Advanced

Operations

Slide 1
 Objectives

Understand User Management

Understand config backup / restore

Know to upgrade operating software

Walk through info, stats, oper, boot menu

 Objectives
Upon completion of this unit, you will know about:

• User management
• System access
• Config backup
• Software upgrade
• Cfg menu
• Oper menu
• Info Menu
• Stats menu
• Boot menu

Slide 3
 Switch Management

The Application Switch provides access using:

– telnet
– SSHv2 and SCP
– SNMP v1/v2
– SNMP v3
– HTTP
– HTTPS
– In band management ports
– Out of band management, management port

Slide 4
 Security Levels
8 level, lowest and highest level enabled by default
Default mode - Password determines user level.
– user; enabled by default
• Generic switch access to view switch statistics and status information
• Default - user
– admin; Enabled by default
• The Superuser Administrator that has access to all of the switch's
management and configuration features
• Default – admin
– certadmin; certificate administrator ver 27 onwards

Per level; any desired user/password accounts

– Password local stored
– RADIUS Authentication and Authorization
– TACACS+ Authentication

Slide 5
 User Level
Enter password: user
------------------------------------------------------------
[Main Menu]
info - Information Menu
stats - Statistics Menu
oper - Operations Command Menu
exit - Exit [global command, always available]

Slide 6
 Admin Level
Enter password: admin
------------------------------------------------------------
[Main Menu]
info - Information Menu
stats - Statistics Menu
cfg - Configuration Menu
oper - Operations Command Menu
boot - Boot Options Menu
maint - Maintenance Menu
diff - Show pending config changes
revert - Revert pending or applied changes
exit - Exit

Slide 7
 User Level Authentication
Local user configuration
– /c/sys/access/user/uid <1…11>/ena
– name "NewAdmin“
– pswd "a16d6831a0286031e2a6b4…e0ac3b3784f3100cc07“
– backdoor ena
– cos <user|slboper|l4oper|oper|crtadmin|slbadmin|l4admin|
admin>
– crtmng ena
– add 5
Radius authentication
– /c/sys/radius/prisrv 1.2.3.4/on
– esecret ae650411aa200011e7a6b77…0ab3582
– Options: timeout, retries, port #, secserver and secure backdoor
TACACS+ authentication
– /c/sys/tacacs/prisrv 2.3.4.5
– esecret e87feaefa8…9e3292709890e9b35bed2d608ff9c12f2
– Similar options as for Radius plus command auth and logging

Slide 8
 Commands every menu

. displays current menu

.. go up one menu level
/ go to main menu level
exit logout
ping send ICMP packet, options with ?
telnet open remote session
traceroute list all nodes on the across path
verbose level 0 to 2 for different display views
pwd print working directory

Slide 9
 Cfg menu

[Configuration Menu]
sys - System-wide Parameter Menu
port - Port Menu
pmirr - Port Mirroring Menu
bwm - Bandwidth Management Menu
l2 - Layer 2 Menu
l3 - Layer 3 Menu
slb - Server Load Balancing (Layer 4-7)
security - Security Menu
dump - Dump current configuration
ptcfg - Backup current configuration
gtcfg - Restore current configuration from FTP/TFTP/SCP server

Slide 10
 Global commands cfg menu

diff <flash> lists all not applied or not saved entries

revert <apply> undo unapplied or applied entries
apply entries take immediately affect
save current configuration is copied to flash
cur display setting of current item/path

E A S Y
Slide 11
 Telnet or SSH Access
Telnet / SSH access capabilities
– Disabled by default

Enable CLI access.

– /cfg/sys/access/tnet ena (allow telnet access)
– /cfg/sys/access/sshd/on (allow ssh access)
– /cfg/sys/access/sshd/ena (allow scp access)
– From serial port only
– Timeout default set to 5 minutes, range 1 min to 7 days

Telnet client is always enabled.

