information. 15 minutes by default.

config

login-secure quick-connect max-times <10-10000>

Configure the maximum connection times of the preventing fast connection function. 20 times by default.

config

login-secure quick-connect restrict-interval <10s-600s>

Configure the minimum interval time between two connections of the preventing fast connection function. 30s by default.

config

login-secure quick-connect unrestrict-interval <10m-1440m>

Configure the forbidding time for the illegal IP address to log in after the preventing quick-connection function takes effect. 20 minutes by default.

config

show login-secure information

View the login authentication failure records of the login security service

enable

show login-secure quick-connect

View the quick-connection records of the login security service

enable

Default status: By default, the login security service is enabled when the system starting up

Note



Execute the command no service login-secure to disable the login security service; meanwhile clear all login connection records.

Manage System The contents of the section are as follows:

Overview

Manage file system

Configure the file management

Overview This section mainly describes the related contents of the system management, comprises managing the file system, configuring the file management, system authentication and command hierarchical authorization.

Manage File System The contents of the section are as follows:

Introduction to the file system

Brief introduction to the commands of the file system

Instance of applying the commands

Fi le System Maipu switches have three kinds of storage mediums. Their functions are as follows:

SDRAM: it is used as the space for a switch executing the application programs

FLASH: it is used to store the application programs, configuration files and BootROM programs etc.

EEPROM: it is used to store the configuration files and the user information that are often being changed.



There are three kinds of files managed by Maipu switches:

Switch application program——it is used to transmit routes, manage files and manage system etc.

Configuration file——It is used to store the system parameters configured by users.

BootROM file——it is used to store the basic data initialized by system.

Maipu switches construct a DOS-based file system for storing the information that rarely needs to be changed, such as the application programs (protocol software and driver etc.) and BootROM programs of a switch. The file system is called TFFS (True Flash File System).

Fi le System Commands In the file system configuration mode, the system provides a set of commands to manage the file system. They are as follows:

Commands for managing the file system

Command Function Operation mode

copy Copy a file config-fs

ftpcopy Copy a file via the FTP server config-fs

tftpcopy Copy a file via the TFTP server config-fs

xmodemcopy Copy a file by using XMODEM protocol via the configuration

config-fs

delete Delete a file config-fs

delete startup-config Delete all startup files, including backup startup files

config-fs

type View contents of a file config-fs

dir View a directory or a file config-fs

cd Change the present path config-fs

mkdir Create a directory config-fs

rmdir Delete a directory config-fs

pwd Display the current path config-fs

volume View the information about a file device

config-fs

config-file Execute a configuration file config-fs

show filesystem View the information about the file device

enable



The file system management of a switch is composed of two parts, they are: file management and directory management. Because TFFS is based on DOS file system, long file names are not supported. Each directory name can be a maximum of eight characters in length, each file name follows the 8.3 naming standard.

Instances of Apply ing Commands 1. View the information about file device

The file system of a switch is based on the flash physical device. Users can get the basic information about the FLASH file system (TFFS) via the following commands:

Command Format:

volume - Execute in the file system configuration mode

show filesystem - Execute in the privileged user mode

Application Instance:

In the file system configuration mode, execute the command volume:

switch(config-fs)#volume

volume descriptor ptr (pVolDesc): 0x5fe2bd0 cache block I/O descriptor ptr (cbio): 0x2839e70 auto disk check on mount: NOT ENABLED max # of simultaneously open files: 22 file descriptors in use: 0 # of different files in use: 0 # of descriptors for deleted files: 0 # of obsolete descriptors: 0 current volume configuration: - volume label: NO LABEL ; (in boot sector: ) - volume Id: 0x0 - total number of sectors: 126,968

/*sectors of the file system */ - bytes per sector: 512 /* bytes of

each sector */ - # of sectors per cluster: 4 /*

sectors of each cluster*/ - # of reserved sectors: 1 /* of the

reserved sectors*/



- FAT entry size: FAT16 /* size of FAT */

- # of sectors per FAT copy: 124 /*sectors occupied by each FAT */

- # of FAT table copies: 2 /* copies of FAT table */

- # of hidden sectors: 8 /* hidden sectors */

- first cluster is in sector # 264 /* the location of the first cluster in sector */

- Update last access date for open-read-close = FALSE - directory structure: VFAT /*

directory structure */ - root dir start sector: 249 /* the

start sector of root directory */ - # of sectors per root: 15 /* the sectors

occupied by root directory */ - max # of entries in root: 240 /* the

maximum number of entries in root directory */ FAT handler information: ------------------------ - allocation group size: 4 clusters /* the size of the unit

can be allocated */ - free space on volume: 14,403,584 bytes/* the size of the

system free space */

2. File management

By utilizing the file manage commands in the file system configuration mode, users can operate all files in TFFS:

Directory

Copy files

Delete files

View contents of files

The instances of applying the commands of file management are as follows:

A. Directory

Command Format:

dir

Application instance:



switch(config-fs)#dir size date time name -------- ------ ------ -------- 1930 JAN-01-1980 00:00:00 LOGGING 4 JAN-01-1980 00:00:00 RANDOM 3160 JAN-01-1980 00:00:00 STARTUP 3160 JAN-01-1980 00:00:00 SCRIPT

B. Copy files

The file copy command can be used to copy files in the FLASH file system, FTP server, TFTP server, startup configuration and running configuration. The command formats are as follows:

copy {(filesystem /flash|/cfcard|/usb)|(ftp [vrf vrf-name] hotname

username passwd)|(running-config)|(startup-config)|(tftp [vrf vrf-

name] hotname)}

source-filename {(filesystem /flash|/cfcard|/usb)|(ftp [vrf vrf-name]

hotname username passwd)|(running-config)|(startup-config)|(tftp [vrf vrf-name] hotname)}

dest-filename ftpcopy [vrf vrf-name] dest-ipaddress ftp-username ftp-password source-

filename /flash/dest-filename

tftpcopy [vrf vrf-name] dest-ipaddress source-filename /flash/dest-

filenam

xmodemcopy source-filename trans-baudrate

The following explains each copy type in detail.

Copy files from FLASH file system to FLASH file system

Command Format:

copy filesystem /flash/source-filename filesystem /flash//dest-filename


switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR>



4 JAN-01-1980 00:00:24 random switch(config-fs)#copy filesystem /flash/random filesystem

/flash/abc Copying... Completed switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:24 random 4 JAN-01-1980 00:10:16 abc

Copy files from the FLASH to ftp server

Command Format:

copy filesystem /flash/source-filename ftp [vrf vrf-name] dest-ipaddress ftp-username ftp-password dest-filename


switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:24 random 510 JAN-01-1980 00:08:26 startup 11577 JAN-01-1980 00:09:10 abc switch(config-fs)#copy filesystem /flash/abc ftp 128.255.42.180 123 123 test Copying!!!!!!!!!!!!Total 11577 bytes copying completed. switch(config-fs)#

Copy files from FLASH to tftp server

Command Format:

copy filesystem /flash/source-filename tftp [vrf vrf-name] dest-ipaddress dest-filename


switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:26 random 510 JAN-01-1980 00:08:26 startup



11577 JAN-01-1980 00:09:10 abc switch(config-fs)#copy filesystem /flash/abc tftp 128.255.42.180 test Completed! switch(config-fs)#

Copy a file of FLASH file system as the start-up configuration file

Command Format:

copy filesystem /flash /ource-filename startup-config


switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:26 random 510 JAN-01-1980 00:05:16 abc switch(config-fs)#copy filesystem /flash/abc startup-config Copying... Completed switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:26 random 510 JAN-01-1980 00:05:46 startup 510 JAN-01-1980 00:05:16 abc switch(config-fs)#

Copy the startup configuration as a file of FLASH file system

Command Format:

copy startup-config filesystem /flash/dest-filename


switch(config-fs)#copy startup-config filesystem /flash/abc Copying... Completed switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:26 random 510 JAN-01-1980 00:09:40 startup 510 JAN-01-1980 00:17:08 abc switch(config-fs)#



Copy the startup configuration to the host via FTP

Command Format:

copy startup-config ftp [vrf vrf-name] dest-ipaddress ftp-username ftp-password dest-filename Application instance: switch(config-fs)#copy startup-config ftp 128.255.42.180 123 123 test Copying!Total 510 bytes copying completed.

Copy the startup configuration to the host via TFTP

Command Format:

copy startup-config tftp [vrf vrf-name] dest-ipaddress dest-filename

Application instance: switch(config-fs)#copy startup-config tftp 128.255.42.180 test Completed!

Copy the running configuration as a file of FLASH file system

Command Format:

copy running-config filesystem /flash/dest-filename


switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:26 random switch(config-fs)#copy running-config filesystem /flash/abc Copying... Completed switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:26 random 510 JAN-01-1980 00:17:08 abc switch(config-fs)#

Copy the running configuration to the host via FTP

Command Format:



copy running-config ftp [vrf vrf-name] dest-ipaddress ftp-username ftp-password dest-filename


switch(config-fs)#copy running-config ftp 128.255.42.180 123 123 test Copying!Total 510 bytes copying completed.

Copy the running configuration to the host via TFTP

Command Format:

copy running-config tftp [vrf vrf-name] dest-ipaddress dest-filename

Application instance: switch(config-fs)#copy running-config tftp 128.255.42.180 test Completed!

