Switch Operation Procedures

CH A P T E R
9
Switch Operating Procedures
This chapter describes procedures you can use to manage the MGX 8850, MGX 8850/B, MGX 8950,
MGX 8830, MGX 8830/B switches and the MGX 8880 Media Gateway.
Managing the Configuration Files
The following sections describe how to save a switch configuration in a single zipped file, clear or erase
a configuration, and restore a configuration from a file.
Saving a Configuration
After configuring your switch or after making configuration updates, it is wise to save the configuration.
It is also good practice to save the configuration before upgrading the software. Restoring a saved
configuration is much easier than re-entering all the commands used to configure the switch.
To save a configuration, enter the saveallcnf command, which saves the configuration to a file in the
C:/CNF directory. To prevent the saved files from consuming excessive disk space, the switch preserves
only two configuration files. If you save a third time, the older of the two existing files is replaced by the
newer file.
Tip
To prevent overwriting of older configuration files, transfer those files to another storage media.
A saved configuration file is named using the switch name and the current date as follows:
switchname_dateCode<N|O>
The date appears in YYMMDD (year, month, day) format. When two configurations are saved on the
same day, the letters N or O indicate if the saved file is the newest or oldest configuration file. For
example, if the configuration for a switch named M8950_SF is saved on January 24th, the file is named
C:/CNF/M8950_SF_040124N. An older file that was saved on the same day would be renamed
M8950_SF_040124O. If the configuration is saved on different days, both files are saved with the N
indicator.
When you save a configuration, the switch saves all configuration data, including the software revision
levels used by the cards in the switch. The saved configuration file does not include the boot and runtime
software files. Should you need to restore a configuration, the restoreallcnf command restores the
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-1
Chapter 9
Switch Operating Procedures
Managing the Configuration Files
configuration exactly as it was when the configuration file was saved. If the boot and runtime files have
been removed from the switch, they must be transferred to the switch before the restored configuration
can start.
Note
If you have upgraded software on the switch since the last time the configuration was saved, a
configuration restore will restore the non-upgraded software versions and configuration data. The
software does not allow you to save a configuration and restore it on a different revision level of the
software.
You can save a configuration if both of the following are true:
Caution
•
No save or restore process is currently running.
•
No configuration changes are in progress.
Make sure that no other users are making configuration changes when you save the configuration. The
Cisco MGX 8850switches do not check for other CLI or CWM users before saving a configuration. If
other users make changes while the file is being saved, the configuration can become corrupt. If you try
to restore the configuration from a corrupt file, the switch can fail and you might have to send switch
cards back to the factory for reprogramming.
To save a switch configuration, use the following procedure.
Step 1
Establish a configuration session using a user name with SERVICE_GP privileges or higher.
Step 2
To save the configuration, enter the saveallcnf command:
mgx8830a.7.PXM.a > saveallcnf [-v]
The verbose option, -v, displays messages that show what the switch is doing during the save process.
You do not need to see these messages, but they do give you an indication on how the save process is
proceeding. If you do not enter the -v option, the switch does not display any status messages until the
save is complete.
Note
Step 3
The switch stores only the last two files saved with the saveallcnf command. Each time the
command is run, the oldest of the two configuration files is replaced. This prevents the hard disk
from getting full due to repetitive use of this command. If you need to save files that will be
erased the next time the saveallcnf command is run, use an FTP client to copy them to a file
server or workstation before saving the next configuration.
Read the prompt that appears. Press Y if you want to continue, and then press Enter.
When the save is complete, the switch prompt reappears, and the new file is stored in the C:/CNF
directory.
Note
After you enter the saveallcnf command, it takes several minutes for the switch to save the
current configuration.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-2
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing the Configuration Files
The following example shows what appears on the switch when the saveallcnf command is used without
the -v option:
M8950_SF.7.PXM.a > saveallcnf
The 'saveallcnf' command can be time-consuming. The shelf
must not provision new circuits while this command is running.
Do not run this command unless the shelf configuration is stable
or you risk corrupting the saved configuration file.
ATTENTION PLEASE NOTE:
-> If you want to abort the save, please use abortallsaves CLI.
If you use cntrl-C, you will risk hanging the whole telnet
session and may lose capability of being able to perform
subsequent saves
-> The save command will only store the
2 most recent saved files in C:/CNF directory.
If you have 2 or more files already saved in C:/CNF,
the older ones will be deleted by the current save,
keeping the 2 most recent.
saveallcnf: Do you want to proceed (Yes/No)? y
Note
Once you have saved a file to the CNF directory, Cisco recommends that you FTP to transfer this
file to another storage media. The goal is to ensure that the file is not accidentally deleted from
the CNF directory, lost if the PXM hard drive fails, or corrupted if a PXM fails.
Once the switch has finished saving the current configuration, the screen output confirms that the
configuration was saved to the CNF directory, and lists the files that were zipped, as shown in the
following example.
saveallcnf: shelf configuration saved in C:/CNF/M8950_SF_040124N.
These files were zipped:
Length Method
Size Ratio
Date
Time
CRC-32
Name
------ --------- ------------------2485 Defl:N
2196 88% 01-24-04 18:12 e8459670
SSHD.zip
40 Defl:N
42 105% 01-24-04 18:12 60c1bc95
version
14469106 Defl:N 14473298 100% 01-24-04 18:12 d68e426b
RPM.zip
5968 Defl:N
2484 41% 01-24-04 18:11 dd6daa59
SCTF.zip
72307 Defl:N
37767 52% 01-24-04 18:11 7db65e6e
SCTC.zip
6087 Defl:N
4920 80% 01-24-04 18:11 16a9409e
SHMDB.zip
403713 Defl:N
31181
7% 01-24-04 18:11 9cc9ab0c
LS7.zip
37752 Defl:N
6560 17% 01-24-04 18:09 e75ace4f
LS12.zip
46935 Defl:N
7142 15% 01-24-04 18:09 f6666588
LS4.zip
13972 Defl:N
2877 20% 01-24-04 18:09 bdc79d60
LS15.zip
19350 Defl:N
4468 23% 01-24-04 18:09 33a97dff
LS14.zip
19364 Defl:N
3299 17% 01-24-04 18:09 cf5d3420
LS1.zip
13707 Defl:N
2606 19% 01-24-04 18:09 542d0fce
LS16.zip
19251 Defl:N
3133 16% 01-24-04 18:09 cf2d2074
LS5.zip
14379 Defl:N
3310 23% 01-24-04 18:09 37846a6f
LS6.zip
76847 Defl:N
43790 56% 01-24-04 18:09 86af5ddd
LS11.zip
82 Defl:N
71 86% 01-24-04 18:12 052b8d88
csrStatus.txt
521 Defl:N
151 28% 01-24-04 18:12 38722b4b
csrTable.txt
524160 Defl:N 434853 82% 01-24-04 18:09 4ee160ba
bram.img
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-3
Chapter 9
Switch Operating Procedures
Managing the Configuration Files
Step 4
In preparation for viewing the saved configuration file, enter the cd C:CNF/ command to go to the
directory where the file was saved.
M8850_NY.7.PXM.a > cd C:CNF/
Step 5
To verify the file is there, enter the ll command to list the directory contents.
M8950_SF.7.PXM.a > ll
Listing Directory .:
drwxrwxrwx 1 0
drwxrwxrwx 1 0
drwxrwxrwx 1 0
-rwxrwxrwx 1 0
-rwxrwxrwx 1 0
0
0
0
0
0
16384
16384
16384
15065924
15065919
Jan
Jan
Jan
Jan
Jan
24
23
24
24
24
18:12
04:38
18:12
18:12
17:50
./
../
TMP/
M8950_SF_040124N
M8950_SF_040124O
In the file system :
total space : 818992 K bytes
free space : 692832 K bytes
Clearing a Switch Configuration
There are two commands that allow you to clear the switch configuration: clrcnf and clrallcnf.
To clear switch provisioning data such as the PNNI controller and SPVC connections, enter the clrcnf
command. This command clears all configuration data except the following:
•
IP address configuration
•
Node name
•
Software version data for each card
•
SNMP community string, contact, and location
•
Date, time, time zone, and GMT offset
•
MPSM feature licenses in the license pool
To clear the entire configuration, use the clrallcnf command using the following format:
M8850_LA.8.PXM.a > clrallcnf [clrLicense]
This command clears all the provisioning data and most of the general switch configuration parameters,
such as the switch name and SNMP configuration. The clrallcnf command clears all IP addresses except
the boot IP address.
If you include the clrLicense option, the command clears all MPSM feature licenses. If the clrLicense
option is not included, the licenses remain on the switch, but they cannot be used unless the switch runs
the same software versions that were in use when the configuration was cleared.
Clearing a Slot Configuration
The clrsmcnf command allows you to clear the configuration for a single service module. All
provisioning is deleted and any MPSM licenses in use are returned to the license pool. If the -all
parameter is added, card specific information is deleted too. The card specific information for most cards
is the software revision number. For MPSM cards, the card specific information includes the service
selected (ATM, circuit emulation, or Frame Relay) and the interface type selected.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-4
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing the Configuration Files
Note
When replacing a T1 or T3 card with a E1 or E3 card, or vice versa, you must enter the clrsmcnf
command on the appropriate slot before you install the replacement card.
To clear the configuration for a service module, use the following procedure.
Step 1
Establish a configuration session using a user name with SERVICE_GP privileges or higher.
Step 2
If the card is configured for redundancy, remove card redundancy with the delred command. For more
information, see the “Removing Redundancy Between Two Cards” section later in this chapter.
Note
Step 3
The clrsmcnf command does not work on redundant cards.
Enter the clrsmcnf command as follows:
PXM1E_SJ.8.PXM.a > clrsmcnf <slot-id> [all] [verbose]
Replace slot-id with the slot number of the service module you want to clear. As described in the
introduction to this procedure, include the all parameter if you want to delete all provisioning and
card-specific information. When included, the verbose option displays status statements during the
clearing of the service module configuration.
After you enter the clrsmcnf command, the service module reboots. If you cleared only the provisioning,
the card will come up in the Active state using the same software revision that was in use before the
configuration was cleared. If you used the all option to clear the entire card configuration, the service
module will act as if it were newly installed in a slot that has no configuration assigned to it. When no
configuration is assigned to a slot, you can move any card type into the slot and initialize the card as if
it were a new card.
Step 4
To display the status of a service module, enter the dspcd command.
Restoring a Saved Switch Configuration
You can restore a configuration if all of the following statements are true:
Caution
•
No save or restore process is currently running.
•
No configuration changes are in progress.
•
The switch is not hosting any critical calls.
•
A switch configuration file has been previously created with the saveallcnf command.
•
The switch configuration file from which you want to restore is stored in the C:/CNF directory.
•
The PXM runtime software used by the saved configuration is stored in the C:/FW directory.
Make sure that no other users are making configuration changes when you restore the configuration. The
Cisco MGX 8850switches do not check for other CLI or CWM users before restoring a configuration. If
other users make changes while the file is being restored, the configuration can become corrupt, the
switch can fail, and you might have to send switch cards back to the factory for reprogramming.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-5
Chapter 9
Switch Operating Procedures
Managing the Configuration Files
Caution
Restoring a configuration replaces the existing configuration with the saved configuration. If there are
configuration changes (such as MPSM license additions) that have been made since the last
configuration save, those changes will be lost.
To restore a saved switch configuration, use the following procedure.
Step 1
Establish a configuration session using a user name with SERVICE_GP privileges or higher.
Step 2
Verify that the file from which you want to restore configuration data is located in the C:/CNF directory.
Note
The C:/CNF directory is the only location from which you can restore a configuration file. If the
file has been moved to another directory or stored on another system, the file must be returned
to this directory before the data can be restored.
Tip
Enter the cd command to navigate the C:/CNF directory, and enter the ll command to display the
directory contents. For information on transferring files to and from the switch, see Appendix A,
“Downloading and Installing Software Upgrades.”
Step 3
Verify that the runtime software used by the saved configuration is located in the C:/FW directory.
Step 4
To restore a saved configuration file, enter the restoreallcnf command.
mgx8830a.1.PXM.a > restoreallcnf -f filename
Caution
The restoreallcnf command resets all cards in the switch and terminates all calls passing through the
switch.
Caution
The configuration file saved with the saveallcnf command does not include the boot and runtime
software files in use at the time of the save. If the PXM runtime software is missing, the following
warning message appears:
**WARNING**: The version of firmware saved in the configuration file XYZ
is not present on the disk.
If you continue with the restore, before loading the image into C:/FW the shelf
may not comeback up.
Do you still want to continue ? [Yes/No]
If this message appears, you should enter No and transfer the correct software to the C:/FW directory
before restoring the configuration. The switch will start up if runtime service module software is
missing, but service modules will not operate until the correct software versions are installed.
Replace filename with the name of the saved configuration file.You do not have to enter the path to the
file or the extension. For information on the location and name of the file, see “Saving a Configuration,”
which appears earlier in this chapter.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-6
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing ILMI
Note
If there were any license additions, deletions, or transfers performed after saving the restored
configuration, the switch generates a minor license alarm if the number of licenses detected does not
match the number of licenses restored. For more information, see Appendix F, “MPSM Licensing”.
Managing ILMI
The following sections describe how to
•
Enable and disable the integrated local management interface (ILMI) feature on a port
•
Display ILMI port configuration data
•
Display and clear ILMI management statistics
•
Delete ILMI prefixes
Enabling and Disabling ILMI on a Port
The Cisco MGX switches provide several commands that you can use to enable or disable ILMI on a
port. For instructions on enabling or disabling ILMI from a PXM1E card, see the “Configuring ILMI on
a Port” section in Chapter 3, “Provisioning PXM1E Communication Links.” For instructions on enabling
or disabling ILMI from a AXSM card, see refer to the Cisco ATM Services (AXSM) Configuration Guide
and Command Reference for MGX Switches, Release 5.2.
To enable or disable ILMI from the PXM prompt, use the following procedure.
Step 1
Establish a configuration session using a user name with GROUP1 privileges or higher.
Step 2
To display a list of ports and view the current ILMI status of each, enter the dsppnports command.
To enable or disable ILMI on a port, enter the cnfilmienable command as follows:
mgx8830a.1.PXM.a >cnfilmienable <portid> <no | yes>
Replace portid using the format slot:bay.line:ifNum. Table 9-1 describes these parameters.
Enter yes to enable ILMI on the port, or enter no to disable ILMI.
Table 9-1
Port Identification Parameters
Parameter
Description
slot
Enter the slot number for the card that hosts the port you are configuring.
bay
Replace bay with 1 if the line is connected to a back card in the upper bay, or replace it
with 2 if the line is connected to a back card in the lower bay.
The bay number is always 2 for a PXM1E, and 1 for an AXSM-1-2488 or
MPSM-T3E3-155.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-7
Chapter 9
Switch Operating Procedures
Managing ILMI
Table 9-1
Step 3
Port Identification Parameters (continued)
Parameter
Description
line
Replace line with the number that corresponds to the back card port to which the line is
connected.
ifNum
An ATM port is also called an interface. Enter a number from 1 to 31 to identify this
interface. The interface number must be unique on the card to which it is assigned.
Interface numbers are assigned with the addport command.
To verify the ILMI status change, re-enter the dsppnports command.
Displaying the ILMI Port Configuration
The following procedure describes some commands you can use to view the ILMI port configuration.
Step 1
Establish a configuration session using a user name with access privileges at any level.
Step 2
To display the ILMI configuration for all ports on a PXM1E or AXSM card, enter the dspilmis
command. The following example shows the dspilmis command report:
mgx8830a.1.PXM.a > dspilmis
Sig.
Port
---1
3
rsrc Ilmi Sig Sig Ilmi S:Keepalive T:conPoll K:conPoll
Part State Vpi Vci Trap Interval
Interval InactiveFactor
---- ---- ---- ---- --- ------------ ---------- ---------1
Off
0
16
On
1
5
4
1
Off
0
16
On
1
5
4
The previous example shows that all ports are configured for the default ILMI values and that ILMI has
not been started on any port. Table 9-2 describes each of the report columns.
Table 9-2
Column Descriptions for dspilmis and dspilmi Commands
Column
Description
Sig. Port
Port or logical interface for which ILMI status appears.
rsrc Part
Resource partition assigned to the port.
ILMI State
Configured ILMI state, which appears as either On or Off. The default ILMI
state is Off, which indicates that ILMI is disabled on the port. You can
enable ILMI signaling on the port by entering the upilmi command, which
changes the state to On. Note that this column indicates whether ILMI is
enabled or disabled. To see the operational state of ILMI, use the
dsppnport, dsppnports, or dsppnilmi commands.
Sig Vpi
VPI for the ILMI signaling VCC.
Sig Vci
VCI for the ILMI signaling VCC.
Ilmi Trap
Indicates whether ILMI traps are enabled (On) or disabled (Off) for this
port.
S:Keepalive Interval
Keep alive interval. The range is 1–65535 seconds.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-8
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing ILMI
Table 9-2
Column Descriptions for dspilmis and dspilmi Commands (continued)
Column
Description
T:conPoll Interval
Polling interval for T491 in the range 0–65535 seconds.
K:conPoll InactiveFactor Polling interval K in the range 0–65535 seconds.
Step 3
To display the ILMI configuration for a single port, enter the dspilmi command as follows:
mgx8830a.1.PXM.a > dspilmi <ifnum> <partitionId>
Replace ifnum with the interface number of the port, and replace partitionID with the partition number
assigned to the port. You can view both of these numbers in the dspilmis command report. The following
is an example report for the dspilmi command. Table 9-2 describes each of the columns that appear in
the command report.
mgx8830a.1.PXM.a > dspilmi 1 1
Sig.
Port
---1
Step 4
rsrc Ilmi Sig Sig Ilmi S:Keepalive T:conPoll K:conPoll
Part State Vpi Vci Trap Interval
Interval InactiveFactor
---- ---- ---- ---- --- ------------ ---------- ---------1
On
0
16
On
1
5
4
To display the operational state of ILMI on all ports, enter the dsppnports command at the PXM prompt
as shown in the following example:
mgx8830a.1.PXM.a > dsppnports
Summary of total connections
(p2p=point to point,p2mp=point to
Type
#Svcc:
#Svpc:
#SpvcD:
p2p:
0
0
0
p2mp: 0
0
0
multipoint,SpvcD=DAX spvc,SpvcR=Routed spvc)
#SpvpD: #SpvcR: #SpvpR: #Total:
0
0
0
0
0
0
0
0
Total=0
Summary of total configured SPVC endpoints
Type
#SpvcCfg: #SpvpCfg:
p2p:
0
0
p2mp: 0
0
Per-port status summary
PortId
IF status
Admin status
ILMI state
#Conns
7.35
up
up
Undefined
0
7.36
up
up
Undefined
0
7.37
up
up
Undefined
0
7.38
up
up
Undefined
0
UpAndNormal
0
Type <CR> to continue, Q<CR> to stop:
10:1.1:1
up
up
The ILMI operational state is displayed as one of the following: Disable, EnableNotUp, or
UpAndNormal. When ILMI is disabled on the port, the operational status is Disable. When ILMI is
enabled on the local port but cannot communicate with ILMI on the remote port, the status is
EnableNotUp. In other words, the EnableNotUp status happens when ILMI is disabled on the remote
end. When ILMI is enabled and communicating with ILMI on the remote port, the ILMI state is
UpAndNormal.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-9
Chapter 9
Switch Operating Procedures
Managing ILMI
Step 5
To display ILMI configuration data for a specific port, enter the dsppnilmi command at the PXM prompt
as follows:
mgx8830a.1.PXM.a > dsppnilmi <portid>
Replace portid using the format slot:bay.line:ifNum. Table 9-1 describes these parameters. The
following example shows the format of the dsppnilmi command report.
mgx8830a.1.PXM.a > dsppnilmi 10:1.1:1
Port: 10:1.1:1
Port Type: PNNI
Side:
Autoconfig: disable
UCSM: disable
Secure Link Protocol: enable
Change of Attachment Point Procedures: enable
Modification of Local Attributes Standard Procedure: enable
Addressreg: Permit All
VPI:
0
VCI:
16
Max Prefix:
16
Total Prefix:
0
Max Address:
64
Total Address:
0
Resync State:
0
Node Prefix: yes
Peer Port Id:
16848897
System_Id : 0.80.84.171.226.192
Peer Addressreg: enable
Peer Ip Address : 0.0.0.0
Peer Interface Name : atmVirtual.01.1.1.01
ILMI Link State : UpAndNormal
ILMI Version : ilmi40
INFO:
network
No Prefix registered
Displaying and Clearing ILMI Management Statistics
The following procedure describes some commands you can use to view ILMI management statistics.
Step 1
To display ILMI management statistics for a port, enter the dspilmicnt command as follows:
mgx8830a.1.PXM.a > dspilmicnt <ifnum> <partitionId>
Replace ifnum with the interface number of the port, and replace partitionID with the partition number
assigned to the port. You can view both of these numbers in the dspilmis command report. The following
is an example report for the dspilmicnt command.
mgx8830a.1.PXM.a > dspilmicnt 1 1
If Number
: 1
Partition Id
: 1
SNMP Pdu Received
: 36914
GetRequest Received
: 18467
GetNext Request Received : 0
SetRequest Received
: 0
Trap Received
: 1
GetResponse Received
: 18446
GetResponse Transmitted : 18467
GetRequest Transmitted
: 18446
Trap Transmitted
: 4
Unknown Type Received
: 0
ASN1 Pdu Parse Error
: 0
No Such Name Error
: 0
Pdu Too Big Error
: 0
Cisco MGX 8800/8900 Series Software Configuration Guide
9-10
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing ILMI
Note
Step 2
Partition ID 1 is reserved for PNNI.
To clear the ILMI management statistics for a port, enter the clrilmicnt command as follows:
mgx8830a.1.PXM.a > clrilmicnt <ifnum> <partitionId>
Replace ifnum with the interface number of the port, and replace partitionID with the partition number
assigned to the port. The following example shows the switch response to this command.
mgx8830a.1.PXM.a > clrilmicnt 1 1
ilmi stats for ifNum 1, partId 1 cleared
Step 3
To verify that the statistics have been cleared, re-enter the dspilmicnt command.
Deleting ILMI Prefixes
The following procedure describes how to delete an ILMI address prefix from a port.
Note
The procedure for adding ILMI prefixes is described in “Configuring ILMI Dynamic Addressing” in
Chapter 3, “Provisioning PXM1E Communication Links.”
Step 1
Establish a configuration session using a user name with GROUP1 privileges or higher.
Step 2
To view the ILMI prefixes assigned to a port, enter the dspprfx command as follows:
mgx8830a.1.PXM.a > dspprfx <portid>
Replace <portid> with the port address using the format slot:bay.line:ifnum. These parameters are
described in Table 9-1. For example:
mgx8830a.1.PXM.a > dspprfx 10:2.2:4
INFO:
No Prefix registered
In the example, no ILMI prefixes have been assigned to the port, so the port will use the prefix configured
for the SPVC prefix.
Step 3
To prepare for deleting an ILMI prefix, down the port to be configured with the dnpnport command.
For example:
mgx8830a.1.PXM.a > dnpnport 10:2.2:4
Step 4
Enter the following command to delete an ATM prefix for a port:
mgx8830a.1.PXM.a > delprfx <portid> <atm-prefix>
Replace portid using the format slot:bay.line:ifNum. Table 9-1 describes these parameters.
Replace atm-prefix with the 13-byte ATM address prefix in use.
Step 5
Up the port you configured with the uppnport command. For example:
mgx8830a.1.PXM.a > uppnport 10:2.2:4
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-11
Chapter 9
Switch Operating Procedures
Determining the Software Version Number from Filenames
Step 6
To verify the proper ATM prefix configuration for a port, re-enter the dspprfx command.
Determining the Software Version Number from Filenames
The following version management commands require a version number to be entered in a specific
format:
•
abortrev
•
burnboot
•
commitrev
•
loadrev
•
runrev
•
setrev
In most cases, you will find the correct firmware version numbers in the Release Notes for Cisco MGX
8850 (PXM1E/PXM45), Cisco MGX 8950, and Cisco MGX 8830 Switches Release 5.5.00 and the
Release Notes for the Cisco MGX 8880 Media Gateway Release 5.5.00. If the release notes are not
available, you can use the firmware filename to determine the version number as described in the
following procedure.
Step 1
Establish a configuration session at any access level.
Step 2
To view the files on the switch hard drive, you can enter UNIX-like commands at the switch prompt. To
change directories to the firmware directory (FW), enter the cd command as follows:
mgx8830a.1.PXM.a > cd C:/FW
Note
Step 3
Remember that UNIX directory and filenames are case sensitive.
