Configuring the switch through command line interface (CLI)

The IP8800/S3640-48T2XW and IP8800/S3640-24T2XW are the two models of NEC switch that support OpenFlow. This page is a how-to/log on configuring the IP8800/S3640-48T2XW NEC switch through the CLI.

References

For people literate in Japanese, a complete set of configuration guides may be found in the ​documents section of the NEC website.

console connection to the switch (6/11)

The switch uses regular RS-232 for the serial connection. The settings for the serial connection are the following:

• speed: 9600
• data bits: 8
• stop bits: 1
• Flow control: none
• Parity: none

Minicom didn't seem to work too well no matter what settings were changed. Kermit was used to connect to the switch because default settings can be used directly and no changes need to be made. After installation (The Debian package is ckermit), use the following commands as root:

 C-Kermit>set line /dev/ttyS0
 C-Kermit>set carrier-watch off
 C-Kermit>connect

Ctrl-\ q ends the kermit session.

If the login prompt doesn't show up, pressing enter a couple of times should do the trick. The default username is operator, and the password, blank.

Making configuration changes through CLI

A lot of it looks like Cisco IOS. Type enable in the prompt to get to privileged mode. The '>' should become a '#'.

> ena
# 

The shorthand of a command can be used. The switch also does command completions when you hit tab. A full list of commands can be seen by typing ? at the prompt. Commands are often used in compound, so a ? can be used at any time to see what options are available:

# show interface ?
  gigabitethernet     The type of a port is specified in
                      10BASE-T/100BASE-TX/1000BASE-T/1000BASE-X line
  tengigabitethernet  The type of a port is specified in 10GBASE-R line

To actually configure the switch, you need to be in configuration mode. Type configure to enter configuration mode:

# configure      
(config)# 

If, at any time, you get confused as to which interface or what you are even configuring, command show will output the name of the interface and the configuration changes made to it so far:

(config-if)# show
interface gigabitethernet 0/27
  switchport mode access
  switchport access vlan 4
!

Telnet access to the switch (6/12)

To telnet to a switch, you need to set up an IP address for the switch. To do this, you need to not only set up a vlan interface to which the IP address belongs, but also permit telnet access.

1. After entering configuration mode, create a vlan. Give it a name if you feel like it. The '!' before the prompt indicates that a change has been made, and you must use the command 'save' before exiting out of config mode to have the configuration changes apply.

   (config)# vlan 4
   !(config-vlan)# name "telnet"
   !(config-vlan)# exit
   !(config)# 
   

2. Assign the port that is to be used for remote access the vlan you just created. the range of ports available save the 10GBe interfaces are 0/1-0/48.

   !(config)# interface gigabitethernet 0/27
   !(config-if)# switchport mode access 
   !(config-if)# swi acc vlan 4         
   !(config-if)# exit
   

3. Assign an IP address and subnet mask to the vlan's interface:

   !(config)# interface vlan 4
   !(config-if)# ip address 192.168.10.1 255.255.255.0
   !(config-if)# exit
   !(config)#
   

　

4. Allow login via telnet. This will limit the number of maximum simultaneous telnet connections to 3. save will allow config changes to survive a reboot, and gets rid of the annoying !'s.

!(config)# line vty 0 2
!(config-line)# exit
!(config)#   
!(config)# save
(config)# exit
# 

The telnet VLAN (4) was later changed to VLAN 1.

switch as DHCP server

The switch can be a DHCP server, so it was made so the laptop that'll be used to test if the telnet configs worked would get an address from the switch. This was later disabled since hosts on this switch would acquire IP addresses from a designated DHCP server. The commands for making the switch a DHCP server is here.

The right way to flash the switch (6/16)

The specific how-to's are on another article, but the general gist is to copy the firmware, license, and configuration files onto a SD card provided by NEC, and cold booting the switch off of it.