Copy the running configuration as the startup configuration

Command Format:

copy running-config startup-config


switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:26 random switch(config-fs)#copy running-config startup-config Building Configuration...done switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:26 random 495 JAN-01-1980 00:33:28 startup switch(config-fs)#

Copy files from ftp server to FLASH file system

Command Format:

copy ftp [vrf vrf-name] dest-ipaddress ftp-username ftp-password source-filename file-system /flash /dest-filename

same as the command ftpcopy




switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:24 random switch(config-fs)#copy ftp 128.255.42.180 123 123 test.bin file-

system /flash/abc Downloading#########################OK! switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:24 random 11577 JAN-01-1980 00:09:10 abc switch(config-fs)#

Copy from FTP server to the startup configuration file

Command Format:

copy ftp [vrf vrf-name] dest-ipaddress ftp-username ftp-password source-filename startup-config


switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:26 random switch(config-fs)#copy ftp 128.255.42.180 123 123 test startup-config Downloading##OK! switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:26 random 495 JAN-01-1980 00:58:02 startup switch(config-fs)#

Copy files from TFTP server to FLASH file system

Command Format:

copy tftp [vrf vrf-name] dest-ipaddress source-filename file-system /flash/dest-filename



Note

The same as the command tftpcopy


switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:26 random switch(config-fs)#copy tftp 128.255.42.180 test file-system /flash/abc Downloading##OK! switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:26 random 495 JAN-01-1980 01:01:00 abc switch(config-fs)#

Copy from TFTP server to the startup configuration file

Command Format:

copy tftp [vrf vrf-name] dest-ipaddress source-filename startup-config


switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:26 random switch(config-fs)#copy tftp 128.255.42.180 test startup-config Downloading##OK! switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:26 random 495 JAN-01-1980 01:03:28 startup switch(config-fs)#

Copy files to FLASH file system by using xmodem protocol via the configuration port

Command Format:



xmodemcopy dest-filename trans-baudrate


switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:26 random switch(config-fs)#xmodemcopy abc 9600 Now ready to receive file.Please send file with XMODEM protocol.If you want to cancel in progress,press CTL+C key... Receive file successfully!! switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:26 random 512 JAN-01-1980 01:30:32 abc switch(config-fs)#

C. Delete files

Command Format:

delete filename


switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:26 random 512 JAN-01-1980 01:30:32 abc switch(config-fs)#delete abc WARNING: The Data of this file will be lost! if OS is deleted,the system will

hangup! Please confirm to continue?(Yes/No)y Delete /flash/abc OK switch(config-fs)#dir size date time name -------- ------ ------ -------- 2048 JAN-01-1980 00:00:30 mpssh <DIR> 4 JAN-01-1980 00:00:26 random switch(config-fs)#



D. View the contents of files

Command Format:

type filename


switch(confgi-fs)#type startup View the contents of the file startup

The contexts of file startup Building Configuration...done ! Current configuration : 49084 bytes ! ! No configuration change since last restart ! Configuration version 0.8 ! !software version 6.1.0(sw-100)(integrity) !software image file flash0: /flash/sphb-g-6.1.0(sw-100).pck !compiled on May 12 2009, 02:27:35

hostname switch

service timestamps debug datetime service timestamps log datetime service taskname debug service taskname log no service password-encrypt no service new-encrypt service login-secure

enable password OW encrypt

user a password 0 a no exception reboot ip load-sharing per-packet vfp-action-group a

untag ovlan-act add_ovlan 3 exit

ip access-list standard 10 10 permit host 129.255.8.7 vfp-action-group a exit mpls label range 70000 1048575 mpls ip



no mpls ttl-propagate mpls ttl-expiration 0 ip multicast-routing spanning-tree transmit hold-count 10 spanning-tree mst instance 1 priority 12288 spanning-tree enable lacp system-priority 168 link-aggregation 1 mode manual link-aggregation 2 mode manual vlan 1 description DEFAULT exit vlan 2 description VLAN0002 exit vlan 3 description VLAN0003 exit vlan 4 description VLAN0004 exit vlan 5 description VLAN0005 exit vlan 6 description VLAN0006 exit vlan 7 description VLAN0007 exit vlan 8 description VLAN0008 exit vlan 9 description VLAN0009



exit vlan 10 description VLAN0010 exit mac-vlan mac-address 0001.7a99.8877 vlan 3 all mac-vlan mac-address 2222.2222.2222 vlan 100 all ip-subnet-vlan ipv4 1.1.0.0 mask 255.255.0.0 vlan 3 untagged ip-subnet-vlan ipv4 10.0.0.0 mask 255.255.0.0 vlan 2 all ip-subnet-vlan ipv4 129.255.0.0 mask 255.255.0.0 vlan 3 all protocol-vlan profile 1 frame-type ETHERII ether-type 0x800 all protocol-vlan profile 2 frame-type ETHERII ether-type 0x8100

untagged protocol-vlan profile 3 frame-type ETHERII ether-type 0x900

untagged protocol-vlan profile 16 frame-type ETHERII ether-type 0x6800 all mac-address static 0001.0002.0002 vlan 1500 drop mac-address static 0001.0002.0003 vlan 1500 drop mac-address static 0001.0002.0001 vlan 1500 drop cpu-packet ospf cos 7 evc aaa type point-to-point svlan-id 999 cevlan-id 2 exit !slot_2_SM68A-24GETH !end !slot_6_SM68A-24GETH !end link-aggregation 4 port mode trunk port trunk allowed vlan 1,3001-3100 port trunk pvid vlan 1 spanning-tree portfast edgeport exit interface null0 exit



interface dc0 ip address 128.255.40.114 255.255.252.0 mac-address 0810.abcd.aecd ip access-group 2 in exit interface loopback0 ip address 23.23.23.23 255.255.255.255 exit interface loopback1 exit interface vlan6 ip address 33.0.0.68 255.255.255.0 exit interface vlan7 ip address 144.0.0.68 255.255.255.0 exit interface vlan8 ip address 134.0.0.68 255.255.255.0 exit interface vlan9 ip address 69.0.0.68 255.255.255.0 exit interface vlan10 ip address 34.0.0.68 255.255.255.0 exit

interface tunnel0 exit interface tunnel1 tunnel source vlan4091 tunnel destination 140.0.0.38 ip address 14.0.0.68 255.255.0.0 exit router rip version 2 no auto-summary address-family ipv4 vrf w1 version 2 network loopback4001



network vlan4001 network vlan4030 network vlan4090 network vlan4091 no auto-summary exit-address-family exit router ospf 23 ispf network 10.0.0.0 0.0.0.255 area 0 network 23.23.23.23 0.0.0.0 area 0 exit router ospf 1000 network 12.0.0.0 0.255.255.255 area 0 exit ftp enable ftp max-user-num 4 snmp-server start snmp-server view default 1.0.8802 include snmp-server view default 1.1.2 include snmp-server view default 1.3.111 include snmp-server view default 1.3.6.1 include snmp-server community public view default rw line con 0 exec-timeout 0 0 line vty 0 15 Jan exec-timeout 0 01 0 0:45:06: [tCMMHlpe no loginr][HAM]: Lp u 6 core temperatu exitre warn,tempNow

!end

Directory Management In the switch, the directory management covers:

1. ·Print the home path of the system.

2. · Change the current path.

3. ·Create the directory.

4. ·Delete the directory.



The following is the example of directory management command:

1. Print the home path of the system

Command:

pwd

Application example:

switch(config-fs)#pwd

/flash

switch(config-fs)#

The content indicates that the system is in the /flash directory.

2. Create the directory

Command:

mkdir dir-name


switch(config-fs)#mkdir maipu

switch(config-fs)#dir

size date time name

-------- ------ ------ --------

1930 JAN-01-1980 00:00:00 LOGGING

4 JAN-01-1980 00:00:00 RANDOM

3160 JAN-01-1980 00:00:00 STARTUP

512 JAN-01-1980 00:00:00 MAIPU <DIR>

3160 JAN-01-1980 00:00:00 SCRIPT

3. Change the home path of the system

Command:

cd dest-dirname




switch(config-fs)#cd maipu

switch(config-fs)#pwd

/flash/maipu

The content indicates that the system is in the /flash/maipu directory.

4. Delete the directory

Command:

rmdir dir-name


switch(config-fs)#cd /flash

switch(config-fs)#rmdir maipu

WARNING:

The Data of this dir will be lost! if OS is deleted,the system will hangup!

Please confirm to continue?(Yes/No)y

switch(config-fs)#dir

size date time name

-------- ------ ------ --------

1930 JAN-01-1980 00:00:00 LOGGING

4 JAN-01-1980 00:00:00 RANDOM

3160 JAN-01-1980 00:00:00 STARTUP

3160 JAN-01-1980 00:00:00 SCRIPT

Management of Configuration File Content and format of the conf igurat ion f i le The configuration file is saved in the file system as text files. The format is as follows:

1. The configuration command.



2. To save the space of flash, save only the commands in configuration modes (including global configuration mode, interface configuration mode, file system configuration mode, access list configuration mode, and routing protocol configuration mode).

3. The organization of commands is subject to the command mode. The commands in the same mode are organized into a paragraph.

4. The sequence of the paragraph is as follows: global configuration mode, interface configuration mode, and route configuration mode.

5. Categorize according to the relation between commands. The relevant commands form a group and groups are separated by blank line.

The following is an example of Maipu configuration file: (The meaning of the information is provided in subsequent chapters).

switch#sh running-config Building Configuration...done ! Current configuration : 49084 bytes ! ! No configuration change since last restart ! Configuration version 0.8 ! !software version 6.1.0(sw-100)(integrity) !software image file flash0: /flash/sphb-g-6.1.0(sw-100).pck !compiled on May 12 2009, 02:27:35 hostname switch service timestamps debug datetime service timestamps log datetime service taskname debug service taskname log no service password-encrypt no service new-encrypt service login-secure enable password OW encrypt user a password 0 a no exception reboot ip load-sharing per-packet



vfp-action-group a untag ovlan-act add_ovlan 3 exit ip access-list standard 10 10 permit host 129.255.8.7 vfp-action-group a exit mpls label range 70000 1048575 mpls ip no mpls ttl-propagate mpls ttl-expiration 0 ip multicast-routing spanning-tree transmit hold-count 10 spanning-tree mst instance 1 priority 12288 spanning-tree enable lacp system-priority 168 link-aggregation 1 mode manual link-aggregation 2 mode manual vlan 1 description DEFAULT exit vlan 2 description VLAN0002 exit vlan 3 description VLAN0003 exit vlan 4 description VLAN0004 exit vlan 5 description VLAN0005 exit vlan 6 description VLAN0006



exit vlan 7 description VLAN0007 exit vlan 8 description VLAN0008 exit vlan 9 description VLAN0009 exit vlan 10 description VLAN0010 exit mac-vlan mac-address 0001.7a99.8877 vlan 3 all mac-vlan mac-address 2222.2222.2222 vlan 100 all ip-subnet-vlan ipv4 1.1.0.0 mask 255.255.0.0 vlan 3 untagged ip-subnet-vlan ipv4 10.0.0.0 mask 255.255.0.0 vlan 2 all ip-subnet-vlan ipv4 129.255.0.0 mask 255.255.0.0 vlan 3 all protocol-vlan profile 1 frame-type ETHERII ether-type 0x800 all protocol-vlan profile 2 frame-type ETHERII ether-type 0x8100

untagged protocol-vlan profile 3 frame-type ETHERII ether-type 0x900

untagged protocol-vlan profile 16 frame-type ETHERII ether-type 0x6800 all mac-address static 0001.0002.0002 vlan 1500 drop mac-address static 0001.0002.0003 vlan 1500 drop mac-address static 0001.0002.0001 vlan 1500 drop cpu-packet ospf cos 7 evc aaa type point-to-point svlan-id 999 cevlan-id 2 exit !slot_2_SM68A-24GETH !end !slot_6_SM68A-24GETH



