Cisco MGX 8850 (PXM1E/PXM45), MGX 8950, MGX 8830, and MGX 8880 Configuration Guide, Release 5 - Configuring General Switch Features [Cisco MGX 8800 Series Switches]

Table Of Contents

Configuring General Switch Features

Configuration Quickstart

Initializing the Switch

Starting a CLI Management Session After Initialization

Ending a CLI Management Session

Entering Commands at the Switch Prompt

Getting Command Help

Displaying Command Lists

Displaying Detailed Command Lists

Displaying Command Syntax and Parameters

Configuring User Access

Adding Users

Changing Your Own User Password

Changing User Access Levels and Passwords with cnfuser

Deleting Users

Resetting the User cisco Password

Enabling and Disabling the User cisco Password Reset

Setting and Viewing the Node Name

Viewing and Setting the Switch Date and Time

Configuring PNNI Node Parameters

Adding the PNNI Controller

Setting the PNNI Level and Peer Group ID

Setting the PNNI Node Address

Setting the PNNI Node ID

Setting and Viewing the SPVC Prefix

Displaying PNNI Summary Addresses

Configuring the MPLS Controller

Configuring Clock Sources

Manually Configuring BITS Clock Sources

Enabling NCDP on a Node

Setting the LAN IP Addresses

Setting the Boot IP Address

Setting the Disk IP Address

Starting a CLI Session Through the LAN Port

Configuring for Network Management

Configuring the SNMP Trap Source IP Address

Configuring the SNMP Manager Destination IP Address

Configuring the Community String and General Switch Information

Verifying the Hardware Configuration

Configuring General Switch Features

This chapter describes how to set up general switch features that apply to multiple switch interfaces, beginning with a configuration quickstart procedure, which introduces the configuration tasks. The following sections provided detailed information on how to complete the configuration tasks.

Before you begin this chapter, keep the following statements in mind:

•The generic term "PXM" refers to both the PXM1E and the PXM45. If a procedure or step is specific to one of these cards, it will be called out in the text.

•The generic term "MGX" refers to the Cisco MGX 8830, Cisco MGX 8850 (PXM1E/PXM45), and Cisco MGX 8950 switches and the Cisco MGX 8880 Media Gateway. If a procedure or step is specific to only one or two of these MGX switches, it will be called out in the text.

•The procedures in this section apply to the Cisco MGX 8830, Cisco MGX 8850 (PXM1E/PXM45), and Cisco MGX 8950 switches and the Cisco MGX 8880 Media Gateway. The PXM examples show a Cisco MGX 8850 switch, but you can apply these examples to other switches. If an example does not apply to one of the three MGX switches, it will be called out in the text.

Configuration Quickstart

The quickstart procedure is provided as an overview and as a quick reference for those who have already configured MGX switches.
Command

Purpose
Step 1

sysVersionSet version

reboot
Select the runtime firmware version the switch will use on the PXM card and restart the switch with that firmware. For example:
sysVersionSet "004.000.000.000"
Note These commands must be entered at the PXM backup boot prompt. On PXM1E cards, the backup boot prompt is pxm1ebkup>. On PXM45 cards, the backup boot prompt is pxm45bkup>.

See the "Initializing the Switch" section later in this chapter.
Step 2

After you reboot, the system prompts you to enter your username and password.

Start a management session.

For instructions on starting a session from a terminal or workstation attached to the Console Port (CP), see the "Starting a CLI Management Session After Initialization" section later in this chapter.

For information on other ways to manage a switch, see "Supporting and Using Additional CLI Access Options."

Note To perform all the procedures in this quickstart procedure, you must log in as a user with SERVICE_GP privileges. The default user with these privileges is service and the default password is serviceuser. For more information on access privileges, see the "Configuring User Access" section later in this chapter.

Step 3

adduser <username> <accessLevel>

Related commands:

cnfpasswd

cnfuser <options>

deluser <username>

Configure user access. This step is optional.

See the "Configuring User Access" section later in this chapter.

Step 4

cnfname <node name>

Configure the switch name.

See the "Setting and Viewing the Node Name" section later in this chapter.

Step 5

cnfdate <mm:dd:yyyy>

cnftmzn <timezone>

cnftmzngmt <timeoffsetGMT>

cnftime <hh:mm:ss>

Related commands:

dspdate

Configure the switch time.

See the "Viewing and Setting the Switch Date and Time"section later in this chapter.

Step 6

addcontroller <options>
cnfpnni-node <options>
cnfspvcprfx <options>

Related commands:

dspcontrollers
dspspvcprfx
dsppnni-summary-addr

Configure basic PNNI node parameters which include the PNNI controller, PNNI level, peer group ID, ATM address, node ID, and SPVC prefix.

See the "Configuring PNNI Node Parameters" section later in this chapter.

Step 7

addcontroller <options>

Related commands:

dspcontrollers

Configure the MPLS controller.

See the "Configuring the MPLS Controller" section later in this chapter.