VLAN Configuration, based on convention (6/23)

The switch should follow the conventions used in other switches for which port corresponds to which VLAN, where the trunk is, ect. After week 2, the switch was booted back into normal mode (no SD card), and the VLANs statically set according to the following convention for networking SB9:

Usage	ports	VLAN
CM	1-4	3
Control	5-8	27
Data	9-12	28

Static VLAN Configuration

Configuration of the CM VLAN (VLAN 3) is shown here.

1. Create and name VLAN

   (config)# vlan 3
   !(config-vlan)# name "CM"
   !(config-vlan)# exit
   

2. Assign CM VLAN 3 to the desired ports. Unfortunately, you have to configure one port at a time. Luckily, you can use the up arrow key to go through previous commands to make things faster.

   !(config)# interface gi 0/1
   !(config-if)# switchport mode access
   !(config-if)# switchport acc vlan 3
   !(config)# interface gi 0/2
   !(config-if)# switchport mode access
   !(config-if)# switchport acc vlan 3
   !(config)# interface gi 0/3
   !(config-if)# switchport mode access
   !(config-if)# switchport acc vlan 3
   !(config)# interface gi 0/4
   !(config-if)# switchport mode access
   !(config-if)# switchport acc vlan 3
   

3. After repeating steps 1 and 2 for the Control and Data VLANs (with correct port numbers and VLAN number, of course), configure the trunk ports:

   !(config-if)# interface gi 0/45
   !(config-if)# switchport mode trunk
   !(config-if)# switchport trunk allowed vlan 3,27,28
   !(config-if)# interface gi 0/46
   !(config-if)# switchport mode trunk
   !(config-if)# switchport trunk allowed vlan 3,27,28
   !(config-if)# interface gi 0/47
   !(config-if)# switchport mode trunk
   !(config-if)# switchport trunk allowed vlan 3,27,28
   !(config-if)# interface gi 0/48
   !(config-if)# switchport mode trunk
   !(config-if)# switchport trunk allowed vlan 3,27,28
   !(config-if)# exit
   !(config)# save
   (config)# exit
   

DHCP/BootP relay agent (6/24)

attempt was made but not knowing the DHCP server's address didn't help. Nevertheless, translations on how to set up a relay agent/ IP helper are here.

Native VLAN configuration (6/25)

A native VLAN was set up on the trunk ports so the switch will have an interface that can be assigned an IP address.

1. Make a VLAN. Name the native VLAN.

   (config)# vlan 1
   (config-vlan)# name "Network"
   !(config-vlan)# exit
   

2. Assign static IP address to the interface. we needed to find the switch's IP address with nslookup. This was actually done 7/2, after its MAC address was registered.

   !(config-vlan)# interface vlan 1
   !(config-if)# ip address 172.16.19.253 255.255.0.0
   

3. Configure ports to be trunk ports, then specify the native VLAN

   !(config)# interface gi 0/48
   !(config-if)# switchport mode trunk 
   !(config-if)# switchport trunk native vlan 1
   

4. Specify which VLANs are allowed on the trunk. This includes all VLANs that converge to this trunk, as well as the native VLAN for this trunk. If the port is already made to allow other VLANs, instead of using command switchport trunk allowed vlan 1,3,27,28 you can just add VLAN 1 by using the vlan add <vlan ID> context:

   !(config-if)# swi trunk allowed vlan add 1
   

so now the configurations for port 0/48 look like this:

!(config-if)# sh
interface gigabitethernet 0/48
  switchport mode trunk
  switchport trunk allowed vlan 1,3,27-28
  switchport trunk native vlan 1

Port speeds (7/17)

By default, the switch autonegociates. You can change this by going into configuration mode for each port, and changing settings using the speed command. The syntax:

• speed auto [10|100|1000] - autonegociate. If a speed is specified, the port will be shut down by the switch if the host refuses to negotiate to the set speed.
• speed [10|100|1000] - sets port to specific speed, no autonegociation

