DCX光纤交换机初始化配置
微码升级
由于新到的交换机与环境中使用的交换机版本有所区别,因此在,交换机上架前,需先对其进行版本升级至v6.4.2,从而与生产环境匹配。具体升级操作过程见附件:《Brocade交换机微码升级操作手册》。
准备部分
1、新交换机预先配置
a) 修改交换机名字
用switchname命令进行相应交换机名字的定义。
switchname NFDXSN21-L1
chassisname NFDXSN21-L1
bannerset "any unauthorized access is illegal! Contact:9350"
bannershow
timeout 30
b) 交换机IP地址并对管理端口配置百兆全双工
用ipaddrset命令进行IP地址的设置
NFDXSN21-L1:admin> ipaddrset -chassis
Ethernet IP Address [84.4.67.5]:
Ethernet Subnetmask [255.255.255.0]:
NFDXSN21-L1:admin> ipaddrset -cp 0
Host Name [cp0]:
Ethernet IP Address [84.4.67.105]:
Ethernet Subnetmask [255.255.255.0]:
Gateway IP Address [84.4.67.254]:
NFDXSN21-L1:admin> ipaddrset -cp 1
Host Name [cp1]:
Ethernet IP Address [84.4.67.205]:
Ethernet Subnetmask [255.255.255.0]:
Gateway IP Address [84.4.67.254]:
NFDXSN21-L1:admin> ifModeSet eth0 //Active CP
Auto-negotiate (yes, y, no, n): [yes] n
Force 100 Mbps / Full Duplex (yes, y, no, n): [yes]
NFDXSN21-L1:admin> ifmodeset eth0 //Standby CP
Auto-negotiate (yes, y, no, n): [yes] n
Force 100 Mbps / Full Duplex (yes, y, no, n): [no] y
Force 100 Mbps / Half Duplex (yes, y, no, n): [no] n
Force 10 Mbps / Full Duplex (yes, y, no, n): [no] n
Force 10 Mbps / Half Duplex (yes, y, no, n): [no] n
Committing configuration...done.
交换机配置DomainID、添加端口描述、disable ISL、disable 交换机
用configure命令设置NFDXSN21-L1的DomainID (出厂是1),admin>switchdisable
change domain ID=21
admin>configure
Configure...
Fabric parameters (yes, y, no, n): [no] y
Domain: (1..239) [1] 21
Insistent Domain ID Mode (yes, y, no, n): [no] y
Admin>switchenable
检查Principal Selection Mode,并配置NTP/SYSLOG
查看是否为Principal Selection Mode: Disable
NF12SN81_N1:checklist> fabricprincipal -q
Principal Selection Mode: Disable
NF12SN81_N1:checklist> fabricprincipal 1(强制设成fabricprincipal)
NTP配置
tsclockserver “84.7.35.5;XX.XX.XX.XX”
tsTimeZone +8
date mmddhhmmyy
syslog配置
syslogdIpAdd 84.7.3.11
syslogdIpAdd 84.7.3.12
syslogdIpAdd 84.7.3.14
syslogdfacility –l 7
网管配置
1)snmp配置
前提条件:(a)交换机支持snmp的相关命令;(b)开通交换机与网管服务器之间的snmp访问策略。
通过命令snmpconfig --set accessControl可以配置网管SNMP只读服务器的地址。在进行SNMP配置时,目的IP地址应为五台网管服务器的地址84.7.3.11、12、14。
配置命令:
> snmpconfig --set accessControl
输入ip后输入F(ro)
表
关于同志近三年现实表现材料材料类招标技术评分表图表与交易pdf视力表打印pdf用图表说话 pdf
示只读
SNMP access list configuration:
Access host subnet area in dot notation: [0.0.0.0] 84.7.3.11
Read/Write? (true, t, false, f): [true]f
Access host subnet area in dot notation: [0.0.0.0] 84.7.3.12 Read/Write? (true, t, false, f): [true]f
Access host subnet area in dot notation: [0.0.0.0] 84.7.3.14
Read/Write? (true, t, false, f): [true] f
Access host subnet area in dot notation: [0.0.0.0]
Read/Write? (true, t, false, f): [true] f
Committing configuration...done.
验证是否配置成功:
> snmpconfig --show accessControl
SNMP access list configuration:
Entry 0: Access host subnet area 84.7.3.11 (ro)
Entry 1: Access host subnet area 84.7.3.12 (ro)
Entry 2: Access host subnet area 84.7.3.14 (ro)
Entry 3: No access host configured yet
Entry 4: No access host configured yet
Entry 5: No access host configured yet
通过命令snmpconfig --set snmpv1配置snmp为v1版本,并配置snmp只读community字符串。
配置命令:
> snmpconfig --set snmpv1
SNMP community and trap recipient configuration:
Community (rw): [Secret C0de]
Trap Recipient's IP address : [0.0.0.0]
Community (rw): [OrigEquipMfr]
Trap Recipient's IP address : [0.0.0.0]
Community (rw): [private]
Trap Recipient's IP address : [0.0.0.0]
Community (ro): [public] NFR99O
Trap Recipient's IP address : [0.0.0.0]
Community (ro): [common]
Trap Recipient's IP address : [0.0.0.0]
Community (ro): [FibreChannel]
Trap Recipient's IP address : [0.0.0.0]
Committing configuration...done.
注:数据中心(北京)只需敲入BFR990,其它回车默认。
验证是否配置成功:
> snmpconfig --show snmpv1
SNMPv1 community and trap recipient configuration:
Community 1: Secret C0de (rw)
No trap recipient configured yet
Community 2: OrigEquipMfr (rw)
No trap recipient configured yet
Community 3: private (rw)
No trap recipient configured yet
Community 4: NFR99O (ro)
No trap recipient configured yet
Community 5: common (ro)
No trap recipient configured yet
Community 6: FibreChannel (ro)
No trap recipient configured yet
2)AAA管理
前提条件:(a)设备版本推荐是v6.4.0b以后的;(b)开通交换机与ACS服务器之间的Radius防火墙策略;(c)Virtual Fabric功能没有被关闭。
(1)在SAN交换机上通过aaaconfig命令配置Radius认证服务器地址。
配置命令:
Fabric A交换机
>aaaconfig --add 84.7.35.21 -conf radius -s password -a pap
>aaaconfig --add 84.7.35.22 -conf radius -s password -a pap
>aaaconfig --authspec "radius;local" -backup
Fabric B交换机
>aaaconfig --add 84.7.35.21 -conf radius -s password -a pap
>aaaconfig --add 84.7.35.22 -conf radius -s password -a pap
>aaaconfig --authspec "radius;local" –backup
验证是否配置成功:
> aaaconfig --show
Position : 1
Server : XX.1.115.YY
Port : 1812
Secret : password
Timeout(s) : 3
Auth-Protocol: PAP
Primary AAA Service: RADIUS
Secondary AAA Service: Switch database as backup
请注意:针对48000、DCX和DCX-4S交换机,交换机使用Active CP的固定IP地址向Radius服务器发送请求,为今后认证方便,请将每台交换机的3个IP地址都加为Radius服务器的客户端,以便在发生CP切换后,服务器还可以继续认证。