brocade configurations

Brocade Configuration Examples

Brocade Configuration Examples 2

Terminal Configurations

Windows Environment

In a UNIX environment, enter the following string at the prompt:tip /dev/ttyb -9600

If ttyb is already in use, use ttya instead and enter the following string at the prompt:tip /dev/ttya -9600


system prompt.

• User = >

• Privileged = #

• CONFIG = (config)#


POE/POE+

PoE Device will supply 15.4 watts of power at the RJ-45 jack

PoE+Device will supply either 15.4 or 30 watts of power


POE/POE+ Configurations

Brocade#configure terminalBrocade(config)# interface ethernet 1/1Brocade(config-if-e1000-1/1)# inline power power-limit 14000

These commands enable in-line power on interface ethernet 1 in slot 1 and set the PoE power level to 14,000milliwatts (14 watts).

Syntax: inline power power-limit <power level>

The <power level> variable is the maximum power level in number of milliwatts. The following values aresupported:

• PoE: Enter a value from 1000 through 15,400. The default is 15,400.• PoE+: Enter a value from 1000 through 30,000. The default is 30,000.


CLI Commands for use with the management portTo display the current configuration

show running-config interface management

Syntax: show running-config interface management <num>

Brocade(config-if-mgmt)#ip addr 10.44.9.64/24Brocade(config)#show running-config interface management 1interface management 1ip address 10.44.9.64 255.255.255.0


show interfaces management <num>

management port Show Commands

Brocade(config)#show interfaces management 1GigEthernetmgmt1 is up, line protocol is upHardware is GigEthernet, address is 0000.9876.544a (bia 0000.9876.544a)Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdxConfigured mdi mode AUTO, actual noneBPRU guard is disabled, ROOT protect is disabledLink Error Dampening is DisabledSTP configured to OFF, priority is level0, mac-learning is enabledFlow Control is config disabled, oper enabledMirror disabled, Monitor disabledNot member of any active trunksNot member of any configured trunksNo port nameIPG MII 0 bits-time, IPG GMII 0 bits-timeIP MTU 1500 bytes300 second input rate: 83728 bits/sec, 130 packets/sec, 0.01% utilization300 second output rate: 24 bits/sec, 0 packets/sec, 0.00% utilization39926 packets input, 3210077 bytes, 0 no bufferReceived 4353 broadcasts, 32503 multicasts, 370 unicasts0 input errors, 0 CRC, 0 frame, 0 ignored0 runts, 0 giants22 packets output, 1540 bytres, 0 underrunsTransmitted 0 broadcasts, 6 multicasts, 16 unicasts0 output errors, 0 collisions

Syntax: show interfaces brief management <num>

Syntax: show statistics brief management <num>

Brocade(config)#show statistics brief management 1PortIn PacketsOut PacketsTrunkIn ErrorsOut Errorsmgmt1399462200Total399452200


management port Show Commands Cont..

show statistics management <num>


Change Host Name

Syntax: hostname <string>

Brocade(config)# hostname zappazappa(config)#


CLI banner configuration

Setting a message of the day banner

For example, to display the message “Welcome to FESX!” when a Telnet CLI session is established

Brocade(config)# banner motd $ (Press Return)Enter TEXT message, End with the character '$'.Welcome to FESX! $

To remove the banner, enter the no banner motd command.

Setting a privileged EXEC CLI level banner

You can configure the Brocade device to display a message when a user enters the Privileged EXEC CLI level.

ExampleBrocade(config)# banner exec_mode # (Press Return)Enter TEXT message, End with the character '#'.You are entering Privileged EXEC levelDo not foul anything up! #

up to 4000 characters


Assigning a port name

To assign a name to a port.

Brocade(config)# interface ethernet 2Brocade(config-if-e1000-2)# port-name Marsha

The name can be up to

64 characte

rs long


Port speed and duplex mode modification

• designed to auto-sense and auto-negotiate the speed and duplex mode of the connected device

• If the attached device does not support you can manually enter the port speed to operate at either 10, 100, or 1000 Mbps

• default and recommended setting is 10/100/1000 auto-sense


Port speed and duplex mode configuration syntax

The following commands change the port speed of copper interface 8 on a FastIron from thedefault of 10/100/1000 auto-sense, to 100 Mbps operating in full-duplex mode.

