lenovo network application guide for lenovo cloud...

LenovoNetwork

ApplicationGuideforLenovoCloudNetworkOperatingSystem10.6

Note:Beforeusingthisinformationandtheproductitsupports,readthegeneralinformationintheSafetyinformationandEnvironmentalNoticesandUserGuidedocumentsontheLenovoDocumentationCD,andtheWarrantyInformationdocumentthatcomeswiththeproduct.

FirstEdition(December2017)

CopyrightLenovo2017PortionsCopyrightIBMCorporation2014.

LIMITEDANDRESTRICTEDRIGHTSNOTICE:IfdataorsoftwareisdeliveredpursuantaGeneralServicesAdministrationGSAcontract,use,reproduction,ordisclosureissubjecttorestrictionssetforthinContractNo.GS35F05925.

LenovoandtheLenovologoaretrademarksofLenovointheUnitedStates,othercountries,orboth.

Copyright Lenovo 2017 3

ContentsPreface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23WhoShouldUseThisGuide .......................24ApplicationGuideOverview .......................25AdditionalReferences ..........................28TypographicConventions ........................29

Part 1: Getting Started . . . . . . . . . . . . . . . . . . . . . . 31

Chapter 1. Using the Command Line Interface . . . . . . . . . . . . 33CLICommandModes ..........................34CommandLineInterfaceShortcuts....................35

CLIListandRangeInputs......................35CommandAbbreviation .......................35TabCompletion...........................35LineEditing............................36

CommandAliases ...........................37DefiningAliases ..........................37RemovingAliases ..........................37DisplayingAliases .........................37RulesforUsingAliases .......................37

Chapter 2. Switch Administration . . . . . . . . . . . . . . . . . 41AdministrationInterfaces ........................42IndustryStandardCommandLineInterface ................43EstablishingaConnection........................44

UsingtheSwitchManagementInterface................44OtherWaystoManagetheSwitchUsingIP...............45ConfiguringaSwitchedVirtualInterfaceforManagement ........45UsingtheSwitchEthernetPortsinRoutedPortModeforManagement ..46UsingTelnet ............................47UsingSecureShell..........................48

UsingSSHwithPasswordAuthentication .............48UsingSSHwithServerKeyAuthentication .............49

UsingSimpleNetworkManagementProtocol..............50ZeroTouchProvisioning ........................51

DHCPDiscovery ..........................52ZTPBootFile ............................53ForcedlyEnablingorDisablingZTP..................54

4 Application Guide for CNOS 10.6

DHCPIPAddressServices ....................... 55DHCPClientConfiguration ..................... 55DHCPv4HostnameConfiguration(Option12) ............. 56DHCPv4SyslogServer(Option7)................... 56DHCPv4NTPServer(Option42) ................... 57DHCPv4VendorClassIdentifier(Option60) .............. 57DHCPv4Snooping ......................... 58

ConfiguretheDHCPv4SnoopingBindingTable .......... 58ConfiguretheDHCPv4SnoopingSyslog.............. 59DHCPSnoopingLimitations................... 59

DHCPRelayAgent ......................... 60DHCPv4Option82 ......................... 61

SwitchLoginLevels .......................... 62Ping ................................. 64

PingConfigurableParameters .................... 65TestInterruption ........................ 65PingCount ........................... 65PingPacketInterval ....................... 65PingPacketSize......................... 66PingSource........................... 66PingDFBit ........................... 66PingTimeout.......................... 67PingVRF............................ 67PingInteractiveMode ...................... 67

Traceroute............................... 69TracerouteConfigurableParameters ................. 70

TestInterruption ........................ 70TracerouteSource........................ 70TracerouteVRF......................... 70TracerouteInteractiveMode ................... 71

NetworkTimeProtocol ......................... 72NTPSynchronizationRetry ..................... 72NTPClientandPeer ........................ 73

NTPAuthenticationFieldEncryptionKey ............. 74NTPPollingIntervals ...................... 74NTPPreference......................... 75

DynamicandStaticNTPServers ................... 75NTPAuthentication ......................... 75NTPAuthenticationConfigurationExample .............. 76

DomainNameServerClient ....................... 77SystemLogging ............................ 79

SyslogOutput ........................... 80SyslogSeverityLevels ........................ 81SyslogTimeStamping ........................ 82SyslogRateLimit.......................... 83SyslogUserActionLogging ..................... 83SyslogServers ........................... 84ConsoleLoggingFloodControl .................... 85DuplicateSyslogMessageSuppression ................ 86CoreDumpInformation....................... 86

Copyright Lenovo 2017 Contents 5

IdleDisconnect .............................87PythonScripting ............................88RESTAPIProgramming .........................89

Chapter 3. System License Keys . . . . . . . . . . . . . . . . . 91ObtainingLicenseKeys.........................92InstallingLicenseKeys .........................93UninstallingLicenseKeys........................94TransferringLicenseKeys ........................95ONIELicenseKey ...........................96

Chapter 4. Switch Software Management . . . . . . . . . . . . . . 97InstallingNewSoftwaretoYourSwitch ..................98

InstallingSystemImagesfromaRemoteServer.............98InstallingSystemImagesfromaUSBDevice .............100InstallingUbootfromaRemoteServer ...............101InstallingUbootfromaUSBDevice .................102

SelectingaSoftwareImagetoRun ...................103ReloadingtheSwitch .........................104

NormalReboot ..........................104ScheduledBoot ..........................104

CopyingConfigurationFiles ......................106CopyConfigurationFilesviaaRemoteServer ............106CopyConfigurationFilestoaUSBDevice ..............107

ResettingtheSwitchtotheFactoryDefaults ...............108ConvertingtheSwitchSoftwareImagefromCNOStoENOS........109TheNE10032/NE2572GRUBMenu ...................111NE10032/NE2572RescueMode .....................112TheBootManagementMenu ......................113

SwitchingBetweenENOSandCNOSImagesLoadedontheG8272 ...114BootRecoveryMode .......................115RecoveringfromaFailedImageUpgradeusingTFTP .........116RecoveringfromaFailedImageUpgradeusingXModemDownload ..118PhysicalPresence .........................119ONIESubmenu ..........................120

ONIE ................................122


Part 2: Securing the Switch . . . . . . . . . . . . . . . . . . . 123

Chapter 5. Securing Administration . . . . . . . . . . . . . . . . 125SecureShellandSecureCopy..................... 126

SSHEncryptionandAuthentication ................. 126GeneratingRSA/DSAHostKeyforSSHAccess ............ 127SSHIntegrationwithTACACS+Authentication ........... 127ConfiguringSSHontheSwitch ................... 127UsingSSHClientCommands.................... 128UsingSecureCopy ........................ 128

CopyingaFileUsingSCP ................... 128CopyingtheStartupConfigurationUsingSCP.......... 129CopyingtheRunningConfigurationUsingSCP .......... 129CopyingTechnicalSupportFilesUsingSCP ........... 129

EnduserAccessControl ....................... 130ConsiderationsforConfiguringEnduserAccounts .......... 130StrongPasswords ......................... 130UserAccessControl ........................ 131

SettingupUsers ....................... 131DefiningaUsersAccessLevel ................. 132DeletingaUser ........................ 132TheDefaultUser ....................... 132PasswordHistoryChecking .................. 133AdministratorPasswordRecovery ............... 134

Chapter 6. AAA Protocols . . . . . . . . . . . . . . . . . . . . 137RADIUS............................... 138

RADIUSBasics.......................... 138HowRADIUSAuthenticationWorks ................ 138RADIUSAuthenticationFeaturesinCloudNOS........... 139SwitchUserAccounts ....................... 139RADIUSAttributesforCloudNOSUserPrivileges .......... 139ConfiguringRADIUSontheSwitch................. 140

TACACS+.............................. 141TACACS+Basics......................... 141HowTACACS+AuthenticationWorks ............... 141TACACS+AuthenticationFeaturesinCloudNOS........... 142

Authorization......................... 142Accounting .......................... 142

ConfiguringTACACS+AuthenticationontheSwitch ......... 143LightweightDirectoryAccessProtocol................. 144

ConfigureanLDAPProfile..................... 144CreateanLDAPServerGroup ................... 147ConfigureGlobalLDAPSettings .................. 147ViewLDAPSettings ....................... 148


Authentication,Authorization,andAccounting..............149AAAGroups...........................149

GroupLists ..........................149ConfiguringAAAGroups ...................150

Authentication ..........................151ConfiguringAAAAuthentication..................151Authorization ..........................153ConfiguringAAAAuthorization ..................153Accounting............................154ConfiguringAAAAccounting...................154

PublicKeyInfrastructure .......................155PKIComponents .........................155ImplementingaPKISystem ....................156RemovingPKIComponents....................157ViewingPKIComponents .....................158

Chapter 7. Access Control Lists . . . . . . . . . . . . . . . . . . 161SupportedACLTypes.........................162SummaryofPacketClassifiers .....................163SummaryofACLActions.......................165ConfiguringPortACLs(PACLs) ....................166ConfiguringRouterACLs(RACLs) ...................167ConfiguringVLANACLs(VACLs) ...................169ACLOrderofPrecedence .......................171CreatingandModifyingACLs.....................172

CreatinganIPv4ACL .......................173RemovinganIPv4ACL ......................173ResequencinganIPv4ACL .....................173CreatingaMACACL .......................174RemovingaMACACL ......................174ResequencingaMACACL.....................175CreatinganARPACL .......................175RemovinganARPACL ......................176ResequencinganARPACL.....................176RemarksandACLs ........................176

AddACLRemarks ......................177RemoveACLRemarks.....................177ViewACLRemarks ......................178

ViewingACLRuleStatistics......................179ACLConfigurationExamples .....................180

ACLExample1..........................180ACLExample2..........................180ACLExample3..........................181ACLExample4..........................181ACLExample5..........................182ACLExample6..........................182

ACLLogging ............................183ConfigureACLLogging ......................183


Part 3: Switch Basics . . . . . . . . . . . . . . . . . . . . . . 185

Chapter 8. Interface Management . . . . . . . . . . . . . . . . . 187InterfaceManagementOverview.................... 188ManagementInterface ........................ 189

VirtualRoutingandForwarding .................. 190PhysicalPorts ............................ 191

G8272PhysicalPortCapabilities.................. 191G8296PhysicalPortCapabilities.................. 192G8332PhysicalPortCapabilities.................. 192NE1072TPhysicalPortCapabilities ................. 193NE1032TPhysicalPortCapabilities ................. 193NE1032PhysicalPortCapabilities.................. 194NE2572PhysicalCapabilities .................... 195NE10032PhysicalCapabilities ................... 196CLIPortFormat ......................... 197

