CSS Administration Guide (Software Version 7.20)
Configuring CSS Basics
Download this chapter
Configuring CSS BasicsConfiguring CSS Basics
Download the complete book
Cisco Content Services Switch Administration Guide (Software Version 7.20), Book-Length PDF Cisco Content Services Switch Administration Guide (Software Version 7.20), Book-Length PDF (PDF - 4 MB)
give_us_feedback

Table Of Contents

Configuring CSS Basics

Initial Setup Quick Start

Changing the Administrative Username and Password

Creating Usernames and Passwords

Configuring the Ethernet Management Port

Configuring an IP Address for the Ethernet Management Port

Configuring a Subnet Mask

Configuring a Management Port Default Gateway

Configuring an IP Route

Configuring Date, Time, and Time Zone

Setting the Date

Setting the European Date

Setting the Time

Setting the Time Zone

Showing the Date and Time

Synchronizing the CSS with an SNTP Server

Configuring the SNTP Server

Configuring the SNTP Poll Interval

Showing SNTP Configuration Information

Configuring a Host Name

Where to Go Next


Configuring CSS Basics

This chapter describes the initial configuration procedures for the CSS. Information in this chapter applies to all CSS models, except where noted.

This chapter contains the following major sections:

Initial Setup Quick Start

Changing the Administrative Username and Password

Creating Usernames and Passwords

Configuring the Ethernet Management Port

Configuring an IP Route

Configuring Date, Time, and Time Zone

Synchronizing the CSS with an SNTP Server

Configuring a Host Name

Initial Setup Quick Start

Table 2-1 is a quick start configuration table designed to help you configure the CSS quickly and easily. This table provides the following basic steps:

Log in and access config mode

Change the default administrative username and password

Create additional usernames and passwords to log in to the CSS (optional)

Access boot mode to configure an IP address and subnet mask for the Ethernet management port

Configure a static route for destination networks that are outside the local subnet of the CSS (optional)

Configure a default IP route

Enter the date, time, and time zone (optional)

Specify a Simple Network Time Protocol (SNTP) server (optional)

Following Table 2-1 is an overview of the CSS system software and commands for the initial setup of the CSS.

Once you configure the Ethernet management port IP address, you can continue to use the console port or you can use the Ethernet management port to Telnet in to the CSS and configure it remotely.

Table 2-1 Initial Setup Quick Start 

Task and Command Example

1. Log in to the CSS using the default administrative username admin and password system, or the username and password assigned to you during the boot process.

Refer to Chapter 1, Booting, Logging In, and Getting Started for details on logging in to the CSS.

2. Access config mode. 

# config

(config)#

3. Change the default administrative username and password. 

(config)# username-offdm bobo password secret

4. Create usernames and passwords to log in to the CSS (optional). The CSS supports a maximum of 32 usernames, including the administrator and technician usernames. You can assign each user with SuperUser or User status. 

(config)# username picard password "captain" superuser

5. Access boot mode to configure an IP address for the Ethernet management port. This IP address must be on a different subnet than any other CSS virtual LAN (VLAN) circuit IP subnet or you will not be able to access the port. You must reboot the CSS for the new IP address to take effect. 

(config)# boot

(config-boot)# ip address 172.16.6.58

6. Configure a subnet mask for the Ethernet management port in boot mode. 

(config-boot)# subnet mask 255.255.255.0

7. Exit from boot mode to config mode. 

(config-boot)# exit

8. Configure a static IP route, as required. 

(config)# ip route 192.168.3.123/16

9. Exit from config mode to configure a date. The clock date command does not allow backspacing. If you enter a wrong date, reenter the command with the new information.

Enter the date in the format mm-dd-yy. 

# clock date

Enter date: [12-31-03] 12-31-03

To use the European format to specify the date (using the format of day, month, and year), access config mode and use the date european-date command to enable the clock date command to accept date input in the format of day, month, and year. 

(config)# date european-date

(config)# exit

# clock date

Enter date: [31-12-03] 31/12/03

10. Configure the time using the clock time command. The clock time command does not allow backspacing. If you enter the wrong time, reenter the command with the new information.

Enter the time in the format hh:mm:ss. 

# clock time

Enter time: [15:17:33] 16:17:33

11. (Optional) Specify the time zone and Universal Time Coordinated (UTC) offset if you are using an SNTP server to synchronize the CSS system clock. 

# clock timezone EST hours 3 before-UTC

12. (Optional) Access config mode and specify the SNTP server and the polling frequency if you are using an SNTP server to synchronize the CSS system clock. 

