|
•
|
/flash - A CompactFlash card, located on the circuit board of the SMC, is the default storage media for the operating system software image, CLI configuration, and crash log files used by the system.
|
|
•
|
/pcmcia1 - This device is available when an ATA Type I or Type II PCMCIA card is inserted into PC-Card Slot on the front panel of the SMC.
|
|
•
|
/hd-raid - This is the hard drive installed on the SMC. Disk names “hd-local1” and “hd-remote1” are used on ASR 5000s. An XFS-formatted RAID disk is mounted on “/mnt/hd-raid”. Users can gain access to part of it from either “/hd-raid” or “/mnt/user/hd-raid”.
|
Important: For this release, local filesystem access is via the master SMC only.|
•
|
Operating System Software Image File: This binary file type is identified by its .bin extension. The file is the operating system that is loaded by the system upon startup or reloading. This is an executable, read-only file that cannot be modified by end users.
|
|
•
|
CLI Configuration File: This file type is identified by its .cfg extension. These are text files that contain CLI commands that work in conjunction with the operating system software image. These files determine services to be provided, hardware and software configurations, and other functions performed by the system. The files are typically created by the end user. You can modify the files both on and off-line and use descriptive long filenames.
|
|
•
|
System File: Only one file identified by a .sys extension is used by the system. The boot.sys file contains system-specific information, which describes how the system locates, and in what priority it loads, file groups (paired .bin and .cfg files) from its boot stack.
|
|
•
|
Abridged Crash Log: The abridged crash log, identified by its crashlog filename, contains summary information about software or hardware failures that occur on the system. This file is located in the /flash/crsh2/ directory on the device. You can view the contents of this file through the CLI, but you cannot modify the file.
|
|
•
|
Abridged Crash Log: The abridged crash log, identified by its crashlog filename, contains summary information about software or hardware failures that occur on the system. This file is located in the /flash/crsh2/ directory on the device. You can view the contents of this file through the CLI, but you cannot modify the file.
|
|
•
|
bootmode: This setting is typically configured to normal, and identifies how the system starts.
|
|
•
|
network interface configuration: Use these optional boot method settings when you configure the system to obtain its operating system image from an external network server that is using one of the management LAN interfaces on the SPIO card.
|
|
•
|
terminal-speed configuration: This parameter identifies the data transfer rate at which a serial interface communicates on the console port. The default setting for this parameter is 115200 bps (115.2 Kbps). You can change this and other settings with RS-232 Port Configuration Mode commands.
|
|
•
|
boot stack information: The boot stack is made up of prioritized file group entries that designate the operating system image file and the CLI configuration file to load.
|
There is no CLI configuration file contained on the local file system. This causes the system to automatically start its CLI-based Quick Setup Wizard upon the first successful boot. Refer to the Getting Started chapter for more information on using the Quick Setup Wizard.
Important: Crash log files are not synchronized when these commands are executed.Use the mkdir command to create a new directory on the specific local device. This directory can then be incorporated as part of the path name for any file located in the local file system.
Use the rename command to change the name of a file from its original name to a different name. Remember to use the same file extension, if applicable, to ensure that the file type remains unchanged.
rename { /flash | /pcmcia1 | /hd-raid } /src_filename { /flash | /pcmcia1 | /hd-raid } /dst_filename [-noconfirm]
rename command options
Use the following command to rename a file named iot_test.cfg to iot_accept.cfg on the /flash local device.
Important: Use the rename command only within the same local device. You cannot rename a file and place it onto another local device at the same time. To move a renamed file, you must use the copy command.[local]host_name#
|
Specifies the path name from which the configuration file is to be copied and the one to which it will be written. url may refer to a local or a remote file. url must be entered using one of the following formats:
/flash corresponds to the CompactFlash on the SMC.
/pcmcia1 corresponds to PCMCIA slot 1.
