Cisco MGX 8850 (PXM45) and MGX 8950 Software Configuration Guide, Release 3
Configuring General Switch Features
Download this chapter
Configuring General Switch FeaturesConfiguring General Switch Features
Download the complete book
PDF Copy of the Cisco MGX 8850 (PXM45) and MGX 8950 Software Configuration Guide, Release 3PDF Copy of the Cisco MGX 8850 (PXM45) and MGX 8950 Software Configuration Guide, Release 3 (PDF - 4 MB)
give_us_feedback

Table Of Contents

Configuring General Switch Features

Configuration Quickstart

Initializing the Switch

Starting a CLI Management Session After Initialization

Ending a CLI Management Session

Entering Commands at the Switch Prompt

Getting Command Help

Displaying Command Lists

Displaying Detailed Command Lists

Displaying Command Syntax and Parameters

Configuring User Access

Adding Users

Changing Your Own User Password

Changing User Access Levels and Passwords with cnfuser

Deleting Users

Resetting the Default User Password

Enabling and Disabling the User cisco Password Reset

Setting and Viewing the Switch Name

Viewing and Setting the Switch Date and Time

Configuring PNNI Node Parameters

Adding the PNNI Controller

Setting the PNNI Level and Peer Group ID

Setting the PNNI Node Address

Setting the PNNI Node ID

Setting and Viewing the SPVC Prefix

Displaying PNNI Summary Addresses

Configuring the MPLS Controller

Configuring Clock Sources

Manually Configuring BITS Clock Sources

Enabling NCDP on a Node

Setting the LAN IP Addresses

Setting the Boot IP Address

Setting the LAN or Disk IP Address

Starting a CLI Session Through the LAN Port

Configuring for Network Management

Configuring the SNMP Trap Source IP Address

Configuring the SNMP Manager Destination IP Address

Configuring the Community String and General Switch Information

Verifying the Hardware Configuration


Configuring General Switch Features

This chapter describes how to set up general switch features that apply to multiple switch interfaces, beginning with a configuration quickstart procedure, which introduces the configuration tasks. The following sections provided detailed information on how to complete the configuration tasks.

Configuration Quickstart

The quickstart procedure is provided as an overview and as a quick reference for those who have already configured Cisco MGX 8850 and Cisco MGX 8950 switches.

 
Command
Purpose

Step 1 

sysVersionSet version

reboot

Select the runtime firmware version the switch will use on the PXM45 card and restart the switch with that firmware. For example, 

sysVersionSet "002.001.000.000"

Note that these commands must be entered at the PXM45 backup boot prompt: pxm45bkup>.

See the "Initializing the Switch" section, which appears later in this chapter.

Step 2 

username

password

Start a management session.

For instructions on starting a session from a terminal or workstation attached to the Console Port (CP), see the "Starting a CLI Management Session After Initialization" section, which appears later in this chapter.

For information on other ways to manage a switch, see ""Supporting and Using Additional CLI Access Options."

Note To perform all the procedures in this quickstart procedure, you must log in as a user with SERVICE_GP privileges. The default user with these privileges is service and the default password is service. For more information on access privileges, see the "Configuring User Access" section, which appears later in this chapter.

Step 3 

adduser <username> <accessLevel>

Related commands:

cnfpasswd

cnfuser <options>

deluser <username>

Configure user access. This step is optional.

See the "Configuring User Access" section, which appears later in this chapter.

Step 4 

cnfname <node name>

Configure the switch name.

See the "Setting and Viewing the Switch Name" section, which appears later in this chapter.

Step 5 

cnfdate <mm:dd:yyyy>

cnftmzn <timezone>

cnftmzngmt <timeoffsetGMT>

cnftime <hh:mm:ss>

Related commands:

dspdate

Configure the switch time.

See the "Viewing and Setting the Switch Date and Time" section, which appears later in this chapter.

Step 6 

addcontroller <options>
cnfpnni-node <options>
cnfspvcprfx <options>

Related commands:

dspcontrollers
dspspvcprfx
dsppnni-summary-addr

Configure basic PNNI node parameters which include the PNNI controller, PNNI level, peer group ID, ATM address, node ID, and SPVC prefix.

See the "Configuring PNNI Node Parameters" section, which appears later in this chapter.

Step 7 

addcontroller <options>

Related commands:

dspcontrollers

Add the MPLS controller.

See the "Configuring the MPLS Controller" section, which appears later in this chapter.

Step 8 

cnfclksrc <options>

or

cnfncdp

Configure any BITS clock ports the switch will use. This step is optional.

See the "Configuring Clock Sources" section, which appears later in this chapter.

Note For information on configuring AXSM line clock sources, see the "Configuring AXSM Line Clock Sources" section in "Provisioning AXSM Communication Links."

Step 9 

bootChange

ipifconfig <options>

Set the IP address or addresses for LAN access.

