02 86PCLI-D InitialConfiguration8600 PDF

8600 Initial Configuration using CLI
Content
1
2
2.1
2.2
2.3
2.4
2.5
2.6
2.7
2.8
3
3.1
3.2
3.3
3.4
3.5
3.6
3.7
4
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
8600 Initial Configuration Using CLI - Objectives & Lessons

Lesson 1: Command Line Interface in 8600
Configuring 8600 via Console Port
CLI Command Modes
CLI Mode Map
Help for Correct Command Input
Command History
Shortcut Keys Summary
Removing Configuration Commands
Hostname
Lesson 2: User Authentication in 8600 CLI
CLI Login Settings
Creating Users
Login - Three Strikes and Out
Forgotten Password
Controlling User Access
Account Activity
Lesson 2: Knowledge Check
Lesson 3: Initial Configuration of 8600
Hardware Inventory
Hardware Inventory Example
Creating Hardware Inventory
Modifying the Hardware Inventory
Hardware Inventory OK
Preparing 8600 Router for Outband Management Configuration
Outband Management Example
86PCLI-D
2015 Coriant
2
3
4
5
6
7
8
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
24
25
25
8600 Initial Configuration Using CLI Objectives & Lessons

Objectives & Lessons
Identify the basic steps for network element configuration with
8600 CLI
Lesson 2: User Authentication in 8600
Fig. 1 8600 Initial Configuration Using CLI - Objectives & Lessons
86PCLI-D
2015 Coriant

Topics:
Configuring NE via Console Port

CLI Command Modes
Command History
Hostname
Fig. 2 Lesson 1: Command Line Interface in 8600
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
86PCLI-D
. Coriant
. .
2015
. . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
2.1

Initial parameters for the NE are given via console port
Connect a PC with serial cable to the RS-232 interface of a 8600
NE
Use for example Windows Hyper Terminal or equivalent program
to access CLI
Settings in asynchronous
serial link are:
Bits per second: 38 400
Data bits: 8
Parity: none
Stop bits: 1
Flow control: none
Asynchronous serial link to

the RS-232 interface in the CDC card
Fig. 3 Configuring 8600 via Console Port
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. 86PCLI-D
. .
. 2015
. Coriant
.
. . .
2.2
CLI Command Modes

CLI Command Modes
Read Only (>)
Only monitoring commands are
available
Privilege (#)
Various one-time commands e.g.
deleting or copying a file, or clearing
statistic counters
These commands are not used for
changing configuration
Configuration (config)
commands used to configure general
system characteristics.
Specific configuration modes for
configuring interfaces, protocols,
security, etc
The configuration changes are saved
immediately to FLASH
router>
router> enable
router# configure terminal
router(config)#
.
.
router(config)# exit
router# disable
router>
Fig. 4 CLI Command Modes
The CLI commands are divided into several command modes based on the
functionality of the router. Each command mode has its own set of commands
available for configuring and monitoring the router. The commands available to you at
any given time depend on the mode you are in. Entering a question mark (?) at the
router prompt allows you to obtain a list of commands available for each command
mode.
There are shortcuts which allow mode changing directly without going via common
parent. These commands are marked with -> at the beginning of the command for
not to confuse these with functionality offered by command mode.
The figure on next page presents the CLI command modes. It also shows the
commands entering and leaving the modes.
When you start a session on a router, you begin with the Read Only mode. For
security purposes, only monitoring commands are available. This level of access is
reserved for tasks that do not change the configuration or state of the router.
The next mode is the Privilege mode. In addition to the Read Only mode commands,
you can now also give various one-time commands e.g. deleting or copying a file, or
clearing statistic counters. These commands are not considered as configuration
changing commands.
From the Privilege mode, you can enter the Configuration mode. In this mode, you
can enter commands that configure general system characteristics. The subsequent
modes configure a certain functional area e.g. OSPF protocol (Router OSPF
Configuration mode).
The configuration changes are saved if the router reboots.
86PCLI-D
2015 Coriant
2.3
CLI Mode Map
Fig. 5 CLI Mode Map
86PCLI-D
2015 Coriant
2.4

Use ? command to
display all available
commands and their
parameter choices. Can
be used at any time when
entering commands. If
used alone, lists all
commands available in
this mode.
router# ?
aaa
arp
bandwidth-if
bgp
bmp-server
.
.
router# con?
Displays AAA config..

