ICX: Difference between revisions
(→VLAN) |
|||
(43 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
= | = Ruckus / Brocade Switches = | ||
See [[Ruckus]] | |||
= Connect = | |||
== | == Connect on Linux == | ||
# apt install tio | |||
tio -b 9600 /dev/ttyS0 | |||
tio -b 9600 /dev/ttyUSB0 | |||
# apt install minicom | |||
minicom -b 9600 -D /dev/ttyS0 | |||
minicom -b 9600 -D /dev/ttyUSB0 | |||
== Connect on Windows == | |||
Use Tera Term or Putty and connect to COMX with Baud 9600 | |||
= CLI = | |||
Show Config | |||
sh run | |||
All but "show config" will need "enable" | |||
>enable | |||
== Interface Show == | |||
Show Interfaces | |||
sh int bri | |||
Show specific port: | |||
show int eth 1/1/1 | |||
Show management port: | |||
sh int bri | begin mgmt | |||
== License == | |||
Show licenses: | |||
sh license | |||
== Logs == | |||
Show logs: | |||
sh log | |||
Clear logs: | |||
clear log | |||
Sample: | |||
<pre> | |||
Syslog logging: enabled ( 0 messages dropped, 1 flushes, 0 overruns) | |||
Buffer logging: level ACDMEINW, 0 messages logged | |||
level code: A=alert C=critical D=debugging M=emergency E=error | |||
I=informational N=notification W=warning | |||
Dynamic Log Buffer (50 lines): | |||
Jan 1 12:19:30:I:Security: SSH login by myuser from src IP 10.10.10.10 from src MAC xxxx.xxxx.xxxx to USER EXEC mode using RSA as Server Host Key. | |||
Jan 1 00:00:57:I:STP: VLAN 1 Port 1/1/30 STP State -> FORWARDING (FwdDlyExpiry) | |||
Jan 1 00:00:55:I:STP: VLAN 1 Port 1/1/48 STP State -> LEARNING (FwdDlyExpiry) | |||
</pre> | |||
== Management IP Show == | |||
== keywords | Show IP: | ||
show ip | |||
== Pagination == | |||
>enable | |||
to skip pagination: | |||
skip | |||
# or skip-page-display | |||
Disable page display mode | |||
to page: | |||
page | |||
Enable page display mode | |||
== Ping == | |||
ping [IP] | |||
== POE == | |||
Enable POE: | |||
conf t | |||
interface eth 1/1/1 | |||
inline power | |||
Disable POE: | |||
conf t | |||
interface eth 1/1/1 | |||
no inline power | |||
Show Interface POE: | |||
show inline power | |||
Show Interface POE details: (and firmware version) | |||
show inline power details | |||
Limit POE on interface: | |||
int ent ethernet 1/1/1 to 1/1/48 | |||
inline power | |||
inline power power-limit 25000 | |||
== Reboot Switch == | |||
reload | |||
== Version == | |||
Show switch version and model and serial: | |||
show version | |||
sh ver | |||
Example: | |||
<pre> | |||
>sh ver | |||
... | |||
UNIT 1: compiled on Mar 2 2012 at 12:38:17 labeled as ICX64S07400 | |||
(10360844 bytes) from Primary ICX64S07400.bin | |||
SW: Version 07.4.00T311 | |||
Boot-Monitor Image size = 512, Version:07.4.00T310 (kxz07400) | |||
HW: Stackable ICX6450-48-HPOE | |||
========================================================================== | |||
UNIT 1: SL 1: ICX6450-48p POE 48-port Management Module | |||
Serial #: BZTXXXXXXXX | |||
License: BASE_SOFT_PACKAGE (LID: dbvHKIFjFox) | |||
... | |||
</pre> | |||
== VLAN Show == | |||
Show VLANs: | |||
show vlan | |||
= Config = | |||
Configure: | |||
enable | |||
configure terminal | |||
# or conf t | |||
Show Config: | |||
show config | |||
sh run | |||
Write Config: | |||
write mem | |||
Clear Config: | |||
erase startup-config | |||
== Hostname == | |||
hostname [name] | |||
== Interface == | |||
sh int bri | |||
