3. Configuring Network Time Protocol (NTP). Alcatel-Lucent OmniSwitch 6800 Series, OmniSwitch 9000 Series, OmniSwitch 6850 Series
Add to My manuals292 Pages
advertisement
![3. Configuring Network Time Protocol (NTP). Alcatel-Lucent OmniSwitch 6800 Series, OmniSwitch 9000 Series, OmniSwitch 6850 Series | Manualzz 3. Configuring Network Time Protocol (NTP). Alcatel-Lucent OmniSwitch 6800 Series, OmniSwitch 9000 Series, OmniSwitch 6850 Series | Manualzz](http://s1.manualzz.com/store/data/007214403_1-07bf536fc733360282ad3d568da31b0f-360x466.png)
3 Configuring Network Time
Protocol (NTP)
Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source, such as a radio or satellite receiver. It provides client time accuracies within a millisecond on LANs, and up to a few tens of milliseconds on WANs relative to a primary server synchronized to Universal Coordinated Time (UTC) (via a Global Positioning Service receiver, for example).
In This Chapter
This chapter describes the basic components of the OmniSwitch implementation of Network Time Protocol and how to configure it through Command Line Interface (CLI). CLI commands are used in the configuration examples; for more details about the syntax of commands, see the OmniSwitch CLI Refer-
ence Guide.
Configuration procedures described in this chapter include:
•
• Selecting an NTP server for the NTP client and modifying settings for communicating with the server.
See
.
•
Enabling authentication in NTP negotiations. See “Using Authentication” on page 3-12 .
OmniSwitch 6800/6850/9000 Switch Management Guide December 2007 page 3-1
NTP Specifications Configuring Network Time Protocol (NTP)
NTP Specifications
RFCs supported 1305–Network Time Protocol
Maximum number of NTP servers per client 3
NTP Defaults Table
The following table shows the default settings of the configurable NTP parameters:
NTP Defaults
Parameter Description Command
Specifies an NTP server from which this switch will receive updates ntp server
Used to activate client
Used to activate NTP client broadcast mode
Used to set the advertised broadcast delay, in microseconds ntp client ntp broadcast ntp broadcast-delay
Default Value/Comments version: 4 minpoll: 6 prefer: no key: 0 disabled disabled
4000 microseconds page 3-2 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007
Configuring Network Time Protocol (NTP) NTP Quick Steps
NTP Quick Steps
The following steps are designed to show the user the necessary commands to set up NTP on an
OmniSwitch:
1 Designate an NTP server for the switch using the switch with its NTP time information. For example: ntp server command. The NTP server provides the
-> ntp server 1.2.5.6
2 Activate the client side of NTP on the switch using the ntp client command. For example:
-> ntp client enable
3 You can check the server status using the show ntp server status command, as shown:
-> show ntp server status 198.206.181.139
IP address = 198.206.181.139,
Host mode = client,
Peer mode = server,
Prefer = no,
Version = 4,
Key = 0,
Stratum = 2,
Minpoll = 6 (64 seconds),
Maxpoll = 10 (1024 seconds),
Delay = 0.016 seconds,
Offset = -180.232 seconds,
Dispersion = 7.945 seconds
Root distance = 0.026,
Precision = -14,
Reference IP = 209.81.9.7,
Status = configured : reachable : rejected,
Uptime count = 1742 seconds,
Reachability = 1,
Unreachable count = 0,
Stats reset count = 1680 seconds,
Packets sent = 1,
Packets received = 1,
Duplicate packets = 0,
Bogus origin = 0,
Bad authentication = 0,
Bad dispersion = 0,
Last Event = peer changed to reachable,
4 You can check the list of servers associated with this client using the command, as shown: show ntp client server-list
-> show ntp client server-list
IP Address Ver Key St Delay Offset Disp
================+===+=======+====+==========+=================+==========
1.2.5.6
4 0 2 0.06
-0.673
0.017
OmniSwitch 6800/6850/9000 Switch Management Guide December 2007 page 3-3
NTP Quick Steps Configuring Network Time Protocol (NTP)
5 You can check the client configuration using the show ntp client command, as shown:
-> show ntp client
Current time: THU SEP 15 2005 17:44:54 (UTC)
Last NTP update: THU SEP 15 2005 17:30:54
Client mode: enabled
Broadcast client mode: disabled
Broadcast delay (microseconds): 4000 page 3-4 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007
Configuring Network Time Protocol (NTP) NTP Overview
NTP Overview
Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source, such as a radio or satellite receiver. It provides client time accuracies within a millisecond on LANs, and up to a few tens of milliseconds on WANs relative to a primary server synchronized to Universal Coordinated Time (UTC) (via a Global Positioning Service receiver, for example). Typical NTP configurations utilize multiple redundant servers and diverse network paths in order to achieve high accuracy and reliability. Some configurations include cryptographic authentication to prevent accidental or malicious protocol attacks.
