Lenovo NE1032 and NE1032T Switch Quickstart Guide Document Version 1.0: 10/2018 Scale Computing 2018 1
Table of Contents Introduction 3 Requirements 3 Connect to the Switch 4 Over the Network 4 Console 4 CLI Mode Basics 5 Set the Management IP 6 Management Configuration Example 6 Management VLAN Configuration Example 6 Update the Firmware 7 General Configuration 9 Set the Enable Mode Password 9 Generate New SSH keys 9 Set AAA Maximum Attempts 9 Create Additional Users 9 Set NTP 9 Set DNS 10 Create VLANs 10 Verify Spanning Tree 10 Logging 11 Port Configuration 12 Switchport Access Mode 12 Switchport Hybrid Mode 12 Switchport Trunk Mode 12 Link Layer Discovery Protocol 13 Feedback & Support 14 Document Feedback 14 Technical Support and Resources 14 Disclaimer 14 Scale Computing 2018 2
Introduction This guide provides general configuration examples. The configurations found here may not be applicable for all environments. Consult Lenovo s official documentation for further information in regards to your environment's unique configuration. Requirements This guide was written for CNOS version 10.8.1.0. If you are on a lesser version, update to match 10.8.1.0 due to command syntax changes. A Terminal Emulation program, such as PuTTY. (Optional) Mini-USB B male to USB A male cable. Scale Computing 2018 3
Connect to the Switch Over the Network By default, the management interface is set to request a DHCP address. If DHCP is available, check your leases on your DHCP server to determine the IP address of the switch. Using an SSH client, you may log in to the switch over the network. The default username is admin, and the default password is admin. Console Using a terminal emulator, such as PuTTY, connect the provided USB adapter to the port shown below. Set your console settings as follows: Default baud rate = 9,600 bps Character size = 8 characters Parity = none Stop bits = 1 Data bits = 8 Flow control = none The default username is admin and the default password is admin. Scale Computing 2018 4
CLI Mode Basics Configuration for the NE1032 or NE1032T is performed through a CLI interface. As a reference: > = unprivileged mode # = privileged mode (config)# = global configuration mode (config-if)# = interface configuration mode (config-vrf)# = virtual routing and forwarding configuration mode Upon login you will be in the unprivileged mode. To enter privileged mode: > enable # NOTE You can use? to display what commands are available in the current mode. In order to configure the switch we need to enter global configuration mode. This mode is used for settings that aren t specific to the switch ports. # conf t (config)# Configuration of switch ports is performed in interface configuration mode. To return to the previous configuration level: (config-if)# exit (config)# Scale Computing 2018 5
Set the Management IP The management network should be separated from any data networks and have physically independent hardware supporting it. The goal of the management network is to maintain remote access to network equipment should a configuration change interrupt the data networks. Optionally, you may use a VLAN interface instead. Management Configuration Example > en # conf t (config)# int mgmt0 (config)# ip addr 10.205.13.252 255.255.255.0 (config)# vrf context management (config-vrf)# ip route 0.0.0.0/0 10.205.13.1 Management VLAN Configuration Example > en # conf t (config)# interface vlan 1 (config-if)# ip address 10.205.13.252 255.255.255.0 (config-if)# exit (config)# ip route 0.0.0.0/0 10.205.13.1 Scale Computing 2018 6
Update the Firmware Download the Latest Firmware Download the zip file for the NE1032 here. Download the zip file for the NE1032T here. Unzip the archive. Rename the extracted folder to ne1032 or ne1032t as necessary and place it in your local user home directory. Make sure your firewall will allow port 22, or turn it off temporarily. If you are using a linux machine, ensure sshd is running. # copy sftp sftp://10.205.105.202//home/cdraper/ne1032/ne1032-cnos-10.8.1.0.imgs systemimage all vrf management Output should appear as follows: Confirm download operation? (y/n) [n] y Download in progress Enter Username:user user@10.205.105.202's password: sftp> progress Progress meter enabled sftp> get /home/user/ne1032/ne1032-cnos-10.8.1.0.imgs /tmp/orca/image.30383 /home/user/ne1032/ne1032-cnos-10.8.1.0.imgs 6% 12MB 2.0MB/s 01:22 ETAN/home/user/ne1032/NE1032-CNOS-10.8.1.0.imgs 8% 15MB 1.9MB/s 01:24 ETAN/home/user/ne1032/NE1032-CNOS-10.8.1.0.imgs 100% 175MB 1.6MB/s 01:47 Copy Success Install image...this takes about 90 seconds. Please wait Check image signature succeeded Extracting image: 100% Installing system image to slot 1: Installing image: 100% Extracting image: 100% Installing uboot: Updating flash: 100% Extracting image: 100% Installing NOS Kernel: Updating flash: 100% Extracting image: 100% Installing NOS DFT: Updating flash: 100% Scale Computing 2018 7
Extracting image: 100% Installing NOS RFS: Updating flash: 100% Boot image installation succeeded. OS image installation succeeded. Boot loader now contains Software Version 10.8.1.0 Standby image now contains Software Version 10.8.1.0 Switch is currently set to boot active image. Do you want to change that to the standby image? (y/n) [n] y Reboot the switch to load the new firmware: # reload Scale Computing 2018 8