/hd-raid corresponds to the RAID hard disk drive array on the SMC.
ipaddress is the IP address of the network server.
host_name is the network server’s hostname.
port# is the network server’s logical port number. Defaults are:
Note: host_name can only be used if the networkconfig parameter is configured for DHCP and the DHCP server returns a valid nameserv er.dx
username is the username required to gain access to the server if necessary.
password is the password for the specified username if required.
/directory specifies the directory where the file is located if one exists.
/file_name specifies the name of the configuration file to be saved.
|
|||||||||
|
Optional: Indicates that no confirmation is to be given prior to saving the configuration information to the specified filename (if one was specified) or to the currently active configuration file (if none was specified).
|
|||||||||
To copy a configuration file called system.cfg from a directory that was called cfgfiles to a directory named configs_old on the CompactFlash in the SMC, enter the following command:
To copy a configuration file called simple_ip.cfg from a directory called host_name_configs to an FTP server with an IP address of 192.168.34.156, on which you have an account with a username of administrator and a password of secure, use the following command:
To copy a configuration file called init_config.cfg to the root directory of a TFTP server with a hostname of config_server, enter the following command:
The delete command removes a designated file from its specified location on the local file system. This command can only be issued to a local device on the SPC/SMC. Note that this command does not allow for wildcard entries; each filename must be specified in its entirety.
Caution: Do not delete the boot.sys file. If deleted, the system will not reboot on command and will be rendered inoperable.delete command variables
The rmdir command deletes a current directory on the specific local device. This directory can then be incorporated as part of the path name for any file located in the local file system.
Important: The directory you want to remove (delete) must be empty before executing the rmdir command. If the directory is not empty, the CLI displays a “Directory not empty” message and will not execute.rmdir command options
|
Specifies the path name of the local device. The url variable must be formatted as follows:
|
|||||
The format command performs a low-level format of a local device. This operation formats the device to use the FAT16 formatting method, which is required for proper read/write functionality with the operating system.
Important: Local devices that have been formatted using other methods such as NTFS or FAT32 may be used to store various operating system, CLI configuration, and crash log files. However, when placing a new local device into the SMC for regular use, you should format the device via the system prior to use. This ensures that the FAT16 file allocation table format is used, preventing any possible discrepancies between other formats used with other operating systems.
Caution: The format command removes all files and information stored on the device.
Caution: If a configuration file is applied to a system currently running another CLI configuration, any like contexts, services, logical interfaces, physical ports, IP address pools, or other configured items will be overwritten if the same command exists in the configuration file being applied. Take caution to ensure that you are knowledgeable of the contents of the file being applied and understand what the service ramifications are if a currently running command is overwritten. Also note that changes will not be saved automatically.|
Specifies the location of the CLI configuration file to be applied. The url may refer to a local or a remote file. The URL must be formatted according to one of the following formats:
Where username is the user to be authenticated as, password is the password to use for authentication, host is the IP address using the standard IPv4 or the logical host name, and path is the directory structure to the file. filename is the name of the CLI configuration file or script that you wish to apply. The use of long filenames is supported.
|
|||||||||||||
The following command applies a pre-existing CLI configuration file named clearcmds.cfg in the /flash directory.
Where: url is the path name for the location of the file and filename is the name of the file, including any extension.
Important: Operator and inspector-level users can execute the show file command but cannot execute the directory command.|
•
|
|
•
|
Boot stack information is contained in the boot.sys file, explained earlier in the Understanding the boot.sys File section of this chapter. In addition to boot stack entries, the boot.sys file contains any configuration commands required to define the system boot method as explained in the section that follows.
The local-boot method uses software image and configuration files stored locally on the system. Upon system startup or reboot, the system looks on one of its local devices or /hd-raid located on the active SMC for the specific software image and accompanying configuration text file. When using the local-booting method, you only need to configure boot stack parameters.
Important: Operator and inspector-level users can execute the show boot command.