!end link-aggregation 4 port mode trunk port trunk allowed vlan 1,3001-3100 port trunk pvid vlan 1 spanning-tree portfast edgeport exit interface null0 exit interface dc0 ip address 128.255.40.114 255.255.252.0 mac-address 0810.abcd.aecd ip access-group 2 in exit interface loopback0 ip address 23.23.23.23 255.255.255.255 exit interface loopback1 exit interface vlan6 ip address 33.0.0.68 255.255.255.0 exit interface vlan7 ip address 144.0.0.68 255.255.255.0 exit interface vlan8 ip address 134.0.0.68 255.255.255.0 exit interface vlan9 ip address 69.0.0.68 255.255.255.0 exit interface vlan10 ip address 34.0.0.68 255.255.255.0 exit

interface tunnel0 exit



interface tunnel1 tunnel source vlan4091 tunnel destination 140.0.0.38 ip address 14.0.0.68 255.255.0.0 exit router rip version 2 no auto-summary address-family ipv4 vrf w1 version 2 network loopback4001 network vlan4001 network vlan4030 network vlan4090 network vlan4091 no auto-summary exit-address-family exit router ospf 23 ispf network 10.0.0.0 0.0.0.255 area 0 network 23.23.23.23 0.0.0.0 area 0 exit router ospf 1000 network 12.0.0.0 0.255.255.255 area 0 exit ftp enable ftp max-user-num 4 snmp-server start snmp-server view default 1.0.8802 include snmp-server view default 1.1.2 include snmp-server view default 1.3.111 include snmp-server view default 1.3.6.1 include snmp-server community public view default rw line con 0 exec-timeout 0 0 line vty 0 15 exec-timeout 0 01 0 !end



Load of Conf igurat ion Fi le The configuration file of a Maipu switch can be edited in a text editor (for instance, WordPad) according to the format prescribed in the above section, and can be downloaded to a switch via FTP or TFTP. This operation can be used by terminal users or via Telnet remote login.

The following instance is given to explain how to download the switch configuration file via FTP:

Step 1: Edit the configuration file named config on a PC

Step 2: Enable the FTP SERVER on the PC;

Step 3: Execute the command ftpcopy in the file configuration mode of the switch to download the configuration file from the PC;

As follows:

switch(config-fs)#ftpcopy A.B.C.D switch switch1 config startup PC address, user name, password, file name, local file name

The above commands is to download the configuration file config from the PC whose address is A.B.C.D to the switch and write into the current directory of the switch TFFS with the name startup.

Here, execute the command dir; you can see a new file-startup is added into the directory.

switch(config-fs)#dir size date time name -------- ------ ------ -------- 1930 JAN-01-1980 00:00:00 LOGGING 4 JAN-01-1980 00:00:00 RANDOM 3160 JAN-01-1980 00:00:00 STARTUP 3160 JAN-01-1980 00:00:00 SCRIPT

Downloading the configuration file via TFTP is similar with downloading via FTP. The only difference between them is that the computer needs to run TFTP SERVER.

Step 4: Restart the switch, execute the configuration file-startup and modify the system configurations.



Save Current System Conf igurat ion After validated that the modified system configurations are error free, users can save the configurations to be treated as configuration parameters for the next startup.

The following command can be executed to save the running configuration into the startup configuration file (STARTUP):

switch(config-fs)#copy running-config startup-config or use the command: switch#write startup-config or use the command: switch#write

The following command can be executed to save the running configuration into the remote host via TFTP:

switch(config-fs)#copy running-config tftp A.B.C.D WORD Remote host name saved file name

The following command can be executed to save the startup configuration file into the remote host via TFTP:

switch (config-fs)#copy startup-config tftp A.B.C.D WORD

The following command can be executed to save the configuration files WORD of the remote host into the startup configuration file (STARTUP) of the switch via TFTP:

switch(config-fs)#copy tftp A.B.C.D WORD startup-config

Note

To enhance the security of configuration files, when you save configuration files via the write command, the current configuration file is automatically backed up in a safer raw flash. As a result, the case that the configuration files cannot be detected after the file system is corrupted is prevented. Run the show rawflash startup command to check the backup startup file in the raw flash. Delete startup file completely, run delete startup-config in the file system.

View Current Running Conf igurat ion of Switch switch#show running-config



Conf igure Switch to serve as FTP server Maipu switches can be used as the ftp servers. When a switch serves as an ftp server, it permits the user to access the file system of the switch via ftp mode.

The commands are as follows:


ftp enable Enable the ftp server config

ftp disable Disable the ftp server config

ftp max-user-num Configure the maximum number of users permitted to login

config

Note

Before a user logging into the file system of a switch via ftp mode, the user name and password need to be configured on the switch.

Instance of conf igur ing a switch to serve as a f tp server In order to make a Maipu switch as an ftp server, the following operations need to be executed in the config mode:

Command Description switch#configure terminal switch(config)# ftp enable Enable the ftp sever switch(config)#ftp max-user-num 2 Configure the maximum number of

users permitted to login as 2 switch(config)#user maipu password 0 maipu Configure the user name and

password for login as maipu

Manage System Authentication & Command Hierarchical Authorization The contents of the section are as follows:

Brief introduction

Description of basic commands



Modify user level

Modify command level

Set enable password

Configure user and related attributes

Set line attributes

View user level

Overview In order to enhance the operation security of a switch, Maipu series switches provide various authentication managements (include AAA, please refer to <Configure AAA>) when users logging in or perform enable operation. Only the users who have the corresponding rights can log in or operate enable successfully.

In order to authorize the executable commands set with different levels for different level of users, the commands of maipu switch are graded from level 0-15. Here, the level 0 has the lowest right while the level 15 has the highest.

Basic Commands Command Description Config mode

enable user-level Modify the user level switch> enable

privilege MODE level 0～15 all | command LINE

Modify the command level config

no privilege MODE {CR | level 0～ 15 { CR |all | command LINE } }

Recover a command to the default level config

enable password level 1～15 [0] string

Set the enable password config

enable password [0 ] string

Set the enable password config

no enable password CR| level 1~15

Delete the enable password config

user string password 0 LINE

Set the user password config

user string nopassword Set that a user can log in without password authentication

config

user string privilege 0-15 Set the authorized level of a user config user string autocommand Set the authorized auto-execute command of a config



<LINE> user user string autocommand-option nohangup delay <0_120> | delay <0_120>

Set the option of a user executing the auto-command; nohangup means the connection is not disconnected after the auto-command is executed; delay means after how many seconds delayed the auto-command is executed.

config

Modify User Level If the user passwords of the corresponding levels are configured, users can use the command enable level （ 0 ～ 15 ） and input the correct password to enter into the corresponding user-level. Meanwhile they get the executing right whose level is lower than or equal with the corresponding command-level.

The command is as follows:


enable {0-15 | _CR_} Modify the user level switch> enable

Note

1. Specify a user level 0-15 after enable and enter the corresponding level. By default, the level is 15 if not specified.

2. If the level of a user is higher than the user level he is going to enter, then he can enter the related level directly without any authentication. If the user is going to enter a level which is higher than his, the user needs to pass the authentication according to the current configuration, and the authentication method is selected according to the configuration.

3. If the enable password of the corresponding level is configured (configure via the command enable password level) and if no enable authentication of AAA is configured or the enable authentication of AAA uses enable means, the password can be used to authenticate.

4. If no enable password of the corresponding level is configure but the enable authentication means uses the local enable password to authenticate, there are two kinds of situations:



a) If it is a telnet user, the authentication is failed. “% No password set” is prompted if aaa is not configured; “% Error in authentication” is prompted if aaa is configured;

b) If it is a console interface user and the aaa is configured, then the enable login tries to use the enable password to authenticate at first. If there is no enable password, it uses none authentication means, which means that the authentication is passed by default. If the aaa is not configure, then “% No password set” is prompted and the authentication is failed.

5. If the enable authentication is passed, then the user enters the specified user level and the user possesses the corresponding level. Via the command show privilege the user level can be viewed.

6. If configured aaa authentication enable default method and use the corresponding method list to process the enable authentication, then the corresponding methods need to be used for authenticating, they are as follows:

a) If configured: aaa authentication enable default none; no password is needed

b) If configured: aaa authentication enable default line; if configured line password then use the password, or “% Error in authentication” is prompted and the authentication is failed.

c) If configured: aaa authentication enable default radius, use the radius authentication. Notice, the user name of radius enable authentication is fixed, that is $enab+level$. Level is a number of 1-15, that is the level the user is going to enter. Because radius uses the user name of the fixed rule, users do not need to input the user name when authenticating, just input the password to pass. If the password of the user name with corresponding level is configured on the radius sever, then input the corresponding password to log in successfully, or the authentication is failed. For instance, execute the command enable 10, then use the fixed user name $enab10$; if the user name exists on the radius sever, then input the user name and corresponding password to pass the authentication.

d) If configured: aaa authentication enable default tacacs，use the tacacs authentication. If there is a user name when logging in, then users can use the user name and input the enable password of the user name to log in; otherwise users need to input a username and the enable password of it. If the input user name exists on the tacacs sever, and the enable password of tacacs is configured (notice: the corresponding enable password needs to be set for users on the tacacs sever), then the authentication is passed, or is failed.

The above enable authentication methods can be combined to use, please refer to chapter 15 <Configure AAA >.



Modify Command Level Every shell command of Maipu switch IOS has its default level. However the command privileged can be used to modify the default level.

Users can only execute the commands whose levels are equal with or lower than the levels of themselves. For instance, if a user whose user level is 12, he can only execute the commands of level 0-level 12.

The commands for modifying command level are as follows:


privilege MODE [level {0-15} [all | command LINE]] Modify the command level config

no privilege MODE [level {0-15} [all | command LINE]}

To cancel the configuration of the command level

config

Note

1. When a user executing a command, whether the user has the corresponding level right depends on the configuration.

2. When executing show run or show startup, whether the present user has the level right for configuring a script depends on the configuration.

3. The input command character string follows the rule of “match most”, which means the input character string can be found and the result is only it. But in the script, it completes the character string as a full command.

4. The command no can be used to recover the command level of the corresponding command set to the default level.

privilege MODE [level {0-15} [all | command LINE]]

Syntax Description

MODE MODE means the mode that the command needs to be configured in, includes all modes of the present system.

level {0-15} Parameter 0-15 is a level specified for a command

request Configure as the responder

all Specify all commands in the present mode as a level

command Can input some keywords that a command starts with; all sub-commands start with the specified keywords are also belong to the configured level



Instance of Modifying Command Level Configure the level of all sub-commands starting with interface as 2.

