mirror of
https://github.com/Fohdeesha/lab-docu.git
synced 2025-01-21 18:31:24 +01:00
hopefully finished ICX7xxx adv page
This commit is contained in:
parent
f9e2303c8b
commit
a952dd0dbb
@ -34,7 +34,7 @@ web-management https
|
|||||||
Once you get an `ssl-certificate creation is successful` message in the console, you'll be able to access the web UI via `https`.
|
Once you get an `ssl-certificate creation is successful` message in the console, you'll be able to access the web UI via `https`.
|
||||||
|
|
||||||
### Optional: Changing the default user account
|
### Optional: Changing the default user account
|
||||||
If you don't like the default `super` username that comes with the switch, you can remove it, and create your own user account instead. Just replace `customname` and `yourpasshere` with your own values:
|
If you don't like the default `super` username that comes with the switch, you can remove it and create your own user account instead. Just replace `customname` and `yourpasshere` with your own values:
|
||||||
|
|
||||||
```
|
```
|
||||||
username customname password yourpasshere
|
username customname password yourpasshere
|
||||||
@ -48,7 +48,7 @@ no username super
|
|||||||
```
|
```
|
||||||
You should now use this new user for all login duties.
|
You should now use this new user for all login duties.
|
||||||
|
|
||||||
#### OPTIONAL: Key Based SSH Access
|
### Optional: Key Based SSH Access
|
||||||
If you have followed the above to set up authentication, and also wish to disable password-based SSH login and set up a key pair instead, follow this section. If not, skip it. Enable key login, and disable password login:
|
If you have followed the above to set up authentication, and also wish to disable password-based SSH login and set up a key pair instead, follow this section. If not, skip it. Enable key login, and disable password login:
|
||||||
```
|
```
|
||||||
ip ssh key-authentication yes
|
ip ssh key-authentication yes
|
||||||
@ -71,14 +71,11 @@ Your switch now has a name, an IP address, and telnet or SSH access enabled. You
|
|||||||
|
|
||||||
## Network Configuration
|
## Network Configuration
|
||||||
|
|
||||||
### Disable SmartZone Phone Home
|
### Disable SmartZone
|
||||||
We'll also disable the phone-home SmartZone functionality. If you want to integrate this switch to appear in the web UI of an Unleashed AP or SmartZone account in the future, skip this step:
|
By default, v8090 and above has SmartZone turned on by default, which phones home to Ruckus among other things for the centralized management features. It's typically a good idea to turn this off completely, unless you have a SmartZone setup you'll be using with the switch:
|
||||||
|
|
||||||
```
|
```
|
||||||
no sz registrar
|
no sz registrar
|
||||||
sz disable
|
sz disable
|
||||||
write mem
|
|
||||||
exit
|
|
||||||
```
|
```
|
||||||
|
|
||||||
### Default Route & DNS
|
### Default Route & DNS
|
||||||
@ -137,13 +134,7 @@ no hostname beefbox
|
|||||||
This section will outline some of the more advanced configurations you may want to explore. If you use any of them, don't forget to `write mem` when done to actually save your changes.
|
This section will outline some of the more advanced configurations you may want to explore. If you use any of them, don't forget to `write mem` when done to actually save your changes.
|
||||||
|
|
||||||
### PoE
|
### PoE
|
||||||
If you have a PoE enabled model you'll need to enable power on the ports you have PoE devices plugged into. For example, let's say you've plugged a PoE camera into port 5. Lets enable PoE power to turn it on:
|
If you have a PoE enabled model, note that v8080 and above has PoE enabled on all ports by default. This will not harm any non-PoE equipment as no power is delivered until PoE negotiation is performed. If you plug in a PoE device, it should just work. You can monitor PoE status such as power level, which ports are enabled, and how much power they're using by running the following:
|
||||||
```
|
|
||||||
interface ethernet 1/1/5
|
|
||||||
inline power
|
|
||||||
exit
|
|
||||||
```
|
|
||||||
That's it, now you should see the device power on. You can monitor PoE status such as power level, which ports are enabled, and how much power they're using by running the following:
|
|
||||||
```
|
```
|
||||||
show inline power
|
show inline power
|
||||||
#or show even more details:
|
#or show even more details:
|
||||||
@ -151,16 +142,21 @@ show inline power detail
|
|||||||
#or show details for just one port:
|
#or show details for just one port:
|
||||||
show inline power 1/1/5
|
show inline power 1/1/5
|
||||||
```
|
```
|
||||||
ICX6xxx switches also have something called `legacy inline power` on by default, which detects and powers very old legacy PoE devices that rely on a specific resistance for detection. Devices like this are exceptionally rare and this can occasionally erroneously detect regular devices as legacy PoE units, so let's disable it:
|
If you need to disable PoE on a specific port for some reason, such as to power cycle a remote PoE device, just run the following:
|
||||||
```
|
```
|
||||||
stack unit 1
|
interface ethernet 1/1/5
|
||||||
no legacy-inline-power
|
no inline power
|
||||||
|
exit
|
||||||
|
```
|
||||||
|
To turn PoE power back on:
|
||||||
|
```
|
||||||
|
interface ethernet 1/1/5
|
||||||
|
inline power
|
||||||
exit
|
exit
|
||||||
```
|
```
|
||||||
If you have a switch that does not support stacking like the ICX6430, you'll need to run `no legacy-inline-power` at the global configure terminal level instead. If you have a switch stack built, don't forget to run the above for stack unit 2 as well (or however many units you have).
