Configuring the Cisco Ethernet Switch

The Cisco Catalyst 4948 Ethernet switch supplied with Recovery Appliance has IPBASEK9-MZ firmware. The switch is minimally configured during installation. These procedures configure the Cisco Ethernet switch into one large virtual LAN.

Configuring the Cisco Catalyst 4948 Ethernet Switch

The Cisco Catalyst 4948 Ethernet switch supplied with ZDLRA Rack is minimally configured during installation.

The minimal configuration disables IP routing, and sets the following:

Host name
IP address setup
Subnet mask
Default gateway
Domain name
Name server
NTP server
Time
Time zone

Before configuring the switch, note the following:

The Cisco Ethernet switch should not be connected until the running configuration has been verified, and any necessary changes have been made by the network administrator.
The Cisco Ethernet switch should not be connected to the customer network until the IP addresses on all components have been configured in ZDLRA Rack. This is to prevent any duplicate IP address conflicts which are possible due to the default addresses set in the components when shipped.

Note that the Cisco 4948E-F switch supports multiple uplinks to the customer network by utilizing ports 49 - 52. This is a more complicated switch setup due to the redundant connectivity, and should be performed by the customer's network administrator.

The following procedure describes how to configure the Cisco Ethernet switch. Configuration should be done with the network administrator.

Connect a serial cable from the Cisco switch console to a laptop or similar device. An Oracle supplied rollover cable is pre-installed on the Cisco serial console port. Obtain the appropriate adapter and connect it at the end of the rollover cable. An Oracle P/N 530-3100 RJ45-DB9 adapter as used on ILOM ports will also work, connected at the end of the network cable.
Ensure the terminal session is recorded on the laptop by logging the output. The output can be used as a reference that the switch has been configured correctly. The default serial port speed is 9600 baud, 8 bits, no parity, 1 stop bit, and no handshake.
```
Switch con0 is now available
Press RETURN to get started.
```
Change to the enable mode.
```
Switch> enable
Password: ******
Switch# 
```
Note:
If you do not have the password, then contact Oracle Support Services.

Check the current version on the switch.

Switch# show version 
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-
IPBASEK9-M), Version 15.2(3)E2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Tue 11-Mar-14 18:28 by prod_rel_team

ROM: 12.2(44r)SG12
zdlra1sw-ip uptime is 1 minute
System returned to ROM by reload
System image file is "bootflash:cat4500e-ipbasek9-mz.152-3.E2.bin"
Hobgoblin Revision 22, Fortooine Revision 1.40
...

Configuration register is 0x2102

Switch#

The version of the Cisco 4948E-F switch firmware purchased and shipped by Oracle with Recovery Appliance X6 is IPBASEK9-MZ, which includes telnet and ssh support. Currently the full release version string is cat4500e-ipbasek9-mz.152-3.E2.bin.

Configure the network for a single VLAN. The following example assumes you are using IPv4 addressing.

Switch# configure terminal
Enter configuration commands,one per line.End with CNTL/Z.
Switch(config)# interface vlan 1
Switch(config-if)# ip address 10.7.7.34 255.255.255.0
Switch(config-if)# end
Switch# *Sep 15 14:12:06.309:%SYS-5-CONFIG_I:Configured from console by console
Switch# write memory
Building configuration...
Compressed configuration from 2474 bytes to 1066 bytes [OK ]

If IP routing is required on the switch, then leave the IP routing setting as the default, and configure the default gateway. Replace 10.7.7.1 with the IP address of the gateway for the installation:

Switch#configure terminal
Enter configuration commands,one per line.End with CNTL/Z.
Switch(config)#ip route 0.0.0.0 0.0.0.0 10.7.7.1
Switch(config)#end
*Sep 15 14:13:26.013:%SYS-5-CONFIG_I:Configured from console by console
Switch#write memory
Building configuration...
Compressed configuration from 2502 bytes to 1085 bytes [OK ]

Set the host name of the switch.

This example sets the name to ra1sw-ip:

The system host name is used as the prompt name.