Note The MPLS label switch controller (LSC) function is not supported on Cisco MGX 8850 (PXM1E) or Cisco MGX 8830 switches.

Step 8

cnfclksrc <options>

or

cnfncdp

Configure any BITS clock ports the switch will use. You can configure clock sources manually or through the NCDP feature. This step is optional.

Note Each switch supports one clock source. That clock source can reside on a PXM1E, AXSM, CESM, VISM-PR, or AUSM card.

See the "Configuring Clock Sources" section later in this chapter.

Note For information on configuring PXM1E line clock sources, see the "Configuring PXM1E Line Clock Sources" section in Chapter 3, "Provisioning PXM1E Communication Links." For information on configuring AXSM line clock sources, see the Cisco ATM Services (AXSM) Configuration Guide and Command Reference for MGX Switches, Release 5.

Step 9

bootChange

ipifconfig <options>

Set the IP address or addresses for LAN access.

See the "Setting the LAN IP Addresses" section later in this chapter.

Step 10

cnfsnmp community [string]

cnfsnmp contact [string]

cnfsnmp location [string]

Related commands:

dspsnmp

Configure SNMP management.

See the "Configuring for Network Management" section later in this chapter.

Step 11

dspcds

dspcd

cc <slotnumber>

Verify the hardware configuration.

See the "Verifying the Hardware Configuration" section later in this chapter.
Initializing the Switch

After you assemble a new switch, as described in the Cisco MGX 8850 (PXM1E/PXM45), Cisco MGX 8950, Cisco MGX 8830, and Cisco MGX 8880 Hardware Installation Guide, Releases 2 Through 5, you must initialize the switch before you can configure it. Although PXM cards ship with the latest version of boot firmware on the front card, the runtime firmware cannot be loaded until both front and back cards have been installed. When you initialize the switch, you are configuring the switch to load a specific runtime firmware version from the PXM hard disk.

A new switch must be initialized using a console port management session. A console port management session requires a terminal or workstation with a serial connection to the Console Port (CP) port on the PXMUI-S3 back card. Figure 2-1 shows how a workstation connects to a PXM45 UI-S3 back card. Figure 2-2 shows how a workstation connects to a PXM1E UI-S3/B back card.

Note Note that some or all of the commands discussed in this section require SERVICE_GP or CISCO_GP privileges. These privileges and the default user names and passwords for these privilege levels are described in the "Adding Users" section, which appears later in this chapter.

Figure 2-1 Workstation Connection to Console Port on a PXM-UI-S3 Back Card

Figure 2-2 Workstation Connection to Console Port on a PXM-UI-S3/B Back Card

To initialize the switch, use the following procedure.

Step 1 Physically connect a terminal or workstation to the PXM UI-S3 or PXM-UI-S3/B back card as shown in Figure 2-1 or Figure 2-2. You can use any personal computer or UNIX workstation with VT-100 emulation software.

Note You can connect the terminal to a PXM in either slot 7 or slot 8 in the Cisco MGX 8850 (PXM1E/PXM45) or in the Cisco MGX 8950. On a Cisco MGX 8830, connect the terminal to a PXM1E in either slot 1 or slot 2.

Step 2 Start the terminal or, if you are using a workstation, start a terminal emulation program and configure it to connect to the switch through the serial port on the workstation. For instructions on configuring the terminal emulation program, refer to the documentation for the emulation program.

The default switch configuration supports the following settings: 9600 bps, 8 data bits, no parity, 1 stop bit, no hardware flow control.

Step 3 At the workstation, enter the command that connects the terminal emulation program to another computer.

Step 4 If the switch power is not on, turn on the switch power as described in the Cisco MGX 8850 (PXM1E/PXM45), Cisco MGX 8950, Cisco MGX 8830, and Cisco MGX 8880 Hardware Installation Guide, Releases 2 Through 5.

Note You can connect the workstation to the switch before or after power is applied. If you start the terminal emulation program before turning on the switch, the terminal emulation program displays the switch startup messages.

Step 5 If the switch does not display any messages or a prompt, press Return.

When startup is complete for an uninitialized switch, it will display the PXM backup boot prompt.
PXMbkup>
Step 6 Locate and write down the version number for the runtime firmware provided with your switch. You need this version number to complete the next step.

The version number is listed in the following release note documents:

•Release Notes for Cisco MGX 8850 (PXM1E/PXM45), Cisco MGX 8950, and Cisco MGX 8830 Switches, Release 5.0.00

•Release Notes for the Cisco MGX 8880 Media Gateway, Release 5.0.00

You must use the same format listed in the firmware file name when you enter the number. For example, if the firmware filename is pxm1e_004.000.000.000_mgx.fw, the firmware version number you will enter is 004.000.000.000.

Step 7 When the PXM backup boot prompt appears, define the PXM runtime firmware version by entering the sysVersionSet command as follows:
PXMbkup> sysVersionSet version
Replace version with the version number for the runtime firmware. For example:
PXMbkup> sysVersionSet 005.000.001.000
Step 8 Reboot the switch by entering the reboot command as follows:
PXMbkup> reboot
During initialization, the switch will appear to boot twice. When the reboot is complete, the switch displays the Login prompt, which indicates that the firmware is loaded and the switch is ready for configuration.

