lenovo network application guide for lenovo cloud...

LenovoNetwork

ApplicationGuideforLenovoCloudNetworkOperatingSystem10.6

Note:Beforeusingthisinformationandtheproductitsupports,readthegeneralinformationintheSafetyinformationandEnvironmentalNoticesandUserGuidedocumentsontheLenovoDocumentationCD,andtheWarrantyInformationdocumentthatcomeswiththeproduct.

SecondEdition(January2018)

CopyrightLenovo2018PortionsCopyrightIBMCorporation2014.

LIMITEDANDRESTRICTEDRIGHTSNOTICE:IfdataorsoftwareisdeliveredpursuantaGeneralServicesAdministrationGSAcontract,use,reproduction,ordisclosureissubjecttorestrictionssetforthinContractNo.GS35F05925.

LenovoandtheLenovologoaretrademarksofLenovointheUnitedStates,othercountries,orboth.

Copyright Lenovo 2018 3

ContentsPreface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23WhoShouldUseThisGuide .......................24ApplicationGuideOverview .......................25AdditionalReferences ..........................28TypographicConventions ........................29

Part 1: Getting Started . . . . . . . . . . . . . . . . . . . . . . 31

Chapter 1. Using the Command Line Interface . . . . . . . . . . . . 33CLICommandModes ..........................34CommandLineInterfaceShortcuts....................35

CLIListandRangeInputs......................35CommandAbbreviation .......................35TabCompletion...........................35LineEditing............................36

CommandAliases ...........................37DefiningAliases ..........................37RemovingAliases ..........................37DisplayingAliases .........................37RulesforUsingAliases .......................37

Chapter 2. Switch Administration . . . . . . . . . . . . . . . . . 41AdministrationInterfaces ........................42IndustryStandardCommandLineInterface ................43EstablishingaConnection........................44

UsingtheSwitchManagementInterface................44OtherWaystoManagetheSwitchUsingIP...............45ConfiguringaSwitchedVirtualInterfaceforManagement ........45UsingtheSwitchEthernetPortsinRoutedPortModeforManagement ..46UsingTelnet ............................47UsingSecureShell..........................48

UsingSSHwithPasswordAuthentication .............48UsingSSHwithServerKeyAuthentication .............49

UsingSimpleNetworkManagementProtocol..............50ZeroTouchProvisioning ........................51

DHCPDiscovery ..........................52ZTPBootFile ............................53ForcedlyEnablingorDisablingZTP..................54

4 Application Guide for CNOS 10.6

DHCPIPAddressServices ....................... 55DHCPClientConfiguration ..................... 55DHCPv4HostnameConfiguration(Option12) ............. 56DHCPv4SyslogServer(Option7)................... 56DHCPv4NTPServer(Option42) ................... 57DHCPv4VendorClassIdentifier(Option60) .............. 57DHCPv4Snooping ......................... 58

ConfiguretheDHCPv4SnoopingBindingTable .......... 58ConfiguretheDHCPv4SnoopingSyslog.............. 59DHCPSnoopingLimitations................... 59

DHCPRelayAgent ......................... 60DHCPv4Option82 ......................... 61

SwitchLoginLevels .......................... 62Ping ................................. 64

PingConfigurableParameters .................... 65TestInterruption ........................ 65PingCount ........................... 65PingPacketInterval ....................... 65PingPacketSize......................... 66PingSource........................... 66PingDFBit ........................... 66PingTimeout.......................... 67PingVRF............................ 67PingInteractiveMode ...................... 67

Traceroute............................... 69TracerouteConfigurableParameters ................. 70

TestInterruption ........................ 70TracerouteSource........................ 70TracerouteVRF......................... 70TracerouteInteractiveMode ................... 71

NetworkTimeProtocol ......................... 72NTPSynchronizationRetry ..................... 72NTPClientandPeer ........................ 73

NTPAuthenticationFieldEncryptionKey ............. 74NTPPollingIntervals ...................... 74NTPPreference......................... 75

DynamicandStaticNTPServers ................... 75NTPAuthentication ......................... 75NTPAuthenticationConfigurationExample .............. 76

DomainNameServerClient ....................... 77SystemLogging ............................ 79

SyslogOutput ........................... 80SyslogSeverityLevels ........................ 81SyslogTimeStamping ........................ 82SyslogRateLimit.......................... 83SyslogUserActionLogging ..................... 83SyslogServers ........................... 83ConsoleLoggingFloodControl .................... 84DuplicateSyslogMessageSuppression ................ 85CoreDumpInformation....................... 86

Copyright Lenovo 2018 Contents 5

IdleDisconnect .............................87PythonScripting ............................88RESTAPIProgramming .........................89

Chapter 3. System License Keys . . . . . . . . . . . . . . . . . 91ObtainingLicenseKeys.........................92InstallingLicenseKeys .........................93UninstallingLicenseKeys........................94TransferringLicenseKeys ........................95ONIELicenseKey ...........................96

Chapter 4. Switch Software Management . . . . . . . . . . . . . . 97InstallingNewSoftwaretoYourSwitch ..................98

InstallingSystemImagesfromaRemoteServer.............98InstallingSystemImagesfromaUSBDevice ..............99InstallingUbootfromaRemoteServer ...............100InstallingUbootfromaUSBDevice .................101

SelectingaSoftwareImagetoRun ...................102ReloadingtheSwitch .........................103

NormalReboot ..........................103ScheduledBoot ..........................103

CopyingConfigurationFiles ......................105CopyConfigurationFilesviaaRemoteServer ............105CopyConfigurationFilestoaUSBDevice ..............106

ResettingtheSwitchtotheFactoryDefaults ...............107ConvertingtheSwitchSoftwareImagefromCNOStoENOS........108TheNE10032/NE2572GRUBMenu ...................110NE10032/NE2572RescueMode .....................111TheBootManagementMenu ......................112

SwitchingBetweenENOSandCNOSImagesLoadedontheG8272 ...113BootRecoveryMode .......................114RecoveringfromaFailedImageUpgradeusingTFTP .........114RecoveringfromaFailedImageUpgradeusingXModemDownload ..116PhysicalPresence .........................118ONIESubmenu ..........................119

ONIE ................................120


Part 2: Securing the Switch . . . . . . . . . . . . . . . . . . . 121

Chapter 5. Securing Administration . . . . . . . . . . . . . . . . 123SecureShellandSecureCopy..................... 124

SSHEncryptionandAuthentication ................. 124GeneratingRSA/DSAHostKeyforSSHAccess ............ 125SSHIntegrationwithTACACS+Authentication ........... 125ConfiguringSSHontheSwitch ................... 125UsingSSHClientCommands.................... 126UsingSecureCopy ........................ 126

CopyingaFileUsingSCP ................... 126CopyingtheStartupConfigurationUsingSCP.......... 127CopyingtheRunningConfigurationUsingSCP .......... 127CopyingTechnicalSupportFilesUsingSCP ........... 127

EnduserAccessControl ....................... 128ConsiderationsforConfiguringEnduserAccounts .......... 128StrongPasswords ......................... 128UserAccessControl ........................ 128

SettingupUsers ....................... 129DefiningaUsersAccessLevel ................. 129DeletingaUser ........................ 130TheDefaultUser ....................... 130PasswordHistoryChecking .................. 130AdministratorPasswordRecovery ............... 131

Chapter 6. AAA Protocols . . . . . . . . . . . . . . . . . . . . 133RADIUS............................... 134

RADIUSBasics.......................... 134HowRADIUSAuthenticationWorks ................ 134RADIUSAuthenticationFeaturesinCloudNOS........... 135SwitchUserAccounts ....................... 135RADIUSAttributesforCloudNOSUserPrivileges .......... 135ConfiguringRADIUSontheSwitch................. 136

TACACS+.............................. 137TACACS+Basics......................... 137HowTACACS+AuthenticationWorks ............... 137TACACS+AuthenticationFeaturesinCloudNOS........... 138

Authorization......................... 138Accounting .......................... 138

ConfiguringTACACS+AuthenticationontheSwitch ......... 139LightweightDirectoryAccessProtocol................. 140

ConfigureanLDAPProfile..................... 140CreateanLDAPServerGroup ................... 143ConfigureGlobalLDAPSettings .................. 143ViewLDAPSettings ....................... 144


Authentication,Authorization,andAccounting..............145AAAGroups...........................145

GroupLists ..........................145ConfiguringAAAGroups ...................146

Authentication ..........................146ConfiguringAAAAuthentication..................147Authorization ..........................148ConfiguringAAAAuthorization ..................148Accounting............................149ConfiguringAAAAccounting...................149

PublicKeyInfrastructure .......................150PKIComponents .........................150ImplementingaPKISystem ....................151RemovingPKIComponents....................152ViewingPKIComponents .....................153

Chapter 7. Access Control Lists . . . . . . . . . . . . . . . . . . 155SupportedACLTypes.........................156SummaryofPacketClassifiers .....................157SummaryofACLActions.......................159ConfiguringPortACLs(PACLs) ....................160ConfiguringRouterACLs(RACLs) ...................161ConfiguringVLANACLs(VACLs) ...................163ACLOrderofPrecedence .......................165CreatingandModifyingACLs.....................166

CreatinganIPv4ACL .......................166RemovinganIPv4ACL ......................167ResequencinganIPv4ACL .....................167CreatingaMACACL .......................168RemovingaMACACL ......................168ResequencingaMACACL.....................168CreatinganARPACL .......................169RemovinganARPACL ......................169ResequencinganARPACL.....................169RemarksandACLs ........................170

AddACLRemarks ......................170RemoveACLRemarks.....................171ViewACLRemarks ......................171

ViewingACLRuleStatistics......................172ACLConfigurationExamples .....................173

ACLExample1..........................173ACLExample2..........................173ACLExample3..........................174ACLExample4..........................174ACLExample5..........................175ACLExample6..........................175

ACLLogging ............................176ConfigureACLLogging ......................176


Part 3: Switch Basics . . . . . . . . . . . . . . . . . . . . . . 179

Chapter 8. Interface Management . . . . . . . . . . . . . . . . . 181InterfaceManagementOverview.................... 182ManagementInterface ........................ 183

VirtualRoutingandForwarding .................. 184PhysicalPorts ............................ 185

G8272PhysicalPortCapabilities.................. 185G8296PhysicalPortCapabilities.................. 186G8332PhysicalPortCapabilities.................. 186NE1072TPhysicalPortCapabilities ................. 187NE1032TPhysicalPortCapabilities ................. 187NE1032PhysicalPortCapabilities.................. 188NE2572PhysicalCapabilities .................... 189NE10032PhysicalCapabilities ................... 190CLIPortFormat ......................... 191

