DCX光纤交换机初始化配置

DCX光纤交换机初始化配置 微码升级 由于新到的交换机与环境中使用的交换机版本有所区别，因此在，交换机上架前，需先对其进行版本升级至v6.4.2，从而与生产环境匹配。具体升级操作过程见附件：《Brocade交换机微码升级操作手册》。 准备部分 1、新交换机预先配置 a) 修改交换机名字  用switchname命令进行相应交换机名字的定义。 switchname NFDXSN21-L1 chassisname NFDXSN21-L1 bannerset  "any unauthorized access is illegal! Contact:9350" bannershow timeout 30 b) 交换机IP地址并对管理端口配置百兆全双工 用ipaddrset命令进行IP地址的设置 NFDXSN21-L1:admin> ipaddrset -chassis Ethernet IP Address [84.4.67.5]: Ethernet Subnetmask [255.255.255.0]: NFDXSN21-L1:admin> ipaddrset -cp 0 Host Name [cp0]: Ethernet IP Address [84.4.67.105]: Ethernet Subnetmask [255.255.255.0]: Gateway IP Address [84.4.67.254]: NFDXSN21-L1:admin> ipaddrset -cp 1 Host Name [cp1]: Ethernet IP Address [84.4.67.205]: Ethernet Subnetmask [255.255.255.0]: Gateway IP Address [84.4.67.254]: NFDXSN21-L1:admin> ifModeSet eth0  //Active CP Auto-negotiate (yes, y, no, n): [yes] n Force 100 Mbps / Full Duplex (yes, y, no, n): [yes] NFDXSN21-L1:admin> ifmodeset eth0    //Standby CP Auto-negotiate (yes, y, no, n): [yes] n Force 100 Mbps / Full Duplex (yes, y, no, n): [no] y Force 100 Mbps / Half Duplex (yes, y, no, n): [no] n Force 10 Mbps / Full Duplex (yes, y, no, n): [no] n Force 10 Mbps / Half Duplex (yes, y, no, n): [no] n Committing configuration...done. 交换机配置DomainID、添加端口描述、disable ISL、disable 交换机 用configure命令设置NFDXSN21-L1的DomainID （出厂是1），admin>switchdisable change domain ID＝21 admin>configure Configure... Fabric parameters (yes, y, no, n): [no] y Domain: (1..239) [1] 21 Insistent Domain ID Mode (yes, y, no, n): [no] y Admin>switchenable 检查Principal Selection Mode，并配置NTP/SYSLOG 查看是否为Principal Selection Mode: Disable NF12SN81_N1:checklist> fabricprincipal -q Principal Selection Mode: Disable NF12SN81_N1:checklist> fabricprincipal 1（强制设成fabricprincipal） NTP配置 tsclockserver “84.7.35.5;XX.XX.XX.XX” tsTimeZone +8 date mmddhhmmyy syslog配置 syslogdIpAdd  84.7.3.11 syslogdIpAdd  84.7.3.12 syslogdIpAdd  84.7.3.14 syslogdfacility –l 7 网管配置 1）snmp配置 前提条件：（a）交换机支持snmp的相关命令；（b）开通交换机与网管服务器之间的snmp访问策略。 通过命令snmpconfig --set accessControl可以配置网管SNMP只读服务器的地址。在进行SNMP配置时，目的IP地址应为五台网管服务器的地址84.7.3.11、12、14。 配置命令： > snmpconfig --set accessControl 输入ip后输入F(ro) 表 关于同志近三年现实表现材料材料类招标技术评分表图表与交易pdf视力表打印pdf用图表说话 pdf 示只读 SNMP access list configuration: Access host subnet area in dot notation: [0.0.0.0] 84.7.3.11 Read/Write? (true, t, false, f): [true]f Access host subnet area in dot notation: [0.0.0.0] 84.7.3.12 Read/Write? (true, t, false, f): [true]f Access host subnet area in dot notation: [0.0.0.0] 84.7.3.14 Read/Write? (true, t, false, f): [true] f Access host subnet area in dot notation: [0.0.0.0] Read/Write? (true, t, false, f): [true] f Committing configuration...done. 验证是否配置成功: > snmpconfig --show accessControl SNMP access list configuration: Entry 0: Access host subnet area 84.7.3.11 (ro) Entry 1: Access host subnet area 84.7.3.12 (ro) Entry 2: Access host subnet area 84.7.3.14 (ro) Entry 3: No access host configured yet Entry 4: No access host configured yet Entry 5: No access host configured yet   通过命令snmpconfig --set snmpv1配置snmp为v1版本，并配置snmp只读community字符串。 配置命令： > snmpconfig --set snmpv1 SNMP community and trap recipient configuration: Community (rw): [Secret C0de] Trap Recipient's IP address : [0.0.0.0] Community (rw): [OrigEquipMfr] Trap Recipient's IP address : [0.0.0.0] Community (rw): [private] Trap Recipient's IP address : [0.0.0.0] Community (ro): [public] NFR99O Trap Recipient's IP address : [0.0.0.0] Community (ro): [common] Trap Recipient's IP address : [0.0.0.0] Community (ro): [FibreChannel] Trap Recipient's IP address : [0.0.0.0] Committing configuration...done. 注：数据中心（北京）只需敲入BFR990，其它回车默认。 验证是否配置成功: > snmpconfig --show snmpv1 SNMPv1 community and trap recipient configuration: Community 1: Secret C0de (rw) No trap recipient configured yet Community 2: OrigEquipMfr (rw) No trap recipient configured yet Community 3: private (rw) No trap recipient configured yet Community 4: NFR99O (ro) No trap recipient configured yet Community 5: common (ro) No trap recipient configured yet Community 6: FibreChannel (ro) No trap recipient configured yet   2）AAA管理 前提条件：（a）设备版本推荐是v6.4.0b以后的；（b）开通交换机与ACS服务器之间的Radius防火墙策略；（c）Virtual Fabric功能没有被关闭。 （1）在SAN交换机上通过aaaconfig命令配置Radius认证服务器地址。 配置命令： Fabric A交换机 >aaaconfig --add 84.7.35.21 -conf radius -s password -a pap >aaaconfig --add 84.7.35.22 -conf radius -s password -a pap >aaaconfig --authspec "radius;local" -backup Fabric B交换机 >aaaconfig --add 84.7.35.21 -conf radius -s password -a pap >aaaconfig --add 84.7.35.22 -conf radius -s password -a pap >aaaconfig --authspec "radius;local" –backup 验证是否配置成功： > aaaconfig --show Position : 1 Server : XX.1.115.YY Port : 1812 Secret : password Timeout(s) : 3 Auth-Protocol: PAP Primary AAA Service: RADIUS Secondary AAA Service: Switch database as backup   请注意：针对48000、DCX和DCX-4S交换机，交换机使用Active CP的固定IP地址向Radius服务器发送请求，为今后认证方便，请将每台交换机的3个IP地址都加为Radius服务器的客户端，以便在发生CP切换后，服务器还可以继续认证。