Important: Before performing this procedure, verify that there are less than 10 entries in the boot.sys file and that a higher priority entry is available (i.e. that minimally there is no priority 1 entry in the boot stack). Refer to Viewing the Current Boot Stack for more information.If priority 1 is in use, then you must renumber the existing entry(ies) to ensure that at least that priority is available. The maximum number of boot stack entries that can be contained in the boot.sys file is 10. If there are already 10 entries in the boot stack, you must delete at least one of these entries (typically, the lowest priority) and, if necessary, renumber some or all of the other entries before proceeding. Refer to Deleting a Boot Stack Entry for more information.
This procedure details how to add new boot stack entries to the boot.sys file. Make sure you are at the Exec mode prompt and enter the following commands:
boot system priority command options
|
|||||
|
Where path is the directory structure to the file, and file_name is the name of the configuration file to load. This file typically has a .cfg extension.
|
The following command creates a new boot stack entry, using a boot priority of 3, an image file named os_20000.XXX.bin, and a configuration file named general.cfg.
Important: Boot stack changes saved to the boot.sys file are not executed until the system is rebooted.Where number specifies the boot priority used for the boot stack entry. This command removes that specific entry from the boot stack, causing the boot.sys file to be overwritten.
Important: Booting a dual-SMC chassis with SPIO port redundancy enabled requires that both SMCs have CFE1.1.0 or greater in flash. If CFE1.1.0 or greater is not present on both cards, the standby SMC may not be able to boot from the network in certain circumstances.[local]host_name#
[local]host_name(config)#
|
Step 2
|
|
local-eth1 corresponds to the port 1 interface on the SPIO.
local-eth2 interface that corresponds to the port 2 interface on the SPIO.
|
|
|
auto implements auto-negotiation to determine the highest possible speed and duplex mode.
speed specifies the rate to use as either 10 Mbps (10), 100 Mbps (100), or 1000 Mbps (1000). This command keyword must be following by the speed of the Ethernet connection, entered as an integer.
NOTE: If the speed is manually configured, you must also configure the duplex mode. In addition, you must ensure that the network server configuration supports the speed and duplex configuration.
|
|
|
If the medium speed is manually configured, you must also configure the duplex mode through this parameter. Either full or half duplex mode can be implemented.
NOTE: Ethernet networking rules dictate that if a device’s interface is configured for auto-negotiation is communicating with a device that is manually configured to support full duplex, the first device will negotiate to the manually configured speed of the second device, but will only communicate in half duplex mode.
|
|
|
Select either rj45 for copper Ethernet, or the small form factor pluggable sfp optical gigabit Ethernet media type.
|
|
Step 3
|
Save the configuration as described in the Verifying and Saving Your Configuration chapter.
|
[local]host_name#
[local]host_name(config)#
|
Step 2
|
boot networkconfig { dhcp | { { dhcp-static-fallback | static } ip address spio24 ip_address24 [ spio25 ip_address25 ] netmask subnet_mask [ gateway gw_ip_address ] } }
|
NOTE: If this option is selected, you will not have to configure IP address information for the SPIO interface, defined usLing the boot interface command, or any needed gateway.
|
|
|
Specifies the use of the DHCP to automatically assign an IP address to the SPIO interface, defined using the boot interface command, at startup. However, this option allows the configuration of a fallback static IP address that can be used when the DHCP server is unreachable.
|
|
|
Specifies that a static IP address will be configured for the SPIO interface, defined using the boot interface command.
|
|
|
If either the dhcp-static-fallback or static options were used as the method by which the SPIO interface obtains an IP address, then these keywords specify the static address.
|
|
|
spio24 ip_address24
|
Specifies the IP address to use for the SPIO interface in slot 24. Enter the ip_address24 variable as an IP address in IPv4 dotted-decimal notation.
|
|
spio25 ip_address25
|
Specifies the IP address to use for the SPIO interface in slot 25. Enter the ip_address25 variable as an IP address in IPv4 dotted-decimal notation. If used, both interfaces will appear in the boot.sys file.
|
|
If either dhcp-static-fallback or static options were chosen as the method by which the interface will receive an IP address, then this optional parameter specifies the IP address in IPv4 dotted-decimal notation for the next-hop gateway (router, bridge, etc.) to use, if needed.
|
|
Step 3
|
Save the configuration as described in the Verifying and Saving Your Configuration chapter.
|
boot delay time
Where time is an integer from 1 to 300 seconds before attempting to contact the external network server. If your network uses STP, a typical delay time of 30 seconds should suffice.