Tip The sysVersionSet command has failed if the switch reboot process stops and displays the message "Can not open file C:/version" or the message "Unable to determine size of C:/FW/filename." If this happens, press Return to display the backup boot prompt, then refer to the "Troubleshooting Upgrade Problems" section in "Downloading and Installing Software Upgrades."

Step 9 To log in to the switch, enter the login name supplied with your switch, then enter the password for that login name. For example:
Login: cisco
password: 
unknown.7.PXM.a > 
Note The default user names and passwords for all privilege levels are described in the "Adding Users" section, which appears later in this chapter.

Note If the switch has not fully started and is operating in init state (which is also called stage 1 CLI mode), an i appears in the switch prompt: unknown.7.PXM.i>. In this mode, you can only log in as user cisco, password cisco, and a limited set of commands are available for troubleshooting. If you log in during init state and the card progresses to the active or standby state, the card will log out the init state user and prompt you to log in again. At this point, you can log in as a configured user with the corresponding password.

Note On Cisco MGX 8850 (PXM1E/PXM45) and Cisco MGX 8950 switches, the number 7 in the switch prompt indicates that you are managing the PXM in slot 7. If you are managing the PXM in slot 8, the switch prompt displays the number 8.

On a Cisco MGX 8830 switch, the number 1 in the switch prompt indicates that you are managing the PXM in slot 1. If you are managing the PXM in slot 2, the switch prompt displays the number 2.

The switch does not display the password during login. When login is complete, the switch prompt appears.

The switch prompt for the PXM cards and for all service modules uses the following format:
nodename.slot.cardtype.state>
Table 2-1 describes the components in the CLI prompt.

Table 2-1 CLI Prompt Components

Component

Description

nodename

The nodename is the name of the node. When a new switch starts up, the node name is set to unknown. To change the name, see the "Setting and Viewing the Node Name" section which appears later in this chapter.

slot

The slot number indicates the physical slot in which the card you are configuring is installed. For most switch configuration procedures, configure the switch using the PXM cards. On Cisco MGX 8850 (PXM1E/PXM45) and Cisco MGX 8950, the PXM cards are in slots 7 and 8. In Cisco MGX 8830, the PXM cards are in slots 1 and 2.

For many line and trunk configuration procedures, you need to modify service modules (such as the CESM card), which are installed in the other slots.

cardtype

The cardtype identifies the model of the card, such as PXM or CESM.

state

The card state is active (a), standby (s), or init (i). Cards are labeled as init while they are initializing during switch startup.

Note The prompt for FRSM-2CT3 cards displays VHS2-CT3 as the cardtype, because the FRSM-2CT3 is a VHS card. For example: MGX.1.4.VHS2CT3.a >. FRSM 8T1E1 cards, however, follow the standard naming convention and display FRSM as the cardtype in the switch prompt.

After initialization, the PXM in the initialized slot becomes active. If a second PXM resides in the other slot, the active PXM initiates a runtime firmware load on the other slot. After the runtime firmware loads on the nonactive PXM, the card enters standby mode, ready to take control if the active card fails.

After you log in, the switch maintains your session for the default period of 10 minutes (600 seconds) after the last keystroke is entered. If the session is idle longer than 600 seconds, the session is terminated.

Tip To restart an automatically terminated session, press Return. The switch will prompt you for a login name and password.

Step 10 To change the session time-out period, enter the timeout command as follows:
unknown.7.PXM.a > timeout <seconds>
Replace seconds with the number of seconds you want the session to remain active before it times out. The maximum value is 600. To disable time-out in releases prior to Release 5, enter 0 seconds. For Release 5 and later, entering 0 will set the default time to 43200 seconds (12 hours). The switch uses the new timeout value until you terminate the session. Each time a new session is started, the timout value returns to the default value, 600 seconds.

Once you have completed the procedure above, you have established a command line interface (CLI) management session. You can use a CLI management session to configure or monitor the switch.

Starting a CLI Management Session After Initialization

After initialization, you can terminate and start sessions at any time using the terminal or workstation connection to the CP port, which was described in the previous section.

Tip The switch also supports several other types of management connections, including remote connections. For instructions on supporting and starting other types of CLI management sessions, see "Supporting and Using Additional CLI Access Options."

Note Some or all of the commands discussed in this section require service-level or above user privileges. To access these commands, you must have debug (Service or Cisco level) privileges and passwords.

To start a CLI management session at the CP port for switch configuration and monitoring, use the following procedure.

Step 1 Turn on the terminal or start the terminal session.

For instructions on preparing the terminal and the connection, refer to the previous section, "Initializing the Switch."

Step 2 If the Login prompt does not appear, press Return. The Login prompt comes from the switch and indicates that the terminal has successfully connected to the switch.