See the "Setting the LAN IP Addresses" section, which appears later in this chapter.

Step 10 

cnfsnmp community [string]

cnfsnmp contact [string]

cnfsnmp location [string]

Related commands:

dspsnmp

Configure SNMP management.

See the "Configuring for Network Management" section which appears later in this chapter.

Step 11 

dspcds

dspcd

cc <slotnumber>

Verify the hardware configuration.

See the "Verifying the Hardware Configuration" section, which appears later in this chapter.

Initializing the Switch

After you assemble a new switch, as described in either the Cisco MGX 8850 Hardware Installation  Guide (PXM45/B and PXM1E) or the Cisco MGX 8950 Hardware Installation Guide, you must initialize the switch before you can configure it. Although PXM45 cards ship with the latest version of boot firmware on the front card, the runtime firmware cannot be loaded until both front and back cards have been installed. When you initialize the switch, you are configuring the switch to load a specific runtime firmware version from the PXM45 hard disk back card.

A new switch must be initialized using a console port management session. As shown in Figure 2-1, a console port management session requires a terminal or workstation with a serial connection to the Console Port (CP) port on the PXM45 UI-S3 back card.

Note Note that some or all of the commands discussed in this section require service-level or above user privileges. To access these commands, you must have debug (Service or Cisco level) privileges and passwords. Check with TAC for assistance.

Figure 2-1 Workstation Connection to Console Port

To initialize the switch, use the following procedure.

Step 1 Physically connect a terminal or workstation to the PXM45 UI-S3 back card as shown in Figure 2-1.

You can use any personal computer or UNIX workstation with VT-100 emulation software.

Note You can connect the terminal to a PXM45 in either slot 7 or slot 8.

Step 2 Start the terminal, or, if you are using a workstation, start a terminal emulation program and configure it to connect to the switch through the serial port on the workstation. For instructions on configuring the terminal emulation program, refer to the documentation for the program.

The default switch configuration supports the following settings: 9600 bps, 8 data bits, no parity, 1 stop bit, no hardware flow control.

Step 3 At the workstation, enter the command that connects the terminal emulation program to another computer.

Step 4 If the switch power is not on, turn on the switch power as described in either the Cisco MGX 8850 Hardware Installation Guide (PXM45/B and PXM1E) or the Cisco MGX 8950 Hardware Installation Guide.

Note You can connect the workstation to the switch before or after power is applied. If you connect the terminal emulation program to the switch before power is applied, the terminal emulation program displays the switch startup messages.

Step 5 If the switch does not display any messages or prompt, press Return.

When startup is complete for an uninitialized switch, it will display the PXM45 backup boot prompt: 

pxm45bkup>

Step 6 Locate and write down the version number for the runtime firmware provided with your switch. You need this version number to complete the next step.

The version number is listed in the Release Notes for Cisco MGX 8850 and MGX 8830 Software Version 3 (PXM45/B and PXM1E) and the Release Notes for Cisco MGX 8950 Software Release 2.1.60, and must be entered using the same format listed in the firmware file name. For example, if the firmware filename is pxm45_002.001.060.000_mgx.fw, the firmware version number you will enter is 002.001.060.000.

Step 7 When the PXM45 backup boot prompt appears, define the PXM45 runtime firmware version by entering the sysVersionSet command as follows: 

pxm45bkup> sysVersionSet version

Replace version with the version number for the runtime firmware. For example, 

pxm45bkup> sysVersionSet 002.000.001.000

Step 8 Reboot the switch by entering the reboot command as follows: 

pxm45bkup> reboot

During initialization, the switch will appear to boot twice. When the reboot is complete, the switch displays the Login prompt, which indicates that the firmware is loaded and the switch is ready for configuration.

Tip The sysVersionSet command has failed if the switch reboot process stops and displays the message "Can not open file C:/version" or the message "Unable to determine size of C:/FW/filename." If this happens, press Return to display the backup boot prompt, then see the "Troubleshooting Upgrade Problems" section in "Downloading and Installing Software Upgrades."

Step 9 To log in to the switch, enter the login name cisco, then enter the password cisco. For example: 

Login: cisco

password: 


unknown.7.PXM.a >

Note The default configured username and password sets are: user cisco, password cisco; user service, password serviceuser; and user superuser, password superuser.

Note If the switch has not fully started and is operating in init state (which is also called stage 1 CLI mode), an i appears in the switch prompt: unknown.7.PXM45.i>. In this mode, you can only log in with the user ID and password supplied with the switch, and a limited set of commands are available for troubleshooting. If you log in during init state and the card progresses to the active or standby state, the card will log out the init state user and prompt you to log in again. At this point, you can log in as a configured user with the corresponding password.

Note The number 7 in the switch prompt indicates that you are managing the PXM45 in slot 7. If you are managing the PXM45 in slot 8, the switch prompt displays the number 8.

