Professional Documents
Culture Documents
Users Guide
Version 1.1
Copyright 2006 International Business Machines Corporation. All rights reserved. Reference Number: 322573-B This document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. Documentation is provided as is without warranty of any kind, either express or implied, including any kind of implied or express warranty of non-infringement or the implied warranties of merchantability or fitness for a particular purpose. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Cisco and EtherChannel are registered trademarks of Cisco Systems, Inc. in the United States and certain other countries. Any other trademarks appearing in this manual are owned by their respective companies. Originated in the U.S.A.
2
31R1755, August 2006
Contents
Preface 5 Who Should Use This Guide 5 What Youll Find in This Guide 5 Typographic Conventions 6 How to Get Help 7 Overview of Server Connectivity Module Operation 9 Server Connectivity Module Quick Start 10 Configuring the BladeCenter Management Module 10 Configuring the Upstream Networking Device 10 Configuring the BladeCenter Processor Blades 11 Accessing the Server Connectivity Module 13 Management module setup 14 Management Module version 1 14 Factory default vs. MM assigned IP addresses 14 Configuring management module version 1 default gateway 15 Configuring management module version 1 for switch access 15 Advanced Management Module 17 Assigned IP Addresses 17 Configuring advanced management module for access 18 Using Telnet 20 Connect to the Server Connectivity Module via SSH 20 Using the Browser-Based Interface 20 Access via HTTP 21 Access via HTTPS 21 Securing Access to the Server Connectivity Module 22 Setting Allowable Source IP Address Ranges 23 Configuring an IP Address Range for the Management Network 23 RADIUS Authentication and Authorization 24
1
31R1755, August 2006
How RADIUS Authentication Works 24 Configuring RADIUS 24 RADIUS Authentication Features 25 User Accounts 27 RADIUS Attributes for SCM User Privileges 27 TACACS+ Authentication 28 How TACACS+ Authentication Works 28 TACACS+ Authentication Features 28 Authorization 29 Accounting 29 Command Authorization and Logging 30 Configuring TACACS+ Authentication 31 Secure Shell and Secure Copy 32 Configuring SSH/SCP features 33 Configuring the SCP Administrator Password 34 Using SSH and SCP Client Commands 34 To apply and save the configuration 35 SSH and SCP Encryption of Management Messages 36 Generating RSA Host and Server Keys for SSH Access 36 SSH/SCP Integration with Radius Authentication 37 SSH/SCP Integration with TACACS+ Authentication 37 End User Access Control 38 Considerations for Configuring End User Accounts 38 Configuring End-User Access Control 39 Defining a Users Access Level 40 Validating a Users Configuration 40 Listing Current Users 40 Enabling or Disabling a User 40 Logging into an End User Account 41 Port Groups, VLANs, and Trunking 43 Port Groups 43 Port Group Characteristics 43 Configuring Port Groups 44 VLANs 45 802.1Q VLAN Tagging 45 Configuring VLANs 46
2
31R1755, August 2006
Trunking 46 Statistical Load Distribution 47 Built-In Fault Tolerance 48 Trunk group configuration rules 48 Link Aggregation Control Protocol 48 Layer 2 Failover 49 Setting the Failover Limit 49 Layer 2 Failover Configuration 50 IGMP Snooping 50 Command Reference 51 CLI Menus 52 Menu Summary 52 Viewing, Applying, and Saving Changes 54 Viewing Pending Changes 55 Applying Pending Changes 55 Saving the Configuration 55 Updating the Software Image 56 Loading New Software 56 Using the CLI 57 Selecting a Software Image to Run 58 Uploading a Software Image from the Server Connectivity Module 59 Selecting a Configuration Block 60 Resetting the Server Connectivity Module 61 Using the BBI 63 Requirements 63 Web Browser Set Up 64 Starting the BBI 64 Status Window 68 Link Status 68 Menu Window 69 Configuration Window 69 Command Buttons 70
3
31R1755, August 2006
4
31R1755, August 2006
Preface
The Server Connectivity Module Users Guide describes how to configure and use the software on the Server Connectivity Module for IBM BladeCenter. For documentation on installing the module physically, see the Installation Guide for your Server Connectivity Module (SCM).
5
31R1755, August 2006
Chapter 5, Using the BBI, provides an overview of the Browser-Based Interface (BBI) that enables you to view and configure the SCM.