PortAggregation ........................... 200LoopbackInterfaces ......................... 201SwitchVirtualInterfaces ....................... 202BasicInterfaceConfiguration ..................... 203

ForwardingErrorCorrection.................... 206InterfaceDescription....................... 207InterfaceDuplex ......................... 207InterfaceMACAddress...................... 208InterfaceMaximumTransmissionUnit ............... 208InterfaceShutdown ........................ 209InterfaceSpeed.......................... 209FlowControl ........................... 210StormControl.......................... 210

Chapter 9. Forwarding Database . . . . . . . . . . . . . . . . . 213MACLearning ............................ 214StaticMACaddresses ......................... 215AgingTime ............................. 216

Chapter 10. VLANs . . . . . . . . . . . . . . . . . . . . . . . 217VLANOverview........................... 218VLANConfiguration ......................... 219

CreatingaVLAN......................... 220DeletingaVLAN ......................... 221ConfiguringtheStateofaVLAN.................. 221ReservedVLANs ......................... 223ConfiguringtheNameofaVLAN ................. 224ConfiguringaSwitchAccessPort.................. 225ConfiguringtheAccessVLAN................... 225ConfiguringaSwitchTrunkPort.................. 226

ConfiguringtheAllowedVLANList............... 226ConfiguringtheNativeVLAN................. 228

NativeVLANTagging........................ 229ConfiguringNativeVLANTagging................... 231


PortVLANIDIngressTagging.....................233IPSubnetVLANAssignment......................234IPMCFlooding ............................236HybridBridgePortMode.......................237

HybridBridgePortModeRules...................237ConfiguringaHybridBridgePort ..................238

VLANTopologiesandDesignConsiderations ..............240MultipleVLANswithTrunkModeAdapters.............240VLANConfigurationExample ...................242

Chapter 11. Ports and Link Aggregation . . . . . . . . . . . . . . 243PortConfigurationProfiles.......................244

G8272PortConfiguration .....................244G8296PortConfiguration .....................247G8332PortConfiguration .....................249NE1072TPortConfiguration....................252NE1032TPortConfiguration....................254NE1032PortConfiguration .....................254NE2572PortConfiguration .....................254NE10032PortConfiguration ....................257

AggregationOverview ........................260CreatingaLAG ..........................261

StaticLAGs.............................262StaticLAGConfigurationRules ...................262ConfiguringaStaticLAG .....................263

LinkAggregationControlProtocol ...................266ConfiguringLACP ........................266

SystemPriority ........................267PortPriority .........................267LACPTimeout ........................268LACPIndividual.......................268LACPMinimumLinks.....................269LACPConfigurationExample..................270

LAGHashing ............................272LAGHashingConfiguration....................274

Chapter 12. Spanning Tree Protocol . . . . . . . . . . . . . . . . 277STPOverview ............................278BridgeProtocolDataUnits .......................279

DeterminingthePathforForwardingBPDUs .............279BPDUGuard.........................279BPDUFilter..........................280RootGuard ..........................280LoopGuard..........................281PortPriority .........................281PortPathCost.........................282

ErrorDisableRecovery ........................283PortTypeandLinkType .......................284

EdgePort ............................284LinkType ............................284


RapidPerVLANSpanningTreePlus .................. 285RapidPVST+Parameters ..................... 286

BridgePriority ........................ 286PortPriority......................... 286PortPathCost ........................ 287ForwardDelay ........................ 287HelloTimer ......................... 287MaximumAgeInterval .................... 288

RapidPVST+Configuration ...................... 289MultipleSpanningTreeProtocol .................... 290

CommonInternalSpanningTree.................. 290PortStates ............................ 290MSTRegion ........................... 291MSTPParameters ......................... 291

HopCount.......................... 292ForwardDelay ........................ 292HelloTimer ......................... 293MaximumAgeInterval .................... 293BridgePriority ........................ 293PortPriority......................... 294PortPathCost ........................ 294

MSTPConfiguration ......................... 295MSTPConfigurationExample................... 295

Chapter 13. Virtual Link Aggregation Groups . . . . . . . . . . . . 297vLAGOverview........................... 298vLAGCapacities ........................... 300

vLAGBenefits .......................... 300vLAGSynchronizationMechanism ................. 301vLAGSystemMAC ........................ 301vLAGandLACPIndividual.................... 302vLAGandLACPSystemPriority .................. 302vLAGLACPMisconfigurationsorCablingErrors ........... 302FDBSynchronization ....................... 303vLAGandSTP .......................... 304vLAGandVRRP......................... 305

vLAGVRRPPassiveMode(HalfActiveActive).......... 305vLAGVRRPActiveMode(FullActiveActive) .......... 305

vLAGConfigurationConsistencyCheck ............... 306vLAGandIGMPSnooping..................... 308

MulticastRouterSynchronization ................ 308IGMPGroupsSynchronization................. 308IGMPQuerierSynchronization ................. 308

vLAGPeerGateway ....................... 309vLAGsversusregularLAGs...................... 310


ConfiguringvLAGs ..........................311vLAGISL............................312vLAGRoleElection ........................312vLAGInstance ..........................313FDBRefresh ...........................314vLAGTierID ...........................314vLAGStartupDelay ........................314vLAGAutorecovery.......................315

HealthCheck.............................316BasicHealthCheckConfigurationExample..............317

BasicvLAGConfigurationExample ...................318ConfiguringtheISL ........................318ConfiguringthevLAG .......................320

vLAGConfigurationVLANsMappedtoaMSTInstance .........321ConfiguringtheISL ........................321ConfiguringthevLAG .......................322

ConfiguringvLAGsinMultipleLayers.................323Task1:ConfigureLayer2/3BorderRegion ..............323

ConfigureBorderRouter1 ...................323ConfigureBorderRouter2 ...................324

Task2:ConfigureswitchesintheLayer2region ...........324ConfiguringSwitchA .....................324ConfiguringSwitchB .....................325ConfiguringSwitchesCandD .................327ConfiguringSwitchE .....................328ConfiguringSwitchF .....................329

Chapter 14. Quality of Service. . . . . . . . . . . . . . . . . . . 331QoSOverview............................332ClassMaps .............................333

QoSClassificationTypes ......................333UsingACLFilters .......................333SummaryofQoSActions ....................334UsingClassofServiceFilters ..................334Using802.1pPrioritytoProvideQoS...............334UsingDiffServCodePoint(DSCP)Filters .............335UsingTCP/UDPPortFilters...................337UsingPrecedenceFilters....................338UsingProtocolFilters .....................338

QueuingClassificationTypes ....................339ClassMapConfigurationExamples.................339

QoSClassMapConfigurationExample..............339QueueingClassMapConfigurationExample...........340


PolicyMaps ............................. 341IngressPolicing.......................... 341

DefiningSingleRateandDualRatePolicers ........... 341Marking ........................... 343

QueuingPolicing ......................... 343Bandwidth .......................... 343Shaping ........................... 343Priority ........................... 343

PolicyMapConfigurationExamples ................ 344QoSPolicyMapConfigurationExample............. 344QueuingPolicyMapConfigurationExample ........... 345

ControlPlaneProtection ....................... 346ControlPlaneConfigurationExamples ............... 347

WRED ............................... 349ConfiguringWRED ........................ 349WREDConfigurationExample ................... 349

InterfaceServicePolicy ........................ 351ApplyanInterfaceServicePolicy .................. 351InterfaceServicePolicyLimitations ................. 351

MicroburstDetection ......................... 352

Chapter 15. CEE . . . . . . . . . . . . . . . . . . . . . . . . 353RoCEandiSCSI........................... 354

RoCERequirements ........................ 354ConvergedEnhancedEthernet..................... 355

TurningCEEOnorOff...................... 355EffectsonLinkLayerDiscoveryProtocol............... 356Effectson802.1pQualityofService ................. 356EffectsonFlowControl ...................... 357

PriorityBasedFlowControl ...................... 358PFCConfiguration ........................ 358PFCConfigurationExample .................... 359

EnhancedTransmissionSelection.................... 361802.1pPriorityValues....................... 361PriorityGroups.......................... 362

PGID............................ 362AssigningPriorityValuestoaPriorityGroup ........... 363AllocatingBandwidth ..................... 363

ConfiguringETS ......................... 364DataCenterBridgingCapabilityExchange................ 367

DCBXModes........................... 367DCBXSettings.......................... 367

EnablingandDisablingDCBX ................. 368PeerConfigurationNegotiation................. 368

ConfiguringDCBX ........................ 369CEEConfigurationExamples ..................... 370

CEEExample1.......................... 370CEEExample2.......................... 371


Chapter 16. Secure Mode. . . . . . . . . . . . . . . . . . . . . 373SecureModeOverview ........................374UsingProtocolsWithSecureMode...................375

InsecureProtocols .........................375SecureProtocols .........................375InsecureProtocolsUnaffectedbySecureMode ............377

EnablingandDisablingSecureMode ..................378

Part 4: IP Routing . . . . . . . . . . . . . . . . . . . . . . . . 379

Chapter 17. Basic IP Routing . . . . . . . . . . . . . . . . . . . 381IPRouting..............................382

DirectandIndirectRouting.....................383StaticRouting ..........................383DynamicRouting .........................384DefaultGateway .........................384VirtualRoutingandForwarding ..................385

RoutingInformationBase .......................386BidirectionalForwardingDetection ...................387

BFDAsynchronousMode .....................388BFDEchoMode..........................388BFDPeerSupport .........................389BFDStaticRoutes .........................389BFDAuthentication ........................390GeneralizedTTLSecurityMechanism................391BFDandBGP...........................391BFDandOSPF ..........................391

RoutingBetweenIPSubnets ......................392ExampleofSubnetRouting.....................393UsingVLANstoSegregateBroadcastDomains ............394

ConfigurationExample.....................394ECMPStaticRoutes ..........................397

RIBSupportforECMPRoutes ...................397ECMPHashing ..........................397ConfiguringECMPStaticRoutes ..................398

WeightedECMPRoutes........................399RequirementsforWeightedECMP .................399ConfigureWeightedECMP.....................399

DynamicHostConfigurationProtocol ..................401InternetControlMessageProtocol ...................402

ICMPRedirects..........................403ICMPPortUnreachable ......................403ICMPUnreachable(exceptPort) ..................403

Chapter 18. Routed Ports. . . . . . . . . . . . . . . . . . . . . 405RoutedPortsOverview ........................406ConfiguringaRoutedPort .......................408

ConfiguringOSPFonRoutedPorts .................409OSPFConfigurationExample ..................409


Chapter 19. Address Resolution Protocol. . . . . . . . . . . . . . 411ARPOverview ............................ 412ARPAgingTimer .......................... 413ARPInspection ........................... 414StaticARPEntries.......................... 415

