Enterasys Securestack C3
One of the Force10_S50s failed (flapping all its links uncontrollably), so an Enterasys Securestack C3G124-48P has been acquired from eBay.
Quick specs:
- 48 1000baseT ports
- 4 SFP ports that can assume the roles of 1000baseT ports 45-48
- 2 proprietary stacking ports in the back
- DB-9 (DE-9, actually) serial console port on the front wired as DTE. Use a standard null modem cable to talk to this.
This switch is Broadcom based.
Wiping the existing config
Attach a console cable, run terminal program, set port to 9600-8n1, no carrier detect, no flow control. Power on the switch and let it boot completely. Follow the process as documented at https://community.extremenetworks.com/extreme/topics/password_recovery_for_the_securestack_series-1jwf24 to reset the switch's passwords:
- While the switch is operational, press and hold the Reset button for five seconds, then release.
- A "Password Reset button has been pressed" message will display on the cli console and in the current.log (5487).
- The admin, rw, and ro login passwords will be reset to <enter>; and with C2 f/w 3.01.45 and higher, the boot menu password will be reset to the default value of "administrator" (5551).
From here, log in to the console as the rw user. Its password is now blank. Issuing the clear config command will do the expected (wipe the saved configuration) and reboot the switch. The reset button is small and unlabeled, located on the back of the chassis, to the right of one of the stacking connectors.
Basic setup
Configuration of these switches is somewhat different than the Cisco IOS influenced setup of most other managed switches on the market. Changes are made through a series of set commands. Look for a manual called the "SecureStack C3 Stackable Switches Configuration Guide" with Google for information. We'll highlight changes made in this wiki page. Command line tab completion and "?" inline help work as in most other switches.
change factory default passwords
Log in to the switch as a user with super-user privileges. (Super users can make config changes as well as administer switch users.) The factory default super user account is admin. Listing user accounts:
C3(su)->show system login Password history size: 0 Password aging : disabled Username Access State admin super-user enabled ro read-Only enabled rw read-write enabled C3(su)->
And changing a user's password:
C3(su)->set system login admin super-user enable password newpassword C3(su)->
Repeat for the other user accounts:
C3(su)->set system login rw read-write enable password newpassword C3(su)->set system login ro read-only enable password newpassword C3(su)->
Assign an IP address to the switch
I like to put my switches' management IPs at the top of the range for each of the subnets they are on. 172.16.0.0/24 is the main inside subnet here. So log in to the switch as rw or similar and give it an IP like so:
C3(rw)->set ip address 172.16.0.254 mask 255.255.255.0 C3(rw)->
Checking its IP address is similar:
C3(rw)->show ip address Name Address Mask ------------ ------------- ----------------- host 172.16.0.254 255.255.255.0 C3(rw)->
Or set it to be a DHCP client
C3(rw)->set ip protocol dhcp Changing protocol mode will reset ip configuration. Are you sure you want to continue? (y/n)y C3(rw)->save config Saving Configuration to stacking members C3(rw)->
Naturally, the DHCP server's config needs some updates to include this device.
IPv6, anyone?
C3(rw)->set ipv6 enable C3(rw)->show ipv6 address Name IPv6 Address ----- ---------------------------------------- host FE80::21F:45FF:FE85:1738/64 C3(rw)->
Pinging that from a host system works as expected:
adj@stuff-puter:~$ ping6 -c 3 fe80::21f:45ff:fe85:1738%eth0 PING fe80::21f:45ff:fe85:1738%eth0(fe80::21f:45ff:fe85:1738) 56 data bytes 64 bytes from fe80::21f:45ff:fe85:1738: icmp_seq=1 ttl=64 time=0.906 ms 64 bytes from fe80::21f:45ff:fe85:1738: icmp_seq=2 ttl=64 time=1.08 ms 64 bytes from fe80::21f:45ff:fe85:1738: icmp_seq=3 ttl=64 time=0.735 ms --- fe80::21f:45ff:fe85:1738%eth0 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 0.735/0.908/1.083/0.142 ms adj@stuff-puter:~$
Turn on ye olde SSH server
RS-232 is so 1960s...
C3(rw)->set ssh enabled SSH hostkey generation initiated. Process should complete in 60 seconds. C3(rw)->
My SSH client (Debian 7 (openssh-client 1:6.0p1-4+deb7u2)) is unable to negotiate a cipher and MAC spec that works with this switch. Selecting them on the command line as follows works, though:
adj@sacredchao:~$ ssh -c aes128-cbc -m hmac-sha1 rw@theswitchdnsname
And it works over IPv6, too:
adj@sacredchao:~$ ssh -c aes128-cbc -m hmac-sha1 rw@fe80::21f:45ff:fe85:1738%br0 rw@fe80::21f:45ff:fe85:1738%br0's password: Enterasys SecureStack C3 Command Line Interface Enterasys Networks, Inc. 50 Minuteman Rd. Andover, MA 01810-1008 U.S.A. Phone: +1 978 684 1000 E-mail: support@enterasys.com WWW: http://www.enterasys.com (c) Copyright Enterasys Networks, Inc. 2011 Chassis Serial Number: 10300519225N Chassis Firmware Revision: 05.02.18.0002 C3(rw)->
configuration backup
Now that the switch has an IP address, let's make a copy of its configuration.
First step, make a copy of the current config and save it on the switch:
C3(su)->show config all outfile configs/2015-05-21T2230.cfg Overwrite existing file (y/n) [n]?y C3(su)->
Next, save it to a writeable TFTP server somewhere convenient:
C3(su)->copy configs/2015-05-21T2230.cfg tftp://tftp_server_IP_or_name/2015-05-21T2230.cfg Error: File transfer failed! C3(su)->