Typographic Conventions
The following table describes the typographic styles used in this book. Table 1 Typographic Conventions
Typeface or Symbol AaBbCc123 Meaning This type is used for names of commands, files, and directories used within the text. Example View the readme.txt file.
It also depicts on-screen computer output and Main# prompts. AaBbCc123 This bold type appears in command examples. It shows text that must be typed in exactly as shown. Main# sys
<AaBbCc123> This italicized type appears in command To establish a Telnet session, enter: examples as a parameter placeholder. Replace host# telnet <IP address> the indicated text with the appropriate real name or value when using the command. Do not type the brackets. This also shows book titles, special terms, or words to be emphasized. [ ] Command items shown inside brackets are optional and can be used or excluded as the situation demands. Do not type the brackets. Read your Users Guide thoroughly. host# ls [-a]
: Preface
31R1755, August 2006
: Preface
31R1755, August 2006
: Preface
31R1755, August 2006
CHAPTER 1
9
31R1755, August 2006
The SCM permits effective management of the server blades using the Serial Over LAN (SOL) feature over a VLAN dedicated to the BladeCenter management module. If no external ports are enabled, Layer 2 Failover must be disabled to use SOL. Most users will find the Browser-based Interface (BBI) adequate for configuring and using the SCM. However, a command-line interface (CLI) is available for users familiar with the CLI, or who want to use scripting facilities.
10
If more than one link is required to the SCM, configure a static link aggregation group (also referred to as a trunk group or EtherChannel) to include all of the ports that are being connected.
11
12
CHAPTER 2
13
31R1755, August 2006
14
NOTE SCMs installed in Bay 1 and Bay 2 connect to server NICs 1 and 2, respectively. However, Windows operating systems show that SCMs installed in Bay 3 and Bay 4 connect to server NICs 4 and 3, respectively.
2.
15
3.
Select Configuration on the I/O Module Tasks menu on the left side of the BladeCenter Management Module window. See Figure 2-2.
4.
You can use the default IP addresses provided by the management module, or you can assign a new IP address to the SCM through the management module. You can assign this IP address through one of the following methods: Manually through the management module Automatically through the IBM Director Configuration Wizard (available in Director release 4.21) NOTE If you change the IP address of the SCM, make sure that the SCM and the management module both reside on the same subnet.
5.
Enable the following features in the management module: External Ports (I/O Module Tasks > Admin/Power/Restart > Advance Setup)
16
The default value is Disabled. If this feature is not already enabled, change the value to Enabled, then Save. NOTE In Advanced Configuration > Advanced Setup, enable Preserve new IP configuration on all switch resets, to retain the SCMs IP interface when you restore factory defaults. This setting preserves the management ports IP address in the management modules memory, so you maintain connectivity to the management module after a reset. You now can start a Telnet session, Browser-Based Interface (Web) session, a Secure Shell session, or a secure HTTPS session to the SCM.
17
Figure 2-1 SCM network protocol settings in the advanced management module NOTE Server Connectivity Modules (SCMs) installed in Bay 1 and Bay 2 connect to server NICs 1 and 2, respectively. However, Windows operating systems show that SCMs installed in Bay 3 and Bay 4 connect to server NICs 4 and 3, respectively.
2.
18
3.
Select Configuration on the I/O Module Tasks menu on the left side of the BladeCenter Advanced Management Module window. See Figure 2-2.
Figure 2-2 Server Connectivity Module management on the BladeCenter management module You can now start a Telnet session, Browser-Based Interface (Web) session, a Secure Shell session, or a secure HTTPS session to the SCM. For TCP/IP applications to work with the SCM, a route path must exist between your workstation and the management module. NOTE SCM access through the USB serial port is not supported.
19
Using Telnet
Telnet is used to access the SCMs command-line interface. Telnet can be launched from the management module interface, or by using a local Telnet application on your workstation. NOTE If you cannot access the Server Connectivity Module (SCM) using Telnet or the Browser-Based Interface (web), try to ping the SCMs IP address from management module. If the ping fails, the management module is not configured correctly. To use Telnet from the management module, choose I/O Module Tasks > Configuration from the navigation pane on the left. Select a bay number and click Advanced Configuration > Start Telnet/Web Session > Start Telnet Session. A Telnet window opens a connection to the SCM (requires Java 1.4 Plug-in). To establish a Telnet connection with the SCM from your workstation, you can run the Telnet program and issue the Telnet command, followed by the management module IP address and the Telnet port for the SCM. For example:
telnet <management module IP address> 1023
20
Before you can access the BBI via HTTPS, you must generate a certificate to be used during the key exchange. Use the CLI command below to generate the HTTPS certificate. A default certificate is created the first time you enable HTTPS, but you can create a new certificate defining the information you want to be used in the various fields.
