Table Of Contents
Changing the Administrative Username and Password
Creating Usernames and Passwords
Configuring the Ethernet Management Port
Configuring an IP Address and Subnet Mask for the Ethernet Management Port
Configuring Static Routes for the Ethernet Management Port
Configuring a Default Gateway for the Ethernet Management Port
Discarding ICMP Redirects on the Ethernet Management Port
Shutting Down the Ethernet Management Port
Configuring the Date, Time, and Time Zone
Configuring Daylight Saving Time
Configuring DST to Occur Every Year
Configuring DST for Only One Year
Synchronizing the CSS with an SNTP Server
Configuring a Primary or Secondary SNTP Server
Configuring the Poll Interval for the SNTP Server
Showing SNTP Configuration Information
Configuring CSS Basics
This chapter describes the initial configuration procedures for the CSS. Information in this chapter applies to all CSS models, except where noted.
This chapter contains the following major sections:
•
Changing the Administrative Username and Password
•
•
•
•
Initial Setup Quick Start
Table 2-1 is a quick start configuration table designed to help you configure the CSS quickly and easily. This table provides the following basic steps:
•
•
•
•
•
•
•
•
Once you configure the Ethernet management port IP address, you can continue to use the console port or you can use the Ethernet management port to Telnet in to the CSS and configure it remotely.
Table 2-1 Initial Setup Quick Start
1.
Refer to Chapter 1, Booting, Logging In, and Getting Started, for details on logging in to the CSS.
2.
# config(config)#3.
(config)# username-offdm bobo password secret4.
(config)# username picard password "captain" superuser5.
(config)# boot(config-boot)# ip address 172.16.6.586.
(config-boot)# subnet mask 255.255.255.07.
(config-boot)# exit8.
(config)# ip route 192.168.0.0 255.255.0.0 192.168.1.19.
Enter the date in the format mm-dd-yy.
# clock dateEnter date: [12-31-03] 12-31-03To use the European format to specify the date (using the format of day, month, and year), access config mode and use the date european-date command to enable the clock date command to accept date input in the format of day, month, and year.
(config)# date european-date(config)# exit# clock dateEnter date: [31-12-03] 31/12/0310.
Enter the time in the format hh:mm:ss.
# clock timeEnter time: [15:17:33] 16:17:3311.
# clock timezone EST hours 3 before-UTC12.
# config(config)# sntp server 192.168.19.21 version 2(config)# sntp poll-interval 9013.
(config)# exit# copy running-config startup-config
The following running-configuration example shows the results of entering the commands in Table 2-1.
!*************************** GLOBAL ***************************username picard des-password 1hbfoeqbyecclcac superusersntp server 192.168.19.21 version 2sntp poll-interval 90ip route 192.168.0.0 255.255.0.0 192.168.1.1 1Changing the Administrative Username and Password
During the initial log in to the CSS you enter the default user name admin and the default password system in lowercase text. For security reasons, you should change the administrative username and password. Security on your CSS can be compromised because the administrative username and password are configured to be the same for every CSS shipped from Cisco Systems.
The administrative username and password are stored in nonvolatile random access memory (NVRAM). Each time you reboot the CSS, it reads the username and password from NVRAM and reinserts them in to the user database. SuperUser status is assigned to the administrative username by default.
You can change the administrative username and password, but because the information is stored in NVRAM, you cannot permanently delete them. If you delete the administrative username using the no username command, the CSS deletes the username from the running-config file, but restores the username from NVRAM when you reboot the CSS.
Use the username-offdm name password text command to change the administrative username or password.
Note
For example, to change the default administrative username and password to a different username and password, enter.
(config)# username-offdm bobo password secretCreating Usernames and Passwords
You can assign each user that logs into the CSS with SuperUser or User status.
•
•
Use the username command to create usernames and passwords to log in to the CSS. The CSS supports a maximum of 32 usernames, including the administrator and technician usernames.
From SuperUser mode, you can enter global configuration mode and its subordinate configuration modes. If you do not specify superuser when configuring a new user, the new user has only user-level status by default.
Caution
The syntax for this global configuration mode command is:
username name [des-password|password] password {superuser} {dir-access access}
The following example creates a SuperUser named picard with a password of captain.