General Configuration Set the Enable Mode Password (config)# enable password SOMEPASS Generate New SSH keys # conf t (config)# no feature ssh (config)# ssh key rsa length 4096 force (config)# ssh login-attempts 3 (config)# feature ssh Set AAA Maximum Attempts Authentication, authorization, and accounting features determine what resources users have access to, and where to check for that user s credentials. Here, we are setting failed login attempts to be logged and the maximum number of login attempts to 25. (config)# aaa authentication login error-enable (config)# aaa local authentication attempts max-fail 25 Create Additional Users The network-admin account type has full administrative rights to the switch. The network-operator is a limited account type. (config)# username <ADMIN> role network-admin password <PASSWORD> (config)# username <USER> role network-operator password <PASSWORD> Set NTP Any internal or external NTP server that is accessible on your network should work. (config)# feature ntp (config)# ntp server 10.205.13.2 Scale Computing 2018 9
Set DNS Any internal DNS server that is accessible on your network should work. (config)# ip name-server 10.205.13.3 vrf default Create VLANs You may create VLANs individually as follows: (config)# vlan 2 (config-vlan)# name SCALEBACKPLANE Or, you may create multiple VLANs at once using a range: (config)# vlan 1-10 Verify Spanning Tree (config)# sh spanning-tree Ensure that the spanning tree protocol supports rapid convergence. By default, the NE1032 and the NE1032T uses rapid-pvst. VLAN0001 spanning-tree enabled protocol rapid-pvst ROOT ID priority 32769 address a48c.db96.7f00 This bridge is the root Hello Time 2 Max age 20 Forward Delay 15 BRIDGE ID priority 32769 (32768 sys-id-ext 1) address a48c.db96.7f00 Hello Time 2 Max age 20 Forward Delay 15 Interface Role Sts cost Prio.Nbr Type ---------------- ---- --- --------- ------------- ---------------------- Ethernet1/1 Desg FWD 2 128.410001 point-to-point Ethernet1/2 Desg FWD 2 128.410002 point-to-point Ethernet1/3 Desg FWD 2 128.410003 point-to-point Ethernet1/4 Desg FWD 2 128.410004 point-to-point Scale Computing 2018 10
Logging Troubleshooting relies heavily on inspecting the switch logs. In this example, we are setting logging to debug level and storing them locally, allocating the maximum size possible for local storage of the logs. (config)# logging logfile switch_log 6 size 10485760 (config)# show logging logfile If there is a remote syslog server available: (config)# no logging logfile (config)# logging server 10.205.13.36 6 vrf data (config)# logging server 10.205.13.36 protocol tcp port 5002 Scale Computing 2018 11
Port Configuration By default, all ports are in access mode for VLAN 1. If you are not utilizing VLANs in your environment, you will not need to configure the VLAN settings for the switch ports further. We recommend isolating backplane ports for Scale Computing equipment to a VLAN other than 1 using access mode. Switchport Access Mode Access mode allows only one VLAN to be configured for a switch port. Use this mode when connecting an end device that is unaware of VLANs, such as the Scale Computing node backplane ports. (config)# interface ethernet 1/1 (config-if)# switchport mode access (config-if)# switchport access vlan 10 Switchport Hybrid Mode Hybrid mode is used when an interface needs to carry multiple VLANs, such as the Scale Computing LAN ports. If your VMs need access to specific VLANs other than what the Scale Computing node itself resides upon, you will need to tag those VLANs. In this example, the Scale Computing appliance is being managed on VLAN 5. The management interface is unaware of VLANs and thus needs to be untagged traffic. Note that VLAN 5 is omitted from the list of egress-tagged VLANs. (config)# interface ethernet 1/1 (config-if)# switchport mode hybrid (config-if)# switchport hybrid native vlan 5 (config-if)# switchport hybrid allowed vlan 1-10 (config-if)# switchport hybrid egress-tagged vlan 1,2,3,4,6,7,8,9,10 (config-if)# show interface eth1/1 switchport (config-if)# show running-config interface ethernet1/1 Switchport Trunk Mode Trunk mode is also used when an interface needs to carry multiple VLANs. Trunk mode configuration is less explicit than Hybrid mode. In the following configuration example, the Scale Computing appliance is being managed on VLAN 5. (config)# interface ethernet 1/1 (config-if)# switchport mode trunk (config-if)# switchport trunk allowed vlan all (config-if)# switchport trunk native vlan 5 (config-if)# show interface eth1/1 switchport (config-if)# show running-config interface ethernet1/1 Scale Computing 2018 12
Link Layer Discovery Protocol LLDP is very useful for troubleshooting and network mapping. (config)# interface ethernet 1/1 (config-if)# lldp transmit (config-if)# lldp receive (config-if)# lldp trap-notification (config-if)# end To view information about neighboring network devices: # show lldp neighbors [detail] # show lldp interface all Scale Computing 2018 13
Feedback & Support Document Feedback Scale Computing welcomes your suggestions for improving our documentation. Please send your feedback to documentation@scalecomputing.com. Technical Support and Resources There are many technical support resources available for use. Access this document, and many others, at http://www.scalecomputing.com/support/login/. Disclaimer Switches are not covered under the support and warranty for the Scale Computing HC3 system. Scale Computing is not responsible for any issues arising from the use of this guide. Any and all questions, issues, or concerns regarding switch configuration should be addressed with the switch manufacturer directly. Scale Computing 2018 14