Command Description switch#configure terminal switch(config)# privilege CONF level 2 command interface

Modify the level of the command interface as 2

Set Enable Password Set the local enable password for entering each user-level.



enable password [level {1-15}] [0] password

Specify the level and password, and the password is cleartext.

config

no enable password [level {1-15}] Cancel the configuration of the enable password of a level

config

Configure User & Attributes Use the command user to configure the local user and the related right attributes. The commands are as follows:


user user-name password 0 password

Set the user password config

user user-name nopassword Set that a user can log in without password authentication

config

user user-name privilege {0-15} Configure the authorized level of the user

config

user user-name autocommand command-line

Configure the authorized auto-execute command of the user

config

user user-name autocommand-option {nohangup | delay} [0_120]

Set the option of a user executing the auto-command. Nohangup means the connection is not disconnected after the command is executed. Delay means after how many seconds delayed the command is executed.

config

Note

Each command has the corresponding no command; the no command can be used to cancel the corresponding configuration.



Set Line Attributes Maipu switch supports login of one console interface user, 16 telnet users, and 16 ssh users at the same time at most. The line command can set different authentication and authorization attributes for the login.



line con 0 Enter the line configuration mode of the console interface

config

line vty {0-15} {0-15} Enter the line configuration mode of telnet user

config

line ssh-vty {0-15} {0-15} Enter the line configuration mode of SSH user

config

absolute-timeout {0-10000} The total time permitted for login user operating. Notice, if it is configured as 0, which means the time is not limited. By default, the configuration is 0. When 5 seconds before the time runs out, there is a prompt: Line timeout expired。

config-line

privilege level {0-15} Configure the authorized level of a login user. By default is 1

config-line

autocommand command-line Configure the command executed automatically after a user logged in successfully. Notice, the executed command is often in the privileged user mode. By default, no command is executed.

config-line

autocommand-option {[nohangup] delay} {0-120}

Set the option of a user executing auto-command. Nohangup means the connection is not disconnected after the auto-command is executed. By default, the connection is disconnected after the command is executed. Delay means after how many seconds delayed the auto-command is executed. By default, the delay is 0 second, which means no delay. Notice, the command takes effect only when autocommand is configured.

config-line

exec-timeout {0_35791} [0_2147483]

Configure the idle timeout to exit. Notice, if the configuration is 0, which means no idle timeout to exit. By default: 5 minutes.

config-line



password 0 password Configure the line password config-line

login [local | authencation] Configure the login authentication mode. Here login CR uses the line password to authenticate; Login authentication uses AAA authentication mode. No login means users can log in without authentication (this can be used only when AAA is not configured). For common telnet, it is login by default; for ssh, login local by default.

config-line

authorization exec {default | word}

authorization commands level {default | word}

accounting exec {default|word}

accounting commands level {default | word}

Configure the authentication mode and the accounting mode, if the aaa is enabled (command aaa new-model), then can specify the authentication and accounting mode of exec and commands for each line. Please refer to <Configure AAA>.

config-line

modem auto-detection Enable the mode function of console interface

config-line

timeout login respond {1-300} Configure the timeout of waiting for a user to input the user name and password; 30 seconds by default.

config-line

Note

Except the first command, others have their corresponding no commands which are used to cancel the corresponding configurations or recover to the default configurations.

For instance: configure the idle timeout of a telnet user as 5 minutes and the absolute timeout as 20 minutes, login timeout as 60 seconds, right level-14, to execute the command show memory when 5 seconds delayed after logged in and not to exit after the command is executed:

Command Description switch(config)#line vty 0 2 Enter the line configuration mode of

telnet user switch(config-line)#exec-timeout 5 0 Configure the timeout for idling as 5

minutes

switch(config-line)#absolute-timeout 20 Configure the total time permitted for a user configuring as 20 minutes

switch(config-line)#timeout login respond 60 Configure the timeout for user logging in as 60 seconds.

switch(config-line)#privilege level 14 Configure the authorized level of a user as 14

switch(config-line)#autocommand show memory Configure to execute the command



show memory automatically after a user logged in successfully

switch(config-line)# autocommand-option delay 5 nohangup

Configure to execute the command automatically after 5 seconds delayed and the connection is not disconnected.

switch(config-line)# password 0 vty Configure the password of line as vty switch(config-line)#exit To exit the line configuration mode

After configured according to above commands, users should be authorized the following line attributes after telnet logged into the device:

Debug information is as follows: (via enable the command debug author exec):

00:34:30: %SYS-5-LOGIN: Telnet(vty0) is entered by client (130.255.136.69)

00:34:30: AUTHOR/EXEC/LINE (3): processing AV priv-lvl=14 00:34:30: AUTHOR/EXEC/LINE (3): processing AV autocmd=show

memory 00:34:35: AUTHOR/EXEC/LINE (3): processing AV timeout=1200 00:34:35: AUTHOR/EXEC/LINE (3): processing AV nohangup=TRUE

View Present User Level The level of the present user can be viewed via a command:

The command is as fowllos:

show privilege

Execute in the normal user mode (STD) or the privileged user mode (EN).

Note

By default, the level of the command is 1. So the user whose level is 0 cannot execute the command.

For instance:

switch#show privilege Current privilege level is 15



System Tools Command show The types of the information can be viewed via the system command show are as follows:

The information about the system software and hardware resources

The information about the system statistics

The information about the system configuration

The basic information about the system

Instance of command show

Command Description

stack Display the using condition of each task stack in the system

memory Display the information about the system memory

mbuf Display the information about the system buffer

process Display the information about the system task/process

device Display the information about the system physical and logical devices

interface Display the information about the system network interface

hosts Display the information about the system internal host table

arp Display the information about the system ARP table

ip Display the information about the statistic of IP layer (include TCP and UDP)

startup-config Display the contents of system startup configuration file

version Display the information about the versions of the system hardware and software

system {chassis | mpu | lpu| sfu | siu | power | fan }

Display the information about system board, SIU, power, and fan.

Take MP2600 as an instance, partial information is displayed as follows:

1. Display the system stack

switch#sh stack



NAME ENTRY TID SIZE CUR HIGH MARGIN

---------------- -------- -------- ----- ----- ----- ------

tExcTask 80255dfc 87fe97e0 7984 288 516 7468

tLogTask 8025c440 87fe6a60 4992 280 356 4636

tRlimit 804a9108 879eb100 4080 1120 1196 2884

tFmmHdle 802f3838 85e19f20 16368 264 340 16028

tExcTrace 8020bb6c 87a0a9e0 7984 248 540 7444

tActive 80206178 85c6ad00 3984 144 224 3760

tVlanTask 805753d4 85ef0d70 10224 256 2224 8000

tDmemReapd 804bd664 87f91140 3984 96 216 3768

tIpamTrap 8069ab50 874dfc10 5360 248 324 5036

tShell0 802233f8 85c71560 25584 2864 6076 19508

tMdsp 8030cd10 8662e8f0 8176 328 440 7736

tSysLog 803573d8 87f06c10 15344 288 2384 12960

tMbufTask 80308680 8677a790 3056 136 216 2840

tCGTimer 802dcda4 865c1cf0 4080 168 324 3756

tEAps 8062dd74 85c741c0 10224 120 200 10024

bcmRX7 809aa298 85fdb650 32752 176 256 32496

bcmRX6 809a9dd0 85fd31f0 32752 176 256 32496

bcmRX5 809a9908 85fcad90 32752 176 256 32496

bcmRX4 809a9440 85fc2930 32752 176 256 32496

tFlowCore 802edb78 85d34c70 8176 144 220 7956

tNotify 803ec568 87efccd0 12272 104 180 12092

tSysTimerH 804c5b0c 874eede0 10224 152 280 9944

tNetTask 803a6550 866ab0f0 9984 128 376 9608

tFwdTask 803a66b4 866a8580 9984 96 176 9808

tIfMgt 80813100 866914e0 9984 112 192 9792

tSDEvent 8071d70c 865b6340 10224 96 960 9264

bcmDPC 80a8dee0 865a3570 16368 144 220 16148

bcmL2X.0 80abb020 864d38d0 16368 224 536 15832

bcmCNTR.0 80a98024 8648fc40 16368 200 676 15692

bcmTX 809d3630 86474f00 16368 136 212 16156

bcmXGS3AsyncTX 809d1788 86470a20 16368 192 348 16020

bcmLINK.0 809803c0 860fa980 16368 184 1540 14828

tRtrSched 80434694 85e2e7a0 10224 96 172 10052

tRtrWdog 8042ac38 85e28b20 10224 96 408 9816

tKmemReapd 804babbc 87f92d60 3984 136 396 3588

tConMSig 802db208 865b7940 4080 112 372 3708

tSysTask 804a5f30 87a124c0 9984 136 352 9632

tMSTP 8075cbd4 85ecedf0 20464 104 180 20284

tAaaRecv 802a221c 85e097c0 6128 248 508 5620

tFlowExpi 802e9a2c 85d32810 8176 264 420 7756



tNetBuffer 808224f4 87a1da50 5360 160 420 4940

tSysTimerL 804c5b0c 874f1b40 10224 152 452 9772

tTnlFFRcv 804d43a4 874c8b80 8176 96 172 8004

tGreFastRcv 802ffdd0 866a37c0 12272 160 236 12036

tGTL 80300350 8669edf0 8176 1504 2896 5280

tIp6tnlTask 80705230 8669a330 8176 1496 2536 5640

tTffsPTask 802779e8 87fe4cb0 2032 160 420 1612

tStaticRt 8049b134 8660dcc0 16368 152 1016 15352

tDot1x 806d6908 85db6de0 6128 224 392 5736

tPortMon 806d6908 85da5f60 6128 224 300 5828

tElmi 806d6908 85d09c70 20464 224 300 20164

tTrackMsg 80566c70 865bb7c0 10224 208 312 9912

tPmtud 803e13d4 866b2db0 5360 112 192 5168

tTelnetd 8054c5c4 85c69800 10224 256 336 9888

tTelnetd6 8054c688 85c66b00 10224 272 352 9872

tIcmpErr 803afcf8 874ce060 9984 248 324 9660

tArpTask 807fe640 866addf0 9984 96 172 9812

tRtMgt 804216f8 866235b0 9984 120 200 9784

tDhcpSp 806d6908 85f41df0 10224 224 984 9240

tIpsg 806d6908 85f3eb80 8176 224 380 7796

tDai 806d6908 85f3c520 8176 224 984 7192

tPortSts 805c8dac 85ee9860 8176 424 824 7352

tArl 805c0ae4 85ed5cf0 15344 224 300 15044

tIpubr 803aeca4 85ea7e00 9984 280 540 9444

tPortSec 806d6908 85daad70 6128 224 300 5828

tRtrSla 80450ddc 85e2b8e0 10224 336 412 9812

bcmRX3 809a8f78 85fba4d0 32752 176 628 32124

bcmRX2 809a8ab0 85fb2070 32752 176 332 32420

bcmRX1 809a85e8 85fa9c10 32752 176 332 32420

bcmRX0 809a8120 85fa17b0 32752 176 488 32264

tFmmDtct 8068d468 85e147b0 16368 256 1736 14632

tDcacheUpd 8023c254 87ed71d0 4992 176 436 4556

tTunnel 804d3830 874ca460 5104 520 780 4324

tPortPoll 8056e1a0 85f35a50 16368 144 456 15912

tCGTask 802dc650 865c0890 16368 120 228 16140

INTERRUPT 5008 0 636 4372

2. Display the using condition of the system memory

switch#show memory SUMMARY ------- Type Used bytes Free bytes Total bytes Used

percent ---- ---------- ---------- ----------- ------------



heap 36990832 77589184 114580016 32.28%

CODE 19632640 / 19632640 / slab 1534292 54496 1588788 96.57% fpss 0 4784128 4784128 0.00% mbuf 495180 16624824 17120004