StaticARPConfigurationExample ................. 415ARPEntryStates........................... 416ARPTableRefresh.......................... 417ProxyARP ............................. 418

ProxyARPLimitations ...................... 418ConfigureProxyARP ....................... 418

Chapter 20. Internet Protocol Version 6 . . . . . . . . . . . . . . 419IPv6AddressFormat ......................... 420IPv6AddressTypes ......................... 421

UnicastAddress......................... 421Multicast ............................ 421Anycast ............................. 422

IPv6Interfaces ............................ 423NeighborDiscovery ......................... 424

NeighborDiscoveryOverview ................... 424RouterNodes .......................... 425NeighborTableThreshold ..................... 425

SupportedApplications........................ 426ConfigurationGuidelines....................... 427IPv6ConfigurationExamples..................... 428

IPv6Example1 .......................... 428IPv6Example2 .......................... 428

IPv6Limitations........................... 429

Chapter 21. Internet Group Management Protocol . . . . . . . . . . 431IGMPTerms ............................. 432HowIGMPWorks .......................... 433IGMPCapacityandDefaultValues................... 434IGMPSnooping........................... 435

IGMPv3Snooping ........................ 436SpanningTreeTopologyChange .................. 436IGMPQuerier.......................... 437

QuerierElection........................ 437MulticastRouterDiscovery .................... 439IGMPQueryMessages ...................... 440IGMPGroups .......................... 440IGMPSnoopingConfigurationGuidelines .............. 442

IGMPSnoopingConfigurationExample ................. 443


AdvancedIGMPSnoopingConfigurationExample ............445Prerequisites ...........................446IGMPConfiguration........................446

SwitchAConfiguration ....................446SwitchBConfiguration.....................447SwitchCConfiguration ....................448

Troubleshooting .........................449AdditionalIGMPFeatures.......................452

ReportSuppression ........................452RobustnessVariable ........................452FastLeave............................453StaticMulticastRouter .......................454

Chapter 22. Border Gateway Protocol . . . . . . . . . . . . . . . 455BGPOverview ............................456

BGPRouterIdentifier .......................456InternalRoutingVersusExternalRouting ................457RouteReflector ............................459

RouteReflectionConfigurationExample...............460Restrictions............................461

FormingBGPPeerRouters.......................462BGPPeersandDynamicPeers...................462

StaticPeers ..........................462DynamicPeers........................463

LoopbackInterfaces ..........................464WhatisaRouteMap?.........................465

NextHopPeerIPAddress .....................466IncomingandOutgoingRouteMaps ................466Precedence ............................466ConfigurationOverview ......................466

AggregatingRoutes ..........................468RedistributingRoutes .........................469BGPCommunities..........................471

BGPCommunity .........................471BGPExtendedCommunity .....................473BGPConfederation ........................474

BGPPathAttributes..........................475WellKnownMandatory ......................475WellKnownDiscretionary.....................475OptionalTransitive ........................476OptionalNonTransitive......................476

BestPathSelectionLogic........................477BGPBestPathSelection ......................477BGPWeight...........................478LocalPreference .........................478Metric(MultiExitDiscriminator)Attribute ..............478NextHop ............................479BestPathSelectionTuning .....................479BGPECMP............................481


BGPFeaturesandFunctions ...................... 482ASPathFilter .......................... 482BGPCapabilityCode ....................... 482AdministrativeDistance...................... 482TTLSecurityCheck........................ 483LocalAS............................. 483BGPAuthentication ........................ 484OriginateDefaultRoute ...................... 484IPPrefixListFilter ........................ 485DynamicCapability ........................ 486BGPGracefulRestart ....................... 486BGPDamping .......................... 487SoftReconfigurationInbound ................... 488BGPRouteRefresh ........................ 488BGPMultipleAddressFamilies................... 489BGPandBFD .......................... 489BGPNextHopTracking...................... 490BGPTuning ........................... 490

BGPFailoverConfiguration...................... 491DefaultRedistributionandRouteAggregationExample .......... 493DesigningaClosNetworkUsingBGP.................. 495ClosNetworkBGPConfigurationExample ............... 496

ConfigureFabricSwitchSF1 .................. 497ConfigureSpineSwitchSP11 .................. 499ConfigureLeafSwitchLP11 .................. 502

ConfiguringBGPUnnumbered..................... 504ConfigureBGPUnnumbered .................. 505BGPUnnumberedLimitations................. 506

DifferentiatedServicesandBGP .................... 507CommandsforUsingDSwithBGP ................. 508DSwithBGPExample ....................... 508

Chapter 23. Open Shortest Path First . . . . . . . . . . . . . . . 509OSPFv2Overview .......................... 510

TypesofOSPFAreas ....................... 510TypesofOSPFRoutingDevices................... 511NeighborsandAdjacencies .................... 512TheLinkStateDatabase...................... 512TheShortestPathFirstTree .................... 513InternalVersusExternalRouting.................. 513


OSPFv2ImplementationinCloudNOS .................514ConfigurableParameters ......................514DefiningAreas..........................515

UsingtheAreaIDtoAssigntheOSPFAreaNumber ........515AttachinganAreatoaNetwork .................516

InterfaceCost ...........................516ElectingtheDesignatedRouterandBackup .............516SummarizingRoutes .......................517DefaultRoutes ..........................517VirtualLinks ...........................519RouterID ............................519Authentication ..........................520

ConfiguringPlainTextOSPFPasswords.............521ConfiguringMD5Authentication ................522

LoopbackInterfacesinOSPF ....................522GracefulRestartHelper ......................523OSPFandBFD ..........................523

OSPFv2ConfigurationExamples ....................524Example 1:SimpleOSPFDomain ..................524Example 2:VirtualLinks......................526

ConfiguringOSPFforaVirtualLinkonSwitch1 .........526ConfiguringOSPFforaVirtualLinkonSwitch2 .........527OtherVirtualLinkOptions ...................528

Example 3:SummarizingRoutes..................528VerifyingOSPFConfiguration...................529

Chapter 24. Route Maps . . . . . . . . . . . . . . . . . . . . . 531RouteMapsOverview.........................532PermitandDenyRules........................533MatchandApplyClauses.......................534RouteMapsConfigurationExample...................536

Part 5: High Availability Fundamentals . . . . . . . . . . . . . . . 537

Chapter 25. Basic Redundancy . . . . . . . . . . . . . . . . . . 539AggregatingforLinkRedundancy...................540VirtualLinkAggregation.......................541

Chapter 26. Virtual Router Redundancy Protocol . . . . . . . . . . . 543VRRPOverview ...........................544

VRRPComponents ........................545VirtualRouter.........................545VirtualRouterMACAddress ..................545OwnersandRenters ......................545MasterandBackupVirtualRouter ................545VirtualInterfaceRouter ....................545

AssigningVRRPVirtualRouterID .................546VRRPOperation.........................546SelectingtheMasterVRRPRouter ..................546

FailoverMethods ...........................548ActiveActiveRedundancy .....................548


CloudNOSExtensionstoVRRP .................... 549VRRPAdvertisementIntervalandSubsecondFailover ........ 549InterfaceTracking......................... 550SwitchBackDelay ........................ 550BackwardCompatibilitywithVRRPv2 ............... 551VRRPAcceptMode........................ 551VRRPPreemption ........................ 552VRRPPriority.......................... 552IPv6VRRP ............................ 553

ConfiguringtheSwitchforTracking .................. 555BasicVRRPConfiguration ....................... 556ConfiguringVRRPHighAvailabilityUsingMultipleVIRs......... 558

Task1:ConfigureSwitch1 ................... 559Task2:ConfigureSwitch2 ................... 560

Chapter 27. Layer 2 Failover . . . . . . . . . . . . . . . . . . . 563MonitoringLAGLinks ........................ 564SettingtheFailoverLimit ....................... 565ManuallyMonitoringPortLinks .................... 566

MonitorPortState ........................ 566ControlPortState ......................... 566

L2FailoverwithOtherFeatures.................... 567StaticLAGs ........................... 567LACP .............................. 567SpanningTreeProtocol ...................... 567

ConfigurationGuidelines....................... 568ConfiguringLayer2Failover...................... 569

Part 6: Network Management . . . . . . . . . . . . . . . . . . . 571

Chapter 28. Link Layer Discovery Protocol . . . . . . . . . . . . . 573LLDPOverview ........................... 574EnablingorDisablingLLDP ...................... 575LLDPTransmitFeatures........................ 576

ScheduledInterval ........................ 576MinimumInterval ........................ 576TimetoLiveforTransmittedInformation.............. 577TrapNotifications ........................ 577ChangingtheLLDPTransmitState................. 578TypesofInformationTransmitted.................. 579

LLDPReceiveFeatures ........................ 580TypesofInformationReceived ................... 580TimetoLiveforReceivedInformation ............... 580ViewingRemoteDeviceInformation ................ 581

DebuggingLLDP........................... 582LLDPExampleConfiguration ..................... 584


Chapter 29. Service Location Protocol . . . . . . . . . . . . . . . 587SLPAgentsCommunication ......................588

SLPSpecificMessages .......................588SLPSupportedServiceAttributes ..................588

SLPConfiguration..........................589

Chapter 30. Simple Network Management Protocol . . . . . . . . . . 591SNMPVersions............................592

SNMPVersion1&Version2 ....................592SNMPVersion3 .........................592

SNMPProtocolDetails ........................593SNMPNotifications ........................593SNMPDeviceContactandLocation.................593OneTimeAuthenticationforSNMPoverTCP............593

DefaultConfiguration .........................594ConfigurationExamples ........................595

BasicSNMPConfigurationExample .................595UserConfigurationExample....................595ConfiguringSNMPTrapHosts ...................596

SNMPMIBs.............................597

Chapter 31. Telemetry . . . . . . . . . . . . . . . . . . . . . . 599NetworkTelemetryOverview .....................600CNOSTelemetryArchitecture .....................601TheGangliaAnalyticsApplication ...................603

TheGangliaAgent ........................603TheCentralDataAggregator ....................603TheDataVisualizationFrontEnd ..................604TheGangliaMetricTool ......................604UsingGangliawithCNOS .....................604

TypesofDataSuppliedbytheCNOSTelemetryAgent..........606BufferStatistics ..........................606

CongestionDropCounters...................606BufferUtilizationCounters ...................606BufferStatisticsNames .....................606

RealmParametersandIndexes...................607SettingUptheCNOSTelemetryAgent .................609

EnabletheTelemetryAgent ....................609ConfiguretheTelemetryController.................609SetUptheTelemetryHeartbeat ...................610