>> /cfg/sys/access/https/generate Country Name (2 letter code) [ ]: <country code> State or Province Name (full name) []: <state> Locality Name (eg, city) []: <city> Organization Name (eg, company) []: <company> Organizational Unit Name (eg, section) []: <org. unit> Common Name (eg, YOUR name) []: <name> Email (eg, email address) []: <email address> Confirm generating certificate? [y/n]: y Generating certificate. Please wait (approx 30 seconds) restarting SSL agent
To access the SCM via the Browser-Based Interface, open a Web browser window and type in the URL using the IP interface address of the management module IP address and the HTTPS port for the SCM. For example:
https://<management module IP address>: 1443
You can save the certificate to flash for use if the SCM is rebooted. To save the certificate, use the following command: /cfg/sys/access/https/certsave. When a client (e.g. web browser) connects to the SCM, the client is asked to accept the certificate and can verify that the fields are what the client expected. Once BBI access is granted to the client, you can use the BBI as described in Using the BBI.
Chapter 2: Accessing the Server Connectivity Module
31R1755, August 2006
21
22
In this example, the management network is set to 192.192.192.0 and management mask is set to 255.255.255.128. This defines the following range of allowed IP addresses: 192.192.192.1 to 192.192.192.127. The following source IP addresses are granted or not granted access to the SCM: A host with a source IP address of 192.192.192.21 falls within the defined range and would be allowed to access the SCM. A host with a source IP address of 192.192.192.192 falls outside the defined range and is not granted access. To make this source IP address valid, you would need to shift the host to an IP address within the valid range specified by the mgmt setting, or modify the management address to be 192.192.192.128. This would put the 192.192.192.192 host within the valid range allowed by the configured management network (192.192.192.128-255).
23
3. 4.
Configuring RADIUS
On the BBI, choose Miscellaneous Settings > Remote User Administration to configure RADIUS authentication. On the command-line interface, use the following procedure to configure RADIUS authentication on the Server Connectivity Module (SCM).
24
1.
Turn RADIUS authentication on, then configure the Primary and Secondary RADIUS servers.
>> Main# /cfg/sys/radius (Select the RADIUS Server menu) >> RADIUS Server# on (Turn RADIUS on) Current status: OFF New status: ON >> RADIUS Server# prisrv 10.10.1.1 (Enter primary server IP) Current primary RADIUS server: 0.0.0.0 New pending primary RADIUS server: 10.10.1.1 >> RADIUS Server# secsrv 10.10.1.2 (Enter secondary server IP) Current secondary RADIUS server: 0.0.0.0 New pending secondary RADIUS server: 10.10.1.2
2.
3.
If desired, you may change the default UDP port number used to listen to RADIUS. The well-known port for RADIUS is 1645.
>> RADIUS Server# port Current RADIUS port: 1645 Enter new RADIUS port [1500-3000]: <port number>
4.
Configure the number retry attempts for contacting the RADIUS server, and the timeout period.
>> RADIUS Server# retries Current RADIUS server retries: 3 Enter new RADIUS server retries [1-3]: < server retries> >> RADIUS Server# time Current RADIUS server timeout: 3 Enter new RADIUS server timeout [1-10]: 10 (Enter the timeout period in minutes)
25
Supports secondary authentication server so that when the primary authentication server is unreachable, the SCM can send client authentication requests to the secondary authentication server. Use the /cfg/sys/radius/cur command to show the currently active RADIUS authentication server. Supports user-configurable RADIUS server retry and time-out values: Time-out value = 1-10 seconds Retries = 1-3 The SCM will time out if it does not receive a response from the RADIUS server in 1-3 retries. The SCM will automatically retry connecting to the RADIUS server before it declares the server down. Supports user-configurable RADIUS application port. The default is 1645/UDP-based on RFC 2138. Port 1812 is also supported. Allows network administrator to define privileges for one or more specific users to access the SCM at the RADIUS user database. SecurID is supported if the RADIUS server can do an ACE/Server client proxy. The password is the PIN number, plus the token code of the SecurID card.