Brocade(config)# interface ethernet 8Brocade(config-if-e1000-8)# speed-duplex 100-full

NOTEOn FastIron devices, when setting the speed and duplex-mode of an interface to 1000-full, configureone side of the link as master (1000-full-master) and the other side as slave (1000-full-slave).


Enabling auto-negotiation maximum port speed advertisement and down-shift

Port speed down-shift enables Gbps copper ports on the Brocade device to establish a link at 1000Mbps over a 4-pair wire when possible, or to down-shift to 100 Mbps if the medium is a 2-pair wire.

Maximum port speed application notes

Port speed down-shift and maximum port speed advertisement work only whenauto-negotiation is enabled (CLI command speed-duplex auto). If auto-negotiation is OFF, thedevice will reject the port speed down-shift and maximum port speed advertisementconfiguration.

Combo Ports not support


Enabling port speed down-shiftfollowing at the Global CONFIG level of the CLI

Brocade(config)# link-config gig copper autoneg-control down-shift ethernet 1 ethernet 2


Enabling port speed down-shift Cont…

Configuring port speed down-shift and auto-negotiation for a range of ports

Port speed down-shift and auto-negotiation can be configured for an entire range of ports with asingle command.

For example, to configure down-shift on ports 0/1/1 to 0/1/10 and 0/1/15 to 0/1/20 on thedevice, enter the following.

Brocade(config)# link-config gig copper autoneg-control down-shift ethernet 0/1/1 to 0/1/10 ethernet 0/1/15 to 0/1/20

To configure down-shift on ports 5 to 13 and 17 to 19 on a compact switch, enter the following.

Brocade(config)# link-config gig copper autoneg-control down-shift ethernet 5 to 13 ethernet 17 to 19


Enabling port speed down-shift Cont…

To disable selective auto-negotiation of 100m-auto on ports 0/1/21 to 0/1/25 and 0/1/30, enterthe following.

Brocade(config)# no link-config gig copper autoneg-control 100m-auto Ethernet 0/1/21 to 0/1/25 ethernet 0/1/30


Configuring maximum port speed advertisement

To configure a maximum port speed advertisement of 10 Mbps on a port that has auto-negotiationenabled, enter a command such as the following at the Global CONFIG level of the CLI.

Brocade(config)# link-config gig copper autoneg-control 10m ethernet 1

To configure a maximum port speed advertisement of 100 Mbps on a port that hasauto-negotiation enabled, enter the following command at the Global CONFIG level of the CLI.

Brocade(config)# link-config gig copper autoneg-control 100m ethernet 2

Syntax: [no] link-config gig copper autoneg-control 10m | 100m ethernet <port> [Ethernet [<port>]


Modifying port duplex mode

You can manually configure a 10/100 Mbps port to accept either full-duplex (bi-directional) orhalf-duplex (uni-directional) traffic.

Port duplex mode configuration syntax

To change the port speed of interface 8 from the default of 10/100/1000 auto-sense to 10 Mbpsoperating at full-duplex, enter the following.

Brocade(config)# interface ethernet 8Brocade(config-if-e1000-8)# speed-duplex 10-full


Disabling or re-enabling a port

A port can be made inactive (disable) or active (enable) by selecting the appropriate status option.The default value for a port is enabled.

To disable port 8 of a Brocade device, enter the following.