PortAggregation ........................... 194LoopbackInterfaces ......................... 195SwitchVirtualInterfaces ....................... 196BasicInterfaceConfiguration ..................... 197

ForwardingErrorCorrection.................... 200InterfaceDescription....................... 201InterfaceDuplex ......................... 201InterfaceMACAddress...................... 202InterfaceMaximumTransmissionUnit ............... 202InterfaceShutdown ........................ 203InterfaceSpeed.......................... 203FlowControl ........................... 204StormControl.......................... 204

Chapter 9. Forwarding Database . . . . . . . . . . . . . . . . . 207MACLearning ............................ 208StaticMACaddresses ......................... 209AgingTime ............................. 210

Chapter 10. VLANs . . . . . . . . . . . . . . . . . . . . . . . 211VLANOverview........................... 212VLANConfiguration ......................... 213

CreatingaVLAN......................... 214DeletingaVLAN ......................... 215ConfiguringtheStateofaVLAN.................. 215ConfiguringtheNameofaVLAN ................. 217ConfiguringaSwitchAccessPort.................. 217

ConfiguringtheAccessVLAN................. 218ConfiguringaSwitchTrunkPort ................ 219ConfiguringtheAllowedVLANList............... 219ConfiguringtheNativeVLAN................. 220

ConfiguringHybridBridgePortMode ............... 221HybridBridgePortModeRules................. 221ConfiguringaHybridBridgePort ................ 222


NativeVLANTaggingOverview....................224ConfiguringNativeVLANTagging...................226PortVLANIDIngressTagging.....................228IPSubnetVLANAssignment......................229IPMCFlooding ............................231VLANTopologiesandDesignConsiderations ..............232

MultipleVLANswithTrunkModeAdapters.............232VLANConfigurationExample ...................234

ReservedVLANs...........................235

Chapter 11. Ports and Link Aggregation . . . . . . . . . . . . . . 237PortConfigurationProfiles.......................238

G8272PortConfiguration .....................238G8296PortConfiguration .....................241G8332PortConfiguration .....................243NE1072TPortConfiguration....................245NE1032TPortConfiguration....................248NE1032PortConfiguration .....................248NE2572PortConfiguration .....................248NE10032PortConfiguration ....................250

AggregationOverview ........................253CreatingaLAG ..........................254

StaticLAGs.............................255StaticLAGConfigurationRules ...................255ConfiguringaStaticLAG .....................256

LinkAggregationControlProtocol ...................259ConfiguringLACP ........................259

SystemPriority ........................260PortPriority .........................260LACPTimeout ........................261LACPIndividual.......................261LACPMinimumLinks.....................262LACPConfigurationExample..................263

LAGHashing ............................265LAGHashingConfiguration....................267

Chapter 12. Spanning Tree Protocol . . . . . . . . . . . . . . . . 269STPOverview ............................270BridgeProtocolDataUnits .......................271

DeterminingthePathforForwardingBPDUs .............271BPDUGuard.........................271BPDUFilter..........................272RootGuard ..........................272LoopGuard..........................273PortPriority .........................273PortPathCost.........................274

ErrorDisableRecovery ........................275PortTypeandLinkType .......................276

EdgePort ............................276LinkType ............................276


RapidPerVLANSpanningTreePlus .................. 277RapidPVST+Parameters ..................... 278

BridgePriority ........................ 278PortPriority......................... 278PortPathCost ........................ 279ForwardDelay ........................ 279HelloTimer ......................... 279MaximumAgeInterval .................... 280

RapidPVST+Configuration ...................... 281MultipleSpanningTreeProtocol .................... 282

CommonInternalSpanningTree.................. 282PortStates ............................ 282MSTRegion ........................... 283MSTPParameters ......................... 283

HopCount.......................... 284ForwardDelay ........................ 284HelloTimer ......................... 284MaximumAgeInterval .................... 285BridgePriority ........................ 285PortPriority......................... 285PortPathCost ........................ 286

MSTPConfiguration ......................... 287MSTPConfigurationExample................... 287

Chapter 13. Virtual Link Aggregation Groups . . . . . . . . . . . . 289vLAGOverview........................... 290vLAGCapacities ........................... 292

vLAGBenefits .......................... 292vLAGSynchronizationMechanism ................. 293vLAGSystemMAC ........................ 293vLAGandLACPIndividual.................... 294vLAGandLACPSystemPriority .................. 294vLAGLACPMisconfigurationsorCablingErrors ........... 294FDBSynchronization ....................... 295vLAGandSTP .......................... 296vLAGandVRRP......................... 297

vLAGVRRPPassiveMode(HalfActiveActive).......... 297vLAGVRRPActiveMode(FullActiveActive) .......... 297

vLAGConfigurationConsistencyCheck ............... 298vLAGandIGMPSnooping..................... 300

MulticastRouterSynchronization ................ 300IGMPGroupsSynchronization................. 300IGMPQuerierSynchronization ................. 300

vLAGPeerGateway ....................... 301vLAGsversusregularLAGs...................... 302


ConfiguringvLAGs ..........................303vLAGISL............................304vLAGRoleElection ........................304vLAGInstance ..........................304FDBRefresh ...........................305vLAGTierID ...........................306vLAGStartupDelay ........................306vLAGAutorecovery.......................307

HealthCheck.............................308BasicHealthCheckConfigurationExample..............309

BasicvLAGConfigurationExample ...................310ConfiguringtheISL ........................310ConfiguringthevLAG .......................312

vLAGConfigurationVLANsMappedtoaMSTInstance .........313ConfiguringtheISL ........................313ConfiguringthevLAG .......................314

ConfiguringvLAGsinMultipleLayers.................315Task1:ConfigureLayer2/3BorderRegion ..............315

ConfigureBorderRouter1 ...................315ConfigureBorderRouter2 ...................316

Task2:ConfigureswitchesintheLayer2region ...........316ConfiguringSwitchA .....................316ConfiguringSwitchB .....................317ConfiguringSwitchesCandD .................319ConfiguringSwitchE .....................320ConfiguringSwitchF .....................321

Chapter 14. Quality of Service. . . . . . . . . . . . . . . . . . . 323QoSOverview............................324ClassMaps .............................325

QoSClassificationTypes ......................325UsingACLFilters .......................325SummaryofQoSActions ....................326UsingClassofServiceFilters ..................326Using802.1pPrioritytoProvideQoS...............326UsingDiffServCodePoint(DSCP)Filters .............327UsingTCP/UDPPortFilters...................329UsingPrecedenceFilters....................330UsingProtocolFilters .....................330

QueuingClassificationTypes ....................331ClassMapConfigurationExamples.................331

QoSClassMapConfigurationExample..............331QueueingClassMapConfigurationExample...........332


PolicyMaps ............................. 333IngressPolicing.......................... 333

DefiningSingleRateandDualRatePolicers ........... 333Marking ........................... 335

QueuingPolicing ......................... 335Bandwidth .......................... 335Shaping ........................... 335Priority ........................... 335

PolicyMapConfigurationExamples ................ 336QoSPolicyMapConfigurationExample............. 336QueuingPolicyMapConfigurationExample ........... 336

ControlPlaneProtection ....................... 338ControlPlaneConfigurationExamples ............... 339

WRED ............................... 341ConfiguringWRED ........................ 341WREDConfigurationExample ................... 341

InterfaceServicePolicy ........................ 343ApplyanInterfaceServicePolicy .................. 343InterfaceServicePolicyLimitations ................. 343

MicroburstDetection ......................... 344

Chapter 15. CEE . . . . . . . . . . . . . . . . . . . . . . . . 345RoCEandiSCSI........................... 346

RoCERequirements ........................ 346ConvergedEnhancedEthernet..................... 347

TurningCEEOnorOff...................... 347EffectsonLinkLayerDiscoveryProtocol............... 348Effectson802.1pQualityofService ................. 348EffectsonFlowControl ...................... 349

PriorityBasedFlowControl ...................... 350PFCConfiguration ........................ 350PFCConfigurationExample .................... 351

EnhancedTransmissionSelection.................... 353802.1pPriorityValues....................... 353PriorityGroups.......................... 354

PGID............................ 354AssigningPriorityValuestoaPriorityGroup ........... 355AllocatingBandwidth ..................... 355

ConfiguringETS ......................... 356DataCenterBridgingCapabilityExchange................ 359

DCBXModes........................... 359DCBXSettings.......................... 359

EnablingandDisablingDCBX ................. 360PeerConfigurationNegotiation................. 360

ConfiguringDCBX ........................ 361CEEConfigurationExamples ..................... 362

CEEExample1.......................... 362CEEExample2.......................... 363


Chapter 16. Secure Mode. . . . . . . . . . . . . . . . . . . . . 365SecureModeOverview ........................366UsingProtocolsWithSecureMode...................367

InsecureProtocols .........................367SecureProtocols .........................367InsecureProtocolsUnaffectedbySecureMode ............369

EnablingandDisablingSecureMode ..................370

Part 4: IP Routing . . . . . . . . . . . . . . . . . . . . . . . . 371

Chapter 17. Basic IP Routing . . . . . . . . . . . . . . . . . . . 373IPRouting..............................374

DirectandIndirectRouting.....................375StaticRouting ..........................375DynamicRouting .........................376DefaultGateway .........................376VirtualRoutingandForwarding ..................377

RoutingInformationBase .......................378BidirectionalForwardingDetection ...................379

BFDAsynchronousMode .....................380BFDEchoMode..........................380BFDPeerSupport .........................381BFDStaticRoutes .........................381BFDAuthentication ........................382GeneralizedTTLSecurityMechanism................383BFDandBGP...........................383BFDandOSPF ..........................383

RoutingBetweenIPSubnets ......................384ExampleofSubnetRouting.....................385UsingVLANstoSegregateBroadcastDomains ............386

ConfigurationExample.....................386ECMPStaticRoutes ..........................389

RIBSupportforECMPRoutes ...................389ECMPHashing ..........................389ConfiguringECMPStaticRoutes ..................390

WeightedECMPRoutes........................391RequirementsforWeightedECMP .................391ConfigureWeightedECMP.....................391

DynamicHostConfigurationProtocol ..................393InternetControlMessageProtocol ...................394

ICMPRedirects..........................395ICMPPortUnreachable ......................395ICMPUnreachable(exceptPort) ..................395

Chapter 18. Routed Ports. . . . . . . . . . . . . . . . . . . . . 397RoutedPortsOverview ........................398ConfiguringaRoutedPort .......................400

ConfiguringOSPFonRoutedPorts .................401OSPFConfigurationExample ..................401


Chapter 19. Address Resolution Protocol. . . . . . . . . . . . . . 403ARPOverview ............................ 404ARPAgingTimer .......................... 405ARPInspection ........................... 406StaticARPEntries.......................... 407