(config)# username picard password "captain" superuserThe options and variables are as follows:
•
•
Note
•
•
•
•
To use the dir-access option, you must first specify the restrict user-database command to implement security restrictions for the CSS user database (refer to the Cisco Content Services Switch Administration Guide).
•
–
–
–
–
Figure 2-1 illustrates the directory access privileges for a username.
Figure 2-1 CSS Directory Access Privileges
For example, to define directory access for username picard, enter:
(config)# username picard password "captain" superuser NWBNNNRTo display a list of existing usernames, enter:
(config)# username ?To remove an existing username, enter:
(config)# no username picardTo change a user password, reenter the username command and specify the new password. Remember to include SuperUser privileges if required. For example:
(config)# username picard password "flute" superuser
Caution
Configuring the Ethernet Management Port
The Ethernet management port provides a connection to the CSS that allows you to perform CSS management functions. The Ethernet management port supports management functions such as:
•
•
•
•
•
•
•
•
•
•
•
•
Note
The Ethernet management port also supports ping and traceroutes initiated from the CSS.
The Ethernet management port is located on the CSS 11501, CSS 11503, or CSS 11506 SCM front panels.
To access the Ethernet management port on the CSS, you must assign an IP address and a subnet mask to the port. If you want to manage the CSS from a subnet that is different from the Ethernet management port, you can configure static routes for the Ethernet management port.
If you want to use the Offline Diagnostic Monitor (Offline DM) menu to boot the CSS from an image that resides on a different subnet, you can configure a default gateway for the Ethernet management port.
Note the following considerations when configuring or using the Ethernet management port:
•
•
•
•
•
•
This section includes the following procedures:
•
•
•
•
•
Configuring an IP Address and Subnet Mask for the Ethernet Management Port
To access the Ethernet management port on the CSS, you must assign an IP address and a subnet mask. When setting the Ethernet management port IP address, note that:
•
•
Use the ip address command to configure an IP address for the Ethernet management port. Use the subnet mask command to configure the subnet mask for the Ethernet management port. Both commands are available in boot mode. You must reboot the CSS for the new Ethernet management port IP address and subnet to take effect.
The first time that you enter an IP address for the Ethernet management port, the CSS automatically configures a default subnet mask of 255.255.255.0. If you want, you can overwrite the default subnet mask with a mask that is appropriate for your application.
For example, to specify an Ethernet management port IP address, enter:
(config)# boot(config-boot)# ip address 172.16.6.58For example, to specify an Ethernet management port subnet mask of 255.255.255.0, enter:
(config-boot)# subnet mask 255.255.255.0Both the ip address command and the subnet mask command do not have a no form of the command. To change the IP address of the Ethernet management port, reenter the ip address command and enter the new IP address. To change the subnet mask, reenter the subnet mask command and enter the new subnet mask.
Configuring Static Routes for the Ethernet Management Port
If you want to manage the CSS from a subnet that is different from the Ethernet management port, you can configure static routes for the Ethernet management port. Static route entries consist of the destination IP network address and the IP address of the next hop router. You can configure a maximum of eight static routes for the Ethernet management port.
Note
Note the following considerations when configuring a static route for the Ethernet management port:
•
•
Use the ip management route command to configure static routes for the Ethernet management port. This command is available in global configuration mode.
The syntax for the ip management route command is:
ip management route ip_address subnet_mask ip_address2
The variables are as follows:
•
•
–
–
•
For example, to configure a static route for the Ethernet management port, enter:
(config)# ip management route 172.27.59.0 /24 172.16.6.100To disable a static route for the Ethernet management port, enter:
(config)# no ip management route 172.27.59.0 /24 172.16.6.100Configuring a Default Gateway for the Ethernet Management Port
The Ethernet management port allows you to boot the CSS from the Offline DM menu when the boot image resides on a different subnet. Use the gateway address command to configure a default gateway for the Ethernet management port. This command is available in boot mode.