Configure up to three DNS servers. Replace the domain name and IP addresses used in this example with the values for the installation:

ra1sw-ip#configure terminal
Enter configuration commands,one per line.End with CNTL/Z.
ra1sw-ip(config)#ip domain-name example.com
ra1sw-ip(config)#ip name-server 10.7.7.3
ra1sw-ip(config)#ip name-server 198.51.100.5 
ra1sw-ip(config)#ip name-server 10.8.160.1
ra1sw-ip(config)#end 
*Sep 15 14:26:37.045:%SYS-5-CONFIG_I:Configured from console by console
ra1sw-ip#write memory
Building configuration...
Compressed configuration from 2603 bytes to 1158 bytes [OK ]

If you do not have DNS service available, you must still set the domain-name so that you can configure the SSH keys.

(Optional) Set the password.

ra1sw-ip# configure terminal
Enter configuration commands,one per line. End with CNTL/Z.
ra1sw-ip(config)# enable password password
ra1sw-ip(config)# enable secret password 
ra1sw-ip(config)# end
ra1sw-ip# write memory 
*Sep 15 14:25:05.893:%SYS-5-CONFIG_I:Configured from console by console
Building configuration...
Compressed configuration from 2502 bytes to 1085 bytes [OK ]

Verify telnet access is disabled. Telnet is not secure, and should not be enabled unless there is a compelling reason. To enable telnet, set a password. To disable it, remove the password.

ra1sw-ip#configure terminal
Enter configuration commands,one per line. End with CNTL/Z.
ra1sw-ip(config)#line vty 0 15
ra1sw-ip(config)#login
% Login disabled on line 1, until 'password' is set
% Login disabled on line 2, until 'password' is set
 ...
% Login disabled on line 16, until 'password' is set
ra1sw-ip(config)#end

If the login command returns output as shown above, then telnet access has been disabled. If instead you get a prompt, then telnet access is not yet disabled so should be disabled now.

ra1sw-ip(config-line)#no password
ra1sw-ip(config-line)#end
ra1sw-ip#write memory 
Building configuration...
Compressed configuration from 3786 bytes to 1468 bytes [OK ]

To configure a secure shell (SSH) on the Ethernet switch:

ra1sw-ip# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ra1sw-ip(config)# crypto key generate rsa
% You already have RSA keys defined named ra1sw-ip.example.com.
% Do you really want to replace them? [yes/no]: yes
Choose the size of the key modulus in the range of 360 to 2048 for
your General Purpose Keys. Choosing a key modulus greater than 512
may take a few minutes.
How many bits in the modulus [512]: 768

% Generating 768 bit RSA keys, keys will be non-exportable...[OK]
ra1sw-ip(config)# username admin password 0 welcome1
ra1sw-ip(config)# line vty 0 15
ra1sw-ip(config-line)# transport input ssh
ra1sw-ip(config-line)# exit
ra1sw-ip(config)# aaa new-model

ra1sw-ip(config)# ip ssh time-out 60
ra1sw-ip(config)# ip ssh authentication-retries 3
ra1sw-ip(config)# ip ssh version 2
ra1sw-ip(config)# end
*Sep 15 14:26:37.045: %SYS-5-CONFIG_I: Configured from console by console
ra1sw-ip# write memory
Building configuration...
Compressed configuration from 2603 bytes to 1158 bytes[OK]