|
|
||||||
|
|
||||||
### Link Aggregation (802.3ad LACP)
|
### Link Aggregation (802.3ad LACP)
|
||||||
If you'd like to configure an LACP bond on the switch to aggregate 2 or more ports to a server for example, it's pretty easy under FastIron. First you need to meet some basic criteria before creating the bond:
|
If you'd like to configure an LACP bond on the switch to aggregate 2 or more ports to a server for example, it's been simplified in v8080 and above. First you need to meet some basic criteria before creating the bond:
|
||||||
|
|
||||||
* all switch ports in the bond must be the same port type / speed
|
* all switch ports in the bond must be the same port type / speed
|
||||||
* all switch ports being added to the bond cannot have an existing configuration on them (no IPs set etc)
|
* all switch ports being added to the bond cannot have an existing configuration on them (no IPs set etc)
|
||||||
@ -168,29 +164,19 @@ If you'd like to configure an LACP bond on the switch to aggregate 2 or more por
|
|||||||
|
|
||||||
Now create the dynamic (802.3ad) lag, giving it a name of your choice:
|
Now create the dynamic (802.3ad) lag, giving it a name of your choice:
|
||||||
```
|
```
|
||||||
lag freeNAS dynamic
|
lag FreeNAS dynamic id auto
|
||||||
```
|
```
|
||||||
Now you should be at the LAG configuration CLI level for this new LAG. Here's the important part, tell it what ports you want to be in the bond. In this example I'll add two of the 10gbE ports on an ICX6610. If you want more than two ports in the bond, add them to the `ports` command after the first two:
|
Now you should be at the LAG configuration CLI level for this new LAG. Here's the important part, tell it what ports you want to be in the bond. In this example I'll add two of the 10gbE ports on an ICX7250. If you want more than two ports in the bond, add them to the `ports` command after the first two:
|
||||||
```
|
```
|
||||||
ports ethernet 1/3/1 ethernet 1/3/2
|
ports ethernet 1/2/1 ethernet 1/2/2
|
||||||
```
|
|
||||||
Now we need to specify the primary port. This is the port member of the bond that will act as the single port that controls all bond members in your config. For instance, if your primary port is 1/3/1, then to add your LAG to a VLAN, you'd use `tag int eth 1/3/1` - the switch will then do the same for all the other bond members. Same with any port config, if you want to configure the LACP group, you use the primary port. This is almost always the first port in the LAG, but typically it doesn't matter:
|
|
||||||
```
|
|
||||||
primary-port 1/3/8
|
|
||||||
```
|
|
||||||
Lastly, we need to deploy the new LAG you've created and only needs to be ran once to enable it:
|
|
||||||
```
|
|
||||||
deploy
|
|
||||||
exit
|
exit
|
||||||
write mem
|
|
||||||
```
|
```
|
||||||
Assuming the other end (server, other switch, etc) has been configured for LACP correctly, you should see them negotiate and enable all links. You can view the status of bonds using the following:
|
That's it, it will create a virtual lag interface representing this LACP bond and its member ports, and begin negotiating. Assuming the other end (server, other switch, etc) has been configured for LACP correctly, you should see them negotiate and enable all links. You can view the status of bonds using the following:
|
||||||
```
|
```
|
||||||
show lag
|
show lag
|
||||||
```
|
```
|
||||||
This is what a correctly negotiated LACP link will look like, the most important column typically being the last, with `Ope` meaning operational. If you have something else here like inactive, you have a configuration issue somewhere:
|
This is what a correctly negotiated LACP link will look like, the most important column typically being the last, with `Ope` meaning operational. If you have something else here like inactive, you have a configuration issue somewhere:
