This chapter describes how to initially configure basic settings on the Cisco Application Control Engine (ACE) module in the Catalyst 6500 series switches. It contains the following major sections:
•Prerequisites for Setting Up the ACE
•Displaying the ACE Setup Configuration
For details on assigning VLANs to the ACE, configuring VLAN interfaces on the ACE, and configuring a default or static route on the ACE, see the Cisco Application Control Engine Module Routing and Bridging Configuration Guide.
Setting up the ACE has the following requirements:
•Terminal—The terminal that you use to communicate with the ACE must contain a terminal communications application, such as HyperTerminal for Windows, and be configured as follows:
–Asynchronous transmission
–9600 baud
–8 data bits
–1 stop bit
–No parity
•Cable—The cable that connects the terminal to the ACE must meet the following requirements:
–Serial cable with an RJ-45 connector
–Cable type—Rollover serial cable to connect the ACE to a DTE device
For instructions on connecting a console cable to your ACE, see the Cisco Application Control Engine Module Hardware Installation Guide.
Table 1-1 lists the default settings for the ACE setup parameters.
This section describes the tasks associated with setting up the ACE and includes the following topics:
•Establishing a Console Connection on the ACE
•Sessioning and Logging In to the ACE
•Changing or Resetting the Administrative Password
•Configuring an ACE Inactivity Timeout
•Configuring a Message-of-the-Day Banner
•Configuring the Date and Time
•Configuring Terminal Settings
•Modifying the Boot Configuration
This section describes how to establish a direct serial connection between your terminal and the ACE by making a serial connection to the console port on the front of the ACE. The console port is an asynchronous RS-232 serial port with an RJ-45 connector.
This setup procedure requires a properly configured terminal and cable as described in the "Prerequisites for Setting Up the ACE" section.
Only the Admin context is accessible through the console port; all other contexts can be reached through Telnet or SSH sessions.
Follow these steps to access the ACE using a direct serial connection:
Step 1 Connect the serial cable between the ACE and the terminal and then use any terminal communications application to access the ACE CLI. This procedure uses HyperTerminal for Windows.
Step 2 Launch HyperTerminal. The Connection Description window appears.
Step 3 Enter a name for your session in the Name field.
Step 4 Click OK. The Connect To window appears.
Step 5 From the drop-down list, choose the COM port to which the device is connected.
Step 6 Click OK. The Port Properties window appears.
Step 7 Set the following port properties:
•Baud Rate = 9600
•Data Bits = 8
•Flow Control = none
•Parity = none
•Stop Bits = 1
Step 8 Click OK to connect.
Step 9 Press Enter to access the CLI prompt.
switch login:
When the login prompt displays, proceed with the following tasks:
•Once a session is created, choose Save As from the File menu to save the connection description. Saving the connection description has the following two advantages:
–The next time that you launch HyperTerminal, the session is listed as an option under Start > Programs > Accessories > HyperTerminal > Name_of_session. This option lets you reach the CLI prompt directly without going through the configuration steps.
–You can connect your cable to a different device without configuring a new HyperTerminal session. If you use this option, make sure that you connect to the same port on the new device as was configured in the saved HyperTerminal session. Otherwise, a blank screen appears without a prompt.
•See the "Sessioning and Logging In to the ACE" section for details on logging in and entering the configuration mode to configure the ACE.
This section describes how to connect (session) to the ACE as the default user from either the ACE console port or from the Catalyst 6500 series CLI. Once you connect to the ACE as the default user, you can then log in and enter the configuration mode to configure the ACE.
The ACE creates two default user accounts at startup: admin and www. The admin user is the global administrator and cannot be deleted. The ACE uses the www user account for the XML interface.
Later, when you configure interfaces and IP addresses on the ACE itself, you can remotely access the ACE CLI through an ACE interface by using the Catalyst console port or by a Telnet or SSH session. To configure remote access to the ACE CLI, see Chapter 2, Enabling Remote Access to the ACE. For details on configuring interfaces on the ACE, see the Cisco Application Control Engine Module Routing and Bridging Configuration Guide.
You can configure the ACE to provide a higher level of security for users accessing the ACE. For information about configuring user authentication for login access, see the Cisco Application Control Engine Module Security Configuration Guide.
Only the Admin context is accessible through the console port; all other contexts can be reached through a Telnet or SSH remote access session.
