|
|
This chapter describes set-up procedures that you may need to perform before activating your LS2020 switch in the network. These set-up procedures include the following tasks:
After completing the initial installation of LS2020 hardware and software, as described in the "Installing StreamView Software" chapter, you may need to perform some or all of the set-up procedures described in this chapter, depending on your particular network operating requirements. Hence, you should review these procedures to determine which ones apply to your network.
Some set-up procedures call for you to signal the master management agent (MMA) to re-read configuration data for the affected LS2020 switch. Note, however, that you can perform any or all of the procedures in this chapter without sending interim restart signals to the MMA. Thus, after completing the last of the set-up procedures you intend to perform, you need only signal the MMA once to place all the set-up procedures into effect.
The purpose of the secure single-user mode is to prevent unauthorized superuser access to the NP of your LS2020 switch.
To enable or disable this feature, perform the following steps at the LS2020 console:
Step 2 Back up the /etc/starttab file, using the copy command:
Step 3 Invoke the vi editor to open the /etc/starttab file:
Step 4 Look for the following comment line in the /etc/starttab file:
By default, single-user mode is disabled in the LS2020 system distribution software. Thus, whenever you upgrade to a new software version using the distributed system diskette set, the default /etc/starttab file is written to the LS2020 hard disk. Consequently, if you wish to activate this feature after installing new platform software, you must enable it as described above.
To restore multi-user mode operation after running in the secure single-user mode, you must log out (by entering [^D], for example). The NP then comes up in multi-user mode after the following sequence of events:
1. The fsck program runs a check on all file systems.
2. The following prompt appears, at which you enter "y".
3. The NP is activated and runs the LS2020 platform (chassis) software.
This section describes how to create a new user account. The LS2020 switch provides an adduser script to simplify the task of adding a new user account to your system.
To create a new user account, perform the following steps:
Step 2 Start the adduser script by entering the following at the prompt:
Step 3 Enter the login name for the new user account at the following prompt:
Step 4 Enter the full name for the new user account at the following prompt:
The system then displays the login account information shown below:
<login> is the login name of the user.
<UID> is the user identification number.
<GID> is the group identification number.
<username> is the full name of the user.
Step 5 If the information displayed in Step 4 is correct, respond yes (Y) to the following prompt:
Step 6 Enter a password for the new user at the following prompt:
The password must be unique and at least six alphanumeric characters in length.
Step 7 Re-enter the password at the prompt for confirmation:
If you entered the new password correctly, the system changes the existing password and displays the following prompt:
As a result of this procedure, a new user account is created with the attributes you specified. You can then log in to the new user account and begin using it.
Each LS2020 switch has a file detailing the privileges for each switch in the network that has read or read/write access to its MMA. To monitor the network, you need to have only read access privileges to the MMA; however, to make changes to MMA values or to issue control commands, you need to have read/write access privileges to the MMA.
LS2020 software maps the SNMP community name and IP address of each LS2020 switch to a set of privileges. Each switch has a default file named /usr/app/base/config/mma.communities that contains details about the SNMP communities and access privileges defined for the switch. Figure 4-1 is an example of such a file. The lines in this example file preceded by the number sign (#) are informational comments; the last three lines of this file show the names of the defined SNMP communities (public, trap, and write).
The line public 0.0.0.0 read indicates that a user issuing commands from any IP address (that is, IP address 0.0.0.0) who has set the SNMP community name to public has read access privileges to the MMA for this switch.
The line trap 127.0.0.1 write indicates that a user issuing commands from this local switch (that is, IP address 127.0.0.1) who has set the SNMP community name to trap has read/write access privileges to the MMA for this switch.
The line write 0.0.0.0 write indicates that a user issuing commands from any IP address (that is, IP address 0.0.0.0) who has set the SNMP community name to write has read/write access privileges to the MMA for this switch.
Note that SNMP community names can be used to provide a level of security for each LS2020 switch in the network. For this reason, it is advisable to change the names of the trap and write SNMP communities to names of your choosing. By so doing, you can restrict access to your LS2020 switch to only those users who know your SNMP community name(s).
As a convention, most SNMP devices have a public community name with read-only access privileges. You should not change this name, but you can change its associated privileges, if necessary.
Note The SNMP community name is set to public whenever you invoke the CLI. You can change this setting by issuing the set snmp community <community_name> command at the CLI prompt.
Note The procedure for upgrading a chassis to a new software release has a mechanism for preserving local changes to files, such as mma.communities, during the upgrade process. Therefore, the procedure below for changing the default SNMP community name(s) in the mma.communities file must be performed exactly as described to ensure that changes to this locally-modified file are copied forward into the new software release. The upgrade mechanism copies "regular files" forward into the new release, but not "symbolic links." Thus, the upgrade procedure ensures that the locally-modified mma.communities file will be changed from a "symbolic link" into a "regular file" for purposes of the software upgrade.
