Cisco SN 5428 Storage Router Software Configuration Guide, Release 3.3
Chapter 3 - Configuring System Parameters
Downloads: This chapterpdf (PDF - 259.0KB) The complete bookPDF (PDF - 7.54MB) | Feedback

Configuring System Parameters

Table Of Contents

Configuring System Parameters

Prerequisite Tasks

Configuration Tasks

Configuring the Management Interface

Configuring Time and Date

Configuring IP Routes

Configuring Network Management Access

Configuring Passwords

Configuring Administrator Contact Information

Configuring the High-Availability Interface

Configuring for Secure Shell (SSH) Access

Verifying and Saving Configuration


Configuring System Parameters


This chapter explains how to configure system parameters on your SN 5428 Storage Router and contains the following sections:

Prerequisite Tasks

Configuration Tasks

Configuring the Management Interface

Configuring Time and Date

Configuring IP Routes

Configuring Network Management Access

Configuring Passwords

Configuring Administrator Contact Information

Configuring the High-Availability Interface

Configuring for Secure Shell (SSH) Access

Verifying and Saving Configuration

System parameters can be configured or changed using CLI commands, as described in this chapter, or via the web-based GUI. To access the web-based GUI, point your browser to the storage router's management interface IP address. After logging on, click the Help link to access online help for the GUI.

Prerequisite Tasks

Before configuring system parameters, make sure you have finished the following tasks:

Completed the hardware installation according to the Cisco SN 5428 Storage Router Hardware Installation Guide.

Entered values as requested by the initial system configuration script. See the "Initial System Configuration Script" section for more information.


Note You do not need to perform the configuration tasks in this chapter if you ran the complete SN 5428 setup configuration wizard (using the setup CLI command with no keyword), or if you ran the wizards separately using all the setup CLI commands except setup scsi. However, you may wish to perform some of the optional configuration procedures described in this chapter, such as configuring IP routes or SSH access.


Configuration Tasks

To configure system parameters on your SN 5428 Storage Router, perform the following steps:


Step 1 Configure the management interface.

Step 2 Configure the time and date.

Step 3 (Optional) Configure IP routes.

Step 4 (Optional) Configure network management access.

Step 5 Configure passwords.

Step 6 (Optional) Configure administrator contact information.

Step 7 (Optional) Configure the high-availability (HA) interface.

Step 8 (Optional) Configure for Secure Shell (SSH) access.

Step 9 Verify and save configuration.


Note You can verify and save the configuration (by using the save system bootconfig or save all bootconfig command) at any point in the process of performing the configuration tasks.



Figure 3-1 illustrates the example configuration used in this chapter.

Figure 3-1 System Parameters Example Configuration

Configuring the Management Interface

Configuring the management interface consists of tasks for setting the system name, IP address and mask, gateway, and DNS servers. Use the following procedure to configure the management interface.

If you want external servers, such as RADIUS, TACACS+ or SMTP servers, to communicate with the SN 5428 Storage Router via a specific IP address on a Gigabit Ethernet interface (for in-band management), configure the IP address on the desired Gigabit Ethernet interface, as described in Step 4. Save the changes to the bootable configuration (save all bootconfig), and then reboot the storage router.


Note The purpose of Figure 3-1 is an example system configuration only. The IP addresses and all names given below are examples only.


 
Command
Description

Step 1 

enable

Enter Administrator mode.

Step 2 

hostname SN_5428-MG1

Specify or change the system name. The system name identifies the SN 5428 through the management interface and appears immediately in the prompt.

Step 3 

interface mgmt ip-address 10.1.10.244/24

Specify or change the IP address and subnet mask for the management interface.

Note If this storage router is to participate in a cluster, the management interface for all storage routers in the cluster must be on the same IP subnet.

Step 4 

interface ge1 ip-address 10.1.70.85/24 secondary ge2

(Optional) Configure an IP address and subnet mask on ge1 to be used for SN 5428 management and maintenance. Specify ge2 as the secondary interface for this IP address. If the Gigabit Ethernet interface ge1 becomes unavailable and ge2 is available, the IP address will become active on ge2.