Displays configuration
to display the arp entries
show arp statistics
show bandwidth-if
BGP information
Show authentication..
configure
router# configure ?
terminal
Configure from the terminal
router# con <tabulator>
router# configure
router# conf term
Fig. 6 Help for Correct Command Input
Just typing a question mark ? at a prompt will show all commands available in this
mode with a short description.
Typing part of a command and ending it with a ? will show any command which has
the same letters preceding ?.
Typing a command followed with a space and then ? will show all the available
context sensitive command parameters which can be used to follow the initial
command.
If you type enough of a command to make it sufficiently unique for the system to
recognize it, you can press the tabulator key and the system will complete the
command for you on a new prompt line. This also means that you do not need to type
a full command for the system to recognize it. Type enough to make it unique and
then when you press return the system will execute the command. This also applies
to commands that are made up of word parameters.
86PCLI-D
2015 Coriant
2.5
Command History
Command History
Up arrow will automatically display previous commands in the
sequence they were used
Commands displayed are relative to the prompt they were used with.
Privileged mode, configuration mode, etc
Down arrow to return to most recent in sequence

Using the left or right arrows will move the cursor to allow you to
modify the current command displayed at the prompt
Fig. 7 Command History
2.6

Shortcut keys
Function
CTRL + Z
Use this command to return to the Privilege command mode from any
other advanced
command mode
CTRL + C
Use this key sequence to break CLI command execution
CTRL + A
Move cursor to the beginning of the command line
CTRL + E
Move cursor to the end of the command line
CTRL + B
Move cursor backwards one character
CTRL + F
Move cursor forward one character
CTRL + D
Delete character under cursor
CTRL + K
Delete the end of the line
CTRL + N
Move cursor to the next line if the command line exceeds one line
CTRL + P
Move cursor to the previous line if the command line exceeds one line
Fig. 8 Shortcut Keys Summary
86PCLI-D
2015 Coriant
2.7

Type no before the same configuration command to undo or
remove it

router(config)# interface mfe 0
router(cfg-if[mfe0])# ip address 10.10.10.10/24
router(cfg-if[mfe0])# description Management LAN interface
router(cfg-if[mfe0])# no shutdown
router(cfg-if[mfe0])# exit
router(config)#
router(config)# interface mfe 0
router(cfg-if[mfe0])# no ip address 10.10.10.10/24
router(cfg-if[mfe0])#
Fig. 9 Removing Configuration Commands
To remove or delete a previous command, you go to the original command prompt

and use the same command but with the no keyword before it.
For example: no ip address 10.10.10.10/24 would remove the IP address associated
with that interface.
86PCLI-D
2015 Coriant
2.8
Hostname
Hostname
Hostname should be given in the beginning to distinguish
multiple open router CLI sessions

router(config)# hostname HUB1
HUB1(config)#
Fig. 10 Hostname
Changing the router prompt to something which better identifies the current router
telnet session is a useful habit. With multiple terminal windows open to routers and all
having the same prompt, it can be difficult to remember which one you are working
on.
Hostname Lesson 1: Knowledge Check

1) Which of the following is true when saving changes to 8600
router configuration?
a) Changes must be manually copied from running-config to startup-config
before rebooting the node
b) Configuration changes are automatically stored permanently to flash
memory
c) The node automatically saves to the startup-config file every 15 minutes
d) A snapshot configuration file must be created to save any configuration
changes before reboot
Fig. 11 Lesson 1: Knowledge Check
10
86PCLI-D
2015 Coriant

Topics:
CLI Login Settings

Creating Users
Login Three Strikes and Out
Forgotten Password
Account Activity
Fig. 12 Lesson 2: User Authentication in 8600 CLI
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
86PCLI-D
. . .
2015 Coriant
. . .
. . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
11
3.1
CLI Login Settings

CLI Login Settings
Up to 128 users in account database
Up to 17 simultaneously logged users
31 user privilege levels (1-31)
Higher privilege level has greater access
Superuser has level 31
Factory default settings

User authentication disabled
No default users created
Access to all privilege command levels
Three strikes and out

Three failed attempts user locked out
Replaces old increasing delay timer
Remote user database can be used (RADIUS)

Local superuser account must be created
Fig. 13 CLI Login Settings
User Management
The user management feature is used for managing the user account database
information in the 8600 system. It can contain information of up to 128 users.
Viewable information about each registered user has currently the following
parameters:
32-character-long user name

users privilege level (131), 1-14 for user level access, 15-31 for privilege level
access, superuser should be 31 to ensure full access.
80-character-long free format user description