26
User Accounts
The user accounts listed in Table 2-2 can be defined in the RADIUS server dictionary file. Table 2-2 User Access Levels
User Account User Description and Tasks Performed Password
user The User has no direct responsibility for SCM management. The User can view all status information and statistics but cannot make any configuration changes to the SCM. The Operator manages all functions of the SCM. The Operator can reset ports or the entire SCM. The Administrator has complete access to all menus, information, and configuration commands on the SCM, including the ability to change both the user and administrator passwords. oper
Operator
Administrator
admin
27
TACACS+ Authentication
The Server Connectivity Module (SCM) supports authentication and authorization with networks using the Cisco Systems TACACS+ protocol. The SCM functions as the Network Access Server (NAS) by interacting with the remote client and initiating authentication and authorization sessions with the TACACS+ access server. The remote user is defined as someone requiring management access to the SCM either through a data or management port. TACACS+ offers the following advantages over RADIUS: TACACS+ uses TCP-based connection-oriented transport; whereas RADIUS is UDP-based. TCP offers a connection-oriented transport, while UDP offers best-effort delivery. RADIUS requires additional programmable variables such as re-transmit attempts and time-outs to compensate for best-effort transport, but it lacks the level of built-in support that a TCP transport offers. TACACS+ offers full packet encryption whereas RADIUS offers password-only encryption in authentication requests. TACACS+ separates authentication, authorization and accounting.
3. 4.
28
Authorization
Authorization is the action of determining a users privileges on the device, and usually takes place after authentication. The mapping between TACACS+ authorization levels and SCM management access levels is shown in Table 2-4. The authorization levels must be defined on the TACACS+ server. Table 2-4 SCM-proprietary Attributes for TACACS+
User Access Level user oper admin TACACS+ level 0 3 6
If the remote user is successfully authenticated by the authentication server, the SCM verifies the privileges of the remote user and authorize the appropriate access. The administrator has an option to allow backdoor access via Telnet. The default is disable for Telnet access. NOTE To obtain the TACACS+ backdoor password for your Server Connectivity Module, contact your IBM Service and Support line.
Accounting
Accounting is the action of recording a user's activities on the device for the purposes of billing and/or security. It follows the authentication and authorization actions. If the authentication and authorization is not performed via TACACS+, there are no TACACS+ accounting messages sent out. You can use TACACS+ to record and track software logins, configuration changes, and interactive commands. The SCM supports the following TACACS+ accounting attributes: protocol (console/telnet/ssh/http) start_time stop_time elapsed_time disc-cause
29
NOTE When using the Browser-Based Interface, the TACACS+ Accounting Stop records are sent only if the Quit button on the browser is clicked.
The following rules apply to TACACS+ command authorization and logging: Only commands from Telnet or SSH connection are sent for authorization and logging. BBI or file-copy commands (for example, TFTP or sync) are not sent. Only leaf-level commands are sent for authorization and logging. For example, /cfg is not sent, but /cfg/sys/access/user/uid is sent. The full path of each command is sent for authorization and logging. For example, /cfg/sys/tacacs/cauth. Command arguments are not sent for authorization. For /cauth ena, only /cauth is authorized. The command and its first argument are logged, if issued on the same line. Only executed commands are logged. Invalid commands are checked by the software, and are not sent for authorization or logging. Authorization is performed on each leaf-level command separately. If the user issues multiple commands at once, each command is sent separately as a full path.
30
Only the following global commands are sent for authorization and logging: apply diff ping revert save telnet traceroute
2.
3.
If desired, you may change the default TCP port number used to listen to TACACS+. The well-known port for TACACS+ is 49.
>> TACACS+ Server# port Current TACACS+ port: 49 Enter new TACACS+ port [1-65000]: <port number>
31
4.
5.
32
Mac X OpenSSH Solaris 8 OpenSSH AxeSSH SSHPro SSH Communications Vandyke SSH A F-Secure
NOTE You cannot turn SSH off from your Telnet connection. SSH can be turned off only through a direct connection to the serial console port from a technical support representative, or by resetting the SCM to factory defaults.