Show specific port: | |||
show int eth 1/1/1 | |||
Show management port: | |||
sh int bri | begin mgmt | |||
Disable Interface | |||
int eth 1/1/48 | |||
disable | |||
enable | |||
== IP == | |||
Management Interface DHCP Client | |||
=== dhcp ip === | |||
ip dhcp-client enable | |||
ip dhcp-client auto-update enable | |||
no ip dhcp-client enable | |||
=== Static IP === | |||
ip address 10.10.10.104/24 | |||
# or | |||
ip address 10.10.10.104 255.255.255.0 | |||
ip default-gateway 10.10.10.1 | |||
no ip dhcp-client auto-update enable | |||
no ip dhcp-client enable | |||
Show IP: | |||
show ip | |||
== SFP == | |||
GBIC | |||
<pre> | |||
# show media | |||
... | |||
Port 1/3/1: Type : EMPTY | |||
Port 1/3/2: Type : EMPTY | |||
Port 1/3/3: Type : 1G M-TX(SFP) | |||
Port 1/3/4: Type : EMPTY | |||
</pre> | |||
<pre> | |||
# sh media et 1/3/3 | |||
Port 1/3/3: Type : 1G M-TX(SFP) | |||
Vendor: XXX Version: D1 | |||
Part# : SFP-1000BASE-TX Serial#: XXX | |||
</pre> | |||
# sh int bri | |||
.. | |||
1/3/3 Up Forward Full 1G None No 1 0 xxxx.xxxx.xxxx | |||
#sh int et 1/3/3 | |||
10GigabitEthernet1/3/3 is up, line protocol is up | |||
Note: If a 1-Gbps optic transceiver is inserted, you must configure the port using the ''speed-duplex 1000-full-master'' command at the interface level. <ref>https://docs.commscope.com/bundle/icx7150-installguide/page/GUID-B346251F-DFCC-4441-B047-6E3A3E88839C.html</ref> | |||
Enable port: <ref>https://docs.commscope.com/bundle/icx7150-installguide/page/GUID-B346251F-DFCC-4441-B047-6E3A3E88839C.html</ref> | |||
# conf term | |||
# int ethernet 1/3/3 | |||
# speed-duplex 1000-full-master | |||
or short form: <ref>https://community.ruckuswireless.com/t5/ICX-Switches/Configuring-SFP-port-on-7150-C08p/td-p/27124</ref> | |||
<pre> | |||
config t | |||
int e 1/2/1 | |||
speed 1000-full | |||
</pre> | |||
<pre> | |||
# sh run | |||
... | |||
stack unit 1 | |||
module 1 icx7150-48pf-poe-port-management-module | |||
module 2 icx7150-2-copper-port-2g-module | |||
module 3 icx7150-4-sfp-plus-port-40g-module | |||
stack-port 1/3/1 | |||
stack-port 1/3/3 | |||
! | |||
interface ethernet 1/3/3 | |||
speed-duplex 1000-full | |||
! | |||
</pre> | |||
=== 10GE SFP+ === | |||
* 10GE SR 300m ((SFP+)) | |||
* 10GE USR 100m (SFP +) | |||
== Spanning Tree == | |||
Disable Spanning Tree On specific port: | |||
<pre> | |||
interface ethernet 1/1/1 | |||
loop-detection | |||
no spanning-tree | |||
! | |||
</pre> | |||
== SSH == | |||
Show ssh config settings: | |||
sh ip ssh config | |||
<pre> | |||
> sh ip ssh config | |||
... | |||
SSH server : Enabled | |||
SSH port : tcp\22 | |||
Host Key : DSA 1024, RSA 1024 | |||
Encryption : aes256-cbc, aes192-cbc, aes128-cbc, aes256-ctr, aes192-ctr, aes128-ctr, 3des-cbc | |||
... | |||
Authentication methods : Password, Public-key, Interactive | |||
... | |||
</pre> | |||
Enable SSH: | |||
## Generate keys | |||
crypto key generate rsa | |||
# ^ Their offer: ssh-rsa | |||
crypto key generate dsa | |||
# ^ Their offer: ssh-dss | |||
# Add admin user: | |||
username admin pri 0 password [PASSWORD] | |||
# enable | |||
aaa authentication login default local | |||
Disable SSH: | |||
crypto key zeroize | |||
crypto key zeroize dsa | |||
Note, the ICX uses really old key exchange method 'diffie-hellman-group1-sha1' | |||
debug1: kex: algorithm: diffie-hellman-group1-sha1 | |||