# config

(config)# sntp server 192.168.19.21 version 2

(config)# sntp poll-interval 90

13. Save your configuration changes to the running-config file (recommended). If you do not save changes to the running-config file, all configuration changes are lost upon reboot. 

(config)# exit

# copy running-config startup-config

Changing the Administrative Username and Password

During the initial log in to the CSS you enter the default user name admin and the default password system in lowercase text. For security reasons, you should change the administrative username and password. Security on your CSS can be compromised because the administrative username and password are configured to be the same for every CSS shipped from Cisco Systems.

The administrative username and password are stored in nonvolatile random access memory (NVRAM). Each time you reboot the CSS, it reads the username and password from NVRAM and reinserts them in to the user database. SuperUser status is assigned to the administrative username by default.

You can change the administrative username and password, but because the information is stored in NVRAM, you cannot permanently delete them. If you delete the administrative username using the no username command, the CSS deletes the username from the running-config file, but restores the username from NVRAM when you reboot the CSS.

Use the username-offdm name password text command to change the administrative username or password.

Note You can also use the Security Options menu from the Offline DM menu (accessed during the boot process) to change the administrative username and password. Refer to Appendix B, Using the Offline Diagnostic Monitor Menu for information on the Offline DM menu.

For example, to change the default administrative username and password to a different username and password, enter. 

(config)# username-offdm bobo password secret

Creating Usernames and Passwords

The CSS supports a maximum of 32 usernames, including an administrator username and a technician username. You can assign each user that logs into the CSS with SuperUser or User status.

User - Allows access to a limited set of commands that enable you to monitor and display CSS parameters, but not change them. A User prompt ends with the > symbol. To view the commands available in User mode, at the User prompt, enter ?.

By default, new users have only user-level status unless you configure them to have SuperUser status.

SuperUser - Allows access to the full set of CLI commands, including those in User mode, that enable you to configure the CSS. A SuperUser prompt ends with the # symbol.

From SuperUser mode, you can enter global configuration mode and its subordinate configuration modes.

Use the username command to create usernames and passwords to log in to the CSS. The syntax for this global configuration mode command is:

username name [des-password|password] password {superuser} {dir-access access}

Note Any user with SuperUser status can create CSS usernames. To allow only administrator or technician users to create usernames, use the restrict user-database command (see Chapter 3, Managing the CSS Software).

The options and variables are as follows:

name - Sets the username you want to assign or change. Enter an unquoted text string with no spaces and a maximum of 16 characters. To see a list of existing usernames, enter username ?.

des-password - Specifies that the password you enter is the Data Encryption Standard (DES) form of the password. Use this option only when you are creating a script or a startup configuration file. Enter a DES-encrypted, case-sensitive, unquoted text string with no spaces from 6 to 64 characters.

Note If you specify the des-password option, you must know the encrypted form of the password to successfully log in to the CSS. You can find the CSS encrypted password in the Global section of the running-config. To display the running-config, use the show running-config command.

password - Specifies that the password is not encrypted onyour display as you enter it. However, the CSS DES-encrypts the password in the running-config for extra security. Use this option when you use the CLI to create users. Enter a case-sensitive, unquoted text string with no spaces from 6 to 16 characters.

password - The text string that you enter. The CSS allows all special characters in a password except for the percent sign (%).

superuser - (Optional) Specifies SuperUser privileges to allow a user to access SuperUser mode. If you do not enter this option, the user can only access User mode.

dir-access access - (Optional) Defines the CSS directory access privileges for the username. There are access privileges assigned to the seven CSS directories; Script, Log, Root (installed CSS software), Archive, Release Root (configuration files), Core, and MIBs. By default, users have both read- and write-access privileges (B) to all seven directories. Changing the access level also affects the use of the CLI commands associated with directories.

Enter one of the following access privilege codes for the CSS Script, Log, Root, Archive, Release Root, Core, and MIB directories, in this order:

R - Read-only access to the CSS directory

W - Write-only access to the CSS directory

B - Both read- and write-access privileges to the CSS directory

N - No access privileges to the CSS directory

The following example creates a SuperUser named picard with a password of captain. 

(config)# username picard password "captain" superuser

Figure 2-1 shows how the access privilege settings corresponds to the CSS directories.

Figure 2-1 CSS Directory Access Privileges

For example, to define directory access for username picard, enter: 

(config)# username picard password "captain" superuser NWBNNNR

To display a list of existing usernames, enter: 

(config)# username ?

To remove an existing username, enter: 

(config)# no username picard

To change a user password, reenter the username command and specify the new password. Remember to include SuperUser privileges if required. For example: 

(config)# username picard password "flute" superuser

Caution The no username command removes a user permanently. Make sure you want to perform this action because you cannot undo this command.