The port should be shut down before changing speed settings. This seems to allow the changes to take immediate effect, even before saving config changes. Each port needs to be configured separately, which makes it a bit annoying.

sw-sb09(config)#  interface gi 0/13
sw-sb09(config-if)# shutdown
!sw-sb09(config-if)# 
02/06 03:35:48 E3 PORT GigabitEthernet0/13 25011100 1350:000000000000 Port disabled administratively.
!sw-sb09(config-if)# speed auto 1000
!sw-sb09(config-if)# no shutdown      

SNMP (8/13)

For a explanation of SNMP: ​http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol
In the IP8800 guide: ​http://www.nec.co.jp/ip88n/s36_sw/html/cfguide2/index.html
MIB references: ​http://www.alvestrand.no/objectid/

Configuring the IP8800

Use of SNMP (Simple Network Management Protocol) is not set by default; you must create access lists with IP addresses allowed to request information as a manager device. In this case, an ACL is created for all the interfaces of SB9, eth1:

!sw-sb09(config)# access-list 1 permit 10.19.0.10 0.0.0.0
!sw-sb09(config)# access-list 1 permit 192.168.100.28 0.0.0.0
!sw-sb09(config)# access-list 1 permit 192.168.1.28 0.0.0.0
!sw-sb09(config)# access-list 1 permit 172.16.100.1 0.0.0.0
!sw-sb09(config)# sh access-list 
access-list 1 10 permit host 10.19.0.10
access-list 1 20 permit host 192.168.100.28
access-list 1 30 permit host 192.168.1.28
access-list 1 40 permit host 172.16.100.1

To add a block of IP's to the ACL, you need the starting IP address and wildcard (range of host addresses available) for that IP block. To add the Network VLAN subnet to the ACL:

access-list 1 50 permit 172.16.0.1 0.0.255.255

to include it in the snmp access list, use the following command:

sw-sb09(config)# snmp-server community "NET" rw 1

where "NET" is the group name, "rw" - read/write, as opposed to "ro", read-only, and "1" is the access list allowed.

Accessing MIBs on the IP8800

accessing it through the switch itsself is easy enough:

sw-sb09# snmp walk 1.3.6.1.2.1.1            

Name: sysDescr.0
Value: ALAXALA AX3640S AX-3640-48T2XW-L [AX3640S-48T2XW] Switching software Ver. 
10.7 [OS-L3L]

Name: sysObjectID.0
Value: ax3640s

Name: sysUpTime.0
Value: 25724205

Name: sysContact.0
Value: 

Name: sysName.0
Value: sw-sb09

Name: sysLocation.0
Value: 

Name: sysServices.0
Value: 78

Elucidation (Or, How-TO's)

The IP8800/S3640-48T2XW and IP8800/S3640-24T2XW are the two models of NEC switch that support OpenFlow. "Smart" switches like the IP8800 must be configured via a command line before they can be used.

As of now, this is just a conglomeration of facts and hints on how to configure the 48-port IP8800/S3640-48T2XW. Before we begin, here are the assumptions that are made throughout these pages:

• You are running/know how to get around Linux (We are, for the most part, using Ubuntu unless specified)
• You are using the NEC IP8800/S3640-48T2XW switch.
• You know network models (e.g. TCP/IP, OSI)

---

Section 1: The Basics

If you are unfamiliar with "smart" switches or how to configure them, this is the place to start. This section covers the following:

• Using the serial connection to log in
  • troubleshooting
• User modes and contexts
  • available commands / help pages
  • switching contexts and autocompletion (a remark)
• Creating and configuring VLANs and VLAN interfaces
• Setting up Telnet
  • Using it
  • troubleshooting

---

Logging into the switch for the first time.

Out of the box, the switches are not configured for Telnet. In this case, you need to log into the switch using the serial port, which uses a standard RS-232 cable. You'll also need to have software installed on your PC to be able to establish a serial connection. Kermit is the recommended choice - it's default settings allow you to connect without changing anything.