It is important for networks to maintain accurate time synchronization between network nodes. The standard timescale used by most nations of the world is based on a combination of UTC (representing the
Earth’s rotation about its axis), and the Gregorian Calendar (representing the Earth’s rotation about the
Sun). The UTC timescale is disciplined with respect to International Atomic Time (TAI) by inserting leap seconds at intervals of about 18 months. UTC time is disseminated by various means, including radio and satellite navigation systems, telephone modems, and portable clocks.
Special purpose receivers are available for many time-dissemination services, including the Global Position System (GPS) and other services operated by various national governments. For reasons of cost and convenience, it is not possible to equip every computer with one of these receivers. However, it is possible to equip some computers with these clocks, which then act as primary time servers to synchronize a much larger number of secondary servers and clients connected by a common network. In order to do this, a distributed network clock synchronization protocol is required which can read a server clock, transmit the reading to one or more clients, and adjust each client clock as required. Protocols that do this include
NTP.
Note. The OmniSwitch 6800, 6850, and 9000 switches can only be NTP clients in an NTP network. They cannot act as NTP servers.
OmniSwitch 6800/6850/9000 Switch Management Guide December 2007 page 3-5
NTP Overview Configuring Network Time Protocol (NTP)
Stratum
Stratum is the term used to define the relative proximity of a node in a network to a time source (such as a radio clock). Stratum 1 is the server connected to the time source itself. (In most cases the time source and the stratum 1 server are in the same physical location.) An NTP client or server connected to a stratum 1 source would be stratum 2. A client or server connected to a stratum 2 machine would be stratum 3, and so on, as demonstrated in the diagram below:
UTC Time Source Stratum 1 Stratum 2 Stratum 3
The farther away from stratum 1 a device is, the more likely there will be discrepancies or errors in the time adjustments done by NTP. A list of stratum 1 and 2 sources available to the public can be found on the Internet.
Note. It is not required that NTP be connected to an officially recognized time source (for example, a radio clock). NTP can use any time source to synchronize time in the network.
Using NTP in a Network
NTP operates on the premise that there is one true standard time (defined by UTC), and that if several servers claiming synchronization to the standard time are in disagreement, then one or more of them must be out of synchronization or not functioning correctly. The stratum gradiation is used to qualify the accuracy of a time source along with other factors, such as advertised precision and the length of the network path between connections. NTP operates with a basic distrust of time information sent from other network entities, and is most effective when multiple NTP time sources are integrated together for checks and crosschecks. To achieve this end, there are several modes of operation that an NTP entity can use when synchronizing time in a network. These modes help predict how the entity behaves when requesting or sending time information, listed below:
• A switch can be a client of an NTP server (usually of a lower stratum), receiving time information from the server but not passing it on to other switches.
• A switch can be a client of an NTP server, and in turn be a server to another switch or switches.