Configuring the Ethernet Management Port

You can directly communicate with the CSS and enter command line interface (CLI) commands using the Ethernet management port. You must assign an IP address and a subnet mask to be able to access the Ethernet management port. You can also configure an Ethernet management port default gateway to load a boot file on a CSS across different subnets.

The Ethernet management port is located on the:

CSS 11501 front panel

CSS 11503 and CSS 11506 SCM front panels

The CSS enables you to configure an IP address, a subnet mask, and a default gateway:

At the prompts during the boot process

Using the Offline DM menu

Using CLI commands

For information on configuring an IP address, subnet mask, and default gateway for the Ethernet management port using CLI commands, see the following sections. Refer to Appendix B, Using the Offline Diagnostic Monitor Menu for information on using the Offline DM Main menu to configure an IP address, subnet mask, and default gateway during the boot routine.

Note Access control lists (ACLs) are not supported on the CSS Ethernet management port.

This section includes the following topics:

Configuring an IP Address for the Ethernet Management Port

Configuring a Subnet Mask

Configuring a Management Port Default Gateway

Configuring an IP Address for the Ethernet Management Port

Use the ip address command to configure an IP address for the CSS Ethernet management port. This command is available in boot mode. The ip address command does not have a no version. To change the IP address, reenter the ip address command and enter the new IP address.

You must reboot the CSS for the new IP address to take effect.

Note The Ethernet management port IP address must be on a different subnet than any other CSS VLAN circuit IP subnet. If you do not make the Ethernet management port IP address unique, you will not be able to access the port.

An IP address of 0.0.0.0 for the Ethernet management port is a legal setting and disables the management port upon reboot. If you enter 0.0.0.0, and attempt to use the subnet mask command, the following message appears:

The mask cannot be set because the IP address is 0.0.0.0.

For example, to specify an Ethernet management port IP address in boot mode, enter: 

(config)# boot

(config-boot)# ip address 172.16.6.58

Configuring a Subnet Mask

Use the subnet mask command to configure the CSS subnet mask for the Ethernet management port. This command is available in boot mode.

You must reboot the CSS for the new subnet mask to take effect.

For example, to specify an Ethernet management port subnet mask of 255.255.255.0, enter: 

(config)# boot

(config-boot)# subnet mask 255.255.255.0

To remove the configured subnet mask, enter: 

(config-boot)# no subnet mask

Configuring a Management Port Default Gateway

Use the gateway address command to configure an Ethernet management port default gateway for use in Offline DM. The gateway address command allows you to boot the CSS from the Offline DM when the boot image resides on a different subnet. This command is available in boot mode.

To disable the default gateway address and set it to an IP address of 0.0.0.0, use the no form of the gateway address command. A gateway address of 0.0.0.0 for the Ethernet management port does not appear in the show boot-config command output for the CSS boot configuration.

To specify a default gateway address for the Ethernet management port for use in Offline DM, enter: 

(config)# boot

(config-boot)# gateway address 172.16.57.2

To disable the default gateway address and set the IP address to 0.0.0.0, enter: 

config-boot)# no gateway address

If you have a second SCM installed in a CSS 11503 or CSS 11506, use the passive gateway address command to configure the management port gateway address in the passive SCM boot-config (see Chapter 4, Specifying the CSS Boot Configuration).

Configuring an IP Route

To establish IP connectivity to the CSS, a static IP route is required to connect the CSS to next hop router. A static route consists of a destination network address and mask and the next hop to reach the destination. You can also specify a default static route (using 0.0.0.0 as the destination network address and a valid next hop address) to direct frames for which no other destination is listed in the routing table. Default static routes are useful for forwarding otherwise unrouteable packets by the CSS.

When you configure a static IP route, the CSS periodically polls the next hop router with an internal ICMP keepalive service to ensure the router is functioning properly. If the router fails, the CSS removes any entries from the routing table that point to the failed router and stops sending traffic to the failed router. When the router recovers, the CSS:

Becomes aware of the router

Reenters applicable routes in to the routing table

To configure a static IP route, use the ip route command and specify one of the following:

An IP address and prefix length; for example, 192.168.1.0 /24

An IP address and a subnet mask; for example, 192.168.1.0 255.255.255.0

The syntax for the ip route command is:

ip route ip_address subnet mask ip_address2

The variables are as follows:

ip_address - The destination network address. Enter the IP address in dotted-decimal notation (for example, 192.168.11.1).

subnet_mask - The IP subnet mask. Enter the mask as either:

A prefix length in CIDR bit-count notation (for example, /24)

An IP address in dotted-decimal notation (for example, 255.255.255.0)

ip_address2 - The next hop address for the route. Enter the IP address in dotted-decimal notation (for example, 192.168.11.1).