ConfiguringTelemetryAgentParameters ................611CongestionDropCounters.....................611BSTBufferCounters ........................623DetectCongestionAfteritHappens .................632PredictingCongestionBeforeitHappens ...............638CapacityPlanningBasedonTrendAnalysis.............647


Part 7: Hyperconverged Infrastructure . . . . . . . . . . . . . . . 653

Chapter 32. Network Virtualization Gateway. . . . . . . . . . . . . 655NSXIntegrationConcepts ....................... 656

VMwareNSXComponents..................... 658NSXManager......................... 658NSXController ........................ 658NSXEdge.......................... 658NSXvSwitch ......................... 658

NSXTunneling .......................... 659VXLAN............................... 661LenovoVXLANGateway ....................... 663

SoftwareArchitectureOverview .................. 666NWVDNetworkVirtualizationDaemon ............ 666OVSDBDOpenVirtualSwitchDatabaseDaemon ........ 667HSCHardwareSwitchController............... 669

VXLANGatewayStandaloneTopologies ................ 670VXLANTunnelsoverLayer3RoutedNetwork .......... 670PhysicalServersonLayer2Switches............... 670DirectlyAttachedVXLANTunnelwithaLayer2Network(NotSupported).......................... 671VXLANTunnelsthroughaLayer2Network(NotSupported) ... 671

HighAvailabilitySupport....................... 672VXLANGatewayConfigurationExample ................ 674

StandaloneVXLANGatewayConfigurationExample ......... 675HighAvailabilityVXLANGatewayConfigurationExample ...... 678

BasicSwitchConfiguration ................... 678vLAGConfiguration...................... 678HSCConfiguration ...................... 680

Chapter 33. Network Policy Agent . . . . . . . . . . . . . . . . . 683Overview .............................. 684SettinguptheNutanixVDMPlugin .................. 686ViewingVirtualDomainInformation .................. 692UnsubscribingtoNutanixVDMNotifications .............. 693DynamicVLANsandtheVDM .................... 694

DynamicVLANConsiderations .................. 694DynamicVLANCommands .................... 694

Part 8: Monitoring . . . . . . . . . . . . . . . . . . . . . . . 695

Chapter 34. Port Mirroring . . . . . . . . . . . . . . . . . . . . 697PortMirroringOverview ....................... 698SPANConfiguration ......................... 699

Sources ............................. 699Destinations........................... 699Sessions ............................. 699ConfigurationExample ...................... 700


ERSPANConfiguration........................701SessionTypes...........................701Sources.............................702Destinations ...........................702ERSPANSourceSessionConfigurationExample...........703ERSPANDestinationSessionConfigurationExample .........704

Limitations .............................705

Chapter 35. Sampled Flow . . . . . . . . . . . . . . . . . . . . 707ConfiguringsFlow ..........................708sFlowNetworkPolling........................709sFlowNetworkSampling .......................710sFlowExampleConfiguration .....................711

Part 9: Appendices . . . . . . . . . . . . . . . . . . . . . . . 713

Appendix A. Getting help and technical assistance . . . . . . . . . . 715

Appendix B. Notices. . . . . . . . . . . . . . . . . . . . . . . 717Trademarks .............................719ImportantNotes ...........................720RecyclingInformation .........................721ParticulateContamination .......................722TelecommunicationRegulatoryStatement ................723ElectronicEmissionNotices ......................724

FederalCommunicationsCommission(FCC)Statement ........724IndustryCanadaClassAEmissionComplianceStatement.......724AvisdeConformitlaRglementationdIndustrieCanada ......724AustraliaandNewZealandClassAStatement ............724EuropeanUnionCompliancetotheElectromagneticCompatibilityDirective......................725GermanyClassAStatement....................725JapanVCCIClassAStatement ...................726JapanElectronicsandInformationTechnologyIndustriesAssociation(JEITA) Statement .........................727KoreaCommunicationsCommission(KCC)Statement .........727RussiaElectromagneticInterference(EMI)ClassAstatement ......727PeoplesRepublicofChinaClassAelectronicemissionstatement ....727TaiwanClassAcompliancestatement ................727

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 729


PrefaceThisApplicationGuidedescribeshowtoconfigureandusetheLenovoCloudNetworkOperatingSystem10.6softwareonthefollowingLenovoRackSwitches:

LenovoRackSwitchG8272.Fordocumentationoninstallingtheswitchphysically,seetheLenovoRackSwitchG8272InstallationGuide.



LenovoThinkSystemNE1032TRackSwitch.Fordocumentationoninstallingtheswitchphysically,seetheLenovoThinkSystemNE1032TRackSwitchInstallationGuide.

LenovoThinkSystemNE1032RackSwitch.Fordocumentationoninstallingtheswitchphysically,seetheLenovoThinkSystemNE1032RackSwitchInstallationGuide.

LenovoThinkSystemNE1072TRackSwitch.Fordocumentationoninstallingtheswitchphysically,seetheLenovoThinkSystemNE1072TRackSwitchInstallationGuide.




Who Should Use This GuideThisguideisintendedfornetworkinstallersandsystemadministratorsengagedinconfiguringandmaintaininganetwork.TheadministratorshouldbefamiliarwithEthernetconcepts,IPaddressing,SpanningTreeProtocol,andSNMPconfigurationparameters.

Copyright Lenovo 2017 Preface 25

Application Guide OverviewThisguidewillhelpyouplan,implement,andadministertheCloudNOS(CNOS)software.Wherepossible,eachsectionprovidesfeatureoverviews,usageexamples,andconfigurationinstructions.Thefollowingmaterialisincluded:

Part 1: Getting Started

ThismaterialisintendedtohelpthosenewtoCNOSproductswiththebasicsofswitchmanagement.Thispartincludesthefollowingchapters:

Chapter 1,UsingtheCommandLineInterface,describestheCNOScommandlineinterfacemodes,commands,keyboardshortcuts,andaliases.

Chapter 2,SwitchAdministration,describeshowtoaccesstheswitchtoconfiguretheswitch,andviewswitchinformationandstatistics.Thischapterdiscussesavarietyofmanualadministrationinterfaces,includinglocalmanagementviatheswitchconsole,andremoteadministrationviaTelnetorSecureShell.

Chapter 3,SystemLicenseKeys,describeshowtoinstalladditionalfeaturesontheswitch.

Chapter 4,SwitchSoftwareManagement,describeshowtoupdatetheCNOSsoftwareoperatingontheswitchandhowtoconvertfromCNOStoENOS.

Part 2: Securing the Switch

Thismaterialcontainsinformationaboutimplementingsecurityprotocolsontheswitch.Thispartincludesthefollowingchapters:

Chapter 5,SecuringAdministration,describesmethodsforusingSecureShellforadministrationconnections,andconfiguringenduseraccesscontrol.

Chapter 6,AAAProtocols,describesdifferentsecureadministrationmethodsforremoteadministrators.ThisincludesusingRADIUS,TerminalAccessControllerAccessControlSystemPlus(TACACS+)andAuthentication,Authorization,andAccounting(AAA).

Chapter 7,AccessControlLists,describeshowtousefilterstopermitordenyspecifictypesoftraffic,basedonavarietyofsource,destination,andpacketattributes.

Part 3: Switch Basics

Thismaterialcontainsinformationaboutsettingupfeaturesontheswitch.Thispartincludesthefollowingchapters:

Chapter 8,InterfaceManagement,describeshowtoconfiguretheswitchinterfaces,liketheethernetormanagementports.

Chapter 9,ForwardingDatabase,describeshowaLayer2devicecanbeconfiguredtolearnandstoreMACaddressesandtheircorrespondingports.

Chapter 10,VLANs,describeshowtoconfigureVirtualLocalAreaNetworks(VLANs)forcreatingseparatenetworksegments,includinghowtouseVLANtaggingfordevicesthatusemultipleVLANs.


Chapter 11,PortsandLinkAggregation,describeshowtogroupmultiplephysicalportstogethertoaggregatethebandwidthbetweenlargescalenetworkdevices.

Chapter 12,SpanningTreeProtocol,describeshowtousetheRapidPerVLANSpanningTreePlus(RapidPVST+)andMultipleSpanningTreeProtocol(MSTP)tobuildaloopfreenetworktopology.

Chapter 13,VirtualLinkAggregationGroups,describesusingVirtualLinkAggregationGroups(VLAGs)toformLAGsspanningmultipleVLAGcapableaggregatorswitches.

Chapter 14,QualityofService,discussesQualityofService(QoS)features,includingIPfilteringusingclassmaps,DifferentiatedServices,andIEEE802.1ppriorityvalues.

Chapter 15,CEE,discussesusingvariousConvergedEnhancedEthernet(CEE)featuressuchasPrioritybasedFlowControl(PFC),EnhancedTransmissionSelection(ETS)andDataCenterBridgingCapabilityExchange(DCBX).

Chapter 16,SecureMode,describesthedifferencebetweensecuremodeandlegacymode,whatenablingsecuremodemeans,andhowtoenableanddisableit.

Part 4: IP Routing

Thispartincludesthefollowingchapters:

Chapter 17,BasicIPRouting,describeshowtoconfiguretheswitchforIProutingusingIPsubnets,BFD,DHCPRelayandVRF.

Chapter 18,RoutedPorts,describeshowtoconfigureaswitchporttoforwardLayer3traffic.

Chapter 19,AddressResolutionProtocol,describeshowtousetheAddressResolutionProtocol(ARP)protocoltomapanIPv4addresstoaMACaddress.

Chapter 20,InternetProtocolVersion6,describeshowtoconfiguretheswitchtouseIPv6.

Chapter 21,InternetGroupManagementProtocol,describeshowCNOSimplementsInternetGroupManagementProtocol(IGMP)Snoopingtoconservebandwidthinamulticastswitchingenvironment.

Chapter 22,BorderGatewayProtocol,describesBorderGatewayProtocol(BGP)conceptsandfeaturessupportedinCNOS.

Chapter 23,OpenShortestPathFirst,describeskeyOpenShortestPathFirst(OSPF)concepts,andhowtheyareimplementedinCNOS,andprovidesexamplesofhowtoconfigureyourswitchforOSPFsupport.

Chapter 24,RouteMaps,describesroutemapsthatareusedtodefineroutepolicybypermittingordenyingcertainroutesbasedonaconfiguredsetofrules.


Part 5: High Availability Fundamentals


Chapter 25,BasicRedundancy,describeshowtheswitchsupportsredundancythroughLAGsandVLAGs.

Chapter 26,VirtualRouterRedundancyProtocol,describeshowtheswitchsupportshighavailabilitynetworktopologiesusingVirtualRouterRedundancyProtocol(VRRP).

Chapter 27,Layer2Failover,describeshowtoconfigureandusenetworkadapterteamingforLayer2LAGfailover.