To specify a default gateway for the Ethernet management port for use in Offline DM, enter:
(config)# boot(config-boot)# gateway address 172.16.6.110To disable the default gateway and set it to an IP address of 0.0.0.0, use the no form of the gateway address command. For example:
config-boot)# no gateway addressA default gateway of 0.0.0.0 for the Ethernet management port does not appear in the show boot-config command output for the CSS boot configuration.
Discarding ICMP Redirects on the Ethernet Management Port
By default, the Ethernet management port accepts all incoming ICMP redirects. If you do not configure static routes for the management port, the CSS disregards any ICMP redirect packets. However, when you configure static routes for the management port, the CSS incorporates the ICMP redirects to the port as an entry in the routing table.
To enhance security on the CSS when you configure static routes on the management port, we strongly recommend that you configure the CSS management port to discard ICMP redirects.
Note
If you remove a static route when the management port is configured to accept ICMP redirect packets, the CSS removes from the routing table the router entry created by the ICMP redirects associated with the static route.To configure the CSS to discard ICMP redirect packets on the Ethernet management port, enter:
(config)# ip management no-icmp-redirectTo reset the default behavior of accepting ICMP redirect packets on the Ethernet management port, enter:
(config)# no ip management no-icmp-redirectTo view whether the management port accepts or discards ICMP redirect packets, use the show ip configuration command to display the IP Management Port ICMP redirect field. When the port accepts ICMP redirects, the field entry displays enable. When the port discards ICMP redirects, the field entry displays disable.
Shutting Down the Ethernet Management Port
To shut down the Ethernet management port, use the admin-shutdown or shut command.
For example:
•
(config-if[Ethernet-Mgt])# admin-shutdown•
(config-if[Ethernet-Mgt])# shutWhen you use the shut command, the CSS changes the shut command to the admin-shutdown command in the running configuration.
Configuring an IP Route
To establish IP connectivity to the CSS, a static IP route is required to connect the CSS to the next hop router. A static route consists of a destination network address and mask and the next hop to reach the destination. You can also specify a default static route (using 0.0.0.0 as the destination network address and a valid next hop address) to direct frames for which no other destination is listed in the routing table. Default static routes are useful for forwarding otherwise unrouteable packets by the CSS.
When you configure a static IP route, the CSS periodically polls the next hop router with an internal ICMP keepalive service to ensure the router is functioning properly. If the router fails, the CSS removes any entries from the routing table that point to the failed router and stops sending traffic to the failed router. When the router recovers, the CSS:
•
•
To configure a static IP route, use the ip route command and specify one of the following:
•
•
The syntax for the ip route command is:
ip route ip_address subnet mask ip_address2
The variables are as follows:
•
•
–
–
•
For example, to configure a static IP route to destination network address 192.168.0.0 /16 and a next hop address of 192.168.1.1, enter:
(config)# ip route 192.168.0.0 /16 192.168.1.1For example, to configure a default IP route using a destination address of 0.0.0.0/0 and a next hop address of 192.167.1.1, enter:
(config)# ip route 0.0.0.0 /0 192.167.1.1Refer to the Cisco Content Services Switch Routing and Bridging Configuration Guide for complete information on configuring IP routes.
Configuring the Date, Time, and Time Zone
To set the date, time, or time zone for the CSS, use the clock command. When you enter this command, the CSS displays the current date and time.
The clock command does not allow backspacing. If you enter the wrong date, time, or time zone, you must reenter the command with the new information.
This section includes the following topics:
•
Setting the Date
Use the clock date command to set the date. A prompt appears to show the current date in the correct format to use. Enter the month, day, and year as integers with dash characters separating them. For example, enter June 15th 2003 as 06-15-03.
Enter the new date in the format mm-dd-yy as shown:
# clock dateEnter date: [12-31-03] 12-31-03Setting the European Date
Use the date european-date global configuration mode command to specify the date in the European format of day, month, and year. This command enables the clock date command to accept the date in day, month, and year, separated by slashes (/).
Enter the new date in the format dd/mm/yy as shown:
(config)# date european-date(config)# exit# clock dateEnter date: [31-12-03] 31/12/03To reset the format for the clock date command to the default of month, day, and year, enter:
(config)# no date european-dateSetting the Time
Use the clock time command to set the time. This command sets the time in military-time (24-hour) format. A prompt appears to show the current time in the correct format to use. Enter the hour, minutes, and seconds as integers, separated by colons.