Slide 12
 Management Access
For Out of Band management access
– /cfg/sys/mmgmt
• management IP-address, mask, default gateway,
• set port for applications {data|mgmt} .
• speed {10|100|any} mode { full|half|any} , auto { on|off}

Limit management access by Source IP (SrcIP)

Up to 128 IP address/netmask pairs possible
The SrcIP address of a management station must within this range.
– /cfg/sys/access/mgmt
• Address, netmask, protocol

Slide 13
 Management Access

/cfg/sys/access/port (standalone)
/cfg/sys/access/vlan (vADC)
add Add port with management access
aadd Add all ports with management access
rem Remove port from management access
arem Remove all ports from management access
cur Display current ports with management access

/cfg/sys/access/port/rem 1
cur Current ports with management access: 2-8

Slide 14
 Switch Configuration Block

Save command is executed:

active  backup
config in memory  active

Two user configuration blocks in flash memory and a default-factory

configuration is available
/boot/conf <active|backup|factory>
– active loaded at next reset
– backup loaded at next reset
– factory loaded “Alteon default settings” at next reset

Slide 15
 Backup Switch Configuration
Two options to store and retrieve switch configurations

– FTP/TFTP - Use the switch’s network interface.

• /cfg/ptcfg <server IP, filename,…> to backup a
configuration
• /cfg/gtcfg <server IP, filename,…> to restore a configuration

– Text capture
• Use the capture text capabilities of terminal.
• Copy config from terminal and paste to a file.
– verbose 0 disables menu warning messages and prompt
– verbose 1 no menu is displayed
– verbose 2 enables menu and all messages
• verbose 0
• /cfg/dump command is invisible at prompt
• Mark displayed output and copy & paste it to a text file
• verbose 2

• Since we have certificates with private key’s it is not longer convenient to use

Slide 16
 Backup Configuration on Vx
FTP/TFTP/SCP - Use the Alteon management interface.
/cfg/ptcfg to backup a config
– select backup option [all/global/vadc]:
• all: backup global vadc0 and all vADC global and local config
• global: backup global vadc0 config
• vadc: backup vADC config
– all: global and local config
– vadmin: local config
– Select vADC number: [1-24, all]
• “mansync" option to get real/group/virt internal index config version 29 and later

/cfg/gtcfg to restore a config

– select restore option [all/vadc/padc]:
• all: backup global vadc0 and all vADC global and local config
• vadc: backup vADC config
– all: global and local config
– vadmin: local config
– Select vADC number: [1-24]
• padc: import a backup from a standalone config using FTP/TFTP/SCP server
– Enter vADC number: [1-n]:

Slide 17
 Oper menu
[Operations Menu]
port - Operational Port Menu
slb - Server Load Balancing Menu
vrrp - Virtual Router Redundancy Menu
bwm - Bandwidth Management Menu
security - Operational Security Menu
ip - Operational IP Menu
swkey - Enable software feature
rmkey - Software feature to remove
passwd - Change current user password
clrlog - Clear syslog messages
displog - Enable/Disable displaying
syslog messages to telnet/ssh sessions
defalias - Set default port alias
ntpreq - Send NTP request

Slide 18
 Oper Commands
Commands in oper menu are executed immediately

/oper/ip/garp
– Enter IP address: 192.168.100.31
– Enter VLAN number: (1-4090) 10

/oper/vrrp/back
– Enter virtual router number: (1-1024) 1
Virtual router 1 is now backup.

/oper/sys/access/terminate
– Select id for Telnet or SSH session to terminate

Slide 19
 5208 Oper Command
The Alteon 5208 platform configuration ships with either a single power
supply unit (PSU), or dual PSUs.
Set the power supply method (Dual or Single) as follows:
Standalone ADC - System Access# /oper/sys/ps
Current Power Supply Method [Single|Dual]: Single
Enter new Power Supply Method [Single|Dual]: Dual

Display power supply status: /info/sys/ps

Command /oper/sys/ps affects the Alteon LEDs and information
menus, but does not disconnect the power supply.
Run command either before or after plugging/unplugging the power
supply from the device.
Hidden command! To run it type the command

Slide 20
 Oper Commands
/oper/passwd
Changing admin password; validation required:
– Enter current admin password: admin
– Enter new admin password: NewPassword
– Re-enter new admin password: NewPassword
New admin password accepted. Password changed and applied, but
Not saved. Notifying administrator to save changes.