StaticARPConfigurationExample ................. 407ARPEntryStates........................... 408ARPTableRefresh.......................... 409ProxyARP ............................. 410

ProxyARPLimitations ...................... 410ConfigureProxyARP ....................... 410

Chapter 20. Internet Protocol Version 6 . . . . . . . . . . . . . . 411IPv6AddressFormat ......................... 412IPv6AddressTypes ......................... 413

UnicastAddress......................... 413Multicast ............................ 413Anycast ............................. 414

IPv6Interfaces ............................ 415NeighborDiscovery ......................... 416

NeighborDiscoveryOverview ................... 416RouterNodes .......................... 417NeighborTableThreshold ..................... 417

SupportedApplications........................ 418ConfigurationGuidelines....................... 419IPv6ConfigurationExamples..................... 420

IPv6Example1 .......................... 420IPv6Example2 .......................... 420

IPv6Limitations........................... 421

Chapter 21. Internet Group Management Protocol . . . . . . . . . . 423IGMPTerms ............................. 424HowIGMPWorks .......................... 425IGMPCapacityandDefaultValues................... 426IGMPSnooping........................... 427

IGMPv3Snooping ........................ 428SpanningTreeTopologyChange .................. 428IGMPQuerier.......................... 429

QuerierElection........................ 429MulticastRouterDiscovery .................... 432IGMPQueryMessages ...................... 433IGMPGroups .......................... 433IGMPSnoopingConfigurationGuidelines .............. 435

IGMPSnoopingConfigurationExample ................. 436


AdvancedIGMPSnoopingConfigurationExample ............438Prerequisites ...........................439IGMPConfiguration........................439

SwitchAConfiguration ....................439SwitchBConfiguration.....................440SwitchCConfiguration ....................441

Troubleshooting .........................442AdditionalIGMPFeatures.......................445

ReportSuppression ........................445RobustnessVariable ........................445FastLeave............................446StaticMulticastRouter .......................447

Chapter 22. Border Gateway Protocol . . . . . . . . . . . . . . . 449BGPOverview ............................450InternalRoutingVersusExternalRouting ................451RouteReflector ............................453

RouteReflectionConfigurationExample...............454Restrictions............................455

FormingBGPPeerRouters.......................456BGPPeersandDynamicPeers...................456

StaticPeers ..........................456DynamicPeers........................457

LoopbackInterfaces ..........................458WhatisaRouteMap?.........................459

NextHopPeerIPAddress .....................460IncomingandOutgoingRouteMaps ................460Precedence ............................460ConfigurationOverview ......................460

AggregatingRoutes ..........................462RedistributingRoutes .........................463BGPCommunities..........................465

BGPCommunity .........................465BGPExtendedCommunity .....................467BGPConfederation ........................467

BGPPathAttributes..........................469WellKnownMandatory ......................469WellKnownDiscretionary.....................469OptionalTransitive ........................469OptionalNonTransitive......................470

BestPathSelectionLogic........................471BGPBestPathSelection ......................471BGPWeight...........................472LocalPreference .........................472Metric(MultiExitDiscriminator)Attribute ..............472NextHop ............................473BestPathSelectionTuning .....................473BGPECMP............................475


BGPFeaturesandFunctions ...................... 476ASPathFilter .......................... 476BGPCapabilityCode ....................... 476AdministrativeDistance...................... 476TTLSecurityCheck........................ 477LocalAS............................. 477BGPAuthentication ........................ 478OriginateDefaultRoute ...................... 478IPPrefixListFilter ........................ 479DynamicCapability ........................ 480BGPGracefulRestart ....................... 480BGPDamping .......................... 481SoftReconfigurationInbound ................... 482BGPRouteRefresh ........................ 482BGPMultipleAddressFamilies................... 483BGPandBFD .......................... 483BGPNextHopTracking...................... 484BGPTuning ........................... 484

BGPFailoverConfiguration...................... 485DefaultRedistributionandRouteAggregationExample .......... 487DesigningaClosNetworkUsingBGP.................. 489ClosNetworkBGPConfigurationExample ............... 490

ConfigureFabricSwitchSF1 .................. 491ConfigureSpineSwitchSP11 .................. 493ConfigureLeafSwitchLP11 .................. 495

ConfiguringBGPUnnumbered..................... 497ConfigureBGPUnnumbered .................. 498BGPUnnumberedLimitations................. 499

DifferentiatedServicesandBGP .................... 500CommandsforUsingDSwithBGP ................. 501DSwithBGPExample ....................... 501

Chapter 23. Open Shortest Path First . . . . . . . . . . . . . . . 503OSPFv2Overview .......................... 504

TypesofOSPFAreas ....................... 504TypesofOSPFRoutingDevices................... 505NeighborsandAdjacencies .................... 506TheLinkStateDatabase...................... 506TheShortestPathFirstTree .................... 507InternalVersusExternalRouting.................. 507


OSPFv2ImplementationinCloudNOS .................508ConfigurableParameters ......................508DefiningAreas..........................509

UsingtheAreaIDtoAssigntheOSPFAreaNumber ........509AttachinganAreatoaNetwork .................510

InterfaceCost ...........................510ElectingtheDesignatedRouterandBackup .............510SummarizingRoutes .......................511DefaultRoutes ..........................511VirtualLinks ...........................513RouterID ............................513Authentication ..........................514

ConfiguringPlainTextOSPFPasswords.............515ConfiguringMD5Authentication ................515

LoopbackInterfacesinOSPF ....................516GracefulRestartHelper ......................516OSPFandBFD ..........................517

OSPFv2ConfigurationExamples ....................518Example 1:SimpleOSPFDomain ..................518Example 2:VirtualLinks......................520

ConfiguringOSPFforaVirtualLinkonSwitch1 .........520ConfiguringOSPFforaVirtualLinkonSwitch2 .........521OtherVirtualLinkOptions ...................522

Example 3:SummarizingRoutes..................522VerifyingOSPFConfiguration...................523

Chapter 24. Route Maps . . . . . . . . . . . . . . . . . . . . . 525RouteMapsOverview.........................526PermitandDenyRules........................527MatchandApplyClauses.......................528RouteMapsConfigurationExample...................530

Part 5: High Availability Fundamentals . . . . . . . . . . . . . . . 531

Chapter 25. Basic Redundancy . . . . . . . . . . . . . . . . . . 533AggregatingforLinkRedundancy...................534VirtualLinkAggregation.......................535

Chapter 26. Virtual Router Redundancy Protocol . . . . . . . . . . . 537VRRPOverview ...........................538

VRRPComponents ........................539VirtualRouter.........................539VirtualRouterMACAddress ..................539OwnersandRenters ......................539MasterandBackupVirtualRouter ................539VirtualInterfaceRouter ....................539

AssigningVRRPVirtualRouterID .................540VRRPOperation.........................540SelectingtheMasterVRRPRouter ..................540

FailoverMethods ...........................541ActiveActiveRedundancy .....................541


CloudNOSExtensionstoVRRP .................... 542VRRPAdvertisementIntervalandSubsecondFailover ........ 542InterfaceTracking......................... 543SwitchBackDelay ........................ 543BackwardCompatibilitywithVRRPv2 ............... 544VRRPAcceptMode........................ 544VRRPPreemption ........................ 545VRRPPriority.......................... 545IPv6VRRP ............................ 546

ConfiguringtheSwitchforTracking .................. 548BasicVRRPConfiguration ....................... 549ConfiguringVRRPHighAvailabilityUsingMultipleVIRs......... 551

Task1:ConfigureSwitch1 ................... 552Task2:ConfigureSwitch2 ................... 553

Chapter 27. Layer 2 Failover . . . . . . . . . . . . . . . . . . . 555MonitoringLAGLinks ........................ 556SettingtheFailoverLimit ....................... 557ManuallyMonitoringPortLinks .................... 558

MonitorPortState ........................ 558ControlPortState ......................... 558

L2FailoverwithOtherFeatures.................... 559StaticLAGs ........................... 559LACP .............................. 559SpanningTreeProtocol ...................... 559

ConfigurationGuidelines....................... 560ConfiguringLayer2Failover...................... 561

Part 6: Network Management . . . . . . . . . . . . . . . . . . . 563

Chapter 28. Link Layer Discovery Protocol . . . . . . . . . . . . . 565LLDPOverview ........................... 566EnablingorDisablingLLDP ...................... 567LLDPTransmitFeatures........................ 568

ScheduledInterval ........................ 568MinimumInterval ........................ 568TimetoLiveforTransmittedInformation.............. 569TrapNotifications ........................ 569ChangingtheLLDPTransmitState................. 570TypesofInformationTransmitted.................. 571

LLDPReceiveFeatures ........................ 572TypesofInformationReceived ................... 572TimetoLiveforReceivedInformation ............... 572ViewingRemoteDeviceInformation ................ 573

DebuggingLLDP........................... 574LLDPExampleConfiguration ..................... 576


Chapter 29. Service Location Protocol . . . . . . . . . . . . . . . 579SLPAgentsCommunication ......................580

SLPSpecificMessages .......................580SLPSupportedServiceAttributes ..................580

SLPConfiguration..........................581

Chapter 30. Simple Network Management Protocol . . . . . . . . . . 583SNMPVersions............................584

SNMPVersion1&Version2 ....................584SNMPVersion3 .........................584

SNMPProtocolDetails ........................585SNMPNotifications ........................585SNMPDeviceContactandLocation.................585OneTimeAuthenticationforSNMPoverTCP............585

DefaultConfiguration .........................586ConfigurationExamples ........................587

BasicSNMPConfigurationExample .................587UserConfigurationExample....................587ConfiguringSNMPTrapHosts ...................588

SNMPMIBs.............................589

Chapter 31. Telemetry . . . . . . . . . . . . . . . . . . . . . . 591NetworkTelemetryOverview .....................592CNOSTelemetryArchitecture .....................593TheGangliaAnalyticsApplication ...................595

TheGangliaAgent ........................595TheCentralDataAggregator ....................595TheDataVisualizationFrontEnd ..................596TheGangliaMetricTool ......................596UsingGangliawithCNOS .....................596

TypesofDataSuppliedbytheCNOSTelemetryAgent..........598BufferStatistics ..........................598

CongestionDropCounters...................598BufferUtilizationCounters ...................598BufferStatisticsNames .....................598

RealmParametersandIndexes...................599SettingUptheCNOSTelemetryAgent .................601

EnabletheTelemetryAgent ....................601ConfiguretheTelemetryController.................601SetUptheTelemetryHeartbeat ...................602

ConfiguringTelemetryAgentParameters ................603CongestionDropCounters.....................603BSTBufferCounters ........................615DetectCongestionAfteritHappens .................624PredictingCongestionBeforeitHappens ...............630CapacityPlanningBasedonTrendAnalysis.............639


