System Management

Summary: Networking › Switching › Edge › Synapse

Command Line Interface Mode

The command line interface is divided into many different modes, The commands available to you depend on which mode you are currently in. Enter a question mark (?) at the system prompt to obtain a list of commands available for each command mode. Table following describes the main command modes, how to access each one, the prompt you see in that mode, and how to exit the mode. The examples in the table use the hostname SWITCH. Table Command Mode Summary

User Exec

SWITCH>

Enter exit to quit

Use this mode to: Perform basic tests. Display system information.

Privileged Mode

SWITCH#

While in user EXEC mode, enter the enable command. Enter disable to exit. Use this mode to: Exec network utilities. Display module information. System management operation.

Global Configuration

SWITCH(config)#

While in Privileged mode, enter the configuration terminal command. Enter exit or end to return. Use this mode to: configure parameters that apply to the entire switch.

Interface Configuration

SWITCH(config-if)#

While in global configuration mode, e interface command (with a specific interface). Enter exit or end to return. Use this mode to: configure parameters for the Ethernet ports.

Configuring

• Manually Assigning IPv4 Information

SWITCH(config)#management vlan VLANID ip address IPADDR/MASKLEN gateway IPADDR

SWITCH(config)#no management vlan

Manually assigning switch management IPv4 information.

SWITCH(config)#management vlan VLANID ip address dhcp

SWITCH(config)#no management vlan

Configuring DHCP-Based IPv4 information autoconfiguration.

SWITCH(config)#management vlan VLANID ipv6 address IPV6ADDR/MASKLEN gateway IPV6ADDR

SWITCH(config)#no management vlan

Manually assigning switch management IPv6 information.

SWITCH(config)#management vlan VLANID ipv6 address dhcp

SWITCH(config)#no management vlan

Configuring DHCP-Based IPv6 information autoconfiguration.

SWITCH#show management summary

Display IP information.

Examples

Example 1: Manually assigning IPv4 information. The following examples shows how to configure management IPv4 address, The management VLAN is 1, the management IP is 192.168.64.200/24, and the gateway address is 192.168.64.1. Manually assigning IPv4 information：

SWITCH#configure terminal

SWITCH(config)#management vlan 1 ip address 192.168.64.200/24 gateway 192.168.64.1

Display IP information：

SWITCH#show management summary

Management interface with Ipv4: Type: Static Vlan: 1 Ip address: 192.168.64.200/24 Gateway: 192.168.64.1 Backup/Restore Configuration

Configuring

• Backup Configuration

SWITCH#write

Save your entries in the configuration file.

SWITCH#copy default-config startup-config

SWITCH#reload

Restore the system default configuration, which will take effect after the device restarts.

SWITCH#copy tftp tftp://A.B.C.D/FILE startup-config

SWITCH#reload

A.B.C.D：remote tftp server ip address FILE：File name of configuration Import the remote configuration into the device through the tftp protocol, replacing the existing configuration. Take effect after device restart.

SWITCH#copy startup-config tftp tftp://A.B.C.D/FILE

A.B.C.D：remote tftp server ip address FILE：File name of configuration Through the tftp protocol, the configuration is saved to the specified folder of the remote tftp server.

SWITCH#copy ftp ftp://A.B.C.D/FILE startup-config

SWITCH#reload

A.B.C.D：remote tftp server ip address FILE：File name of configuration Import the remote configuration into the device through the ftp protocol, replacing the existing configuration. Take effect after device restart.

SWITCH#copy startup-config ftp ftp://A.B.C.D/FILE

A.B.C.D：remote tftp server ip address FILE：File name of configuration Through the ftp protocol, the configuration is saved to the specified folder of the remote tftp server.

Examples

Example 1：Export the configuration to the folder specified by the remote tftp server, the file name is startup.conf. Environment construction： The remote PC starts the tftp server and selects the tftp current directory. The IP address of the remote PC is 192.168.64.1, and the management IP of the switch is configured as 192.168.64.100, and the remote PC can be pinged. Execute the configuration export command：

SWITCH#

SWITCH# copy startup-config tftp tftp://192.168.64.1/startup.conf

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

100 1230 0 0 100 1230 0 151k –:–:– –:–:– –:–:– 240k 100 1230 0 0 100 1230 0 144k –:–:– –:–:– –:–:– 144k

Copy Success

In the test directory of the remote PC, you can view the newly created startup.conf file. Example 2：Import the configuration file startup.conf under the folder specified by the remote ftp server into the device. Environment construction： Start the ftp server on the remote PC, select the current directory of ftp, and place the startup.conf file. The IP address of the remote PC is 192.168.64.1, and the switch management IP is configured as 192.168.64.100, and the remote PC can be pinged. Execute the configuration import command：

SWITCH#

SWITCH# #copy ftp ftp://192.168.64.1/startup.conf startup-config

Enter Username:xxxxxx Enter Password:xxxxxx % Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

100 973 100 973 0 0 42572 0 –:–:– –:–:– –:–:– 48650

Copy Success

After the configuration is imported, restart to take effect.

Clearing Log

• Clearing system log

SWITCH# clear logging

System Warm Restart

• System Warm Restart

SWITCH#reload

System warm restart.

User Management

• Configuring Username and Password

SWITCH(config)# username NAME password LINE

SWITCH(config)# no username NAME

If the user name does not exist, add a new user, if it exists, modify the user's password. By default, the device has its own user "admin" and password "admin", which supports password modification and deletion operations. The length of the user and password is 0-32 bytes. Password display is encrypted. Password characters are case sensitive. The delete operation does not support deleting the user itself; to delete an online user, the user must be kicked off the line first.