• A switch (regardless of its status as either a client or server) must be peered with another switch. Peering allows NTP entities in the network of the same stratum to regard each other as reliable sources of time and exchange time information.
page 3-6 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007
Configuring Network Time Protocol (NTP)
Examples of these are shown in the simple network diagram below:
UTC Time Source
NTP Overview
Stratum 1
NTP
Servers
1a 1b
Stratum 2
NTP
Server/Clients
2a 2b
Stratum 3
NTP
Clients
3a 3b
Servers 1a and 1b receive time information from, or synchronize with, a UTC time source such as a radio clock. (In most cases, these servers would not be connected to the same UTC source, though it is shown this way for simplicity.) Servers 1a and 1b become stratum 1 NTP servers and are peered with each other, allowing them to check UTC time information against each other. These machines support machines 2a and 2b as clients, and these clients are synchronized to the higher stratum servers 1a and 1b.
Clients 2a and 2b are also peered with each other for time checks, and become stratum 2 NTP servers for more clients (3a and 3b, which are also peered). In this hierarchy, the stratum 1 servers synchronize to the most accurate time source available, then check the time information with peers at the same stratum. The stratum 2 machines synchronize to the stratum 1 servers, but do not send time information to the stratum 1 machines. Machines 2a and 2b in turn provide time information to the stratum 3 machines. It is important to consider the issue of robustness when selecting sources for time synchronization.
It is suggested that at least three sources should be available, and at least one should be “close” to you in terms of network topology. It is also suggested that each NTP client is peered with at least three other same stratum clients, so that time information crosschecking is performed.
Note. Alcatel-Lucent’s current implementation of NTP only allows the OmniSwitch to act as a passive client, not as a server. A passive client only receives NTP information and adjusts its time accordingly. In the above example, an OmniSwitch could be either Server 3a or 3b. An OmniSwitch as Server 3a or 3b would also not be able to peer with other servers on the same stratum.
OmniSwitch 6800/6850/9000 Switch Management Guide December 2007 page 3-7
NTP Overview Configuring Network Time Protocol (NTP)
When planning your network, it is helpful to use the following general rules:
• It is usually not a good idea to synchronize a local time server with a peer (in other words, a server at the same stratum), unless the latter is receiving time updates from a source that has a lower stratum than from where the former is receiving time updates. This minimizes common points of failure.
• Peer associations should only be configured between servers at the same stratum level. Higher Strata should configure lower Strata, not the reverse.
• It is inadvisable to configure time servers in a domain to a single time source. Doing so invites common points of failure.
Note. NTP does not support year date values greater than 2035 (the reasons are documented in RFC 1305 in the data format section). This should not be a problem (until the year 2035) as setting the date this far in advance runs counter to the administrative intention of running NTP.
Authentication
NTP is designed to use MD5 encryption authentication to prevent outside influence upon NTP timestamp information. This is done by using a key file. The key file is loaded into the switch memory, and consists of a text file that lists key identifiers that correspond to particular NTP entities.
If authentication is enabled on an NTP switch, any NTP message sent to the switch must contain the correct key ID in the message packet to use in decryption. Likewise, any message sent from the authentication enabled switch will not be readable unless the receiving NTP entity possesses the correct key ID.
The key file is a text (.txt) file that contains a list of keys that are used to authenticate NTP servers. It should be located in the /networking directory of the switch.
Key files are created by a system administrator independent of the NTP protocol, and then placed in the switch memory when the switch boots. An example of a key file is shown below:
2
14
M
M
RIrop8KPPvQvYotM sundial
# md5 key as an ASCII random string
# md5 key as an ASCII string
In a key file, the first token is the key number ID, the second is the key format, and the third is the key itself. (The text following a “#” is not counted as part of the key, and is used merely for description.) The key format indicates an MD5 key written as a 1 to 31 character ASCII string with each character standing for a key octet.
The key file (with identical MD5 keys) must be located on both the local NTP client and the client’s server.
page 3-8 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007
Configuring Network Time Protocol (NTP) Configuring NTP
Configuring NTP
The following sections detail the various commands used to configure and view the NTP client software in an OmniSwitch.
Configuring the OmniSwitch as a Client
The NTP software is disabled on the switch by default. To activate the switch as an NTP client, enter the ntp client command as shown:
-> ntp client enable
This sets the switch to act as an NTP client in the passive mode, meaning the client will receive updates from a designated NTP server.