User Logins
There can be up to 17 simultaneous users logged in to the 8600 Smart Router.
One console
Up to 8 telnet sessions
Up to 8 SSH sessions
User Authentication
When a new network element is taken into use, user authentication is disabled. This
means that anybody can login and change its configuration. It is essential that the
initial configuration of the network element includes creating a new superuser
account with the maximum privilege level and enabling user authentication. In
addition to the built-in user account database, it is possible to use a remote user
database using RADIUS. There must, however, always be a local superuser account
before the user authentication can be enabled.
12
86PCLI-D
2015 Coriant
3.2
Creating Users
Creating Users
HUB1# username superuser privilege 31 description administrator

type password:********
retype password:********
HUB1# configure terminal
HUB1(config)# user-authentication
HUB1(config)# exit
******************************************************************
*
*
*
*
Tellabs 8660 Network Element

Copyright (c) 2004-2014 Tellabs. All rights reserved.
*
*
*
*
*
*
******************************************************************
user name:superuser
password:********
Enter configuration commands, one per line. End with ^Z
HUB1>
Fig. 14 Creating Users
After logging in with a username and password, the level of access to the different
commands and configuration modes is determined by the privilege level assigned to
your user. Typically a superuser should have privilege level 31 to ensure full access
to the node.
In order to ensure the node requests a username and password, the userauthentication command must be enabled.
To remove the authentication login and remove a user from the database, the
commands used to create the user and enable authentication must be done in
reverse.
1. HUB1(config)# no user-authentication
2. HUB1(config)# no username superuser
Creating Users
86PCLI-D
2015 Coriant
13
3.3

Three failed login attempts account locked

Default locked timer 300 seconds
Fault generated on lockout
Remote and console account access
If account locked remotely, still possible to access directly via console port
HUB1#
%2011-07-08 12:33:55Z %ALERT: slot 14: SECURITY:User DataBase:
Fault ON, Critical, Security service or mechanism violation, No led:
Possible login attack
HUB1# show user-account-activity
12:33:55 UTC Fri Jul 8 2011
from 192.168.11.12 VTY0
FAILED Login trainer
12:33:55 UTC Fri Jul 8 2011
from remote location
trainer: 3 remote login attempts failed, locked for 300 sec.
12:33:48 UTC Fri Jul 8 2011
from 192.168.11.12 VTY0
12:33:38 UTC Fri Jul 8 2011

from 192.168.11.12 VTY0
Fig. 15 Login - Three Strikes and Out
After logging in with a username and password, the level of access to the different
commands and configuration modes is determined by the privilege level assigned to
your user. Typically a superuser should have privilege level 31 to ensure full access
to the node.
In order to ensure the node requests a username and password, the userauthentication command must be enabled.
To remove the authentication login and remove a user from the database, the
commands used to create the user and enable authentication must be done in
reverse.
1. HUB1(config)# no user-authentication
2. HUB1(config)# no username superuser
If a user fails to login three times in a row, the account is locked out. It will become
active again after 5mins (300sec). If the login attempts were made remotely the
console port will still be available to connect to.
A security violation critical fault will be generated and shown on screen and can be
seen in the active fault list.
14
86PCLI-D
2015 Coriant
3.4
Forgotten Password
Forgotten Password
Forgotten password feature is needed when none of the
username/password combinations are known for the node
******************************************************************
*
*
*
*
*
*
Tellabs 8660 Network Element

Copyright (c) 2004-2014 Tellabs. All rights reserved.
*
*
*
*
******************************************************************
user name:lostpassword
password:************
This operation will reset the device and create hw inventory
from the scratch. All user account information and
configurations will be lost.
Are you sure you want to continue (y/n)?
Fig. 16 Forgotten Password
If all user passwords are forgotten and there is no other way to access the network
element, the forgotten password feature can be helpful. It allows the user to login via
the console connection by using the username lostpassword and password
lostpassword. After login the user will be informed:
This operation will reset the device and create hw inventory from the scratch. All user
account information and configurations will be lost.
Are you sure you want to continue (y/n)?
If the letter n is pressed, the operation will be cancelled and the console connection
is disconnected.
If the letter y is pressed, a fault will be sent to the network management system and
after a delay of 30 seconds the device will boot up and create the HW inventory from
the scratch. All existing entries are removed from the user account database and
authentication is disabled after the operation.
All CLI commands are disabled when logging in using the lostpassword user name.
86PCLI-D
2015 Coriant
15
Forgotten Password (2)