Important: Save your configuration as described in the Verifying and Saving Your Configuration chapter.boot nameserver ip_address
Where ip_address is the IP address of the DNS server entered in IPv4 dotted-decimal notation.
Important: Save the configuration as described in the Verifying and Saving Your Configuration chapter.The operating system software is delivered as a single binary file (.bin file extension) and is loaded as a single instance for the entire system. Each software image can be identified by its release version and its corresponding build number. The software version information can be viewed from the CLI in the Exec mode by entering the show version command.
Important: Configuration files created and saved in StarOS release 12.2 and higher cannot be shared across multiple chassis due to a change in the encryption algorithm for passwords and secrets. These release 12.2 + changes modify encrypted data in the configuration file so that it cannot be recognized by software builds prior to 12.2. If it is necessary to revert to a previous build, the chassis must be booted with the copy of the original configuration file. If this copy is not available, then the chassis must be loaded as if it is a new chassis. If a software upgrade to release 12.2+ fails, you may need to downgrade to a previous software release, such as 12.0. Since the encryption algorithm for passwords and secrets is difference from 12.0 to 12.2+, you must save the 12.0 configuration file using the obsolete-encrpytion keyword to preserve passwords and secrets that used the earlier algorithm.
Important: You must save the configuration prior to upgrading to release 12.2+.|
•
|
Save the pre-12.2 configuration using the obsolete-encryption keyword in conjunction with the Exec mode save configuration command as shown in the example.
|
Important: This method is not supported for the SGSN or for PDIF. Refer to the appropriate Administration Guide for upgrade information.
Caution: To minimize the risk of service outages, the on-line software upgrade should be performed during a planned maintenance window.
Important: This is the only stage in which the abort upgrade command may be used. Once Stage 2 is entered, the on-line software upgrade should not be cancelled unless an emergency exists. After Stage 1, the only way that an on-line software upgrade can be terminated is to issue the reload command. This causes a system restart that could leave the system in an abnormal state, requiring manual intervention. Issuing the reload command should be avoided, and only used as a last resort.
Important: Once Stage 2 has begun, no CLI configuration mode commands, except end and exit (if this stage is entered while a management user is in a configuration mode) will be accepted by the system. Only non-configuration commands within the Exec mode, such as show commands may be executed. You can monitor the progress of the on-line software upgrade by entering the show upgrade command.
Important: The system will only migrate as many active packet processing cards as there are standby cards. If this is not a 1:1 correlation, the system will repeat this procedure of migrating - updating - migrating back until all normally active packet processing cards have been upgraded.Optional for PDSN: If you want to use the IP Pool Sharing Protocol during your upgrade, refer to the Configuring IPSP Before the Software Upgrade section of the IP Pool Sharing Protocol appendix in this administration guide.
[local]host_name#
|
Step 3
|
|
Step 4
|
Using either an FTP client or the copy command, transfer the new operating system software image file to the location (network server or local device from where it will be loaded by the system.
|
For information on how to use the copy command, please reference the Copying Files and Directories section.
Caution: When transferring an operating system software image file via file transfer protocol (FTP), the FTP client must be configured to transfer the file using binary mode. Failure to use binary transfer mode will render the transferred operating system image file unusable.The following command example creates a backup copy of a file called general.cfg located on the /flash device to a file called general_3652.cfg:
[local]host_name(config)#
context context_name
{ pdsn-service | ha-service } service_name
policy { overload { redirect address [ weight <weight_num ] [ address2 [ weight weight_num ]...address16 [ weight weight_num ] ] | reject [use-reject-code insufficient-resources] } | service-option enforce }
|
redirect <ip_address>
|
address: The IP address of an alternate PDSN expressed in IP v4. Up to 16 IP addresses can be specified either in one command or by issuing the redirect command multiple times. If you try to add more than 16 IP addresses to the redirect policy the CLI issues an error message. If you specify an IP address and weight that already exists in the redirect policy the new values override the existing values.