Part 7: Hyperconverged Infrastructure . . . . . . . . . . . . . . . 645

Chapter 32. Network Virtualization Gateway. . . . . . . . . . . . . 647NSXIntegrationConcepts ....................... 648

VMwareNSXComponents..................... 650NSXManager......................... 650NSXController ........................ 650NSXEdge.......................... 650NSXvSwitch ......................... 650

NSXTunneling .......................... 650VXLAN............................... 653LenovoVXLANGateway ....................... 655

SoftwareArchitectureOverview .................. 658NWVDNetworkVirtualizationDaemon ............ 658OVSDBDOpenVirtualSwitchDatabaseDaemon ........ 659HSCHardwareSwitchController............... 661

VXLANGatewayStandaloneTopologies ................ 662VXLANTunnelsoverLayer3RoutedNetwork .......... 662PhysicalServersonLayer2Switches............... 662DirectlyAttachedVXLANTunnelwithaLayer2Network(NotSupported).......................... 663VXLANTunnelsthroughaLayer2Network(NotSupported) ... 663

HighAvailabilitySupport....................... 664VXLANGatewayConfigurationExample ................ 667

StandaloneVXLANGatewayConfigurationExample ......... 667HighAvailabilityVXLANGatewayConfigurationExample ...... 670

BasicSwitchConfiguration ................... 670vLAGConfiguration...................... 670HSCConfiguration ...................... 672

Chapter 33. Network Policy Agent . . . . . . . . . . . . . . . . . 675Overview .............................. 676SettinguptheNutanixVDMPlugin .................. 678ViewingVirtualDomainInformation .................. 684UnsubscribingtoNutanixVDMNotifications .............. 685DynamicVLANsandtheVDM .................... 686

DynamicVLANConsiderations .................. 686DynamicVLANCommands .................... 686

Part 8: Monitoring . . . . . . . . . . . . . . . . . . . . . . . 687

Chapter 34. Port Mirroring . . . . . . . . . . . . . . . . . . . . 689PortMirroringOverview ....................... 690SPANConfiguration ......................... 691

Sources ............................. 691Destinations........................... 691Sessions ............................. 691ConfigurationExample ...................... 692


ERSPANConfiguration........................693SessionTypes...........................693Sources.............................694Destinations ...........................694ERSPANSourceSessionConfigurationExample...........695ERSPANDestinationSessionConfigurationExample .........695

Limitations .............................697

Chapter 35. Sampled Flow . . . . . . . . . . . . . . . . . . . . 699ConfiguringsFlow ..........................700sFlowNetworkPolling........................701sFlowNetworkSampling .......................702sFlowExampleConfiguration .....................703

Part 9: Appendices . . . . . . . . . . . . . . . . . . . . . . . 705

Appendix A. Getting help and technical assistance . . . . . . . . . . 707

Appendix B. Notices. . . . . . . . . . . . . . . . . . . . . . . 709Trademarks .............................711ImportantNotes ...........................712RecyclingInformation .........................713ParticulateContamination .......................714TelecommunicationRegulatoryStatement ................715ElectronicEmissionNotices ......................716

FederalCommunicationsCommission(FCC)Statement ........716IndustryCanadaClassAEmissionComplianceStatement.......716AvisdeConformitlaRglementationdIndustrieCanada ......716AustraliaandNewZealandClassAStatement ............716EuropeanUnionCompliancetotheElectromagneticCompatibility Directive717GermanyClassAStatement....................717JapanVCCIClassAStatement ...................718JapanElectronicsandInformationTechnologyIndustriesAssociation(JEITA) Statement .........................719KoreaCommunicationsCommission(KCC)Statement .........719RussiaElectromagneticInterference(EMI)ClassAstatement ......719PeoplesRepublicofChinaClassAelectronicemissionstatement ....719TaiwanClassAcompliancestatement ................719

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 721


PrefaceThisApplicationGuidedescribeshowtoconfigureandusetheLenovoCloudNetworkOperatingSystem10.6softwareonthefollowingLenovoRackSwitches:

LenovoRackSwitchG8272.Fordocumentationoninstallingtheswitchphysically,seetheLenovoRackSwitchG8272InstallationGuide.



LenovoThinkSystemNE1032TRackSwitch.Fordocumentationoninstallingtheswitchphysically,seetheLenovoThinkSystemNE1032TRackSwitchInstallationGuide.

LenovoThinkSystemNE1032RackSwitch.Fordocumentationoninstallingtheswitchphysically,seetheLenovoThinkSystemNE1032RackSwitchInstallationGuide.

LenovoThinkSystemNE1072TRackSwitch.Fordocumentationoninstallingtheswitchphysically,seetheLenovoThinkSystemNE1072TRackSwitchInstallationGuide.




Who Should Use This GuideThisguideisintendedfornetworkinstallersandsystemadministratorsengagedinconfiguringandmaintaininganetwork.TheadministratorshouldbefamiliarwithEthernetconcepts,IPaddressing,SpanningTreeProtocol,andSNMPconfigurationparameters.

Copyright Lenovo 2018 Preface 25

Application Guide OverviewThisguidewillhelpyouplan,implement,andadministertheCloudNOS(CNOS)software.Wherepossible,eachsectionprovidesfeatureoverviews,usageexamples,andconfigurationinstructions.Thefollowingmaterialisincluded:

Part 1: Getting Started

ThismaterialisintendedtohelpthosenewtoCNOSproductswiththebasicsofswitchmanagement.Thispartincludesthefollowingchapters:

Chapter 1,UsingtheCommandLineInterface,describestheCNOScommandlineinterfacemodes,commands,keyboardshortcuts,andaliases.

Chapter 2,SwitchAdministration,describeshowtoaccesstheswitchtoconfiguretheswitch,andviewswitchinformationandstatistics.Thischapterdiscussesavarietyofmanualadministrationinterfaces,includinglocalmanagementviatheswitchconsole,andremoteadministrationviaTelnetorSecureShell.

Chapter 3,SystemLicenseKeys,describeshowtoinstalladditionalfeaturesontheswitch.

Chapter 4,SwitchSoftwareManagement,describeshowtoupdatetheCNOSsoftwareoperatingontheswitchandhowtoconvertfromCNOStoENOS.

Part 2: Securing the Switch

Thismaterialcontainsinformationaboutimplementingsecurityprotocolsontheswitch.Thispartincludesthefollowingchapters:

Chapter 5,SecuringAdministration,describesmethodsforusingSecureShellforadministrationconnections,andconfiguringenduseraccesscontrol.

Chapter 6,AAAProtocols,describesdifferentsecureadministrationmethodsforremoteadministrators.ThisincludesusingRADIUS,TerminalAccessControllerAccessControlSystemPlus(TACACS+)andAuthentication,Authorization,andAccounting(AAA).

Chapter 7,AccessControlLists,describeshowtousefilterstopermitordenyspecifictypesoftraffic,basedonavarietyofsource,destination,andpacketattributes.

Part 3: Switch Basics

Thismaterialcontainsinformationaboutsettingupfeaturesontheswitch.Thispartincludesthefollowingchapters:

Chapter 8,InterfaceManagement,describeshowtoconfiguretheswitchinterfaces,liketheethernetormanagementports.

Chapter 9,ForwardingDatabase,describeshowaLayer2devicecanbeconfiguredtolearnandstoreMACaddressesandtheircorrespondingports.

Chapter 10,VLANs,describeshowtoconfigureVirtualLocalAreaNetworks(VLANs)forcreatingseparatenetworksegments,includinghowtouseVLANtaggingfordevicesthatusemultipleVLANs.


Chapter 11,PortsandLinkAggregation,describeshowtogroupmultiplephysicalportstogethertoaggregatethebandwidthbetweenlargescalenetworkdevices.

Chapter 12,SpanningTreeProtocol,describeshowtousetheRapidPerVLANSpanningTreePlus(RapidPVST+)andMultipleSpanningTreeProtocol(MSTP)tobuildaloopfreenetworktopology.

Chapter 13,VirtualLinkAggregationGroups,describesusingVirtualLinkAggregationGroups(VLAGs)toformLAGsspanningmultipleVLAGcapableaggregatorswitches.

Chapter 14,QualityofService,discussesQualityofService(QoS)features,includingIPfilteringusingclassmaps,DifferentiatedServices,andIEEE802.1ppriorityvalues.

Chapter 15,CEE,discussesusingvariousConvergedEnhancedEthernet(CEE)featuressuchasPrioritybasedFlowControl(PFC),EnhancedTransmissionSelection(ETS)andDataCenterBridgingCapabilityExchange(DCBX).

Chapter 16,SecureMode,describesthedifferencebetweensecuremodeandlegacymode,whatenablingsecuremodemeans,andhowtoenableanddisableit.

Part 4: IP Routing

Thispartincludesthefollowingchapters:

Chapter 17,BasicIPRouting,describeshowtoconfiguretheswitchforIProutingusingIPsubnets,BFD,DHCPRelayandVRF.

Chapter 18,RoutedPorts,describeshowtoconfigureaswitchporttoforwardLayer3traffic.

Chapter 19,AddressResolutionProtocol,describeshowtousetheAddressResolutionProtocol(ARP)protocoltomapanIPv4addresstoaMACaddress.

Chapter 20,InternetProtocolVersion6,describeshowtoconfiguretheswitchtouseIPv6.

Chapter 21,InternetGroupManagementProtocol,describeshowCNOSimplementsInternetGroupManagementProtocol(IGMP)Snoopingtoconservebandwidthinamulticastswitchingenvironment.

Chapter 22,BorderGatewayProtocol,describesBorderGatewayProtocol(BGP)conceptsandfeaturessupportedinCNOS.

Chapter 23,OpenShortestPathFirst,describeskeyOpenShortestPathFirst(OSPF)concepts,andhowtheyareimplementedinCNOS,andprovidesexamplesofhowtoconfigureyourswitchforOSPFsupport.

Chapter 24,RouteMaps,describesroutemapsthatareusedtodefineroutepolicybypermittingordenyingcertainroutesbasedonaconfiguredsetofrules.


Part 5: High Availability Fundamentals


Chapter 25,BasicRedundancy,describeshowtheswitchsupportsredundancythroughLAGsandVLAGs.

Chapter 26,VirtualRouterRedundancyProtocol,describeshowtheswitchsupportshighavailabilitynetworktopologiesusingVirtualRouterRedundancyProtocol(VRRP).

Chapter 27,Layer2Failover,describeshowtoconfigureandusenetworkadapterteamingforLayer2LAGfailover.