For example, to configure a static IP route to destination network address 192.168.0.0 /16 and a next hop address of 192.168.1.1, enter: 

(config)# ip route 192.168.0.0 /16 192.168.1.1

For example, to configure a default IP route using a destination address of 0.0.0.0/0 and a next hop address of 192.167.1.1, enter: 

(config)# ip route 0.0.0.0 /0 192.167.1.1

Refer to Chapter 6, Configuring CSS Network Protocols for complete information on configuring IP routes.

Configuring Date, Time, and Time Zone

Use the clock command to set the date, time, or time zone for the CSS. When you enter this command, the CSS displays the current date and time.

The clock command does not allow backspacing. If you enter the wrong date, time, or time zone, you must reenter the command with the new information.

This section includes the following topics:

Setting the Date

Setting the European Date

Setting the Time

Setting the Time Zone

Showing the Date and Time

Setting the Date

Use the clock date command to set the date. A prompt appears to show the current date in the correct format to use. Enter the month, day, and year as integers with dash characters separating them. For example, enter June 15th 2003 as 06-15-03.

Enter the new date in the format mm-dd-yy as shown: 

# clock date

Enter date: [12-31-03] 12-31-03

Setting the European Date

Use the date european-date global configuration mode command to specify the date in the European format of day, month, and year. This command enables the clock date command to accept the date in day, month, and year, separated by slashes (/).

Enter the new date in the format dd/mm/yy as shown: 

(config)# date european-date

(config)# exit

# clock date

Enter date: [31-12-03] 31/12/03

To reset the format for the clock date command to the default of month, day, and year, enter: 

(config)# no date european-date

Setting the Time

Use the clock time command to set the time. This command sets the time in military-time (24-hour) format. A prompt appears to show the current time in the correct format to use. Enter the hour, minutes, and seconds as integers, separated by colons.

Enter the new time in the format hh:mm:ss as shown: 

# clock time

Enter time: [15:12:38] 16:12:38

Setting the Time Zone

Use the clock timezone command to specify a time zone for the CSS, which synchronizes the CSS system clock with an SNTP server. The time stored in the CSS is the local time. The SNTP server calculates the Universal Time Coordinated (UTC, also known as Greenwich Mean Time) time by offsetting the time zone from the local time. If required, you can apply a negative offset to the UTC (for example, -05:-23:+00) or a positive offset to the UTC (for example, +12:+00:+00).

Use the no form of the clock timezone command to reset the time zone information to 00:00:00, and also to set the clock to the new time without the time zone offset.

Note The use of the clock timezone command assumes you are using the CSS with an SNTP server to synchronize the CSS system UTC time to that of a designated SNTP server. Without a configured SNTP server, the time zone information is not used. See the "Synchronizing the CSS with an SNTP Server" section for details.

The syntax for the clock timezone command is:

clock timezone name hours hours {before-UTC|after-UTC} {minute minutes {before-UTC|after-UTC}

The options and variables are as follows:

timezone name - The name of the time zone. Enter a name with a maximum of 32 characters and no spaces.

hours hours - The hours of offset for the time zone. Enter a number from 0 to 12. Use with the before-UTC option or after-UTC option to set the offset to either a negative or positive number.

before-UTC - The offset for UTC as a negative number. For example, if the hour offset is 12, before-UTC sets the offset to -12.

after-UTC - The offset for UTC as a positive number (the default offset).

minute minutes - The minutes of offset for the time zone. Enter a number from 0 to 59. Use with the before-UTC option or after-UTC option to set the offset to either a positive or negative number.

For example, to enter the new time zone for Eastern Standard Time (EST) with a -3 hour offset: 

# clock timezone EST hours 3 before-UTC

To set the time zone offset back to 00:00:00 (and also set the clock to the new time without the time zone offset): 

# no clock timezone

Showing the Date and Time

Use the show clock command to display the current date and time. For example: 

# show clock

Table 2-2 describes the fields in the show clock command output.

Table 2-2 Field Descriptions for the show clock Command 

Field
Description

Date

The configured date in the format of month, day, and year; for example, the date June 15th 2003 appears as 06-15-2003.

If you use the date european-date command, the format is day, month, and year. For example, the date June 15th 2003 appears as 15-06-2003.

Time

The configured time in the format of hour, minute, and second; for example, 16:23:45.