The switch does not display the password during login. When login is complete, the switch prompt appears.

The switch prompt for PXM45 and AXSM cards uses the following format: 

nodename.slot.cardtype.state>

Table 2-1 describes the components in the CLI prompt.

Table 2-1 CLI Prompt Components 

Component
Description

nodename

The nodename is the name of the node. When a new switch starts up, the node name is set to "unknown." To change the name, see the "Setting and Viewing the Switch Name" section later in this chapter.

slot

The slot number indicates the physical slot in which the card you are configuring is installed. For most switch configuration procedures, configure the switch using the PXM45 cards in slots 7 and 8. For many line and trunk configuration procedures, you need to modify service modules (such as the AXSM card), which are installed in the other slots.

cardtype

The cardtype identifies the model of the card, such as PXM or AXSM.

state

The card state is active (a), standby (s), or init (i). Cards are labeled as init while they are initializing during switch startup.


Note The prompt for RPM cards uses a different format and displays only the name assigned to the router on the card. For example, Router>. This switch prompt comes from the Cisco IOS CLI that runs on the card.

Tip To make it easier to identify the RPM cards in your switch, choose card names that identify the switch and slot that hosts the card. You can set the card or router name in global configuration mode with the hostname command.

After initialization, the PXM45 card in the initialized slot becomes active. If a second PXM45 is installed in the other slot, the active PXM45 initiates a runtime firmware load on the other slot. After the runtime firmware loads on the nonactive PXM45, the card enters standby mode, ready to take control if the active card fails.

After you log in, the switch maintains your session for the default period of 10 minutes (600 seconds) after the last keystroke is entered. If the session is idle longer than 600 seconds, the session is terminated.

Tip To restart an automatically terminated session, press Return. The switch will prompt you for a login name and password.

Step 10 To change the session time-out period, enter the timeout command as follows: 

unknown.7.PXM.a > timeout <seconds>

Replace seconds with the number of seconds you want the session to remain active before it times out. The maximum value is 600. To disable time-out, enter 0 seconds. The switch uses the new timeout value until you terminate the session. Each time a new session is started, the timout value returns to the default value, 600 seconds.

Once you have completed the procedure above, you have established a CLI management session. You can use a CLI management session to configure or monitor the switch.

Starting a CLI Management Session After Initialization

After initialization, you can terminate and start sessions at any time using the terminal or workstation connection to the CP port, which was described in the previous section.

Tip The switch also supports several other types of management connections, including remote connections. For instructions on supporting and starting other types of CLI management sessions, see "Supporting and Using Additional CLI Access Options."

Note Some or all of the commands discussed in this section require service-level or above user privileges. To access these commands, you must have debug (Service or Cisco level) privileges and passwords. Check with TAC for assistance.

To start a CLI management session at the CP port for switch configuration and monitoring, use the following procedure.

Step 1 Turn on the terminal or start the terminal session.

For instructions on preparing the terminal and the connection, see the previous section, "Initializing the Switch."

Step 2 If the Login prompt does not appear, press Return. The Login prompt comes from the switch and indicates that the terminal has successfully connected to the switch.

Step 3 When the Login prompt appears, enter the login name supplied with your switch, then enter the password for that login name. For example, 

Login: superuser

password: 


pop20one.7.PXM.a >

Note The default configured username and password sets are: user cisco, password cisco; user service, password service; user superuser, password superuser. To perform most of the procedures in this chapter, you will need to login as a user with SUPER_GP privileges or higher. The default username with these privileges is superuser.

Note If the switch has not fully started and is operating in init state (which is also called stage 1 CLI mode), an i appears in the switch prompt: unknown.7.PXM45.i>.In this mode, you can only log in with the user name cisco and the password cisco, and a limited set of commands are available for troubleshooting. If you log in during init state and the card progresses to the active or standby state, the card will log out the init state user and prompt you to log in again. At this point, you can log in as a configured user with the corresponding password.

The switch does not display the password during login. When login is complete, the switch prompt appears.

The switch prompt for PXM45 and AXSM cards uses the following format:

nodename.slot.cardtype.state>

Table 2-1 describes the components in the switch prompt.

Note The switch prompt for RPM cards uses a different format and displays only the name assigned to the router on the card. For example: Router>.

After you log in, the switch maintains your session for 10 minutes (600 seconds) after the last keystroke is entered. If the session is idle longer than 600 seconds, the session is terminated.

Tip To restart an automatically terminated session, press Return. The switch will then prompt you for a login name and password.

Step 4 To change the session time-out period, enter the timeout command as follows: 

unknown.7.PXM.a > timeout <seconds>

Replace seconds with the number of seconds you want the session to remain active before it times out. The maximum value is 600. To disable timeout, enter 0 seconds. The switch uses the new timeout value until you terminate the session. Each time a new session is started, the timeout value returns to the default value, 600 seconds.

