Difference between revisions of "Enterasys Securestack C3"
| Line 196: | Line 196: | ||
C3(rw)-> |
C3(rw)-> |
||
Note that port ge.1.16 has 2 neighbors. The first is the Cisco wireless access point running CDP, and the second is a wifi client running LLDP. SEP000CCE91C797 on port ge.1.32 is a Cisco VoIP phone that's getting its power from the switch. Power over Ethernet (PoE) will be discussed in another section. |
Note that port ge.1.16 has 2 neighbors. The first is the Cisco wireless access point running CDP, and the second is a wifi client running LLDP. SEP000CCE91C797 on port ge.1.32 is a Cisco VoIP phone that's getting its power from the switch. Power over Ethernet (PoE) will be discussed in another section. |
||
| + | |||
| + | == VLANs == |
||
| + | SecureStack C3 switches (or stack of C3s switches) support up to 1000 VLANs. |
||
| + | |||
| + | === create a new VLAN (and add some settings) === |
||
| + | C3(rw)->'''set vlan create 900''' |
||
| + | It is also possible to create ranges of VLANs in one go: |
||
| + | C3(rw)->'''set vlan create 200-299''' |
||
== Let's span our trees! == |
== Let's span our trees! == |
||
Revision as of 16:06, 14 June 2015
One of the Force10_S50s failed (flapping all its links uncontrollably), so an Enterasys Securestack C3G124-48P has been acquired from eBay.
Quick specs:
- 48 1000baseT ports
- 4 SFP ports that can assume the roles of 1000baseT ports 45-48
- 2 proprietary stacking ports in the back
- DB-9 (DE-9, actually) serial console port on the front wired as DTE. Use a standard null modem cable to talk to this.
This switch is Broadcom based.
Wiping the existing config
Attach a console cable, run terminal program, set port to 9600-8n1, no carrier detect, no flow control. Power on the switch and let it boot completely. Follow the process as documented at https://community.extremenetworks.com/extreme/topics/password_recovery_for_the_securestack_series-1jwf24 to reset the switch's passwords:
- While the switch is operational, press and hold the Reset button for five seconds, then release.
- A "Password Reset button has been pressed" message will display on the cli console and in the current.log (5487).
- The admin, rw, and ro login passwords will be reset to <enter>; and with C2 f/w 3.01.45 and higher, the boot menu password will be reset to the default value of "administrator" (5551).
From here, log in to the console as the rw user. Its password is now blank. Issuing the clear config command will do the expected (wipe the saved configuration) and reboot the switch. The reset button is small and unlabeled, located on the back of the chassis, to the right of one of the stacking connectors.
Basic setup
Configuration of these switches is somewhat different than the Cisco IOS influenced setup of most other managed switches on the market. Changes are made through a series of set commands. Look for a manual called the "SecureStack C3 Stackable Switches Configuration Guide" with Google for information. We'll highlight changes made in this wiki page. Command line tab completion and "?" inline help work as in most other switches.
change factory default passwords
Log in to the switch as a user with super-user privileges. (Super users can make config changes as well as administer switch users.) The factory default super user account is admin. Listing user accounts:
C3(su)->show system login Password history size: 0 Password aging : disabled Username Access State admin super-user enabled ro read-Only enabled rw read-write enabled C3(su)->
And changing a user's password:
C3(su)->set system login admin super-user enable password newpassword C3(su)->
Repeat for the other user accounts:
C3(su)->set system login rw read-write enable password newpassword C3(su)->set system login ro read-only enable password newpassword C3(su)->
Assign an IP address to the switch
I like to put my switches' management IPs at the top of the range for each of the subnets they are on. 172.16.0.0/24 is the main inside subnet here. So log in to the switch as rw or similar and give it an IP like so:
C3(rw)->set ip address 172.16.0.254 mask 255.255.255.0 C3(rw)->
Checking its IP address is similar:
C3(rw)->show ip address Name Address Mask ------------ ------------- ----------------- host 172.16.0.254 255.255.255.0 C3(rw)->
Or set it to be a DHCP client
C3(rw)->set ip protocol dhcp Changing protocol mode will reset ip configuration. Are you sure you want to continue? (y/n)y C3(rw)->save config Saving Configuration to stacking members C3(rw)->
Naturally, the DHCP server's config needs some updates to include this device.
IPv6, anyone?
C3(rw)->set ipv6 enable C3(rw)->show ipv6 address Name IPv6 Address ----- ---------------------------------------- host FE80::21F:45FF:FE85:1738/64 C3(rw)->
Pinging that from a host system works as expected:
adj@stuff-puter:~$ ping6 -c 3 fe80::21f:45ff:fe85:1738%eth0 PING fe80::21f:45ff:fe85:1738%eth0(fe80::21f:45ff:fe85:1738) 56 data bytes 64 bytes from fe80::21f:45ff:fe85:1738: icmp_seq=1 ttl=64 time=0.906 ms 64 bytes from fe80::21f:45ff:fe85:1738: icmp_seq=2 ttl=64 time=1.08 ms 64 bytes from fe80::21f:45ff:fe85:1738: icmp_seq=3 ttl=64 time=0.735 ms --- fe80::21f:45ff:fe85:1738%eth0 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 0.735/0.908/1.083/0.142 ms adj@stuff-puter:~$
Turn on ye olde SSH server
RS-232 is so 1960s...