1. Name your switch. People names are easier to remember than IP addresses or machine-like names i.e. as01-hh-alex, and are easier to use in discussion if everyone agrees on names. Note, the names Bob, Nancy, and Andy are already taken.

2. Install kermit. If not already installed on your box, the Debian package for kermit is ckermit, and can be easily installed with apt-get.

3. Establish a connection. Connect your PC to the port labeled "console" on the switch using the RS-232 cable, and issue the following commands as root:

    /$ kermit
    C-Kermit>set line /dev/ttyS0
    C-Kermit>set carrier-watch off
    C-Kermit>connect
   

Or, you can use the shorthand one-liner:

 kermit -l /dev/ttyS0
 connect

You should then see something like below:

 Connecting to /dev/ttyS0, speed 0
  Escape character: Ctrl-\ (ASCII 28, FS): enabled
 Type the escape character followed by C to get back,
 or followed by ? to see other options.
 ----------------------------------------------------


 login:

If the login prompt doesn't come up, hitting the enter key should bring it up. The default username is "operator", and the password is blank. Once logged in, you will be brought to the CLI (Command line interface). Commands are entered at the caret.

login: operator

Copyright (c) 2005-2008 ALAXALA Networks Corporation. All rights reserved.


> 

4. exiting. Ctrl-\ q ends the kermit session. The command exit or logout will just log you out of the switch, but will not end the session.

Troubleshooting serial connections

• Make sure you are root when you start up kermit.

• Kermit will balk if you try to log in while there is a session going on. Make sure that no one else is logged in via serial, and that you haven't forgotten to log out during a previous session.

• If you get a message like this with the one-liner of kermit -l /dev/ttyS0. :

  ?Carrier required but not detected.
  ***********************************
   Hint: To CONNECT to a serial device that
   is not presenting the Carrier Detect signal,
   first tell C-Kermit to:
  
     SET CARRIER-WATCH OFF
  
  ***********************************
  
  

  type the commands given above in lowercase.

• If, for some reason, you can't use kermit or have to configure the settings for your serial connection, use the following settings:

    * speed: 9600
    * data bits: 8
    * stop bits: 1 
    * Flow control: none
    * Parity: none
  

  Note, we have found that minicom doesn't seem to work too well with the switches. If you get it to work, please note it!

---

User modes and contexts

As with Cisco switches, you must be in privileged mode to make any configuration changes on the switch (or see the full list of commands). The magic word is "enable".

> ena     <<---whole command is 'enable'
#

Note how the switch autocompletes commands; you don't need to type the whole command. "configure" brings you to the configuration prompt, which looks like this :

# config          
(config)# 

All configurations, from port speed to the MoTD banner, are done from here.

Here, typing different sets of commands bring you to different configuration modes specific to the feature you are trying to modify. the commands that bring you to the specialized modes are called "contexts," and typing them are called "entering a context." Some contexts we want to focus on are:

 - `vlan n` - create/configure standard VLANs, n being the VLAN ID (some number)
 - `interface vlan n` - create/ configure a virtual interface with both Layer 2 and 3 characteristics 
 - `interface gigabitethernet 0/n` - configure specific port, n being number between 1 and 48
 - `line <vty|console> vtyrange<0-b>` - configure telnet or console parameters, respectively

Don't worry even if these don't make sense now - The meanings of the contexts will be explained as we introduce each context.

As you can see, when you enter a context, the prompt becomes "(config-if)#." However, this prompt doesn't indicate what context you are using; you just have to remember what you are doing. If you forget where you were, typing "show" will display all of the configurations saved for that specific context (hopefully giving you enough information to let you recall what you were trying to do).