Once you have completed the procedure above, you have established a CLI management session. You can use a CLI management session to configure or monitor the switch.

Ending a CLI Management Session

CLI management sessions terminate automatically after the configured idle time. The default idle time is 600 seconds (10 minutes) and can be changed with the timeout command. To manually end a CLI management session, enter the bye or exit command.

Note The bye and exit commands end the CLI session. They do not terminate the terminal session. For instructions on terminating the terminal session, refer to the manuals for your terminal or terminal emulation program.

To restart the session after entering the bye or exit command, press Return, and the switch will prompt you for a username and password.

Entering Commands at the Switch Prompt

The commands in the switch operating system are associated with the cards that are installed in the switch. Before you execute a command, you must select a card that supports the command. The switch displays the currently selected card in the switch prompt. For example, the following switch prompt shows that the PXM45 card in slot 7 is selected: 

mgx8850a.7.PXM.a >

To select another card in the switch, enter the following command: 

mgx8850a.7.PXM.a > cc <slotnumber>

Replace slotnumber with the slot number of the card you want to manage. Table 2-2 lists the valid slot numbers for each card type.

Table 2-2 Valid Slot Numbers for Each Card Type

Card Type
Valid Slot Numbers
MGX 8850
Valid Slot Numbers
MGX 8950

PXM45

7 and 8

7 and 8

AXSM/A

1-6 and 9-14

1-6 and 11-16

AXSM/B

1-6 and 9-14

1-6 and 11-16

AXSM-E

1-6 and 9-14

1-6 and 11-16

AXSM-32-E

1-6 and 9-14

1-6 and 11-16

FRSM12

1-6 and 9-14

1-6 and 11-16

RPM

1-6 and 9-14

1-6 and 11-16


After you enter the cc command to change cards, verify that you are managing the correct card by viewing the slot number that is shown in the switch prompt. The following example shows the prompt for an AXSM card in slot 9: 

mgx8850a.9.AXSM.a >

If you have trouble entering a command, look at the switch prompt to see if you have selected the correct card and type for the command. The following example shows the response to an unrecognized command: 

mgx8850a.9.AXSM.a > dspdate

ERR: unknown command: "dspdate"

The dspdate command must be run on a PXM45 card. It is not recognized by an AXSM card.

Tip The command examples in this book include the switch prompt so that you can verify which card types support specific commands.

The default switch configuration allows you to enter command abbreviations. Because the help command is the only command that begins with he, you can use the abbreviated he command to display help. The following example demonstrates that the switch recognizes partial commands and displays long reports one page at a time. 

mgx8850a.7.PXM.a > he


    Available commands

    ------------------

    ?

    abortallsaves

    abortofflinediag

    abortrev

    actaudit

    addaddr

    addcontroller

    addfltset

    addlink

    addlnloop

    addlpback

    addpnni-node

    addpnni-summary-addr

    addpnport

    addprfx

    addred

    addserialif

    addtrapmgr

    adduser


Type <CR> to continue, Q<CR> to stop:

Tip To disable the command abbreviation feature, enter the cnfcmdabbr command. To display the current setting for this option, enter the dspcmdabbr command.

Notice the last line of the help command display. Because the help report is too long to appear on one screen, it is displayed in pages. Press Return to display the next page or type q and press Return to cancel the report display.

The following example demonstrates what can appear when a command is entered at the wrong card prompt. 

mgx8850a.9.AXSM.a > dspcds

ERR: incorrect number of parameters: (not enough)

Syntax: dspcdsct <bw|gen|cosb|vcThr|cosThr>


        bw|gen|cosb|vcThr|cosThr -- bw: Bandwidth parameters

                  gen: policing and CAC parameters

                 cosb: cosb parameters

                vcThr: vc threshold parameters

               cosThr: cosb threshold parameters

In the example above, the dspcds command is entered at the AXSM card prompt, but this command is not supported on the AXSM card (although the dspcd command is). Because the command is not recognized, the switch matches it to a command that is supported, which is the dspcdsct command. Because the command was entered without parameters, the switch displays an error message and the correct format for entering the dspcdsct command.

Whenever the switch displays an error message, be sure to check the spelling of the command, the parameters entered with the command, and the prompt at which the command was entered.

Getting Command Help

The following sections describe how to display the following types of command help:

Available commands

Available commands with additional information on access levels and logging

Command syntax and parameters

Displaying Command Lists

The commands you can use to manage the switch are determined by your user name, which is configured for a particular access level. User names and access levels are described in more detail in "Configuring User Access," which appears later in this chapter. To display a list of all the commands available to the username you used at log in, enter the help command as follows: 

mgx8850a.7.PXM.a > help

To display a list of commands that include a common set of characters, enter a question mark and the common set of characters, as shown in the following example: 

mgx8850a.7.PXM.a > ? ip


    Available commands

    ------------------

    cliPlugin

    cliPlugout

    cnfifip

    cnfilmiproto

    cnftrapip

    delifip

    dspifip

    dspipconntask

    dspipif

    dspipifcache

    dsptrapip

    ipifconfig

    pntracevsipkt

Displaying Detailed Command Lists

Detailed command lists display the following additional information for each command:

The access level required to enter the command

The card state in which the command can be entered

Whether command entry is logged

Note To display detailed command lists, you must establish a session using a username with SERVICE_GP privileges or higher (access privileges are described in the "Configuring User Access" section later in this chapter). You can also find this information in the Cisco MGX 8850, MGX 8950, and MGX 8830 Switch Command Reference (PXM45/B).