To change the default SNMP community name or the MMA read/write access privileges for your LS2020 switch, edit the file mma.communities according to the following procedure:
Step 2 Change to the directory containing the files you want to edit by entering the following command:
Step 3 Move the mma.communities file to a file renamed mma.communities.orig to maintain the symbolic link between the two files, as shown below:
Step 4 Copy the contents of the linked mma.communities.orig file to a new file named mma.communities by entering the following command:
As a consequence of Steps 3 and 4, you now have two mma.communities files, each containing identical information. Note, however, that the copy operation does not carry the symbolic link forward into the new, renamed mma.communities file. Thus, the resulting mma.communities file is not linked to any other files, while the mma.communities.orig file remains linked to the current /usr/app/dist/base-x.x.x/config/mma.communities file.
The rationale for creating a new mma.communities file for the LS2020 switch in the manner described above is twofold:
Step 5 Invoke the vi editor to revise the mma.communities file by entering the following command:
Change the mma.communities file to reflect your desires for SNMP community names.
If you are not familiar with the vi editor, refer to the LightStream 2020 NP O/S Reference Manual for additional information.
Step 6 Save the changes to the edited mma.communities file and exit the vi editor by entering the following:
Step 7 Use either of the following methods to cause the MMA to re-read the mma.communities file:
This command lists all the processes running on your LS2020 switch.
After determining the PID number for the MMA, enter the following to cause the MMA to re-read the mma.communities file:
Change to the protected mode of the CLI prompt by entering the following:
Step 8 If you wish to verify your changes to the mma.communities file, enter the following at the protected mode CLI prompt:
This command displays the mma.communities file for inspection.
If you wish to exit the protected mode CLI at this juncture, issue the following command:
Step 9 Repeat Steps 2 through 8 for each LS2020 switch in the network whose default SNMP community name or read/write access privileges you wish to change.
At the conclusion of this procedure, you have defined one or more new SNMP community names for one or more LS2020 switches to reflect your particular network operating requirements.
When you start the CLI, the LS2020 switch finds the addresses for trap delivery in the /usr/app/base/config/mma.trap_communities file. By default, LS2020 switches send traps only to their local network processor (NP) card. However, by editing the mma.trap_communities file, you can cause traps to be sent to as many as 25 different destinations. Similarly, by editing this file, you can also cause traps for all LS2020 switches in the network to be sent to the same device.
For additional information about trap-handling mechanisms, refer to the LightStream 2020 Traps Reference Manual.
This section tells you how to edit the mma.trap_communities file. Before proceeding, however, note that each line in the mma.trap_communities file consists of three elements:
Figure 4-2 shows a sample mma.trap_communities file. Note that the first entry in each line is the community name (trap); the second entry is an IP address (the default IP address, the NP IP address, the NMS IP address, or the IP address of a destination device); the third entry (162) identifies the UDP port number for delivering traps.
Note The procedure for upgrading a chassis to a new software release has a mechanism for preserving local changes to files, such as mma.trap_communities, during the upgrade process. Therefore, the procedure below for changing trap delivery addresses in the mma.trap_communities file must be performed exactly as described to ensure that changes to this locally-modified file are copied forward into the new software release. The upgrade mechanism copies "regular files" forward into the new release, but not "symbolic links." Thus, the upgrade procedure ensures that the locally-modified mma.trap_communities file will be changed from a "symbolic link" into a "regular file" for purposes of the platform software upgrade.
To change the trap delivery IP address(es) for an LS2020 switch, edit the file mma.trap_communities according to the following procedure:
Step 2 Log in to the root account on your LS2020 switch.
Step 3 Change to the directory containing the mma.trap_communities file you want to edit by entering the following command:
Step 4 Move the mma.trap_communities file to a file renamed mma.trap_communities.orig to maintain the symbolic link between the two files, as shown below:
base-x.x.x is the current version of LS2020 software.
Step 5 Copy the contents of the now linked mma.trap_communities.orig file to a new file named mma.trap_communities by entering the following command:
As a consequence of Steps 4 and 5, you now have two mma.trap_communities files, each containing identical information. Note, however, that the copy operation does not carry the symbolic link forward into the new, renamed mma.trap_communities file. Thus, the resulting mma.trap_communities file is not linked to any other files, while the mma.trap_communities.orig file remains linked to the current operational /usr/app/dist/base-x.x.x/config/mma.trap_communities file for your LS2020 switch.