debug1: kex: host key algorithm: ssh-rsa | |||
# or | |||
debug1: kex: host key algorithm: ssh-dss | |||
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none | |||
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none | |||
To allow diffie-hellman-group1-sha1, edit either .ssh/config(to host) or /etc/ssh/ssh_config and add the following: | |||
# ICX SSH | |||
KexAlgorithms +diffie-hellman-group1-sha1 | |||
HostKeyAlgorithms +ssh-dss,ssh-rsa | |||
PubkeyAcceptedKeyTypes +ssh-dss,ssh-rsa | |||
NOTE: If you want to have the switch connect in reverse to do firmware updates, make sure to add the same to /etc/ssh/sshd_config | |||
# Allow Legacy ICX switches to connect | |||
KexAlgorithms +diffie-hellman-group1-sha1 | |||
HostKeyAlgorithms +ssh-dss,ssh-rsa | |||
## PubkeyAcceptedKeyTypes +ssh-dss,ssh-rsa # icx doesn't have a private key option - sadness | |||
=== Public Keys === | |||
* Note: The public key file may contain up to 16 DSA or RSA key pairs. | |||
* Note: Each key in the public key must be in exactly this format (remove the ssh-rsa prefix, the 'Comment' line is optional): <ref>ref https://docs.commscope.com/bundle/fastiron-08095-securityguide/page/GUID-E00DB049-9D65-4438-A64F-A947648A70AE.html</ref> | |||
* Note: Use a 2048 bit key (ssh-keygen -b 2048). The larger key will generate connect issues for 6450s (probably 7150s too). (no key from blob. pkalg ssh-rsa: invalid format) <ref>https://apple.stackexchange.com/questions/356323/ssh-fails-with-ssh-dispatch-run-fatal-invalid-format</ref> | |||
ssh-keygen -b 2048 | |||
<pre> | |||
---- BEGIN SSH2 PUBLIC KEY ---- | |||
Comment: "2048-bit RSA, converted from OpenSSH" | |||
AAAAB3NaC1yc2EAAAABIwAAAQEA0pt94yJmKwPfPZnxxYSS1aVaaqWgRM79EfRXf2XUrs | |||
834hx881MmQedye1oJrntvA8LyVUIepOdbc874i4259mtSXx+cfZW0/QeJggT/1zE82+n | |||
w706gGqNsE+XsT12bi6KU4Al2IWULce74yfQY9/amy38ZPCesKKurH4+2m/Ba69391lp | |||
nJ0BIQidn+I8hARUGayrOTrx/e2^kdC+2aNh6mS17KDiRyj8WBV3F5z5f5rlYBL/WoJ2beo | |||
R3L6H6wHXP8dZ1F4IqeVxeIimkFTzMEE*r/wHCnhewetnDy3iJAgr0TXTicJ1Qpb1MCBkB | |||
XaynjuDYSf4Kmgn8znaQ== | |||
---- END SSH2 PUBLIC KEY ---- | |||
</pre> | |||
Copy the combined key file (up to 16 keys) to tftp server, and have the ICX pull and override keyfile with: | |||
conf term | |||
ip ssh pub-key-file tftp [TFTP_IP] [PATH/keyfile.txt] | |||
List keys: | |||
show ip client-pub-key | |||
Remove pub key file: | |||
ip ssh pub-key-file remove | |||
== Neighbour Detection == | |||
Neighbour Detection <ref>https://support.purdi.com/hc/en-gb/articles/360021220292-Ruckus-ICX-Neighbour-Detection-using-LLDP-CDP-FDP</ref> | |||
'''Link Layer Discovery Protocol (LLDP)''' - Vendor agnostic link layer protocol to advertise device capabilities and directly connected neighbours on the network. | |||
lldp run | |||
show lldp neighbors | |||
'''Foundry Discovery Protocol (FDP)''' - Foundry/Brocade specific link layer protocol to advertise device capabilities and directly connected neighbours on the network. | |||
fdp run | |||
show fdp neighbors | |||
'''Cisco Discovery Protocol (CDP)''' - Cisco specific link layer protocol to advertise device capabilities and directly connected neighbours on the network. | |||
cdp run | |||
show cdp neighbors | |||
== VLAN == | |||
Show VLANs: | |||
show vlan | |||
Clear VLAN: | |||
no vlan [#] | |||
== Time == | |||