To enable detailed command lists, enter the clidbxlevel command as shown in the following example: 

pop20two.7.PXM.a > clidbxlevel 1

Value of cliDbxLevel is now 1

After you enter this command, you can display detailed command lists by entering the help command as shown in the following example: 

M8850_LA.7.PXM.a > ? 


    Command          Access           Card         Log

    ---------------------------------------------------

    ?                ANYUSER          A|S|I         -

    abortallsaves    GROUP1           A             +

    abortofflinediag SERVICE_GP       A|S           -

    abortrev         SERVICE_GP       A|S           +

    actaudit         SUPER_GP         A             +

    addaddr          GROUP1           A             +

    addcontroller    SUPER_GP         A             +

    addfltset        GROUP1           A             +

    addlink          ANYUSER          A             -

    addlnloop        ANYUSER          A             +

    addlpback        GROUP1           A             -

    addpnni-node     SUPER_GP         A             +

    addpnni-summary-addr SUPER_GP         A             +

    addpnport        GROUP1           A             +

    addprfx          GROUP1           A             +

    addred           SUPER_GP         A             +

    addserialif      SUPER_GP         A             -

    addtrapmgr       SUPER_GP         A             +

    adduser          GROUP1           A             +


Type <CR> to continue, Q<CR> to stop:

Note After you enter the clidbxlevel command, the help command displays detailed reports for that session only. You can disable detailed reports by entering the clidbxlevel 0 command. Every time you start a new session, detailed command lists are disabled.

The Access column shows the access level required to enter the command. Access levels are described in "Configuring User Access," which appears later in this chapter.

The Card column identifies the card states during which the command can be entered. Valid card states are active, standby, and init. Cards are labeled as init during switch startup. The options that appear in the Card column are described in Table 2-3.

If a plus symbol appears in the Log column, each successful execution of the command is logged. If a minus symbol appears in the column, the command is not logged.

Table 2-3 Card State Descriptions

Card State
Description

A

Command is supported when card state is active.

I

Command is supported when the card state is in init state.

S

Command is supported in standby state.


Displaying Command Syntax and Parameters

To display the syntax of a command, enter the command without any parameters. The following example shows the syntax report provided by the switch using the addport command. 

pop20two.1.AXSM.a > addport

ERR: incorrect number of parameters: (not enough)

Syntax: addport "<ifNum> <bay.line> <guaranteedRate> <maxRate> <sctID> <ifType>

               [vpi]"

        If Number -- number between 1 and 60

        Line Number -- format bay.line

        Guaranteed virtual int. Rate -- rates in cells/sec: 

        Max virtual int. Rate -- for OC48:between 50 and 5651320

                                 for OC12:between 50 and 1412830

                                 for OC3:between 50 and 353207

                                 for T3:between 50 and 96000(PLCP),104268(ADM)

                                 for E3:between 50 and 80000

        SctID  -- Port SCT Id between 0 and 255, for default file use 0

        IfType  -- 1: uni 2: nni 3: vnni

        vpiNum  -- vpi between 1 and 4095:

                         used for configuring interface as virtual trunk

When a parameter is shown between less-than (<) and greater-than (>) symbols, the parameter represents a variable that must be replaced by a value. The values are described below the command syntax.

When the parameter is shown between brackets ([]), it is an optional parameter. If you omit an optional parameter, most commands will use the last value defined for the option. If no value has been assigned to an option, the default value is used.

Note Some commands, such as dspcd and saveallcnf, do not require parameters, so entering the command without parameters executes the command.When you enter the saveallcnf command, which saves the current switch configuration to a file, the switch prompts you to confirm the save before execution begins. Whenever the switch prompts you to confirm a command, the command you are confirming is likely to change the switch configuration, reduce switch performance, or take a long time to execute.

Tip To see the syntax of a command that does not require parameters, enter the command with a parameter you know is incorrect. For example,

8850_NY.7.PXM.a > dspcd jim
ERR: Invalid Slot number specified
ERR: Syntax: dspcd ["slot_number"]
slot number -- optional;

Configuring User Access

The usernames and passwords supplied with your switch provide access to all switch features, and they allow you to add and delete users and change user passwords.