/oper/clrlog Clear log messages

/oper/displog
Current state of displaying syslog messages to telnet/ssh sessions: disabled
– Enter new state [d/e]: e

Slide 21
 Oper Commands
/oper/slb/dis
– Enter real server number (1-1023): 1
– Allow cookie persistent HTTP sessions ? [y/n] n
– Mark existing sess for removal from session table? [y/[n]] n
Real server 1 is now disabled.

Sessiontable manipulation commands

– sessdel - Delete session table entry
• Enter Source IP: 1.2.3.4
• Enter Source Port: 1234
• Enter Destination IP: 2.3.4.5
• Enter Destination Port: 80
• Enter Transport Type (tcp|udp): tcp

– sessdel6 - Delete ipv6 session table entry

– psessdel - Delete Persistent Insert/Rewrite cookie entry
– clear - Clear session table

Slide 22
 Info menu

[Information Menu]
sys - System Information Menu
l2 - Layer 2 Information Menu
l3 - Layer 3 Information Menu
slb - Layer 4-7 Information Menu
bwm - Bandwidth Management Menu
security - Security Information Menu
link - Show link status
port - Show port information
swkey - Show enabled software features
dump - Dump all information

Slide 23
 Info Commands (cont)

/info/sys/general
Output of date, last boot, MAC, IP address, hardware parts, etc.
Software Version 27.0.0.0 (FLASH image2), active configuration.
• ps Show power supply information
• fan Show system fan information
• temp Show system temperature information
• time Show date and time
• log Show last 64 syslog messages
• slog Show last 64 syslog messages saved in FLASH
• mgmt Show management port information
• capacity Show switch capacity information
• user Show current user status
• dump Dump all system information

Slide 24
 Info Commands (cont)
/info/l2/
fdb Forwarding Database Information Menu
lacp Link Aggregation Control Protocol Menu
stg Show STG information
cist Show CIST information for MSTP
trunk Show Trunk Group information
vlan Show VLAN information
VLAN Name Status Jumbo BWC Learn Ports
---- -------------------------------- ------ ----- ---- ----- ----------------
1 Default VLAN ena n 1024 ena 3-5 7 8
10 public ena n 1024 ena 1
20 private ena n 1024 ena 2
team Show port team information
dump Dump all layer 2 information

Slide 25
 Info Commands (cont)
/info/l3/
route IP Routing Information Menu
/info/l3/route/dump
Destination Mask Gateway Type Tag Metr If
-------------- --------------- --------------- --------- --------- ---- ---
* 0.0.0.0 0.0.0.0 192.168.100.254 indirect static 1
* 10.10.21.0 255.255.255.0 10.10.21.31 direct fixed 2
* 10.10.21.31 255.255.255.255 10.10.21.31 local addr 2

route6 IP6 Routing Information Menu

arp ARP Information Menu

/info/arp/dump

IP address Flags MAC address VLAN Port Referenced SPs

--------------- ---- ---------------- ---- ------ --------------------
192.168.100.1 00:03:b2:4e:de:40 10 1 1-3
192.168.100.5 00:03:b2:4c:d8:40 10 1 1-3
10.10.21.21 P 00:00:5e:00:01:1f 20 1-3

Slide 26
 Info Commands (cont)

nbrcache IP6 Neighbor Cache Information Menu

bgp BGP Information Menu
ospf OSPF Routing Information Menu
rip RIP Routing Information Menu
ip Show IP information
Interface information:
1: IP4 192.168.100.31 255.255.255.0 192.168.100.255 vlan 10, up
2: IP4 10.10.21.31 255.255.255.0 10.10.21.255 vlan 20, up
Default gateway information: metric strict
1: 192.168.100.254, vlan any, up

vrrp Show Virtual Router Redundancy Protocol information

VRRP information:
1: vrid 1, 192.168.100.21, if 1, renter, prio 105, master
2: vrid 31, 10.10.21.21, if 2, renter, prio 105, master
3: vrid 41, 192.168.100.221, if 1, renter, prio 105, master, server

dump Dump all layer 3 information

Slide 27
 Info Commands (cont)