Default username and password can be changed to the one
selected by the user
HUB1#lost-password-user
type combined username/password:********
retype combined username/password:********
HUB1#
Fig. 17 Forgotten Password (2)
3.5

To kickout sessions except this one
HUB1# show user-list
Users count: 2
User
superuser
operator1
HUB1# show users
Users count: 2
UserName LineType
Superuser console
operator1 telnet
HUB1#
Privilege
31
15
LoginTime
2009-08-11 11:05:57:466
2009-08-11 11:11:04:556
Description
IdleTime
IpAddr
0days 00:01:27 0.0.0.0
0days 00:01:40 192.168.200.254
HUB1# kickout-user username operator1

HUB1# kickout-user all
Fig. 18 Controlling User Access
16
86PCLI-D
2015 Coriant
3.6
Account Activity
Account Activity
HUB1# show user-account-activity
11:11:04 UTC Tue Aug 11 2009
from 192.168.200.254 VTY1
Login username operator1 (connection 0)
11:05:57 UTC Tue Aug 11 2009
from CONSOLE
Login username superuser (connection 0)
11:05:49 UTC Tue Aug 11 2009
from CONSOLE
Logout username <unknown9> (connection 0)
11:05:47 UTC Tue Aug 11 2009
from CONSOLE <unknown9>
User authentication enabled
11:04:03 UTC Tue Aug 11 2009
Added username operator1, privilege level 15
11:03:22 UTC Tue Aug 11 2009
Added username superuser, privilege level 31
00:44:29 UTC Mon Mar 31 2008
from nodeStartInfo
User authentication disabled
HUB1#
Fig. 19 Account Activity
86PCLI-D
2015 Coriant
17
3.7

1) Which of the following statements are incorrect about the 8600
command line authentication?
a) User level authentication is enabled by default on a new 8600 router
b) The node can be simultaneously configured by multiple connected users
c) Global configuration mode can only be reached by first entering privileged
EXEC mode
d) Command line Telnet is by default disabled
Lesson 2: Knowledge Check (2)

2) Write the command used to remove and log out the session
belonging to the user user1.
a) Router# kickout-user username user1
b) Router# kickout-user user1
c) Router(config)# kickout-user user1
d) Router# kick user1
Fig. 21 Lesson 2: Knowledge Check (2)
18
86PCLI-D
2015 Coriant

Topics:
Hardware Inventory
Creating HW Inventory
Modifying the HW Inventory
Outband Management Configuration
Fig. 22 Lesson 3: Initial Configuration of 8600
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
86PCLI-D
. . .
2015
. Coriant
. .
. . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
19
4.1
Hardware Inventory
Hardware Inventory
The main function of the inventory is to monitor the hardware
configuration in a network element
In case of a new 8660/8630/8611/8609 router the inventory creation
is always the first step
Each IFC, IFM and LM is identified by a HW type, HW version and
serial number
Inventory contains the expected configuration of the IFC with
IFMs in a specific slot
If the existing IFC matches the expected IFC in inventory, the card is
allowed to operate
In 8609, if the existing LM matches the expected LM in inventory, the line
module is allowed to operate
In 8611, if the existing LMs and HMs match the expected inventory,
modules are allowed to operate
The CDC card maintains configuration backups for all the cards
that belong to the inventory
Fig. 23 Hardware Inventory
The main function of the hardware inventory in the 8600 routers is to monitor the
hardware configuration in a network element. Each card and module is identified by a
HW type, HW version, and serial number. Each NE has a configuration of the
expected hardware: cards belonging to the NE and modules belonging to a card. This
configuration is kept on the non-volatile memory of the Control and DC Power Card
(CDC) in the 8660/8630, of the Switching and Control Module (SCM) in the 8611, and
on the non-volatile memory of the 8609 baseboard. The "expected HW configuration"
is later referred to as hw-inventory configuration.
In the 8605 smart router, the inventory exists, and it is very simple: there is only one
slot, and also there are always two fixed modules, the Ethernet module 0 and the
E1/T1 MS module 1, which are always expected.
Also in the 8602 the inventory exists, there is only one slot, and there are six fixed
modules for the GE interfaces.
20
86PCLI-D
2015 Coriant
4.2