To list the contents of the directory, enter the ll command:
mgx8830a.1.PXM.a > ll
The following example shows the ll command display:
mgx8830a.1.PXM.a > ll
-rwxrwxrwx
-rwxrwxrwx
-rwxrwxrwx
-rwxrwxrwx
-rwxrwxrwx
-rwxrwxrwx
-rwxrwxrwx
-rwxrwxrwx
-rwxrwxrwx
-rwxrwxrwx
-rwxrwxrwx
-rwxrwxrwx
-rwxrwxrwx
-rwxrwxrwx
-rwxrwxrwx
-rwxrwxrwx
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1367596
967736
6476612
1123104
6412036
3810744
3811160
1085856
6327220
1015768
6331172
878976
725744
867564
1004548
6524548
Mar
Apr
Mar
Mar
Feb
Feb
Feb
Jan
Feb
Feb
Jan
Jan
Mar
Mar
Mar
May
12
11
29
6
27
26
26
5
1
1
29
1
12
12
12
3
18:27
18:43
23:51
18:26
19:39
23:54
19:21
2000
00:02
00:02
00:24
2098
18:27
18:27
18:28
00:38
ausm_8t1e1_020.000.000.106-D.fw
pxm1e_002.001.050.000-D_diag.fw
pxm1e_003.000.000.000-D_mgx.fw
pxm1e_003.000.000.000-D_diag.fw
pxm1e_003.000.000.206-P1_m30.fw
vism_8t1e1_003.000.000.051-I.fw
vism_8t1e1_003.000.000.050-I.fw
pxm1e_001.001.050.005-A_diag.fw
pxm1e_003.000.000.185-P2_m30.fw
pxm1e_003.000.000.185-P2_bt.fw
pxm1e_003.000.000.185-A_mgx.fw
pxm1e_002.001.050.007-A_bt.fw
cesm_8t1e1_020.000.000.106-D.fw
frsm_8t1e1_020.000.000.106-D.fw
frsm_vhs_020.000.000.106-D.fw
pxm1e_003.000.000.000-D_m30.fw
Cisco MGX 8800/8900 Series Software Configuration Guide
9-12
OL-19868-01
Chapter 9
Switch Operating Procedures
Determining the Software Version Number from Filenames
-rwxrwxrwx 1 0
0
6505668 Apr 29 23:24 pxm1e_003.000.000.026-P4_m30.fw
In the file system :
total space : 819200 K bytes
free space : 786279 K bytes
Note
The example was created during product development. The filenames may be different from those in use
on your switch. For the latest list of filenames, refer to the Release Notes for Cisco MGX 8850
(PXM1E/PXM45), Cisco MGX 8950, and Cisco MGX 8830 Switches Release 5.5.00 and the Release
Notes for the Cisco MGX 8880 Media Gateway Release 5.5.00.
Figure 9-1 shows the information contained in filenames for released software.
Filename Format for Released Software
Version number:
2 . 0 (1.1)
Filename:
pxm 45_002.000.001.001_mgx.fw
Card
designator
Major
version
Minor Maintenance Patch
version
level
level
Image
description
42937
Figure 9-1
Filenames that include “_mgx” are for runtime PXM firmware, and filenames that include “_bt” are for
boot firmware. Service module runtime firmware images do not have an image description after the
version number. When you first receive the switch from Cisco, there will be single versions of each file.
If you download updates to any files, there will be multiple versions of those files.
Figure 9-2 shows the information contained in filenames for prereleased firmware. If you are evaluating
nonreleased firmware, the filename format shows that the firmware is prereleased and indicates the
development level of the prerelease firmware.
Filename Format for Prereleased Firmware
Version number:
Filename:
2 . 0 (117) A1
pxm 45_002.000.117-A1_mgx.fw
Card
Major
designator version
Step 4
Minor Maintenance
version
level
Development Image
level
description
42938
Figure 9-2
Translate the filenames to version numbers, and write the numbers down so you can set the revision
levels for the software.
Write the version number in the format required by the revision management commands. The following
example shows the required format. If you are logged in as a user with SERVICE_GP access privileges,
you can display this example by entering any of the revision management commands without
parameters.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-13
Chapter 9
Switch Operating Procedures
Determining the Software Version Number from Filenames
mgx8830a.1.PXM.a > runrev
ERR: Syntax: runrev <slot> <revision>
slot -- optional; value: 15,16,31,32
revision - revision number. E.g.,
2.0(1)
2.0(1.255)
2.0(0)I or 2.0(0)A
2.0(0)P1 or 2.0(0)P2
2.0(0)P3 or 2.0(0)P4
2.0(0)D
2.0(1.166)I or 2.0(1.166)A
2.0(1.166)P1 or 2.0(1.166)P2
2.0(1.166)P3 or 2.0(1.166)P4
The first example, 2.0(1), is for released firmware version 2.0, maintenance release 1. The second
example, 2.0(1.255), is for patch 255 to version 2.0, maintenance release 1. The other examples are for
prerelease firmware. Prerelease firmware does not include patches; the maintenance release number is
increased for each software change.
Table 9-3 shows some example filenames and the correct version numbers to use with the revision
management commands.
Table 9-3
Determining Firmware Version Numbers from Filenames
Filename
Version Number for Revision
Management Commands
ausm_8t1e1_020.000.001.047.fw
20.0(1.47)
axsm_002.000.001.001.fw
2.0(1.1)
axsm_002.000.016-D.fw
2.0(16)D
cesm_8t1e1_020.000.001.047.fw
20.0(1.47)
frsm_8t1e1_020.000.001.047.fw
20.0(1.47)
frsm_vhs_020.000.001.047.fw
20.0(1.47)
mpsm_t1e1_030.000.000.000.fw
30.0(0.0)
pxm1e_003.000.000.000_bt.fw
3.0(0.0)
pxm1e_003.000.001.000_bt.fw
3.0(1.0)
pxm1e_003.000.001-D_mgx.fw
3.0(1)D
pxm1e_003.000.014-A1_bt.fw
3.0(14)A1
pxm45_002.000.000.000_bt.fw
2.0(0.0)
pxm45_002.000.001.000_bt.fw
2.0(1.0)
pxm45_002.000.001-D_mgx.fw
2.0(1)D
pxm45_002.000.014-A1_bt.fw
2.0(14)A1
vism_8t1e1_003.000.000.103-I.fw 3.0(0.103)
Cisco MGX 8800/8900 Series Software Configuration Guide
9-14
OL-19868-01
Chapter 9
Switch Operating Procedures
Displaying Software Revisions for Cards
Displaying Software Revisions for Cards
This section describes how to display software revision information for the cards in your switch.
Displaying Software Revisions in Use
To display the boot and runtime software version in use on every card in the switch, enter the dsprevs
command as shown in the following example:
M8850_SF.8.PXM.a > dsprevs
M8850_SF
MGX8850
Phy. Log. Inserted
Slot Slot Card
---- ---- --------
System Rev: 05.00
Oct. 25, 2004 20:22:08 GMT
Node Alarm: CRITICAL
Boot FW
Revision
--------
Cur Sw
Revision
--------
01
01
02
03
04
05
06
07
08
09
10
11
12
13
14
02
04
04
05
06
07
07
09
10
11
12
13
14
RPM_XF
IOSver
IOSver
Cur SW Rev: 12.3(20040916:060502)
Boot FW Rev: 12.3(20040916:060502)
RPM
12.3(7)T3
12.3(3.9)T2
AXSME_8OC3
5.0(28.65)A
5.0(28.65)A
AXSME_8OC3
5.0(28.65)A
5.0(28.65)A
AXSM_4OC12_B
5.0(28.65)A
5.0(28.65)A
AXSM-32-T1E1-E
5.0(28.65)A
5.0(28.65)A
PXM45B
5.0(29.102)P1
5.0(29.102)A
PXM45B
5.0(29.102)P1
5.0(29.102)A
------MPSM-T3E3-155
5.0(28.65)A
5.0(28.65)A
----1.0(2.0)
FRSM_8T1
22.0(28.17)A
1.0(2.0)
FRSM_8E1
22.0(28.17)A
1.0(2.0)
FRSM_2CT3
22.0(28.17)A
1.0(7.0)
Type
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
<CR>
15
15
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
31
to continue, Q<CR> to stop:
SRME_OC3
--SRME_OC3
----------------------------------MPSM-16-T1E1
5.0(29.102)A
CESM_8T1/B
22.0(28.17)A
MPSM-16-T1E1-PPP 5.0(29.102)A
MPSM-8T1-FRM
30.0(28.17)A
----CESM_8E1
22.0(28.17)A
SRM_3T3
--SRM_3T3
---
--------------------5.0(29.102)A
1.0(2.0)
5.0(29.102)A
30.0(28.17)A
1.0(2.0)
1.0(2.0)
-----
M8850_SF.8.PXM.a >
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-15
Chapter 9
Switch Operating Procedures
Managing Redundant Cards
Displaying Software Revisions for a Single Card
To display the boot and runtime software revisions in use on a single card, enter the dspcd <slot>
command as shown in the following example:
mgx8830a.1.PXM.a > dspcd 2
Unknown
System Rev: 03.00
MGX8830
Slot Number
2
Redundant Slot: 1
Front Card
---------Inserted Card:
PXM1E-4-155
Reserved Card:
PXM1E-4-155
State:
Active
Serial Number:
S1234567890
Prim SW Rev:
3.0(0.26)P4
Sec SW Rev:
3.0(0.26)P4
Cur SW Rev:
3.0(0.26)P4
Boot FW Rev:
3.0(0.26)A
800-level Rev:
E2
800-level Part#:
800-12345-01
CLEI Code:
à0
Reset Reason:
On Power up
Card Alarm:
NONE
Failed Reason:
None
Miscellaneous Information:
May. 04, 2002 20:29:14 GMT
Node Alarm: MINOR
Upper Card
----------
Lower Card
----------
UI Stratum3
UI Stratum3
Active
SAK0325008J
--------03
800-05787-01
SMFIR_4_OC3
UnReserved
Active
SAG05415SW9
--------4P
800-18663-01
0
Type <CR> to continue, Q<CR> to stop:
Managing Redundant Cards
The MGX switches support redundancy between two cards of the same type. For PXM1E, PXM45, and
SRM cards, this redundancy is preconfigured on the switch. To establish redundancy between two
CBSMs (for example, CESM, AUSM, FRSM, and VISM), two AXSMs, or two FRSM12s, you can enter
the addred command as described in the “Establishing Redundancy Between Two Service Modules”
section in Chapter 4, “Preparing Service Modules for Communication.”
The following sections describe how to
•
Display the redundancy configuration
•
Switch operation from one card to the other
•
Remove the redundancy between two service modules
Displaying Redundancy Status
To display the redundancy configuration for the switch, use the following procedure.
Step 1
Establish a configuration session at any access level.
Step 2
To view the redundancy status, enter the following command:
mgx8830a.1.PXM.a > dspred
Cisco MGX 8800/8900 Series Software Configuration Guide
9-16
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing Redundant Cards
After you enter the command, the switch displays a report similar to the following example:
PXM1E_SJ.7.PXM.a > dspred
PXM1E_SJ
System Rev: 05.00
Dec. 07, 1999 23:15:29 GMT
MGX8850
Node Alarm: MAJOR
Logical
Primary
Secondary
Card
Redundancy
Slot
Slot
Card
Slot
Red
Type
Type
State
State
----- ----- ----------- ---- ------------ ------------ ---------7
7
Active
8
Empty Resvd PXM1E-T3E3-155
1:1
15
15
Empty
16
Empty
SRMEB_STS3
1:1
17
17
Active
18
Standby
FRSM_8T1
1:n
19
19
Active
18
Standby
FRSM_8T1
1:n
20
20
Active
21
Standby
FRSM_8E1
1:n
22
22
Active
21
Standby
FRSM_8E1
1:n
28
28
Active
29
Standby
VISM_PR_8T1
1:n
31
31
Active
32
Empty Resvd SRME_OC3
1:1
PXM1E_SJ.7.PXM.a >
Switching Between Redundant PXM Cards
When the switch has two PXM cards running in active and standby mode, you can enter the swtichcc
command to swap the roles of the two cards. Typically, you enter this command to switch roles so you
can upgrade the hardware or software on one of the cards.
Note
The switchcc command is entered only when all cards are operating in active or standby roles. For
example, if a non-active PXM is not in standby state, or if a service module is being upgraded, the
switchcc command is not entered.
To switch operation from one redundant PXM card to another, use the following procedure.
Step 1
Establish a configuration session using a user name with SUPER_GP privileges or higher.
Step 2
Check the status of the active and standby cards by entering the dspcds command.
The dspcds command should list one card as active and one card as standby. If the cards are not in their
proper states, the switchover cannot take place.
Step 3
To switch cards, enter the following command after the switch prompt:
mgx8830a.1.PXM.a > switchcc
Switching Between Redundant Service Modules
To switch operation from an active redundant service module to the standby card, use the following
procedure.
Step 1
Establish a configuration session using a user name with SERVICE_GP privileges or higher.
Step 2
Check the status of the active and standby cards by entering the dspcds command.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-17
Chapter 9
Switch Operating Procedures
Managing Redundant APS Lines
The dspcds command should list one card as active and one card as standby. If the cards are not in their
proper states, the switchover cannot take place.
Step 3
To switch cards, enter the following command after the switch prompt:
mgx8830a.1.PXM.a > switchredcd <fromSlot> <toSlot>
Replace <fromSlot> with the card number of the active card, and replace <toSlot> with the card number
to which you want to switch control.
Removing Redundancy Between Two Cards
To remove the redundant relationship between two service modules, use the following procedure.
Step 1
Establish a configuration session using a user name with GROUP1_GP privileges or higher.
Step 2
To remove card redundancy, enter the following command after the switch prompt:
mgx8830a.1.PXM.a > delred <primarySlot>
Replace primarySlot with the number of the primary card. You can view the primary and secondary
status of cards by entering the dspred command.
Switching Between Redundant RPM Cards
To switch operation from an active RPM-PR or RPM-XF card to the standby card, use the following
procedure.
Step 1
Establish a configuration session using a user name with SERVICE_GP privileges or higher.
Step 2
Check the status of the active and standby cards by entering the dspcds command.
The dspcds command should list one card as active and one card as standby. If the cards are not in their
proper states, the switchover cannot take place.
Step 3
To switch cards, enter the following command after the switch prompt:
mgx8850a.7.PXM.a > softswitch <fromSlot> <toSlot>
Replace <fromSlot> with the card number of the active card, and replace <toSlot> with the card number
to which you want to switch control.
Managing Redundant APS Lines
APS line redundancy is supported on PXM1E, AXSM, and SRME cards. To establish redundancy
between two lines, you can enter the addapsln command as described in the “Establishing Redundancy
Between Two Lines with APS” section in Chapter 3, “Provisioning PXM1E Communication Links.”
Cisco MGX 8800/8900 Series Software Configuration Guide
9-18
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing Redundant APS Lines
The following sections describe how to:
•
Prepare for Intercard APS
•
Display APS line information
•
Modify APS lines
•
Switch APS lines
•
Remove the redundancy between two lines
Note
An APS connector is required for line redundancy on SRME cards that are installed in MGX 8850
(PXM1E) switches, and for line redundancy on PXM1E-8-155 cards in MGX 8850 (PXM1E) and
MGX 8830 switches. An APS connector is not required for SRME cards that are installed in MGX 8830
switches.
Note
You must install an APS connector and configure APS on your PXM1E-4-155 cards in order to facilitate
a future upgrade to the PXM1E-8-155 card.
Preparing for Intercard APS
The following components are required for intercard APS:
•
two front cards.
•
two back cards for every bay hosting APS lines. All lines on cards used for intercard APS must
operate in APS pairs or use Y cables.
•
an APS connector installed between the two back cards for every bay hosting APS lines.
Enter the dspapsbkplane command on both the standby and active card to verify that the APS connector
is plugged in properly. The following example shows the results displayed by the dspapsbkplane
command when the APS connector is in place:
mgx8830a.1.PXM.a > dspapsbkplane
Line-ID
1.1
1.2
2.1
2.2
Primary Card Signal Status
Slot #1
PRESENT
PRESENT
PRESENT
PRESENT
Secondary Card Signal Status
Slot #2
PRESENT
ABSENT
ABSENT
ABSENT
Remote Front Card : PRESENT
Top Back Card
: ENGAGED
Bottom Back Card : ENGAGED
The following example shows the results displayed by the dspapsbkplane command when the APS
connector is not place:
mgx8830a.1.PXM.a > dspapsbkplane
Line-ID
1.1
1.2
2.1
2.2
Primary Card Signal Status
Slot #1
PRESENT
ABSENT
PRESENT
ABSENT
Secondary Card Signal Status
Slot #2
ABSENT
ABSENT
ABSENT
ABSENT
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-19
Chapter 9
Switch Operating Procedures
Managing Redundant APS Lines
Remote Front Card : ABSENT
Top Back Card
: ENGAGED
Bottom Back Card : NOT-ENGAGED
Note
The dspapsbkplane command should be used only when the standby card is in the Ready state. When
the standby card is booting or fails, intercard APS cannot work properly and this command displays
“NOT ENGAGED.”
If the dspapsbkplane command displays the message “APS Line Pair does not exist,” suspect that the
APS is not configured on a line.
If the dspapsbkplane command shows different values for each card in a pair of PXM1E, SRM,
AXSME, or AXSM-XF cards, suspect that the APS connector is seated properly on one card but not on
the other.
The APS connector status is the same for all lines in a single bay because the APS connector
interconnects two back cards within the same bay. You need to enter the dspapsbkplane command only
once to display the APS connector status for both upper and lower bays.
Enter the dspapslns command to verify APS configuration. If the working and protection lines show
OK, both lines are receiving signals from the remote node.
Configuring Intercard APS Lines
In PXM1E, SRM, AXSME, or AXSM-XG intercard APS, either front card can be active, and can be
connected to either APS line through the APS connector joining the two back cards. The following
process describes how intercard APS communication works:
Note
1.
The signal leaves the front card at the remote end of the line.
2.
The signal passes through the APS connector and both back card transmit ports at the remote end of
the line.
3.
The signal travels through both communication lines to the receive ports on both back cards at the
local end.
4.
The active front card processes the signal that is received on the active line.
5.
The standby card monitors only the status of the standby line.
6.
If necessary, the signal passes through the APS connector to the front card.
The front card monitors only one of the receive lines.
Line failures are always detected at the receive end of the line. This is where a switchover occurs when
a failure is detected. Two different types of switchovers can occur, depending on whether the APS was
configured as unidirectional or bidirectional in the cnfapsln command:
•
When a failure occurs on a line configured for unidirectional switching, the switch changes lines at
the receive end only. A switchover is not necessary at the transmit end because the transmitting back
cards send signals on both lines in the 1 +1 APS configuration.
•
When a failure occurs on a line configured for bidirectional switching, a switchover occurs at both
ends of the line.
If the status of the standby line is good, a switchover from the failed active line to the standby is
automatic.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-20
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing Redundant APS Lines
Enter the cnfapsln command to enable an automatic switchover back to the working line after it recovers
from a failure, as shown in the following example:
mgx8830a.1.PXM.a > cnfapsln -w 1.1.1 -rv 2
Table 9-4 describes the configurable parameters for the cnfapsln command.
Table 9-4
cnfapsln Command Parameters
Parameter
Description
-w <working line>
Slot number, bay number, and line number of the active line to configure,
in the following format:
slot.bay.line
Example: -w 1.1.1
-sf <signal fault ber>
A number between 3 and 5 indicating the Signal Fault Bit Error Rate
(BER), in powers of ten.
•
3 = 10-3
•
4 = 10-4
•
5 = 10-5
Example: -sf 3
-sd <SignalDegradeBER> A power if 10 in the range 5–9 that indicates the Signal Degrade Bit Error
Rate (BER):
•
5 = 10-5
•
6 = 10-6
•
7 = 10-7
•
8 = 10-8
•
9 = 10-9
Example: -sd 5
-wtr <Wait To Restore>
The number of minutes to wait after the failed working line has recovered,
before switching back to the working line. The range is 5–12.
Example: -wtr 5
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-21
Chapter 9
Switch Operating Procedures
Managing Redundant APS Lines
Table 9-4
cnfapsln Command Parameters (continued)
Parameter
Description
-w <working line>
Slot number, bay number, and line number of the active line to configure,
in the following format:
slot.bay.line
Example: -w 1.1.1
-dr <direction>
Determines whether the line is unidirectional or bidirectional.
•
1 = Unidirectional. The line switch occurs at the receive end of the
line.
•
2 = Bidirectional. The line switch occurs at both ends of the line.
Note
This optional parameter is not shown in the example because you
do not need to set it for a revertive line.
Example: -dr 2
-rv <revertive>
Determines whether the line is revertive or non-revertive.
•
1 = Non-revertive. You must manually switch back to a recovered
working line.
•
2 = Revertive. APS automatically switches back to a recovered
working line after the number of minutes set in the -wtr parameter.
Example: -rv 1
If you want to manually switch from one line to another, enter the switchapsln <bay> <line>
<switchOption> command, as shown in the following example:
mgx8830a.1.PXM.a > switchapsln 1 1 6
Manual line switch from protection to working succeeded on line 1.1.1
Cisco MGX 8800/8900 Series Software Configuration Guide
9-22
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing Redundant APS Lines
Table 9-5 describes the configurable parameters for the switchapsln command.
Table 9-5
switchapsln Command Parameters
Parameter
Description
bay
Working bay number to switch.
line
Working line number to switch.
switchOption
Method of performing the switchover. The possible methods are as follows:
service switch
•
1 = Clear previous user switchover requests. Return to working line only if the
mode is revertive.
•
2 = Lockout of protection. Prevents specified APS pair from being switched
over to the protection line. If the protection line is already active, the
switchover is made back to the working line.
•
3 = Forced working to protection line switchover. If the working line is active,
the switchover is made to the protection line unless the protection line is locked
out or in the SF condition, or if a forced switchover is already in effect.
•
4 = Forced protection to working line switchover. If the protection line is
active, the switch is made to the working line unless a request of equal or higher
priority is in effect. This option has the same priority as option 3 (forced
working to protection line switchover). Therefore, if a forced working to
protection line switchover is in effect, it must be cleared before this option
(forced protection to working line switchover) can succeed.
•
5 = Manual switchover from working to protection line unless a request of
equal or higher priority is in effect.
•
6 = Manual switchover from protection to working line. This option is only
available in the 1+1 APS architecture.
This is an optional parameter. When set to 1, this field causes all APS lines to switch
to their protected lines.
Enter the dspapslns command to verify that the active line switched over from the protection line to the
working line, as shown in the following example:
mgx8830a.1.PXM.a > dspapslns
Working Prot.
Index
Index
------- ----1.1.1 2.1.1
Conf
Arch
---1+1
Oper
Arch
----1+1
Active WLine PLine WTR
Revt Conf Oper LastUser
Line
State State (min)
Dir Dir SwitchReq
------ ----- ----- ----- ---- ---- ---- ---------working
OK
OK
5 Yes
bi
bi ManualP->W
Displaying APS Line Information
To display the APS line redundancy configuration for a PXM card, enter the dspapsln command as
described in the following.
Step 1
Establish a configuration session at any access level.
Step 2
To view the redundancy status, enter the following command after the switch prompt:
mgx8830a.1.PXM.a > dspapsln <working-slot.bay.line>
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-23
Chapter 9
Switch Operating Procedures
Managing Redundant APS Lines
Replace <working-slot.bay.line> with the slot, bay, and line id of the APS line you want to display. After
you enter the command, the switch displays a report similar to the following:
mgx8830a.1.PXM.a > dspapsln 9.1.1
Working Prot. Conf
Index
Index Arch
------- ----- ---9.1.1 9.1.2 1+1
9.2.1 9.2.2 1+1
Oper
Arch
----1+1
1+1
Active SFBer SDBer WTR
Revt Dir LastUser
Line
10^-n 10^-n (min)
SwitchReq
------ ----- ----- ----- ---- --- ---------working
3
5
5
No uni No Request
working
3
5
5
No uni No Request
Modifying APS Lines
To change the configuration for an APS line, enter the cnfapsln command as described in the following
procedure.
Step 1
Establish a configuration session using a user name with GROUP1_GP privileges or higher.
Step 2
Enter the cnfapsln command as follows:
mgx8830a.1.PXM.a > cnfapsln -w <workingIndex> -sf <SignalFaultBER> -sd <SignalDegradeBER>
-wtr <Wait To Restore> -dr <direction> -rv <revertive> -proto <protocol>
Select the working line to configure by replacing <workingIndex> with the with the location of the
working line using the format slot.bay.line. For example, to specify the line on card 9, bay 1, line 2, enter
9.1.2.
Table 9-6 describes the cnfapsln command options.
Table 9-6
Options for cnfapsln Command
Option
Description
-w
Slot number, bay number, and line number of the active line to configure, in the following
format:
slot.bay.line
Example: -w 1.1.1
-sf
The signal failure Bit Error Rate (BER) threshold. Replace <SignalFaultBER> with a
number in the range of 3 to 5.
5 = signal failure BER threshold = 10 ^^ -5.