To disable the NTP software, enter the ntp client command as shown:
-> ntp client disable
Setting the Client to Broadcast Mode
It is possible to configure an NTP client to operate in the broadcast mode. Broadcast mode specifies that a client switch listens on all interfaces for server broadcast timestamp information. It uses these messages to update its time.
To set an OmniSwitch to operate in the broadcast mode, enter the ntp broadcast command as shown:
-> ntp broadcast enable
A client in the broadcast mode does not need to have a specified server.
Setting the Broadcast Delay
When set to the broadcast mode, a client needs to advertise a broadcast delay. The broadcast mode is intended for operation on networks with numerous workstations and where the highest accuracy is not required. In a typical scenario, one or more time servers on the network, broadcast NTP messages, which are received by NTP hosts. The correct time is determined from an NTP message based on a pre-configured latency or broadcast delay in the order of a few milliseconds.
To set the broadcast delay, enter the ntp broadcast-delay command as shown:
-> ntp broadcast delay 1000
OmniSwitch 6800/6850/9000 Switch Management Guide December 2007 page 3-9
Configuring NTP Configuring Network Time Protocol (NTP)
NTP Servers
An NTP client needs to receive NTP updates from an NTP server. Each client must have at least one server with which it synchronizes (unless it is operating in broadcast mode). There are also adjustable server options.
Designating an NTP Server
To configure an NTP client to receive updates from an NTP server, enter the ntp server command with the server IP address or domain name, as shown:
-> ntp server 1.1.1.1
or
-> ntp server spartacus
It is possible to remove an NTP server from the list of servers from which a client synchronizes. To do this, enter the ntp server command with the no prefix, as shown:
-> no ntp server 1.1.1.1
Enabling/Disabling NTP Server Synchronization Tests
To enable an NTP client to invoke NTP server synchronization tests as specified by the NTP protocol, enter the ntp server synchronized command as shown:
-> ntp server synchronized
NTP synchronization is enabled by default.
Note. The NTP protocol discards the NTP servers that are unsynchronized.
To disable an NTP client from invoking tests for NTP server synchronization, enter the ntp server unsynchronized command, as shown:
-> ntp server unsynchronized
Disabling peer synchronization tests allows the NTP client to synchronize with either an NTP peer that is not synchronized with an atomic clock or a network of NTP servers that will finally synchronize with an atomic clock.
Setting the Minimum Poll Time
The minimum poll time is the number of seconds that the switch waits before requesting a time synchronization from the NTP server. This number is determined by raising 2 to the power of the number entered using the ntp server command with the server IP address (or domain name) and the minpoll keyword.
For example, to set the minimum poll time to 128 seconds, enter the following:
-> ntp server 1.1.1.1 minpoll 7
This would set the minimum poll time to 2 7 = 128 seconds.
page 3-10 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007
Configuring Network Time Protocol (NTP) Configuring NTP
Setting the Version Number
There are currently four versions of NTP available (numbered one through four). The version that the NTP server uses must be specified on the client side.
To specify the NTP version on the server from which the switch receives updates, use the ntp server command with the server IP address (or domain name), version keyword, and version number, as shown:
-> ntp server 1.1.1.1 version 3
The default setting is version 4.
Marking a Server as Preferred
If a client receives timestamp updates from more than one server, it is possible to mark one of the servers as the preferred server. A preferred server’s timestamp will be used before another unpreferred server timestamp.
To specify an NTP as preferred, use the ntp server command with the server IP address (or domain name) and the prefer keyword, as shown:
-> ntp server 1.1.1.1 prefer
OmniSwitch 6800/6850/9000 Switch Management Guide December 2007 page 3-11
Configuring NTP Configuring Network Time Protocol (NTP)
Using Authentication
Authentication is used to encrypt the NTP messages sent between the client and server. The NTP server and the NTP client must both have a text file containing the public and secret keys. (This file should be
Once both the client and server share a common MD5 encryption key, the MD5 key identification for the
NTP server must be specified on and labeled as trusted on the client side.