When configuring user access for the switch, consider the following recommendations:

Change the default passwords provided with your switch. These passwords are published on the Cisco website and enable anyone with local or remote network access to configure and manage your switch.

Share the usernames and passwords with only one or two people.

If usernames and passwords become common knowledge during the switch installation and configuration, change the passwords.

If additional users need access to the switch, create usernames and passwords below the top levels so that these users cannot access or modify the top-level user information.

The following sections describe how to add users, change passwords for existing users, delete users, and recover the user cisco password.

Adding Users

The switch supports up to 50 users. When you add users, you must specify the following for each user:

user name

password

access level

The user name and password identify the user and determine the user access level for switch management.

An access level must be assigned to a user when the user is added to the switch. The access levels listed in Table 2-4 are used throughout this guide to indicate the level of access required to execute a command or complete a procedure. These access levels are also called access privileges. If a user has access privileges at a lower level than a command requires, the user cannot execute the command. If the user has access privileges at the level required or at a higher level, the user can execute the command.

Table 2-4 User Access Levels 

Access Level
Descriptions

CISCO_GP

This is the highest user access level. Users with this access level have complete access to all commands.

There is only one user at the CISCO_GP level, and that username is <cisco>. The default password for user cisco is <cisco>. Again, Cisco Systems recommends that you change the default passwords when you install a switch.

Users at the CISCO_GP access level can add users, delete users, change passwords, and change access levels for users at the following levels: SERVICE_GP, SUPERUSER_GP, GROUP1, and ANYUSER.

SERVICE_GP

This access level allows access to commands that update switch firmware, save and restore the switch configuration, and enable debugging. This access level also provides access to all commands in all lower access levels: SUPERUSER_GP, GROUP1, and ANYUSER.

The default username is service. The default password is <service>.

Users at the service access level can add users, delete users, change passwords, and change access levels for users at the following levels: SUPERUSER_GP, GROUP1, and ANYUSER.

SUPER_GP

This access level allows users to configure switch level parameters such as the node name, date, and interface IP addresses. Users at this level can also enable traces. This access level also provides access to all commands in all lower access levels: GROUP1 and ANYUSER.

The default username is superuser, and the default password is <superuser>.

Users at the superuser access level can add users, delete users, change passwords, and change access levels for users at the following levels: GROUP1 and ANYUSER.

GROUP1

This access level allows users to configure line and port level parameters and create SPVCs and Soft Permanent Virtual Paths (SPVPs). This access level also provides access to all commands at the ANYUSER access level.

No default username and password is provided for this access level.

Users at the GROUP1 access level can add users, delete users, and change passwords for users at the ANYUSER access level.

ANYUSER

This access level allows users to run display and status commands that display the switch configuration and operational status.

No default username and password is provided for this access level.


Note Earlier releases of the Cisco MGX 8850 software supported users at levels Group 2 through Group 5. These user levels have been removed from the software. If you upgrade a switch that has users configured at these levels, the user level for the affected users will change to Group 1 level access during the upgrade.

To add a user to the switch, use the following procedure.

Step 1 Establish a CLI management session with GROUP1 privileges or higher. To add a user at a specific access level, you must log in as a user with a higher access level.

Step 2 Enter the following command after the switch prompt: 

mgx8850a.7.PXM.a >adduser <username> <accessLevel>

Enter the username using 1 to 12 alphanumeric characters. Specify the access level by entering one of the levels defined in Table 2-4.

Note The access levels are case-sensitive and must be entered as shown in Table 2-4. Also, you cannot add users at access levels that are equal to or above your own access level.

If you enter the command correctly, the switch prompts you for a password.

Step 3 Enter a password, using 5 to 15 characters.

Step 4 When prompted, enter the password a second time to validate the previous entry.

This step completes the addition of the new user.

Step 5 To display the new user in a list of all users, enter the command dspusers.

Tip To determine which commands are available at a particular access level, log in to the switch as a user at that access level, then enter the help command.

Step 6 To test the username, enter the bye command, then log in as the new user.

Tip If you forget which username you used to log in, enter the whoami command. This command displays the username, access level, and access method (for example, Telnet) for the current session.

Changing Your Own User Password

Use the cnfpasswd command to change your own password.

Note The cnfuser command allows you to change another user password if you have the correct access privileges. The next section describes how to use the cnfuser command.

To change your own password with the cnfpasswd command, use the following procedure.

Step 1 Establish a CLI management session using the username for which you want to change the password.

Step 2 Enter the following command after the switch prompt: 

mgx8850a.7.PXM.a >cnfpasswd

Step 3 When prompted, enter your current password.

Step 4 When prompted, enter a new password, using 5 to 15 characters.

Step 5 When prompted, enter the new password a second time to validate the correct entry.

This completes the change of password.

Step 6 To test the new password, enter the bye command, then log in using the new password.

Changing User Access Levels and Passwords with cnfuser

After you create a user, you can change that user's access level or password using the cnfuser command.