33
SSHD# apply
RSA host key generation starts ............................................................. ...................................................... RSA host key generation completes (lasts 212549 ms) RSA host key is being saved to Flash ROM, please don't reboot the box immediately.
RSA server key generation starts ............................................................ RSA server key generation completes (lasts 75503 ms) RSA server key is being saved to Flash ROM, please don't reboot the box immediately. -----------------------------------------------------------------Apply complete; don't forget to "save" updated configuration. >> # /cfg/sys/sshd/dis
34
Example:
>> # ssh 205.178.15.157 1022 >> # ssh -l <login-name> 205.178.15.157 1022 (Login to the SCM)
Example:
>> # scp 205.178.15.157 1022:getcfg ad4.cfg
Example:
>> # scp ad4.cfg 205.178.15.157 1022:putcfg
The diff command is automatically executed at the end of putcfg to notify the remote client of the difference between the new and the current configurations. putcfg_apply runs the apply command after the putcfg is done.
Chapter 2: Accessing the Server Connectivity Module
31R1755, August 2006
35
putcfg_apply_save saves the new configuration to the flash after putcfg_apply is done. The putcfg_apply and putcfg_apply_save commands are provided because extra apply and save commands are usually required after a putcfg; however, an SCP session is not in an interactive mode at all.
These two commands take effect immediately without the need of an apply command.
36
When the SCM reboots, it retrieves the host and server keys from the FLASH memory. If these two keys are not available in the flash and if the SSH server feature is enabled, the SCM automatically generates them during the system reboot. This process may take several minutes to complete. The SCM can also automatically regenerate the RSA server key. To set the interval of RSA server key autogeneration, use this command:
>> # /cfg/sys/sshd/intrval <number of hours (0-24)>
A value of 0 denotes that RSA server key autogeneration is disabled. When greater than 0, the SCM autogenerates the RSA server key every specified interval; however, RSA server key generation is skipped if the SCM is busy doing other key or cipher generation when the timer expires. NOTE The Server Connectivity Module (SCM) performs only one session of key/cipher generation at a time. Thus, an SSH/SCP client will not be able to log in if the SCM is performing key generation at that time, or if another client has logged in immediately prior. Also, key generation will fail if an SSH/SCP client is logging in at that time.
SecurID Support
SSH/SCP can also work with SecurID, a token card-based authentication method. The use of SecurID requires the interactive mode during login, which is not provided by the SSH connection. NOTE There is no Browser-Based Interface (BBI) support for SecurID because the SecurID server, ACE, is a one-time password authentication and requires an interactive session.
37
38
SCM software supports end user support for Telnet access to the SCM. As a result, only very limited access is granted to the primary administrator under the BBI/SSH1 mode of access. If RADIUS authentication is used, the user password on the Radius server overrides the user password on the SCM. Also note that the password change command only modifies the SCM password and has no effect on the user password on the Radius server. RADIUS authentication and user password cannot be used concurrently to access the SCM. Passwords can be up to 128 characters in length for TACACS, RADIUS, Telnet, SSH, and Web access.
The following command allows you to configure one of the 10 end-user IDs.
/cfg/sys/access/user/uid 1
The following command sequence allows you to define a user name and password.
>> User ID 1 # name bill Current user name: New user name: bill (Assign name bill to user ID 1)
The following command sequence allows you to change the users password.
>> User ID 1 # pswd Changing user password; validation required: Enter current admin password: <current administrator password> Enter new user password: <new user password> Re-enter new user password: <new user password> New user password accepted.
39
40
41
42
CHAPTER 3
Port Groups
SCM ports can be combined into Port Groups. Up to six Port Groups are available in the SCM. Each Port Group should contain both internal server ports (INT1-INT14) and external ports (EXT1-EXT6). NOTE The port references that appear in this document might differ slightly from your system. The number of ports is based on the type of BladeCenter unit that you are using and the firmware versions and options that are installed. VLANs and Link Aggregation Groups (trunks) are configured automatically for the Port Group. No network loops are allowed in the configuration. All external ports in the Port Group form a trunk group (static trunk or Link Aggregation Group).
43
31R1755, August 2006
Each port in the Port Group is a member of a unique, untagged VLAN. Tagged VLANs (1-4094) can be assigned to each Port Group. Tagged VLANs cannot be configured across multiple Port Groups.