Step 3 When the Login prompt appears, enter the login name supplied with your switch, then enter the password for that login name. For example:
Login: superuser
password: 
unknown.7.PXM.a > 
Note The default configured username and password sets are: user cisco, password cisco; user service, password serviceuser; and user superuser, password superuser. To perform most of the procedures in this chapter, you will need to login as a user with SUPER_GP privileges or higher. The default username with these privileges is superuser.

Note If the switch has not fully started and is operating in init state (which is also called stage 1 CLI mode), an i appears in the switch prompt: unknown.7.PXM.i>. In this mode, you can only log in as user cisco, password cisco, and a limited set of commands are available for troubleshooting. If you log in during init state and the card progresses to the active or standby state, the card will log out the init state user and prompt you to log in again. At this point, you can log in as a configured user with the corresponding password.

The switch does not display the password during login. When login is complete, the switch prompt appears.

The switch prompt for PXM cards and for all service modules uses the following format:

nodename.slot.cardtype.state>

Table 2-1 describes the components in the switch prompt.

Note The switch prompt for FRSM-2CT3 cards uses a different card name in the prompt. This is to distinguish FRSM-2CT3 cards from FRSM-8T1 cards. The FRSM-2CT3 cards use the name VHS2CT3 in the place for cardtype. FRSM-8T1 card use the standard naming convention and display FRSM in the place for cardtype.

After you log in, the switch maintains your session for 10 minutes (600 seconds) after the last keystroke is entered. If the session is idle longer than 600 seconds, the session is terminated.

Tip To restart an automatically terminated session, press Return. Depending on the application you use to log in to the switch, you may be prompted for a login name and password.

Step 4 To change the session time-out period, enter the timeout command as follows:
unknown.7.PXM.a > timeout <seconds>
Replace seconds with the number of seconds you want the session to remain active before it times out. The maximum value is 600. To disable timeout, enter 0 seconds. The switch uses the new timeout value until you terminate the session. Each time a new session is started, the timeout value returns to the default value, 600 seconds.

Once you have completed the procedure above, you have established a CLI management session. You can use a CLI management session to configure or monitor the switch.

Ending a CLI Management Session

CLI management sessions automatically terminate after the configured idle time. The default idle time is 600 seconds (10 minutes) and can be changed with the timeout command. To manually end a CLI management session, enter the bye or exit command.

Note The bye and exit commands end the CLI session. They do not terminate the terminal session. For instructions on terminating the terminal session, refer to the manuals for your terminal or terminal emulation program.

To restart the session after entering the bye or exit command, press Return, and the switch will prompt you for a username and password.

Entering Commands at the Switch Prompt

The commands in the switch operating system are associated with the cards that are installed in the switch. Before you execute a command, you must select a card that supports the command. The switch displays the currently selected card in the switch prompt. For example, the following switch prompt shows that the PXM card in slot 7 is selected:
mgx8850a.7.PXM.a> 
To select another card in the switch, enter the cc command:
mgx8850a.7.PXM.a> cc <slotnumber>
Replace slotnumber with the slot number of the card you want to manage. You can use the dspcds command to list which slot numbers are occupied. Table 2-9 lists the valid slot numbers for each card type.

After you execute the cc command to change cards, verify that you are managing the correct card by viewing the slot number that is shown in the switch prompt. The following example shows the prompt for a CESM card in slot 6 of a Cisco MGX 8850 switch:
mgx8850a.6.CESM.a > 
If you have trouble entering a command, look at the switch prompt to see if you have selected the correct card and type for the command. The following example shows the response to an unrecognized command:
mgx8850a.6.CESM.a > dspdate
Unknown Command: dspdate
The dspdate command runs on a PXM card. It is not recognized by a CESM card.

Tip The command examples in this book include the switch prompt so that you can verify which card types support specific commands.

The default switch configuration allows you to enter command abbreviations on PXM cards and most service modules. Because the help command is the only command that begins with he, you can use the abbreviated he command to display help. The following example demonstrates that the switch recognizes your partial entry of the help command because it proceeds to list commands.
mgx8850a.7.PXM.a> he
    Available commands
    ------------------
    addpref
    addprfx
    addred
    addrscprtn
    addsct
    addserialif
    addslave
    addsntprmtsvr
    addtrapmgr
    adduser
    aesa_ping
    arpAdd
    arpDelete
    arpFlush
    arpShow
    bootChange
    burnboot
    bye
    cc
Type <CR> to continue, Q<CR> to stop: 
Note The command abbreviation feature is not supported on older cards such as AUSM, CESM, and FRSM.

Tip To disable the command abbreviation feature, enter the cnfcmdabbr command. To display the current setting for this option, enter the dspcmdabbr command.

Notice the last line of the help command display. Because the help display is too long to appear on one screen, it is displayed in pages. Press Return to display the next page, or type q and press Return to cancel the help display.