Daylight Saving (Summer Time) <ref>https://docs.commscope.com/bundle/fastiron-08091-managementguide/page/GUID-E670EE11-FBD6-4D1E-9099-6E231887D245.html</ref> | |||
clock summer-time zone us pacific start 02-28-21 02:00:00 end 10-30-21 02:00:00 offset 60 | |||
Note: Will have to be manually updated each year. | |||
== Users == | |||
Add Users: | |||
username admin password [PASSWORD] | |||
no username admin | |||
username myuser privilege [LEVEL] password [PASSWORD] | |||
# LEVEL: <0 READ-WRITE, 4 PORT-CONFIG, 5 READ-ONLY> User privilege level | |||
Require Login: | |||
aaa authentication web-server default local | |||
aaa authentication login default local | |||
Configure seperate enable privilege passwords: | |||
enable super-user-password [PASSWORD] | |||
enable port-config-password [PASSWORD] | |||
enable read-only-password [PASSWORD] | |||
no enable super-user-password | |||
Enter enable mode: | |||
enable | |||
Show who logged in as: | |||
sh who | |||
=== Privilege Levels === | |||
3 privileged levels: | |||
# enable '''super-user-password''' [PASSWORD]] - Super-user level password | |||
# enable '''port-config-password''' [PASSWORD]] - Port level configuration password | |||
# enable '''read-only-password''' [PASSWORD]] - Read-only level password | |||
* ''Super User level'' - Allows complete read-and-write access to the system. This is generally for system administrators and is the only management privilege level that allows you to configure passwords. | |||
* ''Port Configuration level'' - Allows read-and-write access for specific ports but not for global (system-wide) parameters. | |||
* ''Read-only level'' - Allows access to the Privileged EXEC mode and User EXEC mode of the CLI but only with read access. | |||
= Firmware = | |||
== Select Boot Slot == | |||
Show boot configuration: | |||
<pre> | |||
ICX7450 #sh boot-preference | |||
Boot system preference(Configured): | |||
Use Default | |||
Boot system preference(Default): | |||
Boot system flash primary | |||
Boot system flash secondary | |||
</pre> | |||
Select second boot slot: | |||
<pre> | |||
ICX7450# Boot system flash secondary | |||
</pre> | |||
Show boot configuration after change: | |||
<pre> | |||
ICX7450# sh boot-preference | |||
Boot system preference(Configured): | |||
Boot system flash secondary | |||
Boot system preference(Default): | |||
Boot system flash primary | |||
Boot system flash secondary | |||
</pre> | |||
Show configuration: | |||
<pre> | |||
ICX7450# sh run | |||
Current configuration: | |||
! | |||
... | |||
! | |||
boot sys fl sec | |||
</pre> | |||
= Reset Password = | |||
As switch boots up, when you see the following, press 'b': | |||
Enter 'b' to stop at boot monitor: | |||
then type "no password": | |||
no password | |||
then type "boot" to continue booting: | |||
boot | |||
# or boot_primary | |||
Then either change password | |||
enable | |||
conf t | |||
= keywords = |
Latest revision as of 03:27, 10 May 2024
Ruckus / Brocade Switches
See Ruckus
Connect
Connect on Linux
# apt install tio tio -b 9600 /dev/ttyS0 tio -b 9600 /dev/ttyUSB0
# apt install minicom minicom -b 9600 -D /dev/ttyS0 minicom -b 9600 -D /dev/ttyUSB0
Connect on Windows
Use Tera Term or Putty and connect to COMX with Baud 9600
CLI
Show Config
sh run
All but "show config" will need "enable"
>enable
Interface Show
Show Interfaces
sh int bri
Show specific port:
show int eth 1/1/1
Show management port:
sh int bri | begin mgmt
License
Show licenses:
sh license
Logs
Show logs:
sh log
Clear logs:
clear log
Sample:
Syslog logging: enabled ( 0 messages dropped, 1 flushes, 0 overruns) Buffer logging: level ACDMEINW, 0 messages logged level code: A=alert C=critical D=debugging M=emergency E=error I=informational N=notification W=warning Dynamic Log Buffer (50 lines): Jan 1 12:19:30:I:Security: SSH login by myuser from src IP 10.10.10.10 from src MAC xxxx.xxxx.xxxx to USER EXEC mode using RSA as Server Host Key. Jan 1 00:00:57:I:STP: VLAN 1 Port 1/1/30 STP State -> FORWARDING (FwdDlyExpiry) Jan 1 00:00:55:I:STP: VLAN 1 Port 1/1/48 STP State -> LEARNING (FwdDlyExpiry)
Management IP Show
Show IP:
show ip
Pagination
>enable
to skip pagination:
skip # or skip-page-display Disable page display mode
to page:
page Enable page display mode
Ping
ping [IP]
POE
Enable POE:
conf t interface eth 1/1/1 inline power
Disable POE:
conf t interface eth 1/1/1 no inline power
Show Interface POE:
show inline power
Show Interface POE details: (and firmware version)
show inline power details
Limit POE on interface:
int ent ethernet 1/1/1 to 1/1/48 inline power inline power power-limit 25000
Reboot Switch
reload
Version
Show switch version and model and serial:
show version sh ver
Example:
>sh ver ... UNIT 1: compiled on Mar 2 2012 at 12:38:17 labeled as ICX64S07400 (10360844 bytes) from Primary ICX64S07400.bin SW: Version 07.4.00T311 Boot-Monitor Image size = 512, Version:07.4.00T310 (kxz07400) HW: Stackable ICX6450-48-HPOE ========================================================================== UNIT 1: SL 1: ICX6450-48p POE 48-port Management Module Serial #: BZTXXXXXXXX License: BASE_SOFT_PACKAGE (LID: dbvHKIFjFox) ...
VLAN Show
Show VLANs:
show vlan
Config
Configure:
enable configure terminal # or conf t
Show Config:
show config sh run
Write Config:
write mem
Clear Config:
erase startup-config
Hostname
hostname [name]
Interface
sh int bri
Show specific port:
show int eth 1/1/1
Show management port:
sh int bri | begin mgmt
Disable Interface
int eth 1/1/48 disable enable
IP
Management Interface DHCP Client
dhcp ip
ip dhcp-client enable ip dhcp-client auto-update enable no ip dhcp-client enable
Static IP
ip address 10.10.10.104/24 # or ip address 10.10.10.104 255.255.255.0
ip default-gateway 10.10.10.1 no ip dhcp-client auto-update enable no ip dhcp-client enable
Show IP:
show ip
SFP
GBIC
# show media ... Port 1/3/1: Type : EMPTY Port 1/3/2: Type : EMPTY Port 1/3/3: Type : 1G M-TX(SFP) Port 1/3/4: Type : EMPTY
# sh media et 1/3/3 Port 1/3/3: Type : 1G M-TX(SFP) Vendor: XXX Version: D1 Part# : SFP-1000BASE-TX Serial#: XXX
# sh int bri .. 1/3/3 Up Forward Full 1G None No 1 0 xxxx.xxxx.xxxx
#sh int et 1/3/3 10GigabitEthernet1/3/3 is up, line protocol is up
Note: If a 1-Gbps optic transceiver is inserted, you must configure the port using the speed-duplex 1000-full-master command at the interface level. [1]
Enable port: [2]
# conf term # int ethernet 1/3/3 # speed-duplex 1000-full-master
or short form: [3]
config t int e 1/2/1 speed 1000-full
# sh run ... stack unit 1 module 1 icx7150-48pf-poe-port-management-module module 2 icx7150-2-copper-port-2g-module module 3 icx7150-4-sfp-plus-port-40g-module stack-port 1/3/1 stack-port 1/3/3 ! interface ethernet 1/3/3 speed-duplex 1000-full !