To enable Layer 2 Failover, LACP, or IGMP Snooping for the Port Group, choose Miscellaneous Settings > Uplink/Group.
44
VLANs
Virtual LANs (VLANs) are commonly used to split up groups of network users into manageable broadcast domains, to create logical segmentation of workgroups, and to enforce security policies among logical segments. The default SCM configuration has two VLANS: The default VLAN is an untagged VLAN used for data traffic, and contains both external ports and internal server-blade ports. VLAN 4095 is used by the management network, which includes the management ports and (by default) the internal blade ports. This configuration allows Serial over LAN (SoL) management, a feature available on certain server blades. VLAN 4095 configuration cannot be modified.
45
Configuring VLANs
On the BBI, choose Non-Default Virtual LANs to create VLANs and assign them to Port Groups.
1. 2. 3.
Click Add VLAN to configure a new VLAN. Select the corresponding radio button to assign the VLAN to a Port Group. Click Apply to make the changes active. Click Save to write the configuration to flash memory.
Trunking
Trunk groups provide super-bandwidth, multi-link connections between Server Connectivity Modules (SCMs) or other trunk-capable devices. A trunk group is a group of ports that act together, combining their bandwidth to create a single, larger virtual link. SCM trunk groups are static link aggregation groups that are compatible with Ciscos EtherChannel technology. This section describes the SCM trunk groups. The SCM is statically configured to place each Port Group into a separate trunk group. NOTE Because all ports in a Port Group belong to the same trunk group, individual external ports cannot be used as a regular 802.3 link. Do not plug a workstation directly into one of the SCMs external ports, unless that is the only device plugged into the ports.
46
When using port trunk groups between the SCM and a switch, as shown in Figure 3-1, you can create a virtual link, operating at up to 6 Gig per second, depending on how many physical ports are combined.
BladeCenter
OK
LINK
1
TX/RX LINK
2
TX/RX LINK
3
TX/RX LINK
4
TX/RX LINK
5
TX/RX LINK
6
TX/RX
Figure 3-1 Port Trunk Group The trunk group is also useful for connecting a SCM to third-party devices that support link aggregation, such as Cisco routers and switches with EtherChannel technology (not ISL trunking technology) and Sun's Quad Fast Ethernet Adapter. The SCMs trunk group technology is compatible with these devices when they are configured manually.
47
Each packets particular combination of source and destination addresses results in selecting one line in the trunk group for data transmission. If there are enough devices feeding the trunk lines, then traffic distribution becomes relatively even.
48
Layer 2 Failover
The primary application for Layer 2 Failover is to support Network Adapter Teaming. With Network Adapter Teaming, the NICs on each server all share the same IP address, and are configured into a team. One NIC is the primary link, and the other is a standby link. For more details, refer to Configuring Teaming in the Broadcom NetXtreme Gigabit Ethernet Adapter User Guide (http://www.ibm.com/pc/support/site.wss/MIGR-43152.html). Layer 2 Failover is disabled by default. You can enable Layer 2 Failover on a Port Group. When enabled, Layer 2 Failover works as follows: If some (or all) of the links fail in the failover trigger, the SCM disables all internal ports. When the internal ports are disabled, it causes the NIC team on the affected server blades to failover from the primary to the backup NIC. This process is called a failover event. When the appropriate number of links return to service, the SCM enables the internal ports. This causes the NIC team on the affected server blades to fail back to the primary SCM (unless Auto-Fallback is disabled on the NIC team). The backup processes traffic until the primarys internal links come up, which takes up to five seconds.
49
Internet
Trigger 1 Backup SCM
Enterprise Routing Switch
Server 2
Server 3
Server 4
BladeCenter
VLAN 1: VLAN 2: VLAN Monitor = On
Figure 3-2 Basic Layer 2 Trunk Failover On the BBI, choose Miscellaneous Settings > Uplink/Group to enable Layer 2 Failover, and configure the Failover Limit.
IGMP Snooping
IGMP Snooping allows the SCM to forward multicast traffic only to those ports that request it. IGMP Snooping prevents multicast traffic from being flooded to all ports. The SCM learns which server hosts are interested in receiving multicast traffic, and forwards it only to ports connected to those servers. On the BBI, choose Miscellaneous Settings > Uplink/Group to enable IGMP Snooping. The default value is enabled.
