2014年1月15日 星期三

Cisco ACE 4710 Startup Configuration


設定清除步驟與重新開機
Starting sysmgr processes.. Please wait...Done!!!

switch login: admin
Password:
Cisco Application Control Software (ACSW)
TAC support: http://www.cisco.com/tac
Copyright (c) 1985-2012 by Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
switch/Admin#
switch/Admin# ?
Exec commands:
  backup      Backup commands
  capture     Capture packets on one or more interfaces
  changeto    Changeto another context
  checkpoint  Checkpoint/Rollback commands
  clear       Reset functions
  clock       Manage the system clock
  compare     Compare checkpoint config with running config
  configure   Enter configuration mode
  copy        Copy from one file to another
  crypto      Execute PKI related commands
  debug       Debugging functions
  delete      Remove files -1
  dir         Directory listing for files
  dm          Device mgr commands for internal use
  exit        Exit from the EXEC
  format      Format a device with FAT16 file system
  ft          Fault-tolerant switchover
  gunzip      Uncompresses LZ77 coded files
  invoke      Invoke commands in other contexts from admin context
  license     Licensing specific commands
  load        Load plug-in image
  mkdir       Create new directory
  move        Move files
  ping        Send echo messages
  reload      Halt and perform a cold restart
  restore     Restore commands
  rmdir       Remove existing directory
  set         Set various asic registers
  setup       Run the basic SETUP command facility
  show        Show running system information
  sleep       Sleep some time for vsh script
  ssh         SSH to another system
  system      System management commands
  tac-pac     Save tac information to a specific location
  telnet      Telnet to another system
  terminal    Set terminal line parameters
  traceroute  Trace route to destination
  undebug     Disable Debugging functions (See also debug)
  untar       Untar the given file
  write       Write current configuration
  xml-show    Display xmlized show command result in xml

switch/Admin# clear st
startup-config  stats           sticky         
switch/Admin# clear startup-config
Warning: This command will erase the startup-configuration.
Do you wish to proceed anyway? (y/n)  [n] y
switch/Admin# reload
This command will reboot the system
Save configurations for all the contexts. Save? [yes/no]: [yes] no
Validating system image...
Perform system reload. [yes/no]: [yes]
switch/Admin#
以上步驟結束後,等待重新開機。



kernel=(hd0,1)/c4710ace-t1k9-mz.A5_1_2.bin ro root=LABEL=/ auto console=ttyS0,9
600n8 quiet bigphysarea=32768                                                  
   [Linux-bzImage, setup=0x1400, size=0xe75a16c]                               
                                                                               
INIT: version 2.85 booting                                                     
                                                                                
b4 lspci                                                                       
1 Cavium device(s) found.                                                      
Bringing up NP 0                                                                
Downloading U-Boot to NP card 0                                                
Downloading DP image to NP card 0                                              
Starting DP image on NP card on all cores                                       
DP image started on NP card                                                    
                                                                               
                                                                                
Setting up dynamic memory size                                                 
Initializing Shared Memory                                                     
INIT: Entering runlevel: 3                                                     
Testing PCI path for Octeon(0)....                                             
This may take some time, Please wait ....                                      
PCI test loop , count 0                                                        
PCI path is ready                                                              
Starting services...                                                          
Waiting for 3 seconds to enter setup mode...
Certificate & key are up to date [yes]
. itch/Admin# Unmounting ext3 filesystems...
Unmounting Other filesystems...
Installing MySQLRestarting system.
groupadd: group nobody exists
useradd: user nobody exists
MySQL Installed
Installing JRE
JRE Installed


Starting sysmgr processes.. Please wait...Done!!!

switch login: admin
Password:

 Admin user is allowed to login only from console until the default password is changed.
 www user is allowed to login only after the default password is changed.

 Enter the new password for user "admin":
 Confirm the new password for user "admin":
 admin user password successfully changed.

 Enter the new password for user "www":
 Confirm the new password for user "www":
 www user password successfully changed.

Cisco Application Control Software (ACSW)
TAC support: http://www.cisco.com/tac
Copyright (c) 1985-2012 by Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.