-sd
The Signal degrade BER threshold. Replace <SignalDegradeBER> with a number in the
range of 5 to 9.
5 = signal degrade BER threshold = 10 ^^ -5.
-wtr
The number of minutes to wait before attempting to switch back to the working line. Replace
<Wait To Restore> with a number in the range of 1 to 12 (minutes).
Note that this option is applicable only when the -rv option is set to 2, enabling revertive
operation.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-24
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing Redundant APS Lines
Table 9-6
Options for cnfapsln Command (continued)
Option
Description
-dr
The direction option, which specifies the communication paths to be switched when a failure
occurs. The options are unidirectional or bidirectional. When the unidirectional option is
selected, only the affected path, either transmit or receive, is switched. When the
bidirectional option is selected, both paths are switched.
To set this option, replace the <direction> variable with 1 for unidirectional operation or 2
for bidirectional operation.
-rv
The revertive option, which defines how the switch should operate when a failed line
recovers. The options are revertive and nonrevertive. When the -rv option is configured for
revertive operation and the working line recovers, the switch will switch back to the working
line after the period specified by the -wtr option. If the line is configured for nonrevertive
operation, a failure on the working line will cause the switch to use the protect line until a
manual switchover is initiated as described in “Switching APS Lines.”
To set this option, replace the <revertive> variable with 1 for non-revertive operation or 2
for revertive operation.
-proto
The protocol option, which determines whether the switch will use the standard Bellcore
protocol, or the ITU protocol.
Switching APS Lines
To switch between two APS lines, enter the switchapsln command as described in the following
procedure.
Step 1
Establish a configuration session using a user name with GROUP1_GP privileges or higher.
Step 2
Enter the switchapsln command as follows:
mgx8830a.1.PXM.a > switchapsln <bay> <line> <switchOption> <serviceSwitch>
Select the working line to switch by replacing <bay> with the bay number of the working line, and
replacing <line> with the line number for the working line.
Table 9-7 describes the other options you can use with this command.
Table 9-7
Options for switchapsln Command
Option
Value
Description
switchOption
1
Clear
2
Lockout of protection
3
Forced working->protection
4
Forced protection->working
5
Manual working->protection
6
Manual protection->working; applies only to 1+1 mode
0 or 1
0 switches specified line. 1 switches all lines.
serviceSwitch
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-25
Chapter 9
Switch Operating Procedures
Managing Redundant APS Lines
Removing APS Redundancy Between Two Lines
To remove the redundant APS line relationship between two lines, enter the delapsln command as
described in the following procedure.
Step 1
Establish a configuration session using a user name with GROUP1_GP privileges or higher.
Step 2
To remove redundancy between the two lines, enter the following command after the switch prompt:
mgx8830a.1.PXM.a > delapsln <workingIndex>
Select the working line to delete by replacing <workingIndex> with the location of the working line
using the format slot.bay.line. In the following example, the delapsln command removes the APS
redundancy between the working line at Card 1, Bay 2, Line 1 and the protection line associated with it.
mgx8830a.1.PXM.a > delapsln 1.2.1
Troubleshooting APS Lines
Port lights on PXM1E, SRM, AXSME, and AXSM-XG front cards indicate the receive status of APS
lines. The active front card always displays the status of the active line. The standby card always displays
the status of the inactive line. If only one APS line fails, the line failure LED is always displayed on the
standby front card.
Caution
When the active front card and the active line are in different slots and the inactive line has failed, it is
easy to incorrectly identify the failed line as the line in the standby slot. To avoid disrupting traffic
through the active line, verify which physical line is at fault before disconnecting the suspect line.
If the active line fails and the standby line is not available, the switch reports a critical alarm.
If the active line fails and the standby line takes over, the former standby line becomes the new active
line, and the switch reports a major alarm.
If a PXM1E, SRM, AXSME, or AXSM-XG front card fails, APS communication between the redundant
front cards fails. This can result in one of the following situations:
•
If both APS lines were working before the failure, an APS line failure causes a switchover to the
protection line
•
If either APS line failed prior to a front card failure, a failure on the active line does not cause a
switchover to the other line. Because the standby front card failed, it cannot monitor the standby line
and report when the line has recovered. This means that the active card cannot use the standby line
until the standby front card is replaced and the line problem corrected.
Use the following procedure to troubleshoot APS lines.
Step 1
Enter the dsplns command to determine if the line in alarm is an APS line. The dsplns command shows
which lines are enabled for APS.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-26
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing Redundant APS Lines
mgx8830a.1.PXM.a > dsplns
Medium Medium
Sonet Line
Line
Line
Frame
Line
Line
Line State
Type
Lpbk
Scramble Coding Type
----- ----- ------------ ------ -------- ------ ------1.1
Up sonetSts12c NoLoop
Enable Other ShortSMF
1.2
Up sonetSts12c NoLoop
Enable Other ShortSMF
2.1
Up sonetSts12c NoLoop
Enable Other ShortSMF
2.2
Up sonetSts12c NoLoop
Enable Other ShortSMF
Alarm
State
----Clear
Clear
Clear
Clear
APS
Enabled
-------Enable
Disable
Disable
Disable
If the line in alarm is an APS line, and has always functioned properly as an APS line, proceed to Step 2.
If the line in alarm has never functioned properly as an APS line, verify that the following are true:
Step 2
•
Redundant front and back cards are in the appropriate bays and are installed at both ends of the line.
•
Cable is properly connected to both ends of the line.
•
Enter the dspapsbkplane command to verify that the APS connector is installed properly at both
ends of the line.
Enter the dspapslns command at both ends of the communication line to determine whether one or both
lines in an APS pair are bad.
Use Table 9-8 to help you determine which APS line is not functioning properly.
Table 9-8
Troubleshooting APS Line Problems Using the dspaps Command
Active
Line
Working
Line
Protection
Line
Working
Line LED
Protection
Line LED
Working
OK
OK
Green
Green
Active card is receiving signal on working and protection
lines. This does not guarantee that transmit lines are
functioning properly. You must view the status on remote
switch.
Protection SF
OK
Green
Red
Active card is receiving signal on the protection line. No
signal received on the working line.
Working
OK
SF
Green
Red
Active card is receiving signal on the working line. No
signal received on the protection line.
Working
SF
SF
Red
Red
Active card is not receiving signal from either line. The
working line was the last line to work.
Protection SF
SF
Red
Red
Active card is not receiving signal from either line. The
protection line was the last line to work.
Working
UNAVAIL
UNAVAIL
Step 3
Description
The card set is not complete. One or more cards have failed
or been removed. See Table 9-9 to troubleshoot card errors.
If one or both lines appear to be bad, determine whether the working or protection line is in alarm.
Troubleshoot and correct the standby line first. Replace the components along the signal path until the
problem is resolved.
•
If the dspapslns command at either end of the line indicates a front or back card problem, resolve
that problem first. (See Table 9-9 to troubleshoot card problems.)
•
If the dspapslns command shows a signal failure on the standby line, replace that line.
•
If the standby line is still down, replace the cards along the signal path.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-27
Chapter 9
Switch Operating Procedures
Managing the Time of Day Across the Network Using SNTP
Table 9-9
Troubleshooting Card Problems
APS Line Failure
Possible Cause
All lines in upper and lower bays.
Suspect a bad or removed front card. If both front
cards are good, both back cards may be bad.
All lines in upper bay only. Lower bay APS lines
OK.
Suspect bad upper bay back card.
All lines in lower bay only. Upper bay APS lines
OK.
Suspect bad lower bay back card.
Managing the Time of Day Across the Network Using SNTP
Cisco MGX and SES products support the Simple Network Time Protocol (SNTP), which you can use
to synchronize the time on all nodes in a network. The following sections describe how to do the
following tasks:
Note
•
Enable and configure SNTP servers
•
Display the current SNTP configuration
•
Display an SNTP server
•
Delete an existing SNTP server
Cisco MGX switches do not support synchronization with daylight savings time even if the node is
connected to SNTP server and is receiving UTC.
Enabling and Configuring SNTP Servers
Clock synchronization is valuable for network clients with applications which need to have a reliable
and accurate Time of Day (TOD). SES switches use SNTP to synchronize TOD clocks between a client
and a server. An SNTP client can be configured to synchronize with one primary SNTP server and up to
three secondary SNTP servers, and an SNTP server can support up to 200 clients.
In an SNTP server/client configuration, the SNTP client periodically requests TOD from the server. If
the primary server is not available for some reason, the SNTP client switches over to the next available
secondary server for TOD information until the primary server comes back up.
An SNTP server can reside on an active PXM in an MGX and in and SES switch. An SES switch an be
an SNTP server, but not an SNTP client.
To set synchronized network clocks, you need to perform the following task in order:
1.
Set up a primary server for the network client.
2.
Set up a secondary server (or several secondary servers), which serves as a backup server if the
SNTP client cannot reach the primary server.
3.
Configure the network client.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-28
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing the Time of Day Across the Network Using SNTP
To synchronize the primary and secondary servers, the SNTP client must be enabled on the node or nodes
on which the servers are running. Since an SNTP client is not supported on an SES, The supported
primary and secondary configurations are as follows:
•
An SES is the primary server, and an MGX is the secondary server.
•
An SES is the primary server, and another SES is the secondary server.
Use the following procedure to set up TOD synchronization in your network.
Note
SNTP clients and servers run only on active PXM cards.
Step 1
Select a primary server that is able to provide reliable TOD information to the network.
Step 2
At the SES PXM1 prompt, enter the cnfsntp -server on -stratum <stratum level > command to enable
the server and configure the stratum level. Replace <stratum level > with the stratum level for the server.
espses.1.PXM.a > cnfsntp -server on -stratum 1
Table 9-10 describes the cnfsntp command parameters you must use to set up a server.
Table 9-10
Step 3
cnfsntp Command Parameters
Parameter
Description
-server
Toggles the primary SNTP server on or off.
-stratum
Stratum of the SNTP client. The default is 0.
On an MGX node, set up an SNTP client to point to the SES SNTP server using the addsntprmtsvr as
shown in the following example.
mgx.1.PXM.a > addsntprmtsvr <server IP address> on -version <version> -primary yes
Replace <server IP address> with the IP address of the SES server you set up in Step 1 and Step 2.
Replace <version> with the SNTP version.
Table 9-11 describes the cnfsntprmtsvr command parameters you must use to set up a remote server.
Table 9-11
cnfsntprmtsvr Command Parameters
Parameter
Description
server IP address
The IP address of the switch you want to be a remote SNTP server.
version
The SNTP version you are using. Possible options are 3 and 4.
Default: 3
-primary
This parameter lets you identify the switch as the primary SNTP server. Type
-primary yes to make the primary server. To change the remote switch to a
secondary server, type -primary no.
Default: no
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-29
Chapter 9
Switch Operating Procedures
Managing the Time of Day Across the Network Using SNTP
Note
During power up, the PXM loads the TOD onto all cards in the switch except for the RPM. You
must use the SNTP synchronize RPM cards to the MGX TOD.
Displaying the Current SNTP Configuration
Enter the dspsntp command at the active PXM prompt on the server to display the client requesting the
TOD information from the current server.
M8850_NY.8.PXM.a > dspsntp
client: yes
server: yes
polling: 64
waiting: 5
rollback: 1024
stratum(default): 3
stratum(current): 3
sync: no
Table 9-12 shows the objects displayed for the dspsntp command.
Table 9-12
Objects Displayed for dspsntp Command
Parameter
Description
client
Shows whether the SNTP client is turned on or off.
server
Shows whether the SNTP server is turned on or off.
polling
Shows the current number of seconds set on the polling timer. When this timer
expires, the client requests TOD from the server.
waiting
Shows the current number of seconds set on the waiting timer. If this timer expires
three times, the client switches over to the first available secondary server for TOD.
Default = 5 seconds
rollback
When a client switches over to the secondary server for TOD requests, the rollback
timer takes affect and continues polling the primary server for TOD each time the
rollback timer expires. The rollback timer continues polling the primary server
until it comes back up.
Default = 1024
stratum (default)
Shows the default stratum level.
stratum (current)
Shows the current settings for the stratum level.
sync
Shows whether the SNTP client and server are in sync.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-30
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing NCDP Clock Sources
Displaying an SNTP Server
Enter the dspsntprmtsvr command at the active PXM prompt to display a specific SNTP server.
ses.1.PXM.a > dspsntprmtsvr 172.29.52.88
Enter the dspsntprmtsvr all command at the active PXM prompt to display a list of all existing
SNTP servers in the network.
M8850_NY.8.PXM.a > dspsntprmtsvr all
Deleting an Existing SNTP Server
Enter the delsntprmtsvr <IP_address> command at the active PXM prompt to delete a specific SNTP
server. Replace <IP_address> with the IP address of the server you want to delete.
M8850_LA.8.PXM.a > delsntprmtsvr 172.29.52.88
Enter the delsntprmtsvr all command to delete all SNTP servers on the network, as shown in the
following example:
M8850_LA.8.PXM.a > delsntprmtsvr all
Managing NCDP Clock Sources
The following sections provide procedures for managing Network Clock Distribution Protocol (NCDP)
clock sources.
Enabling NCDP on a Switch
By default, NCDP is disabled on all nodes and all NNI ports. To enable NCDP on a switch, enter the
cnfncdp command as follows:
M8850_LA.8.PXM.a > cnfncdp [-distributionMode 1|2] [-maxNetworkDiameter diameter]
[-hello time] [ -holdtime time] [ -topoChangeTimer time]
Note
NCDP must be enabled at each switch that will participate in NCDP clock distribution.
The -distributionMode option is the only option required to enable NCDP. Table 9-13 describes the
options available for the cnfncdp command.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-31
Chapter 9
Switch Operating Procedures
Managing NCDP Clock Sources
Table 9-13
cnfncdp Command Parameters
Parameter
Description
-distributionMode
This option selects either NCDP or manual mode clock distribution. To select
NCDP mode, enter 1. To select manual clock distribution, enter 2. The default
is 1 for NCDP.
-maxNetworkDiameter This option specifies the maximum network diameter in hops. This is the
maximum length of the spanning tree. The range is 3 to 200, and the default
is 20.
-hello
This option specifies the NCDP hello packet interval. NCDP hello packets
advertise the best network clock source. The range is 75 to 60000
milliseconds, and the default is 500 milliseconds.
-holdtime
This option specifies the hold time interval. The range is 75 to 60000
milliseconds, and the default is 500 milliseconds.
-topoChangeTimer
This option specifies the topology change timer interval. The range is 75 to
60000 milliseconds, and the default is 500 milliseconds.
Configuring an NCDP Clock Source
After you enable NCDP through the cnfncdp command, NCDP automatically selects the root clock
source based on the following criteria:
•
Priority (should be sufficient to find the root)
•
Stratum level (should be sufficient as a tie-breaker)
•
Clock source reference
•
ATM address of the switch
You can manipulate these criteria and specify a clock source through the cnfncdpclksrc command as
follows.
M8850_LA.8.PXM.a > cnfncdpclksrc <portid> <prstid> [-clocktype {e1 | t1}] [-priority
<priority>] [-stratumLevel <level>]
Table 9-14 describes the options available for the cnfncdpclksrc command.
Table 9-14
cnfncdpclksrc Command Parameters
Parameter
Description
port-id
Port identifier. For clocking ports on MGX 8850 and MGX 8950 switches, the port
identifier is 7.35 or 7.36. For clocking ports on MGX 8830 switches, the port identifier
is 1.35 or 1.36.
For an internal oscillator, the port identifier is 255.255.
prs -id
Determines the primary reference source. Enter 0 for an external source, or 255 for an
internal source.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-32
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing NCDP Clock Sources
Table 9-14
cnfncdpclksrc Command Parameters (continued)
Parameter
Description
-clocktype
Enter e1 or t1 as needed when the port ID is one of the following:
•
7.35 or 7.36 in an MGX 8850 or MGX 8950 switch or in an MGX 8880 Media
Gateway
•
1.35 or 1.36 in an MGX 8830 chassis
Note
-priority
The default port type for 7.35/1.35 is E1. The default port type for 7.36/1.36 is
T1. However, you can configure the BITS clocks portid 7.35/1.35 to be T1, or
7.36/1.36 to be E1, through the -clocktype parameter.
Prioritizes the clock source. Enter a number in the range from 1 to 255.
Default = 128
-stratumLevel
Determines the stratum level of the clock source. Possible levels are 1, 2E, 2, 3E, 3,
4E, or 4.
Default = 3
In the following example, the user configures an NCDP E1 clock source on port 7.35 with a external
source, a priority of 100, and the stratum level 2.
M8850_LA.8.PXM.a > cnfncdpclksrc 7.35 0 -priority 100 -stratumLevel 2
Note
Once you enable NCDP, it is automatically enabled on all NNI ports on the switch.
Enter the dspncdpclksrc <portid> command to ensure the NCDP configuration took effect. Replace
<portid> with the 7.35 or 7.36 (for T1/E1 ports). The following example displays the NCDP
configuration on an E1 port.
M8850_LA.8.PXM.a > dspncdpclksrc 7.35
Best clock source
: No
Priority
: 100
Stratum level
: 2
Primary reference src id
: 0(external)
Health
: Bad
Configuring an NCDP Port
Once you enable NCDP on your node, NCDP is automatically enabled on all the node’s NNI ports. You
can alter the default NCDP port configuration through the cnfncdpport <portid> <options> command,
as shown in the following example:
M8850_LA.8.PXM.a > cnfncdpport 1:2.2:2 -ncdp enable -vpi 0 -vci 32 -admincost 1 -pcr 200
-scr 100 -mbs 50
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-33
Chapter 9
Switch Operating Procedures
Managing NCDP Clock Sources
Table 9-15 describes the cnfncdpport command options.
Table 9-15
cnfncdpport Command Parameters
Parameter
Description
portid
Port identifier in the format slot:bay.line:ifnum. These parameters are
described in Table 9-1.
-ncdp
Enter -ncdp enable to enable NCDP on the current port. To disable NCDP on
the port, enter -ncdp disable.
Default = enable on NNI trunks and disable on virtual trunks
-vpi
Reserved VPI of the signaling channel, in the range from 0 through 4095.
There is no reason to change this number unless a relevant card’s partition is
intended to support a specific VPI.
Note
If you change the VPI, it must be within the valid partition range or it
will be disabled.
Note
You must disable NCDP before you modify the VPI of the signaling
channel.
Default = 0 for NNI trunks; and the minimum VPI in the configured range for
virtual trunks.
-vci
Reserved VCI of the signaling channel, in the range from 32 through 65535.
Normally, no reason exists to change it.
Note
If you change the VCI, it must be within the valid partition range or it
will be disabled.
Note
You must disable NCDP before you modify the VCI of the signaling
channel.
Default = 34 for NNI trunks and virtual trunks.
-admincost
Sets the routing cost of the port, in the range from 1 through (2^24-1).
For example, if the equipment is in an area with a large amount of electronic
noise, or if the switch carries a particularly large amount of traffic, you might
want to raise the cost.)
Default = 10
-pcr
Specifies the PCR1 for the port. Default = 250 cells per second
-scr
Specifies the SCR2 for the port.
Default = 150 cells per second
-mbs
Specifies the MBS3 for the port.
Default = 100 cells
1. PCR = peak cell rate
2. SCR = sustained cell rate
3. MBS = maximun burst size
Cisco MGX 8800/8900 Series Software Configuration Guide
9-34
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing NCDP Clock Sources
Enter the dspncdpport <portid> command to verify that the NCDP parameters were set properly.
M8850_LA.8.PXM.a > dspncdpport 1:2.2:2
Network clock mode
: enable
Ncdp Vc status
: up
Network clock vpi
: 0
Network clock vci
: 34
Admin cost
: 10
Service Category
: sig
PCR
: 250
SCR
: 150
MBS
: 100
M8850_LA.8.PXM.a >
Displaying NCDP Information
The following sections describe how to display information about NCDP configuration in your network.
Display the Current NCDP Root Clock
Enter the dspncdp command to display the current NCDP root clock source on the network.
M8850_LA.8.PXM.a > dspncdp
Distribution Mode
Node stratum level
Max network diameter
Hello time interval
Hold Down time interval
Topology change time interval
Root Clock Source
Root Clock Source Reason
Root Clock Source Status
Root Stratum Level
Root Priority
Secondary Clock Source
Secondary Clock Source Reason
Secondary Clock Source Status
Last Clock Source change time
Last Clock Source change reason
Note
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
ncdp
3
20
500 ms
500 ms
500 ms
255.255
locked
ok
unknown
0
0.0
unknown
unknown
N/A
None
When the switch is configured for manual clock distribution, the only parameter that is useful in the
dspncdp display is the Distribution Mode.
Table 9-16 describes the objects displayed by the dspncdp command.
Table 9-16
dspncdp Command Objects
Parameter
Description
Distribution Mode
Current enabled method of clock distribution. If the method chosen is
manual, NCDP is turned off, and vice-versa.
Node stratum level
Stratum level of the clock source. Possible levels are 1, 2E, 2, 3E, 3, 4E,
or 4.
Max network diameter
Maximum network diameter measured in hops.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-35
Chapter 9
Switch Operating Procedures
Managing NCDP Clock Sources
Table 9-16
dspncdp Command Objects (continued)
Parameter
Description
Hello time interval
Time interval between each configuration pdu sent out by a node to
advertise the best clock source in the network. This time interval is
specified in milliseconds in the display.
Holddown time interval
Number of milliseconds the switch waits before it transmits the next
configuration PDU.
Topology change time
interval
Time interval for which the topology change detection field in the
configuration pdu bit will be set. Having the topology change detection
option set informs the recipient node that it needs to transmit
configuration pdus out to advertise to its neighbors about recent
topology or root clock changes.
Root Clock Source
Clock port from which the node is deriving the clock signal. 255.255
means the node is deriving the clock source from an internal oscillator.
Root Clock Source Reason
The reason for the most recent change of a source of network clock. For
a detailed description of the reasons a clock source can change, refer to
Table 2-12 in the Cisco MGX 8800/8900 Series Command Reference,
Release 5.2.
Root Clock Source Status
Status of the network’s root clock source.
Root Stratum Level
Stratum level of the network’s root clock source. Possible levels are 1,
2E, 2, 3E, 3, 4E, or 4.
Root Priority
Priority of the network’s root clock source.
Secondary Clock Source
Secondary clock port from which the node is deriving the clock signal.
255.255 means the node is deriving the clock source from an internal
oscillator.
Secondary Clock Source
Reason
The reason for the most recent change of the secondary network clock
source. For a detailed description of the reasons a clock source can
change, refer to Table 2-12 in the Cisco MGX 8800/8900 Series
Command Reference, Release 5.2.
Secondary Clock Source
Status
Status of the network’s secondary clock source.
Last clk src change time
Time when the root clock source last changed.
Last clk src change reason
Reason why the root clock source last changed.
Display A Specific NCDP Clock Source
Enter the dspncdpclksrc command to display configuration information about a specific NCDP
clock sources on the network.
M8850_LA.8.PXM.a > dspncdpclksrc 7.35
Best clock source
: No
Priority
: 100
Stratum level
: 2
Primary reference src id
: 0(external)
Health
: Bad
M8850_LA.8.PXM.a >
Cisco MGX 8800/8900 Series Software Configuration Guide
9-36
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing NCDP Clock Sources
Table 9-17 describes the objects displayed by the dspncdpclksrc command.
Table 9-17
dspncdpclksrc Command Objects
Parameter
Description
Best clock source
Describes whether the specified clock source is currently the best clock source
in the node.
Priority
Displays the specified clock source’s priority.
Stratum Level
Stratum level of the specified clock source. Possible levels are 1, 2E, 2, 3E, 3,
4E, or 4.
Primary reference
src id
Displays the specified clock sources ID.
Health
Describes the current health of the specified clock source. The possible health
states are described as follows.
•
Good—Specified clock source is the current root clock or the second best
clock source, and is in good condition.
•
Bad—Specified clock source was the root clock at some point, but went bad
and is no longer available.
•
Wideband-Locking—Specified clock source is being qualified by the clock
manager and is in wideband-locking mode.
•
Narrowband-Locking—Specified clock source is being qualified by the
clock manager and is in narrowband-locking mode.
•
Unknown—Specified clock source is not the root clock source.
Display All NCDP Clock Sources
Enter the dspncdpclksrcs command to display all configured NCDP clock sources on the
network.
M8850_LA.8.PXM.a > dspncdpclksrcs
PortId
7.35 (e1)
7.36 (e1)
255.255
Best clk src
No
No
Yes
Priority
100
128
128
Stratum level
2
3
3
Prs id
0(external)
0(external)
255(internal)
Health
Bad
Bad
Good
M8850_LA.8.PXM.a >
Table 9-18 describes the objects displayed by the dspncdpclksrcs command.
Table 9-18
dspncdpclksrcs Command Objects
Parameter
Description
PortId
Current enabled method of clock distribution. If the method chosen is manual,
NCDP is turned off, and vice-versa.