50
CHAPTER 4
Command Reference
Your Port Aggregator (SCM) is ready to perform basic switching functions right out of the box. Some of the more advanced features, however, require some administrative configuration before they can be used effectively. The command line interface is the most direct method for collecting information and performing configuration tasks. Using a basic terminal, you are presented with a hierarchy of menus that enable you to view information and statistics about the SCM, and to perform any necessary configuration. The various commands have been logically grouped into a series of menus and sub-menus. Each menu displays a list of commands and sub-menus that are available, along with a summary of each command. Below each menu is a prompt where you can enter appropriate commands.
You can view configuration information for the SCM in both the user and administrator command modes. This chapter discusses how to use the command line interface for the SCM.
51
31R1755, August 2006
CLI Menus
The Main Menu appears after a successful connection and login. The following table shows the Main Menu for the administrator login. Some features are not available under the user login.
[Main Menu] info stats cfg oper boot maint diff apply save revert exit
Information Menu Statistics Menu Configuration Menu Operations Command Menu Boot Options Menu Maintenance Menu Show pending config changes [global command] Apply pending config changes [global command] Save updated config to FLASH [global command] Revert pending or applied changes [global command] Exit [global command, always available]
Menu Summary
Information Menu The Information Menu (/info) allows you to display information about the current status of the SCM.
[Information Menu] sys - System Information Menu l2 - Layer 2 Information Menu l3 - Layer 3 Information Menu link - Show link status port - Show port information geaport - Show system port and gea port mapping group - Show group information dump - Dump all information
Statistics Menu The statistics menu (/stats) allows you to view performance statistics for the SCM.
[Statistics Menu] port - Port Stats Menu l2 - Layer 2 Stats Menu l3 - Layer 3 Stats Menu mp - MP-specific Stats Menu dump - Dump all stats
52
Configuration Menu The Configuration Menu (/cfg) allows an administrator to configure SCM parameters. Configuration changes are not active until explicitly applied. You can save changes to non-volatile memory.
[Configuration Menu] sys - System-wide Parameter Menu port - Port Menu group - Group Menu dump - Dump current configuration to script file ptcfg - Backup current configuration to FTP/TFTP server gtcfg - Restore current configuration from FTP/TFTP server
Operations Command Menu The Operations Command menu (/oper) is used for making immediate and temporary changes to the configuration. For example, you can immediately disable a port (without the need to apply or save the change), with the understanding that when the SCM is reset, the port returns to its normally configured operation.
[Operations Menu] port - Operational Port Menu passwd - Change current user password clrlog - Clear syslog messages
Boot Options Menu The Boot Options menu (/boot) is used for upgrading SCM software, selecting configuration blocks, and for resetting the SCM when necessary.
[Boot Options image conf gtimg ptimg reset cur Menu] - Select software image to use on next boot - Select config block to use on next boot - Download new software image via TFTP - Upload selected software image via TFTP - Reset switch - Display current boot options
To use the Boot Options Menu, you must be logged in as the administrator. The Boot Options Menu provides options for: Selecting a software image to be used when the SCM is next reset Selecting a configuration block to be used when the SCM is next reset Downloading or uploading a new software image to the SCM via FTP/TFTP
53
Maintenance Menu The Maintenance menu (/maint) allows you to generate a dump of the critical state information, and to clear entries in the forwarding database and the ARP and routing tables.
[Maintenance Menu] sys - System Maintenance Menu fdb - Forwarding Database Manipulation Menu debug - Debugging Menu arp - ARP Cache Manipulation Menu igmp - IGMP Multicast Group Menu uudmp - Uuencode FLASH dump ptdmp - Upload FLASH dump via FTP/TFTP cldmp - Clear FLASH dump tsdmp - Tech support dump pttsdmp - Upload tech support dump via FTP/TFTP
54
NOTE The apply command is a global command. Therefore, you can enter apply at any prompt in the administrative interface.
When you save configuration changes, the changes are saved to the active configuration block. The configuration being replaced by the save is first copied to the backup configuration block. If you do not want the previous configuration block copied to the backup configuration block, enter the following instead:
# save n
You can decide which configuration you want to run the next time you reset the SCM. Your options include: The active configuration block
Chapter 4: Command Reference
31R1755, August 2006
55
The backup configuration block Factory default configuration You can view all pending configuration changes that have been applied but not saved to flash memory using the diff flash command. It is a global command that can be executed from any menu.