Part 6: Network Management


Chapter 28,LinkLayerDiscoveryProtocol,describeshowLinkLayerDiscoveryProtocol(LLDP)helpsneighboringnetworkdeviceslearnabouteachothersportsandcapabilities.

Chapter 29,ServiceLocationProtocol,describestheServiceLocationProtocol(SLP)thatallowstheswitchtoprovidedynamicdirectoryservices.

Chapter 30,SimpleNetworkManagementProtocol,describeshowtoconfiguretheswitchformanagementthroughaSimpleNetworkManagementProtocol(SNMP)client.

Chapter 31,Telemetry,describestheCNOSNetworkTelemetryAgentandhowtousethedataitprovidestofinetuneyournetwork.

Part 7: Hyperconverged Infrastructure


Chapter 32,NetworkVirtualizationGateway,describeshowtointegrateVMwareNSXwithyourswitch.

Chapter 33,NetworkPolicyAgent,explainshowtousetheCNOSnetworkpolicyagentpluginthatworkswiththeNutanixVirtualDomainModule.

Part 8: Monitoring


Chapter 34,PortMirroring,discussestoolstocopyselectedporttraffictoaremotemonitorportfornetworkanalysis.

Chapter 35,SampledFlow,discussesusingSampledFlow(sFlow)formonitoringtraffic.

Part 9: Appendices

Thispartincludesthefollowingappendices:

AppendixA,Gettinghelpandtechnicalassistance,providesdetailsonwheretogoforadditionalinformationaboutLenovoandLenovoproducts.

AppendixB,Notices,containssafetyandenvironmentalnotices.


Additional ReferencesAdditionalinformationaboutinstallingandconfiguringyourswitchisavailableinthefollowingguides:

LenovoNetworkCommandReferenceforLenovoCloudNetworkOperatingSystem10.6

LenovoNetworkReleaseNotesforLenovoCloudNetworkOperatingSystem10.6foryourswitch

LenovoNetworkPythonProgrammingGuideforLenovoCloudNetworkOperatingSystem10.6

LenovoNetworkRESTAPIProgrammingGuideforLenovoCloudNetworkOperatingSystem10.6


Typographic ConventionsThefollowingtabledescribesthetypographicstylesusedinthisbook.

Table 1. Typographic Conventions

Typeface or Symbol

Meaning Example

ABC123 Thistypeisusedfornamesofcommands,files,anddirectoriesusedwithinthetext.

Viewthereadme.txtfile.

Italsodepictsonscreencomputeroutputandprompts.

Switch#

ABC123 Thisboldtypeappearsincommandexamples.Itshowstextthatmustbetypedinexactlyasshown.

Switch#ping

Thisitalicizedtypeappearsincommandexamplesasaparameterplaceholder.Replacetheindicatedtextwiththeappropriaterealnameorvaluewhenusingthecommand.Donottypethebrackets.

ToestablishaTelnetsession,enter:Switch#telnet

Thisalsoshowsbooktitles,specialterms,orwordstobeemphasized.

ReadyourUsersGuidethoroughly.

{} Commanditemsshowninsidebracketsaremandatoryandcannotbeexcluded.Donottypethebrackets.

Switch#cp{ftp|sftp}

[] Commanditemsshowninsidebracketsareoptionalandcanbeusedorexcludedasthesituationdemands.Donottypethebrackets.

Switch#configure[device]

| Theverticalbar(|)isusedincommandexamplestoseparatechoiceswheremultipleoptionsexist.Selectonlyoneofthelistedoptions.Donottypetheverticalbar.

Switch#cp{ftp|sftp}

Thisblocktypedepictsmenus,buttons,andothercontrolsthatappearingraphicalinterfaces.

Clickthebutton.


Part 1: Getting StartedThissectiondiscussesthefollowingtopics:

SwitchAdministrationonpage 41

SystemLicenseKeysonpage 91

SwitchSoftwareManagementonpage 97


Chapter 1. Using the Command Line InterfaceLenovoCloudNetworkOperatingSystemusesanindustrystandardcommandlineinterface(CLI).LikeanyswitchCLI,therearesubtledifferencesbetweentheCNOSCLIandtheCLIonswitchesfromothervendors.

Thefollowingsubjectsarediscussedinthischapter:

CLICommandModesonpage 34

CommandLineInterfaceShortcutsonpage 35

CommandAliasesonpage 37


CLI Command ModesTheCLIhasthreemajorcommandmodeslistedinorderofincreasingprivileges,asfollows:

UserEXECMode:Switch>Thisistheinitialmodeofaccess.Bydefault,onconsolesessionspasswordcheckingisdisabledforthismode.

PrivilegedEXECmode:Switch#ThismodeisaccessedfromUserEXECMode.Thismodecanbeaccessedusingthefollowingcommand:enable

ConfigurationMode:Switch(config)#Thismodeallowsyoutomakechangestotherunningconfiguration.Ifyousavetheconfiguration,thesettingssurviveareloadoftheswitch.SeveralsubmodescanbeaccessedfromtheUserEXECMode.Thismodecanbeaccessedusingthefollowingcommand:configure[device]

Eachmodeprovidesaspecificsetofcommands.Mostlowerprivilegemodecommandsareaccessiblewhenusingahigherprivilegemode.Note: ThewordSwitchisagenerictermusedthroughouttheApplicationGuidetoindicatethehostnameoftheswitchwhenissuingcommands.DependingontheLenovoRachSwitchorThinkSystem,thewordSwitchwillbereplacedwithoneofthefollowing:

Switch Type Prompt

RackSwitchG8272 G8272



ThinkSystemNE1032RackSwitch NE1032

ThinkSystemNE1032TRackSwitch NE1032T

ThinkSystemNE1072TRackSwitch NE1072T



Copyright Lenovo 2017 Chapter 1: Using the Command Line Interface 35

Command Line Interface ShortcutsThefollowingshortcutsallowyoutoentercommandsquicklyandeasily.

CLI List and Range InputsForVLANandportcommandsthatallowanindividualitemtobeselectedfromwithinanumericrange,listsandrangesofitemscannowbespecified.Forexample,thevlancommandpermitsthefollowingoptions:

Thenumbersinarangemustbeseparatedbyadash:

Multiplerangesoritemsarepermittedusingacomma:,

Donotusespaceswithinlistandrangespecifications.

Rangescanalsobeusedtoapplythesamecommandoptiontomultipleitems.Forexample,toaccessmultipleportswithonecommand:

Command AbbreviationMostcommandscanbeabbreviatedbyenteringthefirstcharacterswhichdistinguishthecommandfromtheothersinthesamemode.Forexample,considerthefollowingfullcommand:

Itcanbeabbreviatedasfollows:

Tab CompletionByenteringthefirstletterofacommandatanypromptandpressing,theISCLIdisplaysallavailablecommandsoroptionsthatbeginwiththatletter.Enteringadditionallettersfurtherrefinesthelistofcommandsoroptionsdisplayed.Ifonlyonecommandfitstheinputtextwhenispressed,thatcommandissuppliedonthecommandline,waitingtobeentered.

Ifmultiplecommandssharethetypedcharacters,whenyoupress,theISCLIcompletesthecommonpartofthesharedsyntax.

Switch(config)#vlan1,3,1094 (accessVLANs1,3,and1094)Switch(config)#vlan120 (accessVLANs1through20)Switch(config)#vlan15,9099,10901094(accessmultipleranges)Switch(config)#vlan15,19,20,10901094(accessamixoflistsandranges)

Switch(config)#spanningtreemst14cost4096 (instances1through4)

Switch(config)#displaymacaddresstableinterfaceethernet1/12

Switch(config)#dispmaadie1/12


Line EditingThefollowingcaseinsensitivekeystrokecommandsareavailableforeditingcommandlines:

Command Behavior

Movesthecursortothebeginningoftheline.

Movesthecursoronecharactertotheleft.

Deletesthecharacteratthecursor.

Movesthecursortotheendoftheline.

Movesthecursoronecharactertotheright.

Killsalltexttotherightofthecursor,puttingitintoabuffer.

Clearsthescreen,leavingthecurrentlineintactatthetop.

Movetothenextcommandinthecommandhistory.

Movetothepreviouscommandinthecommandhistory.

Swapsthecharacteratthecursorwiththecharactertotheleftofthecursor.

Clearsalltextfromthecommandline.

Deletesfromthecursortothestartoftheword.

Yanksthetextfromthekillbuffer.

Movesthecursorbackwardsoneword.

Capitalizesthefirstletterofthewordorthecharacterwherethecursorispointing.

Deletestotheendofthewordtotherightofthecursor.

Movesthecursorforwardsoneword.

Changesthetexttolowercasefromthecursortotheendoftheword.

Changesthetexttouppercasefromthecursortotheendoftheword.


Command AliasesCommandaliasingenablesyoutochangethenamesofcommandsintheCLI.

Defining AliasesTodefineanalias,enter:

Forexample,tousethecommandshowtoinvokethedisplaycommand,enter:

Removing AliasesToremoveanalias,enter:

Toremoveallaliases,enter:

Displaying AliasesToseethelistofaliasesconfiguredtoyoursystem,enter:

Note: Thealiascommanddoesnotdovalidationchecking.Ifyouenteraninvalidcommandforanaliastoinvoke,youwillgetanerrormessage.

Rules for Using AliasesThefollowingrulesapplywhenyouaredefininganalias:

Analiasmustbeanalphanumericstringthatstartswithanalphabeticcharacter.Therecanbenospacesorpunctuationcharactersinanaliasname.Therecanbedashesandspacesinthecommandbeingaliased.Forexample,thefollowingcommandaliasesthestringdsitodisplaysysinfo:

Switch(config)#alias

Switch(config)#aliasshowdisplay

Switch(config)#noalias

Switch(config)#noaliasall

Switch(config)#displayaliasCLIaliasinformation:=====================show:displayabc:display

Switch(config)#aliasdsidisplaysysinfo


Youcannotescapenonalphanumericcharacterswithabackslashorwithquotes.Forexample,youwillgetanerrormessageifyouenter:

Youcanhavemultiplealiasesforthesamecommand,butyoucannothavemultiplecommandsmappedtothesamealias.Forexample,ifyouenter:

Thealiasesshowandabcwillbothinvokethedisplaycommand.However,ifyouenter:

Theshowaliaswillinvoketheenablecommand.

Youcanuseanaliastoinvokeamultiplewordcommand.Forexample,youcanenter:

Thessialiaswillnowinvokethecommanddisplaysysinfo.

Youcannotnestaliases.Forexample,ifyouenter:

Thessicommandwillreturnanerrormessage.