Best clk src
Displays Yes if a clock source is a root clock source or a second best clock
source. Displays No if a clock source is not a root or second best clock source.
Priority
Priority of each clock source.
Stratum level
Stratum level of each clock source. Possible levels are 1, 2E, 2, 3E, 3, 4E, or 4.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-37
Chapter 9
Switch Operating Procedures
Managing NCDP Clock Sources
Table 9-18
dspncdpclksrcs Command Objects (continued)
Parameter
Description
Prs id
Primary source ID (prs-id) is either 0 for external or 255 for internal.The
internal primary source is the free-running oscillator on the PXM back card.
(Even though the syntax line and the CLI help indicates a range, the only
choice in the current release is 0 or 255.)
Default: 255
Health
Describes the current health of each clock source in the network. The possible
health states ar described as follows.
•
Good—Specified clock source is the current root clock or the second best
clock source, and is in good condition.
•
Bad—Specified clock source was the root clock at some point, but went
bad and is no longer available.
•
Wideband-Locking—Specified clock source is being qualified by the
clock manager and is in wideband-locking mode.
•
Narrowband-Locking—Specified clock source is being qualified by the
clock manager and is in narrowband-locking mode.
•
Unknown—Specified clock source is not the root clock source.
Display All NCDP Ports on the Switch
Enter the dspncdpports command to display general details about all signaling ports for NCDP.
U1.8.PXM.a > dspncdpports
PortId
6:1.1:1
6:1.1:2
6:1.1:3
Clock mode
disable
disable
disable
Clock Vpi
0
0
0
Clock Vci
34
34
34
Admin Cost
10
10
10
Ncdp Vc
down
down
down
Table 9-19 describes the objects displayed by the dspncdpports command.
Table 9-19
dspncdpports Command Objects
Parameter
Description
PortId
Port identifier in the format slot:bay.line:ifnum. Table 9-1 describes these parameters.
Clock mode Displays whether NCDP is enabled or disabled on each port.
Clock VPI
Displays the VPI of the signaling channel for each port.
Clock VCI
Displays the VCI of the signaling channel for each port.
Admin Cost Displays the routing cost of the port.
NCDP VC
Displays whether the Ncdp VC is up or down.
Display An NCDP Port
Enter the dspncdpport <portid> command to display detailed information for a specified NCDP
signaling port. Replace <portid> with the port identifier in the format slot:bay.line:ifnum.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-38
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing NCDP Clock Sources
U1.8.PXM.a > dspncdpport 6:1.1:1
Network clock mode
: disable
Ncdp Vc status
: down
Network clock vpi
: 0
Network clock vci
: 34
Admin cost
: 10
Service Category
: sig
PCR
: 250
SCR
: 150
MBS
: 100
Table 9-20 describes the objects displayed by the dspncdpport command.
Table 9-20
dspncdpport Command Objects
Parameter
Description
Network clock mode
Displays whether NCDP is enabled or disabled on each port.
NCDP Vc status
Displays whether the Ncdp VC is up or down.
Network clock VPI
Displays the VPI of the signaling channel for each port.
Network clock VCI
Displays the VCI of the signaling channel for each port.
Admin Cost
Displays the routing cost of the port.
Service Category
Displays the service category for the current NCDP port.
PCR
Displays the PCR1 for the port.
SCR
Displays the SCR2 for the port.
MBS
Displays the MBS3 for the port.
1. PCR = peak cell rate
2. SCR = sustained cell rate
3. MBS = maximun burst size
Deleting an NCDP Clock Source
Enter the delncdpclksrc <portid> [clocktype <e1 | t1>] command to delete a clock source from the
network. describes how to set the <portid> and [clocktype] parameters on all possible switches and
cards.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-39
Chapter 9
Switch Operating Procedures
Managing Manually Configured Clocks Sources
Table 9-21
delncdpclksrc Command Objects
Parameter Description
portid
The format of the PNNI physical port identifier can vary, as follows:
•
On a PXM45: slot:subslot.port:subport
•
On a PXM1E for UNI/NNI back card: slot:subslot.port:subport. On the UNI/NNI back
card, the subslot is always 2, but the slot depends on the chassis, as follows:
– In an MGX 8850 chassis, slot is always the logical slot 7.
– In an MGX 8830 chassis, slot is always the logical slot 1.
•
On a PXM1E for a service module: slot.port.
For BITS clocks only, the default portid is 7.35(for E1 ports) or 7.36 (for T1 ports).In an
MGX 8830 chassis, the default portid for BITS is either 1.35 (for E1 ports) or 1.36 (for T1
ports).
Note
clocktype
If the portid was modified, so that the BITS clocks portid 7.35/1.35 has been
configured as a T1 (instead of an E1 port), or if 7.36/1.36 has been configured to
be an E1 port (instead of a T1 port), then you must specify the clocktype in the
delncdpclksrc command.
Enter e1 or t1 as needed when the port ID is one of the following:
•
7.35 or 7.36 in an MGX 8850 or MGX 8950 switch or in an MGX 8880 Media
Gateway
•
1.35 or 1.36 in an MGX 8830 chassis
If the clock type is the default E1, this parameter is not necessary for port IDs 7.35 or 7.36
(or 1.35.or 1.36).
Default: e1
In the following example, the user deletes the clock source from the E1 port number 7.35 on a
MGX 8850 (PXM45) switch.
M8850_LA.8.PXM.a > delncdpclksrc 7.35
M8850_LA.8.PXM.a >
Managing Manually Configured Clocks Sources
The following sections provide commands and procedures for managing manually configured clock
source.
View the Configured Clock Sources
One command allows you to view the configured clock sources and determine which clock source is
active. To view the configured clock sources, use the following procedure.
Step 1
Establish a configuration session at any access level.
Step 2
Enter the dspclksrcs command.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-40
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing Manually Configured Clocks Sources
mgx8830a.1.PXM.a > dspclksrcs
The following example shows a display with neither primary nor secondary clocks configured. This is
the default configuration of a switch, which uses the internal clock as the network clock source.
Whenever the active clock is listed as null, the switch is using the internal clock.
mgx8830a.1.PXM.a > dspclksrcs
Primary clock type:
null
Primary clock source:
0.0
Primary clock status:
not configured
Primary clock reason:
okay
Secondary clock type:
null
Secondary clock source: 0.0
Secondary clock status:
not configured
Secondary clock reason:
okay
Active clock:
internal clock
source switchover mode: non-revertive
In the following example, the display shows that both the primary and secondary clocks are configured
for network clock sources. The primary clock source is coming from port 1 on the PXM1E card in slot
1. The primary clock source is active. The secondary clock source is coming from port 1 on the CESM
card in slot 6.
mgx8830a.1.PXM.a > dspclksrcs
Primary clock type:
generic
Primary clock source:
1:2.2:1
Primary clock status:
ok
Primary clock reason:
okay
Secondary clock type:
generic
Secondary clock source: 6:1.1:1
Secondary clock status:
ok
Secondary clock reason:
okay
Active clock:
primary
source switchover mode: non-revertive
Reconfigure Manual Clock Sources
The procedure you use to reconfigure a clock source depends on whether or not you need to change the
role of the clock source. If the clock source keeps its role as either primary or secondary, just enter a new
cnfclksrc command as described in the following locations:
•
To reconfigure a clock source for a BITS clock, see the “Configuring MPLS Controller” section in
Chapter 2, “Configuring General Switch Features.”
•
To reconfigure a clock source to use a PXM1E line, see the “Configuring PXM1E Line Clock
Sources” section in Chapter 3, “Provisioning PXM1E Communication Links.”
•
To reconfigure a clock source to use a AXSM line, see refer to the Cisco ATM Services (AXSM)
Configuration Guide and Command Reference for MGX Switches, Release 5.2.
When reconfiguring a clock source from primary to secondary or from secondary to primary, you must
delete both existing clock sources and define new clock sources. The switch will not allow you to create
two primary or two secondary clock sources, and the switch will not allow you to configure the same
line as both primary and secondary clock sources. After you have deleted the old clock source, you can
use the appropriate procedure to define a new clock source.
To delete a clock source, enter the delclksrc command as described in the next section.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-41
Chapter 9
Switch Operating Procedures
Managing Manually Configured Clocks Sources
Delete Manual Clock Sources
Deleting a clock source deletes the definition of the clock source, not the clock source itself. You might
want to delete a primary or secondary clock source definition so that you can reassign the clock source
to another line.
To delete a clock source, use the following procedure.
Step 1
Establish a configuration session using a user name with SUPER_GP privileges or higher.
Step 2
Display the clock source information by entering the dspclksrcs command.
You will need the information in this display to delete the clock source.
Step 3
To delete a clock source, enter the delclksrc command.
mgx8830a.1.PXM.a > delclksrc <priority>
The following example deletes a primary clock source:
mgx8830a.1.PXM.a > delclksrc primary
Step 4
To verify that a clock source has been deleted, enter the dspclksrcs command. When the primary or
secondary clock source is deleted, the clock type is set to null.
Restore a Manual Clock Source After Failure
The revertive option for clock sources connected to the PXM allows a primary clock source to resume
operation as the primary clock source after a failure and restoration of the clock signal. However, if you
have the revertive option disabled, you will have to manually reconfigure a failed primary clock source
after it recovers before it can resume operation as the primary clock source.
To reconfigure a BITS clock source, see the “Manually Configuring BITS Clock Sources” section in
Chapter 2, “Configuring General Switch Features.” To reconfigure a PXM1E line clock source, see the
“Configuring PXM1E Line Clock Sources” section in Chapter 3, “Provisioning PXM1E Communication
Links.” To reconfigure an AXSM line clock source, refer to the Cisco ATM Services (AXSM)
Configuration Guide and Command Reference for MGX Switches, Release 5.2.
Tip
Enter the dspclksrcs command to display the current configuration settings for the primary clock source.
Having this information available makes it easier to re-enter the cnfclksrc command.
Note
To change a clock source on the PXM from nonrevertive to revertive, enter the cnfclksrc with the option
–revertive enable.
When the primary clock source is restored on the master clock node, you may have to reconfigure the
primary clock source at each remote node where the node has switched from the primary source to the
secondary source. This reconfiguration is necessary only if the local node has detected a change in the
master clock source.
To determine if you need to reconfigure the primary clock at a nonmaster node, enter the dspclksrcs
command. If the active clock has changed to either secondary or internal clock, you must use the
cnfclksrc command to reconfigure the primary clock source for that node.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-42
OL-19868-01
Chapter 9
Switch Operating Procedures
Displaying SVCs
Displaying SVCs
To display active SVCs, use the following procedure.
Step 1
Establish a CLI management session at any user access level.
Step 2
Enter the following command:
mgx8830a.1.PXM.a > dsppncons
The following is an example report for the dsppncons command.
mgx8830a.1.PXM.a > dsppncons
Port
VPI
VCI CallRef:Flag X-Port
VPI
VCI CallRef:Flag
9:1.1:1
0
32
1: 0
9:1.2:2
0
36
5: 0
Calling-Addr:47.666666666666666666666666.666666666666.00
Called-Addr: 47.111111111111111111111111.111111111111.64
9:1.2:2
0
36
5
9:1.1:1
0
32
1: 0
Calling-Addr:47.666666666666666666666666.666666666666.00
Called-Addr: 47.111111111111111111111111.111111111111.64
Type
PTP
OAM-Type Pri
No
3
PTP
No
3
Managing Controllers
Cisco MGX 8850switches support one PNNI controller, and MGX 8850 (PXM45)and MGX 8950
switches support up to two Label Switch Controllers. The controller identifies a network control protocol
to the Virtual Switch Interface (VSI) that runs on the node.
Adding Controllers
To add a controller, use the following procedure.
Step 1
Establish a configuration session at any user access level.
Step 2
Enter the addcontroller command to add a controller to the node.
mgx8830a.1.PXM.a > addcontroller <cntrlrId> i <cntrlrType> <lslot> [cntrlrName]
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-43
Chapter 9
Switch Operating Procedures
Managing Controllers
Table 9-22 describes the parameters for this command.
Table 9-22
Parameters for the addcontroller Command
Parameter
Description
<cntrlrId>
Number that identifies a network controller. The numbers are reserved as follows:
•
2 = PNNI
•
3 = Label Switch Controller (LSC), also known as Multiprotocol Label Switch
Controller (MPLS). This option is not supported on PXM1E cards.
Note
i
Keyword indicating that this controller is internal.
<cntrlrType>
Number that identifies a network controller. The numbers are reserved as follows:
•
2 = PNNI
•
3 = LSC (Label Switch Controller, also known as MPLS. This option is not
supported on PXM1E cards.
Note
Step 3
The controller ID (cntrlrId) must be the same as the controller type
(cntrlrType).
The controller type (cntrlrType) must be the same as the controller ID
(cntrlrId).
<lslot>
The logical slot number on which the controller resides. For the PXM-45, lslot is 7
regardless of which card is active.
[cntrlrName]
(Optional) A string to serve as a name for the controller.
To display all controllers on the switch and verify the added controller, enter the dspcontrollers
command.
MGX8850.7.PXM.a > dspcontrollers
Controller Bay Number:
Controller Line Number:
Controller VPI:
Controller VCI:
Controller In Alarm:
Controller Error:
MGX8850
MGX8850
Number of Controllers:
Controller Name:
Controller Id:
Controller Location:
Controller Type:
Controller Logical Slot:
0
0
0
0
NO
System Rev: 02.00
Jul. 30, 2000 09:39:36 GMT
Shelf Alarm: NONE
1
PNNITWO
2
Internal
PNNI
7
Cisco MGX 8800/8900 Series Software Configuration Guide
9-44
OL-19868-01
Chapter 9
Switch Operating Procedures
Viewing an ATM Port Configuration
Deleting a Controller
To delete a controller, use the following procedure.
Step 1
Establish a configuration session at any user access level.
Step 2
Enter the delcontroller command to prevent the switch from using a specified controller.
mgx8830a.1.PXM.a > delcontroller <cntrlrId>
Replace <cntrlrId> with 2 to identify PNNI controller, or 3 to identify an LSC controller.
Caution
Do not enter the delcontroller command on a card with existing connections. If you do, those
connections cannot be recovered until the controller is re-added using the addcontroller command, and
the cards or the entire node is reset. Otherwise, ports remain in the provisioning state.
Step 3
To verify that the switch is no longer using the specified controller, enter the dspcontrollers command.
Note
The delcontroller command does not delete the controller software, but directs the switch not
to use it.
Viewing an ATM Port Configuration
To view the configuration of an ATM line or trunk port, use the following procedure.
Step 1
Establish a CLI management session at any user access level.
Step 2
To display a list of the ports already configured on a PXM1E or AXSM card, enter the following
command:
mgx8830a.1.PXM.a > dspports
This command displays all configured ports on the PXM1E or AXSM card. Port numbers are listed in
the ifNum (interface number) column. The interfaces listed include UNI and NNI ports. Note the number
of the port for which you want to view the configuration.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-45
Chapter 9
Switch Operating Procedures
Managing PXM1E Partitions
Step 3
To display the port configuration, enter the following command:
mgx8830a.1.PXM.a > dspport <ifNum>
Replace ifNum with the number assigned to the port during configuration. The following example shows
the report for this command:
mgx8830a.1.PXM.a > dspport 2
Interface Number
:
Line Number
:
Admin State
:
Guaranteed bandwidth(cells/sec):
Maximum bandwidth(cells/sec)
:
ifType
:
SCT Id
:
VPI number(VNNI only)
:
2
2.1
Up
100000
100000
NNI
6
0
Operational State
:
Number of partitions:
Number of SPVC
:
Number of SVC
:
Down
1
0
0
Managing PXM1E Partitions
The following sections describe how to display, change, and delete a resource partition.
Note
Resource partitions can be managed on AXSM, FRSM12, MPSM, and PXM1E cards. This section
describes how to manage partitions on PXM1E cards. For instructions on managing resource partitions
on other types of cards, see the service module documentation listed in Table 1-1.
Displaying a PXM1E Resource Partition Configuration
To display a list of resource partitions or a resource partition configuration, use the following procedure.
Step 1
Establish a CLI management session at any user access level.
Step 2
To display a list showing the resource partitions on this card, enter the following command:
mgx8830a.1.PXM.a > dspparts
The switch displays a report similar to the following:
mgx8830a.1.PXM.a > dspparts
if part Ctlr egr
egr
ingr
ingr
min max
min
max min
max
Num ID
ID
GuarBw MaxBw
GuarBw MaxBw
vpi vpi
vci
vci conn conn
(.0001%)(.0001%)(.0001%)(.0001%)
----------------------------------------------------------------------------1
1
2 1000000 1000000 1000000 1000000
0 4095
35 65535 10000 10000
2
1
2 1000000 1000000 1000000 1000000
0 255
35 65535
5000
5000
Step 3
To display the configuration of a resource partition, note the interface and partition numbers and enter
the following command:
mgx8830a.1.PXM.a > dsppart <ifNum> <partId>
Replace ifnum with the interface number of the port, and replace partitionID with the partition number
assigned to the port. The following example shows the report provided by the dsppart command.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-46
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing PXM1E Partitions
mgx8830a.1.PXM.a > dsppart 1 1
Interface Number
:
Partition Id
:
Controller Id
:
egr Guaranteed bw(.0001percent):
egr Maximum bw(.0001percent)
:
ing Guaranteed bw(.0001percent):
ing Maximum bw(.0001percent)
:
min vpi
:
max vpi
:
min vci
:
max vci
:
guaranteed connections
:
maximum connections
:
Note
1
1
2
1000000
1000000
1000000
1000000
0
4095
32
65535
10000
10000
Number of SPVC: 0
Number of SPVP: 0
Number of SVC : 2
Partition ID 1 is reserved for PNNI.
Changing a PXM1E Resource Partition Configuration
To change the configuration of a resource partition, use the following procedure.
Step 1
Establish a configuration session using a user name with GROUP1 privileges or higher.
Step 2
To display a list showing the partitions for this card, enter the dspparts command.
Note
Step 3
You can change a resource partition only when the partition is not in use.
To create a resource partition on a PXM1E or AXSM card, enter the cnfpart command as shown in the
following example:
mgx8830a.1.PXM.a > cnfpart -if <ifNum> -id <partId> -emin <egrminbw> -emax <egrmaxbw>
-imin <ingminbw> -imax <ingmaxbw> -vpmin <minVpi> -vpmax <maxVpi> -vcmin <minVci> -vcmax
<maxVci> -mincon <minConns> -maxcon <maxConns>
To create a resource partition on a FRSM12 card, enter the cnfpart command as shown in the following
example:
mgx8830a.1.PXM.a > cnfpart -if <ifNum> -ctlrnum <controllerNum>] [-lcn <available
connections>] [-dlcimin <minDlci>] [-dlcimax <maxDlci> [-ibw <ingPctBw>] [-ebw <egrPctBw>]
Table 9-23 describes the parameters for the cnfpart command. Be sure to configure only the parameters
that are appropriate for the card you are configuring.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-47
Chapter 9
Switch Operating Procedures
Managing PXM1E Partitions
Table 9-23
Parameters for the cnfpart Command
Parameter
Description
ifNum
Interface number or port number. This number identifies the port this resource
partition configures. Enter the interface number that was assigned to the port when
it was configured.
controllerNum
Controller number.
1 = PAR (Portable AutoRoute)—Not supported in this release.
2 = PNNI—Only PNNI is supported in this release.
3 = TAG (MPLS)—Not supported in this release.
Note
partId
Partition identification number. Enter a number in the range of 1 to 20.
Partition ID 1 is reserved for PNNI.
Note
egrminbw
This parameter applies only to PXM1E and AXSM cards.
Ingress minimum bandwidth. Enter the minimum percentage of the incoming port
bandwidth that you want assigned to the controller. One percent is equal to 0.00001
units. For example, an <ingminbw> of 500000 = 50%. The sum of the minimum
ingress bandwidth settings for PNNI must be 100% or less, and must be less than
the sum of the ingmaxbw settings.
Note
ingmaxbw
This parameter applies only to PXM1E and AXSM cards.
Egress maximum bandwidth. Enter the maximum percentage of the outgoing port
bandwidth that you want assigned to the controller. One percent is equal to 0.00001
units. For example, an <egrmaxbw> of 1000000 = 100%. The sum of the maximum
egress bandwidth settings for PNNI can exceed 100%, and must be more than the
sum of the egrminbw settings. Available bandwidth above the minimum bandwidth
settings is allocated to the operating controllers on a first-request, first-served basis
until the maximum bandwidth setting is met or there is insufficient bandwidth to
meet the request.
Note
ingminbw
This parameter applies only to PXM1E and AXSM cards.
Egress minimum bandwidth. Enter the minimum percentage of the outgoing port
bandwidth that you want assigned to the specified controller. One percent is equal
to 0.00001 units. For example, an <egrminbw> of 250000 = 25%. The sum of the
minimum egress bandwidth setting for PNNI must be 100% or less, and must be less
than the sum of the egrmaxbw settings.
Note
egrmaxbw
This parameter applies only to FRSM12 and MPSM cards.
This parameter applies only to PXM1E and AXSM cards.
Ingress maximum bandwidth. Enter the maximum percentage of the incoming port
bandwidth that you want assigned to the controller. One percent is equal to 0.00001
units. For example, an <ingmaxbw> of 750000 = 75%. The sum of the maximum
ingress bandwidth settings for PNNI can exceed 100%, and must be more than the
sum of the ingminbw settings. Available bandwidth above the minimum bandwidth
settings is allocated to the operating controllers on a first-request, first-served basis
until the maximum bandwidth setting is met or there is insufficient bandwidth to
meet the request.
Note
This parameter applies only to PXM1E and AXSM cards.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-48
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing PXM1E Partitions
Table 9-23
Parameters for the cnfpart Command (continued)
Parameter
Description
minVpi
Minimum VPI number for this port. For UNI ports, enter a value in the range from
0 to 255. For NNI ports, enter a value in the range from 0 to 4095.
Note
maxVpi
Maximum VPI number for this port. For UNI ports, enter a value in the range from
0 to 255. For NNI ports, enter a value in the range from 0 to 4095. The value for
<maxVpi> cannot be less than for <minVpi>.
Note
minVci
This parameter applies only to PXM1E and AXSM cards.
Maximum VCI number for this port. Enter a number in the range from 32 to 65535.
Note
minConns
This parameter applies only to PXM1E and AXSM cards.
Minimum VCI number for this port. Enter a number in the range from 32 to 65535.
To support features planned for the future, Cisco recommends setting the minimum
VCI to 35 or higher.
Note
maxVci
This parameter applies only to PXM1E and AXSM cards.
This parameter applies only to PXM1E and AXSM cards.
Specifies the guaranteed number of connections.
On the PXM1E UNI/NNI, the ranges vary according to the line types, as follows:
•
For OC3, T3, and E3 lines, the range is 10-27000.
•
For T1 and E1 lines, the range is 10-13500.
On the AXSM series of cards, the range is 10 through the maximum number of
connections in the port group.
Note
maxConns
Maximum number of simultaneous connections allowed on this port. The range is
the same as described for the <minConns> parameter. This parameter must be set to
number that is greater than the number defined for <minConns>.
Note
available
connections
minDlci
This parameter applies only to PXM1E and AXSM cards.
This parameter applies only to PXM1E and AXSM cards.
Logical channel number. Range: 0–16000.
Note
This parameter applies only to FRSM12 and MPSM cards.
Lowest data-link connection identifier (DLCI). A value that specifies the DLCI in a
Frame Relay network:
•
Two-byte header—Range: 1–1023
•
Four-byte header—Range: 0–8388607
The value specified must be n * 32768, where n is a number from 0 to 255.
Note
maxDlci
This parameter applies only to FRSM12 and MPSM cards.
Highest data-link connection identifier (DLCI). A value that specifies a DLCI in a
Frame Relay network:
•
2-byte header—Value range: 1 –1023
•
4-byte header—Value range: 0 –8388607
The value specified must be (n * 32768)-1, where n is a number from 1 to 256.
Note
This parameter applies only to FRSM12 and MPSM cards.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-49
Chapter 9
Switch Operating Procedures
Managing PXM1E Partitions
Table 9-23
Parameters for the cnfpart Command (continued)
Parameter
Description
ingPctBw
Percentage of ingress bandwidth available to the connection. Range: 0–100 percent.
Note
egrPctBw
Percentage of egress bandwidth available to the connection. Range: 0–100 percent.
Note
Step 4
This parameter applies only to FRSM12 and MPSM cards.
To display the changed partition configuration, enter the dsppart command as described in the previous
section.
Note
Step 5
This parameter applies only to FRSM12 and MPSM cards.
The current software release does not support dynamic changes to partitions. To begin using
changes to a resource partition, you need to delete the controller and then add the controller as
described in the Step 5 through Step 8 of this procedure.