  ACE>                         

        This script will perform the configuration necessary for a user to
        manage the ACE Appliance using the ACE Device Manager.The management
        port is a designated Ethernet port which has access to the same
        network as your management tools including the ACE Device Manager.
        You will be prompted for the Port Number, IP Address, Netmask and
        Default Route (optional).
        Enter 'ctrl-c' at any time to quit the script

ACE>Would you like to enter the basic configuration dialog (yes/no) [y]: no
switch/Admin#

ACE清除設定後的預設帳密為
Account: admin
Password: admin
輸入後會要求修改adminwww兩帳號的密碼,請符合密碼原則輸入。
之後ACE會詢問是否要進行互動式設定
ACE>Would you like to enter the basic configuration dialog (yes/no) [y]: no
預設回答為Yes;如果不需要請輸入No

附帶一提,如果事後仍覺得需要進行互動式設定,可以輸入Setup指令執行之。
switch/Admin# setup


  ACE>                         

        This script will perform the configuration necessary for a user to
        manage the ACE Appliance using the ACE Device Manager.The management
        port is a designated Ethernet port which has access to the same
        network as your management tools including the ACE Device Manager.
        You will be prompted for the Port Number, IP Address, Netmask and
        Default Route (optional).
        Enter 'ctrl-c' at any time to quit the script

ACE>Would you like to enter the basic configuration dialog (yes/no) [y]:

以下是互動式選項的設定方式的範例,供參考。
ACE>Would you like to enter the basic configuration dialog (yes/no) [y]:


  ACE> Enter the Ethernet port number to be used as the management port (1-4):? [1]:

  ACE> Enter the management port IP Address (n.n.n.n): [192.168.1.10]: 192.168.1.144

  ACE> Enter the management port Netmask(n.n.n.n): [255.255.255.0]:

  ACE> Enter the default route next hop IP Address (n.n.n.n) or to skip this step: 192.168.1.254

  ACE> Summary of entered values:

  Management Port: 1
  Ip address 192.168.1.144
  Netmask: 255.255.255.0
  Default Route: 192.168.1.254

  ACE>Submit the configuration including security settings to the ACE Appliance? (yes/no/details) [y]:


ACE> Configuration successfully applied. You can now manage this
ACE Appliance by entering the url 'http://192.168.1.144' into a
web browser to access the Device Manager GUI.

利用指令建立context
switch/Admin# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
switch/Admin(config)# context ?
    Enter the context name (Max Size - 64)
  Admin  
switch/Admin(config)# context Bridge
switch/Admin(config-context)#
switch/Admin# sh context

Number of Contexts = 2

Name: Admin , Id: 0
Config count: 25
Description: 
Resource-class: default


Name: Bridge , Id: 1
Config count: 0
Description: 
Resource-class: default
Vlans:
switch/Admin#

進入選定的context進行設定
switch/Admin# changeto bridge
Error: context not found
switch/Admin# changeto Bridge
switch/Bridge#
請注意!所建立的Context名稱有區分大小寫。
還有是否成功切換所在位置的context請看/後面的context是否以切換。
不同context間的設定完全獨立,不會互通,需要個別儲存之。

檢查interface狀態
switch/Admin# sh interface

vlan1000 is up, VLAN up on the physical port

  Hardware type is VLAN
  MAC address is 00:1b:24:78:7f:4c
  Mode : routed
  IP address is 192.168.0.10 netmask is 255.255.255.0
  FT status is non-redundant
  Description:not set
  MTU: 1500 bytes
  Last cleared: never
  Last Changed: Sun Jan  5 22:40:45 2014
  No of transitions: 1
  Alias IP address not set
  Peer IP address not set
  Assigned on the physical port, up on the physical port

     633 unicast packets input, 189322 bytes
     400 multicast, 25 broadcast
     0 input errors, 0 unknown, 0 ignored, 0 unicast RPF drops
     1396 unicast packets output, 1671574 bytes
     0 multicast, 1 broadcast
     0 output errors, 0 ignored