C3(rw)->set ssh enabled SSH hostkey generation initiated. Process should complete in 60 seconds. C3(rw)->
My SSH client (Debian 7 (openssh-client 1:6.0p1-4+deb7u2)) is unable to negotiate a cipher and MAC spec that work with this switch. Selecting them on the command line as follows works, though:
adj@sacredchao:~$ ssh -c aes128-cbc -m hmac-sha1 rw@theswitchdnsname
And it works over IPv6, too:
adj@sacredchao:~$ ssh -c aes128-cbc -m hmac-sha1 rw@fe80::21f:45ff:fe85:1738%br0 rw@fe80::21f:45ff:fe85:1738%br0's password: Enterasys SecureStack C3 Command Line Interface Enterasys Networks, Inc. 50 Minuteman Rd. Andover, MA 01810-1008 U.S.A. Phone: +1 978 684 1000 E-mail: support@enterasys.com WWW: http://www.enterasys.com (c) Copyright Enterasys Networks, Inc. 2011 Chassis Serial Number: 10300519225N Chassis Firmware Revision: 05.02.18.0002 C3(rw)->
configuration backup
The low-tech way
Just get a screen capture:
C3(rw)->set length 0 C3(rw)->show config This command shows non-default configurations only. Use 'show config all' to show both default and non-default configurations. begin ! #***** NON-DEFAULT CONFIGURATION ***** ! ! #Router Configuration #arp ! #arpinspection ! [and so on, through all the config sections]
Note here that all of the set ... commands can be pasted back into the switch to rebuild the configuration.
Higher tech: using TFTP
Since the switch has an IP address, let's make a copy of its configuration over the network:
First step, make a copy of the current config and save it on the switch:
C3(su)->show config all outfile configs/2015-05-21T2230.cfg Overwrite existing file (y/n) [n]?y C3(su)->
Next, save it to a writeable TFTP server somewhere convenient:
C3(su)->copy configs/2015-05-21T2230.cfg tftp://tftp_server_IP_or_name/2015-05-21T2230.cfg File transfer operation completed successfully. C3(rw)->
This may require some work on the TFTP server end. On Debian 7, running tftpd-hpa, the target file must already exist and be world-writeable
christening
Names are nice shorthand for "Enterasys Securestack C3G124-48P serial number 10300519225N located at elevation 45 in the first rack in the basement data center." We'll call this one thelowerenterasysswitch (which is not much better, really. But illustrative.)
C3(rw)->set system name "thelowerenterasysswitch"
LLDP -- who's that talking on my ports?
Enable LLDP on all ports:
C3(rw)->set lldp port status both ge.1.1-48 C3(rw)->save config
LLDP is an IEEE protocol. Cisco has its own equivalent called Cisco Discovery Protocol or CDP. (The Enterasys (now Extreme Networks) folks will tell you it started as "Cabletron Discovery Protocol" and Cisco licensed it long ago. Regardless, they do pretty much the same thing.) Let's see who is plugged in:
C3(rw)->show neighbors Port Device ID Port ID Type Network Address --------------------------------------------------------------------------------- ge.1.2 theciscowap GigabitEthernet0 ciscodp 172.16.0.252 ge.1.16 thekitchenciscow GigabitEthernet0 ciscodp 172.16.0.253 ge.1.16 00:27:13:65:A7:31 00-26-C6-6A-DD-84 lldp 10.255.224.8 ge.1.32 SEP000CCE91C797 Port 1 ciscodp 172.16.0.24 C3(rw)->
Note that port ge.1.16 has 2 neighbors. The first is the Cisco wireless access point running CDP, and the second is a wifi client running LLDP. SEP000CCE91C797 on port ge.1.32 is a Cisco VoIP phone that's getting its power from the switch. Power over Ethernet (PoE) will be discussed in another section.
VLANs
SecureStack C3 switches (or stack of C3s switches) support up to 1000 VLANs.
create a new VLAN (and add some settings)
C3(rw)->set vlan create 900
It is also possible to create ranges of VLANs in one go:
C3(rw)->set vlan create 200-299
Let's span our trees!
The various IEEE spanning tree protocols (802.1D Spanning Tree Protocol (STP), 802.1w Rapid Spanning Tree Protocol (RSTP), and 802.1s Multiple Spanning Tree Protocol (MSTP), prevent loops in an multi-switch Ethernet environment.
Turn on Multiple Spanning Tree Protocol (802.1s)
C3(rw)->set spantree version mstp