Brocade(config)# interface ethernet 8Brocade(config-if-e1000-8)# disable

You also can disable or re-enable a virtual interface. To do so, enter commands such as thefollowing.Brocade(config)# interface ve v1Brocade(config-vif-1)# disable


Changing the Gbps fiber negotiation modeThe globally configured Gbps negotiation mode is the default mode for all Gbps fiber ports. Youcan override the globally configured default and set individual ports to the following: NOTE

Gbps negotiation is not supported on ICX 6430 and ICX 6450 devices.• Negotiate-full-auto – The port first tries to perform a handshake with the other port to

exchange capability information. If the other port does not respond to the handshake attempt,the port uses the manually configured configuration information (or the defaults if anadministrator has not set the information). This is the default.

• Auto-Gbps – The port tries to perform a handshake with the other port to exchange capabilityinformation.

• Negotiation-off – The port does not try to perform a handshake. Instead, the port usesconfiguration information manually configured by an administrator.

To change the mode for individual ports, enter commands such as the following.Brocade(config)# interface ethernet 1 to 4Brocade(config-mif-1-4)# gig-default auto-gig


Determining the flash image version running on the device

To determine the flash image version running on a device, enter the show version command at anylevel of the CLI. Some examples are shown below.


Displaying the boot image version running on the device

To determine the boot image running on a device, enter the show flash command at any level of theCLI. The following shows an example output.


Flash image verification

The Flash Image Verification feature allows you to verify boot images based on hash codes, and togenerate hash codes where needed. This feature lets you select from three data integrityverification algorithms:

• MD5 - Message Digest algorithm (RFC 1321)

• SHA1 - US Secure Hash Algorithm (RFC 3174)

• CRC - Cyclic Redundancy Checksum algorithm


Flash image CLI commandsUse the following command syntax to verify the flash image:

Syntax: verify md5 | sha1 | crc32 <ASCII string> | primary | secondary [<hash code>]

• md5 – Generates a 16-byte hash code• sha1 – Generates a 20-byte hash code• crc32 – Generates a 4 byte checksum• ascii string – A valid image filename• primary – The primary boot image (primary.img)• secondary – The secondary boot image (secondary.img)• hash code – The hash code to verify

Flash image verification Cont…


To generate an MD5 hash value for the secondary image, enter the following command.

Brocade#verify md5 secondaryBrocade#.........................DoneSize = 2044830, MD5 01c410d6d153189a4a5d36c955653862

To generate a SHA-1 hash value for the secondary image, enter the following command.Brocade#verify sha secondaryBrocade#.........................DoneSize = 2044830, SHA1 49d12d26552072337f7f5fcaef4cf4b742a9f525

To generate a CRC32 hash value for the secondary image, enter the following command.Brocade#verify crc32 secondaryBrocade#.........................DoneSize = 2044830, CRC32 b31fcbc0



To verify the hash value of a secondary image with a known value, enter the following commands.

Brocade#verify md5 secondary 01c410d6d153189a4a5d36c955653861Brocade#.........................DoneSize = 2044830, MD5 01c410d6d153189a4a5d36c955653862Verification FAILED.

In the previous example, the codes did not match, and verification failed. If verification succeeds,the output will look like this.Brocade#verify md5 secondary 01c410d6d153189a4a5d36c955653861Brocade#.........................DoneSize = 2044830, MD5 01c410d6d153189a4a5d36c955653861Verification SUCEEDED.

The following examples show this process for SHA-1 and CRC32 algorithms.Brocade#verify sha secondary 49d12d26552072337f7f5fcaef4cf4b742a9f525Brocade#.........................DoneSize = 2044830, sha 49d12d26552072337f7f5fcaef4cf4b742a9f525Verification SUCCEEDED.



Software upgrades


Loading and saving configuration files

For easy configuration management, all Brocade devices support both the download and upload ofconfiguration files between the devices and a TFTP server on the network.


Replacing the startup configuration with the running configuration

After you make configuration changes to the active system, you can save those changes by writingthem to flash memory. When you write configuration changes to flash memory, you replace thestartup configuration with the running configuration.

To replace the startup configuration with the running configuration, enter the following commandat any Enable or CONFIG command prompt.

Brocade#write memory


Replacing the running configuration with the startup configuration

If you want to back out of the changes you have made to the running configuration and return tothe startup configuration, enter the following command at the Privileged EXEC level of the CLI.