The following example demonstrates what can appear when a command abbreviation is entered and either the abbreviation is not unique or the card does not support abbreviations:
M8830_CH.1.13.AUSMB8.a > dspc
Unknown Command : dspc
The possibilities are :
dspcacparm             dspcd                  dspcderrs              
dspcdparms             dspchan                dspchancnt             
dspchans               dspcon                 dspcons                
dspconstdabr           
In the example above, dspc is entered at an AUSM card prompt. Because there are several possible commands that start with dspc, the switch lists all supported commands that start with those letters. AUSM cards are older cards. Newer cards such as the PXM45 produce a different display for the same scenario:
M8850_LA.8.PXM.a > dspc
ERR: ambiguous command: "dspc"
For newer cards, you can display a list of commands that start with the same prefix by entering the command as follows:
M8850_LA.8.PXM.a > ? dspc
    Available commands
    ------------------
    dspcausecnt
    dspcbclk
    dspcd
    dspcdalms
    dspcderrs
    dspcdhealth
    dspcds
    dspcdstatus
    dspcduptime
    dspcdvtdft
    dspchassis
    dspcli
    dspclkalms
    dspclkparms
    dspclksrcs
    dspcmdabbr
    dspcon
    dspconinfo
    dspconntracebuffer
Type <CR> to continue, Q<CR> to stop: 
Whenever the switch displays an error message, be sure to check the spelling of the command, the parameters entered with the command, and the prompt at which the command was entered.

Getting Command Help

The following sections describe how to display the following types of command help:

•Available commands

•Available commands with additional information on access levels and logging

•Command syntax and parameters

Displaying Command Lists

The commands you can use to manage the switch are determined by your user name, which is configured for a particular access level. User names and access levels are described in more detail in the "Configuring User Access" section later in this chapter. To display a list of all the commands available to the username you used at log in, enter the help command as follows:
mgx8850a.7.PXM.a> help
To display a list of commands that include a common set of characters, enter a question mark and the common set of characters, as shown in the following example:
M8850_LA.8.PXM.a > ? ip
    Available commands
    ------------------
    cnfifip
    cnfilmiproto
    cnftrapip
    delifip
    dspifip
    dspipconntask
    dspipif
    dspipifcache
    dsptrapip
    ipifconfig
    pntracevsipkt
    setipconndebug
    zip
M8850_LA.8.PXM.a > 
Displaying Detailed Command Lists

Detailed command lists display the following additional information for each command:

•Access level required to enter the command

•Card state in which the command can be entered

•Whether command execution is logged

Note To display detailed command lists, you must establish a session using a username with SERVICE_GP privileges or higher (access privileges are described later in this chapter in the "Configuring User Access" section). You can also find this information in the Cisco MGX 8850 (PXM45/PXM1E), Cisco MGX 8950, Cisco MGX 8830, and Cisco MGX 8880 Command Reference, Release 5.

To enable detailed command lists, log in as a user at the CISCO_GP level and enter the clidbxlevel command as shown in the following example:
mgx8850a.7.PXM.a> clidbxlevel 1
Value of cliDbxLevel is now 1
Note Beginning with Release 5, the clidbxlevel command is not available in the default configuration. To enable access to this command, log in as a user at the CISCO_GP level and enter the seteng on command. The seteng command enables and disables (seteng off) access to commands that are intended for use by Cisco engineers.

After you enter this command, you can display detailed command lists by entering the help command as shown in the following example:
mgx8850a.7.PXM.a> ? 
    Command          Access           Card         Log
    ---------------------------------------------------
    ?                ANYUSER          A|S|I         -
    abortallsaves    GROUP1           A             +
    abortofflinediag SERVICE_GP       A|S           -
    abortrev         SERVICE_GP       A|S           +
    actaudit         SUPER_GP         A             +
    addaddr          GROUP1           A             +
    addapsln         GROUP1           A             +
    addcon           GROUP1           A             +
    addcontroller    SUPER_GP         A             +
    addfltset        GROUP1           A             +
    addlink          ANYUSER          A             -
    addlnloop        GROUP1           A             +
    addlpback        GROUP1           A             -
    addmaster        GROUP1           A             +
    addpart          GROUP1           A             +
    addpnni-node     SUPER_GP         A             +
    addpnni-summary-addr SUPER_GP         A             +
    addpnport        GROUP1           A             +
    addport          GROUP1           A             +
Type <CR> to continue, Q<CR> to stop: 
Note After you enter the clidbxlevel command, the help command displays detailed reports for that session only. You can disable detailed reports by entering the clidbxlevel 0 command. Every time you start a new session, detailed command lists are disabled.

The Access column shows the access level required to enter the command. Access levels are described in the "Configuring User Access" section later in this chapter.

The Card State column identifies the card states during which the command can be executed. Valid card states are active, standby, and init. Cards are labeled as init during switch startup. The options that appear in the Card State column are described in Table 2-2.

If a plus symbol appears in the Log column, each successful execution of the command is logged. If a minus symbol appears in the column, the command is not logged.

Table 2-2 Card State Descriptions

Card State

Description

A

Command is supported when the card state is active.