Part 6: Network Management


Chapter 28,LinkLayerDiscoveryProtocol,describeshowLinkLayerDiscoveryProtocol(LLDP)helpsneighboringnetworkdeviceslearnabouteachothersportsandcapabilities.

Chapter 29,ServiceLocationProtocol,describestheServiceLocationProtocol(SLP)thatallowstheswitchtoprovidedynamicdirectoryservices.

Chapter 30,SimpleNetworkManagementProtocol,describeshowtoconfiguretheswitchformanagementthroughaSimpleNetworkManagementProtocol(SNMP)client.

Chapter 31,Telemetry,describestheCNOSNetworkTelemetryAgentandhowtousethedataitprovidestofinetuneyournetwork.

Part 7: Hyperconverged Infrastructure


Chapter 32,NetworkVirtualizationGateway,describeshowtointegrateVMwareNSXwithyourswitch.

Chapter 33,NetworkPolicyAgent,explainshowtousetheCNOSnetworkpolicyagentpluginthatworkswiththeNutanixVirtualDomainModule.

Part 8: Monitoring


Chapter 34,PortMirroring,discussestoolstocopyselectedporttraffictoaremotemonitorportfornetworkanalysis.

Chapter 35,SampledFlow,discussesusingSampledFlow(sFlow)formonitoringtraffic.

Part 9: Appendices

Thispartincludesthefollowingappendices:

AppendixA,Gettinghelpandtechnicalassistance,providesdetailsonwheretogoforadditionalinformationaboutLenovoandLenovoproducts.

AppendixB,Notices,containssafetyandenvironmentalnotices.


Additional ReferencesAdditionalinformationaboutinstallingandconfiguringyourswitchisavailableinthefollowingguides:

LenovoNetworkCommandReferenceforLenovoCloudNetworkOperatingSystem10.6

LenovoNetworkReleaseNotesforLenovoCloudNetworkOperatingSystem10.6foryourswitch

LenovoNetworkPythonProgrammingGuideforLenovoCloudNetworkOperatingSystem10.6

LenovoNetworkRESTAPIProgrammingGuideforLenovoCloudNetworkOperatingSystem10.6


Typographic ConventionsThefollowingtabledescribesthetypographicstylesusedinthisbook.

Table 1. Typographic Conventions

Typeface or Symbol

Meaning Example

ABC123 Thistypeisusedfornamesofcommands,files,anddirectoriesusedwithinthetext.

Viewthereadme.txtfile.

Italsodepictsonscreencomputeroutputandprompts.

Switch#

ABC123 Thisboldtypeappearsincommandexamples.Itshowstextthatmustbetypedinexactlyasshown.

Switch#ping

Thisitalicizedtypeappearsincommandexamplesasaparameterplaceholder.Replacetheindicatedtextwiththeappropriaterealnameorvaluewhenusingthecommand.Donottypethebrackets.

ToestablishaTelnetsession,enter:Switch#telnet

Thisalsoshowsbooktitles,specialterms,orwordstobeemphasized.

ReadyourUsersGuidethoroughly.

{} Commanditemsshowninsidebracketsaremandatoryandcannotbeexcluded.Donottypethebrackets.

Switch#cp{ftp|sftp}

[] Commanditemsshowninsidebracketsareoptionalandcanbeusedorexcludedasthesituationdemands.Donottypethebrackets.

Switch#configure[device]

| Theverticalbar(|)isusedincommandexamplestoseparatechoiceswheremultipleoptionsexist.Selectonlyoneofthelistedoptions.Donottypetheverticalbar.

Switch#cp{ftp|sftp}

AaBb123 Thisblocktypedepictsmenus,buttons,andothercontrolsthatappearingraphicalinterfaces.

ClicktheSavebutton.


Part 1: Getting StartedThissectiondiscussesthefollowingtopics:

UsingtheCommandLineInterfaceonpage 33

SwitchAdministrationonpage 41

SystemLicenseKeysonpage 91

SwitchSoftwareManagementonpage 97


Chapter 1. Using the Command Line InterfaceLenovoCloudNetworkOperatingSystemusesanindustrystandardcommandlineinterface(CLI).LikeanyswitchCLI,therearesubtledifferencesbetweentheCNOSCLIandtheCLIonswitchesfromothervendors.

Thefollowingsubjectsarediscussedinthischapter:

CLICommandModesonpage 34

CommandLineInterfaceShortcutsonpage 35

CommandAliasesonpage 37


CLI Command ModesTheCLIhasthreemajorcommandmodeslistedinorderofincreasingprivileges,asfollows:

UserEXECMode:Switch>Thisistheinitialmodeofaccess.Bydefault,onconsolesessionspasswordcheckingisdisabledforthismode.

PrivilegedEXECmode:Switch#ThismodeisaccessedfromUserEXECMode.Thismodecanbeaccessedusingthefollowingcommand:enable

ConfigurationMode:Switch(config)#Thismodeallowsyoutomakechangestotherunningconfiguration.Ifyousavetheconfiguration,thesettingssurviveareloadoftheswitch.SeveralsubmodescanbeaccessedfromtheUserEXECMode.Thismodecanbeaccessedusingthefollowingcommand:configure[device]

Eachmodeprovidesaspecificsetofcommands.Mostlowerprivilegemodecommandsareaccessiblewhenusingahigherprivilegemode.Note: ThewordSwitchisagenerictermusedthroughouttheApplicationGuidetoindicatethehostnameoftheswitchwhenissuingcommands.DependingontheLenovoRachSwitchorThinkSystem,thewordSwitchwillbereplacedwithoneofthefollowing:

Switch Type Prompt

RackSwitchG8272 G8272



ThinkSystemNE1032RackSwitch NE1032

ThinkSystemNE1032TRackSwitch NE1032T

ThinkSystemNE1072TRackSwitch NE1072T



Copyright Lenovo 2018 Chapter 1: Using the Command Line Interface 35

Command Line Interface ShortcutsThefollowingshortcutsallowyoutoentercommandsquicklyandeasily.

CLI List and Range InputsForVLANandportcommands,youcanspecifylistsandrangesofitemscannowbespecified.Forexample,thevlancommandpermitsthefollowingoptions:

Thenumbersinarangemustbeseparatedbyahyphen:

Multiplerangesoritemsarepermittedusingacomma:,

Donotusespaceswithinlistandrangespecifications.

Rangescanalsobeusedtoapplythesamecommandoptiontomultipleitems.Forexample,toaccessmultipleportswithonecommand:

Command AbbreviationMostcommandscanbeabbreviatedbyenteringthefirstcharacterswhichdistinguishthecommandfromtheothersinthesamemode.Forexample,considerthefollowingfullcommand:

Anycommandcanbeabbreviatedusingthesmallestuniquestrings.Forexample,thepreviouscommandcanbeabbreviatedto:

Tab CompletionByenteringthefirstletterofacommandatanypromptandpressingTab,theISCLIdisplaysallavailablecommandsoroptionsthatbeginwiththatletter.Enteringadditionallettersfurtherrefinesthelistofcommandsoroptionsdisplayed.IfonlyonecommandfitstheinputtextwhenTabispressed,thatcommandissuppliedonthecommandline,waitingtobeentered.

Ifmultiplecommandssharethetypedcharacters,whenyoupressTab,theISCLIcompletesthecommonpartofthesharedsyntax.

Switch(config)#vlan1,3,1094 (accessVLANs1,3,and1094)Switch(config)#vlan120 (accessVLANs1through20)Switch(config)#vlan15,9099,10901094(accessmultipleranges)Switch(config)#vlan15,19,20,10901094(accessamixoflistsandranges)

Switch(config)#spanningtreemst14cost4096 (instances1through4)

Switch(config)#displaymacaddresstableinterfaceethernet1/12

Switch(config)#dispmaadie1/12


Line EditingThefollowingcaseinsensitivekeystrokecommandsareavailableforeditingcommandlines:

Command Behavior

Movesthecursortothebeginningoftheline.

Movesthecursoronecharactertotheleft.

Deletesthecharacteratthecursor.

Movesthecursortotheendoftheline.

Movesthecursoronecharactertotheright.

Killsalltexttotherightofthecursor,puttingitintoabuffer.

Clearsthescreen,leavingthecurrentlineintactatthetop.

Movetothenextcommandinthecommandhistory.

Movetothepreviouscommandinthecommandhistory.

Swapsthecharacteratthecursorwiththecharactertotheleftofthecursor.

Clearsalltextfromthecommandline.

Deletesfromthecursortothestartoftheword.

Yanksthetextfromthekillbuffer.

Movesthecursorbackwardsoneword.

Capitalizesthefirstletterofthewordorthecharacterwherethecursorispointing.

Deletestotheendofthewordtotherightofthecursor.

Movesthecursorforwardsoneword.

Changesthetexttolowercasefromthecursortotheendoftheword.

Changesthetexttouppercasefromthecursortotheendoftheword.


Command AliasesCommandaliasingenablesyoutochangethenamesofcommandsintheCLI.

Defining AliasesTodefineanalias,enter:

Forexample,tousethecommandshowtoinvokethedisplaycommand,enter:

Removing AliasesToremoveanalias,enter:

Toremoveallaliases,enter:

Displaying AliasesToseethelistofaliasesconfiguredtoyoursystem,enter:

Note: Thealiascommanddoesnotdovalidationchecking.Ifyouenteraninvalidcommandforanaliastoinvoke,youwillnotgetanerrormessagewhenyoucreatethealias,butyouwillgetanerrormessagewhenyouactuallyinvokethatalias.

Rules for Using AliasesThefollowingrulesapplywhenyouaredefininganalias:

Analiasmustbeanalphanumericstringthatstartswithanalphabeticcharacter.Therecanbenospacesorpunctuationcharactersinanaliasname.Therecanbedashesandspacesinthecommandbeingaliased.Forexample,thefollowingcommandaliasesthestringdsitodisplaysysinfo:

Switch(config)#alias

Switch(config)#aliasshowdisplay

Switch(config)#noalias

Switch(config)#noaliasall

Switch(config)#displayaliasCLIaliasinformation:=====================show:displayabc:display

Switch(config)#aliasdsidisplaysysinfo


Youcannotescapenonalphanumericcharacterswithabackslashorwithquotes.Forexample,youwillgetanerrormessageifyouenter:

Youcanhavemultiplealiasesforthesamecommand,butyoucannothavemultiplecommandsmappedtothesamealias.Forexample,ifyouenter:

Thealiasesshowandabcwillbothinvokethedisplaycommand.However,ifyouenter:

Theshowaliaswillinvoketheenablecommand.

Youcanuseanaliastoinvokeamultiplewordcommand.Forexample,youcanenter:

Thessialiaswillnowinvokethecommanddisplaysysinfo.