Youcannotaliasanargumentofacommand.Forexample,ifyoutryentering:

Thecommandshowsiwillreturnanerrormessagebecausetheswitchistryingtoparseitasdisplaysi.

Ifyouusethenameofanexistingcommandasanaliasname,itwilloverridetheexistingcommand.Forexample,ifyouenter:

Theqoscommandwillbehaveasifyouhadentereddisplay.Tofixthis,enter:

Inthecaseoffixingtheqoscommandtoitsoriginalfunction,youwouldenter:

Switch(config)#aliasshow\sysinfodisplaysysinfo

Switch(config)#aliasshowdisplaySwitch(config)#aliasabcdisplay

Switch(config)#aliasshowdisplaySwitch(config)#aliasshowenable

Switch(config)#aliasssidisplaysysinfo

Switch(config)#aliasshowdisplaySwitch(config)#aliasssishowsysinfo

Switch(config)#aliasshowdisplaySwitch(config)#aliassisysinfo

Switch(config)#aliasqosdisplay

Switch(config)#noalias

Switch(config)#noaliasqos


Analiasdoesnotsupportmultiplecommandlines.Forexample,ifyouenter:

Youwillgetanerrormessage.

Youcannotconcatenatealiases.Forexample,ifyouenter:

Youwillgetanerrormessageafteryouentershowpa.

Themaximumnumberofaliasesthatcanbeconfiguredonaswitchis128.

Thefollowingarereservedwordsthatcannotbeusedasanaliasname:

Switch(config)#aliasdvdudisplayversion\ndisplayuser

Switch(config)#aliasdisplayshowSwitch(config)#aliaspaportaggregationSwitch(config)#showpa1

alias enable python

all end quit

bfd exit reload

configure logout remove

disable name restart

display no save


Chapter 2. Switch AdministrationYourRackSwitchisreadytoperformbasicswitchingfunctionsrightoutofthebox.Someofthemoreadvancedfeatures,however,requiresomeadministrativeconfigurationbeforetheycanbeusedeffectively.

TheextensiveLenovoCloudNetworkOperatingSystemfortheswitchprovidesavarietyofoptionsforaccessingtheswitchtoperformavarietyofconfigurationsandtoviewswitchinformationandstatistics.

Thischapterdiscussesthevariouscommandsusedtoadministertheswitch:

AdministrationInterfacesonpage 42

IndustryStandardCommandLineInterfaceonpage 43

EstablishingaConnectiononpage 44

ZeroTouchProvisioningonpage 51

DHCPIPAddressServicesonpage 55

SwitchLoginLevelsonpage 62

Pingonpage 64

Tracerouteonpage 69

NetworkTimeProtocolonpage 72

DomainNameServerClientonpage 77

SystemLoggingonpage 79

IdleDisconnectonpage 87

PythonScriptingonpage 88

RESTAPIProgrammingonpage 89


Administration InterfacesCloudNOSprovidesavarietyofuserinterfacesforadministration.Theseinterfacesvaryincharacterandinthemethodsusedtoaccessthem.Somearetextbasedandsomearegraphical;someareavailablebydefault,whileothersrequireconfiguration;somecanbeaccessedbylocalconnectiontotheswitch,whileothersareaccessedremotelyusingvariousclientapplications.Forexample,administrationcanbeperformedusinganyofthefollowing:

Abuiltin,textbasedcommandlineinterface(CLI)andmenusystemforswitchaccessviaaserialportconnectionoranoptionalTelnetorSSHsession

SNMPsupportforaccessthroughthirdpartycommercialandopensourcenetworkmanagementapplications.

Thespecificinterfacechosenforanadministrativesessiondependsonyourpreferences,theswitchconfiguration,andtheavailableclienttools.

Inallcases,administrationrequiresthattheswitchhardwareisproperlyinstalledandturnedon(seetheLenovoRackSwitchInstallationGuide).

Copyright Lenovo 2017 Chapter 2: Switch Administration 43

Industry Standard Command Line InterfaceTheIndustryStandardCommandLineInterface(ISCLI)providesasimpleanddirectmethodforswitchadministration.Usingabasicterminal,youcanissuecommandsthatallowyoutoviewdetailedinformationandstatisticsabouttheswitch,andtoperformanynecessaryconfigurationandswitchsoftwaremaintenance.

YoucanestablishaconnectiontotheISCLIinanyofthefollowingways:

Serialconnectionviatheserialportontheswitch(thisoptionisalwaysavailable)

Telnetconnectionoverthenetwork

SSHconnectionoverthenetwork


Establishing a ConnectionThefactorydefaultsettingspermitinitialswitchadministrationthroughthebuiltinserialport.TheswitchcanalsobeinitiallyconfiguredthroughtheOOBmanagementportthatgetsadefaultIPaddress(192.168.50.50/24);inthiscase,theuserisabletologinviaSSHintotheportandperforminitialconfiguration.

Remoteaccessusingthenetworkrequirestheaccessingterminaltohaveavalid,routableconnectiontotheswitchinterface.TheclientIPaddressmaybeconfiguredmanually,oranIPaddresscanbeprovidedautomaticallytotheswitchusingaservicesuchasDHCP(seeDHCPIPAddressServicesonpage 55).AnIPv6addresscanalsobeobtainedusingIPv6statelessaddressconfiguration.Note: Throughoutthismanual,IPaddressisusedinplaceswhereeitheranIPv4orIPv6addressisallowed.IPv4addressesareenteredindotteddecimalnotation(forexample,10.10.10.1),whileIPv6addressesareenteredinhexadecimalnotation(forexample,2001:db8:85a3::8a2e:370:7334).Inplaceswhereonlyonetypeofaddressisallowed,IPv4addressorIPv6addressisspecified.

Using the Switch Management InterfaceTomanagetheswitchthroughthemanagementinterface,youmustconfigureitwithanIPinterface.ConfiguretheIPaddressandnetworkmaskanddefaultgatewayaddress:

1. Logontotheswitch.

2. EnterGlobalConfigurationmode.

3. ConfigureamanagementIPaddressandnetworkmask:

IPv4configuration:

IPv6configuration:

4. Configuretheappropriatedefaultgateway:

IPv4configuration:

Switch>enableSwitch#configuredeviceSwitch(config)#

Switch(config)#interfacemgmt0Switch(configif)#ipaddress/Switch(configif)#exit

Switch(config)#interfacemgmt0Switch(configif)#ipv6address/Switch(configif)#exit

Switch(config)#vrfcontextmanagementSwitch(configvrf)#iproute0.0.0.00.0.0.0Switch(configvrf)#exit


IPv6configuration:

OnceyouconfigureamanagementIPaddressforyourswitch,youcanconnecttothemanagementportanduseaTelnetoranSSHclientfromanexternalmanagementstationtoaccessandcontroltheswitch.Themanagementportprovidesoutofbandmanagement.Note: Touseatelnetclient,youmustfirstenabletelnetaccesswiththecommand:

Other Ways to Manage the Switch Using IPBesidesusingtheoutofbandmanagementporttoadministertheswitch,youcanmanagetheswitchusinganinbandconnectionoverthedataports.Thefollowingoptionsareavailableforconfiguringinbandmanagement:

SwitchedVirtualInterface(SVI)

L3routedports

SwitchVirtualInterfacesonpage 202containsrulesandmoredetailsaboutusinganSVI,whileConfiguringaRoutedPortonpage 408containsmoredetailsaboutconfiguringroutedports.Thefollowingsectioncontainsexamplesofeach.

Configuring a Switched Virtual Interface for ManagementASwitchedVirtualInterfaceisaVLANthathasanIPaddressassigneddirectlyonitviathecommand:

TheVLANmustalreadyexistbeforeyouconfiguretheVLANinterface,andtheVLANmustbeallowedonanydataportsyouwanttousetomanagetheswitch.AlongwithconfiguringtheVLANinterface,ifyouwanttoconnecttotheswitchviaaremoteIPsubnet,configureaninbanddefaultgateway.

ThefollowingisanexampleofconfiguringanSVIandassociateddefaultgateway.


2. EnterconfigurationmodeandthencreatethedesiredVLANthatwillbeusedbytheSVI

Switch(config)#vrfcontextmanagementSwitch(configvrf)#ipv6route::/0Switch(configvrf)#exit

Switch(config)#featuretelnet

Switch(config)#interfacevlan

Switch>enableSwitch#configuredeviceSwitch(config)#vlanSwitch(config)#exit


3. CreatetheSVIandconfiguretheIPaddressandnetworkmask.

4. Configuretheinbanddefaultgateway(optional).

IPv4configuration:

IPv6configuration:

YoumustcarrytheVLANbeingusedformanagementonatleastoneoftheinbanddataports,topermitmanagementoftheswitchviathispath.

Using the Switch Ethernet Ports in Routed Port Mode for ManagementYoualsocanconfigureinbandmanagementdirectlyonanyoftheswitchEthernetdataportsbysettingthephysicalinterfacetoRoutedPortmode.ToallowinbandmanagementviatheRoutedportfeatureusethefollowingprocedure:


2. Enterinterfacemodeandconfigureanethernetinterfaceasroutedport.

3. ConfiguretheinterfaceIPaddressandnetworkmaskonthisphysicalEthernetinterface.

IPv4configuration:

IPv6configuration:

4. (Optional)Configuretheinbanddefaultgateway.

IPv4configuration:

Switch(config)#interfacevlanSwitch(configif)#ipaddress/Switch(configif)#exit

Switch(configif)#iproute0.0.0.0/0

Switch(configif)#ipv6route::/0Switch(configvrf)#exit

Switch>enableSwitch#configuredeviceSwitch(config)#interfaceethernet/Switch(configif)#nobridgeport

Switch(configif)#ipaddress/Switch(configif)#exit

Switch(configif)#ipv6address/Switch(configif)#exit

Switch(config)#iproute0.0.0.0/0


IPv6configuration:

OnceyouconfiguretheIPaddressandhaveanetworkconnection,youcanuseaTelnetoranSSHclientfromanexternalmanagementstationtoaccessandcontroltheswitch.Oncethedefaultgatewayisenabled,themanagementstationandtheswitchdonotneedtobeonthesameIPsubnettocommunicate.

Theswitchsupportsanindustrystandardcommandlineinterface(ISCLI)thatyoucanusetoconfigureandcontroltheswitchoverthenetworkusingaTelnetoranSSHclient.YoucanusetheISCLItoperformmanybasicnetworkmanagementfunctions.Inaddition,youcanconfiguretheswitchformanagementusinganSNMPbasednetworkmanagementsystem.

Formoreinformation,seethedocumentslistedinAdditionalReferencesonpage 28.

