Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter NX-OS Configuration Guide
Configuring Protected Mode
Downloads: This chapterpdf (PDF - 100.0KB) The complete bookPDF (PDF - 4.46MB) | Feedback

Configuring Protected Mode

Table Of Contents

Configuring Protected Mode

About Protected Mode

Configuring Protected Mode

Verifying Protected Mode


Configuring Protected Mode


This chapter describes the protected mode feature supported on the Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter and includes the following sections:

About Protected Mode

Configuring Protected Mode

Verifying Protected Mode

About Protected Mode

By default, protected mode is disabled, and the BladeCenter chassis AMM controls the switch. You can enable protected mode to prevent AMM from controlling the switch. By locking out the AMM from control of the switch, server administrators cannot manage the switch from the AMM. When protected mode is enabled, the AMM cannot control or configure the following features and functions of the switch:

IP addresses

Administration of external ports

Managing the switch with traffic received over external ports

Preventing the switch from reverting to the manufacturing default configuration


Note To prevent physical damage to the switch, the AMM can still reboot or power off the switch when the switch is in protected mode and an over-temperature or over-current condition is detected by the AMM.


These guidelines and restrictions apply to protected mode:

Protected mode must be enabled on the AMM before you enter this command on the switch. For information about enabling protected mode on the AMM, see the documentation provided with your AMM product.

After protected mode is operational on the switch, the AMM cannot configure or administer the switch.

The switch must be rebooted for protected mode to become operational.

Protected mode remains active even when the switch is moved to another chassis.

Recovery from lost passwords requires direct access through the external serial port on the switch.

Configuring Protected Mode

To enable protected mode and prevent the AMM from controlling the switch, perform the following task:


Note Protected mode must be enabled on the AMM before you enter this command on the switch. For information about enabling protected mode on the AMM, see the documentation provided with your AMM product.


 
Command
Purpose

Step 1 

switch # configure terminal

Enters configuration mode.

Step 2 

switch(config)# platform chassis-management protected-mode

Enable the switch to block control from the AMM.

Step 3 

switch(config)# copy running-config startup-config

Copy running-configuration to startup configuration.

Step 4 

switch(config)# reload

Reload the switch.

Note Wait for the software to complete reloading.

Step 5 

switch(config)# exit

Return to global configuration mode.

Step 6 

switch # end

Return to privileged EXEC mode.

The following example shows how to configure protected mode on the switch after it has been enabled on the AMM:

switch(config)# platform chassis-management protected-mode
The switch has been configured to disallow the Chassis management module from operational 
control. The switch must be rebooted for this feature to take effect. Use the "reload" 
command from CLI.
switch(config)# copy running-config startup-config
[########################################] 100%
switch(config)# reload
WARNING: There is unsaved configuration!!!
WARNING: This command will reboot the system
Do you want to continue? (y/n) [n] y
switch(config)# exit

switch # end

To disable protected mode and return control of the switch to the AMM, enter the no platform chassis-management protected-mode and reboot the switch. Then, disable protected mode from AMM.

Verifying Protected Mode

To verify that protected mode is enabled, perform this task:

Command
Purpose

switch # show chassis summary

Verify that protected mode is enabled on the next reboot.

Note After rebooting the switch, enter the show chassis summary user EXEC command to verify that protected mode is operational.


The following example shows how to verify that protected mode has been configured on the switch:


Note MM Prot Mode Support indicates yes in the following example. This shows that protected mode is configured on the AMM.
MM Prot Mode Config indicates yes in the following example. This shows that protected mode is configured on the switch.


switch# show chassis summary
Switch Slot ID         : 10
Chassis type           : IBM BladeCenter   BC-H
Chassis ID             : KQFXBLB
Active MM in Slot      : 1
 
MM Stack Mode Support  : No
MM Prot Mode Support   : Yes
MM Prot Mode Status    : Operational
MM Prot Mode Config    : yes
Ext Mgmt/Ext Ports     : Disabled
 
Switch IP Acquisition  : static
Amm IP Acquisition     : static
 
VPD Def      IP  Addr  : 10.0.0.1
VPD Def      IP  Mask  : 255.255.255.0
VPD Def      Gateway   : 0.0.0.0
 
VPD Curr     IP  Addr  : 10.0.0.1
VPD Curr     IP  Mask  : 255.255.255.0
VPD Curr     Gateway   : 0.0.0.0