Setting the Key ID for the NTP Server
Enabling authentication requires the following steps:
1 Make sure the key file is located in the /networking directory of the switch. This file must contain the key for the server that provides the switch with its timestamp information.
2 Make sure the key file with the NTP server’s MD5 key is loaded into the switch memory by issuing the ntp key load command, as shown:
-> ntp key load
3 Set the server authentication key identification number using the ntp server command with the key keyword. This key identification number must be the one the server uses for MD5 encryption. For example, to specify key identification number 2 for an NTP server with an IP address of 1.1.1.1, enter:
-> ntp server 1.1.1.1 key 2
4 Specify the key identification set above as trusted. A key that has been labeled as trusted is ready for use in the authentication process. To set a key identification to be trusted, enter the ntp key command with the key identification number and trusted keyword. For example, to set key ID 5 to trusted status, enter the following:
-> ntp key 5 trusted
Untrusted keys, even if they are in the switch memory and match an NTP server, will not authenticate
NTP messages.
5 A key can be set to untrusted status by using the ntp key command with the untrusted keyword. For example, to set key ID 5 to untrusted status, enter the following:
-> ntp key 5 untrusted page 3-12 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007
Configuring Network Time Protocol (NTP) Verifying NTP Configuration
Verifying NTP Configuration
To display information about the NTP client, use the show commands listed in the following table: show ntp client show ntp server status show ntp client server-list show ntp keys
Displays information about the current client NTP configuration.
Displays the basic server information for a specific NTP server or a list of NTP servers.
Displays a list of the servers with which the NTP client synchronizes.
Displays information about all authentication keys.
For more information about the resulting displays from these commands, see the “NTP Commands” chapter in the OmniSwitch CLI Reference Guide.
Examples of the show ntp client, show ntp server status, and show ntp client server-list command outputs are given in the section
“NTP Quick Steps” on page 3-3 .
OmniSwitch 6800/6850/9000 Switch Management Guide December 2007 page 3-13
Verifying NTP Configuration Configuring Network Time Protocol (NTP) page 3-14 OmniSwitch 6800/6850/9000 Switch Management Guide December 2007
advertisement
Related manuals
advertisement
Table of contents
- 1 (START page)
- 1 Home
- 2 Front Matter
- 2 Copyright Information
- 2 Patents
- 2 Contacting Alcatel
- 3 Contents
- 13 About This Guide
- 13 Supported Platforms
- 14 Who Should Read this Manual?
- 14 When Should I Read this Manual?
- 14 What is in this Manual?
- 14 What is Not in this Manual?
- 15 How is the Information Organized?
- 15 Documentation Roadmap
- 17 Related Documentation
- 19 User Manual CD
- 19 Technical Support
- 21 1. Managing System Files
- 21 In This Chapter
- 22 File Management Specifications
- 23 Switch Administration Overview
- 23 File Transfer
- 24 Switch Directories
- 25 File and Directory Management
- 27 Using Wildcards
- 27 Multiple Characters
- 27 Single Characters
- 28 Directory Commands
- 28 Determining Your Location in the File Structure
- 29 Changing Directories
- 30 Displaying Directory Contents
- 32 Making a New Directory
- 33 Displaying Directory Contents Including Subdirectories
- 33 Copying an Existing Directory
- 34 Removing a Directory and its Contents
- 35 File Commands
- 35 Creating or Modifying Files
- 35 Copy an Existing File
- 36 Secure Copy an Existing File
- 36 Move an Existing File or Directory