Brocade#reload


Copying a configuration file to or from a TFTP server

The maximum size for the running-config and the startup-config file is 512K each.


NOTE Make sure you enter each command at the correct CLI level. Since some commands haveidentical forms at both the global CONFIG level and individual configuration levels, if the CLIresponse to the configuration file results in the CLI entering a configuration level you did notintend, then you can get unexpected results.

For example, if a trunk group is active on the device, and the configuration file contains acommand to disable STP on one of the secondary ports in the trunk group, the CLI rejects thecommands to enter the interface configuration level for the port and moves on to the nextcommand in the file you are loading. If the next command is a spanning-tree command whosesyntax is valid at the global CONFIG level as well as the interface configuration level, then thesoftware applies the command globally. Here is an example.

The configuration file contains these commands.interface ethernet 2no spanning-tree


NOTE

If the file contains commands that must be entered in a specific order, the commands mustappear in the file in the required order. For example, if you want to use the file to replace an IPaddress on an interface, you must first remove the old address using “no” in front of the ipaddress command, then add the new address. Otherwise, the CLI displays an error messageand does not implement the command. Here is an example.

The configuration file contains these commands.interface ethernet 11ip address 10.10.10.69/24

The end command must appear on thelast line of the file, by itself


Network connectivity testing


By default, a Brocade device does not time out serial console sessions. A serial session remainsopen indefinitely until you close it. You can however define how many minutes a serial managementsession can remain idle before it is timed out.

Defining the console idle time


NOTE


Local user accounts

You can define up to 16 local user accounts on a Brocade device. User accounts regulate who canaccess the management functions in the CLI using the following methods:• Telnet access• Web management access• SNMP access

A management privilege level, which can be one of the following:• Super User level (default) – Allows complete read-and-write access to the system. This isgenerally for system administrators and is the only privilege level that allows you toconfigure passwords.• Port Configuration level – Allows read-and-write access for specific ports but not for globalparameters.• Read Only level – Allows access to the Privileged EXEC mode and User EXEC mode withread access only.


Local user accounts Cont….


Enabling enhanced user password combination requirements

When strict password enforcement is enabled on the Brocade device, you must enter a minimum ofeight characters containing the following combinations when you create an enable and a userpassword:

• At least two upper case characters• At least two lower case characters• At least two numeric characters• At least two special characters

Use the enable strict-password-enforcement command to enable the password security feature.Brocade(config)#enable strict-password-enforcement


Enabling user password masking

By default, when you use the CLI to create a user password, the password displays on the consoleas you type it. For enhanced security, you can configure the Brocade device to mask the passwordcharacters entered at the CLI. When password masking is enabled, the CLI displays asterisks (*) onthe console instead of the actual password characters entered.

The following shows the default CLI behavior when configuring a username and password.

Brocade(config)#username kelly password summertime

The following shows the CLI behavior when configuring a username and password whenpassword-masking is enabled.

Brocade(config)#username kelly passwordEnter Password: ********


System reload scheduling


Setting a Telnet password


Setting a SSH passwordLets break this down into steps:1) generate a key #crypto key gen2) create an ACL access group and bind it to the SSH login #access-list 10 permit <ip_address/maskbits> ... repeat as necessary ... #ssh access-group 103) set an idle timeout #ip ssh idle-time 20 !time in minutes4) set a login timeout #ip ssh timeout 60 !time in seconds5) consider disabling telnet (optional) #no telnet server6) Now create the local login accounts: #user icxadmin privilege 0 pass <yourSuperSecurePassword>7) Configure AAA to use the local user database as default #aaa authentication login default local8) Consider enabling user/pass requirement for console access too (optional) #enable aaa consoleAlways keep your routers/switches secure and document your configuration, including access settings, in your secure run book.


Changing the MAC age time and disabling MAC address learning


LABCreate VLAN

Assign IP to VLANMAP Ports to VLAN

VLAN Routing


THANK YOU!

brocade configurations

Documents