Note If you configure a Gigabit Ethernet IP address with a secondary interface, all Gigabit Ethernet IP addresses on the same subnet must also be configured with the same secondary interface.

Step 5 

no restrict ge1 ssh

no restrict ge2 ssh

(Optional) Configure the Gigabit Ethernet interfaces to be used for management and maintenance for access via the desired protocol(s). In this configuration example, management access to the SN 5428 through the configured Gigabit Ethernet IP address is allowed for both ge1 and ge2 via Secure Shell (SSH) protocols.

Step 6 

ip name-server 10.1.40.243 10.1.50.249

(Optional) Set the primary and secondary DNS IP addresses. Specifies the IP address of the primary DNS server if the management interface IP address is to be correlated with a DNS host name. If there is a secondary DNS, the second IP address specifies the IP address of the secondary DNS server.

Step 7 

ip domain-name mystoragenet.com

(Optional) Specify the domain name of the storage router. Use this command in conjunction with the ip name-server command.

Configuring Time and Date

Configuring time and date parameters consists of specifying the time zone, time, date and time server. Use the following procedure to configure the time and date parameters.

 
Command
Description

Step 1 

enable

Enter Administrator mode.

Step 2 

clock timezone US/Pacific

Identify the time zone where the storage router is located. If a time zone is not identified, time is assumed to be GMT.

Note To use the clock timezone command, you must use a valid time-zone string. For a list of valid time-zone strings, use the clock timezone ? command. See "Command Line Interface Reference," for details.

Step 3 

clock set 08:20:00 04 15 2002

Set time and date (for example: time, 8:20 a.m.; date, April 15, 2002).

Step 4 

ntp peer 10.1.60.86

(Optional) Specify the name or IP address of the network time protocol (NTP) server with which the storage router will synchronize the date and time.

Configuring IP Routes

If the storage router requires access to any IP address outside the management subnet, you must configure the appropriate routes in the SN 5428 routing table. You can configure static routes, or if you are using RIP in your network, you can enable the storage router to dynamically learn routes using the routing information protocol (RIP).

When there are multiple routes to the same destination, use administrative distance to determine which route to install in the routing table. The default administrative distance for static routes is 1; the administrative distance for dynamic routes created by RIP is 120. The route with the lower administrative distance is installed in the routing table (as long as the interface used by the route is up).


Note The SN 5428 can learn a maximum of 200 routes. Additional routes that are received are silently ignored. In the SN 5428 routing table, a static route will always override a learned route. To modify this behavior, change the administrative distance of a static route to a value greater than 120.


Static Routes

Use the following procedure to manually configure the SN 5428 routing table using static IP routes.

 
Command
Description

Step 1 

enable

Enter Administrator mode.

Step 2 

ip route 10.1.30.0/24 10.1.10.201

(Optional) Configure a gateway IP address if the storage router is to be managed from a management station outside the storage router management subnet. The second IP address specifies a gateway on the storage router management network that will provide access to a management station.

Note In this configuration example, the mask is set to 24 (255.255.255.0) to allow any host on subnet 10.1.30.0 to be a management station.

Step 3 

ip route 10.1.40.243/32 10.1.10.201 130

Configure a gateway IP address if the primary DNS server is outside the storage router management subnet. The second IP address specifies a gateway on the storage router management network that will provide access to a primary DNS server.

The administrative distance is set at 130, so if RIP is enabled, the route can be overridden by a dynamically learned route.

Note In this configuration example, the mask is set to 32 (255.255.255.255) to specify the host with IP address 10.1.40.243 (the primary DNS server).

Step 4 

ip route 10.1.50.249/32 10.1.10.201

Configure a gateway IP address if the secondary DNS server is outside the storage router management subnet. The second IP address specifies a gateway on the storage router management network that will provide access to a secondary DNS server.

Note In this configuration example, the mask is set to 32 (255.255.255.255) to specify the host with IP address 10.1.50.249 (the secondary DNS server).

Step 5 

ip route 10.1.60.86/32 10.1.10.201

Specify the gateway IP address if the time server is outside the storage router management subnet. The second IP address specifies the gateway on the storage router management network that provides access to the time server.