Youcannotnestaliases.Forexample,ifyouenter:

Thessicommandwillreturnanerrormessage.

Youcannotaliasanargumentofacommand.Forexample,ifyoutryentering:

Thecommandshowsiwillreturnanerrormessagebecausetheswitchistryingtoparseitasdisplaysi.

Ifyouusethenameofanexistingcommandasanaliasname,itwilloverridetheexistingcommand.Forexample,ifyouenter:

Theqoscommandwillbehaveasifyouhadentereddisplay.Tofixthis,enter:

Inthecaseoffixingtheqoscommandtoitsoriginalfunction,youwouldenter:

Switch(config)#aliasshow\sysinfodisplaysysinfo

Switch(config)#aliasshowdisplaySwitch(config)#aliasabcdisplay

Switch(config)#aliasshowdisplaySwitch(config)#aliasshowenable

Switch(config)#aliasssidisplaysysinfo

Switch(config)#aliasshowdisplaySwitch(config)#aliasssishowsysinfo

Switch(config)#aliasshowdisplaySwitch(config)#aliassisysinfo

Switch(config)#aliasqosdisplay

Switch(config)#noalias

Switch(config)#noaliasqos


Analiasdoesnotsupportmultiplecommandlines.Forexample,ifyouenter:

Youwillgetanerrormessage.

Youcannotconcatenatealiases.Forexample,ifyouenter:

Youwillgetanerrormessageafteryouentershowpa.

Themaximumnumberofaliasesthatcanbeconfiguredonaswitchis128.

Thefollowingarereservedwordsthatcannotbeusedasanaliasname:

Switch(config)#aliasdvdudisplayversion\ndisplayuser

Switch(config)#aliasdisplayshowSwitch(config)#aliaspaportaggregationSwitch(config)#showpa1

alias enable python

all end quit

bfd exit reload

configure logout remove

disable name restart

display no save


Chapter 2. Switch AdministrationYourRackSwitchisreadytoperformbasicswitchingfunctionsrightoutofthebox.Someofthemoreadvancedfeatures,however,requiresomeadministrativeconfigurationbeforetheycanbeusedeffectively.

TheextensiveLenovoCloudNetworkOperatingSystemfortheswitchprovidesavarietyofoptionsforaccessingtheswitchtoperformavarietyofconfigurationsandtoviewswitchinformationandstatistics.

Thischapterdiscussesthevariouscommandsusedtoadministertheswitch:

AdministrationInterfacesonpage 42

IndustryStandardCommandLineInterfaceonpage 43

EstablishingaConnectiononpage 44

ZeroTouchProvisioningonpage 51

DHCPIPAddressServicesonpage 55

SwitchLoginLevelsonpage 62

Pingonpage 64

Tracerouteonpage 69

NetworkTimeProtocolonpage 72

DomainNameServerClientonpage 77

SystemLoggingonpage 79

IdleDisconnectonpage 87

PythonScriptingonpage 88

RESTAPIProgrammingonpage 89


Administration InterfacesCloudNOSprovidesavarietyofuserinterfacesforadministration.Theseinterfacesvaryincharacterandinthemethodsusedtoaccessthem.Somearetextbasedandsomearegraphical;someareavailablebydefault,whileothersrequireconfiguration;somecanbeaccessedbylocalconnectiontotheswitch,whileothersareaccessedremotelyusingvariousclientapplications.Forexample,administrationcanbeperformedusinganyofthefollowing:

Abuiltin,textbasedcommandlineinterface(CLI)andmenusystemforswitchaccessviaaserialportconnectionoranoptionalTelnetorSSHsession

SNMPsupportforaccessthroughthirdpartycommercialandopensourcenetworkmanagementapplications.

Thespecificinterfacechosenforanadministrativesessiondependsonyourpreferences,theswitchconfiguration,andtheavailableclienttools.

Inallcases,administrationrequiresthattheswitchhardwareisproperlyinstalledandturnedon(seetheLenovoRackSwitchInstallationGuide).

Copyright Lenovo 2018 Chapter 2: Switch Administration 43

Industry Standard Command Line InterfaceTheIndustryStandardCommandLineInterface(ISCLI)providesasimpleanddirectmethodforswitchadministration.Usingabasicterminal,youcanissuecommandsthatallowyoutoviewdetailedinformationandstatisticsabouttheswitch,andtoperformanynecessaryconfigurationandswitchsoftwaremaintenance.

YoucanestablishaconnectiontotheISCLIinanyofthefollowingways:

Serialconnectionviatheserialportontheswitch(thisoptionisalwaysavailable)

Telnetconnectionoverthenetwork

SSHconnectionoverthenetwork


Establishing a ConnectionThefactorydefaultsettingspermitinitialswitchadministrationthroughthebuiltinserialport.TheswitchcanalsobeinitiallyconfiguredthroughtheOOBmanagementportthatgetsadefaultIPaddress(192.168.50.50/24);inthiscase,theuserisabletologinviaSSHintotheportandperforminitialconfiguration.

Remoteaccessusingthenetworkrequirestheaccessingterminaltohaveavalid,routableconnectiontotheswitchinterface.TheclientIPaddressmaybeconfiguredmanually,oranIPaddresscanbeprovidedautomaticallytotheswitchusingaservicesuchasDHCP(seeDHCPIPAddressServicesonpage 55).AnIPv6addresscanalsobeobtainedusingIPv6statelessaddressconfiguration.Note: Throughoutthismanual,IPaddressisusedinplaceswhereeitheranIPv4orIPv6addressisallowed.IPv4addressesareenteredindotteddecimalnotation(forexample,10.10.10.1),whileIPv6addressesareenteredinhexadecimalnotation(forexample,2001:db8:85a3::8a2e:370:7334).Inplaceswhereonlyonetypeofaddressisallowed,IPv4addressorIPv6addressisspecified.

Using the Switch Management InterfaceTomanagetheswitchthroughthemanagementinterface,youmustconfigureitwithanIPinterface.ConfiguretheIPaddressandnetworkmaskanddefaultgatewayaddress:

1. Logontotheswitch.

2. EnterGlobalConfigurationmode.

3. ConfigureamanagementIPaddressandnetworkmask:

IPv4configuration:

IPv6configuration:

4. Configuretheappropriatedefaultgateway:

IPv4configuration:

Switch>enableSwitch#configuredeviceSwitch(config)#

Switch(config)#interfacemgmt0Switch(configif)#ipaddress/Switch(configif)#exit

Switch(config)#interfacemgmt0Switch(configif)#ipv6address/Switch(configif)#exit

Switch(config)#vrfcontextmanagementSwitch(configvrf)#iproute0.0.0.00.0.0.0Switch(configvrf)#exit


IPv6configuration:

OnceyouconfigureamanagementIPaddressforyourswitch,youcanconnecttothemanagementportanduseaTelnetoranSSHclientfromanexternalmanagementstationtoaccessandcontroltheswitch.Themanagementportprovidesoutofbandmanagement.Note: Touseatelnetclient,youmustfirstenabletelnetaccesswiththecommand:

Other Ways to Manage the Switch Using IPBesidesusingtheoutofbandmanagementporttoadministertheswitch,youcanmanagetheswitchusinganinbandconnectionoverthedataports.Thefollowingoptionsareavailableforconfiguringinbandmanagement:

SwitchedVirtualInterface(SVI)

L3routedports

SwitchVirtualInterfacesonpage 196containsrulesandmoredetailsaboutusinganSVI,whileConfiguringaRoutedPortonpage 400containsmoredetailsaboutconfiguringroutedports.Thefollowingsectioncontainsexamplesofeach.

Configuring a Switched Virtual Interface for ManagementASwitchedVirtualInterfaceisaVLANthathasanIPaddressassigneddirectlyonitviathecommand:

TheVLANmustalreadyexistbeforeyouconfiguretheVLANinterface,andtheVLANmustbeallowedonanydataportsyouwanttousetomanagetheswitch.AlongwithconfiguringtheVLANinterface,ifyouwanttoconnecttotheswitchviaaremoteIPsubnet,configureaninbanddefaultgateway.

ThefollowingisanexampleofconfiguringanSVIandassociateddefaultgateway.


2. EnterconfigurationmodeandthencreatethedesiredVLANthatwillbeusedbytheSVI

Switch(config)#vrfcontextmanagementSwitch(configvrf)#ipv6route::/0Switch(configvrf)#exit

Switch(config)#featuretelnet

Switch(config)#interfacevlan

Switch>enableSwitch#configuredeviceSwitch(config)#vlanSwitch(config)#exit


3. CreatetheSVIandconfiguretheIPaddressandnetworkmask.

4. Configuretheinbanddefaultgateway(optional).

IPv4configuration:

IPv6configuration:

YoumustcarrytheVLANbeingusedformanagementonatleastoneoftheinbanddataports,topermitmanagementoftheswitchviathispath.

Using the Switch Ethernet Ports in Routed Port Mode for ManagementYoualsocanconfigureinbandmanagementdirectlyonanyoftheswitchEthernetdataportsbysettingthephysicalinterfacetoRoutedPortmode.ToallowinbandmanagementviatheRoutedportfeatureusethefollowingprocedure:


2. Enterinterfacemodeandconfigureanethernetinterfaceasroutedport.

3. ConfiguretheinterfaceIPaddressandnetworkmaskonthisphysicalEthernetinterface.

IPv4configuration:

IPv6configuration:

4. (Optional)Configuretheinbanddefaultgateway.

IPv4configuration:

Switch(config)#interfacevlanSwitch(configif)#ipaddress/Switch(configif)#exit

Switch(configif)#iproute0.0.0.0/0

Switch(configif)#ipv6route::/0Switch(configvrf)#exit

Switch>enableSwitch#configuredeviceSwitch(config)#interfaceethernet/Switch(configif)#nobridgeport

Switch(configif)#ipaddress/Switch(configif)#exit

Switch(configif)#ipv6address/Switch(configif)#exit

Switch(config)#iproute0.0.0.0/0


IPv6configuration:

OnceyouconfiguretheIPaddressandhaveanetworkconnection,youcanuseaTelnetoranSSHclientfromanexternalmanagementstationtoaccessandcontroltheswitch.Oncethedefaultgatewayisenabled,themanagementstationandtheswitchdonotneedtobeonthesameIPsubnettocommunicate.

Theswitchsupportsanindustrystandardcommandlineinterface(ISCLI)thatyoucanusetoconfigureandcontroltheswitchoverthenetworkusingaTelnetoranSSHclient.YoucanusetheISCLItoperformmanybasicnetworkmanagementfunctions.Inaddition,youcanconfiguretheswitchformanagementusinganSNMPbasednetworkmanagementsystem.

Formoreinformation,seethedocumentslistedinAdditionalReferencesonpage 28.