|
||||||
```
|
```
|
||||||
Deployment: HW Trunk ID 1
|
|
||||||
Port Link State Dupl Speed Trunk Tag Pvid Pri MAC Name
|
Port Link State Dupl Speed Trunk Tag Pvid Pri MAC Name
|
||||||
1/3/7 Up Forward Full 10G 2 Yes N/A 0 cc4e.24b8.d9d0 XEN-01-1
|
1/3/7 Up Forward Full 10G 2 Yes N/A 0 cc4e.24b8.d9d0 XEN-01-1
|
||||||
2/3/7 Up Forward Full 10G 2 Yes N/A 0 cc4e.24b8.d9d0 XEN-01-2
|
2/3/7 Up Forward Full 10G 2 Yes N/A 0 cc4e.24b8.d9d0 XEN-01-2
|
||||||
@ -201,17 +187,39 @@ Port [Sys P] [Port P] [ Key ] [Act][Tio][Agg][Syn][Col][Dis][Def][Exp][Ope
|
|||||||
```
|
```
|
||||||
If you ever need to go back and edit the LAG properties, run the `lag` command again with the correct name:
|
If you ever need to go back and edit the LAG properties, run the `lag` command again with the correct name:
|
||||||
```
|
```
|
||||||
lag freeNAS dynamic
|
lag freeNAS
|
||||||
```
|
```
|
||||||
Then if you want to add more ports to an existing bond for example, re-run the `ports` command, appending the new ports (don't forget to keep the existing ports in the command, or they will be removed). So, to add two more ports to our example bond:
|
Then if you want to add more ports to an existing bond for example, re-run the `ports` command, appending the new ports (don't forget to keep the existing ports in the command, or they will be removed). So, to add two more ports to our example bond:
|
||||||
```
|
```
|
||||||
ports ethernet 1/3/1 ethernet 1/3/2 ethernet 1/3/3 ethernet 1/3/4
|
ports ethernet 1/3/1 ethernet 1/3/2 ethernet 1/3/3 ethernet 1/3/4
|
||||||
deploy
|
|
||||||
exit
|
exit
|
||||||
write mem
|
write mem
|
||||||
```
|
```
|
||||||
Whatever ports you add must have the same VLAN membership as the existing LAG, or you'll get an error about `tag type` not matching.
|
Whatever ports you add must have the same VLAN membership as the existing LAG, or you'll get an error about `tag type` not matching.
|
||||||
|
|
||||||
|
To manage the lag, such as add it to VLANs, apply an ACL to it, or any other port configuration options, you use the virtual lag interface. You need to know the ID of the lag you want to alter, an easy way to find it is to run: (mind the capital D)
|
||||||
|
```
|
||||||
|
show lag | inc Deployed
|
||||||
|
```
|
||||||
|
For example I get:
|
||||||
|
```
|
||||||
|
SSH@CHUNK#show lag | inc Deployed
|
||||||
|
=== LAG "6650-RACK6" ID 23 (dynamic Deployed) ===
|
||||||
|
=== LAG "COMPUTE-01" ID 5 (dynamic Deployed) ===
|
||||||
|
=== LAG "COMPUTE-02" ID 6 (dynamic Deployed) ===
|
||||||
|
```
|
||||||
|
Let's say I want to add the 6650-RACK6 link to VLAN 10, I can see its lag ID is 23. So I would do:
|
||||||
|
```
|
||||||
|
vlan 10
|
||||||
|
tagged lag 23
|
||||||
|
```
|
||||||
|
Or if I want to go into the interface config CLI level for the lag interface, and shut it down:
|
||||||
|
```
|
||||||
|
interface lag 23
|
||||||
|
disable
|
||||||
|
exit
|
||||||
|
```
|
||||||
|
|
||||||
### VLANs
|
### VLANs
|
||||||
Coming Soon
|
Coming Soon
|
||||||
|
|
||||||
@ -277,7 +285,7 @@ show run
|
|||||||
|
|
||||||
Brocade does not restrict the use of optics or DACs by manufacturer, they'll take anything given it's the right protocol. However by default, optical monitoring information is disabled unless it sees Brocade or Foundry optics.
|
Brocade does not restrict the use of optics or DACs by manufacturer, they'll take anything given it's the right protocol. However by default, optical monitoring information is disabled unless it sees Brocade or Foundry optics.
|
||||||
|
|
||||||
So if you want to see information like this :
|
So if you want to see information like this:
|
||||||
|
|
||||||
```
|
```
|
||||||
telnet@Route2(config)#show optic 1/3/1
|
telnet@Route2(config)#show optic 1/3/1
|
||||||
|
Loading…
Reference in New Issue
Block a user