2.89% Note: The space of all such memory types exclude code is part of

the heap's used memory,for instance:mbuf,slab,and fpss if exists. STATISTICS ---------- Used bytes Free bytes Total bytes Used

percent ---------- ---------- ----------- ------------ 35160024 99052632 134212656

26.20%

Note

Meaning of each entry

HEAP Heap memory, the most basic memory zone in the system,

other dual allocation management mechanisms are

separated from the zone

CODE Code Snippets memory, it is used to store the code snippets

zone for system running

SLAB

A kind of management mechanism for memory dual

allocation

MBUF A kind of management mechanism for memory dual

allocation

Use the command show memory to set different parameters to realize various functions:

show memory FPSS|HEAP|MBUF|SLAB: display the memory using condition of different memory management mechanisms

show memory FPSS|MBUF|SLAB _POOLNAME_: display the memory pool using condition of a memory management mechanism

show memory detail: display the detailed using condition of the system memory

3. Display the using condition of system buffer



switch# show pool detail

Driver pool

Statistics for the network stack mbuf

type number

--------- ------

FREE : 1024

DATA : 0

HEADER : 0

SOCKET : 0

PCB : 0

RTABLE : 0

HTABLE : 0

ATABLE : 0

SONAME : 0

ZOMBIE : 0

SOOPTS : 0

FTABLE : 0

RIGHTS : 0

IFADDR : 0

CONTROL : 0

OOBDATA : 0

IPMOPTS : 0

IPMADDR : 0

IFMADDR : 0

MRTABLE : 0

DRV_SCC : 0

DRV_8SA : 0

DRV_8S : 0

DRV_16A : 0

DRV_4M336: 0

DRVEXTSCC: 0

DRV_QMC : 0

E1 : 0

CE1 : 0

CPOS : 0

POS : 0



MCC : 0

M128 : 0

ASYNC : 0

FEC : 0

FPSS : 0

ISDN : 0

ENCRYPT : 0

RS8234 : 0

FCC : 0

NDSP : 0

FR : 0

PPP : 0

LABP : 0

X25 : 0

SNA : 0

ADSL : 0

PWI : 0

MASC : 0

LLC2 : 0

ATM : 0

LINK : 0

MDOT : 0

MPLSINFO : 0

IPSEC : 0

IGMP : 0

RTSOCK : 0

ARP : 0

TEST : 0

PKTGEN : 0

TOTAL : 1024

number of mbufs: 1024

number of times failed to find space: 0

number of times waited for space: 0

number of times drained protocols for space: 0

__________________

CLUSTER POOL TABLE



_______________________________________________________________________________

size clusters free usage

-------------------------------------------------------------------------------

1884 1024 1024 0

-------------------------------------------------------------------------------

Size: 2078720 bytes

Data pool


type number

--------- ------

FREE : 41823

DATA : 0

HEADER : 0

SOCKET : 5

PCB : 7

RTABLE : 0

HTABLE : 0

ATABLE : 0

SONAME : 0

ZOMBIE : 0

SOOPTS : 0

FTABLE : 0

RIGHTS : 0

IFADDR : 3

CONTROL : 0

OOBDATA : 0

IPMOPTS : 0

IPMADDR : 1

IFMADDR : 0

MRTABLE : 0

DRV_SCC : 0

DRV_8SA : 0

DRV_8S : 0



DRV_16A : 0

DRV_4M336: 0

DRVEXTSCC: 0

DRV_QMC : 0

E1 : 0

CE1 : 0

CPOS : 0

POS : 0

MCC : 0

M128 : 0

ASYNC : 0

FEC : 0

FPSS : 0

ISDN : 0

ENCRYPT : 0

RS8234 : 0

FCC : 0

NDSP : 0

FR : 0

PPP : 0

LABP : 0

X25 : 0

SNA : 0

ADSL : 0

PWI : 0

MASC : 0

LLC2 : 0

ATM : 0

LINK : 0

MDOT : 0

MPLSINFO : 0

IPSEC : 0

IGMP : 1

RTSOCK : 0

ARP : 0

TEST : 0

PKTGEN : 0



TOTAL : 41840





__________________

CLUSTER POOL TABLE

_______________________________________________________________________________


-------------------------------------------------------------------------------

64 10000 9997 3

128 24000 23996 43

256 5024 5019 5

512 3000 2995 12

1024 360 360 0

2048 480 480 0

-------------------------------------------------------------------------------

Size: 13914880 bytes

unregistered pool


type number

--------- ------

FREE : 512

DATA : 0

HEADER : 0

SOCKET : 0

PCB : 0

RTABLE : 0

HTABLE : 0

ATABLE : 0

SONAME : 0

ZOMBIE : 0

SOOPTS : 0



FTABLE : 0

RIGHTS : 0

IFADDR : 0

CONTROL : 0

OOBDATA : 0

IPMOPTS : 0

IPMADDR : 0

IFMADDR : 0

MRTABLE : 0

DRV_SCC : 0

DRV_8SA : 0

DRV_8S : 0

DRV_16A : 0

DRV_4M336: 0

DRVEXTSCC: 0

DRV_QMC : 0

E1 : 0

CE1 : 0

CPOS : 0

POS : 0

MCC : 0

M128 : 0

ASYNC : 0

FEC : 0

FPSS : 0

ISDN : 0

ENCRYPT : 0

RS8234 : 0

FCC : 0

NDSP : 0

FR : 0

PPP : 0

LABP : 0

X25 : 0

SNA : 0

ADSL : 0

PWI : 0



MASC : 0

LLC2 : 0

ATM : 0

LINK : 0

MDOT : 0

MPLSINFO : 0

IPSEC : 0

IGMP : 0

RTSOCK : 0

ARP : 0

TEST : 0

PKTGEN : 0

TOTAL : 512





__________________

CLUSTER POOL TABLE

_______________________________________________________________________________


-------------------------------------------------------------------------------

2048 512 448 64

-------------------------------------------------------------------------------

Size: 1126404 bytes

All MBUF pool size : 17120004 bytes

4. Display the information about the system device

switch#show device drv name 0 /null 1 /tyCo/0 1 /tyCo/1 3 /flash 3 /flash1



1 /tyCo/M 2 /pipe/temp 3 /config 3 /script 3 /rollback 3 /rbconfirm 3 /more 3 /log 2 /pipe/sshd

5. Display the information about the status of all system portss

switch#show port port 0/0 configuration information Description : Status : Enabled Link : Down Set Speed : Auto Act Speed : Unkown Set Duplex : Auto Act Duplex : Unkown Set Flow Control : Off Act Flow Control : Off Mdix : Auto Mtu : 1728 Link Delay : 0 Storm Control : Unicast Disabled Storm Control : Broadcast Disabled Storm Control : Multicast Disabled Storm Action : None Port Type : Nni Pvid : 1

6. Display the information about the system version (The system information varies with the platform)

switch#show version MyPower (R) Operating System Software

MyPower S6800 system image file (dc0: sphb-g-6.1.0(sw-100).pck), version 6.1.0(sw-100)(integrity), Compiled on May 18 2009, 17:24:37

Copyright (C) 2009 Maipu Communication Technology Co., Ltd. All Rights Reserved.

System ID : 000000010002 Hardware Model : SM68A-MPUBH with 512 MBytes DDR

SDRAM, 128 MBytes flash Hardware Version : 0ff(Hotswap Supported) MPU CPLD Version : 101 Backplane Version : 0ff(Hotswap Supported)



Monitor Version : 1.29 Software Version : 6.1.0(sw-100)(integrity) Software Image File : dc0: sphb-g-6.1.0(sw-100).pck Compiled : May 18 2009, 17:24:37

System Uptime is 0 hour 28 minutes 37 seconds

Display the information about equipment board, SIU, power, and fan.

In the equipment, run the show system command to display the running status of system board, SIU, power, and fan. The example of the command is as follows:

switch#show system chassis System Chassis Information (ONLINE) ---------------------------------------------------------------- Device ID: 021e Vender ID: 0001 Serial No.: 0023456789012345 Chassis-MAC-Group-0: 000000010002 000000010003 000000010004 000000010005 000000010006 Chassis-MAC-Group-1: 000000010007 000000010008 000000010009 000000000000 000000000000 SPD -On-Card-Information: <1 SPDs> SPD-TYPE Vendor: (0x1) (MAIPU) Device:(0x21e MOD_SM6800_08BB) id:0x00 phid:0x00 type:0x02 SPD Version: (01 ) SPD Size: (01 ) Vendor ID: (01 ) Device ID: (02 1e ) Hardware Version: (01 ) Hardware Serial Number: (30 30 32 33 34 35 36 37 38 39 30 31 32 33 34 35 ) Power Message: (00 00 ) ---------------------------------------------------------------- STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR switch#show system mpu System Card Information(Mpu 0 - ONLINE) ----------------------------------------------------------------



Type: SM68A-MPUBH[0x25832001] Status: Start Ok Last-Alarm: Normal Card-Port-Num: 0 Card-SubSlot-Num: 1 Power-INTF-Status: Normal Power-Card-Status: On Serial No.: 0123456789012345 Card-Name: SM68A-MPUBH Description: Power-RT-Infomation: Voltage-In: 5.01 V Hardware-Information: HW-State: 0 PCB-Version: 1 CPLD-Version: 003 Software-Information: Monitor-Version: 1.22 Software-Version: 6.1.0(sw-88)(integrity) Temperature-Information: Temperature-State: Temperature = 59.C Last-Alarm = Normal. CPU-On-Card-Information: < 1 CPUs> CPU-Idx: 00 Status: Normal Core-Num: 0002 Core-State: Core-Idx-00 Core-Status: 0000 Core-Utilization: 0% Core-Idx-01 Core-Status: 0000 Core-Utilization: 0% Temperature: Temperature-State: Temperature = 86.C Last-Alarm = Normal. MEM-On-Card-Information: <1 MEMs> MEM-Idx: 00 MEM-State: BytesFree = 307309156 bytes BytesAlloc = 193290780 bytes BlocksFree = 16 blocks BlocksAlloc = 10502 blocks MaxBlockSizeFree = 102760448 bytes SizeTotal = 500599936 bytes DISK-On-Card-Information:



DISK-Idx: 00 Type: Flash Status: Online DISK-State: SizeTotal = 65007616 bytes SizeFree = 64065536 bytes CMM-Information: Hardware-Type: 0000 Monitor-Version: 1.0.9 Software-Version: 2.0.40 ---------------------------------------------------------------- STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR System Card Information(Mpu 1 - ONLINE) ---------------------------------------------------------------- Type: SM68A-MPUBH[0x25832001] Status: Start Ok Last-Alarm: Normal Card-Port-Num: 0 Card-SubSlot-Num: 1 Power-INTF-Status: Normal Power-Card-Status: On Serial No.: 0923456789012345 Card-Name: SM68A-MPUBH Description: Power-RT-Infomation: Voltage-In: 5.19 V Hardware-Information: HW-State: 0 PCB-Version: 1 CPLD-Version: 003 Software-Information: Monitor-Version: 1.18 Software-Version: 6.1.0(sw-88)(integrity) Temperature-Information: Temperature-State: Temperature = 63.C Last-Alarm = Normal. CPU-On-Card-Information: < 1 CPUs> CPU-Idx: 00 Status: Normal Core-Num: 0002 Core-State: Core-Idx-00 Core-Status: 0000 Core-Utilization: 57% Core-Idx-01



Core-Status: 0000 Core-Utilization: 0% Temperature: Temperature-State: Temperature = 93.C Last-Alarm = Abnormal. MEM-On-Card-Information: <1 MEMs> MEM-Idx: 00 MEM-State: BytesFree = 301748820 bytes BytesAlloc = 198851116 bytes BlocksFree = 19 blocks BlocksAlloc = 10603 blocks MaxBlockSizeFree = 102760448 bytes SizeTotal = 500599936 bytes DISK-On-Card-Information: DISK-Idx: 00 Type: Flash Status: Online DISK-State: SizeTotal = 65007616 bytes SizeFree = 13488128 bytes CMM-Information: Hardware-Type: 0000 Monitor-Version: 1.0.10 Software-Version: 2.0.40 ---------------------------------------------------------------- STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR switch# show system lpu System Card Information(Lpu 0 - OFFLINE) ---------------------------------------------------------------- STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR System Card Information(Lpu 1 - OFFLINE) ---------------------------------------------------------------- STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR System Card Information(Lpu 2 - ONLINE) ---------------------------------------------------------------- Type: SM68A-48GETH[0x25814030] Status: Start Ok Last-Alarm: Normal Card-Port-Num: 48 Card-SubSlot-Num: 0 Power-INTF-Status: Normal Power-Card-Status: On



Power-Card-Need: 0w Serial No.: 0123456789012345 Card-Name: SM68A-48GETH Description: Power-RT-Infomation: Voltage-In: 5.04 V Hardware-Information: HW-State: 0 PCB-Version: 0 CPLD-Version: 003 Software-Information: Monitor-Version: 1.10 Temperature-Information: Temperature-State: Temperature = 67.C Last-Alarm = Normal. CPU-On-Card-Information: < 1 CPUs> CPU-Idx: 00 Status: Normal Core-Num: 0001 Core-State: Core-Idx-00 Core-Status: 0000 Core-Utilization: 2% Temperature: Temperature-State: Temperature = 106.C Last-Alarm = Normal. MEM-On-Card-Information: <1 MEMs> MEM-Idx: 00 MEM-State: BytesFree = 409182096 bytes BytesAlloc = 124661936 bytes BlocksFree = 21 blocks BlocksAlloc = 6577 blocks MaxBlockSizeFree = 132120576 bytes SizeTotal = 533844032 bytes CMM-Information: Hardware-Type: 0000 Monitor-Version: 1.0.10 Software-Version: 2.0.35 ---------------------------------------------------------------- STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR System Card Information(Lpu 3 - OFFLINE) ---------------------------------------------------------------- STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR



System Card Information(Lpu 4 - OFFLINE) ---------------------------------------------------------------- STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR System Card Information(Lpu 5 - OFFLINE) ---------------------------------------------------------------- STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR System Card Information(Lpu 6 - OFFLINE) ---------------------------------------------------------------- STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR System Card Information(Lpu 7 - OFFLINE) ---------------------------------------------------------------- STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR switch#show system fan System FAN Information(Fan 0 - ONLINE) ---------------------------------------------------------------- Status: Normal Last-Alarm: Normal Serial No.: Description: Fan-RT-Information: Fan-online: group0: [ fan0:on fan1: on fan2: on ] speed level:0 group1: [ fan0:on fan1:on fan2:on ] speed level:0 group2: [ fan0: on fan1: on fan2: on ] speed level:7 group3: [ fan0: on fan1: on fan2: on ] speed level:7 SPD -On-Card-Information: <1 SPDs> SPD-TYPE Vendor: (0x0) (NOT DEFINED) Device:(0x0 UNDEFINED) id:0x00 phid:0x00 type:0x04 ---------------------------------------------------------------- STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR switch#show system siu System SIU Information(Siu - ONLINE) ---------------------------------------------------------------- Status: Online Last-Alarm: Normal



Serial No.: 0123456789012345 Description: Hardware-Information: PCB-Version: 00 CMM-Information: Hardware-Type: 0000 Monitor-Version: 1.0.10 Software-Version: 2.0.47 ---------------------------------------------------------------- STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR RH02-ME#show system power System Power Information(total:735w idle:465w) System Power Information(Power 0 - OFFLINE) ---------------------------------------------------------------- STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR System Power Information(Power 1 - OFFLINE) ---------------------------------------------------------------- STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR System Power Information(Power 2 - OFFLINE) ---------------------------------------------------------------- STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR System Power Information(Power 3 - OFFLINE) ---------------------------------------------------------------- STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR System Power Information(Power 4 - OFFLINE) ---------------------------------------------------------------- STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR System Power Information(Power 5 - OFFLINE) ---------------------------------------------------------------- STATISTICS: 0 IN, 0 OUT, 0 IERR, 0 OERR System Power Information(Power 6 - ONLINE) ---------------------------------------------------------------- Status: Online Last-Alarm: Normal



rate-power: 600w Description: ---------------------------------------------------------------- STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR System Power Information(Power 7 - ONLINE) ---------------------------------------------------------------- Status: Online Last-Alarm: Normal rate-power: 600w Description: ---------------------------------------------------------------- STATISTICS: 1 IN, 0 OUT, 0 IERR, 0 OERR switch#

Note

The show system command can set different parameters to display the running status of the corresponding components:

show system mpu {local | peer}: display the running status of local or opposite-peer MPU card

show system sfu|lpu <0~x>: Display the running status of SFU and LPU cards

show system siu: Display the running status of SIU components

show system power <0~x>: Display the running status of power components

sshow system fan <0~x>: Display the running status of fan components

Protocol Debugging The system provides debugging switches for various protocols. The following instance briefly explains the enabling and disabling of the debugging switch:

1. ·Enable the protocol debugging switch

Enable the packet debugging switch of IP protocol access list



switch#debug ip packet access-list

For detailed introduction of the protocol debugging switch, please refer to related chapters.

2. Disable the protocol debugging switch

In order to disable the protocol debugging switch, users only need to add a command word no before the command used to enable the related switch; or use the command no debug all to disable all debug switches.

System Log Function System log function comprises two aspects. One is to add some header information for the printed log messages, such as time prickling and task name. Another is to output and store the log messages in different formats, for instance, typing to the console interface, typing to the telnet terminal via switch, writing to the memory file, writing to the flash file and sending to the log sever etc.

The commands of the system log function are as follows:


logging enable Enable the log function; no logging enable can be used to disable the log function

config

logging color { alerts|critical | debugging | emergencies | errors|informational | notifications | warnings} [blue | brown | cyan | green | purple | red | white]

Configure the colors when the log messages with different level displaying on the command-line terminal

config

logging buffer Enable recording log messages in the memory buffer. The corresponding command no logging buffer can be executed to disable the function

config

logging buffer {<0-7> | alerts | critical | debugging | emergencies | errors | informational | notifications | warnings}

Configure the log message selected according to the severity level and needs to be recorded in the memory buffer

config

logging console Enable output the log message to the console. The corresponding command no logging console can be executed to disable the function

config

logging console {<0-7> | alerts | critical | debugging |

Configure the log messages selected according to the severity level and

config



emergencies | errors | informational | notifications | warnings}

need to be displayed on console

logging file Enable saving the log messages in the flash file system with file format. The corresponding command no logging file can be executed to disable the function

config

logging file max-size <4096-1048576>

Configure the size of the log file in the flash file system

config

logging file {<0-7> | alerts | critical | debugging | emergencies | errors | informational | notifications | warnings}

Configure the log messages selected according to the severity level and need to be recorded to the log file

config

logging trap Enable sending the log message to the specified log sever. The command no logging trap can be used to disable the function

config

logging {hostname|A.B.C.D} [vrf vrf-name] {<0-7> | alerts | critical | debugging | emergencies | errors | informational | notifications | warnings}

Configure the host name or IP address and VRF name of the log sever and the severity level of the log messages sent to the log sever

config

logging source-ip A.B.C.D Configure the source address used for connecting the log severs

config

logging event Configure to send all operation records to the log sever

config

logging monitor Enable output the log messages to terminal. The corresponding command no logging monitor can be executed to disable the function.

config

logging monitor {<0-7> | alerts | critical | debugging | emergencies | errors | informational | notifications | warnings}

Configure the log message selected according to the severity level and needs to be displayed on the terminal

config

logging facility {auth | cron | daemon | kern | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | sys10 | sys11 | sys12 | sys13 | sys14 | sys9 | syslog | user | uucp}

Configure the type of the log messages sent to the log sever belongs. By default, the type is local7.

config

service timestamps log [datetime [localtime/ msec/ show-timezone]| uptime]

Configure the options of log message header: date, time zone, local time and whether to display millisecond etc.

config

service taskname log Configure to add the task name in the log message header

config

clear logging [buffer|file] To clear the log contents of memory and flash file

enable

show logging [file|buffer] Display the log contents of memory enable



and flash file

The log messages are graded from level 0 to level 7 according to the severity levels. Level 0 means the message level is the most severe. By default, level 0 -7 are all printed to the console interface and the telnet terminal; level 0-5 are written into the memory file; level 0-2 are written into the flash file; level 0-5 are sent to the log server.

Meanwhile, ranges for modifying command level are provided. The related commands are: logging console level, logging monitor level, logging buffer level, logging file level, logging ip-address level. If a level is configured as level, which means the level range of it is from 0 to level.