56
2.
3.
4.
The exact form of the name will vary by server. However, the file location is normally relative to the FTP or TFTP directory (usually /tftpboot). 5. Enter your username for the server, if applicable.
Enter username for FTP server or hit return for TFTP server: <username> or <Enter>
6.
The system prompts you to confirm your request. You should next select a software image to run, as described below.
57
2.
Enter the name of the image you want the SCM to use upon the next boot. The system informs you of which image is currently set to be loaded at the next reset, and prompts you to enter a new choice:
Currently set to use switch software "image1" on next reset. Specify new image to use on next reset ["image1"/"image2"]:
58
2.
The system prompts you for information. Enter the desired image:
Enter name of switch software image to be uploaded ["image1"|"image2"|"boot"]: <image> <server filename>
3.
4.
Enter the name of the file into which the image will be uploaded on the FTP or TFTP server:
Enter name of file on FTP/TFTP server: <filename>
5.
The system then requests confirmation of what you have entered. To have the file uploaded, enter Y.
image2 currently contains Software Version 90.0.1 Upload will transfer image2 (1889411 bytes) to file "test" on TFTP server 192.1.1.1. Confirm upload operation [y/n]: y
59
2.
Enter the name of the configuration block you want the SCM to use: The system informs you of which configuration block is currently set to be loaded at the next reset, and prompts you to enter a new choice:
Currently set to use active configuration block on next reset. Specify new block to use ["active"/"backup"/"factory"]:
60
61
62
CHAPTER 5
Requirements
Server Connectivity Module (SCM) Installed SCM software PC or workstation with network access to the SCMs management interface as configured using the management module Frame-capable Web-browser software, such as the following: Netscape Navigator 4.7x or higher Internet Explorer 6.0x or higher JavaScript enabled in your Web browser
63
31R1755, August 2006
2.
3. 4. 5.
64
If the SCM and browser are properly configured, you will be asked to enter a password:
Enter the account name and password for the SCMs administrator or user account. The default account name is USERID, and the default password is PASSW0RD (with zero 0, not O). 6. Allow the Port Group Mapping page to load. When the proper account name and password combination is entered, the Port Group Mapping page is displayed in your browsers viewing area:
65
NOTE There may be a slight delay while the Port Group Mapping page is being initialized. You should not stop the browser while loading is in progress.
NOTE The sample screens that appear in this document might differ slightly from the screens displayed by your system. Screen content varies based on the type of BladeCenter unit that you are using and the firmware versions and options that are installed.
66
Once you are properly logged in, the Browser-Based Interface (BBI) appears in your Web browsers viewing window:
There are three main regions on the screen: The Port Status Window is used to view port status. Click a port icon to view details. The Menu Window is used to select particular items or features to act upon. The Configuration Window is used to configure selected items.
67
Status Window
The Status Window contains port icons that display status information about each port. Click a port icon to display detailed information about the port. A color box indicates the Port Group in which each port resides.
Link Status
A port icons color indicates its link status, as follows:
Green White Gray Link up No link Disabled
68
Menu Window
The Menu Window is used for selecting a particular feature to act upon. Configuration forms for the selected item appear in the Configuration Window. The Menu Window contains a tree of feature folders and names:
Click on the Miscellaneous Settings folder to open it and reveal its contents. Click it again to close it. Click on any feature name to load the configuration form in the Configuration Window.
Configuration Window
Use the Configuration Window to configure SCM settings. When a feature is selected on the Menu Window, a configuration form is displayed in the Configuration Window. The exact nature of the form depends on the type of information available. Configuration forms display information and allow you to make configuration changes to SCM parameters.
69
Command Buttons
The following general commands are available at the bottom of the Configuration Window:
Apply Pending configuration changes do not take effect until the Apply command is selected. Once applied, all changes take effect on the SCM immediately. If you do not save the changes, however, they will be lost the next time the SCM is rebooted. Writes applied configuration changes to non-volatile flash memory on the SCM. Remove pending configuration changes between Apply commands. Use this command to restore configuration parameters set since last Save command. Log off the SCM and exit the BBI.
70