/info/slb
sess - Session Table Information Menu
/info/slb/sess/dump
Printing Sessions for SP 1
1,01: 192.168.150.141 4518, 192.168.100.221 http -> 2049 10.10.21.100 http age 10 v:10 E

Details for session table column are on Command Reference Guide.

Slide 28
 Info Commands (cont)

gslb - Global SLB Information Menu

real - Show real server information

/info/slb/real
Enter real server number (1-1023): 1
1: 10.10.21.100, 00:03:b2:2c:1e:00, vlan 20, port 2, health 4, up
real ports:
rport 80, up
Real server group 1 , Workload Manager none , slow-start: time 0
Virtual services:
http: vport http, rtspslb none
virtual server: 1, IP4 192.168.100.221
Real server group 2 , Workload Manager none , slow-start: time 0
Virtual services:
ftp: vport ftp, rtspslb none
virtual server: 2, IP4 192.168.100.221
ftp-data: vport ftp-data, rtspslb none
virtual server: 2, IP4 192.168.100.221

Slide 29
 Info Commands (cont)

group - Show real server group information

virt - Show virtual server information

/info/slb/virt 1
1: IP4 192.168.100.221, 00:00:5e:00:01:29
virtual ports:
http: rport http, group 1, backup none, secbkp none, content a.htm,
rtspslb none, dbind
real servers:
1: 10.10.21.100, backup none, 3 ms, group ena, up
2: 10.10.21.200, backup none, 1 ms, group ena, up

filt - Show filter information

port - Show port information

/info/slb/port 1 /info/slb/port 2
1: client 2: server

Slide 30
 Info Commands (cont)

wlm - Show Workload Manager information

idshash - Show IDS server selected by hash or minmisses
bind - Show real server selected by hash, phash, or minmi.
bind6 - Show IPv6 real server sel. by hash, phash, or minm.
cookie - Decode the HEX value to get VIP, RIP and Rport
/info/slb/cookie
Enter 16 or 20 or 24 bytes cookie value as 0xXXXXXXX: 0x3e45de60f4e7afa0baeebabd

Virtual IP address: 192.168.100.222

Real IP address: 10.10.21.30
Real Server Port: 80
Real Server Index: 3

synatk - Show SYN attack detection information

dump - Show all layer 4 information

Slide 31
 Syslog per Session

Setup an Syslog Server

– Severity need set to level 7
– Enable session log global and per service
Example Command Line Interface

/c/sys/syslog/sesslog on
/c/sys/syslog/hst1 192.168.151.236 7 7
/c/slb/virt #/service 80 http
group #
rport 80
sesslog ena

Slide 32
 Stats menu

[Statistics Menu]
sys - System Stats Menu
port - Port Stats Menu
pmirr - Port Mirroring Stats Menu
l2 - Layer 2 Stats Menu
l3 - Layer 3 Stats Menu
slb - Server Load Balancing (L 4-7)
bwm - Bandwidth Management Stats
security - Security Stats Menu
mp - MP-specific Stats Menu
sp - SP-specific Stats Menu
dump - Dump all stats

Slide 33
 Stats Commands

sys - System Stats Menu

port - Port Stats Menu

/stInterface statistics for port 1:

ifHCIn Counters ifHCOut Counters
Octets: 4544509 2972860
UcastPkts: 9453 8945
BroadcastPkts: 0 0
MulticastPkts: 1 0
Discards: 0 0
Errors: 0 0
Per second Interface statistics:
Octets: 384 192
UcastPkts: 1 1
Discards: 0 0
Errors: 0 0