(config)# interface vlan 8              <<---start by entering the 'interface vlan' context             
!(config-if)# 
!(config-if)# interface gi 0/3           <<---switch to 'interface gigabitethernet' context 
!(config-if)#                            <<---note how prompt still shows up as "config-if"

As you can see above, when you make changes to the configurations (e.g. create vlan interfaces as in this example), you will see a "!" before the prompt. This is there to remind you that you've made changes that must be saved if you want them to survie a reboot. The command "save" intuitively saves the settings. The command exit lets you exit from contexts and enabled mode, or lets you log out of the switch if you were just in user mode.

!(config-if)# save
(config-if)# exit
(config)# exit
#

Available commands / help pages

Like with Cisco switches, typing ? at the prompt will list the available commands along with a brief summary. If you are in a certain context, typing ? will show you configuration options available for that context.

switching contexts and autocompletion

From the intitial configuration prompt, you can let the switch autocomplete contexts. For example:

sw-sb09(config)# int gi 0/34     <<-- instead of "interface gigabitethernet 0/34"
sw-sb09(config-if)# 

However, if you are already in a context, and you want to switch to another context, you must type the first word in full, else the switch will throw an error:

sw-sb09(config-if)# int gi 0/35
int gi 0/35 
 ^
% illegal parameter at '^' marker
sw-sb09(config-if)# interface gi 0/35 
sw-sb09(config-if)#         

---

Setting up Telnet

Setting up telnet on the switch requires several steps that involve a few contexts. The steps can be outlined as the following:

1. Create a VLAN for telnet via the "vlan" context. For clarity (and good practice), we name our VLAN "telnet" so we know what it's used for.

   (config)# vlan 4
   !(config-vlan)# name "telnet"
   !(config-vlan)# exit
   !(config)# 
   

2. Assign an IP address to the VLAN. By entering the "interface vlan" context you automatically turn VLAN 4 into a VLAN interface.

   !(config)# interface vlan 4
   !(config-if)# ip address 192.168.10.1 255.255.255.0
   !(config-if)# exit
   !(config)#
   

3. Enable telnet logins to the switch. The "line vty" context allows you to do this. The numbers following the context denote which virtual terminals users can use to access the switch via telnet. Here, vty 0-2 can be used, meaning 3 users can simultaneously telnet into the switch.

   !(config)# line vty 0 2
   !(config-line)# exit
   !(config)#   
   !(config)# save
   (config)# exit
   # 
   

Using Telnet

Once you've set up telnet on your switch, you can access the switch with the IP address you've assigned it during step 2 above. So for this switch you would issue the following command from your terminal:

$ telnet 192.168.10.1

The username and password are the same for this prompt once you connect.

Troubleshooting

…coming soon, if ever

---

Creating and configuring VLANs and VLAN interfaces

There are also contexts that support ranges of interfaces/ports/VLANs. For example, to configure ports 1-4 and 30 at once:

 sw-sb09(config)# int range gigabitethernet 0/1-4, gigabitethernet 0/30
 sw-sb09(config-if-range)# 

Note how the prompt becomes "(config-if-range)" in this case.

Ports, VLANs, VLAN interfaces

Before we get to configuring things, we cover a few basics about ports and VLANs in terms of these switches. You should be familiar with the following before going through this section or on to configuration:

• classic VLANs - ​http://en.wikipedia.org/wiki/Virtual_LAN
• tagging/trunking - ​http://en.wikipedia.org/wiki/IEEE_802.1Q

ports

By configuring the ports, you can control physical layer properties of the switch e.g. port speed, whether it is full or half duplex, and whether the port is up or down.

There are 48 RJ-45 (Ethernet) 1GBps ports and two sockets for GBICs (10GBps fiber links) on the switch. The switch identifies the ports by giving them unique names based on their speed and location. RJ45 ports are geth0/1 through geth0/48, and the GBICs, tengeth0/49 and 0/50.