Using TelnetATelnetconnectionofferstheconvenienceofaccessingtheswitchfromaworkstationconnectedtothenetwork.Telnetaccessprovidesthesameoptionsforuserandadministratoraccessasthoseavailablethroughtheconsoleport.

Bydefault,Telnetaccessisdisabled.UsethefollowingcommandtoenableordisableTelnetaccess:

OncetheswitchisconfiguredwithanIPaddressandgateway,youcanuseTelnettoaccessswitchadministrationfromanyworkstationconnectedtothemanagementnetwork.

ToestablishaTelnetconnectionwiththeswitch,runtheTelnetclientonyourworkstation,useTelnetastheprotocoltypeandtheswitchsIPaddressasthehostname.

YouwillthenbepromptedtoenterapasswordasexplainedinSwitchLoginLevelsonpage 62.

Bydefault,TelnetusesTCPport23oftheremotehosttoestablishaconnectionfromtheswitch.WheninitializingaTelnetsession,youcanspecifytheTCPportoftheremotehostbyusingthefollowingcommandontheswitch:

Note: ThespecifiedportwillbeusedonlyforthecurrentTelnetsession.Futuresessionswillnotusetheselectedport.

Bydefault,TelnetclientswillconnecttothelocalTelnetserverusingTCPport23ontheswitch.ToconfiguretheTCPportusedbyaTelnetclientwhenestablishingaconnectiontotheswitch,usethefollowingcommand:

Switch(config)#ipv6route::/0

Switch(config)#[no]featuretelnet

Switch#telnetport

Switch(config)#telnetserverport


Using Secure ShellAlthougharemotenetworkadministratorcanmanagetheconfigurationofaswitchviaTelnet,thismethoddoesnotprovideasecureconnection.TheSecureShell(SSH)protocolenablesyoutosecurelylogintoanotherdeviceoveranetworktoexecutecommandsremotely.AsasecurealternativetousingTelnettomanageswitchconfiguration,SSHensuresthatalldatasentoverthenetworkisencryptedandsecure.

Bydefault,SSHaccessisenabled.UsethefollowingcommandtoenableordisableSSHaccess:

Theswitchcandoonlyonesessionofkey/ciphergenerationatatime.Thus,anSSHclientwillnotbeabletologiniftheswitchisdoingkeygenerationatthattime.Similarly,thesystemwillfailtodothekeygenerationifanSSHclientislogginginatthattime.

ThesupportedSSHencryptionandauthenticationmethodsare:

ServerHostAuthentication:ClientRSAauthenticatestheswitchwhenstartingeachconnection

KeyExchange:ecdhsha2nistp256,ecdhsha2nistp384,ecdhsha2nistp521,diffiehellmangroup14sha1

Encryption:aes128ctr,aes192ctr,aes256ctr,[email protected],[email protected]

MAC:hmacsha2256,hmacsha2512,[email protected],[email protected]

UserAuthentication:Localpasswordauthentication,TACACS+

LenovoCloudNetworkOperatingSystemimplementstheSSHversion2.0standardandisconfirmedtoworkwithSSHversion2.0compliantclientssuchasthefollowing:

OpenSSH_6.7p1forLinux

SecureCRTVersion7.3.4(build839)

PuttySSHrelease0.63

Using SSH with Password AuthenticationOncetheIPparametersareconfigured,youcanaccessthecommandlineinterfaceusinganSSHconnection.

ToestablishanSSHconnectionwiththeswitch,runtheSSHclientonyourworkstation,useSSHastheprotocoltypeandtheswitchsIPaddressasthehostname.

YouwillthenbepromptedtoenterapasswordasexplainedinSwitchLoginLevelsonpage 62.

Switch(config)#[no]featuressh


Using SSH with Server Key AuthenticationSSHcanalsobeusedforswitchauthenticationbasedonasymmetriccryptography.Serverencryptionkeyscanbegeneratedontheswitchandusedtoauthenticateincomingloginattemptsbasedontheclientsprivateencryptionkeypairs.Afterapredefinednumberoffailedserverkeyauthenticationattempts,aloginerrorwillappearandtheSSHsessionwillbedisconnected.

Tosetupserverkeyauthentication:

1. DisableSSH:

Note: SSHsettingscannotbemodifiedifSSHisenabled.

2. GenerateanSSHkey:

DSA:

RSA:

Note: YoucanalsoconfigurethelengthoftheRSAkeybyusingthefollowingcommand:

3. ConfigureamaximumnumberoffailedserverkeyauthenticationattemptsbeforetheSSHsessionwillbedisconnected:

Note: Thedefaultnumberoffailedattemptsis3.

4. ReenableSSH:

Oncetheserverkeyisconfiguredontheswitch,aclientcanuseSSHtologinfromasystemwheretheprivatekeypairissetup.

Switch(config)#nofeaturessh

Switch(config)#sshkeydsa[force]

Switch(config)#sshkeyrsa[force]

Switch(config)#sshkeyrsalength

Switch(config)#sshloginattempts

Switch(config)#featuressh


Using Simple Network Management ProtocolCNOSprovidesSimpleNetworkManagementProtocol(SNMP)version1,2,and3supportforaccessthroughanynetworkmanagementsoftware,suchasSwitchCenterorLenovoXClarity.Note: TheSNMPreadfunctionisenabledbydefault.Forbestsecuritypractices,ifSNMPisnotneededforyournetwork,disablethisfunctionpriortoconnectingtheswitchtothenetwork.

ToaccesstheSNMPagentontheswitch,thereadandwritecommunitystringsontheSNMPmanagermustbeconfiguredtomatchthoseontheswitch.

Thereadandwritecommunitystringsontheswitchcanbeconfiguredusingthefollowingcommands:

readonlyaccesscommunitystring:

readwriteaccesscommunitystring:

TheSNMPmanagermustbeabletoreachanyoneoftheIPinterfacesontheswitch.

FortheSNMPmanagertoreceivetheSNMPv1trapssentoutbytheSNMPagentontheswitch,configurethetraphostontheswitchwiththefollowingcommand:

FormoreinformationonSNMPusageandconfiguration,seeChapter 30,SimpleNetworkManagementProtocol.

Switch(config)#snmpservercommunityro

Switch(config)#snmpservercommunityrw

Switch(config)#snmpserverhosttrapsversion1


Zero Touch ProvisioningZeroTouchProvisioning(ZTP)enablesaswitchtoautomaticallyprovisionitselfusingtheresourcesavailableonthenetworkwithoutmanualintervention.WhenaswitchwithZTPenabledstartsup,itlocatesaDHCPserverwhichprovidestheswitchwithaninterfaceIPv4addressandagatewayIPv4address.TheswitchthenobtainstheIPaddressofaTFTPserverfromwhichitwilldownloadthenecessarybootfile.Thenextstepisfortheswitchtorunthebootfile.

Ontheswitch,ZTPwilltriggerwhenanyofthefollowingconditionsaremet:

aswitchbootswithnostartupconfiguration(onlythedefaultconfiguration)

thestartupconfigurationiserasedandtheswitchisreloaded

ZTPisforcedlyenabledfromtheCLINote: ZTPwillnotbetriggeredifitisforcedlydisabledfromtheCLI.

Duringthebootprocess,iftheswitchdoesnotfindastartupconfigurationandZTPisenabled,theswitchwillenterZTPmode.WhenforcedlyenabledfromtheCLI,theswitchentersZTPmoderegardlessofthepresenceofastartupconfiguration.TheswitchwillsearchforavailableDHCPserversandrequestthemtoacquireaninterfaceaddress,agatewayaddress,theTFTPserveraddress,andthebootfilename.

AftertheinformationfromtheDHCPserverisobtained,ZTPwilldownloadandrunthebootfile,andthenexecutetheZTPprocessaccordingtothebootfile.ZTPautomaticallyhandlestheprocessofupgradingtheswitchsoftwareimageandinstallingconfigurationfiles.

Notes:

Duringthebootprocess,apromptwillappearaskingifyouwanttoabortorcontinuetheZTPprocess.IfyouchoosetoexitZTP,theswitchwillcontinuewithitsnormalbootprocess,usingthedefaultconfigurationoranystartupconfiguration,ifoneispresentontheswitchandZTPwasforcedlyenabledfromtheCLI.

IfZTPwasforcedlyenabledandnoDHCPserverwasfoundduringtheZTPprocess,anypreviousIPv4addressmanuallyconfiguredofthemanagementinterfacewillberemoved.

IfZTPiscanceledduringitsexecution,theswitchexitsZTPmode.IfaninterfaceIPv4addresswasobtained,itwillnotbereleased.Ifanyfileswheredownloaded,theywillnotbedeleted.

ImportantZTPeventsareloggedbytheswitchandareavailablefordisplayfromaconsolesession.


DHCP DiscoveryAfterenteringZTPmode,theswitchsendsaDHCPdiscovermessageonitsmanagementinterfacerequestingDHCPoffersfromtheDHCPserverspresentonthenetwork.ThereceivingDHCPserverreplieswithaDHCPoffermessage.

WhentheDHCPclientreceivestheDHCPoffermessage,itwillrequesttheDHCPservertosendthefollowinginformation:

aninterfaceIPv4address

agatewayIPv4address

theTFTPserverIPaddress(usingoption66)

thebootfilename(usingoption67)

TheswitchcompletestheDHCPnegotiationprocess(requestandacknowledgement)withtheDHCPserver,whichassignstheswitchanIPv4address.TheswitchthenusestheacquiredTFTPserverIPaddresstocontacttheTFTPserver.ThebootfilenamecontainsthecompletefilepathofthebootfileontheTFTPserver.Theswitchthendownloadsthebootfile.

IfnoDHCPserversreplytotheDHCPdiscovermessageorifnoDHCPoffermeetstheZTPrequirements,theswitchwillbeunabletocompletetheDHCPnegotiationandanIPv4addressisnotassigned(exceptthedefaultIPv4address192.168.50.50/24,butthiscannothelptheswitchfinalizetheZTPprocess).ZTPwilltrythreetimestosuccessfullyobtaintherequiredinformation.IfitfailstheDHCPnegotiationthreetimes,theswitchexitsZTPmodeandcontinuesthenormalbootprocess.

Notes:

TheinterfaceIPv4addressobtainedfromtheDHCPserveriskeptandusedevenaftertheZTPprocessover.

ZTPsupportsonlyDHCPv4andnotDHCPv6.

ZTPsupportsonlyTFTPandnotFTP,SCP,orothertransferprotocols.

DHCPserversmustbeconfiguredwithoptions66and67toensurethattheswitchalwaysobtainstheTFTPserverhostnameandthebootfilenameduringtheZTPprocess.