|
|
weight_num must be an integer from 1 through 10.
|
|
|
Optional: This keyword may be used in conjunction with a reject overload policy for either PDSN or HA services. The result of this command is that a result code (82H) indicating “Registration Denied - Insufficient Resources” is returned to the requestor.
|
|
|
Step d
|
Repeat step c to configure the overload policy for another configured service.
|
[local]host_name#
Caution: Once the software upgrade process has started, any failure that results in the reboot of the system prior to the upgrading of both SMCs may result in unexpected behavior by the system that requires manual intervention to correct.|
Step 10
|
Save your configuration as described in Verifying and Saving Your Configuration.
|
|
Specifies the location of the operating system software image file to be applied. The url may refer to a local or a remote device. The URL must be formatted as follows:
Where host is an IP address or a logical host name, path is the directory structure to the file, and filename is the name of the operating system software image file. This file typically has a .bin extension.
|
|||||
|
Where path is the directory structure to the file, and file_name is the name of the configuration file to load. This file typically has a .cfg extension.
|
|||||
|
Disables the “Are you sure? [Yes | No]” confirmation prompt asked before executing the command.
|
|
Step 12
|
Optional: To view the status of an on-line software process, enter the following command from the Exec mode prompt:
|
Important: The abort upgrade command can only be used during Stage 1 (busy-out) of an on-line software upgrade.If for some reason you need to restore the system to the software image that was running before the online upgrade process, perform the On-Line Software Upgrade again and specify the locations of the original software image and configuration files.
[local]host_name#
[local]host_name#
For information on using the copy command, please see the Copying Files and Directories section.
Caution: Whenever transferring a operating system software image file using the file transfer protocol (FTP), the FTP client must be configured to transfer the file using binary mode. Failure to use binary transfer mode will make the transferred operating system image file unusable.The following command example creates a backup copy of a file called general.cfg located on the /flash device to a file called general_3652.cfg:
Important: The maximum number of boot stack entries that can be contained in the boot.sys file is 10. If there are already 10 entries in the boot stack, then you must delete at least one of these entries before proceeding. Refer to Configuring the Boot Stack for more information.For information on using the boot system priority command, refer to the Adding a New Boot Stack Entry section.
Assign the next highest priority to this entry, by using the <N-1> method, wherein you assign a priority number that is one number less than your current highest priority.For information on using the boot system priority command, please see the Adding a New Boot Stack Entry section.
|
NOTE: Only filesystems on matching local devices will be synchronized. For example, if the active SMC contains two local devices (/flash and /pcmcia1) and the standby SMC contains only one local device (/flash), then synchronization would only occur on the matching local device.
|
|
|
Step 7
|
Configure a newcall policy from the Exec mode as per your service requirements. Newcall policies are created on a per-service basis and can be routed to another service running on the same device if no external device running services is available.
|
newcall policy cscf-service { all | name service_name } { redirect target_ip_address [ weight weight_num ] [ target_ipaddress2 [ weight weight_num ] ... target_ip_address16 [ weight weight_num ] | reject }
newcall policy { ha-service | pdsn-service} { all | name service_name } { redirect target_ip_address [ weight weight_num ] [ target_ipaddress2 [ weight weight_num ] ... target_ip_address16 [ weight weight_num ] |reject}
|
service_name is the name of a service that was previously configured. It can consist of up to 63 alphanumeric characters and is case sensitive.
apn_name is the name of a previously configured APN expressed as an alphanumeric string of 1 through 63 characters that is case sensitive.
|
|
|
address: The IP address of an alternate destination expressed in IPv4 dotted-decimal format. Up to 16 IP addresses can be specified either in one command or by issuing the redirect command multiple times. If you try to add more than 16 IP addresses to the redirect policy the CLI issues an error message. If you specify an IP address and weight that already exists in the redirect policy the new values override the existing values
|
|
|
weight weight_num
|
weight_num must be an integer from 1 through 10.
|
|
Step 8
|
Optional: Configure a newcall policy for each additional service type.
|
|
Step 9
|
Optional: Configure a “Message of the Day” banner informing other management users that the system will be rebooted by entering the following command from the Global Configuration mode prompt.
|
banner motd “banner_text”
banner_text is the message that you would like to be displayed and can be up to 2048 alphanumeric characters. Note that banner_text must begin with and end in quotation marks (“ “). For more information in entering CLI banner information, see the CLI Reference. The banner is displayed when an administrative user logs onto the CLI.