Display the available controllers with the dspcontrollers command, and write down the controller
settings for the controller you are about to delete. For example:
mgx8830a.1.PXM.a > dspcontrollers
Step 6
Enter the delcontroller command to delete the controller that corresponds to the resource partition you
modified. For example:
pop20two.7.PXM.a > delcontroller 3
All Ports and Connections
on this controller will be deleted.
delcontroller: Do you want to proceed (Yes/No)? y
Step 7
To register the resource partition changes, add the deleted controller with the addcontroller command.
For example:
pop20two.7.PXM.a > addcontroller 3 i 3 7 "PNNI Controller"
Step 8
To verify that the controller was added correctly, enter the dspcontrollers command.
Deleting a PXM1E Resource Partition
To delete a resource partition, you must do the following:
•
Delete any connections that are using the affected port
•
Bring down the affected port
The following procedure explains how to delete a resource partition.
Step 1
Establish a configuration session using a user name with CISCO_GP privileges.
Step 2
To display a list showing the partitions for this card, enter the dspparts command.
Step 3
Note the interface number and partition number for the resource partition you want to delete.
Step 4
To display the active connections, enter the following command:
mgx8830a.1.PXM.a > dspcons
Cisco MGX 8800/8900 Series Software Configuration Guide
9-50
OL-19868-01
Chapter 9
Switch Operating Procedures
Removing Static ATM Addresses
The following is a sample dspcons display.
mgx8830a.1.PXM.a > dspcons
Local Port
Vpi.Vci
Remote Port Vpi.Vci
State
Owner Pri Persistency
----------------------+------------------------+---------+-------+---+----------3:1.1:1
102 102
Routed
102 102
FAIL
MASTER 3
Persistent
Local Addr: 47.00918100000100001a531c2a.000001031801.00
Remote Addr: 47.00918100000200036b5e30cd.000001011802.00
Preferred Route ID:Currently on preferred route: N/A
Step 5
Review the dspcons command display to see if the interface to which the partition is assigned is being
used by a connection.
The Identifier column identifies the interface, VPI, and VCI for the connection in the format: if.VPI.VCI.
If the interface is in use, note the VPI and VCI values of all connections that use the interface. You will
need these to delete the connections.
Step 6
Delete each connection that uses the interface by entering the following command:
mgx8830a.1.PXM.a > delcon <ifNum> <VPI> <VCI>
Step 7
Bring down the interface by entering the following command:
mgx8830a.1.PXM.a > dnport <ifNum>
Step 8
Delete the resource partition by entering the following command:
mgx8830a.1.PXM.a > delpart <ifNum> <partId>
Replace ifnum with the interface number of the port, and replace partitionID with the partition number
assigned to the port.
Step 9
To verify that the partition is deleted, enter the dspparts command to display a list of partitions for the
card.
Removing Static ATM Addresses
If you create a static ATM address and later want to remove that address, use the following procedure to
delete it.
Step 1
Establish a configuration session using a user name with GROUP1 privileges or higher.
Step 2
To locate the port for which you want to delete an address, enter the dsppnports command.
Step 3
Enter the following command to delete the static address:
mgx8830a.1.PXM.a > deladdr <portid> <atm-address> <length> [-plan {e164|nsap}]
The command parameters are described in Table 9-24.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-51
Chapter 9
Switch Operating Procedures
Configuring VPI and VCI Ranges for SVCs and SPVCs
Table 9-24
ATM Address Configuration Parameters
Parameter
Description
portid
Port identifier in the format slot:bay.line:ifnum. These parameters are described in
Table 9-1.
atm-address
Enter the ATM address using up to 40 nibbles. The ATM address can include up to
20 bytes, which is 40 nibbles or 160 bits.
length
Enter the length, in bits, of the address you specified with the <atm-address>
parameter. Each nibble is equal to 4 bits. The acceptable range for the parameter is from
0 to 160 bits.
-plan
Enter the address plan, which is either e164 (E.164) or nsap (NSAP). For an NSAP
address, the first byte of the address automatically implies one of the three NSAP
address plans: NSAP E.164, NSAP DCC, or NSAP ICD.
Default = nsap.
Step 4
To verify that the static address is deleted, enter the following command:
mgx8830a.1.PXM.a > dspatmaddr <portid>
Replace <portid> with the port address using the format slot:bay.line:ifnum These parameters are
described in Table 9-1.
Configuring VPI and VCI Ranges for SVCs and SPVCs
When you add a partition to a port, you define the minimum and maximum VPIs and VCIs for that port.
These VPIs and VCIs become available for all services unless you make additional configuration
changes. If this configuration is acceptable for your installation, you can skip this section. You are not
required to configure VPI and VCI ranges for SVCs and SPVCs.
The Cisco MGX 8850switches allow you to define the minimum and maximum values for the following
parameters:
•
SVCC VPIs
•
SVCC VCIs
•
SPVC VPIs
To configure VPI and VCI usage for connections on a specific port, use the following procedure.
Step 1
Establish a configuration session using a user name with GROUP1 privileges or higher.
Step 2
To display a list of PNNI ports, enter the dsppnports command.
Step 3
Enter the following command to bring down the PNNI port you want to configure:
mgx8830a.1.PXM.a > dnpnport <portid>
A PNNI port is automatically brought up when you add it. You must bring down the port before you can
change the port range. Replace <portid> using the format slot:bay.line:ifNum. Table 9-1 describes these
parameters.
Step 4
Enter configure the port range, enter the following command:
Cisco MGX 8800/8900 Series Software Configuration Guide
9-52
OL-19868-01
Chapter 9
Switch Operating Procedures
Configuring VPI and VCI Ranges for SVCs and SPVCs
mgx8830a.1.PXM.a > cnfpnportrange <portid> [-minsvccvpi <min-svcc-vpi>]
[-maxsvccvpi <max-svcc-vpi>] [-minsvccvci <min-svcc-vci>] [-maxsvccvci <max-svcc-vci>]
[-minsvpcvpi <min-svpc-vpi>] [-maxsvpcvpi <max-svpc-vpi>]
The only required parameter for this command is the <portid> parameter, but the command serves no
purpose if you enter it without options. If you include some options with the command and omit others,
the omitted options remain set to the last configured values. Table 9-25 lists and describes the options
and parameters for this command.
Table 9-25
Parameters for the cnfpnportrange Command
Parameter
Description
portid
Port identifier in the format slot:bay.line:ifnum. Table 9-1 describes these parameters.
min-svcc-vpi
Minimum VPI value for SVCC.
Range: 0 to 4095.
Default = 0.
max-svcc-vpi
Maximum VPI value for SVCC.
Range: 0 to 4095.
Default = 4095.
min-svcc-vci
Minimum VCI value for SVCC.
Range: 32 to 65535.
Default = 35.
max-svcc-vci
Maximum VCI value for SVCC.
Range: 32 to 65535.
Default = 65535.
min-svpc-vpi
Minimum VPI value for SVPC.
Range: 1 to 4095.
Default = 1.
max-svpc-vpi
Maximum VPI value for SVPC.
Range: 1 to 4095.
Default = 4095.
Step 5
Enter the following command to bring up the PNNI port you just configured:
mgx8830a.1.PXM.a > uppnport <portid>
Replace <portid> using the format slot:bay.line:ifNum. Table 9-1 describes these parameters.
Step 6
To display the PNNI port range for a port, enter the following command:
mgx8830a.1.PXM.a > dsppnportrange <portid>
After you enter this command, the switch displays a report similar to the following example:
mgx8830a.1.PXM.a > dsppnportrange 1:2.1:2
minSvccVpi:
minSvccVci:
minSvpcVpi:
0
35
1
maxSvccVpi:
maxSvccVci:
maxSvpcVpi:
4095
65535
4095
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-53
Chapter 9
Switch Operating Procedures
Managing Path and Connection Traces
Managing Path and Connection Traces
Cisco MGX switches support the following traces:
•
path traces — the trace occurs only during call setup. Therefore, tracing is enabled before call set
up then actually occurs while PNNI routes the connection. The applicable connections are SPVCs,
SPVPs, SVCs, or SVPs.
•
connection traces — the trace occurs for a call that has already been routed. You can trace the route
of existing SPVCs and SVCs.
For more information about enabling path and connection traces, refer to the Cisco MGX 8800/8900
Series Command Reference, Release 5.2.
Displaying Path and Connection Traces
There are several commands that allow you to display trace information about a connection. By entering
these commands at the slave end of the connection, you can determine the path taken by a connection.
Table 9-26 describes these commands.
Table 9-26
Path and Connection Trace Commands
Command
Description
dsppathtracenode <enable|disable>
Displays the nodal configuration for the path and
connection trace.
dsppathtraceport <portid>
Displays the port configuration for the path and
connection trace.
dsppathtraceie <portid>
Displays whether or not TTL 1E is included in the
specified port’s configuration.
dsppathtracebuffer <portid><vpi><vci> Displays a specific connection based on the physical port’s
id, vpi, and vci.
dsppathtracebuffer
Displays all path traces in all the path trace buffers.
conntrace
Displays all path traces in all the path trace buffers.
Clearing a Call at the Destination Node
When a call setup message reaches its destination, you can ensure that the call is cleared by entering the
pathtraceport command as follows:
mgx8830a.1.PXM.a > pathtraceport <portid> -X
Replace portid using the format slot:bay.line:ifNum. Table 9-1 describes these parameters. The -X
parameter ensures that calls will be cleared once they reach the destination specified in the portid
parameter.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-54
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing Load Sharing
Managing Load Sharing
When redundant PXM cards are used, load sharing enables traffic routing through the switch fabric on
both PXM cards, doubling the capacity of the switch. Load sharing is enabled by default and should only
be disabled for testing or debugging purposes.
The switch provides two options for load sharing management: Auto Shutdown and Plane Alarm
Threshold. The switch fabric on each PXM is made up of 3 switch planes that each contain links to 14
slots within the switch chassis. When the Auto Shutdown feature is enabled and one of these internal
links fails, that link is automatically shut down, and the card in the affected slot must use a link to another
switch plane. If Auto Shutdown is not enabled and a link goes bad, the affected card slot can still attempt
to use that link.
The Plane Alarm Threshold option defines the threshold at which a switch plane is declared bad and
reported as such. When a switch plane is reported as bad, the PXM on which the switch plane resides
should be replaced.
The following procedures describe how to view the load sharing option settings and how to change them.
Displaying Load Sharing Status
Enter the dspxbarmgmt command to display the status of the load sharing options. The following
example shows the display for this command.
mgx8830a.1.PXM.a > dspxbarmgmt
pop20two
MGX8850
Load Sharing: Enable
Auto Shutdown: Disable
Plane Alarm Threshold: 3
System Rev: 02.01
Dec. 07, 2000 18:36:47 GMT
Node Alarm: MAJOR
The Load Sharing and Auto Shutdown lines fields show the option status as Enable or Disable. The Plane
Alarm Threshold line displays a number from 1 to 32. On PXM cards, the maximum number of slots to
which each plane can connect is 14.
Changing Load Sharing Options
To change the load sharing options, enter the cnfxbarmgmt command as described in the following
procedure.
Step 1
Establish a configuration session using a user name with SUPER_GP privileges or higher.
Step 2
Display the current configuration setting by entering the dspxbarmgmt command.
Step 3
Set the load sharing options by entering the cnfxbarmgmt command as follows:
mgx8830a.1.PXM.a > cnfxbarmgmt <loadSharing> <autoShutdown> <planeAlarmThresh>
Note
You must enter values for all command parameters, even if you want to change only one of them.
Table 9-27 describes the parameters for this command.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-55
Chapter 9
Switch Operating Procedures
Managing Telnet Access Features
Table 9-27
Command Parameters for cnfxbarmgmt
Parameter
Description
loadSharing
Enables or disables load sharing. Enter -1, 0, or 1. These values control load
sharing as follows:
•
-1 unconditionally disables load sharing, regardless of switch plane status
•
0 disables load sharing only when there are no switch plane alarms
•
1 enables load sharing
If you do not want to change the setting, enter the value that corresponds to the
current setting displayed with the dspxbarmgmt command.
autoShutdown
Enables or disables the Auto Shutdown feature. Enter 0 to disable this feature,
or enter 1 to automatically shut down a failed link between a switch plane and
a card slot.
If you do not want to change the setting, enter the value that corresponds to the
current setting displayed with the dspxbarmgmt command.
planeAlarmThresh
Defines when a switch plane should be reported as bad. Set the threshold to the
number of failed links (between a switch plane and the card slots it services)
that exceeds your acceptable limit. The default threshold is 3. The PXM card
supports up to 14 links.
If you do not want to change the setting, enter the value that appears when you
enter the dspxbarmgmt command.
Step 4
To verify your configuration change, enter the dspxbarmgmt command.
Managing Telnet Access Features
The Cisco MGX switches include Telnet client and server software. The Telnet server software allows
you to establish CLI management sessions with a switch using a Telnet client. The Telnet client software
allows you to log into a switch and then establish a Telnet session with another switch.
Starting with Release 5, you can disable the Telnet feature to force users to use secure sessions to access
the switch. The following sections describe how to start Telnet sessions from workstations and switches
and how to enable or disable Telnet access.
Tip
For instructions on establishing secure CLI management sessions from a workstation, see “Starting a
Secure (SSH) CLI Session” in Appendix C, “Supporting and Using Additional CLI Access Options.” For
instructions on establishing secure CLI management sessions between switches, see “Starting and
Managing Secure (SSH) Access Sessions Between Switches,” which appears later in this chapter.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-56
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing Telnet Access Features
Starting a Telnet Session from a Workstation
For instructions on starting a Telnet session from a workstation, see “Starting a CLI Telnet Session” in
Appendix C, “Supporting and Using Additional CLI Access Options.”
Starting and Managing Telnet Sessions Between Switches
The Cisco MGX 8850switches support Telnet sessions between switches. For example, you can start a
CLI session with one switch, Telnet to a second switch to view configuration information, then switch
back to the first switch and continue that CLI session. Each switch supports up to 15 simultaneous Telnet
sessions, and you can Telnet across multiple switches. For example, you can establish a CLI session on
switch A, Telnet to switch B, and then Telnet from switch B to switch C.
The following sections describe:
•
Starting a Telnet Session
•
Returning to a Previous Session
•
Returning to the Original CLI Session
•
Displaying a Telnet Trace
Starting a Telnet Session
To start a Telnet session, enter the telnet command as follows:
mgx8830a.1.PXM.a > telnet [-E<escapeCharacter>] [-R<tracerouteCharacter>] <ipAddress>
[[0x|X|x]<tcpPort>]
You must enter an IP address with the telnet command as shown in the following example:
mgx8830a.1.PXM.a > telnet 172.29.52.88
Trying 172.29.52.88...
Connected to 172.29.52.88
Login: cisco
password:
The -E option allows you to specify an escape character that takes you back to the previous session. For
example, if you have Telnetted from Switch A to Switch B to Switch C, you can use this escape character
to return to Switch B. The default escape character is Q. To change this, specify an alternate escape
character with the -E option when you start a Telnet session. There should be no space character between
the -E and the escape character.
The -R option allows you to specify an escape character that displays a trace of your Telnet activity. For
example, if you have Telnetted from Switch A to Switch B to Switch C, you can use this escape character
to display the Telnet routes from A to B and from B to C. The default escape character is g. To change
the default escape character, specify an alternate escape character withe the -R option when you start a
Telnet session. There should be no space character between the -R and the escape character.
The tcpPort option allows you to specify a destination port for the Telnet session. If you omit this option,
the Telnet session uses the default Telnet port.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-57
Chapter 9
Switch Operating Procedures
Managing Telnet Access Features
Returning to a Previous Session
After you Telnet from one switch to another, enter the bye command or the exit command to close the
current session and return to the previous session. For example, if you telnet from Switch A to Switch B
to Switch C, the bye command will terminate the session on Switch C and display the session on Switch
B.
Returning to the Original CLI Session
After you Telnet from switch to switch, enter the escape character to close all Telnet sessions and return
to the original CLI session. The default escape sequence is Escape, Q (uppercase Q). Press Escape first,
then press Shift-Q. If you specified an alternate escape character when opening Telnet sessions, enter
that character in place of Q.
For example, if you Telnet from Switch A to Switch B to Switch C, the escape character sequence closes
the Telnet sessions on Switches B and C, and displays the CLI session on Switch A.
Displaying a Telnet Trace
After you Telnet from switch to switch, enter the trace escape character to display a list of connections
you have established between switches. The default escape sequence is Escape, g (lowercase g). Press
Escape first, then press g. If you specified an alternate escape character when opening Telnet sessions,
enter that character in place of g.
The following example shows a sequence of Telnet sessions and the trace that documents the sequence:
mgx8830a.1.PXM.a > telnet 172.29.52.88
Trying 172.29.52.88...
Connected to 172.29.52.88
Login: cisco
password:
mgx8830b.1.PXM.a > telnet 172.29.52.56
Trying 172.29.52.56...
Connected to 172.29.52.56
Login:
password:
mgx8830a.1.PXM.a >
-> local IP 172.29.52.56, next hop at 172.29.52.88
-> local IP 172.29.52.88, connected to server at 172.29.52.56
mgx8830b.1.PXM.a >
Enabling and Disabling SSHV1, FTP, and Telnet Access
The MGX switch can be accessed using Telnet, FTP, Secure Shell Protocol Version 1( SSHV1), Secure
Shell Protocol Version 2 (SSHV2), and Secure File Transfer Protocol (SFTP). Some of these protocols
do not encrypt passwords, and they send the password through the TCP/IP network as a clear-text
password. These passwords can be read by network analysis and snooping tools.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-58
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing Telnet Access Features
You can enable or disable Telnet, FTP, and SSHV1 using the command line interface (CLI) and SNMP.
When you disable any of these protocols and then try to access MGX, the new session is not allowed
and old session continues to run. To disable Telnet, SSHV1, and FTP client access, enter the
cnfndparms command, select the option number, and confirm the action (Y) as shown in the
following example:
M8850_SF.7.PXM.a > cnfndparms
M8850_SF
MGX8850
NODE CONFIGURATION OPTIONS
Opt# Value
Type
---- -------1
3600
16bit Decimal
2
3
8bit Decimal
3
No
Boolean
4
No
Boolean
5
0x0
8bit Hex
6
0x0
8bit Hex
7
0
8bit Decimal
8
atm0
8bit Decimal
9
lnPci0
8bit Decimal
10
Yes
Boolean
11
Yes
Boolean
12
0
8bit Decimal
13
0
8bit Decimal
14
No
Boolean
15
No
Boolean
16
No
Boolean
17
Yes
Boolean
System Rev: 05.04
Oct. 26, 2007 00:41:36 PST
Node Alarm: MINOR
Description
----------SHM Card Reset Sliding Window (secs)
SHM Max Card Resets Per Window (0 = infinite)
Core Redundancy Enabled
Expanded Memory Enabled for 250K connections
Required Power Supply Module Bitmap
Required Fan Tray Unit Bitmap
Trap Manager Aging timeout value(Hour(s))
Primary IP interface for Netmgmt
Secondary IP interface for Netmgmt
Auto Setting of Cellbus Clock Rate Enabled
Inband Node-to-Node IP Connectivity Enabled
Obsolete, Use dsprcons for Gang Card Status
Card Switchover on Backcard FRU mismatch
Card-to-Card High Priority LCN Disabled
Telnet Access To Node Disabled
Insecure Access(Telnet / Ftp) To Node Disable
SSH V1 & Telnet Access To Node Disabled
Enter option number (1-17): 17
NODE CONFIGURATION OPTIONS
Opt# Value
Type
Description
---- -----------------17
Yes
Boolean
SSH V1 & Telnet Access To Node Disabled
Enable/Disable SSHV1 & Telnet access to this node. If option set to:
Yes:
SSH V1/Telnet access to this node is disabled. This
forces all incoming SSHV1/Telnet connections to be rejected by
the node. Use SSHV2 to remotely log in to the node
No:
SSH V1 access to this node is enabled. Telnet access depends on
what is configured for Telnet option in the Node parameters
Incoming SSH V1 connections will be accepted by the node.
Use of other protocols such as SSHV2 and FTP/SFTP are still
supported for remotely logging into a terminal session or transfer
files to/from the node.
Enter value for option 17 (Y/N):
NODE CONFIGURATION OPTIONS
Opt# Value
Type
---- -------17
Yes
Boolean
yes
Description
----------SSH V1 & Telnet Access To Node Disabled
To test whether Telnet access is disabled, try to establish a session with the switch. In the following
example, a Telnet client attempts to connect to a switch on which Telnet access is disabled:
Err: access denied
<Your 'TELNET' connection has terminated>
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-59
Chapter 9
Switch Operating Procedures
Managing Telnet Access Features
In the next example, a Telnet client on one switch attempts to connect to a switch on which Telnet access
is disabled:
PXM1E_SJ.7.PXM.a > telnet 172.29.52.56
Trying 172.29.52.56...
Connected to 172.29.52.56.
Escape character is ^]
Err: access denied
Connection closed by foreign host.
To display the configuration for Telnet client access, enter the dspndparms command as described in
the next section.
Displaying the Telnet, FTP, and SSHV1 Enable Status
To display the status of Telnet, FTP, and SSHV1 client access, enter the dspndparms command. In the
following example, Telnet client access is disabled (17):
M8850_SF.7.PXM.a > dspndparms
M8850_SF
MGX8850
NODE CONFIGURATION OPTIONS
Opt# Value
Type
---- -------1
3600
16bit Decimal
2
3
8bit Decimal
3
No
Boolean
4
No
Boolean
5
0x0
8bit Hex
6
0x0
8bit Hex
7
0
8bit Decimal
8
atm0
8bit Decimal
9
lnPci0
8bit Decimal
10
Yes
Boolean
11
Yes
Boolean
12
0
8bit Decimal
13
0
8bit Decimal
14
No
Boolean
15
No
Boolean
16
No
Boolean
17
Yes
Boolean
System Rev: 05.04
Oct. 26, 2007 00:41:36 PST
Node Alarm: MINOR
Description
----------SHM Card Reset Sliding Window (secs)
SHM Max Card Resets Per Window (0 = infinite)
Core Redundancy Enabled
Expanded Memory Enabled for 250K connections
Required Power Supply Module Bitmap
Required Fan Tray Unit Bitmap
Trap Manager Aging timeout value(Hour(s))
Primary IP interface for Netmgmt
Secondary IP interface for Netmgmt
Auto Setting of Cellbus Clock Rate Enabled
Inband Node-to-Node IP Connectivity Enabled
Obsolete, Use dsprcons for Gang Card Status
Card Switchover on Backcard FRU mismatch
Card-to-Card High Priority LCN Disabled
Telnet Access To Node Disabled
Insecure Access(Telnet / Ftp) To Node Disable
SSH V1 & Telnet Access To Node Disabled
Displaying a Banner Message Before the Login Prompt
A banner message is displayed before the login prompt when you access the MGX through Telnet, FTP,
SSH, or SFTP. You can configure the path of the file which contains the banner message. The procedure
to configure the path of the banner message differs for SSH, SFTP, Telnet, and FTP.
SSH and SFTP
For SSH and SFTP sessions, you have to update the sshd_config file with the path of the banner file. To
update the file:
Step 1
Copy the file sshd_config to your local directory.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-60
OL-19868-01
Chapter 9
Switch Operating Procedures
Starting and Managing Secure (SSH) Access Sessions Between Switches
Step 2
Append the following line in the config file using any text editor:
banner
“path of bannerfile"
Step 3
Copy the updated config file from your local directory to the active PXM.
Step 4
Put the banner file in the specified path.
Step 5
Reset the standalone PXM. Execute the switchcc command twice if you have both the active and standby
card on your MGX node.
Telnet and FTP
Use the cnfloginbanner command to specify the path of the banner file. MGX reads the banner file from
the specified path and sends it to the Telnet client. If no banner file exists in the specified path, then the
system creates a banner file with empty content. You have to update this file with the login message. In
the following example, the user sets the path of the banner file:
Unknown.7.PXM.a > cnfloginbanner telnet F:SSHD/telnet_bannr
path F:SSHD/telnet_banner added to local database
Starting and Managing Secure (SSH) Access Sessions Between
Switches
Cisco MGX 8850switches support secure sessions (ssh secure shell) between any ssh server. Any ssh
client can connect to these nodes. Examples of clients are PCs, Suns, other MGX switches.
Further, MGX switches support an ssh client. This client allows the MGX server to connect to any ssh
server. Of course, one example of an ssh server is the MGX switch.
The following sections describe:
Tip
•
Starting a Secure Session Between Switches
•
Returning to the Previous Session
For instructions on establishing a secure session between a workstation and a switch, see “Starting a
Secure (SSH) CLI Session” in Appendix C, “Supporting and Using Additional CLI Access Options.”
The section on establishing secure sessions from a workstation contains additional information on the
secure session feature.