10GE SFP+
- 10GE SR 300m ((SFP+))
- 10GE USR 100m (SFP +)
Spanning Tree
Disable Spanning Tree On specific port:
interface ethernet 1/1/1 loop-detection no spanning-tree !
SSH
Show ssh config settings:
sh ip ssh config
> sh ip ssh config ... SSH server : Enabled SSH port : tcp\22 Host Key : DSA 1024, RSA 1024 Encryption : aes256-cbc, aes192-cbc, aes128-cbc, aes256-ctr, aes192-ctr, aes128-ctr, 3des-cbc ... Authentication methods : Password, Public-key, Interactive ...
Enable SSH:
## Generate keys crypto key generate rsa # ^ Their offer: ssh-rsa crypto key generate dsa # ^ Their offer: ssh-dss # Add admin user: username admin pri 0 password [PASSWORD] # enable aaa authentication login default local
Disable SSH:
crypto key zeroize crypto key zeroize dsa
Note, the ICX uses really old key exchange method 'diffie-hellman-group1-sha1'
debug1: kex: algorithm: diffie-hellman-group1-sha1 debug1: kex: host key algorithm: ssh-rsa # or debug1: kex: host key algorithm: ssh-dss debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none
To allow diffie-hellman-group1-sha1, edit either .ssh/config(to host) or /etc/ssh/ssh_config and add the following:
# ICX SSH KexAlgorithms +diffie-hellman-group1-sha1 HostKeyAlgorithms +ssh-dss,ssh-rsa PubkeyAcceptedKeyTypes +ssh-dss,ssh-rsa
NOTE: If you want to have the switch connect in reverse to do firmware updates, make sure to add the same to /etc/ssh/sshd_config
# Allow Legacy ICX switches to connect KexAlgorithms +diffie-hellman-group1-sha1 HostKeyAlgorithms +ssh-dss,ssh-rsa
## PubkeyAcceptedKeyTypes +ssh-dss,ssh-rsa # icx doesn't have a private key option - sadness
Public Keys
- Note: The public key file may contain up to 16 DSA or RSA key pairs.
- Note: Each key in the public key must be in exactly this format (remove the ssh-rsa prefix, the 'Comment' line is optional): [4]
- Note: Use a 2048 bit key (ssh-keygen -b 2048). The larger key will generate connect issues for 6450s (probably 7150s too). (no key from blob. pkalg ssh-rsa: invalid format) [5]
ssh-keygen -b 2048
---- BEGIN SSH2 PUBLIC KEY ---- Comment: "2048-bit RSA, converted from OpenSSH" AAAAB3NaC1yc2EAAAABIwAAAQEA0pt94yJmKwPfPZnxxYSS1aVaaqWgRM79EfRXf2XUrs 834hx881MmQedye1oJrntvA8LyVUIepOdbc874i4259mtSXx+cfZW0/QeJggT/1zE82+n w706gGqNsE+XsT12bi6KU4Al2IWULce74yfQY9/amy38ZPCesKKurH4+2m/Ba69391lp nJ0BIQidn+I8hARUGayrOTrx/e2^kdC+2aNh6mS17KDiRyj8WBV3F5z5f5rlYBL/WoJ2beo R3L6H6wHXP8dZ1F4IqeVxeIimkFTzMEE*r/wHCnhewetnDy3iJAgr0TXTicJ1Qpb1MCBkB XaynjuDYSf4Kmgn8znaQ== ---- END SSH2 PUBLIC KEY ----
Copy the combined key file (up to 16 keys) to tftp server, and have the ICX pull and override keyfile with:
conf term ip ssh pub-key-file tftp [TFTP_IP] [PATH/keyfile.txt]
List keys:
show ip client-pub-key
Remove pub key file:
ip ssh pub-key-file remove
Neighbour Detection
Neighbour Detection [6]
Link Layer Discovery Protocol (LLDP) - Vendor agnostic link layer protocol to advertise device capabilities and directly connected neighbours on the network.