Note In this configuration example, the mask is set to 32 (255.255.255.255) to specify the host with IP address 10.1.60.86.

Dynamic Routes via RIP Listening

Use the following procedure to configure the storage router to learn routes from RIP advertisements, and dynamically populate the routing table. The storage router supports both RIP version 1 (v1) and RIP version 2 (v2).

The SN 5428 RIP implementation runs RIP v2 in broadcast mode. This allows the storage router to learn from either RIP v1 or RIP v2 hosts that are operating in broadcast mode. The storage router will not learn routes from RIP v2 hosts operating in multicast mode.


Note The storage router is a passive, or silent, RIP device; it updates routes based on RIP advertisements but it does not advertise.


 
Command
Description

Step 1 

enable

Enter Administrator mode.

Step 2 

ip rip enable

Enable RIP listening. The storage router listens for advertised routes, learning routing information dynamically as it is exchanged in the network.

Configuring Network Management Access

Configuring network management access consists of tasks for configuring SNMP. Use the following procedure to configure SNMP for network management access.

 
Command
Description

Step 1 

enable

Enter Administrator mode.

Step 2 

no restrict all telnet

(Optional) Enable Telnet access on all interfaces. By default, Telnet access is enabled on only the management interface.

Step 3 

snmp-server community world ro

(Optional) Specify the name of the community having read-only access of the storage router network (that is, to which community's GET commands the storage router will respond). The default read community is public.

Step 4 

snmp-server community mynetmanagers rw

(Optional) Specify the name of the community having write access to the storage router network (that is, to which community's SET commands the storage router will respond). The default write community is private.

Step 5 

snmp-server host 10.1.30.17 version 2 traps

Specify the IP address for the first destination host used for a specified version of notifications (traps). Version 1 traps is the default version.

Note In this configuration example, the trap hosts have IP addresses that are outside the storage router management subnet. In an earlier step in the Configuring the Management Interface section, a gateway was already specified providing access to hosts on the 10.1.30.0 subnet.

Step 6 

snmp-server host 10.1.30.18 traps

(Optional) Specify the IP address for the second destination host used for notifications (traps). Version 1 traps is the default version.

Step 7 

snmp-server sendauthtraps

(Optional) Enable sending of authentication failure traps.

Step 8 

no snmp-server linkupdown all

(Optional) By default, the SNMP agent is enabled to generate link up/down traps for all interfaces. In this configuration example, the command disables this setting for all interfaces. See "Command Line Interface Reference," to disable this setting for individual interfaces.

Configuring Passwords

Configuring passwords consists of setting the Monitor mode and Administrator mode passwords for access to the 10/100 Ethernet management interface (used for the CLI via Telnet or SSH, and the web-based GUI via HTTP). You can also enable these passwords to restrict access to the EIA/TIA-232 console interface. The factory default password for both Monitor and Administrator modes is cisco.

In a cluster environment, passwords are cluster-wide configuration elements and apply to all storage routers in a cluster. All password management functions are handled by a single storage router. If you issue try to set the Administrator or Monitor mode passwords from a storage router that is not performing password management functions, the CLI displays an informational message with the name of the storage router that is currently handling those functions.

Use the following procedure to configure passwords

 
Command
Description

Step 1 

enable

Enter Administrator mode.

Step 2 

monitor password janu$01

Set the monitor password (for users who only monitor storage router operation).

Step 3 

admin password electr@50

Set the administrator password (for system administrators, allowing configuration changes).

Step 4 

restrict console

(Optional) Enable the Monitor-mode and Administrator-mode passwords to be required when accessing the SN 5428 via a console connected to the EIA/TIA-232 console interface.

Configuring Administrator Contact Information

Configuring administrator contact information consists of tasks for specifying the name, e-mail address, phone number, and pager number of the system administrator for the storage router. Use the following procedure to configure administrator contact information.

 
Command
Description

Step 1 

enable

Enter Administrator mode.

Step 2 

admin contactinfo name "Pat J. Smith" email pjsmith@mystoragenet.com phone "763 555-1117" pager "763 555-7766"

Provide contact name, e-mail address, phone number, and pager number. Enclose each string that contain spaces in single or double quotes.