In the global configuration mode:

switch(config)#logging file ? <0-7> Logging severity level alerts Immediate action needed (severity=1) critical Critical conditions (severity=2) debugging Debugging messages (severity=7) emergencies System is unusable (severity=0) errors Error conditions (severity=3) informational Informational messages (severity=6) max-size Set max-size parameters notifications Normal but significant conditions (severity=5) warnings Warning conditions (severity=4) <CR>

The definitions of information level are as follows:

Level Keywords Description

0 emergencies The system is unusable

1 alerts Immediate action needed

2 critical Critical status

3 errors Error status

4 warnings Warning status

5 notifications Normal status but needs to be noticed

6 informational Informational messages

7 debugging The debugging information



View CPU Utilization Maipu switches provide tools for viewing the CPU utilization. After enabled the switch for monitoring CPU, users can view the CPU using condition of each task in a period and the total using condition of CPU in a period.

The related commands are as follows:


check cpu enable Enable the switch for monitoring cpu and start to collect the data of cpu utilization

config

check cpu disable Disable the switch for monitoring cpu and stop collecting the data of cpu utilization. By default is disabled.

config

check cpu time-interval {1-3600}

Set the time interval for refreshing the current cpu utilization. By default is 2 seconds.

config

check cpu view [simple] Whether to display in the simple mode, which means only to display the task which uses CPU. By default, the simple mode is disabled.

config

check cpu parameter View the present parameters and status of check cpu; for instance, whether to enable the monitoring switch, etc.

config

spy cpu Enable the switch for monitoring CPU, start to monitor the CPU using condition of each task

enable

no spy cpu Disable the switch for monitoring CPU, stop monitoring the CPU using condition of each task

enable

monitor cpu Enable the switch for monitoring CPU, start to monitor the total using condition of the CPU in a period

enable

no monitor cpu Disable the switch for monitoring CPU, stop monitoring the total using condition of the CPU in a period

enable

show cpu Display the CPU using condition of each task

enable

show cpu monitor Display the total using condition of the CPU in a period

enable

Instance:

In the privileged user mode, use the command spy cpu at first to monitor the CPU using condition of each task, and then use the command show cpu to display the CPU using condition of each task.

switch#spy cpu switch#show cpu



switch#show cpu System monitor result: NAME ENTRY TID PRI total % (ticks) delta % (ticks) -------- -------- ----- --- --------------- --------------- tExcTask 87fe97e0 0 0% ( 0) 0% ( 0) tLogTask 87fe6a60 0 0% ( 0) 0% ( 0) tRlimit 879eb100 5 0% ( 0) 0% ( 0) tFmmHdle 85e19f20 8 0% ( 0) 0% ( 0) tExcTrace 87a0a9e0 10 0% ( 0) 0% ( 0) tActive 85c6ad00 10 0% ( 0) 0% ( 0) tVlanTask 85ef0d70 19 0% ( 0) 0% ( 0) tDmemReapd 87f91140 20 0% ( 0) 0% ( 0) tIpamTrap 874dfc10 20 0% ( 0) 0% ( 0) tShell0 85c71560 20 3% ( 1) 3% ( 1) tMdsp 8662e8f0 35 0% ( 0) 0% ( 0) tSysLog 87f06c10 40 0% ( 0) 0% ( 0) tMbufTask 8677a790 40 0% ( 0) 0% ( 0) tCGTimer 865c1cf0 40 6% ( 2) 6% ( 2) tEAps 85c741c0 40 0% ( 0) 0% ( 0) bcmRX7 85fdb650 42 0% ( 0) 0% ( 0) bcmRX6 85fd31f0 42 0% ( 0) 0% ( 0) bcmRX5 85fcad90 43 3% ( 1) 3% ( 1) bcmRX4 85fc2930 44 0% ( 0) 0% ( 0) tFlowCore 85d34c70 45 0% ( 0) 0% ( 0) tNotify 87efccd0 50 0% ( 0) 0% ( 0) tSysTimerH 874eede0 50 0% ( 0) 0% ( 0) tNetTask 866ab0f0 50 3% ( 1) 3% ( 1) tFwdTask 866a8580 50 0% ( 0) 0% ( 0) tIfMgt 866914e0 50 0% ( 0) 0% ( 0) tSDEvent 865b6340 50 0% ( 0) 0% ( 0) bcmDPC 865a3570 50 0% ( 0) 0% ( 0) bcmL2X.0 864d38d0 50 3% ( 1) 3% ( 1) bcmCNTR.0 8648fc40 50 0% ( 0) 0% ( 0) bcmTX 86474f00 50 0% ( 0) 0% ( 0) bcmXGS3Async 86470a20 50 0% ( 0) 0% ( 0) bcmLINK.0 860fa980 50 0% ( 0) 0% ( 0) tRtrSched 85e2e7a0 50 0% ( 0) 0% ( 0) tRtrWdog 85e28b20 50 0% ( 0) 0% ( 0) tKmemReapd 87f92d60 55 0% ( 0) 0% ( 0) tConMSig 865b7940 55 0% ( 0) 0% ( 0) tSysTask 87a124c0 60 0% ( 0) 0% ( 0) tMSTP 85ecedf0 75 0% ( 0) 0% ( 0) tAaaRecv 85e097c0 80 0% ( 0) 0% ( 0) tFlowExpi 85d32810 80 0% ( 0) 0% ( 0) tNetBuffer 87a1da50 90 0% ( 0) 0% ( 0) tSysTimerL 874f1b40 90 0% ( 0) 0% ( 0) tTnlFFRcv 874c8b80 90 0% ( 0) 0% ( 0) tGreFastRcv 866a37c0 90 0% ( 0) 0% ( 0) tGTL 8669edf0 90 0% ( 0) 0% ( 0) tIp6tnlTask 8669a330 90 0% ( 0) 0% ( 0) tTffsPTask 87fe4cb0 100 0% ( 0) 0% ( 0) tStaticRt 8660dcc0 100 0% ( 0) 0% ( 0) tDot1x 85db6de0 100 0% ( 0) 0% ( 0)



tPortMon 85da5f60 100 0% ( 0) 0% ( 0) tElmi 85d09c70 100 0% ( 0) 0% ( 0) tTrackMsg 865bb7c0 110 0% ( 0) 0% ( 0) tPmtud 866b2db0 120 0% ( 0) 0% ( 0) tTelnetd 85c69800 120 0% ( 0) 0% ( 0) tTelnetd6 85c66b00 120 0% ( 0) 0% ( 0) tIcmpErr 874ce060 150 0% ( 0) 0% ( 0) tArpTask 866addf0 150 0% ( 0) 0% ( 0) tRtMgt 866235b0 150 0% ( 0) 0% ( 0) tDhcpSp 85f41df0 150 0% ( 0) 0% ( 0) tIpsg 85f3eb80 150 0% ( 0) 0% ( 0) tDai 85f3c520 150 0% ( 0) 0% ( 0) tPortSts 85ee9860 150 0% ( 0) 0% ( 0) tArl 85ed5cf0 150 0% ( 0) 0% ( 0) tIpubr 85ea7e00 150 0% ( 0) 0% ( 0) tPortSec 85daad70 150 0% ( 0) 0% ( 0) tRtrSla 85e2b8e0 200 0% ( 0) 0% ( 0) bcmRX3 85fba4d0 204 0% ( 0) 0% ( 0) bcmRX2 85fb2070 205 0% ( 0) 0% ( 0) bcmRX1 85fa9c10 206 0% ( 0) 0% ( 0) bcmRX0 85fa17b0 207 0% ( 0) 0% ( 0) tFmmDtct 85e147b0 220 0% ( 0) 0% ( 0) tDcacheUpd 87ed71d0 250 0% ( 0) 0% ( 0) tTunnel 874ca460 250 0% ( 0) 0% ( 0) tPortPoll 85f35a50 250 0% ( 0) 0% ( 0) tCGTask 865c0890 251 0% ( 0) 0% ( 0) KERNEL 0% ( 0) 0% ( 0) INTERRUPT 0% ( 0) 0% ( 0) IDLE 79% ( 23) 79% ( 23) TOTAL 97% ( 29) 97% ( 29)

In the privileged user mode, use the command monitor cpu at first to monitor the using condition of the CPU in a period, and then use show cpu monitor to display the using condition of the CPU in a period.

switch#monitor cpu switch#show cpu monitor

CPU utilization for five seconds: 2%; one minute: 1%; five minutes: 1%

CPU utilization per second in the past 60 seconds:

0% 0% 0% 9% 0% 0% 0% 0% 0% 0% 0% 0% 0% 9% 0% 0% 0% 0% 0% 0% 0% 0% 0% 9% 0% 0% 0% 0% 0% 0% 0% 0% 0% 9% 0% 0% 0% 0% 0% 0% 0% 0% 0% 9% 0% 0% 0% 0% 0% 0% 0% 0% 0% 9% 0% 0% 0% 0% 0% 0%

CPU utilization per minute in the past 60 minutes:



1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 1% 2% 1% 1% 1% 1% 1% 2% - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

CPU utilization per quarter in the past 96 quarters:

1% - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - -

The above three data tables respectively display the cpu operating condition of each second in the past 60 seconds, each minutes in the past 60 minutes and each quarter in the past 96 quarters. (“-“means the moment has not come).

Note

When enable monitoring the operating condition of cpu, the task tCheckCpu collects the cup data ceaselessly (by default, the interval is 2 second) which occupies some resources of cpu, therefore if it is unnecessary to diagnose the CUP utilization of each task, you should better not enable the switch.

Configuration Rollback Function The configuration rollback function means restore the configuration to the backup configuration. The functions are as follows:

1. Restore immediately when any exception is encountered: After the customer changes the configuration, if any function is abnormal, but the cause of the problem cannot be located. In this case, you can perform the rollback operation to restore the earlier configuration. Compared to single undo command, the rollback function is faster and easier.



2. Return to the earlier configuration: Restore the configuration to the environment of the previous operation.

3. Restore the rescue configuration: If the rescue configuration file (the file is the verified most stable and reliable configuration) is saved, with the rescue configuration, any personnel on site (even if without any technical background) can perform fast and safe rescue configuration rollback. It is used in case of emergency.