Configuring

Service Enablement Management

• Configure and Enable WEB Management

SWITCH(config)# web-server enable { all | http | https }

SWITCH(config)# no web-server enable

Configure and enable WEB management. Default disabled state. Support IPv4 and IPv6.

SWITCH(config)# telnet-server enable

SWITCH(config)# no telnet-server enable

Configure and enable telnet management. Default disabled state. Support IPv4 and IPv6.

SWITCH(config)# ssh-server enable

SWITCH(config)# no ssh-server enable

Configure and enable SSH management. Default disabled state. Support IPv4 and IPv6.

ACL Applied to Services

• IPv4 ACL Applied to Services

SWITCH(config)# ip { telnet | ssh | http | https } access-class {<1-199> | <1300-2699> | ACLNAME}

SWITCH(config)# no ip { telnet | ssh | http | https } access-class

IPv4 ACL is applied to telnet, ssh, http, https and other services. Users who meet the ACL permit rules are allowed to access the device, otherwise users cannot access the device.

SWITCH(config)# ipv6 { telnet | ssh | http | https } access-class { ACLNAME }

SWITCH(config)# no ipv6 { telnet | ssh | http | https } access-class

IPv6 ACL is applied to telnet, ssh, http, https and other services. Users who meet the ACL permit rules are allowed to access the device, otherwise users cannot access the device.

ACL Applied to Vty

• ACL Applied to Vty

SWITCH(config-line)# access-class {<1-199> | <1300-2699> | ACLNAME } in

SWITCH(config-line)# no access-class {<1-199> | <1300-2699> | ACLNAME } in

ACL applied to vty. For telnet, ssh and other servers on vty. Users who meet the ACL permit rules are allowed to login by this line.

Service Management Based on Line

• Configure Services Supported on Line Vty

SWITCH(config-line)# transport input { telnet | ssh | all | none }

SWITCH(config-line)# no transport input

Configure services supported on vty. telnet: only supports telnet service. ssh: only supports ssh service. all: supports telnet and ssh services. none: No services are supported. Supports telnet and ssh services by default.

Other Commands

• Kick Online Users Offline

SWITCH# clear line { vty | console } LINE

Vty represents the remote login user. Console represents the serial port login user. LINE information can be viewed in the show users command. Kicking the user itself is not supported.

SWITCH#show users

Type Line User Idle Host

con 0 admin 00:00:03 — vty 0 admin 00:00:11 192.168.64.1 Users display elements are as follows:

Field

illustrate

Type

console or vty

Line

console: fixed 0 vty : 0-7

User

username

Idle

Time in idle state, if the timeout time is exceeded, the terminal automatically exits. Host Login user ip address

Examples

Case 1 : The device enables the telnet service. Only users with the IP address 192.168.64.100 are allowed to access the device through telnet, and other users are denied access.

SWITCH(config)#telnet-server enable

SWITCH(config)#ip-access-list standard 1

SWITCH(config-std-acl)#permit host 192.168.64.100

SWITCH(config-std-acl)#exit

SWITCH(config)#ip telnet access-class 1

Case 2 : The device enables the telnet service, and the device only allows one user to log in to the device through telnet at the same time.

SWITCH(config)#telnet-server enable

SWITCH(config)#line vty 1 7

SWITCH(config-line)#transport input none

System Hostname Configuration

• Configuring Hostname

SWITCH(config)# hostname WORD

The name must consist of printable characters and the length cannot exceed 63 bytes. This configuration takes effect immediately.

Firmware Upgrade

• Firmware Upgrade

SWITCH# upgrade firmware tftp://SERVER/FILENAME

You need to build a TFTP server on the terminal, and ensure the two-way interconnection between the terminal and the device network. SERVER: TFTP server IP and the relative address of the server window and the firmware upgrade file. FILENAME: Firmware upgrade file. The firmware upgrade process will take 5-6 minutes, reboot the device to complete the firmware upgrade. Do not power off the device during the upgrade process. Example 1：The following examples shows firmware upgrade via tftp. Step 1: As shown in the figure below, SWITCH-A is the device to be upgraded, and the telnet function is enabled; USER-A is the host on the same network segment in the LAN, and USER-B is the management device in the LAN, both of which can log in to SWITCH-A by telnet.

Firmware upgrade connection diagram

Step 2: Select USER-B to perform the version upgrade operation. Open the TFTP server on USER-B and place the upgrade file xcat-release-3.2.0.bin in the Y:/workspace directory.TFTP server as shown in the figure below.

TFTP Server

Step 3: USER-B telnet logs in to SWITCH-A and executes the upgrade command in privileged mode. Upgrade information as shown in the figure below.

Upgrade Information

Step 4: After the upgrade is over, select "y" to restart the device to complete the upgrade, select "n" to continue running the device, and the upgrade operation will be completed after restart.

System Data And Time Configuration

• Setting the System Clock

SWITCH# clock set HH:MM:SS DAY MON YEAR

Setting the system clock. For example：Clock set 15:30:00 1 october 2017.

SWITCH(config)# ntp server {A.B.C.D | ipv6 X.X::X.X }

Configure the IP address of the NTP server (domain name configuration is not supported). After the configuration is complete, if the device and the server are connected to the network, the device will automatically synchronize the time information from the server. It takes about 4-8 minutes to complete the time synchronization for the first time.

SWITCH(config)# clock timezone ZONE

Configure the system time zone. The default timezone is UTC. Supports standard time zone configuration, such as Shanghai time zone keyword "Shanghai", Hong Kong time zone keyword "Hong_Kong", etc.

SWITCH# show clock

Display system clock.

SWITCH# show ntp status

Display ntp status.