router#show hw-inventory
This is node 0 of type 8630 and subrack address 0.
Control unit 14 is active.
unit in slot 6 is an EXTRA unit that does not belong to inventory
unit 6 of width 1 has serial number 40100003687
HW type lba2024-IFC1-A(2024) v1.0.1 SW type 1 v2.3.8
infomodel version 0.23.0; internal SW version "2.3.8"
module IF UPPER of type 2*1000BASE-X(2019) v1.0.1
serial number 40100004787
sfp connector 0 is not present
module IF LOWER of type 4*STM-1/ATM(2210) v1.0.0
interface module 0 has
expected type none
active
type none
existing type 2*1000BASE-X
expected type none
active
type none
existing type 4*STM-1/ATM
Fig. 24 Hardware Inventory in a New NE
Basically, the hw-inventory contains an expected card type for each card slot in the
NE and an expected module type for each module slot in a card. If the type of an
existing card in a slot matches with the expected type in the hw-inventory, the card is
allowed to operate. If a module type in a module slot of this card matches with the
expected type in the hw-inventory, the module will be allowed to operate.
The NE also maintains configuration backups for all cards belonging to the hwinventory configuration. When a card is replaced by another card of the same type
with the same type of modules, the new card (replacement card) will get the
configuration of the old card and will start operating as part of the NE without any
need to manually configure it.
If a card that does not belong to the hw-inventory configuration is inserted into the
NE, it will not be allowed to operate as part of the NE until it is added to the hwinventory configuration. In addition, it will not get configuration backups from the NE.
Likewise, if a card has a module that is not part of the hw-inventory, it will not become
operational.
86PCLI-D
2015 Coriant
21
4.3

The command first removes all units from the inventory and then
adds all the existing cards and modules found as the expected
inventory configuration
router> enable
router# hw-inventory add-all-units clean-start
Returns the node to

factory settings
Fig. 25 Creating Hardware Inventory
The clean-start command will return the node to factory default settings. This
includes clearing and rebuilding the hardware inventory as well as erasing the node
configuration.
Example
router#hw-inventory add-all-units clean-start ?
etsi STM-1, E1, etc. interfaces
ansi Sonet, T1, etc. interfaces
<cr> Accept command
If no input is given, the system uses ETSI mode for TDM interfaces as default.
N05#hw-inventory add-all-units clean-start
Requested command may seriously harm data traffic or network element running
configuration: do you want to proceed? [y(es)/n(o)]:
22
86PCLI-D
2015 Coriant
4.4

Inventory can be manually modified when moving IFCs, modules
or LMs to different positions, or changing module types on IFCs
Recommended to modify the inventory before moving or
changing IFC positions, module types or LM position
router#
router# hw-inventory slot 3 add unit clean-start
router# hw-inventory slot 3 add module 0 type 2*1000BASE-x
router#
router# hw-inventory slot 3 remove module 0 type 2*1000BASE-x

router# hw-inventory slot 3 remove unit
Fig. 26 Modifying the Hardware Inventory
In order to reduce the number of times units need to be rebooted, when a module on
a unit is changed to different hardware type, it is recommended to first change the
module (or 8609/8611 LM) type in the inventory before swapping the module (or
8609/8611 LM) hardware. This means the unit (or the 8609/8611 node) only needs to
be rebooted once after the hardware has been changed.
86PCLI-D
2015 Coriant
23
4.5
router#show hw-inventory
This is node 0 of type 8630 and subrack address 0.
Control unit 14 is active.
unit in slot 6 is part of inventory and UP AND RUNNING
unit 6 of width 1 has serial number 40100003687
HW type lba2024-IFC1-A(2024) v1.0.1 SW type 1 v2.3.8
infomodel version 0.23.0; internal SW version "2.3.8"
module IF UPPER of type 2*1000BASE-X(2019) v1.0.1
sfp connector 0 has type 7
module IF LOWER of type 4*STM-1/ATM(2210) v1.0.0
expected type 2*1000BASE-X
Expected type = Existing type
active
type 2*1000BASE-X
existing type 2*1000BASE-X
Module is allowed to operate
expected type 4*STM-1/ATM
active
type 4*STM-1/ATM
existing type 4*STM-1/ATM
Fig. 27 Hardware Inventory OK
4.6
Preparing 8600 Router for Outband Management