I

Command is supported when the card state is in init state.

S

Command is supported in standby state.

Displaying Command Syntax and Parameters

To display the syntax of a command, enter the command without any parameters. The following example shows the syntax report provided by the switch when the cnfifip command is entered without any parameters.
M8850_LA.8.PXM.a > cnfifip
Syntax: cnfifip <interface> <ip_address> [<mask> [<broad_addr>]]
                   OR
        cnfifip <interface> <flag>
   interface -- 26/28/37 (26:Ethernet 28:SLIP 37:ATM) or Ethernet/SLIP/ATM
   ip_address -- <n>.<n>.<n>.<n> (<n>: integer 0..255)
   mask -- subnet mask <n>.<n>.<n>.<n> (<n>: integer 0..255)
   broad_addr -- <n>.<n>.<n>.<n> (<n>: integer 0..255)
   flag -- a string "UP" or "DOWN"
When a parameter is shown between less-than (<) and greater-than (>) symbols, the parameter represents a variable that must be replaced by a value. The values are described below the command syntax.

When the parameter is shown between brackets ([]), it is an optional parameter. If you omit an optional parameter, most commands will use the last value defined for the option. If no value has been assigned to an option, the default value is used.

Note Some commands, such as dspcd and saveallcnf, do not require parameters, so entering the command without parameters executes the command.When you enter the saveallcnf command, which saves the current switch configuration to a file, the switch prompts you to confirm the save before execution begins. Whenever the switch prompts you to confirm a command, the command you are confirming is likely to change the switch configuration, reduce switch performance, or take a long time to execute.

Tip To see the syntax of a command that does not require parameters, enter the command with a parameter you know is incorrect. For example:

mgx8850a.7.PXM.a> dspcd jim
ERR: Invalid Slot number specified
ERR: Syntax: dspcd ["slot_number"]
slot number -- optional;

Configuring User Access

The usernames and passwords supplied with your switch provide access to all switch features, and they allow you to add and delete users and change user passwords.

When configuring user access for the switch, consider the following recommendations:

•Change the default passwords provided with your switch. These passwords are published on the Cisco website and enable anyone with local or remote network access to configure and manage your switch.

•Share the user names and passwords with only one or two people.

•If usernames and passwords become common knowledge during the switch installation and configuration, change the passwords.

•If additional users need access to the switch, create usernames and passwords below the top levels so that these users cannot access or modify the top-level user information.

The following sections describe how to add users, change passwords for existing users, delete users, and recover the user cisco password.

Adding Users

The Cisco MGX switches support up to 100 users. To create a user account, specify the following information:

•user name

•password

•access level

The user name and password identify the user and determine the user access level for switch management.

An access level must be assigned to a user when the user is added to the switch. The access levels listed in Table 2-3 are used throughout this guide to indicate the level of access required to execute a command or complete a procedure. These access levels are also called access privileges. If a user has access privileges at a lower level than a command requires, the user cannot execute the command. If the user has access privileges at the level required or at a higher level, the user can execute the command.

Table 2-3 User Access Levels

Access Level

Descriptions

CISCO_GP

This is the highest user access level. Users with this access level have complete access to all commands.

There is only one user at the CISCO_GP level, and that username is cisco. The default password for user cisco is cisco. Again, Cisco Systems recommends that you change the default passwords when you install a switch.

Users at the CISCO_GP access level can add users, delete users, change passwords, and change access levels for users at the following levels: SERVICE_GP, SUPER_GP, GROUP1, and ANYUSER.

SERVICE_GP

This access level allows access to commands that update switch firmware, save and restore the switch configuration, and enable debugging. This access level also provides access to all commands in all lower access levels: SUPER_GP, GROUP1, and ANYUSER.

The default username is service. The default password is serviceuser.

Users at the service access level can add users, delete users, change passwords, and change access levels for users at the following levels: SUPER_GP, GROUP1, and ANYUSER.

SUPER_GP

This access level allows users to configure switch level parameters such as the node name, date, and interface IP addresses. Users at this level can also enable traces. This access level also provides access to all commands in all lower access levels: GROUP1 and ANYUSER.

The default username is superuser, and the default password is superuser.

Users at the superuser access level can add users, delete users, change passwords, and change access levels for users at the following levels: GROUP1 and ANYUSER.

GROUP1

This access level allows users to configure line and port level parameters and create SPVCs¹ and SPVPs¹. This access level also provides access to all commands at the ANYUSER access level.

No default username and password is provided for this access level.

Users at the GROUP1 access level can add users, delete users, and change passwords for users at the ANYUSER access level.

ANYUSER

This access level allows users to run display and status commands that display the switch configuration and operational status.

No default username and password is provided for this access level.

1. SPVC = soft permanent virtual connection

2. SPVP = soft permanent virtual path

Note Earlier releases of the Cisco MGX 8850 software support users at levels Group 2 through Group 5. These user levels have been removed from the software. If you upgrade a switch that has users configured at these levels, the user level for the affected users will change to Group 1 level access during the upgrade.