Follow these steps to session into the ACE and access configuration mode to perform the initial configuration:
Step 1 Access the ACE through one of the following methods:
•If you choose to access the ACE directly by its console port, attach a terminal to the asynchronous RS-232 serial port on the front of the ACE. Any device connected to this port must be capable of asynchronous transmission. The connection requires a terminal configured as 9600 baud, 8 data bits, 1 stop bit, no parity. See the "Establishing a Console Connection on the ACE" section.
•If you choose to session into ACE, after the ACE successfully boots enter the session command from the Catalyst CLI to Telnet to the ACE:
Cat6k-switch# session slot mod_num processor 0
The mod_num argument identifies the slot number in the Catalyst 6500 series chassis where the ACE is installed.
Note The default escape character sequence is Ctrl-^, and then x. You can also enter exit at the remote prompt to end the session.
Step 2 Log into the ACE by entering the login username and password at the following prompt:
switch login: admin
Password: admin
By default, both the username and password are admin.
The prompt changes to the following:
host1/Admin#
To change the default login username and password, see the "Changing or Resetting the Administrative Password" section for details.
Step 3 To access configuration mode, enter:
host1/Admin# configure
Enter configuration commands, one per line. End with CNTL/Z
The prompt changes to the following:
host1/Admin(config)#
This section describes how to change or reset the administrative password and includes the following topics:
•Changing the Administrative Password
•Resetting the Administrator Account Password
This section describes how to change the administrative password. During the initial login process to the ACE, you enter the default user name admin and the default password admin in lowercase text. You cannot modify or delete the default administrative username; however, for security reasons, you must change the default administrative password. If you do not change the password, then security on your ACE can be compromised because the administrative username and password are configured to be the same for every ACE shipped from Cisco Systems.
The administrative username and password are stored in Flash memory. Each time that you reboot the ACE, it reads the username and password from Flash memory. Global administrative status is assigned to the administrative username by default.
Note For information about changing a user password, see the Cisco Application Control Engine Module Virtualization Configuration Guide.
This section describes how recover the admin password during the initial bootup sequence of the ACE if you forget the password for the ACE administrator account and cannot access the ACE. You must have access to the ACE through the console port to be able to reset the password for the Admin user back to the factory-default value of admin.
Only the Admin context is accessible through the console port.
Follow these steps to reset the password that allows the Admin user access to the ACE:
Step 1 Connect to the console port on the Catalyst 6500 series switch.
Step 2 Session in to the ACE through the console port on the front panel.
Step 3 Reboot the ACE from the Catalyst 6500 series CLI. See the "Restarting the ACE" section for details.
Step 4 During the bootup process, output appears on the console terminal. Press ESC when the "Waiting for 3 seconds to enter setup mode..." message appears on the terminal (see the example below). The setup mode appears. If you miss the time window, wait for the ACE to properly complete booting, reboot the ACE from the Catalyst 6500 series CLI, and try again to access the setup mode by pressing ESC.
IXP polling timeout interval: 120
map_pci_xram_to_uspace[149] :: mapping 4096 bytes from 0x58800000
map_pci_xram_to_uspace[149] :: mapping 4096 bytes from 0x5a800000
................................................
IXP's are up... <Sec 48 :Status of IXP1 7, IXP2 7>
map_pci_xram_to_uspace[149] :: mapping 102400 bytes from 0x4fd68000
map_pci_xram_to_usenabling intb 57 interrupts
pace[149] :: mapping 102400 bytes from 0x57d68000
Starting lcpfw process...
inserting IPCP klm
Warning: loading /itasca/klm/klm_session.klm will taint the kernel: no license
See http://www.tux.org/lkml/#export-tainted for information about tainted modules
Module klm_session.klm loaded, with warnings
inserting cpu_util klm
create dev node as 'mknod /dev/cpu_util c 236 0'
getting cpu_util dev major num
making new cpu_util dev node
Session Agent waiting for packets.
Waiting for 3 seconds to enter setup mode...
Entering setup sequence...
Reset Admin password [y/n] (default: n): y
Resetting admin password to factory default...
XR Serial driver version 1.0 (2004-11-08) with no serial options enabled
ttyXR major device number: 235
Create a dev file with 'mknod /dev/ttyXR c 235 [0-1]'
cux major device number: 234
Create a dev file with 'mknod /dev/cux c 234 [0-1]'
ttyXR0 at 0x10c00000 (irq = 59) is a 16550A
ttyXR1 at 0x10c00008 (irq = 59) is a 16550A
No licenses installed...
Loading.. Please wait...Done!!!