Configuration
Preparing 8600 Router for Outband
Management Configuration
The user must prepare the new router with initial parameters
using console connection
Telnet access must be activated with a separate command
8660/8630/8611/8609 only
HW inventory must be created
Management IP address for Telnet/SSH

FE, MFE or Loopback interface
No default factory IP address installed
Host name (optional, but makes CLI management easier)

Fig. 28 Preparing 8600 Router for Outband Management Configuration
24
86PCLI-D
2015 Coriant
4.7

router>enable
router(config)# hostname N-PE18
N-PE18(config)# router-id 10.123.100.18
N-PE18(config)# interface mfe 14/0
N-PE18(cfg-if[mfe14/0])# ip address 192.168.0.18/24
N-PE18(cfg-if[mfe14/0])# no shutdown
N-PE18(cfg-if[mfe14/0])# description Management Interface
N-PE18(cfg-if[mfe14/0])# exit
N-PE18(config)# ip route 172.19.137.0/24 192.168.0.254
N-PE18(config)# cli-server telnet enable
N-PE18(config)# exit
N-PE18# ping 172.19.137.1
Hostname to the NE
Set node-level router-id
Management Ethernet IF
Outband management IP address
Interface is taken in to use
Static route for management traffic

Enable Telnet access to the NE
IP level connectivity to
Management workstation
.254
172.19.137.0/24
.18
.1
Router
192.168.0.0/24
8600 node management

workstation
8660 MFE port
Fig. 29 Outband Management Example
4.8

1) Which hardware inventory message indicates that an IFC card in
a 8600 router has booted and is functional?
a) STARTUP COMPLETE
b) ADMIN ENABLE
c) UP AND RUNNING
d) EXISTING AND ACTIVE
86PCLI-D
2015 Coriant
25
26
86PCLI-D
2015 Coriant

02 86PCLI-D InitialConfiguration8600 PDF

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

02 86PCLI-D InitialConfiguration8600 PDF

Transféré par

Droits d'auteur :

Formats disponibles

8600 Initial Configuration using CLI

8600 Initial Configuration using CLI

8600 Initial Configuration Using CLI - Objectives & Lessons

8600 Initial Configuration using CLI

8600 Initial Configuration Using CLI Objectives & Lessons

Fig. 1 8600 Initial Configuration Using CLI - Objectives & Lessons

8600 Initial Configuration using CLI

Lesson 1: Command Line Interface in 8600

Configuring NE via Console Port

Fig. 2 Lesson 1: Command Line Interface in 8600

8600 Initial Configuration using CLI

Configuring 8600 via Console Port

Asynchronous serial link to

Fig. 3 Configuring 8600 via Console Port

8600 Initial Configuration using CLI

CLI Command Modes

Fig. 4 CLI Command Modes

8600 Initial Configuration using CLI

CLI Mode Map

Fig. 5 CLI Mode Map

8600 Initial Configuration using CLI

Help for Correct Command Input

Displays AAA config..

Fig. 6 Help for Correct Command Input

8600 Initial Configuration using CLI

Down arrow to return to most recent in sequence

Shortcut Keys Summary

Use this key sequence to break CLI command execution

Move cursor to the beginning of the command line

Move cursor to the end of the command line

Move cursor backwards one character

Move cursor forward one character

Delete character under cursor

Delete the end of the line

Fig. 8 Shortcut Keys Summary

8600 Initial Configuration using CLI

Removing Configuration Commands

router# configure terminal

Fig. 9 Removing Configuration Commands

To remove or delete a previous command, you go to the original command prompt

8600 Initial Configuration using CLI

router# configure terminal

Lesson 1: Knowledge Check

Fig. 11 Lesson 1: Knowledge Check

8600 Initial Configuration using CLI

Lesson 2: User Authentication in 8600 CLI

CLI Login Settings

Fig. 12 Lesson 2: User Authentication in 8600 CLI

8600 Initial Configuration using CLI

CLI Login Settings

Factory default settings

Three strikes and out

Remote user database can be used (RADIUS)

Fig. 13 CLI Login Settings

32-character-long user name

80-character-long free format user description

8600 Initial Configuration using CLI

HUB1# username superuser privilege 31 description administrator

Tellabs 8660 Network Element

Fig. 14 Creating Users

8600 Initial Configuration using CLI

Login - Three Strikes and Out

Three failed login attempts account locked