- 38 Change File Attribute and Permissions
- 38 Delete an Existing File
- 39 Managing Files on Switches
- 40 Utility Commands
- 40 Displaying Free Memory Space
- 40 Performing a File System Check
- 40 Deleting the Entire File System
- 41 Loading Software onto the Switch
- 41 Using the Switch as an FTP Server
- 43 Using the Switch as an FTP Client
- 45 Using Secure Shell FTP
- 46 Closing a Secure Shell FTP Session
- 47 Using Zmodem
- 48 Registering Software Image Files
- 48 Directories on the Switch
- 49 Available Image Files
- 50 Application Examples for File Management
- 50 Transferring a File to the Switch Using FTP
- 51 Creating a File Directory on the Switch
- 52 FTP Client Application Example
- 54 Creating a File Directory Using Secure Shell FTP
- 56 Transfer a File Using Secure Shell FTP
- 56 Closing a Secure Shell FTP Session
- 56 Verifying Directory Contents
- 57 Setting the System Clock
- 57 Setting Date and Time
- 57 Date
- 57 Time Zone
- 58 Time
- 59 Daylight Savings Time Configuration
- 60 Enabling DST
- 63 2. Logging Into the Switch
- 63 In This Chapter
- 65 Login Specifications
- 65 Login Defaults
- 67 Quick Steps for Logging Into the Switch
- 68 Overview of Switch Login Components
- 68 Management Interfaces
- 68 Logging Into the CLI
- 69 Using the WebView Management Tool
- 69 Using SNMP to Manage the Switch
- 69 User Accounts
- 70 Using Telnet
- 70 Logging Into the Switch Via Telnet
- 70 Starting a Telnet Session from the Switch
- 72 Using FTP
- 72 Using FTP to Log Into the Switch
- 74 Using Secure Shell
- 74 Secure Shell Components
- 74 Secure Shell Interface
- 74 Secure Shell File Transfer Protocol
- 75 Secure Shell Application Overview
- 76 Secure Shell Authentication
- 76 Protocol Identification
- 76 Algorithm and Key Exchange
- 76 Authentication Phase
- 77 Connection Phase
- 77 Using Secure Shell DSA Public Key Authentication
- 77 Starting a Secure Shell Session
- 79 Closing a Secure Shell Session
- 79 Log Into the Switch with Secure Shell FTP
- 81 Closing a Secure Shell FTP Session
- 82 Modifying the Login Banner
- 83 Modifying the Text Display Before Login
- 84 Configuring Login Parameters
- 84 Configuring the Inactivity Timer
- 85 Enabling the DNS Resolver
- 86 Verifying Login Settings
- 87 3. Configuring Network Time Protocol (NTP)
- 87 In This Chapter
- 88 NTP Specifications
- 88 NTP Defaults Table
- 89 NTP Quick Steps
- 91 NTP Overview
- 92 Stratum
- 92 Using NTP in a Network
- 94 Authentication
- 95 Configuring NTP
- 95 Configuring the OmniSwitch as a Client
- 96 NTP Servers
- 98 Using Authentication
- 99 Verifying NTP Configuration
- 101 4. Managing CMM Directory Content
- 101 In This Chapter
- 102 CMM Specifications
- 103 CMM Files
- 103 CMM Software Directory Structure
- 104 Where is the Switch Running From?
- 104 Software Rollback Feature
- 105 Software Rollback Configuration Scenarios for a Single Switch
- 109 Redundancy
- 109 Redundancy Scenarios
- 113 Managing the Directory Structure (Non-Redundant)
- 113 Rebooting the Switch
- 116 Copying the Running Configuration to the Working Directory
- 118 Rebooting from the Working Directory
- 121 Copying the Working Directory to the Certified Directory
- 122 Copying the Certified Directory to the Working Directory
- 123 Show Currently Used Configuration
- 124 Show Switch Files
- 125 Managing Redundancy in a Stack and CMM
- 125 Rebooting the Switch
- 126 Copying the Working Directory to the Certified Directory
- 127 Synchronizing the Primary and Secondary CMMs
- 128 CMM Switching Fabric
- 129 Swapping the Primary CMM for the Secondary CMM
- 130 Show Currently Used Configuration
- 131 NI Module Behavior During Takeover
- 132 Emergency Restore of the boot.cfg File
- 132 Can I Restore the boot.file While Running from Certified?