Step 5 The setup mode prompts if you want to reset the admin password. Enter y. The "Resetting admin password to factory default" message appears. The ACE deletes the admin user password configuration from the startup configuration and resets the password back to the factory default value of admin.
The boot process continues as normal and you are able to enter the admin password at the login prompt.
This section describes how to specify a hostname for the ACE or for the peer ACE in a redundant configuration. The hostname is used to identify the ACE and for the command-line prompts. If you establish sessions to multiple devices, the hostname helps you track where you enter commands. By default, the hostname for the ACE is "switch."
Only the Admin context is accessible through the console port.
This section describes how to modify the length of time that can occur before the ACE automatically logs off an inactive user by specifying the length of time that a user session can be idle before the ACE terminates the console, Telnet, or SSH session. By default, the inactivity timeout value is 5 minutes.
The login timeout command setting overrides the terminal session-timeout setting (see the "Configuring Terminal Display Attributes" section).
This section describes how to configure a message in configuration mode to display as the message-of-the-day banner when a user connects to the ACE. Once connected to the ACE, the message-of-the-day banner appears, followed by the login banner and Exec mode prompt.
The following example shows how to span multiple lines and use tokens to configure the banner message:
host1/Admin(config)# banner motd #
Enter TEXT message. End with the character '#'.
================================
Welcome to Admin Context
--------------------------------
Hostname: $(hostname)
Tty Line: $(line)
=================================
#
This section describes how to configure the time zone and daylight saving time of the ACE for display purposes. The ACE time and date are synchronized with the clock from the Catalyst 6500 series supervisor engine. See the Cisco 6500 Series Switch Cisco IOS Software Configuration Guide for details on setting the system clock on the switch.
This section contains the following topics:
•Adjusting for Daylight Saving Time
This section describes how to set the time zone of the ACE. The ACE keeps time internally in Universal Time Coordinated (UTC) offset.
|
|
|
---|---|---|
Step 1 |
config Example: host1/Admin# config host1/Admin(config)# |
Enters global configuration mode. |
Step 2 |
clock timezone {zone_name{+ | -} hours minutes} | {standard timezone} Example: host1/Admin(config)# clock timezone PST -8 0 |
Configures the time zone of the ACE. The keywords, arguments, and options are as follows: • • • • – – – – – – – – – – – – – – – – – – – |
no clock timezone
Example: host1/Admin(config)# no clock timezone |
(Optional) Removes the clock timezone setting. |
|
Step 3 |
do show clock
Example: host1/Admin (config)# do show clock Fri Aug 7 01:38:30 PST 2009 |
(Optional) Displays the current clock settings. |
Step 4 |
do copy running-config startup-config Example: host1/Admin(config)# do copy running-config startup-config |
(Optional) Copies the running configuration to the startup configuration. |
Table 1-1 lists common time zone acronyms that you use when specifying the zone name using the command's zone_name argument.
This section describes how to configure the ACE to change the time automatically to summer time (daylight saving time) by specifying when summer time begins and ends. All times are relative to the local time zone; the start time is relative to standard time and the end time is relative to summer time. If the starting month is after the ending month, the ACE assumes that you are located in the Southern Hemisphere.
|
|
|
---|---|---|
Step 1 |
config Example: host1/Admin# config host1/Admin(config)# |
Enters global configuration mode. |
Step 2 |
clock summer-time {daylight_timezone_name start_week start_day start_month start_time end_week end_day end_month end_time daylight_offset | standard timezone} Example: host1/Admin(config)# clock summer-time Pacific 1 Sun Apr 02:00 5 Sun Oct 02:00 60 |
Configures the ACE to change the time automatically to summer time (daylight saving time). The keywords, arguments, and options are as follows: • • • • • • • – – – – – – |
no clock summer-time Example: host1/Admin(config)# no clock summer-time |
(Optional) Remove the clock summer-time setting. |
|
Step 3 |
do copy running-config startup-config Example: host1/Admin(config)# do copy running-config startup-config |
(Optional) Copies the running configuration to the startup configuration. |
This section describes how to access the ACE CLI by using one of the following methods:
•Make a direct connection by using a dedicated terminal attached to the console port on the front of the ACE.
•Establish a remote connection to the ACE through the Catalyst 6500 series switch using the Secure Shell (SSH) or Telnet protocols.
This section contains the following topics:
•Configuring Terminal Display Attributes
•Configuring Console Line Settings
•Configuring Virtual Terminal Line Settings
For details on configuring remote access to the ACE CLI using SSH or Telnet, see Chapter 2, Enabling Remote Access to the ACE.