Enter the new time in the format hh:mm:ss as shown:
# clock timeEnter time: [15:12:38] 16:12:38Setting the Time Zone
Use the clock timezone command to specify a time zone for the CSS, which synchronizes the CSS system clock with an SNTP server. The time stored in the CSS is the local time. The SNTP server calculates the Universal Time Coordinated (UTC, also known as Greenwich Mean Time) time by offsetting the time zone from the local time. If required, you can apply a negative offset to the UTC (for example, -05:-23:+00) or a positive offset to the UTC (for example, +12:+00:+00).
Use the no form of the clock timezone command to reset the time zone information to 00:00:00, and also to set the clock to the new time without the time zone offset.
Note
The syntax for the clock timezone command is:
clock timezone name hours hours {before-UTC|after-UTC} {minute minutes {before-UTC|after-UTC}
The options and variables are as follows:
•
•
•
•
•
For example, to enter the new time zone for Eastern Standard Time (EST) with a -3 hour offset:
# clock timezone EST hours 3 before-UTCTo set the time zone offset back to 00:00:00 (and also set the clock to the new time without the time zone offset):
# no clock timezoneConfiguring Daylight Saving Time
By default, the CSS does not automatically change its clock for daylight saving time (DST). You can configure the CSS clock to automatically change to accommodate DST and its different policies in countries and territories worldwide. In many places in the world, DST is also known as Summer Time.
The DST feature on the CSS allows you to configure the date to begin and end DST, the time of day, and the number of minutes to offset the time. The DST feature is compatible with the CSS SNTP feature, but also works without having SNTP configured. A CSS configured with both SNTP and DST relies on SNTP to obtain the Coordinated Universal Time (UTC), and the CSS clock timezone information to provide the proper offset from UTC.
Note
To configure the CSS clock for DST, use the clock summer-time command in SuperUser mode. Through this command, you can configure DST to occur every year or for a single year occurrence on the CSS. You can also configure the number of minutes to offset the time. See the following sections to configure DST on the CSS:
•
•
To view the DST configuration or whether DST is disabled on the CSS, use the show clock command. For more information, see the "Showing the Date and Time" section.
Note
Configuring DST to Occur Every Year
To configure DST to occur every year on the CSS, use the recurring option with the clock summer-time command. When you use the recurring keyword without any other options, the CSS uses the United States (US) standard for DST with a 60 minute offset. US DST starts at 2 a.m. on the first Sunday of April and reverts to standard time at 2 a.m. on the last Sunday of October. The syntax is:
clock summer-time name recurring
The name variable is a three-character name for the time zone that appears when you use the show clock command during DST (for example, EDT, CDT, PDT).
For example to configure a zone named EDT to signify eastern daylight time using the default US standard DST every year, enter:
# clock summer-time EDT recurringWhen you display this configuration using the show clock command, the Summer Time field displays 1 Sunday April 2:00 last Sunday October 2:00 60.
If you want to configure the CSS DST to occur every year on a different date or time other than that of the US standard, you must enter the start and stop dates and time for DST in the following syntax:
clock summer-time zone recurring start_week start_day start_month hh:mm end_week end_day end_month hh:mm {offset}
The options are:
•
•
•
•
•
•
•
•
•
For example, to configure DST in time zone EDT to start on the first Sunday in June at 2 a.m. and end on the last Sunday in October at 2 a.m., enter:
# clock summer-time EDT recurring 1 Sunday June 02:00 last Sunday October 02:00Configuring DST for Only One Year
To configure DST to occur for only one year on the CSS, use the date keyword with the clock summer-time command in the following syntax:
clock summer-time zone date dateStart monthStart yearStart hh:mm dateEnd monthEnd yearEnd hh:mm {offset}
•
•
•
•
•
•
•
•
•
For example, to configure DST in zone PDT to start on October 2, 2005 at 2 a.m. and end on May 2, 2006 at 2 a.m., enter:
# clock summer-time PDT date 2 October 2005 02:00 2 May 2006 02:00Disabling DST on the CSS
To disable DST on the CSS, the default behavior, use the no clock summer-time command. For example, enter:
# no clock summer-timeShowing the Date and Time
Use the show clock command to display the current date and time. For example:
# show clockTable 2-2 describes the fields in the show clock command output.
Synchronizing the CSS with an SNTP Server
The Simple Network Time Protocol (SNTP) enables you to synchronize the computer system clocks on the Internet to that of a designated SNTP server. SNTP is a simplified, client-only version of the Network Time Protocol (NTP) that enables the CSS time-of-day to be synchronized with any SNTP server. Use the sntp command to configure SNTP on the CSS.