The configuration commands are as follows:


rollback [number|rescue] [confirmed [time] ]

Roll back the configuration. Number means the ID of the configuration file to be rolled back. The configuration file number is based on the generated configuration files that are automatically displayed. Rescue: roll back to the rescue configuration. Confirmed time: confirmation is required after rollback. If not confirmed, it is restored in 10 minutes by default.

enable

write [rescue]

Save the current configuration. The original startup files are saved as rollback configuration files in turn, that is, backup startup files. Rescue: save the current configuration as rescue configuration.

enable

rollback-confirmed

Before automatic rollback, confirm the rollback. enable

show rollback [ number | rescue | confirmed-status | auto-rollback-file ]

Display the rollback files. Number means the ID of the configuration file to be displayed. The configuration file number is based on the generated configuration files that are automatically displayed. If the sequence number is not specified, the current startup file is displayed by default. Rescue: Display the content of the rescue configuration. confirmed-status: display the confirm status of the rollback, whether the rollback is to be confirmed. auto-rollback-file: in the rollback confirmed status, the script files of the automatic rollback configuration.

enable

Note



1. MyPower S6800 does not support the function. Other switches support the function.

2. The interface becomes up/down. The current operation of the rollback is to clear the current script and then configure the configuration file to be rolled back. Owing to the operation of clearing the current configuration, the interface and the dynamic route neighbor become up/down. Be cautious about the risk. For example, if the operation is conducted in telnet, the telnet is temporarily disconnected after the configuration is cleared. If the new configuration changes the interface address, telnet remains disconnected.

Commands for Viewing History The operations conducted in the equipment are recorded in the memory file system by default. Run the show history command to view the operation log.

Configure the service shell-history command to save the operation records to the flash. After the equipment is powered off and restarted, you can also view the operation records before the restart. You can use the show history command to view the records.

For example:

switch(config)#service shell-history switch#show history

Shell command history in ram file system:

JAN/01/1970 00:03:46(tty0)[] enable (First Command) JAN/01/1970 00:03:49(tty0)[] write JAN/01/1970 00:03:50(tty0)[] y JAN/01/1970 00:03:57(tty0)[] filesystem JAN/01/1970 00:34:24(tty0)[] copy running-config startup-config JAN/01/1970 00:34:34(tty0)[] end JAN/01/1970 00:42:11(tty0)[] configure terminal JAN/01/1970 01:05:58(tty0)[] delete startup-config JAN/01/1970 01:06:14(tty0)[] show history



Shell command history in flash file system:

JAN/01/1970 01:07:38(tty0)[] configure terminal JAN/01/1970 01:07:42(tty0)[] interface loopback0 JAN/01/1970 01:07:43(tty0)[] exit JAN/01/1970 01:07:48(tty0)[] router ospf 1 JAN/01/1970 01:07:55(tty0)[] network 10.10.10.0 0.0.0.255 area 0 JAN/01/1970 01:07:56(tty0)[] end JAN/01/1970 01:07:58(tty0)[] show history

Note

By default, the operation records are saved in the memory file. The function of saving operation records to flash file is disabled by default.

Display Information By Pages When the equipment outputs information, such as routing table information, whose volume is large, if it is not controlled, the equipment may output the information in a long time and cannot process other data. The Display Information By Pages function output one page each time. After you enter a control character (such as spacebar), the next page is displayed, namely, the output of the information is under control.

In addition, expanded output function is provided, that is, filter the displayed content, or output the content to other media. For example, you can filter the displayed content according to the specified character string, save displayed content to other files, or FTP the content to the FTP server.

The relevant commands are as follows:


more { on | off | displine [num] | help }

Set the switch of More, the count of lines displayed each page, to display the help information about More. On means the more function is enabled. By default, the function is enabled. Off means the more function is disabled. The displayed content is redirected to the temp file. The content is directly output without any format. Displine num is to set the count of lines displayed each page. It is

enable



24 lines by default. And the range is 5-50 lines. If the number of characters in a line is greater than 80, the line is regarded as two lines. Help is to show the usage of the keys of more function.

| {begin _LINE_ | include [context] _LINE_ | exclude _LINE_ | redirect {file filename | ftp [vrf vrf-name] host usr password filename } }

The expanded subcommand is registered to the back of the display command in each module.

| Identification character of more expanding sub command. begin _LINE_ Display from the specified character string.

Include [context] _LINE_ Display only the content containing the specified character string, and the context, to display the context of the specified content.

exclude _LINE_ Exclude the contents of specified character string.

redirect file filename Copy the displayed contents to the specified file (filename).

redirect ftp [vrf vrf-name] host usr pwd filename Transmit the displayed contents to the ftp server via the FTP

enable

Note

The more command is registered by the display command of each module, serving as the sub command of the display command in each module. Presently, only some of the display commands in modules are registered with more expanded sub command.

System Remote Login Service Telnet MP switches provide telnet server/client function (service port 23). It permits at most 16 telnet users to be online at the same time. Users can configure the attributes of the telnet login via the command line vty.

Meanwhile MP switches provide the commands of the telnet client. In the common user mode and the privileged user mode, users can execute the following command to telnet to a device.



Related command is as follows:


telnet [vrf vrf-name] hostname/ip-address

Log in the given remote host or device, it can be the host name or IP address, meanwhile can specify the VRF name.

switch> enable

SSH MP switches provide a much more secure remote login service-SSH service (service port 22). It permits that at most 16 users can SSH login at the same time. Users can configure the attributes of the ssh login via the command line ssh-vty.

Relate commands are as follows:


sshkeygen Generate a new SSH key-pair enable config

ip ssh server Enable the SSH service config

no ip ssh server Disable the SSH service config

show fingerprint Display the SSH key-pair enable

Control Temperature MPUs of MyPower S6800, and MyPower S3900 provide the temperature alarm and system control functions.

Temperature Alarm and System Control When the temperature of CPU or MPU card reaches the threshold, logs are generated and trap is sent (trap should be configured). At the same time, they are sent to SIU for display.

The relevant commands are as follows:




alarm temperature mpu | sfu | lpu {cpu| environment } temperature

Configure the threshold of temperature alarm in MPU, SFU, and LPU card.

config

Set Display Language of SIU MyPower S6800 supports configuring the display language of SIU. By default, the SIU display language is English.


siu language {English |Chinese } Set Display Language of SIU config

Set Parameters of System Alarm Maipu switches support configuring parameters of system alarm. The parameters cover shielding and unshielding faults of certain level, and the duration of shielding alarms after pressing the Alarm Clear button.


sysAlarm shield time shieldTime

Configure the shield time of the system alarm.

config

sysAlarm shield type {minor|major|critical|all}

Configure the shield type of the system alarm.

config

Note: The parameters of shielding system alarm are saved in the cabinet, and they are not related with configuration files. Therefore, you need to run the following command:

show sysAlarm shield [time|type|CR] Command Description Configuration Mode

time Display the shield time of the system alarm.

enable

type Display the shield type of the system alarm.

enable



System Information Unit In Maipu switches, the major tasks of system information unit (SIU) are:

1. In the idle mode, display system information circularly.

2. In the menu mode, you can query various types of system information.

3. Print real-time information

Procedure The SIU has three buttons including left, right, and confirm. The SIU provides two modes for displaying information: idle mode and menu mode. In the idle mode, display important system information circularly. In the menu mode, query system information through the buttons in the SIU. In the idle mode, press any button to enter the menu mode. In the menu mode, if no button is pressed in 30 seconds, the system is back to the idle mode automatically.

In the menu mode, the functions of buttons are as follows.

Button Function

Left Roll upward, select other menus, or view other contents

Right Roll downward, select other menus, or view other contents

Confirm If it is in the menu item, enter the menu item. If the current menu item is Return, it returns to the upper level menu. If it is in the displayed data item, exit the item and return to the upper level menu.

Note

After the button is pressed, the background light is on for 10 seconds. If no another pressing action, the light turns off.

View Information Idle Mode In the idle mode, the system information is displayed circularly in specific sequence. In the process of display, the information is refreshed every 2 seconds. According to the importance of the information, the time of displaying the information is different.

In the idle mode, the displayed content is as follows:



Name Displayed Content

(MPU is not working) MPUxx is not used.

MPU information ( MPU is in position and working) Master/slave mode of MPU CPU utilization of MPU CPU kernel temperature value and temperature status of MPU Card temperature value and temperature status of MPU

LPU information

(LPU is in position and can be identified) LPUxx type LPUxx registration status LPUxxCPU utilization LPUxxCPU kernel temperature value and temperature status LPUxx card temperature value and temperature status

SFU information

(SFU is in position and can be identified) LPUxx type SFUxx registration status SFUxxCPU utilization SFUxxCPU kernel temperature value and temperature status SFUxx card temperature value and temperature status

Fan frame information

Fan frame xx Status of fan frame xx

Power module information

Power module xx status

Regular information

Switch type Company address Company website Contact phone number

Note

If the information cannot be displayed in a page, the system displays the information in multiple pages.

Menu Mode In the menu mode, you can select the content to be displayed through the buttons. In the process of display, the information is refreshed every 2



seconds. If the system detects that the menu does not exist during the refresh, the system returns to an existing menu.

In the menu mode, the displayed content is as follows:

Menu Name Displayed Content Menu Level

System menu

MPU information LPU information SFU information SIU information Fan information Power information Alarm information Regular information

Level 1 menu

MPU list MPU list Level 2 menu

(MPU is not working) The MPU card is not used.

MPU information

(MPU is working) MPU work mode Managed LPU list (in the case of dual-system) Managed LPU list (in the case of dual-system) CPU utilization CPU kernel temperature value and temperature status MPU card temperature value and temperature status Memory size Memory utilization Flash size Flash utilization Input voltage Serial number Hardware version CPLD version IOS software version CMM version

Level 3 menu

(No LPU) There is no LPU information

LPU list (LPU exists) LPU list

Level 2 menu

LPU information

LPU registration status Input voltage Serial number Hardware version CPLD version CMM version CPU utilization

Level 3 menu



CPU kernel temperature value and temperature status LPU card temperature value and temperature status Memory size Memory utilization Flash size Flash utilization

(No SFU) There is no SFU information

SFU list (SFU exists) SFU list

Level 2 menu

SFU information

SFU registration status Input voltage Serial number Hardware version CPLD version CMM version CPU utilization CPU kernel temperature value and temperature status SFU card temperature value and temperature status Memory size Memory utilization Flash size Flash utilization

Level 3 menu

SIU information

SIU registration status Serial number Hardware version CMM version

Level 2 menu

(No fan frame) There is no fan frame

Fan frame list (There is fan frame) Fan frame list

Level 2 menu

Status of fan frame

Status of fan Fan work status

Level 3 menu

(No power module) There is no power module

Power module list

(There is power module) List the power modules Power module status Work status of power module

Level 2 menu

(No alarm information) There is no alarm information Alarm

information (There is alarm information) All alarm information

Level 2 menu

Regular information

Equipment Type Company address

Level 2 menu



Contact phone number Company website

Note

In the menu mode, if any menu is available, you can roll the menu circularly. If no menu is available, and only data is displayed, you cannot roll menu circularly.

Display Real-Time Informat ion In the process of running the switch, if the system requires any real-time information to remind users, the system can use the SIU module.

When the SIU module receives the alarm information, it stops the current displayed content and then display the alarm information circularly until all alarm information is displayed.

Note

When the real-time information is displayed, the last line of the displayed content is covered.

chapter 2 configure and manage system

Documents