Set the clock and time zone. The switch keeps internal time in Coordinated Universal Time (UTC) format.
- To use UTC, use the following command:
```
no clock timezone global configuration
```
- To use a time zone, use the following command:
```
clock timezone zone hours-offset [minutes-offset]
```
  In the preceding command, zone is the time zone to display when standard time in effect, hours-offset is the hours offset from UTC, and minutes-offset is the minutes offset from UTC.
- Daylight savings time (or summer time) is disabled by default. To set summer time hours, use the following command:
```
clock summer-time zone recurring [week day monthhh:mm week day month \
hh:mm[offset]]
```
  In the preceding command, zone is the time zone to be displayed when summer time is in effect (EDT, for example), week is the week of the month (1 to 5 or last), day is the day of the week (Sunday, Monday, ...), month is the month (January, February, ...), hh:mm is the hours and minutes in 24-hour format, and offset is the number of minutes to add during summer time. The default offset is 60 minutes.
- To manually set the clock to any time use the following command, where the time specified is relative to the configured time zone:
```
clock set hh:mm:ss month day year
```
  In the preceding command, hh:mm:ss is the time in 24-hour format, day is the day by date in the month, month is the name of the month, and year is the 4-digit year.
The ordering of commands is important when setting the local time and time zone. For example, to set the local time to US Eastern time:
```
ra1sw-ip# configure terminal
Enter configuration commands,one per line. End with CNTL/Z.
ra1sw-ip(config)# clock timezone EST -5 
ra1sw-ip(config)# clock summer-time EDT recurring
ra1sw-ip(config)# end
ra1sw-ip# clock set 21:00:00 August 09 2018
ra1sw-ip# write memory
Building configuration...
Compressed configuration from 3784 bytes to 1465 bytes [OK ]
ra1sw-ip# show clock
21:00:06.643 EST Mon Aug 9 2018
```

After setting the local time zone, you can configure up to two NTP servers. Replace the IP addresses used in this example with the values for the installation:

ra1sw-ip# configure terminal
Enter configuration commands,one per line. End with CNTL/Z.
ra1sw-ip(config)# ntp server 10.7.7.32 prefer
ra1sw-ip(config)# ntp server 198.51.100.19
ra1sw-ip(config)# end
*Sep 15 14:51:08.665:%SYS-5-CONFIG_I:Configured from console by console
ra1sw-ip# write memory
Building configuration...
Compressed configuration from 2654 bytes to 1163 bytes [OK ]
ra1sw-ip# show ntp status
<output will vary per network>
     .
ra1sw-ip# show clock
21:00:23.175 EST Mon Aug 9 2018

The NTP server is synchronized to local time when you connect the Cisco switch to the network and it has access to NTP.

Symbols that precede the show clock display indicate that the time is the following:

* Not authoritative
. Authoritative, but NTP is not synchronized.
Authoritative (blank space).

Verify the Ethernet configuration using the following command:

ra1sw-ip# show running-config
Building configuration...
Current configuration : 3923 bytes
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
     .
     .
     .

Note:

If any setting is incorrect, then repeat the appropriate step. To erase a setting, enter no in front of the same command. For example, to erase the default gateway, use the following commands:

ra1sw-ip#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ra1sw-ip(config)# no ip default-gateway 10.7.7.1
ra1sw-ip(config)# end
ra1sw-ip#
*Sep 15 14:13:26.013: %SYS-5-CONFIG_I: Configured from console by console
ra1sw-ip(config)# write memory
Building configuration...
Compressed configuration from 2502 bytes to 1085 bytes[OK]

Save the current configuration.

ra1sw-ip#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
Compressed configuration from 2654 bytes to 1189 bytes[OK]

Exit from the session using the following command:

ra1sw-ip# exit

ra1sw-ip con0 is now available

Press RETURN to get started.

Disconnect the cable from the Cisco console.

The Cisco switch must not be connected to the management network at this stage. The switch will be connected later after Oracle has configured the systems with the necessary IP addresses and you have worked with the field service engineer to make any additional changes necessary for connecting to the network.
To check the Cisco switch, attach a laptop computer to port 48, and ping the IP address of the internal management network to check the configuration.

Do not connect the switch to the management network.

Configuring the Cisco Nexus 93108-1G or 9348 Ethernet Switch

The Cisco Nexus 93108-1G or 9348 Ethernet switch supplied with ZDLRA Rack is minimally configured during installation.

Note that the Cisco Nexus 93108-1G or 9348 switch supports multiple uplinks to the customer network by utilizing the QSFP+ ports. This is a more complicated switch setup due to the redundant connectivity, and should be performed by the customer's network administrator.