lldp run show lldp neighbors
Foundry Discovery Protocol (FDP) - Foundry/Brocade specific link layer protocol to advertise device capabilities and directly connected neighbours on the network.
fdp run show fdp neighbors
Cisco Discovery Protocol (CDP) - Cisco specific link layer protocol to advertise device capabilities and directly connected neighbours on the network.
cdp run show cdp neighbors
VLAN
Show VLANs:
show vlan
Clear VLAN:
no vlan [#]
Time
Daylight Saving (Summer Time) [7]
clock summer-time zone us pacific start 02-28-21 02:00:00 end 10-30-21 02:00:00 offset 60
Note: Will have to be manually updated each year.
Users
Add Users:
username admin password [PASSWORD] no username admin
username myuser privilege [LEVEL] password [PASSWORD] # LEVEL: <0 READ-WRITE, 4 PORT-CONFIG, 5 READ-ONLY> User privilege level
Require Login:
aaa authentication web-server default local aaa authentication login default local
Configure seperate enable privilege passwords:
enable super-user-password [PASSWORD] enable port-config-password [PASSWORD] enable read-only-password [PASSWORD]
no enable super-user-password
Enter enable mode:
enable
Show who logged in as:
sh who
Privilege Levels
3 privileged levels:
- enable super-user-password [PASSWORD]] - Super-user level password
- enable port-config-password [PASSWORD]] - Port level configuration password
- enable read-only-password [PASSWORD]] - Read-only level password
- Super User level - Allows complete read-and-write access to the system. This is generally for system administrators and is the only management privilege level that allows you to configure passwords.
- Port Configuration level - Allows read-and-write access for specific ports but not for global (system-wide) parameters.
- Read-only level - Allows access to the Privileged EXEC mode and User EXEC mode of the CLI but only with read access.
Firmware
Select Boot Slot
Show boot configuration:
ICX7450 #sh boot-preference Boot system preference(Configured): Use Default Boot system preference(Default): Boot system flash primary Boot system flash secondary
Select second boot slot:
ICX7450# Boot system flash secondary
Show boot configuration after change:
ICX7450# sh boot-preference Boot system preference(Configured): Boot system flash secondary Boot system preference(Default): Boot system flash primary Boot system flash secondary
Show configuration:
ICX7450# sh run Current configuration: ! ... ! boot sys fl sec
Reset Password
As switch boots up, when you see the following, press 'b':
Enter 'b' to stop at boot monitor:
then type "no password":
no password
then type "boot" to continue booting:
boot # or boot_primary
Then either change password
enable conf t
keywords
- ↑ https://docs.commscope.com/bundle/icx7150-installguide/page/GUID-B346251F-DFCC-4441-B047-6E3A3E88839C.html
- ↑ https://docs.commscope.com/bundle/icx7150-installguide/page/GUID-B346251F-DFCC-4441-B047-6E3A3E88839C.html
- ↑ https://community.ruckuswireless.com/t5/ICX-Switches/Configuring-SFP-port-on-7150-C08p/td-p/27124
- ↑ ref https://docs.commscope.com/bundle/fastiron-08095-securityguide/page/GUID-E00DB049-9D65-4438-A64F-A947648A70AE.html
- ↑ https://apple.stackexchange.com/questions/356323/ssh-fails-with-ssh-dispatch-run-fatal-invalid-format
- ↑ https://support.purdi.com/hc/en-gb/articles/360021220292-Ruckus-ICX-Neighbour-Detection-using-LLDP-CDP-FDP
- ↑ https://docs.commscope.com/bundle/fastiron-08091-managementguide/page/GUID-E670EE11-FBD6-4D1E-9099-6E231887D245.html