Note The admin contactinfo command requires that you specify either one parameter or all four parameters.

Configuring the High-Availability Interface

If you configured the SN 5428 for high availability during the initial system configuration, you were prompted to enter an IP address for the high availability (HA) interface. The HA interface is a 10/100 Ethernet interface, and is used along with the management interface to exchange information as heartbeats to detect changes or failures in the cluster.

If you configured the SN 5428 as a stand-alone system, or if you need to change the HA IP address without changing clusters, use the following procedure to configure the HA interface IP address.

 
Command
Description

Step 1 

enable

Enter Administrator mode.

Step 2 

interface ha ip-address 10.1.20.56/24

Specify or change the IP address and subnet mask for the HA interface.

See "Configuring a High Availability Cluster," for more information about configuring SN 5428s in a high availability cluster.

Configuring for Secure Shell (SSH) Access

The SN 5428 Storage Router supports Secure Shell (SSH) as an alternative to Telnet protocol for SN 5428 management. SSH provides encryption and strong authentication for interactive SN 5428 management sessions. The SN 5428 supports SSH protocol version 2 and allows port forwarding.

The SN 5428 SSH implementation supports execution of interactive commands only; non-interactive commands cannot be executed. Secure FTP (sftp) and Secure Copy (scp) are not supported.

SSH is enabled for the SN 5428 and the SSH service is started, by default. However, you must generate a public/private key pair for the SN 5428 before you can use SSH to establish a management session. By default, SSH is restricted on all interfaces except the management interface.

Use the following procedure to configure the SN 5428 to use SSH.

 
Command
Description

Step 1 

enable

Enter Administrator mode.

Step 2 

show ssh

Display the status of the SSH service for the SN 5428. The SSH service is running and is enabled by default (Example 3-1).

Step 3 

ssh enable

(Optional) If SSH is not enabled, start the SSH service.

Step 4 

ssh keygen

Generate the SSH public/private key pair, using the specified number of bits. For example, generate a 1024-bit key pair (the default setting).

Step 5 

show restrict

Display the current protocol restrictions for the SN 5428. Verify that SSH is enabled for the required interface.

Step 6 

no restrict mgmt ssh

(Optional) Enable SSH for the required interfaces. For example, enable SSH for the SN 5428 the management interface.

Step 7 

restrict mgmt telnet

(Optional) If SSH is being used as a replacement for Telnet, you can disable Telnet access through the specified SN 5428 interface (or all interfaces). For example, disable Telnet access via the management interface.

Step 8 

no telnet enable

(Optional) You can also disable Telnet for the entire SN 5428 by stopping the Telnet service.

Step 9 

save system bootconfig

Save changes to the SN 5428 bootable configuration.

Example 3-1 Results of "show ssh" Command

[SN5428]#  show ssh

SSH Server Configuration

               Status: enabled

Verifying and Saving Configuration

Verify the system parameters using the following procedure. You can save the configuration at any time using either the save all bootconfig commands. You must save the running configuration to the bootable configuration for it to be retained in the storage router when it is rebooted.

Use the following procedure to verify configuration information.

 
Command
Description

Step 1 

enable

Enter Administrator mode.

Step 2 

show system

Display system information, such as system name, software version, date and time (including time zone), NTP server, DNS (name server), and management and HA interface IP addresses.

Step 3 

show ip route

(Optional) Display the system route table, if you added any routing information or if you enabled the storage router for RIP listening.

Step 4 

show ip rip

(Optional) Display RIP configuration and operational information, if set.

Step 5 

show snmp

(Optional) Display SNMP management configuration information for the storage router, if set.

Step 6 

show admin

(Optional) Display contact information for the system administrator of the storage router, if set.

Step 7 

show ssh

(Optional) Display SSH operational status, if configured.

Step 8 

show ssh fingerprint

(Optional) Display public key information for the SSH, if set.

Step 9 

show restrict

(Optional) Display the restrict settings, if you made changes to the protocols allowed for the various SN 5428 interfaces.

Step 10 

show bootconfig

(Optional) Display the current boot configuration of the SN 5428.

Step 11 

show runningconfig

(Optional) Display the current running configuration of the SN 5428.