Slide 34
 Stats Commands (cont)

pmirr - Port Mirroring Stats Menu

l2 - Layer 2 Stats Menu

/stats/l2
------------------------------------------------------------
[Layer 2 Statistics Menu]
fdb - Show FDB stats
lacp - Show LACP stats
stg - Show STG stats
dump - Dump layer 2 stats

/stats/l2/fdb
------------------------------------------------------------------
FDB statistics:
creates: 63 deletes: 36
current: 27 hiwat: 30
lookups: 153380 lookup fails: 10
finds: 44 find fails: 4
find_or_c's: 72 overflows: 0
max: 16384

Slide 35
 Stats Commands (cont)

l3 - Layer 3 Stats Menu

/stats/l3
------------------------------------------------------------
[Layer 3 Statistics Menu]
ospf - OSPF Statistics Menu
ip - Show IP stats
ip6 - Show IP6 stats
route - Show route stats
arp - Show ARP stats
vrrp - Show VRRP stats
vrrp6 - Show VRRP6 stats
rip - Show RIP stats
dns - Show DNS stats
icmp - Show ICMP stats
if - Show IP interface ("if") stats
tcp - Show TCP stats
udp - Show UDP stats
ifclear - Clear IP interface ("if") stats
ipclear - Clear IP stats
dump - Dump layer 3 stats

Slide 36
 Stats Commands (cont)

/stats/l3/ip
------------------------------------------------------------------
IP statistics:
ipInReceives: 150530 ipInHdrErrors: 0
ipInAddrErrors: 0 ipForwDatagrams: 2
ipInUnknownProtos: 0 ipInDiscards: 0
ipInDelivers: 118503 ipOutRequests: 150643
...
ipRoutingDiscards: 0 ipDefaultTTL: 255
ipReasmTimeout: 5

/stats/l3/if 1
------------------------------------------------------------------
IP interface 1 statistics:
ifInOctets: 2704820 ifInUcastPkts: 10007
...
ifOutErrors: 0 ifStateChanges 1

Details are in the

Command Reference
Guide for each value
Slide 37
 Stats Commands (cont)
slb - Server Load Balancing (Layer 4-7) Stats Menu
sp - SLB Switch SP Stats Menu
gslb - Global SLB Stats Menu
real - Show real server stats
group - Show real server group stats
virt - Show virtual server stats
filt - Show filter stats
layer7 - Show Layer 7 stats
accel - Show acceleration stats
http - Show HTTP stats
pip - Show PIP stats
ssl - Show SSL SLB stats
ftp - Show FTP SLB parsing and NAT stats
rtsp - Show RTSP SLB stats
dns - Show DNS SLB stats
wap - Show WAP SLB stats
maint - Show maintenance stats
sip - Show SIP SLB stats
wlm - Show Workload Manager SASP stats
mirror - Show Sesssion mirroring stats
clear - Clear non-operational Server Load Balancing stats
aux - Show auxiliary session table stats
dump - Dump all SLB statistics

Slide 38
 Stats Commands (cont)

/ststs/slb/real 1
------------------------------------------------------------------
Real server 1 stats:
Real server failures: 0
Last time real server up: 6:47:26 Thu Sep 21, 2010
Last time real server failed: 6:47:22 Thu Sep 21, 2010
Health check attempts: 20718
...
Highest sessions: 2
Octets: 41580

/stats/slb/virt 1
------------------------------------------------------------------
Virtual server 1 stats:
Current Total Highest
Real IP address Sessions Sessions Sessions Octets
---- --------------------------- -------- ---------- -------- ---------------
1 10.10.21.100 0 3 2 41580
2 10.10.21.200 0 4 2 103910
---- --------------------------- -------- ---------- -------- ---------------
192.168.100.221 0 7 4 145490

Slide 39
 Stats Commands (cont)

bwm - Bandwidth Management Stats Menu

security - Security Stats Menu
mp - MP-specific Stats Menu
/ststs/mp/cpu
------------------------------- Command Reference info:
CPU utilization:
cpuUtil1Second: 12%
cpuUtil4Seconds: 23%
cpuUtil64Seconds: 19%