The rationale for creating a new mma.trap_communities file in the manner described above is twofold:
Step 6 Invoke the vi editor to edit the mma.trap_communities file by entering the following command:
Change the mma.trap_communities file to reflect your desires for LS2020 trap delivery. Do this by defining the community name (trap), the IP address for trap delivery (to another NP, an NMS, or a destination device), and the UDP port number through which the SNMP protocol will send traps from your LS2020 switch.
If you are not familiar with the vi editor, refer to the LightStream 2020 NP O/S Reference Manual for additional information.
Step 7 Save the changes to the mma.trap_communities file and exit the vi editor by entering the following:
Step 8 Use either of the following methods to cause the MMA to re-read the mma.trap_communities file:
This command lists all the processes running on the LS2020 switch.
After determining the PID number for the MMA, enter the following to cause the MMA to re-read the mma.trap_communities file:
Change to the protected mode of the CLI prompt by entering the following:
Step 9 If you wish to verify your changes to the mma.trap_communities file, enter the following at the protected mode CLI prompt to examine the contents of the file:
If you wish to exit the protected mode CLI at this point, issue the following command:
Step 10 Repeat Steps 3 through 9 for each LS2020 switch in the network whose trap delivery IP address(es) you wish to change.
At the conclusion of the above procedure, traps will be sent to the IP address(es) specified in the revised mma.trap_communities file.
Whenever you log in to the CLI, the default terminal type of each user account (oper, npadmin, fldsup, and root) is set to vt100. If you do not use a VT100 terminal, you may change the default terminal type in your .profile file to preclude having to change the vt100 setting at each log in. The procedures described in this section enable you to change the default terminal type in the .profile file for each LS2020 user account. You can change the default terminal type from either the bash# prompt or the CLI prompt, as described in the following sections.
To change the default terminal type from the bash# prompt, perform the following steps:
Step 2 Log in to the fldsup account or the root account for the LS2020 switch whose default terminal type you wish to change.
Step 3 Edit the terminal type for the oper account by entering the following:
The vi editor opens, enabling you to edit the .profile file.
Step 4 Change the default terminal type for the oper account by editing the line that reads:
You should change this line to reflect the terminal type that you intend to use. (The terminal type you enter must be defined in the /etc/termcap file.)
If the line TERM=vt100 does not appear in the .profile file, add this line to the file in the following format:
Step 5 Save your changes to the .profile file and exit from the vi editor by entering the following:
Step 6 Repeat Steps 3 through 5 for each remaining LS2020 login account (npadmin, fldsup, and root) by editing the following files, as appropriate:
Step 7 Repeat this procedure for any other user accounts that you may have created, in addition to the four user accounts referenced above (oper, npadmin, fldsup, and root).
Note that the new terminal type does not take effect until you log in again.
To change the default terminal type from the CLI prompt, perform the following steps:
Step 2 Enter the following at the CLI prompt:
Step 3 Open the oper account by entering the following:
The vi editor opens, enabling you to edit the .profile file.
Step 4 Change the default terminal type for the oper account by editing the line that reads:
You should change the line to reflect the terminal type you intend to use. (The terminal type you enter must be defined in the /etc/termcap file.)
If the line TERM=vt100 does not appear in the .profile file, add this line to the file in the following format:
Step 5 Save your changes to the .profile file and exit from the vi editor by entering the following:
Step 6 Repeat Steps 3 through 5 for each remaining LS2020 login account (npadmin, fldsup, and root) by editing the following files, as appropriate:
Step 7 Repeat this procedure for any other user accounts that you may have created, in addition to the four user accounts referenced above (oper, npadmin, fldsup, and root).
The new terminal type for the LS2020 switch does not take effect until you log out and log in again.
As the network administrator, you must maintain the /usr/etc/hosts file for each network processor (NP) in your network. This file, which serves as a repository for the names and IP addresses of all network processors in the network, is created at installation time, but you must ensure that an entry exists in this file for each network processor in, or being added to, your network. Figure 4-3 shows typical content in a /usr/etc/hosts file.
To edit the /usr/etc/hosts file, perform the following steps:
Step 2 At the bash# prompt, change to the /usr/etc directory by entering the following command:
Step 3 Enter the following command to open the hosts file for editing with the vi editor:
If you are unfamiliar with the vi editor, refer to the LightStream 2020 NP O/S Reference Manual for additional information.
Step 4 Append to the end of the hosts file the names and IP addresses of the network processors being added to your network. Use the format shown in Figure 4-3 in making these entries.
Step 5 Save your changes to the hosts file and exit the vi editor by entering the following:
This action returns you to the bash# prompt.
Editing of the /usr/etc/hosts file is now complete.
Posted: Thu Jan 23 11:24:32 PST 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.