Important: After the system reboots, establish a CLI session and enter the show version command to verify that the active software version is correct.|
Step 11
|
Optional for PDSN: If you are using the IP Pool Sharing Protocol during your upgrade, refer to the Configuring IPSP Before the Software Upgrade section of the IP Pool Sharing Protocol appendix in this administration guide.
|
Important: With no license key installed, the session use licenses for PDSN, HA, GGSN, and L2TP LNS are limited to 10,000 sessions.license is the license key string. The license can be an alphanumeric string of 1 through 1023 characters that is case sensitive. Copy the license key as shown in the example below, including the “\ (double-quote slash). Please note: this is not a functional license.
The new license key should be displayed. If it is not, return to the Global configuration mode and re-enter the key using the license key command.
|
Step 3
|
|
Step 4
|
Save your configuration as described in Verifying and Saving Your Configuration.
|
Caution: Failure to save the new license key configuration in the current CLI configuration file will result in the loss of any of the new features enabled by the license key once the system is reloaded.
Important: License key information is maintained as part of the CLI configuration. Each time a key is installed or updated, you must re-save the configuration file.
Important: Paste the license key information at the beginning of the configuration file to ensure the system has the expected capacity and features before it configures contexts.|
Step 4
|
Save your configuration as described in Verifying and Saving Your Configuration.
|
Comment <Host Name>
Issued By <Vendor Name>
show card information slot#
Where slot# is either 8 or 9, depending on the chassis card slot where the SMC is installed.
Comment <Host Name>
Issued By <Vendor Name>
Important: Failure to provide license key redundancy can result in the loss of session capacity and enhanced features should a failover or manual switchover occur.Instructions for the removal and installation of the CompactFlash on SMCs can be found in the ASR 5000 Installation Guide.
|
•
|
Complexity: Password complexity can be forced to be compliant with ANSI T1.276-2003.
|
|
•
|
History length: How many previous password versions should be tracked by the system.
|
|
•
|
Maximum age: How long a user can use the same password.
|
|
•
|
Minimum number of characters to change: How many characters must be changed in the password during a reset.
|
|
•
|
Minimum change interval: How often a user can change their password.
|
|
•
|
Minimum length: The minimum number of characters a valid password must contain.
|
Refer to the local-user password command in the Global Configuration Mode chapter of the Command Line Interface Reference for details on each of the above parameters.
|
•
|
Login failures: The configured maximum login failure threshold has been reached. Refer to the local-user max-failed-logins command in the Global Configuration Mode chapter of the Command Line Interface Reference for details
|
|
•
|
Password Aging: The configured maximum password age has been reached. Refer to the local-user password command in the Global Configuration Mode chapter of the Command Line Interface Reference for details.
|
Accounts that are locked out are inaccessible to the user until either the configured lockout time is reached (refer to the local-user lockout-time command in the Global Configuration Mode chapter of the Command Line Interface Reference) or a security administrator clears the lockout (refer to the clear local-user command in the Exec Mode chapter of the Command Line Interface Reference).
Important: Local-user administrative user accounts could be configured to enforce or reject lockouts. Refer to the local-user username command in the Global Configuration Mode chapter of the Command Line Interface Reference for details.Local-user administrative users can change their passwords using the password change command in the Exec mode. Users are prompted to enter their current and new passwords.
name is the name of the local-user account for which the password is to be changed. When a security administrator resets a local-user’s password, the system prompts the user to change their password the next time they login.