DHCPoptions66and67areenabledbydefaultontheswitch.Ifeitherofthemisintentionallydisabled,theZTPprocesswillresultinafailure.

DHCPoption66providestheIPaddressofasingleTFTPserver.ToenableordisableDHCPoption66,usethefollowingcommand:

DHCPoption67providesthefilepathofthebootfileneededbyZTP.ToenableordisableDHCPoption67,usethefollowingcommand:

Switch(config)#[no]ipdhcpclientrequesttftpservername

Switch(config)#[no]ipdhcpclientrequestbootfilename


ZTP Boot FileThebootfileiswritteninYAMLformatandcontainsswitchmodels,andundereachswitchmodelareseveralfieldsthatinstructtheZTPprocesswhattodo.

Thebootfilemaycontainuptothreefieldsundereachswitchmodel:

img_namethisinstructsZTPtoupdatetheswitchsoftwareimagetothespecifiedimageversionandconfigureitasthestandbyimageontheswitch

configurationthisinstructsZTPtocopythespecifiedconfigurationfilefromtheTFTPserveranduseitasthestartupconfigurationfileontheswitch

scriptthisinstructsZTPtocopythescriptfileandexecuteitontheswitch

ZTPchecksthebootfilefortheswitchmodelandexecutetheappropriateactionsaccordingtothefieldsunderthecorrectswitchmodel.

ZTPsupportstheexecutionofPythonscripts.Ifthereisascriptfieldundertheswitchmodelinthebootfile,thefieldhasahigherprioritythantheothertwofields(img_nameandconfiguration)andZTPwillignorethem.ZTPdownloadsthePythonscriptfiletotheswitchandexecutesit.Thescriptcanalsocontaininstructionstodownloadandinstallaswitchsoftwareimageandaconfigurationfile.Note: ThePythonscriptfileisstoredinatemporaryfolderontheswitchanditwillbedeletedoncetheswitchreloads.

Followingisanexampleofabootfile:

Note: AftertheZTPprocessisover,theswitchwillbereloadedifthesoftwareimageorthestartupconfigurationareupdated.IfZTPexecutesaPythonscript,thereloadingoftheswitchisdecidedbythescriptinstead.

G8272:img_name:G827210.6.0.1.imgconfiguration:netboot_config_file_G8272script:netboot_G8272.py




Forcedly Enabling or Disabling ZTPZTPcanbeforcedlyenabledontheswitchevenifthereisastartupconfigurationpresent.Itcanalsobeforcedlydisabledtonotexecuteevenifthereisnostartupconfiguration.

ZTPcanhaveoneofthefollowingstates:

Default

ForcedlyEnabled

ForcedlyDisabled

ToforcedlyenableZTPontheswitch,usethefollowingcommand:

ToforcedlydisableZTPontheswitch,usethefollowingcommand:

ToresettheZTPtoitsdefaultsetting,usethefollowingcommand:

ToviewthecurrentZTPstate,usethefollowingcommand:

ToviewtheZTPparametersobtainedaftertheZTPprocesshasexecuted,usethefollowingcommand:

Switch(config)#startupzerotouchforceenable

Switch(config)#startupzerotouchforcedisable

Switch(config)#nostartupzerotouchforce

Switch#displayboot

CurrentZTPState:EnableCurrentFLASHsoftware:activeimage:version10.6.0.1,downloaded18:39:47UTCWedSep162015standbyimage:version10.6.0.1,downloaded18:44:40UTCWedSep162015Uboot:version10.6.0.1,downloaded17:49:51UTCThuJul302015CurrentlysettobootsoftwareactiveimageCurrentlyscheduledreboottime:noneCurrentportmode:defaultmode

Switch#displayzerotouch

TFTPserver:10.122.3.69Image:G8xxx10.6.0.1.imgConfiguration:netboot_config_file_G8xxxScript:netboot_G8xxx.py


DHCP IP Address ServicesForremoteswitchadministration,theclientterminaldevicemusthaveavalidIPaddressonthesamenetworkastheswitchinterface.TheIPaddressontheclientdevicemaybeconfiguredmanually,orobtainedautomaticallyusingIPv6statelessaddressconfiguration,oranIPaddressmaybeobtainedautomaticallyviaDHCPrelayasdiscussedinthenextsection.

TheswitchcanfunctionasarelayagentforDHCP.ThisallowsclientstobeassignedanIPaddressforafiniteleaseperiod,reassigningfreedaddresseslatertootherclients.Actingasarelayagent,theswitchcanforwardaclientsIPaddressrequesttouptofiveDHCPservers.Additionally,uptofivedomainspecificDHCPserverscanbeconfiguredforeachofupto10VLANs.

WhenaswitchreceivesaDHCPrequestfromaclientseekinganIPaddress,theswitchactsasaproxyfortheclient.TherequestisforwardedasaUDPunicastMAClayermessagetotheDHCPserversconfiguredfortheclientsVLANortotheglobalDHCPserversifnodomainspecificDHCPserversareconfiguredfortheclientsVLAN.TheserversrespondtotheswitchwithaunicastreplythatcontainstheIPdefaultgatewayandtheIPaddressfortheclient.Theswitchthenforwardsthisreplybacktotheclient.

DHCPisdescribedinRFC2131andtheDHCPrelayagentsupportedontheswitchisdescribedinRFC1542.DHCPusesUserDatagramProtocol(UDP)asitstransportprotocol.Theclientsendsmessagestotheserveronport67andreceivesmessagesfromtheserveronport68.

DHCP Client ConfigurationDHCPisenabledbydefaultonthemanagementinterfaceanddisabledonallotherinterfaces.YoucanenableDHCPonlyonamaximumof10interfaces,includingthemanagementinterface.

ToenableordisableDHCPonaninterface(forexampleethernetinterface1/12),usethefollowingcommand:

forDHCPv4:

forDHCPv6:

Notes:

DHCPcannotbeenabledonaninterfaceconfiguredasaswitchport,onlyonroutingports.

ManuallyconfiguringanIPaddressonaninterfacewilldisableDHCPforthatinterface.

Switch(config)#interfaceethernet1/12Switch(configif)#nobridgeportSwitch(configif)#ipaddressdhcp

Switch(config)#interfaceethernet1/12Switch(configif)#nobridgeportSwitch(configif)#ipv6addressdhcp


DHCPv4 Hostname Configuration (Option 12)TheswitchsupportsDHCPv4hostnameconfigurationasdescribedinRFC2132,option12.DHCPv4hostnameconfigurationisdisabledbydefault.

Theswitchshostnamecanbemanuallyconfiguredusingthefollowingcommand:

Note: Ifthehostnameismanuallyconfigured,theswitchdoesnotreplaceitwiththehostnamereceivedfromtheDHCPv4server.

AfterDHCPconfiguresthehostnameontheswitch,iftheDHCPv4configurationisdisabled,theswitchretainsthehostname.

ToenableordisableDHCPhostnameconfiguration,usethefollowingcommandonaninterface(inthisexample,ethernetport1/12isused):

Toviewthesystemhostnameusethefollowingcommand:

Note: Theswitchpromptalsodisplaysthehostname.

DHCPv4 Syslog Server (Option 7)TheswitchsupportstherequestingoftheSyslogserverIPaddressfromtheDHCPserverasdescribedinRFC2132,option7.TheDHCPv4Syslogserverrequestoptionisdisabledbydefault.Note: ManuallyconfiguredSyslogserverstakepriorityovertheDHCPv4Syslogserver.

UptothreeSyslogserveraddressesreceivedfromtheDHCPv4servercanbeused.TheSyslogserveraddressescanbelearnedoverthemanagementportoranethernetport.

ToenableordisabletheDHCPSyslogserverrequest,usethefollowingcommandonaninterface(inthisexample,ethernetport1/12isused):

ToviewtheSyslogserveraddress,usethefollowingcommand:

Switch(config)#hostname

Switch(config)#interfaceethernet1/12Switch(configif)#[no]ipdhcpclientrequesthostname

Switch>displayhostname

Switch(config)#interfaceethernet1/12Switch(configif)#[no]ipdhcpclientrequestlogserver

Switch>displayloggingserver

Loggingserver:enabled{*2.2.2.1}Serverseverity:debuggingServerfacility:local7Servervrf:data*ValuesassignedbyDHCPClient.


DHCPv4 NTP Server (Option 42)ThisoptionrequesttheDHCPservertoprovidealistofIPaddressesindicatingNetworkTimeProtocol(NTP)serversavailabletotheclient.TheNTPserversarelistedinorderofpreference.TheswitchsupportstherequestingofNTPserversasdescribedinRFC2132,option42.

Bydefault,theswitchdoesnotincludethisrequestinDHCPv4messages.Toenableordisablethisoptiononaninterface,usethefollowingcommand(inthisexample,ethernetport1/12isused):

Note: AnymanuallyconfiguredNTPserverwillnotbeoverwrittenbytheNTPserversreceivedviaDHCPv4.

ToviewthelistofNTPservers,usethefollowingcommand:

DHCPv4 Vendor Class Identifier (Option 60)ThisoptionisusedbyaDHCPclienttoidentifyitselftotheDHCPserver.ItisusedtodefinethevendortypeandfunctionalityoftheDHCPclient.TheDHCPclientcancommunicatetoaserverthatitusesaspecifictypeofhardwareorsoftwarebyspecifyingitsVendorClassIdentifier(VCI).

TheswitchsupportstheidentifyingofaTFTPserverasdescribedinRFC2132,option60.

EachswitchinterfacecanbeconfiguredwithadifferentVCI.

Bydefault,theswitchwillincludethisoptioninDHCPv4packets.ToenableordisabletheidentificationofTFTPserversusethefollowingcommand(inthisexample,ethernetport1/12isused):

Note: DependingontheLenovoRackSwitch,thedefaultVCIisdifferent. fortheLenovoRackSwitchG8272,thedefaultVCIisLENOVOG8272 fortheLenovoRackSwitchG8296,thedefaultVCIisLENOVOG8296 fortheLenovoRackSwitchG8332,thedefaultVCIisLENOVOG8332 fortheLenovoRackSwitchNE2572,thedefaultVCIisLENOVONE2572 fortheLenovoRackSwitchNE10032,thedefaultVCIisLENOVONE10032 fortheLenovoRackSwitchNE1032,thedefaultVCIisLENOVONE1032 fortheLenovoRackSwitchNE1032T,thedefaultVCIisLENOVONE1032T fortheLenovoRackSwitchNE1072T,thedefaultVCIisLENOVONE1072T

Switch(config)#interfaceethernet1/12Switch(configif)#[no]ipdhcpclientrequestntpserver

Switch>displayntppeers

Switch(config)#interfaceethe

lenovo network application guide for lenovo cloud...

Documents