To add a user to the switch, use the following procedure.

Step 1 Establish a CLI management session with GROUP1 privileges or higher. To add a user at a specific access level, you must log in as a user with a higher access level.

Step 2 Enter the following command after the switch prompt:
mgx8850a.7.PXM.a> adduser <username> <accessLevel>
Enter the username using 1 to 12 alphanumeric characters. Specify the access level by entering one of the levels defined in Table 2-3.

Note The access levels are case-sensitive and must be entered as shown in Table 2-3. Also, you cannot add users at access levels that are equal to or above your own access level.

If you enter the command correctly, the switch prompts you for a password.

Step 3 Enter a password, using 5 to 15 characters.

Step 4 When prompted, enter the password a second time to validate the previous entry.

This completes the addition of the new user.

Step 5 To display the new user in a list of all users, enter the dspusers command.

Tip To determine which commands are available at a particular access level, log in to the switch as a user at that access level, then enter the help or ? command.

Step 6 To test the username, enter the bye command, then log in as the new user.

Tip If you forget which username you used to log in, enter the whoami command. This command displays the username, access level, and access method (for example, Telnet) for the current session.

Changing Your Own User Password

To change your own password with the cnfpasswd command, use the following procedure.

Note The cnfuser command allows you to change another user password if you have the correct access privileges. The next section describes how to use the cnfuser command.

Step 1 Log in to your user account with the username for which you want to change the password.

Step 2 Enter the following command after the switch prompt:
mgx8850a.7.PXM.a>cnfpasswd
Step 3 When prompted, enter your current password.

Step 4 When prompted, enter a new password, using 5 to 15 characters.

Step 5 When prompted, enter the new password a second time to validate the correct entry.

This completes the change of password.

Step 6 To test the new password, enter the bye command, then log in using the new password.

Changing User Access Levels and Passwords with cnfuser

After you create a user, you can change that user's access level or password using the cnfuser command.

Note To change your own user password, enter the cnfpasswd command as described in the preceding section.

To change the user level or password of a switch user, use the following procedure.

Step 1 Log in to the switch. Use either the username for which you want to change the password, or a username with privileges at least one level higher than those of the user whose password you want to change.

Step 2 Enter the following command after the switch prompt:
mgx8850a.7.PXM.a> cnfuser -u <username> [-p] [-l <accessLevel>]
Replace username with the name of the user for whom you are making the change.

If you are changing the password, specify the -p option. After you enter the command, the switch prompts you to enter the new password as shown in the following example:
M8850_LA.8.PXM.a > cnfuser -u jim -p
Enter new password: 
Re-enter new password: 
Completed local database changes for user jim
If you are changing the user access level, specify the -l (lowercase L) option and enter the appropriate access level as shown in Table 2-3. In the following example, the access level is changed for user jim:
M8850_LA.8.PXM.a > cnfuser -u jim -l SUPER_GP
Completed local database changes for user jim
Note You can change passwords and access levels only for users who have privileges lower than the username you used to log in.

Step 3 To test a new password, enter the bye command, then log in using the new password.

Step 4 To verify a user access level change, enter the dspusers command.

The dspusers command displays all the usernames and the access level for each user as shown in the following example:
mgx8850a.7.PXM.a> dspusers
    UserId        AccessLevel
    -------------------------
    cisco         CISCO_GP
    service       SERVICE_GP
    superuser     SUPER_GP
    jbowman       GROUP1
Deleting Users

To delete a user, use the following procedure.

Step 1 Establish a CLI management session using a username with privileges at least one level higher than that of the user you want to delete.

Step 2 Enter the following command after the switch prompt:
mgx8850a.7.PXM.a> deluser <username>
Enter the username using from 1 to 12 alphanumeric characters. This completes the deletion of a user.

Step 3 To verify the user has been deleted, enter the dspusers command.

Resetting the User cisco Password

If you lose or forget your password for switch access, you should ask a user with a higher access level to reset your password using the cnfuser command. If you do not have any passwords for any access levels, you can use the following password recovery procedure to reset the password for user cisco. This procedure resets the user cisco password to cisco and leaves all other passwords unchanged. (You can change the other passwords with the cnfuser command after logging in as user cisco.)

Note This feature can be disabled using the cnfpswdreset command as described in the next section. You can determine if this feature is enabled or disabled by logging in as a user at any level and entering the dsppswdreset command.

Use the following procedure to reset the user cisco password.

Step 1 Establish a physical connection to the switch through the Console Port (CP) connector on the PXM-UI-S3 or PXM-UI-S3/B back card.

Caution Anyone with physical access to the switch CP can reset the password, deny access to other users, and reconfigure the switch. To prevent unauthorized switch access and configuration, the switch should be installed in a secure area.

Step 2 When the login prompt appears, press ESC, CTRL-Y to reset the password.

Step 3 Log in using username cisco and password cisco.