Whether you are configuring the switch for the first time, or configuring a replacement switch, use the following procedures:

Performing the Initial Switch Configuration for the Cisco Nexus 93108-1G or 9348 Ethernet Switch

During the initial configuration, you reset the switch and use the Basic System Configuration Dialog to configure the switch.

Before configuring the switch, note the following:

The Cisco Ethernet switch should not be connected until the running configuration has been verified, and any necessary changes have been made by the network administrator.
The Cisco Ethernet switch should not be connected to the customer network until the IP addresses on all components have been configured in ZDLRA Rack. This is to prevent any duplicate IP address conflicts which are possible due to the default addresses set in the components when shipped.

Configuration should be done with the network administrator.

Connect from the Cisco switch serial console to a laptop or similar device using the available RJ45 cable.
Ensure the terminal session is recorded on the laptop by logging the output.
The output can be used as a reference that the switch has been configured correctly. The default serial port speed is 9600 baud, 8 bits, no parity, 1 stop bit, and no handshake.
Power on the switch.
Log in as the admin user.
```
User Access Verification
exadatax7-adm0 login: admin
Password: ********
```
Note:
If you do not have the password for the admin user, then contact Oracle Support Services.

Erase the existing configuration.

exadatax7-adm0# write erase

Warning: This command will erase the startup-configuration.

Do you wish to proceed anyway? (y/n)  [n] y

Restart the system so you can perform the automated setup.

exadatax7-adm0# reload

This command will reboot the system. (y/n)?  [n] y

2017 Aug 31 01:09:00 exadatax7-adm0 %$ VDC-1 %$ %PLATFORM-2-PFM_SYSTEM_RESET: Manual system restart from Command Line Interface


CISCO SWITCH Ver7.59
Device detected on 0:1:2 after 0 msecs  
...

Switch to normal setup and, when asked if you want to enforce secure password standard, enter no, then enter a new password for the admin user.

Running S93thirdparty-script...

Populating conf files for hybrid sysmgr ...
Starting hybrid sysmgr ...
inserting /isan/lib/modules/klm_cisco_nb.o ... done

Abort Auto Provisioning and continue with normal setup ? (yes/no) [n]: yes

         ---- System Admin Account Setup ----

Do you want to enforce secure password standard (yes/no) [y]: no

  Enter the password for "admin": 
  Confirm the password for "admin":

When the Basic System Configuration Dialog appears, choose to enter the basic configuration dialog.

        ---- Basic System Configuration Dialog VDC: 1 ----

This setup utility will guide you through the basic configuration of
the system. Setup configures only enough connectivity for management
of the system.

Please register Cisco Nexus9000 Family devices promptly with your
supplier. Failure to register may affect response times for initial
service calls. Nexus9000 devices must be registered to receive 
entitled support services.

Press Enter at anytime to skip a dialog. Use ctrl-c at anytime
to skip the remaining dialogs.

Would you like to enter the basic configuration dialog (yes/no): yes

In the basic configuration, you can use the default inputs until asked to enter the switch name.

In this example, the switch has a name of test123sw-adm0.

  Create another login account (yes/no) [n]: 
  Configure read-only SNMP community string (yes/no) [n]: 
  Configure read-write SNMP community string (yes/no) [n]: 
  Enter the switch name : test123sw-adm0

Respond no when asked to configure Out-of-band management configuration.

Continue with Out-of-band (mgmt0) management configuration? (yes/no) [y]: no

Respond yes when asked to configure advanced IP options.
```
Configure advanced IP options? (yes/no) [n]: yes
```
Respond no when asked to configure static route (this will be configured later).
```
Configure static route? (yes/no) [n]: no
```

Enter the destination prefix and mask, and other values as prompted.

   Destination prefix : 10.100.100.0

   Destination prefix mask : 255.255.255.0

   Next hop IPv4 address : 10.100.100.1

Skip configuring the DNS IPv4 addresses (this will be configured later).
```
Configure the DNS IPv4 address? (yes/no) [n]: no
```
Skip configuring the default domain name (this will be configured later).
```
Configure the default domain name? (yes/no) [n]: no
```

Accept the default responses until asked to configure SSH and the NTP server.