Using TelnetATelnetconnectionofferstheconvenienceofaccessingtheswitchfromaworkstationconnectedtothenetwork.Telnetaccessprovidesthesameoptionsforuserandadministratoraccessasthoseavailablethroughtheconsoleport.

Bydefault,Telnetaccessisdisabled.UsethefollowingcommandtoenableordisableTelnetaccess:

OncetheswitchisconfiguredwithanIPaddressandgateway,youcanuseTelnettoaccessswitchadministrationfromanyworkstationconnectedtothemanagementnetwork.

ToestablishaTelnetconnectionwiththeswitch,runtheTelnetclientonyourworkstation,useTelnetastheprotocoltypeandtheswitchsIPaddressasthehostname.

YouwillthenbepromptedtoenterapasswordasexplainedinSwitchLoginLevelsonpage 62.

Bydefault,TelnetusesTCPport23oftheremotehosttoestablishaconnectionfromtheswitch.WheninitializingaTelnetsession,youcanspecifytheTCPportoftheremotehostbyusingthefollowingcommandontheswitch:

Note: ThespecifiedportwillbeusedonlyforthecurrentTelnetsession.Futuresessionswillnotusetheselectedport.

Bydefault,TelnetclientswillconnecttothelocalTelnetserverusingTCPport23ontheswitch.ToconfiguretheTCPportusedbyaTelnetclientwhenestablishingaconnectiontotheswitch,usethefollowingcommand:

Switch(config)#ipv6route::/0

Switch(config)#[no]featuretelnet

Switch#telnetport

Switch(config)#telnetserverport


Using Secure ShellAlthougharemotenetworkadministratorcanmanagetheconfigurationofaswitchviaTelnet,thismethoddoesnotprovideasecureconnection.TheSecureShell(SSH)protocolenablesyoutosecurelylogintoanotherdeviceoveranetworktoexecutecommandsremotely.AsasecurealternativetousingTelnettomanageswitchconfiguration,SSHensuresthatalldatasentoverthenetworkisencryptedandsecure.

Bydefault,SSHaccessisenabled.UsethefollowingcommandtoenableordisableSSHaccess:

Theswitchcandoonlyonesessionofkey/ciphergenerationatatime.Thus,anSSHclientwillnotbeabletologiniftheswitchisdoingkeygenerationatthattime.Similarly,thesystemwillfailtodothekeygenerationifanSSHclientislogginginatthattime.

ThesupportedSSHencryptionandauthenticationmethodsare:

ServerHostAuthentication:ClientRSAauthenticatestheswitchwhenstartingeachconnection

KeyExchange:ecdhsha2nistp256,ecdhsha2nistp384,ecdhsha2nistp521,diffiehellmangroup14sha1

Encryption:aes128ctr,aes192ctr,aes256ctr,[email protected],[email protected]

MAC:hmacsha2256,hmacsha2512,[email protected],[email protected]

UserAuthentication:Localpasswordauthentication,TACACS+

LenovoCloudNetworkOperatingSystemimplementstheSSHversion2.0standardandisconfirmedtoworkwithSSHversion2.0compliantclientssuchasthefollowing:

OpenSSH_6.7p1forLinux

SecureCRTVersion7.3.4(build839)

PuttySSHrelease0.63

Using SSH with Password AuthenticationOncetheIPparametersareconfigured,youcanaccessthecommandlineinterfaceusinganSSHconnection.

ToestablishanSSHconnectionwiththeswitch,runtheSSHclientonyourworkstation,useSSHastheprotocoltypeandtheswitchsIPaddressasthehostname.

YouwillthenbepromptedtoenterapasswordasexplainedinSwitchLoginLevelsonpage 62.

Switch(config)#[no]featuressh


Using SSH with Server Key AuthenticationSSHcanalsobeusedforswitchauthenticationbasedonasymmetriccryptography.Serverencryptionkeyscanbegeneratedontheswitchandusedtoauthenticateincomingloginattemptsbasedontheclientsprivateencryptionkeypairs.Afterapredefinednumberoffailedserverkeyauthenticationattempts,aloginerrorwillappearandtheSSHsessionwillbedisconnected.

Tosetupserverkeyauthentication:

1. DisableSSH:

Note: SSHsettingscannotbemodifiedifSSHisenabled.

2. GenerateanSSHkey:

DSA:

RSA:

Note: YoucanalsoconfigurethelengthoftheRSAkeybyusingthefollowingcommand:

3. ConfigureamaximumnumberoffailedserverkeyauthenticationattemptsbeforetheSSHsessionwillbedisconnected:

Note: Thedefaultnumberoffailedattemptsis3.

4. ReenableSSH:

Oncetheserverkeyisconfiguredontheswitch,aclientcanuseSSHtologinfromasystemwheretheprivatekeypairissetup.

Switch(config)#nofeaturessh

Switch(config)#sshkeydsa[force]

Switch(config)#sshkeyrsa[force]

Switch(config)#sshkeyrsalength

Switch(config)#sshloginattempts

Switch(config)#featuressh


Using Simple Network Management ProtocolCNOSprovidesSimpleNetworkManagementProtocol(SNMP)version1,2,and3supportforaccessthroughanynetworkmanagementsoftware,suchasSwitchCenterorLenovoXClarity.Note: TheSNMPreadfunctionisenabledbydefault.Forbestsecuritypractices,ifSNMPisnotneededforyournetwork,disablethisfunctionpriortoconnectingtheswitchtothenetwork.

ToaccesstheSNMPagentontheswitch,thereadandwritecommunitystringsontheSNMPmanagermustbeconfiguredtomatchthoseontheswitch.

Thereadandwritecommunitystringsontheswitchcanbeconfiguredusingthefollowingcommands:

readonlyaccesscommunitystring:

readwriteaccesscommunitystring:

TheSNMPmanagermustbeabletoreachanyoneoftheIPinterfacesontheswitch.

FortheSNMPmanagertoreceivetheSNMPv1trapssentoutbytheSNMPagentontheswitch,configurethetraphostontheswitchwiththefollowingcommand:

FormoreinformationonSNMPusageandconfiguration,seeChapter 30,SimpleNetworkManagementProtocol.

Switch(config)#snmpservercommunityro

Switch(config)#snmpservercommunityrw

Switch(config)#snmpserverhosttrapsversion1


Zero Touch ProvisioningZeroTouchProvisioning(ZTP)enablesaswitchtoautomaticallyprovisionitselfusingtheresourcesavailableonthenetworkwithoutmanualintervention.WhenaswitchwithZTPenabledstartsup,itlocatesaDHCPserverwhichprovidestheswitchwithaninterfaceIPv4addressandagatewayIPv4address.TheswitchthenobtainstheIPaddressofaTFTPserverfromwhichitwilldownloadthenecessarybootfile.Thenextstepisfortheswitchtorunthebootfile.

Ontheswitch,ZTPwilltriggerwhenanyofthefollowingconditionsaremet:

aswitchbootswithnostartupconfiguration(onlythedefaultconfiguration)

thestartupconfigurationiserasedandtheswitchisreloaded

ZTPisforcedlyenabledfromtheCLINote: ZTPwillnotbetriggeredifitisforcedlydisabledfromtheCLI.

Duringthebootprocess,iftheswitchdoesnotfindastartupconfigurationandZTPisenabled,theswitchwillenterZTPmode.WhenforcedlyenabledfromtheCLI,theswitchentersZTPmoderegardlessofthepresenceofastartupconfiguration.TheswitchwillsearchforavailableDHCPserversandrequestthemtoacquireaninterfaceaddress,agatewayaddress,theTFTPserveraddress,andthebootfilename.

AftertheinformationfromtheDHCPserverisobtained,ZTPwilldownloadandrunthebootfile,andthenexecutetheZTPprocessaccordingtothebootfile.ZTPautomaticallyhandlestheprocessofupgradingtheswitchsoftwareimageandinstallingconfigurationfiles.

Notes:

Duringthebootprocess,apromptwillappearaskingifyouwanttoabortorcontinuetheZTPprocess.IfyouchoosetoexitZTP,theswitchwillcontinuewithitsnormalbootprocess,usingthedefaultconfigurationoranystartupconfiguration,ifoneispresentontheswitchandZTPwasforcedlyenabledfromtheCLI.

IfZTPwasforcedlyenabledandnoDHCPserverwasfoundduringtheZTPprocess,anypreviousIPv4addressmanuallyconfiguredofthemanagementinterfacewillberemoved.

IfZTPiscanceledduringitsexecution,theswitchexitsZTPmode.IfaninterfaceIPv4addresswasobtained,itwillnotbereleased.Ifanyfileswheredownloaded,theywillnotbedeleted.

ImportantZTPeventsareloggedbytheswitchandareavailablefordisplayfromaconsolesession.


DHCP DiscoveryAfterenteringZTPmode,theswitchsendsaDHCPdiscovermessageonitsmanagementinterfacerequestingDHCPoffersfromtheDHCPserverspresentonthenetwork.ThereceivingDHCPserverreplieswithaDHCPoffermessage.

WhentheDHCPclientreceivestheDHCPoffermessage,itwillrequesttheDHCPservertosendthefollowinginformation:

aninterfaceIPv4address

agatewayIPv4address

theTFTPserverIPaddress(usingoption66)

thebootfilename(usingoption67)

TheswitchcompletestheDHCPnegotiationprocess(requestandacknowledgement)withtheDHCPserver,whichassignstheswitchanIPv4address.TheswitchthenusestheacquiredTFTPserverIPaddresstocontacttheTFTPserver.ThebootfilenamecontainsthecompletefilepathofthebootfileontheTFTPserver.Theswitchthendownloadsthebootfile.

IfnoDHCPserversreplytotheDHCPdiscovermessageorifnoDHCPoffermeetstheZTPrequirements,theswitchwillbeunabletocompletetheDHCPnegotiationandanIPv4addressisnotassigned(exceptthedefaultIPv4address192.168.50.50/24,butthiscannothelptheswitchfinalizetheZTPprocess).ZTPwilltrythreetimestosuccessfullyobtaintherequiredinformation.IfitfailstheDHCPnegotiationthreetimes,theswitchexitsZTPmodeandcontinuesthenormalbootprocess.

Notes:

TheinterfaceIPv4addressobtainedfromtheDHCPserveriskeptandusedevenaftertheZTPprocessover.

ZTPsupportsonlyDHCPv4andnotDHCPv6.

ZTPsupportsonlyTFTPandnotFTP,SCP,orothertransferprotocols.

DHCPserversmustbeconfiguredwithoptions66and67toensurethattheswitchalwaysobtainstheTFTPserverhostnameandthebootfilenameduringtheZTPprocess.

DHCPoptions66and67areenabledbydefaultontheswitch.Ifeitherofthemisintentionallydisabled,theZTPprocesswillresultinafailure.