Note You can also change your own user password with the cnfpasswd command as described in the preceding section.

To change the user level or password of a switch user, use the following procedure.

Step 1 Establish a CLI management session. Use either the username for which you want to change the password, or a username with privileges at least one level higher than those of the user whose password you want to change.

Step 2 Enter the following command after the switch prompt: 

mgx8850a.7.PXM.a >cnfuser -u <username> [-p <password>] [-l <accessLevel>]

Replace username with the name of the user for whom you are making the change.

If you are changing the password, specify the -p option and enter a password containing from 5 to 15 characters. If you are changing the user access level, specify the -l (lowercase L) option and enter the appropriate access level as shown in Table 2-4.

Note You can change passwords and access levels only for users who have privileges lower than the username you used to log in.

Step 3 To test a new password, enter the bye command, then log in using the new password.

Step 4 To verify a user access level change, enter the dspusers command.

The dspusers command displays all the usernames and the access levels for each user as shown in the following example: 

pop20two.7.PXM.a > dspusers


    UserId        AccessLevel

    -------------------------

    cisco         CISCO_GP

    service       SERVICE_GP

    superuser     SUPER_GP

    username       GROUP1

Deleting Users

To delete a user, use the following procedure.

Step 1 Establish a CLI management session using a username with privileges at least one level higher than that of the user you want to delete.

Step 2 Enter the following command after the switch prompt: 

mgx8850a.7.PXM.a >deluser <username>

Enter the username using from 1 to 12 alphanumeric characters.

This step completes the deletion of a user.

Step 3 To verify the user has been deleted, enter the command dspusers.

Resetting the Default User Password

If you lose or forget your password for switch access, you should ask a user with a higher access level to reset your password using the cnfuser command. If you do not have any passwords for any access levels, you can use the following password recovery procedure to reset the password for user cisco. This procedure resets the user cisco password to the default password cisco, and leaves all other passwords unchanged. (You can change the other passwords with the cnfuser command after logging in as user cisco.)

Note This feature can be disabled using the cnfpswdreset command as described in the next section. You can determine if this feature is enabled or disabled by logging in as a user at any level and entering the dsppswdreset command.

Step 1 Establish a physical connection to the switch through the Console Port (CP) connector on the PXM UI-S3 card.

Caution Anyone with physical access to the switch Console Port can reset the password, deny access to other users, and reconfigure the switch. To prevent unauthorized switch access and configuration, the switch should be installed in a secure area.

Step 2 When the login prompt appears, press ESC, CTRL-Y to reset the password.

Step 3 Log in using username cisco and the password cisco.

Step 4 To maintain switch security after resetting the cisco user password, change the password using the cnfpasswd command.

Enabling and Disabling the User cisco Password Reset

If the switch you are managing is in an insecure area, you might want to disable the user password reset feature. Otherwise, anyone with physical access to the switch Console Port can reset the password, deny access to other users, and reconfigure the switch. This feature can be enabled again at a later date if you know the user name and password for a user at the SERVICE_GP privilege level or higher.

To enable or disable the password reset feature, use the following procedure.

Step 1 Establish a configuration session using a user name with SERVICE_GP privileges or higher.

Step 2 To disable password reset, enter the cnfpswdreset off command.

Step 3 To enable password reset, enter the cnfpswdreset on command.

Step 4 To view the status of this feature, enter the dsppswdreset command.

Setting and Viewing the Switch Name

The switch name identifies the switch you are working on, which is important when you are managing multiple switches. The current switch name appears in the CLI prompt when you are managing PXM45 cards and service modules.

To change the switch name, use the following procedure.

Step 1 Establish a configuration session using a user name with SUPER_GP privileges or higher.

Step 2 Enter the following command after the switch prompt: 

unknown.7.PXM.a > cnfname <node name>

Enter up to 32 characters for the new node name. Be sure to use the correct case because the node name is case-sensitive. For example: 

unknown.7.PXM.a > cnfname pop20two

This node name will be changed to pop20two. Please Confirm

cnfname: Do you want to proceed (Yes/No)? y

cnfname: Configured this node name to pop20two Successfully.


pop20two.7.PXM.a >

The new name appears immediately in the next CLI prompt.

Viewing and Setting the Switch Date and Time

The switch date and time is appended to event messages and logs. To assure that events are properly time stamped, use the following procedure to view and change the date and time.

Step 1 Establish a configuration session using a user name with SUPER_GP privileges or higher.

Step 2 To view the current switch date and time, enter the following command after the switch prompt: 

mgx8850a.7.PXM.a > dspdate

Step 3 To change the switch date, enter the following command: 

mgx8850a.7.PXM.a > cnfdate <mm/dd/yyyy>

Step 4 To change the time zone, enter the following command: 

mgx8850a.7.PXM.a > cnftmzn <timezone>

Replace <timezone> with one of the parameter values listed in Table 2-5. If your switch is located outside the Western Hemisphere, select GMT and use the next step to specify an offset from GMT. If your switch is located in the Western Hemisphere choose the appropriate option from Table 2-5. Daylight times are adjusted by one hour in the fall and spring for daylight savings. Standard times are not adjusted.