Accurate time-of-day is provided by synchronizing to the UTC time, which provides time within 100 milliseconds of the accurate time. You can configure information about the local time zone so the time appears correctly relative to the local time zone. You can configure two SNTP servers (primary and secondary) in case one server is unavailable. The CSS can receive the time from both servers but uses only the time of the primary server. If the primary server is unavailable, the CSS uses the time of the secondary server.
Note
Before you synchronize the CSS with an SNTP server, make sure you configure the proper time zone for the CSS (for example, to EST). Also make sure the time difference between the CSS internal clock and the SNTP server clock is less than 24 hours. Otherwise, the CSS will not synchronize its clock with the SNTP server. To configure the time on the CSS, see the "Configuring the Date, Time, and Time Zone" section for details.
For detailed information on configuring the SNTP server, consult the documentation provided with the server.
This section includes the following topics:
•
•
•
Configuring a Primary or Secondary SNTP Server
The CSS can receive the time from an SNTP server. You can configure up to two SNTP servers on the CSS. The primary server is the main server from which the CSS receives the time. You can configure an additional server, a secondary server, that acts as a backup server if the primary SNTP server is unavailable.
For the CSS to receive the time from an SNTP server, you must configure the IP address for the server through the sntp command. You can configure a primary, or secondary server, or both. You can also configure the version of SNTP that the server is using. The syntax for this command is:
sntp primary-server | secondary-server ip_address {version number}
The keywords, options, and variables are:
•
•
•
•
For example., to configure a primary SNTP server running version 3, enter:
(config)# sntp primary-server 192.168.19.21 version 3To remove a primary SNTP server, enter:
(config)# no sntp primary-serverTo configure a secondary SNTP server running version 3, enter:
(config)# sntp secondary-server 192.168.19.22 version 3To remove a secondary SNTP server, enter:
(config)# no sntp secondary-serverConfiguring the Poll Interval for the SNTP Server
Continuous polling is critical for the CSS to obtain time from the SNTP server and ensure the local time matches the "real time" of the server. The poll interval is the time in seconds between successive SNTP request messages to the server. By default, this interval is 64 seconds. To configure the poll interval for SNTP request message, use the following command:
sntp [primary-server-poll-interval | secondary-server-poll-interval] seconds
The keywords and variable are:
•
•
•
For example, to specify a poll-interval of 90 seconds for the primary SNTP server, enter:
(config)# sntp primary-server-poll-interval 90To reset the poll-interval for the primary SNTP server to the default setting of 64 seconds, enter:
(config)# no sntp primary-server-poll-intervalShowing SNTP Configuration Information
To display the SNTP configuration information on the CSS, enter the show sntp global command. For example:
(config)# show sntp globalTable 2-3 describes the fields in the show sntp global command output.
Configuring a Host Name
The Host table is the static mapping of mnemonic host names to IP addresses, which is analogous to the ARP table. Use the host command to manage entries in the Host table of the CSS.
The syntax for this global configuration mode command is:
host host_name ip_address
The variables are as follows:
•
•
To add a host to the Host table, the host name must not exist in the Host table. To change a current host address, remove the host name and then add it again to the Host table with the new address.
For example:
(config)# host CSS11501-LML 192.168.3.6To remove the existing host from the Host table, enter:
(config)# no host CSS11501-LMLTo display a list of host names, enter:
(config)# show running-config globalWhere to Go Next
Chapter 3, Configuring the Domain Name Service, provides information to configure the Domain Name Service (DNS), the facility that translates host names such as myhost.mydomain.com to IP addresses.