GigabitEthernet Port 1/1 is UP, line protocol is UP
 Hardware is ACE Appliance 1000Mb 802.3, address is 00:1b:24:78:7f:4c
 Description:
 MTU 9216 bytes
 Full-duplex, 1000Mb/s
 COS bits based QoS is disabled
 input flow-control is off, output flow-control is off
    1063 packets input, 195505 bytes, 0 dropped
    Received 132 broadcasts (405 multicasts)
    0 runts , 0 giants
    0 FCS/Align errors , 0 runt FCS, 0 giant FCS
    1397 packets output, 1671574 bytes
    1 broadcast, 0 multicast, 0 control output packets 
    0 underflow, 0 single collision, 0 multiple collision output packets
    0 excessive collision and dropped, 0 Excessive Deferral and dropped 
GigabitEthernet Port 1/2 is ADMIN DOWN, line protocol is DOWN
 Hardware is ACE Appliance 1000Mb 802.3, address is 00:1b:24:78:7f:4c
 Description:
 MTU 0 bytes
 Auto-duplex, Auto-speed
 COS bits based QoS is disabled
 input flow-control is off, output flow-control is off
    0 packets input, 0 bytes, 0 dropped
    Received 0 broadcasts (0 multicasts)
    0 runts , 0 giants
    0 FCS/Align errors , 0 runt FCS, 0 giant FCS
    0 packets output, 0 bytes
    0 broadcast, 0 multicast, 0 control output packets 
    0 underflow, 0 single collision, 0 multiple collision output packets
    0 excessive collision and dropped, 0 Excessive Deferral and dropped 
GigabitEthernet Port 1/3 is ADMIN DOWN, line protocol is DOWN
 Hardware is ACE Appliance 1000Mb 802.3, address is 00:1b:24:78:7f:4c
 Description:
 MTU 0 bytes
 Auto-duplex, Auto-speed
 COS bits based QoS is disabled
 input flow-control is off, output flow-control is off
    0 packets input, 0 bytes, 0 dropped
    Received 0 broadcasts (0 multicasts)
    0 runts , 0 giants
    0 FCS/Align errors , 0 runt FCS, 0 giant FCS
    0 packets output, 0 bytes
    0 broadcast, 0 multicast, 0 control output packets 
    0 underflow, 0 single collision, 0 multiple collision output packets
    0 excessive collision and dropped, 0 Excessive Deferral and dropped 
GigabitEthernet Port 1/4 is ADMIN DOWN, line protocol is DOWN
 Hardware is ACE Appliance 1000Mb 802.3, address is 00:1b:24:78:7f:4c
 Description:
 MTU 0 bytes
 Auto-duplex, Auto-speed
 COS bits based QoS is disabled
 input flow-control is off, output flow-control is off
    0 packets input, 0 bytes, 0 dropped
    Received 0 broadcasts (0 multicasts)
    0 runts , 0 giants
    0 FCS/Align errors , 0 runt FCS, 0 giant FCS
    0 packets output, 0 bytes
    0 broadcast, 0 multicast, 0 control output packets 
    0 underflow, 0 single collision, 0 multiple collision output packets
    0 excessive collision and dropped, 0 Excessive Deferral and dropped

switch/Admin# sh ip int bri
Interface             IP-Address      Status                  Protocol
vlan1000              192.168.0.10    up                      up 
gigabitEthernet1/1    unassigned      up                      up 
gigabitEthernet1/2    unassigned      administratively down   down
gigabitEthernet1/3    unassigned      administratively down   down
gigabitEthernet1/4    unassigned      administratively down   down
檢查Port up/down狀態

檢查configuration設定
switch/Admin# sh running-config
Generating configuration....



boot system image:c4710ace-t1k9-mz.A5_1_2.bin

interface gigabitEthernet 1/1
  switchport access vlan 1000
  no shutdown
interface gigabitEthernet 1/2
  shutdown
interface gigabitEthernet 1/3
  shutdown
interface gigabitEthernet 1/4
  shutdown


access-list ALL line 8 extended permit ip any any






class-map type management match-any remote_access
  2 match protocol xml-https any
  3 match protocol icmp any
  4 match protocol telnet any
  5 match protocol ssh any
  6 match protocol http any
  7 match protocol https any
  8 match protocol snmp any

policy-map type management first-match remote_mgmt_allow_policy
  class remote_access
    permit

interface vlan 1000
  ip address 192.168.0.10 255.255.255.0
  access-group input ALL
  service-policy input remote_mgmt_allow_policy
  no shutdown

ip route 0.0.0.0 0.0.0.0 192.168.1.254

context Bridge


 
username admin password 5 $1$.HBIfcex$OzUi5Uv7eTEylxAf3NEPs/  role Admin domain
default-domain
username www password 5 $1$.wH9fZJd$X1MvFbstxWIWTCcHh9PjR0  role Admin domain de
fault-domain

ssh key rsa 1024 force


switch/Admin#

進到這邊,通常你就可以用Web介面去連接和管理ACE 4710。重點是你連接ACE 4710的第一個Port網卡要設成跟它同網段。