This configuration topic includes the following restrictions:
•Only the Admin context is accessible through the console port; all other contexts can be reached through Telnet or SSH.
•The login timeout command setting overrides the terminal session-timeout setting (see the "Configuring an ACE Inactivity Timeout" section).
This section describes how to specify the number of lines and the width for displaying information on a terminal during a console session.
The maximum number of displayed screen lines is 511 columns.
This section describes how to use the ACE console port to directly access the module to perform an initial configuration. The console port, which is a standard RS-232 port with an RJ-45 connector, is an asynchronous serial port; therefore, any device connected to this port must be capable of asynchronous transmission. The connection requires a terminal configured as 9600 baud, 8 data bits, 1 stop bit, no parity.
This section describes how to configure the virtual terminal line settings to enable remote access to the ACE. A virtual terminal line is not associated with the console port; instead, it is a virtual port on the Catalyst 6500 series switch that allows you to access the ACE.
This section describes how to control the way in which the ACE performs its boot process through ROMMON mode. ROMMON is the ROM-resident code that starts executing as soon as you power up or reset the ACE. Two user-configurable parameters determine how theACE boots: the boot field in the configuration register and the BOOT environment variable.
This section describes how to modify the boot configuration of the ACE and contains the following topics:
•Setting the Boot Method from the Configuration Register
•Setting the BOOT Environment Variable
This section describes how to modify the boot method that the ACE uses at the next startup by setting the boot field in the software configuration register. The configuration register identifies how the ACE should boot and where the system image is stored. You can modify the boot field to force the ACE to boot a particular system image at startup instead of using the default system image.
The ROMMON code executes upon power up, reset, or when a fatal exception occurs. The ACE enters ROMMON mode if it does not find a valid system image, if the Flash memory configuration is corrupted, or if the configuration register is set to enter ROMMON mode.
Note You can manually enter ROMMON mode by restarting the ACE and then pressing the Break key during the first 60 seconds of startup. If you are connected to the ACE through a terminal server, you can escape to the Telnet prompt and then enter the send break command to enter the ROMMON mode.
The config-register command used to change the configuration register settings affects only the configuration register bits that control the boot field and leaves the remaining bits unaltered.
|
|
|
---|---|---|
Step 1 |
config Example: host1/Admin# config host1/Admin(config)# |
Enters global configuration mode. |
Step 2 |
config-register value
Example: host1/Admin(config)# config-register 1 |
The value argument represents the configuration register value that you want to use the next time that you restart the ACE. The supported value entries are as follows: • • See the "Restarting the ACE" section for details on booting the ACE from the rommon prompt. • |
no config-register 1 Example: host1/Admin(config)# no config-register 1 |
(Optional) Resets the config-register setting. |
|
Step 3 |
do copy running-config startup-config Example: host1/Admin(config)# do copy running-config startup-config |
Copies the running configuration to the startup configuration. |
This section describes how to add several images to the BOOT environment variable to provide a fail-safe boot configuration. The BOOT environment variable specifies a list of image files on various devices from which the ACE can boot at startup. If the first file fails to boot the ACE, subsequent images that are specified in the BOOT environment variable are tried until the ACE boots or there are no additional images to attempt to boot. If there is no valid image to boot, the ACE enters ROMMON mode where you can manually specify an image to boot.
The ACE stores and executes images in the order in which you added them to the BOOT environment variable. If you want to change the order in which images are tried at startup, you can either prepend and clear images from the BOOT environment variable to attain the desired order or you can clear the entire BOOT environment variable and then redefine the list in the desired order.
This section describes how to reload the ACE directly from its CLI or reboot it by using the Catalyst 6500 series CLI. You may need to reboot the ACE from the Catalyst CLI if you cannot reach the ACE through its CLI or by using an external Telnet session.