The command "show port status" can be used to see this:

sw-sb09> sh po st
Date 2010/01/18 05:44:23 UTC
Port Counts: 50
Port  Name           Status T/R  All packets   Multicast   Broadcast     Discard
 0/ 1 geth0/1        up     Tx        950638         581      437112           0
                            Rx         83404           0        2376           0
 0/ 2 geth0/2        up     Tx        948981         581      437196           0
                            Rx         81580           0        2292           0
 0/ 3 geth0/3        up     Tx        948982         581      437194           0
                            Rx         81584           0        2294           2
 ...
 
 0/47 geth0/47       down   Tx             0           0           0           0
                            Rx             0           0           0           0
 0/48 geth0/48       up     Tx        281248          10        6975           0
                            Rx       4358554     3135424      481238           0
 0/49 tengeth0/49    down   Tx             0           0           0           0                
                            Rx             0           0           0           0
 0/50 tengeth0/50    down   Tx             0           0           0           0
                            Rx             0           0           0           0

The ports are counted beginning the top left RJ-45 at 0/1 and end at the lower right port at 0/48. If you look at the front of the switch you can see that they are labeled above the link lights of each of the pairs of ports.

VLANs

In the context of switching, VLANs tie Layer 1 with Layer 2 by assigning each port a VLAN. A host connected to a port assigned to VLAN n will become a member of that VLAN. The VLANs on a switch can be seen with the command show vlan under enabled (super user) mode:

sw-sb09# sh vlan 
Date 2010/01/20 03:12:01 UTC
VLAN counts:6   VLAN tunneling enabled                
VLAN ID:1     Type:Port based      Status:Up
  Learning:On            Tag-Translation:
  BPDU Forwarding:       EAPOL Forwarding:
  Router Interface Name:VLAN0001
  IP Address:172.16.19.253/16                         <<---IP address of VLAN interface
  Source MAC address: 0012.e2c8.1f9c(System) 
  Description:Network
  Spanning Tree:                                     
  AXRP RING ID:      AXRP VLAN group: 
  GSRP ID:      GSRP VLAN group:    L3:
  IGMP snooping:     MLD snooping:
  Untagged(10)  :0/39-48
VLAN ID:3     Type:Port based      Status:Up
  Learning:On            Tag-Translation:
  BPDU Forwarding:       EAPOL Forwarding:
  Router Interface Name:VLAN0003
  IP Address:
  Source MAC address: 0012.e2c8.1f9c(System) 
  Description:CM
  Spanning Tree: 
  AXRP RING ID:      AXRP VLAN group: 

...

Rest assured, there are many details in this output that you don't have to worry about.

VLAN interfaces

In addition to the classic VLANs, the IP8800 also allows you to assign IP addresses and subnets to VLANs as if they are IP Layer constructs. These L2/L3 conglomerates are referred to as "VLAN interfaces", and give the switch extra functionality that would otherwise only be found in higher-layer devices.

VLAN interfaces are also important because it provides a means to interact with a Layer 2 device (the switch) using Layer 3 means (IP). Hence, you will need to deal with VLAN interfaces if you want to, say, use telnet to communicate with the switch.

Otherwise, VLAN interfaces are handled like any other VLAN.

• Virtual interfaces - Also called "VLANs" by the switch. They do function as VLANs in the traditional sense, but in this case, are also associated with IP addresses used by the switch (i.e. the IP address used when telnetting).

• Ports - By default all ports are assigned to VLAN 1. The ports must be assigned to different VLANs according to how you want the frames to/from the port are handled. Port settings are configured from the interface gigabitethernet 0/n context in configure mode. The three main contexts we need are:

1- switchport mode access - the default port mode. Port is associated with a vlan, but frames from the port are not tagged - the frames are dropped if they are seen on the trunk.

2- switchport mode dot1q-tunnel - frames from the port are tagged upon hitting the trunk and not dropped.

3- switchport mode trunk - port is a trunk and can handle frames from multiple vlans.

Go back to OpenFlow index