Step 4 To maintain switch security after resetting the cisco user password, change the password using the cnfpasswd command.

Enabling and Disabling the User cisco Password Reset

If the switch you are managing is in an insecure area, you might want to disable the user cisco password reset feature. Otherwise, anyone with physical access to the switch CP can reset the password, deny access to other users, and reconfigure the switch. This feature can be enabled again at a later date if you know the user name and password for a user at the SERVICE_GP privilege level or higher.

To enable or disable the password reset feature, use the following procedure.

Step 1 Establish a configuration session using a user name with SERVICE_GP privileges or higher.

Step 2 To disable password reset, enter the cnfpswdreset off command.

Step 3 To enable password reset, enter the cnfpswdreset on command.

Step 4 To view the status of this feature, enter the dsppswdreset command.

Setting and Viewing the Node Name

The switch name identifies the switch you are working on, which is important when you are managing multiple switches. The current switch name appears in the CLI prompt when you are managing PXM cards and service modules. To change the switch name, use the following procedure.

Step 1 Establish a configuration session using a user name with SUPER_GP privileges or higher.

Step 2 Enter the following command after the switch prompt:
unknown.7.PXM.a > cnfname <node name>
Enter up to 32 characters for the new node name, and since the node name is case-sensitive, be sure to use the correct case. For example:
unknown.7.PXM.a > cnfname mgx8850a
This node name will be changed to mgx8850a. Please Confirm
cnfname: Do you want to proceed (Yes/No)? y
cnfname: Configured this node name to mgx8850a Successfully.
mgx8850a.7.PXM.a>
Note The node name cannot contain any spaces or special characters.

The new name appears immediately in the next CLI prompt.

Viewing and Setting the Switch Date and Time

The switch date and time is appended to event messages and logs. To assure that events are properly time stamped, use the following procedure to view and change the date and time.

Note The procedure that follows propagates the switch date and time to all cards on the switch except for the RPM cards. Use the CLI to manually configure the switch date and time on each RPM card in your switch, or use SNTP to enable each RPM card to retrieve the date and time from a network server.

Step 1 Establish a configuration session using a user name with SUPER_GP privileges or higher.

Step 2 To view the current switch date and time, enter the following command after the switch prompt:
mgx8850a.7.PXM.a> dspdate
Step 3 To change the switch date, enter the following command:
mgx8850a.7.PXM.a> cnfdate <mm/dd/yyyy>
Step 4 To change the time zone, enter the following command:
mgx8850a.7.PXM.a> cnftmzn <timezone>
Replace timezone with one of the parameter values listed in Table 2-4. If your switch is located outside the Western Hemisphere, select GMT (see Table 2-4) and use the next step to specify an offset from GMT. If your switch is located in the Western Hemisphere choose the appropriate option from Table 2-4. Daylight times are adjusted by one hour in the Fall and Spring for daylight savings. Standard times are not adjusted.

Table 2-4 Time Zones for cnftmzn Command

Parameter Value

Time Zone

CDT

Central Daylight Time

CST

Central Standard Time

EDT

Eastern Daylight Time

EST

Eastern Standard Time

GMT

Greenwich Mean Time

MDT

Mountain Daylight Time

MST

Mountain Standard Time

PDT

Pacific Daylight Time

PST

Pacific Standard Time

Step 5 To configure an offset from GMT, enter the following command:
mgx8850a.7.PXM.a> cnftmzngmt <timeoffsetGMT>
Replace <timeoffsetGMT> with the offset in hours from GMT. Enter a number from -12 to +12.

Step 6 To change the switch time, enter the following command:
mgx8850a.7.PXM.a> cnftime <hh:mm:ss>
Replace <hh> with the hour of the day (0 to 23), mm with the minute of the hour (0 to 59), and ss with the number of seconds in the minute (0 to 59).

Step 7 To verify the new date and time settings, enter the dspdate command.

Configuring PNNI Node Parameters

The MGX switches support many PNNI configuration commands. This section describes how to configure the basic PNNI configuration parameters for the switch. Chapter 8, "Managing PNNI Nodes and PNNI Routing," describes how to manage PNNI after you have brought up the PNNI node.

Caution It is important to configure the PNNI node parameters before you start creating SPVCs as described in Chapter 3, "Provisioning PXM1E Communication Links." If you create SPVCs using the default PNNI node parameters and later change those parameters, the node will advertise the old ATM address information for the older SPVCs as well as the new ATM address information. To keep PNNI running at maximum efficiency, set the PNNI node parameters to the proper values before creating SPVCs, or delete and recreate old SPVCs after making PNNI node parameter updates.

Adding the PNNI Controller

The PNNI controller simplifies switch configuration by using PNNI protocol to discover call routes in an ATM network. Without the PNNI controller, each route through the network would have to be defined manually. Chapter 8, "Managing PNNI Nodes and PNNI Routing," provides more information on PNNI. This section describes how to enable and configure the PNNI controller for the switch.

Note Before entering the following command, you must log in as a user with SUPER_GP privileges or higher.