DHCPoption66providestheIPaddressofasingleTFTPserver.ToenableordisableDHCPoption66,usethefollowingcommand:

DHCPoption67providesthefilepathofthebootfileneededbyZTP.ToenableordisableDHCPoption67,usethefollowingcommand:

Switch(config)#[no]ipdhcpclientrequesttftpservername

Switch(config)#[no]ipdhcpclientrequestbootfilename


ZTP Boot FileThebootfileiswritteninYAMLformatandcontainsswitchmodels,andundereachswitchmodelareseveralfieldsthatinstructtheZTPprocesswhattodo.

Thebootfilemaycontainuptothreefieldsundereachswitchmodel:

img_namethisinstructsZTPtoupdatetheswitchsoftwareimagetothespecifiedimageversionandconfigureitasthestandbyimageontheswitch

configurationthisinstructsZTPtocopythespecifiedconfigurationfilefromtheTFTPserveranduseitasthestartupconfigurationfileontheswitch

scriptthisinstructsZTPtocopythescriptfileandexecuteitontheswitch

ZTPchecksthebootfilefortheswitchmodelandexecutetheappropriateactionsaccordingtothefieldsunderthecorrectswitchmodel.

ZTPsupportstheexecutionofPythonscripts.Ifthereisascriptfieldundertheswitchmodelinthebootfile,thefieldhasahigherprioritythantheothertwofields(img_nameandconfiguration)andZTPwillignorethem.ZTPdownloadsthePythonscriptfiletotheswitchandexecutesit.Thescriptcanalsocontaininstructionstodownloadandinstallaswitchsoftwareimageandaconfigurationfile.Note: ThePythonscriptfileisstoredinatemporaryfolderontheswitchanditwillbedeletedoncetheswitchreloads.

Followingisanexampleofabootfile:

Note: AftertheZTPprocessisover,theswitchwillbereloadedifthesoftwareimageorthestartupconfigurationareupdated.IfZTPexecutesaPythonscript,thereloadingoftheswitchisdecidedbythescriptinstead.

G8272:img_name:G827210.6.0.1.imgconfiguration:netboot_config_file_G8272script:netboot_G8272.py




Forcedly Enabling or Disabling ZTPZTPcanbeforcedlyenabledontheswitchevenifthereisastartupconfigurationpresent.Itcanalsobeforcedlydisabledtonotexecuteevenifthereisnostartupconfiguration.

ZTPcanhaveoneofthefollowingstates:

Default

ForcedlyEnabled

ForcedlyDisabled

ToforcedlyenableZTPontheswitch,usethefollowingcommand:

ToforcedlydisableZTPontheswitch,usethefollowingcommand:

ToresettheZTPtoitsdefaultsetting,usethefollowingcommand:

ToviewthecurrentZTPstate,usethefollowingcommand:

ToviewtheZTPparametersobtainedaftertheZTPprocesshasexecuted,usethefollowingcommand:

Switch(config)#startupzerotouchforceenable

Switch(config)#startupzerotouchforcedisable

Switch(config)#nostartupzerotouchforce

Switch#displayboot

CurrentZTPState:EnableCurrentFLASHsoftware:activeimage:version10.6.0.1,downloaded18:39:47UTCWedSep162015standbyimage:version10.6.0.1,downloaded18:44:40UTCWedSep162015Uboot:version10.6.0.1,downloaded17:49:51UTCThuJul302015CurrentlysettobootsoftwareactiveimageCurrentlyscheduledreboottime:noneCurrentportmode:defaultmode

Switch#displayzerotouch

TFTPserver:10.122.3.69Image:G8xxx10.6.0.1.imgConfiguration:netboot_config_file_G8xxxScript:netboot_G8xxx.py


DHCP IP Address ServicesForremoteswitchadministration,theclientterminaldevicemusthaveavalidIPaddressonthesamenetworkastheswitchinterface.TheIPaddressontheclientdevicemaybeconfiguredmanually,orobtainedautomaticallyusingIPv6statelessaddressconfiguration,oranIPaddressmaybeobtainedautomaticallyviaDHCPrelayasdiscussedinthenextsection.

TheswitchcanfunctionasarelayagentforDHCP.ThisallowsclientstobeassignedanIPaddressforafiniteleaseperiod,reassigningfreedaddresseslatertootherclients.Actingasarelayagent,theswitchcanforwardaclientsIPaddressrequesttouptofiveDHCPservers.Additionally,uptofivedomainspecificDHCPserverscanbeconfiguredforeachofupto10VLANs.

WhenaswitchreceivesaDHCPrequestfromaclientseekinganIPaddress,theswitchactsasaproxyfortheclient.TherequestisforwardedasaUDPunicastMAClayermessagetotheDHCPserversconfiguredfortheclientsVLANortotheglobalDHCPserversifnodomainspecificDHCPserversareconfiguredfortheclientsVLAN.TheserversrespondtotheswitchwithaunicastreplythatcontainstheIPdefaultgatewayandtheIPaddressfortheclient.Theswitchthenforwardsthisreplybacktotheclient.

DHCPisdescribedinRFC2131andtheDHCPrelayagentsupportedontheswitchisdescribedinRFC1542.DHCPusesUserDatagramProtocol(UDP)asitstransportprotocol.Theclientsendsmessagestotheserveronport67andreceivesmessagesfromtheserveronport68.

DHCP Client ConfigurationDHCPisenabledbydefaultonthemanagementinterfaceanddisabledonallotherinterfaces.YoucanenableDHCPonlyonamaximumof10interfaces,includingthemanagementinterface.

ToenableordisableDHCPonaninterface(forexampleethernetinterface1/12),usethefollowingcommand:

forDHCPv4:

forDHCPv6:

Notes:

DHCPcannotbeenabledonaninterfaceconfiguredasaswitchport,onlyonroutingports.

ManuallyconfiguringanIPaddressonaninterfacewilldisableDHCPforthatinterface.

Switch(config)#interfaceethernet1/12Switch(configif)#nobridgeportSwitch(configif)#ipaddressdhcp

Switch(config)#interfaceethernet1/12Switch(configif)#nobridgeportSwitch(configif)#ipv6addressdhcp


DHCPv4 Hostname Configuration (Option 12)TheswitchsupportsDHCPv4hostnameconfigurationasdescribedinRFC2132,option12.DHCPv4hostnameconfigurationisdisabledbydefault.

Theswitchshostnamecanbemanuallyconfiguredusingthefollowingcommand:

Note: Ifthehostnameismanuallyconfigured,theswitchdoesnotreplaceitwiththehostnamereceivedfromtheDHCPv4server.

AfterDHCPconfiguresthehostnameontheswitch,iftheDHCPv4configurationisdisabled,theswitchretainsthehostname.

ToenableordisableDHCPhostnameconfiguration,usethefollowingcommandonaninterface(inthisexample,ethernetport1/12isused):

Toviewthesystemhostnameusethefollowingcommand:

Note: Theswitchpromptalsodisplaysthehostname.

DHCPv4 Syslog Server (Option 7)TheswitchsupportstherequestingoftheSyslogserverIPaddressfromtheDHCPserverasdescribedinRFC2132,option7.TheDHCPv4Syslogserverrequestoptionisdisabledbydefault.Note: ManuallyconfiguredSyslogserverstakepriorityovertheDHCPv4Syslogserver.

UptothreeSyslogserveraddressesreceivedfromtheDHCPv4servercanbeused.TheSyslogserveraddressescanbelearnedoverthemanagementportoranethernetport.

ToenableordisabletheDHCPSyslogserverrequest,usethefollowingcommandonaninterface(inthisexample,ethernetport1/12isused):

ToviewtheSyslogserveraddress,usethefollowingcommand:

Switch(config)#hostname

Switch(config)#interfaceethernet1/12Switch(configif)#[no]ipdhcpclientrequesthostname

Switch>displayhostname

Switch(config)#interfaceethernet1/12Switch(configif)#[no]ipdhcpclientrequestlogserver

Switch>displayloggingserver

Loggingserver:enabled{*2.2.2.1}Serverseverity:debuggingServerfacility:local7Servervrf:data*ValuesassignedbyDHCPClient.


DHCPv4 NTP Server (Option 42)ThisoptionrequesttheDHCPservertoprovidealistofIPaddressesindicatingNetworkTimeProtocol(NTP)serversavailabletotheclient.TheNTPserversarelistedinorderofpreference.TheswitchsupportstherequestingofNTPserversasdescribedinRFC2132,option42.

Bydefault,theswitchdoesnotincludethisrequestinDHCPv4messages.Toenableordisablethisoptiononaninterface,usethefollowingcommand(inthisexample,ethernetport1/12isused):

Note: AnymanuallyconfiguredNTPserverwillnotbeoverwrittenbytheNTPserversreceivedviaDHCPv4.

ToviewthelistofNTPservers,usethefollowingcommand:

DHCPv4 Vendor Class Identifier (Option 60)ThisoptionisusedbyaDHCPclienttoidentifyitselftotheDHCPserver.ItisusedtodefinethevendortypeandfunctionalityoftheDHCPclient.TheDHCPclientcancommunicatetoaserverthatitusesaspecifictypeofhardwareorsoftwarebyspecifyingitsVendorClassIdentifier(VCI).

TheswitchsupportstheidentifyingofaTFTPserverasdescribedinRFC2132,option60.

EachswitchinterfacecanbeconfiguredwithadifferentVCI.

Bydefault,theswitchwillincludethisoptioninDHCPv4packets.ToenableordisabletheidentificationofTFTPserversusethefollowingcommand(inthisexample,ethernetport1/12isused):

Note: DependingontheLenovoRackSwitch,thedefaultVCIisdifferent. fortheLenovoRackSwitchG8272,thedefaultVCIisLENOVOG8272 fortheLenovoRackSwitchG8296,thedefaultVCIisLENOVOG8296 fortheLenovoRackSwitchG8332,thedefaultVCIisLENOVOG8332 fortheLenovoRackSwitchNE2572,thedefaultVCIisLENOVONE2572 fortheLenovoRackSwitchNE10032,thedefaultVCIisLENOVONE10032 fortheLenovoRackSwitchNE1032,thedefaultVCIisLENOVONE1032 fortheLenovoRackSwitchNE1032T,thedefaultVCIisLENOVONE1032T fortheLenovoRackSwitchNE1072T,thedefaultVCIisLENOVONE1072T

Switch(config)#interfaceethernet1/12Switch(configif)#[no]ipdhcpclientrequestntpserver

Switch>displayntppeers

Switch(config)#interfaceethernet1/12Switch(configif)#[no]ipdhcpclientclassid

lenovo network application guide for lenovo cloud...

Documents