Starting a Secure Session Between Switches
To start a secure session, enter the ssh command as follows:
mgx8830a.1.PXM.a > ssh [-l username] [-v] [-V] [-q] [-e] [-p] [-1] [-2] [username@]host
[command]
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-61
Chapter 9
Switch Operating Procedures
Starting and Managing Secure (SSH) Access Sessions Between Switches
Table 9-28 describes the parameters for this command.
Table 9-28
Parameter
Command Parameters for ssh
Description
-l username Specifies a username for login on the remote host. If no username is specified, the client
switch where you enter this command uses your current login name. Example:
PXM1E_SJ.7.PXM.a > ssh -l superuser 172.29.52.56
superuser@172.29.52.56's password:
M8850_NY.7.PXM.a >
-v
The verbose (lowercase v) option displays status messages regarding the establishment
of the secure connection. You can enter the -v option up to three times to increase the
level of message reporting. One -v provides the least detail and -v -v -v provides the most
detail.
-V
The version option (upper case V) displays the SSH version information only as shown
in the following example:
PXM1E_SJ.7.PXM.a > ssh -V 172.29.52.88
SSHield_1.6.1 derived from OpenSSH_3.0.2p1, SSH protocols 1.5/2.0, OpenSSL
0x0090602f
Note
The -V option takes precedence over other command options. For example, a
remote switch IP address is specified in the previous example. In this example,
the switch displays only the version information and does not establish a secure
session with the remote switch.
-q
The quiet option suppresses warning messages.
-e
The escape option defines an escape character for the session. To specify no escape
character, enter “none.” The default escape character is the tilde symbol (~).
-p
The port option specifies the port to connect to at the remote server. The default value
for the client and the server is 22. If you change the port number at the remote switch,
you must specify the correct port number when entering the ssh command.
-1
The -1 option forces the secure session to use the SSH Version 1 protocol.
-2
The -2 option forces the secure session to use the SSH Version 2 protocol.
username@ Specifies a username for login on the remote host. If no username is specified, the client
switch where you enter this command uses your current login name. Example:
PXM1E_SJ.7.PXM.a > ssh superuser@172.29.52.56
superuser@172.29.52.56's password:
host
Replace host with the IP address of the remote switch. If a remote switch name is
associated with an IP address in the local hosts file, you can enter a name instead of the
IP address.
Note
command
If your IP configuration supports it, you can establish a secure session with the
active or the standby PXM. For more information, see “Guidelines for Creating
an IP Address Plan” in Chapter 1, “Preparing for Configuration.”
The command option specifies a command to be executed on a remote host.
Note
This feature is not supported on remote Cisco MGX nodes.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-62
OL-19868-01
Chapter 9
Switch Operating Procedures
Starting and Managing Secure (SSH) Access Sessions Between Switches
You must enter an IP address or host name with the ssh command as shown in the following example:
M8850_NY.7.PXM.a > ssh 172.29.52.88
cisco@172.29.52.88's password:
M8850_LA.8.PXM.a >
Note
When establishing secure sessions between switches, you can establish only one additional session
beyond the original. For example, you can establish a CLI management session from a workstation to
switch B, and then establish a secure session from switch B to switch C. However, you cannot extend
the secure session from switch C to another device.
The following example shows what happens the first time a secure session is established between two
switches:
PXM1E_SJ.7.PXM.a > ssh 172.29.52.89
The authenticity of host '172.29.52.89 (172.29.52.89)' can't be established.
DSA key fingerprint is 21:a0:7e:f2:64:b5:0c:71:ac:95:05:0b:42:11:4c:94.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.29.52.89' (DSA) to the list of known hosts.
cisco@172.29.52.89's password:
M8950_SF.8.PXM.a >
In the previous example, the remote host is not known to the local host. After you type yes (the word yes
must be spelled out), the remote host is added to the list of known hosts and the next login requires only
a password:
PXM1E_SJ.7.PXM.a > ssh 172.29.52.88
cisco@172.29.52.88's password:
M8850_LA.8.PXM
Returning to the Previous Session
After you create a secure session between two switches, enter the bye command or the exit command to
close the current session and return to the previous session. The following example shows the switch
response to the bye command:
M8850_LA.8.PXM.a > bye
(session ended)
Connection to 172.29.52.88 closed by remote host.
Connection to 172.29.52.88 closed.
M8850_NY.7.PXM.a >
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-63
Chapter 9
Switch Operating Procedures
Managing Remote (TACACS+) Authentication and Authorization
Managing Remote (TACACS+) Authentication and Authorization
Remote authentication and authorization is a feature that allows you to manage user authentication and
command authorization on multiple switches from a single authentication, authorization, and accounting
(AAA) server. Authentication verifies that a user is entitled to connect to a switch, and authorization
verifies that the user is entitled to execute each command the user enters. Communications between the
switch and the AAA server use the Terminal Access Control Access Control System Plus (TACACS+)
protocol. Refer to the following sections to configure remote authentication and authorization:
•
Configuring AAA Servers
•
Configuring the Cisco MGX Switch to Access AAA Servers
•
Configuring the Default Privilege Level
•
Configuring the Prompt Override Option
•
Configuring User Authentication on the Switch
•
Configuring Command Authorization on the Switch
In addition, refer to the following additional sections that describe other tasks related to managing AAA
server authentication:
•
Configuring FTP and SSH Messaging Format for AAA Servers
•
Displaying the TACACS+ Configuration
•
Displaying AAA Server Information
•
Displaying AAA Server Statistics
•
Avoiding Command Mode Authorization Issues with RPM
•
Support for TACACS Challenge Messages
Configuring AAA Servers
To configure a Cisco MGX switch for remote TACACS+ authentication and authorization, you must
have an IP address for the remote AAA server. For encrypted authentication and authorization, you must
also have an encrypted key to apply at the AAA server and at the Cisco MGX switch.
Tip
If you know the encryption key and the IP address the AAA server will use, you can configure the server
after the switch. The “Configuring User Authentication on the Switch” and “Configuring Command
Authorization on the Switch” sections describe the authentication and authorization that take place when
the AAA server is not available.
The exact procedure for configuring the AAA server can be found in the documentation for that product.
The following is a list of the general tasks that need to be performed:
•
Install the AAA server.
•
Configure the AAA server to use the TACACS+ protocol.
•
Configure the AAA server IP address and provide it to the person that configures the Cisco MGX
switch.
•
If encrypted authentication and authorization is planned, produce an encryption key and give it to
the person that configures the Cisco MGX switch.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-64
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing Remote (TACACS+) Authentication and Authorization
•
If required by the AAA server, configure the AAA server to use the IP address of each Cisco MGX
switch it will support. (Some AAA servers accept communications from any IP address if the
encryption key is correct.)
•
Configure the AAA server to support the cisco user at the CISCO_GP level. We recommend that you
also configure users at the SERVICE_GP and SUPER_GP levels.
•
Configure the AAA server to support additional users according to the requirements of your
business.
Configuring the Cisco MGX Switch to Access AAA Servers
The first step in configuring a Cisco MGX Switch for AAA server access is to configure the identity of
one or more AAA servers on the switch. The switch will not permit you to select TACACS+
authentication or authorization until at least one AAA server has been configured. To configure a Cisco
MGX switch for remote TACACS+ authentication and authorization, you must have an IP address for
the remote AAA server. For encrypted authentication and authorization, you must also configure an
encryption key at the switch and at the AAA server.
Tip
If you know the encryption key and the IP address the AAA server will use, you can configure the server
after the switch. The “Configuring User Authentication on the Switch” and “Configuring Command
Authorization on the Switch” sections describe the authentication and authorization that take place when
the AAA server is not available.
To configure an AAA server, log in using a username with SERVICE_GP privileges or higher and enter
the cnfaaa-server command in the following format:
M8850_LA.7.PXM.a >
cnfaaa-server tacacs+ -ip <ServerIp> [-port <ServerPort>] [-primary]
[-timeout <timeout>] [-dt <dt>] [-single <single>]
Table 9-29 describes the parameters for this command.
Table 9-29
Parameters for cnfaaa-server Command
Parameter
Description
ServerIp
This required parameter identifies the IP address of a target AAA server.
ServerPort
When the target AAA server does not use the default port number for TACACS+ communications, you can
use this optional parameter to specify the correct port. The default port number is 49.
-primary
When multiple AAA servers are configured, use this optional parameter to specify the primary or preferred
server to use for authentication and authorization. There can be up to three servers.
timeout
Optionally, specifies how long the switch will wait for an authentication or authorization response from a
server. If no response is received by the end of the timeout period, the server is marked dead and the switch
does not try to access that server again until the end of the dead time period.
When a server is marked dead, the switch tries to access the next server in the configured list. If no AAA
servers respond, the switch uses the next configured method as described in the “Configuring User
Authentication on the Switch” and “Configuring Command Authorization on the Switch” sections.
You can specify the time out by entering a number in the range of 1 to 30 seconds, or by entering the default
keyword. The default timeout value is 5 seconds.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-65
Chapter 9
Switch Operating Procedures
Managing Remote (TACACS+) Authentication and Authorization
Table 9-29
Parameters for cnfaaa-server Command (continued)
Parameter
Description
dt
This optional parameter defines the dead time for a configured server. The dead time starts when a server fails
to respond. During the dead time, the switch will not attempt to use the unresponsive server. Instead, the
switch will use other configured servers, and if all servers are unresponsive, the switch uses other
authentication and authorization methods as described in the “Configuring User Authentication on the
Switch” and “Configuring Command Authorization on the Switch” sections.
You can specify the dead time out by entering a number in the range of 0 to 5 minutes, or by entering the
default keyword. The default dead time value is 0 minutes.
single
This optional parameter selects either single-connection server communications or multiple-connection
server communications. If single-connection communications are selected, the switch attempts to direct all
authentication and authorization requests through a single TCP connection to the server. If single-connection
communications are disabled, multiple TCP connections are used for multiple authentication and
authorization requests.
When this feature is disabled (multiple-connection communications is enabled) and you are running
one or more scripts, we recommend executing commands no less than .6 seconds apart for each script.
For example, if two scripts are running at the same time, commands should be executed not less than
1.2 seconds apart. If commands are issued more frequently than this, the following symptoms can
appear:
Note
•
Telnet sessions take a long time to start.
•
FTP sessions can fail.
•
The following message can appear: Command execution currently restricted to root users only.
•
The warning W_THROTTLED is logged once every 30 minutes while this occurs.
•
In the dspaaa-stats command display, the # socket throttles row values will increment.
Valid settings for this parameter are true, false, and default, which produces the same result as selecting true.
The default configuration for single-connection communications is true.
After you enter the cnfaaa-server command, the switch prompts you to enter a encryption key. The
encryption key is a text string that can contain any combination of letters, numbers, spaces, and
characters. This key is required for encrypted communications with the server and must also be entered
at the AAA server. To enter an encryption key, respond to the prompts as shown in the following
example:
M8830_SF.2.PXM.a > cnfaaa-server tacacs+ -ip 172.29.52.112
Do you want to change the encryption key (yes/no)?y
Enter the encryption key:
Re-enter the encryption key:
TACACS+ SERVERS:
IP Address
---------------172.29.52.111
172.29.52.112
primary is shown first
Port
---49
49
Time
Out
--5
5
Dead
Time
---0
0
Single
Conn
Shared Encryption Key
------ -------------------------------------true
true
12345abcde
WARNING: One or more TACACS+ servers do not have a key configured.
Information exchanged with this server will be unencrypted, in clear text.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-66
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing Remote (TACACS+) Authentication and Authorization
The encryption key must be entered twice and should be entered without quotation marks, unless the
quotation marks themselves are part of the key. Although white spaces are allowed inside the key, white
spaces are not allowed at the beginning or end of the key; they are automatically stripped off.
Note
For maximum security, it is recommended that you use an encryption key for TACACS+
communications. The encryption key is used to encrypt communications so that user names and
passwords are not easily acquired by unauthorized users. Some AAA servers may require an encryption
key. If the AAA server requires an encryption key, the same key must be configured at the server and at
the Cisco MGX switch.
A configuration without a key is recommended only for troubleshooting or lab testing. When no
encryption key is specified, all communications are in clear text format and are easier to read by
unauthorized users.
If you are not using encryption, just respond to the prompts as shown in the following example:
M8830_SF.2.PXM.a > cnfaaa-server tacacs+ -ip 172.29.52.111
Do you want to change the encryption key (yes/no)?n
WARNING: No encrpytion key specified for the TACACS+ protocol. This means
that all information shared with the server will be in cleartext! This is
a security risk.
Do you want to proceed (Yes/No)? y
TACACS+ SERVERS:
IP Address
---------------172.29.52.111
primary is shown first
Port
---49
Time
Out
--5
Dead
Time
---0
Single
Conn
Shared Encryption Key
------ -------------------------------------true
WARNING: One or more TACACS+ servers do not have a key configured.
Information exchanged with this server will be unencrypted, in clear text.
Configuring the Default Privilege Level
The default privilege level applies when the AAA server authenticates a user and no privilege level has
been configured for or is available for that user. To set the default privilege level, enter the cnfaaa-priv
command using the following format:
M8850_LA.7.PXM.a > cnfaaa-priv
<CISCO_GP|SERVICE_GP|SUPER_GP|GROUP1|ANYUSER|NOUSER_GP|default>
With two exceptions, the available privilege levels are the same as those described in the “Configuring
User Access” section of Chapter 2, “Configuring General Switch Features.” The exceptions are the
NOUSER_GP and default privilege levels, which deny access to all commands. The default value
assigned to the default privilege level is NOUSER_GP.
Note
When the default privilege level is set to NOUSER_GP or default, user access to the switch is blocked
because the user is not allowed to execute any commands.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-67
Chapter 9
Switch Operating Procedures
Managing Remote (TACACS+) Authentication and Authorization
Configuring the Prompt Override Option
The prompt override option allows you to choose the prompt used during authentication. The switch
prompt is the prompt that the switch displays when an AAA server is not in use. You can override this
selection with an access control server (ACS) prompt supplied by the AAA server. If you choose the
AAA server prompt and the server does not provide a prompt, the switch prompt appears.
The default prompt configuration selects the switch prompt. To change the prompt section, enter the
cnfaaa-prompt command as follows:
M8850_LA.7.PXM.a >
cnfaaa-prompt <switch | acs | default>
The default parameter produces the same result as choosing acs, which selects the AAA server prompt.
Specify switch to select the switch prompt.
Caution
If your installation uses scripts that expect the switch prompt, using the AAA server prompt can make
those scripts inoperable.
Configuring User Authentication on the Switch
Cisco MGX Release 5 switches support three different authentication methods for user access. These
methods are described next to the keywords that select them in Table 9-30.
Table 9-30
Keywords for cnfaaa_authen and cnfaaa-author Commands
Keyword Description
cisco
The cisco keyword selects the local database for authentication or authorization and limits
access only to the user cisco.
Note
default
User cisco access method is always enabled and is used for authentication and
authorization when all other methods fail. However, you can configure the user cisco
access method to have a higher priority than other authentication or authorization
methods.
The default keyword selects the local (on the switch) database for authentication or
authorization. This keyword produces the same result as the local keyword.
When this method is chosen for authorization (which is described in the next section), it is
only valid for group mode.
local
The local keyword selects the local database for authentication or authorization.
When this method is chosen for authorization, it is only valid for group mode.
tacacs+
The tacacs+ keyword selects authentication or authorization through TACACS+ protocol
communications with an AAA server.
You can select multiple authentication methods. When a user attempts to authenticate, the switch uses
the authenticated methods in the configured order. If the first method attempted fails to get a pass or fail
for the user, the next method is attempted. For example, if the configured methods are “tacacs+ local”
and no TACACS+ servers are available, the switch will use the local database to authenticate users.
When TACACS+ is used for authentication, it is not very practical to use the local database for a backup.
A prime advantage of the TACACS+ method is that you do not have to configure users in the local
database on every switch. When the configuration uses the local database for backup, user data must be
Cisco MGX 8800/8900 Series Software Configuration Guide
9-68
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing Remote (TACACS+) Authentication and Authorization
entered into the AAA server at every switch in the network, and updates must be manually synchronized
on the switch and server. A more practical approach is to establish fault tolerance by setting up multiple
AAA servers.
The cisco method listed in Table 9-30 is always enabled and is the last authentication method attempted
if it is not configured before the local or tacacs+ methods. This ensures that the user cisco can access
the switch when the AAA servers are unavailable.
To configure authentication, log in using a username with SERVICE_GP privileges or higher and enter
the cnfaaa-authen command using the following format:
M8850_LA.7.PXM.a > cnfaaa-authen <method> [<method>...]
Replace the method variables with one of the keywords listed in Table 9-30. The first method after the
command name is the preferred method. You can enter up to three methods. The second method is used
when the first method does not produce a pass or fail, and the third method is used when the second
method cannot authenticate the user.
Note
If you enter the cnfaaa-authen command and specify the tacacs+ method, and if no AAA servers are
configured, the command will fail. Configure AAA servers with the cnfaaa-server command before you
configure authentication.
The following example configures authentication through the tacacs+ method:
M8830_SF.2.PXM.a > cnfaaa-authen tacacs+
AAA CONFIGURATION:
Authentication Methods : tacacs+ cisco
Authorization Methods
: local cisco
Authorization Type
: group
Default Privilege Level : NOUSER_GP
Prompt Display
: acs
SSH/FTP Message Type
: Inbound ASCII Login
IOS Exclusion List
:
WARNING: The newly configured authentication/authorization methods will
apply to new session. This configuration has no impact on existing sessions.
Note that the previous example did not configure the cisco authentication method, but this method is
listed as the backup for the tacacs+ method in the Authentication Methods line. There is no need to enter
the cisco method when it is the last method to be used.
To return a switch to the default authentication configuration, enter the following command:
M8830_SF.2.PXM.a > cnfaaa-authen default
AAA CONFIGURATION:
Authentication Methods : local cisco
Authorization Methods
: local cisco
Authorization Type
: group
Default Privilege Level : NOUSER_GP
Prompt Display
: acs
SSH/FTP Message Type
: Inbound ASCII Login
IOS Exclusion List
:
WARNING: The newly configured authentication/authorization methods will
apply to new session. This configuration has no impact on existing sessions.
Notice the text in the command display that reminds you that changes in the authentication method only
apply to new sessions. This switch behavior prevents instant lockout if you make a configuration
mistake.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-69
Chapter 9
Switch Operating Procedures
Managing Remote (TACACS+) Authentication and Authorization
Configuring Command Authorization on the Switch
Authorization validates an authenticated user’s access to a command each time a command is entered.
When the switch uses an AAA server for authorization, the AAA switch can authorize commands in one
of the following ways:
•
The AAA server sends a switch access privilege level or group ID back to the switch one time for
each login session, and the switch validates all session commands based on that group ID. This
method is called group mode.
•
The AAA server validates every command the user enters using its own internal configuration to
determine if the user has access to the command. This method is called command mode.
Group mode requires less configuration at the AAA server, and it consumes less bandwidth during each
session. When the switch is configured for command mode, the AAA server must be configured to define
the command set available to each user. The advantage to command mode is that you can customize
access for each user. You are not limited to the access options defined on the switch.
To configure authorization, log in using a username with SERVICE_GP privileges or higher and enter
the cnfaaa-author command using the following format:
M8850_LA.7.PXM.a >
cnfaaa-author <authorType> <method> [<method>...]
Replace the authorType variable with group to select group mode or with command to select command
mode. As with the cnfaaa-authen command, you can specify up to three methods (see Table 9-30) for
authorization, and the switch will use these methods in the configured order. As with authentication, the
local method is not a practical substitute for AAA server authorization because it requires data entry in
the AAA server and every supported switch.
The following example configures the switch to use group mode for authorization:
M8830_SF.2.PXM.a > cnfaaa-author group tacacs+
AAA CONFIGURATION:
Authentication Methods : tacacs+ cisco
Authorization Methods
: tacacs+ cisco
Authorization Type
: group
Default Privilege Level : NOUSER_GP
Prompt Display
: acs
SSH/FTP Message Type
: Inbound ASCII Login
IOS Exclusion List
:
WARNING: The newly configured authentication/authorization methods will
apply to new session. This configuration has no impact on existing sessions.
Configuring FTP and SSH Messaging Format for AAA Servers
When the switch configuration uses an AAA server for authentication and authorization, FTP and SSH
requests are directed to the remote server. The TACACS+ message format for these requests can be either
ASCII or PAP.
One special application of the FTP and SSH messaging format applies when the AAA server is
configured to issue challenges, which are not supported by FTP and SSH. In this application, the PAP
message format should be configured.
To select the messaging format, log in using a username with SERVICE_GP privileges or higher and
enter the cnfaaa-ftpssh command in the following format:
M8850_LA.7.PXM.a >
cnfaaa-ftpssh <ascii|pap|default>
Enter the ascii keyword to select TACACS+ ASCII login messages. Enter the pap keyword to select
TACACS+ PAP login messages. The default keyword selects TACACS+ ASCII login messages.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-70
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing Remote (TACACS+) Authentication and Authorization
The following example selects the PAP message format:
M8830_SF.2.PXM.a > cnfaaa-ftpssh pap
AAA CONFIGURATION:
Authentication Methods : tacacs+ cisco
Authorization Methods
: local cisco
Authorization Type
: group
Default Privilege Level : NOUSER_GP
Prompt Display
: acs
SSH/FTP Message Type
: Inbound PAP Login
IOS Exclusion List
:
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-71
Chapter 9
Switch Operating Procedures
Managing Remote (TACACS+) Authentication and Authorization
Displaying the TACACS+ Configuration
To display the complete authentication and authorization configuration, enter the dspaaa command as
shown in the following example:
M8830_SF.2.PXM.a > dspaaa
AAA CONFIGURATION:
Authentication Methods
Authorization Methods
Authorization Type
Default Privilege Level
Prompt Display
SSH/FTP Message Type
IOS Exclusion List
TACACS+ SERVERS:
IP Address
---------------172.29.52.111
172.29.52.112
:
:
:
:
:
:
:
tacacs+ cisco
local cisco
group
NOUSER_GP
acs
Inbound PAP Login
primary is shown first
Port
---49
49
Time
Out
--5
5
Dead
Time
---0
0
Single
Conn
Shared Encryption Key
------ -------------------------------------true
true
12345abcde
WARNING: One or more TACACS+ servers do not have a key configured.
Information exchanged with this server will be unencrypted, in clear text.
Displaying AAA Server Information
To display a list of configured AAA servers, enter the dspaaa-servers command as shown in the
following example:
M8830_SF.2.PXM.a > dspaaa-servers
TACACS+ SERVERS:
IP Address
---------------172.29.52.111
172.29.52.112
primary is shown first
Port
---49
49
Time
Out
--5
5
Dead
Time
---0
0
Single
Conn
Shared Encryption Key
------ -------------------------------------true
true
12345abcde
WARNING: One or more TACACS+ servers do not have a key configured.
Information exchanged with this server will be unencrypted, in clear text.
Displaying AAA Server Statistics
To display a list of AAA server statistics, enter the dspaaa-stats command as shown in the following
format:
M8830_SF.2.PXM.a > dspaaa-stats [clear | detail]
If you enter this command without parameters, the switch displays a list of AAA server statistics. If you
enter the detail parameter, the switch displays additional data that does not appear when this option is
omitted. To reset statistics counters to zero, enter this command with the clear parameter.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-72
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing Remote (TACACS+) Authentication and Authorization
Tip
For more information on the dspaaa-stats command display, refer to the Cisco MGX 8800/8900 Series
Command Reference, Release 5.2.
The following example shows what appears when the command is entered without additional
parameters:
M8830_CH.1.PXM.a > dspaaa-stats
Last cleared on: 04/01/2004 04:46:53
(GMT)
Last good login authen: cisco
telnet.01
10.21.98.207
local
local-database
04/11/2004 19:48:27 (GMT)
Last bad login authen: NONE
Last good grp priv:
cisco
telnet.01
10.21.98.207
local
local-database
04/11/2004 19:48:27 (GMT)
Last bad grp priv:
NONE
Last failed cmd:
NONE
____SWITCH LEVEL COUNTS____
Method:
cisco
# authen failures:
0
# grp author failures: 0
# cmd author failures: 0
# authen falls back to: 0
# author falls back to: 0
# authen unreachable:
----# author unreachable:
----# challenges RX:
----# socket throttles:
----# Messages TX:
----# Messages RX:
----# Messages Flushed:
----# Abort Messages Sent: ----# Supported AVPs RX:
----# Unsupported AVPs RX: ----# Unknown AVPs RX:
-----
local
0
0
----0
0
---------------------------------------------
TACACS
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
____TACACS+ SERVER LEVEL COUNTS____
Server IP Address:
0.0.0.0
Server Port:
0
# authen failures:
0
# cmd author failures: 0
# authen falls back to: 0
# author falls back to: 0
# authen unreachable:
0
# author unreachable:
0
# challenges RX:
0
# Messages TX:
0
# Messages RX:
0
# Messages Flushed:
0
# Abort Messages Sent: 0
# Supported AVPs RX:
0
# Unsupported AVPs RX: 0
# Unknown AVPs RX:
0
Avg Response Delay:
0
Max Response Delay:
0
0.0.0.0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0.0.0.0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
____Abort Messages TX____
None
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-73
Chapter 9
Switch Operating Procedures
Managing Remote (TACACS+) Authentication and Authorization
Type <CR> to continue, Q<CR> to stop:
____Server Messages RX____
None
Avoiding Command Mode Authorization Issues with RPM
Cisco Route Processor Module (RPM) cards are router cards that can be installed in Cisco MGX
switches. The switch has its own operating system and so does each RPM card installed in the switch.