/stats/mp/mem
----------------------------------------
Memory stats:
Total: 1405874176 Bytes
Free: 590450688 Bytes

sp - SP-specific Stats Menu

dump - Dump all stats

Slide 40
Device Performance Monitor

Slide 41
 Device Performance Monitor

Memory usage
Per ADC/vADC

Slide 42
 Device Performance Monitor

Dashboard System

Slide 43
 Device Performance Monitor

Configure DPM Example Command Line Interface

APSVision: install DPM lic

1. Install ‘DevicePerformance
License’ on APSVision
Alteon: enable DAM and DPM
/c/slb/adv/direct ena
2. Configure BASIC SLB on Alteon /c/sys/report on
3. Enable direct access
• option:
Global
/cfg/slb/virt #/service #/
• For each required service
report service
4. Enable DPM reporting or
/cfg/slb/virt #/service #/
5. Optional
report real
• Report per service
• Report per real server

Slide 44
Device Performance Monitor

Slide 45
 Boot menu

[Boot Options Menu]

image - Software image to use on next boot
conf - Config block to use on next boot
gtimg - Download new software image via
FTP/TFTP/SCP
mgmt - Globally Enable/Disable mgmt port
reset - Reset switch
[WARNING: Restarts Spanning Tree]
cur - Display current boot options

Slide 46
 Boot Commands

image - Select software image to use on next boot

/boot/image
Currently set to use switch software "image2" on next boot.
Specify new image to use ["image1"/"image2"]: image1
Next boot will use image1 instead of image2.
conf - Select config block to use on next boot
/boot/conf
Currently set to use active config block on next boot.
Specify new block to use ["active"/"backup"/"factory"]: backup
Next boot will use backup config block instead of active.

mgmt - Globally Enable/Disable mgmt port (4408 only)

/boot/mgmt
Current state of mgmt port is Disabled
Globally [ena|dis] mgmt port (requires a switch reset): ena
Confirm Globally enable mgmt port (requires a switch reset) [y/n]: y

Slide 47
 Upgrading Switch Code

Use serial connection to key in upgrade password

Two software images
Upgrading procedure
– Option 1 – CLI: Download image via FTP/TFTP/SCP protocol.
– Option 2 – Web: Download image by FTP/TFTP/SCP to switch.
/boot menu
– gtimg – Downloads new image via FTP/TFTP/SCP
• Where to put image <image 1 or image 2>
• FTP/TFTP server IP address,
• Image file name
– OS.img file (e.g. AAS-27.0.0.0-4408-AlteonOS.img)
– Make sure you have the correct image for your hardware
– Provide for FTP or SCP account and password info
Provide upgrade password
Reset switch with /boot/reset command.

Slide 49
 Boot Commands (cont)

reset - Reset switch [WARNING: Restarts Spanning Tree]

cur - Display current boot options

/boot/cur
Currently set to boot image2, active config block.
Current FLASH software:
image1: Alteon-28.1.0.0
image2: Alteon-29.0.0.0 downloaded 11:36:06 Wed Sep 22, 2013

Memory profile is Default

Management port is enabled

Slide 50
 Upgrading Vx/vADC Switch Code
Four Vx software images
10 vADC software images
Upgrading procedure
– Option 1 – CLI: Download image via FTP/TFTP/SCP protocol.
– Option 2 – Web: Download image by https to switch.
/boot menu
– gtimg – Downloads new image via FTP/TFTP/SCP
• Which image to load, [all|vx|adc]
• Where to put image vx: 1-4, adc: 1-10
• FTP/TFTP/SCP server IP address,
• Image file name
– OS.img file (e.g. AlteonOS-29.0.0.10-5000-ADC.img)
– Make sure you have the correct image for your hardware
– Provide for FTP or SCP account and password info
Provide upgrade password
Select image, /boot/image/vx or adc command.

Reset vADC use /boot/vadc command.

Slide 51
Web Admin Upgrade

Slide 52
 Thank You!
www.radware.com