If you configure an SNTP server, the show clock command displays the time adjusted with the time zone offset. The show clock command displays the UTC time from the SNTP server. If you configure a time zone, the show clock command displays the time adjusted with the time zone offset. For example, if the UTC time from the server is 16:30:43 and you configure a time zone negative offset of 5 hours and 30 minutes (-05:-30:+00), the displayed time becomes 11:00:43.

Timezone

The configured time zone offset from an SNTP server. All zeros (00:00:00) indicate that no offset was configured for the time zone. A negative symbol (-) indicates a negative offset to the UTC (for example, -05:-23:+00). A positive symbol (+) indicates a positive offset to the UTC (for example, +12:+00:+00).


Synchronizing the CSS with an SNTP Server

Use the sntp command to configure the Simple Network Time Protocol (SNTP) on the CSS. Use SNTP when you need to synchronize computer system clocks on the Internet to that of a designated SNTP server. SNTP is a simplified, client-only version of the Network Time Protocol (NTP) that enables the CSS time-of-day to be synchronized with any SNTP server.

Accurate time-of-day is provided by synchronizing to the UTC time, which provides time within 100 milliseconds of the accurate time. You can configure information about the local time zone so the time appears correctly relative to the local time zone. The CSS can receive the time from only a single SNTP server (in unicast mode), but the CSS cannot be used to provide time services to other devices.

Before you synchronize the CSS with an SNTP server, make sure you configure the proper time zone for the CSS (for example, to EST). Also make sure the time difference between the CSS internal clock and the SNTP server clock is less than 24 hours. Otherwise, the CSS will not synchronize its clock with the SNTP server. To configure the time on the CSS, see the "Configuring Date, Time, and Time Zone" section for details.

For detailed information on configuring the SNTP server, consult the documentation provided with the server.

This section includes the following topics:

Configuring the SNTP Server

Configuring the SNTP Poll Interval

Showing SNTP Configuration Information

Configuring the SNTP Server

Use the sntp server command to specify the SNTP server. The syntax for this command is:

sntp server ip_address {version number}

The options and variables are as follows:

server ip_address - The IP address for the SNTP server. Enter an IP address in dotted-decimal notation (for example, 192.168.1.0).

version number - The version number of the SNTP server. Enter a version number between 1 and 4. The default is 1.

To configure an SNTP server (running version number 3), enter: 

(config)# sntp server 192.168.19.21 version 3

To remove the specified SNTP server, enter: 

(config)# no sntp server

Configuring the SNTP Poll Interval

Use the sntp poll-interval command to specify the poll interval for SNTP request messages. The poll interval is the time (in seconds) between successive SNTP request messages to the server. Continuous polling is critical for the CSS to obtain time from the SNTP server and ensure the local time matches the "real time" of the server. The valid entries are 16 to 16284 seconds. The default is 64 seconds.

To specify an SNTP poll-interval of 90 seconds, enter: 

(config)# sntp poll-interval 90

To return the SNTP poll-interval to the default setting of 64 seconds, enter: 

(config)# no sntp poll-interval

Showing SNTP Configuration Information

To display the SNTP configuration information on the CSS, enter the show sntp global command. For example: 

(config)# show sntp global

Table 2-3 describes the fields in the show sntp global command output.

Table 2-3 Field Descriptions for the show sntp global Command

Field
Description

Server Address

The IP address for the SNTP server.

Version

The version number of the server. The default is 1.

Poll Interval

The time in seconds between SNTP request messages. The range is 16 to 16284. The default is 64.

TimeSinceLastUpdate

The time in seconds since the last server reply.

Server Status

The operating status of the SNTP server, Up or Down.


Configuring a Host Name

Use the host command to manage entries in the Host table. The Host table is the static mapping of mnemonic host names to IP addresses, which is analogous to the ARP table.

The syntax for this global configuration mode command is:

host host_name ip_address

The variables are as follows:

host_name - The name of the host. Enter an unquoted text string with no spaces and a length from 1 to 16 characters.

ip_address - The address associated with the host name. Enter the IP address in dotted-decimal notation (for example, 192.168.11.1).

To add a host to the Host table, the host name must not exist in the Host table. To change a current host address, remove the host name and then add it again to the Host table.

For example: 

(config)# host CSS11501-LML 192.168.3.6

To remove the existing host from the Host table, enter: 

(config)# no host CSS11501-LML

To display a list of host names, enter: 

(config)# show running-config global

Where to Go Next

Chapter 3, Managing the CSS Software provides details on managing the CSS software. It discusses the use of the running-config and startup-config files, specifying file storage locations for a two-disk CSS, unpacking and removing an ArrowPoint Distribution Image (ADI), and archiving files. Also included in this chapter is an overview of the CSS system software.