This section contains the following topics:
•Restarting the ACE from the CLI
•Restarting the ACE from the Catalyst CLI
•Using ROMMON to Specify the System Boot Image During a Restart
This section describes how to reboot the ACE directly from its CLI and reload the configuration. When you reboot the ACE, it performs a full power cycle of both the hardware and software. Any open connections with the ACE are dropped. The reset process can take several minutes.
|
|
|
---|---|---|
Step 1 |
copy running-config startup-config Example: host1/Admin# copy running-config startup-config |
(Optional) Copies the running configuration to the startup configuration. |
Step 2 |
reload Example: host1/Admin# reload This command will reboot the system Save configurations for all the contexts. Save? [yes/no]: [yes] |
Reboots the ACE and reloads the configuration. When you specify reload, the ACE prompts you for confirmation and performs a cold restart of the ACE. During the reload process, the ACE performs one of the following actions: • • |
This section describes how to restart the ACE from the Catalyst 6500 series CLI.
|
|
|
---|---|---|
Step 1 |
copy running-config startup-config Example: host1/Admin# copy running-config startup-config |
(Optional) Copies the running configuration to the startup configuration. Enter this command from the ACE CLI. |
Step 2 |
hw-module module mod_num reset Example: Cat6k-switch# hw-module module 3 reset Proceed with reload of module?[confirm] % reset issued for module 3 |
Restarts the ACE from the Catalyst 6500. Enter this command from the Catalyst 6500 CLI. The arguments and keywords are as follows: • • During the restart process, the ACE performs one of the following actions: • • |
This section describes how to specify a value of 0 for the config-register command (see the "Setting the Boot Method from the Configuration Register" section) to force the ACE to enter the ROMMON mode upon a reload or power cycle of the ACE. The ACE remains in ROMMON mode until you identify the location of an image file to boot.
The ACE supports two methods of booting the module from the rommon prompt:
•To manually change the configuration register setting in ROMMON mode, use the confreg command followed by a value of 0 or 1.
•To change the boot characteristics using onscreen prompts, use the confreg command without a value.
To instruct the ACE to manually boot from a particular system image, use the confreg command and specify a configuration register value of 1. Identify the name of the system image file that the ACE uses to boot.
A confreg value of 0 instructs the ACE to boot to the rommon prompt.
For example, to use the confreg command at the rommon prompt to instruct the ACE to boot from the c6ace-t1k9-mzg.3.0.0_A0_2.48.bin system image, enter:
rommon 11 > confreg 1
rommon 12 > BOOT=disk0:c6ace-t1k9-mzg.A2_2_99_57.bin
rommon 13 > sync
To instruct the ACE to automatically boot from the image specified in the BOOT variable (see the "Setting the BOOT Environment Variable" section), use the confreg command without specifying a configuration register value to launch the Configuration Summary menu-based utility. You can then instruct the ACE to boot from the system image identified in the BOOT environment variable (see the "Setting the BOOT Environment Variable" section).
For example, to use the confreg command to display the onscreen prompts for changing the boot characteristics of the ACE, enter:
rommon 11 > confreg
Configuration Summary
(Virtual Configuration Register: 0x1)
enabled are:
break/abort has effect
console baud: 9600
boot: the ROM monitor
do you wish to change the configuration? y/n [n]: y
disable "break/abort has effect"? y/n [n]:
enable "ignore system config info"? y/n [n]:
change the boot characteristics? y/n [n]: y
enter to boot:
0 = ROM Monitor
1 = boot file specified in BOOT variable
[1]: 1
For example, to use the confreg command to instruct the ACE to boot from the c6ace-t1k9-mzg.A2_2_99_57.bin system image, enter:
rommon 11 > confreg
Configuration Summary
(Virtual Configuration Register: 0x1)
enabled are:
break/abort has effect
console baud: 9600
boot: the ROM monitor
do you wish to change the configuration? y/n [n]: n
rommon 12 > BOOT=disk0:c6ace-t1k9-mzg.A2_2_99_57.bin
rommon 13 > sync
This section describes how to shut down the ACE from the Catalyst 6500 series CLI. To avoid corrupting the ACE, you must correctly shut down the module before you disconnect the power or remove it from the Catalyst 6500 series chassis.
To display the ACE setup configuration information, use the following show commands from Exec mode:
|
|
---|---|
show banner motd |
Displays the configured banner message (see the "Configuring a Message-of-the-Day Banner" section). |
show bootvar |
Displays the BOOT environment variable settings (see the "Setting the BOOT Environment Variable" section). |
show clock |
Displays the current clock settings (see the "Configuring the Time Zone" section). |
show line console [connected] |
Displays the line console settings (see the "Configuring Console Line Settings" section). |
show login timeout |
Displays the configured login time value (see the "Configuring an ACE Inactivity Timeout" section). |
show terminal |
Displays the console terminal settings (see the "Configuring Terminal Display Attributes" section). |
For detailed information about the fields in the output from these commands, refer to the Cisco Application Control Engine Module Command Reference.