Enable the telnet service? (yes/no) [n]: no
Enable the ssh service? (yes/no) [y]: yes
   Type of ssh key you would like to generate (dsa/rsa) [rsa]: rsa
   Number of rsa key bits <1024-2048> [1024]: 1024
 
Configure the ntp server? (yes/no) [n]: yes
     NTP server IPv4 address : 10.100.100.3

Accept the default responses until asked to specify the CoPP system profile. Enter lenient.

 Configure default interface layer (L3/L2) [L2]: 
 Configure default switchport interface state (shut/noshut) [noshut]: 
 Configure CoPP system profile (strict/moderate/lenient/dense) [strict]: lenient

After reviewing the configuration, save the configuration.

The following configuration will be applied:
   no password strength-check
   switchname test123sw-adm0
  ...

Would you like to edit the configuration? (yes/no) [n]: 

Use this configuration and save it? (yes/no) [y]: yes

[########################################] 100%
Copy complete.

Add the VLAN 1 IP address.

test123sw-adm0(config)# feature interface-vlan
test123sw-adm0(config)# interface vlan 1
test123sw-adm0(config-if)# ip address 10.100.100.110/24
test123sw-adm0(config-if)# no shutdown
test123sw-adm0(config-if)# exit

Set the spanning tree port type for ports 1-47.

test123sw-adm0(config)# interface E1/1-47
test123sw-adm0(config-if)# spanning-tree port type edge
test123sw-adm0(config-if)# exit

Set switchport on all 48 ports and set port 48 to a network port (instead of a host port).

test123sw-adm0(config)# interface E1/1-48
test123sw-adm0(config-if)# switchport
test123sw-adm0(config-if)# exit
test123sw-adm0(config)# interface E1/48
test123sw-adm0(config-if)# spanning-tree port type network
test123sw-adm0(config-if)# ip route 0.0.0.0/0 10.100.100.1

Configure the DNS information.

test123sw-adm0(config)# ip domain-name example.com
test123sw-adm0(config)# ip name-server 10.100.100.2
test123sw-adm0(config)# exit

Save the current configuration.

test123sw-adm0# copy running-config startup-config
[########################################] 100%
Copy complete.

Optional: Set the clock, as described in the next topic.

Setting the Clock on the Cisco 93108-1G or 9348 Ethernet Switch

After you have performed the initial configuration, you can adjust the time used by the switch.

View the current time.

test123sw-adm0(config)# show clock
20:44:52.986 UTC Thu Aug 31 2017
Time source is NTP

Set the timezone appropriately.

test123sw-adm0(config)# clock timezone PST -8 0

View the modified time.

test123sw-adm0(config)# show clock
12:46:22.692 PST Thu Aug 31 2017
Time source is NTP

Save the configuration.

test123sw-adm0# copy running-config startup-config 
[########################################] 100%
Copy complete.

Disabling Spanning Tree on the Ethernet Switch

Spanning tree is enabled by default on Cisco switches. If you add a switch with spanning tree enabled to the network, then you might cause network problems. As a precaution, you can disable spanning tree from the uplink port VLAN before connecting the switch to the network. Alternatively, you can turn on spanning tree protocol with specific protocol settings either before or after connecting to the network.

To disable spanning tree on the uplink port VLAN:

Disable spanning tree on the uplink port VLAN:

rasw-ip# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
rasw-ip(config)# no spanning-tree vlan 1
rasw-ip(config)# end
rasw-ip# write memory
Building configuration...
Compressed configuration from 2654 bytes to 1163 bytes[OK]

Verify that spanning tree is disabled:

rasw-ip# show spanning-tree vlan 1
Spanning tree instance(s) for vlan 1 does not exist.

To re-enable spanning tree protocol with the default protocol settings:

Use the commands shown in this example:

ra1sw-ip# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ra1sw-ip(config)# spanning-tree vlan 1
ra1sw-ip(config)# end
ra1sw-ip# write memory