Table 2-5 Time Zones for cnftmzn Command

Parameter Value
Time Zone

CDT

Central Daylight Time

CST

Central Standard Time

EDT

Eastern Daylight Time

EST

Eastern Standard Time

GMT

Greenwich Mean Time

MDT

Mountain Daylight Time

MST

Mountain Standard Time

PDT

Pacific Daylight Time

PST

Pacific Standard Time


Step 5 To configure an offset from GMT, enter the following command: 

mgx8850a.7.PXM.a > cnftmzngmt <timeoffsetGMT>

Replace <timeoffsetGMT> with the offset in hours from GMT. Enter a number from -12 to +12.

Step 6 To change the switch time, enter the following command: 

mgx8850a.7.PXM.a > cnftime <hh:mm:ss>

Replace <hh> with the hour of the day (0 to 23), mm with the minute of the hour (0 to 59), and ss with the number of seconds in the minute (0 to 59).

Step 7 To verify the new date and time settings, enter the dspdate command.

Configuring PNNI Node Parameters

The Cisco MGX 8850 and Cisco MGX 8950 switches support many PNNI configuration commands. This section describes how to configure the basic PNNI configuration parameters for the switch. "Managing PNNI Nodes and PNNI Routing," describes how to manage PNNI after you have brought up the PNNI node.

Caution It is important to configure the PNNI node parameters before you start creating SPVCs as described in "Provisioning AXSM Communication Links." If you create SPVCs using the default PNNI node parameters and later change those parameters, the node will advertise the old ATM address information for the older SPVCs as well as the new ATM address information. To keep PNNI running at maximum efficiency, set the PNNI node parameters to the proper values before creating SPVCs, or delete and recreate old SPVCs after making PNNI node parameter updates.

Adding the PNNI Controller

The PNNI controller simplifies switch configuration by using PNNI protocol to discover call routes in an ATM network. Without the PNNI controller, each route through the network would have to be defined manually or through an alternative routing mechanism such as MPLS. "Managing PNNI Nodes and PNNI Routing," provides more information on PNNI. This section describes how to enable and configure the PNNI controller for the switch.

Note Before entering the following command, you must log in as a user with SUPER_GP privileges or higher.

To enable and configure the PNNI controller, enter the following command: 

8850_LA.7.PXM.a > addcontroller <cntrlrId> i <cntrlrType> <slot> [cntrlrName]

Table 2-6 describes the parameters for the addcontroller command.

Tip Remember to include the i option, which identifies the controller as an internal controller.

Table 2-6 Parameter Descriptions for the addcontroller Command 

Parameter
Values
Descriptions

cntrlrId

2

Controller ID. Enter 2 to specify a PNNI controller or 3 to specify an MPLS controller. The MPLS controller is introduced in the next section.

i

Enter the value i. This parameter will support additional values in future releases.

cntrlrType

2 or 3

Controller type. Enter 2 to specify a PNNI controller or 3 to specify an MPLS controller. The MPLS controller is introduced in the next section.

slot

7

Slot number for PXM45 cards. Enter 7 or 8 to specify the PXM45 as the PNNI controller host.

cntrlrName

text

Controller name. This parameter is optional. You can enter a text name to identify the PNNI or MPLS controller. If the name you want to use includes one or more space characters, enclose the entire name with quotation marks.


To display the PNNI controller configuration, enter the dspcontrollers command: 

8850_LA.7.PXM.a > dspcontrollers

Setting the PNNI Level and Peer Group ID

The Cisco MGX and SES PNNI Network Planning Guide provides guidelines for selecting a PNNI level and peer group ID. To set these parameters in the switch, use the following procedure.

Step 1 Establish a configuration session using a user name with SUPER_GP privileges or higher.

Step 2 Disable PNNI node operation by entering the following command: 

8850_LA.7.PXM.a > cnfpnni-node <node-index> -enable false

The node-index uniquely defines a logical PNNI node within the switch. Initially, there is just one logical PNNI node at the lowest PNNI level, and its index number is 1. If you add a higher level logical node to the physical node, the first higher level will be numbered two, and the next higher level will be number three. Additional levels receive sequentially higher node index numbers.

During this general node configuration, you are setting the PNNI level and peer group ID for the lowest PNNI level, so replace node-index with 1.

Note For instructions on creating logical nodes above the lowest PNNI level, see "Managing PNNI Nodes and PNNI Routing."

Step 3 Change the PNNI address with the cnfpnni-node command as follows: 

8850_LA.7.PXM.a > cnfpnni-node <node-index> [-pgId level:peerGroupID]