When command mode authorization is enabled, RPM login names, passwords, and commands must be
authorized by the AAA server and the RPM operating system, which is IOS. If users establish Telnet
sessions from an RPM card to a different operating system (such as a UNIX host running CWM), all
commands for the additional operating system must be authorized by the AAA server and that operating
system.
The switch software provides a special command to prevent redundant authorization and the enormous
amount of configuration that would be required to configure the AAA server for multiple operating
systems. The cnfaaa-ignore-ios command configures the switch to exclude select slots from
authentication and authorization when the slots host RPM cards.
To enable or disable switch authentication and authorization for slots that host RPM cards, log in using
a username with SERVICE_GP privileges or higher and enter the cnfaaa-ignore-ios command in the
following format:
M8850_LA.7.PXM.a >
cnfaaa-ignore-ios add|del [slot]
Enter the add keyword to add the selected slot or slots to the list of slots that are ignored for switch
authentication and authorization when an RPM card is installed. Enter the del keyword to delete the
selected slot or slots from the ignored list. If you specify a slot, the command applies to only that slot.
If you do not specify a slot, the command applies to all slots in the switch.
The following example configures the switch to ignore switch authentication and authorization for card
slot 3 when an RPM card is inserted in that slot:
M8830_SF.2.PXM.a > cnfaaa-ignore-ios add 3
AAA CONFIGURATION:
Authentication Methods : tacacs+ cisco
Authorization Methods
: local cisco
Authorization Type
: group
Default Privilege Level : NOUSER_GP
Prompt Display
: acs
SSH/FTP Message Type
: Inbound PAP Login
IOS Exclusion List
: 3
WARNING: The newly configured IOS card exclusion list will apply to new session.
This configuration has no impact on existing sessions.
Support for TACACS Challenge Messages
The TACACS Challenge messages inform a user that the password has expired when the user tries to
login through SSH. By default, this feature is enabled on a fresh node. To enable this feature before the
upgrade, follow the procedure explained below. To enable this feature after the upgrade, you have to
follow the same procedure and then reset the PXM card.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-74
OL-19868-01
Chapter 9
Switch Operating Procedures
Verifying PXM Disk Data
Step 1
Copy the file sshd_config to your local directory. You can see this file in your active
PXM(F:/SSHD/sshd_config). The content of this file looks like below:
# Default configuration for Cisco MGX
Port
22
ListenAddress
0.0.0.0
Ciphers
aes128-cbc,3des-cbc,blowfish-cbc
HostKey
/sshd/ssh_host_key
HostDsaKey
/sshd/ssh_host_dsa_key
ServerKeyBits
768
PermitRootLogin
yes
SysLogFacility
DAEMON
RsaAuthentication
yes
DsaAuthentication
yes
PasswordAuthentication yes
PermitEmptyPasswords
no
KeepAlive
yes
Step 2
Add a parameter kbdinteractiveauthentication to the file. Set the value to yes.
Step 3
Change the value of the parameter PasswordAuthentication to no. The content of the file now looks
like:
# Default configuration for Cisco MGX
Port
22
ListenAddress
0.0.0.0
Ciphers
aes128-cbc,3des-cbc,blowfish-cbc
HostKey
/sshd/ssh_host_key
HostDsaKey
/sshd/ssh_host_dsa_key
ServerKeyBits
768
PermitRootLogin
yes
SysLogFacility
DAEMON
RsaAuthentication
yes
DsaAuthentication
yes
kbdinteractiveauthentication yes
PasswordAuthentication no
PermitEmptyPasswords
no
KeepAlive
yes
Step 4
Delete the sshd_config file from the active PXM.
rapsac03.8.PXM.a > rm F:/SSHD/sshd_config
WARNING: File is being deleted from replicated directory.
F:/SSHD/sshd_config will be deleted on STANDBY also.
Step 5
Copy the updated config file in your local directory to the active PXM.
Verifying PXM Disk Data
When a failure occurs before a write is complete, the data on the active and standby hard disk may not
match.
Enter the verifydiskdb check [-l <level>] [-s <slot>] [-p <pass>] command at the active PXM to run
the disk verification utility. Table 9-31 describes the possible options for the verifydiskdb check
command.
Note
Cisco recommends that you run the disk verification utility during a time when there is minimal activity
on the switch.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-75
Chapter 9
Switch Operating Procedures
Verifying PXM Disk Data
Table 9-31 describes the possible options for the verifydiskdb check command.
Table 9-31
verifydiskdb check Command Parameters
Parameter
Description
slot
Slot number of the card on which you want to run the disk verification task.
level
Level on verification for the current task. The levels of verification are as follows:
1 = control information
2 = actual data
Default = 2
application
Number of times the verification utility will pass through the disk if a discrepancy is
found. Multiple passes create the opportunity for software to resolve discrepancies.
The number of passes rangers from 1 through 10.
Note
If no discrepancies are found, the verification utility runs through the disk only
once.
Default = 3
If you enter verifydiskdb check without any options, the verification utility verifies that the data on the
active hard disk matches the data on the standby hard disk. In the following example, the user runs the
verification utility for all cards in the node.
pop20two.7.PXM.a > verifydiskdb check
pop20two.7.PXM.a >
Enter verifydiskdb check with the -sl <slot number> option to run the verification utility only on the
specified slot.
In the following example, the user configures the verification utility to check for any discrepancies in
the control information on the card in slot 7. If any discrepancy is found, the verification utility will
run through the disk up to 3 times before it finishes.
pop20two.7.PXM.a > verifydiskdb check -l 1 -sl 7 -p 3
The disk verification task runs in the background until completion. It can take a few seconds or several
hours for the disk verification task to finish. The more connections configured on the switch, the longer
it takes the utility to complete disk verification. To view the progress of the disk verification task, enter
the verifydiskdb status command while the verification task is running.
pop20two.7.PXM.a > verifydiskdb status
Verification is currently running with the following parameters:
Request: Slot(s): ALL Level: 1
Passes: 3
Current Status
Slot: 7, Databases: 13 Tables 88
DB Index: 12
DB Name: spvcRed
Table Details:
Table Index: 81
Table Name: Disk_spvc_pep_db19
Total Records: 10000
Records Verified: 0
Table 9-32 describes the information displayed by the verifydiskdb status command.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-76
OL-19868-01
Chapter 9
Switch Operating Procedures
Verifying PXM Disk Data
Table 9-32
Note
verifydiskdb status Command Display
Parameter
Description
Slot
Current slot whose databases on active and standby PXM hard drives are being
compared.
Databases
Number of databases detected for the current slot.
Tables
Total number of tables detected for all databases for the slot.
DB Index
Index number of the current database being compared.
DB Name
Name of the database currently being compared.
Table Details
Details about the current table being compared.
Table Index
Index number of the current table being compared.
Table Name
Name of the current table being compared.
Total Records
Total number of records.
Records Verified
Number of records verified.
Databases Verified
Number of databases verified.
Tables Verified
Number of tables verified.
To stop the disk verification task while it is in progress, enter the verifydiskdb abort command.
Displaying the Contents of the Disk Verification Utility Log File
When the disk verification task is complete, a log file of the task is stored in the log folder on your hard
drive. Each log file contains a header with the slot number and the status of the card.
If more information about the discrepancies is determined, it is stored in the log file. However, there is
no comparison between data on the hard disk versus data on the card.
To view the disk verification utility log file, enter the verifydiskdb display command as shown in the
following example.
pop20two.7.PXM.a > verifydiskdb display
If you want to view an older log file, enter the verifydiskdb display command with the -l old option, as
shown in the following example.
pop20two.7.PXM.a > verifydiskdb display -l old
Note
The directory only keeps two log files per slot. If disk verification is executed a third time for a slot that
contains two log files, the oldest of the two files is removed.
If no discrepancies are found on a card, the log file contains only the slot number, timestamp of the
verification task, and a message stating that no discrepancies were found. This is shown in the following
example:
------------------ Information for Slot 5 -----------------Start: 22/05/2002-10:31:19
End: 22/05/2002-10:31:27
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-77
Chapter 9
Switch Operating Procedures
Verifying PXM Disk Data
Verify DONE
TotalofDbs= 2, TotalofTbls= 15, #DbVerf=2, #TblVerf= 15
No Discrepancies found for slot 5
--------------------------------------------------------------
If discrepancies were found on a card, the log file contains the names of the databases and tables in which
the discrepancies were found, as shown in the following example:
------------------ Information for Slot 1 -----------------Start: 20/04/2002-17:43:49
End: 20/04/2002-17:43:57
Verify DONE
TotalofDbs= 4, TotalofTbls= 20, #DbVerf=4, #TblVerf= 20
=============================================================
dbInd: 2 - dbName: EmDiskDb
tblInd: 17 - tblName: LineTable
Record: 8 ActvChkSum: 0 StdbyChkSum: 549
=============================================================
dbInd: 2 - dbName: EmDiskDb
tblInd: 17 - tblName: LineTable
Record: 9 ActvChkSum: 0 StdbyChkSum: 549
===============================================================
Verification Slot Summary
Start: 20/04/2002-17:43:49
End: 20/04/2002-17:43:57
Total Discrepancies Found: 2, Total Discrepancies Sync: 0
--------------------------------------------------------------
If the verification utility is run on a slot in which no card resides, the display will show that the slot is
invalid and has been skipped as shown in the following example:
------------------------------------------------------------------------------- Information for Slot 2 -----------------Start: 22/05/2002-10:31:10
End: 22/05/2002-10:31:10
Verify SKIPPED - INV_SLOT
TotalofDbs= 0, TotalofTbls= 0, #DbVerf=0, #TblVerf= 0
No Discrepancies found for slot 2
---------------------------------------------------------------------------------------------------------------------------
If the card is in an unstable state, the display indicates that the verification utility skipped that slot
because it is unstable. The following example shows this:
------------------ Information for Slot 4 -----------------Start: 20/04/2002-17:44:06
End: 20/04/2002-17:44:06
Verify SKIPPED - UNSTABLE SLOT
TotalofDbs= 0, TotalofTbls= 0, #DbVerf=0, #TblVerf= 0
No Discrepancies found for slot 4
--------------------------------------------------------------
If a firmware upgrade did not finish (the commitrev command was not issued on the slot), the display
indicates that the verification utility skipped that slot because a REV_CHG is in progress. This is shown
in the following example:
------------------ Information for Slot 6 -----------------Start: 20/04/2002-17:44:14
End: 20/04/2002-17:44:14
Cisco MGX 8800/8900 Series Software Configuration Guide
9-78
OL-19868-01
Chapter 9
Switch Operating Procedures
Verifying PXM Disk Data
Verify SKIPPED - REV_CHG
TotalofDbs= 0, TotalofTbls= 0, #DbVerf=0, #TblVerf= 0
No Discrepancies found for slot 6
--------------------------------------------------------------
If more than 20 discrepancies are found in a table or database, the utility terminates and the display
indicates that the slot is unstable. The display also lists the names of the tables and databases where the
discrepancies were found. The following example shows the display for an unstable slot with more that
20 discrepancies:
----------------- Information for Slot 9 -----------------Start: 20/04/2002-17:44:54
End: 20/04/2002-17:44:57
Verify SKIPPED - UNSTABLE SLOT
TotalofDbs= 2, TotalofTbls= 6, #DbVerf=0, #TblVerf= 0
=============================================================
dbInd: 1 - dbName: sm_mib_v21
tblInd: 5 - tblName: mib29
Record: 1782 ActvComdID: 0 StdbyComID: 7
=============================================================
dbInd: 1 - dbName: sm_mib_v21
tblInd: 5 - tblName: mib29
Record: 1783 ActvComdID: 0 StdbyComID: 7
=============================================================
dbInd: 1 - dbName: sm_mib_v21
tblInd: 5 - tblName: mib29
Record: 1784 ActvComdID: 0 StdbyComID: 7
=============================================================
dbInd: 1 - dbName: sm_mib_v21
tblInd: 5 - tblName: mib29
Record: 1785 ActvComdID: 0 StdbyComID: 7
=============================================================
dbInd: 1 - dbName: sm_mib_v21
tblInd: 5 - tblName: mib29
Record: 1786 ActvComdID: 0 StdbyComID: 7
=============================================================
dbInd: 1 - dbName: sm_mib_v21
tblInd: 5 - tblName: mib29
Record: 1787 ActvComdID: 0 StdbyComID: 7
=============================================================
dbInd: 1 - dbName: sm_mib_v21
tblInd: 5 - tblName: mib29
Record: 1788 ActvComdID: 0 StdbyComID: 7
=============================================================
dbInd: 1 - dbName: sm_mib_v21
tblInd: 5 - tblName: mib29
Record: 1789 ActvComdID: 0 StdbyComID: 7
=============================================================
dbInd: 1 - dbName: sm_mib_v21
tblInd: 5 - tblName: mib29
Record: 1790 ActvComdID: 0 StdbyComID: 7
=============================================================
dbInd: 1 - dbName: sm_mib_v21
tblInd: 5 - tblName: mib29
Record: 1791 ActvComdID: 0 StdbyComID: 7
=============================================================
dbInd: 1 - dbName: sm_mib_v21
tblInd: 5 - tblName: mib29
Record: 1792 ActvComdID: 0 StdbyComID: 7
=============================================================
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-79
Chapter 9
Switch Operating Procedures
Configuring a Line Loopback
Note
The disk verification utility only logs discrepancies. It does not synchronize the differences.
Troubleshooting Active and Standby Card Disk Discrepancies
If discrepancies are found by the disk verification utility, follow these steps:
Step 1
Locate the logs that pertain to the affected database(s) for the indicated slot.
Step 2
If possible, perform application specific task to resync that DB record. For example, remove and
re-install, and re-provision the card.
Step 3
If you can not perform application specific tasks on the card, enter the resetcd command to reset the
standby PXM to re-synchronize the database.
If you provision connections while the verifydiskdb check command is running, discrepancies will be
flagged, even if the information between the active PXM and the standby PXM is synchronized. To
ensure an accurate log of discrepancies, wait for the verifydiskdb check to finish running before you
provision connections.
Configuring a Line Loopback
If a connection fails and you do not know which end of the connection is causing the problem, putting a
line into loopback mode can help you determine what the problem is and where it occurs on a connection.
In an MGX 8830, an MGX 8850, or an MGX 8880, loopback lines provide CLI-based line level
monitoring capabilities.
When a line is put into loopback, the receiving switch takes all of the data it receives and returns it
unchanged back to the sender. The physical line in a loopback configuration is connected between a CPE
and a switch; one physical line is connected from the tx (Transmit port) of the CPE to the rx (receive)
port of a card on the switch you are testing. Another physical line is connected between the tx port of
the same card and the receive port of the CPE.
Configuring Loopback Line Tests on PXM1E, AXSM, and MPSM Cards
Once the physical connection is established, you need to use the CLI to put the connection into loopback
mode.
The following types of loopback are supported on PXM1E, AXSM, and MPSM cards:
•
Far-end line loopback - Loopback appears at the far-end of the CPE when you send a loopback
activation code from the card. The CPE enters a loop mode in which it returns the received data back
to the card. The CPE continues to return the data back until it receives a no-loopback request.This
kind of loopback can be used to run tests, such as BERT.
•
Far-end payload loopback- Loopback is similar to FarEnd loopback, except that the payload portion
of the data is re-transmitted. Framing is done by the Far end again.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-80
OL-19868-01
Chapter 9
Switch Operating Procedures
Configuring a Line Loopback
•
Remote line loopback - Loopback returns the remote data back to the far end. The received data
stream is looped back into the transmit path, overriding the data stream created internally by the
framer.
•
Local loopback - Loopback allows the transmitted data to be looped back into the receiving path. It
can be used to test the internal hardware of the card.
Once your physical line is connected, you can perform a loopback test using the following procedure.
Step 1
Connect a single line to the appropriate transfer and receive ports on the backcard you want to test.
Step 2
Establish a configuration session with the active PXM1E, AXSM, or MPSM card using a user name with
SERVICE_GP privileges or higher.
Step 3
Enter the dsplns command to display the configuration for all lines on the current card.
Step 4
Enter the addlnloop <-line type> <bay.line> <-lpb loopback type> command.
addlnloop -ds3 2.1 -lpb 2
Step 5
Enter the dspln -<line type> <line_num> command to verify the that the appropriate line is in the
specified loopback state.
dspln -ds3 4.1
Note
Before you can change the loopback type for an existing loopback, you must first delete the
loopback by executing dellnloop, or you can just enter the addlnloop command with the -lpb 1
(No loopback) option.
Configuring a Line Loopback on a Service Module
Once your physical line is connected, you can perform a loopback test using the following procedure.
Step 1
Connect a single line to the appropriate transfer and receive ports on the backcard you want to test.
Step 2
Establish a configuration session with the active PXM1E, AXSM, or MPSM using a user name with
SERVICE_GP privileges or higher.
Step 3
Enter the dsplns command to display the configuration for all lines on the current card.
Step 4
Enter the addlnloop <-line type> <bay.line> <-lpb loopback type> command.
addlnloop -ds3 2.1 -lpb 2
Step 5
Enter the dspln -<line type> <line_num> command to verify the that the appropriate line is in the
specified loopback state.
dspln -ds3 4.1
Before you can change the loopback type for an existing loopback, you must first delete the loopback by
executing dellnloop, or you can just enter the addlnloop command with the -lpb 1 (No loopback) option.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-81
Chapter 9
Switch Operating Procedures
Managing Bit Error Rate Tests
Managing Bit Error Rate Tests
BERT commands can help you analyze and resolve problems on a physical interface. To conduct a BERT
on a line, a user sends a specified pattern over a line that is configured in loopback mode at the far end.
The local end receives the loopback pattern, and the user compares the local end pattern to the original
pattern sent from the far end. The number of bit errors discovered in the local (or receive) end pattern
help the user determine the quality of the physical line.
Note
BERT is only available for T1 lines and cards that support IMA (PXM1E, PXM45, and MPSM cards).
Configuring a Bit Error Rate Test
Use the following procedure to configure BERT on an MGX switch.
Step 1
Put the appropriate lines into loopback mode.
Step 2
Establish a configuration session with the active PXM1E, PXM45, or MPSM using a user name with
SERVICE_GP privileges or higher.
Note
Step 3
BERT commands are available only on PXM1E, PXM45, and MPSM cards. However, you can
run BERT on any service modules that support T1 lines or IMA.
Enter the dspbertcap command to display the loopback and BERT capabilities of a specific line or port
on the current card. The display shows you which test patterns and loopback numbers are available on
the current service module.
dspbertcap <SM Interface> <Test Option>
Table 9-33 describes the dspbertcap command parameters.
Table 9-33
Parameter
dspbertcap Command Parameters
Description
SM Interface The format of Service Module Interface is: SMslot.SMLine[.SMport], as follows:
Test Option
•
SMslot can have a value in one of the following ranges: 1-6, 9-14, 17-22, 25-30.
•
SMLine has a range from 1 though the maximum number of lines on the card.
•
The optional SMport has a value from 1 though the maximum ports supported by
the service module.
Type one of the following numbers to select the capability to display:
1: BERT capability
2: Loopback capability
Step 4
Enter the cnfbert command as follows to set up BERT parameters on the looped back connection. You
must use the available test patterns and loopback numbers displayed with the dspbertcap command in
Step 3.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-82
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing Bit Error Rate Tests
Unknown.7.PXM.a > cnfbert -cbif <LSMnum> -pat <bertPattern> -lpbk <lpbk> -sbe
<singleBitErrInsert> -cir <dropIteration> -en <enable>
Table 9-34
cnfbert Command Parameters
Parameter
Description
LSMnum
Where LSMnum = LSMslot.Line.Port
LSMslot = 1-6,9-14,17-22,25-30
Line = 1 - MAX_LINES
Port = 1 - MAX_PORTS for Port Test,
0 for Line Test
bertPattern
Test pattern to be generated. See the list of patterns supported for a complete
listing. for details use dspbertcap command.
lpbk
For details use dspbertcap command.
singleBitErrInsert Different options of error insertion rates, where singleBitErrInsert is “1” (noError),
or “| 2" (insert).
Note
Injection of bit error should be done after configuring BERT
dropIteration
where dropIteration is between 1 and 32, used only if loopback is 5:latchDS0Drop.
enable
Enables/disables BERT. Enter “4” to enable BERT or “6” to disable BERT.
In the following example, the user enables a BERT on line 1 in port 0 on the service module in slot 25.
The BERT pattern is set to 1 (all zeros), and loopback is set to 14.
Unknown.7.PXM.a > cnfbert -cbif 25.1.0 -pat 1 -lpbk 14 -en 6
Step 5
After the BERT has been running for at least 30 minutes, enter the dspbert <bay> command to display
the BERT result. Replace bay with 0 to indicate the upper bay, or 1 to indicate the lower bay.
Note
For the PXM1E, the bay will always be 2 because BERT is only run on the lower bay. BERT is
supported on both bays for AXSM cards.
Note
The dspbert command can be issued even while the BERT is in operation.
Unknown.7.PXM.a > dspbert 2
Replace bay with 1 to indicate the lower bay.
Unknown.7.PXM.a > dspbert 2
Start Date
Current Date
Start Time
Current Time
Physical Slot Number
Logical Slot Number
Line Number
Device To Loop
BERT Pattern
Error Inject Count
:
:
:
:
:
:
:
:
:
:
08/29/2002
08/29/2002
18:43:07
16:56:23
22
22
1 (Line test)
Local Loopback
Double One Zero Pattern
0
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-83
Chapter 9
Switch Operating Procedures
Managing PXM1E and AXSM Card Diagnostics
Bit
Bit
Bit
Bit
Bit
Count
Count Received
Error Count
Error Rate (BER)
Counter Overflowed
:
:
:
:
:
3091031099
3091031099
0
0
6 <times>
BERT is in sync.
Deleting a Configured Bit Error Rate Test
There are two ways to terminate a configured BERT.
1.
Enter the delbert <SM Interface> command. Replace <SM Interface> with the service module
interface number in the format slot.line.port. In the following example, the user deletes BERT from
line 1 on port 2 in the PXM1E in slot 7.
Unknown.7.PXM.a > delbert 7.1.1
2.
Enter the cnfbert command with the -en option disabled. (See Table 9-34 for a description of the
cnfbert command parameters.)
Unknown.7.PXM.a > cnfbert -cbif 25.1.0 -pat 1 -lpbk 14 -en 6
Managing PXM1E and AXSM Card Diagnostics
Diagnostics tests run on all the major hardware components that belong to the PXM1E or AXSM front
card and its lower back cards, and the connection path between these components. You can configure a
hardware-oriented test to check the health of the active and standby PXM1E or AXSM front card. Tests
can be run on the standby card, the active card, or both cards at the same time.
PXM1E and AXSM cards support both online and offline diagnostics.
•
Online diagnostics tests run in the background while a card is in an operational state. These tests are
non-intrusive and run with minimal overhead. Online diagnostics can be used to detect hardware
errors. The goal is to monitor any potential errors at a card level while a card is in normal operation.
You can stop a test by issuing a new diagnostic configuration to disable it. If the online diagnostics
test fails on an active AXSM, a switchover is triggered, the active card becomes the standby, and an
error message appears declaring that the standby card as failed. If the online diagnostics test fails on
an active PXM1E, no switchover is triggered.
Note
•
Online diagnostics do not detect operational errors.
Off-line diagnostics ensure the standby card is ready to be switched over to. Offline diagnostics tests
are performed only on the standby card. Areas for diagnosis include hardware components and cell
paths. Off-line diagnostics are destructive.
Intensive tests are performed on a card including memory tests and registers read/write tests. It
temporarily puts a standby card out of service and makes it unavailable to be switched over to in
case of active card failure. When tests are done, the card is reset to its normal state. If the active card
fails while the standby card is running off-line diagnostics, off-line diagnostics are immediately
aborted
Cisco MGX 8800/8900 Series Software Configuration Guide
9-84
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing PXM1E and AXSM Card Diagnostics
AXSM cards run offline diagnostics in the following areas:
•
Processor subsystem: NVRAM and BRAM
•
ASIC tests: Atlas (register test, ingress memory, egress memory) and framer (register test)
PXM1E cards run registered offline diagnostics on UI- S3 or UI-S3/B back cards.