- 133 Displaying CMM Conditions
- 135 5. Using the CLI
- 136 CLI Specifications
- 136 CLI Overview
- 136 Online Configuration
- 137 Offline Configuration Using Configuration Files
- 137 Command Entry Rules and Syntax
- 137 Text Conventions
- 138 Using “Show” Commands
- 138 Using the “No” Form
- 138 Using “Alias” Commands
- 139 Partial Keyword Completion
- 139 Command Help
- 141 Tutorial for Building a Command Using Help
- 143 CLI Services
- 143 Command Line Editing
- 143 Deleting Characters
- 144 Recalling the Previous Command Line
- 144 Inserting Characters
- 145 Syntax Checking
- 145 Prefix Recognition
- 146 Example for Using Prefix Recognition
- 147 Prefix Prompt
- 147 Command History
- 149 Logging CLI Commands and Entry Results
- 149 Enabling Command Logging
- 149 Disabling Command Logging
- 150 Viewing the Current Command Logging Status
- 150 Viewing Logged CLI Commands and Command Entry Results
- 151 Customizing the Screen Display
- 151 Changing the Screen Size
- 151 Changing the CLI Prompt
- 152 Displaying Table Information
- 153 Filtering Table Information
- 154 Multiple User Sessions
- 154 Listing Other User Sessions
- 155 Listing Your Current Login Session
- 156 Terminating Another Session
- 157 Application Example
- 157 Using a Wildcard to Filter Table Information
- 158 Verifying CLI Usage
- 159 6. Working With Configuration Files
- 159 In This Chapter
- 160 Configuration File Specifications
- 160 Tutorial for Creating a Configuration File
- 162 Quick Steps for Applying Configuration Files
- 162 Setting a File for Immediate Application
- 162 Setting an Application Session for a Date and Time
- 163 Setting an Application Session for a Specified Time Period
- 164 Configuration Files Overview
- 164 Applying Configuration Files to the Switch
- 164 Verifying a Timed Session
- 165 Cancelling a Timed Session
- 165 Configuration File Error Reporting
- 166 Setting the Error File Limit
- 166 Syntax Checking
- 167 Displaying a Text File
- 167 Text Editing on the Switch
- 167 Invoke the “Vi” Editor
- 168 Creating Snapshot Configuration Files
- 168 Snapshot Feature List
- 169 User-Defined Naming Options
- 169 Editing Snapshot Files
- 172 Verifying File Configuration
- 173 7. Managing Switch User Accounts
- 173 In This Chapter
- 174 User Database Specifications
- 174 User Account Defaults
- 176 Overview of User Accounts
- 177 Startup Defaults
- 178 Quick Steps for Network Administrator User Accounts
- 179 Quick Steps for Creating Customer Login User Accounts
- 180 Default User Settings
- 180 Account and Password Policy Settings
- 181 How User Settings Are Saved
- 182 Creating a User
- 182 Removing a User
- 182 User-Configured Password
- 184 Configuring Password Policy Settings
- 184 Setting a Minimum Password Size
- 184 Configuring the Username Password Exception
- 185 Configuring Password Character Requirements
- 185 Configuring Password Expiration
- 185 Default Password Expiration
- 186 Specific User Password Expiration
- 186 Configuring the Password History
- 186 Configuring the Minimum Age for a Password
- 187 Configuring Global User Lockout Settings
- 187 Configuring the User Lockout Window
- 187 Configuring the User Lockout Threshold Number
- 188 Configuring the User Lockout Duration Time
- 188 Manually Locking and Unlocking User Accounts
- 189 Configuring Privileges for a User
- 190 Setting Up SNMP Access for a User Account
- 190 SNMP Access Without Authentication/Encryption
- 191 SNMP Access With Authentication/Encryption