Both control path and data path must to be tested in order to have complete test coverage on the entire
connection path within a card. The control path is the path that carries IPC messages between cards. The
diagnostic data path is the path for cells travelling between the backplane and the loop back device.
Configuring Offline and Online Diagnostics Tests on PXM1E and AXSM Cards
Enter the cnfdiag command as follows to enable online diagnostics tests on PXM1E or AXSM cards:
MGX.7.PXM.a > cnfdiag <slot> <onEnb> <offEnb> [<offCover> <offStart> <offDow>]
Table 9-35 tells you how to set these parameters to run online diagnostics tests on PXM1E and AXSM
cards.
Table 9-35
cnfdiag Command Parameters
Parameter Description
slot
Enter the slot of the card for which to configure the diagnostics.
onEnb
Enter enable to enable online diagnostic on the card. Enter disable to disable online
diagnostics.
offEnb
Enter enable to enable offline diagnostics. Enter disable to disable offline diagnostics.
offCover
Set the offline diagnostics coverage time to light, medium, or full.
light = 5 minutes or less
medium = 30 minutes or less
full = any number of minutes-no limit
Note
offStart
Set the time for the offline diagnostics to begin using 24 hour time. The format is: hh:mm.
For example: 03:45 or 22:30
Note
offDow
You do not need to set this parameter if you are not enabling offline diagnostics.
Sets the day of the week for the offline diagnostics to run. The format is SMTWTFS.
Note
Warning
You do not need to set this parameter if you are not enabling offline diagnostics.
You do not need to set this parameter if you are not enabling offline diagnostics.
Do not remove the active PXM while the offline diagnostic is running on the redundant PXM. If you
remove it, the redundant PXM reboots but will not be able to become active unless its hard disk drive
was previously synchronized to the hard disk on the previously active PXM.
Example 9-1
Configuring online diagnostics only
In the following example, the user enables online diagnostics only for the PXM1E in slot 7.
MGX.7.PXM.a > cnfdiag 7 enable disable
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-85
Chapter 9
Switch Operating Procedures
Managing PXM1E and AXSM Card Diagnostics
Example 9-2
Configuring offline diagnostics only
In the following example, the user enables online diagnostics for the PXM1E in slot 7. A medium online
diagnostics coverage test is scheduled to run every Wednesday at 11:30 (11:30 AM).
MGX.7.PXM.a > cnfdiag 7 disable enable medium 11:30 -W-
Example 9-3
Configuring both online and offline diagnostics at the same time
In the following example, the user enables both online and offline diagnostics for the PXM1E in slot 8.
A medium offline diagnostics coverage test is scheduled to run every Monday and Friday at 21:30 (8:30
PM).
MGX.7.PXM.a > cnfdiag 7 enable enable medium 21:30 -M-F-
To display your online diagnostics test configuration and ensure all the parameters have been set
correctly, enter the dspdiagcnf command.
Enabling Online and Offline Diagnostics Tests on All Cards in a Switch
Enter the cnfdiagall command as follows to enable and configures online or offline diagnostics for all
card slots:
MGX_a.7.PXM.a > cnfdiagall <slot> <onEnb> <offEnb> [<offCover> <offStart> <offDow>]
Table 9-36 describes the cnfdiagall command parameters.
Table 9-36
cnfdiagall Command Parameters
Parameter Description
onEnb
Enable or disable online diagnostics. The default is disable.
offEnb
Enable or disable offline diagnostics. The default is disable.
offCover
Set the offline diagnostics coverage time to light, medium, or full.
•
light = 5 minutes or less
•
medium = 30 minutes or less
•
full = any number of minutes-no limit
offStart
Set the time for the offline diagnostics to begin using 24 hour time. The format is: hh:mm.
For example: 03:45 or 22:30
offDow
Sets the day of the week for the offline diagnostics to run. The format is SMTWTFS. For
example: -M-W--- is Mondays and Wednesdays only.
Example 9-4
Configuring online diagnostics only
In the following example, the user enables online diagnostics only for all cards in the switch.
Unknown.7.PXM.a > cnfdiagall 7 enable disable
Cisco MGX 8800/8900 Series Software Configuration Guide
9-86
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing PXM1E and AXSM Card Diagnostics
Example 9-5
Configuring offline diagnostics only
In the following example, the user enables online diagnostics for all cards in the switch. A medium
online diagnostics coverage test is scheduled to run every Wednesday at 11:30 (11:30 AM).
Unknown.7.PXM.a > cnfdiagall 7 disable enable medium 11:30 -W-
Example 9-6
Configuring both online and offline diagnostics at the same time
In the following example, the user enables both online and offline diagnostics for all cards in the switch.
A medium offline diagnostics coverage test is scheduled to run every Monday and Friday at 21:30 (8:30
PM).
Unknown.7.PXM.a > cnfdiagall 7 enable enable medium 21:30 -M-F-
To display your online diagnostics test configuration and ensure all the parameters have been set
correctly, enter the dspdiagcnf command.
Displaying Online and Offline Diagnostics Test Configuration Information
Enter the dspdiagcnf command to display the current diagnostics configuration on a card. The
dspdiagcnf command displays the following information:
•
Slot number
•
Whether online diagnostics are enabled or disabled
•
Whether offline diagnostics are enabled or disabled
•
The type of coverage currently running for offline diagnostics
•
The start time for offline diagnostics
•
The day(s) of the day on which offline diagnostic tests are scheduled to run.
The following example shows the information displayed by the dspdiagcnf command.
Unknown.7.PXM.a > dspdiagcnf
Online
-------------- Offline ------------Slot Enable
Enable Coverage StartTime SMTWTFS
---- ----------- -------- --------- ------1
enable
enable light
15:13
---W--2
enable
enable light
15:13
---W--3
enable
enable light
15:13
---W--4
enable
enable light
15:13
---W--5
enable
enable light
15:13
---W--6
enable
enable light
15:13
---W--7
disable enable light
15:13
---W--8
enable
enable light
15:13
---W--9
enable
enable light
15:13
---W--10
enable
enable light
15:13
---W--11
enable
enable light
15:13
---W--12
enable
disable light
15:13
---W--13
enable
enable light
15:13
---W--14
enable
enable light
15:13
---W--15
disable disable light
15:13
---W--16
disable disable light
15:13
---W--17
enable
enable light
15:13
---W--18
enable
enable light
15:13
---W--19
enable
enable light
15:13
---W--Type <CR> to continue, Q<CR> to stop: 20
enable
enable
light
15:13
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-87
Chapter 9
Switch Operating Procedures
Managing PXM1E and AXSM Card Diagnostics
Type <CR> to continue,
20
disable disable
21
disable disable
22
disable disable
23
disable disable
24
disable disable
25
disable disable
26
disable disable
27
disable disable
28
disable disable
29
disable disable
30
disable disable
31
disable disable
32
disable disable
Q<CR> to stop:
light
00:00
light
00:00
light
00:00
light
00:00
light
00:00
light
00:00
light
00:00
light
00:00
light
00:00
light
00:00
light
00:00
light
00:00
light
00:00
SMTWTFS
SMTWTFS
SMTWTFS
SMTWTFS
SMTWTFS
SMTWTFS
SMTWTFS
SMTWTFS
SMTWTFS
SMTWTFS
SMTWTFS
SMTWTFS
SMTWTFS
janus4.7.PXM.a >
Displaying Online Diagnostic Errors
Enter the dspdiagerr online command to display the current online diagnostics errors for all cards in a
switch.
Unknown.7.PXM.a > dspdiagerr online
Slot Date
Time Message
---- ------- ------1
--2
--3
--4
--5
--6
--7
--8
--9
--10
--11
--12
--13
--14
--15
--16
--17
--18
--19
--20
--Type <CR> to continue, Q<CR> to stop: 21
--
--
Displaying Offline Diagnostic Errors
Enter the dspdiagerr offline command to display the current online diagnostics errors for all cards in a
switch,
Unknown.7.PXM.a > dspdiagerr offline
Slot Date
Time Message
---- ------- ------1
--2
--3
--4
--5
---
Cisco MGX 8800/8900 Series Software Configuration Guide
9-88
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing PXM1E and AXSM Card Diagnostics
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
----------------
----------------
Type <CR> to continue, Q<CR> to stop: 21
--
--
Enter the dspdiagstat command to display the number of times that the diagnostics has run. The output
shows the number of attempts and the number of failures for both offline and online diagnostics.
Unknown.7.PXM.a > dspdiagstat 7
Slot 7 diagnostics statistics:
online diag attempted
online diag passed
online diag failed
offline diag attempted
offline diag passed
offline diag failed
=
=
=
=
=
=
0x00001a26
0x00001a26
0x00000000
0x00000000
0x00000000
0x00000000
Enter the dspdiagstatus command to display the diagnostics status and role (active or standby) for each
card on the switch. The diagnostics statuses are:
•
Idle—Slot is in an idle state because there is no card in the slot, or due to an error.
•
Ready—Card is active and ready for diagnostics test.
•
Offline—Card is offline.
•
Online—Card is online.
Enter the dspdiagstatus command as shown in the following example:
Unknown.7.PXM.a > dspdiagstatus
Slot State
Role
---- -------1
Idle
UNKNOWN CARD ROLE
2
Idle
UNKNOWN CARD ROLE
3
Idle
UNKNOWN CARD ROLE
4
Idle
UNKNOWN CARD ROLE
5
Idle
UNKNOWN CARD ROLE
6
Idle
UNKNOWN CARD ROLE
7
Ready
ACTIVE CARD ROLE
8
Idle
UNKNOWN CARD ROLE
9
Idle
UNKNOWN CARD ROLE
10
Idle
UNKNOWN CARD ROLE
11
Idle
UNKNOWN CARD ROLE
12
Idle
UNKNOWN CARD ROLE
13
Idle
UNKNOWN CARD ROLE
14
Idle
UNKNOWN CARD ROLE
15
Ready
ACTIVE CARD ROLE
16
Idle
UNKNOWN CARD ROLE
17
Idle
UNKNOWN CARD ROLE
18
Idle
UNKNOWN CARD ROLE
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-89
Chapter 9
Switch Operating Procedures
Managing PXM1E and AXSM Card Diagnostics
19
20
Idle
Idle
UNKNOWN CARD ROLE
UNKNOWN CARD ROLE
Type <CR> to continue, Q<CR> to stop:
Enabling and Disabling IMA Group ATM Cell Layer Parameters
The cnfatmimagrp allows you to enable and disable the following ATM cell layer parameters on an IMA
group:
•
payload scrambling
•
AIS
To configure ATM cell layer parameters on an IMA group, enter the cnfatmimagrp command as
follows:
cnfatmimagrp -grp <bay.group> -sps <PayloadScramble> -ais <aisMode>
In the following example, the user enables payload scrambling and AIS on the ATM IMA group 14 on
the PXM1E in the lower bay.
Unknown.7.PXM.a > cnfatmimagrp -grp 2.14 -sps 1 -ais 1
Table 9-37 describes the parameters for the cnfimagrp command.
Table 9-37
cnfatmimagrp Command Parameters
Parameter
Description
-grp <bay.group>
The bay number and the IMA group number.
•
bay: Enter 2 for the lower bay.
•
grp: 1-16
Note
sps <PayloadScramble>
ais <aisMode>
On the PXM1E, the bay number is always 2.
Enable of disable payload scrambling. Default: enabled.
•
1 = enable
•
2 = disable
Enables or disables the alarm indication signal (AIS) mode. The
AIS is an all-ones signal that is transmitted instead of the normal
signal to maintain transmission continuity and to indicate to the
receiving terminal that there is a transmission fault that is located
either at the transmitting terminal or upstream from the transmitting
terminal.
•
1 = Enable AIS transmitting.
•
2 = Disable AIS transmitting.
Default = Enable
Enter the dspatmimagrp <bay.group> command to display whether AIS and payload scrambling are
enabled or disabled for an IMA group, as shown in the following example:
Satire.2.PXM.a > dspatmimagrp 2.1
GrpNum
HCScoset PayloadScramble NullCellHdr NullCellPayload
AIS
------- --------- --------------- ----------- --------------- -------
Cisco MGX 8800/8900 Series Software Configuration Guide
9-90
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing IMA
2.1
Enable
Disable
0x00000001
6a Enable
Managing IMA
The following sections describe many operations used for manaing IMA:
•
Displaying IMA Groups
•
Displaying the Status of a Single IMA Group
•
Displaying IMA Links
•
Deleting an IMA Group
•
Deleting an IMA Link
•
Restarting an IMA Group
Displaying IMA Groups
To display general information about all configured IMA groups on the current PXM1E-16-T1E1,
AXSM-32-T1E1-E, AUSM/B, or MPSM cards, enter the dspimagrps command, as shown in the
following example:
Unknown.7.PXM.a > dspimagrps
Ima
Grp
Min Tx
Rx
Tx
Diff
NE-IMA
FE-IMA IMA
Lnks Frm Frm Clk Delay
state
state Ver
Len Len Mode (ms)
-------------------------------------------------------------------------------2.1
1 128 128 CTC 100
StartUp
StartUp 1.0
2.2
3 128 128 CTC 100
StartUp
StartUp 1.1
2.3
3 128 128 CTC 100
StartUp
StartUp 1.1
Displaying the Status of a Single IMA Group
To display detailed information about a specific IMA group, enter the dspimagrp <bay.group>
command. Replace bay with the number 1 to specify the top bay, or 2 to specify the lower bay. Replace
group with the IMA group number. (Use the dspimagrps command to display the configured IMA
groups and their group numbers.)
In the following example, the user displays information about the IMA group 2 in the lower bay.
M8830_CH.1.PXM.a > dspimagrp 2.1
Group Number
NE IMA Version
Group Symmetry
Tx Min Num Links
Rx Min Num Links
NE Tx Clk Mode
FE Tx Clk Mode
Tx Frame Len (bytes)
Rx Frame Len (bytes)
Group GTSM
NE Group State
FE Group State
Group Failure Status
Tx IMA ID
:
:
:
:
:
:
:
:
:
:
:
:
:
:
2.1
1.0
Symm Operation
1
1
CTC
CTC
128
128
Up
Operational
Operational
No Failure
255
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-91
Chapter 9
Switch Operating Procedures
Managing IMA
Rx IMA ID
Max Cell Rate (c/s)
Avail Cell Rate (c/s)
: 255
: 14367
: 14367
Type <CR> to continue, Q<CR> to stop:
Diff Delay Max (msecs)
:
Diff Delay Max Observed (msecs) :
Accumulated Delay (msecs)
:
Clear Accumulated Delay Status :
GTSM Up Integ Time (msecs)
:
GTSM Dn Integ Time (msecs)
:
Num Tx Cfg Links
:
Num Rx Cfg Links
:
Num Act Tx Links
:
Num Act Rx Links
:
Least Delay Link
:
Tx Timing Ref Link
:
Rx Timing Ref Link
:
Group Running Secs
:
Alpha Val
:
Beta Val
:
Gamma Val
:
Tx OAM Label
:
Rx OAM Label
:
Test Pattern Procedure Status
:
Test Link
:
Test Pattern
:
Stuff Cell Indication (frames) :
Version Fallback Enabled
:
Auto-Restart Mode
:
Rx IMA ID Expected
:
Auto-Restart Sync State
:
275
0
0
Not In Progress
0
4000
4
4
4
4
2.4
2.4
2.1
5929483
2
2
1
1
1
Disabled
Unknown
255
1
true
disable
-1
disable
Displaying IMA Links
Enter the dspimalnk <bay.link> command to display configuration information for the specified IMA
link. Replace bay with the number 1 to specify the top bay, or 2 to specify the lower bay. Replace link
with the number of the link you want to display, in the range from 1 through 16.
In the following example, the user displays information about the IMA link 1 in the lower bay.
Satire.2.PXM.a > dspimalnk 2.1
IMA Link Number
IMA Link Group Number
Link Rel Delay (msecs)
Link NE Tx State
Link NE Rx State
Link FE Tx State
Link FE Rx State
Link NE Rx Failure Status
Link FE Rx Failure Status
IMA Link Tx LID
IMA Link Rx LID
Link Rx Test Pattern
Link Test Procedure Status
Link LIF Integ UpTime
Link LIF Integ DownTime
Link LODS Integ UpTime
Link LODS Integ DownTime
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
2.1
2.1
0
Unusable-Failed
Not In Grp
Not In Grp
Not In Grp
LIF Fail
No Failure
0
255
255
Disabled
2500
10000
2500
10000
Cisco MGX 8800/8900 Series Software Configuration Guide
9-92
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing IMA
Deleting an IMA Group
To delete an IMA group, enter the delimagrp <bay.group>. Replace bay with the number 1 to specify
the top bay, or 2 to specify the lower bay. Replace group with the IMA group number you want to delete.
In the following example, the user deletes the IMA group 3 in the lower bay.
Unknown.7.PXM.a > delimagrp 2.3
Enter the dspimagrps command to ensure that the correct IMA link is deleted.
Deleting an IMA Link
To delete an IMA link, enter the delimalnk <link> command. Replace bay with the 2 to specify the lower
bay. Replace link with the IMA link you want to delete, in the range from 1 through 16.
In the following example, the user deletes the IMA link 3 in the lower bay.
Unknown.7.PXM.a > delimalnk 2.3
Enter the dspimalnks command to ensure that the correct IMA link is deleted.
Satire.2.PXM.a > dspimalnks
Link
Grp
Rel
NE
NE
NE Rx
Tx
Rx
Num
Num
Dly
Tx
Rx
Fail LID LID
(ms)
State
State
Status
-----------------------------------------------------------------------------2.1
2.1
0
Unusable-Failed
Not In Grp
LIF Fail
0 255
2.2
2.1
0
Unusable-Failed
Not In Grp
LIF Fail
0 255
2.4
2.1
0
Unusable-Failed
Not In Grp
LIF Fail
0 255
Restarting an IMA Group
An IMA group must be restarted whenever a configuration or link-failure event causes the IMA group
to stop operating correctly. Figure 9-3 shows an example situation where an IMA restart may be
required.
Figure 9-3
IMA
group
A
IMA Group Restart Example
IMA link 1
loopback
IMA
group
B
IMA link 2
IMA link 4
116411
IMA link 3
In Figure 9-3, one link in IMA Group A is operating in loopback mode, and the other three lines are
operating correctly. If different IMA group IDs are configured at each end of the IMA links (cnfimagrp
-txid), the switch can easily determine which links are in loopback and which links are connected to the
far end.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-93
Chapter 9
Switch Operating Procedures
Managing IMA
If the received far-end ID is the same as the near-end ID, the link is in loopback. If the near and far end
IDs are different, the link is communicating with the far-end IMA group.
The following situations can require an IMA restart:
Note
1.
All links are in loopback, and then individual links are connected to the remote end. In this scenario,
the IMA group is communicating with itself and must be restarted so that it will start communicating
with the far end.
2.
One link is in loopback and the other links fail after successful communications have been
established with the far end. This situation creates an error condition for the IMA group which can
be cleared by restarting the IMA group and allowing the IMA group to communicate with itself over
the loopback link.
3.
The failed links in situation 2 recover while the IMA group is communicating with itself. This is
really the same as situation 1. The IMA group must be restarted so that the IMA group can establish
communications with the far end.
A restart will correct the problem in all three of the previously described situations if a different IMA
group ID is configured for the near and far ends. If the same IMA group ID is configured at both ends,
it is possible that the links in loopback will respond first and the IMA group will not communicate with
the far end.
Cisco MGX switches allow you to manually restart an IMA group to correct communications problems.
Beginning with Release 5, you can also enable and configure the IMA autorestart feature, which will
automatically restart an IMA group when necessary. The following sections describe how to use the
manual and automatic restart features.
Using Manual IMA Group Restart
To manually restart an IMA group, enter the restartimagrp <bay.group> command. Replace bay with
the number 1 to specify the top bay, or 2 to specify the lower bay. Replace group with the IMA group
you want to restart (To display the configured IMA groups, enter the dspimagrps command).
After you enter the restartimagrp command, the IMA group attempts to re-establish the IMA protocol
with far end of a failed connection.
In the following example, the user attempts to restart the IMA group number 6 in the lower bay.
Unknown.7.PXM.a > restartimagrp 2.6
Using Automatic IMA Group Restart
To enable and configure the IMA autorestart feature, use the following procedure.
Note
The IMA autorestart feature is a Cisco enhancement to the IMA operation described in the IMA
specifications. The IMA specifications do not provide for the detection of lines in loopback mode and
for automatic restart.
Step 1
Establish a configuration session with the active IMA-supportive card using a user ID with GROUP1
privileges or higher.
Step 2
Enter the dspimaparms command as shown in the following example to determine whether the
autorestart feature is enabled on the switch.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-94
OL-19868-01
Chapter 9
Switch Operating Procedures
Managing IMA
M8830_CH.1.PXM.a > dspimaparms
IMA Parameters
================================
Max IMA Groups Supported : 16
Configured IMA Groups
: 1
Min IMA ID Range
: 0
Max IMA ID Range
: 255
IMA Ver Fallback
: Enable
IMA Auto-Restart
: Disable
Step 3
If the autorestart feature is not enabled on the node, enable it with the cnfimaparms command as shown
in the following example:
M8830_CH.1.PXM.a > cnfimaparms -restart 1
Step 4
To display the autorestart feature configuration for a specific IMA group, enter the dspimagrp command
as described in the “Displaying the Status of a Single IMA Group” section, which appears earlier in this
chapter. For more information on autorestart information in the dspimagrp command display, see
“Displaying the IMA Group Autorestart Configuration and State” section, which appears later in this
chapter.
Step 5
To configure the autorestart feature for a specific IMA group, enter the cnfimagrp command using the
following format:
M8830_CH.1.PXM.a > cnfimagrp -grp <group> [-mode <autoRestart>] [-rxid <rxImaIdExpected>]
Replace the group variable with the IMA group number as it appears in the dspimagrp and dspimgrps
command displays.
Include the -mode option when you need to change the autorestart mode for the group. Replace the
autoRestart variable with 1 to disable autorestart for this group, 2 to enable autorestart and relearn the
far end ID on restart, and 3 to enable autorestart and reuse the previously learned far end ID on restart.
The -rxid parameter is optional and specifies the far end IMA ID to expect on autorestart. If a far end ID
is or will be configured on the IMA group (using cnfimgrp -txid option on MGX switches), enter this
ID with the -rxid option on the near end to help the switch determine whether an IMA group link is in
loopback.
Be sure to specify an IMA far end ID that is different from the near end ID. The range is -1 to 255. Enter
the -rxid option with -1 to configure the IMA group to learn the far end user ID when the IMA group
starts.
Cisco recommends two configurations for the autorestart feature. The preferred configuration is to set
the -mode option to reuse (3) the far end ID and set the -rxid option to -1. This configuration causes the
IMA group to learn the far end ID the first time the IMA group starts and reuse that IMA group ID on
all future restarts.
The second configuration sets the -mode option to relearn (2) the far end ID and sets the -rxid option to
-1. This configuration causes the IMA group to learn the far end ID every time the IMA group starts. To
make the far end ID persistent after it is learned, you must enter the cnfimagrp command a second time
and change the -mode option to 3 (reuse).
The following example configures IMA group 2.1 to use the preferred configuration:
M8830_CH.1.PXM.a > cnfimagrp -grp 2.1 -mode 3 -rxid -1
Note
The cnfimagrp command provides additional parameters. All cnfimagrp parameters are described in
Table 3-5.
Cisco MGX 8800/8900 Series Software Configuration Guide
OL-19868-01
9-95
Chapter 9
Switch Operating Procedures
Managing IMA
Step 6
To verify an IMA group configuration change, enter the dspimagrp command.
Displaying the IMA Group Autorestart Configuration and State
Starting with Release 5, three new rows have been added to the dspimagrp <group> command to show
the autorestart state for an IMA group. To display an IMA group autorestart state, enter the dspimagrp
command as described in the “Displaying the Status of a Single IMA Group” section, which appears
earlier in this chapter. The following rows apply to the autorestart feature:
Auto-Restart Mode
Rx IMA ID Expected
Auto-Restart Sync State
: disable
: -1
: disable
The Auto-Restart Mode row displays the mode configured with the cnfimagrp command -mode option,
which is described in the previous section. The Rx IMA ID Expected row displays the far end ID
configured with the cnfimagrp command -rxid option, which is also described in the previous section.
The Auto-Restart Sync State row displays one of the following states:
•
disable—Autorestart is disabled for this IMA group.
•
loopbackSync—All IMA links in this group are synchronized with an ID that is the same as the near
end ID.
•
feSync—At least on IMA link in this group is synchronized with an ID that is the same as the
expected far end ID.
•
tempSync—All IMA links in this group are synchronized with an IMA ID, but the ID does not match
the near end ID or the expected far end ID.
•
inProgress—Autorestart is enabled, but the IMA group has not yet reached the loopbackSync,
feSync, or tempSync state.
Cisco MGX 8800/8900 Series Software Configuration Guide
9-96
OL-19868-01
Download PDF
Similar pages