- 191 Removing SNMP Access From a User
- 192 Setting Up End-User Profiles
- 193 Creating End-User Profiles
- 193 Setting Up Port Ranges in a Profile
- 193 Setting Up VLAN Ranges in a Profile
- 194 Associating a Profile With a User
- 194 Removing a Profile From the Configuration
- 195 Verifying the User Configuration
- 197 8. Managing Switch Security
- 197 In This Chapter
- 198 Switch Security Specifications
- 198 Switch Security Defaults
- 199 Switch Security Overview
- 200 Authenticated Switch Access
- 200 AAA Servers-RADIUS or LDAP
- 200 Authentication-only-ACE/Server
- 201 Interaction With the User Database
- 201 ASA and Authenticated VLANs
- 202 Configuring Authenticated Switch Access
- 203 Quick Steps for Setting Up ASA
- 205 Setting Up Management Interfaces for ASA
- 206 Enabling Switch Access
- 206 Configuring the Default Setting
- 207 Using Secure Shell
- 208 Configuring Accounting for ASA
- 209 Verifying the ASA Configuration
- 211 9. Using WebView
- 211 In This Chapter
- 212 WebView CLI Defaults
- 212 Browser Setup
- 213 WebView CLI Commands
- 213 Enabling/Disabling WebView
- 213 Changing the HTTP Port
- 213 Enabling/Disabling SSL
- 214 Changing the HTTPS Port
- 215 Quick Steps for Setting Up WebView
- 215 WebView Overview
- 215 WebView Page Layout
- 216 Banner
- 216 Toolbar
- 217 Feature Options
- 217 View/Configuration Area
- 218 Configuring the Switch With WebView
- 218 Accessing WebView
- 219 Accessing WebView with Internet Explorer Version 7
- 220 Home Page
- 221 Configuration Page
- 221 Global Configuration Page
- 222 Table Configuration Page
- 224 Table Features
- 228 Adjacencies
- 229 WebView Help
- 229 General WebView Help
- 229 Specific-page Help
- 231 10. Using SNMP
- 231 In This Chapter
- 232 SNMP Specifications
- 232 SNMP Defaults
- 234 Quick Steps for Setting Up An SNMP Management Station
- 235 Quick Steps for Setting Up Trap Filters
- 235 Filtering by Trap Families
- 236 Filtering by Individual Traps
- 237 SNMP Overview
- 237 SNMP Operations
- 238 Using SNMP for Switch Management
- 238 Setting Up an SNMP Management Station
- 238 SNMP Versions
- 238 SNMPv1
- 239 SNMPv2
- 239 SNMPv3
- 240 SNMP Traps Table
- 257 Using SNMP For Switch Security
- 257 Community Strings (SNMPv1 and SNMPv2)
- 257 Configuring Community Strings
- 258 Encryption and Authentication (SNMPv3)
- 258 Configuring Encryption and Authentication
- 259 Setting SNMP Security
- 260 Working with SNMP Traps
- 260 Trap Filtering
- 260 Filtering by Trap Families
- 260 Filtering By Individual Trap
- 261 Authentication Trap
- 261 Trap Management
- 261 Replaying Traps
- 261 Absorbing Traps
- 261 Sending Traps to WebView
- 262 SNMP MIB Information
- 262 MIB Tables
- 262 MIB Table Description
- 263 Industry Standard MIBs
- 268 Enterprise (Proprietary) MIBs
- 273 Verifying the SNMP Configuration
- 275 A. Software License and Copyright Statements
- 275 Alcatel-Lucent License Agreement
- 275 ALCATEL-LUCENT SOFTWARE LICENSE AGREEMENT
- 278 Third Party Licenses and Notices
- 278 A. Booting and Debugging Non-Proprietary Software
- 278 B. The OpenLDAP Public License: Version 2.4, 8 December 2000
- 279 C. Linux
- 279 D. GNU GENERAL PUBLIC LICENSE: Version 2, June 1991
- 284 E. University of California
- 284 F. Carnegie-Mellon University
- 284 G. Random.c
- 285 H. Apptitude, Inc.
- 285 I. Agranat
- 285 J. RSA Security Inc.
- 285 K. Sun Microsystems, Inc.
- 286 L. Wind River Systems, Inc.
- 286 M. Network Time Protocol Version 4
- 287 Index